RHEL 10.2 porta l’assistenza AI nel terminale Linux enterprise
linuxeasy.org/rhel-10-2-assist…
RHEL 10.2 introduce assistenza AI da terminale, nuovi tool per sviluppatori e aggiornamenti a Python 3.14, Rust 1.92 e LLVM 21.
L'articolo RHEL 10.2 porta l’assistenza AI nel terminale Linux enterprise proviene da Linux Easy.
E'
ONLYOFFICE Docs 9.4 arrivano nuovi temi, presentazioni e funzionalità
linuxeasy.org/onlyoffice-docs-…
ONLYOFFICE Docs 9.4 introduce modalità Dark per i fogli, nuove linee orizzontali, temi e transizioni per le presentazioni e miglioramenti
L'articolo ONLYOFFICE Docs 9.4 arrivano nuovi temi, presentazioni e
PowerDNS Security Advisory 2026-06 for PowerDNS Authoritative Server
(aka PowerDNS Authoritative Server 4.9.15 & 5.0.5 released)
blog.powerdns.com/2026/05/20/p…
This is the release of Authoritative Server 5.0.5 and 4.9.15 (security release).Peter van Dijk (Open-Xchange GmbH)
reshared this
Cybersecurity & cyberwarfare e Lorenzo reshared this.
Our May 2026 maintenance releases of BIND 9 are available at isc.org/download : 9.18.49 and 9.20.23 (stable) and 9.21.22 (development). Packages and container images provided by ISC will be updated later today.
In addition to bug fixes and feature improvements, these releases also contain fixes for security vulnerabilities:
- kb.isc.org/docs/cve-2026-3039
- kb.isc.org/docs/cve-2026-3592
- kb.isc.org/docs/cve-2026-3593
- kb.isc.org/docs/cve-2026-5946
- kb.isc.org/docs/cve-2026-5947
- kb.isc.org/docs/cve-2026-5950
reshared this
Cybersecurity & cyberwarfare e Lorenzo reshared this.
Q4OS 6.7 Andromeda: cosa offre la nuova release
linuxeasy.org/q4os-6-7-androme…
Q4OS 6.7 Andromeda aggiorna la base Debian Trixie e punta su leggerezza, stabilità e supporto LTS fino al 2030.
L'articolo Q4OS 6.7 Andromeda: cosa offre la nuova release proviene da Linux Easy.
E' vietato riprodurre questo articolo senza
Mageia 10 RC1: anteprima della nuova release con Live ISO e installer Classico
linuxeasy.org/mageia-10-rc1-an…
Mageia 10 RC1 evolve l’esperienza con installer migliorato, nuovi desktop, supporto hardware ampliato e stack software aggiornato.
L'articolo Mageia 10 RC1:
Haruna 1.8 Rilasciato arrivano nuove funzioni per playlist, OSD e gestione file
linuxeasy.org/haruna-1-8-rilas…
Haruna 1.8 introduce nuove opzioni per playlist, OSD, MPRIS e gestione file, migliorando l’esperienza di riproduzione su Linux.
L'articolo Haruna 1.8 Rilasciato arrivano nuove funzioni per playlist, OSD e gestione file
1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories.Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension.GitHub (X (formerly Twitter))
reshared this
Lorenzo e Cybersecurity & cyberwarfare reshared this.
So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. github.com/Nightmare-Eclipse/Y…
Mitigation = BitLocker PIN and BIOS password lock.
YellowKey Bitlocker Bypass Vulnerability. Contribute to Nightmare-Eclipse/YellowKey development by creating an account on GitHub.GitHub
reshared this
Kotes, Trendy Toots, Cat 🐈🥗 (D.Burch) , Soatok Dreamseeker, gabboman the wafrn dev, Oblomov, filobus, Vitex, Shannon Prickett, Matthew, Peter Vágner, Lord Caramac the Clueless, KSC, Shlee booped around &, Lorenzo e Cybersecurity & cyberwarfare reshared this.
Thunderbird 151 migliora autenticazione OAuth e gestione avanzata delle email
linuxeasy.org/thunderbird-151-…
Thunderbird 151 migliora OAuth, calendario, gestione email e stabilità con nuove funzioni per Linux, Windows e macOS.
