| 01:37 | <Hixie> | SQL query: |
| 01:37 | <Hixie> | LOCK TABLES `section` , `status` , `tests` , `demos` , `implementations` , `changes` READ |
| 01:37 | <Hixie> | MySQL said: Documentation |
| 01:37 | <Hixie> | #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' `status`, `tests`, `demos`, `implementations`, `changes` READ' at line 1 |
| 01:37 | <Hixie> | wtf |
| 01:37 | <Hixie> | what's wrong with that line |
| 01:37 | <Hixie> | all those tables exist |
| 01:37 | <Hixie> | OH |
| 01:37 | <Hixie> | i see |
| 01:38 | <Hixie> | 4.x expects the lock type after each table name |
| 01:38 | <Hixie> | duh |
| 01:47 | <MikeSmith> | Hixie - I have a perhaps dumb question but I will ask anyway. Is post-serialized output of a source document idempotent if re-run through the conformant parser multiple times? |
| 01:49 | <Hixie> | in theory |
| 01:50 | <Hixie> | if you find any cases where it's not, let me know |
| 01:50 | <Hixie> | it is certainly the case that certain conforming documents can't round-trip safely |
| 01:50 | <Hixie> | whitespace tends to be dropped or moved near the start and end of documents, for historical reasons |
| 01:53 | <Dashiva> | But even if the whitespace is moved, they produce the same DOM, don't they? |
| 01:53 | <MikeSmith> | Hixie - at least running a doc through html5lib parse.py multiple times seems to result in linebreaks getting added cumulatively before the closing body tag in the serialized output |
| 01:53 | <MikeSmith> | Or maybe pilot error |
| 01:54 | MikeSmith | goes to check his test file again |
| 01:56 | <MikeSmith> | I was wrong. Sorry about the noise |
| 01:57 | <MikeSmith> | just gets added once |
| 02:01 | <Hixie> | Dashiva: yeah |
| 02:01 | Philip` | wonders what is the maximum filesize expansion if you pass something through an HTML5 parser then serialiser |
| 02:02 | <MikeSmith> | so with the following minimal source: |
| 02:03 | <MikeSmith> | <html><head><title>foo</title></head><body><p>foo</p> |
| 02:03 | <MikeSmith> | </body></html> |
| 02:03 | <MikeSmith> | I get a linebreak added before closing body tag in output |
| 02:04 | MikeSmith | shuts up and goes to read the spec for the parsing algoritm |
| 02:07 | <Philip`> | Hmm, I can get O(n^2) growth with a file like <b><b><b><b><u><u><u><u> </b> </b> </b> </b> |
| 02:07 | Philip` | wonders if that's the worst that's possible |
| 02:15 | <Dashiva> | What about lone <td> tags? |
| 02:15 | <Dashiva> | <td></table> repeated, maybe |
| 02:32 | <Hixie> | ok you can add annotations now, at least in the ui... |
| 02:32 | <Hixie> | but i suppose none of that will work until you can log in... |
| 04:20 | <Hixie> | you are in a twisty maze of callbacks, all alike |
| 07:45 | <Hixie> | i agree with your last e-mail, i think i tried to describe one other way of deciding where the line is in my own most recent email |
| 08:07 | <Hixie> | wtf, XMLHttpRequest.status == 0 ??? |
| 08:09 | <hsivonen> | Hixie: was that my last email? |
| 08:10 | <Hixie> | was what your last e-mail? |
| 08:11 | <Hixie> | i meant the bit about unambiguous interop not being the line for what is invalid |
| 08:11 | <hsivonen> | Hixie: you said "i agree with your last e-mail" |
| 08:11 | <hsivonen> | Hixie: ok |
| 08:12 | <hsivonen> | I sense a huge bikeshed approaching |
| 08:15 | <Hixie> | well, we can try to make it more complicated :-) |
| 08:23 | <Hixie> | woot, we're down to just one XXX in this annotation script |
| 08:35 | <Hixie> | sql really is the wrong database technology for this |
