/irc-logs / w3c / #webapps / 2009-03-12 / end

Options:

  1. # Session Start: Thu Mar 12 00:00:00 2009
  2. # Session Ident: #webapps
  3. # [00:19] * Quits: aroben (aroben@71.58.77.15) (Connection reset by peer)
  4. # [00:34] * Joins: MikeSmith (MikeSmith@mcclure.w3.org)
  5. # [00:45] * Quits: Hixie (ianh@129.241.93.37) (Quit: trying a new configuration)
  6. # [00:45] * Joins: Hixie (ianh@129.241.93.37)
  7. # [02:23] * Quits: MikeSmith (MikeSmith@mcclure.w3.org) (Ping timeout)
  8. # [02:23] * Joins: MikeSmith (MikeSmith@mcclure.w3.org)
  9. # [06:15] * Quits: heycam (cam@130.194.72.84) (Quit: bye)
  10. # [07:14] * Joins: heycam (cam@124.168.80.126)
  11. # [07:50] * Quits: gsnedders (gsnedders@86.136.52.180) (Quit: gsnedders)
  12. # [08:05] * Quits: timeless (timeless@65.75.195.122) (Ping timeout)
  13. # [08:33] * Joins: gsnedders (gsnedders@86.136.52.180)
  14. # [09:32] * Joins: annevk (opera@213.13.106.1)
  15. # [09:32] * Quits: gsnedders (gsnedders@86.136.52.180) (Quit: gsnedders)
  16. # [09:38] * Joins: tlr (tlr@128.30.52.30)
  17. # [10:39] * Joins: arve (arve@213.236.208.22)
  18. # [10:43] * Quits: arve (arve@213.236.208.22) (Quit: Ex-Chat)
  19. # [10:45] * Quits: MikeSmith (MikeSmith@mcclure.w3.org) (Ping timeout)
  20. # [10:57] * Joins: arve (arve@213.236.208.22)
  21. # [11:16] <Marcos> Annevk, in CORS, Cross Domain Requests are per resource, right? that is, the example.com/ says allow foo.com, but that does not mean that foo.com can also read example.com/a
  22. # [11:17] <annevk> yes
  23. # [11:17] <Marcos> ok, cool. I'm just wondering how we can use CORS in widgets
  24. # [11:17] <Marcos> given that widgets have no origin
  25. # [11:18] <annevk> that makes things tricky, yeah
  26. # [11:20] <Marcos> Annevk, what if we used widget's ID as the origin?
  27. # [11:20] <Marcos> <widget id="http://microsoft.com"> ?
  28. # [11:21] <annevk> that seems kind of tricky as there's no way to guarantee actual uniqueness on that attribute...
  29. # [11:22] <Marcos> So, in CORS, the request origin is guaranteed?
  30. # [11:22] <Marcos> or in a browser, that is
  31. # [11:23] <annevk> a page served over HTTP always has an origin, yes
  32. # [11:23] <Dashiva> What about about:blank? Can't it use the same technique as that
  33. # [11:23] <annevk> (there's still ways to do attacks, but way more difficult than with widgets)
  34. # [11:23] <Marcos> no, what I mean is that the origin can be forged
  35. # [11:24] <annevk> really, how would you forge it?
  36. # [11:24] <annevk> Dashiva, what would that mean for widgets?
  37. # [11:24] <Dashiva> That every widget has its own unique origin
  38. # [11:24] <Marcos> Lets say I write my own little HTTP client, then when I send the request to a site, I pretend my origin is http://microsoft.com
  39. # [11:26] <Marcos> Dashiva: what would that look like?
  40. # [11:26] <Dashiva> Dunno. Maybe widget:hash(zipfile) or something? Just an idea.
  41. # [11:29] <annevk> Marcos, there's no issue in that scenario because user credentials are not involved and you can only access your own intranet and not that of the user
  42. # [11:29] <annevk> Marcos, and if user credentials are involved, again, it is only the user credentials of you
  43. # [11:30] <Marcos> Dashiva: yeah, that's kinda what I'm trying to get to. The problem is that widgets can be dynamically generated, so on the server you don't want to keep a list of every single widget that has been generated and then share all that info with other websites to allow CORS.
