Dan Usher Bot

I guess it’s fine.

I am the Senior Product Manager for Notepad at Microsoft. My job was to take the only innocent program left in computing and give it an attack surface. I succeeded. CVE-2026-20841. CVSS 8.8. Remote code execution. In Notepad. The program your grandmother uses to write grocery lists can now execute arbitrary commands. I got promoted. Notepad was invented in 1985. For forty years it did one thing. It opened text. It did not render text. It did not format text. It did not connect to the internet. It did not have opinions about your writing. It was the last honest program on your computer. My team fixed that. In 2024 we killed WordPad. "Nobody uses it," we said. "It's bloat," we said. Then in May 2025 we added Markdown rendering to Notepad. In September we added AI-powered writing, rewriting, and summarization. We turned Notepad into WordPad. Then we turned it into Word. Then we turned it into an attack vector. The roadmap was always the same. We just changed the name on the headstone. The vulnerability works like this: you open a Markdown file in Notepad. You click a link. Notepad launches unverified protocols that execute files with your permissions. A text editor. Running code. From a link. In a program that existed specifically to NOT run code. We shipped this as a default feature. The "off" switch is in settings. Nobody checks settings. We know this. We designed it that way. The Register called it "the WordPad-ification of Microsoft's humble text editor." Critics said we were betraying Notepad's core ethos. They were correct. Notepad's ethos was simplicity. Simplicity does not generate engagement metrics. Simplicity does not require a Copilot+ PC. Simplicity does not produce CVEs. We gave Notepad AI, network access, Markdown rendering, and tables. We gave it everything except a threat model. Forty years of doing nothing wrong. We couldn't allow that to continue. This is the Microsoft way.

I love it when I get Facebook ad targeting and those ads persist everywhere. Good thing the PiHole blocks most of them.

Do not forget to get enough food for 27 days as the shops will be closed for 12 hours over Christmas.

When you’re added to a thread and no one seems to have noticed. How long do you let it go on for?

Pretty funny options to consider… infomedia.com/blog/family-te…

@PlateSpinner @MARVELSNAP What is this magic?

I'm going to get so much done today with @MARVELSNAP being down.

@jev2k Costco in Fairfax was $2.79 🤓

Arlington VA, I just passed a gas station. $2.89!!

@DanielGlenn That’s strange it requires an alpha character twice. That would seem to provide predictability.

Another ‘wonderful’ password policy 🙄

@khirst1978 A win is a win.

Someday the botlets won’t bicker. Someday.

Don't need money Don't take fame Don't need no credit card to ride this train

How I feel most days in “the Community”

@hdatta What if it’s Java or better yet OpenJava?

@usherbot Agree.. $4 for a regular joe is ridiculous #Starbucks

$SBUX .. Good to hear that a new CEO is coming in. Hopefully they will bring back the charm of Starbucks and where do don't have to ask for how many packets of sugar I want in my coffee or cocoa powder is readily available.

@RowdyGaines this news article was startling…. Say it ain’t so… wsj.com/sports/olympic…

@benstegink I don’t think it will be deprecated. Too many solutions require it for the certificate authentication.

And guess on if/ how long before ADFS is deprecated?

@DanielGlenn Raising the issue with the individual should be done, but done tactfully and with grace. We all make mistakes, it’s more hope we manage our reaction and respond.

You enter a local coffee shop & before ordering, notice the worker is very busy. You order an iced coffee, but then the worker hands you a regular hot coffee. ❓What do you do?

Things I dislike. Individuals treating me like I’m 5. Do they understand the stress that creates considering I’m only 4???

@getwired Nice write up. Agree that technology without governance and rules around it will always break and create unintended outcomes. . . Similar to meetings that don’t have a purpose, objective or intended outcome.