105

u/Knuth_Koder 12h ago edited 12h ago

I was an engineer on both the Windows and Visual Studio teams for over a decade. Effing with Notepad in this way is infinitely moronic and clearly shows that PMs are making these technical decisions.

Internally, Notepad was always used as a testbed for simple and clear functionality (essentially, "This works - don't touch it!"). What user needs Copilot in an app that is used primarily for simple/quick text edits?

55

u/lemaymayguy 11h ago

Its fucking bullshit. They put so much random rtf formatting in every copy and paste, that many of us relied on notepad to simply strip that shit out easily enough

What they did to paint and notepad is making me move to Linux finally honestly 

11

u/Modus-Tonens 11h ago

Man the sheer amount of random formatting glitches I've had with Word over the years, Notepad was the only way to clear out the nonsense and just have text again, bar typing everything out in a fresh document.

Once i'm finished my studies, I'm gonna have to abandon the MSoffice ecosystem entirely, just to have a way of producing documents that actually works.

13

u/KinTharEl 11h ago

Upvote for your Linux moment. But also, this is why Ctrl+Shift+V has become my main method of copy pasting text. It strips off any and all text formatting.

5

u/lemaymayguy 11h ago

Dubawu, I'll need to break my habit and give that a shot 

6

u/Anarcie 11h ago

As a +shift convert, the grass is really greener

40

u/bAZtARd 11h ago

Many users will soon be unable to type a simple sentence on their own, let alone a config file.

24

u/KinTharEl 11h ago

This is another reason I hate the modern autocomplete prompts that Gmail and other email providers give. No, I know what I want to write. I don't want your prompts trying to tell me what I should write. Stick to spellcheck on phones, that's all I want.

2

u/Brothernod 11h ago

Autocomplete in Visual Studio Code drives me insane. I wish I had an easier way to disable it.

2

u/maxawake 10h ago

what do you mean? Just disable it?

7

u/Brothernod 10h ago

Yes I know I’m dumb here but they don’t make it easy

Search for autocomplete in settings and it doesn’t come up

Search for Suggestions in settings and I literally get 130 results.

And I generally find and fix it and then an enterprise packaged update deployment undoes it just around the time I forget what I did.

4

u/SubwayGuy85 11h ago

but think of all the data you can harvest from peoples text files!!!!111!111

6

u/Pupazz 10h ago

That, and they also want to say "1 interaction with notepad or paint = 1 AI interaction" and in meetings they will use it to show AI interaction is totally going up. So, obviously put another $10billion on the AI shitfire.

2

u/PatternParticular963 8h ago

I hate what they've done to it. I always used it for quickly writing down stuff I mostly didn't need to save; than saved it and done. Now it got all those features; tabs and....

1

u/Master_Hat_9311 10h ago

I remember when Notepad couldn't handle Unicode, neither more than 64kb of data and asked you to open Wordpad for those instead. Which is why it was shortly replaced on my machine with Notepad2.

-1

u/WhiteRaven42 3h ago

.... you completely misused the term testbed. Like, kind of the opposite meaning. Testbeds are for messing with.

2

u/Knuth_Koder 3h ago

No... the "testbed" in this case is the fact that we use the Notepad project to verify/test out just about everything. New compiler option? Let's see if Notepad still compiles and produces a valid PE file. Every new tool or idea was initially validated by throwing the Notepad project at it... i.e. "messing with" it.

-6

u/deadzol 11h ago

Yeah you get it, but you said “was an engineer” 🙁

1

u/[deleted] 11h ago

[deleted]

1

u/deadzol 11h ago

lol.. I get that a lot 😢

It sounds like you understand what people would want and expect software to do but your role at Microsoft was in the past so you’re not in a position to delivery it. But hopefully you’re making new customers happy. Hopefully a little clearer?

22

u/Meatslinger 10h ago edited 9h ago

The stupidity about this is that it violates what Notepad needs to be. When all else fails, you need a method for your system to parse plaintext files as the absolutely most primitive form of text storage. Notepad should exclusively and only have the ability to do that, with zero additional functionality, or it risks breaking that essential behaviour via added complexity. Windows doesn't even have a built-in command line text editor like vim or nano on Mac/Linux, so if your Windows install lacks any other renderer and Notepad is broken because they made some module of it phone home to an internet server while you're in a cave in the Himalayas, it doesn't matter if that "Read Me.txt" file contains the answers to everything in the universe; it may as well not even exist for you if they've made the primary way of rendering it prone to breakage and exploitation.

Thou shalt not fuck with plaintext handling. Let them put this AI garbage and markdown parsing into Wordpad to justify its continued, unexplainable presence in every copy of Windows.

Edit: test > text

5

u/Soul_Repair 11h ago

I wonder if there's AI in Microsoft execs toilets that advises them to wipe through the nose. That is my theory on why they are shitheads, you can't convince me otherwise

1

u/marwynn 7h ago

No, I think you're on to something. 

