2020 Newsletter: 12/54 — PreviousNext — (Attach.)

Sydney Harbour

Hello and Welcome,

Urgent Message from Alex Zaharov-Reutt

Hi everyone,

I still want to know what everyone else thinks, but it may well be safer to cancel at least this month's meetings and see what the future looks like.

It would be worth contacting SMSA to see what they say, too. They might decide to close themselves for a time, at this point, anything is possible.

I'm happy to report feeling fine, no sore throat following my time in Melbourne. I'm still here, flying back to Canberra this afternoon, a day early because there's no point still being here.

Anyway, given most of our members are seniors, and given seniors are the ones most proportionally affected by this virus, we may have a duty of care to suspend meetings temporarily this month until things calm down a bit.

Hopefully in two weeks things are much calmer but in two weeks we could be "Australitaly", which could definitely see things shut down for months. Let's pray that does not happen!

Can the committee please come to an urgent decision one way or the other?



Digital Photography SIG reluctantly ends

With falling attendances and no-one jumping up to act as leader for the group, we unfortunately have decided to close the Digital Photography SIG.

The timeslot (the 4th Friday of the month) will be removed from the list of "Current & Upcoming Meetings", below.

A big thank you to Roger Foulds for guiding the group over the many years.

The SIG will be sadly missed.

— Ed.

March Sydney Python Cancelled — Will WE be Next?

Sean Johnson (Co-Organizer) sent a message to the Sydney Python (SyPy) mailing list:

“March Sydney Python Cancelled”

Hey folks,

Under current advisement from the World Health Organization and the NSW Department of Health on COVID-19 prevention we are cancelling the March 26th meetup. If this advisory persists into April we will be looking at other methods of facilitation (such as virtual or broadcasted meetup). If you have any concerns please reach out to myself by replying to this email or via the Contact button on the Meetup page.

Thanks for your understanding.

- The SyPy Hosts


What we're about:

For those interested in the Python programming language and it's associated libraries and frameworks such as Django, Flask, Pyramid, Pandas, Plone, iPython Notebook and more…

— Ed.

Meetings This Week:

Tuesday Forum - Tuesday Mar 17th - 9:30 am (10:00 am meeting start) - 12 noon

The usual Q&A and other discussions.

Web Design - Saturday Mar 21st - 1:30 pm (2:00 pm meeting start) - 4:00 pm

Hi everyone;

Saturday the 21st is our Web Design meeting.

This month I thought we could look at cPanel. If you have a website, chances are you can manage your site with cPanel. Using this site management tool you'll have access to file management like creating directories and monitoring disk usage. cPanel allows you to control FTP accounts to allow others to download files. You can create e-mail accounts and browse your accounts on the server. You can also manage your domain names. As an example, you can, depending on your package create and configure subdomains. They are those sites that look like this "sydneypc.com/webdesignsig/". [ Or like "webdesignsig.sydneypc.com" — Ed. ]

cPanel allows you to create databases, as well as manage software like PHP code. Most cPanels give you access to and easy installation of programs like contact files or image libraries. Another feature of cPanel is git version control which allows you to manage the changes to files. We looked at that last month.

So let's see what use we can make of cPanel this month.

See you all on the 21st.

Steve South

Meetings Next Week:

AGM + Main Meeting - Tuesday Mar 24th - 5:30 pm (6:00 pm meeting start) - 8:00 pm

Current & Upcoming Meetings:

15 2020/03/07 — 14:00-17:00 — 07 Mar, Saturday — Penrith Group
16 2020/03/10 — 17:30-20:30 — 10 Mar, Tuesday — Programming SIG, L1 Woolley Room
17 2020/03/13 — 09:30-12:30 — 13 Mar, Friday — Friday Forum, L1 Woolley Room
18 2020/03/13 — 12:30-15:30 — 13 Mar, Friday — Communications, L1 Woolley Room
19 2020/03/17 — 09:30-12:30 — 17 Mar, Tuesday — Tuesday Forum, L1 Woolley Room
20 2020/03/21 — 13:30-16:30 — 21 Mar, Saturday — Web Design, L1 Woolley Room
21 2020/03/24 — 17:30-20:30 — 24 Mar, Tuesday — AGM + Main Meeting, L1 Carmichael Room


Tech News:

“Patch Tuesday's tomorrow. We're in uncharted territory. Get Automatic Updates paused.”:

See the COMPUTERWORLD article by Woody Leonhard, Columnist, Computerworld | 10 MARCH 2020 1:06 AEDT.

