/irc-logs / freenode / #whatwg / 2014-09-16 / end

Options:

# Session Start: Tue Sep 16 00:00:00 2014
# Session Ident: #whatwg
# [00:01] <Hixie> willchan: if you can do that, what's stopping you from doing that to {x}.whatwg.org, thus enabling fishing within the whatwg.org domain even with subdomain-hsts?
# [00:01] <zcorpan> should the initial http->https redirect include the HSTS header?
# [00:01] * Quits: karlcow (~karl@nerval.la-grange.net) (Quit: :tiuQ tiuq sah woclrak)
# [00:01] <annevk> zcorpan: no, HSTS header is only for TLS resources
# [00:02] * Joins: hober (~ted@unaffiliated/hober)
# [00:02] <Hixie> annevk: wait, what? not only do you have to use a publicly registered domain name, but you even have to use a public IP range?!
# [00:02] <Hixie> zcorpan: HSTS is ignored on non-authenticated connections
# [00:02] <zcorpan> k
# [00:03] <annevk> Hixie: I guess so, not sure how that's going to work for private networks then
# [00:03] <annevk> Hixie: I guess I better remove the batteries from my scale
# [00:04] <annevk> Hixie: I'm fairly new to this, but I'll try to find answers I guess
# [00:05] <Hixie> anyway, the rfc says that includeSubdomains is to protect against cookie theft, not phishing
# [00:06] <Hixie> i don't really understand how it does that either
# [00:06] <Hixie> but that's a separate issue
# [00:06] <Hixie> we don't have any domain cookies
# [00:06] <annevk> mathiasbynens suggested the phishing angle
# [00:06] <annevk> Hixie: I'd imagine blog/wiki/forums all issue cookies
# [00:07] <Hixie> sure but not domain cookies
# [00:07] <annevk> if you omit domain, what is it scoped to?
# [00:07] * Quits: paulohp (~paulohp@201.54.224.235) (Remote host closed the connection)
# [00:07] <Hixie> current host
# [00:08] <annevk> anyway, I was mostly interested in getting us in the TLS-only list
# [00:08] <willchan> hixie: do you allow any rando to create a subdomain on whatwg.org? if so, then yeah, if they can prove ownership of that hostname, then they may be able to convince a SSL CA to issue them a cert.
# [00:09] * Quits: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com) (Remote host closed the connection)
# [00:09] <Hixie> willchan: we do not
# [00:09] * Joins: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com)
# [00:09] <Hixie> willchan: but anne was saying that without includeSubdomains, maybe people will be able to fake a subdomain anyway somehow
# [00:09] <Hixie> not sure how
# [00:10] <willchan> hixie: i think that's wrong
# [00:10] <zcorpan> hmm, have a proposal for a bank: custom scheme on the forums. https://forums.whatwg.org/bb3/viewtopic.php?f=4&t=5216 (basically for QR on bills instead of typing in the details)
# [00:11] <willchan> hixie: hsts includeSubdomains is to force HTTPS on the subdomains too, so you don't have to visit the specific subdomain first in order to prevent ssl stripping attacks.
# [00:13] <annevk> is there some way to pin a cert?
# [00:14] <Hixie> pin it to what?
# [00:14] <Hixie> i mean you could print it and pin it to a corkboard pretty easily
# [00:14] <annevk> one thing I'm surprised about is that www.whatwg.org and dom.spec.whatwg.org use different certificates, but both certificates claim to cover www.whatwg.org
# [00:14] <Hixie> also you could take a picture of it and pinterest it
# [00:14] <annevk> why are there no warnings?
# [00:14] <Hixie> why would there be warnings?
# [00:14] <Hixie> what would the warning be for?
# [00:14] <willchan> annevk: yes you can pin a cert, use hpkp
# [00:15] <willchan> but yes, in absence of pinning, you can have multiple certs cover a name
# [00:15] <annevk> I'd think it's more indicative of an attack, but perhaps it's totally fine...
# [00:15] <willchan> which is why rogue/compromised CAs are a big deal, since they can issue certs for basically any name
# [00:16] <Hixie> i think the solution for my home network is for me to be my own CA
# [00:16] <annevk> Hixie: serious? :-(
# [00:16] <Hixie> annevk: so dreamhost seem to be using OpenSSL 0.9.8o
# [00:16] <Hixie> annevk: want to try to convince them to update to OpenSSL 1.0.1c+?
# [00:16] <Hixie> then we can get forward secrecy
# [00:17] <annevk> Hixie: I have emailed them, they say they'll likely issue updates once they have migrated towards Ubuntu
# [00:17] <willchan> annevk: have you seen https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.whatwg.org%2F?
# [00:17] * Quits: KevinMarks_ (~yaaic@2607:fb90:2c35:b71c:55af:74dc:91f7:f2d5) (Ping timeout: 272 seconds)
# [00:18] <annevk> willchan: yeah I know
# [00:18] <annevk> willchan: DreamHost :-(
# [00:18] <annevk> willchan: https://twitter.com/annevk/status/509312141682540544
# [00:18] * Joins: KevinMarks (~yaaic@2607:fb90:100b:6924:77a:2891:f60b:df5b)
# [00:18] * Quits: plutoniix (~plutoniix@node-10et.pool-180-180.dynamic.totbb.net) (Quit: จรลี จรลา)
# [00:19] <Hixie> annevk: great
# [00:19] <Hixie> willchan: yeah, looking at it now, hence my comment just above :-)
# [00:19] <annevk> nn
# [00:19] <Hixie> nn
# [00:21] * Quits: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net)
# [00:22] * Joins: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net)
# [00:22] * Joins: hasather (~hasather@80.91.33.141)
# [00:24] <Hixie> oh we're on apache 2.2, so we'd need to update that too
# [00:26] <willchan> annevk: the www.whatwg.org cert chain is a little weird too
# [00:27] <willchan> don't need to include the self-signed root cert in the chain, since they're baked into browsers already
# [00:27] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 272 seconds)
# [00:31] <willchan> hixie: for your home network, browsers should remember your clicked through warning for a period of time and temporally "pin" that cert (https://code.google.com/p/chromium/issues/detail?id=262615). i believe firefox does this today.
# [00:34] <Hixie> willchan: looks like i'm not allowed to see that bug
# [00:34] <Hixie> but why temporarily?
# [00:34] <Hixie> shouldn't it be for the lifetime of the cert? which should itself probably be forever, since the device ain't getting updated, realistically?
# [00:36] <willchan> hm, silly bug is locked down. probably could be opened.
# [00:36] <willchan> here's a public CL that describes lots of it: https://codereview.chromium.org/369703002
# [00:38] * Joins: rniwa (~rniwa@17.245.25.196)
# [00:38] * Quits: Lachy (~Lachy@cm-84.215.104.248.getinternet.no) (Quit: Textual IRC Client: www.textualapp.com)
# [00:40] <Hixie> you gotta love https://github.com/w3c/html/commit/15eb97cfc8b7fc97c2dcceaf92c748a2c1ae2e78
# [00:40] <Hixie> i wonder if now that the types are registered, and now that the reference is obsolete, the whatwg should contact the ietf to have them updated... ---
# [00:40] <Hixie> -_- even, not ---
# [00:41] <willchan> hixie: i believe people have differing opinions on the lifetime, and i'm not well-informed on that aspect, so i won't chime in on it. it's possible that if we can identify the local network (perhaps via IP, a la https://w3c.github.io/webappsec/specs/mixedcontent/#private-url), it'd be reasonable to extend the lifetime. i dunno though.
# [00:41] <Hixie> willchan: ah, yeah, not knowing if it's local would be an interesting issue
# [00:46] * Quits: roc (~chatzilla@121-99-141-164.bng1.tvc.orcon.net.nz) (Remote host closed the connection)
# [00:48] * Joins: paulohp (~paulohp@201.52.249.159)
# [00:56] * Joins: karlcow (~karl@nerval.la-grange.net)
# [00:56] <zcorpan> btw, JAB Creations is awesome for cleaning up spam on the forums. too bad there is almost zero non-spam
# [01:03] * Quits: jeremyj_ (~jeremyj@17.202.49.56) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [01:07] <Hixie> so...
# [01:07] <Hixie> if you fullscreen an element
# [01:07] <Hixie> then remove its parent
# [01:07] <Hixie> what happens?
# [01:07] <Hixie> and why?
# [01:08] * GPHemsley says the fullscreen goes away
# [01:08] <zcorpan> ALIENS
# [01:08] * zcorpan needs sleep
# [01:09] * Quits: zcorpan (~zcorpan@ip-200.t2.se.opera.com) (Remote host closed the connection)
# [01:09] * Quits: espadrine (~ttyl@AMontsouris-158-1-15-93.w92-128.abo.wanadoo.fr) (Ping timeout: 272 seconds)
# [01:11] <Hixie> GPHemsley: do any specs actually say that?
# [01:11] * GPHemsley is not a spec
# [01:11] <TabAtkins> I mean, that's obviously what needs to happen. Dunno if it's written anywhere.
# [01:13] * Quits: tobie_ (sid5692@gateway/web/irccloud.com/x-shznssihalytfejx)
# [01:14] * Joins: Lachy (~Lachy@cm-84.215.104.248.getinternet.no)
# [01:14] * Joins: tobie (sid5692@gateway/web/irccloud.com/x-ggjzaxkdrftcjvdy)
# [01:16] * Quits: tobie (sid5692@gateway/web/irccloud.com/x-ggjzaxkdrftcjvdy) (Client Quit)
# [01:16] * Joins: tobie (sid5692@gateway/web/irccloud.com/x-phhdoazhoaogjshi)
# [01:18] <GPHemsley> Hixie: More detailed opinion: Destroying the parent fires a no-more-fullscreen event to all children
# [01:18] <GPHemsley> or somesuch
# [01:19] <GPHemsley> wait... don't we have the Fullscreen spec?
# [01:20] <Hixie> https://fullscreen.spec.whatwg.org/ doesn't seem to answer this question
# [01:21] <TabAtkins> Bug Anne, then.
# [01:21] <Hixie> unless "removign steps" are run for descendants of removed nodes?
# [01:21] <Hixie> no, doesn't seem like it...
# [01:21] * Quits: KevinMarks (~yaaic@2607:fb90:100b:6924:77a:2891:f60b:df5b) (Ping timeout: 272 seconds)
# [01:22] * Joins: jeremyj_ (~jeremyj@17.202.49.56)
# [01:25] * Joins: roc (~chatzilla@2001:cb0:b202:232:2677:3ff:fece:dc64)
# [01:32] <Hixie> JakeA: ping https://github.com/slightlyoff/ServiceWorker/issues/410 ?
# [01:32] * Joins: seventh (seventh@192.64.6.24)
# [01:32] <Hixie> (just added my comment)
# [01:32] <Hixie> (but if you're around we can chat here)
# [01:34] * Joins: dgrogan (dgrogan@nat/google/x-sqzfmrsmgrjyqkaw)
# [01:37] * Quits: dgrogan (dgrogan@nat/google/x-sqzfmrsmgrjyqkaw) (Client Quit)
# [01:39] * Joins: bnicholson (~bnicholso@2620:101:80fc:224:8517:d573:db3b:4a82)
# [01:40] <GPHemsley> Hixie: I would imagine it has something to do with this: https://fullscreen.spec.whatwg.org/#fully-exit-fullscreen
# [01:47] * Quits: smaug____ (~chatzilla@cs78246079.pp.htv.fi) (Ping timeout: 246 seconds)
# [01:48] * Joins: cfq____ (sid18398@gateway/web/irccloud.com/x-fqqxnhbgvbsesksk)
# [01:49] * Joins: hasather (~hasather@80.91.33.141)
# [01:50] * Joins: othermaciej (~mjs@17.114.218.3)
# [01:51] * Joins: terrahawkes (~benjamin@hq.benjaminhawkeslewis.com)
# [01:51] * Joins: jyasskin_ (jyasskin@nat/google/x-olaoddyirophsrpm)
# [01:52] * Joins: tobie_ (sid5692@gateway/web/irccloud.com/x-yxxgjokpwpicjlcj)
# [01:54] * Quits: bnicholson (~bnicholso@2620:101:80fc:224:8517:d573:db3b:4a82) (*.net *.split)
# [01:54] * Quits: tobie (sid5692@gateway/web/irccloud.com/x-phhdoazhoaogjshi) (*.net *.split)
# [01:54] * Quits: jyasskin_w (jyasskin@nat/google/x-fmgozpqynimexsky) (*.net *.split)
# [01:54] * Quits: jsbell (jsbell@nat/google/x-jtsphfslazxsvkam) (*.net *.split)
# [01:54] * Quits: mpt (~mpt@canonical/mpt) (*.net *.split)
# [01:54] * Quits: cfq___ (sid18398@gateway/web/irccloud.com/x-shxltsecukfebtqs) (*.net *.split)
# [01:54] * Quits: webben_ (~benjamin@hq.benjaminhawkeslewis.com) (*.net *.split)
# [01:54] * Quits: moo-_- (miohtama@lakka.kapsi.fi) (*.net *.split)
# [01:55] * tobie_ is now known as tobie
# [01:55] * cfq____ is now known as cfq___
# [01:56] * Joins: mpt (~mpt@nat/canonical/x-culqxyntvmukudok)
# [01:56] * Quits: mpt (~mpt@nat/canonical/x-culqxyntvmukudok) (Changing host)
# [01:56] * Joins: mpt (~mpt@canonical/mpt)
# [01:56] * Joins: jsbell (jsbell@nat/google/x-miktszyolmhcqhbv)
# [01:56] * Joins: bnicholson (~bnicholso@2620:101:80fc:224:8517:d573:db3b:4a82)
# [01:57] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 272 seconds)
# [01:57] * bnicholson is now known as Guest20884
# [02:01] * Quits: dbaron (~dbaron@2620:101:80fb:224:9503:aff:1d27:8627) (Quit: 8403864 bytes have been tenured, next gc will be global.)
