2019-08-01 [19:53:41.0000] Domenic: around 👀? [08:24:53.0000] cybai: http://www.nohello.com/ ^_^ Ask your question and just wait for the answer, or if it must be a synchronous conversation, give the subject (and if necessary, expected duration) so the other person can prepare for it. [08:27:55.0000] TabAtkins: oops sorry, I will ask question directly next time 😖 [08:28:18.0000] Heh, it's okay. [08:29:25.0000] /me will be offline later because it's around 12AM in his timezone; but he will ask question before being off! [08:31:16.0000] Domenic: I'd like to ask, in "resolve a module specifier" spec, it only says "return failure" in those fail cases (https://html.spec.whatwg.org/multipage/webappapis.html#resolve-a-module-specifier) but the wpt test says specifier error will lead to TypeError (https://github.com/web-platform-tests/wpt/blob/e234e61f0219efe0428c2361721d4d5c0831add7/html/semantics/scripting-1/the-script-element/module/specifier-error.html#L17) [08:31:31.0000] Should we say TypeError explicitly in spec? [08:35:11.0000] thanks m(_ _)m [08:40:05.0000] ugh I am sorry anyone who just got a review created by the wpt bot, I accidentally committed a wrong file O_o [08:52:52.0000] ..maybe.. sigh, idk [08:53:58.0000] cybai: look at the call sites of "resolve a module specifier". 2019-08-02 [17:34:08.0000] Domenic: oh!! I see! thanks! 2019-08-03 [14:10:06.0000] has deferred navigation ever been discussed? [14:10:21.0000] kind of like what amp does, but in a less evil google way 2019-08-04 [18:44:48.0000] devsnek: what do you mean by "deferred navigation"? [18:45:27.0000] Domenic: tell the UA you *might* navigate somewhere [18:45:35.0000] Who tells the UA that? [18:45:39.0000] the website [18:45:44.0000] like how amp preloads stuff [18:45:52.0000] it would let the UA preload the sites [18:46:01.0000] The problem with preloading in general is that the website then gets all your data [18:46:19.0000] well the browser is in a position to not run the js and etc [18:46:29.0000] Not running the JS isn't enough [18:46:39.0000] Simply making a HTTP request gives you a lot [18:46:50.0000] hmm [18:46:57.0000] maybe it just shouldn't exist then [18:47:00.0000] Thus, SXG [18:47:33.0000] cuz signed exchanges are kinda sketchy [18:47:38.0000] Can you explain what you mean? [18:47:48.0000] In particular, how they are more or less sketchy than CDNs? [18:48:44.0000] You may find https://developers.google.com/web/updates/2018/11/signed-exchanges helpful in how it explains both privacy-preserving prefetching and how SXGs are generally better than giving your signing keys to a CDN. [18:48:57.0000] they remove control from the origin and potentially bypass stuff like pi-hole [18:49:24.0000] I'd be very surprised if companies that serve amp don't take advantage of that [18:49:27.0000] Can you explain how they remove control from the origin? They do not bypass pi-hole as far as I know, assuming pi-hole looks at URLs. [18:49:46.0000] pi-hole blocks dns of advertisers and trackers and stuff [18:49:56.0000] My understanding is it also applied URL-based filtering. [18:50:06.0000] Otherwise it would be trivial to bypass by putting your ads on a different CDN. [18:50:24.0000] it can, but they always change URLs and stuff [18:50:31.0000] blocking IP ranges is more effective [18:50:57.0000] Well, there's nothing new in SXGs that makes that harder [18:51:28.0000] you'd have to block the person who serves the sxg [18:51:37.0000] Yes, similar to blocking the person that serves the ad. [18:51:57.0000] If your argument is that pi-hole is vulnerable to people locating ads on servers that people might not want to block, that applies regardless of SXG. [18:52:12.0000] But my understanding is pi-hole is not that dumb. [18:52:45.0000] I'm not saying it changes the game substantially [18:52:52.0000] its just another point [18:52:57.0000] I don't think it is. [18:54:34.0000] i also dislike that I'll still be on Google even though the URL bar might say something else [18:54:54.0000] Do you dislike it that currently the sites are on Cloudflare despite the URL bar saying something else? [18:55:23.0000] that's just using cloudflare as your host [18:55:36.0000] As your CDN [18:55:39.0000] yeah [18:55:56.0000] Alternate question, would you not-dislike it if people gave their private keys to Google, like they do to Cloudflare, in order to allow Google to sign their HTTPS certs and host their content like Cloudflare does? [18:56:03.0000] but with signed exchanges isn't Google still loaded on my client [18:56:31.0000] What do you mean by "Google still loaded". THe content you loaded is created entirely by the publisher. (And cryptographically signed to attest that.) [18:57:39.0000] The bytes physically come from Google (or wherever). But they are signed as created by the URL-bar URL. It's CDNs but using extra fancy crypto stuff instead of just giving the host/CDN your private key. [18:58:32.0000] I.e. with the current CDN setup you just give all control to your host/CDN, including the ability to sign HTTPS certs as example.com, so that the browser displays example.com in the address bar even though the content is ultimately from the CDN servers. [18:58:37.0000] isn't the site that loads a sxg still in control [18:58:41.0000] Nope [18:58:45.0000] hmm [18:58:46.0000] It would break the S part of SXG [18:58:49.0000] If you change the content [18:59:06.0000] I don't mean change the content [18:59:17.0000] What type of control are you thinking of, then? [18:59:21.0000] Google doesn't modify amp pages [18:59:29.0000] but it surrounds them in a frame [18:59:33.0000] that kind of thing [18:59:55.0000] SXG is a network protocol. It doesn't have some carvout where you can modify the content by surrounding it in an iframe. [19:00:18.0000] so if Google used signed exchanges they wouldn't be able to do that anymore [19:00:52.0000] I mean they can still load content in an iframe. (But, it will show the Google URL in the URL bar.) [19:01:05.0000] so they'd have to actually navigate away from google [19:01:13.0000] That's what they currently do with AMP [19:01:19.0000] Well, not really [19:01:22.0000] no, they wrap it in a frame [19:01:25.0000] They navigate to the publisher's content, hosted on Google [19:01:28.0000] and override input gestures [19:01:34.0000] it's horribly annoying [19:01:49.0000] I mean there might still be iframes [19:01:57.0000] but then it won't show the url [19:02:18.0000] The difference is that now we have a cryptographic guarantee that the content of the iframes is from the publisher, not just the promise that Google won't modify the contents of the iframes despite them being hosted on Google servers. [19:03:06.0000] so the thing I brought up before was trying to prevent Google's thing where navigating to a site is hijacked and I still remain on Google's property [19:03:17.0000] but now I understand that the interests are different [19:03:39.0000] Happy to help. 2019-08-05 [03:42:35.0000] is there a way for a websocket client (using the WebSocket browser API) to detect how/why did the http upgrade failed? 