| 08:00 | <ondras> | Domenic: turned out that my broken promise impl was spinning the eventloop infinitely as a side effect, not necessarily against any "rules" or so, so I guess the behavior was not incorrect w.r.t. promises. |
| 08:01 | <ondras> | Domenic: I managed to hunt that down and submit a PR to the list of conformant impls. |
| 08:01 | <ondras> | Domenic: also, congrats on your new JIT t-shirt .) |
| 08:01 | <Domenic> | :D |
| 08:42 | <annevk> | mathiasbynens: seems like we should solve it some how |
| 08:42 | <annevk> | mathiasbynens: <a href=... target=_blank rel=noreferrer> is not exactly ideal syntax |
| 08:43 | <annevk> | mathiasbynens: maybe something like target=_new or _safe |
| 09:12 | <Domenic> | I don't really understand why this is coupled to Referer? what if I like letting other sites see who linked to them? |
| 09:17 | <annevk> | Domenic: I don't think that was carefully thought out |
| 09:17 | <annevk> | I wonder if we can make CSP do this by default |
| 09:17 | <annevk> | At least for cross-origin .opener |
| 10:02 | <annevk> | hsivonen: why does ssllabs.com not mark "RC4 Yes" as a warning or even error? |
| 12:57 | <annevk> | mathiasbynens: so for html5.org we only need html5.org and *.html5.org as far as I can tell |
| 12:58 | <annevk> | although I guess I could try to support Philip` and ask for *.philip.html5.org as well |
| 12:58 | <annevk> | though that'd require him installing certificates on that other server |
| 12:59 | <annevk> | mathiasbynens: for HSTS max-age you want to recommend something like 31415926 btw, the value you gave is less than 180 days which makes ssllabs.com frown |
| 13:13 | <annevk> | Ok, asked for certificates for html5.org and whatwg.org |
| 13:14 | <annevk> | alt *.html5 for html5.org and *.whatwg.org and *.spec.whatwg.org for whatwg.org |
| 13:14 | <annevk> | Will take up to 3 hours per StartSSL, but have been waiting a bit longer for others already, so might not all be sorted today |
| 13:21 | <Philip`> | annevk: Doing anything special for *.philip.html5.org probably isn't worthwhile |
| 13:24 | <Philip`> | (...and I'm unlikely to want to bother configuring anything on my server) |
| 13:32 | <annevk> | Hixie: I have a new WHATWG certificate |
| 13:32 | <annevk> | Hixie: I will test it on dom.spec.whatwg.org |
| 13:43 | <annevk> | Okay so that works, but there are some obvious issues with the subresources |
| 13:44 | <Ms2ger> | You'd say? |
| 14:03 | <annevk> | Ms2ger: fixed |
| 14:05 | <annevk> | Also added HSTS |
| 14:06 | <Domenic> | it's happening!! :O |
| 14:29 | <annevk> | Okay, so out of 9 certificates requested 2 have been issued thus far |
| 14:29 | <annevk> | Covering 15 domains |
| 14:29 | <annevk> | What's that, like 0% of the web? |
| 15:00 | <JakeA> | annevk: http://fetch.spec.whatwg.org/#request-class - should fallbackCredentials be "same-origin"? |
| 15:00 | <JakeA> | Feels like fetch('/') should include credentials |
| 15:01 | <annevk> | It was something intentional to omit credentials by default as many people argue that's a saner default |
| 15:01 | <annevk> | "same-origin" is a really hacky thing |
| 15:02 | <JakeA> | Hmm, it just bit remysharp & I. Was really unexpected. |
| 15:02 | <JakeA> | Although it could be that we're just used to how XHR behaves |
| 15:03 | <JakeA> | But I think it's going to surprise many developers |
| 15:03 | <caitp> | it's not as though there's very many features of the platform that don't surprise people |
| 15:19 | <annevk> | Adding certificates to many subdomains on DreamHost is a bitch |
| 15:30 | <annevk> | mathiasbynens: https://mathias.html5.org/ |
| 15:31 | <annevk> | That was a lot of copy-and-pasting keys and certificates around... Bleh |
| 15:31 | <annevk> | I hope Hixie can do this easier with DreamHost VPS |
