2021 Newsletter: 60/101 — PreviousNext — (Attach.)

Sydney Harbour
WEEKLY NEWSLETTER 28 JUNE - 3 JULY 2021

Hello and Welcome,

Meeting This Week

Penrith Group - Saturday, 3 Jul - 2:00 pm - 5:00 pm at the Penrith City Library

The meeting starts typically with a Q&A session around the table to enable members to share problems, advice and computer tips.

The group will then discuss any other technology or computer topics of interest.

— Jeff Garland

Meeting Next Week

Friday Forum - Friday, 9 Jul - 9:30 am (10:00 am meeting start) - noon

We'll have the usual Q&A and other discussions.

— Tim Kelly

Schedule of Current & Upcoming Meetings ‡

48 2021/06/05 — 14:00-17:00 — 03 Jul, Sat — Penrith Group, Penrith City Library
49 2021/07/09 — 10:00-12:30 — 09 Jul, Fri — Friday Forum, L1 Carmichael Room
51 2021/07/13 — 17:30-20:30 — 13 Jul, Tue — Programming, L1 Woolley Room or via Jitsi
52 2021/07/17 — 13:30-16:30 — 17 Jul, Sat — Web Design, L1 Woolley Room or via Zoom
53 2021/07/20 — 09:30-12:30 — 20 Jul, Tue — Tuesday Group, L1 Woolley Room
54 2021/07/23 — 09:30-12:30 — 23 Jul, Fri — Digital Photography via Zoom
55 2021/07/27 — 17:30-20:30 — 27 Jul, Tue — MAIN Meeting, L1 Carmichael Room or via Zoom

‡ As decided after assessing the Members' wishes (resumption of face-to-face meetings) via the latest Online Survey.


ASCCA News:
Tech News:

MUST WATCH Launch Videos: Windows 11's new features, Android apps and more.

See the iTWire article by Alex Zaharov-Reutt Friday, 25 June 2021 11:07 am.

If you're a fan of Windows, Microsoft's new Windows 11 has introduced a smooth new interface, better touch controls, haptic pen feedback, faster background updates, Android apps and more, and it's coming later this year as a free upgrade to Windows 10.

For those still on Windows 7 or 8, there's still a way to upgrade to Windows 10 free of charge, with CNET's article explaining how to do it.

A range of Windows 11 videos are embedded below [ in the original iTWire article — Ed. ], which are definitely worth watching because, for the vast majority of Windows users, it's what you'll be using before the year is out.

Windows 11 looks like the version of Windows that Microsoft wished it could have introduced in the Windows 8 timeframe, but after the passage of time, vastly improved new hardware and plenty of hindsight into how modern computing works, Windows 11 will finally deliver on that vision.

Read More »

Can Google and Apple Remotely Install Apps on Your Phone?

See the How-To Geek article by CHRIS HOFFMAN | @chrisbhoffman | JUN 23, 2021, 6:40 am EDT.

Google can remotely install apps on your phone without your explicit permission or even any notification. That's the lesson from the confusing rollout of MassNotify in June 2021. But how does that work? And what about Apple's iPhones?

On Android, MassNotify Arrived Automatically

The rollout of MassNotify is instructive. According to user reports, the MassNotify COVID-19 exposure notifications app was automatically installed on many Android smartphones around June 19, 2021. It appears as if the app was automatically installed on nearly every Android smartphone in the state of Massachusetts — and some Android phones beyond that.

While I believe in what this app was meant to do, installing it without so much as a notification is extremely alarming, wrote one user in a review of the app on the Google Play Store. The app doesn't even have an app icon to let users know it's installed.

Google told news website 9to5Google that the automatic install of the app was intentional and that the app wouldn't do anything unless a user chooses to enable it.

The automatic app-install is particularly strange because no other state's COVID-19 exposure app appears to work in this way. All the other apps are installed when you as a user chooses to enable the exposure notifications.

So, under what circumstances will Google remotely install an app on your phone? Did Google audit the app's code for security problems before distributing it? Google isn't saying much — but Google can remotely install Android apps.

You Can Remotely Install Apps, Too

While we're not aware of Google ever remotely and silently installing an app in this way on Android, you can remotely install apps on your Android phone.

Just head to the Google Play Store site, sign in with the same account you sign in with on Android, and you can use the Install button on an app's store page to push it to your phone. The Play Store on your phone will begin downloading and installing the app you choose.

Unlike the situation around MassNotify, this isn't silent. You do see a notification while the app is being installed.

[ See further Headings — Ed. ]

Can Apple Remotely Install Apps on an iPhone?

Operating System Updates Can Install Apps

Both Companies Can Remotely Delete Apps

It's Not Like Windows 10 PCs Are Much Different

What Matters More: Technical Capabilities or Culture?

Read More »

A new HTTP spec proposes elimination of obnoxious cookie banners.

