| 02:13 | Hixie | proposes something which would end up making alt="" required for every image |
| 02:14 | <Hixie> | i'll be interested to see whether the alt-must-be-required-whether-useful-or-not camp like this proposal or not |
| 02:17 | <Philip`> | Sounds kind of similar to the 'noalt' thing that people have suggested |
| 02:18 | <Philip`> | except with more graceful degradation in UAs that do ugly things with <img> without alt |
| 02:18 | <Philip`> | and sometimes slightly more informative to users than always announcing the image as "Image" |
| 02:21 | <Philip`> | I suppose the problem is that people will just never bother adding 'importantimage', because it achieves no visible effect (including in validators) - UAs don't know that images without importantimage are unimportant, so they'll still have to let their users interact with alt-less images in case they're important, so there would be no difference |
| 02:21 | <webben_> | Hixie: Hmm. Seems to me that if the use-case includes bulk-upload photo tools, then those tools can't make the statement that the image "cannot be considered equivalent to any text". What they can do is say the alt is not in any sense a full equivalent to the image. |
| 02:22 | <webben_> | that would be useful information to tools like Lynx |
| 02:23 | <Philip`> | They could say how confident they are in the quality of the alt text, like <img src="cats.jpg" alt="Some photo, probably of a cat; q=0.2"> |
| 02:25 | <webben_> | I'm not sure that would add much to current use scenarios over just saying it's not a full equivalent. |
| 02:26 | <Philip`> | Indeed, it seems a hard enough job just to get people to use a boolean value correctly |
| 02:26 | <webben_> | if you've got some hypothetical future gizmo for recognizing images, you're likely to just run it over anything that isn't q=1 |
| 02:26 | <Philip`> | You should run it on anything that is q=1 too, because people will use q=1 when they've got rubbish alt text |
| 02:27 | <webben_> | Philip`: If you've got another hypothetical future gizmo that tells you whether you're new equivalent is better than the original alt, maybe. |
| 02:27 | <webben_> | *your new |
| 02:30 | <Philip`> | webben_: I've got a concrete present-day human who can decide whether the original alt text is giving them the information they're expecting or hoping for, and if not then they can use the gizmo and decide whether that's any better |
| 02:31 | <webben_> | um, yes, although the information they're expecting or hoping for might be rather different to that actually intended to be provided. |
| 02:31 | <webben_> | but quering an analysis tool is different to running it automatically |
| 02:32 | <webben_> | (or at least to presenting the results automatically) |
| 02:32 | <Philip`> | I'm thinking of e.g. looking at a Flickr page and finding a thing called "Photo" or "IMG_05863.JPG" and then (regardless of how reliable the page says that alt text is) choosing to analyse it in more detail |
| 02:33 | <webben_> | yep, that would work. |
| 02:34 | <Philip`> | I'm not sure how it'd be possible to do the analysis automatically, since you'd want an extremely concise output (like one or two words) in most cases, else it'll significantly disrupt the flow of the page |
| 02:34 | <webben_> | depends how clever the gizmo is, it's all a bit speculative at this point |
| 02:34 | <Philip`> | At least it could ignore transparent spacer GIFs |
| 02:35 | <webben_> | yes. We really ought to be able to improve at to ignore space GIFs now. |
| 02:35 | <webben_> | *improve AT |
| 02:35 | <Philip`> | Aside: Maybe HTML5 should support <spacer>, since that's a better solution than spacer GIFs because it's easier for UAs to ignore it, but currently it's unfashionable because it makes validators complain |
| 02:35 | <webben_> | and Lynx for that matter. |
| 02:36 | <Philip`> | webben_: Do most ATs download images? |
| 02:36 | <webben_> | I've never run across an instance of a developer needing a spacer GIF, so I know no reason to support either except to deal with existing content. |
| 02:36 | <Philip`> | (I assume they would if they're just stuck on top of IE or Firefox or whatever) |
| 02:37 | <Philip`> | It'd be kind of a pain to make Lynx download every linked image file solely to decide whether it looks like a spacer or not |
| 02:37 | <webben_> | Philip`: Most AT isn't a browser, but acting with a browser. People using AT don't necessarily turn off image downloading, though some do. |
| 02:37 | <Hixie> | Philip`: css is a better solution |
| 02:38 | <Philip`> | Hixie: Oh, good point |
| 02:38 | <webben_> | Philip`: Depends how annoying seeing "SPACER GIF" splattered across the page is to lynx users, I guess |
