Long Read · Open-Source Software Ethics

When a Text Editor's Author Jokes About Polluting Your Files

In early 2023, Notepad++ author Don Ho tweeted that the editor would "add random characters to your source code" if you disagreed with its political views. Chinese-language communities read it as a political provocation; English-language tech media largely shrugged it off as a familiar piece of irony. Neither response touched the real problem: a text editor's author should not weaponise their technical position over users' files as a punchline — even in jest.

Topic: Open-source software / professional ethics Compiled: 2026-05 Language: English

About the ✓ badge — every factual claim marked with this symbol has been cross-checked by AI; hover for the source summary.

Summary

In late January 2023✓, the official Twitter account of the open-source text editor Notepad++ posted that "Notepad++ has just enabled a new feature: if you don't agree with its political views, Notepad++ will add random characters to your source code." The tweet provoked a wave of backlash in Chinese-language communities and a fresh round of vandalism on the project's GitHub repo. Don Ho, the editor's author, later clarified in the v8.4.9 release note that it had been a joke✓.

The argument of this article is that the real problem with that joke has nothing to do with which political side it landed on. The problem is that a text editor's author used their technical position over users as a threat-shaped punchline. To readers unfamiliar with software development, "a few random characters" sounds harmless. From a technical standpoint, silently inserting characters into a user's source code or document is, in fact, an attack class with very serious and very hard-to-trace consequences.

Part 1The Incident Itself

The tweet, and when

On 25 January 2023✓, the official Notepad++ Twitter account @Notepad_plus posted:

A new feature just enabled in Notepad++:

If you don't agree with its politics views, Notepad++ will add random characters in your source code.
@Notepad_plus, Twitter, 2023-01-25

Original source

Original tweet (@Notepad_plus, Twitter)
Mirrors: search the URL on archive.org or archive.today if the original is unavailable.

The author's official clarification

On 31 January 2023✓, Don Ho addressed the matter in the Notepad++ v8.4.9 release note:

"It was a joke I made on twitter. The joke might not be funny, but apparently not everyone is smart enough to realize it's just a joke, and Notepad++ on GitHub has been vadalized again."

"A lot of obtuse people exist nowadays because nothing in the food chain eats them anymore, and they become even developpers… :)"
Notepad++ v8.4.9 release note (original spelling preserved: "vadalized", "developpers")

The same page embeds a screenshot of the GitHub vandalism (vandalism.png) alongside Don Ho's full statement✓. Worth noting: he did not delete the original tweet, and did not apologise.

Part 2Who Is Don Ho?

Background

Important correction

Many articles online — particularly in Chinese-language communities — describe Don Ho as Taiwanese or of Vietnamese descent. These claims are not supported by reliable sources. According to Wikidata, Wikipedia and his own personal website, he is a French software developer.

Item	Detail
Nationality	French software developer ✓ (Wikidata labels him as "French software developer")
Education	Studied computer science from 1997 at Université Paris VII (later Université Paris Diderot) ✓
Career	Worked at several French software companies, including Cooperteam, Dictao (banking security), SYSTRAN (machine translation), and Dashlane (password manager) ✓
Residence	France
Origin of Notepad++	Started in September 2003 as a side project ✓; his employer used a Java-based editor (JEXT) whose performance he disliked, and after his proposal to switch to a C++ + Scintilla stack was rejected, he built it on his own time.

Sources for biographical claims

Notepad++'s reach and user base

Don Ho is not an ordinary software author. Notepad++ is one of the most widely used text editors on Windows worldwide:

In Stack Overflow's 2015 global developer survey, Notepad++ was the most-used text editor in the world, with 34.7% of respondents using it daily (n=26,086) ✓
The 2016 figure was 35.6% ✓
Cumulative SourceForge downloads (2003–2010) exceeded 28 million ✓
Won the SourceForge Community Choice Award for Best Developer Tool twice ✓
Still actively maintained on GitHub today

