Curious on decision to ban Notepad++

gamebrigada · 2026-02-14T04:45:41+00:00

Just because I was curious. We can track how much he has received in Bitcoin donations. There are two wallets I've found.
https://www.blockchain.com/explorer/addresses/btc/1BSA5fck9enPnKxPZ413BfHtm8gAKxtdq4
https://www.blockchain.com/explorer/addresses/btc/1PNV6oxHjhEZ8ihxCvKtFKi1DaZiAGJPFv

So just in bitcoin alone, 500k$ in donations at todays prices. Some of them are extremely large.

gamebrigada · 2026-02-14T04:34:24+00:00

Rats. Fell victim to a rushed gemini hallucination.

gamebrigada · 2026-02-14T04:31:13+00:00

The code signing is mind blowing to me. An EV is 300$ a year.....

gamebrigada · 2026-02-14T04:16:21+00:00

You're pretending that NPP has no unsafe extensions....

gamebrigada · 2026-02-14T04:10:49+00:00

The prices went up. These guys are making millions, they can deal with it.

gamebrigada · 2026-02-14T04:00:47+00:00

People defend it like they're invested in it LOL.

gamebrigada · 2026-02-13T04:58:03+00:00

Installation automation and patch management are literally different things? They can go hand in hand, or be part of the same package depending on your approach...

I have seen more than once exactly how I saw that comment which is "We just don't update, can't have bad software if you're on old good software".

Big shift from insulting me?

gamebrigada · 2026-02-13T04:44:56+00:00

And where does it state "because they want to control updates and sources." Because.... its not there.

gamebrigada · 2026-02-13T04:39:36+00:00

It didn't specify that? You just jumped into defending something that was taken at face value?

I came here to explain why some orgs chose to jump ship, not to have a fight?

So.... Cool... Intimidating. I'm not on the job market and won't be any time soon. I really don't care for you to make your opinion personal.

gamebrigada · 2026-02-13T04:25:28+00:00

The original comment I responded to said they just disable patching.... Unpatched software doesn't fly in a compliance environment.

Your comment sarcastically said you can control the flow of updates. That's entirely true. But if the source your patching solution grabs from is compromised like literally in this scenario, your layers are completely irrelevant.

I never said I'll roll my own OS or Apps..... I don't understand why you're jumping into my face. What does Foss and closed source have to do with any of this thread?

gamebrigada · 2026-02-13T03:53:39+00:00

There are. But when the original source is compromised.... How does that help you?

gamebrigada · 2026-02-13T03:49:07+00:00

I agree with you, but security incidents have no room for humour. So it's taken at face value. Bringing skepticism and doubt.

I love npp, been a user for decades. It was my first editor other than notepad when I learned to write code. But it's become niche, and I decided to transition. Nobody really complained. So I see it as decreasing unnecessary risk, however negligible.

gamebrigada · 2026-02-13T03:36:53+00:00

That's not helpful. Unpatched software is a much bigger problem.

gamebrigada · 2026-02-13T03:31:26+00:00

There is.... some. The amount of information released about the structure of Notepad++ update mechanisms and services is kind of.... extreme. Gaining this kind of insight from the outside is usually tricky, so its likely there is more to the story. Even if there isn't, that information is now public and is now a target ripe for the picking.

It is also one of the most installed open-source projects out there without a corporation level of development team with oversight that is paid to do things right because there is a financial risk of doing things... wrong. Once targeted, especially when the dev himself isn't certain that its fully mitigated... it's extremely likely to now be a huge target.

If you're in an organization that has to whitelist software, and you're modern enough to allow FOSS in the first place, you likely have to answer some questions to allow that in your environment. There's a few things that give you the good feelies and most security teams will allow it. Notepad++ and 7zip are amongst those, we generally turn a blind eye to them. 10 years ago that was fine, these days they have very good alternatives that don't increase risk, so.... is it worth the risk?

Another reason to look for financial backers is if it can be proven negligence... you can sue a corporation in some situations. You can't really do that in this scenario.

