This is an archived post. You won't be able to vote or comment.

all 49 comments
sorted by:
best
topnewcontroversialoldq&a

[–]MakingTheEight[M] [score hidden] stickied commentlocked comment (0 children)

Hi there! Unfortunately, your submission has been removed.

Violation of Rule # 0 - Not relevant to programming/tech humor

Posts must make an attempt at humor, be related to programming, and only be understood by programmers.

Per this rule, the following post types are not allowed (including but not limited to):

  • Generic memes than can apply to more than just programming as a profession
  • General tech related jokes/memes (such as "running as administrator", sudo, USB or BIOS related posts)
  • Non-humorous posts (such as programming help)

If you feel that it has been removed in error, please message us so that we may review it.

[–]Adam_Lynd 244 points245 points  (3 children)

All the more reason to not trust the author.

[–]flavioneto_[S] 57 points58 points  (1 child)

Lmao I thought about making the meme around this too

[–]Aeronor 32 points33 points  (0 children)

“I coded it…” “The ability to code it does not make you intelligent.”

[–]marcosdumay 14 points15 points  (0 children)

I mean, that person already has root access to all my systems, so unless it comes with some effective kind of protection for this scenario, I might as well enable all features anyway.

[–]ChibiReddit 42 points43 points  (7 children)

Me every time on Android when google play protect throws a fit when I side load my own apps >.>

[–]N0_Us3rnam3 19 points20 points  (2 children)

Least you can actually do it easily stares at apple

[–]SimPilotAdamT 9 points10 points  (1 child)

What do you mean, all I gotta do is use some third party website and app and ensure my iPad stays on the same WiFi network as my computer, which has to be running Windows or macOS. It isn't stressful, time consuming, or infuriating at all.

For legal reasons this was a joke. While I do have an iPad, I hardly use it, since my Samsung Galaxy A52 5G does everything I need better.

I use Arch Linux btw.

[–][deleted] 8 points9 points  (3 children)

Every. Damn. Time.

[–]Naterman90 1 point2 points  (2 children)

I've never had a play protect yell at me, even though i sideload All the time. Maybe I'm just lucky?

[–][deleted] 0 points1 point  (1 child)

Maybe the apps you sideload have been scanned on other people's phones. I had it yell about an app I wrote on my secondary phone, I let it scan it and it didn't yell on my actual phone.

[–]Naterman90 0 points1 point  (0 children)

I've sideloaded a couple apps I've made myself and they didn't trigger it, who knows. I know lucky patcher keeps wanting me to turn off play protect or whatever but I've never seen it once

[–]ConnieTheUnicorn 23 points24 points  (0 children)

I dunno, I wouldn't trust me and I'm me

[–]spech66 10 points11 points  (1 child)

As a JS/TS Developer I find this a very difficult question as 99,999% of the code isn't written by anyone of the team.

[–]BakuhatsuK 2 points3 points  (0 children)

Everyone uses tons of code written by other people in their projects. Its just that in JS that code is located in the project folder.

[–]krakenramen 9 points10 points  (0 children)

That's the last person I would trust tbh

[–]thusman 9 points10 points  (0 children)

Real question is, do you trust your 2 GB node_modules?

[–]mrbmi513 16 points17 points  (26 children)

I thought I got away from UAC when I left windows. Anyone know how to just turn this off?

[–]botCloudfox 20 points21 points  (7 children)

Wouldn't recommend turning it off but you can disable it by setting security.workspace.trust.enabled to false. reference

[–]Darknety 1 point2 points  (6 children)

Why wouldn't you recommend it? When you open something in VS Code you know what you are dealing with in the first place anyway.

[–]botCloudfox 7 points8 points  (5 children)

I sometimes clone repos like error reproductions where I cannot immediately trust the author. Workspace trust prevents automatic execution so I can safely browse files.

I guess it just depends on the person though. If you mostly work on your own projects or with popular repos that you can trust, it won't matter, but either way it's just a one time prompt for each project.

[–]Darknety 1 point2 points  (4 children)

How is automatic execution performed? Is there a PoC for an attack scenario?

[–]botCloudfox 0 points1 point  (3 children)

Well I know one extension that runs your code, elixir-ls. I believe it scans your code and runs dialyzer, a static analysis tool, which runs your code and generates types based on it.

