Ebrius Disputatios

Spectacular growth in China's exports to the US (6.1%) and the EU (4.3%) in 2024, rising to more than double the growth of the US economy and almost 5 times the growth of the economy of the European Union. The trade deficit of both economies with China grows by 8.5% and 14.1% in 2024 to total $590 billion. China's trade surplus with the United States and the European Union is 61.5% of the total Chinese surplus of 963 billion dollars (an amount that almost reaches that of Spain's GDP).

In 2024, China's foreign trade has achieved record figures, with a notable performance in the fourth quarter and December that augurs well for 2025. China's imports and exports grew by 5% year-on-year in 2024 to reach 43 .85 trillion yuan ($5.98 trillion), according to data published by the General Administration of Customs (GAC) of China.

In 2024, China's total exports grew 7.1% year-on-year to reach 25.45 trillion yuan ($3.47 trillion), while imports grew 2.3% to reach 18.39 trillion yuan (2.51 trillion dollars).

The Chinese trade surplus in 2024 has reached 7.06 trillion yuan (almost 1 trillion dollars) and has grown by 22% compared to the previous year.

The key components of Chinese exports have been (1) technology and electronics, which remains the main driver of Chinese exports, with strong demand for semiconductors, solar panels and consumer electronics; (2) electric cars and machinery, which have experienced significant growth, consolidating China as a leader in the transition towards green technologies and sustainable mobility; and (3) consumer goods, including textiles, toys and household appliances, for which demand remained stable, especially in emerging markets.

Trade with the United States and the European Union

Trade between China and the United States in 2024 grew 4.9% year-on-year to 4.90 trillion yuan ($668 billion).

China's exports to the United States in 2024 grew 6.1% to 3.73 trillion yuan ($509 billion), while imports increased 1.2% to 1.16 trillion yuan (158 billion dollars). The North American trade deficit with China in 2024 has grown 8.5% to $350 billion.

The trade relationship between China and the European Union in 2024, despite trade frictions, reached 5.59 trillion yuan ($762 billion), with a growth of 1.6% compared to the previous year.

China's exports to the European Union totaled 3.68 trillion yuan ($501 billion), a year-on-year growth of 4.3% reflecting strong European demand for Chinese products, while Chinese imports from the European Union reached 1.92 trillion yuan ($261 billion), representing a decrease of 3.3% from the previous year. The European Union's trade deficit with China in 2024 has grown by 14.1% to $240 billion.

Exports to the United States and the European Union represent, respectively, 14.7% and 14.4% of total Chinese exports, behind China's first partner, ASEAN (an association of 10 Southeast Asian countries).

The failure of the United States and the European Union in their attempt to weaken Chinese exports is a reflection of the current economic and political complexity. Both Western powers have implemented numerous strategies, from tariffs to technological restrictions, to block China but the results have not been as expected.

China has developed a robust, diversified economic system with a remarkable capacity for adaptation. Its focus on technological development, industrialization and strengthening the internal market has allowed it to overcome the barriers imposed by the West. Furthermore, Chinese companies have proven to be highly competitive, offering products at lower prices and increasing quality.

China's role as “the world's factory” remains fundamental. The global supply chain's dependence on products made in China, from technological components to consumer goods, makes it difficult for the United States and the European Union to replace China as a major supplier. Additionally, the Chinese government has invested significantly in technological innovation, reducing its dependence on foreign technologies. And some Chinese companies have adopted localization strategies, setting up manufacturing plants and operations in foreign countries to circumvent tariffs and restrictions.

Regardless of what the United States and the European Union do, China has strengthened its trade relations with emerging markets, such as Latin America, Africa and Southeast Asia. These countries, seeking economic alternatives outside Western dominance, have welcomed trade with China, ensuring its continuity despite sanctions or restrictions in traditional markets.

On the other hand, and although China is the largest exporter in the world in absolute terms, it is not so in comparison to the volume of its GDP. Chinese exports do not reach 20% of its GDP, behind many countries, practically half that of Spain and below the world average. The Western attempt to bankrupt the Chinese economy by blocking its exports has a difficult time; it is neither its weak point nor has it been touched. China's true power is its capacity for economic and technological development and the fact that it has become the largest market on the planet and where practically half of the world's middle class resides.

