20260211 https://news.ycombinator.com/item?id=46971516 Windows Notepad App Remote Code Execution Vulnerability (804 points, 516 comments)
20260210 https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...
> "An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad"
Other recent Notepad issues:
20260207 https://news.ycombinator.com/item?id=46927098 Microsoft account bugs locked me out of Notepad – Are thin clients ruining PCs? (187 points, 284 comments)
20260127 https://news.ycombinator.com/item?id=46780451 Windows 11 January Update Breaks Notepad (60 points, 25 comments)
Windows 10 explorer.exe is 100x faster than Windows 11 explorer, it's not even close.
It also signals the death knell for Windows native apps. Microsoft can't make them anymore. It won't be long until even Excel is a Electron sloplication.
20231109 https://news.ycombinator.com/item?id=38212453 Windows 11 Update 23H2 is stealing users' IMAP credentials (666 points, 278 comments)
> the new Outlook is a thin wrapper around the cloud version, so the IMAP sync happens in the cloud, not locally
Surprisingly, some of the projects such as AkelPad are still alive.
Win32 made things easier, as well as things like Delphi and Scintilla later.
Just checked my archives, and my own naive but functioning attempt measures whole whopping 36520 bytes, though not without the help of an executable packer, which was a fashion then.
Mostly works fine under Wine, though it is about the legal US drinking age.
step 2: omg there's demand for features
step 3: turn notepad, whose point was to be a dumb simple thing, into a wordpad
step 4: get a raise because you "solved" the problem
I’m willing to bet that adding markdown to Notepad was a lot simpler than trying to make it work in Wordpad, especially since you’d probably still have to support rich text.
Lately I've been doing the same for other small utilities. Roughly half the little tools I use are ones I generated and kept because they’re predictable and easy to audit.
The point isn't replacing built-ins; it's reducing dependence on shifting defaults. I want to care less about what the software/os vendor changes this time.
What's next, in a few years we're rocking EDLIN when we need to operate on a text file safely?
edit.exe[1,2] actually. And it runs on Linux too! Linux had a real lack of good text editors.
This isn't bad at all given how most other software evolved in thr the intervening 30 years.
Plus this Markdown preview functionality just caused Notepad to have a Remote Code Execution Vulnerability in it.
They can add as much AI and Markdown as they want to Wordpad as far as I'm concerned. Just leave my dumb featureless utility alone.
So the people taking pot shots at the developers, I guess, maybe be more specific with what they did wrong and what they should have done instead. Because if you actually understand the history/circumstances (and the fact it was a third-party hosting provider compromised), one would expect more blame on the systemic under-funding of OSS than "developers bad."
Are people wanting them to create a business, monetize Notepad++, so that they no longer have issues with hosting/certificates? I'm guessing not.
Theyre also very political and giving them access to my machine now feels even more risky.
A key benefit of it is that it's not an electron app. It's an old C++ app that's still just chuggin' along.
20260202 https://news.ycombinator.com/item?id=46851548 Notepad++ hijacked by state-sponsored actors (917 points, 543 comments)
20260203 https://news.ycombinator.com/item?id=46878338 Notepad++ supply chain attack breakdown (384 points, 198 comments)
20250630 https://news.ycombinator.com/item?id=44426049 High-Severity Vulnerability in Notepad++ (39 points, 14 comments)
20230904 https://news.ycombinator.com/item?id=37385920 Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (83 points, 39 comments)
20230830 https://news.ycombinator.com/item?id=37320304 Buffer Overflows in Notepad++ (68 points, 61 comments)
20211209 https://news.ycombinator.com/item?id=29499002 StrongPity variant hides behind Notepad++ installation (45 points, 28 comments)
20230829 https://news.ycombinator.com/item?id=37311068 Notepad++ v8.5.6 still vulnerable to possible arbitrary code execution (18 points, 3 comments)
20191030 https://news.ycombinator.com/item?id=21395251 Notepad++ issues attacked by Chinese commenters (237 points, 110 comments)
20191030 https://news.ycombinator.com/item?id=21400526 Notepad++ repository is being spammed after “Free Uyghur” release (82 points, 36 comments)
20190317 https://news.ycombinator.com/item?id=19329330 Notepad++ drops code signing for its releases (496 points, 327 comments)
20170308 https://news.ycombinator.com/item?id=13824032 Notepad++ V 7.3.3 – Fix CIA Hacking Notepad++ Issue (1101 points, 291 comments)
20150112 https://news.ycombinator.com/item?id=8876823 Notepad ++ hacked for Je Suis Charlie comments(web archive link) (65 points, 74 comments)
For a UI I’ve been using VSCode. It is quite quick when you disable all extensions and most settings.
> eMacs
I love Emacs, but I don't see how a Lisp platform with a web browser, a Tetris implementation, and 4 terminal emulators (shell, term, ansi-term, eshell) can be considered 'lightweight'.
