WEEKLY NEWSLETTER 18 - 23 MARCH, 2024
Hello and Welcome,
Meeting TODAY
2024/03/16 — 14:00-16:00 — March, Sat — Web Design
Trackwork is scheduled on the Blue-Mountains train-tracks today, so we'll just do with the usual Online SIG meeting.
SPCTUG Web Design Meeting
Time: Mar 16, 2024 14:00 Canberra, Melbourne, Sydney
Join Zoom Meeting
https://us02web.zoom.us/j/82634658712
Meeting ID: 826 3465 8712
Passcode: webdesign
— Steve South,
President.
Meeting This Week
2024/03/19 — 10:00-12:00 — April, Tue — Tuesday Group
Meetings Next Week
NO MEETINGS
Schedule of Current & Upcoming Meetings
First Tuesday 18:00-20:00 — Main Meeting
First Saturday 13:00-14:00 — Penrith Group
Second Tuesday 18:00-20:00 — Programming
Third Tuesday 10:00-12:00 — Tuesday Group
Third Saturday 14:00-16:00 — Web Design
----------
Go to the official Sydney PC Calendar for this month's meeting details.
----------
Penrith meetings are held every 2nd month on the 1st Saturday from 1-2 pm.
The next scheduled meetings are in May, July and September 2024.
ASCCA News:Tech News:
Australian Finance Department Data Leak
See the CyberMaterial article on February 26 2024 at 05:00.
Australian Finance Department Data Leak
The finance department of Australia faced another data breach, inadvertently sharing confidential commercial information with 236 suppliers, marking the second such incident. This breach, compounded by a similar one in November last year, has raised significant concerns about the security of government data handling processes. Shadow finance minister Jane Hume expressed worries over the breach's impact on public trust in procurement processes, hinting at potential legal ramifications for the government due to the breach's consequences.
The breach underscores the prevalence of human error in government data breaches, as highlighted by the Office of the Australian Information Commissioner's latest statistics. The federal government, back in the top five sectors hit by breaches for the first time in three years, faces challenges in identifying and responding to breaches promptly compared to other sectors. Additionally, while criminal acts typically underlie breaches, government agencies are more susceptible to breaches caused by human error, as evidenced by the recent incident.
Efforts to mitigate the fallout from the breach include attempts by the finance department to contact all affected suppliers and delete the erroneous email and attachments. Furthermore, an independent review, led by former commonwealth ombudsman Michael Manthorpe, has been commissioned to analyze the circumstances surrounding both the recent breach and the November 2023 incident. The finance department has issued apologies for the oversight and is committed to implementing necessary reforms to prevent such breaches in the future.
The breach has not only compromised sensitive commercial information but has also placed smaller firms at a disadvantage, potentially affecting their competitiveness in government procurement processes. This incident underscores the urgent need for robust procurement reforms and enhanced data security measures within government agencies. As concerns mount over data privacy and security, stakeholders advocate for immediate action to address systemic vulnerabilities and ensure compliance with data breach notification requirements.
Supreme Court Debates Site Moderation vs Censorship
See the InfoPackets article by John Lister on March 11, 2024, at 01:03 pm EDT.
Two state laws governing how social media companies moderate content could be under threat. Questioning by Justices in Supreme Court cases suggested they must be convinced the laws are constitutional.
The case, examining laws in Florida and Texas, covers one of the most longstanding dilemmas of the Internet age: whether website owners are publishers or platforms. This affects questions such as whether the site owner is responsible for defamation or other breaches of the law involving content and the extent to which the First Amendment applies.
In this case, both states brought in laws restricting sites' ability to moderate content, for example, on political grounds, or to block or remove users who violate their rules. Lower courts put both laws on hold.
First Amendment Issues
The argument against the law's constitutionality is that if it stops sites from moderating user content, the government is effectively forcing the sites to publish content against their will.
The questioning by the Justices in the Supreme Court hearing suggests several agree that government telling organizations they must publish something is as much a violation of the First Amendment as banning them from publishing something. (Source: scotusblog.com)
The case, indeed, isn't cut and dried, however. For example, the Justices and lawyers discussed the term "content moderation" and whether it was a "euphemism for censorship."
The Justices also explored whether the two state laws were too broadly written and might have unintended consequences. One hypothetical was that in the broadest reading of the statutes, sites such as Etsy might be barred from using algorithms to decide which products to show to users most prominently.
Legal Holdups
Although the questioning suggested that the Justice will unlikely rule that the laws are completely fine, the ruling may not be clear-cut. The way the laws wound up in the Supreme Court means the Justices might have to make an all-or-nothing ruling in which they either uphold the laws or throw them out entirely as if they'd never been written.
