> If you did 'dotenvx run -- env', all your secrets would be printed right there in plaintext

Same for sops.

> The equivalent in vercel would be encrypted in the database (the encrypted '.env' file), with a decryption key in the backend

The encrypted .env file is actually committed to source code, and the decryption key is placed in Vercel's environment variables dashboard. The attacker only gained access to the latter here if using dotenvx so they can't get your secrets. Unless they also gained access to the codebase in which they have terabytes of data to go through and match up private keys from the database with encrypted .env files from the source code exfiltration - much more effort for attackers.

Creator of dotenvx here.

There is no silver bullet, but Dotenvx splits your secrets into two separate locations.

1. The private decryption key - which lives on Vercel in this example 2. The encrypted .env file which lives in your source code pushed to Vercel

Attackers only got access to the first (as far as I know was reported). So your secrets would be safe in this attack if using Dotenvx. (A private key is useless without its corresponding encrypted .env file. Attackers need both.)

The whitepaper goes into the problem and solution in more detail: https://dotenvx.com/whitepaper.pdf

Encrypting your .env file with dotenvx, or something similar, can help mitigate this need for trust.

> developers could still potentially commit private keys the repo or commit the decrypted env file

to prevent this, use:

$ dotenvx ext precommit --install

I've tried all four, and Render is the closest experience to Heroku. It still isn't as easy to use as Heroku, but it is close.

> people are most comfortable being around people like themselves

Inertia. This is everything. It takes effort to be around people unlike those currently around you.

We all have personal biases against the strata economically above us and below us. I think most of the individuals that move up economically are able to get beyond these biases for one reason or another. Otherwise, even the most hardworking individuals tend to self-sabotage when they start to feel out of place.

I love the look of the Punkt. I ordered one 3 years ago but because of delays, and then Covid, gave up on receiving it. They issued me a refund but I'd still like to get one - in a reasonable amount of time.

Anyone have one and like it? Or recommend a different dumb phone?

1. On twitter

2. Start building. It will attract people. Don't go out and find them.

I posted this myself as well a couple days ago.

I was personally interested in HCQ before Trump ever tweeted it - turning it political. It was looking promising and still does.

After further personal study, I would like the conversation to continue.

Generic drugs [1]

[1] https://energycommerce.house.gov/sites/democrats.energycomme...