(Also, a lot of that stuff comes bundled with Emacs out-of-the-box, further disqualifying it. Having a scripting engine is one thing, but having a scripting engine along with the whole rest of the jet is something else entirely!)
As someone famous said, "everything is relative" :) Compared to the new applications that have been coming out, Emacs and vim are a paragon of lightness.
On that note, why are the keybindings for vi on a “modern” Ubuntu different from fedoras? I remember having to mess with ^H in a vimrc or something to that effect to mimic the behavior I was expecting.
https://en.wikipedia.org/wiki/Notepad%2B%2B#Political_messag...
The possibility of software being a personal, creative, expressive endeavor (which often includes politics), something I believed in back when I was in university twenty years ago, is a feeling that's receded deeply into the past. That might be as much about me as it is about the world, but I miss it.
That said, if software is a personal creative expression, one must be prepared for the possibility that some people aren't going to like what one has to say. Often when the politics angle comes up with Notepad++, people will say "it's his software project, he has the right to put in political messages if he wants" as if that somehow compels people to be ok with the political messages. The author certainly has the right to use Notepad++ as a platform for his political opinions, and I would never dream of saying otherwise. I don't want him to go to jail, or get fired by his employer, or anything like that. But I similarly have the right to decide that I don't want to see his political opinions and use another piece of software. You pick up both ends of the stick, as the old saying says.
the moment software stops being neutral, it becomes a target
But, at the same time, that's exactly the sort of thinking that's killed off that feeling I'm sentimental for. As a free human being, I don't want to live in fear of expressing my political views; and as someone who wants to view the software I make as a form of art or expression, I don't want to be afraid to express my political views through my software either. Should a writer avoid being political for fear of becoming a target? For fear of their books or readers becoming a target?
as a program that tries to be used by others - stay in your lane, you are not an opinion cesspool, you are here to do work and let others do it too
The creator is also very selective about the type of politics he supports.
Why would someone express political messages without being selective? It’s understandable not wanting overt politics in your software, but this line is odd.
Interesting. This is not actually true anymore, even for the masses.
Nowadays everyone can just have their own tools made, "hand-tailored" with the features they want. Maybe I'm wrong, but it feels like everyday-software is now only a few sentences (and a python script) away.
FWIW, you can also get the new Edit implementation that's built with Rust and the Windows exe is 250kb...
Tested with python 3.10.6, Windows. It's the only version I have installed, for which I've also have installed tkinter.
Welcome to 2026. You're late.
>tkinter
so you missed the part where notepad starts instantly, doesn't choke on files larger than 25KB and uses native Win32 controls ?
Of course the barrier to creating bespoke tools is lower but it's also still a decent bit of overhead and not just "hey AI, create me a Notepad clone that works like it used to". Arguably it's still more intensive than googling "notepad clone" and just downloading n++.
Are you moving the goalpost?
The whole thing is a bit unfair anyway. My perplexity is trained on me. It knows that I have python installed, thus it wouldn't tell me that I would need to do so. It knows I'm a programmer, it knows that I value accuracy and precision. It knows to double-check everything all by itself.
I am confident in claiming that it can get the task done regardless of the above, but its response, as is, cannot be generalized.
I mean you did originally claim that this was something that was "for the masses" and then posted a solution that only someone technical could actually use.
Not that I doubt it couldn't one shot something this simple with a .exe wrapper.
But anyone with basic experience in Python could have written that same app in minutes 20 years ago?
Article: People systematically overlook subtractive changes - https://www.nature.com/articles/s41586-021-03380-y
(Modulo CR/LF, of course.)
For example, a prompt when opening the file like: "It's unclear what kind of data this is, here are a few options with a preview, pick which one you'd like me to use."
Annoying, but them's the breaks when you're making software and aren't willing to put in hard requirements about what it is expected to (not) operate on.
Markdown presents a chicken-&-egg scenario that has dragged on for decades: tons of Markdown documents, but almost nothing with which to simply view (not edit) them as intended. Mystifying.
I think this explains the lack of viewers; they are simply not needed.
I know there are others and there are fine points. I would like to see a couple minor additions to support image placement (that aligns with Medium's editor) and finally a strike-through text notation. But that's about it.
https://github.com/reactos/reactos/tree/master/base/applicat...
Maybe I'd mind it less if they put the new MS Edit in Windows by default, so again, there's a minimal plain text editor in the box.
This doesn't seem like a good idea.
And WordPad was built on top of the "RICHEDIT" window class, and exposed lots of the OLE features provided by the rich text control. "Insert Object" is a powerful and potentially dangerous feature with a lineage going back to the Windows 3.1 days. As long as your DLL is registered correctly, any document in an OLE-capable program can cause objects from that DLL to become instantiated and deserialized.
Getting rid of documents able to instantiate arbitrary OLE controls is a good reason to try to remove WordPad. It's not just some simple styled text editor.