# [02:02] * Joins: dbaron (~dbaron@2620:101:80fb:232:f413:9c08:e964:d90)
# [02:02] * Quits: Lachy (~Lachy@cm-84.215.104.248.getinternet.no) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [02:03] * Joins: gavinc (~gavin@072b-2e95-7f97-9f1b-030d-4002-3420-2062.6rd.ip6.sonic.net)
# [02:06] * Joins: ^esc (~esc-ape@77.119.129.125.wireless.dyn.drei.com)
# [02:07] * Quits: jsbell (jsbell@nat/google/x-miktszyolmhcqhbv) (Quit: There's no place like home...)
# [02:09] * Quits: gavinc (~gavin@072b-2e95-7f97-9f1b-030d-4002-3420-2062.6rd.ip6.sonic.net) (Remote host closed the connection)
# [02:11] * Joins: gavinc (~gavin@072b-2e95-7f97-9f1b-030d-4002-3420-2062.6rd.ip6.sonic.net)
# [02:11] * Joins: Lachy (~Lachy@cm-84.215.104.248.getinternet.no)
# [02:13] * Joins: mven (~textual@ip68-104-38-84.lv.lv.cox.net)
# [02:19] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [02:32] * Quits: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net) (Read error: Connection reset by peer)
# [02:33] * Joins: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net)
# [02:39] * Joins: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com)
# [02:39] * Joins: yoav (~yoav@rrcs-208-105-48-82.nyc.biz.rr.com)
# [02:40] * Quits: lmclister (~lmclister@192.150.10.204)
# [02:41] * Quits: caitp (~caitp@99.237.75.191) (Ping timeout: 258 seconds)
# [02:44] * Quits: ap (~ap@17.202.44.214)
# [02:44] * Quits: Guest20884 (~bnicholso@2620:101:80fc:224:8517:d573:db3b:4a82) (Ping timeout: 272 seconds)
# [02:50] * Joins: plutoniix (~plutoniix@210.213.57.70)
# [02:53] * Joins: hasather (~hasather@80.91.33.141)
# [02:55] * Quits: yoav (~yoav@rrcs-208-105-48-82.nyc.biz.rr.com) (Quit: Ex-Chat)
# [02:56] * Quits: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com) (Remote host closed the connection)
# [02:57] * Joins: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com)
# [02:57] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 255 seconds)
# [03:00] * Quits: say2joe1 (~say2joe@rrcs-76-79-68-2.west.biz.rr.com) (Quit: Leaving.)
# [03:04] * Quits: eto (~eto@unaffiliated/eto) (Read error: Connection reset by peer)
# [03:05] * Joins: eto (~eto@unaffiliated/eto)
# [03:10] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Remote host closed the connection)
# [03:10] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [03:11] * Quits: karlcow (~karl@nerval.la-grange.net) (Quit: This computer has gone to sleep)
# [03:14] * Quits: jeremyj_ (~jeremyj@17.202.49.56) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [03:15] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Ping timeout: 272 seconds)
# [03:16] * pdr2 is now known as pdr
# [03:16] * Quits: pdr (sid7901@gateway/web/irccloud.com/x-qsnxsjhdeiqvnqeu) (Changing host)
# [03:16] * Joins: pdr (sid7901@pdpc/supporter/active/pdr)
# [03:17] * Joins: Guest20884 (~bnicholso@24.130.60.241)
# [03:18] * Joins: scor (~scor@drupal.org/user/52142/view)
# [03:27] * Joins: slmult0 (~ctlM@80.83.238.33)
# [03:28] * Quits: othermaciej (~mjs@17.114.218.3) (Quit: othermaciej)
# [03:28] * Joins: arunranga (~otherarun@cpe-69-203-128-218.si.res.rr.com)
# [03:29] * Joins: Goplat (~goplat@reactos/developer/Goplat)
# [03:31] * Joins: annevk_ (~annevk@46-127-136-57.dynamic.hispeed.ch)
# [03:33] * Quits: annevk (~annevk@46-127-136-57.dynamic.hispeed.ch) (Ping timeout: 245 seconds)
# [03:34] * Joins: annevk (~annevk@46-127-136-57.dynamic.hispeed.ch)
# [03:35] * Krinkle is now known as Krinkle|detached
# [03:36] * Krinkle|detached is now known as Krinkle
# [03:36] * Quits: annevk_ (~annevk@46-127-136-57.dynamic.hispeed.ch) (Ping timeout: 260 seconds)
# [03:39] * Joins: yhirano (uid40668@gateway/web/irccloud.com/x-pclukiatbpmhymyf)
# [03:39] * Joins: lmclister (~lmclister@c-73-189-66-135.hsd1.ca.comcast.net)
# [03:41] * Quits: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com) (Ping timeout: 272 seconds)
# [03:43] * Joins: weinig (~weinig@17.202.50.223)
# [03:44] * Joins: karlcow (~karl@nerval.la-grange.net)
# [03:46] * Joins: moo-_- (miohtama@lakka.kapsi.fi)
# [03:46] * Quits: jwalden (~waldo@2620:101:80fc:224:7e7a:91ff:fe25:a5a3) (Ping timeout: 260 seconds)
# [03:48] * Joins: yutak (~yutak@2401:fa00:4:1000:2100:28ea:d8c:595b)
# [03:50] * Quits: dbaron (~dbaron@2620:101:80fb:232:f413:9c08:e964:d90) (Quit: 8403864 bytes have been tenured, next gc will be global.)
# [03:50] * Joins: jwalden (~waldo@2620:101:80fc:224:7e7a:91ff:fe25:a5a3)
# [03:54] * Quits: slmult0 (~ctlM@80.83.238.33) (Ping timeout: 250 seconds)
# [03:57] * Quits: paulohp (~paulohp@201.52.249.159) (Remote host closed the connection)
# [03:58] * Joins: paulohp (~paulohp@201.52.249.159)
# [04:02] * Quits: paulohp (~paulohp@201.52.249.159) (Ping timeout: 245 seconds)
# [04:09] * Quits: rniwa (~rniwa@17.245.25.196) (Quit: rniwa)
# [04:13] * Joins: jdaggett_ (~jdaggett@103.5.142.38)
# [04:20] * Joins: paulohp (~paulohp@201.52.249.159)
# [04:25] * Quits: paulohp (~paulohp@201.52.249.159) (Remote host closed the connection)
# [04:29] * Quits: willchan (willchan@nat/google/x-wmyglditcsbxfido) (Ping timeout: 260 seconds)
# [04:30] * Quits: yutak (~yutak@2401:fa00:4:1000:2100:28ea:d8c:595b) (Quit: Ex-Chat)
# [04:35] * Joins: yutak (~yutak@2401:fa00:4:1000:2100:28ea:d8c:595b)
# [04:36] * Joins: jonr22 (~jonr22@c-65-96-170-37.hsd1.ma.comcast.net)
# [04:36] * Quits: seventh (seventh@192.64.6.24) (Ping timeout: 250 seconds)
# [04:37] * Quits: jdaggett_ (~jdaggett@103.5.142.38) (Quit: jdaggett_)
# [04:40] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [04:42] * Joins: willchan (willchan@nat/google/x-dexlybrwxhvbgvbz)
# [04:43] * Quits: jwalden (~waldo@2620:101:80fc:224:7e7a:91ff:fe25:a5a3) (Quit: ChatZilla 0.9.87-8.1450hg.fc20 [XULRunner 31.0/20140725111610])
# [04:44] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Ping timeout: 246 seconds)
# [04:56] * Joins: othermaciej (~mjs@c-50-136-134-16.hsd1.ca.comcast.net)
# [04:59] * Quits: jonr22 (~jonr22@c-65-96-170-37.hsd1.ma.comcast.net) (Ping timeout: 245 seconds)
# [05:06] * Quits: fila (~filaf@46.19.230.5)
# [05:17] * Quits: weinig (~weinig@17.202.50.223) (Quit: weinig)
# [05:21] * Quits: scor (~scor@drupal.org/user/52142/view) (Quit: scor)
# [05:22] * Quits: danielfilho (~danielfil@208.68.39.233) (Ping timeout: 245 seconds)
# [05:27] * Joins: danielfilho (~danielfil@208.68.39.233)
# [05:29] * Krinkle is now known as Krinkle|detached
# [05:29] * Joins: jdaggett_ (~jdaggett@ae031063.dynamic.ppp.asahi-net.or.jp)
# [05:34] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [05:36] * Quits: arunranga (~otherarun@cpe-69-203-128-218.si.res.rr.com) (Quit: arunranga)
# [05:38] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Ping timeout: 245 seconds)
# [06:05] * Quits: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net) (Remote host closed the connection)
# [06:24] * Joins: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com)
# [06:28] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [06:33] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Ping timeout: 255 seconds)
# [06:34] * Quits: Amaan (uid4967@gateway/web/irccloud.com/x-ztpckpqvwxissxlv) (Quit: Connection closed for inactivity)
# [06:47] * Joins: jeremyj (~jeremyj@17.202.49.56)
# [06:55] * Quits: jdaggett_ (~jdaggett@ae031063.dynamic.ppp.asahi-net.or.jp) (Quit: jdaggett_)
# [07:04] * Joins: BigBangUDR (~Thunderbi@103.249.181.147)
# [07:12] * Quits: roc (~chatzilla@2001:cb0:b202:232:2677:3ff:fece:dc64) (Remote host closed the connection)
# [07:23] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [07:27] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Ping timeout: 258 seconds)
# [07:32] * Joins: hasather (~hasather@80.91.33.141)
# [07:37] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 258 seconds)
# [07:52] * Joins: tommyliu (~tommyliu@61.144.248.40)
# [07:53] * Joins: IZh (~Igor_Zhba@0897578511.static.corbina.ru)
# [07:53] * Quits: IZh (~Igor_Zhba@0897578511.static.corbina.ru) (Client Quit)
# [07:54] * Quits: tommyliu (~tommyliu@61.144.248.40) (Remote host closed the connection)
# [07:54] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [07:55] * Joins: zdobersek (~zan@185.3.135.186)
# [07:55] * Joins: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net)
# [08:00] * Quits: Smylers (~smylers@host86-186-193-22.range86-186.btcentralplus.com) (Quit: Leaving.)
# [08:12] * Joins: roc (~chatzilla@121-99-141-164.bng1.tvc.orcon.net.nz)
# [08:13] * Joins: rajeshk (~rajesh@115.99.74.154)
# [08:13] * Quits: boogyman (~boogyman@pdpc/supporter/professional/boogyman) (Quit: ChatZilla 0.9.90.1 [Firefox 31.0/20140716183446])
# [08:14] * Joins: benjamingr_ (uid23465@gateway/web/irccloud.com/x-shuoyulffourwspz)
# [08:15] * Quits: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net) (Read error: Connection reset by peer)
# [08:16] * Joins: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net)
# [08:17] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [08:21] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Ping timeout: 260 seconds)
# [08:25] * Quits: lmclister (~lmclister@c-73-189-66-135.hsd1.ca.comcast.net)
# [08:26] * Quits: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net) (Read error: Connection reset by peer)
# [08:27] * Joins: lmclister (~lmclister@c-73-189-66-135.hsd1.ca.comcast.net)
# [08:27] * Joins: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net)
# [08:29] * Quits: jeremyj (~jeremyj@17.202.49.56) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [08:31] * Joins: tommyliu_ (~tommyliu@183.37.146.195)
# [08:34] * Joins: jdaggett_ (~jdaggett@ae031063.dynamic.ppp.asahi-net.or.jp)
# [08:34] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 245 seconds)
# [08:35] * Quits: lmclister (~lmclister@c-73-189-66-135.hsd1.ca.comcast.net) (Remote host closed the connection)
# [08:35] * Joins: lmclister (~lmclister@192.150.10.204)
# [08:37] * Joins: espadrine (~ttyl@AMontsouris-158-1-15-93.w92-128.abo.wanadoo.fr)
# [08:37] * Quits: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com) (Ping timeout: 250 seconds)
# [08:37] * Joins: smaug____ (~chatzilla@cs78246079.pp.htv.fi)
# [08:39] * Quits: Goplat (~goplat@reactos/developer/Goplat) (Remote host closed the connection)
# [08:41] * Joins: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com)
# [08:45] <mathiasbynens> Hixie: `includeSubdomains` makes sure that once the user visits https://whatwg.org/, *.whatwg.org is in the HSTS cache, and so entering `http://somesubdomain.whatwg.org/` or even `http://idontexist.whatwg.org/` in the address bar would go to HTTPS instantly without ever making a connection over HTTP
# [08:45] * Joins: zcorpan (~zcorpan@2a00:801:e0:30:d9a6:7182:54e2:e5c2)
# [08:46] <mathiasbynens> that’s important, because as soon as you hit HTTP a MitM attacker can just strip the redirect to HTTPS, or send a response that they control (e.g. phishing page)
# [08:47] <annevk> mathiasbynens: how cna they hijack idontexist.whatwg.org?
# [08:49] <mathiasbynens> annevk: if `includeSubdomains` is not set, and the user enters the non-HTTPS URL
# [08:50] <mathiasbynens> or another (attacker-controlled) page includes a resource from that domain or links/redirects to it over HTTP etc.
# [08:53] * Quits: rajeshk (~rajesh@115.99.74.154) (Ping timeout: 272 seconds)
# [08:54] <mathiasbynens> with `includeSubdomains`, as soon as the user visits any page on `whatwg.org`, HSTS kicks in for the entire domain including subdomains, and all future requests will go over HTTPS (even for subdomains that haven’t been visited before or that don’t resolve)
# [08:55] <mathiasbynens> to get to the same level of safety when `includeSubdomains` is not set, the user would have to visit all the existing *.whatwg.org domains, including those that don’t even exist (→ ∞), assuming all subdomains send HSTS headers as well
# [09:00] * Joins: hasather (~hasather@80.91.33.141)
# [09:00] * Joins: zcorpan_ (~zcorpan@ip-200.t2.se.opera.com)
# [09:02] * Quits: zcorpan (~zcorpan@2a00:801:e0:30:d9a6:7182:54e2:e5c2) (Ping timeout: 272 seconds)
# [09:03] * Quits: espadrine (~ttyl@AMontsouris-158-1-15-93.w92-128.abo.wanadoo.fr) (Ping timeout: 272 seconds)
# [09:08] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 272 seconds)
# [09:09] * Quits: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com) (Ping timeout: 245 seconds)
# [09:11] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [09:12] * Quits: lmclister (~lmclister@192.150.10.204)
# [09:15] <annevk> mathiasbynens: is there some documentation on how an attacker would do that?
# [09:15] <annevk> mathiasbynens: the RFC only mentions a cookie attack
# [09:16] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Ping timeout: 272 seconds)
# [09:21] <mathiasbynens> annevk: it’s just a plain old MitM attack
# [09:22] <mathiasbynens> moxie’s sslstrip talk explains the whole thing much better than i ever could http://www.thoughtcrime.org/software/sslstrip/
# [09:22] <annevk> mathiasbynens: not really, they'd have to MitM the DNS query
# [09:23] * Joins: cbr_ (~cbr@145.36.150.83.chzhher77.rootnet.ch)
# [09:23] <mathiasbynens> annevk: dns cache poisoning attacks are a thing
# [09:23] * Joins: slmult0 (~ctlM@80.83.238.92)
# [09:24] * Quits: BigBangUDR (~Thunderbi@103.249.181.147) (Quit: BigBangUDR)
# [09:24] <annevk> okay, so if we deployed DNSSEC we would not need includeSubdomains
# [09:25] <annevk> of course, people could still be MitM for several subdomains that we chose not to have TLS on and DNSSEC doesn't actually work...