In any case, this attempt by the United States and the European Union to weaken Chinese exports highlights the limitations of coercive strategies in an interconnected world. Both Western blocs should rethink their policies and reconsider the need for cooperation and honest competition in a global system that, inevitably, already includes China as a main actor.

Routine file operations have never been so dangerous.

Six security vulnerabilities have been discovered in Rsync, a popular file synchronization tool for Unix systems, some of which allow attackers to execute arbitrary code on the client system.

CERT Coordination Center (CERT/CC) reported that if they have control of a malicious server, attackers can read and write any files on connected clients. This creates the risk of leaking sensitive information such as SSH keys and executing malicious code by modifying files such as ~/.bashrc or ~/.popt.

The list of discovered vulnerabilities includes:

• CVE-2024-12084 (CVSS 9.8): Heap overflow due to incorrect handling of checksum length;
• CVE-2024-12085 (CVSS 7.5): Data leakage via uninitialized stack contents;
• CVE-2024-12086 (CVSS 6.1): Rsync server leaks arbitrary client files;
• CVE-2024-12087 (CVSS 6.5): Path Traversal Vulnerability;
• CVE-2024-12088 (CVSS 6.5): Bypass of the —safe-links option leading to a path traversal attack;

• CVE-2024-12747 (CVSS 5.6): Race condition when handling symbolic links. The first five vulnerabilities were discovered by researchers from Google Cloud Vulnerability Research – Simon Scannell, Pedro Gallegos and Jaziel Spelman. The latest vulnerability was disclosed by security researcher Alexey Gorban.

• CVE-2024-12084 is recognized as particularly dangerous; to exploit it, an attacker only needs to have anonymous read access to the Rsync server. As noted by Nick Tate from Red Hat Product Security, the combined use of vulnerabilities * CVE-2024-12084 and CVE-2024-12085 allows arbitrary code execution on a client using the Rsync server.

In version Rsync 3.4.0, available today, the developers have fixed all six vulnerabilities. Users who are unable to update are advised to take the following measures:

For CVE-2024-12084: disable SHA support by compiling with the CFLAGS=-DDISABLESHA512DIGEST and CFLAGS=-DDISABLESHA256DIGEST flags. For CVE-2024-12085: use the -ftrivial-auto-var-init=zero compilation flag to pad the stack contents with zeros.

Maybe he's not a genius?

Elon Musk decided to demonstrate his programming knowledge and philosophical nature, but instead accidentally embarrassed himself in front of millions of users. In December 2021, the entrepreneur published a message in the format of a Linux operating system command. He used the traceroute command, which is actually used to trace the path of network data across the Internet, and added to it a strange construct “wokemindvirus” (literally, “woke mind virus”).

A few years later, Musk decided to continue his joke by simulating a dialogue with a computer system. He posted the supposed response: “wokemindvirus found at 127.0.0.1” (the virus was found at 127.0.0.1), and then added a line saying that the virus was removed using the rm -rf command.

Probably, with these messages, the billionaire was trying to ridicule progressive social ideas, whose adherents in the English-speaking world are called “woke” (literally “awakened”, meaning “aware of social problems”). It is curious that he himself once shared these views, and now regularly criticizes them on social networks.

Philosophy and politics aside, you might notice that this attempt at humor reveals poor knowledge of programming principles. First, the address 127.0.0.1 in computer networks always points to the user's own computer – it's like writing “here” as a mailing address. It turns out that Musk accidentally admitted that the “virus” he was making fun of was in his own head.

In a dialogue with subscribers, the billionaire agreed with this interpretation. To the comment “The local host was infected,” he replied: “But not anymore,” as if cementing the metaphor of changing his own beliefs.

However, there are other technical inconsistencies. For example, the traceroute command is designed to trace the route of network packets across the Internet. It shows the request path to the server, but cannot be used to search for files. There is a special find command for this task in Linux.

