/irc-logs / freenode / #whatwg / 2010-09-02 / end

Options:

# Session Start: Thu Sep 02 00:00:00 2010
# Session Ident: #whatwg
# [00:00] <TabAtkins> Right, but that was in the past.
# [00:01] * Quits: mdelaney (~mdelaney@2620:0:1b00:1191:d69a:20ff:febf:89a0) (Read error: Operation timed out)
# [00:01] <Hixie> nothing has changed since
# [00:02] <Hixie> (it was only like 2 weeks ago)
# [00:02] <zcorpan_> http://forums.whatwg.org/viewtopic.php?t=4400 - i don't know anything about ePub, but would it make sense to add something to html to embed ePub books inline (with controls to navigate)?
# [00:02] <TabAtkins> Time has no meaning to me when it's referring to something in the past. There's only old and broken, right now, and not happening soon enough.
# [00:03] <zcorpan_> TabAtkins: wasn't the discussion in buzz also in the past?
# [00:03] <TabAtkins> The time windows are fuzzy.
# [00:03] <TabAtkins> My "now" is a nebulous window roughly an hour wide.
# [00:03] <Hixie> zcorpan_: ePub is basically XHTML. You should just be able to use <iframe> (with jar:, or you could expand the zipfile and point straight at the data files).
# [00:04] <zcorpan_> Hixie: that was my first reaction as well, but iframe doesn't have navigation controls
# [00:04] <Hixie> well you can't frame html pages either if you want navigation controls
# [00:04] <Hixie> nothing special about ePub there
# [00:05] * Joins: JoePeck (~JoePeck@17.246.18.193)
# [00:06] <TabAtkins> I believe people's opinions of wikis are inversely correlated with how recently they got into an edit war.
# [00:07] <zcorpan_> Hixie: then people will use flash or something instead of iframe to embed ePub books
# [00:08] <Hixie> zcorpan_: how unfortunate for their users
# [00:09] * Joins: sicking (~chatzilla@nat/mozilla/x-hgclijtbhgvbceof)
# [00:11] * Joins: davidb (~davidb@bas4-kitchener06-1128761801.dsl.bell.ca)
# [00:14] * Quits: matjas (~matjas@ip-213-49-93-184.dsl.scarlet.be) (Quit: Computer has gone to sleep.)
# [00:16] <AryehGregor> Aren't missing breaks in switch statements fun?
# [00:16] * Quits: kennyluck (~kennyluck@EM114-48-32-220.pool.e-mobile.ne.jp) (Quit: kennyluck)
# [00:16] <Dashiva> This is why you have static analysis tools
# [00:16] <TabAtkins> Switch statements are fundamentally broken.
# [00:17] <Dashiva> Fundamentally awesome, more like it.
# [00:18] <TabAtkins> They would be if they worked in the opposite way and needed a continue statement or similar to activate fall-through.
# [00:19] <AryehGregor> Except in the special case of an empty statement, so you can do things like case "foo": case "bar": ...
# [00:20] <TabAtkins> I can see that exception, sure.
# [00:20] <workmad3> AryehGregor: I believe skipping a 'break' in any situation apart from that one is an error (or at least a warning) in C# :)
# [00:22] <MikeSmith> Peter`: no problem -- thanks for the heads-up
# [00:23] <zcorpan_> hsivonen falls through in his html parser iirc
# [00:23] <MikeSmith> Peter`: and sorry about your server vanishing
# [00:23] <MikeSmith> I hope it ends up reappearing
# [00:24] <Peter-> MikeSmith: it seems to be going ok, already added a few posts and nothing got updated. I hope so too, it's colocated and it was rather expensive. Servers in datacenters mustn't randomly disappear.
# [00:25] * Quits: JoePeck (~JoePeck@17.246.18.193) (Quit: -)
# [00:26] <AryehGregor> "Must" in the sense of RFC 2119? :)
# [00:26] <Peter-> If only :(
# [00:27] <zcorpan_> rfc2119 musts are violated all the time
# [00:29] <zcorpan_> nn
# [00:29] * Quits: davidb (~davidb@bas4-kitchener06-1128761801.dsl.bell.ca) (Quit: davidb)
# [00:29] * Quits: workmad3 (~workmad3@cpc3-bagu10-0-0-cust651.1-3.cable.virginmedia.com) (Remote host closed the connection)
# [00:29] * Quits: zcorpan_ (~zcorpan@c-ec9fe355.410-6-64736c14.cust.bredbandsbolaget.se) (Quit: zcorpan_)
# [00:30] * Quits: jrgarrison (~garrison@wikiotics/jrgarrison) (Quit: Ex-Chat)
# [00:31] <AryehGregor> Am I hallucinating, or do UAs treat form.action as a string rather than a URL? I can't believe I missed that, if they do.
# [00:32] * Joins: aho (~nya@fuld-4d00d36a.pool.mediaWays.net)
# [00:33] <Dashiva> How do you mean, treat?
# [00:33] <AryehGregor> No, I'm not hallucinating.
# [00:33] <AryehGregor> I just missed it before.
# [00:33] <AryehGregor> Surely I filed a Firefox bug, at least . . . ?
# [00:33] * Joins: hdhoang (~hdhoang@hdhoang.zahe.me)
# [00:33] * Quits: jacobolus (~jacobolus@c-67-186-134-101.hsd1.ma.comcast.net) (Remote host closed the connection)
# [00:34] <AryehGregor> Dashiva, I mean, like form.action = "foo"; alert(form.action); seems per spec as though it should alert "http://baseurl/foo".
# [00:34] <AryehGregor> Like, I don't know, a.href works.
# [00:34] <AryehGregor> But it seems browsers don't do that.
# [00:34] <AryehGregor> And I didn't realize until I just rewrote my tests and started checking their correctness.
# [00:35] <AryehGregor> Okay, IE8 does treat it as a URL, but that's the only one.
# [00:35] * AryehGregor updates a bug he filed about form.action already
# [00:38] * Parts: kkaefer (~kkaefer@drupal.org/user/14572/view)
# [00:43] * Quits: broquaint (46afa1a22a@spc2-brig11-0-0-cust40.brig.cable.virginmedia.com) (Ping timeout: 258 seconds)
# [00:44] * Quits: TabAtkins (~tabatkins@nat/google/x-hfpxyfagznfrttki) (Ping timeout: 245 seconds)
# [00:50] * Quits: ZombieLoffe (~e@unaffiliated/zombieloffe)
# [00:55] * Quits: plainhao (~plainhao@mail.xbiotica.com) (Quit: plainhao)
# [00:56] * Quits: FireFly (~firefly@unaffiliated/firefly) (Quit: swatted to death)
# [01:01] <AryehGregor> Man, enum reflection is like six times as complicated as any other type of reflection.
# [01:01] * Quits: KaOSoFt (~maxzagato@unaffiliated/kaosoft)
# [01:05] * Quits: BlurstOfTimes (~blurstoft@168.203.117.112) (Remote host closed the connection)
# [01:05] * Joins: JoePeck (~JoePeck@2620:0:1b00:1f08:fa1e:dfff:fed9:b9a)
# [01:06] * Quits: JoePeck (~JoePeck@2620:0:1b00:1f08:fa1e:dfff:fed9:b9a) (Client Quit)
# [01:09] * Joins: JoePeck (~JoePeck@2620:0:1b00:1f08:fa1e:dfff:fed9:b9a)
# [01:15] * Joins: davidb (~davidb@bas4-kitchener06-1128761801.dsl.bell.ca)
# [01:25] * Quits: jgornick (~joe@199.199.212.242) (Quit: jgornick)
# [01:30] * Joins: tabatkins (~tabatkins@nat/google/x-eyhssypcvblxszfg)
# [01:34] * Joins: homata (~homata@e0109-119-107-213-53.uqwimax.jp)
# [01:42] * Quits: dglazkov (~dglazkov@nat/google/x-yqbuywyawlyautzk) (Quit: dglazkov)
# [01:47] * Quits: homata (~homata@e0109-119-107-213-53.uqwimax.jp) (Ping timeout: 276 seconds)
# [01:48] * Quits: MikeSmith (~MikeSmith@EM114-48-130-229.pool.e-mobile.ne.jp) (Quit: This computer has gone to sleep)
# [01:54] * Quits: davidb (~davidb@bas4-kitchener06-1128761801.dsl.bell.ca) (Quit: davidb)
# [02:03] * Joins: davidb (~davidb@bas4-kitchener06-1128761801.dsl.bell.ca)
# [02:04] * Quits: karlcow (~karl@nerval.la-grange.net) (Quit: This computer has gone to sleep)
# [02:15] * Quits: nimbupani (~nimbupani@216.127.61.149) (Quit: nimbupani)
# [02:16] * Joins: agektmr (~Adium@u709194.xgsnu3.imtp.tachikawa.mopera.net)
# [02:16] * Joins: boblet (~boblet@p1201-ipbf709osakakita.osaka.ocn.ne.jp)
# [02:17] * Quits: ap (~ap@17.246.19.253) (Quit: ap)
# [02:36] * Quits: aho (~nya@fuld-4d00d36a.pool.mediaWays.net) (Quit: EXEC_over.METHOD_SUBLIMATION)
# [02:36] * Quits: davidb (~davidb@bas4-kitchener06-1128761801.dsl.bell.ca) (Quit: davidb)
# [02:38] * Quits: cardona507 (~cardona50@c-67-180-160-250.hsd1.ca.comcast.net) (Quit: zzzzz)
# [02:39] <tabatkins> I once again justified my position by being "the guy who knows what specs are out there".
# [02:40] * Joins: homata (~homata@e0109-119-107-210-33.uqwimax.jp)
# [02:43] * Joins: wakaba_ (~wakaba_@122x221x184x68.ap122.ftth.ucom.ne.jp)
# [02:51] * Joins: Maxdamantus (~m@203-97-238-106.cable.telstraclear.net)
# [02:56] <llrcombs> HTML5 has some of the best ideas I've ever seen in the web
# [02:56] * llrcombs can't wait for addContentHander+<device> in WebKit
# [02:57] * Quits: hdhoang (~hdhoang@hdhoang.zahe.me) (Quit: Leaving.)
# [02:57] <llrcombs> *register
# [02:58] <Hixie> tabatkins: wait, if you're that guy, who the heck am i?!
# [02:58] <tabatkins> "The guy who's never in a predictable location".
# [02:59] * Joins: MikeSmith (~MikeSmith@EM111-188-22-30.pool.e-mobile.ne.jp)
# [03:01] * Quits: paul_irish (~paul_iris@77.241.105.164) (Remote host closed the connection)
# [03:04] * Quits: agektmr (~Adium@u709194.xgsnu3.imtp.tachikawa.mopera.net) (Ping timeout: 252 seconds)
# [03:07] * Quits: MikeSmith (~MikeSmith@EM111-188-22-30.pool.e-mobile.ne.jp) (Quit: The curfew tolls the knell of parting day... the plowman homeward plods his weary way)
# [03:07] * Joins: MikeSmith (~MikeSmith@EM111-188-22-30.pool.e-mobile.ne.jp)
# [03:10] <llrcombs> hmmmmmmm
# [03:10] <llrcombs> if I have a <select multiple>
# [03:10] <llrcombs> in a form
# [03:11] <llrcombs> and I select 2 values and hit submit
# [03:11] <llrcombs> assuming it's a GET form, what should the query string look like?
# [03:11] <llrcombs> example:
# [03:11] <llrcombs> data:text/html,%3Cform%20action=%22http://combsconnections.tk/request.php%22%20method=%22GET%22%3E%3Cselect%20name=%22test%22%20multiple%3E%3Coption%20value=%221%22%3E1%3C/option%3E%3Coption%20value=%222%22%3E2%3C/option%3E%3C/select%3E%3Cinput%20type=%22submit%22%3E%3C/form%3E
# [03:11] <llrcombs> WebKit sends both values (test=1&test=2)
# [03:11] <llrcombs> the PHP script grabs the second one
# [03:11] <llrcombs> (http://combsconnections.tk/request.php?test=1&test=2 just print_r's $_REQUEST)
# [03:13] * Quits: MikeSmith (~MikeSmith@EM111-188-22-30.pool.e-mobile.ne.jp) (Quit: The curfew tolls the knell of parting day... the plowman homeward plods his weary way)
# [03:14] * Joins: MikeSmith (~MikeSmith@EM111-188-22-30.pool.e-mobile.ne.jp)
# [03:15] * Quits: MikeSmith (~MikeSmith@EM111-188-22-30.pool.e-mobile.ne.jp) (Client Quit)
# [03:15] * Joins: MikeSmith (~MikeSmith@EM111-188-22-30.pool.e-mobile.ne.jp)
# [03:21] * Joins: miketaylr (~miketaylr@24.42.95.108)
# [03:23] * Quits: JonathanNeal (~Jonathan_@rrcs-76-79-114-210.west.biz.rr.com) (Ping timeout: 258 seconds)
# [03:25] * Joins: wakaba_0 (~wakaba_@122x221x184x68.ap122.ftth.ucom.ne.jp)
# [03:26] * Quits: wakaba_ (~wakaba_@122x221x184x68.ap122.ftth.ucom.ne.jp) (Ping timeout: 258 seconds)
# [03:35] * Quits: ukai (~ukai@nat/google/x-gcvymzhlgemlkupj) (Ping timeout: 252 seconds)
# [03:36] * Joins: ukai (~ukai@nat/google/x-fbugtudrdysntokf)
# [03:40] * Joins: nimbupani (~nimbupani@c-24-22-131-46.hsd1.wa.comcast.net)
# [03:41] * Joins: agektmr (~Adium@2401:fa00:4:1012:fa1e:dfff:fee6:d74e)
# [03:43] * Quits: dpranke (~Adium@nat/google/x-mrjvgsrtwefcivvm) (Quit: Leaving.)
# [03:45] * Joins: dglazkov (~dglazkov@75-37-194-175.lightspeed.lsatca.sbcglobal.net)
# [03:45] * Quits: dglazkov (~dglazkov@75-37-194-175.lightspeed.lsatca.sbcglobal.net) (Remote host closed the connection)