Even in the best of times, it's wise to hold off on updating Windows until the dust has settled. This month, there are two additional, extraordinary reasons. Take a few minutes to make sure you aren't in the line of fire.

It's always a good idea to pause Windows updates just before they hit the rollout chute. This month, we're facing two extraordinary issues that you need to take into account. Wouldn't hurt if you told your friends and family, too.

Take last month's Windows patches. Please. We had one patch, KB 4524244, that slid out on Patch Tuesday, clobbered an unknown number of machines (HP PCs with Ryzen processors got hit hard), then remained in "automatic download" status until it was finally pulled on Friday. We had another patch, KB 4532693, that gobbled desktop icons and moved files while performing a nifty trick with temporary user profiles. Microsoft never did fix that one.

Those aren't isolated incidents. We see the same pattern, over and over again. Microsoft releases patches that aren't adequately tested. Screams of pain ensue. Microsoft fixes some of the patches, doesn't fix others. Wash. Rinse. Repeat.

[ Related: How to replace Edge as the default browser in Windows 10 — and why you shouldn't. ]

Getting out of the automatic update-induced karmic crapwheel is a mighty pain — and one that's entirely avoidable. Just avoid the automatic updating, wait and see while crowdsourced beta-testing runs its course.

As if you needed more incentive, this month two additional problems loom.

First, the "optional, non-security, C/D Week" patch that rolled two weeks ago, KB 4535996, has had all sorts of problems. Mayank Parmar at Windows Latest and Lawrence Abrams at BleepingComputer document an impressive list of freezes, crashes, broken drivers, lousy performance, and black and blue screens. Microsoft hasn't officially acknowledged any of the bugs.

The only bug that has been acknowledged, one that breaks the signtool.exe app in Visual Studio used to sign projects, drew a reference in one blog post from one Microsoft engineer. "We are working on a resolution and estimate a solution will be available in mid-March."

[ Got a spare hour? Take this online course and learn how to install and configure Windows 10 with the options you need. ]

In normal times, we'd expect the bugs in the "optional" patch to get ironed out by the time the regular cumulative update appears. The past couple of weeks, though, have been anything but normal times.

Almost all of Microsoft's staff in the Northwest has been working from home for the past week. Microsoft announced late last week that two of its employees in the Seattle area have tested positive for COVID-19, the new coronavirus. You would think that the transition to telecommuting would be easy — after all, Microsoft's been selling telecommuting-friendly software for decades — but word from the trenches is that there are plenty of bumps in the road.

That brings me to my second concern about this month's patches. Even if Microsoft gets its act together and fixes the known (and unknown!) bugs in this month's Patch Tuesday patch, we have exactly zero experience with Microsoft handling new bugs in this coronavirus-influenced work-from-home environment.

Microsoft has a hard enough time fixing bugs when the whole crew's in one building, in shouting distance. Heaven only knows what's going to happen this month.

You have to patch sooner or later. But there's even more reason this month to not be in the "sooner" cohort.

Read more »

“Solar Powerplant will supply Google's data center in Chile”:


Photovoltaic cells in Google's Chile data centre
Powering Google's Chile data centre.

Located in Atacama, the photovoltaic plant will be the largest in Latin America and will produce 500 GW of solar power to feed Google's data center.

The people of Google came to an agreement with the Spanish company Acciona. Their energetic project seeks to generate electricity from 100% renewable sources for the processing data center Google has installed in Chile. This contract is part of an international bidding process driven by the US company.

"We are working to bring renewable energy into all of our operations. The El Romero project is key in this scheme (…), representing our first large scale purchase in renewable energy in Latin America", said Sam Arons, Google's Energy and Infrastructure Manager.

