2021 Newsletter: 107/115 — PreviousNext — (Attach.)

Sydney Harbour
WEEKLY NEWSLETTER 15 - 20 NOVEMBER 2021

Hello and Welcome,

Meetings This Week

Tuesday Forum - Tuesday, 16 Nov - 9:30 am (10:00 am meeting start) - noon

We'll have the usual Q&A and other discussions. [ Meeting Cancelled until further notice — Ed. ]

Web Design - Saturday, 20 Nov - 1:30 pm (2:00 pm meeting start) - 4:00 pm

We will be running this meeting using Zoom; details below.

Hi Everyone,

In cosmology, there is a theory that our universe is made of multiverses, multiple universes existing together.

Austrian theoretical physicist Erwin Schrödinger, in a lecture in 1952, said that his equations seemed to describe several different histories; these were "not alternatives, but all really happen simultaneously."

In (or on) the internet, we have the Metaverse, and Mark Zuckerberg appears to want to own it. He has renamed Facebook's parent company to Meta Platforms, Inc or Meta for short. The real question is, "What is the metaverse?" Basically, it's a virtual reality or augmented reality, and this month I thought we could explore the concept and see if we could use this idea.

I have also found some alternatives to PhotoShop — some we know and some new ones to me anyway. So we will have a look at those.

It's our last meeting for the year, and we should look at what we could do next year.

Here are the Zoom meeting details;

SPCTUG Web Design Zoom Meeting

Time: Nov 20, 2021 14:00 Canberra, Melbourne, Sydney

Join the Zoom Meeting

https://­us02web.zoom.us/­j/­84073841215

Meeting ID: 840 7384 1215

Passcode: webdesign

Hope to see you next Saturday.

— Steve South

Meetings Next Week

AGM and Main Meeting - Tuesday, 23 Nov - 5:30 pm (6:00 pm meeting start) - 8:00 pm

This will be a Zoom meeting covering the AGM and the following MAIN Meeting.

SPC&TUG Meeting Host is inviting you to a scheduled Zoom meeting.

Topic: SPC&TUG AGM and November Main Meeting

Time: Tuesday, Nov 23, 2021, 6:00 pm Canberra, Melbourne, Sydney

Join the Zoom Meeting

https://­us02web.zoom.us/­j/­82365613472

Meeting ID: 823 6561 3472

Passcode: SPCTUG

— Alex

Digital Photography - Friday, 26 Nov - 9:30 am (10:00 am meeting start) - noon

We will be running this meeting using Zoom; details later via email.

— John Lucke

Schedule of Current & Upcoming Meetings ‡

80 2021/11/06 — 14:00-17:00 — 06 Nov, Sat — Penrith Group, Penrith City Library Suspended
81 2021/11/09 — 17:30-20:30 — 09 Nov, Tue — Programming via Jitsi
82 2021/11/12 — 10:00-12:30 — 12 Nov, Fri — Friday Forum, L1 Carmichael Room Cancelled
84 2021/11/16 — 09:30-12:30 — 16 Nov, Tue — Tuesday Group, L1 Woolley Room Cancelled
85 2021/11/20 — 13:30-16:30 — 20 Nov, Sat — Web Design via Zoom
86 2021/11/23 — 17:30-20:30 — 23 Nov, Tue — MAIN Meeting via Zoom
87 2021/11/26 — 09:30-12:30 — 26 Nov, Fri — Digital Photography via Zoom

‡ As decided after assessing the Members' wishes (resumption of face-to-face meetings) via the latest Online Survey.


ASCCA News:
Tech News:

Microsoft patches two actively exploited zero-days in monthly fixes

See the iTWire article by Sam Varghese | Wednesday, 10 November 2021 at 9:30 am.

Two actively exploited zero-day vulnerabilities are among 55 flaws fixed by Microsoft in its monthly Patch Tuesday, with four other zero-days also being remedied.

Apart from the six zero-days, all other bugs were rated as important, the second-highest ranking on Microsoft's threat index.

One of the bugs being exploited in the wild is in Microsoft Exchange Server, leading to remote code execution. Exchange Server has been dogged by severe bugs for quite some time.

