- From: Sylvain Galineau <sylvaing@microsoft.com>
- Date: Fri, 28 Jan 2011 00:04:00 +0000
- To: Behdad Esfahbod <behdad@google.com>
- CC: WOFF Working Group <public-webfonts-wg@w3.org>
- Message-ID: <045A765940533D4CA4933A4A7E32597E2AB05B04@TK5EX14MBXC120.redmond.corp.microsoft.>
“I'm just pointing out that the decisions are not warranted given the requirements. So lets not pretend that they do.” Is that what you call respectful ? Is that how you engage a group of people who have been working on something for quite some time without your involvement ? Is signing your email ‘Unimpressed’ following an incoherent diatribe respectful ? As opposed to asking further questions to clarify what you’re missing ? If you can’t tell the difference between a flat assertion such as: “These decisions are wrong given the requirements; you are simply acting like they do” (without even stating the requirements) And something like… “Well, I still don’t understand why it works this way. Take this here. Wouldn’t X be better instead ? It would prevent this and allow that” …then go ahead, take whatever ‘formal methods’ you want if you think that will make everyone jump around to go through the same debates we’ve resolved two years ago. At the very least, ask yourself which you’d prefer finding in your inbox about your own work. All of this has already debated, Behdad. Treating fonts just like any other file was implemented and released by three browsers. All of which have now either shipped WOFF or are working on their implementation. So I think you could *at least* give all the people who did this work the benefit of the doubt instead of acting as if anything that doesn’t work the way you assume it should were obviously wrong. To paraphrase you “I’m just pointing out that your tone is not warranted given your obvious lack of understanding. So let’s not pretend it will help you get the answers you’re seeking”. OK ? From: Behdad Esfahbod [mailto:behdad@google.com] Sent: Thursday, January 27, 2011 3:06 PM To: Sylvain Galineau Cc: John Hudson; WOFF Working Group Subject: Re: WOFF without same origin restriction in Opera? I don't understand why you are using this hostile tone. I was not disrespectful to anyone, and I was first to offer that we stop this thread. What I got back was an offensive response with personal attacks. I refuse to respond to you further, and if you continue your abusive behavior I will seek formal methods through the WG administration to deal with it. Behdad Esfahbod On Thu, Jan 27, 2011 at 1:40 PM, Sylvain Galineau <sylvaing@microsoft.com<mailto:sylvaing@microsoft.com>> wrote: Behdad, I’m quite confident you don’t find your own tone improper. And ? I also agree this stopped contributing to the original thread a while ago but is that a good-enough reason to ignore your questions ? I didn’t really see any questions in your last paragraph. You can’t both acknowledge WOFF is not a solution to a purely technical problem and also question why a font can’t just be another file. It seems rather futile and difficult to ‘answer’ a fundamental contradiction when someone already acknowledged the root of that contradiction. The whole point of WOFF is not to argue whether fonts are or aren’t files. The goal is to *have* files to serve in the first place. As many different font files as possible. Font files that do not suck. It all boils down to this: faced with a reality that so persistently disagreed with their own theories and preferences the members of this WG, led by Mozilla, got together and updated these theories to produce a working solution. If your purpose is to understand how this came to be, see www-font circa summer ’08 (warning: long threads). If your purpose is to ask questions about some of the technical choices that were made, we are happy to give you the gist of it. But if you mean to show up after all the hard work happened and piss on it by pointing out the result’s inadequacies as compared with some conveniently ill-defined utopian ideal in your head, it’s not really a productive use of this mailing list. And your tone is such that I honestly can’t tell which it is. Now, if you do know so much more about the problem space than we all do, and as you sound like a wise and able diplomat, maybe another way to channel your efforts would be to convince font makers of the errors of their ways ? In the meantime, I trust you won’t mind too much if the rest of us ship a simple working solution that achieves some results in the real world. Thank you. S. From: Behdad Esfahbod [mailto:behdad@google.com<mailto:behdad@google.com>] Sent: Thursday, January 27, 2011 9:37 AM To: Sylvain Galineau Cc: John Hudson; WOFF Working Group Subject: Re: WOFF without same origin restriction in Opera? I do not think my tone was improper. And I asked an honest question in my final paragraph that was left unanswered. I don't think this subthread is contributing to the question at hand (SOR implementation at Opera), so I