Rendered at 07:49:59 GMT+0000 (Coordinated Universal Time) with Netlify.
recursivecaveat 13 minutes ago [-]
This seems misguided. The fact that 'ρ' isn't a pixel for pixel match for 'p' doesn't mean they're not confusable. The threat model is not being unable to solve a spot-the-difference puzzle. Unless you are familiar with every pixel of your system fonts, and carefully scrutinize every character on your screen, the lack of an exact match in jρmorgan[.]com in a URL is going to do very little for you. There are many english characters that have multiple totally distinct ways to write them, so you can have two 'a' variants that are distinct but equally 'normal' looking. I guess if you get an LLM to write your blog posts they don't have to make much sense to begin with.
ordu 9 minutes ago [-]
But what about 'Ы'? It looks like 'bl', doen't it? 'Ы' is one codepoint and one glyph, though 'bl' is a sequence of two letters. I believe that the method described will miss such things. Cyrillic also has 'Ю', I suppose it is possible to design a font that make it look like 'lO'? Are there any fonts like this in a wild?
apothegm 2 days ago [-]
Maybe not at super large font sizes. But even lowercase i and l are easy enough to confuse at a glance mid-word in most sans-serif fonts, not to mention uppercase I and lowercase l. You don’t even need “confusable” glyphs to create a domain name that will stand up to a casual visual confirmation from a busy user in a phishing context.
hinkley 2 days ago [-]
Every Albert, Alfred, or Alphonso who goes by “Al” getting confused with bots right now…
thih9 41 minutes ago [-]
Perhaps there are people named “Alexa” who started using “Al” after Amazon’s launch. Talk about bad luck.
tliltocatl 1 days ago [-]
I used to read"Weird Al" as "AI" even before the LLM craze.
Cool_Caribou 21 minutes ago [-]
Why are all the descending letters truncated in the titles? Not sure if it's a css glitch or terrible font choice. A bit ironic on an article about fonts.
sheept 9 minutes ago [-]
It appears to be part of the font[0]. It looks a bit weird, but display fonts usually can get away with being more eccentric.
> A domain using only Cyrillic characters that happen to spell a Latin word (like “аpple” in all-Cyrillic) may still render in the address bar’s font and look identical.
that is very interesting.
I imagine the browser could take some context clues and switch rendering to puny code if the locale of the user is nowhere near a cyrillic region. But that is only going to patch some edge cases and miss others.
Ideally, the solution is password managers everywhere, which don't have this vulnerability, instead of using human eyes to visually recognize web urls and thus is vulnerable.
Oarch 2 days ago [-]
This is really cool. I loved the technical breakdown and side by side comparisons. Surprised to hear that Microsoft and MacOS default fonts didn't score so well!
arlattimore 1 hours ago [-]
This is very cool, impressive piece of work Paul.
doctorpangloss 2 hours ago [-]
well, you didn't really do anything, did you? Claude Code rendered these things and wrote the blog post haha
> "This is not theoretical. It is a measured property of the font files shipping on every Mac."
some patterns of speech are so recognizably LLM, i am convinced that the AI detection startups have a very strong chance to succeed on text.
deaux 1 hours ago [-]
Going off on a bit of a tangent here..
> some patterns of speech are so recognizably LLM, i am convinced that the AI detection startups have a very strong chance to succeed on text.
The problem for them is the market. Those who actually want to buy AI detection tools usually want the impossible - detecting any kind of AI-written text, or even AI-written-human-edited text.
You're right in that many HN articles (not going to comment on this one specifically) are very easy to detect. But that's just because these article writers are too lazy to even use any of the plethora of tools that remove the smells automatically, or tools that write without them in the first place (I've made such a tool myself), or even just adjusting the prompt to write in a different style that avoids them.
Most people who would be interested in paying for AI detection tools want them to detect all of the above cases too, which is of course impossible.
aronhegedus 1 hours ago [-]
However it was written, it’s a useful and well structured article. I thought it was a good read
tstrimple 1 hours ago [-]
[flagged]
tuwtuwtuwtuw 1 hours ago [-]
Maybe not. I checked OPs blog and he seem to be putting up 2-3 longer posts per day. Since it is LLM content, I have no idea whether it's mainly hallucinations or based on facts. So what did I learn from reading the article? Maybe nothing, maybe it's just made up.
[0]: https://fonts.google.com/specimen/Syne
that is very interesting.
I imagine the browser could take some context clues and switch rendering to puny code if the locale of the user is nowhere near a cyrillic region. But that is only going to patch some edge cases and miss others.
Ideally, the solution is password managers everywhere, which don't have this vulnerability, instead of using human eyes to visually recognize web urls and thus is vulnerable.
> "This is not theoretical. It is a measured property of the font files shipping on every Mac."
some patterns of speech are so recognizably LLM, i am convinced that the AI detection startups have a very strong chance to succeed on text.
> some patterns of speech are so recognizably LLM, i am convinced that the AI detection startups have a very strong chance to succeed on text.
The problem for them is the market. Those who actually want to buy AI detection tools usually want the impossible - detecting any kind of AI-written text, or even AI-written-human-edited text.
You're right in that many HN articles (not going to comment on this one specifically) are very easy to detect. But that's just because these article writers are too lazy to even use any of the plethora of tools that remove the smells automatically, or tools that write without them in the first place (I've made such a tool myself), or even just adjusting the prompt to write in a different style that avoids them.
Most people who would be interested in paying for AI detection tools want them to detect all of the above cases too, which is of course impossible.
I don't have a Mac.