  44. # [11:30] <annevk> the simple answer here is to not use widgets :p
  45. # [11:31] <Marcos> hehe
  46. # [11:31] * Marcos resigns as Widget spec editor, quits Opera, and becomes a farmer
  47. # [11:31] <Dashiva> Bring out the cryptography, I guess
  48. # [11:32] <Dashiva> Domains work because domains are unique. There's nothing unique assigned to a widget, is there?
  49. # [11:33] <Marcos> nope
  50. # [11:33] * Marcos will be back in a bit
  51. # [11:33] <Dashiva> Some kind of crypto signature seems like it could do the trick, but getting that into CORS...
  52. # [11:38] * Joins: ArtB (d0309a43@128.30.52.43)
  53. # [11:48] * Quits: Lachy (Lachlan@85.196.122.246) (Quit: This computer has gone to sleep)
  54. # [12:06] * Joins: Lachy (Lachlan@213.236.208.22)
  55. # [12:32] <Marcos> CORS would not care, from my understanding, because it would just say access-control-allow-origin: widget://as4da4ads44dsa
  56. # [12:33] <annevk> yeah, that could work in theory
  57. # [12:34] <annevk> i still sort of wonder if we should not merge widgets and html5 so we don't have disadvantages of both
  58. # [12:38] <Marcos> annevk, tell me more (and where is Coimbra? :))
  59. # [12:40] <annevk> somewhere in portugal
  60. # [12:40] <annevk> well, HTML5 has the manifest thing, has most of the APIs, implemenations have arisen that allow "HTML5 apps" to be used standalone
  61. # [12:41] <annevk> there are some system integration APIs e.g. registerProtocolHandler and navigator.onLine
  62. # [12:41] <Marcos> The only problem (if it is a problem) is that the HTML5 manifest does not define content types for cached resources
  63. # [12:42] <annevk> they're fetched over HTTP so you get the content type from there
  64. # [12:43] <annevk> (and there's nothing stopping anyone from shipping a device that has several "html5 apps" cached locally from the start)
  65. # [12:43] <Marcos> but with widgets the resources are in the package, so the manifest format for widgets needs to state the type for when it is fed into the browsing context (when sniffing is not available).
  66. # [12:43] <annevk> try to get out of that box you're in :)
  67. # [12:43] <Marcos> seriously, annevk, I'm trying to.
  68. # [12:44] <annevk> ok, I'm saying we might not need packaging
  69. # [12:44] * Quits: tlr (tlr@128.30.52.30) (Quit: tlr)
  70. # [12:45] <Marcos> I agree, the only need for packaging is for when widgets are acquired over a non http source
  71. # [12:46] <annevk> which is not a scenario I encounter often, if at all
  72. # [12:47] <annevk> and given how ever more likely it is that internet will be everywhere it seems sort of wrong to optimize for it
  73. # [12:47] * Joins: MikeSmith (MikeSmith@mcclure.w3.org)
  74. # [12:47] * Joins: billyjackass (MikeSmith@mcclure.w3.org)
  75. # [12:48] * Quits: MikeSmith (MikeSmith@mcclure.w3.org) (Client exited)
  76. # [12:48] * billyjackass is now known as MikeSmith
  77. # [13:02] * Quits: annevk (opera@213.13.106.1) (Quit: annevk)
  78. # [13:08] <arve> «has most of the APIs» is not that true anymore
  79. # [13:08] <arve> ref. bondi
  80. # [13:08] * Quits: ArtB (d0309a43@128.30.52.43) (Quit: CGI:IRC (Ping timeout))
  81. # [13:09] * Joins: Art (d0309a43@128.30.52.43)
  82. # [13:09] * Quits: Art (d0309a43@128.30.52.43) (Quit: CGI:IRC)
  83. # [13:09] * Joins: ArtB (d0309a43@128.30.52.43)
  84. # [13:18] <MikeSmith> trackbot, status?
