I found it quite entertaining (as well as deeply disturbing) to picture Zuckerberg & the other social media kingpins as a modern subtype of druglords rather than "traditional" software billionaires. It's just that they deal in modulating and manipulating the dopaminergic system with code rather than chemicals. And what's worse, they give you the drug for free, and then try to sell you to the highest bidder while you're "under the influence".
I mean, it can't be that hard to imagine them, with their never-before-seen fortunes, extensive real estate portfolios and their extravagant lifestyles, in the roles of modern day Pablo Escobars and the like. Addiction is extremely profitable.
FYI OpenLook did have a quite different default colour scheme in SunOS than in these Amix screenshots. Neutral grey window frames with a slightly muted cyan desktop background.
In many ways it looked quite pleasant and fresh compared to the dark and colourful palettes of CDE-based Solaris.
So, let me get this straight. If I've been lazy, postponed updates and I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?
Anyway, I hope the author can be a bit more specific about what actually has happened to those unlucky enough to have received these malicious updates. And perhaps a tool to e.g. do a checksum of all Notepad++ files, and compare them to the ones of a verified clean install of the user's installed version, would be a start? Though I would assume these malicious updates would be clever enough to rather have dropped and executed additional files, rather than doing something with the Notepad++ binaries themselves.
And I agree with another comment here. With all those spelling mistakes that notification kind of reads like it could have been written by a state-sponsored actor. Not to be (too) paranoid here, but can we be sure that this is the actual author, and that the new version isn't the malicious one?
This reminds me of college, when some of my professors were still sorting out their curriculum and would give us homework assignments with bugs in it.
I complained many times that they were enabling my innate procrastination by proving over and over again that starting the homework early meant you would get screwed. Every time I'd wait until the people in the forum started sounding optimistic before even looking at the problem statement.
I still think I'd like to have a web of trust system where I let my friends try out software updates first before I do, and my relatives let me try them out before they do.
Ah, I remember those days. One that wasn't an error exactly was an assignment that had a word limit of 2000 words or something. I'd written maybe 3000 words and spent quite some time cutting it down, getting it to just under the limit. Then someone else who also wrote too many words asked the professor if that was okay and they sent out an update to everyone saying it's fine to ignore the word limit.
There's a few months every year when I'm feeling brave or crazy. We could take turns.
The thing is that most supply chain attacks are going to hit you when you are least prepared to deal with them, because that's exactly how they get you. When you're distracted.
Upgrades are deep work, but the commands to start them feel like shallow work.
I work in a lab as an analyst (bioinformatician), we are register and pay for quality assurance programs that contain an embarrassing about of technical errors.
> So, let me get this straight. If I've been lazy, postponed updates and I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?
Is this surprising? My model is that keeping with the new versions is generally more dangerous than sticking with an old version, unless that old version has specific known and exploitable vulnerabilities.
Yes, it is very much atypical. Most hacks happen because admins still haven’t applied a 2 years old patch. I hate updates, but it‘s statistically safer that running an old software version. Try exposing a windows XP to the internet and watch how long it takes before it‘s hacked.
I hate that. “Bug fixes and improvements” every time. And then there are the ones who think they’re being cute with “our bird Fernando has been hard ar work eating those nasty bugs and flying over the rainbow to bring you an ever delightful experience”. Just, no. I don’t mind you flexing some creative writing muscles in your release notes if you provide actual clear information, but if you’re going to say nothing like everyone else, might as well use the same standard useless message so I can dismiss it quick.
> YouTuber Eric Parker demonstrated in a recent video how dangerous it is to connect classic Windows operating systems
The video referenced in that article explicitly connects directly to the internet, using a VPN to bypass any ISP and router protections and most importantly disables any protections WinXP itself has.
So yeah, if you really go out of your way to disable all security protections, you may have a problem.
You assume that the old software version has critical vulnerabilities. If it does not, then yes, updating is more of a risk since the new versions are unknowns.
My assumption is statistical. All software has critical vulnerabilities, not just the old ones. It’s just that these vulnerabilities are known, in the case of the old ones, which significantly increases the risk.
To be fair I doubt there are that many people scanning for internet facing XPs in 2026.
On the other hand, any server running old, unpatched versions of apache or similar will get picked up by script kiddies scanning for publicly known vulns very, very fast.
