I distinctly remember their GH page being flooded with issues written in Chinese.
It really doesn’t compute in my head why would any macOS user not use a network firewall like this, or similar, to block unwanted outgoing HTTP(s) requests. You can easily inspect the packet with tools like Wireshark or Burp Suite Professional (or Community) edition, or any other proxy tool, of which there are many in the macOS ecosystem.
And this is not unique to macOS, this is all possible in Windows, Linux and any other OS.
https://www.heise.de/en/news/Notepad-updater-installed-malwa...
https://doublepulsar.com/small-numbers-of-notepad-users-repo...
The TLDR is that until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which was available in the Github source code. The author enabled this by not following best practices.
The "good news" is that the attacks were very targeted and seemed to involve hands on keyboard attacks against folks in Asia.
Blaming the hosting company is kind of shady, as the author should own at least some level of the blame for this.
The Taiwanese government has never formally declared itself independent from the mainland. Such a declaration would likely cause the PRC to invade.
http://iccf-holland.org/ http://www.vim.org/iccf/ http://www.iccf.nl/
You can also sponsor the development of Vim. Vim sponsors can vote for features. See |sponsor|. The money goes to Uganda anyway.
- US arguing for independence of any of the States for whatever reasons?
- Spain for Catalonia?
- France for Basque?
and many more just in Europe.
https://en.wikipedia.org/wiki/List_of_active_separatist_move...
In the context of forums, the political threads are generally /not interesting/[0]. Political threads often devolve; they bring nothing 'new' or 'fresh' to the table, and they lead absolutely no where. It's a fart-in-the-wind situation no matter what your position is. Leave that stuff on reddit where the rest of the farts-in-the-wind go to waste. It's like watching commentators on Fox News or CNN or <insert favorite cable TV show here>. They're a large waste of time and they're often geared towards re-enforcing your side, aka echo chamber.
Now, if a thread actually evolved into real measurable action, that might actually be interesting. But that's not what happens on these forums. There's probably very few of us that see some HN thread talking about something awful happening somewhere and they take direct action, such as petitioning their government, protesting, etc. It's probably happened once or twice, but most of the farts in those threads just hang around and stink up the place.
Please stop stinking up HN.
> 2. Even though the bad actors have lost access to the server from the 2nd of September, 2025, they maintained the credentials of our internal services existing on that server until the 2nd of December, which could have allowed the malicious actors to redirect some of the traffic going to https://notepad-plus-plus.org/getDownloadUrl.php to their own servers and return the updates download URL with compromised updates.
Further, political banners in software have absolute helped, and have changed political outcomes. As an example of that, SOPA, and later PIPA, were defeated by websites such as Wikipedia (which are software) putting banners aimed at informing the public of those bills.
Notepad++ site says The incident began from June 2025.
On their downloads page, 8.8.2 was the first update in June 2025 (the previous update 8.8.1 was released 2025-05-05)
So, if your installed version is 8.8.1 or lower, then you should be safe. Assuming that they're right about when the incident began.
edit: Notepad++ has published, on Github, SHA256 hashes of all the binaries for all download versions, which should let users check if they were targeted, if they still have the downloaded file. 8.8.1 is here, for example - https://github.com/notepad-plus-plus/notepad-plus-plus/relea...
All such portals upgrade their hash/sig noting of binaries, and keep those in a history retaining merkle tree of sorts. Of nothing, else a git repo. Something like this https://github.com/hboutemy/mcmm-yaml/blob/master/aws/sdk/ko... but with SHA256s, and maybe not the entire world on one repo.
Winget downloads the installer from GitHub: https://github.com/microsoft/winget-pkgs/blob/master/manifes...
One comment there points out that XP is old enough for infected attack vectors to have all died out. I dunno.
https://support.certum.eu/en/code-signing-required-documents...
https://shop.certum.eu/open-source-code-signing-on-simplysig...
$49 (EU) Gross
But good we are talking about my point rather than than the example.