See the Arstechnica article by JIM SALTER - 6/17/2021, 9:55 am.

Explicit privacy communication mechanism can simplify UI and limit user fatigue.

The European Union's General Data Protection Regulation (GDPR), passed in 2018, requires websites to ask visitors for consent prior to placing cookies. As any Internet user is now aware, this means an extra step required when visiting nearly any website for the first time or potentially every time, if you choose not to accept cookies. A new proposed HTTP standard from None of Your Business and the Sustainable Computing Lab would allow the user to set their privacy preferences once, inside the browser itself, and have the browser communicate those preferences invisibly with any website the user visits.

Advanced Data Protection Control

The proposed standard enables two methods of automated preference delivery — one that communicates directly with the web server hosting a site being visited, and another that communicates with the website itself.

When ADPC communicates directly with the web server, it does so via HTTP headers — a Link header pointing to a JSON file on the server and the ADPC header emitted by the user's browser. When communicating with the website itself, the mechanism is via JavaScript — configuration is passed as an object to the DOM interface, e.g., navigator.dataProtectionControl.request(...).

In either case, the user's privacy preferences are communicated to the website or server as a list of request identifiers they consent to. This list is sent in ADPC headers for the HTTP-based approach and as the final return value of the DOM interface in the JavaScript approach.

Although both mechanisms accomplish the same goal in similar fashions, there are plenty of reasons to support both. The HTTP-based approach is probably more efficient — but it obviously would require new versions of web server applications that explicitly support it (or at least, new pluggable modules in the case of servers like Apache that support them). Meanwhile, the JavaScript-based mechanism works without any special web server configuration necessary — but it won't work for users who refuse to enable JavaScript.

Consent requests resource

A JSON file is at the heart of the website's end of ADPC, whether using HTTP or JavaScript mechanisms to reach it. That consent file will look something like this:

{

"consentRequests": {

"cookies": "Store and/or access cookies on your device.",

"ads_profiling": "Create a personalised ads profile."

}

}

Read More »

[ The US ] Gov't Proposes Curbing the Reach of Big Tech.

See the Infopackets article by John Lister on June 21 2021, at 02:06 pm EDT.

The House of Representatives will examine five different proposals for curbing the power of big tech companies. The bills take very different approaches to the task, though it's unclear if any but the least dramatic has a shot at becoming law.

There could be a couple of reasons why lawmakers have thrown out so many ideas. One is simply a numbers game hoping that more attempts mean more chance of something becoming law. Another is to present some more drastic measures that get rejected, hoping that the "weaker" bills then look more reasonable and balanced.

The five bills, as covered by ArsTechnica's Tim DeChant, are as follows (Source: arstechnica.com):

The American Choice and Innovation Online Act targets "interoperability." In simple terms, it would try to stop tech companies with a platform (such as an operating system) from favouring their own services at the expense of rivals. This Act could affect which apps are allowed in stores and whether users can change default apps on devices.

Take Your Data And Leave

The Augmenting Compatibility and Competition by Enabling Service Switching (Access) Act would focus on data and the ways users can and can't move it between services. For example, it would make it easier to take data such as uploaded photos from one social network to another.

The Ending Platform Monopolies Act would have arguably the most dramatic effect. It says any tech platform worth at least $600 billion and more than 50 million active users in the US would not be able to run a business that could benefit their own products or hurt those of competitors. That could theoretically mean Apple couldn't run an app store and Google couldn't run an ad sales service, or at least that they'd have to be spun off into entirely separate businesses. (Source: house.gov)

Burden Of Proof

The Merger Filing Fee Modernization Act is perhaps the bluntest but least impactful proposal. It would increase the money companies have to pay in regulatory fees for mergers, with the extra cash going to regulators who oversee potential antitrust violations.

Finally, The Platform Competition and Opportunity Act would affect businesses with 50 million active users, 100 million active third-party sellers, profits of $600 billion a year, or a market valuation of $600 billion. If such a business wanted to carry out a merger or takeover, the burden would be on it to prove the move wouldn't harm competition. That's in contrast to the current principle, where the burden is on regulators to prove it would.

Read More »

Sophos uncovers a curious vigilante-style cyberattack that blocks users of pirated software from reaching pirate sites.

See the iTWire article by Alex Zaharov-Reutt Monday, 21 June 2021, 11:54 am.

Ahoy, me mateys, there's no honour among thieves, as cyber-attacks (which are illegal) target illegal software pirates from accessing infamous pirate site The Pirate Bay, who are presumably crying out the homophone "aaaaargghhhh" in frustration.

Sophos has published new research, "Vigilante Malware Rats Out Software Pirates While Blocking ThePirateBay," which details what Sophos is calling "a curious cyberattack campaign that targets users of pirated software with malware designed to block access to websites hosting pirated software."

