🪤 AI Coding Assistants Secretly Copying All Code to China - Schneier on Security
Andy Piper
boosted
This might be worth a PSA - if you use #VSCode via Snap, every file you delete inside VSCode is not actually getting deleted. It goes to a "Trash" folder in the ~/snap/code/current/Trash and never (ever) gets deleted. Last year I found I had 44 GB in undeleted files, in that GitHub issue this is happening to a lot of people.
There's been an open bug ticket for over a year: https://github.com/microsoft/vscode/issues/233649#issuecomment-3830929735
This might be worth a PSA - if you use #VSCode via Snap, every file you delete inside VSCode is not actually getting deleted. It goes to a "Trash" folder in the ~/snap/code/current/Trash and never (ever) gets deleted. Last year I found I had 44 GB in undeleted files, in that GitHub issue this is happening to a lot of people.
There's been an open bug ticket for over a year: https://github.com/microsoft/vscode/issues/233649#issuecomment-3830929735
☣️ Threat Actors Expand Abuse of Microsoft Visual Studio Code
「 Jamf Threat Labs identified additional abuse of Visual Studio Code tasks.json configuration files. This included the introduction of dictionary files containing heavily obfuscated JavaScript, which is executed when a victim opens a malicious repository in Visual Studio Code 」
Nogic – VS Code extension that visualizes your codebase as a graph
https://marketplace.visualstudio.com/items?itemName=Nogic.nogic
#HackerNews #Nogic #VSCode #Graph #Visualization #Codebase #Extension
Jan :rust: :ferris:
boosted
KeelTest – AI-driven VS Code unit test generator with bug discovery
#HackerNews #KeelTest #AI #VSCode #unit #tests #bug #discovery #tools
I switched from VSCode to Zed
https://tenthousandmeters.com/blog/i-switched-from-vscode-to-zed/
#HackerNews #VSCode #Zed #Switch #Coding #Experience #Developer #Tools
pvergain (framapiaf)
boosted
ty, l' #outil édité par Astral, qui vérifie la cohérence des annotations de typage dans une base de code #Python passe en version beta : https://astral.sh/blog/ty
Et pour les personnes qui utilisent #codium ou #vsCode, il existe une extension : https://marketplace.visualstudio.com/items?itemName=astral-sh.ty
Esther Payne :bisexual_flag:
boosted
X Writer – Tweet from VS Code Without Distractions (BYOK, Open Source)
https://github.com/Jawuilp/X-writer
#HackerNews #XWriter #VSCode #OpenSource #DistractionFree #Tweeting #BYOK
ty, l' #outil édité par Astral, qui vérifie la cohérence des annotations de typage dans une base de code #Python passe en version beta : https://astral.sh/blog/ty
Et pour les personnes qui utilisent #codium ou #vsCode, il existe une extension : https://marketplace.visualstudio.com/items?itemName=astral-sh.ty
After many years with #VSCode, I think #Zed will become my new go-to editor. Apart from the huge performance boost, there are several features and UI details that simplify my workflow.
I also enjoy how despite being written in #Rust, there are plenty of ways to customise the experience via settings and extensions.
A very promising future for #softwareDevelopment
jbz
boosted
💰 Eventually all autocomplete features will be replaced by Copilot.
「 the AI extension of Copilot in VS Code, which, however, only offers a free volume of 2,000 suggestions – a limit that developers quickly reach, as Copilot makes a suggestion with every input. From then on, users will need a paid license. The use of IntelliCode required a local model, but was therefore unlimited and free 」
💰 Eventually all autocomplete features will be replaced by Copilot.
「 the AI extension of Copilot in VS Code, which, however, only offers a free volume of 2,000 suggestions – a limit that developers quickly reach, as Copilot makes a suggestion with every input. From then on, users will need a paid license. The use of IntelliCode required a local model, but was therefore unlimited and free 」
ajuvo ✔
boosted
GlassWorm has resurfaced with 24 malicious extensions posing as popular developer tools across Visual Studio Marketplace and Open VSX. The campaign uses Rust implants, Solana-based C2, and inflated download stats to slip harmful updates into trusted environments.
This wave shows how supply-chain attacks continue evolving by blending seamlessly into developer workflows.
What protections do you think dev ecosystems should prioritize next?
Follow us for consistent, unbiased cybersecurity coverage.
#infosec #glassworm #supplychainsecurity #devsecops #vscode #openvsx #malware #threatintel #securityresearch #technadu
GlassWorm has resurfaced with 24 malicious extensions posing as popular developer tools across Visual Studio Marketplace and Open VSX. The campaign uses Rust implants, Solana-based C2, and inflated download stats to slip harmful updates into trusted environments.
This wave shows how supply-chain attacks continue evolving by blending seamlessly into developer workflows.
What protections do you think dev ecosystems should prioritize next?
Follow us for consistent, unbiased cybersecurity coverage.
#infosec #glassworm #supplychainsecurity #devsecops #vscode #openvsx #malware #threatintel #securityresearch #technadu