August 12

WEEKLY NEWSLETTER 14 - 19 AUGUST 2023

Hello and Welcome,

Meetings This Week

2023/08/15 — 10:00-12:00 — August, Tue — Tuesday Group

2023/08/19 — 14:00-16:00 — August, Sat — Web Design

Meetings Next Week

NO MEETINGS

Schedule of Current & Upcoming Meetings

First Tuesday  18:00-20:00 — Main Meeting

First Saturday 13:00-14:00 — Penrith Group

Second Tuesday 18:00-20:00 — Programming

Third Tuesday  10:00-12:00 — Tuesday Group

Third Saturday 14:00-16:00 — Web Design

----------

Go to the official Sydney PC Calendar for this month's meeting details.

----------

Penrith meetings are held every 2nd month on the 1st Saturday from 1-2 pm.
The following meetings are in September and November 2023.

ASCCA News:

Tech News:

Android to Warn of Nefarious AirTag Tracking

See the InfoPackets article by John Lister on August 8, 2023, at 03:08 pm EDT.

Android users can now get warnings if a tracking device such as an Apple AirTag may be targeting them. The alerts were already available on iPhones, but Google and Apple are now working together, albeit with some holdups.

An Apple AirTag is a small device that emits a Bluetooth signal. The idea is to attach it to valuable or essential items such as keys, purses or luggage. Around a billion Apple devices are set to scan for the signals and anonymously report the location and identity of the AirTags, meaning that owners can track down lost items with varying degrees of precision.

Apple's AirTag

Like most tech, it was soon abused, with reports of stalkers sneakily hiding an AirTag in clothes or bags belonging to a victim, letting them track the victim's movements without the victim knowing what was happening. Another recent and nefarious use of AirTags includes car thieves that mark, monitor and steal expensive cars at a more convenient time for the thief.

Audible Alerts Can Track Down Tracker

Apple has recently built-in a countermeasure that means iPhones will detect when they are moving from location to location and an unknown AirTag is making the same journey. In such a case, iPhone users will get an alert on their phones. If they cannot find the AirTag after a while, the AirTag will emit an alert sound.

After negotiating with Apple and Google, the alerts will now work on Android 6 or later phones. As well as getting on-screen notifications, users can go into the "Safety & Emergency" menu to carry out a manual scan of nearby AirTags or to see a record of any devices detected in the past 48 hours. (Source: androidpolice.com)

If users find the AirTag, they can hold it near their phone for more details. Depending on the device, the user can discover the tracker's serial number or the final four digits of the phone number belonging to the tracker's owner.

Google Building Own Network

Google plans to build its own tracking device network, using Android phones to anonymously relay locations to tracker owners, similar to how iPhones help track AirTags. However, Google says it wants to join forces with Apple so that the two networks interact, making both more useful.

Google now says that its network, originally planned to launch this summer, is on hold while it waits for Apple to implement additional protections against unknown tracking devices. (Source: blog.google)

Read More »

Zoom was forced to modify Ts&Cs after data used for AI spotted

See the iTWire article by Sam Varghese | Tuesday, 08 August 2023, at 07:38 am.

The Face of AI

Online communications software provider Zoom has been forced to clarify its terms of service after it was noticed that a change, said to be in March, appeared to say data from calls could be used to train the company's AI.

The changes were first noticed and highlighted on the Hacker News forum [ "Zoom terms now allow training AI on user content with no opt out (zoom.us)" — Ed. ].

Hacker Forum user comment:

westcort:

Thankfully nothing like this is in Jitsi Meet's TOS: https://jitsi.org/meet-jit-si-terms-of-service/

It never ceases to amaze me how companies choose the worst software!

An addition to the ToS on Monday says: "Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent." Apart from that, the terms remain the same.

Exactly which part of the ToS will hold in the event of a legal stoush over the use of customer data remains to be seen.

Zoom does not mention what it can do with what it calls "service-generated data", which it gets from analysing the content and behaviour of customers. This includes data on telemetry and usage, among others.

Twitter from Gabriella Coleman:

Well, time to retire ZOOM, which wants to use/abuse you to train its AI.

In a blog post, chief product officer Smita Hashim wrote: "...there is specific information about how our customers in the aggregate use our product — telemetry, diagnostic data, etc. This is commonly known as service-generated data."

"We wanted to be transparent that we consider this to be our data so that we can use service-generated data to make the user experience better for everyone on our platform."

Additionally, the company says: "...if we provide value-added services (such as a meeting recording), we would be able to do so without questions of usage rights. The customer still owns the meeting recording, and we have a licence to that content to deliver the recording service."

"An example of a machine learning service for which we need licence and usage rights is our automated scanning of webinar invites/reminders to make sure that we aren't unwittingly being used to spam or defraud participants."

"The customer owns the underlying webinar invite, and we are licensed to provide the service on top of that content. For AI, we do not use audio, video, or chat content for training our models without customer consent."

Hashim says of its generative AI features: "We recently introduced two powerful generative AI features — Zoom IQ Meeting Summary and Zoom IQ Team Chat Compose — on a free trial basis to enhance your Zoom experience. These features offer automated meeting summaries and AI-powered chat composition. Zoom account owners and administrators control whether to enable these AI features for their accounts."

"When you enable Zoom IQ Meeting Summary or Zoom IQ Team Chat Compose, you will also be presented with a transparent consent process for training our AI models using your customer content. Your content is used solely to improve the performance and accuracy of these AI services. And even if you choose to share your data, it will not be used to train any third-party models."

