T.38 | Aizhi

T.38 is an ITU recommendation for allowing transmission of fax over IP networks (FoIP) in real time. == History == The T.38 fax relay standard was devised in 1998 as a way to transport faxes across IP networks between existing Group 3 (G3) fax terminals. T.4 and related fax standards were published by the ITU in 1980, before the rise of the Internet. In the late 1990s, VoIP, or voice over IP, began to gain ground as an alternative to the conventional public switched telephone network (PSTN). However, because most VoIP systems are optimized (through their use of aggressive lossy bandwidth-saving compression) for voice rather than data calls, conventional fax machines worked poorly or not at all on them due to the network impairments such as delay, jitter, packet loss, and so on. Thus, some way of transmitting fax over IP was needed. == Overview == In practical scenarios, a T.38 fax call has at least part of the call being carried over PSTN, although this is not required by the T.38 definition, and two T.38 devices can send faxes to each other. This particular type of device is called Internet-Aware Fax device, or IAF, and it is capable of initiating or completing a fax call towards the IP network. The typical scenario where T.38 is used is – T.38 fax relay – where a T.30 fax device sends a fax over PSTN to a T.38 fax gateway which converts or encapsulates the T.30 protocol into a T.38 data stream. This is then sent either to a T.38-enabled end point such as fax machine or fax server or another T.38 gateway that converts it back to a PSTN PCM or analog signal and terminates the fax on a T.30 device. The T.38 recommendation defines the use of both TCP and UDP to transport T.38 packets. Implementations tend to use UDP, due to TCP's requirement for acknowledgement packets and resulting retransmission during packet loss, which introduces delays. When using UDP, T.38 copes with packet loss by using redundant data packets. T.38 is not a call setup protocol, thus the T.38 devices need to use standard call setup protocols to negotiate the T.38 call, e.g. H.323, SIP & MGCP. == Operation == There are two primary ways that fax transactions are conveyed across packet networks. The T.37 standard specifies how a fax image is encapsulated in e-mail and transported, ultimately, to the recipient using a store-and-forward process through intermediary entities. T.38, however, defines a protocol that supports the use of the T.30 protocol in both the sender and recipient terminals. (See diagram above.) T.38 lets one transmit a fax across an IP network in real time, just as the original G3 fax standards did for the traditional (time-division multiplexed (TDM)) network, also called the public switched telephone network or PSTN. A special protocol is needed for real-time fax over IP (Internet Protocol) since existing fax terminals only supported PSTN connections, where the information flow was generally smooth and uninterrupted, as opposed to the jittery arrival of IP packets. The trick was to come up with a protocol that makes the IP network “invisible” to the endpoint fax terminals, which would mean the user of a legacy fax terminal need not know that the fax call was traversing an IP network. The network interconnections supported by T.38 are shown above. The two fax terminals on either side of the figure communicate using the T.30 fax protocol published by the ITU in 1980. Interconnection of the PSTN with the IP packet network requires a “gateway” between the PSTN and IP networks. PSTN-IP Gateways support TDM voice on the PSTN side and VoIP and FoIP on the packet side. For voice sessions, the gateway will take in voice packets on the IP side, accumulate a few packets to ensure a smooth flow of TDM data upon their release, and then meter them out over TDM where they eventually are heard by a human or stored on a computer for later playback. The gateway employs packet-management techniques to enhance the quality of the speech in the presence of network errors by taking advantage of the natural ability of a listener to not really hear the occasional missing or repeated packet. But facsimile data are transmitted by modems, which aren't as forgiving as the human ear is for speech. Missing packets will often cause a fax session to fail at worst or create one or more image lines in error at best. So the job of T.38 is to “fool” the terminal into “thinking” that it's communicating directly with another T.30 terminal. It will also correct