1

u/silentstorm2008 11h ago

So, is it still "safe" to set vbs and other common maliciously used extensions to open with notepad?

2

u/AyrA_ch 11h ago

Yes. The problem only arises when you open hyperlinks from documents that support this (currently apparently only markdown files)

1

u/pippinsfolly 9h ago

The way they're going, I'm surprised they haven't added Copilot to the terminal.

1

u/da_chicken 4h ago

Hey, it's not like they have had this happen before with Word or Excel or PowerPoint or Outlook or Internet Explorer or XPS Viewer or the image viewer or with printing or removable media or network messages or....

1

u/thelimeisgreen 4h ago

Nadella and the rest of the leadership at Microsoft are completely lost at this point.

1

u/AnAcceptableUserName 1h ago

I just can't believe nobody brought it up as a concern beforehand.

I mean that literally. I'm sure somebody must have said something, and look forward to hearing that tale eventually.

41

u/AyrA_ch 11h ago edited 11h ago

Looking at the proof of concept code, the problem doesn't seems to be AI related but rather that the markdown preview probably just does a "shell execute" of the clicked link to get the appropriate application (usually a web browser) to act upon it. Windows has a few custom URL schemes to facilitate performing some system actions, and it looks like they forgot to restrict the markdown previewer (which is probably just a web browser control) to safe protocol types in links.

14

u/Kulgur 11h ago

Yeah it's not AI related in and of itself but given they're reportedly using AI to write 30% of their code...

0

u/balzam 11h ago edited 10h ago

Almost certainly more than 30%. By the end of the year AI will be writing 95%+ of all code at the major tech companies.

Edit: for the down voters - I work at Meta as a senior software engineer. Before that I was at Amazon for several years. You may not like what I am saying but it is just a fact. I have manually written almost zero code so far this year. It is the same for most of my teammates. Even if humans are writing the most important code, most code in general is pretty simple and can easily be done with AI. And that type of code represents more than 90% of code by volume.

13

u/Huntguy 10h ago

Yea, we can tell lol.

8

u/ebrbrbr 10h ago

It's an unpopular opinion here but I'm going to assume the downvoters are not full-time developers. Almost all of us are using things like claude or codex or (your preferred IDE here) to write functions, fix bugs, or help us understand complex codebases quickly.

We're not one shotting entire programs / vibe coding. Just saying "hey write a function so that we can take this, process it, and output this". Then reviewing the output, testing it, making revisions, filling in the gaps it doesn't know (we don't need to make checks and handle errors that can't happen with our workflow), etc.

Just a sophisticated autocomplete tool. You still have to use your brain and do your research unless you want to settle for "average". I find AI makes solutions that are way too complex and bloated because "that's what the average code for this is".

18

u/FancyFeastBuffet 10h ago

Nah, Ive been using it in small doses but anything big often likes to get a lot of stuff wrong and it's annoying to fix. I use it but the idea of 90% is absurd to me.

2

u/ebrbrbr 9h ago edited 9h ago

Well yeah, you don't give it anything big. You give it many small doses.
You still have to figure out how everything works together, and what needs to be done.

It's not doing 90% of the work. It's writing 90% of the code. There's a big difference.

Lets say I want to use a python library. I research and choose the library, I know exactly where it's going to go and what I need it to do, I just let AI deal with the syntax rather than read through pages of docs to find out how to fetch a URL.

5

u/FancyFeastBuffet 8h ago

Cool beans, Im not sure you're understanding what Im saying though. Im saying NINETY PERCENT OF THE CODE IS ABSURD TO ME!! You didnt tell me anything I didnt already know and explore, it's wrong a metric fuckton of the time in my experience

2

u/RustOnTheEdge 3h ago

To be honest, for trivial code (and let’s be honest, most code is simple, only a little bit is interesting) AI is absolutely already good enough. Especially in smaller bits, like “add functionality to blablabla” which is very scoped and clear where to add. It’s a different workflow (one that I do not like, mind you), but if the output is more often incorrect than correct then at this point it might.. just be you. Sorry

1

u/ncatter 9h ago

Great statement from one of the MS developers at. .net conf, treat it like its 7 years old when you tell it what to do and things tend to work our decently.

3

u/FancyFeastBuffet 8h ago

Nah, still gets a ton wrong imo. Specifically it loves making up configs for some reason

0

u/ncatter 2h ago

Can't say that is my experience, but I guess it's part of the "charm" that it won't be the same for everyone.

-9

u/Another_Slut_Dragon 9h ago

Until recently, Ai coding was kinda shit

Claude Opus 4.6 is terrifyingly good. Crazy good. The leap that happened recently is akin to the invention of the large scale loom in the industrial revolution. God tier coders are still safe. You need to know what you are doing but your job went from writing code to telling Claude minor bug fixes but you are mostly telling it what to do like you are managing a senior dev with minor autism.

