Ebrius Disputatios

Now identity verification is the key to the system.

Microsoft has expanded testing of administrator protection in Windows 11 by allowing Windows Insider users to enable the feature through Windows Security Settings.

First introduced in October for the Canary channel, Administrator Protection uses a hidden mechanism for temporary elevation of rights and authentication requests through Windows Hello, allowing access to administrative rights only when necessary. Protection is aimed at preventing unauthorized access to critical system resources.

When this feature is enabled, logged in administrators have standard user rights and must authenticate using Windows Hello (PIN or biometrics) when installing new apps or making registry changes. Authentication requests are more difficult to bypass than the existing User Account Control (UAC) mechanism, making it difficult for malware and attackers to penetrate.

Example of a credentials window with a new (larger) colored area above the application description (Microsoft)

The feature is disabled by default and can be enabled by administrators through group policies or management tools such as Intune. In addition, now users can enable it themselves through Windows security settings in the Update and Security section – Windows Security – Account Protection. The change requires a system reboot.

This feature is available to Windows Insiders in the Canary channel who have installed Windows 11 Insider Preview Build 27774. Microsoft also plans to soon introduce a new feature called Fast System Restore, which allows administrators to remotely troubleshoot issues that cause devices to become inoperable after updates. Windows. The new feature, like many other security options, works as part of the Secure Future Initiative.

Mark Zuckerberg and the team at Meta, more than anyone, will be happy to see the back of Tik-Tok, if indeed, the draconian measures of banning a website, goes to the full measure.

Zuckerberg an company was once the largest most active social media platform, until Tic-Tok gained in popularity. They're clearly anticipating the moment, if it occurs, when Tic-Tok, a website supposedly, covered under the first amendment of the US Constitution, becomes banned, in an alleged, free, democratic, republic.

We do not take these infringements on our liberties and or freedoms lightly. Since there are no longer any guarantees that will protect any of us when it becomes our websites, our servers, that come under the scrutiny of the government censors and busybodies.

Mark Zuckerberg is closer than ever to achieving his long-standing goal of banning TikTok in the United States. Such a decision by the US government could be a windfall for Meta*, eliminating its most serious competitor in years and giving the US company an advantage over a more successful product.

On a recent Joe Rogan podcast, the head of Meta* said that the American government “should be protecting its companies, not being the tip of the spear against them.” At the same time, the Biden administration, which he criticizes as part of the turn to the MAGA movement, has targeted Meta*'s main competitor.

Zuckerberg's recent actions include turning Meta to the right, dehumanizing migrants, ignoring the interests of LGBTQ+ users and employees, refusing to hire for diversity, visiting Mar-a-Lago, removing sanitary products from men's restrooms at Meta's offices, and inauguration party – experts consider in the context of the potential benefits of the TikTok ban. Donald Trump, who takes office on Monday, could be a key figure in lifting a possible ban on the platform.

Zuckerberg's public display of loyalty to Trump serves several purposes. Trump has previously threatened to jail the head of Meta*, so moving closer to a future administration could help avoid regulation of his companies. However, the main prize remains a possible ban on TikTok, and Trump is positioning himself as the main arbiter in this matter.

Zuckerberg's political views have always changed in accordance with the current interests of his companies, as confirmed by an analysis of hours of testimony in Congress. What has remained constant is the use of the threat of Chinese digital dominance to protect against criticism and create a basis for government regulation of Chinese platforms.

Meta* officially denies directly lobbying for a TikTok ban, but the company spent a record amount on lobbying in 2024, including on national security issues. In March 2022, the Washington Post reported that Meta* had hired Targeted Victory to promote awareness of the dangers of TikTok for children.

In 2019, at Georgetown University, Zuckerberg spoke about the growing influence of Chinese platforms, noting that six of the ten largest internet companies are now based in China. He also highlighted differences in values ​​and the censorship of protests on TikTok even within the United States.

During a seven-hour congressional hearing, Zuckerberg argued that Facebook's Libra cryptocurrency system is critical to U.S. financial and cultural dominance, hinting at the threat of a Xi Jinping victory if Congress were to restrict it. The Libra project, later renamed Diem and sold to Silvergate Bank in 2022, eventually folded.

