fidzu : geek

A 29-year-old bug in the Squid web proxy, dubbed Squidbleed and tracked as CVE-2026-47729, can let an authorized proxy user retrieve fragments of another user's cleartext HTTP requests, including credentials and session tokens. The security researcher who reported the flaw credited Anthropic's Claude Mythos Preview for the discovery. The Hacker News reports: Squid describes this as an attack by a trusted client: someone already permitted to use the proxy, not any random host on the internet. That matches Squid's usual home, shared networks like schools, offices, and public Wi-Fi. In those setups, the attacker is just another user of the same proxy. The leak also only reaches traffic that Squid can read. Normal HTTPS rides an opaque CONNECT tunnel, so Squid never sees inside it; the exposed traffic is cleartext HTTP, plus TLS-terminating setups where Squid decrypts and inspects. The attacker also needs the proxy to reach an FTP server they control on port 21. Both FTP and that port are on by default. [...] If you patch, verify the fix, not just the version. Confirm the guard is in FtpGateway.cc, or check your distribution's backport, since distros ship their own builds (Debian packages Squid 5.7). The public thread is still inconsistent: maintainer Amos Jeffries first said Squid 7.6 carried the fix, then corrected that to 7.7, and on June 22 Debian's Salvatore Bonaccorso noted the referenced commit looks like it is already in 7.6. The fix is small, a null-terminator check before the vulnerable strchr calls, merged to the development branch in April and v7 in May. Squid 7.6 does separately patch CVE-2026-50012, an unrelated cache_digest heap overflow. The cleaner move is the one the researchers recommend anyway: turn FTP off. Chromium dropped FTP years ago, and most networks carry almost none of it, so disabling it removes this attack surface for free, whatever build you run. The risk is real but bounded. SUSE rates it moderate, CVSS 6.5, and the vector explains the score: the attacker needs proxy access (low privileges), and the only impact is confidentiality, nothing on integrity or availability.

Read more of this story at Slashdot.

23 Jun 2026 11:00pm GMT

Order warns of national security risks if post-quantum cryptography isn't adopted in time.

23 Jun 2026 10:30pm GMT

Climate.us has now restored everything taken down by the government.

23 Jun 2026 10:07pm GMT

Longtime Slashdot reader hackingbear shares a report from TOP500: The 67th edition of the TOP500 list of the world's most powerful supercomputers was announced today at the ISC 2026 conference in Hamburg, Germany. LineShine, a previously unlisted system installed in China, debuts at No. 1, displacing El Capitan as the world's most powerful supercomputer as measured by the High Performance Linpack (HPL) benchmark. LineShine achieved 2.198 Exaflop/s on HPL -- about 80 percent of its 2.736 Exaflop/s theoretical peak -- making it the first system on the TOP500 to exceed two exaflops of sustained double-precision performance using CPUs only. Installed at the National Supercomputing Centre in Shenzhen (NSCS) and built by the Shenzhen Cloud Computing Center, the system is based on a custom Chinese processor and the "LingKun" platform: 13.79 million cores across 304-core LX2 processors running at 1.55 GHz, linked by the proprietary LingQi interconnect and running Kylin OS. LineShine draws approximately 42.2 megawatts of power, for an efficiency of 52.07 Gigaflops/Watt. Its debut marks the first time since 2017 that a Chinese system has led the TOP500, and it also takes over the No. 1 position on the HPCG ranking with 22.00 HPCG-Petaflop/s. On the HPL-MxP mixed-precision benchmark, LineShine reached 7.92 Exaflop/s for fourth place, a comparatively modest 3.6x speedup over its HPL score that points to a CPU-only design without dedicated low-precision accelerators. While impressive, "the results may say more about Beijing's desire to show self-sufficiency in computing systems than its standing in the global AI race," reports Reuters. Reuters interviewed tech and policy experts who said that the results "do not mean that China has the world's fastest computer for AI work because of changes in the computing industry in recent years and the methods used to compile the list." The reports notes that LineShine "ranked fourth on a benchmark test designed to simulate computing work that is more similar to AI." Jimmy Goodrich, a senior fellow at the University of California's Institute for Global Conflict and Cooperation, said: "If the hyperscalers submitted their systems, this 'world's fastest' would not crack the top five." Addison Snell, CEO of Intersect360 Research, a firm that focuses on supercomputers, added: "I'm not surprised it's the number one system. What I'm surprised by is that they submitted it and want recognition for it."

Read more of this story at Slashdot.

