| 00:01 | <TabAtkins> | Me too, given that an iframe pointint to a C-D resource can be script-inserted. |
| 00:02 | <fishd> | this is reference to https://bugs.webkit.org/show_bug.cgi?id=64580#c51 |
| 00:02 | <fishd> | TabAtkins: exactly |
| 00:03 | <jamesr> | sephr: floating point random numbers are really hard |
| 00:03 | <jamesr> | for one, the range isn't uniform the way developers will typically expect |
| 00:03 | <sephr> | so is randomizing the bytes not sufficiently cryptographically random? |
| 00:03 | <jamesr> | it doesn't have the distribution that people will normally expect |
| 00:04 | <jamesr> | frex random values in the range [0, 1) will be biased since the epsilon between representable values is non-uniform on that range |
| 00:04 | <sephr> | I understand that the distrobution may confuse some, but specifically excluding floats doesn't really help for people who honestly want random floats |
| 00:04 | <sephr> | ok thanks |
| 00:05 | <jamesr> | well when do you want cryptographically random floats? |
| 00:05 | <jamesr> | i don't know of any cryptographic routines that use floating point input values like this |
| 00:05 | <sephr> | I don't; I was just wondering |
| 00:05 | <sephr> | lol ok :p |
| 00:05 | <sephr> | thanks for the explanation |
| 00:05 | <jamesr> | not claiming that i know a lot of crypto stuff |
| 00:05 | <jamesr> | but i think it'll bite people who want secure numbers |
| 00:06 | <sephr> | btw, Hixie: on the whole text/html-sandboxed thing being insufficient: a "sandbox" directive was added to CSP |
| 00:06 | <sephr> | so you may or may not want to just remove the text/html-sandboxed registration |
| 00:06 | <sephr> | http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#sandbox |
| 00:16 | <zewt> | including floats doesn't help people who honestly want random floats :) |
| 00:16 | <jamesr> | did you mean excluding? |
| 00:16 | <zewt> | no, including |
| 00:17 | <zewt> | he said excluding doesn't help; i say including doesn't help either |
| 00:19 | <sephr> | zewt: whar about plain arraybuffers btw? |
| 00:20 | <sephr> | surely there are times when you want a binary blob and you don't care about it being indexed into a uint8array |
| 00:20 | <jamesr> | you should only use the crypto API when you care about cryptographic properties of the values |
| 00:23 | <sephr> | jacobolus: think truecrypt's hidden volume impl |
| 00:23 | <jacobolus> | jamesr: ↑ ? |
| 00:23 | <sephr> | just writing a random blob, not actually using the values in a computation |
| 00:24 | <zewt> | that's using the data at an array of 8-bit ints |
| 00:24 | <sephr> | yeah but the file api doesn't take 8 bit int arrays |
| 00:25 | <sephr> | it takes arraybuffers |
| 00:25 | <sephr> | I get that getting .buffer is easy enough |
| 00:25 | <zewt> | which you can create an 8-bit int view for to create the data--the underlying algorithm is using an array of 8-bit ints |
| 00:26 | <zewt> | there's always a data type associated with data, for any algorithm |
| 00:26 | <sephr> | well most likely |
| 00:26 | <sephr> | might be a 7bit filesys though |
| 00:26 | <sephr> | even though it surely isn't |
| 00:27 | <sephr> | anyways I get you so ok end of discussion |
| 00:30 | <zewt> | that's not exactly how discussions work :) |
| 01:28 | <TabAtkins> | heycam: How should I respond to issues in the SVG issue tracker? |
| 01:30 | <heycam> | TabAtkins, just send mail on www-svg and include the ISSUE-nnnn in the subject or body of the mail |
| 01:30 | <heycam> | subject is good, then repliers don't need to remember to reinclude it in the body |
| 01:30 | <heycam> | (so in fact I should have done that in my mail just now) |
| 01:31 | <heycam> | (anyway I put a link to the start of the stroke gradient thread in the initial text of the issue, so it doesn't matter too much of other mails in that thread don't get tagged correctly) |
