frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

A Tale of Two Standards, POSIX and Win32 (2005)

https://www.samba.org/samba/news/articles/low_point/tale_two_stds_os2.html
1•goranmoomin•2m ago•0 comments

Ask HN: Is the Downfall of SaaS Started?

1•throwaw12•3m ago•0 comments

Flirt: The Native Backend

https://blog.buenzli.dev/flirt-native-backend/
2•senekor•5m ago•0 comments

OpenAI's Latest Platform Targets Enterprise Customers

https://aibusiness.com/agentic-ai/openai-s-latest-platform-targets-enterprise-customers
1•myk-e•8m ago•0 comments

Goldman Sachs taps Anthropic's Claude to automate accounting, compliance roles

https://www.cnbc.com/2026/02/06/anthropic-goldman-sachs-ai-model-accounting.html
2•myk-e•10m ago•3 comments

Ai.com bought by Crypto.com founder for $70M in biggest-ever website name deal

https://www.ft.com/content/83488628-8dfd-4060-a7b0-71b1bb012785
1•1vuio0pswjnm7•11m ago•1 comments

Big Tech's AI Push Is Costing More Than the Moon Landing

https://www.wsj.com/tech/ai/ai-spending-tech-companies-compared-02b90046
1•1vuio0pswjnm7•13m ago•0 comments

The AI boom is causing shortages everywhere else

https://www.washingtonpost.com/technology/2026/02/07/ai-spending-economy-shortages/
1•1vuio0pswjnm7•15m ago•0 comments

Suno, AI Music, and the Bad Future [video]

https://www.youtube.com/watch?v=U8dcFhF0Dlk
1•askl•17m ago•1 comments

Ask HN: How are researchers using AlphaFold in 2026?

1•jocho12•20m ago•0 comments

Running the "Reflections on Trusting Trust" Compiler

https://spawn-queue.acm.org/doi/10.1145/3786614
1•devooops•24m ago•0 comments

Watermark API – $0.01/image, 10x cheaper than Cloudinary

https://api-production-caa8.up.railway.app/docs
1•lembergs•26m ago•1 comments

Now send your marketing campaigns directly from ChatGPT

https://www.mail-o-mail.com/
1•avallark•29m ago•1 comments

Queueing Theory v2: DORA metrics, queue-of-queues, chi-alpha-beta-sigma notation

https://github.com/joelparkerhenderson/queueing-theory
1•jph•41m ago•0 comments

Show HN: Hibana – choreography-first protocol safety for Rust

https://hibanaworks.dev/
5•o8vm•43m ago•0 comments

Haniri: A live autonomous world where AI agents survive or collapse

https://www.haniri.com
1•donangrey•44m ago•1 comments

GPT-5.3-Codex System Card [pdf]

https://cdn.openai.com/pdf/23eca107-a9b1-4d2c-b156-7deb4fbc697c/GPT-5-3-Codex-System-Card-02.pdf
1•tosh•57m ago•0 comments

Atlas: Manage your database schema as code

https://github.com/ariga/atlas
1•quectophoton•1h ago•0 comments

Geist Pixel

https://vercel.com/blog/introducing-geist-pixel
2•helloplanets•1h ago•0 comments

Show HN: MCP to get latest dependency package and tool versions

https://github.com/MShekow/package-version-check-mcp
1•mshekow•1h ago•0 comments

The better you get at something, the harder it becomes to do

https://seekingtrust.substack.com/p/improving-at-writing-made-me-almost
2•FinnLobsien•1h ago•0 comments

Show HN: WP Float – Archive WordPress blogs to free static hosting

https://wpfloat.netlify.app/
1•zizoulegrande•1h ago•0 comments

Show HN: I Hacked My Family's Meal Planning with an App

https://mealjar.app
1•melvinzammit•1h ago•0 comments

Sony BMG copy protection rootkit scandal

https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
2•basilikum•1h ago•0 comments

The Future of Systems

https://novlabs.ai/mission/
2•tekbog•1h ago•1 comments

NASA now allowing astronauts to bring their smartphones on space missions

https://twitter.com/NASAAdmin/status/2019259382962307393
2•gbugniot•1h ago•0 comments

Claude Code Is the Inflection Point

https://newsletter.semianalysis.com/p/claude-code-is-the-inflection-point
4•throwaw12•1h ago•3 comments

Show HN: MicroClaw – Agentic AI Assistant for Telegram, Built in Rust

https://github.com/microclaw/microclaw
1•everettjf•1h ago•2 comments

Show HN: Omni-BLAS – 4x faster matrix multiplication via Monte Carlo sampling

https://github.com/AleatorAI/OMNI-BLAS
1•LowSpecEng•1h ago•1 comments

The AI-Ready Software Developer: Conclusion – Same Game, Different Dice

https://codemanship.wordpress.com/2026/01/05/the-ai-ready-software-developer-conclusion-same-game...
1•lifeisstillgood•1h ago•0 comments
Open in hackernews

Show HN: Dotenv Mask Editor: No more embarrassing screen leaks of your .env

https://marketplace.visualstudio.com/items?itemName=xinbenlv.dotenv-mask-editor
28•xinbenlv•2w ago
Hi HN,

I built this because I often work in coworking spaces or do screen sharing, and I've always had this fear of accidentally flashing my .env file with production secrets to the whole room (or recording).

It’s a simple VS Code extension that opens .env files in a custom grid editor. It automatically masks any value longer than 6 characters so I can safely open the file to check keys without exposing the actual secrets.

It runs 100% locally with zero dependencies (I know how sensitive these files are). It just reads the file, renders the grid, and saves it back as standard text.

It's open source (MIT) and I'd love any feedback on the masking logic or other features that would make it safer to use.