# [09:32] <mathiasbynens> why can’t we switch all subdomains over? i missed this discussion
# [09:39] <zcorpan_> mathiasbynens: namespaces
# [09:40] <mathiasbynens> oh my
# [09:42] * Joins: darobin (~darobin@78.109.80.74)
# [09:43] * Quits: jdaggett_ (~jdaggett@ae031063.dynamic.ppp.asahi-net.or.jp) (Quit: jdaggett_)
# [09:44] * Joins: davidyezsetz (~davidyezs@mail1.powerflasher.de)
# [09:45] * Joins: jensnockert (~jensnocke@s83-179-51-171.cust.tele2.se)
# [09:46] <zcorpan_> there was also a demo page but i don't know why that can't be switched over or just nuked or moved to whatwg.org/demos
# [09:50] <annevk> foolip: I think html-mirror might be down
# [09:50] * Quits: tmfsd__ (sid26422@gateway/web/irccloud.com/x-ujrbkvsitnjizsnk)
# [09:50] <annevk> foolip: I think the problem might be TLS
# [09:50] * Quits: tommyliu_ (~tommyliu@183.37.146.195) (Remote host closed the connection)
# [09:51] * Quits: slmult0 (~ctlM@80.83.238.92) (Ping timeout: 255 seconds)
# [09:51] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [09:52] <annevk> foolip: if you're using Python 2, the problem is Python not supporting SNI
# [09:52] * Joins: slmult0 (~ctlM@80.83.238.101)
# [09:53] <annevk> mathiasbynens: http://krijnhoetmer.nl/irc-logs/whatwg/20140915#l-649
# [09:53] * Joins: tommyliu_ (~tommyliu@183.37.146.195)
# [09:54] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Read error: Connection reset by peer)
# [09:54] <annevk> mathiasbynens: also http://krijnhoetmer.nl/irc-logs/whatwg/20140915#l-918
# [09:54] <hsivonen> gsnedders: IIRC, the StartTLS ToS (which is called something other than ToS has subscriber obligations and, IIRC, you have the obligation to revoke if you believe the private key has been compromised)
# [09:55] <hsivonen> oops. bad placement of )
# [09:56] <annevk> Hixie: https://spec.whatwg.org/ has a TLS error
# [10:01] * Quits: tommyliu_ (~tommyliu@183.37.146.195) (Remote host closed the connection)
# [10:02] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [10:03] * Joins: hasather (~hasather@80.91.33.141)
# [10:04] <hsivonen> oops. I almost removed an Encoding Standard encoding by accident
# [10:04] <hsivonen> good thing I re-read my patch
# [10:05] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [10:07] * Quits: jensnockert (~jensnocke@s83-179-51-171.cust.tele2.se) (Remote host closed the connection)
# [10:08] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 245 seconds)
# [10:10] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Ping timeout: 272 seconds)
# [10:18] * Joins: Smylers (~smylers@81.143.60.194)
# [10:18] * Joins: espadrine (~ttyl@LMontsouris-656-01-02-84.w80-12.abo.wanadoo.fr)
# [10:27] * Joins: jdaggett_ (~jdaggett@ae031063.dynamic.ppp.asahi-net.or.jp)
# [10:27] * Quits: smaug____ (~chatzilla@cs78246079.pp.htv.fi) (Ping timeout: 250 seconds)
# [10:29] <foolip> annevk: yes, the git-svn stuff blew up, I'm looking at it now
# [10:29] <foolip> because the URL changed, it can't figure out how to put it back together again :)
# [10:30] * Joins: KevinMarks (~KevinMark@c-67-164-14-200.hsd1.ca.comcast.net)
# [10:30] <foolip> looking for a change other than rewriting the entire history
# [10:33] <annevk> foolip: thanks, and sorry about that, unintended side effects
# [10:34] <annevk> hsivonen: which bug is this?
# [10:34] <foolip> annevk: do you know if Hixie rewrote everything to include data-revision="$Revision: 8770 $" at the top?
# [10:35] <foolip> because my old mirror of that commit has that diff compared to a checkout of the same revision from https://...
# [10:35] <foolip> or is $Revision$ some kind of magic that gets rewritten on the client only?
# [10:36] <annevk> foolip: I doubt it, but I don't know for sure
# [10:36] <annevk> foolip: I can tell you that on the WHATWG server SVN hasn't changed since 2011
# [10:36] <annevk> foolip: the SVN software that is
# [10:37] <annevk> foolip: wait, did you not rewrite history to include those?
# [10:37] <annevk> foolip: to keep web-apps-tracker working
# [10:38] <foolip> annevk: I haven't noticed these $Revision$ things before
# [10:39] <foolip> in the existing html-mirror, index and complete.html just say data-revision="$Revision$"
# [10:39] * Quits: yhirano (uid40668@gateway/web/irccloud.com/x-pclukiatbpmhymyf) (Quit: Connection closed for inactivity)
# [10:39] <foolip> I guess this could be because I'm comparing a git-svn checkout with a plain svn checkout, maybe svn expands these things on the client side
# [10:40] <foolip> I'll try a new git-svn clone to see what it looks like
# [10:40] <foolip> Hixie: if you traffic from 37.139.17.34 is too much, let me know
# [10:41] <annevk> foolip: I thought you added revision annotations in the git so I could extract them
# [10:41] <foolip> annevk: you're probably thinking of the git-svn-id: http://svn.whatwg.org/webapps@8770 340c8d12-0b0e-0410-8428-c7bf67bfef74 line
# [10:41] <annevk> ah yes
# [10:41] <foolip> git-svn adds that by default, sadly it wasn't specially for you :)
# [10:42] * Quits: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net) (Remote host closed the connection)
# [10:43] * Joins: tantek (tantek@nat/google/x-jabbohyhdlwqlgka)
# [10:46] <Philip`> foolip: SVN does http://svnbook.red-bean.com/en/1.7/svn.advanced.props.special.keywords.html on the client side, if the file has the property svn:keywords="Revision"
# [10:47] <foolip> Philip`: thanks
# [10:48] <Philip`> $ svn propget svn:keywords index
# [10:48] <Philip`> Revision
# [10:49] * Joins: yoav (~yoav@rrcs-208-105-48-82.nyc.biz.rr.com)
# [10:49] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [10:54] * Quits: Lachy (~Lachy@cm-84.215.104.248.getinternet.no) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [11:04] * Joins: hasather (~hasather@80.91.33.141)
# [11:05] * Quits: slmult0 (~ctlM@80.83.238.101) (Ping timeout: 245 seconds)
# [11:08] * Quits: jdaggett_ (~jdaggett@ae031063.dynamic.ppp.asahi-net.or.jp) (Quit: jdaggett_)
# [11:09] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 255 seconds)
# [11:15] <annevk> hsivonen: Philip`: jgraham: krijnhoetmer: mathiasbynens: gsnedders: matijs: zcorpan_: I take care of the http->https redirect now for all html5.org domains. You only have to set the HSTS header. Sorry for not figuring out I could do that earlier on.
# [11:16] <mathiasbynens> annevk: thanks (and done)
# [11:19] * Joins: Lachy (~Lachy@213.166.174.2)
# [11:19] <annevk> mathiasbynens: writing a series of posts on TLS btw, thanks for the help so far :-)
# [11:24] * Quits: davidyezsetz (~davidyezs@mail1.powerflasher.de) (Read error: Connection reset by peer)
# [11:24] * Joins: hasather (~hasather@80.91.33.141)
# [11:31] * Joins: davidyezsetz (~davidyezs@mail1.powerflasher.de)
# [11:32] <hsivonen> annevk: should I go and remove the redirect from .htaccess?
# [11:32] <annevk> hsivonen: yeah you can
# [11:32] <hsivonen> annevk: ok.
# [11:33] <hsivonen> annevk: the charset bug is https://bugzilla.mozilla.org/show_bug.cgi?id=997133
# [11:37] <annevk> hsivonen: ah so yeah, cyrillic should not be removed
# [11:37] * Joins: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net)
# [11:38] <hsivonen> annevk: right
# [11:41] <foolip> annevk: I think I'll have it sorted soon. note that the http will change to https in the git-svn-id line, so make sure you're not matching on that
# [11:42] * Joins: barnabywalters (~barnabywa@46-239-239-203.tal.is)
# [11:43] * Joins: tommyliu_ (~tommyliu@61.144.248.40)
# [11:45] <hsivonen> annevk: I removed the redirect and kept HSTS
# [11:45] <mathiasbynens> ^ same here
# [11:46] <zcorpan_> seems i had done it already
# [11:46] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 272 seconds)
# [11:52] * Quits: Johnny- (~null@unaffiliated/johnny-) (Ping timeout: 260 seconds)
# [11:53] * Quits: richt (~richt@c83-248-244-196.bredband.comhem.se) (Quit: bye)
# [11:54] * Quits: tommyliu_ (~tommyliu@61.144.248.40) (Remote host closed the connection)
# [11:55] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [11:55] * Joins: Johnny- (~null@unaffiliated/johnny-)
# [11:55] * Joins: tommyliu_ (~tommyliu@li568-142.members.linode.com)
# [11:57] * Quits: sarri (~sari@p50995cae.dip0.t-ipconnect.de) (Ping timeout: 245 seconds)
# [11:57] * Joins: richt (~richt@c83-248-244-196.bredband.comhem.se)
# [11:58] * Joins: sarri (~sari@p50995cae.dip0.t-ipconnect.de)
# [11:59] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 258 seconds)
# [12:04] * Joins: tommyliu (~tommyliu@183.37.146.195)
# [12:05] <annevk> foolip: I think I am
# [12:05] <annevk> foolip: I guess I can fix that somehow
# [12:06] <annevk> foolip: https://github.com/whatwg/web-apps-tracker/blob/master/web-apps-tracker#L275
# [12:07] * Quits: Lachy (~Lachy@213.166.174.2) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [12:08] * Joins: paulohp (~paulohp@201.52.249.159)
# [12:08] * Quits: tommyliu_ (~tommyliu@li568-142.members.linode.com) (Ping timeout: 272 seconds)
# [12:10] * Quits: tommyliu (~tommyliu@183.37.146.195) (Remote host closed the connection)
# [12:10] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [12:22] * Joins: tommyliu_ (~tommyliu@183.37.146.195)
# [12:25] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 260 seconds)
# [12:30] * Joins: Lachy (~Lachy@213.166.174.2)
# [12:30] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [12:34] * Quits: r4vi (~r4vi@184.106.109.213) (Remote host closed the connection)
# [12:36] * Joins: r4vi (~r4vi@184.106.109.213)
# [12:36] <annevk> foolip: fixed by adding a second --grep that checks for https, couldn't figure out regexp syntax
# [12:38] <annevk> foolip: https://github.com/whatwg/web-apps-tracker/commit/62d433b92278c257d6305bc5f3970682967f30fa
# [12:42] <foolip> annevk: html-mirror is now up to date and should be auto-updating
# [12:43] <annevk> foolip: great, I also updated the commit hook from GitHub as GitHub does not deal with redirects
# [12:43] <foolip> what redirect is that?
# [12:49] <annevk> foolip: http->https
# [12:49] <annevk> foolip: html5.org is also on TLS
# [12:49] <foolip> oh, you had a commit webhook pointing at http://html5.org/something?
# [12:49] <foolip> I never looked at that half of things :)
# [12:49] * Joins: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com)
# [12:49] <annevk> yes
# [12:49] * Joins: cheron (~cheron@dslb-088-069-013-020.088.069.pools.vodafone-ip.de)
# [12:49] * Quits: cheron (~cheron@dslb-088-069-013-020.088.069.pools.vodafone-ip.de) (Changing host)
# [12:49] * Joins: cheron (~cheron@unaffiliated/cheron)
# [12:49] * Quits: karlcow (~karl@nerval.la-grange.net) (Quit: :tiuQ tiuq sah woclrak)
# [12:50] * Quits: Hixie (~ianh@178.255.149.100) (Ping timeout: 272 seconds)
# [12:52] * Joins: Hixie (~ianh@178.255.149.100)
# [12:52] * Quits: plutoniix (~plutoniix@210.213.57.70) (Quit: จรลี จรลา)
# [12:53] <foolip> annevk: btw, I'm going to get back to the fullscreen bugs any week now! I've been distracted by some other things for a while
# [12:55] * Quits: yoav (~yoav@rrcs-208-105-48-82.nyc.biz.rr.com) (Read error: Connection reset by peer)
# [12:55] * Quits: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com) (Ping timeout: 260 seconds)
# [12:58] * Joins: karlcow (~karl@nerval.la-grange.net)
# [13:09] <annevk> foolip: Hixie filed some too
# [13:11] <hsivonen> jgraham: so to address the review comment, I'll just add another commit to the same branch, right?
# [13:12] <zcorpan_> hsivonen: yeah
# [13:12] * zcorpan_ assumes it's about critic
# [13:14] * tantek waves from London
# [13:14] * Quits: tommyliu_ (~tommyliu@183.37.146.195) (Remote host closed the connection)
# [13:14] <foolip> annevk: about the removal problem, I had assumed that what the spec currently says would apply for any removal, even if it was a parent that's removed
# [13:14] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [13:14] <annevk> foolip: that was the idea
# [13:15] <annevk> foolip: might have to rephrase I guess
# [13:15] * Joins: tommyliu_ (~tommyliu@61.144.248.40)
# [13:19] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 272 seconds)
# [13:20] <hsivonen> zcorpan_: ok. thanks
# [13:23] * Quits: benjamingr_ (uid23465@gateway/web/irccloud.com/x-shuoyulffourwspz) (Quit: Connection closed for inactivity)
# [13:31] * Joins: ShaneHudson (~ShaneHuds@host86-149-123-177.range86-149.btcentralplus.com)
# [13:37] * Quits: tommyliu_ (~tommyliu@61.144.248.40) (Remote host closed the connection)
# [13:38] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [13:41] * Joins: zdobersek1 (~zan@cpe-77.38.31.63.cable.t-1.si)
# [13:44] * Quits: zdobersek (~zan@185.3.135.186) (Ping timeout: 258 seconds)
# [13:45] * Joins: tommyliu_ (~tommyliu@61.144.248.40)
# [13:47] * Quits: zdobersek1 (~zan@cpe-77.38.31.63.cable.t-1.si) (Quit: Leaving.)
# [13:48] * Joins: zdobersek (~zan@cpe-77.38.31.63.cable.t-1.si)
# [13:48] * Quits: davidyezsetz (~davidyezs@mail1.powerflasher.de) (Quit: davidyezsetz)
# [13:48] <mathiasbynens> annevk: you can remove the `; preload` part once you’ve submitted your site to hstspreload.appspot.com
# [13:48] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 255 seconds)
# [13:49] <mathiasbynens> (which you’ve done)
# [13:54] * Joins: jdaggett_ (~jdaggett@ae031063.dynamic.ppp.asahi-net.or.jp)
# [13:57] <jgraham> hsivonen: Yeah, as zcorpan_ said
# [13:59] * Quits: Lachy (~Lachy@213.166.174.2) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [13:59] * Joins: BigBangUDR (~Thunderbi@103.249.181.147)
# [14:03] * Quits: ShaneHudson (~ShaneHuds@host86-149-123-177.range86-149.btcentralplus.com) (Quit: Computer fell asleep.)
