/irc-logs / freenode / #whatwg / 2008-05-22 / end

Options:

1. # Session Start: Thu May 22 00:00:00 2008
2. # Session Ident: #whatwg
3. # [09:16] * Attempting to rejoin channel #whatwg
4. # [09:16] * Rejoined channel #whatwg
5. # [09:16] * Topic is 'WHATWG (HTML5) -- http://www.whatwg.org/ -- Logs: http://krijnhoetmer.nl/irc-logs/ -- Please leave your sense of logic at the door, thanks!'
6. # [09:16] * Set by gsnedders on Tue Dec 18 21:41:19
7. # [09:16] <MikeSmith> yay, krijnh is back
8. # [09:25] <krijnh> Yay :)
9. # [09:25] <krijnh> Sorry for being down
10. # [09:25] <krijnh> Are the logs reachable from the outside?
11. # [09:34] * Disconnected
12. # [09:34] * Attempting to rejoin channel #whatwg
13. # [09:34] * Rejoined channel #whatwg
14. # [09:34] * Topic is 'WHATWG (HTML5) -- http://www.whatwg.org/ -- Logs: http://krijnhoetmer.nl/irc-logs/ -- Please leave your sense of logic at the door, thanks!'
15. # [09:34] * Set by gsnedders on Tue Dec 18 21:41:19
16. # [09:34] <krijnh> Grr
17. # [09:35] <MikeSmith> annevk, krijnh: I have incomplete logs from last few days
18. # [09:35] <krijnh> MikeSmith: can you mail them to me?
19. # [09:36] * krijnh hopes they're in the same format
20. # [09:36] <MikeSmith> krijnh: OK, but I reckon probably Hixie or another screen user has more complete ones
21. # [09:36] <MikeSmith> anyway, will send you what I have for now
22. # [09:36] <krijnh> My connection is pretty shitty btw.. I think I'll disconnect a lot today
23. # [09:38] <MikeSmith> krijnh: can I send you the complete logs and let you figure out which parts are needed? my logs are cumulative XChat logs
24. # [09:38] <krijnh> Depends on the format
25. # [09:38] <MikeSmith> e.g., whatwg one is 8.1MB
26. # [09:38] <MikeSmith> or I can just post them at URL for you to download
27. # [09:38] * Quits: sverrej (n=sverrej@89.10.27.86) (Read error: 104 (Connection reset by peer))
28. # [09:39] <MikeSmith> xchat format
29. # [09:39] <krijnh> No idea what that is ;)
30. # [09:39] <krijnh> You can also ftp it to me
31. # [09:40] <krijnh> User: up / Pass: load
32. # [09:40] <MikeSmith> krijnh: example of format:
33. # [09:40] <MikeSmith> May 22 16:36:08 <krijnh> No idea what that is ;)
34. # [09:40] <krijnh> One moment, I'll see how that's handled
35. # [09:41] <MikeSmith> will ftp them to you
36. # [09:41] <krijnh> http://krijnhoetmer.nl/irc-logs/whatwg/20080520
37. # [09:42] <krijnh> Probably acceptable :)
38. # [09:42] <MikeSmith> [[
39. # [09:42] <Hixie> hsivonen: i agree with raman and would go even further and require that the <input> element be used to make checkboxes, so... i don't plan to reply to the e-mail in question
40. # [09:42] <MikeSmith> mput 01_freenode-#whatwg.log? y
41. # [09:42] <MikeSmith> 421 Service not available, remote server has closed connection
42. # [09:42] <MikeSmith> ]]
43. # [09:43] <krijnh> Huh
44. # [09:44] <krijnh> Shitty connection, shitty ftp software, sorry :)
45. # [09:44] * Joins: othermaciej (n=mjs@17.255.103.211)
46. # [09:44] * Quits: jacobolus (n=jacobolu@dhcp-0000036913-b5-5e.client.fas.harvard.edu)
47. # [09:44] <annevk> I didn't quite get raman, the <span> example is quite different from the <input> one
48. # [09:44] * Joins: heycam (n=cam@124-168-33-67.dyn.iinet.net.au)
49. # [09:45] <annevk> The <input> one represents a control where the <span> example represents something that fakes a control to AT
50. # [09:45] <krijnh> MikeSmith: mail then?
51. # [09:46] * krijnh is now known as krijn
52. # [09:50] * Joins: deane (n=dean@121.98.128.155)
53. # [09:50] <MikeSmith> krijn: http://people.w3.org/mike/logs/
54. # [09:50] <hsivonen> Hixie: I agree that <input type=checkbox> is preferable. ARIA just seems necessary considering what people out there do (including GWT it seems)
55. # [09:51] <Hixie> annevk: (re xhr/ac) ah. i recommend just making a decision and replying to the e-mail -- not replying leaves people without the ability to help you since we don't know that you're stuck :-)
56. # [09:51] <Hixie> othermaciej: what on that list (http://lists.w3.org/Archives/Public/www-tag/2008May/0087.html) isn't architectural?
57. # [09:52] <othermaciej> Hixie: " The use of imperative definitions rather than abstract definitions with the requirement of black-box equivalence in implementations"
58. # [09:52] * Disconnected
59. # [09:52] * Attempting to rejoin channel #whatwg
60. # [09:52] * Rejoined channel #whatwg
61. # [09:52] * Topic is 'WHATWG (HTML5) -- http://www.whatwg.org/ -- Logs: http://krijnhoetmer.nl/irc-logs/ -- Please leave your sense of logic at the door, thanks!'
62. # [09:52] * Set by gsnedders on Tue Dec 18 21:41:19
63. # [09:52] * Quits: deane (n=dean@121.98.128.155) (Remote closed the connection)
64. # [09:53] <Hixie> othermaciej: ah, yeah, i figured i should include that since it seems like the kind of thing the tag would complain about
65. # [09:53] <annevk> i replied to raman
66. # [09:53] <hsivonen> Hixie: as I understand it, people want to make checkboxes that look like they want and they don't like the way the native ones look
67. # [09:53] <othermaciej> Hixie: ok I will grant they may mistake it for architecture
68. # [09:53] * Quits: krijn (n=krijnhoe@ktk.xs4all.nl) (Nick collision from services.)
69. # [09:53] <hsivonen> Hixie: and they want to do it in a way that doesn't require all browser vendors to participate for the solution to work
70. # [09:54] * krijnh is now known as krijn
71. # [09:54] <hsivonen> Hixie: it's pretty ironic that with ARIA, the top 4 vendors *are* participating all of a sudden
72. # [09:54] <Hixie> othermaciej: my goal here is to preclude the tag from coming back in 2 years and telling us we have to do X and that it's ok that they are sending the feedback late because we didn't ask for feedback earlier (as they recently did with aria)
73. # [09:55] <annevk> othermaciej, the TAG has in fact given comments on imperative definitions to quite some extent on the Access Control specification
74. # [09:55] <Hixie> hsivonen: seems to me the assumptions underlying the ARIA work have been invalidated
75. # [09:55] <hsivonen> Hixie: so better CSS and XBL2 don't fit the requirements
76. # [09:55] <annevk> othermaciej, it went so far that one of them started drafting text for doing it in a different way
77. # [10:13] <hsivonen> Hixie: actually, it may be that all browser vendors participated precisely because ARIA was set up in such a way that no vendor could block it by not participating
78. # [10:13] <Hixie> annevk: i hope they try to do that with the "navigate" algorithm
79. # [10:13] <othermaciej> annevk: the TAG seems to be a force of randomness
80. # [10:13] * Joins: roc (n=roc@121-72-166-106.dsl.telstraclear.net)
81. # [10:13] <Hixie> hsivonen: maybe
82. # [10:13] <annevk> implementation ARIA is much more trivial than finding a solution for customizing form controls
83. # [10:13] * Joins: deane (n=dean@121.98.128.155)
84. # [10:13] <annevk> And also more short term as authors can use it directly without having to worry about legacy
85. # [10:13] * Joins: virtuelv (n=virtuelv@pat-tdc.opera.com)
86. # [10:13] <Hixie> i can't wait for people to start using aria on pages that don't need it
87. # [10:13] <annevk> To be clear, I agree that it's far from optimal. At this point it just seems sort of convenient for everyone...
88. # [10:13] <othermaciej> I feel like for every part of ARIA we implement, we have to tithe by adding appropriate equivalent HTML5 functionality and/or needed additional form control stylability
89. # [10:13] * Joins: mpt_ (n=mpt@canonical/launchpad/mpt)
90. # [10:13] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Read error: 113 (No route to host))
91. # [10:13] <othermaciej> but I think even with the right high-level semantic elements, a low-level accessibility feature like ARIA makes sense
92. # [10:13] * mpt_ is now known as mpt
93. # [10:13] <annevk> Hixie, so I think AC is good as is, apart from the warning for IIS servers which I will add today
94. # [10:13] <othermaciej> back shortly
95. # [10:13] <Hixie> annevk: cool
96. # [10:13] * Quits: othermaciej (n=mjs@17.255.103.211)
97. # [10:13] <annevk> Hixie, XHR2 has some of the issues XHR1 has which makes it more problematic
98. # [10:13] <Hixie> annevk: solve the xhr1 issues. :-)
99. # [10:13] <annevk> I initially thought we needed the method/header whitelist from the server but Bjoern convinced me that Jonas didn't make sense...