L'articolo Thunderbird 151 migliora autenticazione OAuth e gestione avanzata delle email proviene da Linux Easy.
E' vietato
Ardour 9.5 Rilasciato migliora il workflow MIDI con editing accordi
linuxeasy.org/ardour-9-5-rilas…
Ardour 9.5 migliora l’editing MIDI con quantizzazione accordi, nuove interfacce pianoroll e temi grafici aggiornati.
L'articolo Ardour 9.5 Rilasciato migliora il workflow MIDI con editing accordi proviene da Linux Easy.
E'
Firefox cresce in Europa grazie al DMA
linuxeasy.org/firefox-cresce-i…
Firefox cresce in Europa grazie al DMA: milioni di utenti scelgono alternative a Chrome e Safari sui dispositivi mobili.
L'articolo Firefox cresce in Europa grazie al DMA proviene da Linux Easy.
E' vietato riprodurre questo articolo senza autorizzazione.
Questo feed RSS è destinato
Ubuntu Core 26 porta più velocità e sicurezza su IoT ed edge
linuxeasy.org/ubuntu-core-26-v…
Ubuntu Core 26 arriva con update OTA più piccoli, Livepatch, OP-TEE e nuove ottimizzazioni per dispositivi IoT ed edge.
L'articolo Ubuntu Core 26 porta più velocità e sicurezza su IoT ed edge proviene da Linux Easy.
E' vietato riprodurre questo articolo
GNOME 51 prepara il passaggio da System Monitor a Resources
linuxeasy.org/gnome-51-passagg…
GNOME 51 potrebbe sostituire System Monitor con Resources, una nuova app più moderna per il monitoraggio hardware e prestazioni.
L'articolo GNOME 51 prepara il passaggio da System Monitor a Resources proviene da Linux Easy.
E' vietato riprodurre questo
Today is L0pht Day. In 1998 7 hackers in suits told the US Senate the internet was a house of cards. We said we could take it down in 30 minutes. They looked at us like we'd landed from another planet.
28 yrs later, the gap between what the security community knows and what decision-makers act on remains a fundamental problem.
Miss you, Peter Neumann. He testified that day too, with decades of hard-earned wisdom. We owe him.
The work isn't done. It never was.
reshared this
Cybersecurity & cyberwarfare, Lorenzo, ⠵⠻⠷⠕⠭ 🍥🍉⚪🌹, Shannon Prickett, Lord Caramac the Clueless, KSC, Trendy Toots, webhat, Lisa Melton, Pseudo Nym e ʙwɑnɑ нoɴoʟʊʟʊ reshared this.
20 years later, we took down a large portion of it just by b0rking a network change. This wasn't even in an ISP, so I can affirm your claim on practical grounds.
No, I don't remember which member of the team pushed that change, only that it wasn't me 😀
"House of cards" is an apt description.
reshared this
Lord Caramac the Clueless, KSC reshared this.
KDE supera i 55 milioni di linee di codice nella sua storia
linuxeasy.org/kde-supera-55-mi…
KDE supera 55 milioni di linee di codice nella sua storia Git, con oltre 8 milioni ancora presenti nei progetti attivi.
L'articolo KDE supera i 55 milioni di linee di codice nella sua storia proviene da Linux Easy.
E' vietato riprodurre questo articolo senza
Pizza Hut's AI system caused 'cascading' problems and $100M in damages, franchisee alleges in new suit
businessinsider.com/pizza-hut-…
> A top Pizza Hut franchisee says the chain's rollout of an AI-powered delivery system turned once-speedy pizza orders into a cold, late-arriving mess — and cratered a business that had been outperforming nearly every other operator in the system.
Pizza Hut's AI-powered Dragontail system led to $100M in lost business, a franchisee says in a lawsuit over delivery delays.Katherine Tangalakis-Lippert (Business Insider)
reshared this
Khalid ⚡, Kent Navalesi ☕️, Cybersecurity & cyberwarfare, Lorenzo, Lord Caramac the Clueless, KSC, Shannon Prickett, ✊🇵🇸Palestine🇵🇸Action✊, Lisa Melton, ʙwɑnɑ нoɴoʟʊʟʊ, ZZ Bottom e Buridan's procrastinator ⁂ reshared this.