for network delays with so-called spoofing techniques, and missing or delayed packets with fax-aware buffer-management techniques. Spoofing refers to the logic implemented in the protocol engine of a T.38 relay that modifies the protocol commands and responses on the TDM side to keep network delays on the IP side from causing the transaction to fail. This is done, for example, by padding image lines or deliberately causing a message to be re-transmitted to render network delays transparent to the sending/receiving fax terminals. Networks that do not have packet loss or excessive delay can exhibit acceptable fax performance without T.38, provided the PCM clocks in all gateways are of very high accuracy (explained below). T.38 not only removes the effect of PCM clocks not being synchronized, but also reduces the required network bandwidth by a factor of 10, while it corrects for packet loss and delay. === Bandwidth reduction === As shown in the diagram below, a T.38 gateway is composed of two primary elements: the fax modems and the T.38 subsystem. The fax modems modulate and demodulate the PCM samples of the analog data, turning the sampled-data representation of the fax terminal's analog signal to its binary translation, and vice versa. The PSTN network samples the analog signal of a voice or modem signal (it doesn't know the difference) 8,000 times per second (SPS), and encodes them as 8-bit data bytes. This means 8000 samples-per-second times 8-bits per sample, or 64,000 bits per second (bit/s) to represent the modem (or voice) data in one direction. For both directions the modem transaction consumes 128,000 bits of network bandwidth. However, the typical modem in a fax terminal transmits the image data at 33,600 bit/s, so if the analog data are first converted to the digital content they represent, only 33,600 bits (plus network overhead of a few bytes) are needed. And since T.30 fax is a half-duplex protocol, the network is only needed for one direction at a time. Refer to RFC 3261 === PCM clock synchronization === In the diagram above, there is a sample-rate clock in the fax terminal and one in the gateway's modems that is used to trigger the sampling of the analog line 8,000 times per second. These clocks are usually quite accurate, but in some low-cost terminal adapters (a one or two-line gateway) the PCM clock can be surprisingly inaccurate. If the terminal is sending data to the gateway, and the gateway's clock is too slow, the buffers (jitter buffers) in the gateway will eventually overflow, causing the transaction to fail. Since the difference is often quite small, this problem occurs on long, detailed fax images giving the clocks more time to cause the jitter buffer in gateway to either underflow or overflow, which is just the same as missing or duplicated packets. === Packet loss === T.38 provides facilities to eliminate the effects of packet loss through data redundancy. When a packet is sent, either zero, one, two, three, or even more of the previously sent packets are repeated. (The specification does not impose a limit.) This increases the network bandwidth required (it's still much less than not using T.38) but it allows the receiving gateway to reconstruct the complete packet sequence, even with a fairly high level of packet loss. == Related standards == T.4 is the umbrella specification for fax. It specifies the standard image sizes, two forms of image-data compression (encoding), the image-data format, and references, T.30 and the various modem standards. T.6 specifies a compression scheme that reduces the time required to transmit an image by roughly 50-percent. T.30 specifies the procedures that a sending and receiving terminal use to set up a fax call, determine the image size, encoding, and transfer speed, the demarcation between pages, and the termination of the call. T.30 also references the various modem standards. V.21, V.27ter, V.29, V.17, V.34: ITU modem standards used in facsimile. The first three were ratified prior to 1980, and were specified in the original T.4 and T.30 standards. V.34 was published for fax in 1994. T.37 The ITU standard for sending a fax-image file via e-mail to the intended recipient of a fax. G.711 pass through - this is where the T.30 fax call is carried in a VoIP call encoded as audio. This is sensitive to network packet loss, jitter and clock synchronization. When using voice high-compression encoding techniques such as, but not limited to, G.729, some fax tonal signa

