Атака на реализации HTTP/2, приводящая к исчерпанию доступной памяти
Раскрыта информация об уязвимости "HTTP/2 Bomb", затрагивающей различные реализации протокола HTTP/2 и позволяющей добиться отказа в обслуживании через исчерпание всей доступной процессу памяти. Наличие проблемы подтверждено в HTTP-серверах nginx, Apache httpd (CVE-2026-49975), Microsoft IIS, Envoy (CVE-2026-47774) и Cloudflare Pingora в конфигурации по умолчанию.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65616
Раскрыта информация об уязвимости "HTTP/2 Bomb", затрагивающей различные реализации протокола HTTP/2 и позволяющей добиться отказа в обслуживании через исчерпание всей доступной процессу памяти. Наличие проблемы подтверждено в HTTP-серверах nginx, Apache httpd (CVE-2026-49975), Microsoft IIS, Envoy (CVE-2026-47774) и Cloudflare Pingora в конфигурации по умолчанию.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65616
📰 Crown Engine 0.63 Restores Its OpenGL Renderer For Legacy Hardware Support
While not as well known as the likes of the Godot or O3DE open-source game engines, Crown Engine continues advancing as an open-source, C++-based game engine...
🔗 Source:
#opensource
👉@sysadminoff
https://www.phoronix.com/news/Crown-Engine-0.63
While not as well known as the likes of the Godot or O3DE open-source game engines, Crown Engine continues advancing as an open-source, C++-based game engine...
🔗 Source:
#opensource
👉@sysadminoff
https://www.phoronix.com/news/Crown-Engine-0.63
Phoronix
Crown Engine 0.63 Restores Its OpenGL Renderer For Legacy Hardware Support
While not as well known as the likes of the Godot or O3DE open-source game engines, Crown Engine continues advancing as an open-source, C++-based game engine
📰 Tails 7.8.1 Is Out as an Emergency Release to Fix Serious Security Vulnerabilities
Tails 7.8.1 anonymous Linux distribution is now available for download with an updated kernel patched against recent security vulnerabilities, Tor 0.4.9.9, and other changes.
🔗 Source: https://9to5linux.com/tails-7-8-1-is-out-as-an-emergency-release-to-fix-serious-security-vulnerabilities
#kernel #linux
👉@sysadminoff
Tails 7.8.1 anonymous Linux distribution is now available for download with an updated kernel patched against recent security vulnerabilities, Tor 0.4.9.9, and other changes.
🔗 Source: https://9to5linux.com/tails-7-8-1-is-out-as-an-emergency-release-to-fix-serious-security-vulnerabilities
#kernel #linux
👉@sysadminoff
UK regulator forces Google to provide AI scraping opt out for publishers
The UK Competition and Markets Authority has issued a landmark order requiring Google to allow publishers to opt out of AI-generated search features. This mandate ensures that news organizations can prevent their content from appearing in AI Overviews without losing visibility in traditional search results. Previously, website owners had to block Google's crawlers entirely to avoid AI scraping, which effectively removed them from all search engine indexing.
Source
👉@sysadminoff
https://4sysops.com/archives/uk-regulator-forces-google-to-provide-ai-scraping-opt-out-for-publishers/
The UK Competition and Markets Authority has issued a landmark order requiring Google to allow publishers to opt out of AI-generated search features. This mandate ensures that news organizations can prevent their content from appearing in AI Overviews without losing visibility in traditional search results. Previously, website owners had to block Google's crawlers entirely to avoid AI scraping, which effectively removed them from all search engine indexing.
Source
👉@sysadminoff
https://4sysops.com/archives/uk-regulator-forces-google-to-provide-ai-scraping-opt-out-for-publishers/
📰 Linux Foundation Wants Open Standards for What AI is Actually Costing You
The Tokenomics Foundation will work on vendor-neutral benchmarks for token spend, with backing from major players.
🔗 Source:
#linux
👉@sysadminoff
https://feed.itsfoss.com/link/24361/17353894/tokenomics-foundation
The Tokenomics Foundation will work on vendor-neutral benchmarks for token spend, with backing from major players.
🔗 Source:
#linux
👉@sysadminoff
https://feed.itsfoss.com/link/24361/17353894/tokenomics-foundation
It's FOSS
Linux Foundation Wants Open Standards for What AI is Actually Costing You
The Tokenomics Foundation will work on vendor-neutral benchmarks for token spend, with backing from major players.