suggest we end it here. I seem to disagree with you on many of the technical considerations of WOFF. If you are interested in hearing them, we can talk in a separate thread. Otherwise, lets just agree to disagree. Thanks, behdad On Thu, Jan 27, 2011 at 12:04 PM, Sylvain Galineau <sylvaing@microsoft.com<mailto:sylvaing@microsoft.com>> wrote: 1. Compressing the file on a table-by-table basis was interesting for a number of scenarios; it also guarantees end-to-end compression regardless of the proxy chain. Tests also showed it could achieve better compression than with gzip. 2. Having to open up the file to retrieve a domain name is inefficient; it is also similar to the EOT rootstring design which was not optimal and undesirable on several grounds; one of which being that it makes site maintenance a real pain as you now have to embed/update domain URLs as you move a file around. 3. I completely disagree that the current SOR-based solution represents ‘the same level of hardness’ as Referrer checks for a web site. In most cases, they will have nothing to do; in some cases they might have to set one header to a static value. I don’t know anyone who thinks either is harder, less performant or more expensive than applying completely unreliable Referrer checks on all requests, some of which will break as they are stripped by proxies and firewalls thus leaving users with a broken page. As your solution is harder on the admin *and* some of the users, it’s difficult to conclude it’s better or even the same. You could say a design goal of the current design is to avoid any requirement for Referrer checks so arguing they’re better is certainly pointless at this stage. 4. Whether fonts should be the same as other files is a purely technical assertion that is completely irrelevant in practice. If fonts were like any other type of resources we wouldn’t have been stuck with the same 10 system fonts for 15 years. This WG, this discussion and this mailing list wouldn’t need to exist. Again, not everyone is interested in waiting another 10 years to get the fonts they want just so a handful of browsers makers can write the code the way they believe it should be written. If code purity was a priority that is exactly what would happen; and it was unacceptable. Especially when very simple technical measures that are completely useful on their own – compression saves bandwidth, SOR prevents leeching without any Referrer checks and also helps authors comply with the most common licensing restriction by default and at no cost - can give everyone access to thousands of beautiful high-quality fonts. I don’t see why the ‘Creative Commons camp’ approach (whatever that means) is so obviously better if all it can achieve is the preservation of an obsolete status quo every single author has been frustrated with for years. Or, put another way, I don’t see why compressing a file with a free, open algorithm and using a completely standard mechanism to restrict its cross-domain use violates web principles so egregiously that it is worth keeping web typography crippled and stuck in the 90s. That is not a pragmatic stance, it’s an ideological one. Those rarely solve anything. You’re welcome to peruse the archive of www-font for more detailed background. This design did not come up at random last night and involved many experts – from Mozilla, Microsoft, Opera, font vendors and so on - so I’m not sure how you can assert that the requirements are not warranted or imply that anyone is ‘pretending’. If anything, what I find unwarranted is your tone. From: Behdad Esfahbod [mailto:behdad@google.com<mailto:behdad@google.com>] Sent: Thursday, January 27, 2011 6:59 AM To: Sylvain Galineau Cc: John Hudson; WOFF Working Group Subject: Re: WOFF without same origin restriction in Opera? On Wed, Jan 26, 2011 at 2:07 PM, Sylvain Galineau <sylvaing@microsoft.com<mailto:sylvaing@microsoft.com>> wrote: A pragmatic solution emerged from very long discussions whereby font makers large and small were willing to license their products for web use as long as the font was packaged in such a way that it can’t just be dropped in your local font folder, and if it was restricted to same-origin by default (most licenses are typically single-domain). They don’t expect that’ll stop piracy but it matters to them that whoever wants to grab a font has to take steps to do so. (Web sites also don’t mind if you save them bandwidth at no extra cost but that wasn’t the motivation). So while there is no technical reason web fonts should be compressed or SOR’ed, it just so happens that coding it this way makes an order of magnitude more fonts available to web authors and gives them more choice on how they want to deploy them. Is that bad ? For being packaged such that it cannot just be dropped in your local font folder, would have sufficed to change the very first byte of the SFNT font file. No need for an entirely new container that needs to be supported across all font