Color management

Color management is the process of ensuring consistent and accurate colors across various devices, such as monitors, printers, and cameras. It involves the use of color profiles, which are standardized descriptions of how colors should be displayed or reproduced. Color management is necessary because different devices have different color capabilities and characteristics. For example, a monitor may display colors differently than a printer can reproduce them. Without color management, the same image may appear differently on different devices, leading to inconsistencies and inaccuracies. To achieve color management, a color profile is created for each device involved in the color workflow. This profile describes the device's color capabilities and characteristics, such as its color gamut (range of colors it can display or reproduce) and color temperature. These profiles are then used to translate colors between devices, ensuring consistent and accurate color reproduction. Color management is particularly important in industries such as graphic design, photography, and printing, where accurate color representation is crucial. It helps to maintain color consistency throughout the entire workflow, from capturing an image to displaying or printing it. Parts of color management are implemented in the operating system (OS), helper libraries, the application, and devices. The type of color profile that is typically used is called an ICC profile. A cross-platform view of color management is the use of an ICC-compatible color management system. The International Color Consortium (ICC) is an industry consortium that has defined: an open standard for a Color Matching Module (CMM) at the OS level color profiles for: devices, including DeviceLink profiles that transform one device profile (color space) to another device profile without passing through an intermediate color space, such as LAB, more accurately preserving color working spaces, the color spaces in which color data is meant to be manipulated There are other approaches to color management besides using ICC profiles. This is partly due to history and partly because of other needs than the ICC standard covers. The film and broadcasting industries make use of some of the same concepts, but they frequently rely on more limited boutique solutions. The film industry, for instance, often uses 3D LUTs (lookup table) to represent a complete color transformation for a specific RGB encoding. At the consumer level, system wide color management is available in most of Apple's products (macOS, iOS, iPadOS, watchOS). Microsoft Windows lacks system wide color management and virtually all applications do not employ color management. Windows' media player API is not color space aware, and if applications want to color manage videos manually, they have to incur significant performance and power consumption penalties. Android supports system wide color management, but most devices ship with color management disabled. == Overview == Characterize. Every color-managed device requires a personalized table, or "color profile," which characterizes the color response of that particular device. Standardize. Each color profile describes these colors relative to a standardized set of reference colors (the "Profile Connection Space"). Translate. Color-managed software then uses these standardized profiles to translate color from one device to another. This is usually performed by a color management module (CMM). == Hardware == === Characterization === To describe the behavior of various output devices, they must be compared (measured) in relation to a standard color space. Often a step called linearization is performed first, to undo the effect of gamma correction that was done to get the most out of limited 8-bit color paths. Instruments used for measuring device colors include colorimeters and spectrophotometers. As an intermediate result, the device gamut is described in the form of scattered measurement data. The transformation of the scattered measurement data into a more regular form, usable by the application, is called profiling. Profiling is a complex process involving mathematics, intense computation, judgment, testing, and iteration. After the profiling is finished, an idealized color description of the device is created. This description is called a profile. === Calibration === Calibration is like characterization, except that it can include the adjustment of the device, as opposed to just the measurement of the device. Color management is sometimes sidestepped by calibrating devices to a common standard color space such as sRGB; when such calibration is done well enough, no color translations are needed to get all devices to handle colors consistently. This avoidance of the complexity of color management was one of the goals in the development of sRGB. == Color profiles == === Embedding === Image formats themselves (such as TIFF, JPEG, PNG, EPS, PDF, and SVG) may contain embedded color profiles but are not required to do so by the image format. The International Color Consortium standard was created to bring various developers and manufacturers together. The ICC standard permits the exchange of output device characteristics and color spaces in the form of metadata. This allows the embedding of color profiles into images as well as storing them in a database or a profile directory. === Working spaces === Working spaces, such as sRGB, Adobe RGB or ProPhoto are color spaces that facilitate good results while editing. For instance, pixels with equal values of R,G,B should appear neutral. Using a large (gamut) working space will lead to posterization, while using a small working space will lead to clipping. This trade-off is a consideration for the critical image editor. == Color transformation == Color transformation, or color space conversion, is the transformation of the representation of a color from one color space to another. This calculation is required whenever data is exchanged inside a color-managed chain and carried out by a Color Matching Module. Transforming profiled color information to different output devices is achieved by referencing the profile data into a standard color space. It makes it easier to convert colors from one device to a selected standard color space and from that to the colors of another device. By ensuring that the reference color space covers the many possible colors that humans can see, this concept allows one to exchange colors between many different color output devices. Color transformations can be represented by two profiles (source profile and target profile) or by a devicelink profile. In this process there are approximations involved which make sure that the image keeps its important color qualities and also gives an opportunity to control on how the colors are being changed. === Profile connection space === In the terminology of the International Color Consortium, a translation between two color spaces can go through a profile connection space (PCS): Color Space 1 → PCS (CIELAB or CIEXYZ) → Color space 2; conversions into and out of the PCS are each specified by a profile. === Gamut mapping === In nearly every translation process, we have to deal with the fact that the color gamut of different devices vary in range which makes an accurate reproduction impossible. They therefore need some rearrangement near the borders of the gamut. Some colors must be shifted to the inside of the gamut, as they otherwise cannot be represented on the output device and would simply be clipped. This so-called gamut mismatch occurs for example, when we translate from the RGB color space with a wider gamut into the CMYK color space with a narrower gamut range. In this example, the dark highly saturated purplish-blue color of a typical computer monitor's "blue" primary is impossible to print on paper with a typical CMYK printer. The nearest approximation within the printer's gamut will be much less saturated. Conversely, an inkjet printer's "cyan" primary, a saturated mid-brightness blue, is outside the gamut of a typical computer monitor. The color management system can utilize various methods to achieve desired results and give experienced users control of the gamut mapping behavior. ==== Rendering intent ==== When the gamut of source color space exceeds that of the destination, saturated colors are liable to become clipped (inaccurately represented), or more formally burned. The color management module can deal with this problem in several ways. The ICC specification includes four different rendering intents, listed below. Before the actual rendering intent is carried out, one can temporarily simulate the rendering by soft proofing. It is a useful tool as it predicts the outcome of the colors and is available as an application in many color management systems: Absolute colorimetric Absolute colorimetry and relative colorimetry actually use the same table but differ in the adjust

