this post was submitted on 02 Oct 2023
1377 points (96.8% liked)
Programmer Humor
19463 readers
30 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
When it's A FUCKING SECURITY issue, I know damn well what I'm talking about.
Again you do not because the world consists of more than your interests and job description.
I know damn well what I'm talking about when someone could get scammed on "apple.com" but with a Cyrillic A.
You know the problem but not the set of reasonable or practical solutions.
Anyways I and l look identical too in many fonts. Should we make them the same letter?
No, but that's what Unicode does.
The solution is to force font creators to be fucking reasonable, just like how the Cyrillic A looks exactly like the Latin A. They are the same letter. The letters L and I are totally different (in handwriting at least)
They already did that for CJK. Make characters that look the same in handwriting b have be same codepointer.
I and l also look identical in many fonts. So you already have this problem in ascii. (To say nothing of all the non-printing characters!)
If your security relies on a person being able to tell the difference between two characters controlled by an attacker your security is bad.
The problem is when you can register "apple.com" with the Cryillic A, fooling many.
The I l issue is caused by fonts, not by ASCII.
You really can't though. For several reasons. Which would have been apparent to you had you bothered to actually create your example link to http://аpple.com or to understand this problem.