# [14:04] * Joins: Lachy (~Lachy@213.166.174.2)
# [14:11] * Joins: josemanuel (~josemanue@52.Red-79-147-198.dynamicIP.rima-tde.net)
# [14:18] * Joins: zdobersek1 (~zan@185.3.135.130)
# [14:18] * Joins: davidyezsetz (~davidyezs@mail1.powerflasher.de)
# [14:21] * Joins: scor (scor@nat/acquia/x-zfctqshljnyrvhly)
# [14:21] * Quits: scor (scor@nat/acquia/x-zfctqshljnyrvhly) (Changing host)
# [14:21] * Joins: scor (scor@drupal.org/user/52142/view)
# [14:21] * Quits: zdobersek (~zan@cpe-77.38.31.63.cable.t-1.si) (Ping timeout: 250 seconds)
# [14:22] * Quits: zdobersek1 (~zan@185.3.135.130) (Client Quit)
# [14:23] * Joins: zdobersek (~zan@185.3.135.130)
# [14:24] * Quits: zdobersek (~zan@185.3.135.130) (Client Quit)
# [14:25] * Joins: zdobersek (~zan@185.3.135.130)
# [14:29] * Joins: tj_vantoll (~Adium@50.153.112.136)
# [14:31] * Joins: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com)
# [14:38] * Joins: tj_vantoll1 (~Adium@c-98-250-130-237.hsd1.mi.comcast.net)
# [14:39] * Quits: tantek (tantek@nat/google/x-jabbohyhdlwqlgka) (Quit: tantek)
# [14:42] * Quits: tj_vantoll (~Adium@50.153.112.136) (Ping timeout: 272 seconds)
# [14:43] <jgraham> annevk: r? https://critic.hoppipolla.co.uk/r/2600 The actual tests were already reviewed by bz, so they should be correct
# [14:43] <foolip> woah, HTML joins the others under .spec.whatwg.org :)
# [14:44] <foolip> finally I can write URLs like https://html.spec.whatwg.org/#htmlmediaelement which are shortish and won't redirect
# [14:44] <jgraham> Oh, Hixie fixed it!
# [14:44] <jgraham> Hixie: Thanks!
# [14:45] <annevk> jgraham: that's some confusing ID naming
# [14:45] <jgraham> annevk: Yeah, not my tests
# [14:45] * Quits: __20h__ (~some_one@r-36.net) (Ping timeout: 260 seconds)
# [14:46] <foolip> heh, https://html.spec.whatwg.org has a SHA1 cert, I guess they're cheaper?
# [14:46] <jgraham> Some (many?) CAs only do SHA1 certs :(
# [14:47] <foolip> jgraham: I guess you've seen the drama around Chromiums pending changes here?
# [14:47] <jgraham> Yeah
# [14:47] <jgraham> I can't get a SHA2 cert from Gandi at this point
# [14:48] <jgraham> https://twitter.com/gandibar/status/509116131173748736
# [14:48] <annevk> foolip: the certificate is SHA-256
# [14:48] <annevk> foolip: which is the same for all of whatwg.org except the home page at the moment as Hixie has not replaced that one, but that is also not SHA-1 afaict
# [14:48] * Joins: __20h__ (~some_one@r-36.net)
# [14:48] <foolip> annevk: oh, it says that the connection is SHA1, I guess that's separate from the cert itself
# [14:49] <annevk> foolip: yeah, DreamHost is bad at TLS
# [14:49] <annevk> jgraham: hasn't that test already been reviewed as part of the patch to Gecko?
# [14:49] <foolip> clicked some more and see that the cert has a SHA-1 and a SHA-256 fingerprint
# [14:50] <annevk> jgraham: anyway, first half is okay...
# [14:50] <foolip> anyway, I like the new URL
# [14:52] <annevk> jgraham: critic also does not seem to remember I logged in
# [14:52] <annevk> foolip: jgraham managed to convince Hixie to switch it over
# [14:54] <jgraham> annevk: Thanks
# [14:54] <annevk> jgraham: we should have a policy though that if it passes mozilla.org peer review, it can bypass critic
# [14:55] <annevk> jgraham: though perhaps require a pointer to the public bug report where the review happened
# [14:55] <jgraham> annevk: We do, but in this case I rewrote the tests to be in testharness.js format rather than mochitest format
# [14:55] <annevk> I see
# [14:55] <jgraham> So technically that change needs review
# [14:58] <annevk> hsivonen: seems Google is doing something with EV: http://www.certificate-transparency.org/ev-ct-plan
# [15:03] * Quits: caitp- (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com) (Ping timeout: 258 seconds)
# [15:04] * Joins: plutoniix (~plutoniix@node-19bu.pool-101-109.dynamic.totbb.net)
# [15:07] * Joins: caitp (~caitp@CPE48f8b385c01c-CM84948c4c6f80.cpe.net.cable.rogers.com)
# [15:10] * Joins: smaug____ (~chatzilla@cs78246079.pp.htv.fi)
# [15:10] * Quits: BigBangUDR (~Thunderbi@103.249.181.147) (Quit: BigBangUDR)
# [15:18] * Joins: boogyman (~boogyman@38.88.11.131)
# [15:18] * Quits: boogyman (~boogyman@38.88.11.131) (Changing host)
# [15:18] * Joins: boogyman (~boogyman@pdpc/supporter/professional/boogyman)
# [15:20] <annevk> JakeA: so when is TLS coming to jakearchibald.com? ;-)
# [15:21] * jgraham wonders if annevk's new role in life is to ask everyone one by one when they will adopt TLS
# [15:21] <annevk> jgraham: I'll start with this channel; have you TLS'd?
# [15:24] <jgraham> annevk: You already asked me :p
# [15:26] <annevk> jgraham: no repeats?
# [15:27] <boogyman> jgraham: haha
# [15:27] <annevk> oh hey boogyman, using TLS?
# [15:27] <JakeA> annevk: I'm promising myself this year. We'll see if that happens.
# [15:28] <annevk> JakeA: I've just added it to several domains, it took quite a few hours
# [15:28] * Joins: TallTed (~Thud@63.119.36.36)
# [15:28] <boogyman> Good afternoon, and not right now. I use DH for hosting too.
# [15:28] <jgraham> annevk: I like to imagine you as like the guy in Hitchhikers who is insulting every being in the universe one by one, in alphabetical order. Except in your case it's only the subset that have inadequate TLS setups.
# [15:28] <annevk> JakeA: but at least now you know that fetch.spec.whatwg.org is really the Fetch Standard and not some MITM shit
# [15:29] <darobin> jgraham: that's still pretty much every being in the universe
# [15:29] <annevk> At least I have some new questions to ask at parties
# [15:29] <jgraham> darobin: Indeed, I'm not saying it's a proper subset
# [15:29] * darobin grinds his teeth at how his plan to MITM Fetch through captive portal hacking has been foiled
# [15:30] <annevk> Do you utf-8? "Yes" Great! Do you TLS? "Euh" Sorry
# [15:30] <darobin> I *so* wanted to replace that dumb arrow logo with a picture of Lassie
# [15:30] <jgraham> Oh is that the new W3C approach? Make the WiFi at TPAC MITM whatwg.org to add W3C branding?
# [15:31] <darobin> W3C branding? what for? I just wanted to change the green to a nicer change and inject silly jokes via the secondary logo
# [15:31] <darobin> s/change/shade/
# [15:31] <jgraham> Oh well if you want to change the green then this is a plan that I can get behind
# [15:32] <jgraham> TLS is clearly harmful
# [15:33] <zewt> thread-local storage? heh
# [15:35] * Quits: tommyliu_ (~tommyliu@61.144.248.40) (Remote host closed the connection)
# [15:35] * Joins: tommyliu (~tommyliu@61.144.248.40)
# [15:39] <JakeA> annevk: \o/ I might bug you when I come to do it then
# [15:40] * Quits: tommyliu (~tommyliu@61.144.248.40) (Ping timeout: 240 seconds)
# [15:40] <annevk> JakeA: yeah feel free; I decided to offer assistance to anyone who wants to try it out
# [15:41] <darobin> annevk: mind mailing me your SSH key so I can set you up with a root account on my box?
# [15:42] * Joins: BigBangUDR (~Thunderbi@103.249.181.147)
# [15:45] * Joins: tantek (tantek@nat/google/x-futxdrapkzxcbyto)
# [15:47] <annevk> https://twitter.com/annevk/status/511872386652962817
# [15:48] <tantek> congrats annevk!
# [15:55] * Joins: jensnockert (~jensnocke@s83-179-51-171.cust.tele2.se)
# [15:56] * Quits: BigBangUDR (~Thunderbi@103.249.181.147) (Quit: BigBangUDR)
# [15:56] <foolip> annevk: "On the upside, they free for non-commercial usage" + offer?
# [15:56] * Joins: webguynow (~webguynow@24.1.200.217)
# [15:57] <annevk> foolip: fixed
# [15:58] <foolip> also, sounds like not fun to be dutch with all the Van going on
# [16:00] <darobin> hsivonen: word on the street is that you have a great recommended setup for TLS on nginx
# [16:04] * Quits: Lachy (~Lachy@213.166.174.2) (Read error: Connection reset by peer)
# [16:04] * Joins: Lachy__ (~Lachy@213.166.174.2)
# [16:04] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [16:04] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [16:19] <tantek> darobin: see https://indiewebcamp.com/nginx#SSL_Setup and https://indiewebcamp.com/https#nginx
# [16:20] * Quits: jensnockert (~jensnocke@s83-179-51-171.cust.tele2.se) (Remote host closed the connection)
# [16:20] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [16:23] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [16:24] * Joins: Amaan (uid4967@gateway/web/irccloud.com/x-gafkizgrhbdvjvru)
# [16:24] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [16:27] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [16:37] <zcorpan_> annevk: irony:
# [16:37] <zcorpan_> -<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="https://www.w3.org/Icons/w3c_home" width="72"></a></p>
# [16:37] <zcorpan_> +<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
# [16:37] * Joins: ehynds (~ehynds@64.206.121.41)
# [16:41] <darobin> tantek: thanks!
# [16:42] <annevk> zcorpan_: how did that happen? Outdated version of respec?
# [16:42] <annevk> zcorpan_: euh, Anolis
# [16:42] <zcorpan_> annevk: yeah
# [16:42] <tantek> darobin no problem! we just did a pretty decent https sprint at IndieWebCampUK the weekend before last which I just happened to have blogged about a couple of hours ago.
# [16:43] <annevk> tantek: so is tantek.com getting the TLS?
# [16:43] <darobin> tantek: all I need do now is run a sprint with myself to get it set up
# [16:43] <tantek> darobin - also, feel free to ask any follow-ups re: setting up https re: those pages/instructions on #indiewebcamp
# [16:43] <tantek> darobin - come on by #indiewebcamp and you'll have folks actively wanting to help get you to https
# [16:44] <tantek> annevk - only self-signed for my admin interface for the moment
# [16:44] <tantek> I'm behind. I'm only at what we call "Level 2" https support (out of 5) https://indiewebcamp.com/https#Level_2_security
# [16:45] <annevk> seems I'm Level 4
# [16:46] <tantek> you should add yourself :) https://indiewebcamp.com/https#Level_4_security
# [16:48] <darobin> tantek: thanks, I might actually join. That said, I'll probably be fine, the only reason it's not there yet is because my ancient experience with Apache + SSL was horrible. But that was back then.
