Permissions For Web Applications Eyes Above The Waves Robert O'Callahan. Christian. Repatriate Kiwi. Hacker. Archive 2026 March Anthropic And AI Principles January Why Trump Is An Antichrist 2025 December Taiwan November Pouakai Circuit 2025 AI And Jesus In Late 2025: A Road Trip Report October Some Thoughts About Money From A Christian In Big Tech Crosbies Hut 2025 June Not Joking About AI Building A PC April Rakiura Northwest Circuit February Tongariro Northern Circuit 2025 January Pararaha Valley 2025 2024 December Mt Arthur/Tablelands/Cobb Valley November Queen Charlotte Track 2024 October Auckland Half Marathon 2024 Advanced Debugging Technology In Practice June Waihohonu Hut 2024 So You Want To Build A Browser Engine Real-Time Settlers Of Catan April Auckland Waterfront Half Marathon 2024 Whanganui River Journey 2024 2023 December Rees-Dart Track 2023 Caples/Routeburn Track 2023 Abel Tasman Kayaking November Mount Pirongia 2023 Blog Migrated April Why I Signed The "Pause" Letter Auckland Waterfront Half Marathon 2023 2022 December Travers-Sabine Circuit 2022 Paparoa Track September Aotea Track 2022 Success, Privilege And God July Tūrangi Road Trip May Round The Mountain Track: Ups and Downs and a Twist Ending April New Zealand's COVID Strategy Worked (But It Could Have Been Better) March Motutapu Island Camping Trip January Motatapu Track Hump Ridge Track The End Of The Runway 2021 December Mt Pirongia 2021 Do We Really Need A Link Step? November Some Observations On The NZ CovidPass System October How WHO Failed September Emulating AMD Approximate Arithmetic Instructions On Intel rr Trace Portability: Diverging Behavior of RSQRTSS in AMD vs Intel June Spectre Mitigations Murder *Userspace* Performance In The Presence Of Frequent Syscalls Tama Lakes Winter Tramp 2021 May Forward Compatibility Of rr Recordings Lake Waikaremoana 2021 April Print Debugging Should Go Away Demoing The Pernosco Omniscient Debugger: Debugging Crashes In Node.js And GDB Visualizing Control Flow In Pernosco March On-Premises Pernosco Now Available; Reflecting On Application Confinement What Would Jesus Do ... About Vaccination? February Mercer Bay January Dehydration Tongariro Northern Circuit 2021 2020 December Rees-Dart Track Kepler Track 2020 Exploiting Precognition In Binary Instrumentation Of rr Replays November rr remix: Efficient Replay-Only Binary Instrumentation DOM Recording For Web Application Demos Debugging With Screenshots In Pernosco rr Repository Moved To Independent Organisation Pernosco Now Available For Individual Developers Auckland Half Marathon 2020 October Pouakai Circuit 2020 The Parable Of The Two Bus Drivers September New Zealand's Long Term COVID19 Strategy August Surprising Words In Luke 1:16-17 What's So Amazing About Mark 10:32 Scaling Debuginfo For Zero-Cost Abstractions What Is The Minimal Set Of Optimizations Needed For Zero-Cost Abstraction? June Cape Brett 2020 My Google Maps Disaster May Why Forking HTML Into A Static Language Doesn't Make Sense Omniscient JS Debugging In Pernosco April Have Some Humility, Mike Hosking March What If C++ Abandoned Backward Compatibility? Debugging Gdb Using rr: Ptrace Emulation January Static Customization Of Function Signatures In Rust Updating Pernosco To Rust Futures 0.3 2019 December A Risk Of Transactional Politics For Christians Nelson Lakes Tramping: Lessons And Observations Nelson Lakes Tramping: Travers-Sabine Circuit Nelson Lakes Tramping: Angelus Basin November Your Debugger Sucks Supercharging Gdb With Pernosco The Power Of Collaborative Debugging Omniscient Printf Debugging In Pernosco The BBC's "War Of The Worlds" Explaining Dataflow In Pernosco October Improving Debugging Workflow With Pernosco Auckland Half Marathon 2019 Pernosco Demo Video Food In Auckland 2019 Pouakai Circuit Is Richard Dawkins A Moral Realist? September Dissatisfied With Docker July Cape Brett 2019 Auckland Rust Meetup: "Building An Omniscient Debugger In Rust" June Stack Write Traffic In Firefox Binaries Winter Tramp: Waihohonu Hut To Tama Lakes May A Few Comments On "Sparse Record And Replay With Controlled