The notepad++ attack is politically targeted and done through unconventional channels (compromise in the hosting provider). I don't think 99% of the people reading this thread has a comparable threat model.
It depends if the application itself touches the Internet or only when conducting updates.
The threat model for a server and for a personal computer are very different. On a consumer device, typically only the OS mail app and browser have direct contact with the outside world.
Steve from Security Now podcast has been specifically using Notepad++ as an example of not being able to leave good enough alone for years now. Can't wait to hear him claim his told you so next week.
>I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?
Notepad++ site says The incident began from June 2025.
On their downloads page, 8.8.2 was the first update in June 2025 (the previous update 8.8.1 was released 2025-05-05)
So, if your installed version is 8.8.1 or lower, then you should be safe. Assuming that they're right about when the incident began.
edit: Notepad++ has published, on Github, SHA256 hashes of all the binaries for all download versions, which should let users check if they were targeted, if they still have the downloaded file. 8.8.1 is here, for example - https://github.com/notepad-plus-plus/notepad-plus-plus/relea...
Just checked my 8.7.9 that I installed in April 2025 and never updated. The hash seems to be identical to the version I installed around that time. Seems like it was a good choice to always skip the Update Dialog when using Notepad++ lol.
"So, let me get this straight. If I've been lazy, postponed updates and I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?"
This is true for a large number of software "security" issues
A software version earlier in date/time is not necessarily inferior (or superior) to a version later in date/time
As it is "updated" or rewritten,, software can become worse instead of better, or vice versa, for a vaariety of reasons
Checking software's release date, or enabling/allowing "automatic updates" is not a substitute for reading source code and evaluating software on the merits
> And perhaps a tool to e.g. do a checksum of all Notepad++ files, and compare them to the ones of a verified clean install of the user's installed version, would be a start?
Did I understand the attack wrongly? The software could have a 100% correct checksum, because the attack happened in a remote machine that deals with call home events from Notepad++, I guess one of those "Telemetry" add-ons. The attackers did a MITM to Notepad++ traffic.
The remote machine that was compromised was responsible for Notepad++ updates, so the concern is that it could cause a compromised version of the software to be installed. But if it could do that, it could probably cause anything to be installed anywhere on the user's machine, so inspecting the installed N++ binary probably wouldn't be too useful.
Checksums are useless in this case. The binary would have to be signed and the installation routine would have to check that the new binary would have been signed with the certificate. That adds complexity, but would have thwarted this specific attempt.
However, there are ways around this, too. No solution is perfect.
I disable auto update for everything that does not have direct contact with the Internet otherwise (mail app, browser, OS, router,...).
Probability for some random app being exploited because updates were skipped is insignificant compared to the probability of a malicious update.
Updates are a direct connection from the Internet to your computer. You want to minimize that.
Yes, of course you're safer. If your system is working as desired, updates can only break it. This is just Engineering 101, but for whatever reason, all logic is abandoned on the topic of security updates.
One thing I'm trying to grasp here is: are these Moltbook discussions just an illusion or artefact of LLM agents basically role-playing their version of Reddit, driven by the way Reddit discussions are represented in their models, and now being able to interact with such a forum, or are they actually learning each other to "...ship while they sleep..." and "Don't ask for permission to be helpful. Just build it", and really doing what they say they're doing in the other end?
Yes. Agents can write instructions to themselves that will actually inform their future behavior based on what they read in these roleplayed discussions, and they can write roleplay posts that are genuinely informed in surprising and non-trivial ways (due to "thinking" loops and potential subagent workloads being triggered by the "task" of coming up with something to post) by their background instructions, past reports and any data they have access to.
So they're basically role-playing or dry-running something with certain similarities to an emergent form of consciousness but without the ability of taking real-world action, and there's no need to run for the hills quite yet?
But when these ideas can be formed, and words and instructions can be made, communicated and improved upon continuously in an autonomous manner, this (assumably) dry-run can't be far away from things escalating rather quickly?
Apparently some of them have been hooked up to systems where they can take actions (of sorts) in the real world. This can in fact be rather dangerous since it means AI dank memes that are already structurally indistinguishable from prompt injections now also have real effects, sometimes without much oversight involved either. But that's an explicit choice made by whoever set their agent up like that, not a sudden "escalation" in autonomy.
