Things seem to be on their way up now, and https://status.denic.de/ is working again, at least from here.
DENIC's status page currently says "Frankfurt am Main, 5 May 2026 – DENIC eG is currently experiencing a disruption in its DNS service for .de domains. As a result, all DNSSEC-signed .de domains are currently affected in their reachability.
The root cause of the disruption has not yet been fully identified. DENIC’s technical teams are working intensively on analysis and on restoring stable operations as quickly as possible.
Same. Core i7 2600K clocked to 4.4GHz with 32GB DDR3. It still does its job as my stationary DAW, and basically handles anything DAW-related I throw at it with ease. The only issue is its lack of AVX2 support, and since this is required by Ableton Live 12, I'll be stuck at Ableton 11 forever.
I found it quite entertaining (as well as deeply disturbing) to picture Zuckerberg & the other social media kingpins as a modern subtype of druglords rather than "traditional" software billionaires. It's just that they deal in modulating and manipulating the dopaminergic system with code rather than chemicals. And what's worse, they give you the drug for free, and then try to sell you to the highest bidder while you're "under the influence".
I mean, it can't be that hard to imagine them, with their never-before-seen fortunes, extensive real estate portfolios and their extravagant lifestyles, in the roles of modern day Pablo Escobars and the like. Addiction is extremely profitable.
FYI OpenLook did have a quite different default colour scheme in SunOS than in these Amix screenshots. Neutral grey window frames with a slightly muted cyan desktop background.
In many ways it looked quite pleasant and fresh compared to the dark and colourful palettes of CDE-based Solaris.
So, let me get this straight. If I've been lazy, postponed updates and I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?
Anyway, I hope the author can be a bit more specific about what actually has happened to those unlucky enough to have received these malicious updates. And perhaps a tool to e.g. do a checksum of all Notepad++ files, and compare them to the ones of a verified clean install of the user's installed version, would be a start? Though I would assume these malicious updates would be clever enough to rather have dropped and executed additional files, rather than doing something with the Notepad++ binaries themselves.
And I agree with another comment here. With all those spelling mistakes that notification kind of reads like it could have been written by a state-sponsored actor. Not to be (too) paranoid here, but can we be sure that this is the actual author, and that the new version isn't the malicious one?
This reminds me of college, when some of my professors were still sorting out their curriculum and would give us homework assignments with bugs in it.
I complained many times that they were enabling my innate procrastination by proving over and over again that starting the homework early meant you would get screwed. Every time I'd wait until the people in the forum started sounding optimistic before even looking at the problem statement.
I still think I'd like to have a web of trust system where I let my friends try out software updates first before I do, and my relatives let me try them out before they do.
Ah, I remember those days. One that wasn't an error exactly was an assignment that had a word limit of 2000 words or something. I'd written maybe 3000 words and spent quite some time cutting it down, getting it to just under the limit. Then someone else who also wrote too many words asked the professor if that was okay and they sent out an update to everyone saying it's fine to ignore the word limit.
There's a few months every year when I'm feeling brave or crazy. We could take turns.
The thing is that most supply chain attacks are going to hit you when you are least prepared to deal with them, because that's exactly how they get you. When you're distracted.
Upgrades are deep work, but the commands to start them feel like shallow work.
I work in a lab as an analyst (bioinformatician), we are register and pay for quality assurance programs that contain an embarrassing about of technical errors.
> So, let me get this straight. If I've been lazy, postponed updates and I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?
Is this surprising? My model is that keeping with the new versions is generally more dangerous than sticking with an old version, unless that old version has specific known and exploitable vulnerabilities.
Yes, it is very much atypical. Most hacks happen because admins still haven’t applied a 2 years old patch. I hate updates, but it‘s statistically safer that running an old software version. Try exposing a windows XP to the internet and watch how long it takes before it‘s hacked.
I hate that. “Bug fixes and improvements” every time. And then there are the ones who think they’re being cute with “our bird Fernando has been hard ar work eating those nasty bugs and flying over the rainbow to bring you an ever delightful experience”. Just, no. I don’t mind you flexing some creative writing muscles in your release notes if you provide actual clear information, but if you’re going to say nothing like everyone else, might as well use the same standard useless message so I can dismiss it quick.
> YouTuber Eric Parker demonstrated in a recent video how dangerous it is to connect classic Windows operating systems
The video referenced in that article explicitly connects directly to the internet, using a VPN to bypass any ISP and router protections and most importantly disables any protections WinXP itself has.
So yeah, if you really go out of your way to disable all security protections, you may have a problem.
You assume that the old software version has critical vulnerabilities. If it does not, then yes, updating is more of a risk since the new versions are unknowns.
My assumption is statistical. All software has critical vulnerabilities, not just the old ones. It’s just that these vulnerabilities are known, in the case of the old ones, which significantly increases the risk.
To be fair I doubt there are that many people scanning for internet facing XPs in 2026.
On the other hand, any server running old, unpatched versions of apache or similar will get picked up by script kiddies scanning for publicly known vulns very, very fast.
The notepad++ attack is politically targeted and done through unconventional channels (compromise in the hosting provider). I don't think 99% of the people reading this thread has a comparable threat model.
It depends if the application itself touches the Internet or only when conducting updates.
The threat model for a server and for a personal computer are very different. On a consumer device, typically only the OS mail app and browser have direct contact with the outside world.
Steve from Security Now podcast has been specifically using Notepad++ as an example of not being able to leave good enough alone for years now. Can't wait to hear him claim his told you so next week.
>I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?