Scheduling" Microsoft's Azure Time-Travel Debugging Don't Call Socially Conservative Politicial Parties "Christian" Debugging Talk At Auckland Rust Meetup April Goodbye Mozilla IRC Update To rr Master To Debug Firefox Trunk Mysteriously Low Hanging Fruit: A Big Improvement To LLD For Rust Debug Builds Rust Discussion At IFP WG2.4 March Marama Davidson And The Truth About Auckland's History February Banning Huawei Is The Right Decision Rust's Affine Types Catch An Interesting Bug Mt Taranaki 2019 January Experimental Data On Reproducing Intermittent MongoDB Test Failures With rr Chaos Mode 2018 December Vox On Nietzsche Hollyford Track Milford Track 2018 November Capitalism, Competition And Microsoft Antitrust Action Raglan Comparing The Quality Of Debug Information Produced By Clang And Gcc What Is "Evil" Anyway? Comments on "REPT: Reverse Debugging of Failures in Deployed Software" October Auckland Half Marathon 2018 Problems Scaling A Large Multi-Crate Rust Project Harmful Clickbait Headline About IT Automation The Fine Line Between Being A Good Parent And A Bad Parent The Costs Of Programming Language Fragmentation September More Realistic Goals For C++ Lifetimes 1.0 The Danger Of GMail's "Smart Replies" "Crazy Rich Asians" Rangitoto Fog August Long Live The Desktop Computer ASAN And LSAN Work In rr Diagnosing A Weak Memory Ordering Bug The Parallel Stream Multiplexing Problem July Gerv Why Isn't Debugging Treated As A First-Class Activity? June Yosemite: Clouds Rest And Half Dome Bay Area Visit Crypto-Christians In Tech May rr 5.2.0 Released Intel CPU Bug Affecting rr Watchpoints Update: Pernosco rr Chaos Mode Improvements Research Wishlist: A Filesystem For Efficient Host-Guest File Sharing Priority Is Overrated April rr Trace Portability: x87 "Data Pointer" Broken On Skylake CPUID Features, XSAVE, And rr Trace Portability Heaphy Track #2 Payment Express's "Account2Account" Is Bad For Security March Speeding Up `dwarfdump` With Rust Too Many DWARF Packaging Options "Zach": AI Fraud In Christchurch Tongariro Northern Circuit #2 January Neal Stephenson's "Seveneves" (Mild Spoilers) Long-Term Consequences Of Spectre And Its Mitigations Captain Sonar Hooray For cargo build --all-targets The Fight For Patent-Unencumbered Media Codecs Is Nearly Won Ancient Browser-Wars History: MD5-Hashed Posts Declassified On Keeping Secrets Meltdown/Spectre Needs Better Disclosure 2017 December Mixed Blessings Of Greenfield Software Development Marriage On Credit Routeburn-Caples rr 5.1.0 Released Maintaining An Independent Browser Is Incredibly Expensive November In Praise Of Rust's structopt For Command Line Parsing Tararua Southern Crossing October Auckland Half Marathon 2017 Microsoft's Chrome Exploitation And The Limitations Of Control Flow Integrity "Slow To Become Angry" Type Safety And Data Flow Integrity Legacy Code Strikes Again Thoughts On Microsoft's Time-Travel Debugger Building On Rock, Not Sand Microsoft Using Chromium On Android Is Bad For The Web September Complaining About Twitter Again Dreaming The Singularity Facebook's "Explaining React's License" Doesn't Some Opinions On The History Of Web Audio Sonny The Prophet rr 5.0 Released rr Trace Portability August Fedora/Ubuntu Kernels Work With rr Again Igloos Are Hard Epsom Electorate Town Hall Meeting Public Service Announcement: "localhost" Is Not Necessarily Local When Virtue Fails Stabilizing The rr Trace Format With Cap’n Proto July Selecting A Compression Algorithm For rr Upstream Stable Kernels Work With rr Again Let's Never Create An Ad-Hoc Text Format Again Confession Of A C/C++ Programmer Usenix ATC 2017 An Inflection Point In The Evolution Of Programming Langauges Bay Area Progress Report June Patch On Linux Kernel Stable Branches Breaks rr Rising Tolerance For Static Analysis False Positives? Lazy Religion Tropes In Mass Media Is The x86 Architecture Sustainable? New "rr pack" Command How I Found A 20-Year-Old Linux Kernel Bug Another Case Of Obscure CPU Nondeterminism WebAssembly: Mozilla Won May Should Debuggers Report Idempotent Writes? A Couple Of Papers About Commodity