# [03:46] * Joins: dglazkov (~dglazkov@216.239.45.130)
# [03:47] * Quits: gavin_ (~gavin@firefox/developer/gavin) (Ping timeout: 240 seconds)
# [03:47] * Joins: gavin_ (~gavin@firefox/developer/gavin)
# [03:50] * Joins: dglazkov_ (~dglazkov@75-37-194-175.lightspeed.lsatca.sbcglobal.net)
# [03:52] * Quits: dglazkov_ (~dglazkov@75-37-194-175.lightspeed.lsatca.sbcglobal.net) (Client Quit)
# [03:53] * Quits: dglazkov (~dglazkov@216.239.45.130) (Read error: Connection reset by peer)
# [04:11] * Joins: karlcow (~karl@nerval.la-grange.net)
# [04:15] * Quits: homata (~homata@e0109-119-107-210-33.uqwimax.jp) (Quit: Leaving...)
# [04:16] * Quits: cying (~cying@173-228-29-224.dsl.static.sonic.net) (Quit: cying)
# [04:26] <Maxdamantus> am I allowed to scale one of the canvas transformation dimensions by 0?
# [04:27] * Quits: aroben_ (~aroben@unaffiliated/aroben) (Read error: Connection reset by peer)
# [04:31] * Joins: homata (~homata@e0109-119-107-210-33.uqwimax.jp)
# [04:31] * Joins: aroben (~aroben@17.246.16.179)
# [04:31] * Quits: aroben (~aroben@17.246.16.179) (Changing host)
# [04:31] * Joins: aroben (~aroben@unaffiliated/aroben)
# [04:32] <llrcombs> sure!
# [04:32] <llrcombs> it'll just not change anything!
# [04:32] <llrcombs> iirc
# [04:32] <Maxdamantus> It won't?
# [04:32] <Maxdamantus> I'd think that scaling by 0 would make drawing operations do nothing.
# [04:33] <Maxdamantus> Hm. Firefox doesn't seem to let me do it.
# [04:33] <llrcombs> wait, did you mean scaling something by 0px?
# [04:33] <llrcombs> maybe I misunderstood
# [04:33] <Maxdamantus> No, 0
# [04:33] <Maxdamantus> ctx.scale(0, 1)
# [04:34] <llrcombs> ohwait
# [04:34] <llrcombs> my fault
# [04:34] <llrcombs> I'm 100% wrong
# [04:34] <llrcombs> I must be tired
# [04:34] <llrcombs> scaling with one arg at 0 sounds like a bad plan
# [04:35] * Joins: mcarter (~mcarter@adsl-99-25-192-34.dsl.pltn13.sbcglobal.net)
# [04:35] <llrcombs> I was thinking pixel transforms
# [04:35] <llrcombs> you were thinking decimal-percent-thingy transforms
# [04:36] <Maxdamantus> Ratio, maybe.
# [04:36] <llrcombs> yeah, that'd be it!
# [04:36] * llrcombs sounds like an idiot about now
# [04:36] <llrcombs> aww, it's 9:30 here
# [04:36] <llrcombs> I have an excuse
# [04:36] <llrcombs> (also, being 13 is one in and of itself)
# [04:37] <llrcombs> well, back to hoping more people will try/report-issues-with http://code.google.com/p/plugin-blocker/
# [04:37] * Quits: sicking (~chatzilla@nat/mozilla/x-hgclijtbhgvbceof) (Ping timeout: 260 seconds)
# [04:40] <Maxdamantus> http://ntus.uni.cc/canv.htm mmm.. doesn't work on Firefox.
# [04:41] <Maxdamantus> Hm. Firefox seems to be strange about canvas.. My canvas-driven application runs super-fast in Firefox (compared to Chrome, suprisingly), but only when it's doing about 1276x960 or less
# [04:41] <Maxdamantus> as soon as I put it fullscreen (~1280x1024) it lags alot :\
# [04:43] <Maxdamantus> Hm, seems to have to do with the actual fullscreen state of the browser window.. or not
# [04:44] <Maxdamantus> I'm using a tiling WM, and when I tell the WM to make Firefox a borderless full screen window (but the normal Firefox controls are still there, because I didn't hit F11) it lags
# [04:44] <llrcombs> so try ##javascript or #firefox
# [04:45] <Maxdamantus> Not laggy after pressing F11 then forcing it out of fullscreen via the WM (but the controls are still gone, so Firefox appears to still think it's fullscreen)
# [04:45] <Maxdamantus> Mmm, yeah I'll ask on irc.mozilla.org
# [04:59] * Quits: erlehmann (~erlehmann@dslb-094-223-095-061.pools.arcor-ip.net) (Quit: Ex-Chat)
# [05:00] * Quits: dave_levin (~dave_levi@74.125.59.73) (Quit: dave_levin)
# [05:01] * Quits: jlebar (~jlebar@nat/mozilla/x-hzvbwtmzeetzfyrl) (Quit: Leaving)
# [05:03] * Joins: dglazkov (~dglazkov@75-37-194-175.lightspeed.lsatca.sbcglobal.net)
# [05:05] * Joins: espadrine_ (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [05:05] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Read error: Connection reset by peer)
# [05:05] * espadrine_ is now known as espadrine
# [05:23] * Quits: mcarter (~mcarter@adsl-99-25-192-34.dsl.pltn13.sbcglobal.net) (Ping timeout: 272 seconds)
# [05:25] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Read error: Connection reset by peer)
# [05:25] * Joins: espadrine_ (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [05:31] * Quits: JoePeck (~JoePeck@2620:0:1b00:1f08:fa1e:dfff:fed9:b9a) (Quit: -)
# [05:36] * Quits: dglazkov (~dglazkov@75-37-194-175.lightspeed.lsatca.sbcglobal.net) (Quit: dglazkov)
# [05:37] * Quits: nimbupani (~nimbupani@c-24-22-131-46.hsd1.wa.comcast.net) (Quit: nimbupani)
# [05:46] * Joins: zcorpan_ (~zcorpan@c-ec9fe355.410-6-64736c14.cust.bredbandsbolaget.se)
# [05:49] * Joins: JoePeck (~JoePeck@c-76-102-33-198.hsd1.ca.comcast.net)
# [05:50] <zcorpan_> llrcombs: you can either parse the query string yourself in php, or use a name like test[] to make php turn it into an array, iirc
# [05:50] <llrcombs> ahh, k
# [05:54] * Quits: eric_carlson (~ericc@adsl-67-112-12-110.dsl.anhm01.pacbell.net) (Quit: eric_carlson)
# [05:55] <llrcombs> thanks
# [05:59] * Joins: boogyman (~boogy@unaffiliated/boogyman)
# [05:59] <zcorpan_> np
# [05:59] * Joins: kennyluck (~kennyluck@dhcp43.ocn.mita.keio.ac.jp)
# [05:59] * Quits: othermaciej (~mjs@17.246.18.18) (Quit: othermaciej)
# [06:02] * Quits: miketaylr (~miketaylr@24.42.95.108) (Remote host closed the connection)
# [06:12] * Quits: romeo_ (~romeo__@x1-6-00-02-44-60-6c-8e.k479.webspeed.dk) (Quit: Leaving)
# [06:15] * Joins: dpranke (~Adium@nat/google/x-qwzdjlztrsxvqxma)
# [06:28] * Quits: kennyluck (~kennyluck@dhcp43.ocn.mita.keio.ac.jp) (Quit: kennyluck)
# [06:28] * Quits: homata (~homata@e0109-119-107-210-33.uqwimax.jp) (Ping timeout: 272 seconds)
# [06:40] <roc> ta
# [06:40] <roc> oops
# [06:44] * Joins: homata_ (~homata@e0109-119-107-210-33.uqwimax.jp)
# [06:44] * Quits: aroben (~aroben@unaffiliated/aroben) (Quit: aroben)
# [06:45] * Joins: mdelaney (~mdelaney@c-71-198-3-129.hsd1.ca.comcast.net)
# [06:46] * Quits: mdelaney (~mdelaney@c-71-198-3-129.hsd1.ca.comcast.net) (Client Quit)
# [06:48] * Quits: Martijnc (~Martijnc@91.176.4.129) (Ping timeout: 240 seconds)
# [06:49] * Joins: Martijnc (~Martijnc@91.176.4.129)
# [06:50] * Quits: JoePeck (~JoePeck@c-76-102-33-198.hsd1.ca.comcast.net) (Read error: Connection reset by peer)
# [06:51] * Joins: hamaji (~hamaji@220.109.219.244)
# [06:53] * Quits: Martijnc (~Martijnc@91.176.4.129) (Ping timeout: 240 seconds)
# [06:55] * Quits: GarethAdams|Home (~GarethAda@pdpc/supporter/active/GarethAdams) (Ping timeout: 272 seconds)
# [06:57] * Joins: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [06:57] * Quits: espadrine_ (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Read error: Connection reset by peer)
# [06:59] * Joins: Martijnc (~Martijnc@91.176.4.129)
# [07:00] * Joins: JoePeck (~JoePeck@c-76-102-33-198.hsd1.ca.comcast.net)
# [07:04] * Joins: cying (~cying@c-24-4-120-70.hsd1.ca.comcast.net)
# [07:04] * Joins: paul_irish (~paul_iris@77.241.105.164)
# [07:07] * Quits: boogyman (~boogy@unaffiliated/boogyman) (Quit: ChatZilla 0.9.86 [Firefox 3.6.8/20100722155716])
# [07:08] * Joins: matjas (~matjas@ip-213-49-93-184.dsl.scarlet.be)
# [07:12] * Quits: hamcore (rhythm@unaffiliated/msmosso) (Ping timeout: 255 seconds)
# [07:12] * Joins: othermaciej (~mjs@c-69-181-196-33.hsd1.ca.comcast.net)
# [07:14] * Quits: davidwalsh (~davidwals@75-134-27-91.dhcp.mdsn.wi.charter.com) (Quit: davidwalsh)
# [07:23] * Quits: matjas (~matjas@ip-213-49-93-184.dsl.scarlet.be) (Ping timeout: 265 seconds)
# [07:24] * Joins: hamcore (rhythm@unaffiliated/msmosso)
# [07:29] * Joins: matjas (~matjas@ip-213-49-115-64.dsl.scarlet.be)
# [07:31] * Joins: Ankheg (~Miranda@fs91-201-3-30.dubna-net.ru)
# [07:45] * Quits: cying (~cying@c-24-4-120-70.hsd1.ca.comcast.net) (Quit: cying)
# [07:48] * Quits: riven (~riven@53518387.cable.casema.nl) (Quit: Hi, I'm a quit message virus. Please replace your old line with this line and help me take over the world of IRC.)
