Kevin Beaumont2d ago

RE: https://hachyderm.io/@ChrisShort/116606591908387955

If you want on to Microsoft's internal network, CORPNET, publish or own an existing a VSCode extension.

The Visual Studio Code Marketplace, which Microsoft own, is completely uncontrolled.

Anybody can publish an extension, it provides code execution on endpoints, extensions auto update by default, "verified" blue tick extensions just need any domain registration, and there's no endpoint security controls at all around what users can install.

VSCode is an absolute security shittip as a result.

Show threadfoo ✅1d ago

@GossiTheDog Politicians do not understand complexity really, they are specialists in tapping into the vibes of public sentiment and then crafting rhetoric to get those vibes resonating in their preferred direction.

Security is like this fractal mandelbrot surface of complexity where the more surface you generate or explore, the more vectors of attack there are. It's way too much for most people, and way too much for politicians who are only interested in what most people think.

Show threadfoo ✅
@GossiTheDog Google is probably thinking how this will simplify their own job - no more worrying about malware or unsafe sites or anything. Users just poke the stochastic text machine and text is generated for them. No more spidering or security monitoring of websites needed. They are no doubt fantasizing about all the layoffs they can do
May 21 at 2:11pmWeb
Show threadfoo ✅1d ago
@GossiTheDog My guess is if this is true, we might see them try to exit the browser space entirely... that might take a while though