Multicore Record And Replay, And A Possible Way Forward rr Usenix Paper And Technical Report Obscurity Inhibits Persuasion Perceptions Of Violent Crime April Call Out China For Their Treatment Of NK Escapees One Does Simply Walk Into Mordor Rust Optimizations That C++ Can't Do (Version 2) Rust Optimizations That C++ Can't Do Pararaha Valley Let's Make NZ More Expensive For Tourists March The Parable Of The Workers In The Vineyard Really Is About Grace Blogging Vs Academic Publishing Thoughts On "Java and Scala’s Type Systems are Unsound" And Fuzz Testing Deterministic Hardware Performance Counters And Information Leaks Using rr To Debug Go Programs February Against Online Voting 306 Points In "Lords Of Waterdeep" "New Scientist" And The Meaning Of Life What Rust Can Do That Other Languages Can't, In Six Short Lines rr 4.5.0 Released I Really Admire Jehovah's Witnesses January A Followup About AV Test Reports Tripling Down Against USA Conference Hosting Rustbelt Is Hiring rr Talk At Auckland C++ Meetup, February 21 Really, Please Stop Booking International Conferences In The USA Disable Your Antivirus Software (Except Microsoft's) Browser Vendors And Business Interests Browser Vendors Are Responsible For The State Of Web Standards Parenting Notes Cheltenham Beach How China Can Pressure North Korea Is CMS Software Generally Really Bad? 2016 December On "Arrival" October rr Talk Online Disemploy The Middle/Upper Class Some Comments On "Sapiens" November Overcoming Stereotypes One Parent At A Time Stop Saying "Xs Do Y" Disingenuously Handling Hardware Lock Elision In rr Misinterpreting Close Contests Welcoming Richard Dawkins Dangerous Permissions October Auckland Half Marathon #4 Implications Of ASLR Side-Channel Attacks Valuing America Dell, Your Website Security Is Broken Pivoting To Cyber-Forestry Ironic World Standards Day Tawharanui Revisited rr Paper: "Lightweight User-Space Record And Replay" Bay Area Talks About rr And Beyond, October 2-7 rr 4.4.0 Released September Is Apple A Christian Environment? Theism And The Simulation Argument Auckland Food 2016 August Avoiding Cache Writebacks For Freed Memory Random Thoughts On Rust: crates.io And IDEs Saga Of The Exiles False Accusations Why I Don't Watch "Game Of Thrones" Changing Attitudes To Pornography July The True Story Of "Amazing Grace" Further Improving My Personal Digital Security Ordered Maps For Stable Rust Itanium Zombie Claims Another Victim June rr 4.3.0 Released Nexus 5X vs Wettest June Hour In Auckland's History Relearning Debugging With rr Handling Read-Only Shared Memory Usage In rr Dear Ubuntu, Please Fix Your Debuginfo Packaging Democracy Is Impressive PlayCanvas Is Impressive Managing Vast, Sparse Memory On Linux Nastiness Works "Safe C++ Subset" Is Vapourware Mt Pirongia Whanganui River Journey Some Dynamic Measurements Of Firefox On x86-64 Are Dynamic Control-Flow Integrity Schemes Worth Deploying? How To Track Down Divergence Bugs In rr The Diving Bell And Twitter Research Needed: A Meta (Dis) Assembler May Men Behaving Badly Stop Booking Conferences In The USA Data > Personal Anecdotes > Media Anecdotes x86-64 SSE/AVX Register Usage Autonomous Vehicles: I Want To Believe Data On x86-64 Register Usage Pain Management History Rhymes April Android's Update System Is Ridiculous Leveraging Modern Filesystems In rr Skylake Erratum Affecting rr GNOME High-DPI Issues March Using rr To Debug rr Obituary Running Firefox For Windows With rr SIGKILL And PTRACE_EXIT_EVENT Digital Spring Cleaning My Self-Identification Leaving Mozilla February "These Bugs Are Impossible To Fix Without rr" Deeper Into Chaos Rewrite Everything In Rust Introducing rr Chaos Mode rr Talk At linux.conf.au rr 4.1.0 Released Reflecting On The The Lord Of The Rings Movies Rakiura Track Kepler Track January Making Honest Money With The Internet Of Things Kereru innerText: Cleaning A Dark Corner Of the Web 2015 December Feelings Versus Facts At Christmas Abel Tasman Track CppCast rr Podcast November Even More rr Replay Performance Improvements! rr Replay Performance Improvements Debugging Leaks With rr TPPA