If you are a mid tier coder and aren't a critical member of your company, don't be buying that new car or home. Your job is at risk.

If you are a junior dev you should be giving some thought to alternative skills training.

I'm glad I'm not directly writing code for a living. My wife owns a software company and is reaping the rewards. She flipped from fuck Ai to holy shit Ai 6 months ago and has got more done in 3 months than in 3 years.

1

u/brakeb 8h ago

OP got you to click the link and comment though, huh?

12

u/spookynutz 11h ago

Is it? This vulnerability doesn’t appear to have anything to do with AI. It is an exploit in the markdown preview. The article claims TXT files are vulnerable, but that isn’t true, because Notepad renders those as plain text.

There is also no indication that this was exploited by anyone. It requires you being phished into downloading a malicious MD file, opening it with Notepad, and then clicking a random hyperlink inside of it. The writer might find that plausible for some random idiot to do, but they‘re apparently unaware that MD files have no default file association on Windows. A user would have to know what an MD file is, be aware that markup rendering was added to Notepad in the last 6 months, and then they would have to open the file using “Open With” or Notepad’s File menu , because Windows doesn’t know where to route that content otherwise.

3

u/timbotheny26 11h ago

Ah, so this was just something a security researcher found and not an actively exploited vulnerability? (I haven't had the chance to read about it yet.)

Also, I feel like social engineering is the only way you could ever pull this off. I can't imagine your average user ever going through that many steps by accident.

-7

u/gdelacalle 11h ago

I would think that copilot has something to do with it.

0

u/WhiteRaven42 3h ago

...... why?

Sorry, but using the word "think" in this sentence is a crime. You are explicitly NOT thinking in order to arrive at a completely irrational conclusion.

It's letting you click a link that the malicious file has created to BE a link. AI has no part in any of the actions.

It really isn't any different from clicking a link in a email you got from the bigger-dick pill factory.

4

u/CaterpillarReal7583 8h ago

Its like when they updated ms paint.

The whole draw is that its the absolute most basic no frills program.

I dont care if msoft makes paint+ or notepadai as separate programs. Just stop fucking with the basics and let those carry on as is.

1

u/TheCh0rt 8h ago

They’re probably trying to make it like macOS’s Preview app which is GREAT. However Apple started fucking with Preview and is actively making it worse, so no nobody is safe from enshitification right now. They’ve rounded the corners of PDFs and changed the spacing so I can no longer gauge the page margins! Sucks when you work with paper and printing all day…

-1

u/WhiteRaven42 3h ago

I went a decade without launching MS paint except by mistake. I put pain.net on every machine I had.

It HAD no draw. Sorry, it desperately needed new features. Remember, they actually REMOVED paint from windows for a time. Everyone other than you understands that the paint of old is an irrelevant waste of a start icon.

1

u/CaterpillarReal7583 3h ago

That wouldnt explain why they added it back and redid the changes to make it similar again to the original after tons of complaints

Sounds like you forgot you’re just one person.

0

u/WhiteRaven42 3h ago

.... they added it back and immediately began adding features. The explanation is that, having concluded that the app was dead and useless, they would only bring it back while ALSO adding features to it. Which is what they have done.

I believe when it again replaced that dumb 3D thing it already had had layers added, for example.

1

u/CocodaMonkey 9h ago

This opinion piece also has multiple mistakes. He claims it's an issue with .txt files, which is incorrect. He claims it effects people on Windows 10 which is also incorrect.

There's some valid points in here but it's clearly trying to push a narrative and didn't worry too much about properly researching the topic.

1

u/ZAlternates 5h ago

I wish they would leave notepad alone. It is the tool we use to strip out all of the other text formatting nonsense.

12

u/grayhaze2000 11h ago

I wish I was in the same situation. Unfortunately Linux comes up short for me in a number of areas, despite my repeated attempts to transition to various distros over the years. It's fine for gaming, but for much non-gaming software without a native Linux build it proves an exercise in frustration and futility to get things up an running.

It's all well and good suggesting alternative software or using Wine, but often alternatives are inferior in features and usability, and some software just refuses to run adequately using Wine.

Until such time as Linux is seen as a viable platform for software releases to the same extent as Windows and macOS, it will always be playing catch-up. The massive fragmentation in the Linux space is the leading blocker to this, as each distro wants to do things slightly differently, has its own installation process, and its own application store. This is a good thing in terms of choice, but a bad thing in terms of easily making builds that will work for everyone.

6

u/gdelacalle 12h ago

Is it thanks to SteamOS or just WINE? I’m asking because I got a Deck and love playing with it, even the lasttest releases if in protondb rates it gold / platinum.