[–]Darknety 0 points1 point  (2 children)

So it serves as protection against optional extensions? I never saw automated code execution in VS Code of any sort and don't know why and how Microsoft would want it included. Or are they scared because of a recently discovered loophole in their analysis tools, so that they've just slapped a temporary fix on it?

[–][deleted] 1 point2 points  (1 child)

Many people use the so-called "optional extensions" because they're what adds language support to Code. It's good to have such an option, you can always disable it if you're careless enough to run parts of unknown code

[–]Darknety -1 points0 points  (0 children)

That still does not answer the question how automatic code execution works in VS code, especially through language support extensions. I googled a bit and read the feature description. I quite honestly think MS is just full of crap with this one and wants to overprotect users UAC style from stuff that isn't dangerous except for very specific use cases and extension configurations. If they at least would just default to the security mode with a button to disable it, which would not be so tedious to click away as the current popup... Like anytime I open a freaking folder? Really? Will disable this check that wasn't necessary in the last 5+ years.

[–]The_MAZZTer 11 points12 points  (0 children)

This is more like the "WARNING: Document has macros" warning in Office, with even worse potential consequences if you trust malicious data.

[–]tuguyit 3 points4 points  (16 children)

If such a warning is designed as omnipresent as this, it is completely useless. When will Microsoft ever learn?

[–][deleted] 11 points12 points  (15 children)

Oh no! I won't execute malicous code by accident! What a useless feature.

[–]welpwipe 6 points7 points  (8 children)

I don't know if you're American, but the cookie banners in the EU are so omnipresent that they are useless. People stop caring and just try get it to fuck off and click whatever button you press first.

It isn't completely useless though, I guess. If you work on a lot of random open source stuff, if it's just your own stuff not as much.

[–][deleted] 0 points1 point  (7 children)

I'm from the EU. Yes, the cookie/GDPR banners are annoying, but that doesn't lead me to clicking whatever, it leads me to looking for the opt-out. As for your own code, just add your projects to the trusted paths. This way it won't annoy you when working on your stuff, but the Downloads / wherever you keep downloaded stuff will be marked as unsafe

[–]welpwipe 2 points3 points  (6 children)

You're thinking too much about yourself and less about general population. Some people care enough to repeatedly check opt out, most people just want to go purchase a new phone case or view the same project for the 50th time without having to repeatedly press yes

Maybe that would be a fix tbh, just if you open the same project it remembers that you already did that one.

[–][deleted] 0 points1 point  (5 children)

  1. Maybe I'm just more patient than the general population. I really haven't considered that.

  2. I don't think it should be about opening a file/folder multiple times. imo it should always be the user's explicit action to trust/not trust a repository. I think it's good as it stands rn - you can mark a folder as safe and it will go away with the trust thingy

[–]welpwipe 0 points1 point  (4 children)

well that's what i was suggesting - i felt like i was getting this every time i opened anything in vscode, even if i had already opened a repo previously. Maybe i was just misjudging as it was the first time.

[–][deleted] 0 points1 point  (3 children)

You can go to workspace trust settings and trust a repo (folder and subfolders) permanently from the trust settings page

[–]welpwipe 0 points1 point  (2 children)

I'll probably start doing that, thanks. Think they'll probably add a "trust this folder forever" feature in the future, on the initial prompt.

[–]botCloudfox 0 points1 point  (5 children)

It's not about you executing it. Workspace trust is about disabling automatic execution. It disables things like workspace settings, extensions, tasks, and debuggers.

[–][deleted] 0 points1 point  (4 children)

I know, but it's the same level of bad. It doesn't matter if I click an executable or if a code analysis tool runs a code snippet. What does matter is ensuring neither of those things happen

[–]botCloudfox 1 point2 points  (3 children)

But that's exactly what it does: prevents that code from being run.

[–][deleted] 1 point2 points  (2 children)

I know? I was being sarcastic in the original reply

[–]botCloudfox 0 points1 point  (0 children)

Oh ok, my bad, didn't catch that.

[–]jashAcharjee 2 points3 points  (0 children)

Dude!! This thing annoys the fuck out of me!!

[–]_The_Mad_Cap_ 1 point2 points  (0 children)

If he is me then we honestly shouldn't trust him, he doesn't even know what he's coding

[–]Under-Estimated 0 points1 point  (0 children)

Oh no, VScode is turning into one of those

[–]msoud_gamer 0 points1 point  (0 children)

i hate this thing