Meta* and its Instagram* Reels service could be the main beneficiaries of the TikTok ban. The Chinese platform has what Facebook once had and Instagram is slowly losing: deep cultural relevance and a generation of devoted users.

Facebook* and Instagram*, despite their billion-dollar audience, suffer from artificial intelligence spam, poor algorithms and a large number of bots. Users stay on these platforms out of habit rather than out of actual desire.

Now Zuckerberg sees an opportunity to achieve his goal. The key question is whether rapprochement with Trump will finally achieve the desired result.

** The Meta company and its products are recognized as extremists, their activities are prohibited in the Russian Federation.

** The LGBT movement is recognized as extremist and is prohibited on the territory of the Russian Federation.

ARM64 ILP32 is the Armv8 architecture with a 32-bit ABI rather than 64-bit — akin to the “x32” x86 effort that never really took off on Linux. ARM64 ILP32 support never ended up making it into the mainline Linux kernel or GNU C Library but did appear within the GNU Compiler Collection. But years later and little use, GCC developers are consider deprecating ILP32 support ahead of its eventual removal.

The GCC codebase used to form the GCC 15 branch has been modified to remove support for the ARM64 ILP32 ABI. ILP3 resembles the x32 subarchitecture for x86_64 systems and also allows the use of 32-bit pointers and a 32-bit memory addressing model, while running the processor in 64-bit mode with support for 64-bit registers and extended instructions. A limitation of the ILP32 ABI is that it cannot address more than 4 GB of memory from an application.

The ILP32 ABI was originally designed to make it easier to port 32-bit applications to 64-bit AArch64 processors, but was not widely adopted. ILP32 support was never adopted into the Linux kernel and the Glibc system library. Linaro and Debian ports for ILP32 were developed separately, but they have been abandoned for more than five years. The rare system that supports ILP32 is the watchOS operating system used in Apple Watch devices, but GCC is not supported for this OS.

Spectacular growth in China's exports to the US (6.1%) and the EU (4.3%) in 2024, rising to more than double the growth of the US economy and almost 5 times the growth of the economy of the European Union. The trade deficit of both economies with China grows by 8.5% and 14.1% in 2024 to total $590 billion. China's trade surplus with the United States and the European Union is 61.5% of the total Chinese surplus of 963 billion dollars (an amount that almost reaches that of Spain's GDP).

In 2024, China's foreign trade has achieved record figures, with a notable performance in the fourth quarter and December that augurs well for 2025. China's imports and exports grew by 5% year-on-year in 2024 to reach 43 .85 trillion yuan ($5.98 trillion), according to data published by the General Administration of Customs (GAC) of China.

In 2024, China's total exports grew 7.1% year-on-year to reach 25.45 trillion yuan ($3.47 trillion), while imports grew 2.3% to reach 18.39 trillion yuan (2.51 trillion dollars).

The Chinese trade surplus in 2024 has reached 7.06 trillion yuan (almost 1 trillion dollars) and has grown by 22% compared to the previous year.

The key components of Chinese exports have been (1) technology and electronics, which remains the main driver of Chinese exports, with strong demand for semiconductors, solar panels and consumer electronics; (2) electric cars and machinery, which have experienced significant growth, consolidating China as a leader in the transition towards green technologies and sustainable mobility; and (3) consumer goods, including textiles, toys and household appliances, for which demand remained stable, especially in emerging markets.

Trade with the United States and the European Union

Trade between China and the United States in 2024 grew 4.9% year-on-year to 4.90 trillion yuan ($668 billion).

China's exports to the United States in 2024 grew 6.1% to 3.73 trillion yuan ($509 billion), while imports increased 1.2% to 1.16 trillion yuan (158 billion dollars). The North American trade deficit with China in 2024 has grown 8.5% to $350 billion.

The trade relationship between China and the European Union in 2024, despite trade frictions, reached 5.59 trillion yuan ($762 billion), with a growth of 1.6% compared to the previous year.

China's exports to the European Union totaled 3.68 trillion yuan ($501 billion), a year-on-year growth of 4.3% reflecting strong European demand for Chinese products, while Chinese imports from the European Union reached 1.92 trillion yuan ($261 billion), representing a decrease of 3.3% from the previous year. The European Union's trade deficit with China in 2024 has grown by 14.1% to $240 billion.