"Several notable vulnerabilities have been disclosed in Microsoft Exchange Server throughout 2021, starting with ProxyLogon and associated zero-days in March, later followed by ProxyShell," a blog post from the security firm Tenable said.

"Organisations that run Exchange Server on-premises should apply security updates promptly to prevent future exploitation once proof-of-concept code becomes publicly available."

Fifteen of the bugs fixed could be used for remote code execution, the company's list of vulnerabilities shows.

The other actively exploited zero-day was a security feature bypass flaw in Microsoft Excel.

Very little information is available about this bug. Last month, Microsoft announced that it would be disabling macros as a default feature in Excel 4.0. But more recently, the company announced that it would be providing a JavaScript API for Excel.

Satnam Narang, a staff research engineer at Tenable, said: "This month's release includes a fix for CVE-2021-42321, a critical remote code execution vulnerability in Microsoft Exchange Server due to issues with the validation of command-let (cmdlet) arguments.

"To exploit this flaw, an attacker would need to be authenticated, which limits some of the impacts." Microsoft says they are aware of "limited, targeted attacks" using this vulnerability in the wild.

"Microsoft Exchange Server has been the subject of several notable vulnerabilities throughout 2021, from ProxyLogon and associated vulnerabilities, as well as ProxyShell."

"Though unconfirmed, this may be similar to an Exchange Server vulnerability that was discovered at the Tianfu Cup hacking competition last month. We strongly encourage organisations to apply these patches as soon as possible."

"Microsoft also patched CVE-2021-42292, a security feature bypass vulnerability in Microsoft Excel. Microsoft's Security Threat Intelligence Center is credited with discovering this flaw, and they say that it was exploited in the wild as a zero-day."

"Microsoft says that the Outlook Preview Pane is not an attack vector for this vulnerability, so a target would need to open the file for exploitation to occur. Updates are primarily available for Windows systems, but updates for Office for Mac are not yet published."

Read More »

Two men arrested over Windows ransomware in Romania: Europol

See the iTWire article by Sam Varghese | Tuesday, 09 November 2021 10:50 am.

Authorities in Romania have arrested two men suspected of using the REvil Windows ransomware in some 5000 attacks, the Europol police agency says in a somewhat rambling statement.

More than half a million euros were stolen in ransom payments by the two men, the statement added.

Another five men have been arrested since February, three suspected of using REvil and two others of using GandCrab, a precursor of REvil, in ransomware attacks.

Seventeen countries have been involved in the operation, known as GoldDust. The countries involved are Australia, Belgium, Canada, France, Germany, the Netherlands, Luxembourg, Norway, the Philippines, Poland, Romania, South Korea, Sweden, Switzerland, Kuwait, the UK and the US.

The organisations Interpol and Eurojust were also part of the takedown.

"At the beginning of October, a Sodinokibi/REvil affiliate was arrested at the Polish border after an international arrest warrant was issued by the US," the Europol statement said.

"The Ukrainian national is suspected of perpetrating the Kaseya attack, which affected up to 1500 downstream businesses and for which Sodinokibi/REvil asked a ransom of about €70 million."

"Additionally, in February, April and October 2021, authorities in South Korea arrested three affiliates involved in the GandCrab and Sodinokibi/REvil ransomware families, which had more than 1500 victims."

"On 4 November, Kuwaiti authorities arrested another GandGrab affiliate, meaning a total of seven suspects linked to the two ransomware families have been arrested since February 2021. They are suspected of attacking about 7000 victims in total."

Last month, two ransomware operators were arrested in Ukraine.

Europol said at the time, the two were suspected of several attacks against big European and North American targets from April 2020 onwards.

Read More »

What Is Windows 11 SE?

See the How-To Geek article by JOE FEDEWA | @tallshmo | NOV 9, 2021, at 3:55 pm EST.

When Microsoft first showed off Windows 10X, many people commented on the similarities to Chrome OS. Windows 10X was eventually scrapped, but Windows 11 SE can be considered its spiritual successor. Let's take a look at this new Windows version.

Windows 10X wasn't even the first time Microsoft attempted to take on the popularity of Chromebooks in schools. S Mode in Windows 10 locks down the system to only apps from the Microsoft Store. S Mode is still an option in Windows 11, but the SE version is restricted in other ways.

