/irc-logs / freenode / #whatwg / 2008-02-21 / end

Options:

1. # Session Start: Thu Feb 21 00:00:01 2008
2. # Session Ident: #whatwg
3. # [00:00] * Joins: jruderman (n=jruderma@guest-228.mountainview.mozilla.com)
4. # [00:00] <jruderman> turns out the meeting in 3 minutes is about cross-site XHR issues other than cookies. dveditz and sicking might join this channel at some point today to discuss cookies.
5. # [00:00] <annevk> ok
6. # [00:01] * Quits: gsnedders (n=gsnedder@host86-151-228-75.range86-151.btcentralplus.com) ("Partying in teh intarwebs")
7. # [00:01] <annevk> i probably will be asleep but I guess Hixie will be around
8. # [00:01] * Joins: phsiao (n=shawn@c-71-232-12-131.hsd1.ma.comcast.net)
9. # [00:01] * Quits: phsiao (n=shawn@c-71-232-12-131.hsd1.ma.comcast.net) (Client Quit)
10. # [00:01] <sicking> well, you're awake now :)
11. # [00:01] <sicking> so lets shoot the shit :)
12. # [00:01] <annevk> hehe, sure
13. # [00:02] <annevk> is the challenger here yet? :)
14. # [00:02] <sicking> who?
15. # [00:02] <annevk> jruderman said that dveditz was the guy who was against
16. # [00:03] <annevk> or do you need convincing too now?
17. # [00:03] <sicking> and window and tyler
18. # [00:04] <Hixie> the reasons to include cookies are simple -- if we don't have them, we (google) basically can't use xhr.
19. # [00:04] <Hixie> and would have to continue using our existing hacks.
20. # [00:04] <sicking> the reason is simple and everyone agrees it has value
21. # [00:04] <annevk> there's also plenty of precedent for cookies in safe and unsafe (just POST though) requests
22. # [00:05] <sicking> so here's the worry:
23. # [00:05] <annevk> <img>, <iframe>, <script>, <form>, 'background', 'list-style-image', 'content'
24. # [00:05] * Quits: svl (n=me@ip565744a7.direct-adsl.nl) ("And back he spurred like a madman, shrieking a curse to the sky.")
25. # [00:05] <annevk> <link>
26. # [00:05] <sicking> people are worried basically about misconfigured servers
27. # [00:06] <jruderman> annevk: we have disabled cookies for <img> and most of those things, except for <iframe>
28. # [00:06] <jruderman> annevk: dveditz believes safari has disabled cookies for third-party iframes too
29. # [00:06] * Joins: othermaciej_ (n=mjs@17.255.100.227)
30. # [00:07] <Hixie> jruderman: third-party ones are a different matter, though that would still suck
31. # [00:07] <roc> now you can confirm that belief!
32. # [00:07] * Joins: aroben_ (n=adamrobe@nat/apple/x-c5658e7b0f91f57d)
33. # [00:07] <Hixie> if we don't include the cookie headers, we have to ask ourselves, why bother with the api at all
34. # [00:08] <sicking> so a site admin will enable AC (by replying to OPTIONS and/or include the appropriate headers/PIs for GETs). But they would think that because a user makes a request, that the user also has authorized the request
35. # [00:08] <annevk> (third-party iframe versus cross-document iframe; is there a difference?)
36. # [00:08] <Hixie> then they'd be wrong
37. # [00:09] <sicking> whereas in reality the user might simply have visited another site and the site made the request
38. # [00:09] <sicking> exactly, they'd be wrong, but the worry is that it's an easy mistake to make
39. # [00:09] <Hixie> easy mistake to fix, too
40. # [00:09] <sicking> it happens with CSRF all the time now
41. # [00:09] * Joins: dveditz (n=dveditz@corp-241.mountainview.mozilla.com)
42. # [00:09] <Hixie> yup
43. # [00:09] <jruderman> dveditz!
44. # [00:09] <annevk> (oh, is third-party iframe the cross-domain case where document.domain doesn't match?)
45. # [00:10] <annevk> (actually, never mind, you don't know that upfront... duh)
46. # [00:11] <annevk> jruderman, just cookies or also HTTP authentication?
47. # [00:11] <sicking> whereas if we didn't send auth/cookies then the user would have to give the thirdparty site their username/passwd which means that the AC site can in fact rely on that the user has allowed the site to use his credentials
48. # [00:12] <Hixie> giving the third party site their credentials intentionally is worse than anything else that has been suggested as a problem so far
49. # [00:12] <Hixie> by many many orders of magnitude
50. # [00:12] <sicking> so it's not about if this opens new vectors or not. It's worry about that web admins realize what these request actually means
51. # [00:12] <Hixie> we're desperately trying to teach people NOT to give their credentials to anyone
52. # [00:12] <Hixie> and here you're saying go ahead, give them
53. # [00:12] <sicking> i agree
54. # [00:13] <Hixie> that would be a disaster of epic proportions
55. # [00:13] <sicking> it's how things work today
56. # [00:13] <Hixie> operas would be written to describe how bad this is
57. # [00:13] <sicking> haha
58. # [00:13] <sicking> i can't do anything but agree
59. # [00:14] * Quits: aroben (n=aroben@unaffiliated/aroben) (Read error: 110 (Connection timed out))
60. # [00:14] <sicking> the example we used was linkedin.com wanting to pull down my address book from gmail
61. # [00:14] <sicking> they have that feature today
62. # [00:15] <sicking> and require that you give them your google user/passwd
63. # [00:15] <Hixie> yes, which is horrific
64. # [00:15] <Hixie> and probably violates our ToS
65. # [00:15] <Hixie> five ways from sunday
66. # [00:15] <dveditz> yes
67. # [00:15] <dveditz> but the alternative, sending cookies, potentially enables CSRF
68. # [00:16] <annevk> only if the app opts in to it
69. # [00:16] <Hixie> i'd take the potential for CSRF, avoidable relatively easily, over asking people to give away their credentials
70. # [00:16] <dveditz> (lumping http auth in with cookies for now)
71. # [00:16] <dveditz> annevk: what do you mean by "opts in"
72. # [00:16] * aroben_ is now known as aroben
73. # [00:16] <jruderman> does it enable CSRF that isn't already possible today?
74. # [00:17] <dveditz> use the "block 3rd party cookies" options to control it?
75. # [00:17] <jruderman> or does it encourage site authors to build more things that might be vulnerable to CSRF?
76. # [00:17] <annevk> cross-site DELETE is not possible today
77. # [00:17] * Joins: webben (n=benh@91.84.247.13)
78. # [00:17] <annevk> but in order for that to work the server first has to reply positively to a preflight OPTIONS request
79. # [00:17] <jruderman> dveditz: i'm sorry, i don't really remember the objections to sending cookies you and others brought up last week
80. # [00:18] <annevk> cross-site GET is possible today already, so there are no new CSRF issues there afaict
81. # [00:18] <jruderman> only a small number of sites will respond to OPTIONS requests, and hopefully those sites are run by people who have their shit together and know how to avoid CSRF
82. # [00:18] <dveditz> My objection was to giving XSXHR an exemption from the "block 3rd party cookies" pref
83. # [00:19] <dveditz> if the user says "allow 3rd party cookies" then fine, send them
84. # [00:19] <jruderman> iframes are already exempt, so that pref doesn't really mean much as is
85. # [00:19] <sicking> so the thing is that CSRF today is kind of a catastrophy. There are lots and lots and lots of sites that are susceptible to it. If we had a world where cookies weren't sent for thirdparty requests we'd be in a much safer web
86. # [00:19] <Hixie> well, imho the "block 3rd party cookies" pref should be dropped, so...
87. # [00:19] <dveditz> iframes are exempt in Mozilla because we're broken
88. # [00:19] <sicking> so creating another technology like it is a bad idea
89. # [00:19] <Hixie> sicking: not if we cause people to send credentials to other sites
90. # [00:19] <dveditz> but Safari, IE7 and Opera appear to apply the option correctly
91. # [00:19] <Hixie> sicking: then we'd be in a horrendously worse place
92. # [00:20] * Joins: webben_ (n=benh@dip5-fw.corp.ukl.yahoo.com)
93. # [00:20] * Quits: webben_ (n=benh@dip5-fw.corp.ukl.yahoo.com) (Remote closed the connection)
94. # [00:20] <Hixie> (as noted, this is already starting)
95. # [00:20] * Joins: webben_ (n=benh@dip5-fw.corp.ukl.yahoo.com)
96. # [00:20] <jruderman> sicking: i don't see how you could avoid "sending cookies for third-party requests" if you include top-level loads...
