IRC log of dig on 2012-07-20

Timestamps are in UTC.

00:45:20 [rszeno]

rszeno (~rszeno@79.114.93.230) has joined #dig

00:48:51 [presbrey]

presbrey (~presbrey@2001:4830:2446:b5:aede:48ff:fe00:6001) has joined #dig

05:56:29 [danbri]

danbri (~danbri@cpc6-aztw25-2-0-cust83.aztw.cable.virginmedia.com) has joined #dig

06:41:40 [melvster]

melvster has quit (Read error: Operation timed out)

07:13:13 [bblfish]

bblfish has quit (Ping timeout: 246 seconds)

07:14:09 [bblfish]

bblfish (~bblfish@AAubervilliers-651-1-320-113.w83-200.abo.wanadoo.fr) has joined #dig

08:59:29 [deiu]

deiu (~andrei@unaffiliated/deiu) has joined #dig

09:17:28 [bblfish]

bblfish has quit (Ping timeout: 246 seconds)

09:18:06 [bblfish]

bblfish (~bblfish@AAubervilliers-651-1-320-113.w83-200.abo.wanadoo.fr) has joined #dig

09:25:24 [bblfish]

bblfish has quit (Ping timeout: 260 seconds)

09:30:41 [bblfish]

bblfish (~bblfish@AAubervilliers-651-1-320-113.w83-200.abo.wanadoo.fr) has joined #dig

09:39:10 [bblfish]

bblfish has quit (Ping timeout: 246 seconds)

09:59:16 [bblfish]

bblfish (~bblfish@ALagny-551-1-67-174.w86-218.abo.wanadoo.fr) has joined #dig

10:16:16 [cheater__]

cheater__ has quit (Ping timeout: 246 seconds)

10:29:15 [cheater__]

cheater__ (~cheater@g230223075.adsl.alicedsl.de) has joined #dig

10:59:32 [melvster]

melvster (~melvin@p5797F256.dip.t-dialin.net) has joined #dig

11:08:47 [danbri]

danbri has quit (Ping timeout: 255 seconds)

11:13:22 [RalphS]

RalphS (Ralph@30-7-118.wireless.csail.mit.edu) has joined #dig

11:46:54 [fission6]

fission6 has quit (Ping timeout: 264 seconds)

12:18:17 [melvster]

melvster has quit (Remote host closed the connection)

12:28:13 [bblfish]

bblfish has quit (Remote host closed the connection)

12:28:27 [danbri]

danbri (~danbri@cpc6-aztw25-2-0-cust83.aztw.cable.virginmedia.com) has joined #dig

12:31:29 [bblfish]

bblfish (~bblfish@ALagny-551-1-67-174.w86-218.abo.wanadoo.fr) has joined #dig

13:01:58 [danbri_]

danbri_ (~danbri@cpc6-aztw25-2-0-cust83.aztw.cable.virginmedia.com) has joined #dig

13:04:56 [danbri]

danbri has quit (Ping timeout: 255 seconds)

13:18:37 [bblfish]

bblfish has quit (Ping timeout: 246 seconds)

13:24:10 [bblfish]

bblfish (~bblfish@AAubervilliers-651-1-320-113.w83-200.abo.wanadoo.fr) has joined #dig

13:36:51 [fission6]

fission6 (~fission6@cpe-74-66-1-166.nyc.res.rr.com) has joined #dig

14:01:33 [melvster]

melvster (~melvin@p5797F256.dip.t-dialin.net) has joined #dig

14:04:16 [melvster]

melvster has quit (Remote host closed the connection)

14:07:03 [melvster]

melvster (~melvin@p5797F256.dip.t-dialin.net) has joined #dig

15:20:52 [melvster]

melvster has quit (Read error: Connection reset by peer)

15:22:17 [melvster]

melvster (~melvin@p5797F256.dip.t-dialin.net) has joined #dig

15:32:08 [danbri_]

danbri_ has quit (Ping timeout: 255 seconds)

15:33:36 [danbri]

danbri (~danbri@cpc6-aztw25-2-0-cust83.aztw.cable.virginmedia.com) has joined #dig

15:37:13 [cheater__]

cheater__ has quit (Ping timeout: 246 seconds)

15:45:06 [deiu]

deiu has quit (Quit: Leaving)

15:55:05 [cheater]

cheater (~cheater@g230223075.adsl.alicedsl.de) has joined #dig

16:01:01 [cheater]

cheater has quit (Ping timeout: 246 seconds)

16:33:03 [bblfish]

betehess: not progressed much this week. Though we made a big progress with french student r_blin, who sometimes is on this channel

16:33:40 [bblfish]

He bought himself a new notebook 4 core 8 threads, with a new version of Linux and skype, and so I was able to help him debug rdflib.js

16:34:21 [bblfish]

His problem is that he did not really know how to work with JS - which is hard if you come from Java - since there is absoltely no type checking. All Type Checking has to be done by hand.

