16:04:44 RRSAgent has joined #webfonts 16:04:44 logging to https://www.w3.org/2021/10/19-webfonts-irc 16:05:04 Zakim has joined #webfonts 16:05:26 present+ 16:05:28 present+ 16:05:37 present+ 16:05:40 zakim, who is here 16:05:40 Vlad, you need to end that query with '?' 16:05:41 myles has joined #webfonts 16:05:41 jpamental has joined #webfonts 16:05:44 zakim, who is here? 16:05:44 Present: Garret, Vlad, sergeym 16:05:46 On IRC I see jpamental, myles, Zakim, RRSAgent, Garret, sergeym, Vlad 16:05:52 present+ myles 16:05:56 present+ 16:06:17 present+ jpamental 16:07:22 chris has joined #webfonts 16:13:42 https://github.com/w3c/IFT/blob/main/RangeRequest.bs 16:13:50 ScribeNick: myles 16:14:09 Garret: If you guys hadn't see, the Harfbuzz subsetting API hit "stable" status. That's a cool milestone. It's ready for actual use 16:14:14 Vlad: Great. Thank you. 16:14:29 Agenda: list of issues https://github.com/w3c/IFT/issues 16:14:49 Vlad: Let's go starting from the top, one by one 16:15:08 Vlad: Chris, is there any way to record this review to reference later? 16:15:29 chris: There is, but I'm doing it. I've got an issue with the meta-review. I'm linking to it. I'll take care of the book keeping. 16:15:37 Vlad: Are there any specific resolutions we need to make? 16:15:38 chris: no. 16:15:47 Topic: I18n checklist 16:16:07 chris: I filled this in. The answer is basically "no" to most things. It would be good to get more eyes on it. 16:16:24 chris: There was only one thing which was possibly applicable. I don't think we do that in the way that they mean, but I'll let them be the judge. 16:16:44 Vlad: Text is a sequence of characters. When we ask for separate characters, we don't preserve order, so it isn't even qualified as text 16:16:46 chris: I agree. 16:17:05 Garret: I reviewed the checklist as well. Nothing jumped out at me. It all looked okay. 16:17:16 Vlad: If all the questions are "no" then there's no action to take. 16:17:30 chris: This is just something I filled in so they can review our answers. If they have questions they can ask them here 16:17:55 Topic: Self-Review Questionnaire: Security and privacy 16:18:22 chris: This asked about temporary identifiers. We make 64-bit checksums but they don't convey security information and they can't be used for tracking because every time you update a font the checksum will change. 16:18:41 Garret: The other thing: Most browsers implement caching on a domain basis; those checksums won't leave a particular domain. 16:18:49 chris: That would be useful to edit my answer to say 16:18:52 Garret: Okay, I can do that. 16:19:26 Topic: Range requests and preflights 16:19:54 Garret: They're noting the development of another spec which may be interesting to us. 16:20:05 Vlad: I sounds like we will be working on range request specification. Can we use it, Myles? 16:20:10 myles: i dunno. presumably. 16:20:30 Garret: It's a change to range requests that avoids CORS in certain situations. Hopefully we can be in those situations 16:20:57 Topic: Early wide review of IFT 16:21:28 chris: This is the meta-issue where I track all the other issues. A18y is happy so I checked them off. We need to do privacy though. I don't know about security though. TAG review is blocked on those 16:21:59 Topic: FAST Checklist review for IFT 16:22:57 Vlad: In addition to what chris indicated, there was a question about if something we do affects content presentation. We might affect content presentation. If a font is requested but not available, there's a unique character set that the content relies on, it will not be rendered. 16:23:08 myles: PUA characters? 16:23:35 Vlad: Not necessarily. For example, you might have content in a unique language that is archaic that is not universally supported anywhere. If you want to quote something in that language, that text might not render. 16:23:54 myles: that's the same for all fonts it hink 16:24:20 Vlad: For some languages, the expectation might be if you don't have a web font loaded, there will be some other font available to display the content. But it's not universally true for every language and character set 16:24:45 chris: I think myles is right. This is general about webfonts. Webfonts are well-accepted. We only need to cover the differences between normal webfonts 16:25:04 Garret: In terms of what content will and will not be there, there's no difference comparing a font with IFC and a font without IFC. 16:25:33 Vlad: Many browsers have certain rules in place about for example if you wait for a font to load and if it doesn't you abandon it. Those rules will never be an issue in IFT. Hopefully 16:27:51 https://drafts.csswg.org/css-font-loading-3/ 16:27:55 myles: well, the rules will still have to exist, they just might be triggered less often. 