I observed a VS Code plugin compromise itself after running: "npx exec nx@latest --version".
Is it really that easy to get infected, or am I missing a more dangerous step it took? If this behavior is common, doesn’t it mean you could be exposed even without using a vulnerable plugin version, since it auto-runs @latest scripts just to check the version?
I've been running Fedora 29 on the Surface Pro 4 for a month or so now. I agree this form factor is almost perfect for a laptop. The screen and keyboard are great for coding.
I'm not sure if I'd recommend this as a primary work machine since you have to compile your own kernel to enable some of the features (touch screen, hibernation etc). Other than that it's been stable and better than I had anticipated.
Pi-hole seems to block windows telemetry domains by default. I don't know how complete the blocking is but there are a lot of domains like the ones listed in this thread on my top blocked domains list.
Is it really that easy to get infected, or am I missing a more dangerous step it took? If this behavior is common, doesn’t it mean you could be exposed even without using a vulnerable plugin version, since it auto-runs @latest scripts just to check the version?