| 02:39 | <webben_> | or IMAGE when it's not one. |
| 02:40 | <webben_> | You're probably right that text browsers' commitment to speed is going to make them even less capable than typical AT. |
| 02:42 | Philip` | wonders if someone like Google could download and analyse every image on the internet, then construct something like a Bloom filter so UAs can quickly check whether a given URI is in the pre-computed set of spacer images, and how large the filter data file would be |
| 02:44 | <webben_> | tricky, given images are obtained via URIs, and URIs can return things that vary by who requests them (as well as time) |
| 02:44 | <webben_> | you could md5 the downloaded image and use that for the query to a webservice, but that would still require Lynx to download the image |
| 02:45 | <Philip`> | Static content like images are more commonly at a single static URI, so it might not be too awful |
| 02:45 | <webben_> | Oh yes, it would work for common cases. |
| 02:46 | <webben_> | having to make a request to a webservice for each image might be almost as bad for performance as downloading the images in the first place |
| 02:47 | <Philip`> | Hmm, Google says there's about 10^9 images, and if I wildly guess there's 10^6 spacer images, and an acceptable false positive rate is 1/1000, then it'd only need 14MB of filter data |
| 02:48 | <Philip`> | webben_: The idea is that you just download the global data once, and do local queries on that, like how Firefox's phishing filter works by default |
| 02:48 | <webben_> | oh I see. |
| 02:48 | <Philip`> | Anyway, this a stupid idea so I'll drop it :-p |
| 02:49 | <Philip`> | Oops, that's 14Mbits, so it's not even 2MB |
| 03:02 | Philip` | likes writing code that writes code |
| 03:02 | <Philip`> | Sadly I haven't yet found an excuse to write code that writes code that writes code |
| 08:16 | <annevk> | Sunava doesn't actually set a clear target date :( |
| 08:16 | <annevk> | Oh well, I guess that's normal |
| 08:20 | <annevk> | Hixie, you around? |
| 08:21 | <Hixie> | can be |
| 08:21 | <annevk> | Hixie, it's not that important, but I was wondering about your proposal on the appformats list |
| 08:21 | <Hixie> | anything specific? |
| 08:21 | <annevk> | is Access-Include-Credentials provided by the UA or the server? |
| 08:21 | <annevk> | and what are the header values? |
| 08:22 | <Hixie> | server |
| 08:22 | <annevk> | (your proposal says UA, but I expect server) |
| 08:22 | <Hixie> | no values (or just "yes" or something) |
| 08:23 | <annevk> | GET requests would always work? |
| 08:23 | <annevk> | or would GET requests need to be preceded by a normal request too? |
| 08:28 | <Hixie> | GET requests work like now but without credentials, and if the server replies with an Access-Include-Credentials they are redone with credentials |
| 08:28 | <annevk> | :( |
| 08:29 | <annevk> | can the user be prompted in the initial request? |
| 08:29 | <annevk> | in case of http auth |
| 08:37 | <Hixie> | the user can never be prompted can he? |
| 08:39 | <annevk> | guess so |
| 08:39 | <annevk> | <img src=cross-site> is prompted iirc |
| 08:40 | <Hixie> | i don't think we should ever prompt the user for credentials in any request that will be subject to Access-Control management |
| 08:42 | <annevk> | so you'd just get a 403 back (or 401?) and be done with it? |
| 08:42 | <annevk> | i guess that's ok |
| 08:44 | <annevk> | (that is of course, if the server actually provides Access-Control headers with the 401) |
| 08:47 | <Hixie> | makes sense to get back the 401 |
| 08:47 | <Hixie> | that way the third party host knows to tell the user to log in |
| 08:48 | <annevk> | the way the spec is written now all status codes work cross-site |
| 08:48 | <annevk> | i hope browsers implement that too as I think it's useful |
| 08:50 | <Hixie> | include an example whowing it |
| 08:50 | <Hixie> | showing |
| 08:51 | <othermaciej> | what's the advantage to Access-Include-Credentials? |
| 08:51 | <Hixie> | the main advantage is taht it might get us out of this deadlock |
| 08:52 | <othermaciej> | I don't see how it adds any security |
| 08:52 | <othermaciej> | it wouldn't defend against anything that anyone has identified as a threat model |
| 08:52 | <annevk> | I wonder what the reason is sicking isn't commenting at all other than saying the spec isn't ready |
| 08:53 | <annevk> | The only threat model I've seen so far is that people might opt in too soon and others would copy and paste and only Firefox users would be vulnerable |
| 08:54 | <othermaciej> | I have not followed the appformats list though |