Several Justices indicated they'd be uneasy about doing this and would prefer a more nuanced approach that allowed states to limit only specific forms of moderation in particular circumstances. That might mean they had to rule the laws are constitutional for now, leaving opponents to restart the process with more focused legal challenges. (Source: vox.com)
What's Your Opinion?
Should websites have the right to moderate content? Does forcing a website to post user content it would prefer to remove violates the First Amendment? Is this a fundamental constitutional question or something that should be left to state laws?
Firefox's Screenshot Feature Is Getting Better
See the How-To Geek article by CORBIN DAVENPORT | PUBLISHED March 12, 2024.
Mozilla is testing a revamped screenshot feature.
Firefox has a built-in screenshot tool, allowing you to capture areas on your screen or entire web pages in a few clicks. The feature isn't perfect, though, and now Mozilla is testing an improved version in the latest Firefox Nightly builds.
Mozilla has now enabled the updated Screenshots feature in Firefox Nightly, the experimental branch of the web browser intended for testing features and other changes before they are rolled out to all Firefox users. The original screenshot feature was essentially a browser extension built into Firefox, which made it easy for Mozilla to work on and improve over time, but that meant it had most of the same limitations as other Firefox extensions. For example, it didn't work on "about:config" and other Firefox settings and options pages, because browser extensions are blocked from those pages for security reasons.
Mozilla says the new screenshot tool has improved performance, better keyboard and visual accessibility, and the ability to capture all pages in Firefox. The keyboard shortcut for opening it remains unchanged (Cmd+Shift+S on Mac, Ctrl+Shift+S on other platforms), and it's still accessible in the right-click context menu and the optional screenshot button in the browser toolbar.
screenshots.browser.component.enabled
Google Chrome still doesn't have a built-in screenshot tool, so there's no easy way to capture full-page screenshots without third-party browser extensions or opening the browser's developer tools. Besides Firefox, the feature is available in Microsoft Edge, Vivaldi, and a few other web browsers. Safari on Mac doesn't have a screenshot feature outside of the developer options, but there is a secret shortcut for full-page screenshots on iPhone and iPad.
According to the page on Mozilla's Bugzilla bug tracker, the new screenshot feature is currently scheduled to roll out in Firefox 125. That could be delayed if problems are discovered. Firefox 125 will be released on April 26, 2024, with the beta release arriving on March 18.
Firefox 124 will be released on March 19, a little over a week from now. The beta version of Firefox 124 includes fixes for full screen content on Mac, support for drag-and-drop on Android devices with a mouse connected, pull to refresh enabled by default on Android, and a few other changes.
Source: Firefox Nightly Blog, Bugzilla.
Windows Bug Exploited For Six Months
See the InfoPackets article by John Lister on March 13, 2024, at 12:03 pm EDT.
A Windows bug patched last month had been exploited by hackers linked to North Korea for six months. Microsoft reportedly knew about it and the delay may have been due to internal bureaucracy.
Security company Avast found the bug last August and reported it to Microsoft. At the time, it was already a zero-day bug, meaning there was evidence hackers not only knew about the bug but were taking advantage of it. That meant Microsoft had a "zero days" head start in coming up with a fix and rolling it out before hackers exploited it.
Microsoft released a fix in the February "Patch Tuesday" update but didn't publicly confirm it had been exploited until the end of the month.
North Korea Behind Attacks
According to Avast, members of the Lazarus hacking group were exploiting the bug. They are thought to be backed by North Korea, and their purpose is to cause trouble for other countries and raise funds for the totalitarian state, which is subject to severe restrictions on international trade.
Microsoft has said the risk is that attackers could get "system" level access in limited circumstances but would need to be logged on to the system first. In simple terms, system-level access also called kernel-level access, means having the same access to the computer that Windows itself has. (Source: bleepingcomputer.com)
Avast says the big problem is Microsoft doesn't consider the move from having administrator access to Windows to having kernel access to be a "security boundary" and thus doesn't treat such bugs as the highest priority.
Hackers Disable Security Tools
According to Avast, that's led to a significant problem because the Lazarus hackers can use the kernel access to turn off security software. They can then install malware known as rootkits, which not only have the potential to control the operating system itself but can go undetected. (Source: arstechnica.com)
Ultimately, the dispute comes down to a simple difference in views: Avast says hackers able to go from administrator access to kernel access are a major danger, while Microsoft says it's not a priority problem because it's so difficult to get administrator access remotely in the first place. Avast's revelations about the hackers' extended period exploiting this bug suggest its viewpoint has proven more relevant.
What's Your Opinion?