Exports to the United States and the European Union represent, respectively, 14.7% and 14.4% of total Chinese exports, behind China's first partner, ASEAN (an association of 10 Southeast Asian countries).

The failure of the United States and the European Union in their attempt to weaken Chinese exports is a reflection of the current economic and political complexity. Both Western powers have implemented numerous strategies, from tariffs to technological restrictions, to block China but the results have not been as expected.

China has developed a robust, diversified economic system with a remarkable capacity for adaptation. Its focus on technological development, industrialization and strengthening the internal market has allowed it to overcome the barriers imposed by the West. Furthermore, Chinese companies have proven to be highly competitive, offering products at lower prices and increasing quality.

China's role as “the world's factory” remains fundamental. The global supply chain's dependence on products made in China, from technological components to consumer goods, makes it difficult for the United States and the European Union to replace China as a major supplier. Additionally, the Chinese government has invested significantly in technological innovation, reducing its dependence on foreign technologies. And some Chinese companies have adopted localization strategies, setting up manufacturing plants and operations in foreign countries to circumvent tariffs and restrictions.

Regardless of what the United States and the European Union do, China has strengthened its trade relations with emerging markets, such as Latin America, Africa and Southeast Asia. These countries, seeking economic alternatives outside Western dominance, have welcomed trade with China, ensuring its continuity despite sanctions or restrictions in traditional markets.

On the other hand, and although China is the largest exporter in the world in absolute terms, it is not so in comparison to the volume of its GDP. Chinese exports do not reach 20% of its GDP, behind many countries, practically half that of Spain and below the world average. The Western attempt to bankrupt the Chinese economy by blocking its exports has a difficult time; it is neither its weak point nor has it been touched. China's true power is its capacity for economic and technological development and the fact that it has become the largest market on the planet and where practically half of the world's middle class resides.

In any case, this attempt by the United States and the European Union to weaken Chinese exports highlights the limitations of coercive strategies in an interconnected world. Both Western blocs should rethink their policies and reconsider the need for cooperation and honest competition in a global system that, inevitably, already includes China as a main actor.

Routine file operations have never been so dangerous.

Six security vulnerabilities have been discovered in Rsync, a popular file synchronization tool for Unix systems, some of which allow attackers to execute arbitrary code on the client system.

CERT Coordination Center (CERT/CC) reported that if they have control of a malicious server, attackers can read and write any files on connected clients. This creates the risk of leaking sensitive information such as SSH keys and executing malicious code by modifying files such as ~/.bashrc or ~/.popt.

The list of discovered vulnerabilities includes:

• CVE-2024-12084 (CVSS 9.8): Heap overflow due to incorrect handling of checksum length;
• CVE-2024-12085 (CVSS 7.5): Data leakage via uninitialized stack contents;
• CVE-2024-12086 (CVSS 6.1): Rsync server leaks arbitrary client files;
• CVE-2024-12087 (CVSS 6.5): Path Traversal Vulnerability;
• CVE-2024-12088 (CVSS 6.5): Bypass of the —safe-links option leading to a path traversal attack;

• CVE-2024-12747 (CVSS 5.6): Race condition when handling symbolic links. The first five vulnerabilities were discovered by researchers from Google Cloud Vulnerability Research – Simon Scannell, Pedro Gallegos and Jaziel Spelman. The latest vulnerability was disclosed by security researcher Alexey Gorban.

• CVE-2024-12084 is recognized as particularly dangerous; to exploit it, an attacker only needs to have anonymous read access to the Rsync server. As noted by Nick Tate from Red Hat Product Security, the combined use of vulnerabilities * CVE-2024-12084 and CVE-2024-12085 allows arbitrary code execution on a client using the Rsync server.

In version Rsync 3.4.0, available today, the developers have fixed all six vulnerabilities. Users who are unable to update are advised to take the following measures:

For CVE-2024-12084: disable SHA support by compiling with the CFLAGS=-DDISABLESHA512DIGEST and CFLAGS=-DDISABLESHA256DIGEST flags. For CVE-2024-12085: use the -ftrivial-auto-var-init=zero compilation flag to pad the stack contents with zeros.

