 
      
  
              From VS Code to Helix
 
      
  
            #Tag
 
      
  
              From VS Code to Helix
 
      
  
            I spend a lot of my work and personal time typing text and code. Using VS Code was a no-brainer. Everyone uses it. Every project support it. And it Just Works™.
But what if I wanted to use smaller, simpler, standardized tools? As someone who never managed to get into (Neo)Vim, Helix has been an epiphany. It's not as scary as I thought.
The 80s called, and they want to give us our freedom back.
Looks like blockchains have finally found a serious use case, just maybe not the one predicted/hoped for...
This article is about #Glassworm, the latest major exploit in JavaScript-land, targetting VSCode and using #Solana as command infrastructure and Google Calendar events as backup. It's full of novel attack techniques and as they say in the article themselves: "this is absolutely brilliant (and terrifying)". All in all, a different form of "creative coding"...
"The malware is hunting for credentials:
- NPM authentication tokens - to publish malicious packages
- GitHub tokens - to compromise repositories
- OpenVSX credentials - to inject more extensions
- Git credentials - to push malicious code
- 49 different cryptocurrency wallet extensions - targeting MetaMask, Phantom, Coinbase Wallet, and dozens more"
Severe performance penalty found in VSCode rendering loop
https://github.com/microsoft/vscode/issues/272155
#HackerNews #VSCode #Performance #Rendering #Issue #Microsoft #GitHub #TechNews #Coding
Looks like blockchains have finally found a serious use case, just maybe not the one predicted/hoped for...
This article is about #Glassworm, the latest major exploit in JavaScript-land, targetting VSCode and using #Solana as command infrastructure and Google Calendar events as backup. It's full of novel attack techniques and as they say in the article themselves: "this is absolutely brilliant (and terrifying)". All in all, a different form of "creative coding"...
"The malware is hunting for credentials:
- NPM authentication tokens - to publish malicious packages
- GitHub tokens - to compromise repositories
- OpenVSX credentials - to inject more extensions
- Git credentials - to push malicious code
- 49 different cryptocurrency wallet extensions - targeting MetaMask, Phantom, Coinbase Wallet, and dozens more"
“GlassWorm isn't just another supply chain attack. It's using stealth techniques we've never seen before - invisible Unicode characters that make malicious code literally disappear from code editors. Combine that with blockchain-based C2 infra that can't be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected dev into a criminal proxy node.”
#technology #attack #security #cybersecurity #malware #vscode
Verwendet ihr #VSCode? Dann sagt Hallo zum #GlassWorm. 😉
Er stiehlt Zugangsdaten und nutzt das, um sich weiter zu verbreiten. Auf euren Rechnern sucht er nach Wallts für Kryptowährungen und installiert #VNC.
Als Backup-C&C-Server wird der Google Calender genutzt.
Verwendet ihr #VSCode? Dann sagt Hallo zum #GlassWorm. 😉
Er stiehlt Zugangsdaten und nutzt das, um sich weiter zu verbreiten. Auf euren Rechnern sucht er nach Wallts für Kryptowährungen und installiert #VNC.
Als Backup-C&C-Server wird der Google Calender genutzt.
“GlassWorm isn't just another supply chain attack. It's using stealth techniques we've never seen before - invisible Unicode characters that make malicious code literally disappear from code editors. Combine that with blockchain-based C2 infra that can't be taken down, Google Calendar as a backup command server, and a full remote access trojan that turns every infected dev into a criminal proxy node.”
#technology #attack #security #cybersecurity #malware #vscode
people don't have a good answer for visual studio community edition when they talk about switching to linux. there are other ides that run on linux that potentially rival it in quality but i wouldn't know since i can't afford those. and the free alternative (vscode) is just flat out worse
say what you want about microsoft but if it weren't for their free offerings of visual studio i probably wouldn't even have a gamedev career
edit: non-commercial is incompatible with the whole "career" thing
En formation, j'ai un peu mieux découvert le monde merveilleux créé par Microsoft pour le #devops etc.
Par exemple, cette extension VS Code officielle qui permet de faire un ssh + une sorte de sshfs sur toutes les machines déclarées dans notre ~/.ssh/config… et qui y dépose le code d'un serveur VS Code de 230 Mo (508 répertoires, 1585 fichiers) sans doute pour assurer cette fonctionnalité ! 
Je suis retourné aussi sec sous  #emacs et sshfs.
The more I think about it, the more it seems to me that in this day and age with all the modern threats having a text editor that is capable to not only connect to the Internet, but also install some code packages from repositories (and probably do dependency resolving) is a recipe to catastrophe. Sooner or later.
It's probably one thing when you use a curated list of half a dozen addons that you can even personally peruse (or even contribute to). It's a whole other thing when you use some huge "distro" with probably hundreds of packages that also receive constant updates you cannot possibly control.
It's mostly about #Emacs, of course, but  #vim is fully capable of it too. I won't even mention the likes of #VSCode.
We had a fair share of supply chain attacks in the recent years (npm, pip, even xz in some way). No reason to think no one's gonna use this channel of attack.
Maybe it's just my fibs. But there is some uneasy feeling about the fact that you edit, perhaps, extremely private, personal or sensitive texts while your editor runs some background code doing who knows what. It's one thing to trust people who wrote vim or Emacs and a whole other thing to trust a hundred other unknown parties at the same time.
A space for Bonfire maintainers and contributors to communicate