| 09:53 | annevk | looks at anne-mac |
| 10:05 | <zcorpan> | hsivonen: in case you hadn't noticed... http://tinyurl.com/2wywpp s/error errors/errors/ and error 18 and 20 don't mark the right fragment of the source |
| 10:07 | <annevk> | yeah, I noticed that too when there were a larger number of errors |
| 10:08 | <hsivonen> | zcorpan: thanks, I hadn't noticed |
| 10:10 | <hsivonen> | hmm. the source highlight behavior in those results is *weird* |
| 10:11 | <hsivonen> | zcorpan: error errors fixed locally. will appear on site later today hopefully |
| 10:11 | <othermaciej> | annevk: finally decided to switch? |
| 10:12 | <zcorpan> | hsivonen: seems that at some point the line numbers get wrong |
| 10:13 | <hsivonen> | zcorpan: yes |
| 10:14 | <hsivonen> | zcorpan: debugging that won't be fun :-( |
| 10:14 | <annevk> | othermaciej, I bought a MacBook to play with |
| 10:14 | <annevk> | I'm still mostly using Ubuntu |
| 10:14 | <othermaciej> | annevk: cool, now you have no excuse for posting test results that don't include Safari :-) |
| 10:14 | <annevk> | heh |
| 10:14 | <annevk> | yeah, that's one advantage |
| 11:08 | Hixie | deploys his spec annotation script onto the actual spec without much testing |
| 11:15 | <Dashiva> | Hixie: 0 is nothing, wait until you encounter the ones around the 12029 range :) |
| 11:17 | <Hixie> | yeah but there was no reason for it |
| 11:17 | <Hixie> | the error disappeared shortly afterwards and i haven't been able to reproduce it |
| 11:18 | <Hixie> | i really need to write my own preprocessor for the html5 script |
| 11:18 | <Hixie> | bert's script is becoming painfully slow |
| 11:20 | <annevk> | please make it generic |
| 11:20 | <annevk> | having a public version of the CSS spec generator that is open source would be cool |
| 11:23 | Hixie | is still waiting for bert's script to respond |
| 11:23 | <Hixie> | weird |
| 11:23 | <Hixie> | doesn't normally take THIS long |
| 11:24 | <annevk> | it doesn't work for me |
| 11:28 | <MikeSmith> | Hixie, annevk - there's apparently a problem right now with a java process eating up all the cpu on cgi.w3.org |
| 11:29 | <Hixie> | ok |
| 11:29 | <MikeSmith> | btw, I think Bert's script has a dependencies on other tools he's writeen |
| 11:29 | <Hixie> | well then i'll deploy the annotation stuff while i'm asleep |
| 11:29 | Hixie | tells his script to wait 4 hours then regen the spec |
| 11:29 | <Hixie> | bed time |
| 11:29 | <Hixie> | nn |
| 11:30 | <MikeSmith> | night |
| 11:49 | <zcorpan> | hsivonen: <footer> allows inline-level content per spec |
| 11:53 | <hsivonen> | zcorpan: interesting. has it always been that way? |
| 11:55 | <zcorpan> | yees |
| 11:55 | <zcorpan> | s/e// |
| 11:57 | <hsivonen> | zcorpan: thanks. fixed locally |
| 11:57 | <zcorpan> | hsivonen: should i point that out on the list as well? |
| 11:59 | <hsivonen> | zcorpan: that would help, I think |
| 11:59 | <hsivonen> | I'm pushing out the change now |
| 12:00 | <zcorpan> | ok |
| 12:05 | <hsivonen> | zcorpan: fix deployed |
| 12:05 | <hsivonen> | MikeSmith: IRI checking changes deployed |
| 12:05 | <zcorpan> | hsivonen: nice |
| 12:06 | <MikeSmith> | hsivonen - sweet |
| 12:07 | <MikeSmith> | top-secret HTML5 version of the HTML WG home page now validates |
| 12:07 | <MikeSmith> | http://www.w3.org/html/wg/5.html |
| 12:09 | <hsivonen> | MikeSmith: <!DOCTYPE html> |
| 12:09 | <hsivonen> | <html lang=en xmlns=http://www.w3.org/1999/xhtml>; |
| 12:09 | <hsivonen> | MikeSmith: that's weird |
