As much as I appreciate the tiny serif for lowercase L and numeral 1 to differentiate l I and 1, I am not the biggest fan of the capital I glyph without the horizontal serifs. It's my biggest design gripe with most sans-serif fonts as it makes it FRUSTRATINGLY difficult to differentiate when looking at words by themselves.

Is that lota or Iota? Is that iodestone or lodestone? Both real examples where I fumbled reading them -- once in front of a class :)

This is why my favorite sans-serif typeface has been (and will always be) IBM Plex Sans [1]. It's an open font [2]. I have all my laptops and desktops set to using the IBM Plex typefaces, including browser overrides. If only there were a way to do it system-wide on my Android phone...

[1]: https://www.ibm.com/plex/

[2]: https://github.com/IBM/plex/blob/master/LICENSE.txt

Preview: https://fonts.google.com/specimen/IBM+Plex+Sans?preview.text...

Marissa Mayer on why Google chose sans-serif fonts for search results:

When I had to make a decision about should the Google results pages be serif or sans-serif, I didn't have enough users to do the split A/B testing and mathematically figure that out, so I ended up reading a lot of research and ultimately finding out that serif fonts are more readable, and sans-serif fonts are more legible.

The serifs create a horizontal rule that guides the eye, so serif fonts are much better when you’re reading long pieces of text. Sans-serif fonts are more legible which means that... when the serifs are removed your eye can spot read a character much better and much more quickly, and as a result it is much better for spot reading. In an activity like search it turns out you want to facilitate spot reading to a much greater degree than reading long prose.

Here's the 2006 talk: https://stvp.stanford.edu/podcasts/nine-lessons-learned-abou...

Shoutout to Atkinson Hyperlegible Next, designed for the Braille Institut having excellent glyph differentiation ("Next" with variable weight)

https://fonts.google.com/specimen/Atkinson+Hyperlegible+Next

I'm extremely picky and Atkinson Hyperlegible was my favorite variable-width font. Never knew there's a "Next", so +

This is what I switch to whenever a default font annoys me because of poor glyph differentiation. It's what it says on the tin.

IBM Plex is very good. Recently, I have been enjoying https://rsms.me/inter/ for interfaces a bit more (with ss02 for body and ss02+tnum for tables activated).

Inter is the only libre typeface that has good coverage, and produces readable small text on terrible 80 DPI displays. I've tested probably hundreds of them.

But l and I (ell and eye) are identical in Inter.

https://fonts.google.com/specimen/Inter?preview.text=lllll%2...

I never understood why a font designer would ever choose to do that. There should be an ironclad rule that different letters must look different.

You did not check my link and ss02 out, did you?

Then tell me where to download that ss02 and install on PC for docx file and set default in browser?

Hasn't Inter been the default tech font for the last 5 years or so by virtue of being the default font in Figma? The Times New Roman of UI.

I think you have it the other way around.

It's not used because it's the default font in Figma.

It's the fact that it's the best modern alternative to Helvetica, making it universally useful and therefore the default in Figma.

Incidentally, I'll forever mourn that the designers didn't choose to go with a glyph for "1" that is closer to the one in Helvetica.

Inter is the default in Figma because the first designer at Figma was the guy who created it.

Huh, TIL. Thank you!

I guess I can try to argue that it if it weren't as generally useful as Helvetica it wouldn't have been made the default in Figma and it wouldn't be, well, so generally used.

Hah, this one can go on Wikipedia as an example for "chicken or the egg"! IMO, there's probably a number of other fonts that could've been chosen rather than Inter as default Figma font, and if they had been, they'd now be more ubiquitous than Inter. Of course, we'll never know. Unless someone here is looking to do a research study into popularity of fonts over time compared to popularity of Figma and seeing how strong the correlation is - maybe a weekend project for someone into typography ;)

Oh, is that why everyone uses it? I just assumed people wanted knockoff San Francisco on purpose

Ah, it initially appeared that the capital I and the lowercase L have identical-looking glyphs. But scrolling down, I see the ss02 and tnum features add noticeable glyphs. Looks like a nice typeface.

