Re: [Openfontlibrary] ccHost compression
Sounds like you are an expert around here :-) But I have not done any coding in 4 years.. Brendan ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary
Re: [Openfontlibrary] ccHost compression
We can set the webserver to send files for download, so neither the webserver or webbrowser will interpret them. I imagine that even if the files are set for download, they will be interpreted. If say I setup a GIF for PHP to run through it, and then force the download header, it will probably download a intreated GIF. Now if you changed the type of file to say text, this might work... Probably. But you will not be able to view any of the images any more, the browser would be treating them like text. :( There is apache configs that can disable PHP and CGI directory specific though. I just spent some time plying with them. It seems as though we will have to put them in our own server config files. They are not universally accepted in .htaccess files. I can see if I can change the permissions of the files that are uploaded so there is read and write access, but not execution access. Not sure if this will work, but worth a try. Other than that, we will just have to rely on our blacklist, which should also disable some windows executables to prevent people from uploading viruses, which will not effect the server, but when downloaded could effect the clients. Another option, which I am really not up to coding, would be to rename the files when they are downloaded and use a database to connect all the original file names with the randomly generated file names we rename them all to. Then we never link directly to any file, but use a script to send the files when they are asked for. This way even if someone got something ugly up on to the server, and they did some how have execution permissions, they would not know what file to call. ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary
[Openfontlibrary] Canadian Public Domain
Here in Canada there's no such thing as public domain. http://creativecommons.org/weblog/entry/5809 Is my recollection that copyright actually expires before US copyright in canada. I seem to remember that they use to be on par, but that the united states increased there copyright length for some disney character. The above link is to a creative commons project aimed at canadian Public Domain ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary
Re: [Openfontlibrary] ccHost compression
I suppose the Report possible License violation feature could be duplicated/extended to Report possible malicious file so a simple machine filter like file extensions would have a social safety net. The *nix file command reads the file headers and determines file type based on the pattern of bytes in the headers of files -- that is the most reliable way to do it. Well, in the supposed upload zip, uncompress zip, if other files added, compress all the files into a new zip process, running the file command on the files to check their type matches their file extension at the uncompress zip and files added stages would be great. Brendan, what do you think? :-) It sounds like you are describing user security. This is really a server security issue for me. Take a PHP file. What headers will it have? NONE! I have also looked at project that reads headers, and they primarily read audio file headers. Even, HTML files will have to be disabled if php support is enabled for html files (which it is not). With a PHP file being executed by the server, you may (depending on the way passwords were stored) be able to produce a dump of all the emails and stored passwords for them. Or say someone uploads a rpm file and then manages to execute it on the server? I am not a security expert, but do know basic security rules. Getting the file onto the server is the first big step in launching an attack. I have managed to hack several sites gaining access to privileged database information this way. Constructing a map of the database from error messages I purposefully evoked. All due to lack uploading rules. As per a blacklist, we would need to find a tried and true list as I doubt we would be able to come up with them all. And, it would constantly change with the evolution of technology (php3 .php4 .phtml .php + more) for php. Then there is Cold Fusion, ASP, Server Side Includes, Server-side JavaScript etc. This is just part of the web based technologies that can cause an excitation on the server. Although I am not familiar with many of them, many may have more than one extension. ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary
[Openfontlibrary] @font face ccHost