| 12:09 | <MikeSmith> | hsivonen - it's generated from XHTML source |
| 12:10 | <hsivonen> | ah |
| 12:10 | <MikeSmith> | and conformant |
| 12:10 | <MikeSmith> | if weird |
| 12:10 | <MikeSmith> | I doubt Dan would go for the idea of doing it the other way around |
| 12:11 | <MikeSmith> | that is, maintaining source in HTML and generating the XHTML from that |
| 12:11 | <hsivonen> | MikeSmith: sure, it makes sense to maintain the source as XHTML |
| 12:12 | <hsivonen> | MikeSmith: I just didn't realize that you were doing that |
| 12:12 | <hsivonen> | MikeSmith: I'd expect an HTML5 serializer to drop xmlns |
| 12:12 | <MikeSmith> | html5lib parse.py util doesn't drop it a least |
| 12:12 | <MikeSmith> | I think it would make sense if it did, though |
| 12:13 | <hsivonen> | MikeSmith: in the Validator.nu parser, dropping it is configurable |
| 12:13 | <annevk> | you got to like what it does now :D |
| 12:13 | <MikeSmith> | heh |
| 12:14 | <hsivonen> | MikeSmith: which shows that allowing the xmlns isn't low-cost, as it had the cost of implementing that configurability |
| 12:14 | <hsivonen> | s/low-cost/no-cost/ |
| 12:14 | <MikeSmith> | true that |
| 12:15 | <MikeSmith> | hsivonen - anyway, no longer any XSLT output method=html there. I just uses html5lib now |
| 12:16 | <hsivonen> | MikeSmith: great |
| 12:16 | <MikeSmith> | plus some sed postprocessing to add linebreaks for prettification purposes |
| 12:25 | <hsivonen> | annevk: is step #3 at http://dev.w3.org/2006/webapi/XMLHttpRequest/#text-response-entity-body consistent with reality? shouldn't you override the XML normative reference to RFC 3023? |
| 12:26 | <zcorpan> | how about fixing rfc 3023? :) |
| 12:27 | <hsivonen> | zcorpan: feel free to try |
| 12:28 | <zcorpan> | at some point i might |
| 12:28 | <zcorpan> | try that is |
| 13:02 | Philip` | wonders what is a useful tool if you have thirty minutes to prepare a five minute presentation |
| 13:02 | annevk | is doing that now using HTML + some CSS |
| 13:04 | <zcorpan> | there is an opera show generator somewhere, though i don't know where and google seems to point at 404s :( |
| 13:04 | <Philip`> | Also I have no idea what computer I can use so it might be stuck with IE |
| 14:09 | <Dashiva> | Oh hey, cod@type got brought up again... |
| 14:11 | <hendry> | annevk: just looking at http://www.w3.org/TR/access-control So if the server responds with: Access-Control: allow <hello-world.invalid>, why would a request from evil-world.invalid obey that header? |
| 14:12 | <Dashiva> | As I understand it, it's not up to evil-world to decide. The browser does that before it serves responses |
| 14:12 | <Dashiva> | s/browser/UA/ |
| 14:13 | <hendry> | you mean the UA that evil-world.invalid is using? |
| 14:15 | <Dashiva> | I'm not sure why it would |
| 14:16 | <Dashiva> | Any UA can send requests anywhere as it is. Some of them use restrictions (e.g. no cross-domain XHR). Access-control lets these restrictions have exceptions |
| 14:17 | <hendry> | I am having trouble visualising this. Is there some diagram I wonder. |
| 14:18 | <hendry> | So for UAs that are restricted (some policy?), Access-control is a way of defining some "safe sites"? Is that what you are saying Dashiva ? |
| 14:18 | <Dashiva> | Yes |
| 14:19 | <Dashiva> | Flash has a similar thing, if you're familiar with that |
| 14:19 | <hendry> | Dashiva: no i'm not |
| 14:20 | <hendry> | Dashiva: I wonder if Flash's security model is any good. and documented |