# [16:48] * Quits: jdaggett_ (~jdaggett@ae031063.dynamic.ppp.asahi-net.or.jp) (Quit: jdaggett_)
# [16:50] * Quits: darobin (~darobin@78.109.80.74) (Remote host closed the connection)
# [16:55] * arv__ is now known as arv
# [16:59] * Joins: BigBangUDR (~Thunderbi@101.61.150.121)
# [17:00] * Quits: BigBangUDR (~Thunderbi@101.61.150.121) (Client Quit)
# [17:03] * Quits: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com) (Remote host closed the connection)
# [17:03] * Joins: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com)
# [17:06] <mathiasbynens> annevk: i’m not using https://wiki.apache.org/httpd/RedirectSSL as per that twitter dude’s suggestion – works well, and much simpler
# [17:09] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [17:13] * Joins: tommyliu_ (~tommyliu@219.133.189.91)
# [17:15] * Quits: willchan (willchan@nat/google/x-dexlybrwxhvbgvbz) (Remote host closed the connection)
# [17:15] * Joins: willchan (willchan@nat/google/x-kuhjikqoinnyiwge)
# [17:15] * Quits: zcorpan_ (~zcorpan@ip-200.t2.se.opera.com) (Ping timeout: 260 seconds)
# [17:16] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 246 seconds)
# [17:16] * Quits: tommyliu_ (~tommyliu@219.133.189.91) (Remote host closed the connection)
# [17:17] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [17:18] * Quits: scor (scor@drupal.org/user/52142/view) (Quit: scor)
# [17:18] * Joins: scor (scor@nat/acquia/x-jvboymvxhnnegbap)
# [17:18] * Quits: scor (scor@nat/acquia/x-jvboymvxhnnegbap) (Changing host)
# [17:18] * Joins: scor (scor@drupal.org/user/52142/view)
# [17:19] * Joins: tommyliu_ (~tommyliu@219.133.189.91)
# [17:21] * Joins: BigBangUDR (~Thunderbi@101.61.150.121)
# [17:22] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 240 seconds)
# [17:24] * Quits: tommyliu_ (~tommyliu@219.133.189.91) (Quit: brb)
# [17:25] * Joins: arunranga (~otherarun@cpe-69-203-128-218.si.res.rr.com)
# [17:26] * Joins: tommyliu (~tommyliu@219.133.189.91)
# [17:26] * Quits: BigBangUDR (~Thunderbi@101.61.150.121) (Client Quit)
# [17:26] * Joins: zcorpan (~zcorpan@ip-200.t2.se.opera.com)
# [17:31] * Joins: BigBangUDR (~Thunderbi@101.61.150.121)
# [17:31] * Quits: BigBangUDR (~Thunderbi@101.61.150.121) (Client Quit)
# [17:35] * Quits: cbr_ (~cbr@145.36.150.83.chzhher77.rootnet.ch) (Quit: cbr_)
# [17:35] <annevk> mathiasbynens: does not look simpler, what am I missing?
# [17:37] <mathiasbynens> annevk: well it simplifies my setup, where i use vhosts.conf to configure each domain on my server
# [17:37] <annevk> mathiasbynens: if you have root that does seem better
# [17:37] * Joins: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003)
# [17:37] <mathiasbynens> ah, so you’re not root, gotcha
# [17:38] <annevk> mathiasbynens: noted this solution in the post
# [17:39] * Quits: hasather (~hasather@80.91.33.141) (Remote host closed the connection)
# [17:39] * Joins: hasather (~hasather@80.91.33.141)
# [17:39] <annevk> mathiasbynens: so Eric Lawrence discovered that I'm now sometimes sending out the HSTS header twice
# [17:40] <mathiasbynens> \o/
# [17:40] <annevk> mathiasbynens: I might be invoking PHP in two different ways :-(
# [17:40] <mathiasbynens> example URL?
# [17:40] <annevk> mathiasbynens: https://annevankesteren.nl/2014/09/tls-next-steps vs home page
# [17:40] <mathiasbynens> maybe it’s .htaccess + PHP in some weird cases?
# [17:42] <mathiasbynens> i just accidentally downloaded your `index.php` source code :/
# [17:43] <mathiasbynens> brb
# [17:43] <annevk> yeah that's fine, running experiments live :p
# [17:43] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 245 seconds)
# [17:48] <annevk> I am the first, I just discovered I was using prefixes for transitions and transforms on my site
# [17:48] <annevk> And had not unprefixed them
# [17:50] * Quits: zcorpan (~zcorpan@ip-200.t2.se.opera.com) (Remote host closed the connection)
# [17:50] <annevk> I am using ::selection unprefixed however
# [17:50] <annevk> But that seems to be gone :(
# [17:51] * Joins: zcorpan (~zcorpan@2a00:801:e0:30:985a:719d:74e9:5018)
# [17:52] * Quits: tommyliu (~tommyliu@219.133.189.91) (Ping timeout: 240 seconds)
# [17:52] * Joins: tommyliu (~tommyliu@121.15.77.148)
# [17:56] * Quits: zcorpan (~zcorpan@2a00:801:e0:30:985a:719d:74e9:5018) (Ping timeout: 260 seconds)
# [18:02] * Joins: jernoble|laptop (~jernoble@76.74.153.41)
# [18:03] * Joins: erlehmann (~erlehmann@g229083066.adsl.alicedsl.de)
# [18:04] * Joins: sicking (~sicking@c-98-210-159-193.hsd1.ca.comcast.net)
# [18:07] * Quits: paulohp (~paulohp@201.52.249.159)
# [18:10] * Quits: webguynow (~webguynow@24.1.200.217) (Ping timeout: 258 seconds)
# [18:10] * Joins: webguynow (~webguynow@24.1.200.217)
# [18:11] * Joins: lmclister (~lmclister@192.150.10.204)
# [18:13] * Joins: paulohp (~paulohp@201.52.249.159)
# [18:13] * Quits: paulohp (~paulohp@201.52.249.159) (Remote host closed the connection)
# [18:14] * Quits: tommyliu (~tommyliu@121.15.77.148) (Remote host closed the connection)
# [18:14] * Joins: tommyliu (~tommyliu@121.15.77.148)
# [18:15] * Quits: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net) (Ping timeout: 255 seconds)
# [18:16] * Joins: Maurice (copyman@unaffiliated/maurice)
# [18:17] * Joins: ShaneHud_ (~ShaneHuds@host86-149-123-177.range86-149.btcentralplus.com)
# [18:18] <Hixie> uh
# [18:18] <Hixie> what did i do to spec.whatwg.org
# [18:19] * Quits: tommyliu (~tommyliu@121.15.77.148) (Ping timeout: 258 seconds)
# [18:20] <Hixie> ok that should be fixed
# [18:20] <Hixie> no idea what i had done there
# [18:20] <Hixie> whatever it was broke the dreamhost panel ui
# [18:20] <Hixie> i guess i'll move the demos stuff back onto whatwg.org somehow
# [18:20] * Joins: KevinMarks_ (~yaaic@2607:fb90:507:7c47:373b:8bdb:dafa:aee5)
# [18:20] <annevk> you broke the panel? lol
# [18:20] <Hixie> i got some exception trying to edit the cert
# [18:21] <Hixie> i just removed the domain and readded it and it worked
# [18:21] * Quits: Guest20884 (~bnicholso@24.130.60.241) (Ping timeout: 255 seconds)
# [18:23] <Hixie> so this demo is unmodified since 2011
# [18:23] <Hixie> maybe i should just disable it
# [18:23] <Hixie> it gets virtually no traffic
# [18:25] <mathiasbynens> annevk: double header is fixed – how?
# [18:25] <annevk> Hixie: if that and some namespaces are standing in the way of HSTS, yes
# [18:26] <annevk> mathiasbynens: I stopped using ForceType php5-cgi for extensionless files and instead renamed those files to end in .php
# [18:26] * Quits: davidyezsetz (~davidyezs@mail1.powerflasher.de) (Quit: davidyezsetz)
# [18:26] <Hixie> what happens if in a subdomain with includesSubdomain, an https:// site redirects to an http:// site without HSTS?
# [18:26] <annevk> mathiasbynens: the files ending in .php were the ones sending the duplicate header that was noticed, still not quite sure what is going on
# [18:27] * Joins: jacobolus (~jacobolus@70-36-196-50.dsl.static.sonic.net)
# [18:27] <annevk> Hixie: https://planet.html5.org/ is such a site
# [18:27] <mathiasbynens> Hixie: same thing as any HTTPS URL that redirects to itself, i guess
# [18:27] * Quits: jernoble|laptop (~jernoble@76.74.153.41) (Quit: Computer has gone to sleep.)
# [18:28] * Joins: tommyliu (~tommyliu@121.15.77.148)
# [18:29] * Quits: Lachy__ (~Lachy@213.166.174.2) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [18:30] * Quits: lmclister (~lmclister@192.150.10.204) (Read error: Connection reset by peer)
# [18:32] <annevk> Hixie: oh, to itself? Seems you created a loop
# [18:32] * Quits: Smylers (~smylers@81.143.60.194) (Ping timeout: 272 seconds)
# [18:33] <Hixie> no i mean what if https://whatwg.org has sts-includesubdomains, and https://x.whatwg.org redirects to http://x.whatwg.org without an sts header?
# [18:33] <Hixie> or with a header, with maxage=0
# [18:34] * Quits: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003) (Remote host closed the connection)
# [18:34] <annevk> I think that should cause an infinite redirect as before the redirect fetch is done, the URL would be rewritten to https://x.whatwg.org/
# [18:34] <Hixie> why?
# [18:35] <Hixie> let me ask again with maxage=0
# [18:35] * Joins: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003)
# [18:35] <Hixie> it's not clear to me if that would punch a hole through the includesubdomains
# [18:35] <annevk> https://fetch.spec.whatwg.org/#concept-fetch step 1
# [18:35] <annevk> If a user agent lets a subdomain override includeSubdomains of a parent, that seems broken
# [18:36] <Hixie> why?
# [18:37] <Hixie> https://tools.ietf.org/html/rfc6797#section-8.1
# [18:37] <Hixie> you fetch the encrypted version of x.whatwg.org
# [18:37] <Hixie> it unsets the hsts headers
# [18:37] <Hixie> then you get the redirect
# [18:37] * Joins: svl (~me@ip565744a7.direct-adsl.nl)
# [18:37] <Hixie> so at step 1, you don't have any known hosts
# [18:37] <annevk> what about the whatwg.org entry?
# [18:37] <Hixie> it shouldn't be affected, right?
# [18:38] <annevk> if that has includeSubdomains, why should that not apply to x.whatwg.org?
# [18:38] <annevk> if you have not seen whatwg.org it would be different, but if you have it seems that ought to apply
# [18:39] * Quits: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003) (Ping timeout: 260 seconds)
# [18:40] * Joins: hasather (~hasather@80.91.33.141)
# [18:40] * Joins: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net)
# [18:40] <Hixie> yeah i really can't tell from the rfc
# [18:41] * Joins: bnicholson (~bnicholso@corp.mtv2.mozilla.com)
# [18:41] <Hixie> abarth: ping
# [18:41] <annevk> IETF claims http://www.rfc-editor.org/info/rfc6797 provides information on how to give feedback, but it doesn't
# [18:42] <annevk> I guess you need to click under "Source" http://tools.ietf.org/wg/websec/ and give feedback to that WG
# [18:42] * krit_ is now known as krit
# [18:42] <annevk> IETF is a lot less clear than our "Participate:" boxes
# [18:43] <Hixie> shocking
# [18:43] <Hixie> hmmm
# [18:43] <Hixie> includesubdomains doesn't interact very well with www.*
# [18:44] <Hixie> k well i may have broken things more than before
# [18:44] <Hixie> or i may have fixed them
# [18:44] <Hixie> hard to tell until dreamhost propagates
# [18:45] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 240 seconds)
# [18:45] * Joins: lmclister (~lmclister@192.150.10.204)
# [18:45] * Joins: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003)
# [18:45] * Quits: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003) (Remote host closed the connection)
# [18:46] * Joins: ehsan (~ehsan@66.207.208.102)
# [18:47] * Joins: ap (~ap@17.202.44.214)
# [18:51] * Quits: arunranga (~otherarun@cpe-69-203-128-218.si.res.rr.com) (Ping timeout: 260 seconds)
# [18:51] * Quits: ehsan (~ehsan@66.207.208.102) (Ping timeout: 272 seconds)
# [18:53] <annevk> Google friends, will there be a time when one can change their Hangouts / Google+ ID? https://gist.github.com/annevk/7f83773f82d52c721664
# [18:53] * Quits: josemanuel (~josemanue@52.Red-79-147-198.dynamicIP.rima-tde.net) (Quit: Saliendo)
# [18:58] * Quits: lmclister (~lmclister@192.150.10.204) (Read error: Connection reset by peer)
# [19:00] <annevk> Hixie: I attempted emailing websec with your question
# [19:01] * Joins: slmult0 (~ctlM@80.83.238.74)
# [19:03] <annevk> Oh my, message being held for moderation
# [19:03] <Domenic_> annevk: I have the same problem with the mandatory @gmail.com account :(
# [19:03] <annevk> Domenic_: can you pull some strings? :-)
# [19:03] <annevk> Domenic_: feel free to share that gist with anyone
# [19:04] <Domenic_> I can ask around, I guess
# [19:04] * Joins: yoav (~yoav@208.184.147.3)
# [19:04] * Joins: zenparsing (~zenparsin@97-81-81-172.dhcp.athn.ga.charter.com)
# [19:05] * Joins: jeremyj (~jeremyj@17.202.49.56)
# [19:07] * Quits: erlehmann (~erlehmann@g229083066.adsl.alicedsl.de) (Quit: Die demokratieerhaltende Whistleblowerplattform Krautchan freut sich immer über Spenden.)
# [19:08] <annevk> Domenic_: in case I did not get this link through you https://blog.jcoglan.com/2013/03/30/callbacks-are-imperative-promises-are-functional-nodes-biggest-missed-opportunity/
# [19:09] * Joins: jwalden (~waldo@2620:101:80fc:224:7e7a:91ff:fe25:a5a3)
# [19:10] * Quits: tj_vantoll1 (~Adium@c-98-250-130-237.hsd1.mi.comcast.net) (Quit: Leaving.)
# [19:11] * Joins: tj_vantoll (~Adium@2601:4:5380:2ec:e4e9:6dd4:6c72:51d0)
# [19:15] * Quits: tommyliu (~tommyliu@121.15.77.148) (Remote host closed the connection)
# [19:15] * Joins: tommyliu (~tommyliu@li568-142.members.linode.com)
# [19:15] * Quits: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net) (Ping timeout: 246 seconds)
# [19:16] * Quits: espadrine (~ttyl@LMontsouris-656-01-02-84.w80-12.abo.wanadoo.fr) (Ping timeout: 272 seconds)
# [19:18] * Joins: tommyliu_ (~tommyliu@121.15.77.148)
# [19:19] * Joins: dbaron (~dbaron@50.0.192.112)
# [19:19] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [19:19] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [19:20] * Joins: BigBangUDR (~Thunderbi@101.61.150.121)
# [19:21] * Quits: BigBangUDR (~Thunderbi@101.61.150.121) (Client Quit)
# [19:22] * Quits: tommyliu (~tommyliu@li568-142.members.linode.com) (Ping timeout: 272 seconds)
# [19:23] * Joins: BigBangUDR (~Thunderbi@101.61.150.121)
# [19:24] * Joins: erlehmann (~erlehmann@g229083066.adsl.alicedsl.de)
# [19:24] * Quits: BigBangUDR (~Thunderbi@101.61.150.121) (Client Quit)
# [19:25] * Joins: BigBangUDR (~Thunderbi@101.61.150.121)
# [19:25] * Joins: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net)
# [19:28] * Quits: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com) (Remote host closed the connection)
# [19:28] <caitp> how does one argue that promises are somehow functional, they aren't really any different from callbacks except slightly more sugary and slower
# [19:28] * Joins: lmclister (~lmclister@192.150.10.204)
# [19:28] * Quits: diffalot (~diffalot@c-75-66-188-195.hsd1.ms.comcast.net) (Read error: Connection reset by peer)
# [19:28] * Joins: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com)
# [19:29] <Domenic_> did you read the article?
# [19:29] <caitp> not only that, but the behaviour of promise methods depends on what? state
# [19:29] <TabAtkins> Domenic_: Question from yesterday?
# [19:29] * Krinkle|detached is now known as Krinkle
# [19:29] <Domenic_> TabAtkins: about ecmarkdown wanting consistent indentation?
# [19:29] <caitp> Domenic_ it sounds like the typical nonsense that the usual "functional vs imperative" crowd of blogs writes
# [19:30] <caitp> haven't read it in full but I'm not confident in its contents
# [19:30] <Domenic_> caitp: so you did, or did not read it? because i think it explains it pretty clearly.
# [19:30] <TabAtkins> Domenic_: No, about why you want ecmarkdown to only use a single number for ol bullets.
# [19:30] <Domenic_> TabAtkins: for consistency and simplicity, basically.
# [19:30] <TabAtkins> I don't understand.
# [19:30] <caitp> a promise is an object which contains state (which may or may not be mutable, implementation depending), and which has methods which behave differently depending on that state
# [19:30] <caitp> this is not really functional
# [19:31] <Domenic_> caitp: I am really not interested in correcting your misconceptions which can be corrected by you simply reading the linked article.