16:35:16 [bblfish]

Also he learned about debugging JS, stepping through the code, reading rdflib - only way to get to know it , as there is no documentation at present - and understanding the difference beteween a graph and a store.

16:35:34 [bblfish]

so he should be a lot more productive now.

16:35:51 [bblfish]

that he understands all those concepts

16:36:10 [bblfish]

All these interventions do slow me down.

16:36:13 [bblfish]

...

16:37:05 [bblfish]

( also it's a huge hurdle to get people to learn to work in distribute teams )

16:37:47 [bblfish]

eg: having a skype coding session - a la pair programming made a huge difference today - was not possible before .

16:56:19 [cheater]

cheater (~cheater@g230223075.adsl.alicedsl.de) has joined #dig

17:00:52 [cheater]

cheater has quit (Ping timeout: 246 seconds)

17:12:59 [timbl]

timbl has quit (Quit: timbl)

17:13:47 [timbl]

timbl (~timbl@host86-144-247-27.range86-144.btcentralplus.com) has joined #dig

17:13:49 [timbl]

timbl has quit (Client Quit)

18:25:12 [danbri]

danbri has quit (Remote host closed the connection)

19:26:45 [cheater]

cheater (~cheater@g230223075.adsl.alicedsl.de) has joined #dig

20:22:25 [RalphS]

RalphS has quit ()

20:38:34 [cheater]

cheater has quit (Ping timeout: 246 seconds)

20:50:31 [bblfish]

that Web browser implementors are not willing to risk breaking any such deployments, however convoluted that makes the resulting technology. http://lists.w3.org/Archives/Public/public-webappsec/2012Jul/0068.html

20:50:53 [bblfish]

(forgot quotes)

20:51:12 [bblfish]

apparently that explains why CORS cannot GET pulbic resources

20:51:45 [dsheets]

bblfish: hixie also believes that using URIs for identifiers that may not resolve over the network is a Bad Idea because it is Confusing

20:52:32 [bblfish]

really :-)

20:52:40 [dsheets]

one moment

20:54:00 [dsheets]

http://lists.w3.org/Archives/Public/public-webapps/2011JulSep/1584.html

20:54:41 [cheater]

cheater (~cheater@g230223075.adsl.alicedsl.de) has joined #dig

20:55:01 [dsheets]

This thread was cited as a philosophically-sound refutation of my proposal to lift WebGLSL extension names into URI: http://www.khronos.org/webgl/public-mailing-list/archives/1205/msg00138.html

20:55:57 [dsheets]

fwiw, imho if you have security-sensitive information protected by IP, you are doing it wrong and your information must not be that sensitive

20:55:58 [bblfish]

ah ok, he does not understand name spaces.

20:56:14 [bblfish]

dsheets: very good point

20:56:16 [dsheets]

bblfish: who? hixie or glenn?

20:56:41 [bblfish]

hixie, it looks like

20:57:00 [dsheets]

yes, exactly, and that ignorance is spreading among the html5-head

20:57:00 [dsheets]

s

20:57:27 [bblfish]

well in fact in html5 they are using a uri. They just have a hidden namespace

20:57:41 [bblfish]

it's http://ieff.org/mimes/text/html

20:57:47 [bblfish]

( or something like that )

20:58:20 [dsheets]

yup but you can't show that to poor authors, they might get confused

20:58:37 [bblfish]

but ok. In any case they are stymining debate by saying they can't change anything because browser vendors don't want it

20:59:08 [bblfish]

the close one gets to showing that this would work the more vociferous they get

20:59:11 [dsheets]

bblfish: browser vendors are not the constituency that matters… merely the gatekeepers

20:59:35 [bblfish]

who are the getekeepers?

