2021-11-01 [10:48:39.0039] any node folks around [10:50:10.0121] shu: I could try [10:51:01.0205] any nevermind, turns out it was already fixed: https://github.com/nodejs/node/pull/40670 [10:51:06.0269] v8 infra also started failing [10:51:12.0030] perfect [10:51:18.0577] DST strikes again [12:10:09.0539] you can always ping me [15:04:46.0937] thanks 2021-11-11 [20:08:17.0215] oof, chrome's added a way for sites to block "view source"? https://chromium-review.googlesource.com/c/chromium/src/+/3260807 [20:22:34.0445] The error message is net::ERR_BLOCKED_BY_ADMINISTRATOR [20:23:16.0903] So I guess this feature is something like enterprise management [20:41:14.0065] couldn't someone just use a different browser to view source? [20:48:25.0410] Since it's in a enterprise environment, it's likely not be allowed to install other browsers [21:22:26.0555] from reading the bug, it's not for sites, it's for domain admins (i.e. the people running the browser) [21:22:44.0074] e.g. schools who want to block students from going to site X also want to stop them from viewing the source for site X [21:23:41.0123] apparently frequently the X in question is a Google Forms page which schools are using to administer tests? https://bugs.chromium.org/p/chromium/issues/attachment?aid=447164&signed_aid=iZPmi6KtTPPRkuOjVYccag==&inline=1 [21:23:59.0776] which, uh, probably there are other bad things going on with that, but. [21:26:02.0010] * which, uh, probably there are other problems with trying to use google forms for quizzes, but. [21:48:36.0808] why not... and hear me out here... score the test server side? [22:03:02.0453] sounds hard [22:05:50.0717] (I mean, legitimately, for nontechnical people with other stuff to do. Google Forms is a technology people already know how to use; procuring, understanding, and teaching a different one, just for giving simple quizzes, is a lot to ask of teachers) [22:48:54.0255] oh no, I meant for Google Forms! Like... why can't they avoid transmitting any of that info to the client? [22:50:26.0109] cuz they can add a view source blocker to the browser that all the schools use [22:50:36.0114] welcome to monopoly [09:23:17.0893] that’s still super harmful; if an exam is coded so badly the answers are in the client, it deserves to be circumvented. [09:27:31.0270] back in my day i took exams on parchment and ink [10:39:35.0098] I do not really share the opinion that cheating is morally right just because it is technologically possible, myself [10:39:58.0885] and think that it is fine for people to try to find ways to make the cheating technologically harder even if it remains possible [14:28:19.0594] I don't think Jordan was claiming "cheating is morally right" [14:28:49.0718] it's that _it's not cheating_ to look at the answer sheet that the teacher provided with the test [14:42:21.0164] eh, i don't buy putting it client side is equivalent o providing the answer sheet [14:54:46.0814] it's not as overt, but it's dependent on the honor of each individual student to not look at something that's just sitting right there [14:55:21.0229] at which point the consideration "if I don't do it, I'll be at a disadvantage since they will" arises [14:56:15.0102] i see, that's a different ethical framework for cheating [14:56:52.0657] ethics here is comparatively simple when everybody's in the same room 😓 [15:17:39.0556] I heard "everyone's doing it" a lot when I caught cheaters when I was a TA, but it really was only like 10% of the students; most people (at least Stanford undergrads...) are willing play by the rules even if they and everyone else in the class is capable of circumventing them [15:19:10.0389] when i TAed at UCLA it was <10%, at least on exams [15:48:39.0005] but was there an equivalent availability of the answer sheet? [15:55:28.0633] "everyone's doing it" would seem like a very out-there claim for an in-person test so I might not be following 2021-11-12 [16:02:35.0342] I think people who cheat on tests just tend to assume everyone is cheating on the test, really [16:09:48.0933] hmm. anyway I'm not advocating for cheating, of course. I just think the "if it can be done, it will be done"-ness is complicated (and depressing) [16:10:11.0416] and above all I don't