Firefox does not render the @font face on my box. (OS X) but Safari Does! aka Mac computers ship with there default browser supporting it. Looks like the momentum is in our favour. Now, back to the ccHost. If someone is willing to coach me through what would be an ideal upload solution with compression please let me know. I had several suggestions made in my mind. The reason why I am asking is I may be able to code it, before I code it everything needs to be crystal clear to me though. Brendan On Nov 1, 2008, at 3:00 PM, [EMAIL PROTECTED] wrote: Send Openfontlibrary mailing list submissions to openfontlibrary@lists.freedesktop.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freedesktop.org/mailman/listinfo/openfontlibrary or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Openfontlibrary digest... Today's Topics: 1. Re: typography.js from http://typeface.neocracy.org/ (Dave Crossland) 2. FontForge has direct support for DOWNLOADING and uploading! (Dave Crossland) 3. Re: typography.jsfromhttp://typeface.neocracy.org/ (Khaled Hosny) 4. Re: typography.js from http://typeface.neocracy.org/ (Christopher Fynn) 5. Re: typography.js from http://typeface.neocracy.org/ (Dave Crossland) 6. Re: typography.js from http://typeface.neocracy.org/ (Christopher Fynn) 7. Re: typography.js from http://typeface.neocracy.org/ (Ed Trager) 8. Re: typography.jsfromhttp://typeface.neocracy.org/ (Ben Weiner) -- Message: 1 Date: Fri, 31 Oct 2008 20:28:00 + From: Dave Crossland [EMAIL PROTECTED] Subject: Re: [Openfontlibrary] typography.js from http://typeface.neocracy.org/ To: Liam R E Quin [EMAIL PROTECTED] Cc: OFLB openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=UTF-8 2008/10/31 Liam R E Quin [EMAIL PROTECTED]: On Wed, 2008-10-29 at 11:33 +, Dave Crossland wrote: http://typeface.neocracy.org/ I think it would be great for OFLB to support this once day, as a 'fallback' for browsers without @font-face linking support :-) Even better would be to see @font-face supported more widely :D It seems pango is blocking @font-face from Firefox 3.1 on GNU/Linux... -- Message: 2 Date: Fri, 31 Oct 2008 22:06:26 + From: Dave Crossland [EMAIL PROTECTED] Subject: [Openfontlibrary] FontForge has direct support for DOWNLOADING and uploading! To: OFLB openfontlibrary@lists.freedesktop.org, George Williams [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=UTF-8 http://fontforge.sourceforge.net/oflib.html George, this is fantastic work! :-) -- Message: 3 Date: Sat, 1 Nov 2008 00:51:19 +0200 From: Khaled Hosny [EMAIL PROTECTED] Subject: Re: [Openfontlibrary] typography.js from http://typeface.neocracy.org/ To: Dave Crossland [EMAIL PROTECTED] Cc: OFLB openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=utf-8 On Fri, Oct 31, 2008 at 08:28:00PM +, Dave Crossland wrote: 2008/10/31 Liam R E Quin [EMAIL PROTECTED]: On Wed, 2008-10-29 at 11:33 +, Dave Crossland wrote: http://typeface.neocracy.org/ I think it would be great for OFLB to support this once day, as a 'fallback' for browsers without @font-face linking support :-) Even better would be to see @font-face supported more widely :D It seems pango is blocking @font-face from Firefox 3.1 on GNU/ Linux... And WebKitGtk too :( -- Khaled Hosny Arabic localizer and member of Arabeyes.org team -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.freedesktop.org/archives/openfontlibrary/attachments/20081101/8fa20bb6/attachment-0001.pgp -- Message: 4 Date: Sat, 01 Nov 2008 20:47:05 +0600 From: Christopher Fynn [EMAIL PROTECTED] Subject: Re: [Openfontlibrary] typography.js from http://typeface.neocracy.org/ To: OFLB openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed On Wed, 2008-10-29 at 11:33 +, Dave Crossland wrote: http://typeface.neocracy.org/ I think it would be great for OFLB to support this once day, as a 'fallback' for browsers without @font-face linking support :-) Languages using complex scripts need proper font linking or embedding. As far as I can tell these .js fonts are not
[Openfontlibrary] ccHost compression
(c) when any individual files are added to the typeface, create a new zip that includes everything For what reason? Downloading? Is this essential or ideal? (d) have the decompression work for any common format (e) have the compression happen in a range of formats So, everything is decompressed. Great. . Now. It looks as though people can fill out tags and also a description. We will not be able to do this while decompressing. The Name will have to take the form of the file name. I guess the easiest way to work this is to make them hidden by default. Navigating to the hidden files is confusing though. A consistent language on the file submission, (instead of publish now one could use hide this file. One could also rename the tab in the user page from hidden to unpublished or something like that. Additionally after a compressed file has been uploaded, a link on the confirmation page could be provided to the hidden page. Now to the issue of allowed file types. The most secure thing to do would only to allow certain file types. Files such as php files should not be allowed. Nor should any other executable file. The decompression will need to check for the file types and than filter out the ones we do not want. Have we come to some kind of decision on how the file types is gong to work? How are we gong to solve the problem of all the source files? Should we just input them all or what? Thoughts or comments on any of the above? Brendan ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary
[Openfontlibrary] Compression Questions