23 Jun 2026 10:00pm GMT

Wikipedia cofounder Larry Sanger has been indefinitely banned from editing the site after editors concluded that he violated its canvassing rules, "or in other words, calling on his followers off platform in order to influence Wikipedia's content," reports 404 Media. Sanger says the ban proves Wikipedia suppresses ideological diversity, while editors argue he was trying to mobilize an outside audience to influence internal decisions and had ignored an earlier warning. From the report: The discussion that led to the decision to ban Sanger concluded with what an editor called a "clear consensus" to ban Sanger. "There is general agreement among participants that he has engaged in off-wiki canvassing and is not here to constructively build the encyclopedia," the editor said in a note closing the discussion. "There is also a significant concern shared by many editors that his actions constitute calls for outing." While Sanger has been railing about bias on Wikipedia for years, the specific issue here is around his WikiProject Intellectual Diversity. WikiProjects are group efforts among Wikipedia volunteers to deal with certain issues on the site. [...] Sanger's WikiProject Intellectual Diversity, as its name implies, aims to bring more intellectual diversity to the site, mostly meaning more right-leaning perspectives. Sanger's WikiProject Intellectual Diversity and its goals alone do not merit a ban according to Wikipedia's policies. The problem, according to Wikipedia editors, is that during the discussion about whether to allow WikiProject Intellectual Diversity to become an official WikiProject, Sanger invited his 91,000 followers on X to influence that discussion. Discussions about potential bans are supposed to remain open for at least 72 hours. While consensus that Sanger had violated Wikipedia policies was clear, Sanger was banned at some point before that deadline. He was then briefly unbanned, and then again indefinitely banned once 72 hours had elapsed and the discussion about the ban closed. "Wikipedia has become more of a mob-rule anarchy than ever," Sanger said in a statement sent to me by a spokesperson. "In the kangaroo court in which a mob ousted me, Wikipedia's administrators showed that they don't appear to value details like formal charges, a designated prosecutor, basic decorum, distinction between prosecution and judge, dispassionate adjudication, and so forth. They have no proper system other than triggering a mob to selectively enforce their hodgepodge of vague rules." "Now that same mob has blocked me for trying to bring an intellectually diverse group of thinkers and editors to the site," Sanger continued. "Subscribing to their groupthink is now an official requirement of being a member in good standing. Something must change, and now. I only wonder if the system as it currently stands can even allow the discourse necessary to fix the system."

Read more of this story at Slashdot.

23 Jun 2026 9:00pm GMT

Promo video comes as more US police departments fly drones as first responders.

23 Jun 2026 8:43pm GMT

Every little thing in a graphical user interface that we take for granted today, no matter how small, was thought up by someone, at some point. Case in point: the little red squiggly lines underneath misspelled words. In one form or another, these are everywhere now, and have just become a regular staple of every single text editing field we encounter every single day and don't stop to think about. Still, they were invented by someone, and we happen to know exactly who that was: Tony Krueger. In early versions of Word, the Spell Check feature was something that you explicitly invoked, and then you had to sit and wait while the program looked for all your potentially-misspelled words, and then showed them to you one at a time for a decision on what to do for each one. Word did introduce an Auto Spell Check feature to run spell check when the user was idle, so that when you hit the Spell Check button, the results were ready to go. However, the Auto Spell Check was still a blocking operation. As a result, a lot of users turned it off because it always seemed to decide "Now would be a good time to spell-check the document" just as you wanted to do something, forcing you to wait for the spell check pass to complete before you could, say, save and exit. Tony made the spell checker much more unobtrusive so that it didn't interfere with your foreground work. And when it found a problem, instead of waiting for you to trigger a spell check, it immediately drew red squiggles under potentially-misspelled words (and later green squiggles under potential grammatical errors). ↫ Raymond Chen at The Old New Thing Tony Krueger passed away recently, after, among other things, having worked on an dizzying number of Microsoft Word releases. Imagine coming up with something that seems to basic and elementary to us now, and seeing it spread pretty much everywhere. I wonder what it must feel like to have invented something that seems so simple, most people don't even realise they use it every single day.

23 Jun 2026 8:38pm GMT

I've had my share of issues with network shares on any operating system, but since I mostly use KDE these days I found this deep dive into how, exactly, network shares work in KDE quite interesting. It turns out that while network shares in KDE's Dolphin mostly work, it does involves a few layers that sometimes don't interact well with each other, leading to really curious and annoying problems with mounted shares not appearing, permission issues, and so on. The biggest cause of problems is when using a non-KDE application in KDE that also happens to use a non-KDE save/open dialog. Such a non-KDE save/open dialog won't be able to see any network shared mounted by KDE, and sadly, quite a few applications you're likely to use on a KDE installation use non-KDE open/save dialogs, like Blender, GIMP, LibreOffice, OnlyOffice, Inkscape, Audacity, DaVinci Resolve, and more. That's one hell of a list of applications to offer inconsistent or outright broken access to network shares you've set up and mounted in KDE. Luckily, this issue seems to be getting a ton of attention soon. All is not lost. Happily, KDE just received an investment of over €1.2 million from the Sovereign Tech Fund, and it includes funding for improvements to KDE's network share handling! ↫ Nate Graham The project is in the planning phases at the moment, but they're considering a whole slew of possible changes, fixes, and workarounds to make this stupid and annoying problem just go away. In 2026, nobody should be dealing with manually editing /etc/fstab or getting frustrated over supposedly disappearing network shares.

23 Jun 2026 8:20pm GMT

The developer working on Xfwl4, the Wayland compositor for Xfce, has published the new compositor's very first alpha release. Considering it's only been six months or so of work, it's impressive to see the effort reach this state already. The end goal of xfwl4 is to behave as closely as possible to an Xfce desktop running on an X server. Ideally a user could switch between the two without even knowing there's a difference. In reality, of course, it won't be quite that seamless, and there's still more work to be done to get as close as possible to that ideal. This is a first solid cut at it, at the very least. ↫ Brian Tarricone Being the very first alpha release, it won't surprise you there's a few things missing or broken at this point. Still, if you're brave, you can download and build the release and try it out.

22 Jun 2026 6:49pm GMT

Good morning from JetBrains Berlin office!

01 Jun 2026 12:00am GMT

Just trying to answer one simple question: What if the terminal was 3D?

11 May 2026 12:00am GMT

Break the pattern today or the loop will repeat tomorrow.

18 Apr 2026 12:00am GMT