| 10:05 | <Ms2ger> | FTR, irc.w3.org only has SSL support for staff |
| 10:11 | <jgraham> | Was that apropos anything in particular? |
| 10:11 | <Ms2ger> | Backscroll |
| 10:12 | <jgraham> | Oh |
| 10:17 | <gsnedders> | Ms2ger: why is it staff only, if you know? |
| 10:17 | <Ms2ger> | I don't |
| 10:17 | <Ms2ger> | Perhaps MikeSmith does |
| 10:39 | <MikeSmith> | dunno but if I had to guess I'd guess for the same reason that freenode default is non-ssl |
| 10:39 | <MikeSmith> | like, so that people don't have to figure out how to configure their irc clients for ssl |
| 10:40 | <MikeSmith> | also there are some channels that are team-only so there needs to be some means to restrict access to those |
| 10:40 | <MikeSmith> | we used to do that by running on a different server that required an ssh tunnel to get to |
| 12:35 | <test_> | Hello everyone |
| 12:36 | <test_> | I have a question |
| 12:37 | <gsnedders> | test_: just ask |
| 12:38 | <test_> | I wanna start bug hunting into browsers |
| 12:38 | <gsnedders> | jgraham: we need to work out how to deal with serializer tests in html5lib-tests again, because they're pretty html5lib-python specific and expect specific sets of options to be available and to be the defaults |
| 12:38 | <test_> | but I dont know where to start |
| 12:39 | <gsnedders> | test_: do you want to test any specific thing, or just anywhere in browsers? do you want to target specific types of bugs (like, say, security ones)? |
| 12:40 | <test_> | I want to hunt vulnerabilities |
| 12:40 | <test_> | UAF or OF or etc |
| 12:42 | <test_> | I want to fuzz core of browsers |
| 12:42 | <gsnedders> | so it's worthwhile to note that browser vendors write fuzzers to test a lot quickly, and run fuzzers with things like AddressSanitizer to detect such classes of bugs |
| 12:42 | <test_> | mutation or vector or SMT solvers |
| 12:43 | <test_> | yess I know. But there is alot anyway |
| 12:46 | <gsnedders> | symbolic execution (which is the only place I've seen SMT solvers around fuzzers) is unlikely to find much directly (the search space is just too big); practically you need to find some area you think will be more likely to yield security bugs and write a decent fuzzer to fuzz around it |
| 12:49 | <test_> | smt solvers + taint gives us some helpfull informations |
| 12:49 | <test_> | it can be used in fuzzing somehow |
| 12:49 | <gsnedders> | for sure it can in principle, it's just not something I've seen done much :) |
| 12:50 | <test_> | but I dont know how to select some area to fuzz |
| 12:50 | <test_> | I mean which areas will be more vulnerable |
| 13:04 | <gsnedders> | test_: look at where bugs are found today; that's probably your best bet if you don't know the codebase yourself |
| 13:06 | <Ms2ger> | darobin_, Servo is always hiring ;) |
| 13:06 | <wilhelm> | Poking the network/protocol layer would be interesting. |
| 13:06 | <darobin_> | Ms2ger: do I need to know Rust already? |
| 13:06 | <Ms2ger_> | bah |
| 13:06 | <Ms2ger> | Why yes, I'm here |
| 13:06 | darobin | shouldn't try to do two things at once |
| 13:07 | <darobin> | Ms2ger: mmmmmm |
| 13:07 | <darobin> | that might actually be interesting |
| 13:07 | <darobin> | I'll think on it, thanks Ms2ger :) |
| 13:08 | <Ms2ger> | Np :) |
| 13:12 | <MikeSmith> | Ms2ger: I know PHP is Rust close to that |
| 13:15 | wilhelm | attaches a sphygmomanometer to Ms2ger.[C |
| 13:31 | <MikeSmith> | well I know WordPress too |
| 13:31 | MikeSmith | adds "multi-faceted developer" to his c.v., after "thought leader" |
| 15:27 | JonathanNeal | adds the many faceted things MikeSmith adds, following his lead. |
| 19:12 | <Hixie> | jorendorff: yt? |
| 19:13 | <jorendorff> | Hixie: yep. |
| 19:13 | <Hixie> | jorendorff: any chance you could update the js spec html version? |
| 19:13 | <Hixie> | allen put out an update recently that affects the stuff i'm looking at |
| 19:13 | <Hixie> | but the pdf is a pain to deal with |
| 19:14 | <jorendorff> | Hixie: Yes, I'll work on it tonight. |
| 19:14 | <Hixie> | cool, thanks |
| 19:15 | <Hixie> | i wonder how allen wants event handler attributes to work in the new world |
| 19:15 | <Hixie> | i also wonder how anne wants his fetch stuff to interact with ES Loader stuff |