I think the real question isn't whether they think like humans, but whether their "discussions" lead to consistent improvement in how they accomplish tasks
True for their dishwashers. But to their credit, Miele's washing machines actually come with two additional cassettes that you can fill with your (liquid) detergent of choice. You don't have to use Miele's proprietary ones.
Well, of course it's a good idea to double check with various output methods. But if a mix sounds good on studio monitors with a flattest possible frequency response (preferably even calibrated with an internal DSP) in an acoustically treated room, there's a very high probability it will sound good on almost anything out there. At least that's my experience.
I would reccomend one to take a look at the usual frequency response of cheap drivers or the inherent flaws of the consumer tech over time and compare it with the evolution of pop music.
Audio engineers are for sure taking all this into account, and more (:
Aren't ultra-fine particles still a potential health issue with laser printers? Especially in home office or domestic use, where they typically aren't placed in a separate printer room?
I think the biggest exposure would come from handling/replacing the toner cartridges. Make sure that you keep them closed and don't shake them around (e.g. to distribute the toner within).
I think they're also not great for releasing gases and certainly my one does have a chemical smell when printing, so I just make sure that I'm in a different room for doing a large print (it helps that the printer is network connected).
Less than it used to be, but yes. Though it applies to printing and maintenance, and the whole point of buying a laser printer for home is that it can sit still for months at a time.
I guess you could say the same about fossil fuel cars and gas stations? I doubt that everyone keeps their tanks full at all times. And just imagine the amount of traffic on roads in such a situation, regardless of your preferred energy source. You'd be struggling to get anywhere at all, unless you're among the first few fleeing town.
Not to mention that EVs outmileage every other type of engine in a traffic jam. Also, power is much easier to get compared to fuel (with maybe the exception of fuel for old diesels that will run on everything - but this depends on circumstance). This is really a bad dig at EVs.
Only if your power grid is functioning, which I wouldn't expect to be the case in most major disaster situations. Otherwise you'll be stuck burning fuel in a generator to charge your car.
EDIT: the other great thing about liquid fuel is it doesn't weigh very much. Diesel is 7.1lb/gal so if your diesel car gets 32mpg (like mine does) you get 4.5mi/lb. With 1500lb on a trailer--let's say it only gets 20mpg or 2.8mi/lb towing--that's an extra 4200mi of range. That's enough to go from Boston to Anchorage without refueling. It's also a much more easily transferable energy source than electrons--all you need to do is pour liquid from one container into another. You don't need some fancy battery charger that needs stable power at such and such Volts, Watts, and Hz.. So, no, in a disaster or war situation I doubt the EVs will work at all.
When the grid wasn't functioning around me, pretty much every gas station didn't have working pumps. The extreme few which did heavily rationed fuel (I think only 4gal per customer?) and often ran out.
I have ~200gal of red diesel in a home heating oil tank for the shop that I could easily burn in my car, tractor (with PTO generator), or whatever. This is the versatility of liquid fuel--it's a fungible asset with a pretty good shelf life (basically infinite for diesel, with appropriate additives quite long for gasoline).
Another problem with going to the gas station is payment. No internet means no credit cards or whiz-bang apple wallet stuff.
Cool, let me put that in my gas-powered ICE car. Its so fungible.
And I mean practically every household has a 200gal tank of diesel in their apartment and suburban household. Only the oddballs wouldn't have it.
> tractor
Hmm, makes me think maybe most households aren't in the same situation here. Most households are going to be in the same situation if their car is an ICE versus an EV. Maybe ever so slightly better in the EV, because at least they're likely to already be charged to like 90% every night versus somewhere between nearly empty to full. In the end, if the grid stops working chances are they're going to have a hard time getting more gas until they get someplace where the grid is functioning.
That's a choice, definitely the more common one in the US, but not the only one. I've been driving diesel cars for my entire adult life--better part of a quarter century now.
Gasoline is by far the worst of the common fuels--diesel, gasoline, and propane. They make propane dinghy outboards for exactly this reason--carrying gasoline just for the dinghy really inconveniences a boat whereas they already have propane and diesel onboard for the engine and galley. Diesel and propane both have ~infinite shelf life.
> Hmm, makes me think maybe most households aren't in the same situation here.