Read More »

SolarWinds attackers, now called Midnight Blizzard, take aim at Teams

See the iTWire article by Sam Varghese | Monday, 07 August 2023, at 09:42 am.

The group of attackers revealed to have compromised SolarWinds Orion monitoring software back in December 2020 are claimed to be back again, and Microsoft has given them a new name to boot.

At the time, when both FireEye and Microsoft identified the attack group, the latter called it Nobelium. In a post dated 2 August, Microsoft Threat Intelligence gave it a new name: Midnight Blizzard. No reason was given for the new name, although it is notable that Microsoft Threat Intelligence in December 2020 also had a different name, Microsoft Threat Intelligence Centre.

The group — call it Nobelium, or Midnight Blizzard — is now claimed to have attacked compromised Microsoft 365 tenants owned by small businesses and created new domains that posed as tech support entities.

It then sent Teams messages to try and steal credentials leveraging multi-factor authentication.

Microsoft said 40 organisations had been affected by these global attacks but did not provide names.

In its post, the MTI said: "The organisations targeted in this activity likely indicate specific espionage objectives by Midnight Blizzard directed at government, non-government organisations, IT services, technology, discrete manufacturing, and media sectors."

"Microsoft has mitigated the actor from using the domains and continues to investigate this activity and work to remediate the impact of the attack."

The post about this group was issued on the same day Tenable chairman and chief executive Amit Yoran published a post on LinkedIn claiming that Microsoft was notified in March about a critical flaw in its Azure platform but took more than 90 days to effect only a partial fix.

Microsoft has since claimed it has completely fixed this issue; Yoran has said he has no way to verify such a claim, saying, in part: "When we find vulnerabilities in other products, vendors usually inform us of the fix so we can validate it effectively. That doesn't happen with Microsoft Azure, so it's a black box, which is also part of the problem. The 'just trust us' lacks credibility when you have the current track record."

Regarding its claims about Midnight Blizzard, aka Nobelium, MTI said the actor has "either obtained valid account credentials for the users they are targeting, or they are targeting users with passwordless authentication configured on their account" — both of which require the user to enter a code that is displayed during the authentication flow into the prompt on the Microsoft Authenticator app on their mobile device.

"After attempting to authenticate to an account where this form of MFA is required, the actor is presented with a code that the user would need to enter in their authenticator app. The user receives the prompt for code entry on their device. The actor then sends a message to the targeted user over Microsoft Teams, eliciting the user to enter the code into the prompt on their device."

The MTI post provided a list of ways by which one could avoid getting taken advantage of by these attackers.

Read More »

Fun Facts:

Nuclear Fusion Breakthrough at the University of California, Berkeley

See the 5m40s YouTube video by CBS NEWS, 8th August 2023.

Benefits of Nuclear Fusion

In December 2022, California scientists achieved a breakthrough — a nuclear fusion reaction that produced more energy than was used to create it.

Scientists have done it again; now their results produce even more energy. Professor Peter Hosemann, chair of nuclear and mechanical engineering at the University of California, Berkeley, joins CBS News to discuss the implications of this accomplishment.

...

Fusion Reactors summarised by Sabine Hossenfelder

See the 30m0s YouTube video by Sabine Hossenfelder.

The Fusion BREAKTHROUGH announced in the past few days was analysed by Sabine.

Nuclear Fusion — a Long Way Off

The announcement by the University of California, Berkeley Labs says, "Energy Out vs Energy In is about 1.6 times."

They talk about the relative energy in the reaction itself.

"To quantify how well this works, scientists use the "gain" normally denoted with the letter "Q". It's the ratio of energy out over energy in. So, a gain larger than one means more out than in, and that's what we want to reach."

"However, as I explained in an earlier video, the scientists and engineers who work on nuclear fusion are often interested in what goes on in the reaction, so they will instead quote the energy that goes into and comes out of the reaction. But the gain factor from the reaction alone does not consider the energy required to power the entire equipment. The total gain is often considerably smaller than the gain from the nuclear reaction alone. So you have to be careful with interpreting the numbers they quote."

"Nuclear fusion isn't all sunny. It does have some downsides. For example, it creates radioactivity. Mostly that's the material near the reaction which gets irradiated with neutrons. This is why nuclear fusion reactors must be heavily shielded. But this radioactivity is short-lived and will decay to background level within a few decades. [ A FEW DECADES! — Ed. ] Nuclear fusion *does create some radioactive waste, but it is easier to handle than that produced by *splitting atomic nuclei."

"The current biggest problem is that a total gain larger than one has yet to be achieved. Reaching it is the major challenge that all nuclear fusion startups must solve."

...

User Comments:

@MazelTovCocktail

This is super exciting, tbh. There is a lot of interest and exploration happening right now. And since computational power is reaching pretty crazy levels and AI is becoming a reality, I hope we can improve and optimize these things and make something work.

@cristallo666

What a fantastic overview, exceptionally well-documented and precise! Tokamaks and stellarators are in a more advanced status than the other approaches pursued by private companies. Still, I look forward to seeing the progress in those different directions. The more, the better at this point; the best approach to fusion energy is still to be found.

@The_Viscount

I like Helion. One of their ideas is to have two separate reactor setups. One will produce Helium 3 exclusively. The other will be used for power production.

If the 30m47s video on Helion by Real Engineering is accurate, they're already making repeatable, reliable fusion reactions.

...

— Ed.

Meeting Location & Disclaimer

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — Subscribe — Unsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk of accuracy and subsequent use of its contents.