/irc-logs / freenode / #whatwg / 2009-11-12 / end

Options:

# Session Start: Thu Nov 12 00:00:00 2009
# Session Ident: #whatwg
# [00:01] * Quits: Rik` (n=Rik`@pha75-2-81-57-187-57.fbx.proxad.net) (Read error: 104 (Connection reset by peer))
# [00:01] * Joins: Rik` (n=Rik`@pha75-2-81-57-187-57.fbx.proxad.net)
# [00:08] * Joins: dbaron (n=dbaron@nat/mozilla/x-dvgdxzvhwxbwxutu)
# [00:11] * Quits: Steve^ (n=steve@92.40.137.173.sub.mbb.three.co.uk) ("Leaving")
# [00:13] * Joins: dimich_ (n=dimich@c-98-203-252-208.hsd1.wa.comcast.net)
# [00:13] * Quits: othermaciej (n=mjs@17.203.15.242) (Read error: 110 (Connection timed out))
# [00:13] * othermaciej_ is now known as othermaciej
# [00:15] * Joins: GarethAdams|Home (n=GarethAd@pdpc/supporter/active/GarethAdams)
# [00:15] * Quits: MikeSmith (n=MikeSmit@EM114-48-9-68.pool.e-mobile.ne.jp) (Read error: 54 (Connection reset by peer))
# [00:18] * Joins: avidvivid (n=avidvivi@209-180-139-110.phnx.qwest.net)
# [00:19] * Quits: avidvivid (n=avidvivi@209-180-139-110.phnx.qwest.net) (Client Quit)
# [00:20] * Quits: jacobolus (n=jacobolu@dhcp-0059871802-99-6d.client.student.harvard.edu) (Remote closed the connection)
# [00:22] * Quits: SamerZ (n=SamerZ@CPE00222d5410b8-CM00222d5410b5.cpe.net.cable.rogers.com)
# [00:24] * Joins: MikeSmith (n=MikeSmit@EM114-48-184-147.pool.e-mobile.ne.jp)
# [00:25] * Joins: SamerZ (n=SamerZ@CPE00222d5410b8-CM00222d5410b5.cpe.net.cable.rogers.com)
# [00:33] * Quits: hobertoAtWork (n=hobertoa@gw1.mcgraw-hill.com) ("Nettalk6 - www.ntalk.de")
# [00:35] <MikeSmith> as far as the parsing algorithm, an element with a plus sign in it is not an error, right?
# [00:36] <Dashiva> In it? In the element name?
# [00:36] <MikeSmith> Dashiva: yeah
# [00:37] <MikeSmith> e.g., <foo+bar>
# [00:37] <Dashiva> It is
# [00:37] <MikeSmith> ah
# [00:37] <Philip`> MikeSmith: http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#tag-name-state says it's not a parse error
# [00:37] <Philip`> or, rather, doesn't say it is a parse error
# [00:37] <Hixie> it shouldn't be a _parse_ error, no
# [00:38] <Hixie> 'course since there's no foo+bar element, it's still an error
# [00:38] <Dashiva> Right, that's a much more useful answer
# [00:38] * Joins: pmuellr (n=pmuellr@user-0ce2l9d.cable.mindspring.com)
# [00:38] <MikeSmith> OK
# [00:41] * Quits: Michelangelo (n=Michelan@93-41-23-37.ip79.fastwebnet.it) (Remote closed the connection)
# [00:42] * Joins: Edgar (n=Edgar@adsl-233-37-232.mia.bellsouth.net)
# [00:42] * Quits: Edgar (n=Edgar@adsl-233-37-232.mia.bellsouth.net) (Client Quit)
# [00:43] * hamcore is now known as hcr
# [00:44] * Joins: dave_levin (n=dave_lev@74.125.59.65)
# [00:45] * Quits: Animeking2 (n=Edgar@adsl-233-37-232.mia.bellsouth.net) (Read error: 60 (Operation timed out))
# [00:48] * Quits: cying (n=cying@174.46.232.250)
# [00:48] * Joins: nattokirai (n=nattokir@EM114-48-193-4.pool.e-mobile.ne.jp)
# [00:48] * Joins: cfq (n=cfq@94-194-98-91.zone8.bethere.co.uk)
# [00:50] <Philip`> MikeSmith: (I do hope you're not planning to use + in an element name)
# [00:51] <MikeSmith> Philip`: I was asking in context of a message Jonathan Rees posted to www-tag yesterday
# [00:52] * Quits: boogyman (n=chatzill@unaffiliated/boogyman) ("ChatZilla 0.9.85 [Firefox 3.5.5/20091102152451]")
# [00:54] <MikeSmith> http://lists.w3.org/Archives/Public/www-tag/2009Nov/0015.html
# [00:55] <Philip`> Ah
# [00:55] * Joins: jacobolus (n=jacobolu@dhcp-0059871802-99-6d.client.student.harvard.edu)
# [00:55] <MikeSmith> this part:
# [00:55] <MikeSmith> [[
# [00:55] <MikeSmith> For example, one might say that addition of new elements and
# [00:55] <MikeSmith> attributes is likely to happen, but not changes in the lexical syntax
# [00:55] <MikeSmith> such as the addition of something like <% .... %> or allowing + in
# [00:55] <MikeSmith> element names.
# [00:55] <MikeSmith> ]]
# [00:56] * Joins: bugfux (n=bugfux@209-234-175-134.static.twtelecom.net)
# [00:58] <MikeSmith> seems like he was stating that as a example of a type of syntax restriction
# [00:59] * Quits: Rik` (n=Rik`@pha75-2-81-57-187-57.fbx.proxad.net) (Read error: 113 (No route to host))
# [00:59] * Quits: mat_t (n=mattomas@66.226.254.3) ("This computer has gone to sleep")
# [01:00] <MikeSmith> maybe part of the answer should be, there are no existing arbitrary syntax restrictions like that -- instead there are only things that generate parse errors and things that are do not
# [01:00] <MikeSmith> -are
# [01:00] <Hixie> there are some arbitrary restrictions
# [01:00] <Hixie> like unquoted attributes can't contain `
# [01:00] <Hixie> because of potential security problems with IE
# [01:00] <MikeSmith> I see
# [01:01] * Quits: othermaciej (n=mjs@17.246.17.112) (Remote closed the connection)
# [01:01] <MikeSmith> so maybe I can make up a list of those
# [01:01] * Joins: othermaciej (n=mjs@17.203.15.242)
# [01:02] <MikeSmith> that seems in part at least to be what he's wondering about
# [01:02] <MikeSmith> that is, the bounds on what can be changed in the syntax and what can't be
# [01:04] <Hixie> i dunno
# [01:04] <Hixie> we can probably add new syntax
# [01:04] <Hixie> it'd just be somewhat painful
# [01:05] <Hixie> and we can add anything that is currently a bogus comment pretty easily
# [01:05] <Hixie> e.g. we could add <% ... %> so long as "..." can never be ">"
# [01:06] <Hixie> we could add <!start range selection> ... <!end range selection>
# [01:06] <Hixie> so other things like that
# [01:06] <MikeSmith> Hixie: I realize the first two points. but it seems like things such as the restriction on unquoted attribute values containing ' that really can't be changed practically changed at this point
# [01:06] <Hixie> unquoted attribute values only can't contain ' because it's confusing
# [01:07] <MikeSmith> eh? I thought you just said it was an IE security issue?
# [01:07] <Hixie> that's `
# [01:07] * Quits: aroben (n=aroben@unaffiliated/aroben) (Read error: 104 (Connection reset by peer))
# [01:07] <Dashiva> That was `
# [01:07] <Hixie> not '
# [01:07] <MikeSmith> ah
# [01:07] * Joins: KevinMarks (n=KevinMar@72.164.186.199)
# [01:08] * MikeSmith needs to get better fonts.. or bigger ones.. or better eyes
# [01:08] * Quits: SamerZ (n=SamerZ@CPE00222d5410b8-CM00222d5410b5.cpe.net.cable.rogers.com) (Remote closed the connection)
# [01:08] * Joins: SamerZ (n=SamerZ@CPE00222d5410b8-CM00222d5410b5.cpe.net.cable.rogers.com)
# [01:09] * Joins: yutak_home (n=kee@R214157.ppp.dion.ne.jp)
# [01:09] <Hixie> a lot of these restrictions are there purely for compatibility with xml
# [01:10] <Hixie> if it wasn't for staying roughly compatible with xml, we could make some pretty good changes
# [01:10] <MikeSmith> so maybe it could help if I wrote up an informational document about those
# [01:10] <MikeSmith> unless somebody else already has
# [01:10] <MikeSmith> on the wiki or somewhere
# [01:11] <Hixie> help how?
# [01:11] <Philip`> Help who?
# [01:12] <Philip`> (Oh, are there really no more anagrams for "how"? :-( )
# [01:12] <MikeSmith> heh
# [01:12] <MikeSmith> help people who want to put together documents that are going to be processing as they'd expect without having side effects they don't want
# [01:12] <Hixie> i don't follow
# [01:12] <MikeSmith> e.g, the reason why you should not put an XML declaration in a document served as text/html
# [01:13] <MikeSmith> well, one of the reasons
# [01:13] <MikeSmith> the most important one being that it will put IE6 into quirks mode
# [01:13] <MikeSmith> most people don't know that
# [01:13] <Hixie> isn't that basically the only reason?
# [01:13] <MikeSmith> or don't remember it
# [01:14] <MikeSmith> Hixie: I guess another reason would be that it doesn't otherwise have any effect
# [01:14] <MikeSmith> e.g., if you try to use it set encoding, it's not going to do anything
# [01:14] <Philip`> MikeSmith: Like a subset of HTML5's conformance criteria, but only for compatibility concerns, ignoring all the issues of good taste and readability and accessibility and whatever?
# [01:14] <MikeSmith> yeah, pretty much
# [01:15] <MikeSmith> just listing things that are "gotchas", I guess
# [01:15] <MikeSmith> I occasionally get questions about this kind of stuff off-list
# [01:15] <Hixie> MikeSmith: then there's a lot of other crap we should make illegal :-)
# [01:15] <Hixie> like xmlns=""
# [01:15] <Hixie> and /?
# [01:15] <Hixie> er />
# [01:16] <MikeSmith> well, yeah
# [01:16] <Hixie> the only reason they're allowed is to make polyglots possible
# [01:16] <Hixie> though personally i wish we could go in the other direction
# [01:16] <Hixie> far, far in the other direction
# [01:17] * Quits: mpt_ (n=mpt@canonical/mpt) (Read error: 110 (Connection timed out))
# [01:17] <MikeSmith> Hixie: I know but that position seems to be out of sync with the range of authors/content providers who say they want to do it and seem to feel pretty strongly about it
# [01:18] <Hixie> most of them think that they're doing stuff simple enough that it won't be a problem
# [01:19] <Hixie> and i think (a) they're likely to either be wrong already or soon will be, and (b) they are misleading others into thinking they are in a similar situation
# [01:19] <MikeSmith> I don't know about most but I am sure many
# [01:19] <Hixie> those who don't think they're doing stuff simple enough that it won't be a problem are unlikely to want to do it, since by definition they think they'd have a problem :-)
# [01:20] <MikeSmith> I think point (b) is the more important one
# [01:20] * Joins: wakaba_ (n=wakaba_@122x221x184x68.ap122.ftth.ucom.ne.jp)
# [01:21] <Hixie> the xml/html dichotomy is worse than the c/C++ dichotomy
# [01:21] <MikeSmith> perhaps we should require that people who believe they know what they are doing should include a disclaimer in their content along the lines of "Trained professional driver. Don't try this as home."
# [01:21] <MikeSmith> of course then others would just cargo-cult copy that disclaimer too
# [01:22] <MikeSmith> we clearly need some certification/regulation here
# [01:23] <MikeSmith> what we have now is more kinda like the gun-control (or lack of gun-control) situation in the US
# [01:23] <Hixie> sam's the only person whose source i have examined whom i know has done this seriously enough to really be considered a train professional driver
# [01:23] <Hixie> and he recommends against it
# [01:23] <MikeSmith> right
# [01:23] <Hixie> but i'm tired of arguing this point, if people want to do it, then fine
# [01:24] <MikeSmith> yeah
# [01:24] <MikeSmith> so to get back to the context for my original question, my motivation is just my own general laziness
# [01:24] <Philip`> Don't bother with certification, just make the technology as complex as possible then charge people $1500 for a three-day course on it
# [01:24] <Philip`> Saves all the effort of printing proper certificates
# [01:25] * Quits: gavin_ (n=gavin@firefox/developer/gavin) (Read error: 60 (Operation timed out))
# [01:25] <MikeSmith> yeah, that seems to be working well for a lot of technologies/standards
# [01:25] <MikeSmith> we must raise the barrier for entry
# [01:25] <MikeSmith> make it much more painful
# [01:25] <MikeSmith> people learn best from pain
# [01:26] <MikeSmith> I know I do
# [01:27] * Joins: gavin_ (n=gavin@firefox/developer/gavin)
# [01:28] <MikeSmith> anyway, I would just rather be able to point people to "list of stuff that you really should not be doing even though you think it should be OK" doc instead of answering (or attempting to answer) the same kinds of questions in private e-mail repeatedly
# [01:30] <MikeSmith> or instead of people using reading docs like http://www.w3.org/TR/xhtml-media-types/ and assuming they actually reflect real-world best practices
# [01:32] * Quits: paul_irish (n=paul_iri@12.33.239.250)
# [01:32] <MikeSmith> I can see that there are sections of that doc that simon pointed out specific problems with more than a year ago but for which no changes were ever made
# [01:33] * MikeSmith apologizes for the monologue
# [01:33] * Quits: broquaint (i=c266e329@81.102.240.223) (Read error: 145 (Connection timed out))
# [01:39] * Joins: webben (n=benh@212-104-155-100.access.eclipse.net.uk)
# [01:42] * Quits: dglazkov (n=dglazkov@nat/google/x-sigcilolwmnlftaf)
# [01:42] * Joins: mpt_ (n=mpt@canonical/mpt)
# [01:43] * Quits: webben (n=benh@212-104-155-100.access.eclipse.net.uk) (Client Quit)
# [01:47] * Quits: yutak_home (n=kee@R214157.ppp.dion.ne.jp) ("Ex-Chat")
# [01:47] * Quits: weinig (n=weinig@17.246.19.85)
# [01:51] * Quits: KevinMarks (n=KevinMar@72.164.186.199) ("The computer fell asleep")
# [02:08] <AryehGregor> Hixie, FWIW, MediaWiki serves HTML5 as well-formed XML by default now because some people screen-scrape with bots that use XML parsers.