100. # [10:13] <annevk> Hixie, indeed :)
101. # [10:13] * Joins: jacobolus (n=jacobolu@dhcp-0000036913-b5-5e.client.fas.harvard.edu)
102. # [10:13] * Quits: jacobolus (n=jacobolu@dhcp-0000036913-b5-5e.client.fas.harvard.edu) (Client Quit)
103. # [10:22] * Joins: othermaciej (n=mjs@nat/apple/x-a822beb016d57e30)
104. # [10:22] <hsivonen> can anyone think of notable legacy HTML attributes that aren't conforming in either of HTML 4.01 Transitional or HTML5?
105. # [10:22] <Hixie> hsivonen: <marquee speed>
106. # [10:22] <hsivonen> Hixie: thanks
107. # [10:22] <Hixie> actually that's not a valid attribute
108. # [10:22] <Hixie> wikipedia says <marquee scrolldelay>
109. # [10:22] * hsivonen tries to find Philip`'s marquee stats
110. # [10:22] <Hixie> <img lowsrc> probably was never valid either
111. # [10:22] <Lachy__> hsivonen, <table height>
112. # [10:22] <hsivonen> Lachy__: height is a conforming name in other contexts
113. # [10:22] <hsivonen> I'm looking for unique strings
114. # [10:22] * Quits: KevinMarks (n=KevinMar@c-98-207-134-151.hsd1.ca.comcast.net)
115. # [10:22] <hsivonen> Hixie: yeah, I need to add lowsrc
116. # [10:22] <Hixie> what's this for?
117. # [10:22] <Hixie> if it's for ui, you probably just should look at common attribute names in stats
118. # [10:22] <Hixie> i expect <Script languaje=""> is used more than <img lowsrc>
119. # [10:22] <hsivonen> Hixie: for efficient magic handling of attribute names
120. # [10:22] <hsivonen> in the parser
121. # [10:22] <annevk> http://www.eskimo.com/~bloo/indexdot/html/tagpages/attributes/data.htm
122. # [10:22] <annevk> http://www.eskimo.com/~bloo/indexdot/html/tagpages/attributes/editing.htm
123. # [10:22] <Hixie> given the effort you're expending on optimisation work, i expect your parser to be able to parse the html5 spec in milliseconds :-P
124. # [10:22] <hsivonen> Hixie: so far benchmarking suggests that having magic knowledge of element names was a win
125. # [10:22] <annevk> onbounce, onfinish, etc.
126. # [10:23] <annevk> from http://www.eskimo.com/~bloo/indexdot/html/tagpages/attributes/events.htm
127. # [10:23] <hsivonen> Hixie: I need this code for some attributes anyway in order not to make the common cases suck
128. # [10:23] <hsivonen> Hixie: once the code is there, I might as well put less common cases on the fast track, too
129. # [10:23] <Hixie> cool
130. # [10:24] <annevk> Hixie, add <ruby> support if you don't want to do parsing :)
131. # [10:25] <Hixie> <ruby> support is going to be a pain because the css side doesn't support what i need
132. # [10:26] <Hixie> iirc
133. # [10:26] <Hixie> either that or i couldn't work out how to do IE compat on parsing, or something
134. # [10:26] <Hixie> there was some complication
135. # [10:27] <hsivonen> but doing this attribute work in a way that isn't very naïve is surprisingly tedious
136. # [10:27] * Joins: sverrej (n=sverrej@pat-tdc.opera.com)
137. # [10:27] <hsivonen> I think I'm going to suspend this task in order to avoid starving higher-layer conformance checking work
138. # [10:28] <annevk> Hixie, I thought it was the parsing and that you decided an approximation would be enough
139. # [10:28] <Hixie> probably
140. # [10:29] <Hixie> ruby is on my list
141. # [10:29] <krijn> MikeSmith: downloaded your logs, will put them online today
142. # [10:30] <Hixie> it's about half way down my priority list, whether i sort by number of e-mails, number of e-mails per thread, age of feedback, or whatever
143. # [10:31] * Joins: KevinMarks (n=KevinMar@c-98-207-134-151.hsd1.ca.comcast.net)
144. # [10:31] * Joins: roc_ (n=roc@121-72-166-106.dsl.telstraclear.net)
145. # [10:32] * Quits: roc (n=roc@121-72-166-106.dsl.telstraclear.net) (Read error: 104 (Connection reset by peer))
146. # [10:32] * Joins: webben (n=benh@nat/yahoo/x-ef51cd10cfb3d4a5)
147. # [10:32] <MikeSmith> krijn: OK
148. # [10:33] <hsivonen> annevk: thanks for the bloo links. is anyone actually using the IE4 dataformatas stuff?
149. # [10:33] <krijn> And still 855 mails behind on public-html :/
150. # [10:34] <hsivonen> I hope we could go back in time and make SVG use hyphens instead of camelCase
151. # [10:36] <hsivonen> getting attributes right is such a mess
152. # [10:36] <hsivonen> and most of the mess is due to Namespaces and xml:lang
153. # [10:36] <hsivonen> compared to those, the camelCase fixup is a lesser mess
154. # [10:36] <roc_> hmm
155. # [10:37] <roc_> SVG *does* use hyphens
156. # [10:37] * roc_ is now known as roc
157. # [10:37] <roc> I guess it uses both :-(
158. # [10:37] <hsivonen> roc: SVG uses many things
159. # [10:37] <Hixie> SVG is as bad as HTML
160. # [10:37] <hsivonen> roc: the hyphen is benign
161. # [10:37] <Hixie> it uses runtogether, camelCase, hyphen-ated, and mixtures of those
162. # [10:37] <roc> I actually prefer camelCase
163. # [10:37] <hsivonen> xlink:foo and the camelCase suck really badly for me
164. # [10:38] <Hixie> oh and with:namespace, too
165. # [10:38] <hsivonen> I mean if I end up writing lot of corner case code *anyway* I think I should make it performant, too.
166. # [10:38] <Hixie> html at least has the defence of having been designed by many people
167. # [10:38] <Hixie> svg is inconsistent for no good reason
168. # [10:38] <hsivonen> but then there are so many situations that need different handling
169. # [10:38] <hsivonen> aargh
170. # [10:39] <hsivonen> I've decided I'm going to drop some marginal elegance and correctness
171. # [10:39] <roc> hyphens in names need to be mangled when you convert them to DOM attribute names etc
172. # [10:39] <hsivonen> roc: good point. But *my* code doesn't deal with that. :-)
173. # [10:40] <Hixie> html is case-insensitive, so anything with uppercase letters becomes a mess
174. # [10:40] <annevk> hsivonen, dunno
175. # [10:40] <annevk> Hixie, SVG is designed by many people too I think :(
176. # [10:41] <Hixie> yeah but they're in one wg, so that's no excuse
177. # [10:41] <roc> yeah, not so much
178. # [10:41] <annevk> Hixie, hmm, maybe Policy-Path is a bigger issue, do you think it would still be worth it if it was only for the entire domain?
179. # [10:42] <Hixie> probably not
180. # [10:43] <hsivonen> so we have: 1) plain attribute foo, 2) camelCase in no namespace fooBar, 3) legacy colons: xlink:href, 4) lang vs. xml:lang, 5) default namespace talisman: xmlns, 6) XLink talisman xmlns:xlink, 7) other prefix cruft: xmlns:foo, 8) the id attribute
181. # [10:43] <hsivonen> that's pretty insane
182. # [10:43] <hsivonen> and then some of those have contextual XML mappability constraints
183. # [10:43] * Joins: qwert666 (n=qwert666@acah173.neoplus.adsl.tpnet.pl)
184. # [10:44] <hsivonen> I think the count goes up to at least 11 different situations
185. # [10:45] <hsivonen> and only 3 of them aren't the fault of Namespaces
186. # [10:46] <Hixie> so i have an e-mail here saying that GBK should be treated like GB2312
187. # [10:46] <hsivonen> every time I write code that touches this area, I can't but think that Namespaces was a huge mistake
188. # [10:46] <Hixie> but wikipedia says GBK is a superset of 2312
189. # [10:46] <Hixie> *confused*
190. # [10:46] <hsivonen> Hixie: GB2312 should be treated as GBK
191. # [10:46] <Hixie> ok that makes more sense
192. # [10:47] <hsivonen> Hixie: Gecko does something a bit weirder which amounts to that as a black box and WebKit simply aliases it, IIRC
193. # [10:47] <gsnedders> hsivonen: yeah, that's right
194. # [10:48] <Hixie> i wonder how to test if euc-kr and win-949 are being treated the same
195. # [10:48] * Quits: othermaciej (n=mjs@nat/apple/x-a822beb016d57e30) (Read error: 110 (Connection timed out))
196. # [10:49] <hsivonen> Hixie: I'm so glad you didn't add xml:id to the fixups
197. # [10:49] <Hixie> that was intentional
198. # [10:49] <hsivonen> it would raised the case count from 11 to 13
199. # [10:49] <hsivonen> oops. 14 actually
200. # [10:49] <krijn> hsivonen: is there a way to use validator.nu on a page with http authentication?