Simple for Students

Microsoft didn't explain what precisely the SE stands for, but it might as well be Simple Edition or Student Edition. That's the focus of Windows 11 SE. It's a simplified version of Windows aimed at students in K-8 classrooms.

On the surface, it looks just like the regular version of Windows 11. Unlike S Mode, it's not restricted to just Microsoft apps. Students can use third-party browsers, Zoom, and other apps they might need. It's up to the school's IT department to install whatever apps they need. Windows 11 SE is optimized for Microsoft apps but not restricted to them.

The functional changes to Windows 11 are pretty minor, too. Microsoft Edge will use Chrome extensions by default — this is turned off in Windows 11. Apps always launch in full-screen mode, and Snap Layouts have been simplified to just two side-by-side methods. The widget section has also been removed.

Essentially, Windows 11 SE is Windows 11 with some of the fat trimmed. It's not remarkably different, but Microsoft is positioning it as a slimmed-down version of Windows for affordable, low-powered computers.

Cheaper for Schools

Schools and students are what Windows 11 SE is all about. This is a big play by Microsoft to take on the Chromebooks that have skyrocketed in popularity in classrooms. Price is one big reason why Chrome OS devices have taken off in these environments.

Windows 11 SE will only be available on low-cost laptops that are sold to schools. Many major Windows manufacturers will be releasing Windows 11 SE laptops, including Acer, Asus, Dell, HP, and Lenovo. Microsoft itself is releasing the Surface Laptop SE for $250. However, it will not be offered for sale to the general public.

The Surface Laptop SE is a good look at what these laptops will offer. It has an Intel Celeron processor, 4GB of RAM, 64GB of storage, and an 11.6-inch 1366 x 768 display. The current crop of SE devices sports similar specs in the $240-330 range.

Traditionally, Windows has struggled with specs like that. $250 Windows laptops certainly exist, but the experience is not great. Windows 11 SE is optimized explicitly for 4GB of RAM and 64GB of storage devices.

When Will Windows 11 SE Laptops Arrive?

Microsoft says Windows 11 SE laptops will begin arriving later this year (2021) and early 2022. The Surface Laptop SE is slated to be released early next year. Other SE laptops from Acer, Asus, Dell, Dynabook, Fujitsu, HP, JK-IP, Lenovo, and Positivo will be available around the same time.

Unfortunately, Windows 11 SE laptops will be sold exclusively to schools and students. It's not clear what requirements you will need to meet to purchase a device as a student. The goal of these devices is to take down Chrome OS in classrooms, and Microsoft is very focused on that. Windows 11 standard is the version they want most people to use.

Read More »


Fun Facts:

The bubble that breaks maths.

See the 24m08s YouTube video by Stand-up Maths comedian Matt Parker.

If you're near Leeds in the UK, check out Maths City, https://­mathscity.co.uk/.

Thanks to all of my Patreon supporters who funded this video. Usually, I would visit a maths museum and have a fun day out.

But thanks to you all, I was able to hire a camera person to follow me around.

Plus, I did a day of prep-work writing code before my visit and a day of generating plots after the visit. That's thanks to Patreon. (Who am I kidding? I would have done the coding and plots anyway.)

See https://­www.patreon.com/­standupmaths.


Giant Bubble

This episode involves the mathematics of bubbles.

It is a fascinating topic and one that shows how you can calculate the shape of the curves in the huge bubble as you draw it up around yourself — Ed.

Watch More »


Meeting Location & Disclaimer

Bob Backstrom
~ Newsletter Editor ~

Information for Members and Visitors:

Link to — Sydney PC & Technology User Group
All Meetings, unless explicitly stated above, are held on the
1st Floor, Sydney Mechanics' School of Arts, 280 Pitt Street, Sydney.
Sydney PC & Technology User Group's FREE Newsletter — SubscribeUnsubscribe
Go to Sydney PC & Technology User Group's — Events Calendar
Are you changing your email address? Would you please email your new address to — newsletter.sydneypc@gmail.com?
Disclaimer: We provide this Newsletter "As Is" without warranty of any kind.
The reader assumes the entire risk as to the accuracy and subsequent use of its contents.