freenode :: #whatwg

7 Sep 2017
00:04TimothyGutobie, annevk, Domenic: should I just apply
00:09TimothyGuand too
00:56GPHemsleywiki is once again open for business
00:56GPHemsleyfoolip, annevk, MikeSmith: ^
00:58MikeSmithGPHemsley: super
02:11DomenicTimothyGu: sorry we haven't had time for review; it's on my to-do
02:12TimothyGuno worries
04:22annevkGPHemsley: excellent!
05:57foolipGPHemsley: sweet, thank you!
08:27MikeSmithannevk: for same-origin requests, the XHR API provides no way to prevent credentials from being included, right?
08:29annevkMikeSmith: nope
08:29annevkor I suppose, you are right
08:34MikeSmithannevk: another question, why does the XHR spec use the term *user credentials* while the Fetch spec uses just *credentials*?
08:34MikeSmithdo those to mean the same thing?
08:34MikeSmith*those two
08:35annevkMikeSmith: yeah, XHR should probably just reference Fetch for that
08:35MikeSmithOK I can make a PR
08:36MikeSmithbut theres another difference:
08:36MikeSmithFetch says, are HTTP cookies, TLS client certificates, and authentication entries.
08:36MikeSmithFetch says, Credentials are HTTP cookies, TLS client certificates, and authentication entries.
08:37annevkNah, just different words
08:37MikeSmithwhile XHR says, The term user credentialsfor the purposes of this specification means cookies, HTTP authentication, and TLS client certificates.
08:37MikeSmithyeah well
08:37MikeSmithdifferent words are pretty important
08:37annevkAnd Fetch has the better words
08:37MikeSmithnot sure about that
08:38MikeSmithtechnically it does of course
08:38MikeSmithbut to a web-developer reader of the spec, maybe not
08:39annevkI guess we should mention HTTP authentication more explicitly somehow in but otherwise I think it's fine
08:39MikeSmithin particular, the specific mention of *HTTP authentication* in the XHR definition is more clear to web-developer readers
08:39MikeSmiththat is all I meant
08:39MikeSmithI will work on it, anyway
08:40MikeSmithif nothing else, will add a note
08:40MikeSmithin practice, notes mean as much to non-implementors as the normative statements do
08:41annevkmy main worry with notes is that I sometimes see implementors cite them as if they contain the truth
08:42MikeSmiththat is the downside
08:42MikeSmithand I strongly believe the specs should be optimized for implementors
08:43annevkbut fortunately that's easier to teach than not looking at forked variants that end up higher in search results
09:18tobieTimothyGu: today's a bank holiday, here.
11:03smaug____jgraham: where do w3c reftests live these days?
11:04jgrahamAlso testing/web-platform/tests/css in m-c
11:05jgrahamOr, therefore, rather
11:05smaug____hmm, I wonder if there are css tests for shadow dom
11:05smaug____I mean reftests
11:05jgrahamOh not sure, there could be but not under css probably
11:08smaug____kochi: perhaps you know
11:09jgrahamsmaug____: james@ginny:~/develop/web-platform-tests/shadow-dom$ rg -l 'rel=.(:?mis)?match' | wc -l
11:09kochiwhat kind of css tests for shadow dom?
11:10kochiI guess some are covered in csswg tests (now in wpt anyway)
11:12smaug____kochi: just some tests ensuring that if one uses shadow dom, the layout is still correct
11:13smaug____like comparing layout without use of shadow dom to some page with shadow dom
11:13kochihmm, the scope sounds too broad :)
11:13kochiah, in shadow-dom/ directory we have several reftests
11:13smaug____that is very broad sure
11:14smaug____ah, looking
11:15smaug____kochi: hmm, where
11:15kochiUsing Blink's layout test runner infrastructure, running reftests automatically compares generated PNGs so its automatic, but running it manually is tedious.
11:16smaug____oh, you mean in blink
11:16smaug____I was wondering if wpt has them too
11:16smaug____we do have some reftests in gecko too
11:17kochiI guess csswg tests are mostly reftests
11:18kochiyou can find '*-ref.html' in shadow-dom directory. I found 7 tests under shadow-dom/untriaged.