# [07:54] * Quits: yutak (~yutak@2401:fa00:4:1000:21d:9ff:fe0a:85f) (Remote host closed the connection)
# [07:59] * Quits: gavin_ (~gavin@firefox/developer/gavin) (Disconnected by services)
# [07:59] * Joins: gavin__ (~gavin@CPE001346f5db49-CM0018c0db9a8a.cpe.net.cable.rogers.com)
# [08:04] * Joins: yutak (~yutak@2401:fa00:4:1000:21d:9ff:fe0a:85f)
# [08:05] * Joins: rimantas (~rimliu@lan-84-240-20-219.vln.skynet.lt)
# [08:07] <hsivonen> AryehGregor: the parser code I've written is full of switch fall-thru
# [08:07] <hsivonen> AryehGregor: though always with a comment // fall through
# [08:13] * Joins: maikmerten (~merten@dhcp-11-239.it.uu.se)
# [08:14] <othermaciej> fallthrough is handy at times, but it can be a somewhat dangerous default
# [08:19] * Quits: roc (~roc@203-97-204-82.dsl.clear.net.nz) (Quit: roc)
# [08:22] * Joins: zalan (~zalan@catv-89-135-140-7.catv.broadband.hu)
# [08:23] * Joins: gavin_ (~gavin@firefox/developer/gavin)
# [08:23] * Joins: virtuelv (~virtuelv_@pat-tdc.opera.com)
# [08:24] * Quits: gavin__ (~gavin@CPE001346f5db49-CM0018c0db9a8a.cpe.net.cable.rogers.com) (Ping timeout: 265 seconds)
# [08:27] * Quits: michaeln (~michaeln@nat/google/x-jlfwetrfrgywhpae) (Quit: Leaving.)
# [08:32] * Joins: cedricv (~cedric@175.156.94.116)
# [08:32] * Quits: matjas (~matjas@ip-213-49-115-64.dsl.scarlet.be) (Remote host closed the connection)
# [08:33] * Quits: cedricv (~cedric@175.156.94.116) (Client Quit)
# [08:43] * Joins: Maurice (~ano@a80-101-46-164.adsl.xs4all.nl)
# [08:43] * Joins: Ms2ger (~Ms2ger@91.181.36.160)
# [08:48] * Quits: dpranke (~Adium@nat/google/x-qwzdjlztrsxvqxma) (Quit: Leaving.)
# [08:50] * Joins: henrikbjorn (~henrik@80.199.116.190.static.peytz.dk)
# [08:54] * Joins: shepazu (~schepers@2001:660:330f:38:21e:52ff:fe81:88fa)
# [09:00] * Joins: peol (~peol@unaffiliated/peol)
# [09:01] * Quits: MikeSmith (~MikeSmith@EM111-188-22-30.pool.e-mobile.ne.jp) (Ping timeout: 264 seconds)
# [09:02] * Quits: Maurice (~ano@a80-101-46-164.adsl.xs4all.nl) (Quit: Disconnected...)
# [09:02] * Joins: MikeSmith (~MikeSmith@EM114-48-216-138.pool.e-mobile.ne.jp)
# [09:03] * Joins: FireFly (~firefly@unaffiliated/firefly)
# [09:06] * Quits: Amorphous (jan@unaffiliated/amorphous) (Ping timeout: 276 seconds)
# [09:14] * Joins: Maurice (~ano@a80-101-46-164.adsl.xs4all.nl)
# [09:18] * hsivonen has trouble locating the processing rules for <base target>
# [09:19] <hsivonen> aargh. I'm accidentally reading the multipage version
# [09:19] * Joins: JonathanNeal (~Jonathan_@99-59-124-67.lightspeed.irvnca.sbcglobal.net)
# [09:19] <hsivonen> no wonder I don't find anything
# [09:20] * Joins: Amorphous (jan@unaffiliated/amorphous)
# [09:20] <hsivonen> found it
# [09:24] * Joins: mhausenblas (~mhausenbl@wg1-nat.fwgal01.deri.ie)
# [09:26] <hsivonen> XML FTW! Minefield update failed due to a failure to parse an update file.
# [09:37] * Quits: JonathanNeal (~Jonathan_@99-59-124-67.lightspeed.irvnca.sbcglobal.net) (Ping timeout: 245 seconds)
# [09:39] * Quits: FireFly (~firefly@unaffiliated/firefly) (Quit: swatted to death)
# [09:43] * Joins: davidhund (~davidhund@78-27-27-74.dsl.alice.nl)
# [09:46] * Joins: annevk (~annevk@193.214.121.245)
# [09:47] * Quits: reni_ (~reni@sedkit.inf.u-szeged.hu) (Remote host closed the connection)
# [09:52] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Quit: espadrine)
# [09:53] * Joins: bblfish (~bblfish@wlan-nat.fwgal01.deri.ie)
# [09:53] <bblfish> hi
# [09:53] * Joins: cying (~cying@c-24-4-120-70.hsd1.ca.comcast.net)
# [09:53] <hsivonen> bblfish: hi
# [09:54] <bblfish> There is a browser security issue that affects every browser and that is very easy to fix
# [09:54] <bblfish> hi hsivonen
# [09:54] * Joins: reni_ (~reni@sedkit.inf.u-szeged.hu)
# [09:54] <bblfish> I am wondering if this is something I could bring to the attention of the group here
# [09:55] <Hixie> is it something that could harm users if attackers learnt of it?
# [09:55] <hsivonen> bblfish: if it's not already publicly known, it would probably be more appropriate to report it via the security bug mechanism of the top browsers
# [09:55] * Quits: annevk (~annevk@193.214.121.245) (Quit: annevk)
# [09:55] <bblfish> well it's an anonymity issue to do with ssl
# [09:56] <bblfish> as well as a useability issue
# [09:57] <hsivonen> Hixie: btw, it turned out that there's a software package whose output breaks with HTML5-compliant <base> handling
# [09:57] <hsivonen> (hyperlatex)
# [09:57] <bblfish> It's not an exploit
# [09:57] <hsivonen> I'm treating it as evang, though, since the output already breaks in IE8
# [09:58] <hsivonen> kinda sucks though, since there is hyperlatex output in the long tail of Web sites on multiple sites
# [09:58] <bblfish> (though perhaps it could be used as an exploit: but really it's stopping the adoption of client side SSL)
# [09:58] <Hixie> hsivonen: yeah, we know it might break things
# [09:58] * Quits: cying (~cying@c-24-4-120-70.hsd1.ca.comcast.net) (Quit: cying)
# [09:58] <Hixie> if it's not something that could be used to attack users, it's fine to talk about it here
# [09:59] <bblfish> ok, it's very simple. Imagine you want a site to be completely behind SSL
# [09:59] <Hixie> we just don't want attackers hearing about bugs that they can then turn around and use to install malware on a million machines tomorrow (or whatnot)
# [09:59] <Hixie> at least not before we've had a chance to fix them :-)
# [09:59] <bblfish> and imagine that you want to use SSL for client side auth
# [10:00] <bblfish> currently the client will be asked for his certificate before he sees the first page
# [10:00] <bblfish> which is a bad UI experience
# [10:00] <hsivonen> bblfish: client-side certs indeed have a ridiculously bad UX
# [10:01] <bblfish> also the client if he choose a client side cert, will not be able to change it later
# [10:01] <bblfish> ie: he can't logout
# [10:01] <bblfish> so the solution is very very simple, and fixes both issues
# [10:02] <bblfish> in the URL bar of the browser the browser should show the server cert used, but also the client cert
# [10:02] <bblfish> and the first login to a site it should allow the client to be logged in anonymously
# [10:03] <bblfish> ie: if the server asks for a cert anonymously, the browser should not send one (if the user chooses that as a general preference)
# [10:03] <bblfish> and the browser should show the anonymous cert in the tool bar
# [10:03] <bblfish> then the user should be able to click on the client cert, and login by choosing his certificate
# [10:04] <hsivonen> bblfish: that's probably worth filing as a UI feature request for each browser
# [10:04] <bblfish> if you do that, then client side certs become useable, and extreemly useful, and you don't have the danger that a server track a user without his knowledge
# [10:04] <hsivonen> bblfish: however, I'd expect client-side certs to be very, very low in the UI teams' priorities
# [10:05] <bblfish> hsivonen: I have file this with Firefox, Chromium, Safari, Opera
# [10:05] <hsivonen> bblfish: great
# [10:05] <Hixie> do people still use client-side certs?
# [10:05] <bblfish> but I think that perhaps if I bring it up here, then people can follow up on it
# [10:05] <Hixie> (have people ever used client certs?)
# [10:06] <bblfish> Hixie: with the WebID protocol, we believe that we can make client side certs and every day experience
# [10:06] <Hixie> what problem do they solve?
# [10:06] <bblfish> the login problem
# [10:06] <Hixie> what login problem
# [10:07] <bblfish> the one that OpenId is trying to solve
# [10:07] <Hixie> isn't that solved by, like, entering a username and password
# [10:07] <bblfish> the nice thing with client certs is that you don't need to enter a username/password
# [10:07] <bblfish> you can just click a cert
# [10:07] <bblfish> and it's secure
# [10:08] <bblfish> and built right in the browser
# [10:08] <Hixie> doesn't that mean i'm stuck if i ever use another computer?
# [10:08] <bblfish> nope :-)
# [10:08] <Hixie> or if i poor water into my laptop as i did recently
# [10:08] <Hixie> pour even
# [10:08] <hsivonen> bblfish: isn't Firefox Account Manager solving the login problem without client-side certs?
# [10:09] <bblfish> here is a 4 minute video that shows how easy it is to create a cert http://www.youtube.com/watch?v=S4dlMTZhUDc
# [10:09] <bblfish> and get a new one for each browser
# [10:09] <bblfish> it's just a one click affair
# [10:09] <Hixie> that you need a 4 minute video is a little disconcerting :-)
# [10:09] <bblfish> Hixie: I am not a video artist
# [10:10] <hsivonen> bblfish: does WebID also rely on FOAF/RDF in addition to client-side certs?
# [10:10] <Hixie> i've never had to show someone a video to explain how to use a password ;-)
# [10:10] <bblfish> hsivonen: It does not need to
# [10:10] * Joins: JonathanNeal (~Jonathan_@99-59-124-67.lightspeed.irvnca.sbcglobal.net)
# [10:10] <bblfish> Hixie: I think in the early days of the web you probably had to show people a video
# [10:11] <Hixie> in the early days of the web you were lucky to get images, let alone a video
# [10:11] <hsivonen> in 2003 I had to help my superiors use smartcard-resident client-side certs with IE
# [10:11] <Hixie> but that's another story
# [10:11] <hsivonen> the experience was even worse than it necessarily had to be
# [10:11] <bblfish> the point here is that you asked me if it was difficult, and a video makes the point clearly. It saves typing
# [10:11] <Hixie> i don't really see what's wrong with typing in a password to be honest
# [10:12] <Hixie> i mean, for secure sites you want some sort of second factor authentication, obviously
# [10:12] <hsivonen> (IE copied the public part of the cert to its local storage, so on subsequent logins there were two identically-titled certs to choose from but only the one that was actually coming from the smartcard worked)
# [10:13] <bblfish> Hixie: if you look at the video you'll see that in our use case we still have one site with passwords
# [10:13] <Hixie> wait so you have passwords AND certs?
# [10:13] <Hixie> wouldn't it be better just to use OAuth
# [10:14] <bblfish> Well why not fix the browser bug?
# [10:14] <bblfish> and get real identity in the browser
# [10:15] <bblfish> it's a minor UI fix frankly, and the browser vendors would get maximum benefit, as well as allowing real security on the internet
# [10:15] <bblfish> and it's a bug
# [10:15] * Joins: jeremyselier (~Jeremy@pro75-4-82-238-200-10.fbx.proxad.net)
# [10:15] <Hixie> what's the benefit of "real identity"?
# [10:16] <bblfish> as I said, no username password. On cell phones that is really cool
# [10:16] <bblfish> one cert to login to any site you want to
# [10:17] <Hixie> you just said that you did have a username and password
# [10:17] <bblfish> and the browser anyway, should show the user what information he is sending to the site
# [10:17] <Hixie> i don't want different sites to be able to tell i'm the same person!
# [10:17] <bblfish> Hixie: not necessarily - and only for one site
# [10:17] <Hixie> that'd be terrible
# [10:17] <Hixie> if you want to just have central login, just use oauth
# [10:17] <bblfish> Hixie: exactly: that is why the browser should show you what idenitty you are using when you log in
# [10:17] <boblet> hey all, re: nav, I received a question about having a duplicate main nav in the page footer — logically seems to be appropriate for <nav> but duplicate so I wouldn’t…
# [10:18] <wirepair> my understanding of client side certs is *only* for 2 factor auth
# [10:18] <wirepair> you seem to be wanting to use it for something different
# [10:18] <wirepair> it's mainly for the servers protection
# [10:18] <boblet> …worth adding something to spec about major navigation blocks being unique, or is this something that AT should automatically filter?
# [10:18] <bblfish> wirepair: it can also be used for client side auth
# [10:18] <wirepair> but why
# [10:19] <wirepair> ?
# [10:19] <bblfish> because then you have identity in the browser
# [10:19] * Joins: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [10:19] <wirepair> why do i want identity in the browser?
# [10:19] <Hixie> that's not something i want
# [10:19] <wirepair> exactly
# [10:19] <Hixie> it's actively something i don't want
# [10:19] <wirepair> i'd rather be anonymous unless i *chose*
# [10:19] <Hixie> exactly
# [10:19] <wirepair> to i dunno, Login.
# [10:19] <wirepair> ;)
# [10:19] <Hixie> boblet: not sure i follow
# [10:19] <bblfish> wirepair: that's exactly what the point of the fix I am proposing would do
# [10:19] * Joins: ROBOd (~robod@89.123.136.161)
# [10:20] <bblfish> alow you to be anonymous unless you choose
# [10:20] <boblet> hixie: main nav links duplicated in page header and footer
# [10:20] <wirepair> but i'm already doing that
# [10:20] <bblfish> and also *show* you what you logged in as
# [10:20] <Hixie> bblfish: why is it better to pick a cert rather than have the browser remember my username/password?
# [10:20] <Hixie> boblet: what about them?
# [10:20] <bblfish> because username/pass are the biggest security hole on the internet
# [10:20] <bblfish> it's well known
# [10:20] <wirepair> and what makes a cert better?
# [10:21] <bblfish> it uses cryptography
# [10:21] <Hixie> a cert is better than a password because it's essentially a longer password
# [10:21] <bblfish> the same reason the web took off after 1997 when SSLv3 came out
# [10:21] <Hixie> (a much, much longer password)
# [10:21] <boblet> Hixie: if both use <nav> then there’d be two items in an AT-constructed list of <nav> with identical content (well, theoretically, one day)
# [10:21] <wirepair> it really comes down to what are you protcting against
# [10:22] <wirepair> i mean if i pop your box, i don't really care if you use a cert
# [10:22] <wirepair> i'll just either extract your keys
# [10:22] <bblfish> it is much better than a password. It is asymetrical
# [10:22] <wirepair> or setup a sniffer
# [10:22] <boblet> I guess if the titles are identical the user can guess the content is duped
# [10:22] <bblfish> you don't send the private key to the server
# [10:22] <wirepair> pop your box == exploit a vulnerability and gain access to your system
# [10:23] <bblfish> you get authentication without the server being able to reuse the password or try it out on another site
# [10:23] <wirepair> i mean, most sites when i go to login, i do it over SSL anyways, not sure what a client cert would give me
# [10:23] <Hixie> boblet: it seems silly to have the same content twice on the page, ideally we'd use CSS to duplicate content if we had to, but in the absence of that, i see nothing wrong with having it twice in the page
# [10:23] <Hixie> boblet: you can hide it from ATs if you really want to by saying role=presentational or some such
# [10:23] <Hixie> wirepair: passwords are insecure in practice because people pick terribly bad predictable passwords
# [10:24] <bblfish> wirepair: if you pop someone's box then of course things are always in the air: with crypto it is possible to go further and put the private key on a hardware device
# [10:24] <wirepair> hixie, i'm a security professional i'm playing devils advocate here ;)
# [10:24] <Hixie> ah ok
# [10:24] <Hixie> just checking :-)
# [10:24] <Hixie> personally i think a cert is dumb because it's tied to the machine
# [10:24] <bblfish> wirepair: did you check the video I sent?
# [10:24] <boblet> Hixie: aah interesting. thanks
# [10:24] <Hixie> i don't want to have to create a new cert on each device i have
# [10:24] <wirepair> i mean i've worked with client certs before they are a pain
# [10:24] <Hixie> let alone devices that aren't mine
# [10:24] <wirepair> for *everyone* involved
# [10:24] <bblfish> Hixie: in that video I show that it is cheap to create a cert
# [10:24] <wirepair> not just the client
# [10:25] <wirepair> create != distribute
# [10:25] <wirepair> and manage
# [10:25] <Hixie> bblfish: it's a step i don't have to do if i just use username+password+2ndfact+oauth
# [10:25] <Hixie> 2ndfactor even
# [10:25] <bblfish> Hixie: I know you are in love with oauth
# [10:25] <bblfish> but perhaps it's blinding you to some obvious solution
# [10:26] <bblfish> I mean obvious solutions can be very difficult to see
# [10:26] <wirepair> i'll bite and watch your movie ;)
# [10:26] <Hixie> actually if you knew me you'd know my like of oauth is minimal
# [10:26] <bblfish> ah ok
# [10:26] <bblfish> sorry don't know everyone here
# [10:26] * Joins: DefV (jan@november.openminds.be)
# [10:26] <bblfish> (probably know hardly anyone)
# [10:26] <Hixie> but maybe your love of certs is blinding you to the same thing :-)
# [10:27] <Hixie> why are certs superior to having a site be your oauth login provider?
# [10:27] <bblfish> Hixie: I know oauth, and the advantage of certs is that you can do the same as oauth in 1-2 connections that oauth/openid would take a lot more
# [10:27] <hsivonen> Hixie: Firefox Sync solves the device problem
# [10:27] <Hixie> (actually yeah i guess i really mean openid, not oauth)
# [10:27] <bblfish> ah ok
# [10:28] <Hixie> (shows how much i love them)
# [10:28] <hsivonen> (as long as all your devices run Firefox Sync-compatible browsers)
# [10:28] <hsivonen> I guess in theory, Firefox Sync could sync client-side certs, too
# [10:28] <Hixie> hsivonen: given how often i (a) nuke profiles, (b) change browsers, and (c) use computers that aren't mine, cloud sync wouldn't help me at all
# [10:28] <bblfish> yes. But if you look at the video you don't really need to sync client side certs: they are cheap to make
# [10:29] <hsivonen> but then you'd end up encrypting your private key with a shorter Firefox Sync pass phrase
# [10:29] <Hixie> they're not cheap to make compared to typing in a username and password
# [10:29] <wirepair> then what does it gain you if they're cheap to make?
# [10:29] <bblfish> (though this brings in WebID. And I was hoping not to bring that one also into this debate)
# [10:29] <wirepair> i mean i just watched it and you'd have to put in your username/password to generate a new cert no?
# [10:29] <Hixie> since you'd have to type in a username and password to get the cert associated with your account in the first place
# [10:29] <wirepair> exactly ehe
# [10:29] <Hixie> basically it would be entirely inferior to not having a cert
# [10:29] <hsivonen> Hixie: if you wear your tinfoil hat properly, you should expect everything to have been compromised at c)
# [10:29] <bblfish> yes, you have 1 site you need some id for - perhaps one time password
# [10:29] <Hixie> in every way
# [10:30] <Hixie> hsivonen: they're not random computers
# [10:30] <bblfish> but once you have that you can log into every site
# [10:30] <wirepair> bblfish, then the backend server *still* needs to store my username and password
# [10:30] <wirepair> right?
# [10:30] <hsivonen> Hixie: ok
# [10:30] <wirepair> so ... your earlier threat scenario, doesn't really matter
# [10:30] * Quits: JonathanNeal (~Jonathan_@99-59-124-67.lightspeed.irvnca.sbcglobal.net) (Ping timeout: 245 seconds)
# [10:30] <bblfish> wirepair: the back end server could send you a password via phone
# [10:31] <wirepair> so now i need an sms provider
# [10:31] <bblfish> you have one identity provider site (you could have a few). you use that to create your cert in one click.