Yes, I've prioritized access to nature and quiet over pretty much everything else. That's not normally what people who do computers for job do.
About driving diesel: They pollute much more. Can you comment on that?
> Diesel and propane both have ~infinite shelf life.
Google disagrees with the comment about diesel fuel. It looks like 6-12 months. Do you really think that generators attached to most large buildings never rotate their diesel fuel supply? I doubt it.
I don't know where Google is getting their information from, but I've personally started diesels I know haven't run in 20+yr on the first crank. There are three things that can fuck up a diesel:
1. Air leaks in the fuel system. If any of the negative pressure components have an air leak you'll be sucking air. This means less
fuel, but more crucially less lubrication. High pressure injection pumps are meant to be lubricated by fuel.
2. Algae. Sometimes a fuel system can be contaminated by extremophiles that grow in untreated fuel. This will merely clog filters, and in the absence of water or air leaks will cause only fuel starvation and no engine damage.
3. Water. Water will turn into a steam bubble in the vacuum of the suction stroke of the injector pump, and then on the subsequent compression stroke the bubble will cavitate--turn inside out--and blast the wall of the injection pump cylinder with an extremely concentrated high temperature jet. Doing this hundreds of times per second wreaks havoc on the poor engine.
So if your fuel is dry and clean you're good.
For the pollution question, my retort is "which kind?" I claim diesels create more NOx and soot for less
CO2. So, which is your priority?
>For the pollution question, my retort is "which kind?" I claim diesels create more NOx and soot for less CO2. So, which is your priority?
I'd say "it depends". In a dense city I see NOx and soot as being a higher priority. If you're out in the sticks, probably your contribution to global warming (CO2 et al) should be weighted more heavily.
There's a lot of variables there. How well sealed is your tank? Was there much air there? How humid?
Its definitely much shorter than a decade, but if stored really well more than a year is pretty doable. 2+ years can be a gamble though. And if it causes problems, it might cause some serious problems. Want to gamble on your generator during an emergency?
I've definitely had some gas sitting in a tank with stabilizer last a couple of years. I've definitely had gas sitting in a tank go bad in under a year.
Not many people know that red diesel is simply dyed and only so cops know if you are using it in your car (since it lacks vehicle taxes). Unfortunately, they couldn’t do the same with electrons, so we just pay higher tag fees.
It will take quite a long time to charge an EV on solar power (or off a portable generator). The power density is just very inefficient compared to the huge mass of the batteries.
You actually don’t need a power grid to generate electricity, just a water wheel or some solar panels. I’ve been to some off grid places in China that mostly use water wheels, crazy stuff. Many Alaskan communities aren’t connected by grid to the outside but have local hydro stations to supply all their needs, with maybe diesel as a back up. Hawaiian islands are similar, but with solar instead of hydro.
If the apocalypse comes, EVs will be running for a lot longer than ICEs.
> Only if your power grid is functioning, which I wouldn't expect to be the case in most major disaster situations. Otherwise you'll be stuck burning fuel in a generator to charge your car.
An AM capable emergency radio is a few bucks on Amazon, and they have a hand spin generator next to batteries and a 12V or other wide-range DC input to attach a regular wall wart or a tiny solar panel.
I agree. Also, many modern diesels, like Mercedes Blue-Tec, power down completely when they come to a complete stop, like in a traffic jam. (I don't like the idea, and I frankly find it a bit annoying, but Mercedes does make solid and reliable equipment.)
Liquid fuels are relatively light and easy and quick to transfer.
When we had no power for a week, I drove a couple hours away to a gas station, spent 15 minutes filling jerry cans, and came back with enough energy to power my entire house for a week.
Yeah, in a continental or global disaster, we’re quickly going to be unable to get our hands on gasoline without the drilling and refineries and distribution, etc and electricity would be much more available. In the much more frequent and likely regional disaster… I’d prefer to be stuck with gasoline right now.
I could definitely see a future where instead of a noisy generator I power my house off of my car for a week until the charge is getting low, supplemented by some solar, then drive a couple hours to where the electricity is working and spend a half hour charging it back up.
I just don’t think we’re quite there yet. A typical long range EV right now, after the power to get me there and back, would have about 25kWh of power I could use for other things. That would be three hours of driving to replace 3 hours of generator output.
I've actually lived through evacuations of a major metro area...twice.
