So basically an homograph attack, in this case to dodge code reviews?
This reminds me of Bruce Schneier's article "Unicode is too complex to ever be secure", except in this case ASCII too apparently ; )
Which makes me wonder: for such sensitive programming languages, shouldn't the specs be much more restrictive and for example only allow 'A' to 'Z' in variable names, no digits, no lowercases, etc.?
Or shouldn't there be a linter as part of the standard tooling which warns if there are two variables or functions with similar looking names? It could also check for similar looking hex strings, which would have caught the off-by-one hashes.
This reminds me of Bruce Schneier's article "Unicode is too complex to ever be secure", except in this case ASCII too apparently ; )
Which makes me wonder: for such sensitive programming languages, shouldn't the specs be much more restrictive and for example only allow 'A' to 'Z' in variable names, no digits, no lowercases, etc.?