97. # [00:20] <sicking> jruderman, yes, that is a problem
98. # [00:20] <Hixie> dveditz: sites like paypal.com already work around the third-party cookie restrictions
99. # [00:21] <Hixie> dveditz: (by redirecting all traffic through the third-party)
100. # [00:21] <Hixie> dveditz: all that this pref is doing is making the user's experience slower
101. # [00:21] <Hixie> dveditz: it's not actually helping anything
102. # [00:21] <sicking> jruderman, my point is that clearly the technologies we have today are too complex, so the argument "it's no more complex than what we have today" is a bad argument
103. # [00:21] <dveditz> Hixie: apparently public opinion is against you -- IE7 and Safari block them by default
104. # [00:22] <dveditz> and people are upset that Firefox hid the pref option
105. # [00:22] <Hixie> dveditz: public opinion is often against me. that doesn't make them right.
106. # [00:22] * Quits: othermaciej (n=mjs@nat/apple/x-70fcf5adc83f72ab) (Read error: 110 (Connection timed out))
107. # [00:22] <sicking> Hixie, the third-party cookie pref is mostly to prevent tracking. It does help with that. It also breaks a lot of other things
108. # [00:22] <Hixie> sicking: it doesn't help with that to any significant degree
109. # [00:22] <Hixie> sicking: as noted, sites that want to do tracking (e.g. paypal) just redirect all clicks through the third party directly
110. # [00:23] <sicking> Hixie, it does prevent ad servers from tracking me across the web
111. # [00:23] <Hixie> sicking: doubleclick disagrees
112. # [00:23] <Hixie> sicking: they are tracking you quite happily without it
113. # [00:23] <Hixie> sicking: it just slows down your browsing
114. # [00:23] <sicking> Hixie, how? The thing is that they have no concept of identity across sites
115. # [00:24] <Hixie> sicking: paypal redirects most of its links through doubleclick, so that it's a first-party cookie.
116. # [00:24] <sicking> other than possibly using my IP, which is unreliable because of NAT
117. # [00:24] <Hixie> sicking: and paypal knows who you are, they have your bank account number / credit card number / e-mail / name / etc.
118. # [00:24] <sicking> Hixie, the thing is that if nytimes.com, google.com, paypal.com all use ads from doubleclick, doubleclick can know i'm the same guy on all three sites
119. # [00:24] <Hixie> sicking: google similarly redirects all ad clicks through its servers (though in this case not for user tracking purposes, but that's only because we avoid that kind of behaviour)
120. # [00:25] <Hixie> sicking: and doubleclick can know that _anyway_, just by having those sites redirect all links through them
121. # [00:25] <Hixie> sicking: which they are doing, at least with paypal, and probably many other sites
122. # [00:26] <Hixie> sicking: all you are doing by having the third-party cookie pref is making the user's life harder (can't copy links easily, browsing is slower, user has a false sense of security), without actually reducing any actual privacy leak
123. # [00:26] <sicking> Hixie, once I click they can know it's me, but not otherwise (assuming good 3rd party cookie blocking was there)
124. # [00:27] <Hixie> sicking: so you never click on anything? that would make you an irrelevant case, since you'd be the only user to fall into that behaviour pattern.
125. # [00:27] <sicking> Hixie, ok, so i guess if nytimes directed all clicks on the whole site through doubleclick they could track me. Are they?
126. # [00:27] <Hixie> sicking: paypal is.
127. # [00:27] <Hixie> as i keep saying :-)
128. # [00:27] <sicking> Hixie, even clicks on articles
129. # [00:28] <Hixie> i don't know what nyt is doing, but paypal certainly is doing this, and i doubt very much that they're the only doubleclick customer doing it
130. # [00:29] <sicking> paypal points all their internal links at doubleclick? That sounds horrible security wise
131. # [00:29] <sicking> they're a bank!
132. # [00:29] <Hixie> i've been saying this for the entire conversation, yes
133. # [00:29] <sicking> sorry, there were too many conversations and topics at the start
134. # [00:29] * Quits: grimeboy (n=grimboy@78-105-162-250.zone3.bethere.co.uk) (Connection timed out)
135. # [00:30] <sicking> well, so it's still doably but require horrible sacrifices. And it gets really complicated if you have multiple things wanting to track you
136. # [00:30] <sicking> anyway, this is the reason that people want 3rd party cookies disabled
137. # [00:30] <gavin> I don't see any links that point to doubleclick when I use paypal
138. # [00:30] <sicking> personally i don't care about being tracked
139. # [00:31] <jruderman> oh, i thought that when you said "paypal does this" you meant paypal uses redirects through the site they're processing a payment for, not through doubleclick
140. # [00:31] <gavin> oh, there are some that point to https://paypalssl.doubleclick.net/
141. # [00:31] <annevk> is 3rd party cookies disabled by default?
142. # [00:32] <Hixie> gavin: my understanding is that they do it for a sample of their users, but i honestly have no idea what the details are. it's pretty well documented though, e.g. http://www.grc.com/securitynow.htm#119
143. # [00:33] <dveditz> annevk: we have blocked them in FF3b3
144. # [00:33] <dveditz> but a couple of sites did break
145. # [00:33] <sicking> annevk, 3rd party cookies is disabled by default in FF3b3, in safari and in IE7 (sort of)
146. # [00:34] <dveditz> blocking appears to be the default in Safari and IE7 (though with the right p3p policy IE7 will send you 3rd party cookies, and quite possibly the adservers use policies)
147. # [00:34] <Hixie> anyone who wants to track people across the web can trivially do so at this point, even without cookies
148. # [00:34] * othermaciej_ is now known as othermaciej
149. # [00:34] <Hixie> i think the idea of blocking third party cookies is archaic and paranoid, and makes people feel safe when they should be realising that they are being tracked
150. # [00:34] <sicking> Hixie, how? The issue of identity is really hard without cookies, and globalStorage i guess
151. # [00:35] * Quits: webben (n=benh@91.84.247.13) (Connection timed out)
152. # [00:35] <dveditz> ... says the guy who though <a ping> was a good idea...
153. # [00:35] <othermaciej> Safari blocks receiving third-party cookies but not sending
154. # [00:35] <sicking> Hixie, cookies gives your browser an identity. Without it you can have whatever identity you choose anywhere
155. # [00:35] <othermaciej> our control over cookies is solely on the accepting side
156. # [00:35] <Hixie> sicking: you can pretty easily "fingerprint" people through things like their user-agent string, ip address, screen size, other js- and http- accessible prefs, etc
157. # [00:36] <Hixie> sicking: and then with a simple set of analysis scripts you can easily work out who is who
158. # [00:36] <Hixie> just look at the "anonymised" search query string data aol released
159. # [00:36] <Hixie> people were about to track down individual users from that
160. # [00:36] <dveditz> othermaciej: how does that help anything?
161. # [00:36] <annevk> othermaciej, how does receiving matter for cross-site currently possible?
162. # [00:37] <Hixie> if a bunch of sites cooperate, you can trivially be tracked across the web
163. # [00:37] <othermaciej> dveditz: keeps an ad server from tracking you (unless you visit the site it is serving from directly)
164. # [00:37] <dveditz> but once you've been there (ever in your life) they can track you
165. # [00:37] <sicking> othermaciej, it's easy to direct a user through doubleclick once though
166. # [00:37] <dveditz> if you're sending 3rd party
167. # [00:37] <sicking> othermaciej, and once the cookie is set you're hosed
168. # [00:37] <othermaciej> yes, but most people don't go to http://doubleclick.net
169. # [00:37] <dveditz> unless I'm misunderstanding
170. # [00:37] <annevk> othermaciej, I, I see now
171. # [00:37] <Hixie> sicking: it's easier to redirect a user through doubleclick every time
172. # [00:38] <Hixie> sicking: than to do it once
173. # [00:38] <sicking> othermaciej, so you block on links too?
