Le gestionnaire de mots de passe KeePassXC est une version open source et multiplateforme de l’application KeePass Password Safe pour Windows. Les moutures se sont faites plus rares, mais elles comportent toujours autant de nouveautés.

La nouvelle version 2.7.11 déroule ainsi une longue liste d’apports. On y trouve la génération automatique de mot de passe quand on crée une nouvelle entrée, une boite de dialogue pour demander confirmation avant la fusion de deux bases de données, le support de la synchronisation de groupe dans KeeShare, une confirmation quand on sort de la base de données avec Échap, le support des horodatages et de l’historique dans l’import depuis BitWarden, ou encore des recherches prédéfinies pour les entrées TOTP.

On note également la prise en charge d’un plus grand nombre de types de fichiers dans le visualiseur de pièces jointes en ligne, dont les images, le HTML et le Markdown. On peut aussi éditer les fichiers texte en pièce jointe. Sur macOS, l’icône et plusieurs menus ont été passés à la moulinette Liquid Glass.

KeePassXC 2.7.11 corrige en outre toute une série de bugs, dont un qui pouvait empêcher la fenêtre d’être restaurée dans sa géométrie précédente. Les notes de version complètes et les téléchargements sont disponibles depuis le site officiel.

Pour les personnes qui préfèrent une version éprouvée, KeePassXC 2.7.9 a reçu le 17 novembre une certification CSPN-2025/16 de l’ANSSI, obtenue pour trois ans. La petite application a même été mise en avant dans une publication du 21 novembre sur la sécurité des mots de passe.

Miracle en fabrication

Les propos récents de Microsoft sur l’évolution de Windows vers un système « agentique » provoquent de virulentes réactions. Pour de nombreux observateurs, cette marche forcée vers l’IA illustre un décalage croissant entre les besoins des utilisateurs et la direction que veut donner l’entreprise à son produit.

Comme nous l’indiquions dans notre article du 18 novembre, c’est un message du responsable de la division Windows, Pavan Davuluri, qui a enflammé la toile : « Windows évolue vers un système d’exploitation agentique, connectant appareils, cloud et IA pour une productivité accrue et un travail sécurisé où que vous soyez ». Sous son message, des centaines de commentaires négatifs, voire acerbes, au point que Davuluri bloquera les réponses.

• Vers un Windows « agentique » : accueil glacial pour la vision de Microsoft

Ce que veut Microsoft

La société de Redmond rêve d’un monde où les agents s’occupent de tout, discutent entre eux, apprennent le contexte des utilisateurs et leur viennent en aide sur à peu près tout et n’importe quoi. Un monde dans lequel il suffit de prononcer quelques phrases à haute voix pour que les requêtes soient interprétées et dument exécutées.

Pour parvenir à cette vision, Windows doit devenir un hub pour les agents. Une infrastructure spécifique, que Microsoft a plus ou moins déjà détaillée : une session Windows à part, avec des contrôles présentés comme stricts, des agents appliquant le principe de moindre privilège, etc.

Le gestionnaire de mots de passe KeePassXC est une version open source et multiplateforme de l’application KeePass Password Safe pour Windows. Les moutures se sont faites plus rares, mais elles comportent toujours autant de nouveautés.

La nouvelle version 2.7.11 déroule ainsi une longue liste d’apports. On y trouve la génération automatique de mot de passe quand on crée une nouvelle entrée, une boite de dialogue pour demander confirmation avant la fusion de deux bases de données, le support de la synchronisation de groupe dans KeeShare, une confirmation quand on sort de la base de données avec Échap, le support des horodatages et de l’historique dans l’import depuis BitWarden, ou encore des recherches prédéfinies pour les entrées TOTP.

On note également la prise en charge d’un plus grand nombre de types de fichiers dans le visualiseur de pièces jointes en ligne, dont les images, le HTML et le Markdown. On peut aussi éditer les fichiers texte en pièce jointe. Sur macOS, l’icône et plusieurs menus ont été passés à la moulinette Liquid Glass.

