Brett LajzerFeb 11
 Volpeon 
Feb 11 at 6:50amWeb
Show threadJames EndicottFeb 11
@volpeon

Wait, Notepad got hit one week after Notepad++ did? Crazy.
Show threadTrav / TheresaFeb 11
@o76923 Well I'll be damned, it's real. https://www.cve.org/CVERecord?id=CVE-2026-20841
Show threadstefan (stefbun)Feb 11
@volpeon this has to be a crude joke right?
Show threadErpelFeb 11
@[email protected] @volpeon Nope.

Here is the CVE
https://www.cve.org/CVERecord?id=CVE-2026-20841
Show threadstefan (stefbun)Feb 11
@Erpel @volpeon not gonna pretend I understand this tbh but it seems weird to me that such a simple thing as a notepad could have such things...
Show threadSass, DavidFeb 11

@Erpel @volpeon @stefan this isn't notepad.exe but the Windows Notepad UWP app they released a couple of years ago.

I have the UWP version removed from all my machines.

Show threadstefan (stefbun)Feb 11
@sassdawe @Erpel @volpeon I mean figured as much but what the hell anyways 
Show threadaliceif Feb 11
@[email protected] @sassdawe @Erpel @volpeon FYI:
https://burnthis.town/@Kiloku/116049311690357634

Would you have thought to make links with protocols unclickable in your application-that-has-a-markdown-renderer?
Kiloku - Secretário do Caos (@[email protected])

@[email protected] "An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files." Why have they made their plaintext editor render markdown??

Mastodon
Show threadaliceif Feb 11
@[email protected] @sassdawe @Erpel @volpeon plus, Notepad does require you to confirm in a dialogue to open links you ctrl+click on:

RE: https://mkultra.x27.one/notes/ailco4xdmem902lo
Show threadSass, DavidFeb 11

@stefan @volpeon @Erpel @aliceif so this isn't that bad?

Honestly, if naming things in IT wouldn't be that hard as it is... and this app wouldn't have the word notepad in its name: we all would have been saved from the universal outrage cased by having two apps being called the same thing.

Show threadhazel Feb 11
@Erpel @volpeon @stefan love is in the air? wrong!
Show threadTisha Tiger / NeligerFeb 11
@volpeon Incredible 🤦‍♂️
Show threadRobin Syl 🌸 Feb 11
@volpeon I don't want to be on this planet anymore
Show threadLegion495Feb 11
@volpeon Promp injection txt ​
Show threadEFFeb 11
@volpeon shame it isn't the video as what seems impossible is actually real.
Show threadMia Feb 11
@volpeon How do you even do that. Just... how.
Show thread/home/aurFeb 11
@volpeon @shy_mia I don't know, but I'm glad I got off Windows before it became AI slop.
Show threadJak2k 🏳️‍🌈Feb 11

@shy_mia @volpeon By adding markdown support:

> How could an attacker exploit this vulnerability?
> An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.

This has nothing to do with AI.

Show threadMax LeeFeb 11
@jak2k @shy_mia @volpeon It was 100% coded with "AI".
Show threadJak2k 🏳️‍🌈Feb 11
@the_moep @shy_mia @volpeon That might be the case but the reason for the vulnerability was that opening URIs on windows can Windows can do a lot of damage and that wasn't considered during development. There is no way to blame that on an "AI". This would likely have happened without AI too.
Show threadMax LeeFeb 11
@jak2k @shy_mia @volpeon While it is likely to have happened without "AI" the chance would've been lower because people would've actually thought about what they were doing instead of just letting something dumb write the code for them which was basically instantly working without having to consider the impact before starting. That's the whole issue why "AI" code is causing so much trouble: It makes people skip the part where you actually think and design your application...
Show threadJak2k 🏳️‍🌈Feb 11
@the_moep Yes, that's definitely true. On the other hand, Microsoft never seemed to do that before "AI" either…
Show threadMax LeeFeb 11
@jak2k That's true too 😅
Show threadFeb 11
@volpeon too bad this meme format has a fixed amount of dominos, in this case it'd be more accurate have like, just 3 of them
Show thread Volpeon Feb 11
@entailment Maybe I should've started with "Computer scientists create machine learning"
Show threadFeb 11
@volpeon "In the beginning, the universe was created. This made many people very angry, and has been widely regarded as a bad move."
Show threadElizabeth  Feb 11

@volpeon Even besides the AI (WHY DID IT NEED AI)...

They put fucking Markdown in it. MARKDOWN. Like what the actual fuck.

Notepad was the LAST PERFECT APP ON WINDOWS because THERE WAS NOTHING TO FUCK UP. And they fucked it up.