174. # [00:38] <dveditz> sicking: you can't block on links, those turn into "first party" pages
175. # [00:38] <othermaciej> sicking: we don't, so you could use that to work around it
176. # [00:38] <dveditz> (unless a target is set)
177. # [00:38] <othermaciej> I'm just explaining what the policy actually is
178. # [00:38] <Hixie> (also, all this assumes that cookies are particularly reliable as a tracking method, which, frankly, they're not. there's a huge amount of "cookie churn" which makes tracking users quite difficult in practice.)
179. # [00:38] <othermaciej> not necessarily claiming that it is perfect or even good
180. # [00:38] <sicking> othermaciej, right, that seems trivial
181. # [00:38] <othermaciej> since dveditz seemed to misunderstand it
182. # [00:38] <sicking> othermaciej, heh :)
183. # [00:39] <sicking> othermaciej, yeah, that helps a lot
184. # [00:39] <sicking> (you explaining that is)
185. # [00:39] <sicking> personally i think the whole issue is sort of silly and doomed to fail
186. # [00:39] <sicking> othermaciej, do you block for <iframe>s too?
187. # [00:40] <Hixie> sicking: that's what i've been saying :-)
188. # [00:41] <Hixie> dump the pref, move on, tell the people who complain that they are being tracked whether they send cookies or not, and that they should find better ways to anonymise themselves (e.g. block cookies to all sites except those they enable, and use tor as their network)
189. # [00:41] <sicking> well, i'm not in charge :)
190. # [00:42] * Quits: aroben (n=adamrobe@unaffiliated/aroben) (Read error: 104 (Connection reset by peer))
191. # [00:42] <othermaciej> sicking: block accepting? yes
192. # [00:42] * Joins: aroben (n=adamrobe@nat/apple/x-8bfe84bd2ba2ce48)
193. # [00:42] <sicking> othermaciej, cool
194. # [00:42] <othermaciej> as far as I know our policy doesn't break any sites
195. # [00:42] <othermaciej> we block accepting on third-party redirects too
196. # [00:42] <sicking> yeah, seems much less likely to break anything. But also seems less likely to stop tracking
197. # [00:42] <jruderman> Hixie++
198. # [00:42] * annevk hopes that this crap either goes away or that someone documents it
199. # [00:43] <annevk> so i guess i tend to agree with Hixie and sicking since i don't have much hope in the latter
200. # [00:43] <dveditz> othermaciej: what do you mean by 3rd party redirect? paypal.com -> doubleclick.com -> paypal.com wouldn't accept cookies from doubleclick?
201. # [00:43] * sicking hands annevk a cookie
202. # [00:43] <othermaciej> dveditz: that's right
203. # [00:44] <dveditz> but what if you end up on a 3rd party site?
204. # [00:44] <dveditz> legitimately, like "getfirefox.com -> mozilla.com"
205. # [00:45] <dveditz> or google.com -> google.de based on geolocation
206. # [00:45] <sicking> so anyhow, back to Access-Control and cross site xmlhttprequest
207. # [00:45] <othermaciej> then mozilla.com can't set a cookie
208. # [00:45] <Hixie> interesting, that means dreamhost referrals don't work on safari
209. # [00:45] <dveditz> I guess users could reload on the new site if something wasn't working
210. # [00:46] * Quits: eseidel (n=eseidel@nat/google/x-f698b04f84cd9715)
211. # [00:46] <dveditz> Hixie: they would once you had the cookie
212. # [00:46] <Hixie> you can't get the cookie
213. # [00:46] <sicking> uh, so you don't allow setting cookies even on links?
214. # [00:46] <Hixie> you get it on a redirect
215. # [00:47] <othermaciej> we allow setting cookies on links (obviously, or you'd never get any cookies)
216. # [00:47] <Hixie> oh, then it'll work
217. # [00:47] <Hixie> nevermind
218. # [00:47] <sicking> so anyhow, back to Access-Control and cross site xmlhttprequest. So the worry was that we'd end up with a bunch of sites having CSRF issues because they don't understand that cookie!=authorization
219. # [00:47] <annevk> what about <a>.click() then?
220. # [00:49] <annevk> sicking, sites would first have to become aware of Access Control for that to happen in which case they're informed
221. # [00:50] <othermaciej> I don't know if anyone has thought of using <a>.click() as a redirect but I suppose that would be a hole in the policy (though we could treat it as a client-side redirect)
222. # [00:50] <sicking> annevk, the argument is that enabling != being informed
223. # [00:50] <sicking> annevk, which i think is true
224. # [00:50] <sicking> to some extent
225. # [00:51] <othermaciej> would it create CSRF issues for sites that don't change to support Access Control, besides ones they have already?
226. # [00:51] <dveditz> and maybe now would be a good time to unlump http auth -- AFAIK no one has a "block 3rd-party auth" pref
227. # [00:51] <Hixie> gosh, whatever will we do, we can never enable <form>s, what if people don't expect a third-party form submission?
228. # [00:51] * Joins: eseidel (n=eseidel@nat/google/x-116da5746e48f444)
229. # [00:51] <othermaciej> it seems like not
230. # [00:52] <sicking> if you don't explicitly enable access-control it doesn't matter either way
231. # [00:52] <sicking> right
232. # [00:52] <sicking> Hixie, well, you can make a good case for that <form>s should not have been allowed to be cross-site. Ideally <form>s should use AC imo
233. # [00:52] <othermaciej> in which case it seems safe
234. # [00:53] <othermaciej> (I don't think "content authors could make mistakes" is a reason to defang the feature, that risk exists with any opening of cross-site access, but we nontheless accept it is useful)
235. # [00:53] <sicking> i'd say the only reason we allow cross-site <form>s today is that not doing so would break the web
236. # [00:53] <Hixie> sicking: there's healthy paranoia, and then there's paralysing paranoia that stifles progress
237. # [00:54] <Hixie> sicking: i'm arguing you're in the second camp right now
238. # [00:54] <sicking> Hixie, yup, i agree
239. # [00:56] <dveditz> I think XS-XHR should be treated as any other 3rd party load wrt cookies -- block them if you block them, allow them if allowed
240. # [00:56] <dveditz> treating them in a special way will confuse users
241. # [00:56] <sicking> well
242. # [00:57] <sicking> users are already confused i'd say
243. # [00:57] <othermaciej> most users do not have conscious awareness of cookies and how they work
244. # [00:57] <sicking> even we didn't understand the safari policy
245. # [00:57] <sicking> exactly
246. # [00:57] <dveditz> sicking: true, but we're also not Safari users
247. # [00:57] <sicking> if you say confuse servers then i could buy that
248. # [00:57] <annevk> i didn't know shit about this crazy cookie policies
249. # [00:57] <othermaciej> cookie preferences and restrictions are only useful for experts who are at the extreme of caring about privacy
250. # [00:57] * annevk thought cookies just worked
251. # [00:57] <annevk> s/this/these/
252. # [00:57] <sicking> but we know a whole lot more about cookies than the average safari user
253. # [00:57] <dveditz> if I'm a <foo> user and I tell <foo> to block 3rd party cookies, I'd expect it to do whatever it does the same
254. # [00:58] <dveditz> whether <foo> is slightly different from <bar> doesn't really matter if i don't use browser <bar>
255. # [00:58] <sicking> we already behave differently for <iframe> though
256. # [00:58] <sicking> if you block it there too then i agree
257. # [00:59] <dveditz> yes, treating <iframe> differently is a bug in Mozilla
258. # [00:59] <dveditz> on the same principle
259. # [01:00] <sicking> how about we default to what safari does and have a pref for what we're doing now?
260. # [01:00] * Joins: psa (n=yomode@71.93.19.66)
261. # [01:00] <Hixie> oh lord
262. # [01:00] <Hixie> more prefs would not help matters
263. # [01:01] <sicking> prefs *always* helps
264. # [01:01] <sicking> it makes people happy
265. # [01:01] <dveditz> prefs, prefs, prefs, prefs, wonderful prefs!
