Engineer on @googlechrome. Involved in CSS and W3C standards. Previously @mozilla, @w3ctag. Mastodon: @dbaron@w3c.social
Rockville, Maryland, USA
Joined March 2008
- Tweets 7,521
- Following 1,244
- Followers 4,296
- Likes 18,519
A photo of an urban environment I like [31/N]:
Plaza de las Pasiegas, 18001 Granada, Spain
April 2013
1
1
And for what it's worth, the Wuhan Metro is pretty nice.
Not sure if you can read the monitor in this photo I took, but it says the next train is coming in 37 seconds, and the following train is coming in in 3 minutes and 45 seconds.
1
1
5
If you think the Bay Area's transit maps on Google Maps are bad... you should try cities that Google doesn't have offices in.
The part that I find is often ignored is that the definition of consensus at w3.org/Consortium/Process#Co… requires support from a substantial number of individuals.
1
They're sometimes discussed in charters such as w3.org/2019/05/webapps-chart… , or perhaps implied by provisions on asynchronous decision making in other charters...
1
1
What does "danger zone" mean to the user? Does it mean the web app is just as dangerous as a native app?
If so... doesn't your "I don't trust THEM" then apply?
If not... what's the difference and how do you enforce it?
1
1
The severity of the security concerns can differ by orders of magnitude. The right answer for the most severe ones is almost certainly "don't add the feature". We can argue over where the line is, but I think there has to be a line.
It might not be the case -- but if not -- I think it's up to the proponents of WebUSB to do a proper security analysis of the USB protocol to show that it's not.
1
2
It's not clear to me that that's the case. I'm not an expert on what it's possible for an arbitrary USB device to do to a computer, but it's possible they're pretty close to equivalent, given a USB device with bad security vulnerabilities.
3
1
input type=file is good permission handling -- the user is clearly choosing to give a *particular* file to the site. Yes, they might not understand all of the implications.
Would you consider a USB permission grant enough to give the site access to *any* file on the disk?
1
Two underlying problems here:
1. devices might not be hardened to accept arbitrary input from the web (like the security hardening needed to put a server on the public internet)
2. the browser doesn't know what the device is/does in a way that it can explain to the user
1
1
So when the browser warns the user, what do we say to a user who doesn't know what USB is beyond "a cable"? Is it OK for a webpage to send firmware updates or security exploits to a USB device that change what type of device it is (say, from storage to keyboard) or brick it?
3
1
In 2014-2017, Palo Alto counted all ADUs and rental apartments as moderate income. (Based on footnote in 2017 report.) 2018-2019 they were all counted as above-moderate income.
(Without that switch, Palo Alto would have been subject to SB35 streamlining at 10% affordable.)
1
1
Not only left-to-right but also the combining mark is in the wrong place (should be directly under the aleph, אַ).
1
1
compare to SoCal:
1298 Imperial
224 Los Angeles
206 Riverside
189 San Bernardino
163 Santa Barbara
132 Kern
111 Orange
97 Ventura
90 San Diego
61 San Luis Obispo
1
1