alt Hacker NewsMaybe I'm a dinosaur in this regard but I don't like nor trust any of these desktop application that are really just Web technologies with an embedded browser eg Discord.
They're resource hogs and the attack surface is huge. You're basically betting that automatic code that's run won't find a vulnerability and escape the sandbox from an entire browser.
I have way more trust in Jetbrains IDEs and the JVM as a sandbox vs HTML/CSS/JS.
Still, I'm always impressed at the ingenuity of the people who come up with these attacks and the people who find them.
Replies
Same here, I only use VSCode because in some scenarios I have no choice, from regulated IT environments, or product SDKs with plugins only for it.
When I can avoid it, the better.
Yep. You’d think using web tech would make it really easy to sandbox any 3rd party JavaScript that gets run. But I suppose sandboxing is simply too inconvenient.
Won’t IDEA automatically index/execute some Gradle code when possible? As soon as you execute an arbitrary binary/script from the project directory, the isolation of the JVM doesn’t matter.