I browsed author own codebase and the first thing I saw is 150 lines of C# reimplementing functions available in the .NET standard lib.
An LLM that propose autocompletion for whole line/function.
the most recent Cloudflare drama.
It was made up by a shitty illegal crypto casino:
https://news.ycombinator.com/item?id=41091144
They’ve been known to fuck customers before but I can’t really find specific examples.
Of course you can’t find specific examples because they are known to be great with customers.
I shouldn’t comment just after waking up.
Instead of changing the symbol, we can ask the unicode committee to put the current fediverse symbol in the unicode.
Damn now I noticed i did tons of mistake/types there ^^'.
Thanks you too
I checked the logic and there is no rce.
Tons of devtools summons cmd.exe and do networks. Their claim is that more than 10% of the vscode marketplate is malicious package (i just divided the number of extensions they says is malicious, by the number of extensions)
You can install themes directly from the theme selector.
Thing is, tons of code extensions have an RCE in one form or another, but they always hit a localhost, or configurable IP.
How do there automated analysis did any difference ?
Tons of extensions summon the cmd to summon the language devtools, their automated analysis flagged tons of package and they infer millions of infeections from that.
They made themselves the extensions.
If you are talking about the other reverse shell, it hit a local IP address.
inside hundreds of organisations (not hundred of installs)
At the time of the article, the extension listed around 300 hundred installation on the VS marketplace. There is a lot of bots downloading packages, one extension i contribute to, and nobody use it except 3 peoples, have been indicated to be downloaded 238 times.
If you look at the number of extensions available on the vscode marketplace, and the false positive they listed as “malicious code” (read the code attentively), I’m sure my own extension will show up in their “malicious code” (it isn’t)
I hopped people here would notice that their “malicious code” detection is totally bogus when the malicious code highlighted hit a local IP address.
If you look at the code of one of the “malicious code”, it hit a … local IP, not a remote one.
Fake news headline. There is no virus installed on millions of computer.
An extension typosquatting an extension with million of install managed to be installed a few hundred of times.
It’s not a theme here, it’s an extension.
The twitter post is a reply, not even it’s own post.
Of course, I don’t understand why people think it’s “unecessary”.
Do they never do exploratory work and do thing they are uncomfortable with ?
It’s a tool, if i’m in a codebase I know well, it’s often pretty useless.
But I started writing some python, I’m a python noob, copilot is a gigantic productivity booster.