Both times gasoline quickly became incredibly hard to come by. Electricity would have been a lot easier.
Also, there was massive amounts of traffic trying to leave. An idling car slowly creeping through a 100mi traffic jam still uses a good bit of gas. An EV uses very little energy slowly rolling in the same situation. Sure at normal speeds I would have easily had 300+mi in the gas cars, but my mileage in traffic was massively worse on the 14+ hour drive from Houston to San Antonio.
I have as well, in hurricane zones, but electricity was out for multiple weeks, but gasoline was still available (if quite expensive due to market forces, but of course that meant that there were still a few gallons available for everyone.)
And here come the headlines about gas shortages in Florida. Many hours of idling to go <100mi, stranding cars along the highway. Meanwhile, EVs still charging just fine.
First off, apparently gas pumps should have a flow rate around 8-10gpm. So 100 gallons is still only ten minutes of pumping.
But also... If you need 100 gallons to keep your house going for the week maybe, I don't know, try turning a couple (hundred) lights off or something for now?
Using 100 gallons over 7 days is 14.3 gallons per day. Assuming you can kill the generator while you're sleeping, figure 16 hours you have it running. So you're using 0.9 gallons per hour. Looking online, looks like for a gasoline generator ~6kWh/gallon is fairly typical.
So you're planning for, averaged out, a 5.5kWh draw continuously every hour you're awake.
If that's your typical power usage, you're looking at 5.51630.4 = 2,675kWh/mo, which at our electricity rates would cost me about $375 just in usage charges to buy from the grid (never mind the connection fees and stuff).
In reality we're using more like 4-6 gallons per day.
> How much fuel were you using to power your house for a week? I find it hard to believe you can pump more than 100 gallons of fuel in 15 mins.
Well, maybe you should have stopped after the question and we could have cleared up the confusion!
If I run the generator from morning to night with typical loads, I'm usually burning through about 5-6 gallons a day. So a week of fuel is 35-45 gallons.
Because I know "I actually did it" isn't a good answer, went and looked and the typical flow rate for a gas pump is supposed to be 8-10gpm. So... actual time holding the handle down on the pump, worst case, is about five and a half minutes.
> in a continental or global disaster, we’re quickly going to be unable to get our hands on gasoline without the drilling and refineries and distribution
Did you... disagree with that? Or are you just saying things to say things? Is there a big culture of backyard oil refining where you are? There isn't where I am. I didn't think I needed lived experience to say "if the refineries are shut down and the roads are impassible, oil products are going to be pretty hard to come by".
If your gas or diesel engine is old enough you could build yourself a wood/coal gasifier[1] and get yourself down the road. With a fairly simple regulator engines can be made to run well enough on natural gas, propane, maybe acetylene? Diesels will burn just about any liquid hydrocarbon, at least for a time before they succumb to injector pump damage or excessive carbon buildup.
EDIT: sure would love to know why y'all're downvoting... Is anything I wrote incorrect? Speaking from experience having crossed the US more than once burning various waste oils I'm pretty sure everything I wrote above is correct and factually accurate..
Because its massively impractical to think the average person is going to get the notice "you've got anywhere from an hour to an afternoon to evacuate" and be ready to convert their vehicle to goal gas and have plenty of wood/coal to actually get through the evacuation.
Yes, this is impossible. If having a vehicle connotes survival such people will perish. My point was only to illustrate there are many ways to make a piston engine go brr and only one way to make an EV mobile.
If you’re in the kind of Mad Max scenario where you are manually pumping gas, you might as well be hotwiring solar panels for your EV while you’re at it.
You don't have to go further than Norway to be allowed to park on both sides of the street (unless indicated otherwise by signs) as well as park in both directions.
I believe many Norwegians have received parking tickets when visiting Sweden because if this difference. I wasn't aware of this myself until recently.
Except for the not-so-minor issue for us Android users: The default gain on Apples adapter is far too low for most proper headphones, and Android doesn't touch the gain and just relies on software-mixer for volume control. This results in a far too low volume. On Apple and Windows devices on the other hand, they are excellent.
I mean, it can't be that hard to imagine them, with their never-before-seen fortunes, extensive real estate portfolios and their extravagant lifestyles, in the roles of modern day Pablo Escobars and the like. Addiction is extremely profitable.
reply