IRC log of webfonts on 2021-10-19
Timestamps are in UTC.
- 16:04:44 [RRSAgent]
- RRSAgent has joined #webfonts
- 16:04:44 [RRSAgent]
- logging to https://www.w3.org/2021/10/19-webfonts-irc
- 16:05:04 [Zakim]
- Zakim has joined #webfonts
- 16:05:26 [Garret]
- present+
- 16:05:28 [Vlad]
- present+
- 16:05:37 [sergeym]
- present+
- 16:05:40 [Vlad]
- zakim, who is here
- 16:05:40 [Zakim]
- Vlad, you need to end that query with '?'
- 16:05:41 [myles]
- myles has joined #webfonts
- 16:05:41 [jpamental]
- jpamental has joined #webfonts
- 16:05:44 [Vlad]
- zakim, who is here?
- 16:05:44 [Zakim]
- Present: Garret, Vlad, sergeym
- 16:05:46 [Zakim]
- On IRC I see jpamental, myles, Zakim, RRSAgent, Garret, sergeym, Vlad
- 16:05:52 [myles]
- present+ myles
- 16:05:56 [jpamental]
- present+
- 16:06:17 [jpamental]
- present+ jpamental
- 16:07:22 [chris]
- chris has joined #webfonts
- 16:13:42 [chris]
- https://github.com/w3c/IFT/blob/main/RangeRequest.bs
- 16:13:50 [myles]
- ScribeNick: myles
- 16:14:09 [myles]
- Garret: If you guys hadn't see, the Harfbuzz subsetting API hit "stable" status. That's a cool milestone. It's ready for actual use
- 16:14:14 [myles]
- Vlad: Great. Thank you.
- 16:14:29 [Vlad]
- Agenda: list of issues https://github.com/w3c/IFT/issues
- 16:14:49 [myles]
- Vlad: Let's go starting from the top, one by one
- 16:15:08 [myles]
- Vlad: Chris, is there any way to record this review to reference later?
- 16:15:29 [myles]
- chris: There is, but I'm doing it. I've got an issue with the meta-review. I'm linking to it. I'll take care of the book keeping.
- 16:15:37 [myles]
- Vlad: Are there any specific resolutions we need to make?
- 16:15:38 [myles]
- chris: no.
- 16:15:47 [myles]
- Topic: I18n checklist
- 16:16:07 [myles]
- chris: I filled this in. The answer is basically "no" to most things. It would be good to get more eyes on it.
- 16:16:24 [myles]
- chris: There was only one thing which was possibly applicable. I don't think we do that in the way that they mean, but I'll let them be the judge.
- 16:16:44 [myles]
- Vlad: Text is a sequence of characters. When we ask for separate characters, we don't preserve order, so it isn't even qualified as text
- 16:16:46 [myles]
- chris: I agree.
- 16:17:05 [myles]
- Garret: I reviewed the checklist as well. Nothing jumped out at me. It all looked okay.
- 16:17:16 [myles]
- Vlad: If all the questions are "no" then there's no action to take.
- 16:17:30 [myles]
- chris: This is just something I filled in so they can review our answers. If they have questions they can ask them here
- 16:17:55 [myles]
- Topic: Self-Review Questionnaire: Security and privacy
- 16:18:22 [myles]
- chris: This asked about temporary identifiers. We make 64-bit checksums but they don't convey security information and they can't be used for tracking because every time you update a font the checksum will change.
- 16:18:41 [myles]
- Garret: The other thing: Most browsers implement caching on a domain basis; those checksums won't leave a particular domain.
- 16:18:49 [myles]
- chris: That would be useful to edit my answer to say
- 16:18:52 [myles]
- Garret: Okay, I can do that.
- 16:19:26 [myles]
- Topic: Range requests and preflights
- 16:19:54 [myles]
- Garret: They're noting the development of another spec which may be interesting to us.
- 16:20:05 [myles]
- Vlad: I sounds like we will be working on range request specification. Can we use it, Myles?
- 16:20:10 [myles]
- myles: i dunno. presumably.