# [02:08] <AryehGregor> Of course, they should be using our bot API anyway, but oh well.
# [02:10] * Quits: nattokirai (n=nattokir@EM114-48-193-4.pool.e-mobile.ne.jp) (Read error: 110 (Connection timed out))
# [02:15] <Hixie> did they use such parsers before you used XHTML?
# [02:19] <AryehGregor> MediaWiki has always used XHTML, as far as I know.
# [02:20] <AryehGregor> If we hadn't, I assume they would have just done it with regex, which is worse by most standards.
# [02:22] <AryehGregor> Hmm, no, it looks like it started as 4.01.
# [02:22] <AryehGregor> But it's been XHTML for years.
# [02:28] * Joins: nattokirai (n=nattokir@gw0.mozilla.or.jp)
# [02:28] * Joins: archtech (i=stanv@83.228.56.37)
# [02:28] <AryehGregor> http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=3087
# [02:28] <AryehGregor> Since April 2004.
# [02:33] * Joins: kinetik_ (n=kinetik@121.98.132.55)
# [02:33] * Quits: kinetik (n=kinetik@121.98.132.55) (Read error: 60 (Operation timed out))
# [02:33] * kinetik_ is now known as kinetik
# [02:39] <AryehGregor> http://validator.nu/?doc=http://en.wikipedia.org/wiki/
# [02:39] <AryehGregor> Hurrah.
# [02:40] <AryehGregor> Now we just need to convince people to clean up their cruddy table markup. :)
# [02:40] * AryehGregor will e-mail the list when he's reasonably certain the change won't be reverted
# [02:41] <AryehGregor> I think this now gives HTML5 a few orders of magnitude more web deployment than any XHTML beyond 1.0 ever had. *Maybe* not 1.1, dunno.
# [02:42] <Hixie> i guess if you'd never used xhtml, people might be using the api :-)
# [02:42] <AryehGregor> Well, we first supported XHTML a few years before we had an API.
# [02:43] <AryehGregor> Anyway, no. From experience, people would screen-scrape with regex.
# [02:43] <AryehGregor> An amazing number do that even when we use XHTML.
# [02:43] <AryehGregor> (which we're no longer doing as of six minutes ago)
# [02:43] <AryehGregor> (although still serving well-formed XML, so it amounts to the same for this)
# [02:45] <Hixie> yeah fair point
# [02:47] <AryehGregor> Actually, to be fair to bot authors, most of the screen-scraping bots date to back when we didn't have a good bot API.
# [03:02] * Quits: Amorphous (i=jan@unaffiliated/amorphous) (Read error: 145 (Connection timed out))
# [03:06] * Quits: tndH (n=Rob@cpc2-leed18-0-0-cust427.leed.cable.ntl.com) ("ChatZilla 0.9.85-rdmsoft [XULRunner 1.9.0.1/2008072406]")
# [03:14] * Joins: miketaylr (n=miketayl@24.42.95.234)
# [03:15] * Quits: ap (n=ap@17.246.17.221)
# [03:19] * Quits: mpilgrim (n=mark@rrcs-96-10-240-189.midsouth.biz.rr.com) (Nick collision from services.)
# [03:19] * Joins: mpilgrim (n=mark@65.210.51.74)
# [03:19] * Joins: mpilgrim_ (n=mark@rrcs-96-10-240-189.midsouth.biz.rr.com)
# [03:22] * Quits: mpilgrim_ (n=mark@rrcs-96-10-240-189.midsouth.biz.rr.com) (Remote closed the connection)
# [03:23] * Quits: MikeSmith (n=MikeSmit@EM114-48-184-147.pool.e-mobile.ne.jp) ("Tomorrow to fresh woods, and pastures new.")
# [03:23] <mpilgrim> boy, that old discussion on tbray's blog brings back some memories
# [03:24] * Joins: JonathanNeal (n=Jonathan@76-219-69-134.lightspeed.breaca.sbcglobal.net)
# [03:25] * Quits: JonathanNeal_ (n=Jonathan@76-219-69-134.lightspeed.breaca.sbcglobal.net) (Read error: 60 (Operation timed out))
# [03:26] <AryehGregor> Error: syntax error
# [03:26] <AryehGregor> Source File: http://en.wikipedia.org/w/index.php?useskin=monobook&title=User%3ASimetrical%2FTest%20Twinkle&action=submit
# [03:26] <AryehGregor> Line: 1, Column: 1
# [03:26] <AryehGregor> Source Code:
# [03:26] <AryehGregor> <!doctype html>
# [03:26] <AryehGregor> Um, yay?
# [03:28] * Joins: crow (n=miketayl@24.42.95.234)
# [03:28] * crow is now known as Guest49075
# [03:29] * Quits: miketaylr (n=miketayl@24.42.95.234) (Read error: 104 (Connection reset by peer))
# [03:30] * Quits: scherkus (n=scherkus@74.125.59.65) ("lol")
# [03:32] * Joins: yoshu (n=josh@174-18-197-62.tcso.qwest.net)
# [03:36] * Quits: Guest49075 (n=miketayl@24.42.95.234) (Remote closed the connection)
# [03:39] * Quits: cedricv (n=cedric@116.197.224.75) (Read error: 110 (Connection timed out))
# [03:39] * Quits: mpt_ (n=mpt@canonical/mpt) (Read error: 110 (Connection timed out))
# [03:42] * Joins: yusukes (n=yusukes@220.109.219.244)
# [03:44] * Parts: yusukes (n=yusukes@220.109.219.244) ("Leaving")
# [03:47] <AryehGregor> Okay, so apparently nobody noticed or cared to point out that switching to <!doctype html> will cause all XHR to fail with a syntax error?
# [03:48] <AryehGregor> At least, that's what I'm seeing.
# [03:50] * Joins: miketaylr (n=miketayl@24.42.95.234)
# [03:53] * Joins: dglazkov (n=dglazkov@c-67-188-0-62.hsd1.ca.comcast.net)
# [03:55] * Quits: mpilgrim (n=mark@65.210.51.74) (Read error: 110 (Connection timed out))
# [03:55] <AryehGregor> Ah, it has to be <!DOCTYPE html> for well-formedness. Now they tell me.
# [03:56] * Joins: weinig (n=weinig@17.246.19.85)
# [04:02] * Joins: MikeSmith (n=MikeSmit@EM114-48-82-218.pool.e-mobile.ne.jp)
# [04:13] * Quits: ttepasse (n=ttepas--@p5B01731D.dip.t-dialin.net) ("?Q")
# [04:25] <AryehGregor> . . . that just leaves the fact that named entities are syntax errors.
# [04:27] <AryehGregor> Okay, so apparently if you use <!DOCTYPE html>, named entities become XML well-formedness errors, so it's impossible to use XMLHttpRequest.
# [04:27] <AryehGregor> This seems like a pretty significant problem. Is there any way around it? If not, can some other kind of doctype be allowed that doesn't trigger it?
# [04:28] * AryehGregor looks at Hixie
# [04:28] <othermaciej> or don't use named entities
# [04:28] <othermaciej> or don't use XML, and just parse your results as HTML (for example by putting in an iframe)
# [04:28] <AryehGregor> Okay, let's assume that I'm not willing to find every single use of named entities in an application that's several hundred thousand LOC with gigabytes of content in the database.
# [04:29] <AryehGregor> So you're saying don't use XHR, make people use <iframe>s instead?
# [04:29] <AryehGregor> Surely that must have some disadvantages? To begin with, it breaks all legacy codebases that expect XHR to work, so it's sort of out of the question for me right now.
# [04:29] <AryehGregor> I thought <!doctype html> was chosen so that it had no significant compat issues.
# [04:30] <AryehGregor> It seems like there's no way to have a valid HTML5 document that contains a named entity and works with XHR?
# [04:30] <MikeSmith> doesn't the spec allow HTML4 and XHTML1 doctypes too?
# [04:30] * Quits: bugfux (n=bugfux@209-234-175-134.static.twtelecom.net) (Remote closed the connection)
# [04:31] <AryehGregor> MikeSmith, doesn't seem like it: http://www.whatwg.org/specs/web-apps/current-work/multipage/syntax.html#the-doctype
# [04:31] <othermaciej> it makes them work - I don't think it makes them conforming
# [04:31] <othermaciej> AryehGregor: you could use XHR and inject into an iframe to get HTML parsing, is what I'm saying
# [04:32] <othermaciej> AryehGregor: I don't think anyone though of the compat issue around named entities, and in fact what browsers do there for XML is weird
# [04:32] <AryehGregor> So in other words do XHR, but instead of using requestXML, create an iframe and stick requestText into its innerHTML or such.
# [04:32] <othermaciej> yeah
# [04:32] <MikeSmith> the conforming-but-obsolete section allows them, I think
# [04:32] <MikeSmith> or did
# [04:32] <othermaciej> although if it were me I would sooner sacrifice HTML5 conformance in the XHR-transmitted content than do that
# [04:33] * Joins: OverlordQ (i=ZOMG@wikipedia/OverlordQ)
# [04:33] <AryehGregor> Well, consider this some real-world experience with trying to move to HTML5. It lasted under two hours before being disabled due to blocker compatibility problems.
# [04:33] <AryehGregor> othermaciej, yep.
# [04:33] <AryehGregor> Of course, XHR-transmitted content is potentially any page on the site, so.
# [04:33] <AryehGregor> Oh, hmm: http://www.whatwg.org/specs/web-apps/current-work/multipage/tokenization.html#obsolete-permitted-doctype
# [04:34] <othermaciej> is processing XHTML via XHR a common use case? (I have no idea)
# [04:34] <othermaciej> I guess any XHTML you send as XML, if you have to fix entities, that's a big stumbling block to migrating
# [04:34] <othermaciej> file a bug IMO
# [04:34] <AryehGregor> othermaciej, I know it took less than thirty minutes for me to receive a report of a widely-used tool on Wikipedia breaking.
# [04:34] <AryehGregor> I was thinking I'd post to the list.
# [04:35] <othermaciej> oh, obsolete permitted doctype
# [04:35] <MikeSmith> a bug on this would be great
# [04:35] <AryehGregor> In the W3C bug tracker? I'm not sure I have an account.
# [04:35] <othermaciej> do those trigger a warning or error? it's not clear
# [04:35] <TabAtkins> AryehGregor: XHR will parse HTML properly in the future. It's there in the XHR2 spec.
# [04:35] <othermaciej> anyone can make a W3C bugzilla account
# [04:35] <othermaciej> same as any other bugzilla
# [04:36] <AryehGregor> othermaciej, it says obsolete but conforming, so I assume that means it's conforming.
# [04:36] <MikeSmith> AryehGregor: http://www.w3.org/Bugs/Public/
# [04:37] <MikeSmith> yeah, that obsolete-permitted-doctype thing is only in the full (implementor) view
# [04:37] <MikeSmith> not in the author view
# [04:37] <MikeSmith> seems like it should be in the Writing HTML section too
# [04:37] * Joins: shepazutoo (n=schepers@adsl-221-119-160.rmo.bellsouth.net)
# [04:38] <MikeSmith> anyway, I think the intent was for those to trigger a warning, not an error
# [04:38] * Joins: thedj (n=pjotr@unaffiliated/thedj)
# [04:38] <MikeSmith> I don't think v.nu has been updated yet to reflect that
# [04:40] <MikeSmith> yeah, section 12.1.1 explicitly says they should trigger warnings
# [04:42] * Quits: shepazu (n=schepers@adsl-221-119-160.rmo.bellsouth.net) (Read error: 60 (Operation timed out))
# [04:44] * Joins: RCanine (n=RCanine@cpe-76-170-27-145.socal.res.rr.com)
# [04:45] * Quits: RCanine (n=RCanine@cpe-76-170-27-145.socal.res.rr.com) (Client Quit)
# [04:46] * karlcow is wondering if html5 mandates Accept headers depending on the tag (html) or property (css) used.
# [04:46] <karlcow> for now, it's kind of nightmarish and create issues for Web development.
# [04:54] * Parts: dimich_ (n=dimich@c-98-203-252-208.hsd1.wa.comcast.net)
# [04:55] <AryehGregor> http://www.w3.org/Bugs/Public/show_bug.cgi?id=8268
# [04:56] <AryehGregor> Okay, I'm going to bed.
# [04:56] <MikeSmith> karlcow: example?
# [04:56] <MikeSmith> AryehGregor: thanks man
# [04:56] <MikeSmith> (for filing the bug)
# [04:57] <AryehGregor> Shall I post to the list too?
# [04:57] <AryehGregor> Not many people follow Bugzilla.
# [04:58] * Joins: dglazkov_ (n=dglazkov@216.239.45.130)
# [05:00] * Quits: TabAtkins (n=chatzill@70-139-15-246.lightspeed.rsbgtx.sbcglobal.net) (Read error: 60 (Operation timed out))
# [05:00] * Joins: dglazkov__ (n=dglazkov@c-67-188-0-62.hsd1.ca.comcast.net)
# [05:00] * Quits: dglazkov (n=dglazkov@c-67-188-0-62.hsd1.ca.comcast.net) (Read error: 104 (Connection reset by peer))
# [05:01] * dglazkov__ is now known as dglazkov
# [05:01] * Quits: nessy (n=Adium@203-214-159-50.dyn.iinet.net.au) ("Leaving.")
# [05:02] <karlcow> MikeSmith: once/when the html file is downloaded by the browser, other resources are being requested by an HTTP GET
# [05:02] <karlcow> Let's say in the case of IMG
# [05:03] <karlcow> <img src="http://example.net/toto"/>
# [05:03] * miketaylr is now known as miketaylr|zombie
# [05:03] <MikeSmith> karlcow: ah, content negotation stuff?
# [05:04] * Quits: dglazkov_ (n=dglazkov@216.239.45.130) (Read error: 60 (Operation timed out))
# [05:04] <karlcow> Firefox sends Accept: image/png,image/*;q=0.8,*/*;q=0.5
# [05:04] * Quits: archtech (i=stanv@83.228.56.37) (Read error: 60 (Operation timed out))
# [05:04] <karlcow> which is cool
# [05:04] * Parts: OverlordQ (i=ZOMG@wikipedia/OverlordQ)
# [05:04] <karlcow> but webkit seems to send "*/*"
# [05:05] * MikeSmith nods
# [05:05] <karlcow> and Opera
# [05:05] <karlcow> and Opera text/html, application/xml;q=0.9, application/xhtml+xml, application/x-obml2d, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
# [05:05] <thedj> karlcow: you should see what some mobile browsers send. that will kill you on the spot :D
# [05:05] <karlcow> the issue popped up last week end in a real case
# [05:06] <karlcow> and killed one of our site
# [05:06] <karlcow> The <img src="http://example.net/toto"/> was on a very high trafic Web site.
# [05:07] <karlcow> unfortunately the URI was an html resource and not an image.
# [05:07] <karlcow> ooops
# [05:07] <karlcow> s/and not an image/but an image/
# [05:07] <karlcow> rha
# [05:07] <karlcow> tired
# [05:07] <karlcow> unfortunately the URI was an html resource and not an image.
# [05:08] <karlcow> so the little site sent thousands of html file by minutes
# [05:08] <karlcow> and eventually died
# [05:09] <AryehGregor> What does Accept have to do with this?
# [05:09] <AryehGregor> Do web servers even pay attention to Accept in normal configuration?
# [05:09] <karlcow> One of the way to avoid it would have been when you see this "Accept: image/*" and the URI is known to be html, reply with a "406 Not Acceptable"
# [05:10] <AryehGregor> Mostly things just ignore content negotiation.
# [05:10] <AryehGregor> Probably better to, um, not put a large HTML page as an image src?
# [05:10] <karlcow> AryehGregor: the big site with high trafic was not under the control of the little guy.
# [05:11] <karlcow> Basically it creates a (not voluntary) DDOS
# [05:11] <AryehGregor> So I guess your point is that forums and so on allow people to post <img>, so people could do that maliciously on a really big file.
