WEEKLY NEWSLETTER 06 - 11 NOVEMBER, 2023
Hello and Welcome,
Meeting TODAY
2023/11/04 — 13:00-14:00 — November, Sat — Penrith Group
Meeting This Week
2023/11/07 — 18:00-20:00 — November, Tue — Main Meeting
This is a Zoom-only meeting.
https://us02web.zoom.us/j/88020320636
Meeting ID: 880 2032 0636
Passcode: spctugmain
— Ed.
Meetings Next Week
2023/11/14 — 18:00-20:00 — November, Tue — Programming
2023/11/18 — 14:00-16:00 — November, Sat — Web Design
Schedule of Current & Upcoming Meetings
First Tuesday 18:00-20:00 — Main Meeting
First Saturday 13:00-14:00 — Penrith Group
Second Tuesday 18:00-20:00 — Programming
Third Tuesday 10:00-12:00 — Tuesday Group
Third Saturday 14:00-16:00 — Web Design
----------
Go to the official Sydney PC Calendar for this month's meeting details.
----------
Penrith meetings are held every 2nd month on the 1st Saturday from 1-2 pm.
The following meetings are in January, March and May 2024.
ASCCA News:Tech News:
Most Phone Apps Want Unnecessary Device Access
See the InfoPackets article by John Lister on October 27, 2023, at 2:10 pm EDT.
Most popular mobile apps request system permissions that aren't necessary for their stated functions, according to a new study. Sometimes, an app asks for more unnecessary functions than necessary ones.
The figures come from NordVPN, which examined the five most popular apps in 18 common categories. They repeated the exercise for both Android and iOS, making a combined total of 103 different apps. (Source: nordvpn.com)
Both mobile operating systems now use a permissions system which means apps must request specific permission for different types of access to a phone's data and components — for example, contacts, stored files, or the camera.
In theory, users can grant some permissions while rejecting others. However, it needs to be clarified which permissions are necessary for the app to work as advertised.
One in Five Requests is Questionable
The NordVPN survey relied on subjectivity about whether particular permission was necessary for the core functions of the app.
It found that, on average, 20 per cent of the requested permissions needed to be revised. Only 13 per cent of Android apps and 40 per cent of iOS apps asked for no unnecessary permissions. With 16 Android apps and 18 iOS apps, the majority of the requested permissions were superfluous.
While the problem appeared to be worse with Android, the study authors noted this is partly to do with iOS blocking some access completely, with no option to give permissions. That's part of a common security-vs-freedom debate between the two systems.
Green Light Could Be Bad News
According to the study, the most common type of unnecessary permission was accessing data from the user's activity outside the app. Other common requests for unnecessary permissions included location data and access to the camera, stored photos, and the microphone.
Users find apps accessing phone hardware particularly worrying. The latest version of Android now displays a small green light whenever an app is accessing the camera or microphone. The idea is that if users see this light when they aren't expecting it, they can be alerted to possible spyware on their devices. (Source: croma.com)
What's Your Opinion?
Do you pay any attention to app permission requests? Are studies like this helpful, or is it too subjective to say whether permission is necessary? Do you prefer Apple's approach of blocking some access completely or Android's approach of giving more choices to users about granting permissions?
You Should Delete the Passwords from Your Old Browser
See the How-To Geek article by ANDREW HEINZMAN | PUBLISHED on 28/10/2023.
Your old browser poses a big security risk. Get it fixed!
KEY TAKEAWAYS
Browsers prioritize convenience over security regarding password management, making it easier for hackers to steal your passwords.
Deleting saved passwords from old browsers is crucial to minimize the risk of data breaches and prevent storing duplicate copies of passwords.
Using a reputable third-party password manager like 1Password or BitWarden offers better security and convenience than relying on a browser's built-in password manager.
You migrated to a new browser, but did you clean out the old one? Your old browser still contains passwords and other sensitive information that hackers are desperate to steal. Instead of leaving that old browser as an extra point of attack, you should delete its password data — don't worry; this will only take a minute.
Why Should You Delete Passwords from Old Browsers?
When it comes to password management, browsers prioritize convenience over security. They save encrypted passwords and decryption keys in predictable locations, meaning that any half-baked malware can steal your passwords in the blink of an eye. And if a hacker manages to break into the Google, Microsoft, or Firefox account associated with your browser, they can obtain your passwords without touching your computer or phone. Leaving yourself logged into the browser on somebody else's computer could also lead to trouble.
Because browsers fail to protect your passwords adequately, you need to delete the passwords from browsers that you aren't using. Maybe you've switched from Chrome to Firefox — you didn't delete the passwords from Chrome, so you now have two copies of your passwords stored on your computer and in the cloud. Instead of having just one weak point, you have two.
Note that this information also applies to credit card numbers, addresses, and other personal information that may be saved in your browser's autofill system.
How to Delete Saved Passwords from a Browser
Deleting saved passwords from a browser will only take you a few minutes. You don't need to uninstall your old browser or delete a bunch of files from your hard drive — in fact, you need to have the browser installed for this to work. The problem, of course, is that every browser is unique so that the deletion process can vary a bit. (If you haven't already, please export the passwords from your old browser before deleting them forever.)
Here's how to delete saved passwords from the most popular browsers. Click each browser's name for detailed instructions on exporting and deleting, if needed.
— Open the Chrome browser on your computer.
— Select the Chrome profile that contains your passwords.
— Click the three-dot menu at the top-right of Chrome.