| 01:33 | <TabAtkins> | heycam: ...huh. I'm apparently not subscribed to enough of the SVG lists. I didn't get any of this thread. |
| 01:33 | <heycam> | TabAtkins, you're not on www-svg? |
| 01:33 | <TabAtkins> | Apparently not. |
| 01:33 | <heycam> | huh |
| 01:33 | <TabAtkins> | Anyway, just subscribed. |
| 01:34 | <heycam> | so from now on we're trying to do technical discussion on that list rather than public-svg-wg, so it's easier for non-WG members to contribute |
| 01:34 | <TabAtkins> | Is public-svg-wg not a public list? |
| 01:34 | <TabAtkins> | Or is it just easier to suscribe to for some reason? |
| 01:35 | <heycam> | you can read public archives of it, but non WG members can't subscribe to it |
| 01:35 | <TabAtkins> | Ah, gotcha. That's silly. |
| 01:35 | <heycam> | yeah, it's a weird half way compared to other WGs |
| 02:47 | <Hixie> | anyone have any tests for this crazy filename* syntax the http guys are peddling? |
| 02:47 | <Hixie> | julian says everyone implements it |
| 02:49 | <TabAtkins> | Link? |
| 02:49 | <Hixie> | whatwg e-mail |
| 02:49 | <TabAtkins> | Oh, that encoding stuff? |
| 02:51 | <Hixie> | 6266 |
| 02:55 | <TabAtkins> | What is this number supposed to refer to? |
| 02:56 | <TabAtkins> | Do you mean RFC 2231/5987? |
| 03:54 | <Hixie> | TabAtkins: i meant RFC 6266 |
| 08:07 | <annevk> | Hixie, I think Julian made tests |
| 08:07 | <annevk> | Hixie, http://greenbytes.de/tech/tc2231/ |
| 10:10 | <nessy> | is anyone else enjoying the discussion at http://www.w3.org/Bugs/Public/show_bug.cgi?id=13333 ? :-) |
| 11:34 | <doublec> | that looks like a good bug to avoid reading |
| 11:35 | <Ms2ger> | annevk5, thanks |
| 14:54 | <Stevezau> | Using html5lib i keep getting this error " File "/usr/lib/pymodules/python2.7/html5lib/inputstream.py", line 50, in seek" " assert pos < self._bufferedBytes()" "AssertionError" |
| 14:54 | <Stevezau> | it's strange as it works on ubuntu 11.04 but not 11.10 |
| 14:55 | <Stevezau> | same code.. |
| 14:59 | <Stevezau> | any ideas? |
| 15:44 | <jgraham> | Stevezau: Got some sample input? |
| 15:45 | <jgraham> | I don't have 11.04 handy so I'm not quite sure how I will track it down. |
| 15:45 | jgraham | is actually trying to make some fixes to html5lib for the first time in a while |
| 15:52 | <smaug____> | AryehGregor: ping |
| 16:05 | <foolip> | hsivonen, I'm having trouble checking out the validator source because the w3.org DTDs are timing out, is it possible to skip those if I'm just interested in HTML5? |
| 16:19 | <Stevezau> | jgraham nevermind, i tracked it to urllib2 |
| 16:19 | <Stevezau> | issue with python 2.7.2 latest release |
| 16:36 | <jgraham> | Stevezau: OK |
| 16:44 | <jgraham> | So this sems like a spec bug, but maybe I am not thinking straight |
| 16:46 | <jgraham> | <html><table><math><mi>foo</mi> |
| 16:47 | <jgraham> | AFAICT the foo causes the treebuilder to go into the in table text insertion mode |
| 16:47 | <jgraham> | Which buffers the character tokens |
| 16:47 | <jgraham> | But the </mi> is processed in foreign content which doesn't flush the buffer |
| 16:48 | <jgraham> | so the foo ends up outside the <mi> |
| 16:48 | <jgraham> | Did I miss something? |
| 17:04 | <Jack9> | How do you apply a css class to a strokeRect? (not using the strokestyle, which can only be a css color,canvasgradient,canvaspattern) |
| 17:05 | <Ms2ger> | You don't |
| 17:07 | <Jack9> | is there a standard way to do animated strokeStyles other than looping through drawImage? |
| 19:33 | <foolip> | WTF? http://whattf.org/ |
| 19:46 | <Ms2ger> | Yes, WhatTF |
| 22:22 | <annevk> | adding domintro boxes sucks |
| 22:26 | <Hixie> | yes |
| 22:29 | <annevk> | a lot of it is just duplicate information phrased slightly differently |
| 22:29 | <annevk> | i added a few extra to DOM Core though and I guess I will try to complete it |
| 22:44 | <abarth> | Hixie: i think you enjoy trolling the RDFa folks too much |