From russell at coker.com.au Fri Mar 13 09:36:24 2020 From: russell at coker.com.au (Russell Coker) Date: Fri, 13 Mar 2020 09:36:24 +1100 Subject: [Linux-aus] Coronavirus Message-ID: <5276164.AR5W7xn2Je@xev> I have proposed that all in-person LUV meetings be cancelled from now until we believe that the disease is under control. https://en.wikipedia.org/wiki/Coronavirus_disease_2019 Coronavirus is spreading exponentially as diseases do. People can be infected for as long as 14 days without showing symptoms, according to Wikipedia 5 days is the average time for symptoms to develop. This means that we won't know when it gets really bad until at least 6 days after it has got really bad. I propose that we have a Linux Australia policy of cancelling all in-person meetings from now until we believe that the problem is resolved. If we cancel meetings before the disease gets really bad then people miss some meetings. If we cancel meetings too late then we have the potential of needless deaths. I have some plans for online education that can substitute for LUG meetings and would be happy to work with people from other states in doing this. Maybe with LA coordinating we could use youtube videos and IRC based training to provide some of the benefits that people get from attending LUG meetings without exposing themselves to risk. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From president at linux.org.au Sat Mar 14 08:59:55 2020 From: president at linux.org.au (President, Linux Australia) Date: Sat, 14 Mar 2020 08:59:55 +1100 Subject: [Linux-aus] Linux Australia Events and COVID-19 Message-ID: <017498c8-2922-5457-2189-7d618d8f2261@linux.org.au> Dear All, As many people are now aware, the spread of the SARS-CoV-2 virus and the COVID-19 disease it causes is increasing globally. This has the potential to affect the activities of Linux Australia over coming months. Our first duty is to protect the safety and wellbeing of event organisers, volunteers and delegates. Linux Australia is continually monitoring developments and how these may affect its future major events. When making decisions about these events, Linux Australia and local organising teams will work together. We will be guided by the best advice available at the time from medical authorities and relevant government representatives and act according to it. Event organising teams will be asked to respect the advice of authorities, even if this leads to event cancellation. The COVID-19 situation is evolving rapidly, and Linux Australia must balance responsiveness with appropriate risk assessment and action. The timing of decisions will be in accordance with recommendations from public health authorities. In addition to major events, many smaller gatherings are routinely held by Linux Australia members. Organisers of these events should become familiar with the COVID-19 risk level in their area and make informed decisions about proceeding with their events based on the best advice available at the time and the nature of their event. If authorities issue advice about small gatherings, organisers should respect that advice and respond appropriately. Linux Australia will work with organisers and support decisions made by them for these local events. Above all, Linux Australia encourages all its members to stay up to date with COVID-19 developments, act accordingly and stay safe. We recommend members taking personal circumstances and risk factors into account before choosing to attend an event auspiced by Linux Australia. Linux Australia Council is available to discuss any thoughts, suggestions, queries or concerns members may have in relation to COVID-19 and its effect on member activities. For those who may already be personally affected, we wish you and your loved ones a speedy and complete recovery. Kind Regards, Sae Ra -- Sae Ra Germaine President Linux Australia president at linux.org.au http://linux.org.au Linux Australia Inc GPO Box 4788 Sydney NSW 2001 Australia ABN 56 987 117 479 -------------- next part -------------- An HTML attachment was scrubbed... URL: From hugh at blemings.org Sat Mar 14 09:06:24 2020 From: hugh at blemings.org (hugh at blemings.org) Date: Sat, 14 Mar 2020 09:06:24 +1100 Subject: [Linux-aus] Linux Australia Events and COVID-19 In-Reply-To: <017498c8-2922-5457-2189-7d618d8f2261@linux.org.au> References: <017498c8-2922-5457-2189-7d618d8f2261@linux.org.au> Message-ID: Thank you Sae Ra, the Council and all in our community for taking a sensible and measured approach here. Stay safe and happy hacking, Hugh -- Sent from my phone with K-9 Mail. Please excuse my brevity and/or top posting. On 14 March 2020 8:59:55 am AEDT, "President, Linux Australia via linux-aus" wrote: >Dear