— Click "More Tools," then "Clear Browsing Data," and choose the "All Time" time range.
— Open the Firefox browser on your computer.
— Click the menu button (the three horizontal lines) at the top-right of Firefox.
— Click "Passwords," then open the three-dot menu at the top-right corner.
— Select "Remove all logins."
— Open Microsoft Edge on your computer.
— Click the three-dot menu at the top-right of Edge and select "Settings."
— Select "Privacy and services," and find the "Clear browsing data" section.
— Click "Choose what to clear."
— Select the "All Time" time range and check the password box.
The instructions for deleting passwords in Chrome and Edge will also apply to other Chromium-based browsers, such as Brave and Opera. That said, you can find official instructions on deleting passwords from Brave, Opera, Vivaldi, and other browsers at their respective websites or support forums.
We aren't including any instructions for Safari users, as Safari doesn't have a built-in password manager. It relies on the iCloud Keychain, which is secure. But if you aren't using iCloud Keychain, it could be good to remove your passwords from iCloud.
Start Using a Real Password Manager (If You Aren't Already)
All browsers are vulnerable to password thieves. It doesn't matter if you use Chrome, Firefox, Edge, or a lesser-known browser like Brave. The only notable exception is Safari, which doesn't have a built-in password manager but relies on the iCloud Keychain. (That said, iCloud Keychain is an attractive target for hackers, as most Apple customers use it.)
It would be best to stop using your browser's built-in password manager. A third-party option from a respected company like 1Password, BitWarden, or NordPass will provide a greater level of security while still delivering convenience. These password managers use AES-256 encryption to protect your password database and prevent other people from decrypting your database on unauthorized machines. You don't even need to pay for a password manager — there are plenty of good free options.
Fun Facts:
Teacher's Pi cluster controls digital learning classroom
See the Raspberry Pi article by Ashley Whittaker | 25th Oct 2023.
Mike Reed is a completely self-taught digital learning teacher, and during his tenure he has built not one, but three, impressive Raspberry Pi clusters to make his lessons run more smoothly.
Back in the day, when Raspberry Pi Model 1 launched, Mike first learnt how to program in Python by himself, before going on to develop projects at suitable levels for all of his students.
From cluttered to cluster
Originally the Raspberry Pis were dotted around the classroom — one for each desk — with mice, keyboards, and power and HDMI cables plugged in. Each desk was a sea of cables, computers, worksheets, and monitors.
Wanting to declutter the desks, Mike started to think of ways he could use the computer terminals to connect to the Raspberry Pis remotely. So he taught himself about VNC, creating static IP addresses and configuring a router to run a network separate from the school network. That rabbit hole turned into the classroom's first Pi cluster, made out of early Raspberry Pi Model 3s, an MDF board, and two multi-way extension cables:
Mike's first Pi cluster, built eight years ago
New and improved
Fast forward ten years, and now a 32-board cluster — the third iteration — has just come online.
Using a custom laser-cut backing board, each Raspberry Pi 4 Model B has its own OLED to display its IP address and VNC status.
Behold Pi Cluster 3.0
Mike has picked up a lot of tricks in the decade or so he's been playing with Raspberry Pi, including working out the optimal arrangement of all the boards to maintain access to their ports whilst having them as tightly and neatly packed as possible. He also realised that providing 5V via long cables doesn't always work due to the voltage drop, so now the cluster's power is delivered as 20V, before being stepped down by UBECs — universal battery eliminator circuit.
Pi cluster looking silently on over the workstations it is controlling
What does the cluster do?
Pupils connect via VNC from their classroom computer to one of the Raspberry Pis in the cluster. Using a GUI program Mike wrote — which autostarts on boot — they sync their school Microsoft OneDrive accounts to a folder on the Raspberry Pi's desktop. Then they can either open existing scripts or create new ones before beginning their work. The whole process takes about two minutes.
The cluster is run from a "Control Pi", which sends threaded SSH commands to the other boards to reboot them after each lesson, wiping the OneDrive connections ready for the next class. It has a colourful interface with lots of buttons to show Mike exactly what is happening with each Raspberry Pi.
The aforementioned colourful interface
Control Pi also has a seven-port USB hub, so Mike can image seven SD cards simultaneously when the Raspberry Pis' software needs updating.
More teaching time
Building the Raspberry Pi clusters was more than a passion project for a dedicated tinkerer. It has practical benefits too, as Mike explains:
"I've finally got a setup I can use to teach classes with a fast turn-on and turnaround time. I can now spend my time helping pupils debug their code rather than managing the hardware."
Learning about QR codes
Evolving a set of programming projects does still take a lot of time, however. They all start with "Hello World" and cover variables, data types, procedures, functions, parameters, and arguments, before moving onto graphics and GUIs. Pupils who get as far as the later projects can code Minesweeper, Pong, Flood It, and a basic version of MS Paint. Their booklets include lots of QR codes that they can scan to take them to YouTube videos with guides and walk-throughs.
Learning Python
The programming skills that pupils develop in Mike's class not only allow them to meet exciting challenges and give them opportunities to problem-solve, but also provide an excellent foundation for pupils who aim to take the GCSE Computer Science course. "By the time they do actually begin their GCSE, they often have such good Python knowledge I'm scrambling to keep up!" Mike says.
Meeting Location & Disclaimer
Bob Backstrom
~ Newsletter Editor ~
Information for Members and Visitors:
Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — Subscribe — Unsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk of accuracy and subsequent use of its contents.