Many years ago (2011?) when I was working on PDF at Apple, and when Jailbreaking iPhones was a thing, someone posted a PDF on a Website. Just by reading the PDF on your device, it was Jailbroken.<p>Apparently the attack was done this way: someone modified an open source font library by removing bounds checking from one of its functions. They then waited 12 months to see if anyone had noticed or fixed the change. They then created a PDF with the font in question, including the embedded jailbreak code. The PDF was then released.
It's so funny this article features a timeline graphic that's a PNG with a lot of text on it. On Firefox + M1 Macbook, the first image is not up to scale for high resolution screens and each pixel is blurry, rendering the font hardly readable. Then the article continues with some SVG code... oops?
Arg this article is wrong.<p>TrueType was FREELY licensed. You could use TrueType fonts in Windows 3.1. (I know, I was there.)<p>What Apple didn't license was their Advanced Type Tech (Quickdraw GX?) which allowed for further refinements to glyph positioning.
As the article mentions fonts as an attack surface, here the "recently" released video of operation triangulation: <a href="https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers" rel="nofollow">https://media.ccc.de/v/37c3-11859-operation_triangulation_wh...</a><p>a truetype vulnerability that's been around for decades was part of the exploit
Looks a little like a redesign of fontforge to not use all these external commands but call libraries would solve a class of problems. Who knows how many there are still lurking. I am lucky I only use(d) fontforge on my local system with fonts I trust.
Maybe we need some kind of "Helvetica Confederation" so sort out these issues. A neutral body that can set standards and act as a safe repository for fonts.
These vulnerabilities don't seem to be related to Helvitica. I was expecting a critique related to fonts themselves and not bugs with general font rendering.
in addition to the omission of intellifont which mnw21cam's comment points out, this is missing most of the historical development of computerized fonts<p>it's also missing hershey fonts, which are public-domain vector stroke fonts from 01967, and knuth's computer modern fonts, which are bézier outline fonts from 01979 with the final version published in i think 01983. one origin of the concept of outline fonts seems to be from p. j. m. coueignoux's 01973 master's thesis at mit, which he elaborated on in his doctoral dissertation in 01975 (including many examples of fonts he'd represented with bézier splines). even earlier, urw founder karow's outline font design system 'ikarus' was in use starting in 01972, and a very substantial fraction of the fonts people use every day were originally outlined in it. from 01974 the fred system on the alto at xerox parc was also being actively used to design outline fonts, though knuth doesn't seem to have known about the parc work or karow's work. a couple of people who worked on the parc project went on to found adobe<p>coueignoux's dissertation cited out mergler and vargo's 01968 program for making parametric outline fonts, called 'itsylf', but it was not able to produce a complete font (just 24 letters), and its objective was just plotting out the characters on a plotter for later use with more traditional typefounding approaches, not computerized typesetting. even coueignoux doesn't seem to have attempted computerized typesetting; the letters in the specimen sheets in his dissertation are not even aligned on a common baseline. hershey <i>did</i> write a full typesetting system, although unlike his fonts it has fallen entirely out of use, and of course the typesetting system knuth wrote at the time remains in wide use to this day, often using the outline fonts he designed at the time<p>so 'adobe introduces the concept of outline fonts' in 01984 is a bald-faced lie, and the authors should be ashamed of themselves for publishing such ignorant tripe, which is contradicted by the very page they link to on the history of computerized typography
One of the reasons I use xterm is it's beautiful default bitmap fonts, every character distinct and easy to understand, no matter if it's 1 i l | or I, no matter if it's 0 O o or Ø.<p>The extra flexibility of is not worth the compromise of clarity to me.<p>I use the different sizes too:<p>"unreadable" when I need to copy-paste huge amounts of text<p>"default" for most stuff<p>and "huge" when I need a bit more focus.<p>This is also the reason I prefer 1920x1200 px display rather than higher resolutions at the same size. Higher DPIs makes the characters too small for my old eyes, and switching to a vector font only to try and reproduce the shapes I already know seem idiotic.
The only reason that they can't keep it as simple as font-family: system-ui<p>is probably because Canva is a tool for the larger crowd of designers. (I mean, I am not gonna start digging into what type of designer, that's a diff story)<p>and designers LOVE goofin' around with fonts, right?