Do you need to log in to notepad now? What in the actual hell is going on?
Confused the hell out of me recently when I was looking for Office 365 on their website.
wordpad is all-included on its own
Notepad was never fancy, but it was a reliable tool to strip formatting or take a quick note, and now I cannot even count on that.
This tool would have been so useful 25 years ago when I had to manually recolour every pixel in the contour of the cool photo I was editing for my new desktop background because the fill tool didn't recognise the background properly.
Notepad should be last thing they should be fiddling with.
I am sad that we have to install 3rd parties for basics now.
They are convinced it needs to be a worse vscode when all I want is something to edit plain text files.
Adding RTF and a wysiwyg markdown editor is the last thing that I want from something like notepad. When I open notepad, I still want to see the characters that are present. Heck, I'd like to be able to see the difference between a space and a tab. I'd want to be able to see which type of line ending are being used (and switch to the correct one, \n) Hiding characters is antithetical to the reason I'd use notepad in the first place.
I want to be able to search text and see text. Not compose a document or talk to an LLM.
So install Kate? There's a Windows build.
- Notepad: Plain Text
- Wordpad: Rich Text
- Word: Documents
Seriously? Markdown is the preferred method for rich text these days, so why didn't they just turn WordPad into a WYSIWYG Markdown editor?
They also shove Copilot into it, but that's a whole different problem. Who is this current iteration of Notepad actually made for?
I hope they give notepad a keyboard shortcut to transition to ascii only like textedit has on the Mac
I tried to take advantage of it, but the implementation felt really clunky (formatting seemed to be via menus only), so I’ve stuck with .txt files.
Meanwhile, 2 weeks ago:
Windows Notepad App Remote Code Execution Vulnerability
(2004 is the year Markdown was invented. Notepad got introduced in 1983 and actually predates Windows)
Oh boy.
recent vuln asside (big caveat ill admit) idk why you would use notepad at all when N++ exists
I do think notepad recently got those, but for a long time it was a compelling reason to use notepad++.
And you can avoid copilot.
Microsoft has already positioned VS Code as its code editor and OneNote as its notetaking app. Why should Notepad compete with these offerings?
https://msrc.microsoft.com/update-guide/vulnerability/CVE-20...
but i dont think most people here are complaining because of security risk... otherwise they wouldnt be recommending things like notepad++, other obscure editors, or editors with way larger code bases.
I've spent a long time building up my muscle memory. I don't want my tools changing out from under me. If they wanted to ship an "enhanced" notepad they should have called its something else.
Just make your own damn notepad if it bothers you lol.
If you use many different machines throughout your workday, this means you have to carry a copy of your bespoke solution with you on a memory stick or something, and hope that the machine you want to use it on allows the use of memory sticks or unapproved software.
It's far better to use an application that you can count on already existing on the machines.
I even worked on an app in a relatively secure environment where the work around for an early SPA and IE6-8 company wide, was for the systems analysts using our app to use a portable firefox browser on the user desktop. IE6-8 in particular were really bad when you had an SPA as you had events tied to dom elements across the COM bridge that wouldn't release unless all dom and script references were freed up. jQuery actually did this, if you managed everything through it, but our app was an early version of extjs... so after 3-4 hours it would just run out of memory and die.
But we think we're right and still we thought they were wrong.
If we were in a PHP forum, this would be my signature: I'm getting too old for this shit.
You need to buy 5 regular Windows licenses and then you'll be able to unlock the LTSC option. It works out to about $300.
Let's just say I haven't concluded my testing yet, it's ongoing :)
> Get-AppxProvisionedPackage -Online | Where-Object { $_.PackageName -like 'Microsoft.WindowsNotepad*' } | Remove-AppxProvisionedPackage -Online
I recently used Windows Sandbox and was surprised that it does not have notepad. And why? Because it's a Store App now and that's unsupported inside the Windows Sandbox.
Notepad is supposed to be dumb, not Microsoft!
I can't even get visual studio code to stop showing that right-hand sidebar every time it opens up, regardless of what settings I use. It seems to work for a while, and then it appears again like magic.
I'm not sure how many more times they have to hit you straight in the face before you realize you're a victim here and need to get away from the abuser as much as you can, not try to "salvage" the situation.
I don't have the bandwidth to babysit all the different ways MSFT tries to break tools to bother using them.
Defaults should not be offensive. If you try to kill me with papercuts, I will stop using your software and never look back.
It's not fine just because you sneak a button to (temporarily) get rid of it. Just make features worth enabling instead.
Is it because the average person isn't as tech savvy as most (if not all) HN readers to know any better, and those companies want the headcount of usage to look high to please stakeholders?
Enshittification at its finest stink.
Easiest way to do that is to use Linux instead.
I welcome it, because hopefully that will be less people having a meltdown over an icon on a menu bar.
Somebody should probably tell Microsoft we’ve all moved on to better things like Notepad++ (even when their update supply chain gets compromised).