I recently got a phone with a high zoom level - once you factor in digital zooming it's 20x. The photo quality at that zoom level is trash, but it absolutely could be used to read text from people's laptop screens from across a big room, or even another building through a window.
Of course, real cameras have always had this kind of zoom level. The difference is that now, someone could appear to be browsing on their phone from very far away, but actually be reading text on your laptop screen.
It's much more likely they'll be looking for credit card details or something like that rather than .env secrets. But I guess it's better safe than sorry if you frequently work in a public, tech focused environment like a big coworking space.
We're talking someone sitting with their phone 50 meters away from you being able to read text on your laptop screen. That's about the distance where a person with good vision will struggle to recognize faces.
The idea is that even if you can't see the full data for some reason (space constraints, in my case), different values will appear styled differently even if the non-hidden characters don't differ.
I'm not sure how easy/hard vscode makes this, bit it might be fun to use a hash of the secret (salted by that character's index) to determine the back/foreground colors of the *'s
That way even though you can't see the secret, you can tell that it has changed. Also you're in a position to notice if two hidden secrets are the same (this might clue the user into a mistake, like if they didn't actually copy what they think they copied and are instead pasting the previous thing.
Bravo Founder and CEO of Namefi, but the DNS seems to resolve just fine. Do you understand the DNS space? Perhaps you could find out more using this little side project I've been working on: https://www.google.com/.
Of course, real cameras have always had this kind of zoom level. The difference is that now, someone could appear to be browsing on their phone from very far away, but actually be reading text on your laptop screen.
It's much more likely they'll be looking for credit card details or something like that rather than .env secrets. But I guess it's better safe than sorry if you frequently work in a public, tech focused environment like a big coworking space.
We're talking someone sitting with their phone 50 meters away from you being able to read text on your laptop screen. That's about the distance where a person with good vision will struggle to recognize faces.
The idea is that even if you can't see the full data for some reason (space constraints, in my case), different values will appear styled differently even if the non-hidden characters don't differ.
I'm not sure how easy/hard vscode makes this, bit it might be fun to use a hash of the secret (salted by that character's index) to determine the back/foreground colors of the *'s
That way even though you can't see the secret, you can tell that it has changed. Also you're in a position to notice if two hidden secrets are the same (this might clue the user into a mistake, like if they didn't actually copy what they think they copied and are instead pasting the previous thing.
Can't you just intersperse entries with multiple-screens-worth of blank lines, or add noisy variables?
I'm thinking that 120 blank lines at the beginning and the end might be enough though, no need to make the file really hard to use.
This tool also redacts from your logs if working in js.
https://news.ycombinator.com/threads?id=theozero
Using HN less like a marketing platform would be appreciated
But hey some tokenized crypto dns provider is probably much more reliable! lol