#code-deletion

#code-deletion

Contracts are a means of setting preconditions and postconditions on function declarations, and adding assertion statements within functions. The feature is intended to help make C++ code safer and more reliable.

Voice interaction with Claude Code significantly enhances the user experience by allowing for faster input. Speaking is often 2-3 times quicker than typing, which can streamline the process of giving commands.

The npm ecosystem absorbed one of its most significant supply chain attacks on March 31, 2026, when two versions of Axios were found to contain a fully functional Remote Access Trojan.

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

A global survey of 2,039 Java developers published today finds 63% reporting that dead and unused code adversely affects their team's productivity, with 22% describing the impact of that technical debt as being severe. Conducted by Dimensional Research on behalf of Azul, a provider of a distribution of OpenJDK, the survey also finds that more than half (56%) now deal with a Common Vulnerability and Exposure (CVE) involving Java on a daily or weekly basis.

This extends to the software development community, which is seeing a near-ubiquitous presence of AI-coding assistants as teams face pressures to generate more output in less time. While the huge spike in efficiencies greatly helps them, these teams too often fail to incorporate adequate safety controls and practices into AI deployments. The resulting risks leave their organizations exposed, and developers will struggle to backtrack in tracing and identifying where - and how - a security gap occurred.

Dependabot sounded the alarm on a large scale. Thousands of repositories automatically received pull requests and warnings, including a high vulnerability score and signals about possible compatibility issues. According to Valsorda, this shows that the tool mainly checks whether a dependency is present, without analyzing whether the vulnerable code is actually accessible within a project.

We build production platforms with AI every day, and we work with teams doing the same with their own stack -Cursor, Claude Code, Copilot. The difference shows up fast. By day two, some codebases are already harder to change than they were yesterday. Others keep getting easier. The difference is never the model. It's what the code lands in. The teams we work with that hit a wall? It's always the same story.

It allows developers to test code, review pull requests, and more, but also exposes them to attacks via repository-defined configuration files, Orca says. "Codespaces is essentially VS Code running in the cloud, backed by Ubuntu containers, with built-in GitHub authentication and repository integration. This means any VS Code feature that touches execution, secrets, or extensions can potentially be abused when attackers control the repository content," the cybersecurity firm notes.

The reason for this is Snap - a Linux application packaging format - creates a local Trash folder for each VS Code version, one that's separate from the system-managed Trash, according to a VS Code bug report dating back to November 11, 2024. Not only that, but Snap keeps older versions of VS Code after updates, potentially multiplying the number of local Trash folders and the trashed-but-not-deleted files therein. Emptying the system Trash folder doesn't affect the local instances.

Software development used to be simpler, with fewer choices about which platforms and languages to learn. You were either a Java, .NET, or LAMP developer. You focused on AWS, Azure, or Google Cloud. Full-stack developers learned the intricacies of selected JavaScript frameworks, relational databases, and CI/CD tools. In the best of times, developers advanced their technology skills with their employer's funding and time to experiment. They attended conferences, took courses, and learned the low-code development platforms their employers invested in.

One thing I always do when I prompt a coding agent is to tell it to ask me any questions that it might have about what I've asked it to do. (I need to add this to my default system prompt...) And, holy mackerel, if it doesn't ask good questions. It almost always asks me things that I should have thought of myself.