2019-08-06 [13:19:42.0000] Is there any issue with adding a [14:51:35.0000] innovati: it makes your page invalid HTML; not sure if that's what kind of issue you're wondering about. [14:51:57.0000] It generally will be bad for performance as then you'll need a restyle/etc., which is why it's suggested to keep style tags in the head. [14:52:45.0000] I have to add the CSS via JavaScript, but depending on when our JS runs, sometimes it's not coming after the CSS on the site, so I'm wondering the latest in the document I can add it so ours comes last [14:53:24.0000] I don't remember if document position or time of insertion is more important for CSS cascade [14:53:26.0000] it seems to work in the browsers where I would need to use it [14:53:50.0000] the order in DOM I believe [15:08:41.0000] Seems to work IE9+ 2019-08-07 [03:00:51.0000] Hi [03:38:25.0000] annevk, https://github.com/heycam/webidl/pull/675#issuecomment-503452334 [04:31:02.0000] Ms2ger: basically, I think that PR depends on the outcome of https://github.com/mozilla/standards-positions/issues/147#issuecomment-513274020 [04:32:49.0000] annevk, ok, can you put that in the PR? [04:34:36.0000] Ms2ger: added a comment [04:35:37.0000] Takk [05:13:04.0000] I wonder why the gray box moves when using ctrl+click: https://html.spec.whatwg.org/#history-traversal-task-source, click on the term, the gray box opens. Then ctrl+click on different entries to open them in new tabs [05:13:13.0000] gray box moves to bottom left [05:13:27.0000] happens at least in Nightly and some version of Chrome [05:13:43.0000] (looks like Chrome 77) [05:21:29.0000] smaug____: I think that is by design [05:21:35.0000] to move it out of the way [05:21:49.0000] huh [05:21:58.0000] while still persisting it so that you can follow further backlinks [05:22:14.0000] domfarolino: heya [05:22:33.0000] domfarolino: if I comment on an HTML PR, I don't endorse a particular design on behalf of Firefox [05:22:56.0000] domfarolino: in particular I'm not at all sure about this prefetch stuff [05:23:57.0000] smaug____: I think the rationale is that keeping the box in the middle of the text flow is more obtrusive [05:24:12.0000] the box moves after to navigate to one of them links [05:24:26.0000] annevk: hello. ok, sorry I failed to capture that. I was assuming you were reviewing the PR to get it in a direction you were comfortable with [05:24:46.0000] maybe it should not move it if you are not navigating. I mean for the Ctrl+Click open-in-new-tab case [05:25:32.0000] domfarolino: that would probably have been good, but I mostly gave high-level feedback (and it looks like only early feedback) and didn't do a design review [05:25:46.0000] it is odd for the UI to moves hundreds of pixels down [05:25:55.0000] domfarolino: while you're here, how much data do you all have on prefetching? [05:26:14.0000] I've always thought it is just a bug in some script [05:26:37.0000] domfarolino: afaik nobody does Vary: Cookie so you'll get all these weird cases where users are not logged in while they expected to be, right? [05:42:25.0000] annevk: Not much right now, but we plan on coming into TPAC with some numbers. Right now we're working on starting to experiment with the redirect mode changes, and we're hoping to ship the SW-mode change too. We're deferring the credentials mode bits until credential-less navigation is more clear, as it will likely be too problematic now [05:42:34.0000] cc yoav [05:46:46.0000] domfarolino: note that if you don't patch credentials you don't close the XSLeaks hole [05:54:31.0000] domfarolino: do you want to correct the blink-dev post or would it be better if I replied? [05:55:03.0000] annevk: we wouldn't be shipping a partial solution, we just don't think it makes sense to make the credentials mode change yet. [05:55:55.0000] annevk: you are referring to the prefetch request mode changes just to be clear right? I can correct it. Would you like me to mention that you don't fully endorse it, and that your review was not necessarily on behalf of Firefox/Mozilla? [05:56:57.0000] domfarolino: yeah, https://github.com/w3c/resource-hints/issues/82#issuecomment-519082099 has some initial thoughts [05:57:19.0000] domfarolino: thanks [06:20:17.0000] smaug____: Might be worth raising an issue. It arguably is a bug, if the user experience is surprising and unintuitive [06:28:57.0000] domfarolino: in general if it's not on standards-positions it's best to assume Firefox has no position [06:29:11.0000] domfarolino: unless someone explicitly said they were talking on behalf of Firefox [06:29:24.0000] (and even then...) [06:29:41.0000] annevk: That's the impression I've been getting [06:50:51.0000] annevk: Updated the thread. unfortunately i had sent it with my google email address, which I've never used to send a message before, so the post is "under moderation" for a bit lol [07:06:29.0000] heh 2019-08-08 [01:23:28.0000] MikeSmith: you might wanna look at the last couple of comments of https://bugzilla.mozilla.org/show_bug.cgi?id=1309358 [01:23:41.0000] MikeSmith: a bunch of MDN regarding CORS got updated [01:24:07.0000] (I saw Florian ping you in another bug as well, so you might have already seen it) [08:34:48.0000] Domenic: you missed a non- in https://github.com/w3ctag/promises-guide/issues/60#issuecomment-519569673 [09:21:57.0000] annevk: I'm not seeing it... [09:22:52.0000] Domenic: exceptional errors are the one thing you should use rejections for [09:23:21.0000] Domenic: you meant non-exceptional errors [09:24:39.0000] annevk: ah right, thank you, my eyes just kept sliding right over it... [13:10:38.0000] I observe that `new URL('http://a/%41').href` is 'http://a/A' in Chrome and 'http://a/%41' everywhere else, including Node. I am _pretty_ sure Chrome is wrong, but I'm having a little trouble following the URL parsing algorithm; does anyone know off the top of their head? [13:15:06.0000] You are correct [13:26:03.0000] thanks! [13:46:36.0000] https://quirks.spec.whatwg.org/#the-percentage-height-calculation-quirk tries to find the containing block for resolving %height of an element. The last step is Jump to the first step. But there's nothing in the steps that changes _element_, making the steps an infinite loop. Am I missing something? [14:57:33.0000] dgrogan: what about step 1? [14:57:39.0000] "Let element be the nearest ancestor containing block of element, if there is one." [14:58:53.0000] jenny-m: I do not know how I misread that. Thanks 2019-08-09 [20:40:12.0000] annevk: about https://bugzilla.mozilla.org/show_bug.cgi?id=1309358 (Add wildcard to Access-Control-Expose-Headers, Access-Control-Allow-Methods, and Access-Control-Allow-Headers), it seems like Florian is on top it? But I will review the changes [20:47:28.0000] MikeSmith: yeah think so too, just wanted to let you know as CORS interests you 😊 [20:48:01.0000] annevk: yup, thanks, I appreciate it 😀 [20:48:09.0000] annevk: https://stackoverflow.com/questions/57412098/does-fetchs-response-body-chunks-correspond-to-http-chunks [20:49:28.0000] MikeSmith: no such guarantee [20:50:40.0000] MikeSmith: e.g., if there’s a delay after half of an HTTP chunk I’d expect two or so [07:13:20.0000] TabAtkins: there's something weird with Shepherd I think [07:13:35.0000] TabAtkins: no IDL ref found for {{Window}}: https://travis-ci.org/whatwg/xhr/builds/569858947 [07:13:43.0000] TabAtkins: this was working fine a couple hours ago [07:14:00.0000] Hm, will check [09:11:10.0000] annevk: Looks like Window interface isn't in the spec anymore. I don't see it in the window-object.html page? [09:20:32.0000] We broke all the spec's IDL https://github.com/whatwg/html/issues/4832#issuecomment-519979077 [09:33:47.0000] I'm curious if highlighter is failing to return any data, or if something in wattsi is failing on what it was returning. [10:06:37.0000] Score one for Bikeshed's test suite, thank you @foolip https://github.com/whatwg/xhr/issues/251 [10:06:48.0000] (Only breakage I can find.) [10:08:05.0000] annevk or Domenic: ^^^ [10:08:24.0000] (I'm on vacation and shouldn't be doing work, but oh well.) [10:18:56.0000] In that case thank you very much for updating the highlighter, TabAtkins. [10:19:19.0000] I'm just watching She-Ra this morning, no big interruption. [10:21:16.0000] HTML is now missing HTMLScriptElement for the same reason (readonly attribute DOMString async) [10:22:00.0000] Hm, can you instrument to see what exactly highlighter's failure is? [10:22:16.0000] Like, is it returning the IDL block, or erroring somehow? [10:26:54.0000] Ah, looks like it is a highlighter error, the IDL syntax error is coming out as an Exception. That's a problem on my side, will fix. [10:33:50.0000] Domenic: Okay, highlighter just updated again, it'll now just print IDL errors to stdout instead of dying on them, so HTML should get its HTMLScriptElement back. (Just with the async line not highlighted until it's fixed.) [10:34:12.0000] Oh sweet, OK [10:34:29.0000] Well but actually we kind of want to have something in our tooling to detect invalid IDL [10:34:52.0000] So I kind of preferred the old version? We just need to fix Wattsi/html-build to not give exit code 0 if the highlighter fails [10:35:21.0000] Tracked as https://github.com/whatwg/html-build/issues/201 [10:36:08.0000] This should be the only thing highlighter outputs to stdout, so presumably you should be able to listen for that. [10:37:31.0000] The problem is that highlighter exited entirely on error; an IDL error anywhere would turn off highlighting for the rest of the spec, since wattsi uses highlighter as a daemon. [10:41:20.0000] Ah OK [12:01:45.0000] Thanks for fixing that! [12:26:59.0000] Does wpt have something like assert_equals_with_fuzz(some_variable, number, fuzz_value) [12:28:11.0000] perhaps assert_approx_equals [16:34:11.0000] TabAtkins: finally, I knew it'd spot something eventually :) [16:48:09.0000] Heh, it's spotted stuff before. [16:48:35.0000] And always gives me peace of mind when making any involved change. 2019-08-12 [05:22:21.0000] o/ Hey folks! [05:26:22.0000] Question: There is Subresource Integrity to check integrity of loaded resources. For the use case I have in mind, I also want to ensure integrity of the main resource file (HTML). Thereby, the integrity of the whole "app" can be verified. Is there a way to do this without an extension? Or are there any plans for this? [05:30:32.0000] Similar to this: https://github.com/tasn/webext-signed-pages [06:38:35.0000] Hello [06:48:11.0000] \o [08:32:21.0000] annevk: I'm back from vacation and I'd like to close off https://github.com/whatwg/html/pull/4617 I think it was pending your review [08:40:55.0000] dtapuska: thanks for the ping, I should have time tomorrow [08:41:18.0000] lgrahl: no, no [08:41:57.0000] lgrahl: you might wanna review the history around certificate pinning [08:46:43.0000] annevk: HPKP? Yeah, I know about that one. But this is more about not trusting the server that is delivering the web app. Similar to how I (AFAIK, and at least technically) don't need to trust the Play Store servers as the APK is signed. [08:47:17.0000] lgrahl: who is giving you the integrity metadata then? [08:47:42.0000] Good question. I honestly don't know how it works there. Tofu? [08:47:52.0000] oh my [08:48:33.0000] Let's not give users the broken default ssh experience [08:48:56.0000] Maybe there's a better example to dig up... [08:49:03.0000] (Instead of Play Store) [08:49:53.0000] Well, in the end you'll need something you can deploy on the web, so maybe it's best to start there instead of analogies 😃 [08:52:05.0000] Okay, so the alternative someone else brought up was to install a local webserver (go through all the hassle of doing this for every platform) that runs the backend of the app and the frontend then just connects to that. We can verify that the backend app does match some signature. [08:52:24.0000] Kind of like Electron but worse I guess [08:57:32.0000] annevk: And the signature metadata comes from some other central location. Does that improve the security properties? Dunno, perhaps. [09:07:11.0000] But I get your point. Maybe mobile apps and web apps actually are actually quite similar regarding those security properties and it just "feels" different. 2019-08-13 [05:10:37.0000] annevk: Is there a standard way to escape , in header values? As in, if I want , to be considered part of a value, not separating multiple values [05:32:40.0000] JakeA: use quotes [05:32:45.0000] JakeA: quoted string, that is [05:32:54.0000] JakeA: and the quoted string parser from Fetch [05:35:41.0000] ta! [05:36:27.0000] JakeA: so we're kinda stuck with Background Sync btw and I guess a similar thing applies to Background Fetch [05:37:50.0000] annevk: Because of https://github.com/WICG/BackgroundSync/issues/152? [05:37:55.0000] JakeA: and for Background Sync it also seems there's not much uptake so it's a bit unclear how much to invest [05:38:11.0000] JakeA: well, the issues mentioned therein, not the note 😃 [05:40:47.0000] (I'll try to dig up some stats on bg sync) [05:42:20.0000] annevk: Is the issue that Firefox would like to show a permission prompt on first usage? I think background fetch has that covered, unless I'm missing something [05:45:35.0000] JakeA: we're not sure there's sufficient value for a prompt or what exactly the prompt would say [05:46:41.0000] annevk: I get it with bg sync, but Firefox already allows downloads without prompts, so I don't see the issue with bg fetch [05:48:24.0000] JakeA: I might have missed how bg fetch is different from bg sync [05:49:23.0000] JakeA: I guess bg fetch is effectively keepalive + storage? [05:49:35.0000] JakeA: it might be diff then [05:49:54.0000] JakeA: might also benefit of a name that more clearly illustrates that [05:51:27.0000] annevk: bg fetch is more like `Content-Disposition: attachment`, in terms of resuming, visibility, user control. The difference is the developer has a little more control over what appears in the download notification (eg an icon), and the result isn't written to a place of the user's choosing, it goes into origin storage [05:52:15.0000] annevk: If naming is the blocker I'm sure we can do something about that, if we can get consensus around an alternative [05:55:27.0000] JakeA: do browsers resume downloads after a connection is cut and the new connection is from a different wi-fi spot? [05:55:54.0000] JakeA: if they do that kinda seems problematic to me [05:56:30.0000] JakeA: cause you could just start a slow download and track the user as they travel around [06:01:22.0000] annevk: I haven't tested across wifi spots (https://resumable-downloads-test.glitch.me/ might be useful here). But there's a sticky notification throughout the download. [06:01:49.0000] annevk: We see ~2.5 billion/week uses of bg sync fwiw [06:03:43.0000] JakeA: Firefox does show a prompt for the download there to me [06:05:10.0000] JakeA: I guess that means a few popular sites have to use it, if there was some way to talk to them about a flow