Can't wait for all the "no but it's not the AI, they implemented it wrong" replies.
Somehow whenever slop generators are involved, however incidentally, in something that can be claimed to work, it's "AI DID A THING".
But when they end up causing problems it's "human error" or "implemented it poorly" or some other form of good old "you're holding it wrong". 
Oblomov reshared this.
having this exact thing from people about a post from someone who says their (assuming US) company denied them their monthly pay because the AI output claimed they'd been slacking off (having clocked off early one time for a medical thing).
Oh well that's just a bad company.
I mean, yes. But. Now they're worse.
Sensitive content
@cnr
There are mentions of it several times, though.
The failure here is a particular one, not the usual hallucinations - The company wanted to make something, anything at all, with "AI".
So they replaced a functioning system that had purpose-guided information flows with "something, anything with 'AI'".
And because it was "with 'AI'" no thought was given to the purposes involved, old knowledge was disregarded, and I am willing to bet, SMEs were told to "work with it, not against it" or "fail fast so we can improve it", without actually checking if this "something, anything" was a good idea.
«The complaint says DoorDash drivers began waiting to batch multiple orders together after gaining virtual visibility into kitchen systems»
This sounds like an intentional plan to extract money from restaurants and pump it into the gatekeepers' bank accounts (a joint DoorDash/Pizza Hut goal I presume).
The main contribution of "AI" is presumably the hope that it provides plausible deniability for said high street robbery.
Sensitive content
I have the same issue with deductive logic applied to the real world.
'Everybody is just "doing it wrong", it's really a good tool, otherwise.'
Somehow the total preponderance of "human error" in that domain is not a fundamental fault in the tool, can't be, it's infallible, you know!!
Sensitive content
@jeantranscene
Exactly.
If the tool doesn't work in your domain, do NOT use the tool in that domain.
Should be simple.
And yes, the irony of it all is that as bad as deduction is in the domain of reality, it's relatively good in computing.
And the fuckers go and invent a stochastic tool so they can suck just as badly in computing as deduction sucks in the real world.
Amazing. We´re the problem. Humanity is a fuck.
Sensitive content
Ultimately the issue here was that "we need something with AI" was the motivation for changing the SW.
Previous SW performed better, because it just did the one thing it was supposed to.
And then the New software tried to be optimizable, with the result that it let couriers do hostile optimization.
> The complaint says DoorDash drivers began waiting to batch multiple orders together after gaining virtual visibility into kitchen systems, allowing them to see when pizzas would come out of the oven. Instead of immediately leaving with a completed order, the suit claims drivers waited "up to fifteen (15) minutes" for additional deliveries[...]
The lawsuit also alleges Dashers could see tip amounts and whether orders were cash payments, making some drivers less likely to accept certain deliveries.
this one really is "just" a labor problem (food delivery services underpay while doing over-optimized pay schemes to the drivers) / suboptimal product decision (oversharing someone else's data) that's not unique to AI though, unless we assume that some AI did the entirety of PM's job and got rubberstamped. One can share the kitchen data in plain text with drivers and get the same outcome.
Wow that's a lot of "but actually it's not AI's fault!" responses. 
So let me explain:
1. Gig workers do not get paid nearly enough
2. Pizza Hut decides to deploy some AI boondoggle ("Dragontail") without thinking it through, believing the BS about "optimizing delivery with AI"
3. Gig workers find a way to play the system
4. ???
5. Lawsuit
Gig workers should have been paid more in the first place, but this is still an example of how jumping on the AI hype train can screw you.
Oblomov reshared this.
Stranger sliding in... I'm annoyed that I can't blame AI as much as I would like to, here. It does seem like it falls more under "the gig worker economy is absolute bullshit" instead of "AI fucked it up". Gig workers definitely don't get paid enough and I don't blame them for figuring out ways to game the system to optimize. They don't have to care how much the customer likes the actual food.
I am amused that whoever designed the system (presumably human?) did not think about the seems-obvious ways it would get exploited, though. Perhaps they thought the AI would take care of that part. Vibe architecting ftw.