KeePassXC 2.7.11 corrige en outre toute une série de bugs, dont un qui pouvait empêcher la fenêtre d’être restaurée dans sa géométrie précédente. Les notes de version complètes et les téléchargements sont disponibles depuis le site officiel.

Pour les personnes qui préfèrent une version éprouvée, KeePassXC 2.7.9 a reçu le 17 novembre une certification CSPN-2025/16 de l’ANSSI, obtenue pour trois ans. La petite application a même été mise en avant dans une publication du 21 novembre sur la sécurité des mots de passe.

The end of 2025 is quickly approaching and while there are the various end of year holidays, you can still expect to find new and original content on Phoronix each and every single day of the year just as it's been for more than a decade of the now 21-year-old Phoronix.com. The last day without any new content on Phoronix was all the way back in May of 2012. That's due to my passion for Linux hardware and open-source, paired in more recent years with the more grueling environment to make ends meet with the ever increasing state of the web advertising industry, rampant ad-block use, and related challenges for web publishers. If you would like to show your support for Phoronix's Linux hardware content over the past two decades, this week is the "Cyber Week" / "Black Friday" sale to go ad-free, multi-page-articles on a single page, and other benefits at a reduced rate...

En avril 2026 se déroulera le deuxième tour des extensions personnalisées de noms de domaine, les .marques. Lors du premier tour, plusieurs centaines d’entités avaient répondu présentes. Nous pouvons par exemple citer les extensions .leclerc, .bnpparibas, .lancaster, .sncf, .google, ainsi que des extensions géographiques comme les .paris, .bzh, .alsace, etc.

Au début du mois, le Conseil d’administration de l’ICANN a adopté officiellement « le Guide de candidature, ouvrant la voie à la série de 2026 », comme le rapporte Abondance. Dans son communiqué, l’ICANN explique que ce guide « définit les exigences et les procédures applicables à toute entité posant une candidature à un gTLD ».

Désormais, le calendrier se resserre : « le Guide de candidature doit être mis à disposition au moins quatre mois avant l’ouverture de la fenêtre de candidature. L’adoption par le Conseil d’administration lors de la réunion ICANN84 a pour effet que l’organisation ICANN (ICANN org) est chargée de publier le guide au plus tard le 30 décembre 2025 ».

Lors du Summit d’OVHcloud nous avons demandé aux équipes en charge des noms de domaine si un accompagnement des clients souhaitant se lancer dans des .marques était prévu. Le sujet est discuté en interne, mais rien n’est acté pour l’instant.

En attendant, une version non finalisée du guide est disponible à cette adresse (pdf de 440 pages). L’Afnic rappelle les couts qui « représentent certes un investissement au démarrage, mais qui doivent être analysés à la lumière des économies et des bénéfices générés » : 227 500 dollars de frais de dossier pour le dépôt initial la première année, puis à partir de 25 000 dollars par an. Il faut ajouter des coûts techniques variables. Les entités intéressées peuvent contacter l’Afnic pour un accompagnement.

• Interview de Kurtis Lindqvist (ICANN) : entre nouvelles extensions et gouvernance houleuse

Memtest86+ est un nom qui rappelle certainement des souvenirs aux moins jeunes d’entre nous. Ce petit utilitaire permet de tester de fond en comble la mémoire d’un ordinateur. Il est revenu sur le devant de la scène en 2022 avec une nouvelle version entièrement réécrite. La première nouvelle version était la 6.00 publiée en octobre 2022. En janvier 2024, la 7.00 était mise en ligne.

Et c’est maintenant au tour de Memtest86+ 8.00 de débarquer. Les notes de versions sont assez peu détaillées puisqu’elles indiquent simplement la prise en charge des « derniers processeurs Intel et AMD ».

Des correctifs sur la DDR5 sont de la partie, avec aussi les informations sur la température. Un mode sombre est aussi proposé en option. Tous les détails et les téléchargements sont disponibles dans ce dépôt GitHub. Vous pouvez également passer par le site officiel.