that involves a dialog that'd be good [06:09:20.0000] annevk: I get a prompt on Desktop, but I think it's configurable. The bg fetch spec supports starting downloads in a "paused" state, so this behaviour is fully compatible (aside from asking the user where to save the file) [06:09:53.0000] annevk: The reason it starts in a paused state, rather than using a permission prompt, is it means the download can be accepted after the page has closed [06:11:14.0000] JakeA: yeah so with explicit UI there's much less of an issue for bg fetch, but maybe it shouldn't be "background" then 😃 [06:11:34.0000] JakeA: anyway, thanks for the personal explanation, much appreciated [06:12:56.0000] annevk: that's fair. It's 'background' because it doesn't require any active client to complete. Maybe naming similar to keepalive is better? Renaming and aliasing until usage drops doesn't feel like a huge deal if we can all agree on a new name [06:13:45.0000] JakeA: "Origin Downloads" is a thing that popped into my head, but not sure how great that is [06:14:11.0000] annevk: They can be cross-origin URLs though (as long as they're CORS) [06:14:22.0000] JakeA: I'm also not sure if we need to rename APIs for this and to what extent Fx wants to implement at this point (I'd need to ask around a bit more) [06:14:40.0000] JakeA: I meant Origin for the destination, but I see how that's confusing [06:14:47.0000] JakeA: maybe Storage Downloads then [06:15:29.0000] annevk: I've avoided 'downloads' because it can also be used to eg upload a gallery of images. Naming is hard. [06:17:46.0000] JakeA: and in that case there's no storage happening either? [06:19:21.0000] annevk: The storage part of bg fetch is only for the duration of the fetch, once the fetch is complete it goes "here's your responses" and if you don't do anything with them, they're gone. [06:19:59.0000] JakeA: but I assume you tell it ahead of time what to do? [06:20:47.0000] annevk: you give it the requests ahead of time, but you don't say what happens with the responses until the "complete" event [06:21:14.0000] JakeA: oh, so code is run, hmm [06:22:01.0000] annevk: yeah, that's true. If that's a sticking point we could look at stuff like deferring that event until the user revisits the site. That might be doable. [06:22:51.0000] I'm not sure if it is [06:23:01.0000] JakeA: why not only have this and also have bg sync? [06:23:58.0000] annevk: bg sync is invisible, but won't stay alive long enough for larger fetches [06:24:39.0000] annevk: I guess you could still use bg fetch for posting a chat message, but maybe a notification is overkill? [06:26:23.0000] JakeA: the problem is the "evil" sites [06:27:02.0000] JakeA: if we always had visual UI for activity beyond the lifetime of a tab I think the whole thing is much more acceptable [06:27:56.0000] JakeA: if the user closes mail.example and sees that bar (or something appear) that'd likely be fine with them and if it appears after visiting game.example they might close it down [06:28:46.0000] JakeA: this also makes it fully transparent when sites are using your battery or are potentially tracking you, which bg sync fails at [06:29:03.0000] JakeA: I rather like those aspects [06:30:39.0000] annevk: it seems reasonable for UAs to show a notification or something while there's a pending bg sync from an origin. Also seems reasonable for that notification to be cancellable. But yeah, it starts to merge with bg fetch at that point. Might not be a bad thing. [06:32:39.0000] Yeah, not sure we need both though [06:34:03.0000] annevk: if I had to pick one for Moz to implement, it'd be bg fetch, especially if a notification would be used for both. [06:37:01.0000] Yeah, in terms of how that works it seems much more aligned with how Mozilla "thinks" about these kind of things [11:05:20.0000] annevk: ping on https://github.com/whatwg/html/pull/4759 review, should be pretty straightforward [11:20:12.0000] Domenic: I cannot r+ from here, but looks good [11:21:27.0000] Domenic: does seem like we need an abstraction for hyperlink elements as we also forgot SVG a for :link and such right? [11:22:10.0000] Yeah, I mean, it's kind of unclear how much of that is our responsibility, but that's probably the right move [12:34:48.0000] I doubt anyone else will take it on, but that would be nice 2019-08-14 [17:30:01.0000] PSA, I see that the IETF is now exploring something they are calling “Evolving Documents”, which seem to be Living Standards by another name [17:30:04.0000] maybe [17:30:09.0000] https://mailarchive.ietf.org/arch/msg/ietf/O0okVR4_wqCh43QWtmJjNeYvsp8 [17:30:32.0000] https://www.ietf.org/mailman/listinfo/evolving-documents [17:30:47.0000] http://owl-stretching-time.com/presentations/slides_evolvingdocuments/#/ [17:31:32.0000] hmm, or maybe “Checkpoint Drafts” now [22:38:09.0000] Once https://developer.github.com/actions/managing-workflows/creating-and-cancelling-a-workflow/ is stable that might be a good fit for RD publication [22:38:59.0000] MikeSmith: is it more than non-substantive errata? [23:16:22.0000] “RFCs MAY NOT reference checkpoint docs” seems useless and also incorrect usage of 2119 [01:27:51.0000] annevk: Yeah, after looking through the presentation, I see it's not really what I'd assumed [01:28:37.0000] I now don't actually understand at all what the point of it is [06:16:25.0000] Yeah it seems like it's for non-specs mostly, sad. [06:34:44.0000] Domenic: https://github.com/whatwg/html/pull/4617 is still pending you to have a look [06:35:00.0000] dtapuska: on my list for today, thanks [06:36:59.0000] dtapuska: Domenic: is this blocked on the questions in https://github.com/whatwg/html/issues/4782? [06:38:43.0000] Hmm I thought yesterday you said it was good and I should just have a look [06:41:12.0000] Domenic: yeah, I think it's fine, and I don't think expanding on those scenarios will tell me something new, but I did mean to ask about it [06:46:16.0000] OK cool, will try to think about it [09:01:06.0000] dtapuska: do you feel like you have a plan for snapshotting/IPC issues in https://github.com/whatwg/html/pull/4787 ? [10:14:12.0000] domenic: I'd like to hear from smaug____ on that one... I don't think it is hard to snapshot it.. but I don't know if it would do much good.. I think really the stuff boris is thinking should be fixed via not processing the IPCs [11:26:01.0000] Would that be solved by grouping the IPC stuff so you don’t end up with races? 2019-08-16 [01:02:31.0000] So we have GitHub Actions for WHATWG, but they're also still in beta... [02:07:33.0000] Ms2ger: thanks for pinging about that dump() call [02:07:35.0000] I suck [02:08:56.0000] I blame the lint for not catching it [02:09:42.0000] wpt lint is a bit silly [02:09:50.0000] complaining about some web API usage [02:09:53.0000] like setTimeout [02:10:39.0000] smaug____: there's a reason for t.step_timeout though [02:11:14.0000] smaug____: two even, I think; making sure exceptions from the timeout call are attributed to the test and allowing for longer timeouts on slow architectures [02:11:33.0000] lint doesn't suggest using t.step_timeout, but the global setTimeout [02:11:48.0000] I always prefer using the stuff we ship for testing [02:11:54.0000] not some wrappers on the stuff [02:12:27.0000] (mochitest also complains about anything else but setTimeout(,0) ) [03:09:41.0000] Has anyone tested