Defeasible logic

Defeasible logic is a non-monotonic logic proposed by Donald Nute to formalize defeasible reasoning. In defeasible logic, there are three different types of propositions: strict rules specify that a fact is always a consequence of another; defeasible rules specify that a fact is typically a consequence of another; undercutting defeaters specify exceptions to defeasible rules. A priority ordering over the defeasible rules and the defeaters can be given. During the process of deduction, the strict rules are always applied, while a defeasible rule can be applied only if no defeater of a higher priority specifies that it should not.

Writesonic

Writesonic is an AI visibility and generative engine optimization (GEO) platform used by enterprises, digital agencies, direct-to-consumer (D2C) companies, and fast-growing brands to understand and improve how they are represented in AI-generated search and answer systems. The platform analyzes how brands appear in AI answers, compares their visibility and citations against competitors, and provides tools to create and optimize on-site content and secure mentions across third-party sources, discussion forums, and user-generated platforms that influence AI outputs. == History == Writesonic was founded by Samanyou Garg in October 2020 in San Francisco, California. The company initially operated as Magicflow before adopting its current name. In its seed round, the company raised $2.5 million from investors including Y-Combinator, HOF Capital, and Soma Capital. The company began with AI-powered content generation tools. In 2023, it expanded into AI-enhanced search engine optimization. In 2024, the company launched an AI agent specifically designed for SEO tasks, with integrations to platforms including Ahrefs, Google Keyword Planner, Keywords Everywhere, and Google Search Console. This was among the first specialized AI agents developed for SEO automation. Around the same time, Writesonic expanded its product line into Generative engine optimization (GEO), developing tools to analyze and improve how brands are represented in AI-generated search and answer environments. However, it is currently being challenged in the market with competitors such as Profound (known for their dashboards) and Meridian (known for their execution). == Technology and features == In 2024, the company introduced an artificial intelligence agent designed to automate search engine optimization (SEO) tasks. The agent integrates with platforms such as Ahrefs, Google Keyword Planner, Keywords Everywhere, and Google Search Console to conduct technical audits, perform keyword research, carry out competitive analysis, and assist in strategy development. It is capable of identifying content gaps, suggesting optimization measures, and generating SEO strategies using real-time data from the integrated platforms. The platform also includes features for content strategy, optimization, and management. It makes use of large language models such as GPT-5, Claude Opus 4.1, and Claude Sonnet 4.5, in combination with proprietary workflows for fact-checking, internal linking, and content structure optimization.