266. # [01:01] <Hixie> i can't tell if you're being sarcastic or not
267. # [01:01] <dveditz> I'm humming the monty python spam song
268. # [01:01] <dveditz> if that helps any
269. # [01:01] <sicking> :)
270. # [01:01] <Hixie> how about just always allowing cookies (default) or always blocking them, with a white/black list to override the default based on user preference?
271. # [01:01] <annevk> it does tell you guys are not in QA :p
272. # [01:02] <annevk> what Hixie says does make a lot more sense imo, at least for users
273. # [01:02] * annevk -> the wire
274. # [01:02] <sicking> yeah, i agree with that
275. # [01:02] <dveditz> Hixie: we have that too
276. # [01:03] <Hixie> dveditz: remove the rest
277. # [01:03] <sicking> with the QA thing that is
278. # [01:03] * Quits: eseidel (n=eseidel@nat/google/x-116da5746e48f444)
279. # [01:03] * sicking heads to talk cookies
280. # [01:03] <othermaciej> Safari has 3 options with the middle-ground default
281. # [01:04] <othermaciej> people rarely have to change it
282. # [01:04] <othermaciej> not accepting any cookies makes it pretty painful to use the browser
283. # [01:04] <othermaciej> but at this point I'm not sure if our default policy helps all that much over accepting all cookies
284. # [01:04] * Quits: othermaciej (n=mjs@17.255.100.227) (Read error: 104 (Connection reset by peer))
285. # [01:04] * SadEagle is now known as AwayEagle
286. # [01:05] * Quits: psa (n=yomode@71.93.19.66) (Remote closed the connection)
287. # [01:05] * Joins: othermaciej (n=mjs@17.255.100.227)
288. # [01:07] * Joins: eseidel (n=eseidel@nat/google/x-c61231ca811974ce)
289. # [01:10] * Quits: othermaciej (n=mjs@17.255.100.227) (Connection reset by peer)
290. # [01:11] * Joins: othermaciej (n=mjs@17.255.100.227)
291. # [01:12] * Quits: eseidel (n=eseidel@nat/google/x-c61231ca811974ce)
292. # [01:16] <takkaria> Welcome, takkaria.
293. # [01:16] <takkaria> You last visited: Today at 15:46
294. # [01:16] <takkaria> Private Messages: Unread 0, Total 20.
295. # [01:16] * aroben is now known as aroben|meeting
296. # [01:17] * Joins: weinig (n=weinig@17.255.100.222)
297. # [01:19] * Quits: tndH (i=Rob@87.102.23.130) ("ChatZilla 0.9.81-rdmsoft [XULRunner 1.8.0.9/2006120508]")
298. # [01:19] * Joins: eseidel (n=eseidel@nat/google/x-64005cccefd2526c)
299. # [01:26] * Quits: billmason (n=billmaso@ip129.unival.com) (".")
300. # [01:32] * Quits: weinig_ (n=weinig@17.203.15.180) (Read error: 110 (Connection timed out))
301. # [01:34] * Quits: weinig (n=weinig@17.255.100.222) (Read error: 110 (Connection timed out))
302. # [01:36] * Parts: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com)
303. # [01:41] * Joins: weinig (n=weinig@17.255.100.222)
304. # [01:42] * Joins: jgraham_ (n=jgraham@81-86-214-164.dsl.pipex.com)
305. # [01:48] * Quits: eseidel (n=eseidel@nat/google/x-64005cccefd2526c)
306. # [01:58] * Joins: eseidel (n=eseidel@nat/google/x-e716b51a26df04d4)
307. # [02:00] * Joins: jwalden_ (n=waldo@RANDOM-THREE-O-EIGHT.MIT.EDU)
308. # [02:00] * Quits: jgraham (n=james@81-86-222-85.dsl.pipex.com) (Read error: 110 (Connection timed out))
309. # [02:00] * Quits: jgraham__ (n=jgraham@81-86-222-85.dsl.pipex.com) (Read error: 110 (Connection timed out))
310. # [02:00] * jwalden_ is now known as jwalden
311. # [02:00] * Joins: jgraham (n=james@81-86-214-164.dsl.pipex.com)
312. # [02:01] * Quits: eseidel (n=eseidel@nat/google/x-e716b51a26df04d4) (Client Quit)
313. # [02:02] * Joins: eseidel (n=eseidel@nat/google/x-cec01b58de1c8530)
314. # [02:03] * Quits: hober (n=ted@unaffiliated/hober) ("ERC Version 5.3 (IRC client for Emacs)")
315. # [02:08] * Quits: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no) ("Leaving")
316. # [02:10] * Quits: weinig (n=weinig@17.255.100.222)
317. # [02:15] * Joins: weinig (n=weinig@17.255.100.222)
318. # [02:17] * Joins: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no)
319. # [02:17] * Joins: psa (n=yomode@71.93.19.66)
320. # [02:18] * Joins: jgraham__ (n=jgraham@81-86-215-5.dsl.pipex.com)
321. # [02:18] * Joins: MikeSmith (n=MikeSmit@58.157.21.205)
322. # [02:32] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
323. # [02:33] * Quits: jgraham_ (n=jgraham@81-86-214-164.dsl.pipex.com) (Read error: 110 (Connection timed out))
324. # [02:33] * Joins: jgraham_ (n=james@81-86-215-5.dsl.pipex.com)
325. # [02:34] * Quits: jgraham (n=james@81-86-214-164.dsl.pipex.com) (Read error: 110 (Connection timed out))
326. # [02:44] <Hixie> um
327. # [02:44] <Hixie> this e-mail i'm replying to starts:
328. # [02:44] <Hixie> "Sorry for the late reply"...
329. # [02:45] <Hixie> (it's from 8 Jun 2005)
330. # [02:45] * Quits: eseidel (n=eseidel@nat/google/x-cec01b58de1c8530)
331. # [02:52] * Joins: jgraham (n=james@81-86-215-67.dsl.pipex.com)
332. # [02:53] * Joins: eseidel (n=eseidel@nat/google/x-d268bb1212646a4b)
333. # [02:56] <Hixie> > Might be. I think web developer would have a parade down Main Street
334. # [02:56] <Hixie> > in every major city in the world if Microsoft would just fix its
335. # [02:56] <Hixie> > standards support problems.
336. # [02:56] <Hixie> heh
337. # [02:56] <Hixie> (-Matthew Raymond)
338. # [03:09] * Quits: jgraham__ (n=jgraham@81-86-215-5.dsl.pipex.com) (Read error: 110 (Connection timed out))
339. # [03:10] * Quits: jgraham_ (n=james@81-86-215-5.dsl.pipex.com) (Read error: 110 (Connection timed out))
340. # [03:10] * Joins: csarven (n=nevrasc@bas16-montreal02-1242357352.dsl.bell.ca)
341. # [03:10] * Joins: jgraham_ (n=jgraham@81-86-215-67.dsl.pipex.com)
342. # [03:15] * Joins: Thezilch (n=fuz007@ip68-111-154-116.sd.sd.cox.net)
343. # [03:17] * Quits: sicking (n=chatzill@corp-241.mountainview.mozilla.com) ("ChatZilla 0.9.80 [Firefox 3.0b3/2008020514]")
344. # [03:29] * aroben|meeting is now known as aroben
345. # [03:32] * Quits: aroben (n=adamrobe@unaffiliated/aroben)
346. # [03:44] <Hixie> topic: <address>
347. # [03:44] <Hixie> any opinions?
348. # [03:45] <othermaciej> it is a silly element
349. # [03:46] <othermaciej> first of all, having an element dedicated just to contact info for the document seems frivolous
350. # [03:46] <othermaciej> second, it steals a name that would have been well suited to an element to hold an arbitrary address
351. # [03:46] <othermaciej> third, the contact info might not even be what anyone would call an address
352. # [03:46] <othermaciej> I don't know if that's the kind of opinions you were looking for
353. # [03:47] <Hixie> i agree with those opinions
354. # [03:47] <Hixie> what do you think we should do?
355. # [03:47] <Hixie> keep it, drop it, change it...?