  85. # [13:18] * trackbot knows about the following 64 users: Olli, Joone, Josh, Lachlan, Frederick, Doug, Samuel, Michael(tm), Doug, Paul, David, Ian, Alexey, T.V., Arthur, Adele, Guido, Kris, Nikunj, Marc, Philip, Nick, Seung-Hun, Charles, Maciej, Marcos, Adrian, Adam, David, Carl, Carmelo, Paddy, Jean-Yves, Anne, Thomas, Arun, Jonathan, Chris, Soohong Daniel, Arve, Hallvord, Aaron, Bryan, Ian, Jere, Ian, Henry, Dave, Jonas, Mark, Rainer, Richard, Andrew, Katrin, Cameron,
  86. # [13:41] * Joins: timeless (timeless@65.75.195.122)
  87. # [13:53] <MikeSmith> Zakim, list
  88. # [14:04] * Quits: Marcos (Marcos@213.236.208.22) (Ping timeout)
  89. # [14:04] * Quits: arve (arve@213.236.208.22) (Ping timeout)
  90. # [14:04] * Joins: arve (arve@213.236.208.247)
  91. # [14:05] * Joins: Marcos (Marcos@213.236.208.247)
  92. # [14:07] * Joins: tlr (tlr@128.30.52.30)
  93. # [14:33] * Joins: aroben (aroben@71.58.77.15)
  94. # [15:45] * Quits: Marcos (Marcos@213.236.208.247) (Quit: Marcos)
  95. # [16:03] * Joins: Marcos (Marcos@213.236.208.22)
  96. # [16:04] * Quits: arve (arve@213.236.208.247) (Ping timeout)
  97. # [16:06] * Joins: arve (arve@213.236.208.22)
  98. # [16:27] * Quits: Lachy (Lachlan@213.236.208.22) (Quit: This computer has gone to sleep)
  99. # [16:57] * Joins: Marcos_ (Marcos@213.236.208.22)
  100. # [16:57] * Quits: Marcos (Marcos@213.236.208.22) (Ping timeout)
  101. # [16:59] * Joins: anne (annevk@213.13.106.72)
  102. # [17:03] * Joins: gsnedders (gsnedders@86.136.52.180)
  103. # [17:04] * Quits: arve (arve@213.236.208.22) (Quit: Ex-Chat)
  104. # [17:06] * Joins: Lachy (Lachlan@85.196.122.246)
  105. # [17:07] * Quits: Marcos_ (Marcos@213.236.208.22) (Quit: Marcos_)
  106. # [17:11] * Joins: Marcos (Marcos@213.236.208.22)
  107. # [17:12] * gsnedders attacks Marcos
  108. # [17:12] <gsnedders> Speak now or forever hold your peace!
  109. # [17:13] <Marcos> AAAAHHHH!!!!
  110. # [17:13] <Marcos> ok ok...
  111. # [17:13] <Marcos> let me try the installer again
  112. # [17:13] <gsnedders> Yeah, I just tried installing it myself and I got some weird error
  113. # [17:13] <Marcos> do I need to d/l html5lib 0.10 ?
  114. # [17:14] <gsnedders> Get html5lib from SVN
  115. # [17:14] <gsnedders> It's quicker and more better.
  116. # [17:15] <Marcos> running installer for anolis...
  117. # [17:15] <Marcos> src/lxml/lxml.etree.c:133987: error: invalid application of 'sizeof' to incomplete type 'struct __pyx_obj_4lxml_5etree__ParserSchemaValidationContext'
  118. # [17:15] <Marcos> lipo: can't open input file: /var/tmp//cc5RVomh.out (No such file or directory)
  119. # [17:15] <Marcos> error: Setup script exited with error: command 'gcc' failed with exit status 1
  120. # [17:15] * gsnedders wants more error
  121. # [17:15] <gsnedders> Can you pastebin the entire output of the script?
  122. # [17:16] <Marcos> oh, hang, better email that
  123. # [17:16] * ArtB thinks gsnedders means mo' betta' :)
  124. # [17:16] <Marcos> rc/lxml/lxml.etree.c:169:31:src/lxml/lxml.etree.c:169:31: error: libxml/schematron.h: No such file or directory error: libxml/schematron.h: No such file or directory
  125. # [17:16] <Marcos> well, that's an obvious one :P
  126. # [17:17] <gsnedders> xmllint --help
  127. # [17:17] <gsnedders> What does that output?
  128. # [17:17] <Marcos> lots of -- options\
  129. # [17:17] <gsnedders> s/help/version/
  130. # [17:17] * gsnedders headdesks
  131. # [17:17] <Marcos> xmllint: using libxml version 20616
  132. # [17:17] <Marcos> compiled with: DTDValid FTP HTTP HTML C14N Catalog XPath XPointer XInclude Unicode Regexps Automata Schemas
  133. # [17:18] <gsnedders> Ah, you need a mo' betta' (thanks to ArtB) version of libxml
  134. # [17:18] <Marcos> mmmkay, is there a magic update command?