# [05:11] <AryehGregor> Thus DDoS.
# [05:11] <AryehGregor> Interesting thought.
# [05:11] <karlcow> :)
# [05:11] <AryehGregor> I dunno if Accept is the way to do it.
# [05:11] * Joins: othermaciej_ (n=mjs@17.246.17.112)
# [05:12] <AryehGregor> Maybe ask some browser vendors why they have */* at the end there instead of image/*.
# [05:12] <karlcow> Accept could have been a way but not in the state of implementations so far
# [05:12] * Joins: dimich_ (n=dimich@c-98-203-252-208.hsd1.wa.comcast.net)
# [05:13] <karlcow> in Rails it took only 2 minutes to implement the method to filter on the Accept and URI combinations, but was working only with firefox
# [05:14] * Quits: dbaron (n=dbaron@nat/mozilla/x-dvgdxzvhwxbwxutu) ("8403864 bytes have been tenured, next gc will be global.")
# [05:15] * AryehGregor sends an e-mail to the list about his doctype issue
# [05:16] <AryehGregor> Oh, looks like MikeSmith echoed it to public-html already.
# [05:16] <AryehGregor> Oh well.
# [05:17] * Joins: miketaylr (n=miketayl@24.42.95.234)
# [05:17] * Quits: miketaylr|zombie (n=miketayl@24.42.95.234) (Read error: 104 (Connection reset by peer))
# [05:18] * Quits: gavin_ (n=gavin@firefox/developer/gavin) (Remote closed the connection)
# [05:18] * Quits: othermaciej (n=mjs@17.203.15.242) (Nick collision from services.)
# [05:18] * othermaciej_ is now known as othermaciej
# [05:19] * Joins: gavin_ (n=gavin@firefox/developer/gavin)
# [05:20] * Joins: dglazkov_ (n=dglazkov@216.239.45.130)
# [05:21] * Joins: aboodman3 (n=aboodman@8.8.14.7)
# [05:21] * Quits: aboodman (n=aboodman@72.14.229.81) (Nick collision from services.)
# [05:21] * Quits: othermaciej (n=mjs@17.246.17.112)
# [05:21] * aboodman3 is now known as aboodman
# [05:22] * Joins: aboodman3 (n=aboodman@72.14.229.81)
# [05:22] * Joins: othermaciej (n=mjs@17.246.17.112)
# [05:28] * Quits: pmuellr (n=pmuellr@user-0ce2l9d.cable.mindspring.com)
# [05:31] * Quits: othermaciej (n=mjs@17.246.17.112)
# [05:33] * Joins: aboodman4 (n=aboodman@8.8.14.7)
# [05:34] * Quits: aboodman3 (n=aboodman@72.14.229.81)
# [05:35] * Quits: roc (n=roc@203-97-204-82.dsl.clear.net.nz)
# [05:36] * Quits: dglazkov (n=dglazkov@c-67-188-0-62.hsd1.ca.comcast.net) (Read error: 110 (Connection timed out))
# [05:36] * dglazkov_ is now known as dglazkov
# [05:37] * Quits: weinig (n=weinig@17.246.19.85)
# [05:41] * Quits: aboodman4 (n=aboodman@8.8.14.7) (Client Quit)
# [05:41] * Quits: sicking (n=chatzill@nat/mozilla/x-sslngklvznffuwzx) ("ChatZilla 0.9.85 [Firefox 3.6b2pre/20091023051626]")
# [05:45] * Quits: MikeSmith (n=MikeSmit@EM114-48-82-218.pool.e-mobile.ne.jp) ("Tomorrow to fresh woods, and pastures new.")
# [05:48] * Quits: aboodman (n=aboodman@8.8.14.7) (Read error: 110 (Connection timed out))
# [05:52] * Joins: MikeSmith (n=MikeSmit@tea12.w3.mag.keio.ac.jp)
# [05:54] * Quits: drunknbass_work (n=aaron@pool-71-107-253-243.lsanca.dsl-w.verizon.net) ("Leaving...")
# [06:00] * Quits: dimich_ (n=dimich@c-98-203-252-208.hsd1.wa.comcast.net)
# [06:05] * Quits: dave_levin (n=dave_lev@74.125.59.65)
# [06:05] * Joins: dave_levin (n=dave_lev@216.239.45.130)
# [06:20] * Quits: jwalden_ (n=waldo@nat/mozilla/x-daodozxlmaequevj) ("home")
# [06:21] * Joins: mpt_ (n=mpt@canonical/mpt)
# [06:28] * Quits: SamerZ (n=SamerZ@CPE00222d5410b8-CM00222d5410b5.cpe.net.cable.rogers.com)
# [06:31] * miketaylr is now known as miketaylr|zombie
# [06:34] * Joins: dbaron (n=dbaron@c-98-234-51-190.hsd1.ca.comcast.net)
# [06:41] * Quits: mitnavn (n=mitnavn@unaffiliated/mitnavn)
# [06:41] * Joins: TabAtkins (n=chatzill@70-139-15-246.lightspeed.rsbgtx.sbcglobal.net)
# [06:43] * Joins: dglazkov_ (n=dglazkov@c-67-188-0-62.hsd1.ca.comcast.net)
# [06:45] * Quits: mpt_ (n=mpt@canonical/mpt) (Read error: 113 (No route to host))
# [06:52] * Quits: dglazkov (n=dglazkov@216.239.45.130) (Read error: 145 (Connection timed out))
# [06:52] * dglazkov_ is now known as dglazkov
# [06:53] * miketaylr|zombie is now known as miketaylr
# [06:53] * Quits: miketaylr (n=miketayl@24.42.95.234) (Remote closed the connection)
# [06:57] * Joins: mitnavn (n=mitnavn@unaffiliated/mitnavn)
# [07:00] * Quits: TabAtkins (n=chatzill@70-139-15-246.lightspeed.rsbgtx.sbcglobal.net) (Read error: 110 (Connection timed out))
# [07:10] * Quits: jacobolus (n=jacobolu@dhcp-0059871802-99-6d.client.student.harvard.edu) (Remote closed the connection)
# [07:13] * Joins: weinig (n=weinig@c-67-180-35-124.hsd1.ca.comcast.net)
# [07:17] * Quits: dglazkov (n=dglazkov@c-67-188-0-62.hsd1.ca.comcast.net)
# [07:31] * Joins: jacobolus (n=jacobolu@dhcp-0059871802-99-6d.client.student.harvard.edu)
# [07:35] * Quits: jacobolus (n=jacobolu@dhcp-0059871802-99-6d.client.student.harvard.edu) (Client Quit)
# [07:41] * Joins: jwalden (n=waldo@c-98-248-40-206.hsd1.ca.comcast.net)
# [07:43] * Joins: mitnavn_ (n=mitnavn@0x5552b452.adsl.cybercity.dk)
# [07:54] * Quits: gavin_ (n=gavin@firefox/developer/gavin) (Read error: 145 (Connection timed out))
# [07:55] * Joins: zalan (n=zalan@89.135.144.122)
# [07:55] * Joins: gavin_ (n=gavin@firefox/developer/gavin)
# [07:56] * Quits: zalan (n=zalan@89.135.144.122) (Client Quit)
# [07:59] * Quits: mitnavn (n=mitnavn@unaffiliated/mitnavn) (Read error: 110 (Connection timed out))
# [08:00] * Quits: virtuelv (n=virtuelv@162.179.251.212.customer.cdi.no) (Read error: 110 (Connection timed out))
# [08:27] * Joins: jacobolus (n=jacobolu@dhcp-0059871802-99-6d.client.student.harvard.edu)
# [08:34] * Quits: mitnavn_ (n=mitnavn@0x5552b452.adsl.cybercity.dk) (Read error: 104 (Connection reset by peer))
# [08:39] * Joins: KevinMarks (n=KevinMar@72.164.184.10)
# [08:39] * Joins: pesla (n=retep@procurios.xs4all.nl)
# [08:44] * Joins: blooberry (n=brian@c-98-246-167-120.hsd1.or.comcast.net)
# [08:45] * Joins: mitnavn (n=mitnavn@unaffiliated/mitnavn)
# [08:51] * Quits: dbaron (n=dbaron@c-98-234-51-190.hsd1.ca.comcast.net) ("8403864 bytes have been tenured, next gc will be global.")
# [08:51] * Joins: virtuelv (n=virtuelv@pat-tdc.opera.com)
# [08:54] * Joins: othermaciej (n=mjs@c-69-181-42-237.hsd1.ca.comcast.net)
# [09:01] * Quits: KevinMarks (n=KevinMar@72.164.184.10) (Read error: 113 (No route to host))
# [09:14] * Joins: weinig_ (n=weinig@c-67-180-35-124.hsd1.ca.comcast.net)
# [09:14] * Quits: weinig (n=weinig@c-67-180-35-124.hsd1.ca.comcast.net) (Read error: 104 (Connection reset by peer))
# [09:14] * weinig_ is now known as weinig
# [09:16] * Joins: Rik` (n=Rik`@pha75-2-81-57-187-57.fbx.proxad.net)
# [09:23] <Hixie> AryehGregor: was your question earlier about doctypes for xml or html?
# [09:24] * Quits: gavin_ (n=gavin@firefox/developer/gavin) (Read error: 60 (Operation timed out))
# [09:24] * Joins: gavin_ (n=gavin@firefox/developer/gavin)
# [09:27] <othermaciej> Hixie: his question was about xml (well, really polyglot documents)
# [09:28] <othermaciej> apparently in the context of Wikipedia, which serves HTML but would like to continue to work with screen-scraping clients that read its content via XMLHttpRequest, but at the same time does not want to stop using HTML named entities
# [09:28] <annevk2> so the scraping clients all use overrideMimeType ?
# [09:28] <annevk2> or does Wikipedia actually serve its contents as XML?
# [09:28] <othermaciej> (conclusion being that <!DOCTYPE html> does not work for them)
# [09:28] <othermaciej> I have no idea, didn't get that far
# [09:29] <othermaciej> it must be either overrideMimeType or they serve conditionally somehow
# [09:29] <Hixie> now i'm even more confused than before
# [09:29] <othermaciej> if every Wikipedia document is well-formed XML then I am truly amazed
# [09:29] <annevk2> XML5 would solve this :)
# [09:29] * Joins: Maurice (n=ano@a80-101-46-164.adsl.xs4all.nl)
# [09:30] <annevk2> XHR2 solves it too, though if people use overrideMimeType they're still screwed
# [09:30] <othermaciej> yeah, responseHTML (or whatever) would solve it
# [09:32] <annevk2> it's called responseXML as well
# [09:32] <annevk2> I'm treating responseXML as a misnomer for responseDocument
# [09:32] * Joins: aboodman3 (n=aboodman@72.14.229.81)
# [09:33] * aboodman3 is now known as aboodman
# [09:33] <othermaciej> fair enough (although that means you can't feature-test for it)
# [09:33] <othermaciej> (which might suck if you want to decide to use overrideMimeType or send different Accept headers based on its presence)
# [09:34] <annevk2> for overrideMimeType it would work
# [09:34] <annevk2> if(this.responseXML == null) { this.overrideMimeType(...) ... }
# [09:35] <othermaciej> so UAs are supposed to respect overrideMimeType even if you set it after the fact?
# [09:35] * othermaciej wonders if that actually works
# [09:35] <annevk2> it might not work that way in Firefox
# [09:35] <annevk2> i think it does in WebKit
# [09:35] <annevk2> I think I copied WebKit
# [09:36] <othermaciej> it looks like it would not work in WebKit if you ask for responseXML first
# [09:36] <othermaciej> from code inspection (didn't test)
# [09:37] <othermaciej> when you first ask for responseXML in the DONE state, it sets the createdDocument flag to true, even if it returned null due to a bad MIME type
# [09:42] <annevk2> interesting
# [09:42] * Quits: jwalden (n=waldo@c-98-248-40-206.hsd1.ca.comcast.net) ("ChatZilla 0.9.85-rdmsoft [XULRunner 1.9.1.5/20091105041600]")
# [09:42] <annevk2> XHR2 does not have that flag currently
# [09:42] <annevk2> we can add it I suppose
# [09:42] <ment> hsivonen: btw, i had a discussion with you about entity lookup implementation for html5; i doubt you can do better than this: http://ibawizard.net/~thement/ent/
# [09:42] <annevk2> though that imposes other requirements...
# [09:43] <othermaciej> well I have no idea if that was a deliberate decision or just an accident of our implementation
# [09:43] <ment> hsivonen: (for example, try ./state "notinx")
# [09:43] <othermaciej> we could just as easily set it only in the case where you create a document, or clear it if overrideMimeType is called, or whatever
# [09:43] <annevk2> kk
# [09:45] <hsivonen> ment: will you have incremental trie lookup in the tokenizer?
# [09:45] <hsivonen> ment: is your tokenizer suspendable after any input character?
# [09:46] <ment> hsivonen: ad incremental trie: i'm thinking about it, but it's not an issue now.
# [09:46] * Quits: dave_levin (n=dave_lev@216.239.45.130)
# [09:47] <ment> hsivonen: ad suspendability: my tokenizer seeks in input anyway, so no (but the lookup algorithm is suspendable)
# [09:49] * Quits: workmad3 (n=davidwor@cpc3-bagu10-0-0-cust651.1-3.cable.virginmedia.com)
# [09:54] <hsivonen> ment: ok.
# [09:55] <hsivonen> ment: I take it that you aren't designing your tokenizer to be used in an environment that has document.write.
