2018 Newsletter: 1/30 — PreviousNext — (Attach.)

Sydney Harbour
WEEKLY NEWSLETTER 8 - 13 JANUARY 2018

Hello and Welcome,

A Happy New Year and Season's Greetings to all. Here we are in 2018 already.

Meetings This Week:

Programming - Tuesday 9th Jan - 5:30 pm - 8:00 pm

Come and show your projects, and see some others. We have a computer with a projector, so bring along picture files of your project and we'll project them on the wall. We have a broadband internet connection, so discussion can be wide ranging.

The next meeting will be on Tuesday January 9 at 6pm. We'll see some new microprocessor applications and programming examples.

Past meetings:

2017

December meeting report not available. [ Ed. ]

Neville Hoffman

Friday Forum - Friday 12th Jan - 9:30 am - 12 noon

John Symonds has offered to give a demonstration of Google Home, which should take a half an hour or so.

See attached one-page .doc format summary of this talk. As John says:

Google Home includes Google's intelligent personal assistant called Google Assistant. Using entirely voice commands you can choose and listen to music, control playback of videos or photos, or receive news updates. It also has home automation features, enabling you to use it as a central hub to control smart devices such as power switches, lighting and TV remote controls.

I was given a Google Home Mini for Christmas and have since purchased a Chromecast Audio to allow music to be played through my hi-fi. All is controlled via an app on your Android or iOS phone and personalised through your gmail account. This is a fun piece of kit. I will set up a demo of the Home Mini and Chromecast Audio to show its capabilities.

John

We will also have the usual Q&A and other discussions.

Communications - Friday 12th Jan - 1:00 pm - 3:00 pm

The usual Q&A and other discussions.

Meetings Next Week:

Tuesday Group - Tuesday 16th Jan - 9:30 am - 12 noon
Family History - Tuesday 16th Jan - 1:00 pm - 3:00 pm
Web Design - Saturday 20th Jan - 1:30 pm - 4:00 pm

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ASCCA News:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Tech Tips:

How to Protect Against the Meltdown and Spectre Vulnerabilities:

All supported versions of Windows are getting an emergency patch to fix flaws in Intel CPU chips that could lead to attackers gaining more information about your systems including passwords and other confidential information. You'll have read about this — the press have already labeled the flaws as the Meltdown and Spectre bugs.

As Microsoft said in "ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities":

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as “speculative execution side-channel attacks” that affect many modern processors and operating systems including Intel, AMD, and ARM. Note: this issue will affect other systems such as Android, Chrome, iOS, MacOS, so we advise customers to seek out guidance from those vendors.

Microsoft has released several updates to help mitigate these vulnerabilities. We have also taken action to secure our cloud services.

Microsoft has not received any information to indicate that these vulnerabilities have been used to attack customers at this time. Microsoft continues working closely with industry partners including chip makers, hardware OEMs and app vendors to protect customers. To get all available protections, hardware­/firmware and software updates are required. This includes microcode from device OEMs and in some cases updates to AV software as well.

Because this is a kernel update that interacts with antivirus utilities, there is a big "BUT" in how you might get this update: You'll receive it once your antivirus vendor has proven that it can handle the update. The proof will be adding a registry key to the operating system. If this registry key is not added, you won't get the update offered up to you.

If you want to visually see if your systems are prepared for this update, you can click on Start, type in regedit and click to approve the elevated prompt. Then you'll need to drill down to review the following registry key. Note that each bullet point represents a level you'll need to drill down to:

  • HKEY_LOCAL­_MACHINE
  • SOFTWARE
  • Microsoft
  • Windows
  • CurrentVersion
  • QualityCompat

In the right-hand side in the registry, look for the value as shown below:

  • Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
  • Type="REG­_DWORD"
  • Data="0x­00000000"

If you see these values, your antivirus vendor has updated itself and it's safe to install this patch. If you don't see this registry value, this means your system (and, therefore, your antivirus vendor) is not ready for this update. Do not manually enter this key, nor manually download this update from the catalog site to install this update.

Now comes the bad news: You may see a performance hit by installing this update. Some tech sites are indicating that performance hits on Linux can be as high as 35 percent.

WindowsSecrets

Why Raspberry Pi isn't vulnerable to Spectre or Meltdown:

Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read arbitrary data from the operating system kernel's address space (which should normally be inaccessible to user programs).

Both vulnerabilities exploit performance features (caching and speculative execution) common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn't susceptible to these vulnerabilities, because of the particular ARM cores that we use.

Read the full Raspberry Pi story.

Eben Upton,
Raspberry Pi Founder

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless specifically stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE newsletter — SubscribeUnsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Changing your e-mail address? Please e-mail your new address to — newsletter@sydneypc.com
DISCLAIMER: This Newsletter is provided "As Is" without warranty of any kind.
Each user or reader of this Newsletter assumes complete risk as to the accuracy and subsequent use of its contents.