356. # [03:52] <othermaciej> I don't really have a strong opinion on that
357. # [03:53] <othermaciej> I'm sure people will complain wildly if it gets redefined to be an address instead
358. # [03:53] <Hixie> yeah
359. # [03:53] <othermaciej> I don't know how much content uses it, or what the practical impact would be of either dropping or redefining it
360. # [03:54] <Hixie> http://forums.whatwg.org/viewtopic.php?t=5 has some stats
361. # [03:54] <Hixie> (quoted from irc from me)
362. # [03:59] <othermaciej> my off-the-cuff opinion is that it would be better to repurpose it for addresses instead of contact info
363. # [03:59] <othermaciej> but then again I am not the one who would have to deal with the resulting pitchfork-wielding mobs of standardistas
364. # [04:00] <Hixie> hah
365. # [04:06] * Quits: dveditz (n=dveditz@corp-241.mountainview.mozilla.com) (Read error: 110 (Connection timed out))
366. # [04:08] * eseidel nominates Hixie for the "most useful thing to web engine hackers" award
367. # [04:08] <eseidel> it would only probably be your 3rd year running :)
368. # [04:10] <mpt> An element just for addresses?
369. # [04:10] <mpt> Would GPS coordinates count?
370. # [04:50] * Quits: eseidel (n=eseidel@nat/google/x-d268bb1212646a4b)
371. # [04:58] * Joins: eseidel (n=eseidel@nat/google/x-399abdd8157b94e4)
372. # [05:03] * Quits: othermaciej (n=mjs@17.255.100.227) (Read error: 104 (Connection reset by peer))
373. # [05:03] * Quits: eseidel (n=eseidel@nat/google/x-399abdd8157b94e4)
374. # [05:03] * Joins: othermaciej (n=mjs@17.255.100.227)
375. # [05:39] * Quits: othermaciej (n=mjs@17.255.100.227)
376. # [05:43] * Joins: othermaciej (n=mjs@17.255.100.227)
377. # [05:47] * Joins: MacDome (n=eric@c-69-181-78-198.hsd1.ca.comcast.net)
378. # [06:05] * Quits: roc (n=roc@202.0.36.64)
379. # [06:17] * Quits: weinig (n=weinig@17.255.100.222)
380. # [06:21] * Quits: jruderman (n=jruderma@guest-228.mountainview.mozilla.com)
381. # [06:25] * Joins: jruderman (n=jruderma@guest-228.mountainview.mozilla.com)
382. # [06:30] * Quits: jruderman (n=jruderma@guest-228.mountainview.mozilla.com) (Client Quit)
383. # [06:39] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Read error: 110 (Connection timed out))
384. # [06:51] * Joins: roc (n=roc@121-72-6-210.dsl.telstraclear.net)
385. # [06:52] * Joins: weinig (n=weinig@c-71-198-176-23.hsd1.ca.comcast.net)
386. # [06:55] * Joins: jruderman (n=jruderma@c-67-180-15-227.hsd1.ca.comcast.net)
387. # [07:07] * Quits: csarven (n=nevrasc@bas16-montreal02-1242357352.dsl.bell.ca) ("http://www.csarven.ca")
388. # [07:10] * Quits: dbaron (n=dbaron@corp-241.mountainview.mozilla.com) ("8403864 bytes have been tenured, next gc will be global.")
389. # [07:14] * Quits: othermaciej (n=mjs@17.255.100.227)
390. # [07:20] * Quits: AwayEagle (n=maksim@cpe-69-202-89-106.twcny.res.rr.com) (Remote closed the connection)
391. # [07:34] * Quits: jwalden (n=waldo@RANDOM-THREE-O-EIGHT.MIT.EDU) (kubrick.freenode.net irc.freenode.net)
392. # [07:35] * Joins: jwalden (n=waldo@RANDOM-THREE-O-EIGHT.MIT.EDU)
393. # [07:42] * Joins: maikmerten (n=merten@ls5laptop14.cs.uni-dortmund.de)
394. # [08:02] <Hixie> for some reason it irks me that the html wg chairs call their phone meeting "the" html wg telecon
395. # [08:02] * Joins: othermaciej (n=mjs@dsl081-048-145.sfo1.dsl.speakeasy.net)
396. # [08:03] <Hixie> i don't understand why
397. # [08:03] <Hixie> i have nothing against people using any communication method to go through things they've planned to do and work out if they've done them or not
398. # [08:04] <Hixie> it just seems to convey too much importance to that meeting
399. # [08:04] <Hixie> maybe i should just be happy that they are diluting the term so much :-)
400. # [08:26] * Quits: jwalden (n=waldo@RANDOM-THREE-O-EIGHT.MIT.EDU) ("ChatZilla 0.9.80-rdmsoft [XULRunner 1.8.0.9/2006120508]")
401. # [08:30] * othermaciej is now known as om_sleep
402. # [08:34] * Joins: gavin__ (n=gavin@CPE001346f5db49-CM0018c0db9a8a.cpe.net.cable.rogers.com)
403. # [08:34] * Quits: gavin_ (n=gavin@firefox/developer/gavin) (Nick collision from services.)
404. # [08:34] * gavin__ is now known as gavin_
405. # [08:39] * webben_ notes it would be useful to have a URI attribute for the cite element. anchors can't do the job, e.g. <a href="example.com">Irvine Welsh reminisces about writing <cite uri="whatever">Trainspotting</cite></a>.
406. # [08:47] <Hixie> Irvin Welsh <a href="">reminisces</a> about writing <a href="whatever"><cite>Trainspotting</cite></a>.
407. # [08:49] <webben_> That would be one way to do it. "reminisces" isn't especially useful link text however.
408. # [08:50] <webben_> (either in terms of end-users or in terms of facilitating search)
409. # [08:52] <webben_> also, that doesn't mean quite the same thing if you're pulling out bibliographic references
410. # [08:52] <webben_> (that is, you can't be as sure whatever is meant to equal trainspotting as opposed to a resource discussing trainspotting.
411. # [08:53] <webben_> e.g. a review
412. # [08:58] * weinig is now known as weinig|away
413. # [08:59] <webben_> I suspect similar problems might lie behind http://ocoins.info/#id3205609417
414. # [09:09] <webben_> or perhaps not: http://old.onebiglibrary.net/yale/cipolo/gcs-pcs-list/2005-June/000110.html
415. # [09:14] * Joins: aroben (n=adamrobe@12.36.112.3)
416. # [09:33] * Joins: tndH_ (i=Rob@87.102.23.130)
417. # [09:33] * tndH_ is now known as tndH
418. # [09:36] * Quits: MacDome (n=eric@c-69-181-78-198.hsd1.ca.comcast.net)
419. # [10:02] * Quits: webben_ (n=benh@dip5-fw.corp.ukl.yahoo.com) (Read error: 110 (Connection timed out))
420. # [10:06] * Joins: webben (n=benh@91.84.247.13)
421. # [10:10] * Quits: webben (n=benh@91.84.247.13) (Client Quit)
422. # [10:15] * Quits: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no) (Read error: 104 (Connection reset by peer))
423. # [10:15] * Joins: Lachy_ (n=Lachlan@cm-84.215.54.100.getinternet.no)
424. # [10:16] * Quits: aroben (n=adamrobe@unaffiliated/aroben)
425. # [10:25] * Quits: Lachy_ (n=Lachlan@cm-84.215.54.100.getinternet.no) ("This computer has gone to sleep")
426. # [10:25] * Joins: ROBOd (n=robod@89.122.216.38)
427. # [10:27] * Joins: peepo (n=Jay@host86-144-194-42.range86-144.btcentralplus.com)
428. # [10:36] * Joins: Camaban (n=adrianle@host81-133-60-253.in-addr.btopenworld.com)
429. # [10:47] * Joins: Lachy_ (n=Lachlan@pat-tdc.opera.com)
430. # [10:52] * Joins: roc_ (n=roc@121-72-6-210.dsl.telstraclear.net)
431. # [10:52] * Quits: roc (n=roc@121-72-6-210.dsl.telstraclear.net) (Read error: 104 (Connection reset by peer))
432. # [10:54] * Joins: roc (n=roc@121-72-6-210.dsl.telstraclear.net)
433. # [10:54] * Quits: roc_ (n=roc@121-72-6-210.dsl.telstraclear.net) (Read error: 104 (Connection reset by peer))
434. # [11:04] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
435. # [11:05] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Remote closed the connection)
436. # [11:12] * Joins: webben (n=benh@nat/yahoo/x-77b3764eb13a5a7b)
437. # [11:14] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
438. # [11:30] * Joins: jwalden_ (n=waldo@RANDOM-SEVENTY-TWO.MIT.EDU)
439. # [11:30] * jwalden_ is now known as jwalden
440. # [11:44] * Joins: zcorpan (n=zcorpan@pat.se.opera.com)
441. # [11:59] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Read error: 110 (Connection timed out))
442. # [12:00] * Joins: mpt (n=mpt@canonical/launchpad/mpt)
443. # [12:05] * Joins: myakura (n=myakura@p2098-ipbf4207marunouchi.tokyo.ocn.ne.jp)
444. # [12:17] * Quits: Lachy_ (n=Lachlan@pat-tdc.opera.com) ("Leaving")
445. # [12:17] * Joins: Lachy (n=Lachlan@pat-tdc.opera.com)
446. # [12:22] * Quits: mpt (n=mpt@canonical/launchpad/mpt) (Read error: 110 (Connection timed out))
447. # [12:47] * Joins: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com)
448. # [13:06] * Quits: MikeSmith (n=MikeSmit@58.157.21.205) ("Less talk, more pimp walk.")