# [09:58] <ment> hsivonen: no, but that could be easily fixed
# [10:02] * Quits: nattokirai (n=nattokir@gw0.mozilla.or.jp) (Read error: 145 (Connection timed out))
# [10:03] * Quits: virtuelv (n=virtuelv@pat-tdc.opera.com) ("Ex-Chat")
# [10:12] * Quits: GarethAdams|Home (n=GarethAd@pdpc/supporter/active/GarethAdams)
# [10:15] * Joins: archtech (i=stanv@83.228.56.37)
# [10:21] * Joins: broquaint (i=a1676553@spc2-brig11-0-0-cust222.asfd.cable.virginmedia.com)
# [10:23] * Hixie accidentally takes his server down
# [10:23] <Hixie> can't blame dreamhost this time
# [10:24] <Hixie> though of course as soon as i do this the tools i need to fix it get flaky
# [10:26] * Joins: danbri (n=danbri@unaffiliated/danbri)
# [10:26] * Quits: yoshu (n=josh@174-18-197-62.tcso.qwest.net)
# [10:32] <BenGerrissen> Hey peeps, I can ask questions concerning html5 here right? =P
# [10:33] <annevk2> you can certainly try
# [10:34] <BenGerrissen> I'm currently writing a document about semantic html for our developers and am looking at the W3C specs and fail to spot good semantic guidelines for elements (for example Tables)
# [10:35] <BenGerrissen> Should semantic guidelines be present in the W3C spec for HTML5?
# [10:36] <BenGerrissen> Like in a dictionary, context of a word
# [10:36] <annevk2> what exactly is missing under the definition of the table element?
# [10:36] <BenGerrissen> Usage context
# [10:37] <BenGerrissen> My description of a table for my newbie document is:
# [10:37] <BenGerrissen> Tables are used for tabular data where columns and rows have meaning and more important, each iteration of a column has the same meaning as the next/previous and the same for each iteration of a row.
# [10:38] <BenGerrissen> Was checking specs to see if that description is actually right and am seeing it can still be interpeted for wrong usage
# [10:38] <annevk2> it doesn't seem correct
# [10:39] <gsnedders> jgraham: I'm here now
# [10:39] <hsivonen> on balance, using tables for layout is less bad that authors trying to use non-<table> markup for stuff that should be a table
# [10:40] <annevk2> Hixie, tables seem to have the issue of author content pointing into UA content
# [10:40] * Joins: virtuelv (n=virtuelv@pat-tdc.opera.com)
# [10:41] <annevk2> Hixie, e.g. the definition of "table" is in an impl-marked section
# [10:41] <Hixie> annevk2: yeah, what should i do about it?
# [10:42] <annevk2> presumably the first part of the processing model be for both authors and implementors
# [10:42] <annevk2> just like writing and parsing html you could have writing and parsing a table
# [10:42] <annevk2> I suppose
# [10:44] <Hixie> file a bug
# [10:44] <gsnedders> Hixie: You need to go back to fixing bugs though :P
# [10:44] <Hixie> next week i'm on vacation
# [10:44] <Hixie> we'll see after that :-)
# [10:45] <gsnedders> Going anywhere nice?
# [10:45] <Hixie> staying at home
# [10:45] <Hixie> just not dealing with all the process BS of standards
# [10:46] <annevk2> nice :)
# [10:46] * gsnedders goes back to reading the BS
# [10:46] <hsivonen> Hixie: are you going to be working but without Process? :-)
# [10:47] <BenGerrissen> appologies, just found http://www.w3.org/TR/html4/appendix/notes.html#notes-tables >.<
# [10:49] * Quits: GPHemsley (n=GPHemsle@pdpc/supporter/student/GPHemsley) ("This computer has gone to sleep")
# [10:50] <Hixie> hsivonen: nah, probably gonna be working on a game
# [10:50] <Hixie> either writing or playing
# [10:50] <Hixie> probably writing
# [10:51] <Hixie> maybe i'll see if i can write a websocket server in pascal for fun
# [10:51] <Hixie> i've never written pascal code on unix
# [10:51] <Hixie> heck i haven't written any pascal in about a decade
# [10:52] <hsivonen> why would you write pascal for fun?
# [10:53] <hsivonen> (sorry if that was offensive. pascal just doesn't strike me as a "for fun" language)
# [10:53] <Hixie> object pascal
# [10:54] <Hixie> not the stuff of olde days
# [10:54] * hsivonen is still bitter at textbook authors who used 1-based indeces
# [10:54] <Hixie> pascal in any sane environment is always 0-based
# [10:56] <Hixie> object pascal (the stuff borland used to ship, and now the stuff of the FreePascal project) bears about the same resemblance to the "textbook pascal" as visual basic does to basic
# [10:57] <Hixie> except the starting point is about six orders of magnitude better
# [10:59] * jgraham injects the tangentially related fact that many "famous" scientific codes written in C use deliberately 1 based indexing for arrays simply by leaving index 0 empty
# [11:02] * Joins: Creap (n=Creap@vemod.brg.sgsnet.se)
# [11:02] <ment> jgraham: that's mostly because many formulas work only with 1-based indexing
# [11:03] <ment> jgraham: (for example, index of parent node in binary heaps stored in array)
# [11:04] * Joins: workmad3 (n=davidwor@ashleys2.mimas.ac.uk)
# [11:04] <annevk2> so if we get a local sandboxed file system per origin why should localStorage support File too?
# [11:04] * Philip` injects the note that Perl lets you dynamically change between 0-based and 1-based and n-based array indexing
# [11:05] <annevk2> Perl sounds awesome
# [11:05] <MikeSmith> gun, meet foot
# [11:05] * Joins: Phae (n=phaeness@gateb.mh.bbc.co.uk)
# [11:06] * Joins: ROBOd (n=robod@89.122.216.38)
# [11:06] <jgraham> ment: I have no idea how a formula could only work with 1 based indexing. You just need to subtract 1 to get a zero based index
# [11:06] <jgraham> ment: I was under the impression that people did this because a) fortran uses 1 based indexing
# [11:06] <gsnedders> http://krijnhoetmer.nl/irc-logs/html-wg/20071219#l-609
# [11:06] * Quits: Rik` (n=Rik`@pha75-2-81-57-187-57.fbx.proxad.net) (Read error: 113 (No route to host))
# [11:07] <jgraham> and b) most textbooks use 1 based indexing for vectors
# [11:07] <Hixie> Philip`: even the perl documentation says "we don't talk about that"
# [11:07] <jgraham> So the formulae look more familar
# [11:07] <gsnedders> But I guess they're stuck with it for compat
# [11:09] <jgraham> ment: Also I wasn't suggesting that there actually was a HTML5 parser written in Go, only that there could be
# [11:11] <jgraham> (I guess I have no evidence that there isn't except that it seems unlikely; for all I know each google employee was given a party bag when they left work on Friday containing a small black book entitled "How to be evil" and a 5.25" floppy disk containing a conforming HTML5 parser implemented in Go)
# [11:14] <ment> jgraham: i was only pointing out, that the reason for using 1-based indeces is not only matter of habit
# [11:14] <hsivonen> http://www.schleef.org/blog/2009/11/11/theora-on-ti-c64x-dsp-and-omap3/
# [11:15] <ment> jgraham: 0-based indeces are natural to computer because of pointer arithmetic, but some algorithms for computing positions in array work only with 1-based indeces because of various properties of number one
# [11:16] <ment> jgraham: one example is the heap (you need 3x more arithmetic operation for computing parent with 0-based indeces), i have dozen more examples in combinatorical algorithms textbook
# [11:29] * Joins: webben (n=benh@nat/yahoo/x-hfypopabjodkdwch)
# [11:32] <hsivonen> what's the situation of data: URIs working with XHR?
# [11:34] <annevk2> not same-origin so won't work
# [11:34] <hsivonen> ah.
# [11:34] <hsivonen> thanks
# [11:34] <virtuelv> fairly absurd, though
# [11:35] <hsivonen> yet another case of specs making it harder to write test cases
# [11:36] * Quits: Creap (n=Creap@vemod.brg.sgsnet.se) (Remote closed the connection)
# [11:37] <othermaciej> data: URIs are surprisingly complex in terms of their security implications
# [11:37] <annevk2> we could make them work
# [11:37] <annevk2> but the idea was rejected iirc
# [11:37] <othermaciej> in XHR? or in general?
# [11:37] <annevk2> in XHR
# [11:37] * Joins: Creap (n=Creap@vemod.brg.sgsnet.se)
# [11:37] <annevk2> by also allowing URLs whose scheme is data
# [11:38] <othermaciej> it would be sad (and only really useful for test cases I think) for XHR to be different from the rest of the Web platform on this
# [11:38] <virtuelv> is the situation any different from in canvas?
# [11:38] <annevk2> yes
# [11:38] <othermaciej> I think it might be possible to make data: URIs same-origin with their opener/parent, like about:blank, but then you have to forbid anyone but the opener or parent frame navigating a window to a data: URI
# [11:38] * Quits: Creap (n=Creap@vemod.brg.sgsnet.se) (Remote closed the connection)
# [11:38] <annevk2> images with data URLs are considered same-origin
# [11:39] <annevk2> (forgot how that worked again in detail)
# [11:39] <othermaciej> or track whether the data: load was initiated by something that is same-origin as the current parent or whatever
# [11:39] * Parts: virtuelv (n=virtuelv@pat-tdc.opera.com) ("Ex-Chat")
# [11:39] * Joins: virtuelv (n=virtuelv@pat-tdc.opera.com)
# [11:39] <annevk2> I believe we special case data URLs currently in XSLT to allow for easy tests...
# [11:39] <annevk2> though what's next, special casing E4X too?
# [11:40] <othermaciej> in <img> it's clearly not a security hole, though I think that is also true for XHR
# [11:40] <othermaciej> for frames, the security risk if you treat it like about:blank is that an attacker will navigate one of your subframes to an evil data: URI
# [11:41] <othermaciej> there are ways to fix it up, but so far no one has decided data: URIs are useful enough
# [11:41] <othermaciej> javascript: URIs have to be handled the way data: URIs would be sorta
# [11:41] <othermaciej> you can't navigate a frame you don't own to a javascript: URI
# [11:41] <annevk2> yeah, nobody liked handling javascript: for XHR
# [11:41] <annevk2> so I dropped the idea
# [11:42] <othermaciej> I don't think handling data: for XHR would require handling javascript:, I'm just saying if you wanted data: <iframes> to be same-origin with their parent (so you could use it as a replacement for src="about:blank" / document.write or src="javascript:'contents here'")
# [11:43] <othermaciej> then you would have to handle data: sort of the same as javascript:
# [11:44] * Joins: svl (n=me@ip565744a7.direct-adsl.nl)
# [11:48] * Joins: Creap (n=Creap@vemod.brg.sgsnet.se)
# [11:51] * Quits: Lachy (n=Lachlan@85.196.122.246) ("This computer has gone to sleep")
# [12:03] * Joins: Lachy (n=Lachlan@pat-tdc.opera.com)
# [12:15] * Quits: Arron (n=arronei@nat/microsoft/x-pxeyfpmgprxsrxoy)
# [12:21] * Quits: Lachy (n=Lachlan@pat-tdc.opera.com) ("Leaving")
# [12:23] <hsivonen> gotta love how data: URLs seem so simple but are a can of worms for Same Origin
# [12:25] <Philip`> If someone redesigned the web with no legacy constraints, is there a better security model than Same Origin that they should use?
# [12:26] * Quits: wakaba_ (n=wakaba_@122x221x184x68.ap122.ftth.ucom.ne.jp) ("Leaving...")
# [12:29] * Joins: Lachy (n=Lachlan@pat-tdc.opera.com)
# [12:35] <jgraham> Philip`: Security people seem to love object capability models these days
# [12:35] * Joins: Michelangelo (n=Michelan@109.112.21.8)
# [12:36] * jgraham notes he doesn't have the level of understanding needed to have a useful discussion about whether that would actually be better
# [12:37] * Joins: myakura (n=myakura@p2197-ipbf7505marunouchi.tokyo.ocn.ne.jp)
# [12:41] * Quits: tkent (n=tkent@220.109.219.244) ("Leaving...")
# [12:41] <othermaciej> "If someone redesigned the web with no legacy constraints" is such a huge hypothetical that you could imagine almost everything
# [12:41] <othermaciej> it does kind of seem like same-origin evolved somewhat accidentally
# [12:46] * Joins: weinig_ (n=weinig@c-67-180-35-124.hsd1.ca.comcast.net)
# [12:46] * Quits: weinig (n=weinig@c-67-180-35-124.hsd1.ca.comcast.net) (Read error: 104 (Connection reset by peer))
# [12:46] * weinig_ is now known as weinig
# [12:54] <krisives> Philip`: Did I show you http://santiance.com/2009/11/better-html-form-cryptography/ ?
# [12:55] <krisives> Philip`: Anything you would like to add about the subject would be excellent
# [12:55] * Joins: remysharp (n=remyshar@remysharp.plus.com)
# [12:57] <krisives> My post isn't very good, but it's a start
# [13:08] * Joins: taf2 (n=taf2@38.99.201.242)
# [13:15] * Joins: danbri_ (n=danbri@unaffiliated/danbri)
# [13:15] * Quits: JonathanNeal (n=Jonathan@76-219-69-134.lightspeed.breaca.sbcglobal.net) (Read error: 60 (Operation timed out))
# [13:15] <hsivonen> is sync xhr supposed to call into the readystate handler?
# [13:20] <hsivonen> hmm. a quick look at the spec suggests that it doesn't
# [13:21] * Quits: danbri (n=danbri@unaffiliated/danbri) (Read error: 60 (Operation timed out))
# [13:27] <gsnedders> hsivonen: There was a long discussion on the moz bug about that with anne about what the spec should say, AFAIK that's where most of the discussion was
# [13:28] <hsivonen> gsnedders: was there a conclusion?
# [13:28] <gsnedders> I think so.
# [13:28] <hsivonen> as far as I can tell, Gecko doesn't fire progress events
# [13:28] <gsnedders> That's true, I know that much
# [13:29] <hsivonen> writing test cases that try to be evil shows how little I know about the evil parts of the platform
# [13:29] <hsivonen> I've never used sync XHR for real work, so this all is a surprise to me
# [13:29] * gsnedders wonders what the non-evil parts of the platform are
# [13:33] <othermaciej> depends on what you consider evil
# [13:34] * Joins: yutak_home (n=kee@R214157.ppp.dion.ne.jp)
# [13:34] <othermaciej> personally I think being the biggest distributed infosystem in the world gives the Web a lot of points in the "good" column
# [13:34] <othermaciej> to the point that it seems petty to nitpick the oddities
# [13:35] <jgraham> good: it works bad: everyone is surprised
# [13:36] * Quits: erlehmann (n=erlehman@82.113.106.21) (Read error: 110 (Connection timed out))
# [13:39] <Philip`> krisives: Why do you say SSL is "in shambles"?
# [13:40] <hsivonen> othermaciej: I consider spinning nested event loops evil
# [13:40] <Philip`> krisives: Also, what exactly is "the old technology, which should be deprecated, and eventually removed"?