| 15:33 | <annevk> | Still need to make HSTS work btw |
| 15:34 | <annevk> | And request yet more certificates, man, I hope this situation improves for when I have to renew all this shit |
| 16:29 | <mathiasbynens> | annevk: w000t |
| 16:29 | <mathiasbynens> | annevk: you’re a hero |
| 16:48 | <Pantha> | anyone there? |
| 16:49 | <boogyman> | Pantha: negative. |
| 16:49 | <Ms2ger> | No |
| 16:49 | <Pantha> | i'm new in irc |
| 16:50 | <Pantha> | so........ |
| 16:50 | <Pantha> | this is the irc channel of the WHATWG, right? |
| 16:51 | <boogyman> | yes |
| 16:52 | <Pantha> | i wanted to add proposal |
| 16:52 | <Pantha> | i mean request for a new elwment |
| 16:52 | <Pantha> | sry, element |
| 16:52 | <caitp> | it's one of those cool organizations where you have a way of contacting members and communicating with actual humans --- many government agencies could learn from the example |
| 16:53 | <Pantha> | thanks |
| 16:54 | <boogyman> | Pantha: can you describe the capability you're looking to add? |
| 16:55 | <Pantha> | there are many sementic elements in html5, like header, footer, aside. i think there should a new element for slider or slideshow like <slider> |
| 16:55 | <caitp> | most of those are really just HTMLElement |
| 16:56 | <caitp> | so technically <slider> already exists, as much as <main> or <aside> is defined |
| 16:57 | <caitp> | well, I guess that's not strictly true |
| 16:57 | <Pantha> | i don't understand |
| 16:57 | <Pantha> | if i just add a tag like <element> |
| 16:57 | <Pantha> | that is not correct |
| 16:59 | <Pantha> | i mean w3 need to make a new element for creating slider at web page |
| 17:00 | <caitp> | like input[type=range]? |
| 17:00 | <Pantha> | no |
| 17:01 | <boogyman> | Pantha: can you please describe what you mean by slider? |
| 17:01 | <Pantha> | i mean, if u wanna creat a slide show u choose a div like <div class="footer"> |
| 17:01 | <Pantha> | slideshows at websites |
| 17:01 | <caitp> | like flexslider or whatever |
| 17:01 | <boogyman> | Ah, slide shows are a list <ol> of stuff. |
| 17:02 | <Pantha> | i mean, if u wanna creat a slide show u choose a div like <div class="footer">. we used to create header , footer like this also. |
| 17:02 | <Pantha> | so there is a new tag for slider |
| 17:03 | <Pantha> | sry. <div class=slider> |
| 17:03 | <Pantha> | it would be cool if we can use just <slider> </slider> |
| 17:03 | <caitp> | so, if I were going to propose this on blink-dev, I have a strong feeling the response I'd get is "we don't want this in the platform; implement it with web components" |
| 17:04 | <caitp> | (that seems to be the catch-all response for anything which has historically been implemented in scripts) |
| 17:04 | <boogyman> | Personally I think it's a bad idea. I think its a feature that's best created by authors, not the standards org. |
| 17:05 | <Pantha> | so where shoud i apply this proposal? |
| 17:05 | <Pantha> | w3? |
| 17:06 | <caitp> | what you want to do is get browsers to agree to implement it |
| 17:06 | <caitp> | being spec'd doesn't really accomplish that |
| 17:06 | <caitp> | i have a feeling you'd have trouble getting browsers to agree to that, as nice as it would be to have commonly used features like this baked in |
| 17:07 | <caitp> | because A) needs of different users vary a lot, it would be hard to implement it in a way which made everyone happy while still being a decent API |
| 17:07 | <caitp> | aw |
| 17:19 | <annevk> | MikeSmith: https://platform.html5.org/style.css loads an image from images.whatwg.org which is not yet available from TLS |
| 17:19 | <annevk> | MikeSmith: I guess we can wait for images.whatwg.org to get TLS, but that link needs to be modified either way |