201. # [10:50] <hsivonen> krijn: not directly.
202. # [10:50] <krijn> Tried putting in the uri, but that's deprecated :)
203. # [10:50] <hsivonen> krijn: but you can retrieve the bytes and the HTTP header yourself and POST it to V.nu
204. # [10:51] <Philip`> hsivonen: If this is just for performance, why do you care about specified / legacy attributes rather than about the most commonly used attributes?
205. # [10:51] <hsivonen> I don't want to ask people to send credentials to my server
206. # [10:51] <krijn> hsivonen: I understand
207. # [10:52] <hsivonen> Philip`: you are right. I should also care about the most commonly used
208. # [10:52] <Philip`> hsivonen: Why "also", rather than "only"?
209. # [10:53] <annevk> so access control could help with validating authenticated sites (though you'd still be sharing data with henri one way or another)
210. # [10:53] <hsivonen> Philip`: theory, I guess
211. # [10:54] <Philip`> hsivonen: http://www.dia.wa.gov.au/ has a dataformatas attribute (though it doesn't seem to be used correctly or usefully)
212. # [10:55] * Quits: Lachy__ (n=Lachlan@85.196.122.246) ("This computer has gone to sleep")
213. # [10:56] <Philip`> hsivonen: I could get a list of the most commonly used attribute names, if that'd be useful
214. # [10:56] <hsivonen> Philip`: it would be useful, yes
215. # [10:56] <Philip`> (http://www.oyak.com.tr/ uses a dataformatas too)
216. # [10:59] * Quits: aroben (n=aroben@unaffiliated/aroben) (Read error: 104 (Connection reset by peer))
217. # [11:00] <hsivonen> Hixie: making xmlns talismans allowed contextually adds to the attribute craziness pain
218. # [11:01] <Hixie> i imagine
219. # [11:04] <annevk> actually, Hixie, how is Policy-Path vulnerable in the cases Jonas and Bjoern mention?
220. # [11:04] <hsivonen> Namespaces is such a white elephant
221. # [11:05] <annevk> I don't quite get it, because it requires value equivalence it should be more safe
222. # [11:05] <hsivonen> makes things harder for authors to grok and makes thing harder to implement
223. # [11:05] <Hixie> annevk: if you OPTIONS http://example.com/foo/ and it says that there is a policy-path for all of /foo/
224. # [11:06] <Hixie> annevk: and you then do a POST to http://example.com/foo/bar and due to a misconfiguration on the server that is treated as equivalent to http://example.com/baz
225. # [11:06] <annevk> oh right, it's about the requests after that, never mind :(
226. # [11:07] <hsivonen> Hixie: I'm so glad you aren't trying to emulate the AVNormalize stuff
227. # [11:07] <Hixie> annevk: of course you could similarly argue that HTTP in general is a security risk because what happens if when you do a GET to http://example.com/test, the server, being misconfigured, instead does an rm -rf of all the data in the directory for example.org which happens to be hosted on the same virtual host
228. # [11:07] <Hixie> hsivonen: ?
229. # [11:07] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Read error: 113 (No route to host))
230. # [11:07] <hsivonen> Hixie: making the attribute *value* change contextually, too
231. # [11:07] <Hixie> hsivonen: o_O
232. # [11:08] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
233. # [11:08] * Joins: Lachy__ (n=Lachlan@pat-tdc.opera.com)
234. # [11:08] * hsivonen referst to XML spec fragment ids: http://www.w3.org/TR/REC-xml/#AVNormalize
235. # [11:08] <annevk> true
236. # [11:08] <annevk> grmbl
237. # [11:08] <annevk> i don't like having to resolve these issues as i don't really know the right answer
238. # [11:09] <Hixie> well someone has to resolve them :-)
239. # [11:09] * Hixie has this problem all the time with html5
240. # [11:09] <Hixie> hsivonen: oh, attribute value normalisation
241. # [11:09] <Hixie> hsivonen: yeah, screw that, who cares :-)
242. # [11:10] <Hixie> annevk: in practice if you make the wrong choice, someone tells you, and you change it
243. # [11:10] <Hixie> annevk: it's pretty simple :-)
244. # [11:11] <annevk> well, if only one person speaks up, such as Julian, it's more tricky, because i often disagree with him :)
245. # [11:11] <annevk> but the XHR issues are more trivial anyway
246. # [11:11] <annevk> except for dealing with him
247. # [11:11] <Philip`> hsivonen: Is it more useful to know the number of pages each attribute appears on, or the total number of times the attribute appears on all pages?
248. # [11:12] <hsivonen> Philip`: I suppose the latter in principle but the former may be better in order to avoid weird selection biases
249. # [11:18] <Philip`> http://canvex.lazyilluminati.com/survey/2007-07-17/analyse.cgi/attr/t gets somewhat skewed by Topix
250. # [11:19] * Joins: ROBOd (n=robod@89.122.216.38)
251. # [11:19] <hsivonen> Philip`: should I add csobj to the element list?
252. # [11:19] * Lachy__ is now known as Lachy
253. # [11:20] <Hixie> annevk: well, if you need backup don't hesitate to let me know you want a reply
254. # [11:21] <Hixie> and i'll deal with it :-)
255. # [11:21] <annevk> heh, thanks
256. # [11:22] * Joins: aaronlev (n=chatzill@e180228089.adsl.alicedsl.de)
257. # [11:23] <Philip`> hsivonen: http://philip.html5.org/data/attr-count-pages.txt http://philip.html5.org/data/attr-count-total.txt
258. # [11:23] <Hixie> aw man
259. # [11:23] <Hixie> marginheight
260. # [11:23] <hsivonen> Philip`: thanks
261. # [11:23] <Hixie> totally didn't think of that
262. # [11:24] <hsivonen> Hixie: if you make it conforming, it's easier to remember :-)
263. # [11:24] <Hixie> i've already made style="" conforming, don't push your luck :-P
264. # [11:26] <Philip`> hsivonen: http://philip.html5.org/data/tag-count-pages.txt http://philip.html5.org/data/tag-count-total.txt if you want to see where csobj is
265. # [11:26] <hsivonen> Philip`: thank you
266. # [11:27] <Philip`> (The page counts are still strongly biased by a few sites that have thousands of pages in the list)
267. # [11:27] <hsivonen> I know the Web is weird and still these stats tend to surprise me in some ways
268. # [11:28] <Philip`> (but most of the pages are still from sites with only one page in the list, if I remember correctly)
269. # [11:29] <Hixie> hsivonen: how so?
270. # [11:29] <hsivonen> Hixie: like claris cruft
271. # [11:29] <Hixie> ah
272. # [11:30] <Hixie> NYT is a big enough site that i see NYT-specific cruft in my data
273. # [11:30] <Hixie> <nyt_copyright> and the like
274. # [11:30] * Joins: billyjack (n=MikeSmit@EM119-72-22-154.pool.e-mobile.ne.jp)
275. # [11:30] <Hixie> and ebay is big enough that it skews certain things, like the most common absolute url for <img src=""> is a 1x1 pixel GIF on ebay
276. # [11:31] * Joins: webben_ (n=benh@nat/yahoo/x-85d70107a0a32cb5)
277. # [11:31] <hsivonen> I wonder what CDN load that gif causes
278. # [11:32] * Quits: MikeSmith (n=MikeSmit@58.157.21.205) (Nick collision from services.)
279. # [11:33] * billyjack is now known as MikeSmiith
280. # [11:33] * MikeSmiith is now known as MikeSmith
281. # [11:37] <Philip`> Most EBay pages seem to only get a dozen viewers, so it shouldn't be as much load as the occurrence count would suggest
282. # [11:38] * Philip` realises that when he said "start tag" he was totally wrong, since he forgot the distinction between the tokeniser and the SAX-mode parser
283. # [11:38] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
284. # [11:40] <Philip`> Hixie: s/occurance/occurrence/ in latest checkin
285. # [11:41] <Hixie> thx
286. # [11:44] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Read error: 113 (No route to host))
287. # [11:46] * Quits: webben (n=benh@nat/yahoo/x-ef51cd10cfb3d4a5) (Read error: 110 (Connection timed out))
288. # [11:46] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
289. # [11:47] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
290. # [11:54] * Joins: maikmerten (n=maikmert@L8bf3.l.pppool.de)
291. # [11:58] * Quits: maikmerten (n=maikmert@L8bf3.l.pppool.de) (Remote closed the connection)
292. # [11:59] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
293. # [11:59] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
294. # [12:00] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
295. # [12:00] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
296. # [12:00] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
297. # [12:02] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
298. # [12:02] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
299. # [12:05] * Joins: myakura (n=myakura@p5047-ipbf1403marunouchi.tokyo.ocn.ne.jp)
300. # [12:08] * Joins: webben (n=benh@nat/yahoo/x-2c23702d70ba6017)
301. # [12:10] * Quits: Lachy (n=Lachlan@pat-tdc.opera.com) ("Leaving")
302. # [12:14] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
303. # [12:14] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
304. # [12:14] * Joins: Lachy (n=Lachlan@pat-tdc.opera.com)
305. # [12:17] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
306. # [12:17] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
307. # [12:19] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
308. # [12:19] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
309. # [12:20] * Quits: sverrej (n=sverrej@pat-tdc.opera.com) (Remote closed the connection)
310. # [12:21] * Joins: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com)
311. # [12:23] * Joins: zcorpan (n=zcorpan@pat.se.opera.com)
312. # [12:23] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
313. # [12:23] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
314. # [12:24] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
315. # [12:24] <zcorpan> styles on html and body in the outer document would apply to each seamless iframe
316. # [12:24] * Joins: sverrej (n=sverrej@pat-tdc.opera.com)
317. # [12:25] * Quits: webben_ (n=benh@nat/yahoo/x-85d70107a0a32cb5) (No route to host)
318. # [12:25] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
319. # [12:27] <zcorpan> perhaps doc='' should be an "in body" fragment
320. # [12:28] <zcorpan> <iframe innerhtml=''>
321. # [12:28] <Philip`> <iframe body=''>
322. # [12:30] <zcorpan> yeah body is better
323. # [12:30] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
324. # [12:30] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
325. # [12:30] * Parts: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com)
326. # [12:30] <zcorpan> optionally used together with type=''
327. # [12:31] <zcorpan> wonder if there's a case where one'd want to have a full html document and not just in body
328. # [12:31] <zcorpan> and not the xml syntax
329. # [12:33] <Philip`> Seamless framesets!