En avril 2026 se déroulera le deuxième tour des extensions personnalisées de noms de domaine, les .marques. Lors du premier tour, plusieurs centaines d’entités avaient répondu présentes. Nous pouvons par exemple citer les extensions .leclerc, .bnpparibas, .lancaster, .sncf, .google, ainsi que des extensions géographiques comme les .paris, .bzh, .alsace, etc.

Au début du mois, le Conseil d’administration de l’ICANN a adopté officiellement « le Guide de candidature, ouvrant la voie à la série de 2026 », comme le rapporte Abondance. Dans son communiqué, l’ICANN explique que ce guide « définit les exigences et les procédures applicables à toute entité posant une candidature à un gTLD ».

Désormais, le calendrier se resserre : « le Guide de candidature doit être mis à disposition au moins quatre mois avant l’ouverture de la fenêtre de candidature. L’adoption par le Conseil d’administration lors de la réunion ICANN84 a pour effet que l’organisation ICANN (ICANN org) est chargée de publier le guide au plus tard le 30 décembre 2025 ».

Lors du Summit d’OVHcloud nous avons demandé aux équipes en charge des noms de domaine si un accompagnement des clients souhaitant se lancer dans des .marques était prévu. Le sujet est discuté en interne, mais rien n’est acté pour l’instant.

En attendant, une version non finalisée du guide est disponible à cette adresse (pdf de 440 pages). L’Afnic rappelle les couts qui « représentent certes un investissement au démarrage, mais qui doivent être analysés à la lumière des économies et des bénéfices générés » : 227 500 dollars de frais de dossier pour le dépôt initial la première année, puis à partir de 25 000 dollars par an. Il faut ajouter des coûts techniques variables. Les entités intéressées peuvent contacter l’Afnic pour un accompagnement.

• Interview de Kurtis Lindqvist (ICANN) : entre nouvelles extensions et gouvernance houleuse

Memtest86+ est un nom qui rappelle certainement des souvenirs aux moins jeunes d’entre nous. Ce petit utilitaire permet de tester de fond en comble la mémoire d’un ordinateur. Il est revenu sur le devant de la scène en 2022 avec une nouvelle version entièrement réécrite. La première nouvelle version était la 6.00 publiée en octobre 2022. En janvier 2024, la 7.00 était mise en ligne.

Et c’est maintenant au tour de Memtest86+ 8.00 de débarquer. Les notes de versions sont assez peu détaillées puisqu’elles indiquent simplement la prise en charge des « derniers processeurs Intel et AMD ».

Des correctifs sur la DDR5 sont de la partie, avec aussi les informations sur la température. Un mode sombre est aussi proposé en option. Tous les détails et les téléchargements sont disponibles dans ce dépôt GitHub. Vous pouvez également passer par le site officiel.

En aout 2025, ASUS officialisait une carte "anniversaire 30 ans" de tous les extrêmes : l'ASUS GeForce RTX 5090 ROG Matrix Platinum 32GB GDDR7 30th Anniversary Edition de son nom complet. Dotée de 4 ventilateurs et d'une limite de puissance poussée à 800 W grâce à une double alimentation externe via...

Vous avez un petit budget et cherchez un processeur AM5 avec 3D V-Cache ? AMD a récemment lancé son Ryzen 5 7500X3D en France à 279€, mais, franchement, l'offre dont nous allons parler ici est tellement meilleure...Avant que l'on commence, vous pourrez trouver ce processeur encore moins cher sur Ali...