And looking is all it will do for Zips. No unarchiving... so I can't for example ask it about each of the files in the archive in a useful way. It's just executing a system command or something in getID3 and then waving the results in the air in an affable but essentially unhelpful way :-) Yes, I see how it works now. What are useful features that our font project could get on the font files, that it could not get on the same font file in a zip? Is there any real reason for there to be a zip? Would it make sense to decompress any compressed file and not store the say zip at all? If not, what would be ideal? Brendan ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary
Re: [Openfontlibrary] Openfontlibrary Digest, Vol 34, Issue 13
I am very sure PHP can zip read zipped files, tarball and read tarballs. It really should not be a big deal expanding ccHost to do this. Brendan On Oct 25, 2008, at 12:54 PM, [EMAIL PROTECTED] wrote: Send Openfontlibrary mailing list submissions to openfontlibrary@lists.freedesktop.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freedesktop.org/mailman/listinfo/openfontlibrary or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Openfontlibrary digest... Today's Topics: 1. Re: Font formats accepted by OFLB (Ed Trager) 2. Re: Font formats accepted by OFLB (Karl Berry) 3. Re: Font formats accepted by OFLB (Mark Leisher) 4. Re: Font formats accepted by OFLB (George Williams) 5. Re: Font formats accepted by OFLB (Christopher Fynn) 6. Re: Font formats accepted by OFLB (Ben Weiner) 7. Re: Font formats accepted by OFLB (Ben Laenen) 8. Re: Font formats accepted by OFLB (Ben Weiner) 9. Re: Font formats accepted by OFLB (Ben Weiner) 10. Re: Font formats accepted by OFLB (Nicolas Mailhot) -- Message: 1 Date: Fri, 24 Oct 2008 16:48:38 -0400 From: Ed Trager [EMAIL PROTECTED] Subject: Re: [Openfontlibrary] Font formats accepted by OFLB To: Ben Weiner [EMAIL PROTECTED] Cc: Open Font Library list openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=UTF-8 Hi, Ben, Don't forget .ttc true type collections. These will become more popular in the future, I am sure. I second Mark Leisher's suggestion to accept pcf and bdf. Some people are going to provide one font in multiple font containers: i.e., maybe ttf and pcf, or ttf and Postscript. But I agree with you that the older Postscript containers are not needed since OTF can contain Postscript outlines, right? Ben Laenen's question is relevant. Perhaps the right tack is for OFLB to simply encourage inclusion of at least a ttf container. Note however there are legitimate use cases where .bdf or .pcf might be the first choice container -- for example, a monospaced bitmap terminal font for Linux, especially for a non-Latin script where there might not be other choices available. Such a bitmap-only font should also be packaged in a TTF container, but the main file that will actually get used by people interested in that font is the bdf or pcf file. Best - Ed On Fri, Oct 24, 2008 at 12:00 PM, Ben Weiner [EMAIL PROTECTED] wrote: Hi there, My proposal for OFLB font uploads in the next version of the site is to accept .otf .ttf which are far and away going to be the most widely appreciated, then .pfa .pfm .pfb .afm .bdf which are Adobe-ish formats that are all in the current site: are they all needed? Then the X-Windows format, if it is still in use: .pcf Then humna-readable source: .sfd What else? Metafont files (?.mf)? A short list is better, I think. Suggestions? Thanks, Ben ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary -- Message: 2 Date: Fri, 24 Oct 2008 16:43:06 -0500 From: [EMAIL PROTECTED] (Karl Berry) Subject: Re: [Openfontlibrary] Font formats accepted by OFLB To: [EMAIL PROTECTED] Cc: openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] But I agree with you that the older Postscript containers are not needed since OTF can contain Postscript outlines, right? Technically, sure, but pfb files are still very useful and widely used -- in the TeX world, at least. Is anything substantial gained by disallowing them? Actually, I don't see what's gained by disallowing anything. And, as mentioned, people are really uploading zips anyway, right? Anyway, I haven't seen pfa files used in umpteen years, so if you'd like to have a token format to drop, I suggest that one. karl -- Message: 3 Date: Fri, 24 Oct 2008 16:12:12 -0600 From: Mark Leisher [EMAIL PROTECTED] Subject: Re: [Openfontlibrary] Font formats accepted by OFLB To: Open Font Library list openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Ed Trager wrote: Note however there are legitimate use cases where .bdf or .pcf might be the first choice container -- for example, a monospaced bitmap terminal font for Linux, especially for a non-Latin script where there might not be other choices available. Such a bitmap-only font should also be packaged in a TTF container, but the main file that will actually get
Re: [Openfontlibrary] Openfontlibrary Digest, Vol 34, Issue 13
