They finally did it.
Uncategorized
15
Posts
14
Posters
1
Views
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
@pheonix well, #Microsoft #Windows now basically is an irredeemable #Govware on it's own!
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
That made me laugh in the morning! Thank you so much!👍😂
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
@pheonix vibe coder doing vibe coding things 🤷♂️
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
@pheonix youth is skipping to old nokia's, to dvd's, to buying vinyl and even to lending in videostores (really!).
So how do companies keep adding more and more features nobody wants anymore? -
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
Satya Nadella, 2014: "Microsoft needs to refocus on security for ordinary users and get that right before we even think about adding gimmicky features."
Satya Nadella, 2026: "...But what if we added more unsecured attack surface?"
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
One of the reasons, why I use Notepad++ (https://notepad-plus-plus.org/downloads/)
-
One of the reasons, why I use Notepad++ (https://notepad-plus-plus.org/downloads/)
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
I'm not surprised...
A simple
cat <file>on the command line can also compromise your system. If you're unsure, you should therefore usecat -v <file>when I'm not mistaken. -
@ClickyMcTicker @pheonix There is no problem with it with the newest version 8.9.1
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
@pheonix nothing can be safe. It is computing. That ship has sailed a loooooong time ago
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
@pheonix *vibe-coding intensifies*
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
@pheonix Idk how the fcuk they can mess up a simple notepad application. When you add junk (Copilot) it's kinda expected lol. #microslop f-ing company 🤮
-
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
@pheonix
Notepad?? FRIGGIN NOTEPAD? HOW DO YOU SCREW UP SOMETHING LIKE A BASIC-ASS TEXT EDITOR PROGRAM? -
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things lmao.
Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology
@pheonix This is the most vibe slop, ever! 😁
-
undefined paoloredaelli@mastodon.uno shared this topic on
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@mpjgregoire No, we went to the presentation at Usine C.
-
@worik @strypey @reiver You're right; ActivityPub is encrypted from one end to the other.
The problem is data at rest. AP activities are stored on the sender's server and cached on the receiver's server in the clear. If your server admin, or mine, decides to go spelunking in their database, they can violate our privacy and read our messages.
This is no better or worse than unencrypted email. However, a lot of people on the Fediverse have accounts on servers they don't trust.
-
@frank awesome! would you maybe like to contribute this to the plugin? I am thinking about a snippets "directory", to show how the plugin can be extended with special features!?
I will create a barebone folder with a readme for that!?
-
@peterkotrcka 4 days for all of them? I think it's too much.
-
@tfb define "easy" 🙂
-
@peterkotrcka Easy to get to from France?
-
@stefano and do you think they are close enough for someone, let's say, from Slovakia, to travel through all of these in 4 days?
-
Being the web performance zealot I am, I strive to having as little JavaScript on my sites as possible. JavaScript after all has to be downloaded and has to be executed, so extra JS will always have a performance impact even when in the best of circumstances it exceptionally does not impact Core Web Vitals (which are a snapshot of the bigger performance and sustainability picture). Hence when adding blocks in WordPress, I check if the block is entirely rendered server-side and if not I look for alternatives to avoid multiple files from wp-includes/js/dist (and in the case of some 3rd party blocks the entire React JS and more) being loaded.
For that reason I tested the WordPress ActivityPub plugin with the reactions block loaded as per these guidelines and indeed it triggers the loading of hooks.min.js, i18n.min.js, url.min.js, api-fetch.min.js (all in wp-includes/js/dist) and 2 files from the plugin itself (/wp-content/plugins/activitypub/build/reactions/view.js and /wp-content/plugins/activitypub/build/remote-reply/view.js).
To be able to reduce the dependency on those JavaScript files, 2 questions needed to be answered; how to have reactions (which I like a lot) without the JavaScript-driven rendering and what is that remote-reply thing.Starting with the latter; “remote-reply” handles the federation of local comments on reactions (comments) from the Fediverse, showing a modal window where the commenter is asked what ActivityPub account they want to post the reaction from. I decided this was not that important for me and –with some help from Matthias @pfefferle who always gives great support- came up with a couple of lines of code to not “do” remote-reply on this blog.
Now that Fediverse reactions block is very nice and I did want reactions showing on my blog, so I started looking at the database and the ActivityPub plugin code and saw that all Fediverse reactions were stored in the wp-comment en wp-comment-meta db-tables and were in fact accessible with the WP_Comment_Query class and with quite a bit of trial and error I ultimately ended up with a totally server-side generated solution that looked pretty nice (and similar to the JavaScript-rendered one).
If you’re interested, you can find the code in this gist, but don’t expect it to be good. Some negatives include no language handling, unminified CSS inline and the placement of the reactions might not work on every theme as I hook into the comments_template action to try to show them just before the comments. But who knows it might just work for you as well?