Artificial intelligence in Wikimedia projects

Some editors of Wikimedia projects use artificial intelligence (AI) and machine learning programs to edit existing articles or create new ones. Some applications of artificial intelligence, like using large language models (LLMs) to create new articles from scratch, have been more controversial than others for the Wikipedia community. In August 2025, English Wikipedia adopted a policy that allowed editors to nominate suspected LLM-generated articles for speedy deletion. This was followed by a March 2026 decision to prohibit the use of LLMs to generate or rewrite article content, with exceptions for copyediting one's own writing and machine translation from another language's Wikipedia. Wikipedia has also been a significant source of training data for some of the earliest artificial intelligence projects. This has received mixed reactions including concern about companies not citing Wikipedia when relying on it to answer a question as well as Wikipedia's increased costs from data scraping. == AI usage == === Earliest use of automated tools, machine learning and AI === Since 2002, bots have been allowed to run on Wikipedia but must be approved and supervised by a human. A bot created in 2002, rambot, transformed census data into short new articles about towns in the United States; the vast majority of town, city, and county articles were started by it. Fighting vandalism has been a major focus of machine learning and AI bots and tools. The 2007 ClueBot relied on simple heuristics to identify likely vandalism, while its 2010 successor, ClueBot NG, uses machine learning through an artificial neural network. Machine translation software has also been used by Wikimedia contributors for a number of years. Aaron Halfaker's Objective Revision Evaluation Service (ORES) project was launched in late 2015 as an artificial intelligence service for grading the quality of Wikipedia edits. === Generative AI and LLMs === In 2022, the public release of ChatGPT inspired more experimentation with AI and writing Wikipedia articles. A debate was sparked about whether and to what extent such large language models are suitable for such purposes in light of their tendency to generate plausible-sounding misinformation, including fake references; to generate prose that is not encyclopedic in tone; and to reproduce biases. An early experiment on December 6, 2022 by a Wikipedia contributor named Pharos occurred when he created the article "Artwork title" using ChatGPT for the initial draft. Another editor who experimented with this early version of ChatGPT said that ChatGPT's overview of "Weaponized incompetence" was decent, but that the citations were fabricated. Since 2023, work has been done to draft an English Wikipedia policy regarding ChatGPT and similar LLMs, at times recommending that users who are unfamiliar with LLMs should avoid using them due to the aforementioned risks, as well as noting the potential for libel or copyright infringement. In early 2023, the Wiki Education Foundation reported that some experienced editors found AI to be useful in starting drafts or creating new articles. It said that ChatGPT "knows" what Wikipedia articles look like and can easily generate one that is written in the style of Wikipedia, but warned that ChatGPT had a tendency to use promotional language, among other issues. In 2023, a ban on AI was deemed "too harsh" by the community given the productivity benefits it offered editors. In 2023, members of the English Wikipedia community created a WikiProject named AI Cleanup to assist in the removal of poor quality AI content from Wikipedia. Miguel García, a former Wikimedia member from Spain, said in 2024 that when ChatGPT was originally launched, the number of AI-generated articles on the site peaked. He added that the rate of AI articles has now stabilized due to the community's efforts to combat it. He said that majority of the articles that have no sources are deleted instantly or are nominated for deletion. In October 2024, a study by Princeton University found that about 5% of 3,000 newly created articles (created in August 2024) on English Wikipedia were created using AI. The study said that some of the AI articles were on innocuous topics and that AI had likely only been used to assist in writing. For some other articles, AI had been used to promote businesses or political interests. In October 2024, Ilyas Lebleu, founder of WikiProject AI Cleanup, said that they and their