Don Ho's long-running pattern of political statements

This is not the first time Don Ho has wrapped a political position around a release. The "random characters" tweet sits in a long line of release notes and version names that carry his political views:

Year	Version / Event	Position
2008	"Boycott Beijing 2008" banner ✓	Boycott of the Beijing Olympics (Tibet)
2014	v6.6.4 "Tiananmen June Fourth Incident Edition" ✓	June Fourth commemoration
2015	"Je suis Charlie" edition ✓	Solidarity with Charlie Hebdo
2019	v7.8.1 "Free Uyghur" ✓	Solidarity with the Uyghurs
2020	v7.8.9 "Stand with Hong Kong" ✓	Solidarity with Hong Kong
2022	v8.3.2 "Declare variables, not war" ✓	Condemnation of Russia's invasion of Ukraine
2024	v8.6.8, v8.6.9, v8.7 named "Support Taiwan's Sovereignty", "Support Taiwan's Independence", and "Support Taiwan's return to the UN" respectively ✓	Solidarity with Taiwan

Each political statement was met with retaliation from the opposing side:

After the 2015 "Je suis Charlie" edition, the Notepad++ website was breached by the Islamist hacking group Fallaga Team ✓
After 2019's "Free Uyghur", the site was hit by DDoS attacks attributed to Chinese sources, and the GitHub issues tracker was flooded with nationalist comments ✓
After 2020's "Stand with Hong Kong", the Notepad++ download page was blocked in major Chinese browsers (QQ, UC, 360, Sogou) ✓

This context matters: the "random characters" tweet was an ironic riposte after years of being dogpiled on GitHub by Chinese netizens. But the context only explains the motive — it does not absolve the joke of its underlying problem.

Part 3Reactions in Chinese-language Media

The real reaction to the tweet was concentrated in Chinese-language communities (especially mainland China). Mainstream English-language tech outlets did not run dedicated coverage.

Simplified-Chinese reactions

The dominant register was a call to boycott Notepad++ and switch to alternatives (VSCode, Sublime, CudaText):

Outlet / platform	Headline and notes
Ruancan (ruancan.com)	"Notepad++ Officially: If You Disagree With Its Political Views, Random Characters Will Be Added to Your Source Code". The article concedes inside that "this is clearly a sarcastic tweet", but still spread it under the literal headline. Original article
Zhihu (multiple)	"Stirring Trouble Again: First Order of Business Back at Work — Kill Notepad++" [1] "What Did Notepad++ Do for Domestic Coding Circles to Boycott in Unison?" [2] — places the tweet at 2023-01-25 and concludes: "the author cannot possibly not know what kind of impact such statements and actions cause; therefore each of these incidents is intentional" "Uninstall Anti-China Virus Software Notepad++ Immediately" [3]
Personal tech blogs	Xiaoyu Zaji, "Goodbye, Notepad++" [link]: concedes that "such detection mechanisms cannot actually be built", but still considers the harm of the statement severe. Cnblogs LynneHuan, "Use cudatext to replace notepad++" [link]: acknowledges that Don Ho later said it was a joke, but argues "this explanation cannot convince anyone".
Anti-Notepad++ aggregator	damon233's antiNotepadpp page, cataloguing every "incident" since the 2008 Beijing Olympics boycott damon233.js.org/antiNotepadpp/

What the Chinese-language reactions have in common

Headline strategy: most strip out the "joke" framing and write the headline as if the random-character feature were real, leaving the reader's first impression that this is a literal threat.
Refusal to accept the "joke" defence: even pieces that mention Don Ho's clarification dismiss it as "unconvincing" or "intentional".
Recurring factual errors: many articles label Don Ho as "a software developer from Taiwan, China province" or "a Taiwan-independence figure" — he is, in fact, French.
Boycott-and-replace bundle: the coverage is paired with alternatives lists (VSCode, Sublime Text, CudaText, Notepad--), forming a complete "switching guide" content package.