Should Microsoft warn the public as soon as it knows a bug is being exploited? Should software firms prioritize bugs that are easier to exploit or bugs that could cause more damage when exploited? Are manufacturers of security software trustworthy sources on the level of risk?
Tor Browser Has a New "WebTunnel" Feature to Avoid Censorship
See the How-To Geek article by AROL WRIGHT | PUBLISHED March 14, 2024.
Hide in plain sight.
Tor Browser Has a New 'WebTunnel' Feature
Government censorship is an issue in many countries worldwide. Some governments attempt to restrict access to information or otherwise curtail their citizens' right to free speech. Tools like VPNs exist to circumvent this, but depending on how committed a country is to censorship it can become a bit of a game of cat and mouse. Now, Tor wants to help you circumvent censorship with its new WebTunnel feature.
The Tor Project has just announced the release of WebTunnel, a new bridge-type that helps people in censored regions connect to the Tor network through the Tor browser. WebTunnel bridges mimic encrypted web traffic (HTTPS), making the Tor Browser appear like regular browsing activity to censors. This is particularly useful when only specific protocols are allowed, and others are blocked.
WebTunnel is inspired by HTTPT [ HTTPT: A Probe-Resistant Proxy — Ed. ] and wraps the Tor connection within a WebSocket-like HTTPS connection. This allows it to coexist with a website on the same server, making it even more inconspicuous. Unlike obfs4 bridges, which aim to be completely unrecognizable, WebTunnel leverages existing, permitted traffic patterns to bypass censorship. Countries that block the use of Tor include Russia, Belarus, and Turkmenistan, and in theory, WebTunnel would allow you to connect to the Tor network from these countries. To use a WebTunnel, you must grab a WebTunnel bridge from the Tor's Bridges website and set it up on your Tor browser. You'll need an updated version of the Tor browser to use WebTunnel, as the feature is not supported on older browser versions.
These WebTunnel bridges will soon become available through other platforms, such as Telegram, but at the moment, they're only available through the Tor website. If you want to check out WebTunnel, update your browser and download an appropriate bridge from the website. Also, if you happen to live in a country where censorship is rampant, you might also want to send feedback to the developers and tell them how it compares to other circumvention methods such as obfs4.
Source: The Tor Project
Fun Facts:
Was There an Advanced Civilization Before Our Own?
See the 47m27s YouTube video by Simon Whistler on 17 Feb, 2024.
Are we alone in the Universe?
Alien visitors? Unlikely.
Of course, it could be like Christopher Columbus, "Hey guys, how's it going?" And then we get all those diseases, and they destroy us.
Another equally fascinating possibility is: "Could another Advanced civilization have existed right here, on Earth and we, as a species have simply forgotten about it?".
We consider human progress essentially linear, but it's not as outlandish as you might think.
Humans have been around for ~200,000 years, but only about 5,000 of those years have been documented, so 97.5% of our history is entirely unknown to us.
There should be fossils of buildings and spaceships from our previous Advanced civilization.
But something like that has yet to be found.
And who said that Humans were the first intelligent species to evolve on Earth in the first place?
Watch the video to hear all the pros and cons of the excellent Civilization discussion.
Some User Comments:
@phteven9610 two weeks ago. I'm only halfway through, but there's something to this. I'm from Romania, and archeologists have only started looking into the Black Sea because of the USSR. At the bottom of the Black Sea, where the saltiness levels are so high, they found villages, clay jars, and other stuff used for farming and trade. So, when it comes to the creation of the Black Sea, there was a big flood that most likely surprised the population living near the lake that is now the Black Sea.
@zakariwalker7477 three weeks ago. Regardless of Graham's theories and thoughts, his work has inspired people to study archaeology, ancient history etc. This helps the field, and having someone like this challenge the norm of archaeology is healthy for the industry.
@Dc-alpha 3 weeks ago. "Space is big. You won't believe how vastly, hugely, mind-bogglingly big it is. You may think it's a long way down the road to the chemist's, but that's just peanuts to space."
@vincentschaaf three weeks ago. (edited) Gobekli Tepe was not sufficiently explained. It would have also been nice to include Boncuklu Tarla since that site is far older and more extravagant, which makes it even less likely to be made for little reason. It's becoming more evident that civilization predates our current understanding, but there is no evidence that it was advanced. The proof that civilization predates the Younger Dryas is stacking up. We could have had an early bronze age before the flood and took two steps back following it. This seems more plausible than 'we built megastructures for hunter-gathering for no known reason.'
— Ed.
Meeting Location & Disclaimer
Bob Backstrom
~ Newsletter Editor ~
Information for Members and Visitors:
Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — Subscribe — Unsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk of accuracy and subsequent use of its contents.