| 14:21 | <hsivonen> | hendry: you run a trusted UA inside your firewall |
| 14:21 | <hsivonen> | hendry: your trusted UA makes the decision whether the script from evil.invalid gets to talk with the servers on the inside of your network perimeter |
| 14:25 | <hendry> | ok, thanks for the explanation |
| 14:26 | <hendry> | i distantly recall that IE had some sort of privacy control features: http://www.microsoft.com/windows/ie/ie6/using/howto/privacy/config.mspx |
| 14:26 | <hendry> | i think it was some standard even WRT privacy policies |
| 14:27 | <hendry> | i can't see anything in FF similar. or am i looking in the wrong place |
| 14:28 | <hendry> | ah P3P |
| 14:29 | <hendry> | anyone know what's happening with http://www.w3.org/P3P/ ? is it dead? is it used? does it have a future? |
| 14:29 | <hsivonen> | is P3P actually used or was it just a distraction for shaking off the FTC regulators? |
| 14:30 | <hendry> | heh |
| 14:31 | <hsivonen> | Facebook shows that industry self-regulation isn't working |
| 14:31 | <hendry> | hsivonen: why's that? |
| 14:31 | hendry | logs into FB :) |
| 14:32 | <hsivonen> | hendry: Beacon |
| 14:34 | <hendry> | ok, ummm.. is there some blog entry explaining this all? What are you saying? They have not regulated people privacy to your requirements? |
| 14:34 | <Dashiva> | privacy doesn't exist on facebook |
| 14:35 | <hendry> | tbh i like their controls |
| 14:35 | <hendry> | i think a lot people (not just me) are fooled into a false sense of security :) |
| 14:36 | <hendry> | Dashiva: surely they have some limits. Privacy isn't boolean |
| 14:37 | <Dashiva> | Sure, you have privacy from other users. |
| 14:38 | <hendry> | But not from the sysops? Is that what you are saying? |
| 14:40 | <Dashiva> | Just read up on beacon :) |
| 14:41 | <hsivonen> | hendry: http://www.25hoursaday.com/weblog/2007/11/27/SomeThoughtsOnTheFacebookBeacon.aspx |
| 15:19 | <hendry> | just looking at FF3. it also doesn't seem to have a notion of a trusted zone. So how does the FF UA know it's in a trusted zone? |
| 15:25 | <hsivonen> | hendry: do you mean you'd like to give chrome access to certain http URIs? |
| 15:37 | <hsivonen> | Hixie: the HTML5 spec gives me an unresponsive script sheet in Firefox |
| 15:43 | <hendry> | hsivonen: well, I assume when you talk about a trusted UA in a firewall. Mustn't the UA be configured as to what to trust as a start point? |
| 15:43 | <hsivonen> | hendry: no. that's the point of the access-control spec |
| 15:44 | <hsivonen> | hendry: the servers tell what other servers they trust |
| 15:44 | <hendry> | ok, so the UA goes to a web site that returns those access-control headers |
| 15:44 | <hsivonen> | hendry: and presumably your inside firewall servers wouldn't say they their data is OK to leak to outside of firewall servers |
| 15:45 | <hsivonen> | hendry: the idea is that a site can control what other sites its data can be leaked to |
| 15:46 | <hendry> | Ok |
| 15:48 | <hendry> | and the UA enforces the policies right? so you need a "trusted UA" right? a UA that will obey these access control statements |
| 15:48 | <hsivonen> | hendry: yes |
| 15:49 | <hendry> | how can a web site be sure the UA accessing it will properly enforce it's access control rules? |
| 15:49 | <hsivonen> | hendry: they can't |
| 15:49 | <hsivonen> | hendry: by default XSS leaks are not allowed |
| 15:50 | <hendry> | you mean same origin stuff implemented on browsers? yeah, but there are ways of getting around that? |