449. # [13:13] * Joins: weinig (n=weinig@c-71-198-176-23.hsd1.ca.comcast.net)
450. # [13:13] * Quits: weinig|away (n=weinig@c-71-198-176-23.hsd1.ca.comcast.net) (Connection reset by peer)
451. # [13:16] * Quits: webben (n=benh@nat/yahoo/x-77b3764eb13a5a7b)
452. # [13:24] * Quits: roc (n=roc@121-72-6-210.dsl.telstraclear.net)
453. # [13:34] <hsivonen> Hmm. for some reason bugzilla uses <td><strong> instead of <th>...
454. # [13:56] <zcorpan> was bugzilla WYSIWYGed when it was created?
455. # [14:02] <hsivonen> zcorpan: WYSIWYGed?
456. # [14:03] <hsivonen> hmm. this has been fixed in Bugzilla 3.x
457. # [14:04] <hsivonen> hmm. nope, it hasn't been fixed in every instance
458. # [14:04] <hsivonen> oh well
459. # [14:05] <hsivonen> there's now http://bugzilla.validator.nu/
460. # [14:05] <zcorpan> hsivonen: crafted using a WYSIWYG program
461. # [14:06] <hsivonen> zcorpan: I have no idea how the Bugzilla templates originated, but considering how many form fields there are, I doubt they were created with a WYSIWYG tool
462. # [14:07] <Dashiva> What you hack in is what you get
463. # [14:08] <annevk> it's probably back from the days when mozilla's front page was a table hack
464. # [14:08] <hsivonen> annevk: yeah, the visible layout hasn't changed since those days
465. # [14:09] <hsivonen> probably in between <b> has been bikeshedded to <strong> instead of <th>
466. # [14:09] <annevk> at some point i was slightly involved in getting better markup for bugzilla, but that didn't last long
467. # [14:13] * Joins: webben (n=benh@nat/yahoo/x-4670de50b18036f1)
468. # [14:31] * Quits: myakura (n=myakura@p2098-ipbf4207marunouchi.tokyo.ocn.ne.jp) (Read error: 110 (Connection timed out))
469. # [14:36] <zcorpan> http://forums.whatwg.org/viewtopic.php?t=9#617 http://forums.whatwg.org/viewtopic.php?t=38&start=15#616 spam?
470. # [14:37] <Camaban> probably
471. # [14:38] <hsivonen> yes
472. # [14:38] <zcorpan> removed
473. # [14:40] * Quits: peepo (n=Jay@host86-144-194-42.range86-144.btcentralplus.com) (Read error: 110 (Connection timed out))
474. # [14:46] <annevk> zcorpan, http://forums.whatwg.org/viewtopic.php?p=621#621 (and user too)
475. # [14:47] <hsivonen> annevk: where's the payload in that spam?
476. # [14:47] <annevk> www button
477. # [14:53] <zcorpan> annevk: thanks
478. # [14:54] <zcorpan> f.w.o has a relatively high spam to real posts ratio :(
479. # [15:24] * Joins: justinthorp (n=justinth@38.105.65.83)
480. # [15:30] * Quits: Lachy (n=Lachlan@pat-tdc.opera.com) ("This computer has gone to sleep")
481. # [15:47] * Joins: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no)
482. # [15:47] * Quits: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com) (Read error: 104 (Connection reset by peer))
483. # [15:47] * Joins: hasather (n=hasather@90-231-107-133-no62.tbcn.telia.com)
484. # [15:49] * Quits: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no) (Client Quit)
485. # [15:49] * Joins: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no)
486. # [15:53] * Joins: phsiao (n=shawn@c-71-232-12-131.hsd1.ma.comcast.net)
487. # [15:55] * Quits: phsiao (n=shawn@c-71-232-12-131.hsd1.ma.comcast.net) (Client Quit)
488. # [15:56] * Joins: phsiao (n=shawn@c-71-232-12-131.hsd1.ma.comcast.net)
489. # [15:58] * Quits: webben (n=benh@nat/yahoo/x-4670de50b18036f1)
490. # [16:17] * Quits: phsiao (n=shawn@c-71-232-12-131.hsd1.ma.comcast.net)
491. # [16:17] * Joins: phsiao (n=shawn@c-71-232-12-131.hsd1.ma.comcast.net)
492. # [16:22] * Joins: peepo (n=Jay@host86-147-236-233.range86-147.btcentralplus.com)
493. # [16:26] * Joins: billmason (n=billmaso@ip129.unival.com)
494. # [16:32] * om_sleep is now known as othermaciej
495. # [16:42] * Joins: Lachy_ (n=Lachlan@cm-84.215.54.100.getinternet.no)
496. # [16:42] * Quits: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no) (Read error: 104 (Connection reset by peer))
497. # [16:57] * Quits: Lachy_ (n=Lachlan@cm-84.215.54.100.getinternet.no) ("Leaving")
498. # [16:57] * Joins: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no)
499. # [17:01] * Quits: maikmerten (n=merten@ls5laptop14.cs.uni-dortmund.de) (Read error: 104 (Connection reset by peer))
500. # [17:06] * Joins: SadEagle (n=maksim@cpe-69-202-89-106.twcny.res.rr.com)
501. # [17:08] * Joins: gsnedders (n=gsnedder@host86-151-228-75.range86-151.btcentralplus.com)
502. # [17:14] * Joins: dveditz (n=dveditz@dsl-63-249-104-137.cruzio.com)
503. # [17:17] * Joins: webben (n=benh@nat/yahoo/x-2e5df8c94a246afb)
504. # [17:23] * Quits: jwalden (n=waldo@RANDOM-SEVENTY-TWO.MIT.EDU) (Read error: 110 (Connection timed out))
505. # [17:25] * Quits: phsiao (n=shawn@c-71-232-12-131.hsd1.ma.comcast.net)
506. # [17:27] * Joins: grimeboy (n=grimboy@78-105-162-250.zone3.bethere.co.uk)
507. # [17:33] * Joins: MikeSmith (n=MikeSmit@58.157.21.205)
508. # [17:36] * Joins: cgriego (n=cgriego@216.138.69.206)
509. # [17:47] * Joins: jdandrea (n=jdandrea@ool-44c09c49.dyn.optonline.net)
510. # [17:47] * Quits: jdandrea (n=jdandrea@ool-44c09c49.dyn.optonline.net) (Remote closed the connection)
511. # [17:55] * Joins: Steve_f (n=chatzill@82-44-69-8.cable.ubr02.nmal.blueyonder.co.uk)
512. # [17:56] * Quits: webben (n=benh@nat/yahoo/x-2e5df8c94a246afb)
513. # [17:57] * Joins: dbaron (n=dbaron@c-67-160-251-228.hsd1.ca.comcast.net)
514. # [18:00] * Quits: othermaciej (n=mjs@dsl081-048-145.sfo1.dsl.speakeasy.net)
515. # [18:13] * Joins: webben (n=benh@nat/yahoo/x-cc0d47813b4c2249)
516. # [18:29] * Joins: aroben (n=aroben@unaffiliated/aroben)
517. # [18:34] * Joins: svl (n=me@ip565744a7.direct-adsl.nl)
518. # [18:35] * Quits: deltab (n=deltab@82-36-30-34.cable.ubr02.smal.blueyonder.co.uk) (Read error: 110 (Connection timed out))
519. # [18:36] * Joins: deltab (n=deltab@82-36-30-34.cable.ubr02.smal.blueyonder.co.uk)
520. # [19:08] * Joins: othermaciej (n=mjs@17.255.100.227)
521. # [19:08] * Parts: Camaban (n=adrianle@host81-133-60-253.in-addr.btopenworld.com)
522. # [19:15] * Joins: othermaciej_ (n=mjs@nat/apple/x-749c083febd3f243)
523. # [19:16] * Quits: webben (n=benh@nat/yahoo/x-cc0d47813b4c2249) (Read error: 110 (Connection timed out))
524. # [19:21] * Quits: othermaciej (n=mjs@17.255.100.227) (Nick collision from services.)