# [19:31] * Quits: phuu_ (sid7721@gateway/web/irccloud.com/x-dxkhevfqtplreuhc) (Read error: Connection reset by peer)
# [19:31] * Quits: hdv (sid2376@gateway/web/irccloud.com/x-kbafynxemqaghtbx) (Read error: Connection reset by peer)
# [19:31] * Quits: Ziggy (sid18787@gateway/web/irccloud.com/x-eesjtmpvwpcpjxbp) (Read error: Connection reset by peer)
# [19:31] * Quits: wanderview (sid22777@gateway/web/irccloud.com/x-jwzuubgspkqpjbmb) (Read error: Connection reset by peer)
# [19:31] * Quits: jorendorff (sid28423@gateway/web/irccloud.com/x-yqwzbddcdmotpyxs) (Read error: Connection reset by peer)
# [19:31] * Quits: timeless (sid4015@firefox/developer/timeless) (Read error: Connection reset by peer)
# [19:31] <Domenic_> TabAtkins: more choices = less simplicity, less consistency
# [19:31] <caitp> those aren't misconceptions
# [19:31] <caitp> it's a fact
# [19:31] <Domenic_> TabAtkins: perhaps the problem is the name
# [19:31] <TabAtkins> Domenic_: I mean, what choices are there?
# [19:31] * Joins: hdv (sid2376@gateway/web/irccloud.com/x-bmqsrzjiarsagbag)
# [19:31] * Joins: jernoble|laptop (~jernoble@17.114.218.130)
# [19:31] <Domenic_> TabAtkins: whether to start with 1 and go up, or just to stick with 1 forever
# [19:32] * Joins: phuu__ (sid7721@gateway/web/irccloud.com/x-xkbrxsbvngiboifc)
# [19:32] * Joins: wanderview_ (sid22777@gateway/web/irccloud.com/x-tcyyxrvjcpzxgwrh)
# [19:32] * Quits: jeremyj (~jeremyj@17.202.49.56) (Quit: Textual IRC Client: www.textualapp.com)
# [19:32] <TabAtkins> caitp: Promises are monads over time-dependent state.
# [19:32] * Quits: miketaylr (~miketaylr@192.241.222.35) (Ping timeout: 245 seconds)
# [19:32] <TabAtkins> Domenic_: Just... require it to be numbered correctly?
# [19:32] * Domenic_ is now known as Domenic
# [19:33] * Joins: timeless (sid4015@firefox/developer/timeless)
# [19:33] * Joins: Ziggy (sid18787@gateway/web/irccloud.com/x-sxqyitciludledpc)
# [19:33] <caitp> except it's not really "time dependent", it's "dependent on the order of operations, because some operations affect their state"
# [19:33] * Joins: jorendorff (sid28423@gateway/web/irccloud.com/x-twnerrmemsrqxgvc)
# [19:33] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [19:33] * Joins: miketaylr (~miketaylr@192.241.222.35)
# [19:34] <TabAtkins> You seem to be arguing that, for example, the IO monad isn't functional either.
# [19:34] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [19:34] <Domenic> TabAtkins: then refactoring steps messes up diffs
# [19:35] <caitp> i don't really care to have a real argument about it, but it's like, functional is not better or worse than imperative, so the argument doesn't really mean anything; but objects containing state which is manipulated by some operations, and which affects the behaviour of other operations
# [19:35] <caitp> that's not very functional
# [19:35] <caitp> that's typical of any imperative programme
# [19:35] <TabAtkins> Domenic: Sure, but the source is more readable. (I don't like how I have to go look at the rendered html to know what the number is for a given <li> in an <ol>.)
# [19:35] <Domenic> TabAtkins: well I guess your answer then is we are prioritizing diffs (for which this is better) and authoring experience (for which this is neutral/slightly beter) over source readability (for which this is worse)
# [19:35] <TabAtkins> caitp: It seems that you don't understand the functional encapsulation that monads can make over varying state; I suggest reading up a bit more on that.
# [19:36] <TabAtkins> Domenic: Okay. Are you planning to have the "lists start with the number of the first item" behavior too?
# [19:36] * Joins: ehsan (~ehsan@66.207.208.102)
# [19:36] * Joins: jeremyj (~jeremyj@17.202.49.56)
# [19:36] * Quits: ehsan (~ehsan@66.207.208.102) (Remote host closed the connection)
# [19:36] * Quits: yoav (~yoav@208.184.147.3) (Quit: Ex-Chat)
# [19:37] * Quits: barnabywalters (~barnabywa@46-239-239-203.tal.is) (Quit: barnabywalters)
# [19:37] * Joins: ehsan (~ehsan@66.207.208.102)
# [19:37] * Quits: jeremyj (~jeremyj@17.202.49.56) (Client Quit)
# [19:37] <Domenic> TabAtkins: for all of the ES6 spec lists start with 1, so probably not?
# [19:38] <Domenic> TabAtkins: we'll probably change from 0. to 1.
# [19:38] * Quits: fredy (~fredy@snf-535807.vm.okeanos.grnet.gr) (Excess Flood)
# [19:38] <TabAtkins> Domenic: That's generally true for most specs, sure, but, for example, Flexbox has an algorithm split over multiple sections, where each <ol> picks up where the last one left off.
# [19:38] * Joins: fredy (~fredy@snf-535807.vm.okeanos.grnet.gr)
# [19:39] <Domenic> TabAtkins: yeah, that's fair. I mean in general we could try to do fully-general Markdown list syntax and just have a secondary linting tool that enforces our desired conventions for ES specs
# [19:39] <Domenic> TabAtkins: the problem there is then I have to write more code :P
# [19:39] * Quits: fredy (~fredy@snf-535807.vm.okeanos.grnet.gr) (Excess Flood)
# [19:39] <TabAtkins> Domenic: Sorry to be a bother, it's just that now that MD actually has a spec, I consider deviations from that to need strong justifications, rather than just being a matter of flavor. ^_^
# [19:40] <TabAtkins> (Bikeshed has a few deviations that it'll be maintaining, for example.)
# [19:40] <Domenic> TabAtkins: would it help if it were named something else? It's just Markdown-inspired (i.e. literally I found writing specs in Markdown to be pleasant, and that inspired me to create a new language). It's not meant to be a Markdown flavor.
# [19:41] <Domenic> We'd loose the nice punning of Ecmarkup (= custom elements vocabulary) + Ecmarkdown, sadly
# [19:41] <TabAtkins> Domenic: Do what you want, I'm just pushing my own agenda of making it easier to transport text (and authoring assumptions) across markdowns.
# [19:41] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [19:41] * Quits: ehsan (~ehsan@66.207.208.102) (Ping timeout: 246 seconds)
# [19:41] * ajpiano is now known as lainsw_
# [19:41] * lainsw_ is now known as japinao
# [19:41] * japinao is now known as ajpiano
# [19:41] <TabAtkins> The less parsing diff I need to maintain in my head, the better.
# [19:41] <Domenic> Hmm hmm
# [19:41] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [19:43] * Joins: fredy (~fredy@snf-535807.vm.okeanos.grnet.gr)
# [19:44] <TabAtkins> Obviously text won't transport too well from CMD to ECMD, due to you changing what all of the inline elements mean, but still.
# [19:44] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [19:44] * Quits: karlcow (~karl@nerval.la-grange.net) (Ping timeout: 272 seconds)
# [19:44] * Joins: diffalot (~diffalot@c-75-66-188-195.hsd1.ms.comcast.net)
# [19:45] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [19:46] * Joins: arunranga (~otherarun@cpe-69-203-128-218.si.res.rr.com)
# [19:50] * Joins: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003)
# [19:50] * Quits: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003) (Remote host closed the connection)
# [19:52] * Joins: hasather (~hasather@80.91.33.141)
# [19:52] <annevk> Safari on iPhone has interesting UI choices. It shows [padlock] whatwg.org for https://www.whatwg.org/
# [19:53] * Quits: lmclister (~lmclister@192.150.10.204) (Read error: Connection reset by peer)
# [19:53] <annevk> It actually omits "www.", but does not do so for other subdomains
# [19:56] <Domenic> boo to www
# [19:57] <SimonSapin> Is "lossily" a word?
# [19:58] <TabAtkins> Yes.
# [19:58] * Quits: 7YUAARUP3 (scrollback@conference/jsconf/x-xzteauyjmwrzpirq) (Read error: Connection reset by peer)
# [19:58] * Joins: lmclister (~lmclister@192.150.10.204)
# [19:58] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 260 seconds)
# [19:59] <jgraham> True fact: a long time ago before the internet was something that people were familiar with, my Dad phoned me to ask if some server with the url w3.something.tld was the same as www.something.tld So www. has been causing confusion since the mid 90s
# [19:59] * Quits: ShaneHud_ (~ShaneHuds@host86-149-123-177.range86-149.btcentralplus.com) (Quit: Computer fell asleep.)
# [19:59] * Joins: scrollback (scrollback@conference/jsconf/x-nvdnmyrdsduwpack)
# [20:00] * Quits: zdobersek (~zan@185.3.135.130) (Ping timeout: 272 seconds)
# [20:01] <annevk> http://no-www.org/ (sadly no TLS)
# [20:01] * Joins: zdobersek (~zan@46.19.137.78)
# [20:02] <Hixie> bummo, i broke https://n.whatwg.org
# [20:02] <Hixie> let's see here...
# [20:03] <Domenic> I still don't understand n.whatwg.org?
# [20:03] * Quits: boogyman (~boogyman@pdpc/supporter/professional/boogyman) (Quit: Leaving.)
# [20:03] <Hixie> ok, fixed it
# [20:03] <TabAtkins> Which part? It's existence, or that it's staying on http:?
# [20:03] <annevk> So as far as I can tell the only valid namespace is http://n.whatwg.org/work and it is not actually evident that is seeing much usage
# [20:04] * Quits: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net) (Ping timeout: 258 seconds)
# [20:04] <Hixie> it's seeing basically no usage outside the html spec, as far as i'm aware
# [20:04] * Quits: arunranga (~otherarun@cpe-69-203-128-218.si.res.rr.com) (Quit: arunranga)
# [20:04] <annevk> Hixie: and because it sees usage in the HTML spec we want to not do HSTS fully?
# [20:05] <Hixie> namespaces are namespaces
# [20:05] <Hixie> once you commit to have a namespace, you commit to having it for, like, ever.
# [20:05] <annevk> Hixie: namespaces are also just strings
# [20:05] <annevk> Hixie: and not actually something meant to resolve
# [20:05] <tantek> except for the http vs https part
# [20:05] <tantek> so I heard
# [20:05] <annevk> Hixie: if n.whatwg.org didn't exist, the namespace would continue to exist
# [20:06] <Hixie> annevk: it would continue to exist for sure, but some people would be confused.
# [20:06] <Domenic> TabAtkins: the existence. Sounds like I should do Ctrl+F on the singlepage spec?
# [20:06] <Hixie> anyway, we have includeSubdomains
# [20:06] <Hixie> so this is a non-issue
# [20:06] <TabAtkins> Domenic: It's nothing more than a namespace.
# [20:06] * Quits: BigBangUDR (~Thunderbi@101.61.150.121) (Quit: BigBangUDR)
# [20:06] <jgraham> I think an existance proof on those people would be interesting
# [20:06] <annevk> Hixie: e.g. the W3C cannot configure its own server probably and has been redirecting namespaces for years
# [20:06] <Domenic> TabAtkins: sure, but used for what, is the question
# [20:06] <annevk> Hixie: try http://www.w3.org/1999/xhtml
# [20:06] <annevk> Hixie: not many people have ended up being confused as a result
# [20:06] * Quits: diffalot (~diffalot@c-75-66-188-195.hsd1.ms.comcast.net) (Read error: Connection reset by peer)
# [20:07] <annevk> Hixie: though I have complained about it
# [20:07] <TabAtkins> Domenic: It's used to have a page that the namespaces can resolve to.
# [20:07] <Hixie> the w3c is not exactly the pinacle of good practices
# [20:07] <jgraham> Nor are namespaces ;)
# [20:07] <Hixie> i'd be interesting to test that hypothesis
# [20:07] <Hixie> i wonder how many pages says xmlns="http://www.w3.org/1999/xhtml/"
# [20:07] <Hixie> say
# [20:07] * Hixie goes to find out
# [20:08] <annevk> Hixie: the point is that if a widespread namespace can redirect, so can a namespace that is only used in fiction and is causing end user harm (by not being on the HSTS preload list)
# [20:08] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [20:08] <Domenic> TabAtkins: what is the namespace used for, is the question. Answering it myself, looks like, used for microdata?