Placed in Vallenar, the solar plant will occupy a total area of 280 hectares, with an area of 1.5 million square meters of solar collection, equivalent to 211 football fields. At the same time, El Romero will count with approximately 196 MW of power which will produce, approximately, 500 GW of electricity per hour, avoiding the emission of over 473,000 tons of CO2 into the atmosphere.

"Initiatives like Google's make it possible to develop projects as ambitious as El Romero renewable solar energy plant, and give importance to clean energy projects in a sustainable energy model for Chile and the world," said José Ignacio Escobar, CEO of ACCIONA energy Chile.

Read more »

“Avast forced to disable JS interpreter after exploit detailed”:

See the iTWire article by Sam Varghese | Thursday, 12 March 2020 08:05.

Czech anti-virus firm Avast has been forced to disable a JavaScript interpreter within its software after a Google vulnerability researcher detailed how the emulator could be abused to effect a remote exploit.

Well-known researcher Tavis Ormandy, a member of Google's Project Zero team, also released a tool to simplify the analysis of vulnerabilities in the emulator, according to a couple of tweets by Avast.


Tavis Ormandy | @taviso

I have something fun for you, I pulled the javascript interpreter out of Avast and ported it to Linux.

This runs unsandboxed as SYSTEM, any vulns are wormable pre-auth RCE on 400M endpoints.

"Today, [Wednesday AEDT] to protect our hundreds of millions of users, we disabled the emulator," the company said.

It added that the functionality of its A-V product would not be affected as it was based on multiple layers of security.

But doubts were raised by other tech practitioners, with one asking, "If it can be deactivated instantly without affecting functionality, why was it in there in the first place?"

And another said: "Your engineers placed an unsandboxed JS interpreter, running untrusted code by design, inside your highly privileged AvastSvc.exe process.

"This is not some unfortunate, easily overlooked bug, this is proof of utter incompetence regarding basic security architecture."

A third individual agreed with this post, writing, "I totally agree. And you think anybody gives a s***? The world is a bitch and they will continue selling it. Ffs. Security doesn't run the world :)."

Avast was in the news last year and again in 2018 over issues with its CCleaner application; last year, attackers breached its internal network to get to the application while in 2018 the CCleaner app was compromised and used to spread malware.

At that time, the company made numerous posts on its public blog, explaining each development as it came to light. But over the Ormandy issue, the company has not published any blog entry.

Ormandy appeared to be somewhat surprised at Avast's reaction but backed the decision to disable the interpreter. "Wow — Avast decided to disable their JavaScript interpreter globally!," he wrote. "The vulnerability report they mention wasn't just me, it was a Project Zero collaboration with @natashenka."

@natashenka is the Twitter handle for Natalie Silvanovich, another member of the Google Project Zero team.

Read more »

Fun Facts:

“Detexify — What is it?”:

If you go to the Detexify webpage, you'll see that it lets you draw any symbol with your mouse — or possibly your finger on a touch-sensitive device. The program then deciphers your artistic efforts and tells you what LaTeX symbol it best matches.

For example, if you draw the infinity symbol (∞) it'll tell you that one of the possible matches would be the symbol in LaTeX named \infty. What? Yes, that's what LaTeX calls it.

Another possibility is the "bowtie" symbol, named \bowtie.

Here is a shaky attempt to draw the Greek letter zeta:

Draw any symbol on the webpage and it figures out the closest LaTeX symbol and shows you what it would output
Detexify identifies a LaTeX symbol from your online sketch.

Sure enough, the program suggests \zeta (not very hard to guess). But it's number four in the list!

For comparison, here is the rather rough HTML rendering of the ζ character.

See the Syronex page of interesting LaTeX mathematical and other symbols.

Very interesting.

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless specifically stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE newsletter — SubscribeUnsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Changing your e-mail address? Please e-mail your new address to — newsletter.sydneypc@gmail.com
DISCLAIMER: This Newsletter is provided "As Is" without warranty of any kind.
Each user or reader of this Newsletter assumes complete risk as to the accuracy and subsequent use of its contents.