So, can they? I like the editor but I'm worried since so much functionality comes from extensions. How much malware is being distributed at this very moment, unnoticed?
github.com
Vscode extensions can upload your ssh keys to the botnet
Adam Perry
Other urls found in this thread:
github.com
github.com
twitter.com
Evan Bailey
If you don't do your coding in a sandboxed environment, you have only yourself to blame.
Daniel Flores
b-but my ssh keys are inside the sandbox
Evan Clark
use vscodium
Brandon Phillips
Imagine being this paranoid and downloading insecure editors that you have to sandbox them. Yikes.
Jeremiah Campbell
how much crap do you have to add to this shit just so it matches half the features from jetbrains ides?
Parker Brooks
this
Carter Johnson
Nolan Foster
If you’re gonna insult people at least act like English is your first language.
Jack Jenkins
Put passwords on your keys, faggot.
Jack Johnson
can't it read all keystrokes, execute anything that electron can? rce too
Hudson Smith
>coding
>in a web browser
smdh
Jackson Gutierrez
new guy here. So what's the best way to program then? Use a dedicated IDE for each language? Like intelliJ for Java, code blocks for C/C++, Rstudio for R etc?
Andrew Harris
Just use it in a snap, appimage, or flatpack.This is one of the rare cases where installing a bloated application through a bloated installer, actually pays off. I recommend installing your browser this way, too. The sand boxing is a nice advantage.
Julian Ward
searching the marketplace for PHP support, the most popular extension with millions of downloads uses this (background) github.com
why in the fuck would I use vscode if one of the most used languages has this kind of dogshit support
Liam Rivera
>appimage
not sandboxed
>snap flatpack
sandboxed chromium electron app inside another sandbox, but make sure to download the """clean""" vscodium builds that doesnt ship with ms telemetry
THE ABSOLUTE STATE OF SOFTWARE IN 2019 HOLY MOTHER OF GOD
Owen Brown
>not sandboxed
Whoops, I knew that. Appimages are only good because they run anywhere. Sorry for the misinformation.
Blake Allen
kek what do you think? their net core comes with telemetry.
Oliver Scott
Extensions cause the problem, not the telemetry module.
Ian Green
>having a telemetry module in the first place
bro
Thomas Collins
Yes, but the point is - using vscodium will not solve the problem.
I use neovim, btw :)
Landon Gomez
what password?
Brayden Campbell
Are you guys brain damaged? Every single fucking thing you execute can access anything you can access. Basic computing 101 ya fuckin moran.
Ayden Rivera
read the issue, retard
John Walker
not him, but the issue is fucking long
tl;dr
Blake Jackson
Sandboxing is not save. How many more times do guys need to be fucked in the ass by cpu vulnerabilities to get it in your head?
Nothing is saver than vetted software provided by your distribution, anything else sucks ass and is a security nightmare, sandboxing be damned. And no, your feeble attempts at "patching" that shit never works, proven by monthly doses of "spectre/meltdowns/schroom" bullshit. Proprietary CPUs are inherently unsafe and no amount of bandaid fixes that shit. You can bet your ass that arm gets their share of vulns exposed too ass soon as they destroyed x86.
Isaac Brown
imagine installing and running untrusted code without at least using firejail to keep it away from your data
Jordan Anderson
I only use it for work, so I don't really care
Joshua Mitchell
still waiting for an answer, are indians not up yet?