All, > >As many people are now aware, the spread of the SARS-CoV-2 virus and >the >COVID-19 disease it causes is increasing globally. This has the >potential to affect the activities of Linux Australia over coming >months. > >Our first duty is to protect the safety and wellbeing of event >organisers, volunteers and delegates. Linux Australia is continually >monitoring developments and how these may affect its future major >events. When making decisions about these events, Linux Australia and >local organising teams will work together. We will be guided by the >best >advice available at the time from medical authorities and relevant >government representatives and act according to it. Event organising >teams will be asked to respect the advice of authorities, even if this >leads to event cancellation. The COVID-19 situation is evolving >rapidly, >and Linux Australia must balance responsiveness with appropriate risk >assessment and action. The timing of decisions will be in accordance >with recommendations from public health authorities. > >In addition to major events, many smaller gatherings are routinely held > >by Linux Australia members. Organisers of these events should become >familiar with the COVID-19 risk level in their area and make informed >decisions about proceeding with their events based on the best advice >available at the time and the nature of their event. If authorities >issue advice about small gatherings, organisers should respect that >advice and respond appropriately. Linux Australia will work with >organisers and support decisions made by them for these local events. > >Above all, Linux Australia encourages all its members to stay up to >date >with COVID-19 developments, act accordingly and stay safe. We recommend > >members taking personal circumstances and risk factors into account >before choosing to attend an event auspiced by Linux Australia. > >Linux Australia Council is available to discuss any thoughts, >suggestions, queries or concerns members may have in relation to >COVID-19 and its effect on member activities. > >For those who may already be personally affected, we wish you and your >loved ones a speedy and complete recovery. > >Kind Regards, > >Sae Ra > >-- >Sae Ra Germaine >President >Linux Australia > >president at linux.org.au >http://linux.org.au > >Linux Australia Inc >GPO Box 4788 >Sydney NSW 2001 >Australia > >ABN 56 987 117 479 -------------- next part -------------- An HTML attachment was scrubbed... URL: From russell at coker.com.au Sat Mar 14 13:18:16 2020 From: russell at coker.com.au (Russell Coker) Date: Sat, 14 Mar 2020 13:18:16 +1100 Subject: [Linux-aus] Linux Australia Events and COVID-19 In-Reply-To: <017498c8-2922-5457-2189-7d618d8f2261@linux.org.au> References: <017498c8-2922-5457-2189-7d618d8f2261@linux.org.au> Message-ID: <3095820.zhArgKCCxF@xev> On Saturday, 14 March 2020 8:59:55 AM AEDT President, Linux Australia via linux-aus wrote: > As many people are now aware, the spread of the SARS-CoV-2 virus and the > COVID-19 disease it causes is increasing globally. This has the > potential to affect the activities of Linux Australia over coming months. https://www.abc.net.au/news/2020-03-13/coronavirus-scott-morrison-coag-premiers-cancelling-events/12053382 Non-essential gatherings of more than 500 people should be cancelled. If this isn't resolved by the end of the year then LCA2021 needs to be delayed or cancelled. > Our first duty is to protect the safety and wellbeing of event > organisers, volunteers and delegates. Linux Australia is continually > monitoring developments and how these may affect its future major > events. When making decisions about these events, Linux Australia and > local organising teams will work together. We will be guided by the best > advice available at the time from medical authorities and relevant > government representatives and act according to it. Event organising > teams will be asked to respect the advice of authorities, even if this > leads to event cancellation. The COVID-19 situation is evolving rapidly, > and Linux Australia must balance responsiveness with appropriate risk > assessment and action. The timing of decisions will be in accordance > with recommendations from public health authorities. We have to obey Australian law. We are not required to do the bare minimum required by Australian law. Having a gathering of 400 people doesn't go against the recommendations of the government but I think it wouldn't be a sensible thing to do. Where do we draw the line regarding risk to the lives and health of Linux users vs the enjoyment of having a LUG meeting? As an aside LUV meetings are held at a library, while we only have 30-40 people attending meetings the