| 08:54 | <annevk> | But Access-Include-Credentials doesn't address that issue |
| 08:54 | <othermaciej> | I was thinking of the HP guy's "sensitive financial transaction" pseudo-threat |
| 08:54 | <othermaciej> | which is also not addressed |
| 08:54 | <Hixie> | what's going on is that mozilla has a "security" person internally who isn't making sense |
| 08:54 | <Hixie> | and that is deadlocking mozilla |
| 08:55 | <othermaciej> | is it Window or someone else? |
| 08:56 | <annevk> | Hmm, adding "bloat" because of a single person seems icky :( |
| 08:56 | <othermaciej> | I would rather have a face-to-face meeting than add cargo cult security |
| 08:59 | <annevk> | btw, have you been reviewing the spec othermaciej? |
| 09:00 | <othermaciej> | annevk: not much so far, but I am booking time for it next week, since we might be implementing it soon |
| 09:00 | <othermaciej> | I've asked one of my co-workers to look at it as well (he does most of our dom/networking security stuff) |
| 09:00 | <annevk> | double awesome :) |
| 10:18 | <Philip`> | Why does VoiceOver have such a stupid selection of voices? |
| 10:18 | <Philip`> | Particularly "Bells", which sounds somewhat like bells and nothing like speech |
| 10:19 | <jgraham_> | Philip`: That one sentence encompassed my entire VO experience |
| 10:19 | <Philip`> | Hmm, there's another one that sings everything |
| 10:20 | <jgraham_> | (Oh, VoiceOver I should try that. What a crappy voice. Oh, the others are all worse, and all the keyboard shortcuts are buried somewhere in a PDF and impossible to fingeranyway. Nevermind.) |
| 10:20 | <othermaciej> | Philip`: it offers all the voices that Mac OS X's regular text-to-speech function supports |
| 10:20 | <othermaciej> | and yes, some are silly and would likely be annoying or useless to regular screen reader users |
| 10:24 | <jruderman_> | i wish they were grouped somehow (e.g. male, female, silly) |
| 10:26 | <jruderman_> | i love the |say| command, btw |
| 10:27 | <jruderman_> | 'sleep 90 && say time is up' is so much nicer than the timers that come with most board games |
| 10:28 | <othermaciej> | that is a cool command, yeah |
| 10:41 | <Hixie> | leopard hides the silly ones these days |
| 10:41 | <Hixie> | though they are still there |
| 10:42 | <Hixie> | and it grounds male and female |
| 10:42 | <Hixie> | groups, even |
| 10:47 | <Philip`> | Doesn't for me (in 10.5.2) - VoiceOver Utility just has drop-down lists of two dozen alphabetical voices |
| 10:53 | <Hixie> | s/leopard/the places in leopard that i've seen so far/ :-) |
| 11:15 | <Philip`> | Whoops, I think I strayed off the topic of a specific instance of alt text usage, and started talking about generalities :-( |
| 11:34 | <Hixie> | should context.font = '1em sans-serif'; use the font-size of the <canvas> element? |
| 11:35 | <Philip`> | I want "12px" to be precisely 12 canvas coordinate space units (because otherwise it's impossible to do even vaguely predictable layouts); apart from that, I don't have any views |
| 11:36 | <Hixie> | what else would a px be? |
| 11:39 | <Philip`> | It could be canvas coordinate space units multiplied by the user's text size preference, like in Firefox |
| 11:39 | <Hixie> | o_O |
| 11:39 | <Hixie> | that seems dumb |
| 11:39 | <Philip`> | (though maybe FF changed since it added full-page zoom) |
| 11:39 | <Philip`> | It makes sense for normal CSS pxs |
| 11:39 | <Philip`> | Wait, am I getting confused? |
| 11:40 | <Philip`> | Oh, I'm not |
| 11:40 | <Philip`> | data:text/html;charset=utf-8,%3Cstyle%3Espan%7Bfont-size%3A16px%7D%3C%2Fstyle%3E%0ATest%20%3Cspan%3ETest%3C%2Fspan%3E |
| 11:40 | <Philip`> | in FF2, changing text size changes all the text |
| 11:40 | <Philip`> | (which is nice because it makes tiny text readable) |
| 11:41 | <Hixie> | CSS doesn't have a concept of font-size zoom |
| 11:41 | <Philip`> | (but isn't nice in canvas, since you want it to line up sensibly with all the other drawn shapes) |
| 11:41 | <Philip`> | (and if the text in a canvas is too small to read, get a browser with full-page zoom so the whole canvas gets bigger) |
| 11:44 | Philip` | departs |
| 11:46 | <Lachy> | In OSX Leopard, the only decent voice I've found is Alex with the pitch lowered to about 40. That's about as close to a normal sounding, Aussie accent I can get from it. |
| 11:46 | <Lachy> | the women's voices in it all sound silly |
| 11:47 | <Hixie> | Alex is the only voice that was created in this decade, as far as i can tell |
| 11:47 | <Hixie> | there are far better ones available from third parties |
| 11:49 | <annevk> | makes sense that em uses the <canvas> font size, just like currentColor uses the <canvas> 'color' |