| ▲ | fg137 5 hours ago | |||||||||||||||||||||||||
The (lack of) security of VSCode has always been astounding. People have asked for sandboxing extensions for years [0] with little to no progress, and issues have been discussed a lot (e.g. [1][2]). I guess it hasn't been a big issue, likely because most developers are not complete idiots. But it only takes one developer and one bad extension to consequences like this. I mean, I understand that it is hard to sandbox Node.js applications, but apparently Microsoft has put way more effort into their Copilot slop than security. [0] https://github.com/microsoft/vscode/issues/52116 | ||||||||||||||||||||||||||
| ▲ | Atotalnoob 19 minutes ago | parent | next [-] | |||||||||||||||||||||||||
You don’t have to be an idiot to be hacked. A legit extension can be sold or compromised due to no fault of the engineer Don’t attack individuals for mistakes of a system. | ||||||||||||||||||||||||||
| ▲ | bbor 3 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||
I am so, so stressed about Sublime Text... It feels like a massive disaster just waiting to happen. They don't even run their own package marketplace :( | ||||||||||||||||||||||||||
| ▲ | zx8080 4 hours ago | parent | prev | next [-] | |||||||||||||||||||||||||
> but apparently Microsoft has put way more effort into their Copilot slop than security. Your security or their money (selling Copilot to enterprise customers): what would they choose, hmm? Surprise! | ||||||||||||||||||||||||||
| ▲ | ozim 3 hours ago | parent | prev [-] | |||||||||||||||||||||||||
Why would you sandbox extension? Just don’t install crap maybe. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||