- 16:20:30 [myles]
- Garret: It's a change to range requests that avoids CORS in certain situations. Hopefully we can be in those situations
- 16:20:57 [myles]
- Topic: Early wide review of IFT
- 16:21:28 [myles]
- chris: This is the meta-issue where I track all the other issues. A18y is happy so I checked them off. We need to do privacy though. I don't know about security though. TAG review is blocked on those
- 16:21:59 [myles]
- Topic: FAST Checklist review for IFT
- 16:22:57 [myles]
- Vlad: In addition to what chris indicated, there was a question about if something we do affects content presentation. We might affect content presentation. If a font is requested but not available, there's a unique character set that the content relies on, it will not be rendered.
- 16:23:08 [myles]
- myles: PUA characters?
- 16:23:35 [myles]
- Vlad: Not necessarily. For example, you might have content in a unique language that is archaic that is not universally supported anywhere. If you want to quote something in that language, that text might not render.
- 16:23:54 [myles]
- myles: that's the same for all fonts it hink
- 16:24:20 [myles]
- Vlad: For some languages, the expectation might be if you don't have a web font loaded, there will be some other font available to display the content. But it's not universally true for every language and character set
- 16:24:45 [myles]
- chris: I think myles is right. This is general about webfonts. Webfonts are well-accepted. We only need to cover the differences between normal webfonts
- 16:25:04 [myles]
- Garret: In terms of what content will and will not be there, there's no difference comparing a font with IFC and a font without IFC.
- 16:25:33 [myles]
- Vlad: Many browsers have certain rules in place about for example if you wait for a font to load and if it doesn't you abandon it. Those rules will never be an issue in IFT. Hopefully
- 16:27:51 [chris]
- https://drafts.csswg.org/css-font-loading-3/
- 16:27:55 [myles]
- myles: well, the rules will still have to exist, they just might be triggered less often.
- 16:28:12 [myles]
- myles: we have to figure out what to do with the font loading timeline, though. it's a big open issue.
- 16:28:16 [myles]
- Garret: That should be done in CSS
- 16:28:18 [myles]
- myles: OK
- 16:28:46 [myles]
- Topic: Privacy section is entirely missing
- 16:29:30 [myles]
- Garret: My opinion is this is important and we should call it out, but maybe we should leave most of the details up to the implementations. We may get it wrong, and once it's specified it's set in stone. Implementations might want to iterate to get to the right level of privacy
- 16:29:54 [myles]
- Vlad: I realized I started typing a comment but I forgot to hit enter. Please refresh it
- 16:30:29 [myles]
- Vlad: I agree that making a request to do something shouldn't be something we do unless we're certain we want to do and has benefit. I commented earlier saying that i'm not sure I agree with the blanket request to add necessary glyphs just to fuzzy the content up. It seems like overkill for many languages.
- 16:30:56 [myles]
- Vlad: We discussed something in the past about using statistical distributions to optimize subsets. If someone asks for a subset, we might as well include additional characters for performance
- 16:31:24 [myles]
- Vlad: We could mention this in the spec. I'm reluctant to make it mandatory. It's best to be left to the implementors.
- 16:31:34 [myles]
- Vlad: They can choose and add value.
- 16:32:09 [myles]
- Garret: There are 2 other mitigating factors: 1. We require HTTPS. 2. The caching is on the domain level, so your current state is silo'ed into that one domain.
- 16:35:24 [myles]
- myles: I disagree. Protecting privacy is important. I agree that the spec shouldn't be overly presecriptive, but the spec shouldn't say nothign either. We're arguing about where within the spectrum the spec should lie; maybe instead of arguing about generalities we should write example spec text and argue about the specifics of that text.
- 16:35:55 [myles]
- Garret: We don't want the spec-text to list every script. We don't have the expertise to get that right
- 16:35:56 [myles]
- jpamental: Is it reasonable in the spec to suggest adding some percentage of additional glyphs?