library would have over 100 people in there at the time and considerably more than 500 people during the day. > In addition to major events, many smaller gatherings are routinely held > by Linux Australia members. Organisers of these events should become > familiar with the COVID-19 risk level in their area and make informed > decisions about proceeding with their events based on the best advice > available at the time and the nature of their event. If authorities > issue advice about small gatherings, organisers should respect that > advice and respond appropriately. Linux Australia will work with > organisers and support decisions made by them for these local events. Alternatively Linux Australia could review the risk levels and the information from other countries, consult with computer people who work in the medical industry and offer advice to people running smaller gatherings. > Above all, Linux Australia encourages all its members to stay up to date > with COVID-19 developments, act accordingly and stay safe. We recommend > members taking personal circumstances and risk factors into account > before choosing to attend an event auspiced by Linux Australia. If you are over 50 years old, have immune system problems, or have heart or lung problems then avoid all public events. That covers at least half the people who regularly attend LUV meetings and justifies cancelling LUV meetings even if it was a good idea for younger and healthier people to attend such meetings. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From steve at nerdvana.org.au Sat Mar 14 13:30:29 2020 From: steve at nerdvana.org.au (Steve Walsh) Date: Sat, 14 Mar 2020 13:30:29 +1100 Subject: [Linux-aus] Linux Australia Events and COVID-19 In-Reply-To: <3095820.zhArgKCCxF@xev> References: <017498c8-2922-5457-2189-7d618d8f2261@linux.org.au> <3095820.zhArgKCCxF@xev> Message-ID: On 14/3/20 1:18 pm, Russell Coker via linux-aus wrote: > Alternatively Linux Australia could review the risk levels and the information > from other countries, consult with computer people who work in the medical > industry and offer advice to people running smaller gatherings. I know computer people who work in the medical field who think COVID-19 is a scam, and others who think it's just the yearly flu we get and we need to do nothing. Me? I'm consulting with certified and licensed Medical professionals in the Medical Industry. From russell-linuxaus at stuart.id.au Sun Mar 15 12:25:48 2020 From: russell-linuxaus at stuart.id.au (Russell Stuart) Date: Sun, 15 Mar 2020 11:25:48 +1000 Subject: [Linux-aus] Linux Australia Events and COVID-19 In-Reply-To: <3095820.zhArgKCCxF@xev> References: <017498c8-2922-5457-2189-7d618d8f2261@linux.org.au> <3095820.zhArgKCCxF@xev> Message-ID: <4c30eab15a0728baf00dcd8996494ae6f40d765f.camel@stuart.id.au> On Sat, 2020-03-14 at 13:18 +1100, Russell Coker via linux-aus wrote: > We have to obey Australian law. We are not required to do the bare > minimum required by Australian law. The main ideas we were trying to convey are: (1) The LA exec aren't health experts. We don't be taking our own advice (or yours - sorry). (2) We will instead be asking every subcommittee to follow the spirit of the authorities recommendations, or at least as near as we can divine them at the time. (3) Beyond that, individual event organisers are of course free to take stronger precautions if they feel that's wise. Open source isn't a dictatorship. (4) LA decisions are more directed at doing what's best for the whole community rather than protecting individuals. With that in mind you should be evaluating your own risks. Don't rely on LA's policies to protect you. In particular if you are over 65, have a depressed immune system or have a history of lung issues I would strong suggest not attending ANY gathering until this has passed. From kathy at kathyreid.id.au Mon Mar 16 06:38:51 2020 From: kathy at kathyreid.id.au (Kathy Reid) Date: Mon, 16 Mar 2020 06:38:51 +1100 Subject: [Linux-aus] Project Open Air Message-ID: Hello awesome humans, As in many times of crises, the global open source community is coming together to find common solutions to problems - bypassing organisational hierarchies, pooling intellectual and social resources, and co-operating on solutions that could help save thousands of lives. In the face of the COVID-19 pandemic in Europe, a major effort is underway to develop and disseminate solutions that alleviate the front-line medical impact. This includes 3D printed designs for valves, open source ventilators and the like. If you have skills, time, electrical or mech engineering or medical skills, Project Open Air wants to hear from you. #ProjectOpenAir on the socials, https://www.projectopenair.org/ on the webs. In particular they need project management skills, scrum, kanban etc, full-time for the next few weeks. Echoing Sae Ra's message - hoping that everyone in this community stays safe, stays home, and stays well. Kind regards, Kathy From ben at stumbles.id.au Tue Mar 24 17:44:03 2020 From: ben at stumbles.id.au (Ben Sturmfels) Date: Tue, 24 Mar 2020 17:44:03 +1100 Subject: [Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal Message-ID: <87eeti8d70.fsf@sturm.com.au> Hi Folks, I've just sent a letter to the Commissioner of Taxation about the rollout of MyGovID as the only way to log in to the ATO Business Portal. This is attached in case there are any business owners who I can encourage to also speak out. Essentially the ATO is switching off the nice email/password/SMS-code MyGov login method I use to access the Business Portal to manage tax/GST/PAYG/super. The are replacing this with login via a proprietary mobile app called, confusingly, MyGovID. I'm late to the party, with the changeover due in only a few days time, but better late than not heard at all. I've sent this to the ATO by post and via their complaints form: https://www.ato.gov.au/About-ATO/Contact-us/Complaints,-compliments-and-suggestions/Compliments-and-suggestions/ I've also contacted our Federal MP about the issue. Stay safe! Ben -------------- next part -------------- A non-text attachment was scrubbed... Name: ato-mygovid.pdf Type: application/pdf Size: 20517 bytes Desc: not available URL: From jack at saosce.com.au Tue Mar 24 18:54:52 2020 From: jack at saosce.com.au (Jack Burton) Date: Tue, 24 Mar 2020 18:24:52 +1030 Subject: [Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal In-Reply-To: <87eeti8d70.fsf@sturm.com.au> References: <87eeti8d70.fsf@sturm.com.au> Message-ID: <1585036492.4592.20.camel@fs.saosce.com.au> On Tue, 2020-03-24 at 17:44 +1100, Ben Sturmfels via linux-aus wrote: > Essentially the ATO is switching off the nice email/password/SMS-code > MyGov login method I use to access the Business Portal to manage > tax/GST/PAYG/super. The are replacing this with login via a proprietary > mobile app called, confusingly, MyGovID. I'm late to the party, with the > changeover due in only a few days time, but better late than not heard > at all. For a government to force businesses to use non-free software is indeed a rather nasty thing... ...but the problem seems to be even broader than that. If "a proprietary *mobile* app" [emphasis mine] is indeed to become the only accepted means of authentication... ...does that also mean that those of us who (for all the usual good reasons) refuse to use so-called "smart" phones at all will not be able to use that ATO service at all either? So it seems -- you covered that in your letter too. This move then is one which attempts to force Australian tax-paying companies to do business with either Apple or Google... ...ironically, two companies which are famous for *not* paying their fair share of taxes. Take a moment for that to sink in -- in order to pay our taxes, the government now wants us to do business with serial tax-evaders! I suspect the official response will be that businesses who want to can still lodge on paper (for most, but sadly no longer all, returns) or via a registered tax agent (for all returns, with the agent's fees being deductible in the following period)... ...but given the ATO has spent the last decade or so trying to bully Australians into not lodging anything on paper any more, and that tax agents do not appear to be classified as "essential services" under the current state of emergency (which the PM has said publicly he expects to last until well after EOFY), that strikes me as a rather weak argument. Good luck with your campaign -- I hope you can get them to see the error of their ways. From xanni at glasswings.com.au Tue Mar 24 18:57:59 2020 From: xanni at glasswings.com.au (Andrew Pam) Date: Tue, 24 Mar 2020 18:57:59 +1100 Subject: [Linux-aus] Are you interested in helping? Message-ID: <87541664-1d9b-1faa-ebda-6d06eb605785@glasswings.com.au> The FAIRshare Distribution System The proposal: A number of years ago around the time of the Queensland floods, I suggested the need for software that could be used to fairly apportion resources during a disaster. Now we are seeing what happens when people and companies are left to themselves under extreme conditions. Right now I am again suggesting that we need a software project that can ensure fair distribution of goods and services, thereby curbing people?s panic and ensuring we are all safe. Stan Cox wrote a fascinating book called "Anyway You Slice It". One important point he makes is that currently our society is rationing by