Visual Studio Code VS vscodium

For IDE-heavy teams, BYOK (bring your own key) can be interesting, no matter whether you live in WebStorm or VS Code. On the JetBrains side, the JetBrains AI plans and Junie BYOK docs allow it, and most VS Code AI extensions offer the same idea: keep the IDE, connect provider keys, pay the provider.

One can (maybe, probably) disable copilot completely in vscode: chat.disableAIFeatures

https://github.com/microsoft/vscode/issues/309947

I am considering pinning whatever the earliest version in which this setting was introduced. I can't think of a single feature VSCode has implemented in the last three years that I couldn't go without. The binary for 121 is like 50% larger than 120.

Option 1: Raw editing in IDE. You open the .md file in VS Code or whatever you use. Syntax highlighting shows you the structure. Maybe you toggle a preview pane. This works for quick edits but becomes painful for anything involving tables, diagrams, or complex formatting.

The Google Cloud Shell- available on every Google Cloud project — comes with a built-in code editor that allows you to browse file directories, view and edit files, with continued access to the Cloud Shell. The Cloud Shell Editor is available by default with every Cloud Shell instance, and is based on Code OSS.

You'll need Python 3.8+ and pip for the quickstart, with venv recommended for isolation. Install the requests library for HTTP calls. VS Code with the Python extension works well as an editor, though PyCharm or Sublime Text work equally well. You'll also need a free Foxit developer account.

Now here's the key point: Antigravity 2.0 is a huge departure from 1.0 in the sense that it is functionally no longer based on Microsoft's VS Code. That means a huge majority of all the personalizations from 1.0 will not carry over to 2.0.

There's a one-line pull request open against microsoft/vscode. It changes the default value of a setting called git.addAICoAuthor from "off" to "all". The PR is titled, with no embellishment, "Enabling ai co author by default." It was opened on April 15, 2026 by cwebster-99, a member of the VS Code team. By the time the HN thread on the PR hit 1,239 points and 646 comments in early May, the practical effect was already shipping: every commit you make in VS Code, regardless of whether you wrote the code yourself or had Copilot write it, gets a Co-authored-by: Copilot trailer in the commit message.

For the folks who need their IDE but w/o the slop and constant notifications, there is very good public fork called VSCodium: https://vscodium.com/

Not only is it free of MS "telemetry" nonsense, it is also way quieter to use, no bullshit popups for updates etc.

If you want AI to review your pull requests and generate tests, you want Qodo. If you want a telemetry-free code editor, you want VSCodium. And if you want both, you can install the Qodo extension inside VSCodium and use them together.

> It would only work if there's a sizeable, technically-inclined userbase of the project so that someone is likely to have audited the code.

Not really. There's a long history of seemingly credible closed-source codebases turning out to have concealed malicious functionality, such as smart TVs spying on user activity, or the 'dieselgate' scandal, or the Sony rootkit. This kind of thing is extremely rare in Free and Open Source software. The creators don't want to run the risk of someone stumbling across the plain-as-day source code of malicious functionality. Open source software also generally makes it easy to remove malicious functionality, or even to create an ongoing fork project for this purpose. (The VSCodium project does this, roughly speaking. [0])

Firefox's telemetry is one of the more high-profile examples of unwanted behaviour in Free and Open Source software, and that probably doesn't even really count as malware.

> If you're malicious, you can still release malicious software with an open-source cover (ideally without the source including the malicious part - but even then, you can coast just fine until someone comes along and actually checks said source).

I already acknowledged this is possible, you don't need to spell it out. Again I don't have hard numbers, but it seems to me this is quite rare compared to malicious closed-source software of the 'ordinary' kind.

A good example of this was SourceForge injecting adware into binaries. [1]

> Remember that the xz-utils backdoor was only discovered because they fucked up and caused a slowdown and not due to an unprompted audit.

Right, that was a supply chain attack. They seem to be increasingly common, unfortunately.

[0] https://vscodium.com/

[1] https://en.wikipedia.org/wiki/SourceForge#Installer_with_adw...

VSCodium is the open source "clean" build of VS Code without all the Microsoft telemetry and under MIT license.

https://vscodium.com/

If you're a C/C++ programmer like me, then you're gonna need Microsoft C/C++ Extension in order for vscode to debug and help you write your code. Since the version 1.24.5, which was released April 3, 2025, this extension is blocked on non-Microsoft products, meaning it's no longer available/installable on vscodium (or any other fork of vscode). It's get more interesting if I tell you that people tried forking this extension (which is opensource) and removing the check, but they found out that this extensions consists of opensource TypeScript code, and a few proprietary closed-source files (Read more here)!

If you're interested in contributing to the project, check out the VSCodium GitHub repository.