Sensitive content
@tymwol
When possible, use archive.org
archive.today also owns the urls:
archive.fo
archive.is
archive.li
archive.md
archive.ph
archive.vn
arstechnica.com/tech-policy/20…
Archive.today has begun rolling out Google's reCaptcha as well, which is concerning when it can be altered.
I do not have evidence, but I can see how this could possibly be a malware vector in the future.
If DDoSing a blog wasn't bad enough, archive site also tampered with web snapshots.Jon Brodkin (Ars Technica)
It's a systems design issue, which can appear in any poorly designed system.
It's not AI specific. It just happened they used AI this time.
It's topical to blame ai at the moment. Which is fine.
@notyourfanboy as I said here:
mstdn.social/@rysiek/116600986…
Can't wait for all the "no but it's not the AI, they implemented it wrong" replies.Somehow whenever slop generators are involved, however incidentally, in something that can be claimed to work, it's "AI DID A THING".
But when they end up causing problems it's "human error" or "implemented it poorly" or some other form of good old "you're holding it wrong".
If you read further...
> The complaint says DoorDash drivers began waiting to batch multiple orders together after gaining virtual visibility into kitchen systems, allowing them to see when pizzas would come out of the oven.
> Instead of immediately leaving with a completed order, the suit claims drivers waited "up to fifteen (15) minutes" for additional deliveries, increasing the time between when a pizza is removed from the oven rack and when it leaves the building to be delivered. That delay slowed deliveries, disappointed customers, and caused a sharp drop in sales, the suit says.
@haliphax and if you read earlier:
> In a lawsuit filed on May 6 in Texas Business Court, franchisee Chaac Pizza Northeast accused Pizza Hut of forcing stores to adopt Dragontail, a delivery-management platform that Pizza Hut described as using artificial intelligence to "optimize" food delivery, despite what the suit calls obvious incompatibilities with Chaac's business model.
Dragontail is an "AI" startup, so this is a case of integrating an AI boondoggle poorly leading to a bad outcome.
@haliphax the "AI" integration is the crucial part, the whole thing is symptomatic of how "AI" stuff is so hyped up that businesses integrate anything with "AI" on the label without thinking it through.
I am going to go out on a limb and bet that if the system was not being promoted as "AI", it would receive way, way more scrutiny from Pizza Hut before getting implemented.
And I think it is super interesting that the "AI" in the title comes from Business Insider, no less.
instead of baking the pizzas and just hoping and praying that an independent contractor (door-dasher) sees the order in an app and chooses to take it, they should consider hiring delivery people directly and pay them a good wage and pension
would literally solve all their problems
@mighty_orbot pretty exactly right actually – AI software was integrated poorly and without properly assessing the consequences, leading to a bad outcome.
I am going to *bet* there was someone there saying "but this will cause this exact problem" and was silenced "because AI".
The way this fuckup happened, reminds of a funny but true story.
When I was student (half a century ago), I participated in a programming competition. (PCs didn't exist back then; we wrote programs in FORTRAN for a mainframe.) The task was to write an algorithm for a machine that returns change. The input data was how many coins and banknotes of each denomination the machine had, and a list of values it had to return. The algorithm had to be clever enough so that if it couldn't use the minimal amount of coins and banknotes, it had to switch to other amounts, using the available quantities. The condition said "process as many transactions as possible", obviously meaning the above level of cleverness.
Well, one chap took the condition way too literally. His program buffered all the change requests until there were no more and *then* re-ordered them, in order to fulfill as many as possible with the available money/denominations.
While it clearly "optimized" things, in real life it would have lead to idiotic delays, just like this case with drivers waiting for all the pizzas to be ready.
Pizza Hut was supposed to be the sole survivor of the franchise wars, not the looser! You can’t even trust the historical documents any more.
(Okay, this is Demolition Man and Galaxy Quest)
Michał "rysiek" Woźniak · 🇺🇦 reshared this.
I'm not surprised, but it still makes me scratch my head why do they even add "AI" to stuff like this. I mean everything worked alright before "AI" came along.
Hell, there's even AI-powered fridges. Since when did fridges need "AI" lmao.
@hoco
> I wonder whose job it was to make sure the project would work out well?
That is the real question – or, put it differently: who signed off on this?
I hope this will come out in court.
