Archive for August 21, 2023

Monday, August 21, 2023

John Warnock, RIP

Adobe (via Reuters, Hacker News):

Dr. Warnock co-founded Adobe in 1982 with Dr. Charles Geschke after meeting as colleagues at Xerox. Their first product was Adobe PostScript, groundbreaking technology that sparked the desktop publishing revolution. Dr. Warnock retired as CEO in 2000 and he was chairman of the board, a position he shared with Dr. Geschke, until 2017. He was a member of the Board of Directors since then. In recognition of their technical achievements, Dr. Warnock was awarded the prestigious National Medal of Technology and Innovation by President Barack Obama; the Computer Entrepreneur Award from the IEEE Computer Society; the American Electronics Association Medal of Achievement; and the Marconi Prize for contributions to information science and communications.


In his 1969 doctoral thesis, Warnock invented the Warnock algorithm for hidden surface determination in computer graphics. It works by recursive subdivision of a scene until areas are obtained that are trivial to compute. It solves the problem of rendering a complicated image by avoiding the problem. If the scene is simple enough to compute then it is rendered; otherwise it is divided into smaller parts and the process is repeated. Warnock noted that for this work he received “the dubious distinction of having written the shortest doctoral thesis in University of Utah history”. The Warnock algorithm solving the hidden surface problem enabled computers to render solid objects at a time when most computer renderings were only line drawings[…]


Unable to convince Xerox management of the approach to commercialize the InterPress graphics language for controlling printing, he, together with Geschke and Putman, left Xerox to start Adobe in 1982. At their new company, they developed from scratch a similar technology, PostScript, and brought it to market for Apple’s LaserWriter in 1985.


In late 1986, Warnock had invented Adobe Illustrator, a computer drawing program which used lines and bézier curves to render images. He initially developed it to automate many of the manual tasks utilized by his wife, Marva, a graphics designer.


In the spring of 1991, Warnock outlined a system called “Camelot”, that evolved into the Portable Document Format (PDF) file-format.

John Warnock (1986):

Another nice benefit of simple syntax [for PostScript] is that other computer programs can generate new programs easier. The straightforward, simple syntax made this language structure a natural candidate for a printing protocol; if you want your printing protocol to be procedurally based, and to be a programming language as opposed to a static data structure.

Bob Sproull and William Newman at PARC developed a format, called Press Format, that consisted of static data structures. But they found that it wasn’t the most flexible way to handle printing. To add a feature, you had to essentially rebuild the system with more features in it.


So Interpress was a good candidate for a printing protocol. Chuck and I tried to get Xerox to do something reasonable with Interpress for two years, but it became clear that in the process of getting it out to consumers, they were going to destroy it. They were going to add some features and take away other features that would make it not only difficult to implement but difficult to maintain, and difficult to educate people about. We felt that if we were on our own, we could create a product in a much more straightforward and reasonable way.


There will always be some smart guy who will come along and figure out a better algorithm, or figure out an easier way of performing some task. One of the tricks of the trade is to recognize this early, adopt it quickly, and exploit it without having a “not-invented-here” hangup about doing it your way.

John Warnock (2010):

If you represented characters as outlines the obvious [way], the fonts looked terrible. The sampling artifacts [the side effects of digitization] were horrendous. We knew that no publication or office environment would live with that. […] The very simple idea is: Rather than figuring out what dots to turn on, you stretch the characters so that they line up with the rasters.


There is a property of PostScript that made Acrobat possible: Every one of the operators [PostScript’s basic commands] can be redefined. If you take all the graphic operators and define them so that they output just the parameters, you get a static file of all the graphics that are in a PostScript file — but the pages have all been delimited. Everything is now a data structure as opposed to a program. […] I first used this trick with PostScript when Steve Jobs had this tax form that he wanted to use as a demo. […] I wrote a basic version of the Distiller in the early 1980s that would flatten the file and make it an efficient PostScript file, which got the execution down from a couple of minutes to 20 seconds.