The next part of the joke is even worse. Elon uses the rm -rf command, which is considered one of the most powerful and potentially dangerous in Linux. It is designed to forcefully delete entire directories along with all their contents, without asking for confirmation. Using such “heavy artillery” to delete just one file is like hammering a pushpin with a sledgehammer

Programmers also noted the non-standard format of the deletion message. In reality, the rm -rf command does not notify the user of success. Moreover, if we assume that the line “wokemindvirus deleted rm -rf” was intended as a deletion command, then its syntax violates all the rules of command structure in Linux – the parameters are in the wrong order, and the lack of specifying a specific directory makes the command completely meaningless.

So can we continue to call him a genius?

These are excepts of the creator of Hubzilla, Streams, Friendica and a few other Fediverse platforms, Mike Macgirvin.

The streams repository is a fediverse server with a long history. It began in 2010 as a decentralised Facebook alternative called Mistpark. It has gone through a number of twists and turns in its long journey of providing federated communications. The fediverse servers Friendica and Hubzilla are early branches of this repository.

The first thing to be aware of when discussing the streams repository is that it has no brand or brand identity. None. The name is the name of a code repository. Hence “the streams repository”. It isn't a product. It's just a collection of code which implements a fediverse server that does some really cool stuff. There is no flagship instance. There is no mascot. In fact all brand information has been removed. You are free to release it under your own brand. Whatever you decide to call your instance of the software is the only brand you'll see. The software is in the public domain to the extent permissable by law. There is no license.

If you look for the streams repository in a list of popular fediverse servers, you won't find it. We're not big on tracking and other spyware. Nobody knows how many instances there are or how many Monthly Active Users there are. These things are probably important to corporations considering takeover targets. They aren't so important to people sharing things with friends and family.

Due to its origins as a Facebook alternative, the software has a completely different focus than those fediverse projects modelled after Twitter/X. Everything is built around the use of permissions and the resulting online safety that permissions-based systems provide. Comment controls are built-in. Uploaded media and document libraries are built-in and media access can be restricted with fine-grained permissions – as can your posts. Groups are built-in. “Circles” are built-in. Events are built-in. Search and search permissions? Yup. Built-in also. It's based on Opensearch. You can even search from your browser and find anything you have permission to search for. Spam is practically non-existent. Online harrassment and abuse are likewise almost non-existent. Moderation is a built-in capability. If you're not sure about a new contact, set them to moderated, and you'll have a chance to approve all of their comments to your posts before those comments are shared with your true friends and family. For many fediverse projects, the only way to control this kind of abusive behavior is through blocking individuals or entire websites. The streams repository offers this ability as well. You'll just find that you hardly ever need to use it.

Because federated social media is a different model of communications based on decentralization, cross-domain single sign-on is also built-in. All of the streams instances interact cooperatively to provide what looks like one huge instance to anybody using it – even though it consists of hundreds of instances of all sizes.

Nomadic identity is built-in. You can clone your identity to another instance and we will keep them in sync to the best of our ability. If one server goes down, no big deal. Use the other. If it comes back up again, you can go back. If it stays down forever, no big deal. All of your friends and all your content are available on any of your cloned instances. So are your photos and videos, and so are your permission settings. If you made a video of the kids to share with grandma (and nobody else), grandma can still see the video no matter what instance she accesses it from. Nobody else can.

Choose from our library of custom filters and algorithms if you need better control of the stuff that lands in your stream. By default, your conversations are restricted to your friends and are not public. You can change this if you want, but this is the most sensible default for a safe online experience.

There are no inherent limits to the length of posts or the number of photos/videos you can attach or really any limits at all. You can just share stuff without concerning yourself with any of these arbitrary limitations.

Need an app? Just visit a website running the streams repository code and and install it from your browser.

Nobody is trying to sell you this software or aggressively convince you to use it. What we're trying to do is show you through our own actions and example that there are more sensible ways to create federated social networks than what you've probably experienced.

You can find us at https://codeberg.org/streams/streams

A support group is provided at @Streams

Have a wonderful day.

There are a number of traditional Facebook alternatives in the fediverse... if that's what you seek. Don't expect the same level of commercial focus as the Twitter alternatives. The Facebook-based platforms are usually more focused on online safety, family-friendly spaces, and identity management/resilience.

https://codeberg.org/streams/streams https://framagit.com/hubzilla/core https://github.com/friendica/friendica https://github.com/grishka/smithereen https://codeberg.org/fortified/forte

Controversial Business Moves To Europe To Protect Itself From Sanctions.

