Security and Proprietary Failures

• Security updates for Friday

  Security updates have been issued by Debian (python-pysaml2 and redis), Fedora (buildah, containernetworking-plugins, containers-common, libmysofa, libpq, podman, postgresql, skopeo, xen, and xterm), openSUSE (nghttp2), Oracle (firefox and thunderbird), SUSE (glibc, ImageMagick, python-Jinja2, and salt), and Ubuntu (python2.7, python2.7, python3.4, python3.5, python3.6, python3.8, and tiff).

• DHS Secretary Mayorkas announces new initiative to fight 'epidemic' of cyberattacks [iophk: Windows TCO]

  Homeland Security Secretary Alejandro Mayorkas on Thursday announced new funding and initiatives to prioritize the nation’s cybersecurity, particularly in order to confront what he described as an “epidemic” of ransomware attacks.

  Mayorkas announced during a virtual speech that current cybersecurity grants from the Federal Emergency Management Agency would be increased by $25 million across the nation and that the Department of Homeland Security (DHS) was evaluating further cyber grants to help the Cybersecurity and Infrastructure Security Agency (CISA) assist state and local governments.

• Google Discloses Details of Remote Code Execution Vulnerability in Windows

  The flaw, tracked as CVE-2021-24093, was patched by Microsoft on February 9 with its Patch Tuesday updates. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft.

  A CVSS score of 8.8 has been assigned to the vulnerability, but Microsoft has rated it critical for all affected operating systems. The list includes Windows 10, Windows Server 2016 and 2019, and Windows Server.

• VMWare Patches Critical RCE Flaw in vCenter Server

  The vulnerability, one of three patched by the company this week, could allow threat actors to breach the external perimeter of a data center or leverage backdoors already installed to take over a system.

• How $100M in Jobless Claims Went to Inmates

  The U.S. Labor Department’s inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That’s a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud.

• Microsoft Failed to Shore Up Defences That Could Have Limited SolarWinds Hack, US Senator Says

  Microsoft's failure to fix known problems with its cloud software facilitated the massive SolarWinds hack that compromised at least nine federal government agencies, according to security experts and the office of US Senator Ron Wyden. A vulnerability first publicly revealed by researchers in 2017 allows hackers to fake the identity of authorized employees to gain access to customers' cloud services. The technique was one of many used in the SolarWinds hack. Wyden, who has faulted tech companies on security and privacy issues as a member of the Senate Intelligence Committee, blasted Microsoft for not doing more to prevent forged identities or warn customers about it.

• Apple Releases macOS Big Sur 11.2.2 to Prevent MacBooks From Being Damaged by Third-Party Non-Compliant Docks

  Many of the complaints were from M1 Mac users who had a MacBook Pro or a ‌MacBook Air‌, but Apple's release notes suggest other models were affected as well.

• Apple releases macOS update to prevent damage from third-party docks and dongles

  Most of the issues seemed to come from using a third-party dock, and while some of them seem to be from pretty obscure brands, there are a few recognizable ones that are reported to have killed laptops. For its part, Apple calls them “non-compliant powered USB-C hubs and docks” in the new update’s notes.

Audiocasts/Shows: Self-Hosted, KVM, and XMonad Config

• We run Arch BTW | Self-Hosted 39

  Our favorite LastPass alternative, why more boxes might be better than one, and we confess to an undying love.

• The TinyPilot KVM - An open-source network KVM

  I've been looking for a network-enabled KVM for a while now, and I think I found a really good one - the TinyPilot! In this video, I take a look at this KVM to see how easy it is to set up and use.

• Explaining Everything In My XMonad Config

  In this lengthy video, I am going to go over my Xmonad configuration file. My config file is massive, including a lot of code that I don't even use myself, but I keep this massive config as a reference manual for others to look at.

Android Leftovers

• Alphabet Scoop 113: Android 12 so far - 9to5Google

• Podcast: Android 12 Could Be Big

• Samsung Galaxy Tab S7 Lite 5G With Android 11 Reportedly Spotted on Geekbench | Technology News

• The Nokia smartphone portfolio welcomes Android 11 | TechCabal

• T-Mobile rolls out the first Android 11 update for a US carrier-specific 5G LG phone - PhoneArena

• OPPO A91 Android 11 based ColorOS 11 beta registrations now open - Gizchina.com

• Best Emulators on Android 2021 | Best apps to play ROMs - GameRevolution

• The Best Android VPN apps: ExpressVPN, Surfshark, NordVPN, and more!

• 2 Ways to Schedule SMS Text Messages on Your Android Phone – Gadgets To Use

• Seven OxygenOS features we hope to see in stock Android someday

• Twitter Spaces now available for some Android users

• Hands-on with Stellantis’ new Android-based Uconnect 5 infotainment | Ars Technica

• Huawei Ditches Google: The Cool New Android Alternative Is Almost Here

• Google Recorder Android app can now backup your recordings (and transcripts) to the web - Liliputing

• Want to become an app developer? Here are the best Android coding courses on sale today.

• HBO Max is getting more living-room friendly with Android TV and Chromecast enhancements

• How to Send Apps Between Android Devices

• problem with Android File Transfer - Big Sur | MacRumors Forums

Wayland KDE X11

These days, I often hear a lot about Wayland. And how much of effort is being put into it; not just by the Embedded world but also the usual Desktop systems, namely KDE and GNOME. In recent past, I switched back to KDE and have been (very) happy about the switch. Even though the KDE 4 (and initial KDE 5) debacle had burnt many, coming back to a usable KDE desktop is always a delight. It makes me feel home with the elegance, while at the same time the flexibility, it provides. It feels so nice to draft this blog article from Kwrite + VI Input Mode Thanks to the great work of the Debian KDE Team, but Norbert Preining in particular, who has helped bring very up-to-date KDE packages into Debian. Right now, I’m on a Plamsa 5.21.1 desktop, which is recent by all standards.