# [20:08] <TabAtkins> Domenic: Ah, ok. Yes.
# [20:08] <Hixie> annevk: we can be on the HSTS preload list
# [20:08] <Hixie> annevk: this is not causing any such blockage
# [20:08] <tantek> having namespaces break just serves to demonstrate they shouldn't have been used in the first place
# [20:09] <SimonSapin> I just wrote a proto-spec for the WTF-8 encoding: https://github.com/rust-lang/rust/issues/12056#issuecomment-55786546
# [20:09] <Hixie> Domenic: the url answers that question :-)
# [20:09] * Joins: Lachy_ (~Lachy@cm-84.215.104.248.getinternet.no)
# [20:09] <Domenic> Hixie: haha, just goes to show, my strong assumption was that the actual namespace URL would be useless
# [20:09] * Quits: Lachy_ (~Lachy@cm-84.215.104.248.getinternet.no) (Read error: Connection reset by peer)
# [20:10] <Hixie> hehe
# [20:10] <Hixie> technically this isn't actually a namespace
# [20:10] * Quits: lmclister (~lmclister@192.150.10.204) (Read error: Connection reset by peer)
# [20:10] <Hixie> it's a vocabulary identifier
# [20:10] <annevk> SimonSapin: conversion to UTF-8 needs to be better
# [20:10] * Joins: Lachy_ (~Lachy@cm-84.215.104.248.getinternet.no)
# [20:10] <SimonSapin> annevk: better how?
# [20:10] <annevk> SimonSapin: e.g. if you concat two surrogates, they can turn into a thing
# [20:11] * Joins: diffalot (~diffalot@c-75-66-188-195.hsd1.ms.comcast.net)
# [20:11] <SimonSapin> annevk: do we want to support that?
# [20:11] <annevk> SimonSapin: if you ever want a JavaScript impl in Rust, yes
# [20:12] * Quits: willchan (willchan@nat/google/x-kuhjikqoinnyiwge) (Remote host closed the connection)
# [20:12] * Joins: willchan (willchan@nat/google/x-fyjpxdzkbeffzfwv)
# [20:13] <Hixie> ok, n.whatwg.org finally does what i want it to do
# [20:13] <gavinc> Is there an explanation somewhere as to why I can't get the status code of the request that loaded the current page in javascript? Seems so very odd not to be able to
# [20:13] <SimonSapin> annevk: so abandon equivalence with UCS-2? (Two WTF-8 strings have the same bytes if and only if their UCS-2 representation have the same bytes)
# [20:15] <annevk> SimonSapin: why would that not be true?
# [20:15] <jgraham> Is there a special reason that concatenation of two WTF-8 buffers has to produce a valid WTF-8 string? Presumably a WTF-8 library could examine the endpoints for WTF-8ness and convert if necessary
# [20:15] * Joins: zcorpan (~zcorpan@2a00:801:e0:30:f024:4dfe:f434:1a74)
# [20:16] <SimonSapin> jgraham: yeah, that sounds better
# [20:16] <Hixie> wait why does the hsts preload list require that we violate the hsts spec by adding the non-standard "preload" token
# [20:16] <SimonSapin> so WTF-8 concat is a bit more work than byte concat, but I think that’s ok
# [20:16] <annevk> Hixie: I think that's only temporary to ensure you can't add sites that don't want to be on it
# [20:16] <annevk> Hixie: temporarily required*
# [20:17] <annevk> Hixie: after you submit you can remove it again
# [20:19] <jgraham> Argh
# [20:19] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [20:19] <jgraham> Config file formats all suck
# [20:20] <Hixie> ok i give up
# [20:20] <Hixie> https://whatwg.org it is
# [20:20] <Hixie> for a decide i have fought this no-www nonsense on sites that are clearly _about_ the www and therefore by all reason should have "www" in their name
# [20:20] <Hixie> but lo, hsts has beaten me
# [20:21] <Hixie> go forth and remove the www.s!
# [20:21] * Quits: KevinMarks_ (~yaaic@2607:fb90:507:7c47:373b:8bdb:dafa:aee5) (Remote host closed the connection)
# [20:21] <SimonSapin> Hixie: try do buy www.org?
# [20:22] <Hixie> from the w3c?
# [20:22] <Hixie> good luck with _that_
# [20:22] <SimonSapin> or convince ICANN to make a .www TLD :)
# [20:22] <Hixie> .org is fine
# [20:22] <SimonSapin> oh, I didn’t know W3C had this one
# [20:23] * Joins: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net)
# [20:23] * Joins: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003)
# [20:24] * Quits: dbaron (~dbaron@50.0.192.112) (Quit: 8403864 bytes have been tenured, next gc will be global.)
# [20:24] * Quits: Lachy_ (~Lachy@cm-84.215.104.248.getinternet.no) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [20:24] <jgraham> You don't need to convince ICANN with more than just cash these days, do you?
# [20:25] <annevk> Domenic: see https://javascript.spec.whatwg.org/#regexp
# [20:25] <annevk> Domenic: not sure if mathiasbynens filed bugs on Allen for those yet
# [20:25] <Domenic> annevk: yeah I saw that, not terribly helpful
# [20:26] <caitp> is that a fork of es262 or something
# [20:26] <annevk> It's a delta of sorts, I guess
# [20:27] <caitp> neat
# [20:27] <Domenic> It was more important when ES had none of these things
# [20:28] * Quits: tantek (tantek@nat/google/x-futxdrapkzxcbyto) (Quit: tantek)
# [20:28] <Domenic> Most of it is being absorbed into ES
# [20:28] <Domenic> But curiously not the RegExp stuff (yet?)
# [20:28] * Quits: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net) (Ping timeout: 255 seconds)
# [20:28] <annevk> Yeah, mathiasbynens should update it so it does not contradict the HTML ES6 draft
# [20:29] <annevk> Date is also not covered by ES6 I think
# [20:29] <annevk> Not sure about the comment syntax, I think that's still an open bug
# [20:29] <abarth> Hixie: pong
# [20:30] <annevk> abarth: it was a question about where HSTS defines that a policy for domain.com affects sub.domain.com
# [20:30] <abarth> you mean where in the RFC?
# [20:30] <zcorpan> yay no www
# [20:35] <tobie> TabAtkins: I see from the Bikeshed doc that you're looking into importing some of the Specref data. Would anything make that easier (e.g. splitting up the existing stuff into various files)?
# [20:35] <TabAtkins> tobie: Nah, I've already got it ready to go.
# [20:36] <TabAtkins> I just need to do some profiling on it; loading up biblio and ref data is the most expensive part of running Bikeshed, and turning on SpecRef is a significant addition to that cost.
# [20:36] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Remote host closed the connection)
# [20:36] * Joins: jsbell (jsbell@nat/google/x-xptbauvcuaxjbnwr)
# [20:37] <TabAtkins> Splitting things up would actually make it more difficult to handle. I don't do any downloads at processing time; you have to periodically run `bikeshed update` yourself, so all the linking data is stored locally.
# [20:37] <TabAtkins> So I need to have all the data anyway.
# [20:37] <Hixie> abarth: yeah
# [20:37] <tobie> I'll be turning-on daily auto-updates this week, btw.
# [20:37] <TabAtkins> Cool.
# [20:38] <Hixie> abarth: say i have example.com and it has an STS policy with includesubdomains
# [20:38] <abarth> 6.1.2. The includeSubDomains Directive
# [20:38] <abarth> The OPTIONAL "includeSubDomains" directive is a valueless directive
# [20:38] <abarth> which, if present (i.e., it is "asserted"), signals the UA that the
# [20:38] <abarth> HSTS Policy applies to this HSTS Host as well as any subdomains of
# [20:38] <abarth> the host's domain name.
# [20:38] <Hixie> abarth: and then i have sub.example.com, and it has an STS with maxage=0
# [20:38] <Hixie> abarth: what happens?
# [20:38] <Hixie> abarth: the rfc doesn't seem to cover that case, because it's not clear whether sub.example.com has an entry or not
# [20:38] <abarth> maxage=0 doesn't create "holes"
# [20:38] * Joins: jeremyj (~jeremyj@17.202.49.56)
# [20:39] <tobie> TabAtkins: Are you grabbing the raw file or the output of the app?
# [20:39] <abarth> the intent is that sub.example.com still has HSTS
# [20:39] <TabAtkins> tobie: I'm pulling down http://specref.jit.su/bibrefs
# [20:39] <abarth> the storage is per-header received
# [20:39] <tobie> ok, cool.
# [20:39] <abarth> so you'd have to set max-age: 0 on example.com to expire the policy for the subdomains
# [20:40] <Hixie> abarth: what about if i have example.com with an STS includesubdomains, then foo.example.com also has an STS with includesubdomains, then i go to example.com again and it has maxage=0. Does that also remove the foo.example.com STS? Per the RFC, it seems like it would, since that header isn't stored since it's redundant with the parent one.
# [20:40] <abarth> the intent is that the foo.example.com policy is not removed
# [20:40] <abarth> not sure if the RFC is written correctly
# [20:40] <abarth> i'd have to check it :)
# [20:40] <tobie> TabAtkins: any preferences on exposing EDs?
# [20:40] <abarth> the model is that you have a database that remembers the last header received for each domain
# [20:40] <jwalden> annevk: you didn't happen to do any research into how to have a dreamhost site accessible on multiple https: origins at once, did you? that's probably the one thing incenting me not to move to full https: everywhere (right now I have https: for admin and http: for general-public-facing, as minor XSS mitigation)
# [20:41] <Hixie> abarth: "domain"?
# [20:41] <TabAtkins> tobie: I don't care all that much for biblio purposes.
# [20:41] <abarth> host
# [20:41] <Hixie> abarth: ah
# [20:41] <abarth> to compute whether a given connection ought to be allowed
# [20:41] <tobie> k
# [20:41] <abarth> you walk the the host and its parent domains
# [20:41] * Joins: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [20:41] <abarth> checking for a non-expired policy
# [20:41] <TabAtkins> tobie: We track ED/TR for linking (so that Bikeshed can prefer linking to one or the other, based on status of the spec being generated), but biblio stuff just uses whatever the ref points to.
# [20:41] * Joins: satazor_ (~satazor@a213-22-1-7.cpe.netcabo.pt)
# [20:41] * Quits: satazor (~satazor@a213-22-1-7.cpe.netcabo.pt) (Remote host closed the connection)
# [20:42] <Hixie> abarth: so what happens if you visit a host that is covered by includesubdomains, and that host has STS maxage=0 and redirects to its equivalent http:// url? is that treated as a redirect-to-self ?
# [20:42] <abarth> (with the "includesubdomains" flag if the entry in the database isn't for the host itself)
# [20:42] <abarth> the fact about the host having HSTS with maxage=0 isn't relevant
# [20:43] <abarth> that would clear out any past header that host had set
# [20:43] * Joins: erlehmann_ (~erlehmann@g225154202.adsl.alicedsl.de)
# [20:43] <abarth> but the header for the parent domain would still be in the database
# [20:43] <abarth> so HSTS would still be in effect for that host
# [20:43] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [20:44] <abarth> (I'm off to lunch---will be back later)
# [20:44] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [20:45] <tobie> TabAtkins: can you point to where you're storing that data? Would like to use same schema if possible. (Need to expose this in specref.)
# [20:45] <TabAtkins> tobie: Right now I'm just storing it literally; I do the processing into Bikeshed's data structure on each run. I need to fix that.
# [20:47] * Quits: erlehmann (~erlehmann@g229083066.adsl.alicedsl.de) (Ping timeout: 272 seconds)
# [20:47] <TabAtkins> tobie: But here's the data structure I use to store biblio data currently: https://github.com/tabatkins/bikeshed/blob/master/bikeshed/biblio.py
# [20:48] <TabAtkins> It's a straight translation of the Refer file format, with some minor tweaks to handle the specref format better.
# [20:48] <TabAtkins> I currently just throw away some of the SpecRef data, like versions, but might add that in the future.
# [20:53] <tobie> TabAtkins: funny you're transforming href into url, we changed that in Respec to match Anolis.
# [20:53] * Joins: lmclister (~lmclister@192.150.10.204)
# [20:54] <tobie> TabAtkins: iirc, versions isn't exposed by the API, but used to construct [[FOO-YYYYMMDD]] refs.
# [20:55] * Joins: hasather (~hasather@80.91.33.141)
# [20:55] <TabAtkins> Accident of history; I happened to write BiblioEntry quite a while ago, and named the attribute "url". When I started processing SpecRef stuff I just put down a translation.
# [20:55] <Hixie> annevk: k, i added us to the hsts queue
# [20:55] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [20:56] * Joins: barnabywalters (~barnabywa@85-220-20-44.dsl.dynamic.simnet.is)
# [20:57] <TabAtkins> tobie: All of my biblio handling code is ancient by this project's standards, anyway. Don't pay much attention to it. It needs to be rewritten.
# [20:57] <Domenic> annevk Hixie Mixed content in the wiki
# [20:57] <Hixie> where?
# [20:58] <Domenic> https://wiki.whatwg.org/wiki/FAQ has no stylesheet
# [20:58] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [20:59] * Quits: othermaciej (~mjs@c-50-136-134-16.hsd1.ca.comcast.net) (Quit: othermaciej)
# [20:59] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 260 seconds)
# [20:59] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [20:59] <Hixie> odd
# [20:59] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [21:00] <Domenic> https://wiki.whatwg.org/wiki/IRC works O_O
# [21:00] <Hixie> home page too
# [21:00] <Hixie> i don't get it
# [21:00] <Hixie> who's our wiki guy
# [21:00] <Hixie> GPHemsley?
# [21:01] <Domenic> https://lists.whatwg.org/htdig.cgi/implementors-whatwg.org/ link from https://whatwg.org/mailing-list is broken
# [21:02] <Hixie> oops
# [21:02] <Hixie> oh
# [21:02] <Hixie> crap
# [21:02] <Hixie> HSTS will totally screw our list archives
# [21:02] <Hixie> and list management
# [21:02] * Joins: weinig (~weinig@17.114.218.26)
# [21:02] <Hixie> since dreamhost don't have that on ssl
# [21:02] <Hixie> well this will be an interesting support request...
# [21:03] <zcorpan> Domenic: huh, firefox and chrome i get http: for scripts and styles, but in opera i get https:
# [21:05] * Joins: Lachy (~Lachy@cm-84.215.104.248.getinternet.no)
# [21:05] <zcorpan> there is http://lists.w3.org/Archives/Public/public-whatwg-archive/ but i guess not for help@ or implementors@