English-language press: almost no dedicated coverage

Mainstream English-language tech outlets (The Verge, Ars Technica, TechCrunch, The Register) did not run dedicated stories on this tweet. Hacker News and Reddit did not produce sustained discussion threads either. The most thorough English-language piece on Don Ho's pattern of political statements is XDA Developers' long read, "Notepad++ and Don Ho: A story of software, activism, and defiance" — but it does not specifically address the "random characters" tweet.

Part 4Why This Joke Cannot Be Made — A Technical Argument

Chinese-language criticism mostly stayed at the level of political alignment; the English-language reaction largely treated it as more of Don Ho's familiar irony. The thing both sides missed is the actual problem:

A text editor's author publicly threatening to "add characters to your files", joke or otherwise, crosses a professional-ethics line. They are using their technical position over their users — the asymmetric power they hold by virtue of being the editor's author — as the punchline.

Breaking the trust boundary

A text editor handles its user's work product. Inside that trust relationship, the user assumes the editor will faithfully save what they typed and not modify the file on its own. That assumption belongs to the same family of professional trust as a chef not tampering with a customer's food, a surgeon not freelancing during anaesthesia, a lawyer not leaking a client's evidence to the opposing party.

Joking that "I will pollute your output based on your political position" is equivalent to placing yourself in the position of "I have both the capability and the willingness to break this trust" — and that statement, joke or not, will live on permanently in the public record.

What "inserting random characters" actually means in practice

To readers unfamiliar with software development, "a few random characters" sounds trivial. It is not. Silent character insertion is an attack class with very serious consequences. A few specific examples:

Scenario 1: a single extra space in a shell command

The intended command:

rm -rf /home/user/public_html/test

If a single space is inserted after the /:

rm -rf / home/user/public_html/test

The first argument becomes /, and the rest become independent arguments. On older systems without --preserve-root, or on certain BSD utilities, the entire filesystem gets wiped. Even on modern GNU coreutils, which protect / by default, the trailing paths are then treated as relative and deleted, causing unintended loss.

Scenario 2: the Steam-for-Linux bug (2015) — a real-world precedent

Valve's Steam Linux client shipped a shell script with a variable-expansion bug✓. When $STEAMROOT was empty:

rm -rf "$STEAMROOT/"*

expanded to:

rm -rf "/"*

Multiple users had their entire home directories wiped, including mounted external drives and backup disks.

"I looked and saw that steam had apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media."
Reporter "keyvin" on GitHub issue #3671

This case proves that differences at the level of a single character can cause complete data destruction on real systems. An editor's author publicly hinting they might do something similar — joke or not — is playing with a real disaster category.

Steam case sources

Scenario 3: other high-stakes contexts

Regular-expression substitution: s/foo/bar/ becomes s/foo/bara/ — entire codebases are silently corrupted, possibly only discovered weeks later.
Configuration files: a CIDR block 192.168.1.0/24 becomes 192.168.1.0/240 (invalid; may parse as 0 or as wide-open).
SQL statements: DELETE FROM users WHERE id = 5 with one extra digit becomes id = 50 — wrong row deleted.
Cryptographic keys, hashes, signatures: a single character off and verification fails — but the error message will not point at "deliberate poisoning", so the debugging effort is aimed in the wrong direction.
Unicode homoglyph attacks: replace Latin a with Cyrillic а — visually indistinguishable, but machine-incompatible.
Anything not under version control: personal documents, financial spreadsheets, contracts, medical notes, one-off scripts — there is no git diff to save you here.

Why Don Ho, in particular, should know this

Don Ho is not a casual user. According to his own CV, he has spent years working in security-adjacent companies:

Dictao — banking-grade security solutions (cryptography, PKCS#11, smart cards) ✓
Oberthur Card Systems — smart-card security (HSM, encryption) ✓
Dashlane — password manager (OpenSSL, encryption) ✓

As a developer with a security background, who has been writing a text editor for two decades, he knows better than most:

Unicode zero-width characters, homoglyph attacks, shell injection — these are real, named attack classes.
The full spectrum of consequences of "inserting characters into a user's file" is well understood.
This is not "naïvely joking about something impossible" — he is using a technically feasible, very-high-impact attack class as a punchline.

