asutherland
- Karma
- 89
- Created
- January 10, 2011 (15y ago)
- Submissions
- 0
I work for Mozilla on ServiceWorkers, but all thoughts/statements are my own.
blog: http://www.visophyte.org/blog/ twitter: http://twitter.com/asutherland
blog: http://www.visophyte.org/blog/ twitter: http://twitter.com/asutherland
viz.js (https://github.com/mdaines/viz.js demo at http://viz-js.com/) is graphviz compiled to JS using emscripten. graphviz-d3-renderer (https://github.com/mstefaniuk/graph-viz-d3-js demo at http://graphviz.it/) uses…
Clarification for those who parsed this (incorrectly) like I did: localStorage does work in Firefox in Private Browsing Mode[1], it's IndexedDB and the DOM Cache API that throw. (Although Firefox has private browsing…
If you're willing to try Firefox Nightly, check out the containers experiment: https://wiki.mozilla.org/Security/Contextual_Identity_Projec... While everything still happens within a single profile, sites in different…
> So Mozilla is making it harder for end users to find and kill service workers? about:serviceworkers was added as a hacky debugging/introspection tool with the expectation that the developer tools team would integrate…
2 quick hopefully informative nits: It's better to consult the living standard of the editor's draft over the TR ("TR is for the TRash" as they say). The security section has been fleshed out a lot, for example:…
The SQLite numbers are not going to be realistic here given that "no SQLite transactions" are used and the write-ahead-log is probably not used. Assuming defaults are used, that means "PRAGMA synchronous=FULL" and…
Here's the relevant Gecko (Firefox) code which tries to use the max-age and expires headers first and then will set it to forever if the response code was 300, 410, 301, or 308. Note that I'm going by a somewhat shallow…
http://kangax.github.io/compat-table/es6/ and http://kangax.github.io/compat-table/es7/ are particularly good for ES since it breaks out things into the nitty gritty features, providing the code samples that are tested.
SQLite addressed writers blocking readers in 3.7.0 with its Write-Ahead Log. See https://www.sqlite.org/wal.html for more details, but point 2 at the top is "WAL provides more concurrency as readers do not block writers…
The flies add up. There's not a harassment noise floor beneath which we should ask the harassed to just shrug off harassment by their coworkers.
How would this be a witch hunt? The third definition from https://en.wiktionary.org/wiki/witch-hunt is "A public smear-campaign against an individual" which seems to better describe the actions of…
This then assumes that authentication is handled by some combination of device proximity, physically pushing a "grant admin access" button on the device, or falling back to password management (possibly on a sticker on…
Firefox's Places subsystem does use SQLite. Firefox's built-in SQLite implementation is compiled with the SQLITE_SECURE_DELETE mechanism referenced elsewhere in this thread…
The release management page is https://wiki.mozilla.org/Release_Management/B2G_Landing. You can probably think of the code complete date as the lower bound on a production device shipping with that version of the…
Assuming you're using the global search mechanism, a porter stemmer is used which means that the search engine sees all of "house", "houses", "housed", "housing", etc. the same. The search also biases the results based…
> But that's really not the point anyway. Burying opt-out phone home behaviour in nothing but legalese small print is a dark pattern. Having no way to disable it without going into obscure parts of the UI that no normal…
> Right, but the fact seems to remain that Thunderbird is phoning home in a way I can't obviously switch off (I use few extensions, and don't feel any need for such a blacklist) and that wasn't disclosed. The privacy…
> Also, it is more than a little creepy that Thunderbird is apparently phoning home every day to tell them I'm using it. Not cool, Mozilla. Note that if you follow the blog post's link to https://wiki.mozilla.org/ADI it…
There's several things you could be running into: * Auto-compaction isn't working and so the .msf files are growing larger than they need to be. Thunderbird's per-folder metadata indices are stored in a weird texty…
In general I'd advise against using the MailNews portion of SeaMonkey if you're also using the profile for web browsing. (MailNews is the guts of Thunderbird.) MailNews results in a non-trivial amount of main-thread I/O…
In very old versions of Thunderbird (pre-mercurial), there was an option akin to "TLS, if available" which would be vulnerable. But Thunderbird has not offered it as an option for new accounts for quite some time.
Also somewhat off-topic but interesting in the context of DANE and the cost of certificates. Brian Smith (a mozilla security contributor) recently said the following in a discussion about adding support for…
Wow! This surprised me since https://www.startssl.com/?app=1 makes no mention of this, but indeed section 3.1.2.1 of the StartCom CA policy at https://www.startssl.com/policy.pdf does state: "Class 1 certificates are…
Originally, exposure of APIs to JS was done using the XPConnect JS/XPCOM bridge in Firefox. Simplifying a little, XPConnect is not thread-safe, so exposing APIs to workers required manually writing code using the…