# [21:05] <Hixie> and that won't let you subscribe to the list
# [21:05] <zcorpan> ah yeah
# [21:05] <zcorpan> and it doesn't use TLS so how knows what bad things can happen
# [21:06] <zcorpan> (like, maybe the site will work)
# [21:07] * zcorpan has updated xref and html-differences
# [21:08] <Hixie> support request sent
# [21:08] <Hixie> i expect this to not go well
# [21:08] * Quits: slmult0 (~ctlM@80.83.238.74) (Ping timeout: 272 seconds)
# [21:09] * Joins: paulohp (~paulohp@201.52.249.159)
# [21:09] * Joins: slmult0 (~ctlM@80.83.238.3)
# [21:09] <Hixie> wtf, spec.whatwg.org is still broken
# [21:09] <Hixie> what have i done
# [21:09] * paulohp is now known as Guest33726
# [21:10] <zcorpan> https://simon.html5.org/html-elements is now broken. (it was very out of date anyway)
# [21:10] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [21:10] <Hixie> heh
# [21:11] <Hixie> why is it broken?
# [21:11] <Hixie> mixed content?
# [21:11] <zcorpan> yep
# [21:11] <zcorpan> http: in iframe
# [21:11] <Hixie> oh, i see
# [21:11] <Hixie> should be easy to fix
# [21:11] <zcorpan> yes
# [21:11] <zcorpan> the harder fix is making it not be so out of date
# [21:11] <Hixie> well, yeah
# [21:12] <zcorpan> preferably automate it
# [21:12] * Joins: ttepasse (~ttepasse@ip-109-90-166-140.hsi11.unitymediagroup.de)
# [21:12] <zcorpan> since i no longer maintain it
# [21:13] <Hixie> spec.whatwg.org is seriously messed up in the dreamhost config
# [21:13] <zcorpan> btw what's up with developers.whatwg.org
# [21:13] * Quits: jernoble|laptop (~jernoble@17.114.218.130) (Quit: Computer has gone to sleep.)
# [21:13] <Hixie> i need to regen it
# [21:13] <Hixie> i broke it all when i updated my pipeline
# [21:14] * Quits: weinig (~weinig@17.114.218.26) (Quit: weinig)
# [21:14] * Joins: Mentioum (~Mentioum@host86-158-34-150.range86-158.btcentralplus.com)
# [21:14] <Hixie> ok i've killed spec.whatwg.org entirely
# [21:14] <Hixie> i'm going to go have lunch, let dreamhost digest this change
# [21:14] * Guest33726 is now known as paulopires
# [21:14] <Hixie> then i'll reinstate it
# [21:14] * Joins: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za)
# [21:15] * zcorpan gets a redirect loop
# [21:15] <Hixie> yeah it's just totally messed up right now
# [21:15] <Hixie> oh wait
# [21:15] <Hixie> for what?
# [21:15] <Hixie> developers?
# [21:16] <Hixie> bbiab
# [21:18] <zcorpan> no for spec.whatwg.org
# [21:19] <zcorpan> ok "fixed" html-elements (but developers still has mixed content)
# [21:20] * Quits: markkes2 (~markkes@62.207.90.201) (Ping timeout: 258 seconds)
# [21:25] * Quits: guybedford (~guybedfor@41-133-249-7.dsl.mweb.co.za) (Read error: Connection reset by peer)
# [21:27] * Quits: scor (scor@drupal.org/user/52142/view) (Quit: scor)
# [21:28] * Quits: Lachy (~Lachy@cm-84.215.104.248.getinternet.no) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [21:32] * Joins: weinig (~weinig@17.114.218.26)
# [21:33] * Quits: jernoble (~jernoble@17.202.46.221) (Quit: Textual IRC Client: www.textualapp.com)
# [21:33] * Joins: darobin (~darobin@2a01:e34:ed05:d180:bdf3:5c30:4a5f:ee55)
# [21:36] * Joins: Smylers (~smylers@host86-186-193-22.range86-186.btcentralplus.com)
# [21:38] * Joins: hasather (~hasather@80.91.33.141)
# [21:42] * Quits: jeremyj (~jeremyj@17.202.49.56) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [21:43] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 245 seconds)
# [21:44] * Joins: bholley (~bholley@corp-nat.p2p.sfo1.mozilla.com)
# [21:45] * Joins: dbaron (~dbaron@2620:101:80fb:224:44c4:9470:9f73:7f68)
# [21:46] * Joins: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net)
# [21:47] * Quits: barnabywalters (~barnabywa@85-220-20-44.dsl.dynamic.simnet.is) (Quit: barnabywalters)
# [21:48] * Quits: xxtjaxx (~xxtjaxx@kde/developer/marschke) (Read error: Connection reset by peer)
# [21:51] * Joins: barnabywalters (~barnabywa@85-220-20-44.dsl.dynamic.simnet.is)
# [21:52] * Quits: SteveF (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net) (Disconnected by services)
# [21:52] * Joins: SteveF_ (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net)
# [21:53] * Quits: eric_carlson (~eric@17.202.43.125) (Ping timeout: 245 seconds)
# [21:53] * Quits: paulopires (~paulohp@201.52.249.159)
# [21:54] * Quits: Smylers (~smylers@host86-186-193-22.range86-186.btcentralplus.com) (Quit: Leaving.)
# [21:55] * Quits: beowulf (~sstewart@pdpc/supporter/professional/beowulf) (Remote host closed the connection)
# [21:56] * Quits: bholley (~bholley@corp-nat.p2p.sfo1.mozilla.com) (Ping timeout: 245 seconds)
# [21:58] * Quits: barnabywalters (~barnabywa@85-220-20-44.dsl.dynamic.simnet.is) (Quit: barnabywalters)
# [21:58] * Joins: jernoble (~jernoble@17.114.218.130)
# [21:59] * Joins: barnabywalters (~barnabywa@85-220-20-44.dsl.dynamic.simnet.is)
# [22:00] * Quits: barnabywalters (~barnabywa@85-220-20-44.dsl.dynamic.simnet.is) (Client Quit)
# [22:02] * Quits: Mentioum (~Mentioum@host86-158-34-150.range86-158.btcentralplus.com) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
# [22:03] * Joins: scor (~scor@c-24-2-162-32.hsd1.ma.comcast.net)
# [22:03] * Quits: scor (~scor@c-24-2-162-32.hsd1.ma.comcast.net) (Changing host)
# [22:03] * Joins: scor (~scor@drupal.org/user/52142/view)
# [22:03] * Joins: bholley (~bholley@corp-nat.p2p.sfo1.mozilla.com)
# [22:03] * Joins: hasather (~hasather@80.91.33.141)
# [22:03] * Quits: scor (~scor@drupal.org/user/52142/view) (Client Quit)
# [22:07] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 255 seconds)
# [22:09] * Joins: scor (~scor@drupal.org/user/52142/view)
# [22:11] * Quits: SteveF_ (~chatzilla@cpc3-nmal20-2-0-cust916.19-2.cable.virginm.net) (Ping timeout: 246 seconds)
# [22:11] * Joins: barnabywalters (~barnabywa@85-220-20-44.dsl.dynamic.simnet.is)
# [22:15] * Quits: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003) (Remote host closed the connection)
# [22:15] * Joins: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003)
# [22:20] * Quits: sicking (~sicking@c-98-210-159-193.hsd1.ca.comcast.net) (Quit: sicking)
# [22:22] * Quits: ehynds (~ehynds@64.206.121.41)
# [22:23] * Joins: Smylers (~smylers@host86-186-193-22.range86-186.btcentralplus.com)
# [22:23] * Quits: slmult0 (~ctlM@80.83.238.3) (Read error: Connection reset by peer)
# [22:24] * Joins: ehsan_ (~ehsan@66.207.208.102)
# [22:28] * Quits: ehsan (~ehsan@2001:450:1f:224:d3d:cd:fd3a:7003) (Ping timeout: 272 seconds)
# [22:29] * Joins: ricea (~ricea@2401:fa00:4:1000:8d54:ecbe:57cb:16a5)
# [22:29] * Quits: TallTed (~Thud@63.119.36.36)
# [22:40] * Quits: darobin (~darobin@2a01:e34:ed05:d180:bdf3:5c30:4a5f:ee55) (Remote host closed the connection)
# [22:40] * gnarf_ is now known as gnarf
# [22:42] * Quits: weinig (~weinig@17.114.218.26) (Quit: weinig)
# [22:42] * Quits: svl (~me@ip565744a7.direct-adsl.nl) (Quit: And back he spurred like a madman, shrieking a curse to the sky.)
# [22:47] * Joins: othermaciej (~mjs@17.114.218.3)
# [22:47] * Quits: cheron (~cheron@unaffiliated/cheron) (Ping timeout: 272 seconds)
# [22:48] <zcorpan> Hixie: the spec's popup when filing a bug has links but they're not discoverable without hovering the text
# [22:49] * Joins: jeremyj (~jeremyj@17.202.49.56)
# [22:56] <Hixie> yeah... if you have non-ugly suggested styles to make them more discoverable, file a bug
# [22:58] * Quits: bholley (~bholley@corp-nat.p2p.sfo1.mozilla.com) (Ping timeout: 258 seconds)
# [22:58] <zcorpan> the popup is ugly already :-P
# [23:01] * Quits: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com) (Remote host closed the connection)
# [23:01] * Joins: Sample (~Sample@unaffiliated/sample)
# [23:01] * Quits: barnabywalters (~barnabywa@85-220-20-44.dsl.dynamic.simnet.is) (Quit: barnabywalters)
# [23:01] <TabAtkins> Domenic: Sorry, one final argument for numbering your list items properly, rather than giving them all the same number: it makes it easier to, at a glance, tell where sub-lists start and end; if they're all the same, you have to pay more attention to indentation, which isn't quite as obvious.
# [23:01] * Joins: encryptd_fractl (~encryptd_@71-90-29-214.dhcp.ftbg.wi.charter.com)
# [23:03] <Domenic> spec. still broken? :)
# [23:03] <Domenic> *:(
# [23:03] * Joins: bholley (~bholley@corp-nat.p2p.sfo1.mozilla.com)
# [23:04] * Joins: hasather (~hasather@80.91.33.141)
# [23:06] * Joins: espadrine (~ttyl@AMontsouris-158-1-53-94.w92-128.abo.wanadoo.fr)
# [23:08] * Quits: hasather (~hasather@80.91.33.141) (Ping timeout: 260 seconds)
# [23:08] * Quits: zdobersek (~zan@46.19.137.78) (Quit: Leaving.)
# [23:09] <zcorpan> maybe we should update the browser icons
# [23:13] * Quits: tj_vantoll (~Adium@2601:4:5380:2ec:e4e9:6dd4:6c72:51d0) (Quit: Leaving.)
# [23:13] * Joins: sicking (~sicking@corp-nat.p2p.sfo1.mozilla.com)
# [23:18] * Quits: bholley (~bholley@corp-nat.p2p.sfo1.mozilla.com) (Ping timeout: 272 seconds)
# [23:19] * Quits: Maurice (copyman@unaffiliated/maurice)
# [23:26] <Hixie> zcorpan: if you can file a bug with styles to make it less ugly, all the better
# [23:26] <Hixie> zcorpan: right now the spec is using the browser icons from html5.org
# [23:26] <zcorpan> Hixie: yeah
# [23:32] <annevk> Hixie: awesome
# [23:33] * Quits: zenparsing (~zenparsin@97-81-81-172.dhcp.athn.ga.charter.com)
# [23:33] <Hixie> hm?
# [23:33] <annevk> jwalden: I'm not sure what you mean
# [23:33] * Joins: weinig (~weinig@17.114.218.26)
# [23:34] <annevk> jwalden: what do you mean by multiple https: origins?
# [23:34] <jwalden> annevk: I have http://whereswalden.com/ as public-facing right now; https://whereswalden.com/ purely for wp-admin pages and such
# [23:34] <jwalden> annevk: I
# [23:34] <annevk> Hixie: in response to HSTS and also no-www I guess
# [23:34] <Hixie> ah
# [23:34] <jwalden> annevk: I'd like https://whereswalden.com/ as public-facing, but I want some other origin than that for wp-admin pages
# [23:34] <Hixie> annevk: well, we broke lists.whatwg.org, so there's that.
# [23:34] <annevk> jwalden: move wp-admin to /wp/
# [23:35] <annevk> jwalden: or get a more expensive certificate that allows alternate names, and setup admin.whereswalden.com
# [23:35] <jwalden> annevk: yeah, that's the sadmaking hackaround as I understand it
# [23:36] <annevk> jwalden: I'm not sure how it's a hack
# [23:36] <annevk> jwalden: if you want to serve different content, you need different addresses :-)
# [23:36] <jwalden> annevk: well, maybe not, now; last I remembered they didn't support SNI
# [23:36] * Quits: weinig (~weinig@17.114.218.26) (Client Quit)
# [23:36] * jwalden hasn't looked into this in awhile
# [23:37] <annevk> jwalden: DreamHost supports SNI, the question is whether your certificate is valid for admin.whereswalden.com
# [23:37] * Joins: beowulf (~sstewart@host86-185-210-219.range86-185.btcentralplus.com)
# [23:38] <annevk> Hixie: so lists.whatwg.org is broken because DreamHost sets it up automatically?
# [23:39] <Hixie> yeah
# [23:39] <Hixie> i sent them a support request
# [23:39] <Hixie> i expect this to be like pulling teeth
# [23:39] <Hixie> not sure what we can do without their help
# [23:40] <annevk> self-host :-(
# [23:40] * Hixie looks around for bags of cash
# [23:40] <Hixie> nope, don't see any
# [23:41] <Hixie> well, except that one, but that one's mine
# [23:41] * Hixie grabs one poorly-hidden bag of cash
# [23:42] <gsnedders> Hixie: security through obscurity is no security at all!
# [23:43] <Domenic> Speaking pretty much from ignorance, but I can't imagine an nginx server for static content on Amazon EC2 would be all that expensive...
# [23:43] <annevk> Domenic: it's mostly that porting everything is a hassle
# [23:43] <Hixie> before we talk about how expensive it is, let's first consider that the entirety of the cost of hosting *.whatwg.org for the next two years is the cost anne just spent on the certs.
# [23:44] <annevk> Domenic: and migrating all the databases, etc.
# [23:44] <Domenic> Hixie: DreamHost is free?
# [23:44] <Domenic> annevk: yeah that part makes sense, just not the expense claim
# [23:44] <Hixie> and that we currently have unlimited bandwidth, users, storage, and subdomains, along with some level of tech support.
# [23:44] <annevk> DreamHost is free for Hixie since he's on top of a pyramid
# [23:45] <Hixie> what anne said
# [23:45] <annevk> I guess we could claim I had to get validated anyway to make html5.org and some of my own setups work, which would make whatwg.org still running for zip
# [23:46] <Hixie> heh
# [23:46] <Hixie> i actually do pay for some stuff on dreamhost, but i'm hosting like 60+ domains on this account
# [23:46] <Hixie> so the marginal cost of whatwg.org is free
# [23:47] <annevk> html5.org: "That domain name is already preloaded!"
# [23:47] <Hixie> wtf, spec.whatwg.org is still broken
# [23:48] <annevk> Hixie: infinite redirects
# [23:51] * Joins: jernoble_ (~jernoble@17.202.46.221)
# [23:52] <Hixie> screw it.
# [23:52] * Hixie sends a support request
# [23:54] <Hixie> btw n.whatwg.org is all https now
# [23:54] <Hixie> and the one vocabulary identifier on there now just redirects to the spec so there's no confusion
# [23:59] * Krinkle is now known as Krinkle|detached
# Session Close: Wed Sep 17 00:00:00 2014

The end :)