zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. dabina+vf[view] [source] 2026-02-02 04:46:18
>>myster+(OP)
> With these changes and reinforcements, I believe the situation has been fully resolved. Fingers crossed.

I get that this is a difficult situation for a small developer, but ending with this line did not fill me with confidence that the problem is actually resolved and make me trust their software on my system.

◧◩
2. the_fa+hg[view] [source] 2026-02-02 04:53:35
>>dabina+vf
That's the most honest assessment you can expect from any small-scale developer. What do you expect them to say or do? Their adversary is presumably a national intelligence agency of a superpower.

The odds may be better if you operate the way OpenSSH does: move slow, security first, architect everything to be very difficult to attack. But if you're building a text editor, it's not your mindset, and probably never will be.

◧◩◪
3. xeroma+Oh[view] [source] 2026-02-02 05:10:03
>>the_fa+hg
Yup, the only way to combat this as a smalltime dev would be to turn off auto updates and make people build from source.
◧◩◪◨
4. tjwebb+Pi[view] [source] 2026-02-02 05:20:00
>>xeroma+Oh
yea `curl <url> | gcc` is much safer...
◧◩◪◨⬒
5. trympe+Jl[view] [source] 2026-02-02 05:59:00
>>tjwebb+Pi
Security through ..rarity? Maybe not for nation state actors though.
[go to top]