📰 GCC Git Enables Additional Tuning For AMD Zen 6
In addition to Intel adjusting their Nova Lake and Diamond Rapids targets in GCC this week to deal with APX realities, AMD this week also adjusted some tuning bits for their Zen 6 "znver6" target...
🔗 Source:
#amd #intel
👉@sysadminoff
https://www.phoronix.com/news/GCC-More-Zen-6-Tuning-June
In addition to Intel adjusting their Nova Lake and Diamond Rapids targets in GCC this week to deal with APX realities, AMD this week also adjusted some tuning bits for their Zen 6 "znver6" target...
🔗 Source:
#amd #intel
👉@sysadminoff
https://www.phoronix.com/news/GCC-More-Zen-6-Tuning-June
Phoronix
GCC Git Enables Additional Tuning For AMD Zen 6
In addition to Intel adjusting their Nova Lake and Diamond Rapids targets in GCC this week to deal with APX realities, AMD this week also adjusted some tuning bits for their Zen 6 'znver6' target.
📰 KDE Gear 26.04.2 Released with More Improvements for Your Favorite KDE Apps
KDE Gear 26.04.2 is now available as the second maintenance update to the latest KDE Gear 26.04 open-source software suite series with fixes for various KDE applications.
🔗 Source: https://9to5linux.com/kde-gear-26-04-2-released-with-more-improvements-for-your-favorite-kde-apps
#kde #opensource
👉@sysadminoff
KDE Gear 26.04.2 is now available as the second maintenance update to the latest KDE Gear 26.04 open-source software suite series with fixes for various KDE applications.
🔗 Source: https://9to5linux.com/kde-gear-26-04-2-released-with-more-improvements-for-your-favorite-kde-apps
#kde #opensource
👉@sysadminoff
📰 Linux finally has working HDR, but you still can't use it for most streaming services
HDR has had a tumultuous journey on Linux, but it's starting to get better... until you try to use it with any streaming service.
🔗 Source:
#linux
👉@sysadminoff
https://www.xda-developers.com/linux-finally-working-hdr-but-still-cant-use-it-most-streaming-services/
HDR has had a tumultuous journey on Linux, but it's starting to get better... until you try to use it with any streaming service.
🔗 Source:
#linux
👉@sysadminoff
https://www.xda-developers.com/linux-finally-working-hdr-but-still-cant-use-it-most-streaming-services/
XDA
Linux finally has working HDR, but you still can't use it for most streaming services
DRM ruins everything
Уязвимость HTTP/2 Bomb, приводящая к исчерпанию оперативной памяти
В начале июня 2026 года исследователи кибербезопасности из компании Calif (с помощью ИИ-агента Codex) обнаружили новый вариант атаки HTTP/2 Bomb, которая работает даже с одного клиентского устройства, имеющего интернет-соединение со скоростью 100 Мбит/с.
Атака состоит из двух этапов:
Манипуляция сжатием HPACK: В протоколе HTTP/2 заголовки сжимаются с помощью таблицы HPACK. Атакующий отправляет почти пустой заголовок, но с помощью сотен тысяч инструкций заставляет сервер распаковывать и постоянно ссылаться на один и тот же крошечный элемент. Это вызывает лавинообразный расход памяти сервера.
Блокировка потока управления (Flow Control): После того как память заполнена, злоумышленник выставляет размер окна управления потоком (flow-control window) на 0. Это заставляет сервер приостановить отправку ответа, удерживая занятую память, и поддерживать соединение открытым периодическими 1-байтными запросами.
Всего один клиент за 10–20 секунд способен израсходовать до 32–64 ГБ оперативной памяти. Уровень потребления памяти в различных HTTP-серверах варьируется от примерно 70 байт на каждый байт в индексе для nginx, IIS и Pingora, до 4000 байт в Apache httpd и 5700 в Envoy.
Уязвимости подвержены практически все основные серверные реализации HTTP/2 в конфигурациях по умолчанию:
NGINX, Apache HTTPD (модуль mod_http2), Microsoft IIS, Envoy, Cloudflare, Pingora
Уязвимость исправлена в nginx 1.29.8 (с помощью директивы max_headers из freenginx, по умолчанию допускающая обработку не более 1000 заголовков), Envoy 1.35.11 и 1.36.7 (mutable_max_request_headers_kb и max_headers_count), Appache mod_http2 2.0.41. Для Microsoft IIS и Cloudflare Pingora исправлений пока нет.