- 16:36:35 [myles]
- Garret: Yes. There are probably quite a few scripts which this is unnecessary - like latin. We could say "here's a way to classify scripts in 'needs it' and 'doesn't need it'" I dont' know what that would exactly look like
- 16:37:55 [myles]
- myles: We can provide minimums. We can also charactize scipts by number of characters
- 16:37:55 [myles]
- Vlad: We can include something to hint that there is a freedom here to add value and do more.
- 16:38:19 [myles]
- myles: There has to be minimums
- 16:38:37 [myles]
- Vlad: The spec can say "it may be useful, but not everything needs it"
- 16:39:08 [myles]
- Garret: I can come up with some proposed spec text
- 16:39:24 [myles]
- chris: I would be more comfortable with a more data-driven approach.
- 16:40:11 [myles]
- chris: I would like to know, for a script, if we have a corpus of 100 documents, if you can tell with what accuracy whcih one is being requested
- 16:40:34 [myles]
- myles: we might be able to do what with the corpus we've already provided
- 16:40:39 [myles]
- Garret: We also have character frequency data.
- 16:40:48 [myles]
- Vlad: Would also be an example
- 16:41:03 [myles]
- Garret: If you have characters which are low frequency, their inclusion carries more information than a common one
- 16:41:55 [myles]
- chris: I'm not sure how much this is a problem
- 16:42:32 [myles]
- myles: Also we have to be aware that the font server can be part of the attack vector.
- 16:42:35 [myles]
- Garret: Sure.
- 16:42:55 [myles]
- Vlad: Okay. Once we have specific proposed text we can discuss it then.
- 16:43:22 [myles]
- myles: what's the rationale for HTTP-only?
- 16:43:31 [myles]
- Garret: This is more privacy-sensitive than general font transfers
- 16:44:24 [myles]
- Garret: I think it would be nice to encourage using the more secure technology these days. In general, HTTP is not recommended
- 16:45:08 [myles]
- myles: We don't generally agree. HTTPS and webfonts are pretty unrelated
- 16:45:33 [myles]
- myles: If we get a good solution for this privacy stuff, we might be able to relax the HTTPS-only requirement
- 16:45:57 [myles]
- Garret: We'd have to have a pretty good solution, but yes theoretically
- 16:46:16 [myles]
- Garret: Fonts are attack vectors. MITM attacks can compromise systems.
- 16:46:25 [myles]
- chris: I agree. Some systems are more or less sensitive than others
- 16:46:42 [myles]
- Garret: This is more than theoretical
- 16:47:26 [myles]
- Topic: Method negotiation has potential time wastes in it
- 16:47:55 [myles]
- myles: I need time to page this back into my mind
- 16:48:01 [myles]
- Garret: I made a PR to require patch-subset servers also support the range-request method
- 16:48:40 [myles]
- Garret: For the second issue, I think that first request won't be large, so it won't be a big deal.
- 16:48:45 [myles]
- myles: it won't be large???
- 16:48:53 [myles]
- Garret: I'd expect the worst case to be 400 bytes
- 16:49:13 [myles]
- Vlad: In response to this discussion, do we expect spec changes?
- 16:49:32 [myles]
- Garret: For problem 1, there's a PR. For problem 2, no
- 16:49:55 [myles]
- Vlad: Please write spec text for problem 2 if you want changes
- 16:49:56 [myles]
- Garret: <describes PR>
- 16:50:28 [myles]
- myles: I'll make proposed spec text for problem 2
- 16:51:01 [myles]
- Topic: Considerations for multiple distinct servers in patch-subset method
- 16:51:25 [myles]
- Garret: This is a tricky one. I don't think we need anything in the protocol to help with this. I put a comment on here stating how I think we might do it. I'm open to other perspective though
- 16:52:09 [myles]
- Garret: There's probably a spectrum of people who might be running this technology. Their needs will be different. A smaller site won't have this problem. A further from that, a small number of instances, this isn't a problem for them. It only is an issue when you have a large number of instances across the world
- 16:52:40 [myles]
- Garret: From Google Fonts's perspective, we would need to solve this, but it wouldn't require protocol changes.
