top | item 46973760

(no title)

As funny as the "Bush hid the facts" bug may be, there is a world of difference between an embarassing mistake by a function that guesses the text encoding wrong, and a goddamn remote code execution with an 8.8 score

> and we have other battles we fight.

Except no, we don't. notepad.exe was DONE SOFTWARE. It was feature complete. It didn't have to change. This is not a battle that needed fighting, this was hitting a brick wall with ones fist for no good reason, and then complaining about the resulting pain.

discuss

MarleTangible|19 days ago

They also wanted to use the popularity of Notepad, so they replaced it with an AI bloatware version instead of creating a new app with extra features.

delecti|19 days ago

They didn't need to create a new app. At the same time that they started adding LLM garbage to Notepad, they discontinued WordPad.

https://en.wikipedia.org/wiki/Windows_Notepad#Change_in_deve... https://en.wikipedia.org/wiki/WordPad#Discontinuation

They likely knew nobody would be drawn to WordPad by the additions, so they had to scavenge their rapidly diminishing list of actually useful software for sacrifices on the altar to their outrageous AI investments.

Ntrails|19 days ago

How long were they threatening to kill snipping tool despite it being a perfectly serviceable piece of kit so we could switch to some shitty alternative?

mghackerlady|19 days ago

For a good built in "done" text editor, theres apples textedit. It's barely changed since NeXTSTEP and works flawlessly and is FOSS. As much as I hate apple there's a reason I have GNUstep installed on most of my *nix boxes

Aachen|19 days ago

I would agree if it were RCE

This definition in the first paragraph on Wikipedia matches my understanding of it as a security consultant:

> The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE or RCX). --https://en.wikipedia.org/wiki/Arbitrary_code_execution

Issues in handling local files, whether they require user interaction or not, are just that

Doesn't take away from the absurdity that notepad isn't a notepad but does extensive file contents parsing

breppp|19 days ago

> Except no, we don't. notepad.exe was DONE SOFTWARE

While 8.8 score is embarrassing, by no measure notepad was done software. It couldn't load a large text file for one, its search was barely functional, had funky issues with encoding, etc.

Notepad++ is closer to what should be expected from an OS basic text editor

bsza|19 days ago

What counts as "large"? I'm pretty sure at some point in my life I'd opened the entirety of Moby Dick in Notepad. Unless you want to look for text in a binary file (which Notepad definitely isn't for) I doubt you'll run into that problem too often.

Also, I hope the irony of you citing Notepad++ [1] as what Notepad should aim to be isn't lost on you. My point being, these kinds of vulnerabilities shouldn't exist in a fucking text editor.

[1] https://notepad-plus-plus.org/news/hijacked-incident-info-up...

Romario77|19 days ago

Notepad++ might be too much for a simple utility.

Plus for many years Word was one of the main cash cows for MS, so they didn't want to make an editor that would take away from Word.

And you could see how adding new things adds vulnerabilities. In this case they added ability to see/render markdown and with markdown they render links, which in this case allowed executing remote code when user clicks on a link.

vbezhenar|19 days ago

notepad.exe worked just fine.

Notepad++ is a monster software.

hulitu|18 days ago

> t couldn't load a large text file for one, its search was barely functional, had funky issues with encoding, etc.

It was working according to the spec. Which is very unusual in the SW world.