HTTP-сервер Angie не подвержен уязвимости, поскольку реализовал защиту от подобного рода атак ещё в версии 1.8.0, вышедшей в 2024 году.
http2
👉@sysadminoff
https://www.linux.org.ru/news/security/18311265
В начале июня 2026 года исследователи кибербезопасности из компании Calif (с помощью ИИ-агента Codex) обнаружили новый вариант атаки HTTP/2 Bomb, которая работает даже с одного клиентского устройства, имеющего интернет-соединение со скоростью 100 Мбит/с.
Атака состоит из двух этапов:
Манипуляция сжатием HPACK: В протоколе HTTP/2 заголовки сжимаются с помощью таблицы HPACK. Атакующий отправляет почти пустой заголовок, но с помощью сотен тысяч инструкций заставляет сервер распаковывать и постоянно ссылаться на один и тот же крошечный элемент. Это вызывает лавинообразный расход памяти сервера.
Блокировка потока управления (Flow Control): После того как память заполнена, злоумышленник выставляет размер окна управления потоком (flow-control window) на 0. Это заставляет сервер приостановить отправку ответа, удерживая занятую память, и поддерживать соединение открытым периодическими 1-байтными запросами.
Всего один клиент за 10–20 секунд способен израсходовать до 32–64 ГБ оперативной памяти. Уровень потребления памяти в различных HTTP-серверах варьируется от примерно 70 байт на каждый байт в индексе для nginx, IIS и Pingora, до 4000 байт в Apache httpd и 5700 в Envoy.
Уязвимости подвержены практически все основные серверные реализации HTTP/2 в конфигурациях по умолчанию:
NGINX, Apache HTTPD (модуль mod_http2), Microsoft IIS, Envoy, Cloudflare, Pingora
Уязвимость исправлена в nginx 1.29.8 (с помощью директивы max_headers из freenginx, по умолчанию допускающая обработку не более 1000 заголовков), Envoy 1.35.11 и 1.36.7 (mutable_max_request_headers_kb и max_headers_count), Appache mod_http2 2.0.41. Для Microsoft IIS и Cloudflare Pingora исправлений пока нет.
HTTP-сервер Angie не подвержен уязвимости, поскольку реализовал защиту от подобного рода атак ещё в версии 1.8.0, вышедшей в 2024 году.
http2
👉@sysadminoff
https://www.linux.org.ru/news/security/18311265
📰 Qualcomm Gets The Lenovo Yoga Slim 7x Gen11 Snapdragon X2 Laptop Working On Linux
For those interested in the prospects of running Snapdragon X2 laptops on Linux rather than Windows 11 on ARM, the Lenovo Yoga Slim 7x Gen11 has emerged as one of the initial X2 laptops with tentative Device Tree handling to allow Linux to boot on this latest-generation Qualcomm-powered laptop,...
🔗 Source:
#arm #linux
👉@sysadminoff
https://www.phoronix.com/news/Lenovo-Yoga-Slim-7x-Gen11-Linux
For those interested in the prospects of running Snapdragon X2 laptops on Linux rather than Windows 11 on ARM, the Lenovo Yoga Slim 7x Gen11 has emerged as one of the initial X2 laptops with tentative Device Tree handling to allow Linux to boot on this latest-generation Qualcomm-powered laptop,...