Protest Perfection In Imperfection rr In VMWare: Solved! An Extraordinary Sunday October Research Projects That Should NOT Be Funded KPMG Gets It Totally Wrong About Pittsburgh And Auckland rr 4.0 Released With Reverse Execution Hobbiton Heaphy Track September Apple's Next Frontier: Fusion Booting Fedora 22 On A Lenovo ThinkCentre M53 August Hooray For WebExtensions Parenting July Two Reverse-Execution Optimizations Midwinter Road Trip rr Talk Video From TCE 2015 June Whistler Hike Bug In Newer Linux Kernels Affecting rr Israel, Part 3 Israel, Part 2 Israel, Part 1 Small Change To rr Behavior May rr Performance Update BlinkOn 4 Using rr To Debug Dropped Video Frames In Gecko Piha Night Walk April rr 3.1 Released Another VMWare Hypervisor Bug Reverse Execution And Signals March Eclipse + Gecko = Win Paper Titles Auckland University rr Talk Next Week The Problems Of Significance Testing (aka What's Wrong With Computer Science) Debugging Gecko With Reverse Execution What Is The Endgame Of Weak Computer Security? February Great Barrier Island Computer Industry T-Shirt Museum January Routeburn-Greenstone 2014 December Is Human Immortality Possible? Queen Charlotte Track rr 3.0 Released With x86-64 Support Portland We Aren't Really Going To Have "Firefox On iOS" November The Rise Of "Versing" Mount Te Aroha Relax, Scaling User Interfaces By Non-Integer Scale Factors Is Okay Sci-Fi HTML5 Video Correctness Across Browsers Auckland Half Marathon --- Barefoot October Are We Fast Yet? Yes We Are! Pinnacles Tramp #2 Photos From North America Back In New Zealand September Upcoming rr Talk rr 2.0 Released VMWare CPUID Conditional Branch Performance Counter Bug August Milestones On The Road To Christianity cf1e5386ecde9c2eb9416c9b07416686 Choose Firefox Now, Or Later You Won't Get A Choice July Multiverses And Anthropic Reasoning Implementing Scroll Animations Using Web Animations May Unnecessary Dichotomy Against The "Internet Of Things" Milford Track April Getting Back To Work Fighting Media Narratives Mozilla Matters Responsible Self-Censorship March Conflict Introducing rr Mozilla And The Silicon Valley Cartel Taroko National Park Maokong Introducing Chaos Mode My Linkedin Account Is Dead, And Why Is Google Being Stupid? Fine-Tuning Arguments Internet Connectivity As A Geopolitical Tool Te Henga Walkway Q&A Panel At ACPC This Friday February 3 Mile Limit World Famous In Newmarket Implementing Virtual Widgets On The Web Platform Mozilla At Motuihe Camels January Lake Waikaremoana Web Specifications And The Frame Problem Tiritiri Matangi Island Boating 2013 December We Need A "Dumb Device" Movement Blood Clot Why I Don't Worry About Global Warming (Much) One Day The Luddites Will Be Right WebRTC And People-Oriented Communications Another Knee-Jerk Reaction To International Rankings Does John Banks Only Do Good? Wanaka November Mozillians At The Tongariro Crossing And Orakei Korako A Tale Of Two Cities October Summit Day Zero Prescriptive Vs Descriptive Frameworks Avoiding Burnout Travel Madness September The Forge Of Disappointment A Tip For The Surivial Of Humanity Unexpected Visitors Debugging Transient Rendering Issues With GNOME Shell Screencasts Servant Leadership August Indoi Creating Screencasts On Linux SVG-In-OpenType Progress Update Mozilla Code Reviews Talk On Air Mozilla Prepare To Stop Mozilla Engineering Culture Talk Now Online July A Shock Of The Ordinary Happy Days Avoiding Copies In Web APIs Movie Picoreviews Contributing Advocacy June Gradual Changes Afoot Developer Parallelism Meeting Absenteeism May Blink, PNaCl, And Standards Taiwan Travelogue Travel The Direct Route Web Audio Progress April Rotorua Hunuas Tramp Upcoming Travel Plans Google Vs New Zealand The Chris Problem The Future Of Cheating Blink March Mitigating Control-Flow Exploits With x86 ISA Extensions RIP Crazy Noodle Getting The Facts Why I Work Seeking Relevance There Is No Such Thing As Computer Security Technical Advantages Of A Web-Only Platform February A Small Example Of The Value Of Browser Engine Diversity And Then There Were Three Waiheke Island Sculpture Trail SVG