You don’t have to be an idiot to be hacked. A legit extension can be sold or compromised due to no fault of the engineer
replyDon’t attack individuals for mistakes of a system.
I am so, so stressed about Sublime Text... It feels like a massive disaster just waiting to happen. They don't even run their own package marketplace :(
reply> but apparently Microsoft has put way more effort into their Copilot slop than security.
replyYour security or their money (selling Copilot to enterprise customers): what would they choose, hmm? Surprise!
Why would you sandbox extension?
replyJust don’t install crap maybe.
Any good, benign extension can be taken over and weaponized with malware.
replyEven if you don't install crap, the latest strategy is attacking the developer of one of the extensions or their build process so you can push a malware update to an otherwise legitimate extension.
replythanks for the sage advice. Next time you are infected with the flu you should just don't breath maybe.
replyThis mans security onion has one layer.
reply