The other problem we had to solve was font substitution. We didn’t have all the licenses to ship fonts [with the electronic document]. If the receiver [of the document] didn’t have the right font, you still wanted the layout to be exactly right. So I invented a variation of the type solution so that you could vary the widths of the typefaces with these specially designed fonts to make substitution fonts.


In the case with FrameMaker, the FrameMaker architecture was infinitely better — infinitely better — than the Aldus architecture. I could never get anybody except the ex-Frame employees at Adobe to understand that the architecture was fundamentally more sound in FrameMaker than in Aldus. The Aldus side won, essentially, with [the development of Adobe’s page layout product] InDesign. We’re still trying to catch up to FrameMaker.


Update (2023-08-28): Clay Risen:

Acrobat and the PDF were not immediately successful, even after Adobe made its Acrobat Reader free to download. The company’s board wanted to retire them, but Dr. Warnock persisted.


Dr. Warnock and Dr. Geschke, who ran the company as equals, were rare exceptions among the outsize egos and eccentric zillionaires of Silicon Valley: avuncular and academic, they built an aggressively competitive company while consistently ranking high on lists of the best places to work.

Despite its size, Adobe was often cast as the David versus much larger Goliaths, most often Microsoft — which, unlike Apple, repeatedly rejected Dr. Warnock’s entreaties to collaborate and instead tried to beat Adobe with its own protocols and programs. None of them worked.

Via John Gruber:

Warnock and Geschke understood what Steve Jobs often preached: technology alone was not enough. PostScript was — and remains! — excellent technology. But it was not a product. The LaserWriter was a product. You hooked it up, went to File → Print in any application, and you got professional-grade 300 DPI output with no technical expertise necessary. It was as easy to print high-quality output on a LaserPrinter as it was to print junk output on a slow, noisy dot-matrix printer. That was a product.

And Illustrator turned PostScript from a rather difficult but highly-capable programming language into a tool designed for use by artists. They didn’t just make a nice code editor for writing PostScript. They created an app that presented a visual framework in which you directly manipulated shapes, lines, and curves as objects. Even expert Illustrator users were never exposed to PostScript directly. The Illustrator metaphor was a complete encapsulation. That too was a product, and Illustrator remains an essential tool. If Warnock and Geschke had been satisfied merely with shipping great technology alone, Adobe Systems would be a nearly forgotten Silicon Valley footnote. Instead, they pushed to make Adobe the great tool-making product company we know today.

See also: The Dalrymple Report.

Update (2023-08-31): See also: The Talk Show.

Bypassing App Management With TextEdit

Jeff Johnson (Mastodon):

In retrospect, I regret participating in the Apple Security Bounty program. It has been a giant, frustrating waste of time, and I wish I had just dropped this 0day on October 24 of last year when Ventura was released. I suspect that if I had done so, Apple would have found a way to address the issue already in Ventura. Thus, I feel that my prolonged silence has not protected Mac users. The standard practice in reporting a security vulnerability is to give the vendor 90 days to address the issue, and I’ve given Apple vastly more time than expected.


I discovered—almost by accident—that a sandboxed app could modify files that it shouldn’t be able to modify: files inside the bundle of a notarized app that were supposedly protected by App Management security.


This isn’t the first time that a major macOS update included a new security (theater) feature with a gaping hole. For example, I previously discovered a bypass for Mojave’s new privacy protections. And it’s important to keep in mind that I’m not a professional security researcher.

It’s hard to make a living reporting security bugs when Apple has a history of declaring them not bugs, being stingy with payments, and stalling—which encourages releases like this that forfeit the possibility of collecting a bounty.

Jeff Johnson:

Today I want to illustrate the vulnerability a little more clearly to a non-developer audience.


As you can see, modifying that file would mess with Firefox’s software update mechanism, perhaps leaving the user vulnerable to a malicious software update.


