July 29

WEEKLY NEWSLETTER 31 JULY - 5 AUGUST 2023

Hello and Welcome,

Meeting This Week

2023/08/01 — 18:00-20:00 — August, Tue — Main Meeting

Meeting Next Week

2023/08/08 — 18:00-20:00 — August, Tue — Programming

Schedule of Current & Upcoming Meetings

First Tuesday  18:00-20:00 — Main Meeting

First Saturday 13:00-14:00 — Penrith Group

Second Tuesday 18:00-20:00 — Programming

Third Tuesday  10:00-12:00 — Tuesday Group

Third Saturday 14:00-16:00 — Web Design

----------

Go to the official Sydney PC Calendar for this month's meeting details.

----------

Penrith meetings are held every 2nd month on the 1st Saturday from 1-2 pm.
The following meetings are in September and November 2023.

ASCCA News:Tech News:

You Can Get This Free Crypto — If the 'Orb' Scans Your Eye

See the Wired Article by Gian M. Volpicelli, a former WIRED senior writer | OCT 21, 2021, at 5:33 pm.

Worldcoin's backers see it as a potential first step to a universal basic income.

A New Worldcoin

SAM ALTMAN WANTS to give every person on the planet free money — or rather, free cryptocurrency. It's a lofty goal that commands a lofty name: Worldcoin. Cofounded by Altman earlier this year, and the project has raised $25 million from grandees such as Andreessen Horowitz and Coinbase Ventures. It's part crypto buzz, part financial inclusion dream — and Altman believes that by piggybacking on the network effect of doling out a bit of the pie to every human on Earth, WorldCoin could evolve into a global, fairly distributed electronic currency.

Altman, who runs the AI research outfit OpenAI and was the CEO of Silicon Valley accelerator Y Combinator, says the concept is untested. "A lot of elementary school kids have thought that [to give free money to everyone] is a good idea," Altman says. "But as far as I know, there have been no more serious plans than that." The company has now exited stealth mode and released some extremely bold estimates on how many people it thinks will be claiming its Worldcoin: 1 billion in less than two years. Altman believes this might be the first step toward something more ambitious. "It could show the world a new way to think about — a prototype of UBI."

According to Worldcoin's promotional material, the company was born out of a belief that cryptocurrency technology, if adopted at a global level, "would open social and economic doors for billions of people" — and that's where the UBI, or universal basic income, comes in. But right now, the argument goes, the adoption of mainstream cryptocurrencies such as Bitcoin and Ethereum is not global. Research by blockchain analytics company tripleA calculated that 300 million people, or 3.9 per cent of the world's population, own some crypto as of 2021. And the distribution is certainly not fair, with a small group of mighty, heavy-hitting "whales" controlling at least 70 per cent of the global Bitcoin supply. In contrast, Altman says, Worldcoin would be a "fair coin" and a "chance to build the biggest financial network ever."

All you'll have to do to get your Worldcoin freebie — whose value, as always with crypto, will be determined by the meeting of supply and demand once the coin is launched and listed on online exchanges — is have your eyes scanned. To make sure that every person gets only their fair share of Worldcoin, the company has created a spherical device called the Orb that checks people's unique iris patterns to verify whether they have a right to some coins. The company will distribute thousands of such devices to entrepreneurs across the globe, who will themselves be in charge of finding people to eye-scan and endow with Worldcoin — and who will get a Worldcoin reward for each person they enrol.

The Orb

Iris scanning has been picked as a "proof of personhood" method, according to Worldcoin, because of the low rate of false negatives and positives (in other words, irises are more unique than other biological measurements). But the choice, alongside the vaguely ominous appearance of the Orbs, is bound to trigger endless eye-rolling — an unavoidable pun — and suspicions about another California tech company being after your data.

Altman, however, says that the system is secure and that the company will not be storing user data. Every picture of an iris will be converted into a digital code, called an IrisHash, which will be held in Worldcoin's database to check against future IrisHashes and deny coins to known users; the pictures themselves will be erased from the database. "We take a picture of your irises, we don't even store it, we calculate a code from it, the code is uploaded, but the image never is," Altman says. "We don't know any more information about you than that image."