for interop? The spec says "using a UA-defined algorithm".

[04:56:27.0000] <annevk>
hsivonen: I suspect the last time some testing got done is when Hixie added it

[07:00:30.0000] <annevk>
hsivonen: did you see https://en.m.wikipedia.org/wiki/HTML5?

[07:00:51.0000] <annevk>
hsivonen: I just noticed that the W3C reintroduced the space while they were forking

2019-08-19
[23:45:18.0000] <hsivonen>
annevk: I've tried to look away from the HTML5 article on Wikipedia to avoid conflict-of-interest editing. Back in 2007, when I tried to do edits in this space, I got a note on my user talk page: https://en.wikipedia.org/wiki/User_talk:Hsivonen (It says, among other things: "Initially I and others felt WHATWG wasn't particularly notable, so we put the smack down on excessive mention of it in the

[23:45:24.0000] <hsivonen>
article.")

[23:50:13.0000] <hsivonen>
annevk: trying to follow the protocol for COI editing avoidance and pointing out issues on the talk pages in the hope that an editor without COI comes in, sees the correctness of the suggestions, and edits them in is futile. I've tried it with the EME, Big5, and Firefox articles and failed.

[23:52:19.0000] <hsivonen>
(Entirely unsurprisingly, the only other note on my user talk page mentions notability.)

[23:56:37.0000] <hsivonen>
(I wanted to write an article about ripgrep, as it's pretty ridiculous that it doesn't have one, but I figured that since I'm the author of one of ripgrep's direct dependencies, a broad interpretation of COI could count is as COI editing, so I instead wrote a trial-balloon about exa, whose notability is supported by the same sources as ripgrep's. I'm surprised in a positive way that the deletionists

[23:56:43.0000] <hsivonen>
haven't deleted the exa article yet.)

[00:49:47.0000] <annevk>
Yeah, those policies make contributing back to Wikipedia rather hard

[02:41:22.0000] <yhirano>
annevk: are you going to add coep tests for service workers soon? If not I'm willing to add some.

[02:42:33.0000] <annevk>
yhirano: please do

[02:42:44.0000] <annevk>
yhirano: I'm looking at ImageBitmap atm

[02:43:06.0000] <annevk>
yhirano: seems that Fx might be lacking there somewhat, e.g., no support with BroadcastChannel

[02:43:06.0000] <yhirano>
annevk: thanks, will do

[04:53:48.0000] <hsivonen>
Do we have WPTs that check that a reused TextDecoder retains its BOM handling mode across reuses?

[04:57:35.0000] <hsivonen>
annevk: Also, we're already late: https://github.com/rustwasm/wasm-bindgen/blob/487289cf9b88913124e8aa22f4f21aa145c47733/crates/cli-support/src/js/mod.rs#L1103

[05:02:56.0000] <annevk>
hsivonen: I’m not sure if we have for all possible reuses

[05:03:15.0000] <annevk>
hsivonen: streaming a BOM is covered I think

[05:03:39.0000] <hsivonen>
annevk: OK. Firefox BOM ignoring code looks bad for reuse purposes.

[05:04:58.0000] <hsivonen>
annevk: my hypothesis from code inspection is that in Firefox, a reused TextDecoder always removes the BOM

[05:06:05.0000] <hsivonen>
the spec is a bit hard to read to figure out what the expected survival of these flags is

[05:09:52.0000] <hsivonen>
annevk: indeed, a reused TextDecoder removes the BOM in Firefox

[05:11:48.0000] <hsivonen>
/me goes file a bug

[05:14:15.0000] <hsivonen>
filed as https://bugzilla.mozilla.org/show_bug.cgi?id=1574892 ; I'll add WPT assertions while at it

[05:33:59.0000] <hsivonen>
too late now, but the terminology "ignore" the BOM is super-confusing in this case

[05:34:14.0000] <hsivonen>
when ignore means don't remove

[05:34:27.0000] <annevk>
Thanks hsivonen

[05:35:14.0000] <annevk>
hsivonen: I guess in a way that is confusing, but you could also see it as a way to tell the decoder to ignore (in terms of looking at) the BOM

[05:35:45.0000] <hsivonen>
annevk: yes, I know that's what it means, but I still find it confusing

[05:42:34.0000] <annevk>
hsivonen: yeah, we could add more prose to the specification, but not sure if that helps

[09:40:30.0000] <Mattumd>
hi

[09:42:08.0000] <Mattumd>
I write a tutorial about HTML5 custom data and JS API. How can I submit it?

[10:24:47.0000] <annevk>
Mattumd: submit it where? Please give some context

[10:25:40.0000] <Mattumd>
https://blog.whatwg.org/submit-article

[10:27:18.0000] <annevk>
Mattumd: ah, I’ll DM

2019-08-20
[03:07:17.0000] <Ms2ger>
annevk, how do we feel about resolving promises with things that aren't js/idl values?

[03:07:34.0000] <Ms2ger>
Because https://w3c.github.io/ServiceWorker/#dom-cache-addall uses responses (not Response objects)

[03:14:31.0000] <hsivonen>
Does any WebIDL interface realistically use non-ASCII default string values?

[03:20:15.0000] <Ms2ger>
hsivonen, I assume not

[03:27:41.0000] <hsivonen>
Ms2ger: OK. Thanks

[03:28:03.0000] <hsivonen>
right now, I'm not a fan of TextEncoder.encode having a default value for the string argument

[03:31:31.0000] <hsivonen>
How do [TreatNullAs=EmptyString] DOMString foo and optional DOMString foo = "" differ? for undefined?

[03:35:12.0000] <hsivonen>
ah, absent and null are different

[03:36:01.0000] <hsivonen>
I take it that the default value on TextEncoder.encode() is a leftover from the time when it did streaming to ISO-2022-JP

[03:36:09.0000] <hsivonen>
right now it doesn't have a use case

[04:05:00.0000] <annevk>
Ms2ger: seems like a bug

[04:06:58.0000] <annevk>
hsivonen: what would you prefer, that it throws if no argument is passed?

[04:07:51.0000] <annevk>
hsivonen: I think it's mainly for parity with decode(), where the input argument is also optional

[04:08:11.0000] <annevk>
hsivonen: and giving optional arguments a default value can simplify the description of the method

[04:08:47.0000] <hsivonen>
annevk: throwing would have been nice, but by now I've implemented default values for new WebIDL type, so nevermind

[04:09:53.0000] <annevk>
hsivonen: so for decode() we did not throw so you could signal EOF, but for encode that use case does not make sense, but as you still have to handle encode("") might as well treat not passing the argument as that

[04:10:10.0000] <annevk>
hsivonen: aah, I now get why this was annoying 😃

[04:47:18.0000] <hsivonen>
Do I understand correctly that the only way to introduce non-Latin1 into the Document.contentType is via XSLT?

[04:52:46.0000] <annevk>
hsivonen: contentType or characterSet?