# [13:41] * Joins: pmuellr (n=pmuellr@nat/ibm/x-zoulwafhuutmglop)
# [13:41] <Philip`> hsivonen: "to avoid regressing the parsing performance of existing XHTML 1.0 pages" - do you have any data on how much of a difference the number of entities makes?
# [13:42] <othermaciej> hsivonen: seems more stupid than evil to me (though perhaps using it is slightly morally blameworthy)
# [13:42] * Joins: maikmerten (n=merten@ls5dhcp196.cs.uni-dortmund.de)
# [13:42] <hsivonen> Philip`: no data, just guessing
# [13:42] <hsivonen> Philip`: the mathml DTD is larger, so I'd assume it to take longer to parse
# [13:42] * Philip` can't imagine it making a significant difference, with a suitable data structure
# [13:43] <Philip`> Hmm, is this in the context of browsers or other XML tools?
# [13:43] <hsivonen> Philip`: I don't mean lookup time. I mean DTD parse time.
# [13:43] * Joins: smaug_ (n=chatzill@cs181150024.pp.htv.fi)
# [13:43] <hsivonen> Philip`: in the context of the current Gecko/expat setup
# [13:43] <hsivonen> Philip`: that doesn't do fancy optimizations inside expat
# [13:43] <Philip`> Seems silly to parse an unchanging DTD for every page
# [13:43] <hsivonen> Philip`: but actually parses a bogo-DTD
# [13:44] <hsivonen> Philip`: maybe
# [13:44] <othermaciej> krisives: submitting a salted hash of the password is an interesting idea (though you can do that "by hand" with client-side JS if you really want)
# [13:44] <Philip`> It should be hard-coded or cached or something
# [13:44] <hsivonen> Philip`: hacking expat would be smarter if you believe it is worthwhile to polish the XML code path
# [13:45] <krisives> othermaciej: I think a novel solution could use a composite hash with the salt also containing a hash of the document payload
# [13:45] <othermaciej> krisives: it seems like a fair criticism that over HTTPS, this won't be very effective against the man-in-the-middle attack vector
# [13:45] <hsivonen> Philip`: anyway, the concern applies to any implementation that uses a vanilla XML processor
# [13:45] <krisives> othermaciej: As I tried to stress as much as possible in the article, this is primarily to STOP SENDING PLAINTEXT PASSWORDS
# [13:46] <hsivonen> Philip`: Gecko happens to be such an impl. at the moment
# [13:46] <othermaciej> a password sent over SSL (or really nowadays TLS) is not being sent in plaintext
# [13:46] <krisives> othermaciej: It's plain text is sent, it's obscured, but it's sent
# [13:46] <othermaciej> it's sent encrypted
# [13:46] <krisives> The fact of the matter is that the data is there, when it doesn't need to be
# [13:47] <krisives> Security isn't really a sliding scale, you're either secure or not secure. Sending such information is what opens this vulnerability.
# [13:48] <Philip`> hsivonen: Hmm, I suppose the concern makes sense then
# [13:48] <othermaciej> if the vulnerability is man-in-the-middle attack against SSL (presumably using a "self-signed" cert) then your proposed fix does not fix it
# [13:48] <Philip`> Incidentally, "entity resolver" is a horribly confusing name
# [13:48] <Philip`> I'd expect it to be the thing that resolves character entities
# [13:48] <hsivonen> Philip`: the XML spec uses 'entity' in multiple confusing ways
# [13:49] * jgraham suggests that security is exactly a sliding scale
# [13:49] <othermaciej> and yes, security is a sliding scale
# [13:49] <hsivonen> Philip`: your vocabulary has been poisoned by HTML. You need to think in SGML terms.
# [13:49] <jgraham> Like pulling my network cable out would dramatically increase security. But it would have downsides too
# [13:49] <krisives> othermaciej: A MITM attack today will yield your plain-text password if carried out successfully. A MITM attack with this system would at best give you a very local and useless hash
# [13:49] <othermaciej> the binary conception of security may apply to a scenario with a determined attacker with unlimited resources, but in that case you almost certainly will lose
# [13:49] <othermaciej> but most attackers are opportunistic
# [13:49] <Philip`> jgraham: Then you'd be using wireless which is even less secure
# [13:50] <othermaciej> krisives: an MITM attacker against SSL can send you different content, or even a modified version of the supplied content
# [13:50] * Quits: virtuelv (n=virtuelv@pat-tdc.opera.com) ("Ex-Chat")
# [13:50] <krisives> This isn't going anywhere really, and it appears that this discussion continiously gets side tracked as some kind of "end all" to security, usually with HTTPS, SSL, etc. being dragged into the mix. So here is my response: Can anyone tell me a good reason why we are including the plain-text password over the wire when it's not needed?
# [13:50] <jgraham> Philip`: I don't have a wireless capability in this computer
# [13:51] <othermaciej> krisives: your idea might be effective as a defense against passive network listeners finding passowrds in non-SSL traffic (which the user may have also unwisely used ona s ecure site)
# [13:51] <Philip`> jgraham: Oh, okay
# [13:51] <krisives> I'm not really interested in the argument that old technology is what "breaks" the idea
# [13:51] <othermaciej> krisives: if you claim a change defends against a security vulnerability, you can expect people will investigate and possibly question that claim
# [13:52] <krisives> othermaciej: I don't think I made any claims
# [13:52] <Philip`> krisives: Sending plain-text passwords is easier, so there needs to be an adequately compelling reason to do something more complex
# [13:53] <othermaciej> krisives: personally, I get very suspicious of anyone promoting a security idea who gets defensive when you apply analysis
# [13:53] <krisives> Philip`: That's drivel. I'm sorry, but it's not compelling in any way.
# [13:53] <Lachy> krisives, are you concerned about 3rd parties obtaining the plain text password (which SSL protects against), or are you concerned that the site itself, to which an SSL connection is made, can ultimately read the submitted password?
# [13:54] <othermaciej> krisives: is your scheme safe against replay attacks using the hashed password?
# [13:54] <krisives> Firstly, this has nothing to do with SSL. I mearly mentioned it, since we've all put our eggs into a now broken basket.
# [13:54] <krisives> othermaciej: I have no format scheme yet
# [13:54] <krisives> othermaciej: However, yes, it would be tolerant to a replay attack with proper salting and server-side components
# [13:54] <othermaciej> if your threat model is man-in-the-middle attack, then your scheme does not really do anything, regardless of the transport protocol
# [13:55] * jgraham still doesn't understand why SSL is being described as "broken"
# [13:55] <krisives> othermaciej: This is to stop the sending of plain-text passwords, not prevent MITM attacks
# [13:55] <othermaciej> if your threat model is passive listener, then I think your scheme could be helpful, if it's made safe against replay attacks
# [13:55] <krisives> jgraham: You can sign your own certs for other authorities? Is this not broken ?
# [13:55] <othermaciej> (but I think not really helpful in the case of SSL, since it doesn't seem vulnerable against passive listeners)
# [13:56] * Joins: JonathanNeal (n=Jonathan@76-219-69-134.lightspeed.breaca.sbcglobal.net)
# [13:56] <krisives> Can anyone answer the question of why we're sending the sensitive details to begin with?
# [13:56] * Quits: yutak_home (n=kee@R214157.ppp.dion.ne.jp) ("Ex-Chat")
# [13:56] <othermaciej> krisives: browsers are starting to take a harder line on rejecting self-signed certs (or at least letting sites opt into stricter security using something like STS)
# [13:57] <Philip`> MD5 is broken but SSL is moving to better hashes
# [13:57] <othermaciej> krisives: you're asking the wrong question - if you propose making a change for security, it's up to you to justify it, and only then is it even relevant for anyone to argue the other side
# [13:57] <othermaciej> Philip`: there are two serious problems with SSL, one a UI issue and one a social/business issue
# [13:57] <othermaciej> 1) when you get certain kinds of bogus certs, the UI in many browsers is just an "OK/Cancel" dialog
# [13:58] <krisives> othermaciej: So, I haven't justified that we shouldn't be sending a password?
# [13:58] <krisives> Let's try it this way: If the password was to NOT be sent, then an attacker would never have it.
# [13:58] <othermaciej> so an attacker that can control your DNS can pose as a valid secure site and the user's only defense is a clickthrough dialog that they won't read
# [13:59] <othermaciej> 2) it's way too easy to get a low-grade cheap SSL cert, and the process of some CAs may not do a good job at preventing people from obtaining valid certs for domains they do not own
# [14:00] <jgraham> krisives: You seem to be saying X is a problem. I assert Y solves X. Then people say how does Y cope with Z, you reply "I already justified that X is a problem"
# [14:00] * Quits: smaug_ (n=chatzill@cs181150024.pp.htv.fi) ("ChatZilla 0.9.85 [Firefox 3.7a1pre/20091015073430]")
# [14:00] <krisives> Solve for X, Y, and Z please?
# [14:00] <othermaciej> krisives: encryption is one way to protect a password, a cryptographically strong hash (with a salt and a nonce) is another
# [14:00] * Joins: smaug_ (n=chatzill@cs181150024.pp.htv.fi)
# [14:01] <jgraham> krisives: e.g. X == "sending plain text passwords" Y == "your hasing scheme" and Z == "replay attacks"
# [14:01] <othermaciej> krisives: to show that adding cryptographic hashing over an encrypted channel is worthwhile, one would need to propose a threat model where the hashing will defend you even if the encryption fails
# [14:01] <krisives> jgraham: Did you read my posting ?
# [14:02] <jgraham> krisives: No, I'm just following the discussion here
# [14:02] <othermaciej> I don't think it's accurate to describe transmission over an encrypted channel as "sending plain text passwords"
# [14:02] <othermaciej> ciphertext is not plaintext
# [14:03] <krisives> Imagine we need to test a safe way to launch people 30ft into the air and have them land without being harmed. I'm basically saying we should be using a test dummy, while others are saying "Don't worry" we'll just build a strong enough test-suite and they won't be harmed. SSL here being the "strong enough" suite, that we hope won't break and kill our friend plummeting from 30ft.
# [14:03] <jgraham> (It is possible that you do address these issues in the post, or that I have not been understanding the discussion)
# [14:04] <othermaciej> when analyzing the security of a system, the first question should always be, "what's the threat model?"
# [14:04] * Quits: MikeSmith (n=MikeSmit@tea12.w3.mag.keio.ac.jp) ("Tomorrow to fresh woods, and pastures new.")
# [14:04] <othermaciej> once you answer that, you can then meaningfully investigate whether various defenses are likely to be effective
# [14:08] * Joins: MikeSmith (n=MikeSmit@tea12.w3.mag.keio.ac.jp)
# [14:10] * Quits: jacobolus (n=jacobolu@dhcp-0059871802-99-6d.client.student.harvard.edu) ("Leaving...")
# [14:11] * Quits: gavin_ (n=gavin@firefox/developer/gavin) (Read error: 60 (Operation timed out))
# [14:11] <Philip`> othermaciej: I was assuming krisives was referring to http://www.win.tue.nl/hashclash/rogue-ca/
# [14:11] * Joins: gavin_ (n=gavin@firefox/developer/gavin)
# [14:12] <othermaciej> Philip`: that is indeed yet another weakness in SSL
# [14:13] <krisives> Philip`: SSL broken or not doesn't warrant sending my passphrase, IMO
# [14:24] * Quits: cfq (n=cfq@94-194-98-91.zone8.bethere.co.uk) (Read error: 60 (Operation timed out))
# [14:29] * Quits: Michelangelo (n=Michelan@109.112.21.8) (Read error: 110 (Connection timed out))
# [14:39] <krisives> Philip`: Thanks for that link, it's awesome
# [14:49] * Joins: karlushi (n=karlushi@fw.vdl2.ca)
# [14:54] * Joins: TabAtkins (n=chatzill@70-139-15-246.lightspeed.rsbgtx.sbcglobal.net)
# [14:57] * Joins: mpt_ (n=mpt@canonical/mpt)
# [14:57] * Joins: mat_t (n=mattomas@72-254-192-38.client.stsn.net)
# [14:58] * Quits: mat_t (n=mattomas@72-254-192-38.client.stsn.net) (Remote closed the connection)
# [14:58] * Joins: mat_t (n=mattomas@72-254-192-38.client.stsn.net)
# [14:59] * Joins: annevk (n=annevk@5355732C.cable.casema.nl)
# [15:01] * Joins: virtuelv (n=virtuelv@162.179.251.212.customer.cdi.no)
# [15:04] <hsivonen> hmm. is <script src=""> magic like <img src="">?
# [15:04] <hsivonen> or will it just resolve to the doc itself?
# [15:05] <gsnedders> It will just resolve to the doc itself
# [15:05] * Quits: mitnavn (n=mitnavn@unaffiliated/mitnavn)
# [15:05] <gsnedders> (que weird things like zcorpan's HTML/JS file)
# [15:05] <hsivonen> thanks
# [15:06] * Quits: mat_t (n=mattomas@72-254-192-38.client.stsn.net) ("This computer has gone to sleep")
# [15:06] * hsivonen is a bit disoriented trying to grok how Gecko deals with "" vs. absent attribute in this case
# [15:07] <AryehGregor> Hixie, othermaciej, annevk2: I'm talking about text/html that also happens to be well-formed XML. Yes, currently almost every page on Wikipedia is well-formed XML -- there are a few known bugs so this isn't true in corner cases, but it's true very reliably. And yes, XHR uses do overrideMimeType().
# [15:08] <annevk> I wonder how that works in IE...
# [15:08] <annevk> Or does IE always parse as XML regardless of the media type?
# [15:10] <AryehGregor> It's possible these user scripts don't work in IE.
# [15:11] <thedj> lemme check that.
# [15:12] <annevk> anyway, once XHR2 is more widely deployed they could stop using overrideMimeType and things will work fine
# [15:12] * Joins: virtuelv_ (n=virtuelv@pat-tdc.opera.com)
# [15:12] <thedj> nah, IE is not supported (as with most complicated JS tools we use)
# [15:12] <annevk> at least the bit of XHR2 that makes resonseXML work for text/html resources
# [15:12] <AryehGregor> But this is a problem for any XML-parsing tool, I assume. There are others that are implemented in other languages and use those languages' XML libraries to parse the pages.
# [15:12] <hsivonen> annevk: I wonder how many scripts that breaks...
# [15:13] <AryehGregor> One of the goals of our switch to HTML5 was to continue serving well-formed XML so as not to break those tools.
# [15:13] <AryehGregor> Which seems to be harder than I thought, since XML well-formedness is a lot stupider than I thought . . .
