Yazar: mustafa efe

A recent investigation by security vendor Wiz has revealed a troubling trend in the Visual Studio Code extension ecosystem: developers are unintentionally exposing sensitive secrets and access tokens in their extensions, leaving them open to exploitation by threat actors. These careless practices affect both the Microsoft VSCode Marketplace and the OpenVSX marketplace. The Wiz report found more than 550 validated secrets across over 500 extensions from hundreds of publishers. Exposed secrets included API keys for AI platforms like OpenAI, Anthropic, Gemini, xAI, DeepSeek, HuggingFace, and Perplexity, as well as high-risk professional services such as AWS, GitHub, Stripe, Auth0, and Google…

For years, enterprise developers could comfortably ignore the hardware under their applications. Java developers at banks, JavaScript developers at retailers—your world revolved around frameworks, APIs, and cloud services, not GPUs or chip vendors. Nvidia was for gamers, crypto miners, or AI PhDs running massive models. The silicon beneath your code was someone else’s problem. But as AI becomes embedded in virtually every application, that reality is changing fast. Modern AI frameworks assume the presence of Nvidia GPUs and the CUDA platform. What used to be an academic or niche problem is now directly relevant to enterprise software. Whether you’re building…

Platform engineering, once hailed as a revolutionary approach to improving developer productivity, is facing its fair share of challenges. Many organizations are encountering what some call the trough of disillusionment, where lofty expectations collide with real-world obstacles such as high cognitive load, poor business alignment, and limited adoption of internal developer platforms (IDPs). Understanding common mistakes can help teams avoid pitfalls and build a more effective platform strategy. One of the most frequent errors is prioritizing the front end before the back end. A common misconception is that a platform equals its visual interface—essentially the developer portal. While portals like…

Visual Studio Code 1.105, Microsoft’s latest update for its widely used editor, brings a host of AI-powered enhancements designed to streamline coding workflows. Key among these is the new AI-assisted merge conflict resolution, allowing developers to handle git conflicts more efficiently. By opening a file with merge conflict markers, users can trigger an AI agent directly from the lower right-hand corner of the editor. The agent uses the merge base and branch-specific changes to propose conflict resolutions, simplifying what was once a tedious manual process. This release also introduces the ability to resume recent Copilot Chat sessions, ensuring that conversations…

Anthropic has expanded the reach of its AI coding assistant with the launch of Claude Code on the web, allowing developers to interact with the tool directly from a browser or smartphone. This eliminates the need for terminals or local setups, making it easier to integrate AI-assisted coding into existing workflows. The beta research preview, available to Pro and Max users since October 20, supports connecting a first GitHub repository at claude.com/code. Claude Code on the web enables developers to delegate multiple coding tasks to the AI, which runs on Anthropic-managed cloud infrastructure. This setup is particularly effective for understanding…

DevOps teams have long struggled with the tension between maintaining high-quality software and keeping documentation up to date. Developers often see documentation as a chore, especially when code evolves faster than written materials. Architecture diagrams, while visually appealing, frequently diverge from actual implementations, and IT service management (ITSM) process flows are often followed loosely, if at all. Despite leadership demands for comprehensive documentation, time and budget constraints leave teams with only basic README files and inline code comments. Agile teams, in particular, face the challenge of balancing rapid development cycles with thorough documentation. While product owners capture requirements in user…

A self-propagating worm has now been discovered targeting Visual Studio Code extensions in open marketplaces, following a similar incident in the NPM ecosystem last month. Researchers at Israel-based Koi Security have named the malware GlassWorm and warn that it has already infiltrated extensions in both the OpenVSX and Microsoft VS Code marketplaces. According to the team, this is one of the most sophisticated supply chain attacks they’ve analyzed—and it’s actively spreading. When compromised extensions are installed, GlassWorm can harvest sensitive credentials from NPM, GitHub, and Git, drain cryptocurrency wallets, deploy SOCKS proxy servers, and install hidden VNC servers for remote…

Microsoft has released .NET 10 RC 2, the second and likely final release candidate ahead of the full production launch, expected around November 11. This update focuses on enhancements for .NET MAUI (Multi-platform App UI) and Android, along with fixes for Entity Framework Core. Developers can download RC 2 from the official .NET website, and it comes with a go-live support license, allowing production testing before the general release. One of the key additions in RC 2 is microphone permission support in .NET MAUI. Developers can now use Permissions.RequestAsync<Permissions.Microphone>() on Windows to request and verify microphone access in their apps.…

Java 25 continues the language’s evolution toward simplicity, flexibility, and improved developer experience. This latest JDK release introduces multiple enhancements that reduce boilerplate, improve readability, and make common patterns easier to implement. From simpler source files to more flexible constructors, Java 25 addresses some of the long-standing pain points for both beginners and experienced developers. One of the most noticeable changes is the introduction of compact source files and instance main methods through JEP 512. Writing a basic program no longer requires verbose class and method declarations. Instead of the traditional public class HelloWorld { public static void main(String[] args)…

Creating Python Classes the Easy Way with Dataclasses In Python, everything is an object. If you want to make your own custom objects with properties and methods, you typically define a class. But writing classes can involve a lot of repetitive boilerplate—copying constructor arguments to object properties, writing comparison operators, or creating __repr__ methods. This can quickly become tedious and error-prone, especially when you have multiple classes like Book, Bookshelf, Library, and so on. Enter dataclasses, introduced in Python 3.7 (and backported to 3.6). Dataclasses simplify class creation by automatically generating the boilerplate code that’s usually needed for initialization, representation,…