# [10:31] <Hixie> bblfish: what you are describing is username+password+click a few buttons to make a cert+openid or oauth to get the 3rd party site to know who the new cert represents
# [10:31] <wirepair> i'll stick with username/passwords ;/
# [10:31] <Hixie> bblfish: how is that in any way superior to username+password+2nd factor+openid or oauth to get the 3rd party site to know who the new cookie represents?
# [10:31] * Joins: mat_t (~mattomasz@91.189.88.12)
# [10:32] <Hixie> bblfish: (ways in which it is inferior: the security is no better than the password in your model)
# [10:32] * Joins: zdenekkostal (~Miranda@ip-89-102-182-215.net.upcbroadband.cz)
# [10:32] <Hixie> bblfish: (and it takes ten times longer)
# [10:32] * Quits: Peter` (~peter@170-116.citynet.ftth.internl.net) (Ping timeout: 265 seconds)
# [10:32] <Hixie> bblfish: (and it doesn't work today with any sane UI)
# [10:32] <Hixie> bblfish: (and it doesn't have 2 factors)
# [10:33] <bblfish> the security is better than password. because you only have one site that you send a password to. All other sites can then be logged into in one click
# [10:33] <bblfish> and you only need to do that once
# [10:33] <Hixie> that is the same as with what i'm suggesting
# [10:33] <bblfish> you need to do the same with Firefox sync btw
# [10:33] <Hixie> except that i'm suggesting you have to send _more_ than just the password to the original site
# [10:33] <bblfish> you need to remember the password of the sync file
# [10:33] <Hixie> you have to send a second factor
# [10:33] <bblfish> what is the second factor?
# [10:33] <Hixie> (i am not suggesting anyone use firefox sync)
# [10:34] <Hixie> the second factor can be whatever you want, e.g. a code sent by SMS, or a password calculator
# [10:34] <bblfish> Well firefox sync could be the solution to not even having to have any site know your password
# [10:34] <bblfish> making things even more secure
# [10:34] <bblfish> I am trying to work with what we have
# [10:34] <Hixie> what do you mean, what we have?
# [10:34] <hsivonen> bblfish: with Firefox Sync, to be secure, you make up a long string of random characters, write it on paper, type it into each of your Firefox Sync instance and put the paper into a safe
# [10:34] <bblfish> well the vieo is what works in current browsers
# [10:35] <Hixie> my main authentication provider today uses two factors, a password and a code calculator
# [10:35] <bblfish> cool. So it can use that too
# [10:35] <bblfish> it all depends on how secure you want to be
# [10:35] <Hixie> ok but how is the cert helping any?
# [10:35] <bblfish> it allows you once in the browser to log into any site
# [10:35] <Hixie> if i have an auth provider that's secure, what more do i need?
# [10:36] <Hixie> i have that today with openid
# [10:36] <bblfish> well openid requires 7 ssl connections
# [10:36] <bblfish> http://blogs.sun.com/bblfish/entry/the_openid_sequence_diagram
# [10:37] <bblfish> that means there are plenty of cases where it can break down
# [10:37] <Hixie> well if you want to argue for moving openid up into the browser so we can get it down to 2, i'm all for it
# [10:37] <Hixie> but that's far better than trying to use client certs imho
# [10:37] <bblfish> and if openid wants to avoid physching, it also needs the client side cert part
# [10:37] <Hixie> how so
# [10:38] <bblfish> because you could go to a site, and it redirect you to a site that looks very much like your openid provider
# [10:38] * Joins: Peter` (~peter@170-116.citynet.ftth.internl.net)
# [10:38] <Hixie> (what you described would be emminently susceptible to phishing, btw -- just send the user an e-mail asking the user to go to the attacker's site and type in the cert password, so the attacker can create a cert for himself as if he was the user on a new machine)
# [10:38] <bblfish> Also OpenId is not restful
# [10:39] <bblfish> Hixie: that only happens once in a user's browser lifetime. A user would rarely create a certificate
# [10:39] <bblfish> openid requires you to go to the openid site every time
# [10:39] <Hixie> openid only requires you to log in once
# [10:40] <Hixie> after that the redirects are all silent
# [10:40] <bblfish> yes, but every time you login you end up at that site
# [10:40] <Hixie> so?
# [10:40] <Hixie> the user doesn't see that
# [10:40] <bblfish> well with client certs that is not the case
# [10:40] <Hixie> so?
# [10:40] <Hixie> who cares
# [10:41] <Hixie> it works fine
# [10:41] <bblfish> well if the user wishes his attributes to be updated then it is a problem
# [10:41] * Quits: homata_ (~homata@e0109-119-107-210-33.uqwimax.jp) (Read error: Connection reset by peer)
# [10:41] <Hixie> i can't recall ever having wanted to Update my Attributes when using OpenID
# [10:42] <bblfish> so Hixie: what is your problem? A fix to the SSL stack is easy, and it could allow certain things to happen, which should be fixed anyway
# [10:42] <Hixie> i have no problem, that's my point
# [10:42] <Hixie> everything works fine today
# [10:42] <Hixie> no need to change anything :-)
# [10:42] <bblfish> not really
# [10:42] <Hixie> in fact we should just nuke the whole client cert feature
# [10:42] <bblfish> you cannot use client side certs to their full potential
# [10:43] <Hixie> simplify browsers
# [10:43] <bblfish> and it would be easy to fix
# [10:43] <Hixie> using client certs at all is not a goal, imho
# [10:43] <Hixie> it's an antigoal
# [10:43] <bblfish> that's because you don't understand their potential
# [10:43] <Hixie> users in general do not understand cryptography
# [10:43] <Hixie> it's like trying to get them to understand RDF
# [10:43] <Hixie> it's a lost cause
# [10:43] <bblfish> users don't understand html Hixie but they can use browsers
# [10:44] <Hixie> users understand HTML well enough to use it
# [10:44] * Quits: rsteiner (~rolandste@2401:fa00:4:1000:225:ff:feee:ff2b) (Quit: rsteiner)
# [10:44] <Hixie> you can fail to understand 90% of HTML yet still succeed at it
# [10:44] <bblfish> Hixie: you are clutching on straws
# [10:44] <Hixie> but if you only understand 95% of crypto, you'll shoot yourself in the foot
# [10:44] <bblfish> you are using "Users" in two different ways
# [10:44] <Hixie> which two ways?
# [10:45] <bblfish> once you mention developers and then end users (mom, pops)
# [10:45] <Hixie> (i've had the same person in mind every time i've said users so far)
# [10:45] <bblfish> you uses a very generic term
# [10:45] <Hixie> no, i actually meant end users when i mentioned HTML, as I thought you did
# [10:45] <bblfish> if you mean developers say so
# [10:45] <Hixie> in this particular case, i was thinking of someone blogging on livejournal
# [10:45] <bblfish> ok, so end users don't understand html
# [10:45] <Hixie> where they'd understand little bits of HTML, enough to make their text emphasised or add a link
# [10:46] <bblfish> that's why there is wiki syntax
# [10:46] * Joins: sean` (~Sean@i219049.upc-i.chello.nl)
# [10:46] <bblfish> those same users have no problem understand client side certs. It's a UI presentation issue
# [10:46] <bblfish> that's all
# [10:46] <Hixie> lol
# [10:46] <Hixie> please
# [10:47] <bblfish> I am not joking
# [10:47] <bblfish> the issue is completely solved by the fix I am proposing
# [10:47] <Hixie> then you should do some usability studies
# [10:47] <bblfish> I bet you 10000 dollars that I am right
# [10:47] <bblfish> your useability studies are missing some key issues
# [10:48] * Joins: roc (~roc@121.98.230.221)
# [10:48] <Hixie> i challenge you to walk out to your nearest bar, pick someone randomly from the dance floor, and ask them to explain what a "Client Certificate" is
# [10:49] * Joins: Phae (~Phae@chimera.macmillan.com)
# [10:49] <bblfish> who cares. I challenge you to go into the nearest bar and ask them to explain what html is
# [10:49] <Hixie> i live in mountain view so that's likely to get a different effect than you want
# [10:50] <bblfish> well then the guy will probably also know what client certs are
# [10:50] <bblfish> too
# [10:50] * Joins: akamike (~akamike@94-193-106-14.zone7.bethere.co.uk)
# [10:50] <Hixie> one of us is dramatically out of touch with your average user, or even with average power user
# [10:50] <Hixie> it could be me
# [10:50] <Hixie> but i doubt it
# [10:50] <bblfish> anyway - the reason most people won't know is just that people don't use them. And the reason they don't use them is complex, but it is not because they are difficult to use
# [10:51] <Hixie> it's because they are easy to misuse
# [10:51] <bblfish> I mean web sites don't use them
# [10:51] <bblfish> passwords are a lot easier to misuse
# [10:51] <Hixie> and users don't even understand the importance of passwords
# [10:51] <bblfish> a good reason to remove passwords altogether
# [10:51] <bblfish> and to move to certs
# [10:52] <Hixie> so getting them to understand asymetric crypto, private and public keys, etc...
# [10:52] <Hixie> your solution doesn't get rid of passwords!
# [10:52] <bblfish> you don't have to get them to understand that!
# [10:52] <bblfish> you just make sites that use that
# [10:52] <bblfish> simple
# [10:52] <Hixie> anyway, i have to return to work
# [10:52] <Hixie> so, good luck
# [10:52] <bblfish> nice talking to you Hixie. I should come to mountain view and give a talk
# [10:53] <bblfish> It's a bit odd: the issue is one of perception only
# [10:54] <Hixie> i hear the same from the RDFa guys :-)
# [10:54] <bblfish> I like RDFa but btw, WebID would work with normal XML too
# [10:54] <Hixie> rather than give a talk, i recommend deploying it and proving me (us) wrong
# [10:55] <Hixie> XML is another technology that's basically dead on the web
# [10:55] <bblfish> well have a look at the video: that proves you wrong. we are working on deployments
# [10:55] <bblfish> Ok, it could work with json too
# [10:55] <bblfish> we have defined the protocol so we don't take syntax sides
# [10:55] <bblfish> no syntax wars here
# [10:55] <hsivonen> "could work with JSON" isn't good enough
# [10:55] <Hixie> what will prove me wrong is facebook, twitter, gmail, etc, using client certs as a default (or only) login mechanism.
# [10:56] <hsivonen> only uses JSON is ok
# [10:56] <bblfish> Hixie: ok. So you are not a path burner
# [10:56] <zcorpan_> Hixie: didn't you have work to do? :)
# [10:56] <hsivonen> unfortunately, the Web Finger stuff relies on an XML monstrosity
# [10:56] <hsivonen> which could very well be JSON
# [10:56] <Hixie> bblfish: no, i'm a paver of cowpaths :-)
# [10:56] <Hixie> quite the opposite
# [10:56] <hsivonen> but since the XML format is there, now every implementation has to support the XML thing even if a JSON alternative were possible
# [10:57] <bblfish> well in this case it would be very minimal effort to fix a few bugs
# [10:57] <Hixie> bblfish: so do it and submit patches :-)
# [10:57] <Hixie> standardisation is about finding what trails were blazed, and building ducts and highways and so forth to use them
# [10:57] <Hixie> it's not about innovation
# [10:57] <bblfish> well the reason I am here is to chat to people who have access to browser vendors
# [10:57] <Hixie> innovation is what happens before you get standards
# [10:58] <bblfish> good, we are innovating with WebID - and again what I am proposing was just a use case for why I thought those patches would be useful
# [10:58] <Hixie> bblfish: best to just approach the browsers directly and submit running code (especially for something like certs, which have nobody working on them at all)
# [10:58] <bblfish> yes. I have done that. But sometimes it can be good to have other entry points
# [10:59] <bblfish> there are other players who can find this interesting: banks, security agencies, governments, and other hackers
# [10:59] <bblfish> and I thought perhaps this group here could be interested
# [11:00] <Hixie> i'm afraid most of us are probably too joded by past experience with client side certs at this point to believe in anything until we've seen it actually used by millions of regular users daily
# [11:01] <bblfish> the very nice thing about certs bytw is that it is completely standardised . No intellecutal property
# [11:01] <bblfish> Hixie: We are working on getting that done. While doing it we found an issue that would be easy to fix. I reported it to browser vendors.
# [11:01] <Hixie> so you said :-)
# [11:01] <bblfish> then I thought it could be a good channel to bring this up here
# [11:02] <Hixie> well you're definitely welcome to discuss it here :-)
# [11:02] <Hixie> but that doesn't mean we have to think it's a good idea :-)
# [11:02] <bblfish> of course: freedom of thought
# [11:03] <bblfish> Hixie: if you look at my two videos you'll see that at least part of your issues are solved - it is easy to create a cert, and to have a different one for each browser
# [11:03] <bblfish> did you know that before seeing the video?
# [11:04] <Hixie> yes, i specced <keygen>
# [11:04] <bblfish> ah cool
# [11:04] <Hixie> i am actually pretty familiar with this topic
# [11:04] <Hixie> whence my jadedness
# [11:04] <bblfish> ok. Did you see the possibility of creating on the fly client certs?
# [11:04] <bblfish> that could be used across web sites?
# [11:05] <Hixie> as opposed to what?
# [11:05] <Hixie> i do understand what you're proposing
# [11:05] <bblfish> well currently people have to go to a CA
# [11:05] <bblfish> which is very tedious
# [11:05] <bblfish> and costly
# [11:05] <Hixie> how so?
# [11:05] <bblfish> we don't require CAs
# [11:05] <Hixie> <keygen> doesn't require CAs
# [11:05] <bblfish> no, but until now keygen has created certs that only work for 1 web site
# [11:06] <bblfish> I think that is the way they are usually used
# [11:06] <Hixie> um, no?
# [11:06] <Hixie> oh well it's often only used that way, yes
# [11:06] <Hixie> but there's no inherent limitation
# [11:06] <bblfish> no: no limitation in keygen. You did an excellent job
# [11:06] <bblfish> I love keygen
# [11:06] <Hixie> i hate it personally :-)
# [11:06] <Hixie> had to spec it because people use it for some ungodly reason
# [11:07] <bblfish> but the limitation is in the way Certs are used: because either they are tied to a single site, or they have to be signed by a CA - that's how people have been thinking of certs up till now