# [15:13] <hsivonen> AryehGregor: it's a bit amazing that there's existence proof of someone *actually* using real XML tools with XHTML-as-text/html
# [15:13] <annevk> hsivonen, I don't see how it would break anything
# [15:13] <AryehGregor> hsivonen, well, it's ubiquitous on Wikipedia.
# [15:14] <AryehGregor> Because Wikipedia is reliably well-formed XML.
# [15:14] * jgraham wonders why XHTML entities work in Real XML Tools
# [15:14] <annevk> (well, as with all changes I can dream up something theoretical, but nothing quite obvious)
# [15:14] <AryehGregor> jgraham, maybe they don't, and some hack is used which would cause it to not break on <!doctype html> either. I can hope.
# [15:14] <hsivonen> jgraham: Real XML Tools could hit w3.org :-)
# [15:14] <annevk> Yeah, most XML tools would choke on Wikipedia XML
# [15:15] <hsivonen> the only reason why I've parser wikipedia as XML has been benchmarking the HTML parser vs. Xerces
# [15:15] <hsivonen> s/I've parser/I've parsed/
# [15:16] <AryehGregor> Do most XML tools really refuse to work with named entities even if a proper DTD is given (which Wikipedia does)?
# [15:17] <hsivonen> AryehGregor: no, they work until the w3.org DoS control mechanism blacklists their IP address :-)
# [15:17] * Joins: mat_t (n=mattomas@72-254-192-38.client.stsn.net)
# [15:18] <jgraham> (assuming they download the DTD)
# [15:18] <jgraham> (which you would hope they don't by default)
# [15:18] <jgraham> (hope is not always matched by reality though)
# [15:19] <hsivonen> jgraham: hope indeed doesn't match reality here
# [15:19] <hsivonen> for XML awesomeness try this:
# [15:19] <hsivonen> put the entire enterprise behing a single firewall IP to the public Internet
# [15:19] <hsivonen> batch parse XML
# [15:20] <hsivonen> try to get work done that requires reading w3.org in a browser
# [15:20] * Joins: paul_irish (n=paul_iri@12.33.239.250)
# [15:21] <Philip`> (Are there specific examples of that being a real problem?)
# [15:22] <hsivonen> Philip`: various JDK/Xerces releases
# [15:23] * Philip` means specific examples of enterprises, rather than of parsers
# [15:24] * Quits: mat_t (n=mattomas@72-254-192-38.client.stsn.net) ("This computer has gone to sleep")
# [15:25] * Joins: mitnavn (n=mitnavn@unaffiliated/mitnavn)
# [15:27] * jgraham confirms that lxml dies when parsing http://en.wikipedia.org/wiki/Main_Page
# [15:27] <jgraham> XMLSyntaxError: Entity 'nbsp' not defined, line 390, column 50
# [15:28] * Quits: virtuelv (n=virtuelv@162.179.251.212.customer.cdi.no) (Read error: 110 (Connection timed out))
# [15:29] * Joins: mat_t (n=mattomas@72-254-192-38.client.stsn.net)
# [15:31] <jgraham> (although I guess there is some way to make it use the DTD)
# [15:31] * Joins: Michelangelo (n=Michelan@193.205.162.69)
# [15:34] * Quits: TabAtkins (n=chatzill@70-139-15-246.lightspeed.rsbgtx.sbcglobal.net) ("ChatZilla 0.9.85-rdmsoft [XULRunner 1.9.0.13/2009073109]")
# [15:34] * Joins: TabAtkins (n=chatzill@70-139-15-246.lightspeed.rsbgtx.sbcglobal.net)
# [15:43] * thedj reading up more about responseXML
# [15:46] <MikeSmith> krijnh: you there?
# [15:47] <MikeSmith> wanted to ask if you can add a new channel to your IRC logger
# [15:50] * Quits: mat_t (n=mattomas@72-254-192-38.client.stsn.net) ("This computer has gone to sleep")
# [15:52] * Quits: mpt_ (n=mpt@canonical/mpt) (Read error: 113 (No route to host))
# [15:56] <hsivonen> does anyone happen to remember if SVG is supposed to treat xlink:href="" the same way as absent attribute?
# [15:56] <hsivonen> (maybe I should locate an SVG channel)
# [15:56] <hsivonen> (or read the spec)
# [15:58] <annevk> unless otherwise indicated "" is a valid reference so should work
# [15:58] * hsivonen is trying to find out if SVG indicates otherwise
# [16:00] <hsivonen> grr. the SVG Tiny 1.2 spec crashes my browser
# [16:01] * Joins: erlehmann (n=erlehman@82.113.106.20)
# [16:03] * Quits: MikeSmith (n=MikeSmit@tea12.w3.mag.keio.ac.jp) ("Tomorrow to fresh woods, and pastures new.")
# [16:09] * Joins: MikeSmith (n=MikeSmit@tea12.w3.mag.keio.ac.jp)
# [16:14] * Quits: Kuruma (n=Kuruman@114.149.207.82) (Read error: 145 (Connection timed out))
# [16:16] * Joins: dglazkov (n=dglazkov@c-67-188-0-62.hsd1.ca.comcast.net)
# [16:17] * Joins: aroben (n=aroben@unaffiliated/aroben)
# [16:20] * Joins: mpt_ (n=mpt@canonical/mpt)
# [16:21] <AryehGregor> MikeSmith, why aren't all new bug reports echoed to public-html subscribers automatically?
# [16:22] <jgraham> AryehGregor: Can't wikipedia convert entities on output
# [16:22] <MikeSmith> AryehGregor: because of the comment box, and people fucking around using that
# [16:22] <jgraham> to real UTF8?
# [16:22] <MikeSmith> the comment box in teh spec I mean
# [16:22] <Philip`> or to &#nnn;
# [16:23] <AryehGregor> jgraham,   in real UTF-8 is very confusing. :) Numbered entities are also annoying.
# [16:23] <AryehGregor> Also, it's a lot of code to audit.
# [16:24] <jgraham> The lot of code to audit I can agree with\
# [16:24] * gsnedders wonders how hard it is to make Wikipedia not well-formed XML
# [16:24] <AryehGregor> Sticking with a legacy DOCTYPE seems like am ore sensible solution.
# [16:24] * gsnedders doubts it's that hard
# [16:24] <jgraham> But the other issues don't seem like real issues
# [16:24] <jgraham> At least utf-8 is less confusing for non-whitespace characters
# [16:24] <AryehGregor> gsnedders, https://bugzilla.wikimedia.org/show_bug.cgi?id=209
# [16:25] <gsnedders> AryehGregor: But you still have the issue with XML tools using a legacy DOCTYPE, as if they are validating parsers and check the document for conformance, and you use new HTML 5 stuff
# [16:25] <jgraham> and you could transform whitespace characters to numeric codepoints
# [16:25] <jgraham> s/codepoints/entities/
# [16:25] <jgraham> and it is only the final output, not something that people typically edit
# [16:25] <AryehGregor> gsnedders, you can get non-well-formed XML fairly trivially if you're an admin, since some messages are still raw HTML. As a user, there are a few known parser bugs that will misnest tags or such in weird circumstances.
# [16:26] <AryehGregor> gsnedders, validation errors aren't necessarily fatal, though.
# [16:26] <AryehGregor> jgraham, maybe, but remember that I have to convince the Wikimedia sysadmins of all this, and they aren't as enthusiastic about HTML5 as I am.
# [16:27] <gsnedders> AryehGregor: Validation errors can be fatal, likewise not having read an external entity and not knowing what   is can be fatal.
# [16:27] <thedj> AryehGregor: we could use a request specific doctype.... since we will know most tools that use responseXML, we could easily adapt them to add responseXML=yes to the url request.
# [16:27] <AryehGregor> gsnedders, if a parser dies on encountering an unknown attribute, then we're in a situation where it's either ignore that parser or refuse to add any new HTML features to Wikipedia ever.
# [16:27] * gsnedders also thinks PHP in general is not a good language for making sure you are well-formed in
# [16:28] <AryehGregor> gsnedders, s/ for making sure.*$//
# [16:28] <gsnedders> AryehGregor: You could use the HTML 5 DTD, as it should work then :)
# [16:28] <gsnedders> *XML
# [16:28] <gsnedders> (As making sure you don't have characters like U+FFFD isn't fun in PHP)
# [16:28] * Joins: ttepasse (n=ttepas--@p5B0174FA.dip.t-dialin.net)
# [16:28] <gsnedders> *FFFF
# [16:28] <AryehGregor> thedj, that's something of a thought. We could let $wgHtml5/$wgWellFormedXml be overridden on a per-request basis.
# [16:30] <gsnedders> That means double the amount of cached data
# [16:30] <thedj> if used by normal people, but this is used by editors who change pages.
# [16:30] <AryehGregor> Well, a lot of the stuff screen-scrapers want is uncacheable anyway.
# [16:31] <thedj> exactly
# [16:31] <AryehGregor> Either because it's stuff like edit pages, or (as thedj points out) because it's being runned by a logged-in user.
# [16:31] <AryehGregor> But that's something to keep in mind, yeah.
# [16:31] <AryehGregor> I think going with a legacy doctype is the safest way for now.
# [16:31] * thedj too
# [16:31] <AryehGregor> Example of malformed XML in MediaWiki: https://bugzilla.wikimedia.org/show_bug.cgi?id=13909
# [16:32] * hcr is now known as hamcore
# [16:33] <AryehGregor> It's actually not that easy.
# [16:33] <AryehGregor> But there are some bugs.
# [16:33] * Quits: virtuelv_ (n=virtuelv@pat-tdc.opera.com) (Read error: 110 (Connection timed out))
# [16:36] * Quits: remysharp (n=remyshar@remysharp.plus.com) ("Gotta shoot - "peeyaow"")
# [16:40] <thedj> anyway, perhaps this "quirk" should at least be mentioned/warned about in the spec ?
# [16:41] <gsnedders> That entities might not work?
# [16:41] <AryehGregor> thedj, I've suggested that XHTML1 Strict should be a second conforming, non-obsolete doctype that authors should only use if necessary.
# [16:41] <AryehGregor> I'll wait for feedback on that before changing MediaWiki's doctype.
# [16:41] <gsnedders> We already have in 10.1
# [16:41] <AryehGregor> (again)
# [16:41] <gsnedders> 'According to the XML specification, XML processors are not guaranteed to process the external DTD subset referenced in the DOCTYPE. This means, for example, that using entity references for characters in XHTML documents is unsafe if they are defined in an external file (except for <, >, &, " and ').'
# [16:42] <thedj> gsnedders: perhaps add a note about XHR1 +responseXML there ?
# [16:42] <gsnedders> There's nothing special about that case
# [16:43] <gsnedders> It's no different to the normal case
# [16:43] * Joins: hobertoAtWork (n=hobertoa@gw1.mcgraw-hill.com)
# [16:44] <hsivonen> thedj: on the list there were opinions against documenting the entity reality in the HTML5 spec itself
# [16:44] <hsivonen> (the list being public-html in this case, not the whatwg list)
# [16:47] <AryehGregor> hsivonen, that was for the XML MIME type case, though, right?
# [16:48] <hsivonen> AryehGregor: for XML parsing case
# [16:48] * Quits: jmb (n=jmb@login.ecs.soton.ac.uk) (Read error: 54 (Connection reset by peer))
# [16:48] <hsivonen> AryehGregor: which is what this XHR issue is about
# [16:48] * Joins: jmb (n=jmb@login.ecs.soton.ac.uk)
# [16:48] <hsivonen> it's the same magic list
# [16:49] * Joins: zcorpan (n=zcorpan@83.252.193.59)
# [16:49] * Joins: cedricv (n=cedric@112.199.210.20)
# [16:49] <AryehGregor> I seriously hate XML.
# [16:50] <thedj> hehe
# [16:51] * gsnedders notes html5lib has a module called ihatexml
# [16:51] <gsnedders> Also, html5lib has bugs caused by not using that module enough
# [16:51] <jgraham> And caused by that module being wrong
# [16:51] <jgraham> hence the name
# [16:53] * hamcore is now known as msmosso
# [16:54] * msmosso is now known as hamcore
# [16:58] * Quits: jmb (n=jmb@login.ecs.soton.ac.uk) (Read error: 104 (Connection reset by peer))
# [16:59] <Philip`> AryehGregor: "a lot of code" - just stick a nice simple HTML-tidying proxy in front of all the servers and then you won't have much to change :-)
# [16:59] <AryehGregor> Philip`, we do run HTML Tidy, actually.
# [16:59] <AryehGregor> It would be possible, I guess.
# [17:00] <thedj> grah, no HTML tidy.
# [17:00] <AryehGregor> Assuming there are no *other* XML well-formedness gotchas around?
# [17:00] <thedj> i messes with whitespace
# [17:00] <hsivonen> performance FTW!
# [17:01] <Philip`> By "HTML-tidying" I don't mean actually HTML Tidy, just something that tidies HTML
# [17:01] <Philip`> like an HTML5 parser + an HTML5 serialiser configured to not emit named entities
# [17:01] <Philip`> (and to emit XML-compatible slashes and whatever)
# [17:01] <hsivonen> Philip`: itym an (X)HTML5 polyglot serializer
# [17:02] <Philip`> hsivonen: I wouldn't use the term "polyglot" since that suggests impossible things
# [17:02] <Philip`> (since it can't produce identical DOMs when the input contains stuff like <pre>)
# [17:02] * Quits: Maurice (n=ano@a80-101-46-164.adsl.xs4all.nl) ("Disconnected...")
# [17:03] <hsivonen> Philip`: sure it can as long as it zaps leading LFs
# [17:03] <Philip`> It just needs to be a serialiser that emits well-formed XML that is also valid HTML5
# [17:03] <hsivonen> server-side dataloss FTW!
# [17:03] <Philip`> hsivonen: Well, okay, and it could also just return an empty document regardless of the input :-p
# [17:03] * Philip` was assuming no dataloss when the output is parsed as HTML5
# [17:04] <Philip`> s/also valid HTML5/also identical to the input when parsed as HTML5/
# [17:08] <AryehGregor> thedj, do you know of any non-JS-based frameworks that use XML parsers?
# [17:08] <AryehGregor> Do they actually work with named entities, and if so, how?
# [17:08] <thedj> i have no idea.
# [17:08] <thedj> AzaToth might know.
# [17:09] <gsnedders> So if I want to get the spec changed nowadays do I need a full change proposal?
# [17:09] <AryehGregor> gsnedders, only if the editor disagrees with you.
# [17:09] <gsnedders> Hixie: You shall never disagree with me.
# [17:11] * Quits: myakura (n=myakura@p2197-ipbf7505marunouchi.tokyo.ocn.ne.jp) ("Leaving...")
# [17:11] <AryehGregor> thedj, where does he usually hang out?
# [17:11] <thedj> uses nick AzaTht today it seems
# [17:14] * Quits: dglazkov (n=dglazkov@c-67-188-0-62.hsd1.ca.comcast.net)
# [17:14] * Joins: GPHemsley (n=GPHemsle@pdpc/supporter/student/GPHemsley)
# [17:15] * Joins: danbri (n=danbri@unaffiliated/danbri)
# [17:19] <Philip`> "[Genx] doesn't barf when you try to write out an element and pass NULL as the name" - actually it's passing ":" as the name, and NULL as the namespace (which is the proper way of saying no namespace)
# [17:19] <Philip`> but I'm not going to bother posting to public-html just to say that
# [17:21] * Joins: pauld (n=chatzill@194.102.13.2)
# [17:21] * jgraham just bothered posting to point out he wasn't saying "don't use a library"
# [17:21] <erlehmann> gsnedders, any chance theres going to be a public html5lib serializer service where you can try out things? or is hixies dom viewer that already for every reasonable purpose ?