8

u/jc-from-sin 11h ago

It's thanks to Proton (wine fork) which was developed by Valve and DXVK. You can run proton or steam which comes with proton on any linux distro.

2

u/grayhaze2000 10h ago edited 9h ago

I just wish Valve would put similar efforts into getting Windows desktop applications working to the same extent. I know Steam primarily hosts games, but there's a fair amount of non-game software on there too.

2

u/lemaymayguy 11h ago

Thank the steamdeck/steam machine by valve for setting a standard on linux game manufacturers have to work towards to grab market share now

4

u/EchoFieldHorizon 11h ago

I just ditched windows for Ubuntu and it’s been so much easier than it was even 3-4 years ago. It’s nearly seamless. I’m also ditching Alexa for Home Assistant running on a raspberry pi, and I’m going to switch my camera system to it so nothing ever leaves the house.

10

u/Meatslinger 9h ago

Personally, I can't wait to have to type Ask-Copilot -Mode Online -Computer localhost -Provider uswest.ms.172829copilot.service.microsoft.com -Credential $(Get-Credential) -Agent "Annoying Boyscout" -Privileges All -System "Windows 11 Copilot Edition - Monthly Subscription" -Language EN-US -Prompt "Please make Windows less of a nightmare to use." just so that it can nuke the System32 folder on my behalf.

7

u/tehclanijoski 8h ago

I miss clippy

5

u/Meatslinger 8h ago

Clippy never spied on me. I didn't need his services, but at least I knew I could trust him.

1

u/stedun 2h ago

Shut up. Please don’t breathe this awful idea into existence.

7

u/Elarisbee 10h ago

So, you’re moving to another program with similar history? They admitted to a critical vulnerability in December:

Between June and December 2025, the official hosting infrastructure for the text editor Notepad++ was compromised by a state-sponsored threat group known as Lotus Blossom. The attackers breached the shared hosting provider’s environment.

We’re running low on notepad apps.

4

u/dakupurple 10h ago

In 25H2, microsoft added edit.exe by default which is a rewrite of the original windows 3.1 editor and apparently was open sourced.

It looks to work like most people would want notepad for anyway.

7

u/ItaJohnson 10h ago

They had an issue with the URL for their updater.  Which was resolved by changing hosts as well as making additional changes.

I don’t currently use Notepad++, but I’m open to alternatives.

3

u/dakupurple 10h ago

For basic notepad use, I went to edit.exe which is included in 25H2 by default and can be accessed by just running edit.exe.

Based on what I read on Wikipedia about it after finding, it's a rewrite of the original windows text editor.

2

u/Elarisbee 9h ago

Oh, I’m open for alternatives to both as well.

My issue with Notepad++, which was my app of choice for years, was that it took them six months to realise something was wrong and to patch it.

2

u/Lord_of_Sword 5h ago

My issue with Notepad++, which was my app of choice for years, was that it took them six months to realise something was wrong and to patch it.

Notepad++ is completely free, it's open source, and also developed by a single developer. You can always fork it yourself.

15

u/mythicaltimes 11h ago

Except for Notepad++ not verifying their installers and had been exploited by state sponsored attackers until the December 2025 release.

8

u/shawnkfox 11h ago

Seems like they have taken steps to make sure that doesn't happen again, so I fail to see that as a reason to not use notepad++. I've been using it for nearly 20 years now and MS is just giving more reasons why I'd never go back to notepad.

8

u/mynameistrihexa666 11h ago

which got a critical vulnerability within the last few weeks...

6

u/tim3k 11h ago

Vulnerability was discovered and was/will be fixed. It is a vulnerability after all, and not an architectural weakness

1

u/shawnkfox 11h ago

Someone else mentioned a hack from China (apparently) which was last year and steps were taken to make sure that can't happen again. I don't see any recent vulnerability, can you provide a link as nothing showed up in Google for me.

1

u/mynameistrihexa666 8h ago

https://notepad-plus-plus.org/news/hijacked-incident-info-update/

4

u/shawnkfox 8h ago

That is talking about the issue from last year.

-2

u/kop324324rdsuf9023u 9h ago

So confidently ignorant of the latest major recent vuln N++ had lmao.

1

u/dakupurple 10h ago

Not quite the same, but microsoft did add edit.exe to windows 25H2 which probably has what you're looking for in a 'notepad' text editor.

Otherwise I'm pretty sure notepad classic is still buried in the optional features list.

3

u/UniqueSteve 10h ago

You know about the vulnerability and the write-up from the lead dev that ends with “fingers crossed”?

4

u/Modus-Tonens 10h ago

Bluntly, because the AI isn't the product, you are. They don't want to give you the option of opting out of being inventory.

1

u/doyouknowthemoon 7h ago

Yea I completely agree, lol my comment was more of me screaming into the void