330. # [12:33] <hsivonen> zcorpan: style sheet link?
331. # [12:33] <hsivonen> that's something from outside the body
332. # [12:33] * Joins: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com)
333. # [12:33] <hendry> can't one assume utf-8 nowadays? http://googleblog.blogspot.com/2008/05/moving-to-unicode-51.html
334. # [12:34] <zcorpan> hsivonen: <style scoped>@import works though
335. # [12:34] <zcorpan> hsivonen: but yeah
336. # [12:34] <hendry> i was just thinking why <meta charset="UTF-8"> is really needed
337. # [12:34] <hsivonen> hendry: nope
338. # [12:34] <hendry> hsivonen: reasoning? :)
339. # [12:34] <hsivonen> hendry: we are talking about parsing a DOMString that is already UTF-16
340. # [12:34] <zcorpan> hendry: i have set my browser to fall back to utf-8 and it breaks a number of pages
341. # [12:35] <hendry> zcorpan: for example?
342. # [12:37] <hendry> another silly question. how do I track the actual HTML rendering of this change? http://html5.org/tools/web-apps-tracker?from=1660&to=1661 in http://www.whatwg.org/specs/web-apps/current-work/multipage/
343. # [12:37] <Hixie> how do you spell "cyclable"? As in, something that can be cycled.
344. # [12:37] <hsivonen> Re: earlier ODF links: I think Adobe made a mistake when it tried to protect its direct Acrobat sales by asking MS not to build PDF export into Office by default
345. # [12:38] <Hixie> hendry: how do you mean?
346. # [12:38] <Philip`> Hixie: You look on Google to see if many other people have spelt it that way, and if they have then it's probably adequately legitimate :-)
347. # [12:39] <Hixie> doesn't work
348. # [12:39] <hendry> Hixie: i want a link of that diff to the particular section of http://www.whatwg.org/specs/web-apps/current-work. so i can get more context.
349. # [12:39] <Hixie> "cyclable" is a common french word
350. # [12:39] <Hixie> hendry: oh
351. # [12:39] <Hixie> hendry: just search for the added text
352. # [12:40] <zcorpan> hendry: e.g. https://ladda.telenor.se/topup.asp
353. # [12:41] <Philip`> Hixie: Alternatively, you spell it whatever way you think looks sensible and then see if anyone suggests that's wrong and justifies an alternative :-)
354. # [12:42] <hendry> Hixie: searching around http://www.whatwg.org/specs/web-apps/current-work/ is hard work for my Thinkpad ;) but OK. Another silly question. How do I see the revision number on http://www.whatwg.org/specs/web-apps/current-work/
355. # [12:42] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
356. # [12:42] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
357. # [12:42] <annevk> hendry, svn.whatwg.org/webapps/
358. # [12:43] <Philip`> hendry: You can use http://html5.org/tools/web-apps-tracker?from=1660&to=1661&context=20 if you want more context
359. # [12:45] <hendry> was expecting a little SVN r1663 printed somewhere on the spec
360. # [12:45] <Hixie> hendry: use a better browser :-)
361. # [12:45] <hendry> Philip`: ah thanks. though I still prefer to read er "rendered HTML".
362. # [12:46] * Quits: KevinMarks (n=KevinMar@c-98-207-134-151.hsd1.ca.comcast.net) ("The computer fell asleep")
363. # [12:47] <annevk> since Hixie makes markup mistakes about every week, reading the diffs is easier :p
364. # [12:47] <hsivonen> markup is tough :-)
365. # [12:49] <Hixie> hendry: the one on the site isn't in subversion
366. # [12:49] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
367. # [12:49] <Hixie> hendry: it's the working copy
368. # [12:49] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
369. # [12:49] <Hixie> hendry: so it's always rX where X = N+1 where N is rHEAD
370. # [12:53] <gsnedders> Hixie: http://trac.webkit.org/browser/trunk/WebCore/platform/text/TextCodecICU.cpp#L61 if you haven't already see that
371. # [12:55] <Hixie> gsnedders: anything specific?
372. # [12:55] <gsnedders> Hixie: No, just the general list of encodings there
373. # [12:55] <Hixie> seems to match basically what's in the spec now
374. # [12:56] <Hixie> except for TIS-620
375. # [13:03] * Quits: MikeSmith (n=MikeSmit@EM119-72-22-154.pool.e-mobile.ne.jp) ("Less talk, more pimp walk.")
376. # [13:03] <annevk> has anyone checked whether this alias stuff also applies to text/plain and text/xml ?
377. # [13:04] <Hixie> i imagine it applies to text/plain, yes
378. # [13:04] <Hixie> really we should just get IANA updated
379. # [13:05] <annevk> that's what i was getting at
380. # [13:05] <Hixie> i'm happy to remove this stuff once IANA is updated. :-)
381. # [13:05] * Joins: MikeSmith (n=MikeSmit@58.157.21.205)
382. # [13:06] <gsnedders> But are we going to get it updated? Unlikely.
383. # [13:06] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
384. # [13:06] <gsnedders> annevk: text/xml certainly
385. # [13:06] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
386. # [13:06] * Joins: webben_ (n=benh@nat/yahoo/x-cb996de2d4ae7abb)
387. # [13:07] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
388. # [13:08] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
389. # [13:17] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Read error: 113 (No route to host))
390. # [13:18] * Quits: webben (n=benh@nat/yahoo/x-2c23702d70ba6017) (Read error: 110 (Connection timed out))
391. # [13:23] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
392. # [13:24] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
393. # [13:25] * Quits: roc (n=roc@121-72-166-106.dsl.telstraclear.net)
394. # [13:25] * Joins: itpastorn (n=itpastor@ne.keryx.se)
395. # [13:28] * Philip` disapproves of the Americanization like s/serialise/serialize/ :-p
396. # [13:28] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
397. # [13:29] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
398. # [13:29] <hsivonen> annevk: should the "I've read the changes!" button take me to the next diff?
399. # [13:30] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
400. # [13:30] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
401. # [13:30] <Hixie> could someone who has an implementation of the encoding sniffer let me know if my latest checkin is correct?
402. # [13:31] <Hixie> Philip`: me too, but i have to be consistent at least
403. # [13:32] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
404. # [13:32] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
405. # [13:33] <annevk> hsivonen, no
406. # [13:33] <hsivonen> ok.
407. # [13:33] <annevk> hsivonen, maybe someone could add a "next diff" thingie...
408. # [13:33] <hsivonen> reading diff from my mailbox then
409. # [13:33] <annevk> hsivonen, it stores a cookie for your next visit
410. # [13:38] * hsivonen finds that feature additions aren't always annotated [c]
411. # [13:40] <hsivonen> apparently <script charset> and data-* escaped my script for this reason
412. # [13:40] <Hixie> yeah i'm pretty flaky
413. # [13:41] <Hixie> i often don't really know what to annotate things with
414. # [13:41] <Hixie> sorry about that
415. # [13:43] * hsivonen notes language attribute participates in processing but is not conforming
416. # [13:44] <hsivonen> I wonder if I've missed anything else
417. # [13:44] <hsivonen> my cursory reading suggests no
418. # [13:46] <hsivonen> Hixie: did you make type attribute required for inline scripts? http://bugzilla.validator.nu/show_bug.cgi?id=186
419. # [13:48] <annevk> if he did, it's a bug
420. # [13:48] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
421. # [13:48] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
422. # [13:48] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
423. # [13:48] <Hixie> not intentionally, why?