- 16:52:59 [myles]
- Vlad: Would we hit critical compat issue where a request comes where the server cannot respond.
- 16:53:07 [myles]
- chris: The spec says you start again from fresh in that case
- 16:53:21 [myles]
- Garret: If the server can't reproduce the state, then it just gives you a new replacement font
- 16:53:54 [myles]
- the concern is that if you have a fleet of half new version and half old version, and they disagree, then the client could jump back and forth between the two different versions
- 16:54:28 [myles]
- Garret: We would solve it by sticky load balancing. One client, for a specific font, they'd go to the same backend. The upgrade for a particular user would be atomic
- 16:54:54 [myles]
- Garret: Even if we had that token, it wouldn't be all that helpful from the backend perspective. We can't run two versions of the subsetter binary on the server.
- 16:55:27 [myles]
- myles: sounds like we need a note to note the concern, and that's it
- 16:55:29 [myles]
- Garret: okay
- 16:55:53 [myles]
- Garret: once the subsetter is stable, it will probably be rare that we will change the font's binaries
- 16:56:02 [myles]
- Garret: Where there are changes, it will be limited to corner cases probably. We probably won't see changes that affect all fonts
- 16:56:19 [myles]
- myles: really?
- 16:56:22 [myles]
- Garret: It will be infrequent.
- 16:56:46 [myles]
- Garret: Subsetting for most tables in most fonts is well-defined. There's not much to change. But there are places where we might be making optimizations. But that will affect a small number of fonts.
- 16:58:05 [myles]
- Topic: Font Collection support
- 16:58:49 [myles]
- myles: WebKit supports TTCs
- 16:59:02 [myles]
- Vlad: I don't know what kind of considerations you had in mind
- 16:59:30 [myles]
- Vlad: IFT produces WOFF2 files, and WOFF2 supports collections.
- 16:59:54 [myles]
- Vlad: What we put in is the output of the subsetter. It's up to the subsetter
- 17:00:21 [myles]
- Garret: THe current subsetters do support in a way collections - you can say "given a collection, subset a single font inside" but the current subsetter implementations can't subset the collection as a whole. This is a challenging problem to implement around teh sahred tables.
- 17:00:33 [myles]
- Garret: We probably do want something here.
- 17:03:10 [myles]
- Garret: Having this technology, we might not need collections. With subsets, we might not need shared cmaps. If you this collection, and you have subsets inside the collection, you won't be able to share cmap. That once shared cmap will become duplicate.
- 17:03:22 [myles]
- myles: that's reasonable. We should at least describe what happens when the input is a TTC.
- 17:03:55 [myles]
- Vlad: We should make sure that if the request comes for the TTC portion that we have enough <missed>
- 17:05:25 [myles]
- Garret: I had 2 proposals for how to incorporate TTC. 1. Add a single font index field into the request - you make a separate request for each in the collection, and the server opens up the TTC and only considers a single font. The alternative is that we make changes to the request message, to specify parallel data for every item inside the collecetion. In HTTP2, you can do parallel requests .... but you can't use that
- 17:05:55 [myles]
- myles: I think I need to confer with my team about how these TTCs are being used
- 17:06:06 [myles]
- Garret: Even if all the members are used, requesting in parallel might acutally end up being faster than one big request
- 17:06:36 [myles]
- Garret: next steps: wait for more information
- 17:06:47 [myles]
- Vlad: Don't we have what we need already?
- 17:07:17 [myles]
- Garret: If we wanted to support collections, the bare minimum is a single new field. Or a third option: Subset all the fonts in the collection to the same set. That would require no changes to the spec today
- 17:08:34 [myles]
- Garret: There's one small benefit: The table sharing would still work if you were subsetting all the fonts to the same subset. But the additional waste might counteract that.
- 17:15:30 [myles]
- Topic: shown (where?) to give the smallest encodings
- 17:15:54 [myles]
- Vlad: This is editorial
- 17:15:54 [myles]
- Vlad: I'm not sure how much more we can do about it
- 17:15:54 [myles]
- Vlad: Garret may have had a PR in place for this?