TTL rivoluziona la diagnostica di rete da terminale su Linux
linuxeasy.org/ttl-rivoluziona-…
TTL è una nuova utility CLI per Linux che migliora traceroute e ping con funzioni avanzate di diagnostica e analisi rete.
L'articolo TTL rivoluziona la diagnostica di rete da terminale su Linux proviene da Linux Easy.
E' vietato riprodurre
Firefox 151 migliora privacy, PDF e supporto hardware avanzato
linuxeasy.org/firefox-151-migl…
Firefox 151 porta backup profili su Linux, unione PDF integrata, nuove funzioni privacy e supporto Web Serial per microcontrollori.
L'articolo Firefox 151 migliora privacy, PDF e supporto hardware avanzato proviene da
reshared this
Paolo Redaelli e GetPrivacy.it 🔐 reshared this.
📺 Between Two Nerds: Russia's hacker university
risky.biz/video/between-two-ne…
In this edition of Between Two Nerds Tom Uren and The Grugq look at Department 4 of Bauman Moscow State Technical University where student [Read More]risky.biz
reshared this
Lorenzo e Cybersecurity & cyberwarfare reshared this.
Mozilla difende le VPN contro le restrizioni Inglesi
linuxeasy.org/mozilla-difende-…
Mozilla critica le possibili restrizioni VPN nel Regno Unito e avverte sui rischi per privacy, sicurezza e libertà digitale.
L'articolo Mozilla difende le VPN contro le restrizioni Inglesi proviene da Linux Easy.
E' vietato riprodurre questo articolo senza
New, by me: CISA Admin Leaked AWS GovCloud Keys on GitHub
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
krebsonsecurity.com/2026/05/ci…
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA …krebsonsecurity.com
Carlos Solís likes this.
reshared this
Daniel Colquitt, mORA, Trendy Toots, Cat 🐈🥗 (D.Burch) , Democracy Matters, Lisa Melton, Cybersecurity & cyberwarfare, Lorenzo, Cedar Fen Farm Cedar Fen Farm, Oblomov, Soatok Dreamseeker e Pseudo Nym reshared this.
Are you seriously telling me that somebody stored AWS govcloud secrets in a github repo ? In a file called "Important AWS Tokens" ? Do they not know who github is ? Is it intentional ?
Has that person been fired into the sun yet, along with whoever hired them ?
@GerardThornley I guess you have to store secrets somewhere, in your source or CI/CD pipeline playbook. I hope people are not checking in private keys, or the CEO's email password.
But govcloud IIRC is basically AWS but "secure for fedramp". Then using "github" for your source control is like the Manhattan Project keeping their notebooks in the local college library, but in a locked room.
because i actually reached out to cisa in the past, asking how to work for them. they told me the only way to do it was unpaid, and condesendingly told me i should do it 'because i love my country'. many others were getting paid. so, needless to say, theres a little club, and im not in it.
but this guy was.
so i reeeeeally wanna know
How does CISA get to hire someone like that?
Websters: Hack (adjective): "working for hire especially with mediocre professional standards."
one of the most egregious government data leaks in recent history
The word "recent" is doing a lot of heavy lifting here. Like, this is a colossal fuckup, but we've had a lot of other colossal fuckups recently, so... y'know, context.
We blame an AI agent for this....
What a fuck-up!!!
@theyosh AI agents don't do this. stupidity does.
The 'S' in CISA stands for secrets.
I shouldn't be laughing.
Workspace is misspelled.
Important tokens, as opposed to the unimportant ones.
Ok ... my bad. I'm going back out for 1.5 Liters of tequila and some cyanide (for myself).
You gotta be KIDDING me!
MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES The Federal Government has a constitutional duty and a moral responsibility to respect andMicah Stopperich (The White House)
make something idiot proof and nature will create a better idiot
Scnr
"Currently, there is no indication that any sensitive data was compromised as a result of this incident,”
Looks pretty damned sensitive to me, unless you consider admin permissions on your network public information.
I’d like to append the top/original post with the following…
“…so far.”
Because this is highly unlikely to be the last or worst…just one that we now know about. Fairly sure there are plenty more that are either covered up or yet to be found in the open (…akin to a box of classified info left in a bathroom). Save some ire for the next four or five of them. I mean think of who got their fingers into most govt systems year one…you just know there’s more.