TextEdit is sandboxed. Ironically, sandboxing was designed to prevent attacks, but in this case it allows an attack. That’s the bug, the vulnerability. A sandboxed app can modify a file that is supposed to be protected by App Management.


This has all been just for illustration. It wasn’t a real, viable attack, because I had to do everything manually. However, my disclosure yesterday presented an example of an automated tool that could execute a real attack.

Thijs Alkemade:

When I looked at this feature before Ventura was released I immediately found 4 different ways to bypass it. It really looks like it hasn’t been tested at all, as every potential method I’ve thought of worked. But bypassing by using a sandboxed app was not something I could have imagined working. 😂


Fake Steve Jobs and Letters from BILL G

Matt Sephton:

On 9th August 2006, “Fake Steve (Jobs)” started blogging at The Secret Diary of Steve Jobs. The blog featured scathing criticism of Silicon Valley and the tech industry at large, a pinch of political satire, along with many in-jokes and pandering to the zeitgeist. It was, above all else, very funny. A year or so after it began the identity of the ghost writer was revealed as journalist Dan Lyons. The blogging eventually stopped as the (real) Steve Jobs’ health deteriorated, and a single posthumous post appeared the day after his untimely death. I often think about Fake Steve, some of his best lines, some of his funniest observations. It was a different time.

Anyway… imagine my surprise when, earlier this year, I discovered that somebody in Japan had done a “Fake Bill (Gates)” a decade before Fake Steve! Truly, everything is a remix.


After the column had been running for around 6 months, ramping up to the publication of the first book, a teaser/promo website was introduced featuring a selection of letters. This is cool because internet was still pretty new at this point! Both the books and the website feature letters in their “original” English as well as in “translated” Japanese (of course, this is the opposite of the real order of events).


Twitter to Remove Block Feature

Juli Clover:

Twitter or “X” owner Elon Musk today said that the option to block people on Twitter is going to be “deleted as a feature” in the future, as it “makes no sense.”

Musk made the comment in response to a tweet asking whether there was a reason to block someone instead of muting someone on the social network. Mute and block are two fundamentally different features on Twitter. Mute prevents you from seeing content from Twitter users, while block prevents other people from seeing your content, following you, and interacting with you.


[If] someone replies to the reply from the muted person, you will see that notification and be alerted to the conversation. For many users, the loss of the block function would be detrimental.

Nick Heer:

Though harassment and abuse are the most obvious cases for blocking another user, I find a low threshold is necessary for a more enjoyable use of these platforms. It removes from your view any user who spoils your experience for any reason. That is excellent. If anything, I think using the “block” button on social media is increasingly necessary, as platform owners have decided to decrease the extent to which users control their own experience.

John Gruber:

Both platforms thus require social media apps to support users being able to block other users. Google’s language is unambiguous. The rub is how “blocking” is defined. If all Musk wants to do is changing blocking to mean that blocked users can still see tweets from users who blocked them, but can’t interact (reply, quote, retweet) with them, I think that’s fine.

I think he means “fine with Apple,” which requires the ability to block without saying what that means. It’s not going to be fine with users who need more protection than what muting offers.

In any case, you may not be able to block people, but Twitter itself still will, for seemingly petty reasons:

Scott Galloway, a marketing professor at NYU who’s also known as an author and public speaker, said he was locked out of his X account after a quarrel with Elon Musk.


“For 18 days I have been unable to log-on to Twitter,” Galloway told Insider in an email. “Filled out form on the site, but no word back.”


Galloway most recently posted about Musk on X on July 27, commenting on a Reuters investigation which said Tesla created a secret team to suppress complaints about vehicles’ driving range.


Reuters also appeared to face a backlash from X after publishing its Tesla investigation, after links on the platform to its website saw a five-second delay — although this was seemingly reversed after news outlets reported on it.

Craig Grannell:

Threads and Mastodon are not doomed. What is: an expectation they can replace Twitter.