11:19kochismaug____: Blink imports wpt in its layout test subdirectory (external/wpt), and run them as a part of commit queue.
11:20kochiUnder "shadow-dom/untriaged" directory, we have several dozens of ancient tests.
11:20kochi(ancient = created in Shadow DOM V0 era, converted to use V1 API)
11:21kochithey test something, but their values are questionable, therefore needs triage...
11:26TimothyGutobie: oh ok, I'll wait then
11:31JakeAannevk: Any idea what is for? It isn't exported, and it doesn't really seem to be used
11:32JakeAannevk: seems like the use of it was removed in
11:53ondras503 Service Unavailable
11:53ondrasNo server is available to handle this request.
11:56* xfq MikeSmith ^
11:56xfqit works for me though
11:57ondrasright, works now
11:58ondraschecking which of these "scissor" symbols happens to be valid:
11:58ondrasapparently only the first one is okay
12:00annevkJakeA: oversight I suppose then
12:00JakeAannevk: cool, I&#39;ll remove it
12:39ondrasjgraham: I am not sure how exactly their 6-liner works
12:39ondrasjgraham: what exactly happens/changes when a key is pressed in an unrelated context?
12:41ondrashm, I may see now
12:42ondrasthey measure how many increments happened in every 5ms timeslot
13:52annevkzcorpan: hey while you&#39;re looking at data
13:52annevkzcorpan: for it would be interesting to know usage of charset + cross-origin URL
13:53annevkzcorpan: and usage of a utf-16 charset, including utf-16le and utf-16be
13:56zcorpanannevk: I find two utf-16s
13:56zcorpani&#39;ll comment in the issue
13:56annevkhmm, that&#39;s potentially bad news
14:01zcorpanI&#39;ll need to write a new query to get the src attribute and compare origins, but need to go. Can you remind me tomorrow?
16:22annevkI can
16:23annevkOne of those results was rather sad, suggesting that treating utf-16 as utf-8 would fail, but the upside is that it was same-origin, so maybe there&#39;s still hope cross-origin
19:32Domenicannevk: what is &quot;topic: javascript&quot; as opposed to &quot;topic: script&quot;? seems confusing
19:40annevkDomenic: javascript was meant for host integration stuff
19:40annevkscript for the script element
19:40DomenicI dunno that&#39;s a blurry line
19:40annevkguess I&#39;m okay with merging them
19:40DomenicLike all module stuff is host integration too
19:40DomenicOk cool
20:25TabAtkinsgsnedders or whoever: The WPT introduction page <> mentions how to work with the GH repo, *but doesn&#39;t actually link to the repo*.
20:26gsneddershah, a+++ me
20:26gsneddersTabAtkins: can you throw together a PR?
20:26TabAtkinsNo, because I can&#39;t find the GH repo.
20:26gsneddersTabAtkins: wpt/doc
20:27gsneddersTabAtkins: i.e., in the wpt repo
20:27TabAtkinsWhich, again, I cant&#39; find, because it&#39;s not in the docs.
20:27gsneddersthe docs are bad :(
20:27gsneddersI mean they&#39;re better than they were a year ago
20:27gsneddersbut that&#39;s not saying much
20:28TabAtkinsDanke. ^_^
20:28gsneddersI thought you could find a directory in the wpt repo :P
20:29TabAtkinsI can find a directory, yes. Couldn&#39;t find the repository.
20:29TabAtkinsThus my original complaint.
20:30TabAtkins(At some point I definitely could have just googled for it again, but you seemed to be purposely avoiding actually telling me where the repository was, and I wanted to see how far it would go.)
20:31gsnedders(until you realise I&#39;m just an idiot
20:31TabAtkinsCorrect. ^_^
20:32TabAtkinsYour trickery (telling me about a fake &quot;wpt/docs&quot; repo) was really confusing me for a while.
20:32* gsnedders goes back to trying to sort out an earlier screw up with more financial consequences
20:32gsnedders(financial consequences are the best consequences)
21:09cantomI have a few questions. I notice the URL object is not recommended to be used in APIs, rather string URLs should be passed. Is there a strong reason for this? If URL was made immutable it could&#39;ve saved us some reparsing between objects maybe?