After dong a little investigating, ccHost does allow you to see the contents of a zip file. I installed ccHost and then uploaded a zip file. The contents were there. Am I on the same page as you guys? I would not allow me to use all the other font files though. There should be an option to allow all files! Or perhaps exclude certain file types. like PHP files or other files that could be excruciated on the server. Brendan On Oct 25, 2008, at 12:54 PM, [EMAIL PROTECTED] wrote: Send Openfontlibrary mailing list submissions to openfontlibrary@lists.freedesktop.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freedesktop.org/mailman/listinfo/openfontlibrary or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Openfontlibrary digest... Today's Topics: 1. Re: Font formats accepted by OFLB (Ed Trager) 2. Re: Font formats accepted by OFLB (Karl Berry) 3. Re: Font formats accepted by OFLB (Mark Leisher) 4. Re: Font formats accepted by OFLB (George Williams) 5. Re: Font formats accepted by OFLB (Christopher Fynn) 6. Re: Font formats accepted by OFLB (Ben Weiner) 7. Re: Font formats accepted by OFLB (Ben Laenen) 8. Re: Font formats accepted by OFLB (Ben Weiner) 9. Re: Font formats accepted by OFLB (Ben Weiner) 10. Re: Font formats accepted by OFLB (Nicolas Mailhot) -- Message: 1 Date: Fri, 24 Oct 2008 16:48:38 -0400 From: Ed Trager [EMAIL PROTECTED] Subject: Re: [Openfontlibrary] Font formats accepted by OFLB To: Ben Weiner [EMAIL PROTECTED] Cc: Open Font Library list openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=UTF-8 Hi, Ben, Don't forget .ttc true type collections. These will become more popular in the future, I am sure. I second Mark Leisher's suggestion to accept pcf and bdf. Some people are going to provide one font in multiple font containers: i.e., maybe ttf and pcf, or ttf and Postscript. But I agree with you that the older Postscript containers are not needed since OTF can contain Postscript outlines, right? Ben Laenen's question is relevant. Perhaps the right tack is for OFLB to simply encourage inclusion of at least a ttf container. Note however there are legitimate use cases where .bdf or .pcf might be the first choice container -- for example, a monospaced bitmap terminal font for Linux, especially for a non-Latin script where there might not be other choices available. Such a bitmap-only font should also be packaged in a TTF container, but the main file that will actually get used by people interested in that font is the bdf or pcf file. Best - Ed On Fri, Oct 24, 2008 at 12:00 PM, Ben Weiner [EMAIL PROTECTED] wrote: Hi there, My proposal for OFLB font uploads in the next version of the site is to accept .otf .ttf which are far and away going to be the most widely appreciated, then .pfa .pfm .pfb .afm .bdf which are Adobe-ish formats that are all in the current site: are they all needed? Then the X-Windows format, if it is still in use: .pcf Then humna-readable source: .sfd What else? Metafont files (?.mf)? A short list is better, I think. Suggestions? Thanks, Ben ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary -- Message: 2 Date: Fri, 24 Oct 2008 16:43:06 -0500 From: [EMAIL PROTECTED] (Karl Berry) Subject: Re: [Openfontlibrary] Font formats accepted by OFLB To: [EMAIL PROTECTED] Cc: openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] But I agree with you that the older Postscript containers are not needed since OTF can contain Postscript outlines, right? Technically, sure, but pfb files are still very useful and widely used -- in the TeX world, at least. Is anything substantial gained by disallowing them? Actually, I don't see what's gained by disallowing anything. And, as mentioned, people are really uploading zips anyway, right? Anyway, I haven't seen pfa files used in umpteen years, so if you'd like to have a token format to drop, I suggest that one. karl -- Message: 3 Date: Fri, 24 Oct 2008 16:12:12 -0600 From: Mark Leisher [EMAIL PROTECTED] Subject: Re: [Openfontlibrary] Font formats accepted by OFLB To: Open Font Library list openfontlibrary@lists.freedesktop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Ed Trager wrote: Note however there are legitimate use cases where .bdf or .pcf might be
[Openfontlibrary] New Open Source Font, Help Migrating
It's really up to the designers to choose the appropriate license that makes sense to them but we recommend the OFL as indicated on the wiki: http://openfontlibrary.org/wiki/Font_Licensing Great I'd also recommend getting the designer to read through the OFL FAQ. Will do. As for recommendations of the structure of the font tarball itsefl there's a template here: http://bazaar.launchpad.net/~fonts/open-font-design-resources/foo-open-font-sources/files Will the font designer know what this is? I really don't. Is this some kind of a source file that is generally not released with the finished font? One very important thing is to make sure that the metadata fields (in the Name table) are properly filled in and correspond to what is intended and coherent with the other tarball files. Will he know what this means? Then when you upload, an image specimen is also very useful alongside the licensing choice and the description tags. Will do Thanks for your advocacy work in favor of open fonts! Cheers, And thanks for your help. I use open source all the time and would like to bring something back to the community. Brendan -- Nicolas Spalinger http://planet.open-fonts.org -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.freedesktop.org/archives/openfontlibrary/attachments/20081016/02755422/attachment-0001.pgp -- ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary End of Openfontlibrary Digest, Vol 34, Issue 8 ** ___ Openfontlibrary mailing list Openfontlibrary@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/openfontlibrary