...

Altman has long been a fan of creating some universal basic income and how cryptocurrency could help bring that about. Earlier this year, he took that up a notch, floating the idea that a global UBI could be funded by profits generated by a powerful artificial general intelligence, or AGI. That elicited outrage from critics who regarded Altman's vision as a Silicon Valley dystopia. Microsoft Research economist Glen Weyl tweeted that Altman's proposal "epitomizes the AI ideology that I believe is the most dangerous force in the world today."

Altman says Worldcoin could play a role in making that vision come true. "I want to be clear: This is pure speculation. We've no specific plans for any of this," he says. "But you could imagine doing something like the Worldcoin distribution to identify everybody on Earth and then give them a UBI [created by] AGI's profits."

Read More »

Apple threat to pull Facetime and iMessage from the UK if law changes made

See the iTWire article by Sam Varghese | Friday, 21 July 2023, at 08:12 am.

Apple has threatened to withdraw services like iMessage and FaceTime from the UK if it is forced to implement measures around encryption by the government.

A BBC report said the new powers sought were part of an update to the 2016 Investigatory Powers Act.

Under the proposed changes, London would require all security features to be cleared by the Home Office before implementation. The government could also have security features disabled without informing the public.

The UK is not the only country trying to place curbs on encryption. The EU cites child sexual abuse as an argument to weaken the use of end-to-end encryption through a law named the Child Sexual Abuse Regulation.

The EU law has drawn opposition from 390 scientists and researchers from 34 countries, who have, in a letter, said while they back the bid to curb child sexual abuse and exploitation, they oppose how this law will affect that.

In 2018, Australia passed a law that enabled the authorities to issue technical assistance requests, technical assistance notices and technical capability notices to get past encryption.

The TCN is one way listed in the legislation whereby law enforcement can get the industry to aid in breaking encryption. A TAR allows for voluntary help by a company; its staff will be given civil immunity from prosecution. An interception agency can then issue a TAN to make a communications provider offer assistance based on existing functionality.

Though amendments were proposed and some reviews undertaken, changes have yet to be made to the law passed in December of that year.

Apart from Apple, the Facebook-owned WhatsApp and the messaging app Signal have also opposed the proposed changes to the Investigatory Powers Act.

The Act allows authorities to store Internet browsing records for a year and provides the bulk collection of personal data.

In June, the British Government opened an eight-week consultation on the proposed changes. That period ends on 31 July.

Apple has said it would oppose changes to security features for any one country, which would weaken encryption for all its users. It has also been noted that changes would sometimes have to be made via a software update, which could not be hidden from users.

Back in March, Meredith Whittaker, president of the Signal Foundation, said in a statement: "The Signal Protocol has become the foundation for end-to-end encryption technology that is used and trusted by many private messaging services to protect billions of messages every day."

"We recognise that privacy is a human right and that free expression and the ability to dissent are fundamental to a safe and vibrant society. But the current state of the Online Safety Bill in the UK puts the future of privacy and expression in grave jeopardy."

Read More »

Microsoft expands logging access but holds back some premium features

See the iTWire article by Sam Varghese | Thursday, 20 July 2023, at 10:45 am.

Security Logs

Stung by the criticism of both vendors and security practitioners over the lack of logs to analyse a recent breach of its cloud service, Microsoft has backed down to some extent on charging customers for providing access to logging services.

But the company has still held back on providing full logging access, saying: "Additional Audit Premium features [which] include longer default retention periods and automation support for importing log data into other tools for analysis" would have to be bought.

As iTWire reported, well-known American security expert Jake Williams, a former NSA elite hacker, weighed in on the breach at several government agencies, saying it was unacceptable that any security provider should charge a logging tax.

He was referring to a report about Volexity security expert Steven Adair saying he could not find details about a client's breached email account because of a lack of logs.