Maybe he's not a genius?

Elon Musk decided to demonstrate his programming knowledge and philosophical nature, but instead accidentally embarrassed himself in front of millions of users. In December 2021, the entrepreneur published a message in the format of a Linux operating system command. He used the traceroute command, which is actually used to trace the path of network data across the Internet, and added to it a strange construct “wokemindvirus” (literally, “woke mind virus”).

A few years later, Musk decided to continue his joke by simulating a dialogue with a computer system. He posted the supposed response: “wokemindvirus found at 127.0.0.1” (the virus was found at 127.0.0.1), and then added a line saying that the virus was removed using the rm -rf command.

Probably, with these messages, the billionaire was trying to ridicule progressive social ideas, whose adherents in the English-speaking world are called “woke” (literally “awakened”, meaning “aware of social problems”). It is curious that he himself once shared these views, and now regularly criticizes them on social networks.

Philosophy and politics aside, you might notice that this attempt at humor reveals poor knowledge of programming principles. First, the address 127.0.0.1 in computer networks always points to the user's own computer – it's like writing “here” as a mailing address. It turns out that Musk accidentally admitted that the “virus” he was making fun of was in his own head.

In a dialogue with subscribers, the billionaire agreed with this interpretation. To the comment “The local host was infected,” he replied: “But not anymore,” as if cementing the metaphor of changing his own beliefs.

However, there are other technical inconsistencies. For example, the traceroute command is designed to trace the route of network packets across the Internet. It shows the request path to the server, but cannot be used to search for files. There is a special find command for this task in Linux.

The next part of the joke is even worse. Elon uses the rm -rf command, which is considered one of the most powerful and potentially dangerous in Linux. It is designed to forcefully delete entire directories along with all their contents, without asking for confirmation. Using such “heavy artillery” to delete just one file is like hammering a pushpin with a sledgehammer

Programmers also noted the non-standard format of the deletion message. In reality, the rm -rf command does not notify the user of success. Moreover, if we assume that the line “wokemindvirus deleted rm -rf” was intended as a deletion command, then its syntax violates all the rules of command structure in Linux – the parameters are in the wrong order, and the lack of specifying a specific directory makes the command completely meaningless.

So can we continue to call him a genius?

These are excepts of the creator of Hubzilla, Streams, Friendica and a few other Fediverse platforms, Mike Macgirvin.

The streams repository is a fediverse server with a long history. It began in 2010 as a decentralised Facebook alternative called Mistpark. It has gone through a number of twists and turns in its long journey of providing federated communications. The fediverse servers Friendica and Hubzilla are early branches of this repository.

The first thing to be aware of when discussing the streams repository is that it has no brand or brand identity. None. The name is the name of a code repository. Hence “the streams repository”. It isn't a product. It's just a collection of code which implements a fediverse server that does some really cool stuff. There is no flagship instance. There is no mascot. In fact all brand information has been removed. You are free to release it under your own brand. Whatever you decide to call your instance of the software is the only brand you'll see. The software is in the public domain to the extent permissable by law. There is no license.

If you look for the streams repository in a list of popular fediverse servers, you won't find it. We're not big on tracking and other spyware. Nobody knows how many instances there are or how many Monthly Active Users there are. These things are probably important to corporations considering takeover targets. They aren't so important to people sharing things with friends and family.

Due to its origins as a Facebook alternative, the software has a completely different focus than those fediverse projects modelled after Twitter/X. Everything is built around the use of permissions and the resulting online safety that permissions-based systems provide. Comment controls are built-in. Uploaded media and document libraries are built-in and media access can be restricted with fine-grained permissions – as can your posts. Groups are built-in. “Circles” are built-in. Events are built-in. Search and search permissions? Yup. Built-in also. It's based on Opensearch. You can even search from your browser and find anything you have permission to search for. Spam is practically non-existent. Online harrassment and abuse are likewise almost non-existent. Moderation is a built-in capability. If you're not sure about a new contact, set them to moderated, and you'll have a chance to approve all of their comments to your posts before those comments are shared with your true friends and family. For many fediverse projects, the only way to control this kind of abusive behavior is through blocking individuals or entire websites. The streams repository offers this ability as well. You'll just find that you hardly ever need to use it.

