True, it’s a private (not local) IP. It could easily have connected to a remote system, as their proof-of-concept did.
This code execs cmd.exe and pipes output to and from a hardcoded IP. That’s pretty weird. What’s running on that IP? How does the extension know something is there?
It looks like VS Code has no review — human or automated — or enforced entitlement system that would have stopped this or at least had someone verify it was legit.
Their findings included an extension that opens an obvious reverse shell.
Another senior dev here, one of those weirdos who likes light mode. Sometimes. VS Code’s light mode is blinding to me, and I never use it. But Nova’s is beautiful and I prefer it. It depends how well the app renders fonts and colors. The oversaturated colors used in most apps are a big problem.
The ?? operator?
It’s nice that this is compatible with Redis clients, and even Redis cluster operations. But I wish they would take this opportunity to make scaling more ergonomic. The Redis cluster mode is a pain to use because certain commands don’t work on a cluster (and developers don’t seem to realize this, leading to implementation issues).
It’s better now. No more bottles and kegs. This time it’s barrels, vintages and terroirs.
This makes a lot of sense if you’re delivering static content. Cloudflare even has the Super Slurper which serves your S3 content and migrates it seamlessly to Cloudflare’s competitor R2 service, after which your egress is free.
Is it a blunder? Tell that to Apple, Jetbrains, or Microsoft, each of whom have proprietary code editors that net billions of dollars of revenue.
It’s true, VS Code is open source, but it is developed almost entirely by Microsoft, by a large team of paid full-time programmers, designers, and PMs. It may be the most-used text editor in the world, but it isn’t developed by a team of volunteers who materialized around it because it was open source.
Instead, consider that making something open source is often just a marketing strategy — or a soft way to sunset a project.
This is a nice editor. I don’t like the comparisons to Atom since some of us remember that as “the really bloated and slow predecessor to VS Code”. Whereas Zed is quite small and fast. Opening a shell panel is instant and makes VS Code feel slow.
Its strength is multi-user (their term: multiplayer) shared editing spaces. It also has quite good AI integration and supports Github Copilot too.
I am a little concerned that they started off commercial and then went open source. Open source is great! But this path sometimes means that the original developers no longer have the time/money/interest to keep developing it. I hope that’s not the case here because they’ve got the start of something good.
deleted by creator
“I implemented the FizzBuzz algorithm in only 10 million lines of code!”
There’s no way Apple lets the automaker access app data from your phone. Apps on the phone can’t even see data from other apps on the phone.
There are two ways I can think of for the infotainment to get the messages. The first is by OCR-ing the CarPlay screen, which is shady as hell. The second is a feature like this one where the car has Bluetooth notification integration.
The legacy Date object has many problems and this is one of them. Another infamous one is that it uses zero-based month numbers: January is the zeroth month and December the 11th month.
This will be fixed Any Day Now™️ when Temporal is released. This is a carefully designed library that supersedes Date and is currently waiting on some standards to be finalized.
deleted by creator
And of course there have been forges launched, including SourceHut, Gitea, Gogs, Forgejo…
As Mark Twain said, “Never discuss politics, semicolons, tabs, or religion in polite company.”
But can you connect to the Microsoft Support Usenet server?
It would be interesting to see what the difference is. The slim image doesn’t even have vi installed, although it does have bash. And of course, git, etc. are not present. Much of the difference could be the size difference between musl and libc, and the size difference between apk and apt metadata.
I don’t think OP is going to find a non-musl distro as small as Alpine. These stripped-down Debians are a lot bigger, but among the smallest non-Alpine that you’ll find.
Standard node images are around 1 GB. node:lts-alpine is about 176 MB. So it’s fairly close to alpine in this case.
This draft spec was eventually published as RFC 9562. Compared to the previous spec it adds versions 6, 7, and 8, plus best practices guidance.
Basically, there are a bunch of UUID alternatives that arose to fix the problem that UUIDs are bad for use as database keys in large tables (here’s the perspective of MySQL experts Percona). A bunch of these alternatives are actually linked from the RFC, which I haven’t seen done before. Version 7, in particular, is meant to address this use case.