tools. For domain checking, etc, well, why not just include that in the metadata block for example? I'm not questioning the design decisions at this point, since it's pointless, and commonly known that WOFF does not solve a technical problem. I'm just pointing out that the decisions are not warranted given the requirements. So lets not pretend that they do. From what I understand, WOFF is designed such that foundries can police around the web, download any WOFF they suspect is their intellectual property and inspect inside to see if the author has licensed it properly. If that is the intention, I find it very broken also. Are foundries allowed to download arbitrary resources from my website? I sure didn't give them permission... It also happens that, contrary to your comment below, this solution does *not* require anyone to ‘scratch their head trying to get it to work on the web’. Quite the contrary. Most licenses require you to serve your font from the same domain as your page and everything will work fine as long as you do that. Nothing to do on your server except serving the font file. As long as all browsers implement SOR you don’t need to do any referrer checking to prevent teenagers from linking to the font you paid for in their MySpace page either. Just get your license, plop the file on your domain and you’re done. If you do want to serve a font cross-domain then you will need to set one single HTTP header on your other server with a value of ‘*’. How is that harder than messing with Referrer checks ? It's not harder. It's in the same order of hardness. In both cases you have to mess with your server configuration. I guess where we disagree is whether font foundries should be given the easy spot or the Creative Commons camp... I just don't understand why fonts should be treated so specially on the web. You can make the same arguments about pretty much every resource on the web. behdad Unfortunately, if some browsers do SOR and others don’t then some web sites may find themselves having to do extra work such as Referrer checks to comply with the most basic and common licensing restrictions as well as save their bandwidth. And if font vendors, having so far delivered on their side of the deal, lose confidence then that is a step backward. Unimpressive is the proper term. From: Behdad Esfahbod [mailto:behdad@google.com<mailto:behdad@google.com>] Sent: Wednesday, January 26, 2011 10:38 AM To: Sylvain Galineau Cc: John Hudson; WOFF Working Group Subject: Re: WOFF without same origin restriction in Opera? On Wed, Jan 26, 2011 at 1:16 PM, Sylvain Galineau <sylvaing@microsoft.com<mailto:sylvaing@microsoft.com>> wrote: It doesn’t always work and requires work on the part of the web site to implement it (not all sites do referrer checking for their images, or all their images). Having the browser enforce same-origin by default requires zero work on the site’s behalf to comply with the most common web font license requirement today. But if some browsers choose to ignore this requirement then web sites may have to implement Referrer checks for those browsers anyway. It’s unclear why we should be making their lives harder than they need to be, or how it helps web typography adoption. It must be noted that other solutions were proposed before WOFF; one of them was judged inadequate in part because it would have relied on unreliable and cumbersome Referrer checks. So, in trying to solve the fonts-on-the-web problem, the WG decided that the current solutions are inadequate for the foundries, and invented an architecture that the foundries think is what they want, but left the rest of the world scratching their head trying to get it work on the web? As in, now anyone who want to share their fonts either has to not use WOFF, or be bothered to implement CORS on their server... Unimpressed, behdad From: public-webfonts-wg-request@w3.org<mailto:public-webfonts-wg-request@w3.org> [mailto:public-webfonts-wg-request@w3.org<mailto:public-webfonts-wg-request@w3.org>] On Behalf Of Behdad Esfahbod Sent: Wednesday, January 26, 2011 9:50 AM To: John Hudson Cc: WOFF Working Group Subject: Re: WOFF without same origin restriction in Opera? On Tue, Jan 25, 2011 at 12:44 PM, John Hudson <tiro@tiro.com<mailto:tiro@tiro.com>> wrote: Opera have had plenty of opportunity to make a formal objection to SOR in the WOFF specification. We're at last call for comments and they have not done so. Håkon made no objection at the face-to-face in Lyon. Maybe someone at Opera thinks they can do an end run by producing an implementation that ignores this MUST clause, but I think they're just going to end up being non-conformant. Maybe they'd listen to one of their own customers who wants to protect an investment in a font asset? What's wrong with protecting one's assets by instructing the server to only serve certain Referrer's? People have been doing that for images for ages. behdad JH
Received on Friday, 28 January 2011 00:04:57 UTC