| 15:51 | <hsivonen> | hendry: access-control is about letting sites relax same-origin |
| 15:55 | <hendry> | though aren't there well known ways around same-origin cross-site limitations? perhaps these holes will be closed mind. |
| 15:55 | <hsivonen> | hendry: in general, if a script from site A can read data from site B without cooperation from site B, that's a bug |
| 15:56 | <hsivonen> | hendry: there are already ways for a script at site A to issue GET and POST requests to site B without the cooperation of site B |
| 15:56 | <hsivonen> | hendry: but that's different from reading the responses |
| 15:59 | <hsivonen> | hendry: what kind of ways around same same origin you had in mind? |
| 16:00 | <hendry> | hsivonen: i did something the other day |
| 16:00 | <hendry> | which created a <script> tag and called in a JS from another site |
| 16:00 | <hendry> | i am not too sure if that is considered a same-origin hack |
| 16:01 | <hendry> | i think jquery does something similar with .load() or something like that |
| 16:01 | <hsivonen> | hendry: yeah, there's a hole if the remote script file embodies sensitive data |
| 16:02 | <hendry> | hsivonen: not too sure what is meant by your "reading the responses" line |
| 16:02 | <hsivonen> | hendry: which is a dumb thing for a script to do |
| 16:04 | <hsivonen> | hendry: I mean the script reading the contents of an HTTP request to another site in a way that it can send back to its own server |
| 16:06 | <hendry> | i need diagrams to explain some thoughts i have easily. |
| 16:07 | <hendry> | heh |
| 16:12 | hendry | just orders a X61... now i am thinking a tablet would have been useful after all :) |
| 16:13 | <Dashiva> | heh |
| 16:15 | <hendry> | i'll be in San Francisco next week. I think I'll buy a wacom bamboo tablet. I hope it'll work in Debian. |
| 16:17 | <Dashiva> | http://dashiva.net/test/access.jpg |
| 16:17 | <Dashiva> | Does that help? |
| 16:22 | <hendry> | Dashiva: You need Access-Control: allow <good.example.org> |
| 16:22 | <hendry> | on resource.example.com, right? |
| 16:24 | <Dashiva> | yes |
| 16:25 | <hendry> | Dashiva: ok, it did help. wtf did you draw that in btw? :) |
| 16:25 | <Dashiva> | mspaint, what else? :) |
| 16:26 | <Philip`> | You should have used CanvasPaint |
| 16:26 | <hendry> | looks like dos paint |
| 16:26 | <Philip`> | (or SVG) |
| 16:27 | <hendry> | yes, canvas+svg need to get out there |
| 16:35 | <hendry> | still thinking here |
| 16:35 | <hendry> | this access-control: stuff is done by web sites |
| 16:35 | <hendry> | surely a web site user should be more in control |
| 16:36 | <hendry> | or is the web site supposed to provide an interface for the user to enter which sites data can be shared with |
| 16:36 | <hendry> | for the web site in turn to generate the right access-control headers |
| 16:40 | <Dashiva> | hendry: It can be done in headers, but also with PIs if the data is XML |
| 16:43 | <csarven> | is it appropriate for all documents on a site use the same h1? should h1 be reserved for heading that is specific to that document? |
| 16:44 | <csarven> | if the site is called 'Foo', should all documents on that site use 'Foo' in <h1> or would you reserve h1 for things like 'Welcome to Foo', 'About Foo'... and perhaps using 'Foo' in <address> only |
| 18:04 | <bradee-oh> | Hixie: multipage version of HTML5 currently MIA? |
| 19:19 | <Hixie> | SPEC NOW HAS ANNOTATION MECHANISM |
| 19:19 | <Hixie> | er |
| 19:19 | <Hixie> | mascaps |
| 19:19 | <Hixie> | miscaps |
| 19:19 | <Hixie> | bbiab |