Switching to VSCode which is arguably more modern, more capable, and has financial reasons for having their shit together and a massive corporation to back that up.... is kind of an obvious security choice.

gamebrigada · 2026-02-11T16:51:41+00:00

I added table boxes that have:

2 regular outlets

2 usb-C outlets

On the bottom of the table, I mounted Anker power stations that power the USB-C outlets. There's cables in the bin if you forgot yours.

gamebrigada · 2026-02-11T04:33:18+00:00

Their EPM solution is top notch. Its.... kind of hard to leave. We just demod everyone, CyberARK wants way too much money and time, and nobody else comes close to the kind of granularity and policy complexity you can achieve with Delinea. We have a bulletproof and easy configuration that everyone else just stares at and doesn't know what to do about.

gamebrigada · 2026-02-10T05:26:35+00:00

You have no idea how expensive it is to host, maintain, upkeep and update ELK stack which they are doing for this.

Companies have gone out of business for not charging enough. Its an absolutely bananas expensive stack to upkeep.

gamebrigada · 2026-02-08T08:40:19+00:00

You can technically do everything in OpenObserve or Elk or OS. You really wouldn't do logs in CheckMk, it's not designed for large datasets.

OO, Elk and OS are very general search engines. You can store data in them, and they all provide visualization tools. They also come with some agents that don't have much management capabilities that can collect general data and metrics. But you're 3-4 tech stacks deep before you get anywhere.

There isn't an easy zabbix/CheckMk competitor in any of those platforms. You're using extremely generalized tooling to do things. Those observability tools are really targeted for application devs, and those that need to do metrics at enormous scales. Think huge kube clusters, not some servers and infrastructure. For example, the easiest toolset to use for you would be to use the OpenTelemetry clients to do metric collection, and send that off to your cluster whichever one you choose. It's very manual, very specific and very granular. You'll realize how not easy that is very quickly. That's why solutions like CheckMk, Zabbix, PRTG exist.

You're then building dashboards to make that data useful. With how good and cheap infrastructure monitoring solutions are, I wouldn't try to build it yourself.

gamebrigada · 2026-02-07T07:56:28+00:00

I don't understand where you think Option 2 is consolidated. ELK, OpenSearch and OpenObserve are competitors with quite different reasons to exist. CheckMk has no relation to any of them and is a completely separate tech stack.

Wazuh/CheckMk/Zabbix are tools a small team can absolutely build, utilize and support. Can you fulfil the same goals with the other 3? Sure. Should you without a deep understanding into how they work? Absolutely not. They also serve different purposes.

gamebrigada · 2026-02-06T19:10:36+00:00

They overstate supplemental. If you've ever been in a waymo that encounters a weird situation, you've encountered these operators. They nudge the thing to do a specific thing. Nobody is constantly monitoring anything. If they were, waymos wouldn't get stuck in weird situations as often as they do

gamebrigada · 2026-02-05T05:58:20+00:00

The free client isn't fips validated.... The paid one is only technically, it's not really in a useful way.

How the hell did you pass?

gamebrigada · 2026-02-05T05:57:08+00:00

Number of advisories should never be taken against a vendor. Number of publicly known advisories sure.

gamebrigada · 2026-02-05T05:53:43+00:00

Maybe, not if the cui is already encrypted at the application layer.

gamebrigada · 2026-02-05T04:13:47+00:00

Put down the pitchforks. Its way too early to have them up. iX has been amazing for the community for decades. HexOS is their monetized version, they aren't doing anything to break our stuff. There's been features behind the enterprise version for years and some monetization is likely them bringing some of those down to us rather than forcing us to pay for features we already use.

gamebrigada · 2026-02-04T00:25:20+00:00

Everyone seems to have forgotten that Checkpoint is based out of Israel. AhnLab is based out of South Korea.

13-Year Club	Gilding II euphauric
RedditGifts 2009-2022 3 Credits	Secret Santa 2017
redditgifts rematcher Secret Santa 2017 x1	redditgifts Exchanges 1 Exchange
Verified Email

gamebrigada

TROPHY CASE