🔗 Source:
#arm #linux
👉@sysadminoff
https://www.phoronix.com/news/Lenovo-Yoga-Slim-7x-Gen11-Linux
Phoronix
Qualcomm Gets The Lenovo Yoga Slim 7x Gen11 Snapdragon X2 Laptop Working On Linux
For those interested in the prospects of running Snapdragon X2 laptops on Linux rather than Windows 11 on ARM, the Lenovo Yoga Slim 7x Gen11 has emerged as one of the initial X2 laptops with tentative Device Tree handling to allow Linux to boot on this latest…
Релиз Chrome 149
Компания Google опубликовала релиз web-браузера Chrome 149. Одновременно доступен стабильный выпуск свободного проекта Chromium, выступающего основой Chrome. Браузер Chrome отличается от Chromium использованием логотипов Google, наличием системы отправки уведомлений в случае краха, модулями для воспроизведения защищённого от копирования видеоконтента (DRM), системой автоматической установки обновлений, постоянным включением Sandbox-изоляции, поставкой ключей к Google API и передачей RLZ-параметров при поиске. Для тех, кому необходимо больше времени на обновление, отдельно поддерживается ветка Extended Stable, сопровождаемая 8 недель. Следующий выпуск Chrome 150 запланирован на 30 июня.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65617
Компания Google опубликовала релиз web-браузера Chrome 149. Одновременно доступен стабильный выпуск свободного проекта Chromium, выступающего основой Chrome. Браузер Chrome отличается от Chromium использованием логотипов Google, наличием системы отправки уведомлений в случае краха, модулями для воспроизведения защищённого от копирования видеоконтента (DRM), системой автоматической установки обновлений, постоянным включением Sandbox-изоляции, поставкой ключей к Google API и передачей RLZ-параметров при поиске. Для тех, кому необходимо больше времени на обновление, отдельно поддерживается ветка Extended Stable, сопровождаемая 8 недель. Следующий выпуск Chrome 150 запланирован на 30 июня.
👉@sysadminoff
https://www.opennet.ru/opennews/art.shtml?num=65617
OpenAI enhances ChatGPT memory with automated narrative user profiles
OpenAI has updated the ChatGPT memory system to automatically generate narrative profiles of users based on their conversation history. Instead of storing isolated facts in bulleted lists, the system now synthesizes information into categorized prose dossiers covering work, hobbies, and travel. This background processing, referred to as "Dreaming," allows the AI to maintain context without requiring explicit commands from the user to remember specific details.
Source
👉@sysadminoff
https://4sysops.com/archives/openai-enhances-chatgpt-memory-with-automated-narrative-user-profiles/
OpenAI has updated the ChatGPT memory system to automatically generate narrative profiles of users based on their conversation history. Instead of storing isolated facts in bulleted lists, the system now synthesizes information into categorized prose dossiers covering work, hobbies, and travel. This background processing, referred to as "Dreaming," allows the AI to maintain context without requiring explicit commands from the user to remember specific details.
Source
👉@sysadminoff
https://4sysops.com/archives/openai-enhances-chatgpt-memory-with-automated-narrative-user-profiles/
📰 Collabora + Flipper: Opening up the RK3576
Collabora is proud to share that we've partnered with Flipper Devices to work together on building an open Linux platform for hardware hackers. The long-awaited Flipper One will be built on the Rockchip RK3576!
🔗 Source:
#linux
👉@sysadminoff
https://www.collabora.com/news-and-blog/news-and-events/collabora-flipper-opening-up-the-rk3576.html
Collabora is proud to share that we've partnered with Flipper Devices to work together on building an open Linux platform for hardware hackers. The long-awaited Flipper One will be built on the Rockchip RK3576!
🔗 Source:
#linux
👉@sysadminoff
https://www.collabora.com/news-and-blog/news-and-events/collabora-flipper-opening-up-the-rk3576.html
Collabora | Open Source Consulting
Collabora + Flipper: Opening up the RK3576
Collabora has partnered with Flipper Devices to build the Flipper One, based on the RK3576.
GitHub Copilot in Visual Studio 2026 adds planning agent and context management
The May update for GitHub Copilot in Visual Studio 2026 introduces a dedicated Plan agent designed to assist with pre-coding architecture. This tool analyzes the existing codebase to draft implementation strategies in markdown format before any actual code is written. Once the strategy is finalized, it can be handed off to the Agent mode for automated implementation.
Source
👉@sysadminoff
https://4sysops.com/archives/github-copilot-in-visual-studio-2026-adds-planning-agent-and-context-management/
The May update for GitHub Copilot in Visual Studio 2026 introduces a dedicated Plan agent designed to assist with pre-coding architecture. This tool analyzes the existing codebase to draft implementation strategies in markdown format before any actual code is written. Once the strategy is finalized, it can be handed off to the Agent mode for automated implementation.
Source
👉@sysadminoff
https://4sysops.com/archives/github-copilot-in-visual-studio-2026-adds-planning-agent-and-context-management/
📰 BudsLink Brings Advanced Earbud Controls to Linux Desktops
by George WhittakerLinux users have long faced a frustrating limitation with wireless earbuds: basic Bluetooth audio usually works, but advanced features often remain locked behind proprietary mobile apps. A new open-source project called BudsLink is trying to change that.Designed specifically for Linux desktops, BudsLink adds support for battery monitoring, Active Noise Cancellation (ANC) controls, ambient sound modes, gesture customization,...