Controversial Business indeed. One can tell much about a story just by the headline sometimes. As soon as we saw this one, the first thing we thought, was this is a business run by Jews. Which probably means that these stores selling these alleged spy techs, are probably fake and everything going on there is a scam and a con.

In late 2023, an Israeli cybersecurity researcher from Tel Aviv was recruited through LinkedIn for a high-paying job abroad. Representatives of the company assured that this is a legitimate organization in the field of offensive security (Offensive Security), which is just starting its activities in Barcelona. However, the recruitment process made the researcher suspicious.

In an interview with TechCrunch, the specialist said that communication was accompanied by strange secrecy. Some company employees refused to give their full names and did not disclose the location of the office or even the name of the company for a long time. The researcher noted that it appeared to be an attempt to hide potentially problematic activity.

The company was presented by Alexey Levin, a former developer of spyware manufacturer NSO Group. Levin said the company is called Palm Beach Networks and develops sophisticated spyware ranging from exploits to spyware.

Barcelona was not chosen for a startup by chance. Company employees explained that the city is attractive due to its comfortable climate, tax incentives and developed infrastructure for IT business. However, this choice is questionable given the recent scandals surrounding the use of spyware against politicians and activists in Spain.

Barcelona has become a hotspot for companies developing exploits and spyware in recent years. Among them are the startup Paradigm Shift, which emerged after the collapse of Variston, and the company Epsilon, founded by a former employee of the defense giant L3Harris. In addition, Israeli developers who previously worked in Singapore have also settled in this Catalan city, making it a European hub for similar organizations.

The reasons for companies moving from Israel to Barcelona lie not only in the climate and favorable taxes. After a series of scandals with NSO Group, Israeli authorities began to restrict the export of spy technology, which forced firms to look for more friendly jurisdictions in the EU.

However, Palm Beach Networks has already ceased to exist under this name. According to the documents, she changed several legal entities, including Defense Prime Inc. and Head and Tail, which continues to operate in Spain. Head and Tail representatives do not comment on their activities, but on their website the company states that it deals with cybersecurity issues, including threat analysis and incident response, but the employees have experience working for well-known spyware manufacturers.

The Israeli researcher refused an offer to work at Palm Beach Networks, fearing a repeat of the fate of NSO Group employees who faced blocking of their accounts on social networks and visa problems in the United States. According to the specialist, working in a company with such a closed structure is too much of a risk, despite the high salary.

It's just that in 2025, Redmond residents will spend $80 billion on data centers for AI.

Microsoft has notified Microsoft 365 users in six countries in the Asia-Pacific region that they will be significantly increasing their renewal prices. Australian users, faced with rising costs of living, reacted particularly strongly to this news. Online, many have accused Microsoft of price gouging, pointing out that a number of the AI ​​features offered in M365 are available for free from other providers.

The price increases affected Australia, New Zealand, Malaysia, Singapore, Taiwan and Thailand. The cost of an annual Microsoft 365 Family subscription in Australia, for example, will increase from 139 to 179 Australian dollars (from 85.5 to 110 US dollars) – an increase of almost 29%. The price of the M365 Personal will jump from AU$109 to AU$159 (US$67 to 98), an increase of almost 46%. The Microsoft Australia website lists the new prices at AU$159 and AU$179 for Personal and Family subscriptions respectively.

Microsoft attributes the price increases to increased Microsoft 365 functionality over the past 12 years, including improved protection with Microsoft Defender, creative tools such as Clipchamp, numerous enhancements to Word, Excel, PowerPoint, OneNote and Outlook, and new features such as Microsoft Copilot and Microsoft Designer. The company says users can choose a version of Microsoft 365 without Copilot, thereby avoiding the price increase. However, in practice this option is difficult to find: it only appears when you cancel your subscription. A search for the “classic” version of M365 that the Microsoft representative mentioned also turned up no results.