[04:53:15.0000] <hsivonen>
annevk: contentType

[04:53:19.0000] <annevk>
Anyway, either way I guess I don't know

[04:53:29.0000] <hsivonen>
annevk: there's no way to introduce non-ASCII to characterSet

[04:54:42.0000] <hsivonen>
can URL, documentURI, and referrer actually return non-ASCII (i.e. stuff that hasn't been percent-encoded and Punycoded)?

[04:55:11.0000] <annevk>
hsivonen: not in theory

[04:55:21.0000] <annevk>
hsivonen: but implementations might be at various stages

[04:55:26.0000] <annevk>
hsivonen: same for origin

[04:55:28.0000] <hsivonen>
annevk: OK. Thanks

[04:55:53.0000] <annevk>
hsivonen: XSLT being able to set arbitrary contentType also seems somewhat problematic

[04:56:04.0000] <hsivonen>
yeah

[05:36:23.0000] <Ms2ger>
XSLT [...] seems somewhat problematic

[05:47:43.0000] <gsnedders>
X.* [...] seems somewhat problematic

[08:47:16.0000] <annevk>
Ms2ger++ very exciting to see progress on defining platform promises

[09:03:59.0000] <Domenic>
Agreed, really looking forward to reviewing that. Today has a lot of meetings, so no promises, but I'd like to.

[09:05:57.0000] <Ms2ger>
> no promises

[09:05:59.0000] <Ms2ger>
/me grins

2019-08-22
[00:24:59.0000] <zcorpan>
apparently `git log -L 108812,+4:source` for whatwg/html was too much for my poor laptop

[00:25:19.0000] <zcorpan>
wanted to see the history for https://github.com/whatwg/html/issues/4804

[00:26:43.0000] <zcorpan>
anyone have more computing power (or disk space, it complained about that for me) to run that?

[00:37:48.0000] <zcorpan>
found what I was looking for now

[02:45:22.0000] <zcorpan>
Hmmmm. I pushed another commit to https://github.com/whatwg/html/pull/4322 but it doesn't show up in github. Is it a hickup or have I been away from work too long to know how to git?

[02:57:49.0000] <zcorpan>
sigh, now something's messed up. (132 commits in the pr)

[04:11:30.0000] <smaug____>
so the new syntax for defining optional dictionaries is to just add = {}, right?

[04:11:30.0000] <smaug____>
14:06 = {foo: "bar"} isn't possible

[04:11:45.0000] <smaug____>
er,

[04:11:45.0000] <smaug____>
= {foo: "bar"} isn't possible

[04:58:08.0000] <Ms2ger>
That's right

2019-08-23
[19:08:29.0000] <devsnek>
is it possible to use custom elements to override something like <embed>

[19:08:48.0000] <devsnek>
i'm trying to make an extension that loads a wasm flash emulator instead of using real flash

2019-08-26
[01:50:09.0000] <yhirano>
annevk: hi

[01:50:38.0000] <yhirano>
annevk: I have a question about https://bugs.chromium.org/p/chromium/issues/detail?id=757387 which is reported by you

[01:51:30.0000] <yhirano>
annevk: it seems https://github.com/web-platform-tests/wpt/blob/master/fetch/api/basic/scheme-data.any.js expects a non-empty body for HEAD and everyone passes the test.

[01:51:34.0000] <yhirano>
annevk: https://wpt.fyi/results/fetch/api/basic/scheme-data.any.html?label=master&label=experimental&aligned

[01:52:06.0000] <yhirano>
annevk: do you know the reason for the firefox behavior?

[02:01:33.0000] <annevk>
yhirano: if I had to guess it's because it ignores the method for data URLs

[02:02:42.0000] <annevk>
yhirano: I think we're okay with fixing that though

[02:03:52.0000] <yhirano>
annevk: So your opinion is null-ing the response body for HEAD requests is good for both xhr/fetch, right?

[02:06:14.0000] <annevk>
yhirano: yeah, making it depend on who provided the response seems weird

[02:07:02.0000] <annevk>
yhirano: I'd r+ a fix to that test; once that's done I'd be happy to help file bugs

[07:18:07.0000] <annevk>
If anyone needs a focus-related review from Mozilla, best to add smaug____ to the reviewer list. I've done it for some HTML PRs, but I might have missed some. (cc Domenic)

[07:18:43.0000] <smaug____>
ha, "thanks" :p

[07:19:11.0000] <smaug____>
(but yes, kick me if I'm slow with reviews)

[08:52:03.0000] <Domenic>
TabAtkins: there's no way to avoid a <dfn> (such as one used in an example) from showing up in "Terms defined by this specification", right?

[08:56:06.0000] <Ms2ger>
Domenic, please tell me if there is a way :)

[08:56:56.0000] <annevk>
/me raises hand for the newsletter

[09:00:18.0000] <Domenic>
In general "Terms defined by this specification" and its counterpart for "Terms defined in other specifications" feels a little unloved, e.g. my old issue about allowing us to preserve the casing on imported <dfn>s in the latter. Ah well.

2019-08-27
[04:27:14.0000] <TabAtkins>
(Still on vacation, but)

[04:28:37.0000] <TabAtkins>
There hasn't been a great need for that yet, no. If you're just styling, use a <b> or something.

[05:53:20.0000] <Ms2ger>
TabAtkins, it's sometimes useful to have a definition in an example that you can xref within the example, like in https://heycam.github.io/webidl/#promise-example-environment-ready

[05:54:07.0000] <TabAtkins>
Hm, kk.

[06:17:17.0000] <hsivonen>
annevk: I suspect we lack WPTs for the case where stream=true, fatal=true for TextDecoder.decode() and the decoder throwns on fatal. (The only reasonable thing is that the next call to "decode" starts a logically new stream)

[06:18:14.0000] <hsivonen>
annevk: also, the same thing but the throwing happens on the WebIDL layer and doesn't cause a logically new stream

[06:19:53.0000] <annevk>
hsivonen: the reasonable thing is also the required thing, right?

[06:20:08.0000] <annevk>
hsivonen: when throwing happens on the IDL layer, no state is reset as the specification algorithm is not invoked

[06:23:08.0000] <hsivonen>
annevk: I haven't checked if the spec says the reasonable thing

[06:23:33.0000] <annevk>
hsivonen: it resets state, then continues to do checks and maybe throws

[06:23:53.0000] <annevk>
hsivonen: I think you're correct that this might not have coverage though

[07:05:41.0000] <annevk>
hsivonen: if you don't have time I can probably write those tests, but maybe file an issue so it's not forgotten?

[07:05:57.0000] <annevk>
hsivonen: gonna go a bit earlier today

[07:20:06.0000] <alano>
I'm interested in having a discussion about the video tag, MSE and EME stuff included (along with CDM modules) - anyone? (happy if I'm told I should try a different channel: what I'm thinking about might suggest a change to the canvas and video compositing layers in browsers)

[07:22:41.0000] <gsnedders>
I don't think a particularly large number of people working on media are on IRC? I could be wrong though. You'd probably be better just asking, or just posting a GitHub issue?

[07:24:43.0000] <annevk>
Yeah, writing a short summary in a GitHub issue (or maybe WICG discourse) is likely more effective

[07:44:43.0000] <Domenic>
Ms2ger: do you have plans to help remove the content from the promises guide document and potentially migrate specs that use it?