> The [public] GitHub repository that Valadon flagged was named “Private-CISA,”
How bad could it be
> One of the exposed files, titled “importantAWStokens,” included the administrative credentials to three Amazon AWS GovCloud servers.
Awesome
> Another file exposed in their public GitHub repository — “AWS-Workspace-Firefox-Passwords.csv”
Hell yeah
If they didn't validate the credentials I'd wonder if it was a honeypot.
@drwho Ha! It’ll turn out the only reason the Russians, Chinese, Iranian, et al hackers don’t have the keys to the front door is because GitHub can’t maintain uptime.
Perhaps a tad wishful thinking on my part…
📺 NCSC’s Ollie Whitehouse on surviving the "bugpocalypse"
risky.biz/video/ncscs-ollie-wh…
In this edition of Risky Business Features Ollie Whitehouse, the CTO of the UK's National Cyber Security Centre, joins Patrick Gray and Ja [Read More]risky.biz
reshared this
Cybersecurity & cyberwarfare e Lorenzo reshared this.
reshared this
Lorenzo, Cybersecurity & cyberwarfare e wilhelm reshared this.
Fadocx il visualizzatore documenti open per Android
linuxeasy.org/fadocx-visualizz…
Fadocx è il visualizzatore documenti open source per Android che punta tutto su privacy, supporto offline e OCR locale senza tracker.
L'articolo Fadocx il visualizzatore documenti open per Android proviene da Linux Easy.
E' vietato riprodurre questo articolo
OpenProject 17.4.0: novità, sicurezza e migrazione da Jira
linuxeasy.org/openproject-17-4…
OpenProject 17.4.0 introduce migrazione da Jira, backlog bucket, API migliorate e fix di sicurezza importanti.
L'articolo OpenProject 17.4.0: novità, sicurezza e migrazione da Jira proviene da Linux Easy.
E' vietato riprodurre questo
reshared this
Trendy Toots, jbz, Lisa Melton, Oblomov, Armin Hanisch, Iris Young (he/they/she) (PhD), Lorenzo e Cybersecurity & cyberwarfare reshared this.
Linus Torvalds aggiorna le linee guida del kernel Linux sui bug di sicurezza
linuxeasy.org/linus-torvalds-a…
Nuove regole nel kernel Linux per la gestione delle vulnerabilità e dei report AI-assisted. Linus Torvalds punta su qualità e trasparenza. #Linux #Kernel #CyberSecurity
Rescuezilla 2.6.2 aggiorna il live ISO con supporto a Ubuntu 26.04 LTS
linuxeasy.org/rescuezilla-2-6-…
Rescuezilla 2.6.2 aggiorna il live ISO con supporto a Ubuntu 26.04 LTS, fix grafici, nuove traduzioni e compatibilità estesa.
L'articolo Rescuezilla 2.6.2 aggiorna il live ISO con
Graphs 2.0 porta nuove funzioni avanzate per grafici scientifici e analisi dati
linuxeasy.org/graphs-2-0-funzi…
Graphs 2.0 migliora grafici scientifici, import dati, curve fitting e supporto mobile con tante novità per Linux e GNOME.
L'articolo Graphs 2.0 porta nuove funzioni avanzate per grafici
OpenTofu punta su automazione, sicurezza e gestione cloud semplificata
linuxeasy.org/opentofu-automaz…
OpenTofu è l’alternativa open source a Terraform sotto Linux Foundation con nuove funzioni per sicurezza, automazione e gestione cloud.
L'articolo OpenTofu punta su automazione, sicurezza e gestione cloud
VMware Workstation Pro 26H1 migliora virtualizzazione e supporto Linux
linuxeasy.org/vmware-workstati…
VMware Workstation Pro 26H1 introduce il supporto a nuove distribuzioni Linux, miglioramenti ARM e versione Windows completamente a 64 bit.
L'articolo VMware Workstation Pro 26H1 migliora
@Paolo Redaelli le alternative sono generalmente sprovviste di tutte le caratteristiche enterprise: prova tu a spostare una VM sul cloud di Azure o di AWS con "le alternative" oppure prova a spostare una macchina virtuale accesa da un server a un altro senza avere VMWare e poi fammi sapere che succede
E poi se vuoi gestire un sistema aziendale con un tecnico certificato, puoi andare solo su VMWare. C'è anchee Virtualbox ma malgrado è di Oracle sta ancora a qualche parsec di distanza dall'usabilità business
At Stackscale we work with VMware vSphere and Proxmox VE every day. Our approach isn’t to “force” a tool, but to fit the platform to the project’sDavid Carrero (Stackscale)
Rilasciato Shelly 2.3 migliora il package manager alternativo per Arch Linux
linuxeasy.org/rilasciato-shell…
Shelly 2.3 migliora il package manager per Arch Linux con prestazioni superiori, supporto traduzioni e gestione avanzata di AUR e Flatpak.
L'articolo Rilasciato Shelly 2.3 migliora il package manager alternativo per Arch Linux proviene da Linux Easy.
E'
Aqloss il player musicale open che punta sulla qualità audio assoluta
linuxeasy.org/aqloss-player-mu…
Aqloss è un player musicale open source con motore audio Rust, supporto WASAPI Exclusive e riproduzione bit-perfect su Windows.
L'articolo Aqloss il player musicale open che punta sulla qualità audio assoluta proviene da Linux
Wine 11.9 migliora il supporto Wayland per i giochi Windows su Linux
linuxeasy.org/wine-11-9-suppor…
Wine 11.9 migliora il gaming Linux su Wayland con nuovo supporto cursori, fix per giochi Windows e maggiore compatibilità software.
L'articolo Wine 11.9 migliora il supporto Wayland per i giochi Windows su Linux proviene da Linux Easy.
BleachBit aggiunge una TUI interattiva ideale per server Linux
linuxeasy.org/bleachbit-tui-in…
BleachBit introduce una nuova interfaccia TUI interattiva per Linux, ideale per server headless e sistemi leggeri senza ambiente grafico.
L'articolo BleachBit aggiunge una TUI interattiva ideale per server Linux proviene da Linux Easy.
E' vietato riprodurre
Debian 13.5 Trixie Rilasciato con oltre 100 fix di sicurezza
linuxeasy.org/debian-13-5-trix…
Debian 13.5 aggiorna Trixie con 103 fix di sicurezza e 144 correzioni di stabilità per server, desktop e infrastrutture Linux.
L'articolo Debian 13.5 Trixie Rilasciato con oltre 100 fix di sicurezza proviene da Linux
bomby reshared this.
Exclusive: Fast16 malware has raised questions about what it was designed to do. Researchers at Symantec finally confirm it was subverting software used to simulate nuclear weapons explosions. Nuclear experts also tell me Iran was the likely target and explain how it impacted nuclear weapons tests. Fast16 wasn't aimed at sabotaging nuclear weapons themselves, but was only designed to alter data being fed to engineers from software used to simulate nuclear explosions tests. The goal was to trick engineers into believing their tests were failing to create confusion and slow down weapons program. Fast16 and Stuxnet were similar in that they both fed false data to engineers. But Stuxnet also physically altered centrifuges while tricking engineers into believing the devices were fine. New analysis from me also shows the two codes were contemporaneous, not separated by years.
Here's my story, which contains a link to a timeline showing how they were being developed around the same time, likely as part of a multi-pronged operation to slow down Iran's nuclear program.
zetter-zeroday.com/experts-con…
Fast16 didn't predate Stuxnet but was contemporaneous with it. It also wasn't aimed at altering nuclear weapons but was simply feeding false data to engineers about the nuclear detonation tests they were conducting, in order to trick them into believ…Kim Zetter (ZERO DAY)
reshared this
Cybersecurity & cyberwarfare, Lorenzo, Lord Caramac the Clueless, KSC, ʙwɑnɑ нoɴoʟʊʟʊ, Lisa Melton e Lorenzo Franceschi-Bicchierai reshared this.
reshared this
Lorenzo e Cybersecurity & cyberwarfare reshared this.
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •For anybody looking at this, testing showed two things:
- TPM unlocked the storage
- it provides a login bypass, as you’re dumped as SYSTEM prior to Windows Hello or password login
BitLocker operates without a PIN by default so it’s basically a big gap, it’s unclear how this code made it into the production version of Windows.
Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Kevin Beaumont
in reply to Kevin Beaumont • • •Microsoft have issued a CVE for the YellowKey BitLocker bypass and provided mitigation advice - CVE-2026-45585
My take - mitigations too fiddly to actually deploy, BitLocker+PIN and BIOS password mitigates and should be used if you are sensitive to BitLocker bypass threats.
msrc.microsoft.com/update-guid…
Security Update Guide - Microsoft Security Response Center
msrc.microsoft.comKlaus Frank
in reply to Kevin Beaumont • • •Oriel Jutty
in reply to Kevin Beaumont • • •Oh, fun.
Graham Sutherland / Polynomial
in reply to Kevin Beaumont • • •it's not clear to me what config this bypasses. is it only the no password config?
(Edit: thought about it and yeah ofc it's just that config)
Mark Koek
in reply to Kevin Beaumont • • •Graham Sutherland / Polynomial
in reply to Mark Koek • • •Erik
in reply to Kevin Beaumont • • •Graham Sutherland / Polynomial
in reply to Erik • • •Alan Miller 🇺🇦
in reply to Erik • • •TelH90
in reply to Kevin Beaumont • • •I never trusted #BitLocker with it's #Govware - #Backdoor anyway!
- Cuz now people put that trust into some #BackBox IC (#TPM) that is usually soldered down on the board that may or may not be #exploitable from the factory (whether due to #bugs, #incompetence or "Export Restrictions #Compliance" is irrelevant for the affected End-Users!)…
- If (for some horrible reason that I refuse to acknowledge as legitimate!) someone needs a #Windows machine BUT with #FullDiskEncryption, they should use the only REAL #FDE: #VeraCrypt!
#CensorBoot never was about #Security…
- Calling it "#SecureBoot" is adopting the enemy's #Propaganda-Speak!
Dźwiedziu
in reply to Kevin Beaumont • • •David Esposito
in reply to Kevin Beaumont • • •Rairii
in reply to Kevin Beaumont • • •h4890
in reply to Kevin Beaumont • • •Sehar Irfan
in reply to Kevin Beaumont • • •gvs
in reply to Kevin Beaumont • • •Kallisti
in reply to Kevin Beaumont • • •I was worried I'd run out of tools that do not require opening a computer/laptop case, now that Microsoft's planning to patch Bitpixie this year.
But Windows is a gift that just keeps on giving
Marcus Adams
in reply to Kevin Beaumont • • •avery
in reply to Kevin Beaumont • • •tanavit
in reply to Kevin Beaumont • • •Poc @sebsauvage
@GossiTheDog
sebsauvage
in reply to tanavit • • •Haha oui j'ai vu passer ça, ainsi qu'une faille RCE dans Word.
Avi 🟣
in reply to Kevin Beaumont • • •S1m
in reply to Kevin Beaumont • • •drm
in reply to S1m • • •Moe Lassus
in reply to Kevin Beaumont • • •Kevin Boyd (he/him) 🇨🇦
Unknown parent • • •Jasper at Home
in reply to Kevin Beaumont • • •BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets
Alon Leviev (media.ccc.de)Jonathan Daigle
in reply to Kevin Beaumont • • •This doesn't work for me. I'm using an exFat Ventoy USB (it's all I have right now) on a T16 Gen 1 and a desktop. Both with TPM, no PIN.
ThinkPad - won't boot with CTRL held down, I briefly release it on the Lenovo screen. CMD pops up but C:\ is mapped to a Ventoy partition and the BitLocker partition wasn't mounted or unlocked.
Desktop - I got to CMD and C:\ was mounted but locked.
Without the USB CMD doesn't open on either PC. I might try again later with clean NTFS USB stick.
Torx
in reply to Kevin Beaumont • • •How long do users need to observe this whack-a-mole before switching the default OS to #BSD or #Linux?
If some really needs an MS-OS it can be installed to a VM. This mitigates the issues arising from using Windows on the bare metal. The main OS must provide the basic security and #Windows does not deserve more than a Guest-VM to exist in. Such a setup allows to fence it un, to firewall it off the rest.