An anonymous reader shared this report from the Guardian: James and Owen were among 41 students who took a coding module at the University of Staffordshire last year, hoping to change careers through a government-funded apprenticeship programme designed to help them become cybersecurity experts or software engineers. But after a term of AI-generated slides being read, at times, by an AI voiceover, James said he had lost faith in the programme and the people running it, worrying he had "used up two years" of his life on a course that had been done "in the cheapest way possible". "If we handed in stuff that was AI-generated, we would be kicked out of the uni, but we're being taught by an AI," said James during a confrontation with his lecturer recorded as a part of the course in October 2024. James and other students confronted university officials multiple times about the AI materials. But the university appears to still be using AI-generated materials to teach the course. This year, the university uploaded a policy statement to the course website appearing to justify the use of AI, laying out "a framework for academic professionals leveraging AI automation" in scholarly work and teaching... For students, AI teaching appears to be less transformative than it is demoralising. In the US, students post negative online reviews about professors who use AI. In the UK, undergraduates have taken to Reddit to complain about their lecturers copying and pasting feedback from ChatGPT or using AI-generated images in courses. "I feel like a bit of my life was stolen," James told the Guardian (which also quotes an unidentified student saying they felt "robbed of knowledge and enjoyment".) But the article also points out that a survey last year of 3,287 higher-education teaching staff by edtech firm Jisc found that nearly a quarter were using AI tools in their teaching.

Read more of this story at Slashdot.

Since the 2022 release of memtest86+ 6.0 as a rewrite of this long-used RAM testing utility, this open-source software has continued advancing nicely after a decade hiatus. Released on Sunday night was memtest86+ 8.0 as the latest iteration of this popular RAM tester for enthusiasts...

An anonymous reader shared this report from Forbes: On November 20, at approximately 4 p.m. Eastern time, Napster held an online meeting for its shareholders; an estimated 700 of roughly 1,500 including employees, former employees and individual investors tuned in. That's when its CEO John Acunto told everyone he believed that the never-identified big investor — who the company had insisted put in $3.36 billion at a $12 billion valuation in January, which would have made it one of the year's biggest fundraises — was not going to come through. In an email sent out shortly after, it told existing investors that some would get a bigger percentage of the company, due to the canceled shares, and went on to describe itself as a "victim of misconduct," adding that it was "assisting law enforcement with their ongoing investigations." As for the promised tender offer, which would have allowed shareholders to cash out, that too was called off. "Since that investor was also behind the potential tender, we also no longer believe that will occur," the company wrote in the email. At this point it seems unlikely that getting bigger stakes in the business will make any of the investors too happy. The company had been stringing its employees and investors along for nearly a year with ever-changing promises of an impending cash infusion and chances to sell their shares in a tender offer that would change everything. In fact, it was the fourth time since 2022 they've been told they could soon cash out via a tender offer, and the fourth time the potential deal fell through. Napster spokesperson Gillian Sheldon said certain statements about the fundraise "were made in good faith based on what we understood at the time. We have since uncovered indications of misconduct that suggest the information provided to us then was not accurate." The article notes America's Department of Justice has launched an investigation (in which Napster is not a target), while the Securities and Exchange Commission has a separate ongoing investigation from 2022 into Napster's scrapped reverse merger. While Napster announced they'd been acquired for $207 million by a tech company named Infinite Reality, Forbes says that company faced "a string of lawsuits from creditors alleging unpaid bills, a federal lawsuit to enforce compliance with an SEC subpoena (now dismissed) and exaggerated claims about the extent of their partnerships with Manchester City Football Club and Google. The company also touted 'top-tier' investors who never directly invested in the firm, and its anonymous $3 billion investment that its spokesperson told Forbes in March was in "an Infinite Reality account and is available to us" and that they were 'actively leveraging' it..." And by the end, "Napster appears to have been scrambling to raise cash to keep the lights on, working with brokers and investment advisors including a few who had previously gotten into trouble with regulators.... If it turns out that Napster knew the fundraise wasn't happening and it benefited from misrepresenting itself to investors or acquirees, it could face much bigger problems. That's because doing so could be considered securities fraud."

Read more of this story at Slashdot.