20:59:44 [dsheets]

browser vendors

20:59:55 [bblfish]

ah

20:59:56 [dsheets]

but their users are the most important constituency

20:59:56 [bblfish]

:-)

21:00:10 [cheater]

cheater has quit (Ping timeout: 260 seconds)

21:00:20 [bblfish]

ah I see how to parse your sentence

21:00:23 [dsheets]

and the browser vendors operate under the mistaken belief that they act in the interest of their user base

21:00:50 [bblfish]

well I myself doubt that he is fully representing the browser vendors in this case

21:01:09 [bblfish]

if he were, then the simplification that would result may be something they could agree on

21:01:23 [bblfish]

s/if he were//

21:01:25 [dsheets]

in this case, the browser vendors are claiming that the best course of action for all users is to protect those few who operate sensitive web resources with weak security policies

21:01:48 [bblfish]

well I am not sure. Who in that discussion is a browser vendor?

21:01:52 [bblfish]

or representing one?

21:02:30 [dsheets]

Anne van Kesteren works for opera

21:02:36 [bblfish]

they could just be lazy employees that don't want to do the heavy work of thinking this through, and want to get their standard published

21:02:39 [bblfish]

ah

21:02:58 [dsheets]

hixie is obv. a standardista that works with vendors closely to codify their brokenness

21:03:13 [dsheets]

viz html5

21:03:59 [dsheets]

if you allowed unauthenticated GET from page agents, the web would be more decentralized and browser vendors (and the major central repositories some of them manage) would be less powerful

21:04:22 [bblfish]

ah, I am not sure that that is their thinking

21:04:32 [bblfish]

I think they are just frightened chickens

21:04:46 [dsheets]

frightened of?

21:04:52 [bblfish]

thinking

21:04:54 [bblfish]

or working

21:05:05 [bblfish]

because it is a slightly tricky issue

21:05:14 [bblfish]

if they get it wrong they could get a lot of bad heat

21:05:30 [bblfish]

( security flaw on the headline news! )

21:05:56 [dsheets]

sure… they are currently working to consolidate and centralize their control, though

21:06:05 [bblfish]

so they are probably not taking the risks that their employees expect them to

21:06:12 [dsheets]

the recent major push is to expand js API surface area and codify broken HTML

21:06:26 [bblfish]

But it makes no difference. With a CORS proxy you get the data anyway

21:06:31 [dsheets]

why would they innovate when they are busy maturing and digging moats?

21:06:49 [cheater]

cheater (~cheater@g230223075.adsl.alicedsl.de) has joined #dig

21:07:03 [dsheets]

you get the data but cause an intermediary to use 2x bandwidth

21:07:07 [bblfish]

well, that's why I think this probably makes no difference to the vendors. They are probably just want to go to final call

21:07:55 [bblfish]

true dsheets, but I don't think these people think at the level of trying to consolidate

21:08:14 [dsheets]

so they serve those interests blindly?

21:08:26 [bblfish]

no, they are just frightenened chickens

21:08:29 [dsheets]

or lobotomize to stop the dissonance?

21:08:39 [bblfish]

and they don't have a big picture interest to go for better quality

21:08:47 [bblfish]

so they go for what is easier

21:09:05 [dsheets]

ok so they are lazy and tired and thinking 1yr ahead instead of 50yrs

21:09:14 [bblfish]

( anyway, just a hypothesis: trying to explain their behavior while keeping it rational - ala Donal Davidson )

21:09:25 [bblfish]

instead of 5-10

21:09:48 [dsheets]

that seems like a reasonable hypothesis to me… how do you leverage that to win over the community and draw out supporters?

21:10:16 [dsheets]

offer the huge upside, the minor/silly downside, and the futility due to proxies?

21:10:39 [dsheets]

those speaking with some authority (hixie) seem to have shut down those avenues

21:10:51 [bblfish]

well, perhaps the W3C has policies on short term thinking such as that one

21:11:15 [bblfish]

perhaps there is a security group who is there to say: oops! don't think so short term. it costs us money

21:12:11 [dsheets]

it is crazy… when i was at w3c in summer 2006, timbl concluded that tabulator needed to be a ff extension to work around this nonsense… and here we are 6yrs later...

21:12:12 [bblfish]

One would need to do some research on those questions I brought up, with careful answers.

