fidzu : nerd

Comments

24 Jun 2026 12:28am GMT

Comments

24 Jun 2026 12:15am GMT

Comments

23 Jun 2026 11:42pm GMT

A 29-year-old bug in the Squid web proxy, dubbed Squidbleed and tracked as CVE-2026-47729, can let an authorized proxy user retrieve fragments of another user's cleartext HTTP requests, including credentials and session tokens. The security researcher who reported the flaw credited Anthropic's Claude Mythos Preview for the discovery. The Hacker News reports: Squid describes this as an attack by a trusted client: someone already permitted to use the proxy, not any random host on the internet. That matches Squid's usual home, shared networks like schools, offices, and public Wi-Fi. In those setups, the attacker is just another user of the same proxy. The leak also only reaches traffic that Squid can read. Normal HTTPS rides an opaque CONNECT tunnel, so Squid never sees inside it; the exposed traffic is cleartext HTTP, plus TLS-terminating setups where Squid decrypts and inspects. The attacker also needs the proxy to reach an FTP server they control on port 21. Both FTP and that port are on by default. [...] If you patch, verify the fix, not just the version. Confirm the guard is in FtpGateway.cc, or check your distribution's backport, since distros ship their own builds (Debian packages Squid 5.7). The public thread is still inconsistent: maintainer Amos Jeffries first said Squid 7.6 carried the fix, then corrected that to 7.7, and on June 22 Debian's Salvatore Bonaccorso noted the referenced commit looks like it is already in 7.6. The fix is small, a null-terminator check before the vulnerable strchr calls, merged to the development branch in April and v7 in May. Squid 7.6 does separately patch CVE-2026-50012, an unrelated cache_digest heap overflow. The cleaner move is the one the researchers recommend anyway: turn FTP off. Chromium dropped FTP years ago, and most networks carry almost none of it, so disabling it removes this attack surface for free, whatever build you run. The risk is real but bounded. SUSE rates it moderate, CVSS 6.5, and the vector explains the score: the attacker needs proxy access (low privileges), and the only impact is confidentiality, nothing on integrity or availability.

Read more of this story at Slashdot.

23 Jun 2026 11:00pm GMT

Order warns of national security risks if post-quantum cryptography isn't adopted in time.

23 Jun 2026 10:30pm GMT

Climate.us has now restored everything taken down by the government.

23 Jun 2026 10:07pm GMT

Longtime Slashdot reader hackingbear shares a report from TOP500: The 67th edition of the TOP500 list of the world's most powerful supercomputers was announced today at the ISC 2026 conference in Hamburg, Germany. LineShine, a previously unlisted system installed in China, debuts at No. 1, displacing El Capitan as the world's most powerful supercomputer as measured by the High Performance Linpack (HPL) benchmark. LineShine achieved 2.198 Exaflop/s on HPL -- about 80 percent of its 2.736 Exaflop/s theoretical peak -- making it the first system on the TOP500 to exceed two exaflops of sustained double-precision performance using CPUs only. Installed at the National Supercomputing Centre in Shenzhen (NSCS) and built by the Shenzhen Cloud Computing Center, the system is based on a custom Chinese processor and the "LingKun" platform: 13.79 million cores across 304-core LX2 processors running at 1.55 GHz, linked by the proprietary LingQi interconnect and running Kylin OS. LineShine draws approximately 42.2 megawatts of power, for an efficiency of 52.07 Gigaflops/Watt. Its debut marks the first time since 2017 that a Chinese system has led the TOP500, and it also takes over the No. 1 position on the HPCG ranking with 22.00 HPCG-Petaflop/s. On the HPL-MxP mixed-precision benchmark, LineShine reached 7.92 Exaflop/s for fourth place, a comparatively modest 3.6x speedup over its HPL score that points to a CPU-only design without dedicated low-precision accelerators. While impressive, "the results may say more about Beijing's desire to show self-sufficiency in computing systems than its standing in the global AI race," reports Reuters. Reuters interviewed tech and policy experts who said that the results "do not mean that China has the world's fastest computer for AI work because of changes in the computing industry in recent years and the methods used to compile the list." The reports notes that LineShine "ranked fourth on a benchmark test designed to simulate computing work that is more similar to AI." Jimmy Goodrich, a senior fellow at the University of California's Institute for Global Conflict and Cooperation, said: "If the hyperscalers submitted their systems, this 'world's fastest' would not crack the top five." Addison Snell, CEO of Intersect360 Research, a firm that focuses on supercomputers, added: "I'm not surprised it's the number one system. What I'm surprised by is that they submitted it and want recognition for it."

Read more of this story at Slashdot.

23 Jun 2026 10:00pm GMT

COSMIC Desktop 1.1 is out with COSMIC Monitor, versioning changes, translation updates, and fixes across core desktop components.

23 Jun 2026 9:01pm GMT

Wikipedia cofounder Larry Sanger has been indefinitely banned from editing the site after editors concluded that he violated its canvassing rules, "or in other words, calling on his followers off platform in order to influence Wikipedia's content," reports 404 Media. Sanger says the ban proves Wikipedia suppresses ideological diversity, while editors argue he was trying to mobilize an outside audience to influence internal decisions and had ignored an earlier warning. From the report: The discussion that led to the decision to ban Sanger concluded with what an editor called a "clear consensus" to ban Sanger. "There is general agreement among participants that he has engaged in off-wiki canvassing and is not here to constructively build the encyclopedia," the editor said in a note closing the discussion. "There is also a significant concern shared by many editors that his actions constitute calls for outing." While Sanger has been railing about bias on Wikipedia for years, the specific issue here is around his WikiProject Intellectual Diversity. WikiProjects are group efforts among Wikipedia volunteers to deal with certain issues on the site. [...] Sanger's WikiProject Intellectual Diversity, as its name implies, aims to bring more intellectual diversity to the site, mostly meaning more right-leaning perspectives. Sanger's WikiProject Intellectual Diversity and its goals alone do not merit a ban according to Wikipedia's policies. The problem, according to Wikipedia editors, is that during the discussion about whether to allow WikiProject Intellectual Diversity to become an official WikiProject, Sanger invited his 91,000 followers on X to influence that discussion. Discussions about potential bans are supposed to remain open for at least 72 hours. While consensus that Sanger had violated Wikipedia policies was clear, Sanger was banned at some point before that deadline. He was then briefly unbanned, and then again indefinitely banned once 72 hours had elapsed and the discussion about the ban closed. "Wikipedia has become more of a mob-rule anarchy than ever," Sanger said in a statement sent to me by a spokesperson. "In the kangaroo court in which a mob ousted me, Wikipedia's administrators showed that they don't appear to value details like formal charges, a designated prosecutor, basic decorum, distinction between prosecution and judge, dispassionate adjudication, and so forth. They have no proper system other than triggering a mob to selectively enforce their hodgepodge of vague rules." "Now that same mob has blocked me for trying to bring an intellectually diverse group of thinkers and editors to the site," Sanger continued. "Subscribing to their groupthink is now an official requirement of being a member in good standing. Something must change, and now. I only wonder if the system as it currently stands can even allow the discourse necessary to fix the system."

Read more of this story at Slashdot.

23 Jun 2026 9:00pm GMT

Promo video comes as more US police departments fly drones as first responders.

23 Jun 2026 8:43pm GMT

Brave Origin is a minimalist Brave edition that costs $59.99 on other platforms but is free for Linux users.

23 Jun 2026 8:41pm GMT

Cloudflare, Firefox, Chrome, Edge, and Shopify introduce PACT, a privacy-first protocol for proving legitimate web access.

23 Jun 2026 3:16pm GMT