# [11:07] <bblfish> and furthermore: there is very little flexibility in what you can put in a cert
# [11:07] <bblfish> nobody is going to put their buddies in the cert
# [11:08] <bblfish> or their telephone number
# [11:08] <bblfish> etc.
# [11:08] <bblfish> but if you go across sites that is what is important
# [11:08] <bblfish> you want to login and have the site know something about you
# [11:08] <Hixie> to you
# [11:08] <bblfish> (as OpenId does)
# [11:08] <bblfish> (with attribute exchange)
# [11:08] <Hixie> i desperately do not want the site to know anything about me except what i tell it, personally
# [11:08] <hsivonen> bblfish: fwiw, pretending to be a casual user, I had no idea what was going on in the video
# [11:09] <hsivonen> bblfish: how should the user know the magic that happened is safe?
# [11:09] <bblfish> hsivonen: It's not for a casual user, but for hackers like you
# [11:09] <hsivonen> bblfish: how would the user know how to back up a cert like Firefox said?
# [11:09] <bblfish> there is no need to back up the cert
# [11:09] * Joins: workmad3 (~workmad3@cspool86.cs.man.ac.uk)
# [11:09] * Parts: zcorpan_ (~zcorpan@c-ec9fe355.410-6-64736c14.cust.bredbandsbolaget.se)
# [11:09] <bblfish> that is a firefox UI issue
# [11:10] <Hixie> no, because anyone with the password can just generate a new one!
# [11:10] <Hixie> security = awesome
# [11:10] <hsivonen> Hixie: wait, what?
# [11:10] <Hixie> hsivonen: ask him how you get a new cert if you move to another computer
# [11:10] <hsivonen> maybe I should have followed along more carefully
# [11:11] * Joins: rolandsteiner_ (~rolandste@2401:fa00:4:1000:225:ff:feee:ff2b)
# [11:11] <bblfish> you get a new cert by having a shared secret with the identity provider. That can be a one time password, a password, something sent by sms, or whatever
# [11:11] <bblfish> or that information could be backed up using firefox sync
# [11:11] <bblfish> or some similar mechansim
# [11:12] <bblfish> or if you want full protection you have a USB crypto stick
# [11:12] <Hixie> hsivonen: basically this is just creating a much more expensive (in terms of CPU) cookie
# [11:13] <bblfish> Hixie: TLS has the equivalent of cookies with SSL sessions
# [11:13] <Hixie> hsivonen: (plus it provides a one-click solution to accidentally uploading your personal details to porn sites that use login)
# [11:13] <bblfish> but the point of this is to allow you to login to new sites
# [11:13] <Hixie> s/login/this mechanism for login/
# [11:14] <bblfish> well that is why browsers should show the user what client cert he is using when logging into a site
# [11:14] <hsivonen> bblfish: If this is just and expensive cookie, why is it user-visible unlike cookies?
# [11:14] <Hixie> bblfish: it's too late by then, isn't it :-)
# [11:14] <bblfish> cookies should also be user visible
# [11:15] <bblfish> that is what Firefox Weave is working on http://blogs.sun.com/bblfish/entry/identity_in_the_browser_firefox
# [11:15] <Hixie> i believe you've just gone past the edge of the local overton window
# [11:15] <bblfish> overton?
# [11:15] <jgraham> window
# [11:15] <Hixie> http://en.wikipedia.org/wiki/Overton_window
# [11:16] * Quits: Lachy (~Lachlan@cm-84.215.59.50.getinternet.no) (Quit: This computer has gone to sleep)
# [11:16] <bblfish> well the firefox weave people don't think that is a problem
# [11:16] <bblfish> As I say it's a UI issue
# [11:16] <hsivonen> bblfish: don't think what exactly is a problem?
# [11:16] <bblfish> Aza Raskin has some very good ideas there
# [11:17] <bblfish> well Hixie is suggesting that I went too far by suggesting that the user should be able to see the cookied
# [11:17] <bblfish> if you look at the prototypes here: http://blogs.sun.com/bblfish/entry/identity_in_the_browser_firefox
# [11:17] * jgraham doesn't understand how the linked screenshot implies users should be able to see the cookies
# [11:17] <bblfish> that is what the FF team is doing
# [11:17] <bblfish> ok. You see how you can see what you are logged in as?
# [11:18] <Hixie> i'm not saying you went too far, i'm saying that most people here think it's a crazy idea
# [11:18] <bblfish> you can see the server you are logged in and the identity you are logged in as
# [11:18] <hsivonen> Account Manager shows that you have logged in. it doesn't make you choose from a list of certs of cookies.
# [11:18] * Quits: shepazu (~schepers@2001:660:330f:38:21e:52ff:fe81:88fa) (Quit: shepazu)
# [11:18] <jgraham> That doesn't imply "user visible cookies" to me
# [11:18] <bblfish> good. Of course: cookies should be tied to your identity
# [11:18] <hsivonen> *certs or cookies
# [11:19] <bblfish> so to show the users identity is to show indirectly the cookies
# [11:19] <bblfish> and it will allow you to go to a site and notice that you are logged in and under what id
# [11:20] <Hixie> what sites don't already do that?
# [11:20] <bblfish> the sites show you. What we want is the browser to tell us.
# [11:20] * Joins: ZombieLoffe (~e@unaffiliated/zombieloffe)
# [11:20] <bblfish> so the site can't snoop
# [11:20] <Hixie> can't snoop what? the site is the one that decised what it means to be logged in
# [11:21] <bblfish> The browser can help for example to let you decide if you send cookies
# [11:21] <bblfish> that is why chrome has anonymous mode
# [11:21] <bblfish> for example
# [11:22] <Hixie> chrome's anonymous mode is to allow you to "buy gifts for your spouse" without them finding out
# [11:22] * Quits: Ms2ger (~Ms2ger@91.181.36.160) (Ping timeout: 265 seconds)
# [11:22] <jgraham> Hixie: Different anonymous mode I think
# [11:22] <Hixie> has nothing to do with showing cookies
# [11:22] <Hixie> wait, we have two anonymous modes?
# [11:23] <bblfish> ah. I need to look into anonymous mode. Sorry, I had a talk about that this morning, and thought it also did cookies
# [11:23] <bblfish> but anyway. It would be an idea
# [11:23] <jgraham> Hixie: I man I assume the thing in Account Manager is not just the normal anonymous mode
# [11:23] <bblfish> to be able to choose one's cookie set
# [11:23] <jgraham> Hixie: I could be wrong, I don't really know
# [11:23] <Hixie> i have really no idea what we're talking about any more
# [11:24] <bblfish> in the picture here http://blogs.sun.com/bblfish/entry/identity_in_the_browser_firefox
# [11:24] <jgraham> Oh, sorry I missed the change of topic to chrome
# [11:24] <Hixie> i thought we were talking about having the site be able to tell the browser that the user was logged in, and for the browser to display that somewhere prominent and pretty
# [11:24] <bblfish> it shows the user logged in as
# [11:24] <bblfish> yes. The web site can do it. But the browser could do that in a secure way
# [11:24] <Hixie> which doesn't add anything to do with security, it's just prettifying the current UI since each page does it differently
# [11:25] <bblfish> Ie: depending on what your browser shows, it would or not send cookies
# [11:25] <Hixie> cookies aren't only about being logged in
# [11:25] <bblfish> so you could select what you want to be logged in as
# [11:25] <Hixie> are you going to break all uses of cookies if you're not logged in?
# [11:25] <Hixie> what if the site supports multiple simultaneous logins?
# [11:25] <bblfish> well if you are not logged in, you get new cookies for your anonymous mode
# [11:26] <Hixie> what if the site doesn't have a concept of user login?
# [11:26] <bblfish> I suppose
# [11:26] <Hixie> but uses something else?
# [11:26] <Hixie> this is again far too confusing to ever make sense to a random user
# [11:26] <Hixie> you really should spend more time in usability studies to get an appreciation of how far this is from how users think
# [11:26] <bblfish> well I am not sure how the Weave team intend this to work in detail
# [11:27] <bblfish> Aza Raskin is a UI guy
# [11:27] <bblfish> I suppose he does see useability studies too
# [11:27] * Joins: Ms2ger (~Ms2ger@91.181.39.131)
# [11:28] <bblfish> with client side certs this can be just done even better. That's my argument in the blog post anywya. It would also be much simpler
# [11:29] <Hixie> well, let me know when you get to a few million 7-day actives
# [11:29] <bblfish> I think I won't have to ping you when it gets that far
# [11:29] <Hixie> and i'll be happy to retract my pessimism
# [11:29] <bblfish> pessimism should be justified. Otherwise it becomes a habit
# [11:30] <bblfish> :-)
# [11:30] * Joins: zcorpan_ (~zcorpan@c-ec9fe355.410-6-64736c14.cust.bredbandsbolaget.se)
# [11:30] * Joins: Lachy (~Lachlan@pat-tdc.opera.com)
# [11:30] <Hixie> i'm confident it is amply justified here, but i've already said my piece :-)
# [11:31] <Hixie> no need to beat you over the head with it :-)
# [11:31] <bblfish> well, my point is that there have been a few developments that you could not have forseen.
# [11:31] <bblfish> so you will need to re-assess your pessimism
# [11:32] <Hixie> i do not believe anything you have said so far in this conversation is new to me as far as certifications go
# [11:32] <Hixie> certificates, even
# [11:33] <bblfish> ah yes: did you see the potential of being able to login with one self-signed certificate to any number of sites globally, without using CAs?
# [11:34] <Hixie> sure, there's never been a limitation there, it's just not been done before because it's not especially useful or a good idea
# [11:34] * Quits: payman (~payman@pat.se.opera.com) (Remote host closed the connection)
# [11:34] <zcorpan_> new framing: http://www.ietf.org/id/draft-ietf-hybi-thewebsocketprotocol-01.txt
# [11:34] * Joins: seankoole (~Sean@i219049.upc-i.chello.nl)
# [11:34] <bblfish> there was no technical limitation. From the talks on the subject I give around the world, there was a psychological limitation
# [11:35] <bblfish> relating primarly to Distinguished Names coming from X.500 and not being global identitiers
# [11:35] <Hixie> i encourage you to give fewer talks and to spend more time getting it implemented :-)
# [11:35] <bblfish> ie, that is the technical limitation that lead to the impossibility of the intial vision being workable
# [11:36] <bblfish> we have implemetnations in every language http://esw.w3.org/Foaf%2Bssl
# [11:36] <Hixie> if this is as good as you think it is, you won't need talks to get people adopting it
# [11:36] <Hixie> they'll start adopting it before you want them to
# [11:36] <Hixie> as is happening with html5 :-/
# [11:36] <bblfish> the issue is psychological as I say
# [11:36] <bblfish> but I suppose the html5 wg never meet
# [11:36] <jgraham> zcorpan_: And now people want versioning :(
# [11:37] * Quits: sean` (~Sean@i219049.upc-i.chello.nl) (Ping timeout: 265 seconds)
# [11:37] <bblfish> because it's so good they don't need to?
# [11:37] <Hixie> bblfish: the whatwg has never had a face-to-face meeting or a teleconference meeting
# [11:37] <bblfish> well I travel, because I can too
# [11:38] <bblfish> It's fun to travel, and I get to see the world
# [11:38] <bblfish> discussing this with people in security has been very helpful
# [11:38] <bblfish> email is not always the best medium
# [11:39] * seankoole is now known as sean`
# [11:39] <bblfish> it helps understand what their issues are. And they ALWAYS come up with the same issues
# [11:39] <zcorpan_> hmm, -01 doesn't include Hixie's recent changes to the handshake (like subprotocol negotiation)
# [11:39] <Hixie> oh, hey, this means i should strip out websockets from the html spec huh
# [11:40] <hsivonen> zcorpan_: are all the relevant vendors on board with http://www.ietf.org/id/draft-ietf-hybi-thewebsocketprotocol-01.txt ?
# [11:40] <bblfish> and they are all related to the X.500 problem in the end.
# [11:40] <zcorpan_> Hixie: could you check with fette about your changes after -00 which don't seem to be included in -01?
# [11:40] <jgraham> zcorpan_: No, see Ian Fette's message
# [11:40] <zcorpan_> hsivonen: no idea
# [11:41] <Hixie> zcorpan_: he said there wasn't consensus on them in the wg, so he wanted to discuss them first
# [11:41] <hsivonen> I had hoped for the protocol to freeze in time for Firefox 4
# [11:41] <jgraham> hsivonen: It isn't even clear that all the relevant vendors are *participating*
# [11:42] * Quits: MikeSmith (~MikeSmith@EM114-48-216-138.pool.e-mobile.ne.jp) (Quit: The curfew tolls the knell of parting day... the plowman homeward plods his weary way)
# [11:42] <jgraham> e.g. I don't recall seeing anyone from Mozilla comment recently
# [11:42] <zcorpan_> Hixie: ok
# [11:43] <roc> I thought sayre was commenting
# [11:43] <Hixie> is anyone from microsoft involved?
# [11:43] <zcorpan_> are microsoft implementing websocket?
# [11:43] <Hixie> they sent lots of comments a while back
# [11:43] <jgraham> There is someone from microsoft that has commented a few times at least
# [11:44] <jgraham> Presumably they are quietly implementing, but that is pure speculation
# [11:44] * Joins: davidhund_ (~davidhund@78-27-27-74.dsl.alice.nl)
# [11:44] <zcorpan_> Hixie: personally i'd prefer if you didn't nuke websockets from the html spec just yet
# [11:44] <jgraham> roc: He at least posted some messages at the start of the month suggesting to cut scope and keep things simple
# [11:45] <jgraham> Doesn't really seem to have worked
# [11:45] * Quits: zdenekkostal (~Miranda@ip-89-102-182-215.net.upcbroadband.cz) (Read error: Connection reset by peer)
# [11:45] <Hixie> zcorpan_: why?
# [11:45] * Quits: davidhund (~davidhund@78-27-27-74.dsl.alice.nl) (Ping timeout: 245 seconds)
# [11:45] * davidhund_ is now known as davidhund
# [11:46] * Joins: zdenekkostal (~Miranda@ip-89-102-182-215.net.upcbroadband.cz)
# [11:46] <zcorpan_> Hixie: because then i don't know where to look. -01 doesn't include the recent changes
# [11:46] <Hixie> nor does the whatwg version
# [11:46] <Hixie> since it doesn't have -01's stuff
# [11:48] <zcorpan_> i guess our impl mostly matches -00 anyway
# [11:48] <jgraham> I don't like the appearance of lots of SHOULDs in the draft
# [11:48] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Ping timeout: 265 seconds)
# [11:49] <jgraham> I don't even know what some of them mean "Ping frames MAY be sent as a keep-alive mechanism, but if so the interval SHOULD be configurable.