think people should pretend the web is something other than what it is [16:14:07.0527] i think the path to enforcement should be a bit more fine-grained - like building google forms to do less clientside - than broadly allowing dev tools to be blocked. definitely not saying cheating is morally right, but it's either an honor system or it requires enforcement. if it's the former, there's no need for protections (altho maybe notifications/logging), and if the latter, then there's no point in providing the answers over the wire anyways. especially since every student could probably just load the URL up on their iPhone and use view source there. [16:14:32.0091] maybe i'd feel different if the cited use case for google's browser doing this wasn't one of google's own products, i dunno [16:14:34.0558] * maybe i'd feel different if the cited use case for google's browser doing this wasn't one of google's own products, i dunno [16:17:56.0467] to be clear, it's not _just_ google forms; it's also that they want to block sites in general, and students were getting around that by view-source, saving the HTML, and then opening the saved HTML [16:18:31.0772] * to be clear, it's not _just_ google forms; it's also that they want to blacklist sites in general, and students were getting around that by view-source, saving the HTML, and then opening the saved HTML [16:18:35.0588] * to be clear, it's not _just_ google forms; it's also that they want to block sites in general, and students were getting around that by view-source, saving the HTML, and then opening the saved HTML [16:35:30.0493] yeah but this is a bad trend when people are also getting sued for "hacking" via view source [16:35:51.0930] we need to be educating people about how the web works, not leaning into the illusion [16:36:19.0637] * hmm. anyway I'm not advocating for cheating, of course. I just think the "if it can be done, it will be done"-ness of the internet is complicated (and depressing) [16:46:24.0091] > <@rkirsling:matrix.org> I don't think Jordan was claiming "cheating is morally right" Yeah, from cryptography, security doesn't comes from a hidden algorithm. The same argument applies to the web site. 2021-11-18 [14:30:17.0467] is there some way v8 could less aggressively deoptimize around usage of Symbol.IsConcatSpreadable? https://engineering.tines.com/blog/understanding-why-our-build-got-15x-slower-with-webpack [14:49:26.0825] ljharb: you could get them to open an issue with a repro case of the bad performance [14:50:01.0830] Cool, I’ll suggest that! [14:50:17.0203] I’m assuming it’s just an under explored scenario [14:50:46.0207] yeah, i suspect that's right. we'd love to fix all performance cliffs but in a busy world with many priorities we usually need a good signal that it's a performance problem worth fixing sooner than later 2021-11-22 [08:08:37.0077] @shu would be good to get some v8 eyes on https://bugs.chromium.org/p/v8/issues/detail?id=12421 [11:50:56.0265] i wonder if it's just a really badly worded error message [11:51:11.0207] class constructors get a `.name`, maybe this is a redefine error? [11:56:25.0305] name is configurable, so this is an actual bug, I'm pretty sure [11:59:19.0719] oh it is? okay then, sounds like a bug [11:59:39.0436] let's see... [12:19:38.0267] i've pinged joyee to take a look, she recently added a bunch of ICs for the define paths and we've been sussing out the correctness bugs still [14:02:53.0111] as a delegate i still think define-over-set was the right choice [14:03:01.0084] but it's proving to be quite a bugfarm [14:03:12.0569] at least one of which was a security bug too [14:43:50.0775] i still think it was the wrong choice ¯\\\_(ツ)_/¯ [14:43:53.0099] * i still think it was the wrong choice ¯\\_(ツ)_/¯ [14:43:55.0352] * i still think it was the wrong choice ¯\\\_(ツ)_/¯ 2021-11-23 [16:34:03.0421] i'm coming to the position that it wasn't worth it, right or wrong 2021-11-30 [03:48:35.0178] Is there a document that records which proposals have implementations in which engines at all? I ask as my changeset to SpiderMonkey which adds the "New Set Methods" proposal has been accepted [03:50:53.0803] Usually it's tracked in every proposal (either in their readme or in an issue).