Rendered at 15:30:22 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
Tangurena2 1 hours ago [-]
I've heard about these attacks but never really had the time to understood what was happening. Some of our junior devs use VS Code, so now we have something to point them at.
MeetingsBrowser 8 minutes ago [-]
Only juniors are suing VSCode? What are others using?
embedding-shape 2 hours ago [-]
Is this why Windows Defender is prompting me 2-3 times a day to submit my codex/config.toml to Microsoft for "malware analysis"? I've said no every time so far, since my first thought is "What could even be hidden there?" when I see the dialog yet again, I'm guessing Microsoft would love to see how people use their competitors' products though.
lstodd 2 hours ago [-]
You might as well click yes, since it's all been uploaded as telemetry anyways.
IcyWindows 1 hours ago [-]
Citation needed
giancarlostoro 10 minutes ago [-]
Hell I've seen things that shouldn't be up there just scooped up by Microsoft, I had to opt-out because it was just showing my PII look ups into my Microsoft accounts search history.
The final straw for me was when I saw that Microsoft Defender by default could send files to their servers for inspection, and I couldn't see what was sent previously, nor was this an opt-in option, it was on by default. I have anything from PII to highly proprietary things on my computer, I don't need them being "flagged" by Microsoft for arbitrary reasons. I have been on Linux full time for the last few years since.
bpt3 60 minutes ago [-]
It's far from a blindspot. People have been yelling about this from the rooftops for the last several years.
No one cares about security. People used to care for a fairly short period of time after something bad happened to them, but even that seems to have gone by the wayside as breaches, leaks, and use of exploited code has become normalized.
mikepurvis 11 minutes ago [-]
It's always been a discussion in packaging, around build/install/configure time, think like setup.py, Debian's postinst, etc.
The rise of editors that will own your system just by browsing to the wrong folder without opening or running anything is relatively speaking newer, but I think most people in HN audience should be able to intuit some of the risks, especially when untrusted PRs and semi-trusted LLM bots are in the mix with your "trusted" codebase.
https://support.microsoft.com/en-us/windows/windows-search-a...
The final straw for me was when I saw that Microsoft Defender by default could send files to their servers for inspection, and I couldn't see what was sent previously, nor was this an opt-in option, it was on by default. I have anything from PII to highly proprietary things on my computer, I don't need them being "flagged" by Microsoft for arbitrary reasons. I have been on Linux full time for the last few years since.
No one cares about security. People used to care for a fairly short period of time after something bad happened to them, but even that seems to have gone by the wayside as breaches, leaks, and use of exploited code has become normalized.
The rise of editors that will own your system just by browsing to the wrong folder without opening or running anything is relatively speaking newer, but I think most people in HN audience should be able to intuit some of the risks, especially when untrusted PRs and semi-trusted LLM bots are in the mix with your "trusted" codebase.