  135. # [17:19] <gsnedders> No
  136. # [17:19] <gsnedders> :P
  137. # [17:19] <Marcos> easy_install lxml :D
  138. # [17:19] <Marcos> or is that a different thing?
  139. # [17:19] <Marcos> bah, that crashed too
  140. # [17:20] <gsnedders> lxml is only a python wrapper around it
  141. # [17:20] <Marcos> ok, makes sense
  142. # [17:20] <gsnedders> macports is probably the best advice
  143. # [17:21] * Marcos tries http://www.explain.com.au/oss/libxml2xslt.html
  144. # [17:21] <gsnedders> Marcos: Those are still ancient versions!
  145. # [17:21] <Marcos> oh ok
  146. # [17:21] <gsnedders> I mean, they don't support XML 1.0 Fifth ed.!
  147. # [17:21] <gsnedders> :P
  148. # [17:22] * Marcos scratches his head
  149. # [17:22] <gsnedders> http://www.macports.org/ !
  150. # [17:22] * Marcos resumes processing
  151. # [17:23] <Marcos> ...installing...
  152. # [17:25] <gsnedders> Then sudo port sync; sudo port install libxml2 libxslt
  153. # [17:25] <Marcos> sudo: port: command not found :(
  154. # [17:26] <Marcos> udo port install libxml2 libxslt
  155. # [17:26] <Marcos> no port :(
  156. # [17:27] <gsnedders> You installed it yet?
  157. # [17:27] <Marcos> guess I should find the port directory?
  158. # [17:27] <gsnedders> echo $PATH
  159. # [17:27] <gsnedders> Or did you open the CLI before installing?
  160. # [17:27] <Marcos> I did... let me open new one
  161. # [17:27] <gsnedders> source ~/.profile ~/.bash_profile; echo $PATH
  162. # [17:28] <Marcos> that did it :D
  163. # [17:28] * Marcos watches the magic happen
  164. # [17:29] * Marcos remembers he had to do all this last time...
  165. # [17:29] * Marcos is sure he will bother gsnedders again in the future with exactly the same questions
  166. # [17:30] * gsnedders expects so
  167. # [17:30] * gsnedders grumbles
  168. # [17:31] <Marcos> ...building libxml2...
  169. # [17:33] * Marcos has become too accustomed to his idiotic iphone apps... if it don't wobble, then it's too hard
  170. # [17:34] * Marcos sudo python setup.py install 's anolis
  171. # [17:35] * Marcos wishes he was young again... when all this command line stuff made sense... don't worry, gsnedders, you'll get old like me one day when even clicking the mouse becomes a source of confusion.
  172. # [17:37] <Marcos> ...and we are back in business! Thanks gsnedders!!! you rock and roll!!!
  173. # [17:37] <gsnedders> Marcos: sudo make me a sandwich
  174. # [17:37] <Marcos> hehe
  175. # [17:37] <Dashiva> sudo tell me a story about the good old days
  176. # [17:50] * Quits: tlr (tlr@128.30.52.30) (Quit: tlr)
  177. # [18:02] * Quits: sicking (chatzilla@63.245.220.241) (Client exited)
  178. # [18:04] * Joins: sicking (chatzilla@63.245.220.241)
  179. # [18:52] * Quits: MikeSmith (MikeSmith@mcclure.w3.org) (Ping timeout)
  180. # [20:17] * Quits: Hixie (ianh@129.241.93.37) (Ping timeout)
  181. # [20:18] * Joins: Hixie (ianh@129.241.93.37)
  182. # [20:27] * Quits: anne (annevk@213.13.106.72) (Ping timeout)
  183. # [20:52] * Joins: anne (annevk@213.13.106.1)
  184. # [20:58] * Quits: ArtB (d0309a43@128.30.52.43) (Quit: CGI:IRC)
  185. # [22:28] * Quits: heycam (cam@124.168.80.126) (Quit: bye)
  186. # [23:30] * Joins: heycam (cam@130.194.72.84)
  187. # [23:50] * Quits: sicking (chatzilla@63.245.220.241) (Client exited)
  188. # Session Close: Fri Mar 13 00:00:01 2009

The end :)