In OpenType: A New Approach To SVG Fonts January Mount Taranaki Optimizing Bugzilla Usage 2012 December Great Barrier Island November More Movie Reviews What To Do When Visiting New Zealand October Trouble Ahead For SVG Stacks (Maybe) Motutapu Camping Karekare September Web Audio In Firefox Blast From The Past August Granularity Of Import Directives In Programming Languages A Confession Of Sorts Attention NZ TV Sports Interviewers July In-Flight Movies North Head To Takapuna Tawharanui Muriwai June Bolo Computer Science In Beijing Google Plus Spam Experiencing Beijing To Beijing Leaving Linkedin The City And The City Mangawhai May The Canvas getContext() Mistake Firefox Vs The New York Times Crosbie's Hut Accelerated Scrolling In Firefox: Past, Present And Future Sad And Pathetic Machines April Korea The Internet Experiment Has Failed March Retrospective On Our Trip To Europe Wakaraanga Creek I'm Back Retro Movie Showcase Requiring Planet Mozilla Content To Be Mozilla-Project-Related February Movie Overdose Upcoming Travel Foo Camp, ECOOP, And Conferences Alternatives To Supporting -webkit Prefixes In Other Engines The Problem With Counting Browser Features January Mozilla Tree Adventures You Know You're In Australia When... MediaStreams Processing Demos "Cut The Rope" and HTML5 Audio Risk Tolerance 2011 December A Case For Non-Fatal Assertions Revelation Television Love Developernomics November Moves In Computer Science Education Politics ITEX And TVNZ Latency Of HTML5
Well, hum, "Mark Of The Web" ?? Peter Gerdes I think one key feature of a permissions system is to visibly distinguish permissions that might leak information but (whatever they say they want) will almost always allow in practice from permissions that might allow virus/trojans to be loaded or HDs to be wiped. If the permission to let an app use your camera or run an applet with full HD access looks the same as the 'access my location' permission it will get clicked without thinking.
More broadly I think what is needed is a way of scoring websites based on their likelihood to distribute malware, collect info, or surreptitiously spy on users. Users could then set sliders indicating how concerned they were about each aspect and only those websites scoring under their concern threshold would require permission.
In other words any 'solution' that requires users treat google, facebook and gotomeeting the same way they treat a popup from a sleazy free porn site just won't work. I mean trying to hide your location from google is pretty silly anyway as their network presence and traffic info lets them very precisely pinpoint you using traffic analysis. David Rogers Robert, I'm pleased you're thinking about this and it is a hard problem. I spent a long time with others working on BONDI, WAC and DAP and you guys are hitting the same concerns we were before heading for a separate security framework which is firmly in the control of the user or a trusted third party such as an AV vendor. Access to physical features is a very serious step for the web and the security implications are obvious. Having directly written some widgets and played around with different prompting and permissioning, I can tell you that the user can be deluged to the point that it is unusable very very quickly. (Take read phonebook as an example), so I think the value of prompts is limited (but not redundant). As others have said the Android/Chrome model is weak but does have some potentially useful points. I'd be interested in chatting through potential options if you want to speak sometime. Anonymous One example to illustrate the problem here: If I save "http://evil.com/index.html" to /home/roc/evil.html, and I save "http://good.com/index.html" to /home/roc/good.html, and I open those two files in my Web browser, it would be bad to treat them as same-origin, right? But if we don't, then what should the origin be? The full file path? But then, how would I save a page that contains a same-origin IFRAME in a way that's usable? If you can come up with a bulletproof way to map file paths to origins, I'd love to hear it.