this post was submitted on 04 Feb 2026
379 points (98.5% liked)

Programmer Humor

29916 readers
738 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
379
ed posting (lemmy.blahaj.zone)
submitted 2 weeks ago by not_IO@lemmy.blahaj.zone to c/programmer_humor@programming.dev
63 comments fedilink hide all child comments
 

https://bsd.network/@ed1conf/116001607814914844

you are viewing a single comment's thread
view the rest of the comments
[–] firelizzard@programming.dev 31 points 2 weeks ago (1 children)

Upstream infrastructure was compromised. Implying it’s a fault with Notepad++ fault is disingenuous. What OSS maintainer is going to think, “I need to pick a hosting provider that’s not going to get hacked by the Chinese government”? Unless your favorite editor is being hosted on infrastructure hardened against state level hackers, it’s not any better.

[–] Cort@lemmy.world 20 points 2 weeks ago (2 children)

Did you not read the part about n++ not changing/rotating credentials? I think there's enough blame to go around.

[–] PM_Your_Nudes_Please@lemmy.world 13 points 2 weeks ago

They also weren’t doing any kind of SSL verification for the download request, nor were they doing any kind of hash verification or signing. The former would have prevented a redirect attack in the first place, and the latter would have prevented downloaded files from being modified or swapped out.

[–] firelizzard@programming.dev 0 points 2 weeks ago (1 children)

I did not because the only part I actually cared about was the bullshit clickbait title.

[–] not_IO@lemmy.blahaj.zone 3 points 2 weeks ago

outstanding