WINDOWS NOTEPAD APP REMOTE CODE EXECUTION VULNERABILITY

0x00string@infosec.exchange

@Kiloku @solonovamax lmao LOVE local user interaction bugs called RCE, this never dies

malachai@furry.engineer

@freya accessibility as in for disability? KDE Plasma has a massive accessibility suite. :) It's also very pretty and extremely configurable.

malachai@furry.engineer

@freya I've been daily driving Ubuntu then cachyos for a long time with basically no issues that I didn't cause myself. Rock solid aside from some self-caused crashing

freya@chaosfem.tw

@malachai it has many accessibility features, yes, unfortunately the screenreader (which is what I need) is a glitchy unstable mess, and modern UI frameworks make this worse, as does Wayland and Pipewire and suchlike. there's no large amount of funding going into Linux desktop accessibility, and it's such a moving target at this point that getting stable accessibility is really hard

freya@chaosfem.tw

@malachai sure and if you're sighted, that works great. unfortunately I'm not

malachai@furry.engineer

@freya that's fair! If you can get it working in a VM or something and post bug reports, it will do so so so much to help! I hope it gets better for you so you can get away from the hell company.

freya@chaosfem.tw

@malachai bug reports: all of them. all of the software is either broken, or partially broken, I mean hell sometimes you'l;l go to alt-tab and your screenreader will just go 'lol nope bye"

freya@chaosfem.tw

@malachai I have had better and more consistent accessibility on my Solaris 10 SPARC box than with any and all modern Linuxen

avincentinspace@furry.engineer

@solonovamax non vibe coders have a long and lucrative career ahead of them cleaning up this mess

krutonium@social.treehouse.systems

@Kiloku @solonovamax Because they removed WordPad and then realized they didn't have anything that filled the Niche that WordPad did. And the solution, instead of bringing back WordPad, was to AI Re-Write Notepad into WordPad Featuring AI.

overdosing_lain@urusai.social

@solonovamax Windows is getting that bad? Crazy what happens when you use ai to code an OS.

wademcgillis@mastodon.social

@solonovamax hell yeah

csolisr@hub.azkware.net

And for once, adding AI to the app was not to blame! (Although the issue was introduced in the same batch that added AI, so I'd still count it)

odo@dustbuster.club

@solonovamax I don’t understand how this could even happen. It’s a markup language. Are the calling `eval` on the markdown output?

chase@chaos.social

@Kiloku @solonovamax more interesting, how the fuck do you cause an RCE vulnerability in a markdown renderer?

fedihacker@masto.es

@solonovamax

Isn't Notepad supposed to be PLAIN TEXT editor? But oh, they shoved in LLM support and in that same update they added parsing and presentation formatted text.

netraven@hear-me.social

@solonovamax wait til you hear about calculator.exe

watchthewatchers@mastodon.social

@AVincentInSpace @solonovamax never do your job too well.

liquidparasyte@app.wafrn.net

WHY DO MULTIPLE SIMPLE TEXT EDITORS HAVE REMOTE CODE EXECUTION IN GENERAL

nev@status.nevillepark.ca

@solonovamax Culture Ship name!