Inter has also become my default.

Nice. Inter even has "U+1E9E" "Latin Capital Letter Sharp S" and two lower case sharp s variants as well.

Is U+1E9E used for anything besides ALLCAPS text?

Probably not.

Inter or linter?

Feature ss02 Disambiguation (one of many)

Alternate glyph set that increases visual difference between similar-looking characters.

Why isn't it the default? :( I'm rarely in control of how a font is used.

My full list of ambiguous letters, from https://gajus.com/blog/avoiding-visually-ambiguous-character...

- O / 0 - I / l / 1 / 7 - 5 / S - 2 / Z - 8 / B - 6 / G - 9 / q / g

I use the following:

  $ cat passgen.sh                                                           
  #!/bin/sh
  export LC_ALL=C
  printf "%.16s\n" "$(/usr/bin/openssl rand -base64 32 | /usr/bin/tr -d 'lIOSBGZ')"

This way if it looks like a number then it is. I don't usually mess up q/g and u/v with my fonts but its easy enough to ban more characters.

O / D can also be an issue with some fonts.

Likewise the absence of a stroke through the zero. Without context, for example in a Wifi password, indistinguishable from uppercase letter O.

I really enjoyed reading through [1] as it gives a lot of insight into what goes into making a font. However I wonder what incentives does IBM have for putting this much work into making it public, accessible and widely used. Wouldn't the ubiquity of the font make it less strong for their brand identity?

It says "IBM" in the name so I'm actually often reminded of the company via seeing the font in the wild.

And somehow they did seem to capture a distinctive IBM vibe when designing it, whilst still making it general enough to be used by everyone else

That's why I love the Readex Pro font. It also has glyphs for Arabic and a lot more languages in the same file, so I can use one font file for everything.

Depending on your phone manufacturer, zFont 3 has been solid for me for setting system wide fonts.

I have Iosevka for everything I can set a custom font to.

Plex Monospace is great for coding as well.

yes. zed has a fork too https://github.com/zed-industries/zed-fonts

I agree with other comments that this research treads a fine, unethical line. Did the authors responsibly disclose this, as is often done in the security research community? I cannot find any mention of it in the paper. The researchers seem to be involved in security-related research (first author is doing a PhD, last author holds a PhD).

At least arxiv could have run the cleaner [1] before the print of this pre-print (lol). If there was no disclosure, then I think this pre-print becomes unethical to put up.

> leading to the identification of nearly 1,200 images containing sensitive metadata. The types of data represented vary significantly. While device information (e.g., the camera used) or software details (such as the exact version of Photoshop) may already raise concerns, in over 600 cases the metadata contained GPS coordinates, potentially revealing the precise location where a photo was taken. In some instances, this could expose a researcher’s home address (when tied to a profile picture) or the location of research facilities (when images capture experimental equipment)

Oof, that's not too great.

[1] https://github.com/google-research/arxiv-latex-cleaner

Having arXiv run the cleaner automatically would definitely be cool. Although I've found it non-trivial to get working consistently for my own papers. That said, it would be nice if this was at least an option.

Leaks of read/write access to documents and GitHub, Dropbox etc credentials is certainly worrying, but location and author/photographer details in photo metadata? That's quite a stretch, and seems like the authors here are just trying to boost the numbers.

The vast majority (I would wager >(100 - 1e-4)) of location of research institutions is public knowledge and can be found out by simply googling the institution address (I am not aware of a single research institution that publishes publically where the location is confidential).

This is a wonderful write-up and a very enjoyable read. Although my knowledge about systems programming on ARM is limited, I know that it isn't easy to read hardware-based time counters; at the very least, it's not as simple as the x86 rdtsc [1]. This is probably why the author writes:

> This code is more complicated than what I expected to see. I was thinking it would just be a simple register read. Instead, it has to write a 1 to the register, and then delay for a while, and then read back the same register. There was also a very noticeable FIXME in the comment for the function, which definitely raised a red flag in my mind.

