After giving in to Putin/Xi's demands to not provide starlink internet service over Taiwan, DOD officials are growing nervous about trusting Elon's Space company with our national secrets

According to estimates, more than 10,000 North Korean soldiers have been sent to Russia.

Putin's top security aide Sergei Shoigu visited North Korea last week and North Korean Foreign Minister Choe Son Hui is visiting Moscow this week.

"Forklift-Excalibur: He who pulls the fork out of the pillar shall become the ruler of storage-land"

cross-posted from: https://feddit.org/post/4283692

Threat actors sponsored by China "compromised" Canadian government networks over the past five years and collected valuable information, says a new report from Canada's cyber spy agency.

The Communications Security Establishment, responsible for foreign signals intelligence, cyber operations and cyber security, released its updated national cyber threat assessment on Wednesday. The assessment flags threats the agency sees as the most pressing ones facing individuals and organizations in Canada.

"We're often asked, what keeps up at night? Well, pick the page," Caroline Xavier, CSE chief, told a news conference in Ottawa.

CSE's latest report, which casts ahead to the 2025-2026 fiscal year, names the People's Republic of China (PRC) as "the most comprehensive cyber security threat facing Canada today" and says the scale, tradecraft and ambitions China demonstrates online are "second to none."

Tankers bearing sanctioned Russian liquefied natural gas (LNG) have clustered together off Russia's eastern coast, indicating that Moscow is struggling to sell the product amid Western restrictions, Bloomberg reported on Oct. 30.

Days before, commerical liquefication at Russia's Arctic LNG 2 came to a halt due to shipping difficulties imposed by Western sanctions.

Three of the tankers now anchored near Russia previously loaded cargo from the Arctic LNG 2 facility. The vessels — Nova Energy, Pioneer, and Asya Energy — are docked near the port of Nakhodka, according to ship-tracking data compiled by Bloomberg.

MBFC
Archive

Looks like golden poodle, but feels like too large to be…

A Finnish court has ordered the seizure of Russian assets in Finland worth tens of billions of euros after ruling in favour of Ukraine's state-owned oil and gas company, Naftogaz.

The court's decision followed a 2023 ruling by the Permanent Arbitration Court based in The Hague which ordered Russia to pay roughly €4.6bn in compensation to the company after seizing its assets illegally during the 2014 occupation of Crimea.

“Since Russia refuses to voluntarily pay Naftogaz the funds stipulated by The Hague ruling, we continue to use all available mechanisms to recover them. Today, we are one step closer to restoring justice. At the same time, we are taking active steps to enforce the arbitration award in other target jurisdictions involving Russian assets,” a statement from Naftogaz Group Board Chairman and CEO Oleksiy Chernyshov said.

[...]

Hey there Linux community. I’ve been interested in Linux lately and have been considering switching to Linux Mint from windows 11. My main pc is a Surface Laptop Studio with an intel i7, 32g ram, 1 terabyte ssd, and an rtx 3050 ti gpu. I’m thinking about trying out dual booting to see how I like it, but I have some questions. 

I use my laptop for a lot of creative work, video editing, web design, music production, photography, etc. I’m not too worried about it because I’ve come across many promising FOSS alternatives, but there’s some software I’d like to ask about specifically. I ditched Adobe Premiere in favor of Davinci Resolve a while ago and I know that there’s a native Linux version of Resolve, and I’m just curious about how well that runs for the people that use it?

As far as music production goes I’m an avid user of Ableton Live. It’s been my go to for years and I know that support for it on Linux isn’t the best, if it’s even there at all. I’ve seen a few people claim they’ve gotten it working but it seems a little suspicious to me. So to anyone in the music space, what are the best Linux supported alternatives? Or, in the event I decide to switch, should I maintain my dual boot setup to just stick with Ableton?

I’m also pretty locked into the Microsoft ecosystem with OneDrive (I get a terabyte of cloud storage for free so it’s where almost all of my files are). I’m in the process of trying to setup my own cloud storage with nextcloud or something similar, but until then I’m curious if I’d be able to set up OneDrive live file syncing in my Linux environment, similar to how it works on windows? If anyone has any experience with that I’d love to hear some input.

Not something that’s absolutely necessary, but I’m just curious if the touch support of my laptop would be maintained. Since it’s a surface device it’s actually a really nice touch screen, and the pen input is great, my wife borrows it for digital drawing sometimes and loves it. I don’t use it all the time but I do occasionally and it’d be a huge plus if it still worked just as well.

I think those are pretty much the only things holding me back from fully dedicating myself to switching, so I’d really appreciate some input. Thanks!

MAGA oligarch Elon Musk, continues his campaign of stochastic terrorism against anyone who opposes his illegal giveaway

No tricks, only treats, as the Drag Race UK winner plays host. Plus: Martin Lewis makes sense of this week’s historic budget. Here’s what to watch this evening

10.15pm, BBC Three “Condragulations” to Ginger Johnson, who needs no introduction to Drag Race fans: the self-styled “helium balloon in the shape of a woman” won series five of the UK version. Now she has her own spin-off, inviting visitors to her “camp as Christmas” house to celebrate all things drag and get some “domestic chores” done. Her visitor tonight is fellow Drag Race winner Danny Beard. Hollie Richardson

Continue reading...

I dont know who needs to hear this bit qBittorrent has a nasty vulnerability ( and there are some older ones too)

qBittorrent, on all platforms, did not verify any SSL certificates in its DownloadManager class from 2010 until October 2024. If it failed to verify a cert, it simply logged an error and proceeded.

To be exploitable, this bug requires either MITM access or DNS spoofing attacks, but under those conditions (seen regularly in some countries), impacts are severe.

The primary impact is single-click RCE for Windows builds from 2015 onward, when prompted to update python the exe is downloaded from a hardcoded URL, executed, and then deleted afterwards.

The secondary impact for all platforms is the update RSS feed can be poisoned with malicious update URLs which the user will open in their browser if they accept the prompt to update. This is browser hijacking and arbitrary exe delivery to a user who would likely trust whatever URL this software sent them to.

The tertiary impact is this means that an older CVE (CVE-2019-13640 https://www.cvedetails.com/cve/CVE-2019-13640/) which allowed remote command execution via shell metacharacters could have been exploited by (government) attackers conducting either MITM or DNS spoofing attacks at the time, instead of only by the author of the feed.

Full write up is here: https://sharpsec.run/rce-vulnerability-in-qbittorrent/