| 01:27 | <MikeSmith> | https://lists.mozilla.org/pipermail/dev-platform/2015-June/010180.html |
| 01:27 | <MikeSmith> | "We enabled native copy-to-clipboard on github.com today for Firefox Nightly visitors. The copy buttons no longer use a Flash widget in Nightly or Chrome!" |
| 01:27 | <MikeSmith> | nice |
| 02:25 | <MikeSmith> | former Chrome engineer Shiki Okasaka now has his own company making a pretty cool new ergonomic keyboard http://www.esrille.com/keyboard/ with the source for its firmware available on Github (and designed to be user-updateable relatively easily) |
| 02:37 | <caitp-> | my goal is to slack off as much as possible, and with as good posture as possible, so that I don't have to worry about rsi or other injuries like that |
| 02:37 | <caitp-> | and hopefully retire before 40 |
| 02:37 | <caitp-> | here's hopin |
| 02:39 | <caitp-> | maybe it's futile :( |
| 12:07 | <MikeSmith> | https://code.google.com/p/chromium/issues/detail?id=495577 |
| 12:08 | <MikeSmith> | Chrome shouldn't be trying to fetch something in a background tab if it requires user interaction in order to load |
| 12:08 | <MikeSmith> | (and then keeping a socket open waiting for the user interaction to happen) |
| 15:22 | <benjamingr> | Domenic: what's web platform branding? Not to be annoying yet again - but I can't seem to be able to google it |
| 15:23 | <Domenic> | benjamingr: I don't know what you're referring to? |
| 15:23 | <benjamingr> | "WeakSets are perfect for branding and are how I would expect web platform class branding to be explained." |
| 15:23 | <benjamingr> | Oh lol, web platform _class_ branding, sorry. |
| 15:25 | <benjamingr> | Like, why wouldn't an `instanceof` or another similar check work there Domenic ? |
| 15:25 | <Domenic> | benjamingr: because then you could fool it with Object.create(Foo) |
| 15:25 | <Domenic> | (Or with [Symbol.hasInstance], these days.) |
| 15:26 | <benjamingr> | Why would you be _that_ defensive about it in the first place? |
| 15:27 | <caitp> | fooling instanceof isn't necessarily bad |
| 15:27 | <benjamingr> | I'm not being critical, I genuinely don't know where I'd be that defensive |
| 15:28 | <caitp> | it's potentially helpful for unit tests |
| 15:28 | <benjamingr> | caitp: here's context https://esdiscuss.org/topic/actual-weakset-use-cases |
| 15:28 | <caitp> | yes I know, I sent a reply |
| 15:28 | <benjamingr> | oh wait, you arleady commented there nvm |
| 15:28 | <benjamingr> | *already |
| 15:29 | <benjamingr> | caitp: wouldn't that example work with a regular set too? |
| 15:29 | <caitp> | well sure |
| 15:29 | <benjamingr> | (Domenic 's doesn't since the set outlive the objects) |
| 15:29 | <Domenic> | benjamingr: because you could break C++ |
| 15:29 | <Domenic> | benjamingr: C++ code does stuff like getInternalCppObjectFrom(jsObject) |
| 15:30 | <benjamingr> | Domenic: but if it's to guard C++, can't/shouldn't it be done from the C++ side anyway? |
| 15:30 | <caitp> | you're right, you could use a plain ol' Set |
| 15:30 | <Domenic> | benjamingr: yes, that is how it's currently done. But if you wanted to implement things in JS (which would have its own invariants, e.g. getInternalJSObjectFrom(jsObject)) you'd use WeakSet. |
| 15:31 | <caitp> | although theoretically fn() could destroy <object> |
| 15:31 | <caitp> | and if it gets collected during iteration, not impossible, you know |
| 15:32 | <Domenic> | in general any security-sensitive code that depends on object invariants would use this |
| 15:32 | <benjamingr> | Domenic: interesting, in your example you can `.call(myFakeObject)` to add things in - but that's besides the point. I wonder if I can come up with a library example. |
| 15:32 | <benjamingr> | If you have existing security critical code that needs this I'd definitely love to see it. |
| 15:33 | <Domenic> | benjamingr: like, all of browsers, or anything Mark Miller writes. |
| 15:33 | <benjamingr> | caitp: but you still own a reference to the object from the closure - if you had a weakref instead that'd work. |
| 15:33 | <Domenic> | benjamingr: what do you mean by .call(myFakeObject)? |
| 15:33 | <Domenic> | class constructors aren't callable, remember. |
| 15:33 | <benjamingr> | Oh, right, my mistake |
| 15:33 | <caitp> | stop using your logic on me :p |
| 15:33 | <Domenic> | weakrefs |
| 15:33 | <caitp> | yes, Weak isn't really ar equirement for that use case |
| 15:34 | <Domenic> | we're going to have SAB, might as well have weakrefs |
| 15:34 | <benjamingr> | Domenic: anything mark miller writes is the first place I looked (well, the thesis and recent security papers). I couldn't distill a use case from there I could show. |
| 15:34 | <Domenic> | benjamingr: hmm maybe look through the SES source code. He probably uses WeakMap with dummy values. |
| 15:35 | <benjamingr> | That's a good idea, I'll do that thanks. |
| 15:36 | <benjamingr> | IIRC Mark has that really cool WeakMap shim for SES but doesn't actually use WeakSet |
| 15:36 | <Domenic> | Yeah that is my recollection too but it seems quite possible he uses it conceptually while using the actual WeakMap impl. |
| 15:38 | <benjamingr> | yes, WeakMap but no WeakSet. Your "guarding against X" example is pretty good though, like having verified objects that were impossible to tinker with. It can be done with a WeakMap easily but then again that's true for every Set and it's still pretty solid. |
| 18:15 | <TabAtkins> | Yeah, a set is just a Map where you only ever use .has(), never .get(). |