# [17:22] <jgraham> erlehmann: Already exists
# [17:22] <erlehmann> jgraham, where ?
# [17:22] * Joins: cohitre (n=cohitre@c-24-18-158-106.hsd1.wa.comcast.net)
# [17:22] <AryehGregor> You were saying "don't use XML because it's fragile even with a library". :)
# [17:23] <erlehmann> i use XML, you insensitive clod. but gsnedders is right, my blog breaks when someone searches for U+FFFF
# [17:23] <jgraham> There are a couple based on the validator.nu parser and one (possibly broken) based on a (very old version of) html5lib
# [17:23] <erlehmann> wordpress is so ugly. maybe i should really try out habari next.
# [17:23] <Philip`> erlehmann: What if someone writes U+FFFF in a comment?
# [17:24] * Quits: JonathanNeal (n=Jonathan@76-219-69-134.lightspeed.breaca.sbcglobal.net) (Read error: 110 (Connection timed out))
# [17:24] <erlehmann> i'll try that
# [17:24] * Quits: danbri_ (n=danbri@unaffiliated/danbri) (Success)
# [17:24] <Philip`> Libraries that fatally abort instead of outputting ill-formed content aren't any less fragile than print()ing content, because they just shift the error from client-side to server-side
# [17:25] <jgraham> Philip`: In theory you can deal with that somehow
# [17:26] <Philip`> You could use libraries that automatically clean the input (delete invalid characters etc) instead
# [17:27] <Philip`> Then it's extremely unlikely you'll encounter fatal errors
# [17:27] * Quits: pesla (n=retep@procurios.xs4all.nl) (Read error: 104 (Connection reset by peer))
# [17:27] <Philip`> (since bugs are rare)
# [17:28] <AryehGregor> On the other hand, why not just do that on the client side?
# [17:28] <AryehGregor> Like, you know, HTML5 does?
# [17:28] * TabAtkins just realized that he duplicated a helper array independently less than a screen-height from each other.
# [17:28] <Philip`> so fragility doesn't seem like a practical argument against that; a better argument is that few people can be bothered to use such libraries, because print() is far easier
# [17:28] <zcorpan> you could reject any comment that is not "LOL", which makes sure it'll be well-formed
# [17:29] <Philip`> (and you can avoid fragility of print() by putting error-correction on the client)
# [17:29] <TabAtkins> That has the nice side effect of guaranteeing the quality of your comments.
# [17:30] <TabAtkins> And eliminating spam!
# [17:32] <jgraham> Have I horribly misunderstood something or would XML5 mainly be targetted at the web?
# [17:32] <jgraham> and not pitched as a replacement for all possible uses of XML?
# [17:33] <Lachy> re the XHTML character entity thread, is the proposal just to support entities for known legacy XHTML DOCTYPEs (like XHTML 1.0, etc), but XHTML5 with no DOCTYPE or <!DOCTYPE html> will continue not supporting them?
# [17:33] <TabAtkins> My understanding aligns with yours.
# [17:33] <MikeSmith> jgraham: it's targeted toward financial-transaction systems mainly
# [17:34] <TabAtkins> And I'm not sure why Cowan is talking at all if he doesn't have an opinion about web-based languages.
# [17:34] <MikeSmith> jgraham: and for nuclear-weapons targeting systems
# [17:34] <Lachy> some of the replies I've read seem to be confused about that point, and seem to be making arguments against supporting them in XHTML5, which I hope isn't the case anyway.
# [17:34] * Quits: zcorpan (n=zcorpan@83.252.193.59)
# [17:34] <AryehGregor> Lachy, that's what I understood too.
# [17:34] <jgraham> MikeSmith: heh
# [17:34] * Joins: dglazkov (n=dglazkov@nat/google/x-addozdpblrvzdosm)
# [17:34] <AryehGregor> jgraham, I don't why XML5 shouldn't be a general XML replacement.
# [17:34] <AryehGregor> XML brittleness can't be a problem only on the web.
# [17:35] <TabAtkins> To be fair, I like draconian-ness in things that I have direct control over.
# [17:35] <Philip`> When you call it "XML5", it shouldn't be surprising if people think you're trying to replace all XML
# [17:35] * Quits: Rik|work (n=Rik|work@fw01d.skyrock.net)
# [17:37] <erlehmann> AryehGregor, you obviously a verb
# [17:38] <MikeSmith> maybe it should be called fuXML
# [17:38] <erlehmann> 5 is the magic number :) html5, url5, xml5 — what about safari 5 ?
# [17:38] * Quits: Michelangelo (n=Michelan@193.205.162.69) (Remote closed the connection)
# [17:38] <TabAtkins> erlehmann: ?_? There's no verb missing.
# [17:38] <Lachy> XML5 should be completely backwards compatible with XML 1.0 (not sure about 1.1), so there's no reason it shouldn't simply replace it
# [17:38] <Philip`> TabAtkins: Yes there is - AryehGregor said he didn't why
# [17:38] <AryehGregor> erlehmann, well, we should have Chrome 5 within two weeks or so at the current rate.
# [17:39] <TabAtkins> ... Wow that flew past me.
# [17:39] <AryehGregor> Philip`, I would look up "why" in the OED and try to find a verb meaning for it, but I really can't be bothered.
# [17:39] <Philip`> Chrome will have to slow down version increments else they'll hit double digits and break UA sniffing
# [17:39] <erlehmann> AryehGregor, chrome is weirding me out on so many levels o.0
# [17:39] <MikeSmith> Lachy: you're clearly not thinking about the dangers carefully -- the malformed telegrams that result in financial ruin for rail barons, etc.
# [17:40] <Philip`> AryehGregor: The OED says "why, adv. (n., int.)"
# [17:40] <erlehmann> Philip`, break it? you've seen their version string. nothing to break, all broken.
# [17:40] <Philip`> so it doesn't include any verbish meanings
# [17:40] <annevk> it's also compatible with XML 1.1 afaict
# [17:40] <AryehGregor> Philip`, aw.
# [17:40] * Joins: KevinMarks (n=KevinMar@72.164.187.205)
# [17:42] <Philip`> http://www.layer7tech.com/main/products/xml-firewall.html - you can get whole boxes that protect against XML parsing attacks
# [17:43] <Philip`> Not sure how that's relevant to the discussion but never mind
# [17:43] <Philip`> (Maybe http://www.f5.com/glossary/xml-firewall.html is a better link)
# [17:44] <Lachy> MikeSmith, XML5 processors should still be able to abort on fatal errors if they choose, just like HTML5 allows in some cases. The difference is that if they choose to recover, the recovery procedure should be defined
# [17:44] <Philip`> Maybe the relevance is that changing XML across the entire world is hard
# [17:44] <Lachy> so rail barons relying on well formed telegrams can still abort
# [17:44] * Quits: maikmerten (n=merten@ls5dhcp196.cs.uni-dortmund.de) (Remote closed the connection)
# [17:44] <AryehGregor> Lachy, the difference is that they should be allowed to recover period; and on top of that, the recovery procedure should be well-defined.
# [17:45] <MikeSmith> "WSDL poisoning"
# [17:45] <AryehGregor> Right now they're forbidden from recovering.
# [17:45] <Lachy> AryehGregor, right. that's effectively what I said.
# [17:45] * Joins: miketaylr (n=miketayl@38.117.156.163)
# [17:46] <AryehGregor> Speaking of which, by total coincidence (not?) I received an error report in another chat today: https://jira.toolserver.org/plugins/servlet/streams?key=10301&os_authType=basic&maxResults=10
# [17:46] * hamcore is now known as hcr
# [17:46] <AryehGregor> Three cheers for XML! Hurrah, hurrah, hurrah!
# [17:46] <TabAtkins> That's behind an authent wall.
# [17:46] <Lachy> AryehGregor, what's the password?
# [17:47] <Philip`> What's the username?
# [17:47] <AryehGregor> Oh, there's a password?
# [17:47] <AryehGregor> Oh well.
# [17:47] <AryehGregor> "Error occured getting activity: The data "<p>Here is the public key.</p><div class="thunmbnails"><a href="https://jira.toolserver.org/secure/attachment/10823/%1B%5BA.pub" >[A.pub</a></div>" is not legal for a JDOM character content: 0x1b is not a legal XML character."
# [17:47] <Philip`> https://jira.toolserver.org/plugins/servlet/streams?key=10301&maxResults=10
# [17:47] <annevk> I think certain classes of products should be required to recover
# [17:48] <Philip`> That's surprisingly easy authentication to sidestep
# [17:48] <annevk> though I suppose you can leave that up to market forces
# [17:48] <TabAtkins> Philip`: Hahahahahaha
# [17:49] <AryehGregor> Philip`, that's pretty sad.
# [17:49] <MikeSmith> I think I need to get my a piece of this XML Firewall business.. maybe we can sell fuXML/XML5 to the XML business community as something that provides new business opportunities -- they can provide new types of XML Firewalls that prevent XML non-well-formedness attacks
# [17:50] <MikeSmith> their is a pot of gold waiting under the rainbow of every new poorly designed technology
# [17:52] * Philip` wonders what fuXML is
# [17:52] <Philip`> http://www.fuxml.de/index.php?option=com_content&task=view&id=3 - Ubiquitous Learning !
# [17:52] <TabAtkins> MikeSmith's name suggestion for "the good bits of XML".
# [17:53] <MikeSmith> damn, somebody beat me to the fuxml domain name
# [17:53] * MikeSmith tries effyouXML
# [17:54] <gsnedders> Oh MikeSmith...
# [17:54] * hcr is now known as hamcore
# [17:54] <annevk> I like it
# [17:54] <gsnedders> Still, I own thereshouldbenored.com, so I win :P
# [17:54] * Quits: erlehmann (n=erlehman@82.113.106.20) ("Ex-Chat")
# [17:55] <annevk> i think that site ought to host the picture of the toilet at the engineering seminar
# [17:55] <TabAtkins> The Re Should Be Nored.
# [17:55] <TabAtkins> ^-- my first reading of the domain name.
# [17:55] <annevk> you're obviously not in QA
# [17:55] <Philip`> gsnedders: You should be more optimistic, and call it thereisnored.com
# [17:55] <Philip`> which can also be misread interestingly
# [17:55] <AryehGregor> gsnedders, Chrome won't let me input U+FFFF into the search box. :(
# [17:56] * hamcore is now known as hcr
# [17:56] * gsnedders notes the phrase "thre should be no red" has been said in this room around ten times today
# [17:56] <gsnedders> AryehGregor: Then type something else in and change the query string to contain %EF%BF%BF
# [17:56] <Dashiva> What's the accessible version of no red?
# [17:56] <gsnedders> AryehGregor: Then send someone a link to that URI.
# [17:56] <Lachy> does that test pass about 1 out of every 100 times?
# [17:56] * Joins: Rik|work (n=Rik|work@fw01d.skyrock.net)
# [17:56] <gsnedders> Lachy: Yes.
# [17:57] <AryehGregor> gsnedders, when I try that in Chrome, the URL bar becomes empty. :D
# [17:57] <gsnedders> (given a perfect distribution over the range)
# [17:57] <annevk> I was just about to say, some poor QA dude that made that site
# [17:57] <AryehGregor> But it looks like Wikipedia can also be made non-well-formed that way.
# [17:57] <gsnedders> annevk: Why? Because it fails so often?
# [17:57] * Quits: cohitre (n=cohitre@c-24-18-158-106.hsd1.wa.comcast.net)
# [17:58] <Lachy> yay, I got green once
# [17:59] * gsnedders has never actually seen it green
# [17:59] <Philip`> javascript:s='';for(i=0;i<100;++i)s+='<iframe src=http://thereshouldbenored.com/ width=20 height=20></iframe>';s
# [18:00] <Lachy> clearly, the test is meant to ensure that the Math.rand() function is written like this:
# [18:00] <Lachy> function rand() {
# [18:00] <Lachy> return 0.42;
# [18:00] <Lachy> }
# [18:01] * Quits: pauld (n=chatzill@194.102.13.2) (Remote closed the connection)
# [18:01] <Dashiva> It could be 0.4201 too
# [18:01] <Philip`> With 1000 iframes, 6 were green
# [18:01] <Dashiva> Silly Philip
# [18:01] <Lachy> sure, the decimals after the 3rd decimal place are irrelevant
# [18:02] <Dashiva> No
# [18:02] <gsnedders> I've seen it green!
# [18:02] <Dashiva> It also applies to 3rd place
# [18:02] <Dashiva> Since 0.421 passes, but 0.428 doesn't
# [18:02] <Lachy> so 0.4248908 should work too. But 0.425 would fail
# [18:03] <Lachy> Dashiva, right. I did say after the 3rd, not from the 3rd.
# [18:04] <Dashiva> Yes, and sine 3rd place matters your definition of the test is invalid :)
# [18:04] <Dashiva> *since
# [18:04] <Lachy> or the test could be faulty, and should instead use Math.floor()
# [18:04] <gsnedders> Hence Lachy is a fail.
# [18:04] * Philip` wonders why Gmail thinks gsnedders' latest email is spam
# [18:04] <gsnedders> Philip`: Because it contained <script>?
# [18:04] * Joins: Maurice (i=copyman@5ED548D4.cable.ziggo.nl)
# [18:05] <Dashiva> http://dashiva.net/test/nored.html
# [18:05] <Dashiva> For your testing pleasure
# [18:06] <Lachy> Dashiva, I seem to be getting green about 4 times each reload
# [18:06] <Dashiva> Yeah, I've getting low valuestoo
# [18:06] * gsnedders watches as the bandwidth on his VPS shoots up
# [18:06] <Lachy> oh, I got a 5!
# [18:06] <Dashiva> Clearly the random function is broken
# [18:06] * gsnedders watches as his irssi connection slows down
# [18:07] <Dashiva> It isn't giving 0.42 nearly often enough
# [18:07] <Lachy> I wonder how long it would take for someone to get all 100 squares green, and whether or not that is actually possible given the pseudo-random number generators in browsers
# [18:08] <Lachy> oh, 400 squares
# [18:08] <Lachy> that explains why I'm averaging about 4 green squares
# [18:08] <Lachy> oh, I got 7 :-)
# [18:08] <Dashiva> Eh?
# [18:09] <Dashiva> It's supposed to be 400 green squares
# [18:09] <Dashiva> Says so in the test URL!
# [18:09] * Parts: blooberry (n=brian@c-98-246-167-120.hsd1.or.comcast.net)
# [18:10] <Philip`> No it doesn't
# [18:10] * Quits: workmad3 (n=davidwor@ashleys2.mimas.ac.uk)
# [18:10] <Philip`> There's lots of colours that are not red
# [18:11] <Philip`> For example, blue
# [18:11] * Joins: cohitre (n=cohitre@64-40-56-46-dsl.itltd.net)
# [18:11] <gsnedders> It's just not as cool as green
# [18:12] <Lachy> Dashiva, write a script that randomly sets one of the squares to blue after they've all loaded
# [18:13] <Lachy> (or just load bikeshed.com in one of the frames)
# [18:13] <Dashiva> Should green be CSS gree or CSS lime? Discuss
# [18:14] * Joins: smaug__ (n=chatzill@cs181150024.pp.htv.fi)
# [18:14] <Dashiva> (Also, why can't I spell anymore)
# [18:14] <gsnedders> "anymore"?
# [18:14] * Quits: annevk2 (n=annevk@5355732C.cable.casema.nl)
# [18:14] <Lachy> technically, the CSS 'lime' value is green, and 'green' is a darker green
# [18:15] <Lachy> so it should use 'lime'
# [18:17] <Philip`> ""Everything's shiny, Cap'n. Not to fret!" Unfortunately, you'll need to refresh. Wanna tell Dr. Wave what happened?"