While Microsoft hasn't confirmed whether the price increase will be in other regions or whether it will affect volume licenses, the company said the goal of the changes is to “listen, learn and improve.” The choice of six countries in the Asia-Pacific region to test customer response is not accidental: these countries are characterized by high levels of prosperity and widespread adoption of the latest technologies. Perhaps the negative response will force Microsoft to reconsider its pricing policy. After all, someone will have to pay for the $80 billion Microsoft plans to spend on data centers in 2025, most of which will be used for AI.

Roskomnadzor stated that they do not know the reasons for the fall of the Internet.

There was a major outage in the work of Russian telecommunications providers, affecting users in Moscow and the Moscow region, regardless of their service provider. Operator customers report problems with Internet access and mobile applications.

Users complain about failures in the operation of mobile applications and the Internet from mobile operators. In particular, the following sites do not work for Russian users: Google, Liveinternet, Wikipedia, Russian Railways and others. Sites for monitoring communication problems Sboy.rf and Downdetector do not open. Users also complain about problems when ordering a taxi or completing a car sharing trip.

The failure also affected banking applications, which do not work even when connected via mobile Internet. Problems are also observed with the Outlook email service.

At the same time, users located outside of Russia report that all pages and services load without interruption. Roskomnadzor told Mash that they do not know the reasons for the decline of the Internet in Russia.

“Failures are being recorded for all operators, and the cause of the failure is being established,” the RKN press service said.

Rostelecom, Beeline and T2 told RIA Novosti that their networks are operating normally, problems with Internet access occur due to reasons beyond their control.

Telegram channels report that the failure began at 17:05 Moscow time and was fixed at 18:05. During this period, total traffic in the country decreased from 5.6 Tbps to 3.6 Tbps, a drop of 35%. Despite the lack of regulations for such situations, this effectively means shutting down a third of the Internet throughout the country.

According to calculations on the NetBlocks platform, an hour of downtime is estimated at $16.8 million in damage to the Russian economy.

Upd: Roskomnadzor called the cause of the failure a short-term disruption of connectivity. According to the department, the operation of the network was promptly restored by the duty services of the Center for Monitoring and Control of the Public Communications Network.

According to the Caution Media source in the Ministry of Digital Development, the cause of the failure was the update of the Automatic Internet Security System (ASBI), which is responsible for the functioning of the “sovereign RuNet”. According to the source, Rostelecom PJSC, as part of the ASBI update, “incorrectly rolled out the update,” which led to errors and malfunctions in the operation of technical threat countermeasures (TCTC) throughout the country.

A new hardware breach could serve as an entry point for large-scale attacks.

Researchers have discovered a way to hack the ACE3 USB-C controller used for charging and data transfer in Apple devices, including iPhones and Macs. This component is proprietary to the company and plays a key role in the functioning of the Apple ecosystem.

During the Chaos Communication Congress in Hamburg, hacker Thomas Roth demonstrated a controller hack. He reverse engineered ACE3, revealing the internal software and communication protocols. Roth then reprogrammed the controller, allowing it to bypass built-in security checks, inject malicious commands, and perform other unauthorized actions.

The cause of the vulnerability was insufficient protection in the controller firmware, which allows attackers to gain low-level access, imitate trusted accessories, and perform other actions. However, according to Roth, exploiting this vulnerability requires significant effort.

Roth notified Apple of the problem, but the company determined that the high level of sophistication of the attack made it an unlikely threat. The hacker agreed with this conclusion, noting that his work was exploratory in nature and aimed at identifying fundamental vulnerabilities.

Although Apple currently has no plans to fix the problem, experts agree that large companies need to pay more attention to hardware solutions to prevent similar attacks in the future.

VPN became a tool for hacking a British domain registrar.

British domain registrar Nominet is investigating a possible hack of its network in which hackers exploited a zero-day vulnerability in Ivanti software.

The suspicious activity was discovered late last week through a bug in a third-party VPN service from Ivanti. The software is used by Nominet employees to remotely access systems. The attack vector was related to a zero-day vulnerability.

At this time, the company says there is no evidence of data leakage or theft. There were also no traces of backdoors or other forms of unauthorized access to the network. To enhance security, access to systems via VPN was limited. Domain registration and management systems continue to operate as normal.