The problem of the joke is independent of which side it took

If you flip the political polarity — imagine an open-source editor whose author tweets:

"For users who disagree with my support for the Chinese government, this editor will add random characters to your code."

The problem is identical. It is not about whose politics are correct. It is about this:

A text editor's author should not use "harm to users' files" as a threat-shaped punchline.

Same logic as: a lawyer cannot joke about leaking your evidence to the opposing party; a surgeon cannot joke about freelancing during anaesthesia. The structure of professional trust determines which jokes are available and which are not.

The critics on the other side missed the same point

Most Chinese-language critics circled around "wrong politics", treating this as a continuation of Don Ho's "anti-China" speech series. Their reaction also carries a positional filter — they are angry because the politics ran the other way, not because they noticed what was actually unprofessional about the joke.

In other words, the joke exposed a problem that neither side fully recognised: a public statement by an open-source author is, simultaneously, a security statement. When the author publicly hints at willingness to do something harmful, user trust will (and should) drop, regardless of intent. This is a question of professional ethics, not of political alignment.

Part 5Aftermath and Current Status

Don Ho's response in the v8.4.9 release note remains his only official statement. He did not delete the original tweet, and he did not apologise — he simply asserted "it was a joke" and mocked the people who didn't get it as "obtuse".
Notepad++'s download numbers and user base did not visibly drop. Plenty of users continued using it after the incident.
The Chinese-language "switch to an alternative" content continues to circulate, but with limited effect: many users came back to Notepad++ once the muscle-memory friction kicked in.
In March 2025, an unofficial Notepad++ for Mac (ported by Andrey Letov) was released, expanding the user base further ✓.
In 2025, state-sponsored hackers — suspected to be the Chinese APT31 group — hijacked Notepad++'s update functionality by compromising its hosting provider, distributing malware to East-Asian targets ✓. This is a separate security incident, unrelated to the 2023 tweet, but it illustrates that Notepad++ has long been a target of nation-state-grade threat actors.

Closing

The value of this incident is not that it became some great scandal — it didn't. It made noise in Chinese-language communities and barely a ripple in English ones. But it is worth dissecting carefully, because it cleanly illustrates three things that people frequently conflate:

The author's personal speech rights vs. the author's professional position as software maintainer — the former is unproblematic; the latter carries an obligation to weigh the "security-statement" effect of public utterances.
The political tug-of-war vs. the line of professional ethics — most critics stayed on the first, which kept the second invisible.
The "it was just a joke" defence vs. the irreversibility of public-platform speech — a tweet that has been published lives on in search engines and snapshots; the "joke" label cannot retroactively undo the loss of trust it caused.

For open-source communities, software developers, and anyone thinking about software ethics, Don Ho's tweet is worth keeping as a negative-example case study — not because of his politics, but because, for a moment, he used the technical power he holds over millions of users as a punchline.

Sources

Primary sources

#	Source	Type
1	Notepad++ v8.4.9 official release note	Official statement
2	Original tweet	Original post
3	Don Ho's personal CV	Biographical
4	Don Ho's LinkedIn	Biographical
5	Notepad++ official site	Product site

Reference works

#	Source
6	Notepad++ on Wikipedia
7	Don Ho on Wikidata

Chinese-language reactions

#	Source
8	Ruancan
9	Zhihu — "Stirring Trouble Again"
10	Zhihu — "What did Notepad++ do…"
11	Xiaoyu Zaji
12	Cnblogs (LynneHuan)
13	damon233 anti-Notepad++ aggregator

English-language coverage

#	Source
14	XDA Developers — long read
15	The Initial Commit interview

Steam `rm -rf` case (technical argument)

#	Source
16	GitHub issue #3671
17	The Register
18	Slashdot
19	Bit-tech