16:28:12 myles: we have to figure out what to do with the font loading timeline, though. it's a big open issue. 16:28:16 Garret: That should be done in CSS 16:28:18 myles: OK 16:28:46 Topic: Privacy section is entirely missing 16:29:30 Garret: My opinion is this is important and we should call it out, but maybe we should leave most of the details up to the implementations. We may get it wrong, and once it's specified it's set in stone. Implementations might want to iterate to get to the right level of privacy 16:29:54 Vlad: I realized I started typing a comment but I forgot to hit enter. Please refresh it 16:30:29 Vlad: I agree that making a request to do something shouldn't be something we do unless we're certain we want to do and has benefit. I commented earlier saying that i'm not sure I agree with the blanket request to add necessary glyphs just to fuzzy the content up. It seems like overkill for many languages. 16:30:56 Vlad: We discussed something in the past about using statistical distributions to optimize subsets. If someone asks for a subset, we might as well include additional characters for performance 16:31:24 Vlad: We could mention this in the spec. I'm reluctant to make it mandatory. It's best to be left to the implementors. 16:31:34 Vlad: They can choose and add value. 16:32:09 Garret: There are 2 other mitigating factors: 1. We require HTTPS. 2. The caching is on the domain level, so your current state is silo'ed into that one domain. 16:35:24 myles: I disagree. Protecting privacy is important. I agree that the spec shouldn't be overly presecriptive, but the spec shouldn't say nothign either. We're arguing about where within the spectrum the spec should lie; maybe instead of arguing about generalities we should write example spec text and argue about the specifics of that text. 16:35:55 Garret: We don't want the spec-text to list every script. We don't have the expertise to get that right 16:35:56 jpamental: Is it reasonable in the spec to suggest adding some percentage of additional glyphs? 16:36:35 Garret: Yes. There are probably quite a few scripts which this is unnecessary - like latin. We could say "here's a way to classify scripts in 'needs it' and 'doesn't need it'" I dont' know what that would exactly look like 16:37:55 myles: We can provide minimums. We can also charactize scipts by number of characters 16:37:55 Vlad: We can include something to hint that there is a freedom here to add value and do more. 16:38:19 myles: There has to be minimums 16:38:37 Vlad: The spec can say "it may be useful, but not everything needs it" 16:39:08 Garret: I can come up with some proposed spec text 16:39:24 chris: I would be more comfortable with a more data-driven approach. 16:40:11 chris: I would like to know, for a script, if we have a corpus of 100 documents, if you can tell with what accuracy whcih one is being requested 16:40:34 myles: we might be able to do what with the corpus we've already provided 16:40:39 Garret: We also have character frequency data. 16:40:48 Vlad: Would also be an example 16:41:03 Garret: If you have characters which are low frequency, their inclusion carries more information than a common one 16:41:55 chris: I'm not sure how much this is a problem 16:42:32 myles: Also we have to be aware that the font server can be part of the attack vector. 16:42:35 Garret: Sure. 16:42:55 Vlad: Okay. Once we have specific proposed text we can discuss it then. 16:43:22 myles: what's the rationale for HTTP-only? 16:43:31 Garret: This is more privacy-sensitive than general font transfers 16:44:24 Garret: I think it would be nice to encourage using the more secure technology these days. In general, HTTP is not recommended 16:45:08 myles: We don't generally agree. HTTPS and webfonts are pretty unrelated 16:45:33 myles: If we get a good solution for this privacy stuff, we might be able to relax the HTTPS-only requirement 16:45:57 Garret: We'd have to have a pretty good solution, but yes theoretically 16:46:16 Garret: Fonts are attack vectors. MITM attacks can compromise systems. 