Kim Jong Il, Tumblr, WebFonts and Firefox

Kim Jong Il died.

Then a humorous blog called “kim jong-il looking at things” surged in popularity.

I looked at it, too, and found it funny.

And then i looked at its about section and became sad. Its about section said: “for a more beautiful experience use google chrome or safari. font-face seems to have an issue with firefox and will display a very bland arial instead of the exquisite amaranth.” Someone reading this may think that it’s a bug in Firefox, but as a matter of fact, Firefox is the browser that implements font-face correctly according to the CSS standard.

This Kim Jong Il blog is hosted on – a nice and stylish blog service. Among other services, tumblr gives its gives users an option to use web fonts to improve the appearance of their blogs. tumblr’s developers probably only tested this feature with Chrome and Safari and when it didn’t work on Firefox nobody cared – after all, as nice as it is, it’s just another English font. has the same issue that Wikipedias in Indic languages had after we installed WebFonts there – it tries to load the font files from a different server, but Firefox, according to the standard, doesn’t load the font from a different domain if that domain is not explicitly configured to support font loading. We in Wikimedia fixed it immediately after finding it, because using web fonts for us is a way to make our website readable. For tumblr, as for most other English websites, using web fonts is just a way to make the website a little more beautiful. should fix this bug. I reported this font problem at, hoping that tumblr developers would notice it. It hasn’t been done yet, even though it’s a one-line fix.

tumblr webmasters! If you happen to read this post – please fix this issue. Thank you.

4 thoughts on “Kim Jong Il, Tumblr, WebFonts and Firefox

  1. >but Firefox, according to the standard, doesn’t load the font from a different domain if that domain is not explicitly configured to support font loading.

    Excuse me, but this part of the standard is just idiotic. We don’t need CORS for cross-domain images and we shouldn’t need it for fonts. Firefox should remove same-origin restriction and the standard should be changed to reflect the reality.

    1. Actually, i probably agree that the standard should be changed, although there may have been some reasoning behind this weirdness.

      In any case, it’s not quite right to say that the issue is with Firefox, if that’s the only browser that implements the standard correctly, as idiotic as the standard may seem.

    2. Actually, we do need CORS, because font implementations are neither as well-tested nor rock solid, as GIF, JPG and PNG. Remember that fonts are not just static data, they contain character maps (that are hopefully RIGHT), little bytecode programs, tons of metadata, and all kinds of craziness.

      Many, many font implementations are buggy and strange, and bad font data can trigger bugs and exploitable crashes. Furthermore the Unicode spec is ginormous and hard to get right. The web font spec writers wanted a way for authors and administrators to quickly lock down these risky little things we call “fonts”, in the same way that JS and XMLHTTPRequest are locked down.

      When font technology is as reliable as images and text, then we can unlock them.

      1. Numerous browser exploits have occurred via images and scripts as well, and yet we allow third-party images and scripts all the time. Furthermore, a first-party font can exploit the browser as easily as a third-party font; don’t load third-party resources from sites you don’t trust. Firefox also implements Content Security Policy, an entirely sensible mechanism for sites to declare what third-party content (of any kind) they want to load.

        The requirement of CORS for fonts exists for one reason, and one reason only: crazy font foundries wanted a way to prevent font hotlinking from other servers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.