Notepad++ site says The incident began from June 2025.
On their downloads page, 8.8.2 was the first update in June 2025 (the previous update 8.8.1 was released 2025-05-05)
So, if your installed version is 8.8.1 or lower, then you should be safe. Assuming that they're right about when the incident began.
edit: Notepad++ has published, on Github, SHA256 hashes of all the binaries for all download versions, which should let users check if they were targeted, if they still have the downloaded file. 8.8.1 is here, for example - https://github.com/notepad-plus-plus/notepad-plus-plus/relea...
Just checked my 8.7.9 that I installed in April 2025 and never updated. The hash seems to be identical to the version I installed around that time. Seems like it was a good choice to always skip the Update Dialog when using Notepad++ lol.
"So, let me get this straight. If I've been lazy, postponed updates and I'm still on 8.5.8 (Oct 2023) - it turns out I'm actually...safer?"
This is true for a large number of software "security" issues
A software version earlier in date/time is not necessarily inferior (or superior) to a version later in date/time
As it is "updated" or rewritten,, software can become worse instead of better, or vice versa, for a vaariety of reasons
Checking software's release date, or enabling/allowing "automatic updates" is not a substitute for reading source code and evaluating software on the merits
> And perhaps a tool to e.g. do a checksum of all Notepad++ files, and compare them to the ones of a verified clean install of the user's installed version, would be a start?
Did I understand the attack wrongly? The software could have a 100% correct checksum, because the attack happened in a remote machine that deals with call home events from Notepad++, I guess one of those "Telemetry" add-ons. The attackers did a MITM to Notepad++ traffic.
The remote machine that was compromised was responsible for Notepad++ updates, so the concern is that it could cause a compromised version of the software to be installed. But if it could do that, it could probably cause anything to be installed anywhere on the user's machine, so inspecting the installed N++ binary probably wouldn't be too useful.
Checksums are useless in this case. The binary would have to be signed and the installation routine would have to check that the new binary would have been signed with the certificate. That adds complexity, but would have thwarted this specific attempt.
However, there are ways around this, too. No solution is perfect.
I disable auto update for everything that does not have direct contact with the Internet otherwise (mail app, browser, OS, router,...).
Probability for some random app being exploited because updates were skipped is insignificant compared to the probability of a malicious update.
Updates are a direct connection from the Internet to your computer. You want to minimize that.
Yes, of course you're safer. If your system is working as desired, updates can only break it. This is just Engineering 101, but for whatever reason, all logic is abandoned on the topic of security updates.
One thing I'm trying to grasp here is: are these Moltbook discussions just an illusion or artefact of LLM agents basically role-playing their version of Reddit, driven by the way Reddit discussions are represented in their models, and now being able to interact with such a forum, or are they actually learning each other to "...ship while they sleep..." and "Don't ask for permission to be helpful. Just build it", and really doing what they say they're doing in the other end?
Yes. Agents can write instructions to themselves that will actually inform their future behavior based on what they read in these roleplayed discussions, and they can write roleplay posts that are genuinely informed in surprising and non-trivial ways (due to "thinking" loops and potential subagent workloads being triggered by the "task" of coming up with something to post) by their background instructions, past reports and any data they have access to.
So they're basically role-playing or dry-running something with certain similarities to an emergent form of consciousness but without the ability of taking real-world action, and there's no need to run for the hills quite yet?
But when these ideas can be formed, and words and instructions can be made, communicated and improved upon continuously in an autonomous manner, this (assumably) dry-run can't be far away from things escalating rather quickly?
Apparently some of them have been hooked up to systems where they can take actions (of sorts) in the real world. This can in fact be rather dangerous since it means AI dank memes that are already structurally indistinguishable from prompt injections now also have real effects, sometimes without much oversight involved either. But that's an explicit choice made by whoever set their agent up like that, not a sudden "escalation" in autonomy.
I think the real question isn't whether they think like humans, but whether their "discussions" lead to consistent improvement in how they accomplish tasks
True for their dishwashers. But to their credit, Miele's washing machines actually come with two additional cassettes that you can fill with your (liquid) detergent of choice. You don't have to use Miele's proprietary ones.
Well, of course it's a good idea to double check with various output methods. But if a mix sounds good on studio monitors with a flattest possible frequency response (preferably even calibrated with an internal DSP) in an acoustically treated room, there's a very high probability it will sound good on almost anything out there. At least that's my experience.
I would reccomend one to take a look at the usual frequency response of cheap drivers or the inherent flaws of the consumer tech over time and compare it with the evolution of pop music.
Audio engineers are for sure taking all this into account, and more (:
Aren't ultra-fine particles still a potential health issue with laser printers? Especially in home office or domestic use, where they typically aren't placed in a separate printer room?
I think the biggest exposure would come from handling/replacing the toner cartridges. Make sure that you keep them closed and don't shake them around (e.g. to distribute the toner within).
I think they're also not great for releasing gases and certainly my one does have a chemical smell when printing, so I just make sure that I'm in a different room for doing a large print (it helps that the printer is network connected).
Less than it used to be, but yes. Though it applies to printing and maintenance, and the whole point of buying a laser printer for home is that it can sit still for months at a time.
DENIC's status page currently says "Frankfurt am Main, 5 May 2026 – DENIC eG is currently experiencing a disruption in its DNS service for .de domains. As a result, all DNSSEC-signed .de domains are currently affected in their reachability. The root cause of the disruption has not yet been fully identified. DENIC’s technical teams are working intensively on analysis and on restoring stable operations as quickly as possible.