Pew Research surveyed 5,022 Americans this year (between February 5 and June 18), asking them "do you ever use" YouTube, Facebook, and nine of the other top social media platforms. The results? YouTube 84% Facebook 71% Instagram 50% TikTok 37% WhatsApp 32% Reddit 26% Snapchat 25% X.com (formerly Twitter) 21% Threads 8% Bluesky 4% Truth Social 3% An announcement from Pew Research adds some trends and demographics: The Center has long tracked use of many of these platforms. Over the past few years, four of them have grown in overall use among U.S. adults — TikTok, Instagram, WhatsApp and Reddit. 37% of U.S. adults report using TikTok, which is slightly up from last year and up from 21% in 2021. Half of U.S. adults now report using Instagram, which is on par with last year but up from 40% in 2021. About a third say they use WhatsApp, up from 23% in 2021. And 26% today report using Reddit, compared with 18% four years ago. While YouTube and Facebook continue to sit at the top, the shares of Americans who report using them have remained relatively stable in recent years... YouTube and Facebook are the only sites asked about that a majority in all age groups use, though for YouTube, the youngest adults are still the most likely to do so. This differs from Facebook, where 30- to 49-year-olds most commonly say they use it (80%). Other interesting statistics: "More than half of women report using Instagram (55%), compared with under half of men (44%). Alternatively, men are more likely to report using platforms such as X and Reddit." "Democrats and Democratic-leaning independents are more likely to report using WhatsApp, Reddit, TikTok, Bluesky and Threads."

Read more of this story at Slashdot.

Theia crashed into earth and formed the moon, the theory goes. But then where did Theia come from? The lead author on a new study says "The most convincing scenario is that most of the building blocks of Earth and Theia originated in the inner Solar System. Earth and Theia are likely to have been neighbors." Though Theia was completely destroyed in the collision, scientists from the Max Planck Institute for Solar System Research led a team that was able to measure the ratio of tell-tale isotopes in Earth and Moon rocks, Euronews explains: The research team used rocks collected on Earth and samples brought back from the lunar surface by Apollo astronauts to examine their isotopes. These isotopes act like chemical fingerprints. Scientists already knew that Earth and Moon rocks are almost identical in their metal isotope ratios. That similarity, however, has made it hard to learn much about Theia, because it has been difficult to separate material from early Earth and material from the impactor. The new research attempts a kind of planetary reverse engineering. By examining isotopes of iron, chromium, zirconium and molybdenum, the team modelled hundreds of possible scenarios for the early Earth and Theia, testing which combinations could produce the isotope signatures seen today. Because materials closer to the Sun formed under different temperatures and conditions than those further out, those isotopes exist in slightly different patterns in different regions of the Solar System. By comparing these patterns, researchers concluded that Theia most likely originated in the inner Solar System, even closer to the Sun than the early Earth. The team published their findings in the journal Science. Its title? "The Moon-forming impactor Theia originated from the inner Solar System."

Read more of this story at Slashdot.

Linux 6.18-rc7 just arrived in the Git tree as the newest weekly test build leading up to Linux 6.18 stable hopefully debuting next Sunday, 30 November...