# [11:49] <jgraham> "
# [11:49] <jgraham> Is that supposed to be a UI requirement?
# [11:51] <Hixie> send feedback to the hybi list
# [11:52] * Joins: hdhoang (~hdhoang@hdhoang.zahe.me)
# [11:52] <jgraham> Sure
# [11:53] <jgraham> Just being generally grumpy here first
# [11:53] <Hixie> ian hasn't got much experience writing specs, so feel free to school him in proper use of rfc2119 :-)
# [11:53] * Quits: sean` (~Sean@i219049.upc-i.chello.nl) (Read error: Connection reset by peer)
# [11:55] <Hixie> btw something to be careful about is checking whether terms in the ptocol spec and the api spec remain in sync
# [11:55] <Hixie> since the two are no longer in the same document i won't get warning when i gen the spec and break xrefs
# [11:56] <Hixie> or when ian breaks them
# [11:57] <jgraham> Am I missing something or is the spec not clear on what happens if you get something that looks like a fragmented message but out of order
# [11:57] <bblfish> anyway, thanks for listening Hixie. I'll go work on some more implementations in the mean time. Btw. WebId can also work with microdata
# [11:58] * Quits: zalan (~zalan@catv-89-135-140-7.catv.broadband.hu) (Read error: Connection reset by peer)
# [11:58] * Joins: zalan (~zalan@catv-89-135-140-7.catv.broadband.hu)
# [11:58] <jgraham> e.g. just more=0 opcode=0
# [12:05] * Joins: shepazu (~schepers@2001:660:330f:38:21e:52ff:fe81:88fa)
# [12:05] * Quits: paul_irish (~paul_iris@77.241.105.164) (Remote host closed the connection)
# [12:10] * Quits: shepazu (~schepers@2001:660:330f:38:21e:52ff:fe81:88fa) (Quit: shepazu)
# [12:16] * Joins: payman (~payman@pat.se.opera.com)
# [12:17] * Joins: annevk (~annevk@aas.attingo.nl)
# [12:19] * Quits: Lachy (~Lachlan@pat-tdc.opera.com) (Quit: Leaving)
# [12:24] * Quits: hdhoang (~hdhoang@hdhoang.zahe.me) (Remote host closed the connection)
# [12:30] * hsivonen wonders how much Yellow Box for Windows has been resurrected to enable Safari and iTunes on Windows
# [12:32] * Quits: annevk (~annevk@aas.attingo.nl) (Quit: annevk)
# [12:32] * Joins: hdhoang (~hdhoang@hdhoang.zahe.me)
# [12:37] * Quits: hdhoang (~hdhoang@hdhoang.zahe.me) (Ping timeout: 252 seconds)
# [12:38] * Joins: mike][inq_ (~mike@2001:858:5:303:224:81ff:fe12:b5c4)
# [12:38] * Quits: mike][inq_ (~mike@2001:858:5:303:224:81ff:fe12:b5c4) (Remote host closed the connection)
# [12:39] * Joins: Lachy (~Lachlan@pat-tdc.opera.com)
# [12:39] * Joins: hdhoang (~hdhoang@hdhoang.zahe.me)
# [12:42] * Joins: erlehmann (~erlehmann@dslb-094-223-095-061.pools.arcor-ip.net)
# [12:44] * Joins: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [12:46] * Joins: broquaint (c3d38bcfb5@cpc2-brig11-0-0-cust896.3-3.cable.virginmedia.com)
# [12:51] * Joins: wakaba_ (~wakaba_@122x221x184x68.ap122.ftth.ucom.ne.jp)
# [12:53] * Quits: wakaba_0 (~wakaba_@122x221x184x68.ap122.ftth.ucom.ne.jp) (Ping timeout: 258 seconds)
# [12:58] * Quits: othermaciej (~mjs@c-69-181-196-33.hsd1.ca.comcast.net) (Quit: othermaciej)
# [13:04] * Quits: agektmr (~Adium@2401:fa00:4:1012:fa1e:dfff:fee6:d74e) (Quit: Leaving.)
# [13:07] * Quits: broquaint (c3d38bcfb5@cpc2-brig11-0-0-cust896.3-3.cable.virginmedia.com) (Ping timeout: 260 seconds)
# [13:09] * Joins: broquaint (45b064ad95@cpc2-brig11-0-0-cust896.3-3.cable.virginmedia.com)
# [13:23] * Joins: paul_irish (~paul_iris@77.241.105.164)
# [13:29] * Quits: broquaint (45b064ad95@cpc2-brig11-0-0-cust896.3-3.cable.virginmedia.com) (Ping timeout: 264 seconds)
# [13:30] * Joins: broquaint (3177df993f@cpc2-brig11-0-0-cust896.3-3.cable.virginmedia.com)
# [13:31] * Quits: wakaba_ (~wakaba_@122x221x184x68.ap122.ftth.ucom.ne.jp) (Quit: Leaving...)
# [13:52] * Joins: shepazu (~schepers@mna75-10-82-243-125-40.fbx.proxad.net)
# [14:09] * Quits: boblet (~boblet@p1201-ipbf709osakakita.osaka.ocn.ne.jp) (Quit: boblet)
# [14:12] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Quit: espadrine)
# [14:12] * Joins: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [14:18] * Joins: davidb_ (~davidb@mozca02.ca.mozilla.com)
# [14:31] * Quits: shepazu (~schepers@mna75-10-82-243-125-40.fbx.proxad.net) (Quit: shepazu)
# [14:31] * Quits: nessy (~Adium@124-169-0-56.dyn.iinet.net.au) (Read error: Connection reset by peer)
# [14:35] * Joins: KaOSoFt (~maxzagato@190.24.156.162)
# [14:35] * Quits: KaOSoFt (~maxzagato@190.24.156.162) (Changing host)
# [14:35] * Joins: KaOSoFt (~maxzagato@unaffiliated/kaosoft)
# [14:43] * Quits: virtuelv (~virtuelv_@pat-tdc.opera.com) (Quit: Ex-Chat)
# [14:49] * Joins: eric_carlson (~ericc@17.203.15.26)
# [14:57] * Joins: MikeSmith (~MikeSmith@EM111-188-25-215.pool.e-mobile.ne.jp)
# [15:04] <MikeSmith> anybody know, is Anne away on vacation or something?
# [15:04] <MikeSmith> was he around yesterday?
# [15:05] <jgraham> MikeSmith: anne is around
# [15:05] <jgraham> just never at the same time as you
# [15:06] <MikeSmith> ah OK
# [15:06] <MikeSmith> I've just been sleeping
# [15:06] <MikeSmith> because of the summer heat
# [15:06] <MikeSmith> I just sleep all day long
# [15:06] <MikeSmith> and all night long
# [15:07] <KaOSoFt> No offense, but that sounds like anything but a human.
# [15:07] <KaOSoFt> ,_,
# [15:07] <MikeSmith> hey, it's human -- I get up for a couple hours to check my facebook wall
# [15:07] <KaOSoFt> ;_;
# [15:08] <MikeSmith> and send mass "this is the funniest thing I have ever read" e-mail messages with big attachments to all my friends
# [15:08] <KaOSoFt> You don't qualify to human, then.
# [15:08] <KaOSoFt> ._.
# [15:09] <MikeSmith> watch a little youtube, make some xtranormal videos of my own, of teddy bears cursing at each other
# [15:09] <KaOSoFt> That's... enough.
# [15:09] * KaOSoFt walks away slowly...
# [15:09] <MikeSmith> basically, pretty much the same stuff all you all are doing
# [15:09] <MikeSmith> the stuff the Web was designed for
# [15:09] * KaOSoFt is walking away
# [15:09] <KaOSoFt> >_>
# [15:10] * MikeSmith yawns
# [15:10] <jgraham> Teddy bears cursing at each other?
# [15:11] <MikeSmith> yeah
# [15:11] <MikeSmith> it's the funniest thing
# [15:11] <KaOSoFt> That's where I started walking away.
# [15:11] <KaOSoFt> Just me and my cat...
# [15:11] <MikeSmith> you can make the little bears say anything you want
# [15:11] <jgraham> Sounds like Adam Nad Joe
# [15:11] <jgraham> *And
# [15:12] <MikeSmith> http://www.xtranormal.com/
# [15:12] <MikeSmith> you can choose characters
# [15:12] <MikeSmith> of you're gonna choose the bears
# [15:12] <MikeSmith> I don't know why they even bother to give other choices
# [15:13] <MikeSmith> the bears are all that's needed
# [15:13] * Joins: rubys (~rubys@cpe-098-027-059-221.nc.res.rr.com)
# [15:13] * jgraham was thinking more of http://www.youtube.com/watch?v=O89IEks9VPo
# [15:13] <rubys> jgraham: any update on anolis?
# [15:14] <MikeSmith> http://nosql.mypopescu.com/post/1016320617/mongodb-is-web-scale
# [15:14] <jgraham> rubys: Not really. I didn;t have any time last night. Hopefully tonight I can test my changes and push them live
# [15:14] <rubys> thanks!
# [15:14] <kbrosnan> red: userChrome.css possibly
# [15:14] <kbrosnan> er
# [15:17] * Joins: BlurstOfTimes (~blurstoft@168.203.117.112)
# [15:19] * Joins: kennyluck (~kennyluck@EM111-188-107-247.pool.e-mobile.ne.jp)
# [15:20] * Joins: davidwalsh (~davidwals@75-134-27-91.dhcp.mdsn.wi.charter.com)
# [15:22] * Joins: oal (~oal@5.79-160-122.customer.lyse.net)
# [15:29] * Joins: chronos (~quassel@unaffiliated/chronos)
# [15:35] * Quits: Ankheg (~Miranda@fs91-201-3-30.dubna-net.ru) (Quit: Ankheg)
# [15:42] * Quits: davidwalsh (~davidwals@75-134-27-91.dhcp.mdsn.wi.charter.com) (Quit: Reading http://davidwalsh.name)
# [15:45] * Joins: cardona507 (~cardona50@c-67-180-160-250.hsd1.ca.comcast.net)
# [15:46] * Quits: cardona507 (~cardona50@c-67-180-160-250.hsd1.ca.comcast.net) (Client Quit)
# [15:50] * Joins: dbaron (~dbaron@c-98-234-51-190.hsd1.ca.comcast.net)
# [15:51] * Joins: homata_ (~homata@h219-110-13-055.catv02.itscom.jp)
# [15:52] * Joins: ttepasse (~ttepasse@ip-109-90-160-217.unitymediagroup.de)
# [15:52] * Joins: matjas (~matjas@ip-213-49-115-64.dsl.scarlet.be)
# [15:52] * Quits: paul_irish (~paul_iris@77.241.105.164) (Remote host closed the connection)
# [15:53] * Joins: paul_irish (~paul_iris@77.241.105.164)
# [15:56] * Joins: pauld (~chatzilla@194.102.13.2)
# [16:07] * Joins: miketaylr (~miketaylr@38.117.156.163)
# [16:08] * Joins: nimbupani (~nimbupani@c-24-22-131-46.hsd1.wa.comcast.net)
# [16:12] * Joins: FireFly (~firefly@unaffiliated/firefly)
# [16:13] * Joins: knowtheory (~knowtheor@cpe-71-79-238-195.columbus.res.rr.com)
# [16:13] * Parts: knowtheory (~knowtheor@cpe-71-79-238-195.columbus.res.rr.com)
# [16:19] * Quits: reni_ (~reni@sedkit.inf.u-szeged.hu) (Quit: Leaving)
# [16:20] * Quits: micheil (~micheil@124-170-69-59.dyn.iinet.net.au) (Ping timeout: 272 seconds)
# [16:26] * Parts: rubys (~rubys@cpe-098-027-059-221.nc.res.rr.com)
# [16:30] * Quits: maikmerten (~merten@dhcp-11-239.it.uu.se) (Remote host closed the connection)
# [16:41] * Quits: Martijnc (~Martijnc@91.176.4.129) (Read error: Connection reset by peer)
# [16:48] * Joins: Martijnc (~Martijnc@91.176.4.189)
# [16:49] * Quits: mhausenblas (~mhausenbl@wg1-nat.fwgal01.deri.ie) (Quit: brb)
# [16:50] <hsivonen> http://hsivonen.iki.fi/test/moz/move-during-parse-parent.html
# [16:51] <hsivonen> (crashes Chrome content process during reload)
# [16:51] * Quits: mat_t (~mattomasz@91.189.88.12) (Quit: Leaving)
# [16:52] <hsivonen> interestingly, IE9 has been modified from IE8 to specifically support this crazy case
# [16:52] <hsivonen> also, the HTML5 parser in Firefox 4 gets CSS frame construction right
# [16:53] <hsivonen> the old parser moves the node into parent but doesn't let the CSS frame constructor know that they are there
# [16:53] <jgraham> hsivonen: Nice test
# [16:54] <jgraham> BTW it is theoretically possible to make tests like this (modulo the iframe but; but that could be worked around of course)
# [16:54] <jgraham> html5lib tests
# [16:54] <jgraham> no use to html5lib but maybe a convenient format and a good way for browser vendors to share
# [16:55] <hsivonen> I expect Gecko to get things wrong once I add an external script and a style sheet that blocks scripts
# [16:55] <jgraham> convenient in the sense that you already have all the machinary for specifying what the output DOM should look like
# [16:55] * Joins: mat_t (~mattomasz@91.189.88.12)
# [16:55] * Quits: peol (~peol@unaffiliated/peol) (Quit: Leaving)
# [16:57] * Joins: JonathanNeal (~Jonathan_@99-59-124-67.lightspeed.irvnca.sbcglobal.net)
# [17:00] <zcorpan_> jgraham: you could make the iframe src a data url, although then it's no longer convenient of course
# [17:01] <jgraham> zcorpan_: Yeah, and you have to teach the comparison code to walk the contentDocument of the iframe
# [17:01] <jgraham> So the case with <iframe>s is quite hard
# [17:01] <zcorpan_> if you care about the dom of the nested document yeah
# [17:01] <hsivonen> as predicted, Gecko fails: both old and new: http://hsivonen.iki.fi/test/moz/move-during-parse-parent2.html