fellow editors noticed a pattern of unnatural writing that could be connected to ChatGPT. They added that AI is able to mass-produce content that sounds real while being completely fake, leading to the creation of hoax articles on Wikipedia that they were tasked to delete. In June 2025, the Wikimedia Foundation started testing a "Simple Article Summaries" feature which would provide AI-generated summaries of Wikipedia articles, similar to Google Search's AI Overviews. The decision was met with immediate and harsh criticism from some Wikipedia editors, who called the feature a "ghastly idea" and a "PR hype stunt." They criticized a perceived loss of trust in the site due to AI's tendency to hallucinate and questioned the necessity of the feature. The criticism led the Wikimedia Foundation to halt the rollout of Simple Article Summaries that same month while still expressing interest in integrating generative AI more into Wikipedia. The project hints at tensions within the community and with the Foundation over when to use AI.In August 2025, the English Wikipedia community created a policy that allowed users to nominate suspected AI-generated articles for speedy deletion. Editors might recognize AI-generated articles because they use citations that are not related to the subject of the article or fabricated citations or the wording has particular quirks. If an article uses language that reads like an LLM response to a user, such as "Here is your Wikipedia article on" or "Up to my last training update", the article is typically tagged for speedy deletion. Other signs of AI use include excessive use of em dashes, overuse of the word "moreover", promotional material in articles that describes something as "breathtaking" and formatting issues like using curly quotation marks instead of straight versions. During the discussion on implementing the speedy deletion policy, one user, who is an article reviewer, said that he is "flooded non-stop with horrendous drafts" created using AI. Other users said that AI articles have a large amount of "lies and fake references" and that it takes a significant amount of time to fix the issues. English Wikipedia created a guide on how to spot signs of AI-generated writing in August 2025, titled "Signs of AI writing". In January 2026, the Wiki Education Foundation continued to caution against copying and pasting outputs from generative AI into Wikipedia and to avoid it for creating new articles explaining that the text often failed verification with the sources provided. The foundation created a training module that encourages editors to use AI for identifying gaps in articles, finding access to sources and finding relevant sources. In March 2026, the English Wikipedia community prohibited the use of AI to add content to articles, with exceptions for copy editing and machine translation from another language's Wikipedia. The English Wikipedia community holds the position that LLMs often violate core content policies. == Using Wikipedia for artificial intelligence == A 2017 paper described Wikipedia as the mother lode for human-generated text available for machine learning. In the development of the Google's Perspective API that identifies toxic comments in online forums, a dataset containing hundreds of thousands of Wikipedia talk page comments with human-labelled toxicity levels was used. As of 2023, subsets of the Wikipedia corpus were considered one of the largest well-curated data sets available for AI training, used to train every LLM to-date according to Stephen Harrison. This use of Wikipedia was divisive as of 2023. The Wikimedia Foundation and many of its projects supporters worry that attribution to Wikipedia articles is missing in many large-language models like ChatGPT (as well as AI like Siri and Alexa). While Wikipedia's licensing policy lets anyone use its texts, including in modified forms, it does have the condition that credit is given, implying that using its contents in answers by AI models without clarifying the sourcing may violate its terms of use. The Foundation expressed concern that without attribution, people will not visit the site as much or be as motivated to donate to support the project if they do not know when they are benefiting from it. They also noticed an 8% decrease in visitors to Wikipedia in 2025 which they attributed both to the increased popularity of generative AI and social media. In 2025, the Wikimedia Foundation has cited absorbing increased costs associated with scra