In October cryptologist/CS professor Daniel J. Bernstein alleged that America's National Security Agency (and its UK counterpart GCHQ) were attempting to influence NIST to adopt weaker post-quantum cryptography standards without a "hybrid" approach that would've also included pre-quantum ECC. Bernstein is of the opinion that "Given how many post-quantum proposals have been broken and the continuing flood of side-channel attacks, any competent engineering evaluation will conclude that the best way to deploy post-quantum [PQ] encryption for TLS, and for the Internet more broadly, is as double encryption: post-quantum cryptography on top of ECC." But he says he's seen it playing out differently: By 2013, NSA had a quarter-billion-dollar-a-year budget to "covertly influence and/or overtly leverage" systems to "make the systems in question exploitable"; in particular, to "influence policies, standards and specification for commercial public key technologies". NSA is quietly using stronger cryptography for the data it cares about, but meanwhile is spending money to promote a market for weakened cryptography, the same way that it successfully created decades of security failures by building up the market for, e.g., 40-bit RC4 and 512-bit RSA and Dual EC. I looked concretely at what was happening in IETF's TLS working group, compared to the consensus requirements for standards-development organizations. I reviewed how a call for "adoption" of an NSA-driven specification produced a variety of objections that weren't handled properly. ("Adoption" is a preliminary step before IETF standardization....) On 5 November 2025, the chairs issued "last call" for objections to publication of the document. The deadline for input is "2025-11-26", this coming Wednesday. Bernstein also shares concerns about how the Internet Engineering Task Force is handling the discussion, and argues that the document is even "out of scope" for the IETF TLS working group This document doesn't serve any of the official goals in the TLS working group charter. Most importantly, this document is directly contrary to the "improve security" goal, so it would violate the charter even if it contributed to another goal... Half of the PQ proposals submitted to NIST in 2017 have been broken already... often with attacks having sufficiently low cost to demonstrate on readily available computer equipment. Further PQ software has been broken by implementation issues such as side-channel attacks. He's also concerned about how that discussion is being handled: On 17 October 2025, they posted a "Notice of Moderation for Postings by D. J. Bernstein" saying that they would "moderate the postings of D. J. Bernstein for 30 days due to disruptive behavior effective immediately" and specifically that my postings "will be held for moderation and after confirmation by the TLS Chairs of being on topic and not disruptive, will be released to the list"... I didn't send anything to the IETF TLS mailing list for 30 days after that. Yesterday [November 22nd] I finished writing up my new objection and sent that in. And, gee, after more than 24 hours it still hasn't appeared... Presumably the chairs "forgot" to flip the censorship button off after 30 days. Thanks to alanw (Slashdot reader #1,822) for spotting the blog posts.

Read more of this story at Slashdot.

Wayland Protocols 1.46 released this evening with new experimental protocols for text improvements as well as refinements to the color management protocol for HDR...

"Three years ago, Google removed JPEG XL support from Chrome, stating there wasn't enough interest at the time," writes the blog Windows Report. "That position has now changed." In a recent note to developers, a Chrome team representative confirmed that work has restarted to bring JPEG XL to Chromium and said Google "would ship it in Chrome" once long-term maintenance and the usual launch requirements are met. The team explained that other platforms moved ahead. Safari supports JPEG XL, and Windows 11 users can add native support through an image extension from Microsoft Store. The format is also confirmed for use in PDF documents. There has been continuous demand from developers and users who ask for its return. Before Google ships the feature in Chrome, the company wants the integration to be secure and supported over time. A developer has submitted new code that reintroduces JPEG XL to Chromium. This version is marked as feature complete. The developer said it also "includes animation support," which earlier implementations did not offer.

Read more of this story at Slashdot.

"Fresh from announcing it is building an AI browsing mode in Firefox and laying the groundwork for agentic interactions in the Firefox 145 release, the corp arm of Mozilla is now flexing its AI muscles in the direction of those more likely to care," writes the blog OMG Ubuntu: If you're a developer building AI agents, you can sign up to get early access to Mozilla's TABS API, a "powerful web content extraction and transformation toolkit designed specifically for AI agent builders"... The TABS API enables devs to create agents to automate web interactions, like clicking, scrolling, searching, and submitting forms "just like a human". Real-time feedback and adaptive behaviours will, Mozilla say, offer "full control of the web, without the complexity." As TABS is not powered by a Mozilla-backed LLM you'll need to connect it to your choice of third-party LLM for any relevant processing... Developers get 1,000 requests monthly on the free tier, which seems reasonable for prototyping personal projects. Complex agentic workloads may require more. Though pricing is yet to be locked in, the TABS API website suggests it'll cost ~$5 per 1000 requests. Paid plans will offer additional features too, like lower latency and, somewhat ironically, CAPTCHA solving so AI can 'prove' it's not a robot on pages gated to prevent automated activities. Google, OpenAI, and other major AI vendors offer their own agentic APIs. Mozilla is pitching up late, but it plans to play differently. It touts a "strong focus on data minimisation and security", with scraped data treated ephemerally — i.e., not kept. As a distinction, that matters. AI agents can be given complex online tasks that involve all sorts of personal or sensitive data being fetched and worked with.... If you're minded to make one, perhaps without a motivation to asset-strip the common good, Mozilla's TABS API look like a solid place to start.

Read more of this story at Slashdot.