Because federated social media is a different model of communications based on decentralization, cross-domain single sign-on is also built-in. All of the streams instances interact cooperatively to provide what looks like one huge instance to anybody using it – even though it consists of hundreds of instances of all sizes.

Nomadic identity is built-in. You can clone your identity to another instance and we will keep them in sync to the best of our ability. If one server goes down, no big deal. Use the other. If it comes back up again, you can go back. If it stays down forever, no big deal. All of your friends and all your content are available on any of your cloned instances. So are your photos and videos, and so are your permission settings. If you made a video of the kids to share with grandma (and nobody else), grandma can still see the video no matter what instance she accesses it from. Nobody else can.

Choose from our library of custom filters and algorithms if you need better control of the stuff that lands in your stream. By default, your conversations are restricted to your friends and are not public. You can change this if you want, but this is the most sensible default for a safe online experience.

There are no inherent limits to the length of posts or the number of photos/videos you can attach or really any limits at all. You can just share stuff without concerning yourself with any of these arbitrary limitations.

Need an app? Just visit a website running the streams repository code and and install it from your browser.

Nobody is trying to sell you this software or aggressively convince you to use it. What we're trying to do is show you through our own actions and example that there are more sensible ways to create federated social networks than what you've probably experienced.

You can find us at https://codeberg.org/streams/streams

A support group is provided at @Streams

Have a wonderful day.

There are a number of traditional Facebook alternatives in the fediverse... if that's what you seek. Don't expect the same level of commercial focus as the Twitter alternatives. The Facebook-based platforms are usually more focused on online safety, family-friendly spaces, and identity management/resilience.

https://codeberg.org/streams/streams https://framagit.com/hubzilla/core https://github.com/friendica/friendica https://github.com/grishka/smithereen https://codeberg.org/fortified/forte

Controversial Business Moves To Europe To Protect Itself From Sanctions.

Controversial Business indeed. One can tell much about a story just by the headline sometimes. As soon as we saw this one, the first thing we thought, was this is a business run by Jews. Which probably means that these stores selling these alleged spy techs, are probably fake and everything going on there is a scam and a con.

In late 2023, an Israeli cybersecurity researcher from Tel Aviv was recruited through LinkedIn for a high-paying job abroad. Representatives of the company assured that this is a legitimate organization in the field of offensive security (Offensive Security), which is just starting its activities in Barcelona. However, the recruitment process made the researcher suspicious.

In an interview with TechCrunch, the specialist said that communication was accompanied by strange secrecy. Some company employees refused to give their full names and did not disclose the location of the office or even the name of the company for a long time. The researcher noted that it appeared to be an attempt to hide potentially problematic activity.

The company was presented by Alexey Levin, a former developer of spyware manufacturer NSO Group. Levin said the company is called Palm Beach Networks and develops sophisticated spyware ranging from exploits to spyware.

Barcelona was not chosen for a startup by chance. Company employees explained that the city is attractive due to its comfortable climate, tax incentives and developed infrastructure for IT business. However, this choice is questionable given the recent scandals surrounding the use of spyware against politicians and activists in Spain.

Barcelona has become a hotspot for companies developing exploits and spyware in recent years. Among them are the startup Paradigm Shift, which emerged after the collapse of Variston, and the company Epsilon, founded by a former employee of the defense giant L3Harris. In addition, Israeli developers who previously worked in Singapore have also settled in this Catalan city, making it a European hub for similar organizations.

The reasons for companies moving from Israel to Barcelona lie not only in the climate and favorable taxes. After a series of scandals with NSO Group, Israeli authorities began to restrict the export of spy technology, which forced firms to look for more friendly jurisdictions in the EU.

However, Palm Beach Networks has already ceased to exist under this name. According to the documents, she changed several legal entities, including Defense Prime Inc. and Head and Tail, which continues to operate in Spain. Head and Tail representatives do not comment on their activities, but on their website the company states that it deals with cybersecurity issues, including threat analysis and incident response, but the employees have experience working for well-known spyware manufacturers.

