Comment on A remote code execution vulnerability has been found in Microslop Notepad
pkjqpg1h@lemmy.zip 2 weeks ago
This has nothing to do with Markdown. It’s disinformation from Microslop.
You can make the link
C:\windows\system32\cmd.exehn
This is so stupid. Why did they add something like this? In Markdown, there is no execution. The only privacy concern might be externally rendered images that can collect your IP (because you are pinging a server)
rumba@lemmy.zip 2 weeks ago
The content inside the notepad edit window should probably be universally sandboxed from your local box and throw popups when referencing external content with exactly what is being done.
They half assed the implementation.
pkjqpg1h@lemmy.zip 2 weeks ago
To have something optimized they need to start from scratch with clean code
related:
bitjunkie@lemmy.world 2 weeks ago
Rolling out AI with the stated purpose of reducing technical debt is just fucking hilarious to me
rumba@lemmy.zip 2 weeks ago
And honestly, that speaks more to the removal of features on the taskbar than Notepad.
One person could have rewritten Notepad from scratch in C++ in a day and bolted in Markdown in a relatively secure fashion in another 2. I doubt security even hit the requirements list. I’m not against moving windows components to Rust. I’ve not against losing features here and there to get there, but blatantly ignoring security because it’s in Rust is downright stupid.
pkjqpg1h@lemmy.zip 2 weeks ago
I’m not a programmar, why people very interest Rust?
dejected_warp_core@lemmy.world 2 weeks ago
Sadly, this was already the case when Notepad stayed in its lane and only handled plain text unicode.