uto's comments

I observed a VS Code plugin compromise itself after running: "npx exec nx@latest --version".

Is it really that easy to get infected, or am I missing a more dangerous step it took? If this behavior is common, doesn’t it mean you could be exposed even without using a vulnerable plugin version, since it auto-runs @latest scripts just to check the version?

They already started censoring the emoji keyboard in HK, this would be even easier to justify as it is "protecting the user".

I've been running Fedora 29 on the Surface Pro 4 for a month or so now. I agree this form factor is almost perfect for a laptop. The screen and keyboard are great for coding.

I'm not sure if I'd recommend this as a primary work machine since you have to compile your own kernel to enable some of the features (touch screen, hibernation etc). Other than that it's been stable and better than I had anticipated.

Pi-hole seems to block windows telemetry domains by default. I don't know how complete the blocking is but there are a lot of domains like the ones listed in this thread on my top blocked domains list.

Interesting. Could you tell which model you have? I have had very few problems in general on my SP4 i7-16GB model. I've had to reset the device maybe once or twice in the last ~4 months.

So what's the best practice when it comes to valid html? This seems like a cool technology but trying to validate the https://www.ampproject.org/ site, the w3c validator fails so bad it's not even able to list all errors. The example post does a bit better but is still pretty far from valid html5.

Is there a way to do it in a standardised way or should that even be desired? All browsers I've tried seem to render it fine and quickly (assuming js and the normal bells and whistles).