The Israeli researcher refused an offer to work at Palm Beach Networks, fearing a repeat of the fate of NSO Group employees who faced blocking of their accounts on social networks and visa problems in the United States. According to the specialist, working in a company with such a closed structure is too much of a risk, despite the high salary.

It's just that in 2025, Redmond residents will spend $80 billion on data centers for AI.

Microsoft has notified Microsoft 365 users in six countries in the Asia-Pacific region that they will be significantly increasing their renewal prices. Australian users, faced with rising costs of living, reacted particularly strongly to this news. Online, many have accused Microsoft of price gouging, pointing out that a number of the AI ​​features offered in M365 are available for free from other providers.

The price increases affected Australia, New Zealand, Malaysia, Singapore, Taiwan and Thailand. The cost of an annual Microsoft 365 Family subscription in Australia, for example, will increase from 139 to 179 Australian dollars (from 85.5 to 110 US dollars) – an increase of almost 29%. The price of the M365 Personal will jump from AU$109 to AU$159 (US$67 to 98), an increase of almost 46%. The Microsoft Australia website lists the new prices at AU$159 and AU$179 for Personal and Family subscriptions respectively.

Microsoft attributes the price increases to increased Microsoft 365 functionality over the past 12 years, including improved protection with Microsoft Defender, creative tools such as Clipchamp, numerous enhancements to Word, Excel, PowerPoint, OneNote and Outlook, and new features such as Microsoft Copilot and Microsoft Designer. The company says users can choose a version of Microsoft 365 without Copilot, thereby avoiding the price increase. However, in practice this option is difficult to find: it only appears when you cancel your subscription. A search for the “classic” version of M365 that the Microsoft representative mentioned also turned up no results.

While Microsoft hasn't confirmed whether the price increase will be in other regions or whether it will affect volume licenses, the company said the goal of the changes is to “listen, learn and improve.” The choice of six countries in the Asia-Pacific region to test customer response is not accidental: these countries are characterized by high levels of prosperity and widespread adoption of the latest technologies. Perhaps the negative response will force Microsoft to reconsider its pricing policy. After all, someone will have to pay for the $80 billion Microsoft plans to spend on data centers in 2025, most of which will be used for AI.

Roskomnadzor stated that they do not know the reasons for the fall of the Internet.

There was a major outage in the work of Russian telecommunications providers, affecting users in Moscow and the Moscow region, regardless of their service provider. Operator customers report problems with Internet access and mobile applications.

Users complain about failures in the operation of mobile applications and the Internet from mobile operators. In particular, the following sites do not work for Russian users: Google, Liveinternet, Wikipedia, Russian Railways and others. Sites for monitoring communication problems Sboy.rf and Downdetector do not open. Users also complain about problems when ordering a taxi or completing a car sharing trip.

The failure also affected banking applications, which do not work even when connected via mobile Internet. Problems are also observed with the Outlook email service.

At the same time, users located outside of Russia report that all pages and services load without interruption. Roskomnadzor told Mash that they do not know the reasons for the decline of the Internet in Russia.

“Failures are being recorded for all operators, and the cause of the failure is being established,” the RKN press service said.

Rostelecom, Beeline and T2 told RIA Novosti that their networks are operating normally, problems with Internet access occur due to reasons beyond their control.

Telegram channels report that the failure began at 17:05 Moscow time and was fixed at 18:05. During this period, total traffic in the country decreased from 5.6 Tbps to 3.6 Tbps, a drop of 35%. Despite the lack of regulations for such situations, this effectively means shutting down a third of the Internet throughout the country.

According to calculations on the NetBlocks platform, an hour of downtime is estimated at $16.8 million in damage to the Russian economy.

Upd: Roskomnadzor called the cause of the failure a short-term disruption of connectivity. According to the department, the operation of the network was promptly restored by the duty services of the Center for Monitoring and Control of the Public Communications Network.

According to the Caution Media source in the Ministry of Digital Development, the cause of the failure was the update of the Automatic Internet Security System (ASBI), which is responsible for the functioning of the “sovereign RuNet”. According to the source, Rostelecom PJSC, as part of the ASBI update, “incorrectly rolled out the update,” which led to errors and malfunctions in the operation of technical threat countermeasures (TCTC) throughout the country.