W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] Add mitigation strategy for skimming attacks when focus is lost.

From: Tobie Langel via GitHub <sysbot+gh@w3.org>
Date: Tue, 30 May 2017 15:42:51 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-304920206-1496158969-sysbot+gh@w3.org>
> The sentence "must not be delivered in such cases" does not suffice, since we don't have such term.

That's a non-normative note encouraging implementations to optimize resource consumptions here granted they meet spec requirements.

> This PR introduces few issues:
> * Sensors are not suspended and HW resources are not released

That's an implementation detail. You're encouraged to optimize as long as you meet the requirements.

> * Sensors are still firing 'onchange' and adding 'update sensor reading' tasks

So they're not firing onchange now, nor are they creating tasks right now, because as you noticed, neither's hooked-up properly. :)

I'll make sure it doesn't do this when hooking it up.

> * Reduced performance, since Sensor.reading accessor has to run focusing algorithm before providing data

See: https://w3c.github.io/sensors/#equivalent. You should obviously be caching the result of this algorithm and be invalidating the cache as conditions change.

> As I explained it first review round, it would be better to have simpler model.

Yes, I agree. The problem is we don't have the right hooks in HTML to do this for now. I'm happy to revisit once we do, but I don't want to block progress on what is essentially editorial preference (there are no normative changes).

-- 
GitHub Notification of comment by tobie
Please view or discuss this issue at https://github.com/w3c/sensors/pull/213#issuecomment-304920206 using your GitHub account
Received on Tuesday, 30 May 2017 15:42:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC