David S.

C’est la « renaissance » de la marque Bull, sous le giron de l’État - Next

C’est la « renaissance » de la marque Bull, sous le giron de l’État next.ink/221962/cest-...

📚 Les guides de l’ANSSI sont sur #MesServicesCyber !

🖥️ Alors que le site de l’ANSSI évolue, MesServicesCyber se transforme pour vous simplifier l’accès aux conseils et recommandations de l’ANSSI, et de ses partenaires.

Rendez-vous sur :
🔗 messervices.cyber.gouv.fr/catalogue/?m...

NVIDIA Acquires Open-Source Workload Management Provider SchedMD - HPCwire NVIDIA will continue to distribute SchedMD’s open-source, vendor-neutral Slurm software, ensuring wide availability for high-performance computing and AI. Dec. 15, 2025 — NVIDIA today announced it has...

🤔
NVIDIA Acquires Open-Source Workload Management Provider SchedMD - www.hpcwire.com/off-the-wire...

Hurray! This German State Decides to Save €15 Million Each Year By Kicking Out Microsoft for Open Source Schleswig-Holstein's migration to LibreOffice reaches 80% completion, with a one-time €9 million investment on cards for 2026.

Others could learn a lot from this. 🤓

itsfoss.com/news/german-...

Des gens ont testé KeeShare ?

Mots de passe : KeePassXC 2.7.11 disponible, la version 2.7.9 certifiée par l’ANSSI next.ink/brief_articl...

General Availability of AlmaLinux OS 9.7 Stable! AlmaLinux OS 9.7 Stable Now Available Hello Community! The AlmaLinux OS Foundation is announcing the general availability of AlmaLinux OS 9.7 codenamed “Moss Jungle Cat”! Installation ISOs are available on the mirrors now for all 4 architectures: Intel...

AlmaLinux OS 9.7 "Moss Jungle Cat" just dropped!

Updated compilers, enhanced security with post-quantum crypto, better container support.

Available now across all 4 architectures.

https://almalinux.org/blog/2025-11-17-almalinux_97_release/?utm_medium=social&utm_source=bluesky

Static Web Hosting on the Intel N150: FreeBSD, SmartOS, NetBSD, OpenBSD and Linux Compared

https://it-notes.dragas.net/2025/11/19/static-web-hosting-intel-n150-freebsd-smartos-netbsd-openbsd-linux/

#ITNotes #freebsd #illumos #jail #linux #netbsd #openbsd #ownyourdata #server #smartos #sysadmin […]

Et hop un Dell R420 dont la PERC inutilisable avec un Linux récent flashé en HBA : zfs on root et il peut resservir en tant que vénérable serveur de sauvegarde :-)

pool: ztank
state: ONLINE

📅 Ne manquez pas @capitoledulibre.org qui se tiendra ce week-end à l'ENSEEIHT, à Toulouse !

Pour vous inscrire et consulter le programme de l'événement, rendez-vous sur capitoledulibre.org.

Bon je connais une PERC qui va se faire flash en IT mode... :D

#debian 13.2 this saturday
lists.debian.org/debian-stabl...

Titre un peu putaclic mais on y croit !

"Victoire pour le logiciel libre : Polytechnique claque la porte à Microsoft 365 ! www.generation-nt.com/actualites/p... "

"oN a CHangÉ !"
www.huffingtonpost.fr/tech-futurs/...

X11, Wayland : pourquoi la transition est-elle aussi longue ? - Next This article has been shared by sebsauvage with wallabag.

X11, Wayland : pourquoi la transition est-elle aussi longue ? - Un bon article de synthèse sur les 2 protocoles graphiques du monde Linux/BSD, par Next repartagé par Seb Sauvage #X11 #Wayland app.wallabag.it/share/68c3ef...

Word va sauvegarder automatiquement les documents dans le cloud - Next

Ils en loupent pas une les c***...
next.ink/198278/word-...

HTTP/1.1 Fatal Vulnerability Exposes Millions of Websites to Hostile Takeover A critical vulnerability in the HTTP/1.1 protocol threatens tens of millions of websites with potential hostile takeovers through sophisticated desynchronization attacks.  This fundamental flaw in the decades-old protocol creates extreme ambiguity about where one request ends and the next begins, enabling attackers to manipulate web traffic and compromise entire infrastructures. Key Takeaways 1. HTTP/1.1 flaw exposes millions of websites to data theft and code injection attacks. 2. Upstream HTTP/2 is the only fix. 3. Major vendors don't support upstream HTTP/2 yet, leaving sites vulnerable. HTTP/1.1 Fatal Vulnerability PortSwigger reports that the vulnerability demonstrates how HTTP request smuggling attacks can bypass years of vendor-implemented security mitigations.  These desync attacks exploit the inherent weakness in HTTP/1.1’s message parsing mechanism, where attackers can craft malicious requests using techniques like Content-Length header manipulation and Transfer-Encoding: chunked discrepancies to confuse reverse proxies and backend servers. The impact of flourishing HTTP request smuggling is severe. According to the research , a single malicious HTTP request can cause websites to lose track of which responses belong to which users, resulting in massive disclosure of confidential information and users being randomly logged into other live accounts.  Furthermore, attackers can poison website caches with malicious JavaScript, gaining persistent control over web pages and enabling theft of passwords and credit card details. The vulnerability affects core infrastructure within multiple Content Delivery Networks (CDNs) , exposing millions of websites despite six years of attempted fixes by vendors.  Security experts emphasize that simply wrapping HTTP/1.1 in HTTPS provides no protection against these attacks, as the vulnerability exists at the protocol level rather than the encryption layer. Deploy HTTP/2 Upstream  The definitive solution requires migrating to upstream HTTP/2 connections between reverse proxies and origin servers. HTTP/2 eliminates the ambiguity that enables desync attacks by providing clear message boundaries and binary framing.  However, merely enabling HTTP/2 for client-facing connections is insufficient; the upstream connection to backend servers must also utilize HTTP/2 to prevent exploitation. For organizations unable to immediately deploy upstream HTTP/2, researchers recommend using the open-source HTTP Request Smuggler v3.0 tool to identify vulnerabilities, enabling request validation and normalization features, and considering disabling upstream connection reuse despite potential performance impacts.  Major vendors, including nginx, Akamai, CloudFront, and Fastly, currently lack upstream HTTP/2 support, leaving millions of websites vulnerable until these platforms implement the necessary upgrades. Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial The post HTTP/1.1 Fatal Vulnerability Exposes Millions of Websites to Hostile Takeover appeared first on Cyber Security News .

HTTP/1.1 Fatal Vulnerability Exposes Millions of Websites to Hostile Takeover

"We need to go deeper" version CPU :

Analyse des nouveaux titres rechargeables des transports de Toulouse - Page perso de Maya le site plus tellement secret de maya !!

Analyse des tickets rechargeables des transports de Toulouse : extraction depuis le tag NFC ST25TB et interprétation des données - Article par Maya #NFC maya.sh/tisseo.html

New version Proxmox Virtual Environment 9.0

PROXMOX VIRTUAL ENVIRONMENT v9.0 is available, see all details forum.proxmox.com/threads/prox...

Release announcement for Proxmox Backup Server 4.0

PROXMOX BACKUP SERVER 4.0 is here! Packed with new features and improvements! See all detail forum.proxmox.com/threads/prox...

Un tableau listant des alternatives gratuites et/ou open source aux applications Adobe.

Un tableau listant des alternatives gratuites et/ou Open Source aux applications Adobe.

Le guide pour faire évoluer votre carrière !

Interface immich

🏖️🐻 Les Logiciels Libres de l'été, jour 45

IMMICH : Une solution Open Source de sauvegarde de photos et de vidéos des smartphones.

Firefox, il bouge toujours ! (mais c'est compliqué) Ça fait beaucoup trop longtemps que je n'ai pas parlé de Firefox ici (que je n'ai pas parlé du tout, d'ailleurs, si on considère la fréquence de publication, même si j'ai récemment sorti des trucs). P...

J'avais dit en live que j'avais un article de #blog sur #Firefox sous le coude, ben voilà, il est prêt, je vous le livre donc :
blog.seboss666.info/2025/08/fire...

Learning Go concurrency patterns is getting easy with this amazing site
#golang

concurrency.rocks

mikas blog » Blog Archive » What to expect from Debian/trixie #newintrixie

Michael Prokop has posted a lengthy list of changes coming in the Debian "trixie" release (next official release version 13), due in early August 2025 #Debian #Linux michael-prokop.at/blog/2025/07...

Hashcat, le meilleur casseur de mots de passe, est disponible en version 7.0.0. Une très grosse version, avec près de 900.000 lignes de code changées, des nouveaux algorithmes et techniques pour casser du secret ⬇️

github.com/hashcat/hash...

Du nouveau de côté de MatInfo :-)
matinfo.fr/fr/notificat...

Anubis sends AI scraperbots to a well-deserved fate Few, if any, web sites or web-based services have gone unscathed by the locust-like hordes of A [...]

A good Introduction to Anubis, a Tool (written in Go) to block the hordes of AI crawlers via a proof-of-work Challenge - Article by LWN lwn.net/Articles/102...

GitHub - projectsend/projectsend: ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users ... ProjectSend is a free, open source software that lets you share files with your clients, focused on ease of use and privacy. It supports clients groups, system users roles, statistics, multiple lan...

Avec les changements de conditions d'utilisation de WeTransfer, vous êtes sans doute à la recherche d'alternatives auto-hébergeables et open-sources. Voici donc ProjectSend qui vous permettra de partager vos fichiers avec un contrôle total ⬇️

github.com/projectsend/...