424. # [13:48] <Hixie> oh
425. # [13:48] <Hixie> i made it required if it's not javascript
426. # [13:48] <Hixie> or something like that
427. # [13:48] <hsivonen> Hixie: "When used to include script data, the script data must be embedded inline, the format of the data must be given using the type attribute"
428. # [13:48] <Hixie> shouldn't affect you
429. # [13:48] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
430. # [13:48] <Hixie> right
431. # [13:49] <hsivonen> Hixie: not as clear as it could be
432. # [13:49] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
433. # [13:49] <hsivonen> I take it that there's no actionable change in http://bugzilla.validator.nu/show_bug.cgi?id=186 then?
434. # [13:49] <Hixie> send mail saying what's confusing :-)
435. # [13:49] * Joins: maikmerten (n=maikmert@L8bf3.l.pppool.de)
436. # [13:49] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
437. # [13:49] <hsivonen> ok
438. # [13:49] <Hixie> hsivonen: depends what you are testing
439. # [13:50] <Hixie> hsivonen: if the type="" is application/xml or some such, you should probably test xml well-formedness or something, if you want to be perfect and cool
440. # [13:50] <Hixie> but if you're treating script as a black box for now, then no, probably not
441. # [13:51] <hsivonen> Hixie: black box for now
442. # [13:51] <hsivonen> Hixie: except it is a text-based black box
443. # [13:52] <hsivonen> Hixie: I don't support theoretical XML tree-based languages
444. # [13:54] * hsivonen sees Hixie defined iWeb as legitimate
445. # [13:56] <Hixie> hm?
446. # [13:56] <Hixie> iWeb does a lot of bad things
447. # [13:56] <Hixie> i doubt i've made its output valid
448. # [13:56] <hsivonen> "However, WYSIWYG tools are legitimate. WYSIWYG tools should use elements they know are appropriate, and should not use elements that they do not know to be appropriate. This might in certain extreme cases mean limiting the use of flow elements to just a few elements, like div, b, i, and span and making liberal use of the style attribute."
449. # [13:57] <Hixie> something to that effect has always been there, no?
450. # [13:58] <hsivonen> not sure
451. # [13:58] <Hixie> i mean, we used to have a whole _section_ justifying wysiwyg editors
452. # [13:58] <annevk> yeah, before it was <font>
453. # [13:58] <hsivonen> I wasn't complaining :-)
454. # [14:03] <Philip`> Hmm, IE has much stricter charset parsing than other browsers
455. # [14:05] <Hixie> ok i'm going to bed now
456. # [14:05] <Hixie> nn
457. # [14:06] * Quits: webben_ (n=benh@nat/yahoo/x-cb996de2d4ae7abb)
458. # [14:06] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
459. # [14:07] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
460. # [14:16] * Joins: webben (n=benh@nat/yahoo/x-8227d99416281694)
461. # [14:16] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
462. # [14:16] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
463. # [14:19] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
464. # [14:19] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
465. # [14:23] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
466. # [14:23] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
467. # [14:28] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
468. # [14:28] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
469. # [14:29] * Quits: ROBOd (n=robod@89.122.216.38) (Read error: 104 (Connection reset by peer))
470. # [14:35] * Quits: maikmerten (n=maikmert@L8bf3.l.pppool.de) (Remote closed the connection)
471. # [14:37] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
472. # [14:38] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
473. # [14:39] * Joins: ROBOd (n=robod@89.122.216.38)
474. # [14:45] * Quits: myakura (n=myakura@p5047-ipbf1403marunouchi.tokyo.ocn.ne.jp) ("Leaving...")
475. # [15:04] * Joins: myakura (n=myakura@p5047-ipbf1403marunouchi.tokyo.ocn.ne.jp)
476. # [15:22] * Quits: webben (n=benh@nat/yahoo/x-8227d99416281694)
477. # [15:29] * Quits: zcorpan (n=zcorpan@pat.se.opera.com) (Read error: 110 (Connection timed out))
478. # [15:30] * Lachy regrets jumping in to the alt debate again :-(
479. # [15:32] <hsivonen> I'm so glad I promised myself that I stay out of it
480. # [15:34] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
481. # [15:34] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
482. # [15:36] * Quits: myakura (n=myakura@p5047-ipbf1403marunouchi.tokyo.ocn.ne.jp) ("Leaving...")
483. # [15:36] * Joins: webben (n=benh@nat/yahoo/x-d5c76b51e84afdc7)
484. # [15:39] * Joins: myakura (n=myakura@p5047-ipbf1403marunouchi.tokyo.ocn.ne.jp)
485. # [15:40] * Joins: jcranmer (n=jcranmer@ltsp1.csl.tjhsst.edu)
486. # [15:41] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
487. # [15:41] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
488. # [15:41] * Parts: jcranmer (n=jcranmer@ltsp1.csl.tjhsst.edu)
489. # [15:42] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
490. # [15:43] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
491. # [15:44] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
492. # [15:44] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
493. # [15:45] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
494. # [15:46] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
495. # [15:47] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
496. # [15:47] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
497. # [16:12] * Quits: myakura (n=myakura@p5047-ipbf1403marunouchi.tokyo.ocn.ne.jp) ("Leaving...")
498. # [16:13] <takkaria> I love Rob Burns
499. # [16:14] <takkaria> he appears to be applying literary deconstruction to Namespces in XML
500. # [16:14] <Dashiva> We'll just redefine everything and have a wizard handle the backwards compatability problems
501. # [16:14] * Quits: webben (n=benh@nat/yahoo/x-d5c76b51e84afdc7) (Read error: 104 (Connection reset by peer))
502. # [16:15] <MikeSmith> yes
503. # [16:15] <MikeSmith> Dashiva: there you have stumbled upon the solution to all our problems
504. # [16:15] <MikeSmith> a wizard or magic fairy
505. # [16:17] * Philip` grabs the fairy and bites its head off
506. # [16:18] * Joins: phsiao (n=shawn@nat/ibm/x-70bff5882e723639)
507. # [16:18] * Joins: billmason (n=billmaso@ip246.unival.com)
508. # [16:20] <Dashiva> I think a message saying "Can we please keep the 'how to represent missing alt data' and 'is missing alt data conforming' issues separate, and not start arguing about one in a thread actually making progress on the other?"
509. # [16:20] <Dashiva> would be in order about now...
510. # [16:20] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
511. # [16:21] <annevk> i like it how RB puts the blame for everything on these horrible implementors
512. # [16:21] * takkaria bingles Philip TAYLOR (Ret'd) for his latest opine
513. # [16:21] <Dashiva> takkaria: Feel free the write the mail outlined above ;)
514. # [16:23] <takkaria> Dashiva: the three-line posts that he makes are often not replied to, so I'll just sit and hope that's the case here
515. # [16:26] * MikeSmith is nostalgic for Philip TAYLOR (Webmaster) .. and for that brief moment in time when we had Philip TAYLOR (Webmaster, Ret'd)
516. # [16:29] <takkaria> I think he's very often wrong, but at least he's short and to the point. :)
517. # [16:34] <Lachy> The wizard and magic fairy solution is intriguing.
518. # [16:51] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
519. # [16:51] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
520. # [16:52] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
521. # [16:52] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
522. # [16:54] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
523. # [16:54] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
524. # [16:56] <Lachy> hmm. It looks like the machine-checkable vs. non-machine-checkable conformance criteria debate is yet another bikeshed to avoid.
525. # [16:57] <Philip`> It's not a bikeshed, since it's a significant issue
526. # [16:57] <annevk> someone just mentioned the semantic web in that context
527. # [17:10] * Quits: weinig (n=weinig@c-71-198-176-23.hsd1.ca.comcast.net)
528. # [17:13] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
529. # [17:13] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
530. # [17:31] * Quits: Lachy (n=Lachlan@pat-tdc.opera.com) ("This computer has gone to sleep")
531. # [17:33] * Joins: csarven (i=csarven@on-irc.csarven.ca)
532. # [17:37] * Quits: itpastorn (n=itpastor@ne.keryx.se) (Read error: 110 (Connection timed out))
533. # [17:45] * Joins: Lachy (n=Lachlan@85.196.122.246)
534. # [17:46] * Joins: itpastorn (n=itpastor@139.57.227.87.static.th.siw.siwnet.net)
535. # [17:46] * Joins: webben (n=benh@nat/yahoo/x-e59189ba600e66fd)
536. # [17:50] <takkaria> I'm not quite sure how JJ's machine-checkable idealism would be implemented, even after his previous posts on the issue
537. # [17:50] * Joins: maikmerten (n=maikmert@L8bf3.l.pppool.de)
538. # [17:50] <takkaria> cos it seems to me that if he had his way, HTML5 would require much more verbosity and have little default styling, such that no-one would actually write it over HTML4
539. # [17:55] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
540. # [17:55] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
541. # [17:55] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
542. # [17:56] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
543. # [17:57] <gsnedders> takkaria: Implication is that it has to have _no_ default styling
544. # [17:57] <gsnedders> takkaria: Thereby going against the principle of backwards compat.