21:28DomenicMikeSmith: seems to not be working, causing HTML build failures, hrm
21:36MikeSmithDomenic: thanks will check and get it fixed
21:38MikeSmithDomenic: working again now
21:39MikeSmithand Ill put some kind of watchdog in place so I get alerted when its down
21:39MikeSmithI think my `certbot renew` cron job is what caused it to go down
21:40MikeSmiththat cron job stops nginx before running `certbot renew` and then restarts it after
21:41MikeSmithI think I am &&ing the `certbot renew` and nginx restart
21:41MikeSmithwhich I guess I shouldnt be
21:42MikeSmith> 59 22 * * * sudo /etc/init.d/nginx stop > /dev/null && /opt/workspace/letsencrypt/letsencrypt-auto -q renew > /dev/null && sudo /etc/init.d/nginx start > /dev/null
21:42MikeSmiththats not so smart
21:43MikeSmithOK, fixed that
22:12MikeSmithyay the chair of the W3C Service Workers WG has now actually joined the group
22:25YuhongTabAtkins is not the only one here that has worked for Google.
22:36TabAtkinsFucking hell, now I&#39;m gonna have to talk to Legal. That jackass.
22:44TabAtkinsOn the plus side, comments are surprisingly good for HN.
22:45YuhongNotice the question I asked though.
22:45TabAtkinsThe one pretending this his conspiracy theory actually has some validity? Thanks for that.
22:46YuhongI was making an important point.
22:47Yuhong&quot;How often does random personal blog posts like this make it to the top in the first place &quot;
22:47TabAtkinsA lot? Especially when they&#39;re linked from the person&#39;s own blog?
22:48TabAtkinsAnd several other high-Page Rank news-ish sites linked to it at one point.
22:48TabAtkinsI&#39;m super surprised at the longevity actually. Go look at my damn site, there&#39;s no special juicing going on. I just have a normal blog.
22:49TabAtkinsBut for serious, he&#39;s a paranoid jerk with an axe to grind. Don&#39;t feed his delusions.
22:49YuhongYea, I just edited the comment to point that out too. This post is more than one year old.
22:49astearnsthis current go-around might promote it higher. It&#39;s on my first page of duck duck go results now.
22:50YuhongI don&#39;t see any other news article about it on the first page either.
22:50TabAtkinsYeah, every time he complains he cements it.
22:51YuhongOther than the GamerGate interview.
22:51YuhongWhich is also more than one year old too.
22:53YuhongAnd you are also talking about the blog article being in the third position of page one.
22:56TabAtkinsGo look at my fucking blog and find a lick of SEO (beyond &quot;write good markup, good content, and make it fast&quot;). Otherwise you&#39;re accusing me of having the power and access (and complete lack of morals) to juice Search results, our company&#39;s bread and butter, the thing that we firewall from employees *precisely to avoid the possibility of this kind of thing*.
22:57DomenicThis seems a bit off-topic; I&#39;d appreciate if you two had the chat in private conversation?
22:57DomenicYuhong, in particular, please don&#39;t use this channel as a way to just discuss other members of the channel
22:58YuhongDomenic also happens to work for Google though.
22:59astearnsI don&#39;t, and I&#39;d also like this off the channel
22:59DomenicYuhong, discussing personal characteristics of members and their employment for purposes of some flagged hackernews channel is not on topic in #whatwg. If you wish to discuss that, please do so in another channel.
23:00YuhongI have joined #google
23:12MikeSmithannevk: describes an interesting case with CDNs and Access-Control-Allow-Origin getting cached across origins
23:14MikeSmithjust getting server config alone done right for CORS seems to be pretty error-prone and problematic for a lot of developers. But from that I can see how much adding a CDN to the mix can further complicate it
23:15tantekit definitely feels like one of those &quot;fragile&quot; things where the slightest change breaks everything
23:16tantekCORS that is
23:17MikeSmithyeah theres multiple knobs to turn
23:18MikeSmithincluding the arcane need to deal with HTTP OPTIONS, for which I think the average web dev doesnt have a huge amount of prior knowledge
23:19tantekdoes anyone actually use HTTP OPTIONS for anything in the web stack or rather for what use-cases?