# [17:02] <jgraham> The case with scripts modifying the dom and no iframe is quite easy
# [17:02] <hsivonen> Chromium crashes (content process)
# [17:02] <hsivonen> as does Chrome
# [17:02] * Joins: romeo_ (~romeo__@x1-6-00-02-44-60-6c-8e.k479.webspeed.dk)
# [17:02] <zcorpan_> wonder what ie9 does in xhtml
# [17:02] <hsivonen> Opera works the same
# [17:03] <hsivonen> IE9 doesn't run the alert
# [17:03] <jgraham> Chromium doesn't crash for me
# [17:03] <jgraham> Could be a differnet verion of course
# [17:03] <jgraham> *different
# [17:03] <hsivonen> jgraham: I have Linux 64-bit from yesterday or the day before
# [17:03] <hsivonen> and 64-bit beta channel Chrome
# [17:03] <hsivonen> on Linux
# [17:04] <zcorpan_> crashes for me on reload on mac
# [17:04] <zcorpan_> dev channel
# [17:04] <jgraham> Oh on reload
# [17:04] <espadrine> latest opera doesn't crash, does it?
# [17:04] <jgraham> I though you meant this case crashed on initial load
# [17:04] <zcorpan_> espadrine: no
# [17:04] <hsivonen> espadrine: nope. I meant Opera runs test 2 the same as the first test
# [17:04] <jgraham> Opera doesn't crash for me
# [17:05] * Quits: JonathanNeal (~Jonathan_@99-59-124-67.lightspeed.irvnca.sbcglobal.net) (Ping timeout: 240 seconds)
# [17:05] <espadrine> Indeed
# [17:05] * Quits: Maurice (~ano@a80-101-46-164.adsl.xs4all.nl) (Quit: Disconnected...)
# [17:05] <hsivonen> I'm calling it a day and will fix Gecko tomorrow
# [17:05] <hsivonen> should be easy enough for external scripts
# [17:06] <hsivonen> and a bit more annoying for style sheets blocking scripts
# [17:07] <hsivonen> the spec should probably say what style sheets that block scripts block when the <link> moves between documents between insertion and the completion of the style sheet load
# [17:11] * Joins: espadrine_ (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [17:11] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Read error: Connection reset by peer)
# [17:11] * espadrine_ is now known as espadrine
# [17:12] * Joins: maikmerten (~merten@m83-185-21-42.cust.tele2.se)
# [17:15] * Quits: rimantas (~rimliu@lan-84-240-20-219.vln.skynet.lt) (Quit: Leaving)
# [17:19] * Joins: shepazu (~schepers@eduroam-0-104.enst.fr)
# [17:19] * Quits: matjas (~matjas@ip-213-49-115-64.dsl.scarlet.be) (Quit: Computer has gone to sleep.)
# [17:21] * Joins: micheil (~micheil@124-168-141-29.dyn.iinet.net.au)
# [17:23] * Quits: henrikbjorn (~henrik@80.199.116.190.static.peytz.dk) (Ping timeout: 265 seconds)
# [17:28] * Joins: cying (~cying@c-24-4-120-70.hsd1.ca.comcast.net)
# [17:28] <zcorpan_> hsivonen: afaict the spec doesn't ban utf-16le, it just requires the encoding to be specified in content-type
# [17:31] <zcorpan_> Hixie: please please please remove the :target styling or at least remove the yellow shadow
# [17:32] <espadrine> Some browsers deal with it better than others
# [17:32] <espadrine> Firefox goes fine
# [17:32] <zcorpan_> my problem is that it distracts me from reading the text
# [17:32] <zcorpan_> not a browser problem
# [17:32] <espadrine> ^^
# [17:33] <zcorpan_> well i guess if i was using a browser without shadow support then it wouldn't be a problem
# [17:35] * Quits: ZombieLoffe (~e@unaffiliated/zombieloffe)
# [17:38] * Quits: shepazu (~schepers@eduroam-0-104.enst.fr) (Quit: shepazu)
# [17:41] * Quits: davidhund (~davidhund@78-27-27-74.dsl.alice.nl) (Quit: …</work><life>… :-))
# [17:41] * Joins: mhausenblas (~mhausenbl@wlan-nat.fwgal01.deri.ie)
# [17:45] * Quits: jschuh (d8ef2d04@gateway/web/freenode/ip.216.239.45.4) (Quit: Page closed)
# [17:48] * Joins: peol (~andree@unaffiliated/peol)
# [17:50] * Quits: zalan (~zalan@catv-89-135-140-7.catv.broadband.hu)
# [17:53] * Quits: mat_t (~mattomasz@91.189.88.12) (Ping timeout: 265 seconds)
# [17:55] * Quits: mhausenblas (~mhausenbl@wlan-nat.fwgal01.deri.ie) (Quit: brb)
# [17:55] * Quits: nimbupani (~nimbupani@c-24-22-131-46.hsd1.wa.comcast.net) (Quit: nimbupani)
# [17:57] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Ping timeout: 245 seconds)
# [17:58] * Joins: mat_t (~mattomasz@91.189.88.12)
# [18:02] * Joins: rubys (~rubys@cpe-098-027-059-221.nc.res.rr.com)
# [18:02] * Joins: JonathanNeal (~Jonathan_@rrcs-76-79-114-212.west.biz.rr.com)
# [18:03] * Quits: zdenekkostal (~Miranda@ip-89-102-182-215.net.upcbroadband.cz) (Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org)
# [18:06] * Quits: dbaron (~dbaron@c-98-234-51-190.hsd1.ca.comcast.net) (Quit: 8403864 bytes have been tenured, next gc will be global.)
# [18:09] * Joins: Rik_ (~Rik@mozilla-paris-222-194.cnt.nerim.net)
# [18:09] * Joins: othermaciej (~mjs@c-69-181-196-33.hsd1.ca.comcast.net)
# [18:09] * Rik_ is now known as Rik`
# [18:11] * Joins: svl (~me@ip565744a7.direct-adsl.nl)
# [18:12] * Quits: JonathanNeal (~Jonathan_@rrcs-76-79-114-212.west.biz.rr.com) (Read error: Connection reset by peer)
# [18:13] <tabatkins> llrcombs: Did you ever figure out your <select multiple> issue? The query string should be consistent across all browsers (test=1&test=2). PHP will normally only let you at the last value, since previous values get overwritten. The solution is to set your @name to have a [] at the end - then the PHP variable will be an array of all the values.
# [18:14] <variable> which leads to some fascinating security issues if you don't expect an array btw ;)
# [18:17] <mike][inq> *security* issues?
# [18:18] * Joins: Maurice (copyman@5ED573FA.cable.ziggo.nl)
# [18:18] * Quits: cying (~cying@c-24-4-120-70.hsd1.ca.comcast.net) (Quit: cying)
# [18:19] <variable> mike][inq, if in PHP you attempt to read variable that you thought was a scalar but really was an array - you can get into some nasty issues
# [18:19] <variable> espically if you use splicing to operating on "one" character at a time
# [18:19] * Quits: JoePeck (~JoePeck@c-76-102-33-198.hsd1.ca.comcast.net) (Quit: -)
# [18:20] <variable> $_GET["foo"][0]; // I thought this was a string and I was getting the first character but I'm really getting an array
# [18:20] <mike][inq> so you should probably validate your input
# [18:21] <mike][inq> doesn't sound like a security issue, though
# [18:21] <variable> mike][inq, can lead to - doesn't mean it always is one
# [18:21] <variable> mike][inq, I've seen one issue where someone validated their input by going through each character and checking to make sure it was an allowed character at that point.... but it failed when passed an array
# [18:24] * Quits: KaOSoFt (~maxzagato@unaffiliated/kaosoft)
# [18:27] * Joins: KaOSoFt (~maxzagato@190.24.156.162)
# [18:27] * Quits: KaOSoFt (~maxzagato@190.24.156.162) (Changing host)
# [18:27] * Joins: KaOSoFt (~maxzagato@unaffiliated/kaosoft)
# [18:28] * Joins: ap (~ap@17.246.19.253)
# [18:29] * Joins: dbaron (~dbaron@nat/mozilla/x-gzpqmjukpysoturu)
# [18:33] * Quits: Phae (~Phae@chimera.macmillan.com) (Quit: Leaving.)
# [18:36] * Quits: pauld (~chatzilla@194.102.13.2) (Remote host closed the connection)
# [18:38] * Quits: mihaip (~mihaip@nat/google/x-dvzfeyrwlqnynsss) (Quit: mihaip)
# [18:38] * Quits: homata_ (~homata@h219-110-13-055.catv02.itscom.jp) (Quit: Leaving...)
# [18:38] * Quits: akamike (~akamike@94-193-106-14.zone7.bethere.co.uk) (Quit: akamike)
# [18:39] * Joins: aroben (~aroben@unaffiliated/aroben)
# [18:39] * Joins: nessy (~Adium@124-169-0-56.dyn.iinet.net.au)
# [18:39] * Joins: cardona507 (~cardona50@c-67-180-160-250.hsd1.ca.comcast.net)
# [18:47] * Joins: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [18:50] * Joins: aroben_ (~aroben@unaffiliated/aroben)
# [18:52] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Ping timeout: 276 seconds)
# [18:52] * Quits: aroben (~aroben@unaffiliated/aroben) (Ping timeout: 240 seconds)
# [18:57] * Quits: paul_irish (~paul_iris@77.241.105.164) (Remote host closed the connection)
# [18:58] * Quits: Necrathex (~bleptop@212-123-163-12.ip.telfort.nl) (Quit: Necrathex)
# [18:59] * Quits: nessy (~Adium@124-169-0-56.dyn.iinet.net.au) (Quit: Leaving.)
# [19:00] * Quits: Lachy (~Lachlan@pat-tdc.opera.com) (Quit: This computer has gone to sleep)
# [19:03] * Quits: ap (~ap@17.246.19.253) (Quit: ap)
# [19:09] * Joins: dave_levin (~dave_levi@nat/google/x-rpngnztfgflkdgzc)
# [19:10] * Quits: mat_t (~mattomasz@91.189.88.12) (Quit: This computer has gone to sleep)
# [19:13] * Joins: Lachy (~Lachlan@cm-84.215.59.50.getinternet.no)
# [19:18] * Joins: Henrik`G (~henrik@c83-249-72-254.bredband.comhem.se)
# [19:18] * Quits: workmad3 (~workmad3@cspool86.cs.man.ac.uk) (Remote host closed the connection)
# [19:19] * Quits: Lachy (~Lachlan@cm-84.215.59.50.getinternet.no) (Quit: Leaving)
# [19:19] * Joins: Lachy (~Lachlan@cm-84.215.59.50.getinternet.no)
# [19:20] * Quits: zcorpan_ (~zcorpan@c-ec9fe355.410-6-64736c14.cust.bredbandsbolaget.se) (Quit: zcorpan_)
# [19:21] * Quits: onar (~onar@2620:0:1b00:16f2:21f:5bff:fe3e:944) (Quit: onar)
# [19:30] * Joins: nessy (~Adium@124-169-0-56.dyn.iinet.net.au)
# [19:36] * Joins: cying (~cying@173-228-29-224.dsl.static.sonic.net)
# [19:36] * Joins: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [19:39] * Joins: JoePeck (~JoePeck@2620:0:1b00:1f08:fa1e:dfff:fed9:b9a)
# [19:41] * Joins: mihaip (~mihaip@nat/google/x-nzeqdpguefueatkp)
# [19:44] * Joins: paul_irish (~paul_iris@77.241.105.164)
# [19:52] * Joins: seanoshea (~seanoshea@nat217.eye.fi)
# [19:53] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Ping timeout: 255 seconds)
# [19:53] * Joins: MikeSmithX (~MikeSmith@EM114-48-0-238.pool.e-mobile.ne.jp)
# [19:57] * Joins: nimbupani (~nimbupani@c-24-22-131-46.hsd1.wa.comcast.net)
# [19:57] * Quits: MikeSmith (~MikeSmith@EM111-188-25-215.pool.e-mobile.ne.jp) (Ping timeout: 276 seconds)
# [19:58] * Joins: annevk (~annevk@host86-184-97-104.range86-184.btcentralplus.com)
# [20:02] * Quits: JoePeck (~JoePeck@2620:0:1b00:1f08:fa1e:dfff:fed9:b9a) (Quit: -)
# [20:06] <annevk> defined CharacterData methods
# [20:06] <annevk> what a bunch of useless methods by the way
# [20:06] <annevk> make no sense at all in ECMAScript context
# [20:08] * Quits: nessy (~Adium@124-169-0-56.dyn.iinet.net.au) (Quit: Leaving.)
# [20:13] * Quits: Henrik`G (~henrik@c83-249-72-254.bredband.comhem.se) (Ping timeout: 253 seconds)
# [20:15] <Ms2ger> Yay Acid3
# [20:15] <smaug____> annevk: defined where? and why do they not make sense in ECMAScript context? (just wondering :) )
# [20:16] <smaug____> Ms2ger: ?
# [20:17] * smaug____ is just fixing an ACID 3 bug
# [20:17] * smaug____ hopes that ACID 3 would tests things only the way they are defined in the specs :p
# [20:18] * Quits: gavin_ (~gavin@firefox/developer/gavin) (Disconnected by services)
# [20:18] * Joins: gavin__ (~gavin@CPE001346f5db49-CM0018c0db9a8a.cpe.net.cable.rogers.com)
# [20:19] <annevk> smaug____, http://bitbucket.org/ms2ger/web-dom-core/
# [20:19] <annevk> smaug____, insertData, replaceData, etc. are all not needed and seem kind of pointless if you have immutable strings
# [20:20] <smaug____> annevk: but if you just want to change textnode without replacing them...
# [20:20] <smaug____> textnodes
# [20:20] <annevk> you can just assign data, no?
# [20:21] <annevk> I suppose implementations can have some special kind of string for text nodes that is mutable...
# [20:21] <smaug____> implementations could optimize things...
# [20:22] <smaug____> like not re-generate all the lines
# [20:22] <smaug____> only the ones which changed
# [20:22] <annevk> sure
# [20:22] <annevk> they could also do that if the entire string changed
# [20:22] * Quits: hdhoang (~hdhoang@hdhoang.zahe.me) (Quit: Leaving.)
# [20:22] <smaug____> sure
# [20:22] <annevk> but is that what Mozilla does?
# [20:22] <annevk> it has special optimizations for these methods that nobody uses?
# [20:23] <smaug____> it has some optimizations
# [20:23] <smaug____> apparently
# [20:23] <smaug____> just looking at the code
# [20:24] <smaug____> it does search for the first rendering object which needs to be changed
# [20:24] <smaug____> hmm
# [20:24] <annevk> o_O
# [20:25] <annevk> I have to go now, but if you're interested in helping out writing tests for the Web DOM Core project let me know
# [20:25] <annevk> I'll email public-webapps when I have some more time to write the whole idea down
# [20:25] <smaug____> I mean it doesn't remove and recreate all the objects related to text layout
# [20:26] * Quits: annevk (~annevk@host86-184-97-104.range86-184.btcentralplus.com) (Quit: annevk)
# [20:27] * Parts: rubys (~rubys@cpe-098-027-059-221.nc.res.rr.com)
# [20:29] * Quits: MikeSmithX (~MikeSmith@EM114-48-0-238.pool.e-mobile.ne.jp) (Quit: The curfew tolls the knell of parting day... the plowman homeward plods his weary way)
