postmarketOS 21.12 Brings Support for More Devices, GNOME 41 Apps, and Sxmo on Wayland

Linux
Probably the main attraction is PINE64’s PineBook Pro ARM laptop, which now has official postmarketOS images with different interfaces, including the KDE Plasma and GNOME desktops, as well as Sway, Phosh, and Console interfaces.

postmarketOS 21.12 ships with the usual mobile-optimized Phosh (GNOME), KDE Plasma Mobile, and Sxmo interfaces. As expected, these have been updated to support the latest and greatest upstream releases.

"It Appears That LastPass Infrastructure Has Been Compromised"

  • Wladimir Palant: How did LastPass master passwords get compromised? [Ed: LastPass (clown computing/outsourcing) is for fools and willfully negligent hipsters; this is an epic disaster waiting to happen. The media is mostly relaying what the company says about its own systems without bothering to investigate the actual facts]]

    The mail is legitimate and has been sent out by the LastPass service. The location however was typically very far away from the user’s actual location, e.g. in a country like Brazil or India. Yet this isn’t merely an attempt to guess the password, as LastPass will only send a mail like this one if the correct master password is provided in the login attempt. One affected user created a thread on Hacker News and at least a dozen others chimed in with similar experiences. This indicates that a large-scale attack is underway, with the total number of affected users being quite significant. As online password managers go, a user’s master password is the most critical piece of information. So the important question is: how do the attackers know the master passwords? There are some explanation being discussed: credential stuffing, phishing, malware, LastPass compromise. As I know a thing or two about LastPass, I’ll write down how likely these are and why. TL;DR: It appears that LastPass infrastructure has been compromised, all other explanations being rather unlikely. And, surprisingly, it isn’t given that the attackers actually know these master passwords.

  • LastPass admits attack but assures master passwords are safe - Macworld
  • LastPass Claims Your Passwords Are Safe Despite Those Security Warnings It Sent | HotHardware

    LastPass is telling its users that there is no evidence to suggest their passwords have been compromised, after previously sending out emails to some users stating their master passwords have been compromised. So what exactly is going on? According to LastPass, the email warnings were "likely triggered in error."

  • LastPass Users' Master Passwords May Have Been Leaked | Beebom

    LastPass is arguably one of the popular password managers, coming with various security features for users to protect their online credentials. However, it could have been exposed to a new security breach as many users have recently reported that their master passwords might have been compromised. Here are the details.

  • LastPass users warned their master passwords are compromised

    Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations. The email notifications also mention that the login attempts have been blocked because they were made from unfamiliar locations worldwide. "Someone just used your master password to try to log in to your account from a device or location we didn't recognize," the login alerts warn.

  • LastPass: some users report compromised accounts - gHacks Tech News

    Some users of the LastPass password manager revealed this week that they have received emails from LastPass stating that logins to their accounts using the account's master password were blocked. The first of these reports was published on Hacker News.

  • LastPass users are seeing compromised Master Passwords - 9to5Google

    Password managers are a great way to improve your online security, but it would be a nightmare scenario if your password manager’s account were hacked. This week, some LastPass users report that their Master Passwords appear to have been compromised, but LastPass says things are technically working as they’re supposed to.

GNOME is Exploring a New ’Quick Settings’ Feature

I’d wager that most people find GNOME Shell easy to use out-of-the-box — after all, simplicity its part of GNOME’s calling card. But is there room for improvement? Always, and GNOME’s design team think so too. They’re exploring how to make accessing commonly used settings (like screen brightness, wireless network, and dark mode) in GNOME Shell even easier than it is now. They’ve produced a bunch of mockups and even an animation for the feature they call “quick settings”. Read more

today's howtos

  • How to run Unetbootin on Debian 11 Bullseye - Linux Shout

    UNetbootin is an open-source program to install on Windows, Linux, and macOS. It is meant to create bootable USB drives using ISO images. Here we learn the commands to run UNetbootin on Debian 11 Bullseye. The “Universal Netboot Installer” – Unetbootin for short – extracts ISO files and changes some of OS installation packages and saves them directly on a USB stick. For example, if you want to run Ubuntu in the Live environment from the USB stick or want to install the OS from the USB stick on the hard drive. Especially for users of laptops or netbooks without an optical drive, UNetbootin offers the option of installing ISO images. In the drop-down menu of this software, under “Distribution”, you will find a whole list of tools and distributions available. In addition to Ubuntu, it supports a large number of distributions, e.g. Fedora, Gentoo, Damn Small Linux, etc.

  • How to install Krita on Elementary OS 6.0 - Invidious

    In this video, we are looking at how to install Krita on Elementary OS 6.0.

  • How to install Wine 6.0.2 on a Chromebook

    Today we are looking at how to install Wine 6.0.2 or newer on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • How to run Windows software on Linux easier with Bottles

    Running Windows programs on Linux can be confusing and complicated. That’s where Bottles comes in. This program can make running Windows programs much more straightforward. Here’s how to use Bottles on your Linux PC.

When You Could Hear Security Scans

Have you ever wondered what a security probe of a computer sounded like? I’d guess probably not, because on the fact of it that doesn’t make a whole lot of sense. But there was a time when I could very clearly discern the sound of a computer being scanned. It sounded like a small mechanical heart beat: Click-click… click-click… click-click… Prior to 2010, I had a computer under my desk with what at the time were not unheard-of properties: Its storage was based on a stack of spinning metal platters (a now-antiquated device known as a “hard drive”), and it had a publicly routable IPv4 address with an unfiltered connection to the Internet. Naturally it ran Linux and an ssh server. As was common in those days, service logging was handled by a syslog daemon. The syslog daemon would sort log messages based on various criteria and record them somewhere. In most simple environments, “somewhere” was simply a file on local storage. When writing to a local file, syslog daemons can be optionally configured to use the fsync() system call to ensure that writes are flushed to disk. Practically speaking, what this meant is that a page of disk-backed memory would be written to the disk as soon as an event occurred that triggered a log message. Because of potential performance implications, fsync() was not typically enabled for most log files. However, due to the more sensitive nature of authentication logs, it was often enabled for /var/log/auth.log. Read more