525. # [19:21] * othermaciej_ is now known as othermaciej
526. # [19:28] * Joins: maikmerten (n=maikmert@T6b11.t.pppool.de)
527. # [19:32] * Joins: jwalden_ (n=waldo@STRATTON-SIXTY.MIT.EDU)
528. # [19:32] * jwalden_ is now known as jwalden
529. # [19:35] * Quits: maikmerten (n=maikmert@T6b11.t.pppool.de) (Remote closed the connection)
530. # [19:40] <Hixie> annevk: dude, you keep posting to a member-secret list :-P
531. # [19:43] * Joins: bradeeoh (n=bradeeoh@web7.webfaction.com)
532. # [19:43] * Quits: bradee-oh (n=bradeeoh@web7.webfaction.com) (Read error: 104 (Connection reset by peer))
533. # [19:43] <zcorpan> hsivonen: "there" is the role definitions in http://www.w3.org/TR/xhtml-role/#s_role_module_attributes (re http://krijnhoetmer.nl/irc-logs/whatwg/20080220#l-396 )
534. # [19:53] * Joins: phsiao (n=shawn@nat/ibm/x-a9452101e354162a)
535. # [19:55] * Joins: kingryan (n=ryan@dsl092-219-050.sfo1.dsl.speakeasy.net)
536. # [20:02] * Joins: MacDome (n=eric@c-69-181-78-198.hsd1.ca.comcast.net)
537. # [20:03] * Quits: othermaciej (n=mjs@nat/apple/x-749c083febd3f243)
538. # [20:04] * Quits: weinig (n=weinig@c-71-198-176-23.hsd1.ca.comcast.net)
539. # [20:06] * Joins: othermaciej (n=mjs@17.255.100.227)
540. # [20:07] * Quits: othermaciej (n=mjs@17.255.100.227) (Client Quit)
541. # [20:10] * Quits: dbaron (n=dbaron@c-67-160-251-228.hsd1.ca.comcast.net) ("8403864 bytes have been tenured, next gc will be global.")
542. # [20:11] * Joins: othermaciej (n=mjs@17.255.100.227)
543. # [20:14] * Parts: SadEagle (n=maksim@cpe-69-202-89-106.twcny.res.rr.com) ("Konversation terminated!")
544. # [20:18] * Quits: justinthorp (n=justinth@38.105.65.83) (Read error: 110 (Connection timed out))
545. # [20:18] * Quits: MacDome (n=eric@c-69-181-78-198.hsd1.ca.comcast.net)
546. # [20:22] * Joins: eseidel (n=eseidel@c-69-181-78-198.hsd1.ca.comcast.net)
547. # [20:27] * Joins: eseidel_ (n=eseidel@72.14.224.1)
548. # [20:30] * Joins: dbaron (n=dbaron@corp-241.mountainview.mozilla.com)
549. # [20:30] * Quits: eseidel_ (n=eseidel@72.14.224.1) (Client Quit)
550. # [20:31] * Quits: eseidel (n=eseidel@c-69-181-78-198.hsd1.ca.comcast.net) (Read error: 104 (Connection reset by peer))
551. # [20:34] * Joins: eseidel (n=eseidel@c-69-181-78-198.hsd1.ca.comcast.net)
552. # [20:40] * Quits: zcorpan (n=zcorpan@pat.se.opera.com) (Read error: 110 (Connection timed out))
553. # [20:42] * Quits: eseidel (n=eseidel@c-69-181-78-198.hsd1.ca.comcast.net) (Read error: 104 (Connection reset by peer))
554. # [20:43] * Joins: eseidel (n=eseidel@c-69-181-78-198.hsd1.ca.comcast.net)
555. # [20:47] * Joins: weinig (n=weinig@17.203.15.180)
556. # [21:06] * Joins: roc (n=roc@202.0.36.64)
557. # [21:10] * Joins: virtuelv (n=virtuelv@109.80-202-65.nextgentel.com)
558. # [21:15] <Hixie> sure are a lot of people looking for acid3 on google
559. # [21:15] <jwalden> half of them were probably me, until the URL became memorable enough that I didn't need Google :-)
560. # [21:15] * Joins: gsnedders_mibbit (i=5697e44b@gateway/web/ajax/mibbit.com/x-f099d40b4179adfb)
561. # [21:16] <jwalden> comes from doing most testing in a throwaway browser instance with completely clean state
562. # [21:17] * Quits: othermaciej (n=mjs@17.255.100.227) (Read error: 104 (Connection reset by peer))
563. # [21:17] * weinig is now known as weinig|away
564. # [21:17] * Joins: othermaciej (n=mjs@17.255.100.227)
565. # [21:18] * Quits: gsnedders_mibbit (i=5697e44b@gateway/web/ajax/mibbit.com/x-f099d40b4179adfb) (Client Quit)
566. # [21:18] * gsnedders is now known as gsnedders_mibbit
567. # [21:20] * gsnedders_mibbit is now known as gsnedders
568. # [21:20] * Joins: csarven (n=nevrasc@modemcable130.251-202-24.mc.videotron.ca)
569. # [21:22] * Joins: jruderman_ (n=jruderma@c-67-180-15-227.hsd1.ca.comcast.net)
570. # [21:22] * Quits: othermaciej (n=mjs@17.255.100.227)
571. # [21:23] * Quits: virtuelv (n=virtuelv@109.80-202-65.nextgentel.com) ("Leaving")
572. # [21:23] <Hixie> jwalden: no, they're from all over the world
573. # [21:23] <jwalden> I was being facetious
574. # [21:24] <Hixie> =:-)
575. # [21:24] <jwalden> (and adding words with all five vowels to the dialogue)
576. # [21:24] <jwalden> (and doing so again!)
577. # [21:25] * Philip` gives jwalden a cauliflower
578. # [21:26] <jwalden> whee!
579. # [21:26] <Hixie> freaks
580. # [21:26] <Hixie> :-P
581. # [21:27] <gsnedders> Hixie: says the guy with a spec for his own form of English :P
582. # [21:28] * Joins: virtuelv (n=virtuelv@109.80-202-65.nextgentel.com)
583. # [21:30] <Philip`> http://googlemapsapi.blogspot.com/2008/02/google-maps-without-scripting.html - hmm, unescaped ampersands in example code :-(
584. # [21:30] <jwalden> don't even get me started; I'm far worse with anagramming words in conversations/etc. :-)
585. # [21:31] <Philip`> It's fun writing emails so that every line has precisely the same length
586. # [21:31] <jwalden> yay for not sending things with the XHTML mime type
587. # [21:31] <jwalden> or something
588. # [21:35] * Quits: jruderman (n=jruderma@c-67-180-15-227.hsd1.ca.comcast.net) (Read error: 110 (Connection timed out))
589. # [21:40] * Quits: Lachy (n=Lachlan@cm-84.215.54.100.getinternet.no) (Read error: 104 (Connection reset by peer))
590. # [21:40] * Joins: Lachy_ (n=Lachlan@cm-84.215.54.100.getinternet.no)
591. # [21:42] * Quits: virtuelv (n=virtuelv@109.80-202-65.nextgentel.com) (Read error: 104 (Connection reset by peer))
592. # [21:42] * Quits: eseidel (n=eseidel@c-69-181-78-198.hsd1.ca.comcast.net)
593. # [21:42] * Joins: virtuelv (n=virtuelv@109.80-202-65.nextgentel.com)
594. # [21:48] * Joins: othermaciej (n=mjs@17.255.100.227)
595. # [21:49] * Joins: MacDome (n=eric@c-69-181-78-198.hsd1.ca.comcast.net)
596. # [21:53] <Hixie> Philip`: yeah, i do that sometimes. dbaron started me down that road.