[07:54:32.0000] <Ms2ger>
Domenic, I'm probably going to look into that once bikeshed's xref database is updated; it seems to be stuck

[08:23:30.0000] <alano>
/me thanks gsnedders and annevk

[09:01:12.0000] <alano>
/me As suggested, I've opened an issue : https://github.com/whatwg/meta/issues/138

[09:08:02.0000] <Domenic>
Ms2ger: sounds good!

2019-08-28
[22:20:11.0000] <royiv>
Can someone in WHATWG, W3, the IETF define the *semantics*, and not just the grammar, of application/x-www-form-urlencoded in a real standard like an RFC or something? Like, are "k" and "k=" semantically equivalent? Can we all agree that either dupes are silly, or at least, if we are having them, the last arg takes precendence? The ambiguity such a critical format has is astonishing.

[22:20:24.0000] <royiv>
I think at least WHATWG says "k" and "k=" are equivalent.

[23:02:29.0000] <annevk>
royiv: if the URL Standard is unclear somehow, please file an issue, but sounds like it’s clear enough

[01:42:15.0000] <domfarolino>
Per spec, does the concept of a "Document" exist when something like an image resource is navigated to and displayed?

[01:44:08.0000] <domfarolino>
Specifically what I'm getting at is: Could a link rel=stylesheet header be used to style an image or JSON resource in any way? (Since we of course couldn't include a rel=stylesheet in our HTML, since there is no HTML)

[01:50:58.0000] <Ms2ger>
Yep

[01:51:17.0000] <Ms2ger>
https://html.spec.whatwg.org/multipage/browsing-the-web.html#read-media

[01:52:08.0000] <Ms2ger>
You could put an image in an iframe and then dynamically a link element, if I'm not mistaken

[02:34:24.0000] <annevk>
Indeed, use an <iframe> and contentDocument it

[03:59:31.0000] <annevk>
foolip: yt? Mind if I push some changes to your XPath branch?

[04:10:43.0000] <MikeSmith>
tehres an XPath branch?

[04:11:06.0000] <MikeSmith>
ah, DOM

[04:12:44.0000] <foolip>
annevk: not at all, go ahead

[04:52:11.0000] <hsivonen>
Does the Web Platform have a built-in way to convert between JS Strings and Uint16Array?

[04:52:51.0000] <annevk>
hsivonen: I don't think so

[04:52:59.0000] <hsivonen>
annevk: thanks

[04:54:31.0000] <hsivonen>
I wonder how Qt on Wasm deals with this

[04:56:04.0000] <annevk>
hsivonen: Uint16Array.from(str) allocates something of the right size, but you need more to get the values out it seems

[04:58:12.0000] <annevk>
hsivonen: I'd ask fitzgen

[04:59:28.0000] <hsivonen>
annevk: thanks. I guess the answer to how Qt deals with this is in the Qt source code

[05:50:38.0000] <nox>
Shouldn't there be a way to view a JS string as a Uint16Array?

[05:50:43.0000] <nox>
Without allocating anything I mean.

[05:51:23.0000] <annevk>
nox: maybe, there's been some talk about a StringView thingy

[05:51:39.0000] <hsivonen>
nox: not possible in cases where the backing storage isn't actually UTF-16

[05:51:49.0000] <nox>
Oh right, silly me.

[06:08:12.0000] <oskarlh>
Not the most efficient solution, but.....    Array.prototype.reduce.call(SOME UINT16ARRAY, (str, cc) => str + String.fromCharCode(cc), "");

[06:09:02.0000] <oskarlh>
and new Uint16Array((function *() { for(let i = 0; i !== str.length; ++i) { yield str.charCodeAt(i); } })())

[06:09:59.0000] <gsnedders>
hsivonen: we should have a way to be able to get a JS string as a Uint16Array where impls don't have to copy the string if it's already a contiguous UTF-16 array

[06:10:25.0000] <gsnedders>
s/should/should at least/

[06:11:33.0000] <hsivonen>
gsnedders: can Uint16Array be read-only?

[06:13:00.0000] <gsnedders>
hmm, maybe not

[06:13:46.0000] <gsnedders>
And I don't know how useful being able to do zero-copy would be even if there was, given idk how often you'd end up wanting to copy strings represented as a rope…

[06:28:10.0000] <hsivonen>
I expect Wasm bindings to need a way to get the string written into a caller-supplied Uint16Array instead of creating a new one

[06:28:52.0000] <hsivonen>
But I guess I should find the relevant Qt bits before speculating about use cases

[06:29:47.0000] <gsnedders>
(the ex-Opera employee in me wants to all be like, "but what about Big Endian implementations?!"

[06:29:50.0000] <gsnedders>
)

[06:30:46.0000] <hsivonen>
Does TenFourFox have little-endian Web-visible ArrayBuffer semantics by now?

[06:31:59.0000] <hsivonen>
The next Debian release will drop big-endian MIPS as an official platform, so s390x will be the only remaining big-endian architecture with an official Debian release

[07:18:57.0000] <gsnedders>
There are ways to replace the document object while keeping the same window, right?

[07:20:47.0000] <annevk>
gsnedders: initial about:blank

[07:24:05.0000] <gsnedders>
annevk: i.e., when navigating away from it?

[07:25:26.0000] <gsnedders>
(Sorry, I'm far too far away from remembering how document loading works!)

[07:30:37.0000] <annevk>
gsnedders: yeah, sorry

[07:30:59.0000] <annevk>
gsnedders: but only if it's same-origin with the initial about:blank and there might be differences across UAs

[08:16:53.0000] <Ms2ger>
Domenic, bikeshed update fetches from bikeshed-data, which is broken: https://github.com/tabatkins/bikeshed-data/issues/3

[08:17:05.0000] <Domenic>
Oh I see

[08:17:16.0000] <Domenic>
Yeah I guess the web interface uses a different set of data :-/

[08:17:36.0000] <Domenic>
TabAtkins is on vacation so we should probably try to work around

[08:17:47.0000] <Domenic>
Or maybe foolip can help

[08:21:42.0000] <Ms2ger>
People could add the link-defaults thing for now

[08:22:19.0000] <Domenic>
Why don't we just fix the promises guide?

[08:26:57.0000] <TabAtkins>
Ah yeah I turned off my computer before I went on vacation. ...I should put bikeshed-data on some actual infra

[08:27:11.0000] <TabAtkins>
(am on the beach right now in Haiti)

[08:29:12.0000] <TabAtkins>
I should be able to run it on my server as well. I think I'm rate-limited on cron there, but I can at least run it a few times a day as a backup.

[08:34:51.0000] <foolip>
TabAtkins: if you want to run it daily Travis would do the trick, and if more often is needed GitHub Actions can now do that.

[08:35:48.0000] <TabAtkins>
Kk, I'll look into that when I'm back next week

[08:36:33.0000] <foolip>
TabAtkins: is bikeshed-data up and running now, or is there a simple command someone else could run to get it updated as a one-off?

[08:37:53.0000] <TabAtkins>
If I grant access to the repo, anyone can download it and run the command.

[08:38:04.0000] <TabAtkins>
You want to handle it?