price point. If there aren?t enough bananas to go around, for instance, the price of bananas goes up so that only those who can afford them get to eat bananas. Price point rationing is not sustainable during an emergency. We live in a complex interconnected society and losing segments of that society to starvation endangers us all. Simply having people too poor to seek medical help guarantees a society will not be resilient enough to properly handle a pandemic, as we are already beginning to experience. What I have in mind: the open source community has done an amazing job in the past of creating and supporting important pieces of software. If we pulled together a team of bright and concerned programmers, I?m sure we could develop something that could at least help local communities to manage their resources. We would need to think about recording resources, calculating how much is available over what period of time. We would also need to think about: how to fairly distribute things; how to take into consideration children, elderly, and people with illnesses, disorders, allergies, disabilities, and more; how to let people redirect resources they may not need, and perhaps be the recipients of resources others don?t need; how a community can choose to allocate a certain amount of their resources to a bigger project from which everyone will benefit; how people can vote on resource allocation in a completely fair manner (rather than simply first past the post); and finally, how to make all of this reliable and transparent. Giving people money when they are no longer allowed to work is helpful. However when critical supplies and services run low for various reasons, we need a system people feel they can trust in order to access what they need. K Phelps, BA (Hons), MFA, PhD 0411 359 598 admin at friends-institute.org -- mailto:xanni at xanadu.net Andrew Pam http://www.xanadu.com.au/ Chief Scientist, Xanadu http://www.glasswings.com.au/ Partner, Glass Wings http://www.sericyb.com.au/ Manager, Serious Cybernetics From ben at stumbles.id.au Tue Mar 24 22:55:39 2020 From: ben at stumbles.id.au (Ben Sturmfels) Date: Tue, 24 Mar 2020 22:55:39 +1100 Subject: [Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal In-Reply-To: <1585036492.4592.20.camel@fs.saosce.com.au> References: <87eeti8d70.fsf@sturm.com.au> <1585036492.4592.20.camel@fs.saosce.com.au> Message-ID: <1585050939.22583.0@stumbles.id.au> On Tue, Mar 24, 2020 at 18:24, Jack Burton wrote: > This move then is one which attempts to force Australian tax-paying > companies to do business with either Apple or Google... > > ...ironically, two companies which are famous for *not* paying their > fair share of taxes. > > > Take a moment for that to sink in -- in order to pay our taxes, the > government now wants us to do business with serial tax-evaders! > Aw, I wish I'd thought of that line! Thanks Jack! In other news, Matt Ceniga pointed me towards mygov-totp-enrol. He wrote: > MyGovID may be the only "official" way to sign in, but it's not the > only option. MyGovID just does TOTP with SHA512, so assuming you have > a TOTP app that doesn't just do SHA1 (I use FreeOTP+, but there are > plenty of other options), you can use the tool that this clever human > wrote, that basically pretends to be the MyGovID app for the purposes > of set-up, and gives you a regular QR-code to feed to your TOTP app: > https://github.com/abrasive/mygov-totp-enroll > > We shouldn't need a third-party tool to do something that should > already be offered by the MyGov website. I understand that maybe they > didn't trust TOTP apps to support SHA512 hashes (I know that when I > tried with LastPass Authenticator, it just *ignored* the SHA512 bit > and tried to use the key with a SHA1 hash, resulting in the wrong > code with no explanation or error), but there are better options than > *forcing* people to use an app like this. As Matt suggests, I still think that it's worth some activism here regardless - non-technologists shouldn't be second class citizens and we shouldn't have to work around the systems that we collectively pay for. Regards, Ben From gdt at gdt.id.au Wed Mar 25 08:12:24 2020 From: gdt at gdt.id.au (Glen Turner) Date: Wed, 25 Mar 2020 07:42:24 +1030 Subject: [Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal In-Reply-To: <1585050939.22583.0@stumbles.id.au> References: <87eeti8d70.fsf@sturm.com.au> <1585036492.4592.20.camel@fs.saosce.com.au> <1585050939.22583.0@stumbles.id.au> Message-ID: <42f0267e45065182e7d9ffbee9f2734ca5a83516.camel@gdt.id.au> > > In other news, Matt Ceniga pointed me towards mygov-totp-enrol I've used that successfully with andOTP as the TOTP client. Moving away from SMS to TOTP seems wise of