Microsoft provides basic logging with its products, but customers have to pay more to obtain comprehensive logs.

On Wednesday, Vasu Jakkal, corporate vice president for Security, Compliance, Identity and Management, said in a blog post that cloud logging accessibility and flexibility would be expanded.

"Over the coming months, we will include access to wider cloud security logs for our worldwide customers at no additional cost," she said. "As these changes take effect, customers can use Microsoft Purview Audit to centrally visualise more types of cloud log data generated across their enterprise."

The breach in question was discovered by employees of the US State Department, who then informed Microsoft about it.

Microsoft's post about the breach left open the possibility that the attackers, who claimed to be from China, had managed to gain entry to the company's key management system.

Sophos security researcher Paul Ducklin had a dig at Microsoft over its lack of clarity about the breach, writing a post that he headlined, "...a tale of two semi-zero days".

Said Ducklin: "Zero-days, as you know, are security holes that the Bad Guys found first and figured out how to exploit, thus leaving no days available during which even the keenest and best-informed security teams could have patched in advance of the attacks.

"Technically, these two Storm-0558 holes [that the attackers used in the Microsoft breach] can be considered zero-days because the crooks busily exploited the bugs before Microsoft could deal with the vulnerabilities involved."

"However, given that Microsoft carefully avoided the word 'zero-day' in its coverage, and given that fixing the holes didn't require all of us to download patches, you'll see that we referred to them in the headline above as semi-zero days, and we'll leave the description at that."

Jakkal added: "As our expanded logging defaults roll out, Microsoft Purview Audit (Standard) customers will receive deeper visibility into security data, including detailed logs of email access and more than 30 other types of log data previously only available at the Microsoft Purview Audit (Premium) subscription level."

"In addition to new logging events becoming available, Microsoft is also increasing the default retention period for Audit Standard customers from 90 days to 180 days."

"Commercial and government customers with E5/G5 licenses already using Microsoft Purview Audit (Premium) will continue to receive access to all available audit logging events, including intelligent insights, which help determine the scope of potential compromise by using the Audit log search in the Microsoft Purview compliance portal and the Office 365 Management Activity API."

"Additional Audit Premium features include longer default retention periods and automation support for importing log data into other tools for analysis."

The US Cybersecurity and Infrastructure Agency welcomed the Microsoft move to offer additional logging without any extra payment.

Eric Goldstein, CISA executive assistant director for Cybersecurity, said: "While vendors can offer more comprehensive logging access at specific cloud licensing levels, this approach makes it harder to investigate intrusions.

"Asking organisations to pay more for necessary logging is a recipe for inadequate visibility into investigating cyber security incidents and may allow adversaries to have dangerous levels of success in targeting American organisations."

"That's why we applaud Microsoft's announcement to make necessary logs identified by CISA and our partners as most critical to identifying cyber-attacks available to customers without additional cost."

"While we understand it will take time to roll out such a significant step, this effort will enhance cyber defence and incident response for every Microsoft customer."

"As a founding partner in the Joint Cyber Defence Collaborative, Microsoft's decision is also a significant step toward creating a world where technology is safe and secure by design."

Read More »

Announcing Microsoft 365 Copilot pricing for commercial customers

See the Microsoft Blog by Yusuf Mehdi, Corporate Vice President & Consumer Chief Marketing Officer, and Jared Spataro, CVP Modern Work & Business Applications | Jul 18, 2023.

Bing Chat Enterprise unlocks generative AI for work. And Microsoft 365 Copilot brings a whole new way of working — reasoning over all your business data in the context of your enterprise, including the ability to ask questions and get answers from the web. Microsoft 365 Copilot will be available for commercial customers for $30 per user per month for Microsoft 365 E3, E5, Business Standard and Business Premium customers when broadly available.

Microsoft 365 Copilot is built on Microsoft's trusted and comprehensive approach to enterprise-grade security, privacy, identity, compliance and responsible AI — so you know it's enterprise-ready.

This means:

— Copilot inherits your existing Microsoft 365 security, privacy, identity and compliance policies.

