planet.webcompat.com

otsukare by Karl Dubost at

Whistler 2019 Quick Notes

(taken as it comes, without a specific logic, just thoughts here and there. Emotions. To take with a pinch of salt.)

  • Plane trip without a hitch from Japan.
  • Back in Vancouver after 5 years, from the bus windows, I noticed the new high rise condos and I wonder who can afford them when they are so many of them. People living with credits and loans?
  • All the Vietnamese restaurants just make me want to stop to have a Bun Bo Hue.
  • Bus didn’t get a flat tire
  • Two very chatty persons beside me during the full bus trip never stopped talking. A flow of words very difficult to cope with when you are tired with jet lag.
  • Noisy Welcome reception.
  • Happy to see new people, happy to see old friends.
  • Beautiful view, I just want to hop in shoes and hike the trails.
  • Huge North American hotel room with cold Air con and all lights on is a waste.
  • Cafe latte. Wonderful.
  • Uneasy with the Native American dance. Culture out of context.
  • I like Roxy Wen for her direct talk about things.
  • Stan Leong very positive vibe for Mozilla and Taipei office.
  • Less people who seemed to read a script at the Plenary. This is a good thing.
  • Overall good impression of the Plenary on Tuesday.
  • Does Pocket surface blogs which are edited by simple people. What’s happening in there? The promoted content seems to be mainstream editors.
  • Noisy environments do not help to have soft, relaxed discussions.
  • Finding a bug and being in admiration by the explanation of Boris Zbarsky
  • The wonderfully intoxicating smell of cypress in the mornings
  • Early morning and refreshing cold makes me happy.
  • Thanks Brianna for the cafe latte station at the breakfast area.
  • I guess I do not have a very good relationship with marketing. I need to dive into that. Plenary Wednesday.
  • Our perception of privacy is not equally distributed. People have different expectations and habits. People working at Mozilla are privileged compared to the rest of the population.
  • That said, there were comments during the panel by Lindsey Shepard, VP Product Marketing which resonated with me. So maybe, I need to break down my own silos.
  • Performance Workshop. We, the developers, techies are a bourgeoisie (by/through devices) which makes us blind to the reality of common users performances. This tied to the Plenary this morning about knowing the normal people using services online.
  • Congratulations to people who made possible to have a dot release during the All Hands.
  • Little discussions here and there which help you to unpack a of lot of unknown contexts, specifically when you are working remotely. Invaluable.
  • Working. Together.
  • Released a long due version of the code for the webcompat metrics dashboard. Found more bugs. Fixed more bugs. Filed new issues.
  • The demos session made discovered cool projects that I had no idea about. This is useful and cool.
  • Chatting about movies from childhood to now with friends we do not have the opportunities to see each other enough.
  • Laptop… shutting off automatically when the battery reaches 50%, keys 2 and m repeating time to time, and shift key not working 20% of time. This last one is probably the most frustrating. 2 years and this MacBook Pro is not giving good signs of health.
  • Spotted two bears from the gondola on our way to the top of the mountain.
  • Very good feeling about the webcompat metrics discussions after the talk by Mike Taylor. Closer work in between Web Platform Tests and Web Compat sounds like a very good thing. We need to explore and define the small loosely joined hooks that will make it really cool.
  • Firefox Devtools team, you are a bunch of awesome people.
  • Plenaries, for this Whistler All Hands, felt more sincere, more in touch with people with clearer goals for Mozilla (than the last 6 years since I started at Mozilla). So that was cool.
  • Loved the cross-cultural/cross-team vibes.
  • Thanks to the people who are contributing to the projects and give one week of their precious time with their family to work on the projects they care about.
  • Whistler is a very expensive place.
  • Slept through all the ride back from Whistler to Vancouver, avoiding being motion sick.
  • Staying in Vancouver for a couple of days
  • Then heading back to Japan on Wednesday.

Otsukare!

otsukare by Karl Dubost at

We have read in the news that big platforms are willing to tackle head on privacy. The word "privacy" became an act of marketing, a way to sell a brand, to grow market shares, to renew or increase trust. This became an object of commerce. We even see debates on who could provide the best solution for a privacy oriented platform or that privacy is a hype.

For a long time, we know that the amount of data collections by any platforms is humongous.

In the same time, another topic of concerns has increased, security with different angles:

  • being safe online for individual people
  • stopping massive data hacking
  • protecting knowledge and speech with regards to the surge of fake news

All of these mostly resonate around the one-to-many/many-to-one issues.

But one thing is certain. The big platforms will redefine the word "privacy". It will be a space where you communicate with your friends protected from the mass. Privacy will be redefined as small group communications. Don't be fooled. There is still one entity which will be recording everything, studying patterns of communications, making money on understanding your behavorial patterns.