545. # [17:59] * Joins: hober (n=ted@unaffiliated/hober)
546. # [17:59] <takkaria> gsnedders: that too :)
547. # [18:00] * Joins: Windstoss (n=wind@mnhm-4d013dc4.pool.mediaWays.net)
548. # [18:00] <takkaria> my point is really that the increased verbosity it would require would mean that you need more bytes to get the same effect so no one would actually use it
549. # [18:01] <Dashiva> And someone would then implement <body default-style> to use HTML4 styles :)
550. # [18:01] <Philip`> That's why browsers have to remove support for HTML4 features so that everyone will rapidly transition into the exciting new world of the semantic web
551. # [18:02] * Joins: jdandrea (n=jdandrea@ool-44c09c49.dyn.optonline.net)
552. # [18:04] * Quits: jdandrea (n=jdandrea@ool-44c09c49.dyn.optonline.net) (Client Quit)
553. # [18:04] * Joins: jdandrea (n=jdandrea@ool-44c09c49.dyn.optonline.net)
554. # [18:04] <takkaria> someone should probably point him towards XHTML2...
555. # [18:05] <annevk> HT doesn't seem to be willing to accept reality just yet... :(
556. # [18:10] <annevk> I wonder if HT is suggesting that browsers dispatch on nodeName rather than localName + namespaceURI
557. # [18:10] * Quits: billmason (n=billmaso@ip246.unival.com) (Read error: 104 (Connection reset by peer))
558. # [18:11] <annevk> That's near insane
559. # [18:12] * Joins: billmason (n=billmaso@ip246.unival.com)
560. # [18:13] <Philip`> Seems kind of odd to throw out the whole namespace URI thing just so you can keep something that looks the same as the colon syntax
561. # [18:14] <Dashiva> It's to preserve the integrity of namespaces that we're rewriting namespaces
562. # [18:14] <Dashiva> Isn't that obvious?
563. # [18:15] <takkaria> the first rule of namespaces is that you do not follow Namespaces
564. # [18:15] <Dashiva> What's the second rule?
565. # [18:15] <Lachy> there is no second rule
566. # [18:16] * Joins: smedero (n=smedero@mdp-nat251.mdp.com)
567. # [18:16] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
568. # [18:16] <Dashiva> Is that a rule?
569. # [18:17] * Joins: weinig (n=weinig@17.203.15.182)
570. # [18:17] * Quits: virtuelv (n=virtuelv@pat-tdc.opera.com) (Read error: 110 (Connection timed out))
571. # [18:17] <Philip`> It's more of a guideline
572. # [18:18] * Joins: andersca (n=andersca@nat/apple/x-02ca7b980d41027b)
573. # [18:18] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
574. # [18:20] <takkaria> except for the evil implementors
575. # [18:21] * Joins: tndH_ (i=Rob@adsl-77-86-104-108.karoo.KCOM.COM)
576. # [18:23] <Dashiva> The vast browser-wing conspiracy
577. # [18:23] * Quits: sverrej (n=sverrej@pat-tdc.opera.com) (Read error: 110 (Connection timed out))
578. # [18:25] <Philip`> Does there exist a list of conspiracies that were actually real, and worked successfully for quite a while?
579. # [18:25] <Dashiva> Yes
580. # [18:25] <Dashiva> I read an article about it yesterday, actually
581. # [18:25] <Philip`> It'd be interesting to see how vast a conspiracy could get, and how the probability of keeping it secret varies with size
582. # [18:27] <takkaria> Mozilla is especially to blame for the browser conspiracy. they only look like they're open
583. # [18:28] <Philip`> But Opera is closed source and for-profit so it must be transmitting all your browsing details to the NSA
584. # [18:28] * Joins: eseidel (n=eseidel@c-24-130-11-246.hsd1.ca.comcast.net)
585. # [18:29] <Dashiva> Don't forget that they all send your browsing data to these so-called "anti-phising" services
586. # [18:29] <Philip`> Firefox doesn't (by default) :-p
587. # [18:30] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
588. # [18:30] <Dashiva> That's what they want you to think
589. # [18:30] * Philip` assumes Opera does, but isn't sure
590. # [18:30] <Dashiva> It just means they hide it
591. # [18:30] <Philip`> Dashiva: Where do they hide it?
592. # [18:30] <Dashiva> ICMP
593. # [18:30] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
594. # [18:30] <Philip`> ...
595. # [18:30] <takkaria> they actually install a trojan network stack on Windows machines so you can't detect it
596. # [18:30] <Dashiva> The payload of PING can be used for data transfer just fine
597. # [18:30] <Philip`> takkaria: I'm running Linux
598. # [18:31] <takkaria> Philip`: they don't do so well there
599. # [18:32] <Philip`> Also I'll claim that I'm running Gentoo and compiled Firefox from source, so I wouldn't be affected by secret hidden code in the distributed binary
600. # [18:32] <Dashiva> And you read the source? :)
601. # [18:33] <Philip`> No, but millions of other eyes have
602. # [18:34] <Dashiva> Yeah, and those millions of eyes totally caught that debian vuln last week ;)
603. # [18:34] <Philip`> (Actually I used Gentoo's mozilla-firefox-bin package which downloads the official Mozilla binary instead, because I didn't fancy waiting an hour for it to compile after every minor version upgrade...)
604. # [18:34] <Philip`> Dashiva: Indeed, they did catch it last week, which proves that vulnerabilities always get noticed :-)
605. # [18:34] <Dashiva> In other news, Henry is quite optimistic about HTML5 it seems
606. # [18:35] * Quits: shepazu (n=schepers@vis046b.inria.fr)
607. # [18:40] * Quits: deane (n=dean@121.98.128.155) ("ChatZilla 0.9.82.1 [Firefox 3.0b5/2008050509]")
608. # [18:40] * Quits: tndH (i=Rob@77.86.114.76) (Read error: 110 (Connection timed out))
609. # [18:40] * Quits: itpastorn (n=itpastor@139.57.227.87.static.th.siw.siwnet.net) (Read error: 110 (Connection timed out))
610. # [18:43] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Read error: 113 (No route to host))
611. # [18:45] * Quits: eseidel (n=eseidel@c-24-130-11-246.hsd1.ca.comcast.net) (Read error: 110 (Connection timed out))
612. # [18:54] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
613. # [18:54] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
614. # [18:54] * Joins: aroben (n=aroben@unaffiliated/aroben)
615. # [19:01] * Joins: aroben_ (n=aroben@unaffiliated/aroben)
616. # [19:06] * Quits: webben (n=benh@nat/yahoo/x-e59189ba600e66fd) (Read error: 104 (Connection reset by peer))
617. # [19:06] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
618. # [19:06] * Joins: webben (n=benh@nat/yahoo/x-0aa9d303ec907e13)
619. # [19:07] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
620. # [19:09] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
621. # [19:09] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
622. # [19:18] * Quits: aroben (n=aroben@unaffiliated/aroben) (Read error: 110 (Connection timed out))
623. # [19:27] * Quits: wakaba_ (n=w@180.165.210.220.dy.bbexcite.jp) (Read error: 110 (Connection timed out))
624. # [19:39] * Joins: kingryan (n=ryan@c-24-5-77-167.hsd1.ca.comcast.net)
625. # [19:44] * Joins: webben_ (n=benh@nat/yahoo/x-2da1ceccca5f11b1)
626. # [19:44] * Quits: webben (n=benh@nat/yahoo/x-0aa9d303ec907e13) (Read error: 104 (Connection reset by peer))
627. # [19:46] * Joins: KevinMarks (n=KevinMar@nat/google/x-2d905a6d89782d74)
628. # [19:59] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
629. # [20:00] * Quits: jruderman (n=jruderma@c-67-180-174-213.hsd1.ca.comcast.net)
630. # [20:00] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
631. # [20:11] * Joins: aroben (n=aroben@unaffiliated/aroben)
632. # [20:13] * Joins: aroben__ (n=aroben@unaffiliated/aroben)
633. # [20:19] * Joins: eseidel (n=eseidel@nat/google/x-d5dbd738986e982f)
634. # [20:25] * Joins: wakaba (n=w@135.137.148.210.dy.bbexcite.jp)
635. # [20:27] * Joins: virtuelv (n=virtuelv@46.80-203-100.nextgentel.com)
636. # [20:29] * Joins: maikmerten_ (n=maikmert@Lade4.l.pppool.de)
637. # [20:30] * Joins: jmb^ (n=jmb@login.ecs.soton.ac.uk)
638. # [20:31] * Quits: aroben (n=aroben@unaffiliated/aroben) (Read error: 110 (Connection timed out))
639. # [20:31] * Joins: jruderman (n=jruderma@guest-226.mountainview.mozilla.com)
640. # [20:32] * Quits: aroben_ (n=aroben@unaffiliated/aroben) (Read error: 110 (Connection timed out))
641. # [20:34] * Quits: Windstoss (n=wind@mnhm-4d013dc4.pool.mediaWays.net)
642. # [20:35] * Quits: aroben__ (n=aroben@unaffiliated/aroben) (Read error: 104 (Connection reset by peer))
643. # [20:37] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
644. # [20:38] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
645. # [20:39] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
646. # [20:39] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
647. # [20:39] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
648. # [20:40] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
649. # [20:41] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
650. # [20:42] * Quits: jmb (n=jmb@login.ecs.soton.ac.uk) (Read error: 110 (Connection timed out))
651. # [20:42] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
652. # [20:44] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
653. # [20:44] * Joins: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
654. # [20:48] * Quits: maikmerten (n=maikmert@L8bf3.l.pppool.de) (Read error: 113 (No route to host))
655. # [20:52] * Joins: aroben (n=adamrobe@17.203.15.147)
656. # [20:58] * Joins: jwalden (n=waldo@STRATTON-SEVEN-THIRTEEN.MIT.EDU)
657. # [21:02] * Joins: sverrej (n=sverrej@89.10.27.86)
658. # [21:09] * Quits: aroben (n=adamrobe@unaffiliated/aroben) (Read error: 104 (Connection reset by peer))
659. # [21:10] * Joins: aroben (n=adamrobe@unaffiliated/aroben)
660. # [21:11] * Quits: aroben (n=adamrobe@unaffiliated/aroben) (Client Quit)
661. # [21:19] * Joins: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net)
662. # [21:19] * Quits: othermaciej (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Read error: 104 (Connection reset by peer))
663. # [21:20] * Quits: othermaciej_ (n=mjs@dsl027-178-204.sfo1.dsl.speakeasy.net) (Client Quit)
664. # [21:29] * Quits: smedero (n=smedero@mdp-nat251.mdp.com)
665. # [21:31] * Quits: virtuelv (n=virtuelv@46.80-203-100.nextgentel.com) ("Ex-Chat")
666. # [21:42] * Joins: webben (n=benh@nat/yahoo/x-b52bf9dc339f6326)
667. # [21:45] * Quits: webben (n=benh@nat/yahoo/x-b52bf9dc339f6326) (Client Quit)
668. # [21:50] * Quits: jdandrea (n=jdandrea@ool-44c09c49.dyn.optonline.net) ("ciao")
669. # [21:52] * Joins: itpastorn (n=itpastor@139.57.227.87.static.th.siw.siwnet.net)
670. # [21:53] * Quits: maikmerten_ (n=maikmert@Lade4.l.pppool.de) ("Leaving")
671. # [21:54] * Quits: webben_ (n=benh@nat/yahoo/x-2da1ceccca5f11b1) (Connection timed out)
672. # [22:05] * Quits: hdh (n=hdh@118.71.125.7) ("Leaving.")