Regardless, this was a very nice read and I'm glad they got down to the issue and the problem fixed.

[1]: https://www.felixcloutier.com/x86/rdtsc.

Bear in mind that the blog post is about a 32 bit SoC that's over a decade old, and the timer it is reading is specific to that CPU implementation. In the intervening time both timers and performance counters have been architecturally standardised, so on a modern CPU there is a register roughly equivalent to the one x86 rdtsc uses and which you can just read; and kernels can use the generic timer code for timers and don't need to have board specific functions to do it.

But yeah, nice writeup of the kinds of problem you can run into in embedded systems programming.

Are you talking about Shar?

https://en.wikipedia.org/wiki/Shar_(file_format)

That was a neat idea back in the day but should disallowed now. Running downloaded executables considered harmful.

> Running downloaded executables considered harmful

Most executables are downloaded. :)

Not in the "Installation: just run `docker run kekw/our-shiny-ai-chatbot` in your shell" world we're living today.

I think the better example is the all-too-common: “Installation: Just run `curl -sL http://goo.gl/hsjdiNgtehsn | sudo bash`”

> This was in snapshots for more than 2 months, and only spotted one other program depending on the behaviour (and that test program did not observe that it was therefore depending in incorrect behaviour!!)

Fascinating. I wonder what that program is, and why it depends on the NUL character.

> Every 20 hours in South Africa a rhino dies for its horn.

I didn't know this statistic before - this is disheartening.

Here’s another one : between 24 and 150 animal species go extinct probably every day !

> current extinctions were ‘up to 100 times higher than the background rate.’

https://e360.yale.edu/features/global_extinction_rates_why_d...

Previous discussion from 2021: https://news.ycombinator.com/item?id=29269584

Zooming out, panning around, and seeing the milky is... jaw dropping in a way. I know it's silly because we've seen SO many photos of the universe, but I still get the goosebumps every time I think about it. And the detail too! You can really zoom in.

I tried to look for the moon, but it looks like it's not possible: https://old.reddit.com/r/askscience/comments/rwynmt/could_th...

If you host your own instance:

> SearXNG protects the privacy of its users in multiple ways regardless of the type of the instance (private, public). Removal of private data from search requests comes in three forms:

> 1. removal of private data from requests going to search services

> 2. not forwarding anything from a third party services through search services (e.g. advertisement)

> 3. removal of private data from requests going to the result pages

From: https://docs.searxng.org/own-instance.html#how-does-searxng-...

The docs mention a caveat below at "What are the consequences of using public instances?":

> If someone uses a public instance, they have to trust the administrator of that instance. This means that the user of the public instance does not know whether their requests are logged, aggregated and sent or sold to a third party.

All of that is fine but by simply having your IP, Google can continue to profile you in countless ways with data they collect in other ways and it wouldn't be expensive for them at all.

SearX acts as a proxy, you are not submitting your IP to Google.

i think since 'IP address' has become something of a baseline non-technical understanding of one of the critical components of networking, it becomes increasingly difficult for non-netpeeps to fully grasp the many uses and non-uses of addressing.

a proxy (or proxies) and how they can shield but one or many of ' your' IP addresses throughout an egress packet's many hops (and from who or what destination it or those addresses can be shielded) is a pretty advanced concept when you think about it.

not to mention that, at this point, bare source IP address is a pretty dilute tracker compared to other current methods of identity profiling or traffic fingerprinting.

nice succint correction on your part regardless.

We're talking about self hosting, right? The proxy is using the same IP.

if self-hosting, that may very well be correct.

a few examples of a self-hosted design that would not, include policy-based routing over a VPN with one or multiple tunneled hops, or through another external proxy. (and then there's also that 'onion' routing 'protocol' there—but i'm not clear if/how that integrates with clearnet destinations like publicly-accessible search engines if at all.)

Looks like it's a firefox thing. I tested in Ungoogled Chromium and it works fine for me too.