16:46:25 chris: I agree. Some systems are more or less sensitive than others 16:46:42 Garret: This is more than theoretical 16:47:26 Topic: Method negotiation has potential time wastes in it 16:47:55 myles: I need time to page this back into my mind 16:48:01 Garret: I made a PR to require patch-subset servers also support the range-request method 16:48:40 Garret: For the second issue, I think that first request won't be large, so it won't be a big deal. 16:48:45 myles: it won't be large??? 16:48:53 Garret: I'd expect the worst case to be 400 bytes 16:49:13 Vlad: In response to this discussion, do we expect spec changes? 16:49:32 Garret: For problem 1, there's a PR. For problem 2, no 16:49:55 Vlad: Please write spec text for problem 2 if you want changes 16:49:56 Garret: 16:50:28 myles: I'll make proposed spec text for problem 2 16:51:01 Topic: Considerations for multiple distinct servers in patch-subset method 16:51:25 Garret: This is a tricky one. I don't think we need anything in the protocol to help with this. I put a comment on here stating how I think we might do it. I'm open to other perspective though 16:52:09 Garret: There's probably a spectrum of people who might be running this technology. Their needs will be different. A smaller site won't have this problem. A further from that, a small number of instances, this isn't a problem for them. It only is an issue when you have a large number of instances across the world 16:52:40 Garret: From Google Fonts's perspective, we would need to solve this, but it wouldn't require protocol changes. 16:52:59 Vlad: Would we hit critical compat issue where a request comes where the server cannot respond. 16:53:07 chris: The spec says you start again from fresh in that case 16:53:21 Garret: If the server can't reproduce the state, then it just gives you a new replacement font 16:53:54 the concern is that if you have a fleet of half new version and half old version, and they disagree, then the client could jump back and forth between the two different versions 16:54:28 Garret: We would solve it by sticky load balancing. One client, for a specific font, they'd go to the same backend. The upgrade for a particular user would be atomic 16:54:54 Garret: Even if we had that token, it wouldn't be all that helpful from the backend perspective. We can't run two versions of the subsetter binary on the server. 16:55:27 myles: sounds like we need a note to note the concern, and that's it 16:55:29 Garret: okay 16:55:53 Garret: once the subsetter is stable, it will probably be rare that we will change the font's binaries 16:56:02 Garret: Where there are changes, it will be limited to corner cases probably. We probably won't see changes that affect all fonts 16:56:19 myles: really? 16:56:22 Garret: It will be infrequent. 16:56:46 Garret: Subsetting for most tables in most fonts is well-defined. There's not much to change. But there are places where we might be making optimizations. But that will affect a small number of fonts. 16:58:05 Topic: Font Collection support 16:58:49 myles: WebKit supports TTCs 16:59:02 Vlad: I don't know what kind of considerations you had in mind 16:59:30 Vlad: IFT produces WOFF2 files, and WOFF2 supports collections. 16:59:54 Vlad: What we put in is the output of the subsetter. It's up to the subsetter 17:00:21 Garret: THe current subsetters do support in a way collections - you can say "given a collection, subset a single font inside" but the current subsetter implementations can't subset the collection as a whole. This is a challenging problem to implement around teh sahred tables. 17:00:33 Garret: We probably do want something here. 17:03:10 Garret: Having this technology, we might not need collections. With subsets, we might not need shared cmaps. If you this collection, and you have subsets inside the collection, you won't be able to share cmap. That once shared cmap will become duplicate. 