673. # [22:11] <Dashiva> "Oh, sure, everyone on the entire internet uses flickr, but it's only one site so we'll ignore it"
674. # [22:12] <Lachy> I would respond, but I don't want to fuel the fire any more
675. # [22:13] <Lachy> John just doesn't realise there is a difference between choosing not to optimise for a situation and choosing not to deal with it at all
676. # [22:13] <Dashiva> I guess specs are an edge case too, then :)
677. # [22:14] <Lachy> every site is an edge case, since it's only one out of billions :-)
678. # [22:15] <jgraham> Hey it's marginally more sane that Rob Burns explaining why the sky is green if you squint at it just right
679. # [22:15] <Lachy> but it's not just Flickr. It's photobucket, my opera, .mac and every other site that publishes user generated content
680. # [22:15] <jgraham> I should emphasise the *marginally* there :)
681. # [22:15] <Lachy> jgraham, it depends on the defintion of "green".
682. # [22:15] * Joins: zcorpan_ (n=zcorpan@c-cb21e353.1451-1-64736c12.cust.bredbandsbolaget.se)
683. # [22:16] <Dashiva> Don't come here with your fancy "facts", Lachy. We don't need any of those.
684. # [22:17] <Lachy> and it also depends on whether you're referring to the whole sky at all times during the day, or the brief moment it transistions from blue to orange at sunset
685. # [22:17] <hober> yes, we all need to mind the /topic :)
686. # [22:18] * Quits: ROBOd (n=robod@89.122.216.38) ("http://www.robodesign.ro")
687. # [22:20] * Joins: othermaciej (n=mjs@17.255.105.221)
688. # [22:21] <jgraham> Well didn't his last email basically say that the fact that the sky is blue should be ignored because the process for deciding sky colour should favour whatever colour he likes and he likes green therefore the sky is green
689. # [22:22] * tndH_ is now known as tndH
690. # [22:23] <Lachy> I haven't read that mail yet. Is it a recent one or old one?
691. # [22:27] <Philip`> Lachy: I think it's several of them
692. # [22:30] <tndH> apparently Boris Zbarsky is underestimating implementors...
693. # [22:32] <gavin_> Boris Zbarsky is an implementor
694. # [22:33] <tndH> yeah, not sure if Robert Burns is taking that into account though.
695. # [22:33] <Philip`> It's not impossible for people to underestimate themselves :-)
696. # [22:35] <othermaciej> maybe Boris is just being humble
697. # [22:35] <jwalden> I don't think so
698. # [22:38] <syp_> jwalden: hello, did you see my reply to your mail about the browser tests?
699. # [22:38] <jwalden> syp_: I noticed it when skimming through email, problem being it got caught at the end of an existing thread and thus didn't show up as visible -- sec, I'll read
700. # [22:39] <syp_> yes, I replied on the implementors list while the original was on the other list
701. # [22:40] * Joins: dbaron (n=dbaron@corp-241.mountainview.mozilla.com)
702. # [22:41] * Quits: zcorpan_ (n=zcorpan@c-cb21e353.1451-1-64736c12.cust.bredbandsbolaget.se) (Read error: 110 (Connection timed out))
703. # [22:41] * Quits: aaronlev (n=chatzill@e180228089.adsl.alicedsl.de) ("ChatZilla 0.9.82.1 [Firefox 3.0/2008051206]")
704. # [22:46] * Quits: KevinMarks (n=KevinMar@nat/google/x-2d905a6d89782d74) ("The computer fell asleep")
705. # [22:46] <Hixie> am i totally misunderstanding cwilson's attack vector in waf
706. # [22:47] <Hixie> or is he just describing something that's a subset of a much bigger problem
707. # [22:48] <annevk> he is, and that was already pointed out some time ago when Maciej brought that issue up
708. # [22:49] <annevk> having said that, I'm not too comfortable yet with DNS rebinding / man-in-the-middle / etc.
709. # [22:49] * Joins: qwert666_ (n=qwert666@acah173.neoplus.adsl.tpnet.pl)
710. # [22:50] <annevk> I should put a filter in place for RB
711. # [22:51] <annevk> I get annoyed when reading his e-mails and that's not good
712. # [22:51] <Hixie> hehe
713. # [22:52] <othermaciej> from last time I don't think there is a DNS rebinding vulnerability but I guess I'll have to slog through his email
714. # [22:52] <Hixie> he's not very detailed and i already replied
715. # [22:52] <Hixie> but if you can find something i missed, pelase let me know
716. # [22:53] <annevk> though Chris understanding of the vulnarability is different from Maciej's
717. # [22:53] <annevk> Maciej's was about being able to do POST after a DNS rebinding attack on the OPTIONS
718. # [22:54] <annevk> Chris seems to be talking about exposing credentials which seems to imply he didn't even read the proposal carefully
719. # [22:54] <Hixie> yeah
720. # [22:54] * Parts: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com)
721. # [22:55] <othermaciej> I think Chris is describing what I described, but in a more vague and handwavey way
722. # [22:55] * Joins: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com)
723. # [22:55] <othermaciej> "This enables the vector of DNS attacks - the idea being that between those two connections, an attacker could insert themselves in to the stream. (Actually, more likely it would be the other way around - an attacker would insert themselves into the stream, give back "it's okay to do x-domain", then release and let the real site give back data."
724. # [22:55] <othermaciej> I don't remember how we concluded that this was not a real vulnerability
725. # [22:56] <othermaciej> Hixie: DNS rebinding works in reverse
726. # [22:56] <othermaciej> Hixie: the DNS infrastructure does not have to be compromised to do a DNS rebinding attack
727. # [22:56] * jgraham considers replying to Justin James, realises that insanity is doing the same thing over and over but expecting different results, decides not to bother
728. # [22:56] <Hixie> it does against HTTP 1.1 servers
729. # [22:57] <Hixie> Host: safeguards against DNS rebinding from other names
730. # [22:57] <othermaciej> checking the Host header is indeed a full defense against DNS rebinding
731. # [22:57] <othermaciej> if you check it
732. # [22:57] <othermaciej> which many (most) existing servers don't
733. # [22:57] <Hixie> if you don't check it, XHR is the _least_ of your problems
734. # [22:57] <annevk> "RE: Work that would be required to revert Internet Explorer 8 to 'aria:'" wtf!
735. # [22:57] <othermaciej> checking the Host header is indeed a defense against the DNS rebinding attack against the preflight chec
736. # [22:57] <annevk> why is the W3C so fucked up?
737. # [22:58] <Hixie> if you don't check Host:, the simplest attack vector is just to serve the JS file from hostile.com and the rest of the resource from victim.hostile.com
738. # [22:58] <Hixie> no need for XHR
739. # [23:00] <annevk> (fortunately Chris is not interested in the idea)
740. # [23:00] <Lachy> how does checking Host: prevent an attacker from intercepting a request and serving a hostile JS file?