# [20:30] * Joins: jlebar (~jlebar@nat/mozilla/x-huosfplvffqjqwsm)
# [20:31] * Joins: henrikbjorn (~henrik@c83-249-72-254.bredband.comhem.se)
# [20:34] * Joins: Phae (~Phae@chimera.macmillan.com)
# [20:36] * Quits: henrikbjorn (~henrik@c83-249-72-254.bredband.comhem.se) (Remote host closed the connection)
# [20:38] * Quits: jeremyselier (~Jeremy@pro75-4-82-238-200-10.fbx.proxad.net) (Quit: jeremyselier)
# [20:39] * Joins: sicking (~chatzilla@nat/mozilla/x-kywebqsjwvfndlce)
# [20:55] * Joins: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [20:56] * Joins: ap (~ap@17.246.19.253)
# [20:58] * Quits: bblfish (~bblfish@wlan-nat.fwgal01.deri.ie) (Quit: Leaving.)
# [20:58] * Joins: bblfish (~bblfish@wlan-nat.fwgal01.deri.ie)
# [20:58] * Quits: bblfish (~bblfish@wlan-nat.fwgal01.deri.ie) (Client Quit)
# [21:01] * Joins: henrikbjorn (~henrik@c83-249-72-254.bredband.comhem.se)
# [21:05] * Quits: othermaciej (~mjs@c-69-181-196-33.hsd1.ca.comcast.net) (Quit: othermaciej)
# [21:13] * Quits: Rik` (~Rik@mozilla-paris-222-194.cnt.nerim.net) (Remote host closed the connection)
# [21:17] * Joins: kennyluck_ (~kennyluck@EM111-188-35-144.pool.e-mobile.ne.jp)
# [21:18] * Joins: Steve^ (~steve@cpc2-hari1-0-0-cust1111.hari.cable.virginmedia.com)
# [21:21] * Quits: kennyluck (~kennyluck@EM111-188-107-247.pool.e-mobile.ne.jp) (Ping timeout: 265 seconds)
# [21:21] * kennyluck_ is now known as kennyluck
# [21:22] <Hixie> zcwhat? the :target styling is awesome! makes it really easy to tell what you're supposed to look at!
# [21:22] <Hixie> er, that was supposed to be "zcorpan: what?" but zcorpan is gone
# [21:22] <Hixie> oh well
# [21:27] * Joins: workmad3 (~workmad3@cpc3-bagu10-0-0-cust651.1-3.cable.virginmedia.com)
# [21:28] * Joins: espadrine_ (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr)
# [21:28] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Read error: Connection reset by peer)
# [21:28] * espadrine_ is now known as espadrine
# [21:28] * Joins: jacobolus (~jacobolus@wrls-249-211-145.wrls-client.fas.harvard.edu)
# [21:32] * Quits: ukai (~ukai@nat/google/x-fbugtudrdysntokf) (Ping timeout: 276 seconds)
# [21:36] * Joins: ukai (~ukai@nat/google/x-fbeiwukpypnopkrz)
# [21:40] * Joins: riven (~riven@53518387.cable.casema.nl)
# [21:40] * Quits: Ms2ger (~Ms2ger@91.181.39.131) (Quit: nn)
# [21:43] * Joins: JohnnyAmerica (~Simon@213-64-113-37-no97.tbcn.telia.com)
# [21:44] * Quits: JohnnyAmerica (~Simon@213-64-113-37-no97.tbcn.telia.com) (Client Quit)
# [21:44] * Joins: JohnnyAmerica (~Simon@213-64-113-37-no97.tbcn.telia.com)
# [21:46] * Joins: jwm_ (jwm@74.208.185.36)
# [21:46] * Joins: othree_ (~othree@admin39.ct.ntust.edu.tw)
# [21:47] <AryehGregor> Why do people use the term "regrets" to mean "could not attend"?
# [21:47] <AryehGregor> It vaguely annoys me.
# [21:47] <AryehGregor> Seems like unnecessary jargon.
# [21:48] <gavin> they regret not being able to attend
# [21:49] * Quits: workmad3 (~workmad3@cpc3-bagu10-0-0-cust651.1-3.cable.virginmedia.com) (Remote host closed the connection)
# [21:49] * Quits: othree (~othree@140.118.5.39) (Remote host closed the connection)
# [21:50] * Quits: ciaran_lee (leecn@spoon.netsoc.tcd.ie) (Remote host closed the connection)
# [21:50] * Quits: jwm (jwm@74.208.185.36) (Remote host closed the connection)
# [21:51] * Joins: ciaran_lee (leecn@spoon.netsoc.tcd.ie)
# [21:55] * Quits: henrikbjorn (~henrik@c83-249-72-254.bredband.comhem.se) (Remote host closed the connection)
# [21:56] <AryehGregor> Well, I get the etymology.
# [21:57] <Philip`> What term do you suggest using instead?
# [21:58] <AryehGregor> In the case I was looking at, there was a list of "Attending" and "Regrets". I would have said "Attending" and "Not attending".
# [21:58] * AryehGregor can be picky about language, but guesses that's true of most programmers.
# [21:58] <AryehGregor> Another random gripe: why do the HTMLWG and CSSWG often have e-mail subject lines containing an issue number, without any summary of what the issue is about? Are we supposed to memorize all the issue numbers?
# [22:00] <Philip`> "Not attending" seems misleading, unless you want to put seven billion people in the list
# [22:00] <Philip`> You need something to express that someone would have attended but didn't
# [22:01] <Steve^> assuming you regret it
# [22:01] * Quits: seanoshea (~seanoshea@nat217.eye.fi) (Quit: seanoshea)
# [22:02] * Joins: MikeSmith (~MikeSmith@EM114-48-0-238.pool.e-mobile.ne.jp)
# [22:02] <AryehGregor> It's clear that the latter list only includes people whose non-attendance could not have been taken for granted a priori.
# [22:02] <AryehGregor> Steve^, you can be polite and say you regret it if you don't, I don't mind that part.
# [22:07] * Quits: cardona507 (~cardona50@c-67-180-160-250.hsd1.ca.comcast.net) (Quit: zzzzz)
# [22:08] * Quits: JohnnyAmerica (~Simon@213-64-113-37-no97.tbcn.telia.com) (Quit: leaving)
# [22:09] * Quits: maikmerten (~merten@m83-185-21-42.cust.tele2.se) (Remote host closed the connection)
# [22:10] * Quits: davidb_ (~davidb@mozca02.ca.mozilla.com) (Quit: davidb_)
# [22:11] * Quits: f1lt3r (~f1lt3r@64.119.159.231) (Read error: Operation timed out)
# [22:11] * Joins: aroben (~aroben@2620:0:1b00:1191:9584:aebe:2bf0:115)
# [22:11] * Quits: aroben (~aroben@2620:0:1b00:1191:9584:aebe:2bf0:115) (Changing host)
# [22:11] * Joins: aroben (~aroben@unaffiliated/aroben)
# [22:12] * Quits: aroben_ (~aroben@unaffiliated/aroben) (Ping timeout: 252 seconds)
# [22:13] * Joins: davidwalsh (~davidwals@75-134-27-91.dhcp.mdsn.wi.charter.com)
# [22:14] * Quits: boaz (~boaz@64.119.159.231) (Ping timeout: 272 seconds)
# [22:14] * Joins: boaz (~boaz@64.119.159.231)
# [22:15] * Joins: f1lt3r (~f1lt3r@64.119.159.231)
# [22:15] * Quits: boaz (~boaz@64.119.159.231) (Remote host closed the connection)
# [22:15] * Joins: boaz (~boaz@64.119.159.231)
# [22:16] <AryehGregor> "If the IANA registry were hard to use because its servers went down on a monthly basis due to being struck by meteors because a former IANA executive was the subject of a gypsy curse, it would still be hard to use, and we would want to look for alternatives."
# [22:16] <AryehGregor> I like colorful phrasing like that, don't you?
# [22:21] <Philip`> So if I understand you right, we should blame gypsies for the status of image/svg+xml?
# [22:22] <AryehGregor> That's one possible interpretation.
# [22:29] * Joins: bblfish (~bblfish@79.97.132.40)
# [22:31] * Quits: nimbupani (~nimbupani@c-24-22-131-46.hsd1.wa.comcast.net) (Quit: nimbupani)
# [22:34] * Quits: espadrine (~yannt@AMontsouris-157-1-88-225.w90-46.abo.wanadoo.fr) (Ping timeout: 240 seconds)
# [22:34] * Quits: roc (~roc@121.98.230.221) (Quit: roc)
# [22:37] * Quits: oal (~oal@5.79-160-122.customer.lyse.net) (Remote host closed the connection)
# [22:41] * Joins: espadrine (~yannt@AMontsouris-157-1-66-245.w90-46.abo.wanadoo.fr)
# [22:43] * Joins: seanoshea (~seanoshea@nat217.eye.fi)
# [22:45] * Quits: karlushi (~karlushi@fw.vdl2.ca) (Quit: This computer has gone to sleep)
# [22:48] * Joins: karlushi (~karlushi@fw.vdl2.ca)
# [22:49] * Quits: miketaylr (~miketaylr@38.117.156.163) (Remote host closed the connection)
# [22:50] * Quits: svl (~me@ip565744a7.direct-adsl.nl) (Quit: And back he spurred like a madman, shrieking a curse to the sky.)
# [22:50] * Quits: peol (~andree@unaffiliated/peol) (Remote host closed the connection)
# [22:50] * Joins: JoePeck (~JoePeck@17.244.13.222)
# [22:50] * Joins: wakaba_ (~wakaba_@134.157.197.113.dy.bbexcite.jp)
# [22:51] * Quits: karlushi (~karlushi@fw.vdl2.ca) (Client Quit)
# [22:53] * Quits: Steve^ (~steve@cpc2-hari1-0-0-cust1111.hari.cable.virginmedia.com) (Ping timeout: 265 seconds)
# [22:58] * Joins: GarethAdams|Home (~GarethAda@pdpc/supporter/active/GarethAdams)
# [22:59] * Quits: chronos (~quassel@unaffiliated/chronos) (Remote host closed the connection)
# [23:01] * Joins: wakaba_0 (~wakaba_@134.157.197.113.dy.bbexcite.jp)
# [23:02] * Joins: nimbupani (~nimbupani@c-24-22-131-46.hsd1.wa.comcast.net)
# [23:02] <jgraham> Hixie: The :target styling makes it look vaugely like someone vomited on the part of the page that you want to look at
# [23:03] <jgraham> Which is one way of drawing attention to it, but perhaps not the best one
# [23:05] * Quits: wakaba_ (~wakaba_@134.157.197.113.dy.bbexcite.jp) (Ping timeout: 265 seconds)
# [23:07] * Joins: BlurstOf_ (~blurstoft@75.150.78.69)
# [23:10] * Quits: BlurstOfTimes (~blurstoft@168.203.117.112) (Ping timeout: 276 seconds)
# [23:10] <AryehGregor> Yeah, target styling in the spec is really ugly.
# [23:12] <espadrine> Kind of like the blinking tag... flashy.
# [23:13] <espadrine> But I do like the idea of "knowing immediately where to look"
# [23:14] <espadrine> Maybe a black border 2px wide would be enough for that
# [23:19] * Joins: Steve^ (~steve@cpc2-hari1-0-0-cust1111.hari.cable.virginmedia.com)
# [23:22] <AryehGregor> It would possibly be less annoying if it were a solid color.
# [23:25] * Quits: Maurice (copyman@5ED573FA.cable.ziggo.nl)
# [23:30] * Joins: homata (~homata@h219-110-13-055.catv02.itscom.jp)
# [23:31] * Joins: BlurstOfTimes (~blurstoft@168.203.117.112)
# [23:33] * Quits: BlurstOf_ (~blurstoft@75.150.78.69) (Ping timeout: 255 seconds)
# [23:35] * Joins: BlurstOf_ (~blurstoft@75.150.78.69)
# [23:36] * Joins: BlurstO__ (~blurstoft@168.203.117.112)
# [23:37] * Quits: gratz|home (~gratz@cpc3-brig15-2-0-cust237.3-3.cable.virginmedia.com) (Ping timeout: 265 seconds)
# [23:38] * Joins: roc (~roc@203-97-204-82.dsl.clear.net.nz)
# [23:38] * Quits: BlurstOfTimes (~blurstoft@168.203.117.112) (Read error: Connection reset by peer)
# [23:39] * Joins: gratz|home (~gratz@cpc3-brig15-2-0-cust237.3-3.cable.virginmedia.com)
# [23:40] * Quits: BlurstOf_ (~blurstoft@75.150.78.69) (Ping timeout: 272 seconds)
# [23:45] <Hixie> jgraham: does it look different in opera or something? looks fine in chrome and firefox...
# [23:48] * Joins: boogyman (~boogy@unaffiliated/boogyman)
# [23:49] * Quits: homata (~homata@h219-110-13-055.catv02.itscom.jp) (Quit: Leaving...)
# [23:50] <AryehGregor> Hixie, by "fine" do you mean "an ugly yellow haze surrounding some part of the page for no obvious reason"?
# [23:50] <AryehGregor> (It took me quite a while to figure out it was :focus.)
# [23:51] <Hixie> i'm certainly open to better ideas, but i have to say i really like it
# [23:51] <Hixie> it's like a spotlight
# [23:51] <Hixie> it's been massively helpful for me
# [23:51] <AryehGregor> I'd go with a paler color and ditch the blur.
# [23:52] * AryehGregor experiments
# [23:52] <AryehGregor> Ditch the text-shadow for sure.
# [23:53] <espadrine> black 2px border, maybe?
# [23:53] <AryehGregor> I think it would look much better if you got rid of the text-shadow, and either got rid of or massively toned down the box-shadow.
# [23:53] <AryehGregor> I think a border would interfere.
# [23:53] * Quits: FireFly (~firefly@unaffiliated/firefly) (Quit: swatted to death)
# [23:53] * Joins: nessy (~Adium@124-169-0-56.dyn.iinet.net.au)
# [23:54] <espadrine> Maybe a yellow background-color is enough
# [23:54] <AryehGregor> That's my vote, yeah.
# [23:54] <AryehGregor> Just change the background.
# [23:54] * AryehGregor is looking at that right now, much better
# [23:54] <AryehGregor> The text-shadow is particularly hideous.
# [23:54] <Hixie> how are you even seeing the text-shadow
# [23:54] <Hixie> i only used that to make the colours work better
# [23:55] <AryehGregor> It looks like an ugly blur around all the text.
# [23:55] <AryehGregor> It looks way crisper if I ditch it.
# [23:55] * Joins: homata (~homata@h219-110-13-055.catv02.itscom.jp)
# [23:55] <AryehGregor> Also, the shadow doesn't match the color of the background. Shadow is yellow, background is #FFA.
# [23:55] * Joins: jrgarrison (~garrison@wikiotics/jrgarrison)
# [23:55] <AryehGregor> There's a clear boundary between them.
# [23:55] <AryehGregor> I vote we enlist an actual designer.
# [23:55] <jgraham> Also, the yellow and green are a bit much
# [23:55] * AryehGregor lassos tabatkins
# [23:56] <AryehGregor> What green? Should I be thankful I'm not seeing any green?
# [23:56] <jgraham> Dude he is like a cowboy
# [23:56] <jgraham> The green of the rest of the page
# [23:56] <AryehGregor> Oh.
# [23:56] * jgraham assumes all people from Texas are naturally born cowboy even if they have never left the city
# [23:56] <AryehGregor> The rest of the page is mostly black on white, so I think it's okay.
# [23:57] * AryehGregor agrees with jgraham
# [23:57] * AryehGregor always treats his friends from Kansas like that, even though they're from Kansas City, which has a population >1 million
# [23:57] <cheeser> that's a big farm...
# [23:58] <AryehGregor> (To be fair to me, they do have broken cars sitting on their untrimmed lawn all the time, plus an unhealthy interest in firearms and explosives, and other distinguishing features of rubes.)
# [23:59] * Joins: othermaciej (~mjs@c-69-181-196-33.hsd1.ca.comcast.net)
# Session Close: Fri Sep 03 00:00:00 2010

The end :)