| 17:36 | <annevk> | mathiasbynens: krijnhoetmer: jgraham: zcorpan: matijs: Philip`: gsnedder1: if you could include something like this in the .htaccess of your .html5.org domain, that'd be great: https://gist.github.com/annevk/3ec0c4cc129059eb567d |
| 17:36 | <annevk> | hsivonen: ^ also applies to webm.html5.org |
| 17:41 | <jgraham> | annevk: Pretty sure there isn't actually anything under james.html5.org |
| 17:41 | <matijs> | done, tah |
| 17:42 | <annevk> | jgraham: there's claims it's coming soon! |
| 17:42 | <annevk> | jgraham: I can make it a redirect to http://hoppipolla.co.uk/ (where's the TLS?) if you want |
| 17:42 | <matijs> | Hey I found those in mine too! |
| 17:42 | <annevk> | (DreamHost will keep adding those until you add some content...) |
| 17:50 | <annevk> | mathiasbynens: I have to say that not having tight control over the certificate is frustrating |
| 17:50 | <annevk> | E.g. StartSSL often picks a "Common Name" I don't think is all that common |
| 18:54 | <zcorpan> | annevk: done |
| 19:04 | <annevk> | zcorpan: can you also do it for forums.whatwg.org ? |
| 19:06 | <zcorpan> | annevk: my browsers complain that https://forums.whatwg.org/bb3/index.php is not trusted |
| 19:06 | <annevk> | zcorpan: oh, might have to wait a couple of minutes |
| 19:06 | <Hixie> | give it a few minutes |
| 19:06 | <Hixie> | blog.whatwg.org works |
| 19:06 | <Hixie> | i'm going down alphabetically |
| 19:06 | <annevk> | we're doing it live :p |
| 19:06 | <zcorpan> | ah |
| 19:07 | annevk | is fixing mixed content warnings in specs |
| 19:07 | <Hixie> | i'm as far as help.whatwg.org |
| 19:07 | <Hixie> | we have SO MANY SUBDOMAINS |
| 19:07 | <annevk> | first thing I noticed is that namespaces will look weird five years from now |
| 19:07 | <annevk> | for other reasons than mostly being obsolete that is |
| 19:08 | <Hixie> | what, because they didn't look weird before? |
| 19:08 | <Hixie> | having "http://" in an opaque identifier is just dumb |
| 19:11 | <Hixie> | ok 18 subdomains to go |
| 19:12 | <annevk> | fair |
| 19:13 | <Hixie> | i have to go to lunch but will be back in a couple of hours |
| 19:14 | <Hixie> | there's 16 or so subdomains that are self-signed right now |
| 19:17 | <annevk> | I might be asleep, guess I'll put in place the HSTS switch for all specs tomorrow |
| 19:21 | <zcorpan> | Hixie: required attributes and <template> don't seem to go well together |
| 19:27 | <zcorpan> | Hixie: https://www.w3.org/Bugs/Public/show_bug.cgi?id=26566 question from bz |
| 20:19 | <Philip`> | annevk: Unfortunately I have no idea how to connect to Dreamhost to modify anything on my subdomain |
| 20:22 | <caitp> | iirc you should be able to do a lot of it from their web dashboard, and if not, you should be able to get shell access easily |
| 20:23 | <Philip`> | All I know is the server I last ssh'd to in 2011, which no longer seems to exist |
| 20:23 | <Philip`> | and if I ever had a password, I've no idea what it was |
| 20:27 | <annevk> | Philip`: I'll get you a new one |
| 20:28 | <caitp> | lives up to my claim of "get shell access easily" |
| 20:28 | <annevk> | yeah it's trivial |
| 20:36 | <mathiasbynens> | annevk: i feel your pain re: CN having `www.` in it etc. |
| 20:37 | <annevk> | certs are far from neat |
| 20:37 | <annevk> | hopefully that can be fixed |
| 20:38 | <mathiasbynens> | only a matter of time until Google starts providing free wildcard certs |
| 20:39 | <annevk> | you think? |
| 20:39 | <zcorpan> | you get a wildcard cert! you get a wildcard cert! everyone gets a wildcard cert! |
| 20:41 | <annevk> | not needing CAs would be even nicer |
| 20:53 | <annevk> | mathiasbynens: I guess there's a tracking bug on TLS opera.com redirecting to non-TLS? |
| 22:09 | <mathiasbynens> | annevk: yep |
| 23:37 | <Hixie> | ok, ssl certs are set up for *.whatwg.org and *.spec.whatwg.org |