597. # [21:56] <Hixie> good lord
598. # [21:56] * Hixie finds an e-mail from a year ago asking him to prioritise replying to stuff from 2 years ago
599. # [21:57] * Quits: aroben (n=aroben@unaffiliated/aroben) (Read error: 110 (Connection timed out))
600. # [21:57] <gsnedders> Philip`, Hixie: freaks :P
601. # [21:57] <Dashiva> Your mailbox could be used as a modern variant of message-in-a-bottle
602. # [21:58] <Dashiva> "Dear whoever is working on html when Hixie reaches this message..."
603. # [22:02] * weinig|away is now known as weinig
604. # [22:03] <jwalden> I send an SOS to whatwg, I hope that someone will find my postMessage in a bottle...
605. # [22:06] * Joins: marcosc (n=chatzill@203.153.194.12)
606. # [22:07] <dbaron> Hixie, could you suggest how to use google to search for messages with all lines the same length? :-P
607. # [22:07] <Hixie> here's no publicly-facing ui that would let you do that
608. # [22:09] * Quits: kingryan (n=ryan@dsl092-219-050.sfo1.dsl.speakeasy.net)
609. # [22:17] * Joins: eseidel (n=eseidel@nat/google/x-ea062b565b095453)
610. # [22:23] <takkaria> Hixie: how big is your email backlog thesedays?
611. # [22:26] * Quits: svl (n=me@ip565744a7.direct-adsl.nl) (Nick collision from services.)
612. # [22:26] * Joins: svl (n=me@ip565744a7.direct-adsl.nl)
613. # [22:42] * Joins: othermaciej_ (n=mjs@nat/apple/x-b4006599c9769647)
614. # [22:57] * Quits: ROBOd (n=robod@89.122.216.38) ("http://www.robodesign.ro")
615. # [22:59] * Quits: othermaciej (n=mjs@17.255.100.227) (Read error: 110 (Connection timed out))
616. # [23:03] * Quits: eseidel (n=eseidel@nat/google/x-ea062b565b095453)
617. # [23:08] * Joins: parcelbrat (n=parcelbr@96.239.197.10)
618. # [23:09] * Quits: gsnedders (n=gsnedder@host86-151-228-75.range86-151.btcentralplus.com) ("Partying in teh intarwebs")
619. # [23:11] <Hixie> takkaria: http://whatwg.org/issues/data.html
620. # [23:23] <Hixie> ok so event-source
621. # [23:23] <Hixie> we clearly want to dramatically simplify this
622. # [23:25] <Hixie> right now each line is one of:
623. # [23:25] <Hixie> ;comment
624. # [23:25] <Hixie> :command
625. # [23:25] <Hixie> field: data
626. # [23:25] <Hixie> (blank line)
627. # [23:26] <Hixie> the current simplification results in the only 'field' being 'data' or 'message' or some such
628. # [23:27] * Joins: SadEagle (n=maksim@cpe-69-202-89-106.twcny.res.rr.com)
629. # [23:27] <Hixie> if you want to send arbitrary data, a system that makes it hard to fake would be good
630. # [23:27] <Hixie> right now we're susceptible to people inlining strings that happen to contain newlines
631. # [23:27] <Hixie> that would be bad
632. # [23:29] <Hixie> we could have (length marker) (data of that length) but then we're susceptible to people using badly formed UTF-8 to make servers not realise what the length is
633. # [23:29] <Hixie> hmmmmm
634. # [23:32] * Joins: aroben (n=aroben@unaffiliated/aroben)
635. # [23:33] * Joins: aroben_ (n=aroben@unaffiliated/aroben)
636. # [23:38] <Hixie> hm, one useful thing would be for the event stream to include a number
637. # [23:38] <Hixie> for each event
638. # [23:38] <Hixie> and then reconnection requests could include a header with the last number received
639. # [23:41] <annevk> Hixie, what member list?
640. # [23:41] <Hixie> css
641. # [23:42] <annevk> aah
642. # [23:42] <annevk> it's my only sin :p
643. # [23:42] <Hixie> :-)
644. # [23:43] <Hixie> i hope opera doesn't mind
645. # [23:43] <Hixie> but i'm blowing up event-source
646. # [23:43] <Hixie> and rebuilding it
647. # [23:43] <Hixie> to take into account everyone's feedback
648. # [23:43] <annevk> we probably do, depending on what happens to it
649. # [23:43] <Hixie> (i'm changing the mime type of the format, so it should be possible to support both)
650. # [23:44] <annevk> ok, we'll see I guess :)
651. # [23:44] <Hixie> uh
652. # [23:44] <Hixie> wtf
653. # [23:44] <jwalden> Content-Type: chunked comes to mind here
654. # [23:45] <Hixie> my ipod touch just rebooted
655. # [23:45] <Hixie> on its own
656. # [23:45] <Hixie> freaky
657. # [23:46] <Hixie> jwalden: you mean Content-Encoding?
658. # [23:46] <jwalden> er, yes
659. # [23:46] <jwalden> Hixie: re whitespace handling in the class attribute in acid3, https://bugzilla.mozilla.org/show_bug.cgi?id=254337#c5
660. # [23:48] * othermaciej_ is now known as othermaciej
661. # [23:48] <Hixie> man, the http spec is so badly written. it just totally doesn't have any error handling rules.
662. # [23:49] * Quits: aroben (n=aroben@unaffiliated/aroben) (Nick collision from services.)
663. # [23:49] * aroben_ is now known as aroben
664. # [23:51] * Joins: Lachy__ (n=Lachlan@cm-84.215.54.100.getinternet.no)
665. # [23:52] * Quits: Lachy_ (n=Lachlan@cm-84.215.54.100.getinternet.no) (Read error: 104 (Connection reset by peer))
666. # [23:53] <annevk> Hixie, it's unlikely that'll be fixed
667. # [23:53] <annevk> for 2616bis anyway
668. # [23:53] <jwalden> bis?
669. # [23:54] <annevk> the HTTP WG is working on a revision of RFC 2616
670. # [23:55] <jwalden> zounds
671. # [23:55] * jwalden searches
672. # [23:55] <Hixie> annevk: yeah, i know
673. # [23:55] <Hixie> jwalden: commented
674. # [23:56] <jwalden> thanks
675. # [23:56] <annevk> jwalden, you did not know?
676. # [23:56] <jwalden> not at all
677. # [23:56] <jwalden> maybe tomorrow the DOM WG will reform
678. # [23:56] <jwalden> and the day after, hell freezes over
679. # [23:56] <annevk> jwalden, http://lists.w3.org/Archives/Public/ietf-http-wg/ is the list
680. # [23:56] <othermaciej> the revision is being driven by people who do not have the error handling religion
681. # [23:56] <othermaciej> the DOM WG has basically been renamed to the Web API WG
682. # [23:56] <othermaciej> for practical purposes anyway
683. # [23:56] <annevk> yeah
684. # [23:57] <jwalden> did it take over DOM core?
685. # [23:57] <jwalden> if so, then the hell-freezing is going to be bumped up a day
686. # [23:57] * Joins: eseidel (n=eseidel@nat/google/x-272f3cd5bee2fbef)
687. # [23:58] <annevk> jwalden, there's a plan for DOM5
688. # [23:59] <annevk> or DOM4, depending on how the politics go
689. # [23:59] <annevk> (also, not throwing WRONG_DOCUMENT_ERR is likely to become legit ;-) )
690. # [23:59] <jwalden> plans aren't quite cutting it yet for me, but I anticipate future happiness
691. # Session Close: Fri Feb 22 00:00:00 2008

The end :)