# [18:17] <Philip`> Hmm, the Wave web client doesn't like me putting funny characters into messages
# [18:18] * Quits: Lachy (n=Lachlan@pat-tdc.opera.com) ("This computer has gone to sleep")
# [18:20] * Joins: dbaron (n=dbaron@c-98-234-51-190.hsd1.ca.comcast.net)
# [18:27] * Quits: Phae (n=phaeness@gateb.mh.bbc.co.uk)
# [18:27] * Joins: pauld (n=chatzill@194.102.13.2)
# [18:31] * Quits: smaug_ (n=chatzill@cs181150024.pp.htv.fi) (Read error: 110 (Connection timed out))
# [18:31] * Joins: mat_t (n=mattomas@72-254-192-38.client.stsn.net)
# [18:32] * Joins: ap (n=ap@17.246.17.221)
# [18:34] * Parts: krisives (n=kris@c-24-22-71-63.hsd1.or.comcast.net)
# [18:38] * Joins: Lachy (n=Lachlan@85.196.122.246)
# [18:41] * Quits: pauld (n=chatzill@194.102.13.2) (Remote closed the connection)
# [18:49] * Joins: Rik|work_ (n=Rik|work@fw01d.skyrock.net)
# [18:49] * Quits: Rik|work (n=Rik|work@fw01d.skyrock.net)
# [18:49] * Rik|work_ is now known as Rik|work
# [18:49] * Quits: Rik|work (n=Rik|work@fw01d.skyrock.net) (Client Quit)
# [18:50] * Joins: Rik|work (n=Rik|work@fw01d.skyrock.net)
# [18:50] * Quits: Rik|work (n=Rik|work@fw01d.skyrock.net) (Read error: 104 (Connection reset by peer))
# [18:50] * Joins: Rik|work (n=Rik|work@fw01d.skyrock.net)
# [18:51] * Quits: Rik|work (n=Rik|work@fw01d.skyrock.net) (Client Quit)
# [18:53] * Joins: Rik|work (n=Rik|work@fw01d.skyrock.net)
# [18:57] * aroben is now known as aroben|lunch
# [18:59] * Joins: dave_levin (n=dave_lev@74.125.59.73)
# [19:11] * Quits: cohitre (n=cohitre@64-40-56-46-dsl.itltd.net)
# [19:13] * Joins: mlpug (n=mlpug@a88-115-164-40.elisa-laajakaista.fi)
# [19:20] * aroben|lunch is now known as aroben
# [19:24] * Joins: cying (n=cying@70.90.171.153)
# [19:26] * Joins: cohitre (n=cohitre@c-24-18-158-106.hsd1.wa.comcast.net)
# [19:26] * Joins: Amorphous (i=jan@unaffiliated/amorphous)
# [19:27] * Quits: othermaciej (n=mjs@c-69-181-42-237.hsd1.ca.comcast.net) (Read error: 104 (Connection reset by peer))
# [19:27] * Joins: othermaciej_ (n=mjs@c-69-181-42-237.hsd1.ca.comcast.net)
# [19:27] * othermaciej_ is now known as othermaciej
# [19:31] * Joins: scherkus (n=scherkus@74.125.59.73)
# [19:31] * Joins: bugfux (n=bugfux@209-234-175-134.static.twtelecom.net)
# [19:32] * Joins: jmb (n=jmb@login.ecs.soton.ac.uk)
# [19:34] * Joins: drunknbass_work (n=aaron@pool-71-107-253-243.lsanca.dsl-w.verizon.net)
# [19:36] * Quits: webben (n=benh@nat/yahoo/x-hfypopabjodkdwch) ("Leaving.")
# [19:36] * Quits: weinig (n=weinig@c-67-180-35-124.hsd1.ca.comcast.net)
# [19:37] * Quits: jmb (n=jmb@login.ecs.soton.ac.uk) ("Lost terminal")
# [19:43] * Joins: jmb (n=jmb@login.ecs.soton.ac.uk)
# [19:51] * Joins: Michelangelo (n=Michelan@93-40-229-217.ip40.fastwebnet.it)
# [19:54] * Quits: mat_t (n=mattomas@72-254-192-38.client.stsn.net) ("This computer has gone to sleep")
# [19:55] * Joins: virtuelv (n=virtuelv@162.179.251.212.customer.cdi.no)
# [19:56] * Joins: scherkus_ (n=scherkus@nat/google/x-yhxzdtxdncauxpbx)
# [19:57] * Joins: yoshu (n=josh@174-18-199-226.tcso.qwest.net)
# [19:59] * Quits: Creap (n=Creap@vemod.brg.sgsnet.se) (Remote closed the connection)
# [20:00] * Joins: webben (n=benh@genkt-048-056.t-mobile.co.uk)
# [20:01] * Quits: scherkus (n=scherkus@74.125.59.73) ("lol")
# [20:01] * Joins: Creap (n=Creap@vemod.brg.sgsnet.se)
# [20:01] * scherkus_ is now known as scherkus
# [20:02] * Quits: webben (n=benh@genkt-048-056.t-mobile.co.uk) (Remote closed the connection)
# [20:13] * Joins: weinig (n=weinig@17.246.19.85)
# [20:18] * Quits: KevinMarks (n=KevinMar@72.164.187.205) ("The computer fell asleep")
# [20:18] * Quits: mpt_ (n=mpt@canonical/mpt) (Read error: 113 (No route to host))
# [20:21] * Quits: yoshu (n=josh@174-18-199-226.tcso.qwest.net)
# [20:33] * Joins: zcorpan (n=zcorpan@c83-252-193-59.bredband.comhem.se)
# [20:33] * Quits: ROBOd (n=robod@89.122.216.38) (Read error: 54 (Connection reset by peer))
# [20:35] * Joins: ROBOd (n=robod@89.122.216.38)
# [20:39] * Quits: smaug__ (n=chatzill@cs181150024.pp.htv.fi) (Remote closed the connection)
# [20:40] * Quits: dbaron (n=dbaron@c-98-234-51-190.hsd1.ca.comcast.net) ("8403864 bytes have been tenured, next gc will be global.")
# [20:40] * Joins: yoshu (n=josh@174-18-199-226.tcso.qwest.net)
# [20:40] * Joins: mat_t (n=mattomas@72-254-192-38.client.stsn.net)
# [20:51] * Quits: mat_t (n=mattomas@72-254-192-38.client.stsn.net) ("This computer has gone to sleep")
# [20:51] * Quits: bugfux (n=bugfux@209-234-175-134.static.twtelecom.net) (Read error: 104 (Connection reset by peer))
# [20:51] * Joins: bugfux (n=bugfux@209-234-175-134.static.twtelecom.net)
# [20:54] * Parts: mitnavn (n=mitnavn@unaffiliated/mitnavn)
# [20:54] * Joins: Rik` (n=Rik`@pha75-2-81-57-187-57.fbx.proxad.net)
# [20:55] * Joins: workmad3 (n=davidwor@cpc3-bagu10-0-0-cust651.1-3.cable.virginmedia.com)
# [20:56] * Quits: zcorpan (n=zcorpan@c83-252-193-59.bredband.comhem.se) (Read error: 60 (Operation timed out))
# [21:00] * Quits: Creap (n=Creap@vemod.brg.sgsnet.se) (Read error: 104 (Connection reset by peer))
# [21:01] * Joins: Creap (n=Creap@vemod.brg.sgsnet.se)
# [21:03] * Joins: scherkus_ (n=scherkus@nat/google/x-wofygvkxifbbueov)
# [21:05] * Joins: dbaron (n=dbaron@nat/mozilla/x-eubehmajcsbvigbe)
# [21:05] * Joins: mpt_ (n=mpt@canonical/mpt)
# [21:12] * Quits: taf2 (n=taf2@38.99.201.242)
# [21:14] * Joins: roc (n=roc@203-97-204-82.dsl.clear.net.nz)
# [21:16] * Joins: gunderwonder (n=gunderwo@118.80-202-84.nextgentel.com)
# [21:19] * Quits: weinig (n=weinig@17.246.19.85)
# [21:20] * Quits: cohitre (n=cohitre@c-24-18-158-106.hsd1.wa.comcast.net)
# [21:20] * Quits: paul_irish (n=paul_iri@12.33.239.250) (Remote closed the connection)
# [21:21] * Quits: scherkus (n=scherkus@nat/google/x-yhxzdtxdncauxpbx) (Read error: 110 (Connection timed out))
# [21:24] * Joins: paul_irish (n=paul_iri@12.33.239.250)
# [21:26] * Quits: paul_irish (n=paul_iri@12.33.239.250) (Remote closed the connection)
# [21:27] * Joins: paul_irish (n=paul_iri@12.33.239.250)
# [21:32] * Quits: mpt_ (n=mpt@canonical/mpt) (Read error: 113 (No route to host))
# [21:33] * Joins: KevinMarks (n=KevinMar@72.164.184.10)
# [21:37] * Joins: erlehmann (n=erlehman@82.113.106.20)
# [21:40] * Joins: smaug_ (n=chatzill@cs181150024.pp.htv.fi)
# [21:43] * Joins: jwalden (n=waldo@nat/mozilla/x-gfigljenkfmdiqbv)
# [21:48] * Quits: smaug (n=chatzill@cs181150024.pp.htv.fi) (Remote closed the connection)
# [21:51] * Quits: thedj (n=pjotr@unaffiliated/thedj) ("Lost terminal")
# [21:58] * Quits: Creap (n=Creap@vemod.brg.sgsnet.se) (Remote closed the connection)
# [21:59] * Joins: Creap (n=Creap@vemod.brg.sgsnet.se)
# [22:02] * Joins: mat_t (n=mattomas@72-254-192-38.client.stsn.net)
# [22:03] * Joins: Maurice` (i=copyman@5ED548D4.cable.ziggo.nl)
# [22:05] * Joins: blooberry (n=brian@c-98-246-167-120.hsd1.or.comcast.net)
# [22:09] * Quits: ROBOd (n=robod@89.122.216.38) ("http://www.robodesign.ro")
# [22:09] * Joins: weinig (n=weinig@17.246.19.85)
# [22:11] * Quits: Michelangelo (n=Michelan@93-40-229-217.ip40.fastwebnet.it) (Remote closed the connection)
# [22:15] * Quits: Maurice (i=copyman@5ED548D4.cable.ziggo.nl) (Read error: 110 (Connection timed out))
# [22:16] * Joins: mpt_ (n=mpt@canonical/mpt)
# [22:20] * Joins: sicking (n=chatzill@nat/mozilla/x-zjjvbwzljicdqyds)
# [22:20] * Quits: mlpug (n=mlpug@a88-115-164-40.elisa-laajakaista.fi) (Remote closed the connection)
# [22:23] * Quits: Creap (n=Creap@vemod.brg.sgsnet.se) (Remote closed the connection)
# [22:23] * Joins: scherkus (n=scherkus@nat/google/x-esqkwtiuwsdsnhmf)
# [22:24] * Joins: Creap (n=Creap@vemod.brg.sgsnet.se)
# [22:24] * Quits: scherkus (n=scherkus@nat/google/x-esqkwtiuwsdsnhmf) (Read error: 104 (Connection reset by peer))
# [22:24] * Joins: smaug (n=chatzill@cs181150024.pp.htv.fi)
# [22:26] * Quits: svl (n=me@ip565744a7.direct-adsl.nl) ("And back he spurred like a madman, shrieking a curse to the sky.")
# [22:29] * Quits: scherkus_ (n=scherkus@nat/google/x-wofygvkxifbbueov) (Read error: 60 (Operation timed out))
# [22:30] * Joins: smaug__ (n=chatzill@cs181150024.pp.htv.fi)
# [22:33] * Joins: nessy (n=Adium@203-214-159-50.dyn.iinet.net.au)
# [22:38] * Joins: cying_ (n=cying@70.90.171.153)
# [22:48] * Quits: smaug_ (n=chatzill@cs181150024.pp.htv.fi) (Read error: 110 (Connection timed out))
# [22:50] * Joins: slightlyoff (n=slightly@72.14.229.81)
# [22:51] * Quits: cying (n=cying@70.90.171.153) (Connection timed out)
# [22:51] * cying_ is now known as cying
# [22:51] * Joins: arronei (n=arronei@nat/microsoft/x-ffmofalmysznubri)
# [22:53] * Quits: othermaciej (n=mjs@c-69-181-42-237.hsd1.ca.comcast.net)
# [22:57] * Joins: webben (n=benh@dip5-fw.corp.ukl.yahoo.com)
# [23:05] * Joins: scherkus (n=scherkus@nat/google/x-skedilltbcbqembt)
# [23:07] * Quits: KevinMarks (n=KevinMar@72.164.184.10) ("The computer fell asleep")
# [23:09] * Joins: tndH (n=Rob@cpc2-leed18-0-0-cust427.leed.cable.ntl.com)
# Session Close: Fri Nov 13 00:00:00 2009

The end :)