17:03:22 myles: that's reasonable. We should at least describe what happens when the input is a TTC. 17:03:55 Vlad: We should make sure that if the request comes for the TTC portion that we have enough 17:05:25 Garret: I had 2 proposals for how to incorporate TTC. 1. Add a single font index field into the request - you make a separate request for each in the collection, and the server opens up the TTC and only considers a single font. The alternative is that we make changes to the request message, to specify parallel data for every item inside the collecetion. In HTTP2, you can do parallel requests .... but you can't use that 17:05:55 myles: I think I need to confer with my team about how these TTCs are being used 17:06:06 Garret: Even if all the members are used, requesting in parallel might acutally end up being faster than one big request 17:06:36 Garret: next steps: wait for more information 17:06:47 Vlad: Don't we have what we need already? 17:07:17 Garret: If we wanted to support collections, the bare minimum is a single new field. Or a third option: Subset all the fonts in the collection to the same set. That would require no changes to the spec today 17:08:34 Garret: There's one small benefit: The table sharing would still work if you were subsetting all the fonts to the same subset. But the additional waste might counteract that. 17:15:30 Topic: shown (where?) to give the smallest encodings 17:15:54 Vlad: This is editorial 17:15:54 Vlad: I'm not sure how much more we can do about it 17:15:54 Vlad: Garret may have had a PR in place for this? 17:16:34 Garret: I don't have a PR for this, but i plan on making one. This is based on the simulations I did for the compression sizes. The solution is to just publish those results and link to them from this spec. Just to backup the recommendation. 17:16:43 Vlad: Do you have a timeline? 17:16:46 Garret: Next week or two 17:17:05 myles: Presumably publish in this repo 17:17:07 Garret: Or the analysis one 17:17:23 myles: sure 17:18:08 Topic: Progress update 17:18:51 Garret: We had the prototype client and server implementation, those were based on protobufs. In the last couple weeks we converted to use CBOR. Client and server are almost spec-compliant. In the near future we should have a spec-compliant reference implementation of patch-subset. 17:18:55 Vlad: Do you have links we can share? 17:19:04 Garret: Yes. We moved it to a W3C repo. 17:19:05 https://github.com/w3c/patch-subset-incxfer 17:19:26 Topic: Conformance tests 17:20:04 Garret: I don't have a ton of experience. We have an implementation as a black box and we make test against it. 17:20:08 chris: It depends how black it is 17:20:24 Vlad: When we did it for WOFF2, we checked if rendered results are different 17:20:36 Garret: So you load it in a browser? 17:20:49 Vlad: Everything that was "must" in the spec would have a font 17:21:33 Garret: We'll probably split the conformance suite into two parts - client and server. For server, it will send HTTP and check the response. For client tests, we'll probably need HTML tests. 17:22:03 myles: How do we know if it was incrementally transfered? 17:22:48 chris: you can use unicode-range 17:22:56 myles: i'm not sure that works 17:23:09 I wasn't suggesting unicode-range btw 17:24:25 Garret: The only requirement is that the client sends at least what was requested. a naive implementation would pass that requirement 17:28:14 Garret: Where should the tests live? separate repo? 17:28:15 chris: Yes 17:28:31 chris: Do want separate repos for client tests and server tests? We might want to put the client ones into WPT 17:28:55 myles: The client tests may actually need a server (!!) 17:30:23 myles: It sort of depends what the browser API will look like. We might tie it into the CSS Font Loading API, in which case the JS could do its own loading 17:30:26 Garret: I could prototype it 17:30:49 Vlad: In the old workflow, we had a stylesheet to map different parts of the spec to . Do we have anything similar with bikeshed? 17:31:04 chris: I don't think so in bikeshed. It was just based on classes, right? We can put the classes into the bikeshed and they will get passed through 17:31:11 Vlad: ok 17:31:28 Vlad: If we define classes, we could re-use the same stylesheet we used to have? 17:31:32 chris: Yeah, something like that 17:32:24 Garret: I'm officially transferring over to Google Canada, but I have to use up my vacation, so I'm taking the next few weeks off 17:34:30 Next call: November 16 17:35:37 rrsagent, make minutes 17:35:37 I have made the request to generate https://www.w3.org/2021/10/19-webfonts-minutes.html chris 17:36:31 Meeting: Web Fonts WG 17:36:43 Chair: Vlad 17:36:55 present+ 17:36:59 rrsagent, make minutes 17:36:59 I have made the request to generate https://www.w3.org/2021/10/19-webfonts-minutes.html chris