Andrew Sutherland (vis.social

@[email protected]
297 Followers
238 Following
101 Posts

vis.social mod

Mozilla platform hacker, formerly Mozilla email hacker, currently interested in data/info visualization for system understanding through static and dynamic analysis as exposed on searchfox.org, historically also very interested in email/communication visualization.

Bloghttps://www.visophyte.org/blog/
GitHubhttps://github.com/asutherland/
pronounshe/him
Andrew Sutherland (vis.socialJan 12
Graydon HoareJan 12
it is with an extremely heavy heart that i inform you all that Ralph Giles aka @rillian at many places died suddenly of a heart attack over the weekend. i will miss him so much.
Show threadAndrew Sutherland (vis.socialSep 27
@freddy Thank you very much for the alt text here! My brain was really confused about what was going on because I misinterpreted the picture and its scale to think this was a box above a door where no one could reach it, but it sounds like that's a doorbell button itself besides a door that has a sticker over it that was intended to be removed upon installation. I guess they left the sticker on because they don't want people to see the light and push the button?
Show threadAndrew Sutherland (vis.socialAug 7, 2025

@dbaron It does seem like there's been an expansion of rabbits. I'm still in the Philly suburbs and I never really remember having a lot of rabbits, just deer, but now we definitely have a lot of rabbits on top of rather a lot of deer. The rabbits seem to have even taken over the groundhog house under my shed.

Of course, this may just be a side effect of the disappearance of the foxes that I would see on a daily basis that also correlates with an increase in deer hanging out.

Show threadAndrew Sutherland (vis.socialJun 29, 2025
@dannycolin @krosylight @emz I remember @rain discussing that Sapling was trying something in this space with https://sapling-scm.com/docs/addons/reviewstack/
ReviewStack | Sapling

ReviewStack (reviewstack.dev) is a novel user interface for GitHub pull requests with custom support for stacked changes. The user experience is inspired by Meta's internal code review tool, but leverages GitHub's design system to achieve a look and feel that is familiar to GitHub users:

Show threadAndrew Sutherland (vis.socialJun 22, 2025
@artcollisions corntain
Show threadAndrew Sutherland (vis.socialJun 20, 2025
@timdream For postMessage-ing Blobs between frames (and across origins) I think there's nothing to worry about. I think the spec has caught up with reality and is now consistent for object URLs; same agent cluster, same storage key/partition (https://w3c.github.io/FileAPI/#partitioningOfBlobUrls), but implementations may still be lagging. The safest thing to do with blob URLs though is to do what the spec originally intended was only use them in the document you create them in (or for a worker created from that doc).
File API

Show threadAndrew Sutherland (vis.socialJun 19, 2025
@timdream I should note that a major meta problem with everything in this space is just that all the interesting good actor use-cases are also incredibly attractive to bad-actors. And in many cases (like the VS code case), she solution is just to work with the origin security model of the web and host things on distinct (sub)domains (potentially leveraging the public suffix list). Because that's also then legible to at least some users as to what's going on.
Show threadAndrew Sutherland (vis.socialJun 19, 2025
@timdream At least in Firefox (and I think the intent behind the spec text at https://w3c.github.io/FileAPI/#partitioningOfBlobUrls about navigations) was that if you manually navigate/open a new tab with a blob URL (copy a link, and paste it into the URL bar; or right-click on the blob URL link and select open in new tab), it works (and we relax the same-agent-cluster policy that maybe comes from other spec text). I'm hazy on where we are in regards to our impl and spec plans for that.
File API

Show threadAndrew Sutherland (vis.socialJun 19, 2025

@timdream That said, I think frequently what people want is a situation like that provided by Web Extension content scripts (or privileged system code in Firefox or Thunderbird), and that is not provided by the web platform yet, but I think Shadow Realms (https://github.com/tc39/proposal-shadowrealm/blob/main/explainer.md) is the closest thing right now.

https://github.com/w3c/ServiceWorker/issues/1437 is maybe interesting to you in this use case, although ServiceWorkers is very unlikely to provide the requested API.

proposal-shadowrealm/explainer.md at main · tc39/proposal-shadowrealm

ECMAScript Proposal, specs, and reference implementation for Realms - tc39/proposal-shadowrealm

GitHub
Show threadAndrew Sutherland (vis.socialJun 19, 2025
@timdream I'm not sure I fully understand what you're proposing, but you should be able to use createObjectURL from an opaque origin such as a sandboxed iframe (where "allow-scripts" is specified but not "allow-same-origin") to get a blob URL that is associated with that opaque origin. The blob will then look like "blob:null/54768f54-dcbe-4bf3-93eb-75d3a843f008".