We're told "the developers disguise the malware as cracked versions of popular online games such as Minecraft and Among Us, as well as productivity tools such as Microsoft Office, security software and others. The disguised malware is distributed via the BitTorrent platform from an account hosted on ThePirateBay digital filesharing website."

"Links to the malware are also hosted on Discord. Once installed, the malware blocks the victim's access to a long list of websites, including many that distribute pirated software."

Unusual aspects of the operation uncovered by Sophos researchers include:

  • The attackers use an age-old approach of modifying the HOSTS file settings on an infected device to localhost a long list of websites, thereby blocking the user's access to them. This approach is relatively easy to reverse, and Sophos researchers are unsure why the attackers used it.
  • Some of the many hundreds of sites that are being localhosted by the malware are unrelated to pirated software, and some were shut down or became inactive in or around 2012/2013.
  • The malicious files are compiled for 64-bit Windows 10 and then signed with bogus digital certificates that wouldn't pass more than a very rudimentary check.
  • Once downloaded and installed by a user, Sophos reports "the malware hunts for files named 7686789678967896789678 and 412412512512512. If it finds them, it stops any further launch of the attack. Sophos researchers believe this could be designed to prevent the malware operators from infecting their own computers while they work on the malicious code.
  • "The malware also triggers a fake error message to appear when it runs, which asks people to re-install the software. Sophos researchers believe this could be to allay suspicion among users who wonder why the program they received didn't contain the installers they were expecting."

Andrew Brandt, principal threat researcher at Sophos, said: "Sometimes it is easy to see clearly what an adversary's end game is and why they have chosen a particular approach to achieve it. This is not one of those times."

On the face of it, the adversary's targets and tools suggest this could be some kind of crudely-compiled anti-piracy vigilante operation.

"However, the attacker's vast potential target audience — from gamers to business professionals — combined with the curious mix of dated and new tools, techniques, and procedures (TTPs) and the bizarre list of websites blocked by the malware, all make the ultimate purpose of this operation a bit murky. There may not even be an overall purpose to this attack at all."

"However, that doesn't reduce the level of risk or the potential disruption for victims. To stay safe from such attacks, install a robust security solution that will spot such scams before they reach you and avoid downloading pirated software or anything offering you suspiciously too-good-to-be-true 'legitimate' software."

Sophos offers additional info on mobile threats such as "fleeceware" apps that sneakily overcharge users, fake trading apps for Android and iOS and spyware.

Read More »

Interesting Member-Provided Computer Links

Windows 11: Real-World Use - Thurrott.com

Windows 11 won't work on your PC without a TPM how to check

— Jeff Garland


Fun Facts:

Windows 11, Windows 11, Windows 11

The official Windows 11 announcement was given in a Microsoft Streaming Event on June 24th at 11 am Eastern US Standard Time (1 am on Friday, 25th June Sydney Time).

It was a very interesting presentation, given by Panos Panay (in charge of Surface products and related hardware, along with the Windows client operating system) and Microsoft CEO Satya Nadella.

Windows 11 turns out to be not very different from the leaked versions we've all seen in the last week or so. Some features were completed compared to the leaked versions. For example, the new Microsoft Store is now in the Windows 11 build.

Several requirements to run Windows 11 include a hardware feature on modern motherboards, known as TPM 2.0 (Trusted Platform Module).

See the full story on sproutwired:

"The TPM chip works with a series of registers called PCRs (Platform Configuration Registers), which analyze all boot components, including the computer's BIOS. Each time a computer starts up, several hashes (data mapping algorithms) are generated. The function of The TPM is to receive this information in an encrypted form and storing it securely in a separate location from the rest of the computer. So, if the security CPU or even Firmware is compromised, only people who have access to the TPM can access your PC's information."

Many Developers and others who build their own PC machines often tweak the features, including the clock rates, and therefore often use older (but fast) motherboards that don't have TPM; or disable the feature. They will now be unable to install Windows 11.

One prominent new feature of the Operating System is the centre-placement of the Start Button, along with the rest of the taskbar icons. And, more importantly, the Windows 11 taskbar can only be placed at the bottom of the screen.

On Windows 10, I usually have a dozen or so windows open under WSL (Windows Subsystem for Linux). If the taskbar is at the bottom of the screen, all of these thumbnail icons pop up, obscuring the chosen window's (important) last two or three lines.

Here is the solution, using the right-hand edge as the taskbar location on good old Windows 10:


Taskbar on the side

Letting the taskbar self-hide is no solution because the thumbnail icons will still obscure the bottom couple of lines of the current window.

I guess I won't be downloading Windows 11 anytime soon.

— Ed.


Meeting Location & Disclaimer

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — SubscribeUnsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Please email your new address to — newsletter.sydneypc@gmail.com.
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk as to the accuracy and subsequent use of its contents.