Nominet, which manages more than 11 million .uk domains, as well as .wales, .pharmacy and .career domains, said the investigation was being carried out in conjunction with external experts and notifications had been issued to customers, members and relevant authorities including the UK National Cyber ​​Security Center (NCSC).

All signs point to Nominet being the first organization publicly identified as a victim of the ongoing exploitation of CVE-2025-0282 (CVSS Score: 9.0), a zero-day vulnerability affecting Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways. Ivanti and Mandiant confirmed that the attacks began in December, but the victims were not disclosed.

Mandiant discovered that this vulnerability was exploited by hackers associated with the Chinese group UNC5337. The attacks used the SPAWN malicious ecosystem, including previously unknown programs DRYHOOK and PHASEJAM. The main goals of cybercriminals are to steal credentials and install web shells to gain permanent access.

Ivanti has released patches for Connect Secure, but patches for Policy Secure and Neurons for ZTA will not be available until January 21st. The company came under fire last year for delaying updates, leaving thousands of organizations without protection. Nominet says it has already begun rolling out the fixes. Users of Ivanti products are encouraged to update their software as soon as possible.

After the Romanian Constitutional Court annulled the results of the first round of presidential elections shortly before the runoff, the date for a new presidential election has now been set.

from Anti-Spiegel January 9, 2025 6:00 am

It was a rare impressive presentation of “Western democracy” when no explicitly US, NATO and EU-friendly candidate made it to the runoff in the first round of the presidential elections in Romania in November, because that was canceled just two days before the planned runoff Romania's Constitutional Court quickly announced the election results after the USA and the EU protested and spoke of Russian election interference on TikTok. The Romanian Constitutional Court obediently invoked this, but without providing any evidence of the alleged election interference.

Interestingly, even the FAZ reported on December 19th that there was no evidence of alleged election interference by Russia. The article said:

“Even if experts consider Russian authorship of the expensive campaign on social media such as Tiktok to be plausible: Since the Constitutional Court's decision two weeks ago, Bucharest has not yet provided any explanation as to who is behind the foreign interference. Now Johannis explained during a press conference on Wednesday evening in Brussels that at the diplomatic level it was “extremely complicated to point the finger and say: it was you.”

On December 20, an investigative Romanian portal reported that there had apparently actually been an election influence by a TikTok campaign. However, this was not financed by Russia, but ironically by the EU-friendly liberal-conservative party PNL, which is part of the EPP bloc in the EU Parliament. Apparently there was some trickery involved, as the winner of the first round of elections, Georgescu, benefited from the campaign.

And according to the report, this is how it happened: Accordingly, the campaign was actually intended to lure voters from the social democratic party PSD to the PNL. However, when George Simion from the nationalist party Alianța pentru Unirea Românilor (AUR) became dangerous to the PNL during the election campaign, Georgescu, who was also described as nationalist, was also supposed to be promoted – allegedly on the advice of the president – in order to weaken Simion.

Why the Romanian presidential elections are so important.

The reason for the panic in the West after the first round of elections in November was the powers of the Romanian president, because in Romania the government is led by the prime minister, but the president has some important powers. For example, the president has control over defense spending, which is currently the most important thing for the US government and the EU leadership in view of NATO's demands for even higher arms spending and the EU's demands to support Ukraine on its own if necessary after Trump's election victory topic is.

Romania is also strategically very important for the USA because the country shares a border with Ukraine and Moldova. Romania is also a country with important naval ports for NATO on the Black Sea and the largest NATO base in Eastern Europe is currently being built in Romania. And, very importantly, part of the so-called US missile defense in Europe is in Romania.

After the first round of voting, Prime Minister Ciolacu, the only politician who was clearly pro-USA, pro-EU and pro-NATO, was thrown out of the presidential election and the runoff election included a candidate whose positions are not completely clear and a candidate who is clear against supporting Ukraine and to protect Romanian interests.

No matter which of the two would have won the runoff, at these crucial times for Washington and Brussels there was a risk that Romania could become an uncertain candidate in the fight against Russia.

So something had to be done and that's why Washington and Brussels built up gigantic pressure in the days that followed, whereupon the Romanian Constitutional Court annulled the election results.

This is how western democracy works and we can be excited to see what we will have to offer in the new presidential elections.