myGov. I'm not keen on the MyGovID app as a TOTP client. It seems to grab the time from a central server, look for a broadcast message, then do the TOTP task. Although I only had a quick look at the traffic, so I might not have that quite right. >From a threat analysis point of view, the major threat to TOTP is altering the time and doing a "replay attack". But fetching the time from a myGovID server means that the myGovID second form of identification app falls to the same activity which could undermine the password itself -- subversion of a myGov central server. Thus undermining the promise of a *second* form of identification. It would have been better simply to use the time on the TOTP client's phone. That increases the risk of a replay attack of a single client, but lowers the risk of replay attack on all clients. In short, from a technical point of view the difference in security between the myGovID app and a standard TOTP app is debatable. There's a lot to be said for allowing clients to choose their TOTP application and giving some guidance to customers. Many TOTP apps make better use of the phone's identity and security hardware than myGovID. Such as using the fingerprint reader as a Secure Attention Key used by the TOTP program running in a secure enclave of the CPU. Fingerprints are desirable -- in many households a person's fingerprint is more secure than their PIN code (often re-used, known by other household members, etc). Running the program in a secure enclave with the secret key kept in "secrets storage" which the CPU makes available only to that enclave has obvious security benefits over a standard program. To be fair to the myGov people, the TOTP app landscape probably wasn't as rosy when they started specifying their 2FA project. But Google Authenticator really raised the bar across all TOTP applications whilst they were developing and fielding their system. I don't at all understand the lack of support for WebAuthn devices by myGov. -glen From gdt at gdt.id.au Wed Mar 25 08:34:43 2020 From: gdt at gdt.id.au (Glen Turner) Date: Wed, 25 Mar 2020 08:04:43 +1030 Subject: [Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal In-Reply-To: <87eeti8d70.fsf@sturm.com.au> References: <87eeti8d70.fsf@sturm.com.au> Message-ID: <2c7a4ae9814d4a729724c60ffac6fa0a6695b936.camel@gdt.id.au> > > I've just sent a letter to the Commissioner of Taxation about the > rollout of MyGovID as the only way to log in to the ATO Business Portal. Can I suggest that you encourage MyGov to support WebAuthn rather than debate the pros and cons of the MyGovID TOTP app (which, hypocritically, I've done in another e-mail in this thread). That gives the ATO something they want -- better security -- whilst getting something we want -- free software (although on secure or dedicated hardware rather than on general purpose hardware). Most importantly, WebAuthn improves security for all Australians. The days of TOTP offering adequate security are coming to a rapid end. Phishing, a fake website, reusing the captured 1FA and 2FA transaction in real time -- it's not rocket science. TOTP is better than nothing, better than SMS; but for a valuable site like MyGov building an attack to sidestep TOTP is well worth the trouble for criminals. A nice thing about promoting WebAuthn is that it's "take it or leave it" with no modifications possible to the protocols for enrolment or for use. That's the point -- those protocols are baked into the WebAuthn/FIDO2 hardware; and that hardware should treat non-compliance with the FIDO2 protocol as an attempt at subversion. -glen From russell at coker.com.au Wed Mar 25 17:42:05 2020 From: russell at coker.com.au (Russell Coker) Date: Wed, 25 Mar 2020 17:42:05 +1100 Subject: [Linux-aus] Online Events Message-ID: <3610645.UjkIUIeO1F@xev> https://www.health.gov.au/news/health-alerts/novel-coronavirus-2019-ncov-health-alert/how-to-protect-yourself-and-others-from-coronavirus-covid-19/ social-distancing-for-coronavirus-covid-19 The government advice is to "stay at home unless is absolutely necessary" and "avoid public gatherings". I think that most of us are now spending most of our time at home. Arranging online events will compensate for missed LUG meetings etc and mitigate the psychological impact of isolation. I've raised this issue on the LUV mailing list but not got much feedback from others, which isn't surprising as there's a lot of stress and probably many people who might otherwise contribute don't have the energy. So I think we need to organise this on an Australia wide scope (and probably invite people from other countries to join in). The most obvious thing to do is to live-stream lectures or upload recorded lectures. There's probably