741. # [23:01] <othermaciej> ok let me do the short lecture on DNS Rebinding
742. # [23:01] <othermaciej> DNS rebinding works like this
743. # [23:01] <othermaciej> you access http://attacker.com/
744. # [23:01] <othermaciej> attacker.com has a very short DNS expiration time
745. # [23:02] <othermaciej> a little while after access, a DNS change propagates so that attacker.com points to the same IP as victim.com
746. # [23:02] <othermaciej> attacker.com loads some victim.com resources
747. # [23:02] <othermaciej> in general this only works when the only access control to victim.com is network position (for example it is behind a firewall)
748. # [23:02] <othermaciej> since you end up sending attacker.com cookies, not victim.com cookies
749. # [23:03] <othermaciej> if victim.com checks the Host header, then even this is ineffective
750. # [23:03] <othermaciej> for the same reason, a DNS rebinding attack against the method check preflight would be ineffective, because attacker.com cookies would be sent for the POST, not victim.com cookies
751. # [23:03] <othermaciej> so you could only do what XDR would always let you do (POST without credetials)
752. # [23:04] <jwalden> Host: checking is required by HTTP/1.1 -- are servers just non-compliant?
753. # [23:04] <Dashiva> You can have a * host that catches everything
754. # [23:05] <Hixie> it's not so much that com cookies would be sent for the POST, so much as a DNS rebinding attack against the method check preflight would not grant you any more access than simply doing a 1995-era cross-site <form> submit
755. # [23:05] <annevk> jwalden, are browsers just non-compliant? madness!
756. # [23:05] <othermaciej> is anything compliant to anything?
757. # [23:05] * Quits: kingryan (n=ryan@c-24-5-77-167.hsd1.ca.comcast.net) (Read error: 104 (Connection reset by peer))
758. # [23:05] <Lachy> othermaciej, I thought the problem was if attacker.com impersonated victim.com. So that when a user loads victim.com in their browser and then attacker.com uses DNS rebinding to intercept some of the requests and send back malicious files
759. # [23:05] <jwalden> well, browsers didn't have a spec
760. # [23:05] <jwalden> and you have to check to do vhosting correctly
761. # [23:05] * Joins: kingryan (n=ryan@c-24-5-77-167.hsd1.ca.comcast.net)
762. # [23:06] <jwalden> when you have it set up to serve many origins from one server
763. # [23:06] <annevk> everything is probably inherently imperfect due to human nature
764. # [23:06] <othermaciej> Lachy: yeah, that's not DNS Rebinding
765. # [23:06] <Lachy> ok
766. # [23:06] <annevk> that's man-in-the-middle iirc
767. # [23:07] <othermaciej> Lachy: that would require compromising DNS itself, and if you have that, you don't need any form of cross-site access
768. # [23:07] <othermaciej> (running a malicious DNS server on an open wireless network would be one form of this attack)
769. # [23:07] <Hixie> if you can mitm the last router, you can just inject whatever you want straight into the http stream
770. # [23:07] <othermaciej> generally SSL protects against that, unless the user blindly clicks through on invalid certs
771. # [23:07] <Hixie> (poking with dns would be far more complicated)
772. # [23:08] <annevk> oh, i guess man-in-the-middle is more a malicious proxy
773. # [23:08] <Lachy> othermaciej, the problem is the users do blinding accept invalid certs
774. # [23:08] <Lachy> *blindly
775. # [23:08] <Hixie> ff3 makes it nigh on impossible to click through an invalid cert
776. # [23:08] <othermaciej> Lachy: I'd really like to make Safari always reject self-signed certs but I am not sure marketing would agree
777. # [23:08] <Hixie> othermaciej: just do what ff3 does :-)
778. # [23:08] <jwalden> it's just five clicks or so :-)
779. # [23:09] <jwalden> through arcane security UI :-)
780. # [23:09] <Hixie> five pretty unobvious clicks
781. # [23:09] <Hixie> yeah
782. # [23:09] <Hixie> i've had to do it numerous times :-)
783. # [23:09] <jwalden> "feature, not bug" :-)
784. # [23:10] * Quits: qwert666 (n=qwert666@acah173.neoplus.adsl.tpnet.pl) (Connection timed out)
785. # [23:11] <annevk> if it happens often for the user he'll make a habbit out of it and you'll have the same problem
786. # [23:11] <gsnedders> othermaciej: I've got a couple of bug reports through SP not accepting self-signed certs, but something like Saf has the advantage of being able to prompt the user at least
787. # [23:11] <othermaciej> we do prompt
788. # [23:11] <othermaciej> prompts are kinda useless
789. # [23:13] <gsnedders> othermaciej: Yeah, well all something like SP can do is either outright accept it or outright refuse it.
790. # [23:14] * Joins: roc (n=roc@202.0.36.64)
791. # [23:14] <Hixie> i'm pretty sure i just saw an e-mail on this alt thread claiming 50 years of experience
792. # [23:14] <Hixie> the web has only been around for 18...
793. # [23:15] <Dashiva> Accessible file cabinets, maybe?
794. # [23:16] <gsnedders> I can't even claim 18 years of experience of life
795. # [23:16] <Dashiva> Not even counting the pre-birth months?
796. # [23:16] * gsnedders wonders how many under 18 y/os there are
797. # [23:16] <gsnedders> Dashiva: Not even
798. # [23:17] <gsnedders> (I was born on 19920420)
799. # [23:17] <Dashiva> Well, then... get off my lawn!
800. # [23:18] <gsnedders> I'm not on a lawn, yet alone your lawn.
801. # [23:18] <Dashiva> You're a young'un, you're always on my lawn
802. # [23:24] <Philip`> Dashiva: I think you need to do some gardening, since lawns really shouldn't look like carpet tiles
803. # [23:24] <Dashiva> I thought the British prided themselves on lawns that were suitable for any kind of activity
804. # [23:25] <Philip`> Only croquet is permitted
805. # [23:25] <jgraham> And even that only during the summer
806. # [23:27] <gsnedders> Hahaha
807. # [23:27] <gsnedders> See, that's why you to college that actually allows you to use the lawn.
808. # [23:27] <gsnedders> (Apart from for croquet)
809. # [23:28] <Lachy> he must have been referring to the time when the web was implemented over snail mail and alt text was written on the back of photos called "postcards"
810. # [23:29] <gsnedders> Oh, the passage we had in the French exam stated something like (to translate the French): "She posts a blog on the internet…"
811. # [23:29] <gsnedders> Unlike all these people who blog on paper
812. # [23:29] <Dashiva> gsnedders: intranet
813. # [23:29] <Dashiva> duh
814. # [23:30] <hendry> /away sssssssssleep
815. # [23:30] <gsnedders> I should do that, too.
816. # [23:30] * annevk tries campaigning against <timerange>
817. # [23:30] <gsnedders> Especially seeming I have a physics exam and Hixie is "suggesting" I do physics at uni
818. # [23:31] <Philip`> Sleep is a waste of time that could be used for last-minute revision
819. # [23:31] <jgraham> Last minute revision is a waste of time that could be used for sleep
820. # [23:31] <annevk> what's up with all these linux security updates
821. # [23:31] <gsnedders> Philip`: Apart from when you have CFS and would therefore fall asleep during the three hour exam
822. # [23:31] <gsnedders> annevk: Linux is insecure?
823. # [23:32] <annevk> tthe changelogs are also completely incomprehensible
824. # [23:32] <annevk> i can't believe i talked my mom into this, though I guess Windows updates are just as bad
825. # [23:33] <Philip`> The Windows updates just hide all the technical details, which isn't really an improvement
826. # [23:33] <gsnedders> OS X is reporting 0KB free on /. I don't think that' good.
827. # [23:33] <Philip`> gsnedders: Slashdot has run out of space?
828. # [23:33] <jgraham> annevk: This is ubuntu, right? I think I have had three batches of security updates recently including the original SSL one
829. # [23:34] <annevk> indeed
830. # [23:34] <gsnedders> Philip`: No, on root, followed by full-stop
831. # [23:34] * Quits: qwert666_ (n=qwert666@acah173.neoplus.adsl.tpnet.pl) ("Leaving")
832. # [23:34] <jgraham> Philip`: When slashdot runs out of space all the intertubes run out of space </bagpuss>
833. # [23:35] <annevk> I wonder what my mom will think of it
834. # [23:35] <annevk> if she even notices the difference :)
835. # [23:35] <jgraham> annevk: I guess security updates tend to come in batches as one hole is noticed any then everyone else goes on a security audit for a bit
836. # [23:36] * Quits: csarven (i=csarven@on-irc.csarven.ca) ("http://www.csarven.ca")
837. # [23:38] * gsnedders is rather amazed by the fact he's only ever got one security hole found in SP. There have to be more!
838. # [23:39] <jgraham> gsnedders: Maybe you have too few users for anyone to care :)
839. # [23:39] <gsnedders> jgraham: We have plenty of users :)
840. # [23:40] <Philip`> gsnedders: Maybe you published the wrong email address for reporting security vulnerabilities, so all the reports are getting lost
841. # [23:40] <gsnedders> Philip`: No
842. # Session Close: Fri May 23 00:00:00 2008

The end :)