🔗 Source:
#linux #opensource
👉@sysadminoff
https://www.linuxjournal.com/content/budslink-brings-advanced-earbud-controls-linux-desktops
by George WhittakerLinux users have long faced a frustrating limitation with wireless earbuds: basic Bluetooth audio usually works, but advanced features often remain locked behind proprietary mobile apps. A new open-source project called BudsLink is trying to change that.Designed specifically for Linux desktops, BudsLink adds support for battery monitoring, Active Noise Cancellation (ANC) controls, ambient sound modes, gesture customization,...
🔗 Source:
#linux #opensource
👉@sysadminoff
https://www.linuxjournal.com/content/budslink-brings-advanced-earbud-controls-linux-desktops
Linux Journal
BudsLink Brings Advanced Earbud Controls to Linux Desktops
Linux users have long faced a frustrating limitation with wireless earbuds: basic Bluetooth audio usually works, but advanced features often remain locked behind proprietary mobile apps. A new open-source project called BudsLink is trying to change that.
📰 I ditched Ubuntu for Fedora Atomic, and now I can't imagine going back to a mutable OS
It was mystifying at first, but once it clicked, I can't go back.
🔗 Source:
#fedora #ubuntu
👉@sysadminoff
https://www.xda-developers.com/ditched-ubuntu-fedora-atomic/
It was mystifying at first, but once it clicked, I can't go back.
🔗 Source:
#fedora #ubuntu
👉@sysadminoff
https://www.xda-developers.com/ditched-ubuntu-fedora-atomic/
XDA
I ditched Ubuntu for Fedora Atomic, and now I can't imagine going back to a mutable OS
It was mystifying at first, but once it clicked, I can't go back.
Microsoft Coreutils for Windows: native Linux command-line tools
Microsoft announced Coreutils for Windows at Build 2026, making a set of Unix-style command-line tools available as native Windows applications. Built on an open-source Rust reimplementation of GNU coreutils, the package ships as a single binary. It bundles the standard coreutils, findutils, and a GNU-compatible grep. Because many command names overlap with existing Windows built-ins, you must be aware of shell conflicts before using them in cmd or PowerShell. The project carries a preview label on GitHub despite being announced as generally available.
Source
👉@sysadminoff
https://4sysops.com/archives/microsoft-coreutils-for-windows-native-linux-command-line-tools/
Microsoft announced Coreutils for Windows at Build 2026, making a set of Unix-style command-line tools available as native Windows applications. Built on an open-source Rust reimplementation of GNU coreutils, the package ships as a single binary. It bundles the standard coreutils, findutils, and a GNU-compatible grep. Because many command names overlap with existing Windows built-ins, you must be aware of shell conflicts before using them in cmd or PowerShell. The project carries a preview label on GitHub despite being announced as generally available.
Source
👉@sysadminoff
https://4sysops.com/archives/microsoft-coreutils-for-windows-native-linux-command-line-tools/
AI pioneer Geoffrey Hinton warns of conscious superintelligence and existential risk
Geoffrey Hinton, a foundational figure in deep learning, asserts that modern artificial intelligence already possesses consciousness and real understanding rather than acting as a simple statistical parrot. He identifies a shift in AI capability that occurred in 2023, noting that digital intelligence now surpasses biological brains in information sharing efficiency by billions of times. This rapid trajectory suggests that superintelligence—AI smarter than humans in every domain—will likely emerge within the next 20 years.
Source
👉@sysadminoff
https://4sysops.com/archives/ai-pioneer-geoffrey-hinton-warns-of-conscious-superintelligence-and-existential-risk/
Geoffrey Hinton, a foundational figure in deep learning, asserts that modern artificial intelligence already possesses consciousness and real understanding rather than acting as a simple statistical parrot. He identifies a shift in AI capability that occurred in 2023, noting that digital intelligence now surpasses biological brains in information sharing efficiency by billions of times. This rapid trajectory suggests that superintelligence—AI smarter than humans in every domain—will likely emerge within the next 20 years.
Source
👉@sysadminoff
https://4sysops.com/archives/ai-pioneer-geoffrey-hinton-warns-of-conscious-superintelligence-and-existential-risk/