— Your data is logically isolated and protected within your Microsoft 365 tenant and always within your control.

— At the tenant level, Copilot respects individual and group permission policies.

While some generative AI apps focus on a single capability, like real-time transcription or copywriting, Microsoft 365 Copilot is in a class all its own. It has all the powers of Bing Chat Enterprise plus so much more. Copilot puts thousands of skills at your command and can reason over all your content and context to take on any task. It's grounded in your business data in the Microsoft Graph — all your emails, calendar, chats, documents, etc. So, Copilot can generate an update from the morning's meetings, emails and chats to send to the team, get you up to speed on project developments from the last week, or create a SWOT analysis [ strengths, weaknesses, opportunities & threats — Ed. ] from internal files and data from the web.

Microsoft 365 Copilot is incredible on its own, and it's also integrated into the apps millions of people use every day. Copilot jump-starts your creativity in Word, analyzes data in Excel, designs presentations in PowerPoint, triages your Outlook inbox, summarizes meetings in Teams — whether you attended or not — and so much more.

In May, we announced the expansion of our Microsoft 365 Copilot paid Early Access Program to 600 enterprise customers worldwide, including companies like KPMG, Lumen, and Emirates NBD. We're learning that the more customers use Copilot, the more their enthusiasm for Copilot grows. Soon, no one will want to work without it.

Microsoft 365 Copilot: Thousands of skills. All your data. Infinite possibilities. Learn more.

Search with images — not just words — using Visual Search in Chat.

In addition to unlocking the power of generative AI to people at work, we continue to deliver new features and experiences in Bing Chat to help people make the most of this technology. Part of this work is focused on building visual elements in Bing Chat. And today, we're pleased to announce we're rolling out multimodal capabilities via Visual Search in Chat.

Leveraging OpenAI's GPT-4 model, Visual Search in Chat lets anyone upload images and search the web for related content. Take a picture, or use one you find elsewhere, and prompt Bing to tell you about it — Bing can understand the context of an image, interpret it, and answer questions about it. Whether you're travelling to a new city on vacation and asking about the architecture of a particular building or at home trying to come up with lunch ideas based on the contents of your fridge, upload the image into Bing Chat and use it to harness the web's knowledge to get you answers. Visual Search in Chat is beginning to roll out via desktop and the Bing mobile app, and we are working to bring this to Bing Chat Enterprise over time.

There is an incredible opportunity for our customers and partners to realize the promise of AI in life and at work — and do so in a way that meets the highest standards for enterprise, security, privacy, compliance and responsible AI. We're excited about what the future holds — and we're just getting started.

Read More »

Fun Facts:

Does your PIN start with a ZERO? And does it matter?

A couple of weeks ago, my Woolies shopping total came to a few dollars over the $100 PIN limit. I entered my 6-digit PIN with "02" as the first two digits.

That was rejected, so I had to wait for the Checkout guy to reset the machine.

Naturally, my second attempt was also rejected because I thought it was the fault of the checkout machine.

I was thinking, "Maybe it's because I used a PIN with a leading ZERO."

Or was it the wrong number altogether?

Anyway, I couldn't get them to take a few items out of my bags and pay for a lesser amount (without entering the PIN). They said, "Sorry, we can't do that."

At least they did allow me to give ALL the items back and go around the shop again, this time collecting only about $52 worth of goods.

Thinking about the PIN later, I realised that the digits were NOT in ascending order after all. It should have been "dd dd 02" instead.

Next day I used the ATM in the Mall next to Woolies and successfully withdrew $90. Whew! No special trip to the Bank and resetting my PIN.

Oh, and about the leading zero? Banks have NO problem accepting that — as long as you include the zero along with the other digits of the PIN.

Some internet comments that banks in Europe reject leading zeros is UNTRUE.

Anyway, my PIN does not contain a leading zero, so everybody is happy.

— Ed.

Meeting Location & Disclaimer

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — Subscribe — Unsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk of accuracy and subsequent use of its contents.