When last we crossed you appeared to be lecturing people while incorrectly paraphrasing their actual position (aka strawmanning)( >>46793399 ).
FWiW I recall handing a guitar (I hear they kill facists) to Billy Bragg way back when he was on tour Talking to the Taxman About Poetry and FYI he's back, again, following Springsteen: https://www.youtube.com/watch?v=IKOW2ZikGW8
So, good luck https://www.youtube.com/watch?v=NJ2QOwQdHL8
Maybe sidestep becoming a parody: https://www.youtube.com/watch?v=W1_uEbGJtnY
Conveniently, it's never here, and it's never now. I think MLK Junior wrote a speech about this? Letter from a Birmingham Jail: https://www.africa.upenn.edu/Articles_Gen/Letter_Birmingham....
> People will tell me again to not mix politics with software/business. Doing so surely impacts the popularity of Notepad++: talking about politics is exactly what software and commercial companies generally try to avoid. The problem is, if we don’t deal with politics, politics will deal with us. We can choose to not act when people are being oppressed, but when it’s our turn to be oppressed, it will be too late and there will be no one for us. You don’t need to be Uyghur or a Muslim to act, you need only to be a human and have empathy for our fellow humans.
I was glad after discovering [1]. In one of the videos the interviewer explains, why he was not arrested. The channel is for English-speaking auditory outside of Russia. It was enough to "close eyes" for some openly expressed critiques. Though it was painfully to listen to some people who were not against the war.
For an open-source alternative, consider checking out - Lulu [0]. It's not as feature rich nor has impressive UI like the former but gets the main work done.
It's the best one I found after trying a few, because it's pretty easy to use, and lets me disable notification popups which is a part that always frustrates me about other options.
Well, gee, let's look at the sponsorship page for KiCad: https://www.kicad.org/sponsors/sponsors/
I see a couple EU companies, but no EU governments. It takes a paltry $15K to be a Platinum sponsor.
I picked KiCad because PCB design is critical military infrastructure, the alternative programs are almost all under non-EU jurisdictions and could be pulled, and KiCad is both open source and local desktop to top it all off. This is exactly the kind of quiet, unflashy toil that desperately needs support from a government entity.
Lots of areas need support for open source alternatives that are controlled by proprietary software that might vaporize. I picked PCB design because it's an easy target. Cadence and Synopsys have locks on VLSI design domains that could get yanked from the EU. VHDL tooling is still disastrously poor. Everybody could use an alternative 3D modeling kernel (the EU is a little better here because the dominant proprietary kernels are from Dassault Systèmes and Siemens). I'm sticking to software as the domain because the purpose of the funding is obvious (pay developers, duh), but it also applies to things like small manufacturing and maintaining domestic supply chains (but the purpose and focus becomes a lot messier).
And yet, everywhere I look, any project I pick, crickets.
I don't expect the EU to front run, but something like KiCad is 3 bloody decades old.
> those are all in Silicon Valley because the money is there because the US has a privileged financial position.
And yet you had the rise of Akihabara as an electronic parts mecca which then later got eclipsed by Shenzhen. And that's not even talking about the fact that the modern computing sits atop a mountain of stuff developed out of the VLSI Project (https://en.wikipedia.org/wiki/VLSI_Project).
All of those occurred because their respective governments threw money around.
Sure, maybe you won't create another Silicon Valley hare, but, perhaps, just perhaps, you might create a relentless, open source EU tortoise that slowly displaces the proprietary software. The EU is good at slow--relentless, not so much.
Sadly, a continual state of inertia and sclerosis and failure around tech seems to be historically European: https://www.phenomenalworld.org/analysis/the-eurochip/
https://www.binisoft.org/wfc.php
It has some areas where improvement is needed, but the fundamentals work and the user interface design is decent.
I am surprised it's not more popular for Windows users. All of the alternatives I've tried have critical issues which made me dismiss them as unserious.