Worse… with the illusion of privacy given by this smaller spaces of communications, the people using them will feel more secure, comfortable, more at home. They will stop thinking twice about sharing something, while the entity is still listening.

Intimacy is something we share with others in small groups indeed. It has a lot of variations, levels of opacity, adjusted for contexts. Big platforms will never be able to provide a true space of privacy or intimacy, while their core business is about listening on what we express. Smaller communication groups are indeed sometimes the solution, but they need to exist outside of any listening/recording apparatus created by a third party. Communications are a contract in between the people who choose to have them. Any third party listening, recording, analyzing to sell the value extracted from these communications challenges right away the notion of privacy. The forest is not dark, when someone is listening.

Otsukare!

Mike Taylor's Web Log by Mike Taylor at

The other day I was doing some research on DOM methods and properties that Chrome implements, and has a usecounter for, but don't exist in Firefox.

defaultstatus caught my eye, because like, there's also a use counter for defaultStatus.

(The discerning reader will notice there's a lowercase and a lowerCamelCase version. The less-discerning reader should maybe slow down and start reading from the beginning.)

As far as I know, there's no real spec for these old BOM (Baroque Object Model) properties. It's supposed to allow you to set the default value for window.status, but it probably hasn't done anything in your browser for years.

image of some baroque art shit

Chrome inherited lowercase defaultstatus from Safari, but I would love to know why Safari (or KHTML pre-fork?) added it, and why Opera, Firefox or IE never bothered. Did a site break? Did someone complain about a missing status on a page load? Did this all stem from a typo?

DOMWindow.idl has the following similar-ish comments over the years and probably more, but nothing that points to a bug:

This attribute is an alias of defaultStatus and is necessary for legacy uses. For compatibility with legacy content.

It's hard to pin down exactly when it was added. It's in Safari 0.82's kjs_window.cpp. And in this "old" kde source tree as well. It is in current KHTML sources, so that suggests it was inherited by Safari after all.

Curious to see some code in the wild, I did some bigquerying with BigQuery on the HTTPArchive dataset and got a list of ~3000 sites that have a lowercase defaultstatus. Very exciting stuff.

There's at least 4 kinds of results:

1) False-positive results like var foo_defaultstatus. I could re-run the query, but global warming is real and making Google cloud servers compute more things will only hasten our own destruction.

2) User Agent sniffing, but without looking at navigator.userAgent. I guess you could call it User Agent inference, if you really cared to make a distinction.

Here's an example from some webmail script:

O.L3 = function(n) {
    switch (n) {
        case 'ie':
            p = 'execScript';
            break;
        case 'ff':
            p = 'Components';
            break;
        case 'op':
            p = 'opera';
            break;
        case 'sf':
        case 'gc':
        case 'wk':
            p = 'defaultstatus';
            break;
    }
    return p && window[p] !== undefined;
}

And another from some kind of design firm's site:

browser = (function() {
    return {
        [snip]
        'firefox': window.sidebar,
        'opera': window.opera,
        'webkit': undefined !== window.defaultstatus,
        'safari': undefined !== window.defaultstatus && typeof CharacterData != 'function',
        'chrome': typeof window.chrome === 'object',
        [snip]
    }
})();

3a) Enumerating over global built-ins. I don't know why people do this. I see some references to Babel, Ember, and JSHint. Are we making sure the scripts aren't leaking globals? Or trying to overwrite built-ins? Who knows.

3b) Actual usage, on old sites. Here's a few examples:

<body background="images/bvs_green_bkg.gif" bgcolor="#598580" text="#A2FF00" onload="window.defaultstatus=document.title;return true;">
<body onload="window.defaultstatus='Индийский гороскоп - ведическая астрология, джйотиш онлайн.'">

This one is my favorite, and not just because the site never calls it:

function rem() {
  window.defaultstatus="ok"
}

OK, so what have we learned? I'm not sure we've learned much of anything, to be honest.

If Chrome were to remove defaultstatus the code using it as intended wouldn't break—a new global would be set, but that's not a huge deal. I guess the big risk is breaking UA sniffing and ended up in an unanticipated code-path, or worse, opting users into some kind of "your undetected browser isn't supported, download Netscape 2" scenario.

Anyways, window.defaultstatus, or window.defaultStatus for that matter, isn't as cool or interesting as Caravaggio would have you believe. Thanks for reading.

otsukare by Karl Dubost at

So on January 7, 2019, I wrote the first edition of "They Fixed It!"

This is a new chapter. I'll try to move forward in a semi-regular basis.

Let's see what are the cool things which have been fixed since that last report and helps webcompat to be better on the Web.

Thanks to them!

Otsukare!

Subscriptions