been a lot of great LUG lectures that haven't been seen by people in other states. So if people from LUGs can track down some of their best speakers and ask for a video or live stream that would be good. Another thing that I've been planning for a while is to have IRC (or any other group IM system) based online cooperative learning. That could be for designed training courses (I'm happy to go through my BTRFS and ZFS training if people are interested) or for things where everyone learns together. For the latter I was thinking about having set topics for different times, things like "setup as many free OSs as possible in VMs" or "test every FOSS filesystem that has checksums and see how they recover from random dd commands to the block device". There are 2 types of reply I'm interested in. Firstly I'd like to get replies from people who want to learn. Secondly I'd like replies from people who have content, contacts, or the ability to develop content and run sessions. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ From ben at stumbles.id.au Tue Mar 31 11:39:47 2020 From: ben at stumbles.id.au (Ben Sturmfels) Date: Tue, 31 Mar 2020 11:39:47 +1100 Subject: [Linux-aus] Proprietary MyGovID app to be the only way to login to ATO Business Portal In-Reply-To: <1585050939.22583.0@stumbles.id.au> References: <87eeti8d70.fsf@sturm.com.au> <1585036492.4592.20.camel@fs.saosce.com.au> <1585050939.22583.0@stumbles.id.au> Message-ID: <80699976-c135-2d13-31fd-ecbfe0e3c837@stumbles.id.au> Just a quick update - I had a lovely call from a person at ATO responding to my complaint. A couple of things they mentioned: - ATO is the first agency to use MyGovID - they have a feedback form on https://www.mygovid.gov.au <- USE IT - they have received quite a bit of feedback similar to mine - there was some form of hard deadline in place around their previous authentication set up around 10 years ago - sounded like a contract expiry but I didn't get specifics - may have been just related to AusKey - they really didn't know how the transition was going to go - now they have learned, surprise surprise, for example a bunch of tax accountants who don't have smartphones - much respect to those accountants! - currently the Digital Identity team is only speaking with people who are having technical difficulties with the app, not people who want to participate in the upstream process All in all, they were very empathetic about the ethical issues of requiring Apple or Google accounts and trust in proprietary tech. If you can spare a few minutes, this is an important time to be heard and they are certainly listening. Regards, Ben On 24/3/20 10:55 pm, Ben Sturmfels via linux-aus wrote: > > > On Tue, Mar 24, 2020 at 18:24, Jack Burton wrote: > >> This move then is one which attempts to force Australian tax-paying >> companies to do business with either Apple or Google... >> >> ...ironically, two companies which are famous for *not* paying their >> fair share of taxes. >> >> >> Take a moment for that to sink in -- in order to pay our taxes, the >> government now wants us to do business with serial tax-evaders! >> > > Aw, I wish I'd thought of that line! Thanks Jack! > > > In other news, Matt Ceniga pointed me towards mygov-totp-enrol. He wrote: > >> MyGovID may be the only "official" way to sign in, but it's not the >> only option. MyGovID just does TOTP with SHA512, so assuming you have >> a TOTP app that doesn't just do SHA1 (I use FreeOTP+, but there are >> plenty of other options), you can use the tool that this clever human >> wrote, that basically pretends to be the MyGovID app for the purposes >> of set-up, and gives you a regular QR-code to feed to your TOTP app: >> https://github.com/abrasive/mygov-totp-enroll >> >> We shouldn't need a third-party tool to do something that should >> already be offered by the MyGov website. I understand that maybe they >> didn't trust TOTP apps to support SHA512 hashes (I know that when I >> tried with LastPass Authenticator, it just *ignored* the SHA512 bit >> and tried to use the key with a SHA1 hash, resulting in the wrong code >> with no explanation or error), but there are better options than >> *forcing* people to use an app like this. > > As Matt suggests, I still think that it's worth some activism here > regardless - non-technologists shouldn't be second class citizens and we > shouldn't have to work around the systems that we collectively pay for. > > Regards, > Ben > > > _______________________________________________ > linux-aus mailing list > linux-aus at lists.linux.org.au > http://lists.linux.org.au/mailman/listinfo/linux-aus > > To unsubscribe from this list, send a blank email to > linux-aus-unsubscribe at lists.linux.org.au