- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Hmm ...
"Each seemed to stick around for about four months, and then they left."
...
"You’ve been here less than four months, George, and you’re wasting my time ...”
I can see a pattern here.
Admin
I'm confused - Initech's rotten font code caused a vulnerability in Windows' code? or demonstrate the vulnerability? And did the WIndows emergency patch then break Initech's 11 year old rotten font code which relied on sneaking something by Windows?
Is the president still pounding his fist on the table in frustration while vibrating his solar powered calculator off the table?
Admin
I was confused too, but then he doesn't say the two things are connected, maybe he just saw it as confirmation that the company churned out rubbish and hadn't changed.
Admin
Please somebody find the patch so we can find out who the company in question is or was!!! I tried searching but found zilch.
Admin
I wouldn't be surprised if it refers to the "One font vulnerability to rule them all". An article about that mentions there's only one third party font driver in Windows. The same vendor does have some well known cross-platform applications. A background story on the research reads: "The overall code quality of the Charstring interpreter function in ATMFD.DLL was badly low".
Assuming "Initech’s code that was causing the problem" means that Initech had supplied the vulnerable code, then it all seems to add up.
If that assumption is wrong, the "One font vulnerability to rule them all" article is still a very interesting read.
Admin
My reading was that the person who replaced George pounded together some code to fix the OSX problem that the presidon't did not have a hissy fit over, and it was later found to create a big no-no in Windows.
Admin
We have a winner! But TRWTF is re-writing anything your OS does. Any OS ships with hundreds or thousands of fonts and a "perfectly good" font loader. So..... why....??
Admin
Because you want to do something font-related that the OS libraries don't do. There's a lot, starting with font management.
Admin
Because OSX's built-ins saw the totally borked fonts and said "no sir I'm not permissive enough to try this, go pound sand", compared to Windows' built-ins going "wellllll yeah I think I get the gist I'll allow it". And since they're "custom fonts" there's going to be People saying "no you can't change this to boringFont.ttf it's Special and Looks Good".
Admin
I installed ATM in the 90s, first on Windows 3.1, to support the fonts that my PostScript printer used. At the time, Windows couldn't do that.
Admin
It may well be that the special fonts (the ones with all the errors) were created by some external entity and it would cost far more money to have that entity (or someone else) fix all the font problems rather than finding some low-wage code monkey who could cobble together a fix to make the fonts look good on the Mac.
Admin
My educated guess is that the bug was the reason that the fonts worked "just fine" on Windows. I've done some looking around and it seems that the bug discovery (CVE-2015-2426? -2432?) was a result of a bunch of hacking tools getting leaked. It seems the problem is malformed fonts (we don't need no steenking validation!), so I don't think Initech's code (or font) caused the problem, it just depended on the buggy code to let broken font work. And their "custom" code probably wasn't the driver (atmfd.dll?), but it was probably making custom calls to it directly instead of using the generic OS font stuff.
You can look up the trendmicro article "A Look at the OpenType Font Manager Vulnerability from the Hacking Team Leak". I don't think that's the bug involved here, but it's probably an example of the general code non-quality.
Admin
Looks like every development job I've had in the last six years, right down to the constant turnover.
Admin
Let me guess.
The fonts were created by the president?
Never ever critique code or anything created by an executive. Indeed, if there is code or some other part of a product created by an executive, it is probably a good idea to not join said organization if at all possible.
A lot of people have fragile egos, especially executive corporate officers, and the higher up they are, the more fragile their egos are. There are also a lot of people who ingratiate themselves with executives by backstabbing underlings or colleagues.
DAMHIK
Admin
I think that says more about you than you may realize.