23:19MikeSmithso I guess I am one of the people who has never had need for it other than for CORS
23:20DomenicTabAtkins: is there a definition for &quot;valid CSS syntax&quot;?
23:21DomenicFor conformance requirements
23:21MikeSmithtantek: heh, quick search leads me to
23:22cantomFolks, where can I get an up-to-date list of WHATWG members? And the companies they represent?
23:22MikeSmith> To make OPTIONS work well, youd be forced to design your own caching model silly when HTTP already has one.
23:22* tantek checks his site code for how he supports CORS
23:22MikeSmiththat is what CORS does (special caching model for OPTIONS)
23:23tantekoops no sorry I meant CSP
23:23tantekyeah no explicit CORS support on my site yet. just CSP
23:24tantekyeah one line of PHP
23:24MikeSmithtantek: you can do CORS with one line too
23:24MikeSmithand yuck btw
23:25MikeSmithtantek: you should be using Python
23:25tanteklol no I can&#39;t do CASSIS with Python
23:26MikeSmithno idea what CASSIS is but if you cant do it in Python it cant be important :)
23:26MikeSmithanyway, time for you to leave 1999 behind and get on the Clue Train
23:26* MikeSmith looks
23:28MikeSmithcan you not do CASSIS with node?
23:28tantekruns on more servers / services than node
23:28MikeSmithwhich is almost as good a python, but with lots more collateral drama for free
23:28tantekmore webhosts = cheaper etc.
23:29MikeSmithOK, sold. Im switching :)
23:29tantekhey I run it on my site
23:29tantekyou can check which version directly:
23:29tantek(literally that file is executed by both my clientside pages in JS and backend in PHP)
23:30MikeSmithwhoah that code, my eyes my eyes
23:30Domeniccantom: the WHATWG is a community with no formal notion of membership. If you participate on GitHub or elsewhere, I&#39;ll be happy to consider you a member.
23:30tantekdidn&#39;t say it was pretty. just that it works. and I only have to write it once turn in both JS and PHP
23:30tanteks/turn in/to run it in
23:32MikeSmithtantek: sorry, you havent been on this channel much lately so I am mostly just trying to meet my quota for trolling you :)
23:36cantomDomenic: that&#39;s great, but I was hoping for some overview to see which browser-making companies are involved.
23:36Domeniccantom: oh, all of them participate
23:37tantekMikeSmith: all good. I&#39;m here a lot, just nearly completely lurking.
23:37cantomDomenic: let me put the question differently: who moderates, and who elects the moderators
23:38Domeniccantom: are you concerned with IRC, or elsewhere?
23:38tantekMikeSmith: your reaction is pretty tame actually, I&#39;ve had friends give me the weirdest looks (in person) after hearing of the concept/goals of cassis.js and then actually looking at the code. something between horrified and disgusted.
23:39YuhongI once argued about the idea of W3C using the WHATWG webdev edition as a base.
23:39YuhongRemember the 2022 prediction?
23:41Yuhongthe webdev edition would be a better fit.
23:43YuhongYea, it is a compromise, and I know that does a better job.
23:43cantomDomenic: nag the group itself
23:44Domeniccantom: each editor moderates their own spec.
23:49cantomDomenic: I see
23:50Yuhong&quot;One could imagine having multiple &quot;views&quot; of the spec, with newer features omitted from some.&quot;
23:50Yuhong&quot;In practice this isn&#39;t viable because when you add new features you often have to make pretty invasive changes to the core model, and so maintaining multiple branches becomes hellish.&quot;/
23:50YuhongWhy I suggested the web developer edition.
23:51cantomYuhong: as a web developer I&#39;d always go to the &quot;real&quot; spec because anything else is doomed to be out of date
23:52YuhongYes, but it is unlikely that what makes to the web developer spec snapshots will be particularly inaccurate.
23:52YuhongIt might not have some newer features of course.
23:53YuhongEspecially as the web developer spec lack things like implementation details.
23:54YuhongSo it is less complex and will likely change less often.
8 Sep 2017
No messages
Last message: 13 days and 18 hours ago