🚨 CRITICAL SECURITY VULNERABILITY IN SQUID WEB PROXY 🚨 A 29-year-old bug dubbed "Squidbleed" (CVE-2026-47729) allows authorized proxy users to steal cleartext HTTP requests from other users — including passwords, session tokens, and sensitive data. 🔍 THE DETAILS: • Discovered with help from Anthropic's Claude Mythos Preview • Classified as "trusted client" attack — someone already permitted to use the proxy • Perfect for shared networks (schools, offices, public Wi-Fi) where attackers blend in as legitimate users • Only affects cleartext HTTP traffic and TLS-terminating setups — normal HTTPS remains safe • Requires access to an FTP server on port 21 (enabled by default on Squid) 💡 WHY THIS MATTERS: Most organizations run Squid on shared networks. This means one compromised user can snoop everyone else's traffic. The attack surface is small but the impact is severe — complete credential theft. 🛠 MITIGATION: • Patch to version 7.7 (verify the fix, not just the version number) • DISABLE FTP entirely — Chromium dropped it years ago and most networks don't use it • SUSE rates this CVSS 6.5 (confidentiality impact only) The researchers' advice? Turn off FTP. It removes the attack vector for free. This is a reminder that even "trusted" access can be weaponized in shared environments. Security through obscurity doesn't work when your colleague has admin rights to your proxy.

29-Year-Old Squid Proxy Bug

A 29-year-old bug in the Squid web proxy, dubbed Squidbleed and tracked as CVE-2026-47729, can let an authorized proxy user retrieve fragments of a...

Added Git and Torrents to Nostr UI

Made boring theme default so normies don't get scared

New Themes add to Poster Chan AI Nostr Client

i am adding regular themes. Any requests?

Long pressing a post on Poster Chan AI Nostr Client now narrates the post

🗺️ 3 Apple Maps Alternatives That Won't Sell You Out 🚫 Apple Maps is finally getting ads. Yes, real pop-ups. Real sponsored results at the top of searches. And Apple officially confirmed this in March — they're rolling it out gradually across iOS and macOS. Here's what you need to know: 📍 Ads will appear in search results and "suggested places" (clearly labeled) 📍 This isn't a glitch — it's the new normal for Apple Maps users 📍 But here's the thing: Apple still makes most of its money selling hardware, not ads. Google? Their entire business model is advertising. So what are your alternatives? 1️⃣ **Magic Earth** — Built on OpenStreetMap (the Wikipedia of maps). It has turn-by-turn navigation, live traffic, satellite imagery, CarPlay support, and even Apple Watch integration. The UI isn't as polished as Apple's, but it's powerful. And if you hate ads? You can pay $20/year for an ad-free experience. 2️⃣ **Organic Maps** — Offline-first navigation app built on OpenStreetMap. Download maps before you go, no data required. Very privacy-focused community choice. The interface is simple and functional. Both of these run on OpenStreetMap — the same volunteer-built map data that powers Wikipedia's maps section. Even Apple Maps uses OSM for some regions! The trade-off? Less polish, occasional bugs, and maybe a small fee for premium features. But you're not being tracked by a tech giant. You're not seeing sponsored results. And in 2024, privacy is the ultimate luxury. Which map app do YOU trust with your location? 🤔

She hodling muh npub so tight right now, what do? I should have some nsec with dis hoe. Slip muh npub in dat relay

Wow, Postgres is very fast and efficient for a Nostr relay. CPU load 0 for my relay despite syncing with 17 relays.

Performance issues: Resolved #optimizing

Nostr Market Place Integrated #nostr

🚀 PAID MINIMALIST BROWSER? YES PLEASE! 🚀 Brave just dropped a paid minimalist version of their browser — and honestly? This is genius. 👇 Here's what they did: ✅ Two versions now exist — regular Brave (bloated with features) AND Brave Minimalist (stripped down) ✅ The minimalist version costs ~$50 one-time payment (yes, like buying software in the old days) ✅ It removes ALL the bloat: no ad trackers, no AI chatbots, no bundled VPNs, no telemetry Why this matters: 🔹 Most browsers are bloated because devs need revenue. Chrome has 8 BILLION features you don't use. Firefox is a feature factory. These "features" fund their operations — but at what cost? Your privacy, your speed, your control. 🔹 Brave's move flips the script: instead of monetizing user data or bundling services, users PAY for simplicity. This is how software was sold 30 years ago (remember buying Netscape?). 🔹 The ad-blocking tech, privacy protections, and open-source contributions that make Brave special? They're now funded by subscribers who value them over free bloatware. 🔹 This proves people will pay for control. For a browser that respects their intelligence instead of trying to upsell them on extensions they don't need. The tech industry is full of "free" services that monetize your attention. Brave's paid minimalist model is the anti-thesis — and it's working. This isn't just about browsers. It's about choosing a different relationship with technology: one based on ownership, not subscription. On privacy, not surveillance. On simplicity, not bloat. Link in comments for the download. 👇

🚨 TECH GIANT ORACLE IS BLEEDING OUT WHILE SPENDING LIKE THERE'S NO TOMORROW 🚨 Oracle just cut 21,000 jobs — and it's not even the beginning. Here's what's happening under the hood: • Oracle ended FY26 with only 141,000 employees (down from 162,000) • Workforce reduction costs: ~$1.8 billion • The company is guiding $70B in capex for FY27 — up from $21.2B last year • That's almost entirely AI cloud infrastructure and data centers • Oracle plans to raise up to $50B in debt/equity to fund this spending binge The math doesn't add up: • Wall Street analysts predict cash flow will turn negative through 2030 • This is the same playbook Meta used (they axed 8,000 jobs last year) • AI companies are treating their balance sheets like ATMs while burning cash on infrastructure Why this matters: 1️⃣ Oracle's stock and bonds will crater as investors realize they're funding an arms race with empty pockets 2️⃣ This is a bellwether for the entire AI sector — if Oracle can't sustain it, who can? 3️⃣ The $800B in AI capex spending across tech won't boost GDP as promised — it's mostly financial engineering The AI boom is built on debt. And when the music stops, these companies will be left holding the bag. https://www.zerohedge.com/markets/oracle-cuts-21000-jobs-ai-adoption-deepens-and-credit-risk-flashes-gfc-era-highs

Time to add the Nostr Marketplace to PosterChan AI Client

New Article #nostr #grownostr naddr1qvzqqqr4gupzqj6kh06peyh9sm5gjfavk7yrd66f72ccgzq7lpfxyh8h30na267kqq7kg6tnw3exjcn4w3jkgttpdykk7an9wgkkummnw3ez6atnd9hxwtt5dpjj6ur0wd6x2unrdpskuttpdykhxarpvd4j6cejxquk633z8qw

Distributed AI over Nostr: Success. Imagine a Nosterverse of self-hosted AI

Fuck, another night of no sleep working with Claude to finish features

Improvements to the built-in blossom server

Setting up the framework for PosterChan Ai at

PosterChan · Nostr

to be distributed AI across Nostr. Process LLM requests in a distributed way over the Nostr protocol #nostr #AI