[08:39:00.0000] <TabAtkins>
Or Domenic ?

[08:39:23.0000] <TabAtkins>
(it just requires a local Bikeshed install to already exist)

[08:46:15.0000] <foolip>
TabAtkins: I can do an update, but what is the command to run?

[08:47:18.0000] <foolip>
/me finds https://github.com/tabatkins/bikeshed-data/blob/master/__init__.py#L14

[08:54:11.0000] <foolip>
TabAtkins: I figured it out, if you give me write access to the repo I can push an update

[08:57:40.0000] <foolip>
TabAtkins: if you sign up for the beta for your user on https://github.com/features/actions I could do the automation part too

[09:18:40.0000] <TabAtkins>
foolip: sent you an invite

[09:21:39.0000] <foolip>
TabAtkins: received! On my way home now, but can push an update within 6 hours

[09:23:07.0000] <foolip>
TabAtkins: do you want to do the GitHub Actions thing too? Going by commit times it looks like you've been running continuously,  but I'd hourly enough?

[09:23:09.0000] <foolip>
Is

[09:24:16.0000] <TabAtkins>
Should be enough yeah

[09:24:23.0000] <TabAtkins>
I run it every ten minutes right now

[09:30:24.0000] <annevk>
Oh, it changed from the 24h cycle? I clearly have not been doing much editing as of late

[09:31:56.0000] <annevk>
Or maybe this is not Shepherd...

[09:51:45.0000] <foolip>
TabAtkins: https://github.com/tabatkins/bikeshed-data/commit/165a92ef0fcdfafafcd96fbb2aadeb28cf1cd02c pushed, just done manually

[09:52:09.0000] <foolip>
annevk: this isn't Shepherd, no :)

[12:10:55.0000] <TabAtkins>
annevk: Shepherd's cycle is still 24h (or less). But bikeshed-data pulls from more sources than that, most particularly wpt which updates constantly.

[12:13:14.0000] <TabAtkins>
foolip: danke

[12:14:20.0000] <foolip>
TabAtkins: did you click through https://github.com/features/actions or shall we deal with that next week?

[12:14:38.0000] <foolip>
Domenic: did my manual update fix anything?

[12:14:47.0000] <TabAtkins>
I clicked, but it just put me in the beta queue

[12:16:47.0000] <TabAtkins>
Domenic, annevk: note also the --skip-manifest flag documented at https://tabatkins.github.io/bikeshed/#cli-update if there are every problems with the data being out of date

[12:17:01.0000] <TabAtkins>
It's just a lot slower than the normal update process

[12:17:06.0000] <Domenic>
foolip: I'm not sure, Ms2ger is the person to ask

[12:17:49.0000] <foolip>
Domenic: oh, right

[12:23:23.0000] <annevk>
TabAtkins: please enjoy the beach 🏖

[12:23:45.0000] <TabAtkins>
Oh I am

[12:24:15.0000] <annevk>
🥳

[12:27:50.0000] <TabAtkins>
https://twitter.com/tabatkins/status/1166794352753963009

2019-08-29
[23:08:44.0000] <annevk>
Hmm, this promise guide / IDL conflict broke DOM too

[23:09:17.0000] <annevk>
Oh, I guess that was already known, it just wasn't clear from this other PR branch :/

[02:24:52.0000] <annevk>
Ms2ger: so next time I'd really prefer it if we fixed the infrastructure before we started notifying specification editors

[02:25:25.0000] <annevk>
Ms2ger: because now we have the same situation as last time, with all specification editors having to keep track of when tooling gets updated before they can make the requested change

[02:45:16.0000] <Ms2ger>
Gotcha

[05:19:34.0000] <MikeSmith>
Ms2ger: maybe JakeA can review https://github.com/w3c/ServiceWorker/pull/1463

[08:06:53.0000] <wanderview>
I believe he is on holiday still

[15:36:36.0000] <MikeSmith>
eabd

[15:36:46.0000] <MikeSmith>
oofs

[15:37:11.0000] <MikeSmith>
wanderview: maybe you can review?

2019-08-30
[23:11:35.0000] <domfarolino>
annevk: Hey. You  mentioned "Safari's approach". Just so I'm clear, is their approach: allowing cross-origin prefetches to be reused for top-level navigations only? My understanding is that is what igalia is working on with apple I believe

[23:12:28.0000] <domfarolino>
Or did you just mean their approach as in making all of the suggested request property changes

[23:57:22.0000] <annevk>
domfarolino: maybe? I'd love to see the exact processing model

[23:58:00.0000] <domfarolino>
hah, me too

[23:58:03.0000] <annevk>
domfarolino: presumably they also double-key still so another window cannot use the preload entries?

[23:58:16.0000] <annevk>
domfarolino: otherwise you can still do attacks through popups

[23:58:48.0000] <domfarolino>
preload entries or prefetch?

[23:59:08.0000] <annevk>
prefetch, sorry

[23:59:13.0000] <annevk>
These names are terrible

[00:01:25.0000] <domfarolino>
annevk: Lol I know :/ so at one point I heard they were implementing a single-keyed prefetch cache and limiting the reuse to next-navigation or something like that

[00:02:11.0000] <domfarolino>
But using the double-key for the prefetch would be better I think. and limiting to top-level navigation. there doesn't seem to be a reason to need single-key if it is destined for a top-level-nav

[00:03:00.0000] <annevk>
domfarolino: you at TPAC?

[00:03:19.0000] <annevk>
I vaguely remember you might not be...

[00:03:49.0000] <domfarolino>
I'll be there. It'd probably be good to get some folks together to discuss this sorta stuff, maybe in a breakout session or something etc

[00:04:49.0000] <annevk>
Yes, I guess WebKit engineers in particular

[00:06:30.0000] <domfarolino>
annevk: Do you know if youennf is going to be there?

[00:07:12.0000] <annevk>
domfarolino: I know nothing, except that I saw him last year

[00:54:39.0000] <domfarolino>
annevk: Gotcha. falken just checked the registration list and it looks like he'll be attending, so it will be good to all meet up

[07:08:26.0000] <wanderview>
MikeSmith: looks like matt reviewed

[09:50:19.0000] <Domenic>
foolip: FYI I have write access to Bikeshed if you want me to merge https://github.com/tabatkins/bikeshed/pull/1514

[09:57:59.0000] <foolip>
Domenic: argh, need to sync again and my workstation is off because we're moving floors

2019-08-31
[03:31:07.0000] <domfarolino>
What is the #concept-origin of a navigation request equal to, when Main Fetch is entered. Is it just the origin of the request's URL?

[03:31:52.0000] <domfarolino>
Seems to depend on request's client's origin, and request's client, for navigation requests, is set to "sourceBrowsingContext's active document's relevant settings object"

[03:34:45.0000] <domfarolino>
(But I cannot easily tell what that object's origin is)

[04:52:37.0000] <annevk>
domfarolino: document responsible for the request, at a high-level

[04:58:48.0000] <domfarolino>
annevk: Which is the document itself, for initial navigation? (So I guess navigation request’s origin is just origin of the nav URL)

[06:30:29.0000] <annevk>
domfarolino: for user-initiated navigation there is no document, so no origin?