| 19:20 | <Dashiva> | multipage is till MIA, it seems |
| 19:21 | <Dashiva> | *still |
| 19:51 | <Hixie> | huh, weird |
| 19:58 | <aroben> | Hixie: http://www.whatwg.org/specs/web-apps/current-work/multipage/ seems troubled |
| 19:59 | <aroben> | Hixie: annotation stuff is very cool though |
| 20:00 | <aroben> | Hixie: I guess it's impossible to mark an implementation as "pass" without a testsuite first |
| 20:06 | <Philip`> | Does non-native support count? |
| 20:07 | <Philip`> | (e.g. Excanvas) |
| 20:07 | <Philip`> | If so, who decides which non-native implementation should be counted? |
| 20:11 | <Philip`> | Hixie: If I middle-click on the show-history link, it doesn't warn me that it's broken |
| 20:13 | <Hixie> | no |
| 20:13 | <Hixie> | oh, interesting |
| 20:13 | <Hixie> | will fix once i have the multipage thing done |
| 20:13 | <Hixie> | still can't work out why that's broken |
| 20:14 | <Philip`> | Hixie: Double-click to edit is not intuitive |
| 20:15 | <Philip`> | (An "edit" link would be more obvious) |
| 20:16 | <Philip`> | It's not obvious what the "tests" or "demos" fields are meant to contain, at least when looking at an empty one |
| 20:18 | <Philip`> | "Section status: Widely implemented" seems an odd option, since some features are widely implemented at the same time as the spec for them is a first draft (particularly when it's specifying old unstandardised features) |
| 20:21 | <Hixie> | there actually is an edit link, it's display:none |
| 20:21 | <Hixie> | it looks ugly :-) |
| 20:21 | <Hixie> | but i can readd it i guess |
| 20:22 | <Hixie> | though if you know that double-click adds, it's not a far jump to double-click to edit |
| 20:23 | Philip` | turns stylesheets off, and sees the edit link now |
| 20:23 | <Philip`> | The editing UI is not so good without stylesheets, though |
| 20:23 | <Philip`> | Hixie: Oh, double-click adds? |
| 20:23 | <Hixie> | yeah |
| 20:24 | <Philip`> | The double-click to add behaviour is not intuitive ;-) |
| 20:24 | <Hixie> | yeah |
| 20:24 | <Hixie> | not sure how to do it better |
| 20:25 | <Philip`> | What is the scope of annotations? (Are they on <h3>s or something?) |
| 20:26 | <Hixie> | they look at whereever you double click, and find the first element above it to have an id |
| 20:26 | <Hixie> | which will typically be an <hx> |
| 20:26 | <Hixie> | first element child of body |
| 20:28 | Philip` | doesn't know if it'd be too distracting to have a little edit link beside each possible annotatable location |
| 20:29 | <Philip`> | s/edit/add/ |
| 20:32 | <Hixie> | Philip`: i think having it non-intuitive is ok, the people who should be editing it can be told what the ui is |
| 20:32 | <Hixie> | it's not hard to explain |
| 20:32 | <Hixie> | multipage is back up |
| 20:32 | <Hixie> | but for some reason the annotations aren't showing up |
| 20:52 | <Hixie> | Philip`: as far as i can tell, the middle click of a link does give the warning |
| 20:52 | <Hixie> | well, error |
| 21:00 | <Philip`> | Hixie: Not in Opera 9.2 |
| 21:00 | <Hixie> | probably a bug in opera |
| 21:00 | <Philip`> | (Also the Safari icon doesn't work in Opera) |
| 21:03 | <Hixie> | if you have any suggestions for changes to the section status options, let me know |
| 21:03 | <Hixie> | afk lunch |
| 21:16 | <hsivonen> | Hixie: it would help if the annotation UI highlighted the part of spec being annotated. I can't figure the scope of an annotation |
| 23:37 | <Hixie> | hsivonen: yeah... patches welcome :-) not sure how to do that |
