> There was no ill intent by evil corporation, but rather a desire to support functionality that some customers expect of VS Code w.r.t. AI-generated code.
What metric did Microsoft use to assess that VS Code users "expect" their commits to have unsolicited messages added to them?
> Obviously, it should not be on when disableAIFeatures is on and it should not be reporting changes that were not done by AI.
Did you discuss adding these messages with your legal department?
What is Microsoft's position on adding such authorship statements to the code Microsoft did not author?
Or is Microsoft stating that using LLM assistants makes Microsoft a co-author of the code?
Does Microsoft have copyright claims on the code if LLM assistants are used at any time during its creation?
You can read the script before installing. It's pretty straightforward—just grabs the appropriate binary from GitHub and puts it in /usr/local/bin.
Installing via package managers or installers also runs remote 3rd party code on your machine, so I don't see much difference from a security perspective. You should make sure you trust the source before installing anything.
Of course one can and should read the script before running it, but the instructions promote just the opposite.
Even if we skip a step ahead and consider that this script then installs a binary blob... the situation doesn't get any better, does it?
If you find any of this as something normal and acceptable, I can only strongly disagree. Such bad practices should be discouraged.
On the other hand, using a distro's package manager and a set of community approved packages is a far better choice when installing software, security vise. I really don't see how you could compare the two without plainly seeing the difference, from a security perspective.
As an alternative, if the software is not available through a distro's package manager, one should inspect and compile the code. This project provides the instructions to do so, they are just not promoted as a first choice.
I can't help coming to a conclusion, that you've largely made my point about bad practices and having a wrong mindset when it comes to software security.
The instructions presume that one would follow best practices when installing something where the source is available, and doesn't need to explicitly include all the steps to do so in this context. You are correct in that it would be bad practice to blindly install something, but knowing what you are installing is the first step to installing when you are following best practices. That onus is on the person doing the installing, not the installation instructions.
Was the above post propaganda? Or was it just a user recommendation?
Perhaps the reason it gets mentioned often is simply because it's a good piece of software. Then again, perhaps not!
In any case, I'd be careful about using 3rd party DNS (and other) services, but that's for the user to decide, depending on the situation one is in.
Using one's own resolver is always a good practice, even in countries where ISPs are not selling customer's private data to anyone that comes along and where governments don't monitor and repress their citizens on every step...
We live in strange times where even EU countries misuse resolvers to censor certain web pages, while, for example, independent Balkan countries do not. Go figure...
The linux kernel has a built-in firewall, and provides iptables to configure it. Firewalld is also installed by default at least on Fedora, and UFW for debian-based.
Unless this is just a battle of semantics on the fact iptables/firewalld/ufw are user space apps.
I think the main gripe is Google's lack of API to access a firewall. It would make sense for the kernel to provide that API and leave the UI to user space apps.
Edit: and to clarify, you can have a user space app on Android to configure a firewall but they will either require root or a VPN-based solution like NetGuard.
Afternoon becomes an evening when the sun starts to set. An evening becomes a night when the sun is fully set.
"I was up at two this morning" has several implied meanings. One of them equals to "I was up until two last night", others do not.
If you were up until two last night, you might legitimately express that with "I was up at two this morning". But if you were up at two this morning, saying "I was up until two last night" might or might not convey the truth. For example, you might have just gotten up.
Many if not all languages have nuances like this. I don't find them particularly odd at all, or specific to English, for that matter...