21:12:44 [dsheets]

so the long term thinking has been there, the apps have been there, the idea has been there and it hasn't caught on or been pushed

21:13:08 [bblfish]

true

21:13:31 [bblfish]

the apps need to get virally good

21:13:38 [bblfish]

then of course they will be forced to move

21:13:41 [dsheets]

chicken/egg

21:13:50 [bblfish]

not really. The CORS proxy helps

21:14:18 [bblfish]

in fact we can do all this through a CORS proxy on our Freedom box

21:14:22 [dsheets]

cors proxy for image textures is expensive

21:14:40 [bblfish]

ah, how do image textures come in?

21:14:41 [dsheets]

does that exist?

21:14:55 [dsheets]

bblfish: can't read image data out of cross-domain images

21:15:09 [dsheets]

bblfish: because it might be your bank capcha or sth

21:15:41 [bblfish]

ah but all we are talking about is publicly available resources

21:15:59 [bblfish]

for the moment in this CORS discussion

21:16:21 [bblfish]

bank captcha would be private right? (mhh, you are right, could be public)

21:16:59 [bblfish]

for a good social web through a freedom box we probably need to go 2 ways

21:17:09 [bblfish]

1. have the FB do all the work

21:17:24 [bblfish]

2. build thick clients on the desktop that do - no need for browsers there anymore

21:17:39 [bblfish]

( sadly Apple by not supporting Java has made 2 more expensive )

21:19:42 [bblfish]

but well building browsers across platforms has always been expensive

21:20:58 [bblfish]

Still I think in the end that is what is going to happen: specialised linked data browsers such as an rdfTunes

21:22:23 [bblfish]

there one could be a lot more flexible with security policies.

21:22:32 [bblfish]

( which are tricky for sure )

21:23:13 [bblfish]

dsheets: where are you working?

21:23:25 [dsheets]

san francisco

21:24:07 [bblfish]

ah cool https://www.youtube.com/watch?v=LuDN2bCIyus

21:26:07 [bblfish]

how the driver does that?

21:26:15 [bblfish]

neither do I :-)

21:26:32 [dsheets]

that appears to be newtonian physics and nice automotive design and operation

21:26:46 [dsheets]

i don't understand how the venue was acquired and liability was considered

21:27:29 [dsheets]

"expensively"?

21:27:54 [bblfish]

very likely very expensive

21:28:01 [bblfish]

( the car has the number 43 on it )

21:30:02 [dsheets]

43?

21:32:22 [bblfish]

22 million people viewed this

21:32:26 [bblfish]

that's how he finances it

21:32:29 [bblfish]

a blockbuster

21:33:11 [dsheets]

viewed for free… the adverts/sponsorship must compensate

21:33:16 [dsheets]

the driver needs compensation

21:33:47 [dsheets]

the economic impact to the city is multiple millions on dollars and the liability is multiple millions of dollars… doesn't seem worth it

21:36:28 [dsheets]

ironically, turing complete and wide-surface JS can run cross-domain but data can't...???

21:37:05 [dsheets]

What about those intranets that have sensitive JS?

21:37:46 [dsheets]

<script src="http://sekkrit/sensitive/script.js"></script> ?

21:37:57 [bblfish]

I think it's a series, he must get his money back on it.

21:38:07 [bblfish]

SF probably pays for the advertising it gives SF

21:38:19 [bblfish]

the car manufacturer pays for the cars

21:38:29 [bblfish]

Red Bull pays a lot

21:40:22 [bblfish]

Not sure how we can shift the discussion there

21:41:49 [dsheets]

dunno… with their current attitude the non-secure security policy of network topology will be enshrined forever at the expense of public technical capability

21:42:02 [dsheets]

have a good pint

22:28:37 [melvster]

melvster has quit (Ping timeout: 240 seconds)

23:05:25 [danbri]

danbri (~danbri@cpc6-aztw25-2-0-cust83.aztw.cable.virginmedia.com) has joined #dig

23:11:08 [amy]

amy has left #dig

23:15:21 [danbri]

danbri has quit (Remote host closed the connection)

23:35:14 [betehess]

betehess has quit (Quit: Leaving)

23:42:03 [danbri]

danbri (~danbri@cpc6-aztw25-2-0-cust83.aztw.cable.virginmedia.com) has joined #dig

23:42:21 [danbri]

danbri has quit (Remote host closed the connection)

23:55:27 [danbri]

danbri (~danbri@cpc6-aztw25-2-0-cust83.aztw.cable.virginmedia.com) has joined #dig

23:59:35 [danbri]

danbri has quit (Remote host closed the connection)