> At some point, they need to stop asking "can we add this feature?" and start asking "does this text editor need a network-aware rendering stack?"

They didn’t stop there. They also asked “does this need AI?” and came up with the wrong answer.

"For nearly thirty years, notepad.exe was the gold standard for a "dumb" utility which was a simple, win32-backed buffer for strings that did exactly one thing...display text."

Well, except that this did not prevent it from having embarrassing bugs. Google "Bush hid the facts" for an example. I'm serious, you won't be disappointed.

I think complexity is relative. At the time of the "Bush hid the facts" bug, nailing down Unicode and text encodings was still considered rocket science. Now this is a solved problem and we have other battles we fight.

I couldn't agree more. A text editor exposing an attack surface via a network stack is precisely the kind of bloat that makes modern computing ultra-fragile.

I actually built a "dumb" alternative in Rust last week specifically to escape this. It’s a local-only binary—no network permissions, encrypted at rest, and uses FIPS-compliant bindings (OpenSSL) just to keep the crypto boring and standard.

It’s inspectable if you want to check the crate: https://github.com/BrowserBox/FIPSPad

>At some point, they need to stop asking "can we add this feature?" and start asking "does this text editor need a network-aware rendering stack?"

But so far as I can tell the bug isn't related to "network-aware rendering stack" or AI (as other people are blindly speculating)?

From MSRC:

>How could an attacker exploit this vulnerability?

>An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.

Sounds like a bug where you could put an url like \\evil.example\virus.exe into a link, and if a user clicks it executes virus.exe

Things started going downhill when they added a Bing option to one of the menus, which was only very recently after they added support for *nix newlines. A very mishandled product, but then the whole OS has been mishandled since 10. Some would say 7.

Question is, did they even realize they added a network-aware rendering stack...

It'd be more hilarious if it weren't so sad. In just 10 years a disturbingly large number of huge development teams decided that making a GUI application using the old ways [1] was too hard and decided to ship an entire web engine (electron) to render 10 buttons.

[1] (native GUI widgets? agggh)

Unfortunately, code execution in text editors aren't a new thing. Vim had one published in 2019: https://github.com/numirias/security/blob/master/doc/2019-06...

Another in 2004: https://www.cve.org/CVERecord?id=CVE-2002-1377

Neither vim nor Notepad are purely for displaying text though.

The day calculator brought me to an MS Store login was the day I became a radical.

> viewing data is a fundamental failure of the principle of least privilege.

I read the cwe not cve, was wrong. It's still early in the morning...

I'm not sure if we should use "gold standard" together with the little piece of garbage that notepad.exe was for most of its existence. It has been the bane for anyone who had to do work on locked down Windows servers and had to, e.g., edit files with modern encodings. They fixed some of it in the meantime, but the bitter taste remains.

You goto go with the times man, goto write yourself a fulltime job with a legacy.

EDIT: THE OLD NOTEPAD IS STILL IN WINDOWS AND WE CAN USE IT!

https://learn.microsoft.com/en-us/answers/questions/3845356/...

You basically have to find the "execution alias" setting and disable notepad and you get the ole reliable :D

OLD POST:

This has hurt me specifically. Since I work without IDEs, no VIM, no vs code. On linux I use nano, on windows I use Notepad. I like the minimalism and the fact that I have absolute control, and that I can work on any machine without needing to introduce an external install.

Last couple of years notepad started getting more features, but I'm very practical so I just ignored them, logged out of my account when necessary, opted out of features in settings, whatever.

But now this moment feels like I must change something, we need a traditional notepad.exe or just copy it from a previous version, I'll try adding NOTEPAD.exe to a thumb drive and having that. But it's a shame that it breaks the purity of "working with what's installed".

tell this to level N-1 managers that want to get promoted by the only way of "launching features"

A utility meant for viewing data? I don't think you understand what a text editor is.

I'd agree that recent features feel a bit unnecessary, but it does need to edit and write files - including system ones (going through however that is authorised). You could sandbox a lot of apps with limited impact, but it would make a text editor really useless. Least privilege principles work best when you don't need many privileges.

They should have called it Emacs. Then everybody would have known.