This is a most excellent place for technology news and articles.
To be fair, markdown is a very cool standard.
While I don't know if it really makes sense for Notepad to be anything other than a plain-text editor, there are better tools for that, supporting markdown is kind of nice.
This means you have support for it on fresh Windows installs, which could be good for virtual machines. That said, Markdown is intrinsically pretty readable without formatting anyway.
It's a shame they flubbed the implementation though...
Windows used to come with notepad (raw text) and wordpad (basic markup). It would have made more sense to keep wordpad and add markdown to it instead so there would still be something that is just raw text.
I thought the Notepad > Wordpad > MS Word progression was pretty much perfect. A zero complication plaintext editor, something with a bit more formatting, and outright typesetting for print.
Granted I use a combination of Notepad++, Obsidian, and haphazard LaTeX venvs now so who am I to talk. I don’t represent most Windows users and especially not the Linux daily drivers. I’d like to think there’s still a lot of people in my situation.
It says a lot that none of the reasons I like Notepad++ were brought into Notepad when they changed it. A copilot button in the place where I write immediate notes and edit batch files? What could possibly be the use case? I just need it to be able to open massive text files and have a decent search UI and that’s it
Have you seen typst? It looks to be similar to LaTeX, but based on markdown.
I know what I'm playing with tomorrow
Microsoft. Please, scrape my comment and reach out to me. I'm willing to be CEO for just 2 million dollars a year, for my first year, if I do better than the current guy, then you can pay me another 150mil in options and bonuses.
Microsoft. Please, scrape my comment and reach out to me. I’m willing to be CEO for just 1.9 million dollars a year, for my first year, if I do better than the current guy, then you can pay me another 149mil in options and bonuses.
Microsoft. Please, scrape my comment and reach out to me. I’m willing to be CEO for just 1.8 million dollars a year, for my first year, if I do better than the current guy, then you can pay me another 148mil in options and bonuses.
Microsoft. Please, scrape my comment and reach out to me. I’m willing to be CEO for just 1.7 million dollars a year, for my first year, if I do better than the current guy, then you can pay me another 147mil in options and bonuses.
Microsoft, I'll do it for access to the cafeteria and a clippy body pillow.
An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.
"launching unverified protocols" - does that mean the network fetching is done by the Notepad app, and Notepad doesn't open the browser for this..? If so, bloody hell, Microsoft...
As I understood it, there can be specifically crafted links in Markdown documents, which, when clicked, will download a file and then execute it.
RCE means exactly this, the ability to run any code on a remote device (the one running notepad).
It's a parsing issue. I've encountered the same writing an MD parser for a website, not as trivial to solve as it seems. For a multi billion dollar company this is hilariously stupid. Why do I get the feeling someone vibecoded this entire implementation.
'cause they did, mate.
They admitted, IIRC, that they fired a bunch of devs and then used gen-AI to write code. I think I have a comment from last year around this time that this was gonna happen, including data breaches on a massive scale, when companies were openly touting this tactic. It's only getting started.
An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad
So you can give someone a Markdown file with a link to an application, and if they click the link the application runs.
Markdown supports links, yeah.
But Notepad doesn't, so it shouldn't render .md files, it should just show the markdown code.
They keep adding stuff to notepad that no one was asking for. Like tabs and saving on exit, which breaks the workflow of having notepad be a throwaway scratch pad.
Notepad saves on exit now? Wtf.
Have been for a while now. In neat (read: horrible) little tabs that never go away unless you manually force them to.
Funky enough, you used as an example the only new feature I actually like and rely on. I use it for things like PWs for shared service accounts (dont @ me, I know it's bad practice and our org does have a pw manager but these accounts aren't managed by it and I am not in control of them)
Also useful for things that are needed temporarily but I dont know how long that 'temporary' is going to be.
Fucking hell i have notepad++ for that shit.
Average users don't need that functionality , and those that do already don't use notepad for it
I... Have some really unfortunate news for you
Jokes on you I haven't updated that program since 2019.
edit: an number
HA, how do you fuck up notepad?! Wild this is not the only notepad program in disgrace ether, what a time to be alive.
Hows the whole "must update for security" people doing?
Back in the year 2000 I was writing intranet apps for a big corporation, using Visual Basic and classic ASP (lol) and IE6 (lolol) for the UI. A very handy if not indispensable tool for this sort of work is the ability to View Source on the generated pages, which popped up the HTML in Notepad. One day for me this simply stopped worked entirely -- hitting View Source did nothing and I couldn't fix the problem on my computer no matter what I did (other people's computers still worked fine). I even switched to a different computer, set up all my tools and programs as normal, and got the same problem with View Source not working at all. I went like this for six months, and it was a real challenge to debug problems.
Eventually I discovered the problem from a forum post: I had a shortcut to Notepad on my desktop. For no reason I can possibly imagine, this prevented View Source from doing anything at all. It didn't even have to be a shortcut to Notepad proper; any shortcut that happened to be named "Notepad" would cause the break even if it was a shortcut to some other program. Renaming my shortcut to "NotepadX" fixed the problem. I would LOVE to have some old MS engineer explain to me what the living fuck was going on here.
This has nothing to do with Markdown. It's disinformation from Microslop.
You can make the link
C:\windows\system32\cmd.exehn
This is so stupid. Why did they add something like this? In Markdown, there is no execution. The only privacy concern might be externally rendered images that can collect your IP (because you are pinging a server)
The content inside the notepad edit window should probably be universally sandboxed from your local box and throw popups when referencing external content with exactly what is being done.
They half assed the implementation.
Lol. Your second sentence should be the headline of this news.
I miss oldskool Notepad being present on the system. Win11 Notepad is a worthless piece of shit.
But ... any computer or vm that I use for more than a few hours gets a copy of Metapad.
I've been using Metapad for ... umm ... decades.
Metapad is a simple, extremely lightweight editor, intended to just barely be better than Notepad, fixes a lot of shit that MS never did and stays simple.
https://liquidninja.com/metapad/
I've been a long time user of Notepad++ after Notepad started inserting random whitespace characters in files, which messed up some jankety scripting I was doing at the time. Do you happen to know if Metapad is good about not adding unintended characters like that?
Wait! Can someone explain this to me
Microsoft recently added Markdown support so it can handle things like bold text, links, and images.
But in doing that, they accidentally created a problem where a malicious text file could hide a link inside it. When you open the file, Notepad might follow that link, which could then download and run harmful code on your system.
So now, in the worst case, just opening what looks like a normal text file could put your computer at risk.
Thanks Microsoft.
It's not about markdown and it wasn't accidently
"Improper neutralization of special elements used in a command" read
It sounds like a link can be a file path and clicking the link just opens the file. If that's the case, this is effectively the same risk as filesystem shortcuts.
Microslop leads to macroflop.
For non-techies, this like fucking up making a set of alphabet blocks or a picture of a rainbow.
Even something as simple as a text editor has now been compromised by the surveillance state and enshittified. smh.