- 17:16:34 [myles]
- Garret: I don't have a PR for this, but i plan on making one. This is based on the simulations I did for the compression sizes. The solution is to just publish those results and link to them from this spec. Just to backup the recommendation.
- 17:16:43 [myles]
- Vlad: Do you have a timeline?
- 17:16:46 [myles]
- Garret: Next week or two
- 17:17:05 [myles]
- myles: Presumably publish in this repo
- 17:17:07 [myles]
- Garret: Or the analysis one
- 17:17:23 [myles]
- myles: sure
- 17:18:08 [myles]
- Topic: Progress update
- 17:18:51 [myles]
- Garret: We had the prototype client and server implementation, those were based on protobufs. In the last couple weeks we converted to use CBOR. Client and server are almost spec-compliant. In the near future we should have a spec-compliant reference implementation of patch-subset.
- 17:18:55 [myles]
- Vlad: Do you have links we can share?
- 17:19:04 [myles]
- Garret: Yes. We moved it to a W3C repo.
- 17:19:05 [Garret]
- https://github.com/w3c/patch-subset-incxfer
- 17:19:26 [myles]
- Topic: Conformance tests
- 17:20:04 [myles]
- Garret: I don't have a ton of experience. We have an implementation as a black box and we make test against it.
- 17:20:08 [myles]
- chris: It depends how black it is
- 17:20:24 [myles]
- Vlad: When we did it for WOFF2, we checked if rendered results are different
- 17:20:36 [myles]
- Garret: So you load it in a browser?
- 17:20:49 [myles]
- Vlad: Everything that was "must" in the spec would have a font
- 17:21:33 [myles]
- Garret: We'll probably split the conformance suite into two parts - client and server. For server, it will send HTTP and check the response. For client tests, we'll probably need HTML tests.
- 17:22:03 [myles]
- myles: How do we know if it was incrementally transfered?
- 17:22:48 [myles]
- chris: you can use unicode-range
- 17:22:56 [myles]
- myles: i'm not sure that works
- 17:23:09 [chris]
- I wasn't suggesting unicode-range btw
- 17:24:25 [myles]
- Garret: The only requirement is that the client sends at least what was requested. a naive implementation would pass that requirement
- 17:28:14 [myles]
- Garret: Where should the tests live? separate repo?
- 17:28:15 [myles]
- chris: Yes
- 17:28:31 [myles]
- chris: Do want separate repos for client tests and server tests? We might want to put the client ones into WPT
- 17:28:55 [myles]
- myles: The client tests may actually need a server (!!)
- 17:30:23 [myles]
- myles: It sort of depends what the browser API will look like. We might tie it into the CSS Font Loading API, in which case the JS could do its own loading
- 17:30:26 [myles]
- Garret: I could prototype it
- 17:30:49 [myles]
- Vlad: In the old workflow, we had a stylesheet to map different parts of the spec to <missed>. Do we have anything similar with bikeshed?
- 17:31:04 [myles]
- chris: I don't think so in bikeshed. It was just based on classes, right? We can put the classes into the bikeshed and they will get passed through
- 17:31:11 [myles]
- Vlad: ok
- 17:31:28 [myles]
- Vlad: If we define classes, we could re-use the same stylesheet we used to have?
- 17:31:32 [myles]
- chris: Yeah, something like that
- 17:32:24 [myles]
- Garret: I'm officially transferring over to Google Canada, but I have to use up my vacation, so I'm taking the next few weeks off
- 17:34:30 [myles]
- Next call: November 16
- 17:35:37 [chris]
- rrsagent, make minutes
- 17:35:37 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/10/19-webfonts-minutes.html chris
- 17:36:31 [chris]
- Meeting: Web Fonts WG
- 17:36:43 [chris]
- Chair: Vlad
- 17:36:55 [chris]
- present+
- 17:36:59 [chris]
- rrsagent, make minutes
- 17:36:59 [RRSAgent]
- I have made the request to generate https://www.w3.org/2021/10/19-webfonts-minutes.html chris