Marketplace: https://marketplace.visualstudio.com/items?itemName=xinbenlv... Github https://github.com/xinbenlv/dotenv-mask-editor

Comments

theozero•2w ago
Better than masking them in a file, get them out of the file entirely! Pull them declaratively instead - https://varlock.dev

This tool also redacts from your logs if working in js.

verdverm•2w ago
This appears to be the only comment you make on HN

https://news.ycombinator.com/threads?id=theozero

Using HN less like a marketing platform would be appreciated

NewJazz•2w ago
What does this offer that a scriptlet that sets the envvars doesn't?
svgeek•2w ago
OMG,I wish I had this years ago!
xinbenlv•2w ago
Thanks, glad you liked it!
__MatrixMan__•2w ago
I recently made this as a component in a larger project https://gist.github.com/MatrixManAtYrService/7fc7fb05474d971...

The idea is that even if you can't see the full data for some reason (space constraints, in my case), different values will appear styled differently even if the non-hidden characters don't differ.

I'm not sure how easy/hard vscode makes this, bit it might be fun to use a hash of the secret (salted by that character's index) to determine the back/foreground colors of the *'s

That way even though you can't see the secret, you can tell that it has changed. Also you're in a position to notice if two hidden secrets are the same (this might clue the user into a mistake, like if they didn't actually copy what they think they copied and are instead pasting the previous thing.

dietr1ch•2w ago
> I've always had this fear of accidentally flashing my .env file with production secrets to the whole room (or recording).

Can't you just intersperse entries with multiple-screens-worth of blank lines, or add noisy variables?

I'm thinking that 120 blank lines at the beginning and the end might be enough though, no need to make the file really hard to use.

xinbenlv•1w ago
That's a good idea too, thanks for the suggestion
dietr1ch•1w ago
Also, now that I think about it you could source the super secret stuff from a second file and keep the .env file publicly readable and available for quick edits while streaming
esperent•2w ago
I recently got a phone with a high zoom level - once you factor in digital zooming it's 20x. The photo quality at that zoom level is trash, but it absolutely could be used to read text from people's laptop screens from across a big room, or even another building through a window.

Of course, real cameras have always had this kind of zoom level. The difference is that now, someone could appear to be browsing on their phone from very far away, but actually be reading text on your laptop screen.

It's much more likely they'll be looking for credit card details or something like that rather than .env secrets. But I guess it's better safe than sorry if you frequently work in a public, tech focused environment like a big coworking space.

We're talking someone sitting with their phone 50 meters away from you being able to read text on your laptop screen. That's about the distance where a person with good vision will struggle to recognize faces.

verdverm•2w ago
Would they need something to help with stabilization at that zoom and distance?
canadiantim•2w ago
A selfie tripod
esperent•2w ago
Like sitting at a table and resting their phone on it, sure.
globular-toast•2w ago
Why would you have "production secrets" in a .env file in the first place? I feel like that's the real problem here.
xinbenlv•2w ago
We use infiscial and other mechanism but hey, wouldn't it be nice to have one less square inch of attack surface?
globular-toast•2w ago
Why not have one less square mile of attack surface by not having secrets in a .env file in the first place?

What are people doing that requires something like this?

pjjpo•2w ago
I think it's common to have dev not production secrets there, and am reading the blurb about production secrets as non-local secrets. Even dev keys are a pain if they get leaked.

The idea seems nice with a simple yet effective implementation. While I think I currently have a shell script syntax highlight plugin reading env files, it's definitely overkill. Now if only this could protect from random npm packages reading your env files...

dissent•2w ago
This implies there's some kind of shared resource out there on the network that your devs are developing on. Why not make all these resources part of your local dev stack, served on localhost, and use dummy credentials? You can even commit them because they're not sensitive.
pjjpo•2w ago
Ok ok, it is indeed keys to AI APIs. I know it's not kosher to admit to that on HN anymore but it's the reality for me at least. Unfortunately local models just can't support development of products using them.
xinbenlv•1w ago
Thanks @pjjpo, exactly. My bad to confuse people, no we don't put real prod-prod credentials in .env. We use mechanisms to ensure separation of secrets. Thank you for saying that it's a simple yet effective implementation. If you try it and let us know your feedback.
electromech•2w ago
or, don't put secrets in .env files...
ReluctantLaser•2w ago
I feel I see these solutions somewhat often, but you can execute a command and use that as a value. To me, I'm not sure why people aren't calling their secret store as part of it. I use direnv mostly, but seems `.env` supports the same thing. e.g:

MY_SECRET=$(pass show path/to/my/secret)

Of course substitute that for Vault/SSM/whatever. There are other solutions to this problem too, but I show this to people as there's so little friction to using it.

As for the solution itself, we shouldn't really be storing secrets as plain text wherever we can help it. Masking them feels like a kludge.

legitimate_key•1w ago
Congrats on the launch! This resonates - I've dealt with the "accidentally exposed credentials during a demo" problem a lot.

The .env file is one of the most common culprits, but I've found the problem extends beyond just one file type. What I've learned:

The broader challenge: - .env files in code editors - Config files in various formats (YAML, JSON, TOML) - Database GUIs (showing connection strings, table data) - API tools (Postman, Insomnia showing auth tokens) - Browser tabs (logged into admin panels, showing URLs with tokens) - Terminal windows (commands with API keys) - Slack/email windows (messages with sensitive info)

Most solutions are file-type specific or app-specific. But during a screen share, the sensitivity context switches constantly - one moment you're in VS Code, next you're in a browser, then Postman, then back to the terminal.

How did you decide to focus on .env files specifically vs. trying to tackle the broader problem? Curious about your thinking on scope vs. coverage trade-offs.

Also, what's your approach to detecting what qualifies as a "secret" that needs masking? Pattern matching, or something more sophisticated?