Microsoft Support Diagnostic Tool

The Microsoft Support Diagnostic Tool (MSDT) is a legacy service in Microsoft Windows that allows Microsoft technical support agents to analyze diagnostic data remotely for troubleshooting purposes. In April 2022 it was observed to have a security vulnerability that allowed remote code execution which was being exploited to attack computers in Russia and Belarus, and later against the Tibetan government in exile. Microsoft advised a temporary workaround of disabling the MSDT by editing the Windows registry. == Use == When contacting support the user is told to run MSDT and given a unique "passkey" which they enter. They are also given an "incident number" to uniquely identify their case. The MSDT can also be run offline which will generate a .CAB file which can be uploaded from a computer with an internet connection. == Security vulnerabilities == === Follina === Follina is the name given to a remote code execution (RCE) vulnerability, a type of arbitrary code execution (ACE) exploit, in the Microsoft Support Diagnostic Tool (MSDT) which was first widely publicized on May 27, 2022, by a security research group called Nao Sec. This exploit allows a remote attacker to use a Microsoft Office document template to execute code via MSDT. This works by exploiting the ability of Microsoft Office document templates to download additional content from a remote server. If the size of the downloaded content is large enough it causes a buffer overflow allowing a payload of Powershell code to be executed without explicit notification to the user. On May 30 Microsoft issued CVE-2022-30190 with guidance that users should disable MSDT. Malicious actors have been observed exploiting the bug to attack computers in Russia and Belarus since April, and it is believed Chinese state actors had been exploiting it to attack the Tibetan government in exile based in India. Microsoft patched this vulnerability in its June 2022 patches. === DogWalk === The DogWalk vulnerability is a remote code execution (RCE) vulnerability in the Microsoft Support Diagnostic Tool (MSDT). It was first reported in January 2020, but Microsoft initially did not consider it to be a security issue. However, the vulnerability was later exploited in the wild, and Microsoft released a patch for it in August 2022. The vulnerability is caused by a path traversal vulnerability in the sdiageng.dll library. This vulnerability allows an attacker to trick a victim into opening a malicious diagcab file, which is a type of Windows cabinet file that is used to store support files. When the diagcab file is opened, it triggers the MSDT tool, which then executes the malicious code. Originally discovered by Mitja Kolsek, the DogWalk vulnerability is caused by a path traversal vulnerability in the sdiageng.dll library. This vulnerability allows an attacker to trick a victim into opening a malicious diagcab file, which is a type of Windows cabinet file that is used to store support files. When the diagcab file is opened, it triggers the MSDT tool, which then executes the malicious code. The vulnerability is exploited by creating a malicious diagcab file that contains a specially crafted path. This path contains a sequence of characters that is designed to exploit the path traversal vulnerability in the sdiageng.dll library. When the diagcab file is opened, the MSDT tool will attempt to follow the path. However, the path will contain characters that are not valid for a Windows path. This will cause the MSDT tool to crash. When the MSDT tool crashes, it will generate a memory dump. This memory dump will contain the malicious code that was executed by the MSDT tool. The attacker can then use this memory dump to extract the malicious code and execute it on their own computer. == Retirement == Microsoft will no longer be supporting the Windows legacy inbox Troubleshooters. In 2025, Microsoft will remove the MSDT platform entirely. Get Help is the replacement tool. == Windows versions == Windows 7 Windows 8.1 Windows 10 Windows 11 (up to 22H2) Future versions and feature upgrades will deprecate the MSDT after May 23, 2023.

Framework Convention on Artificial Intelligence

The Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law (also called Framework Convention on Artificial Intelligence or AI convention) is an international treaty on artificial intelligence. It was adopted under the auspices of the Council of Europe (CoE) and signed on 5 September 2024. The treaty aims to ensure that the development and use of AI technologies align with fundamental human rights, democratic values, and the rule of law, addressing risks such as misinformation, algorithmic discrimination, and threats to public institutions. More than 50 countries, including the EU member states, have endorsed the Framework Convention on Artificial Intelligence. == Background == The development of the Framework Convention on AI emerged in response to growing concerns over the ethical, legal, and societal impacts of artificial intelligence. The Council of Europe, which has historically played a key role in setting human rights standards across Europe, initiated discussions on AI governance in 2020, leading to the drafting of a binding legal framework. The process of creating the Framework Convention began in 2019 with the ad hoc Committee on Artificial Intelligence (CAHAI) assessing the feasibility of the instrument. In 2022, the Committee on Artificial Intelligence (CAI) took over the process, drafting and negotiating the text of the Convention. The treaty is designed to complement existing international human rights instruments, including the European Convention on Human Rights and the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. == Structure and content == The Convention establishes fundamental principles for AI governance, including transparency, accountability, non-discrimination, and human rights protection through eight chapters and 26 articles. Adopted in 2024, this landmark treaty addresses AI governance through seven core principles and detailed implementation mechanisms. It mandates risk and impact assessments to mitigate potential harms and provides safeguards such as the right to challenge AI-driven decisions. It applies to public authorities and private entities acting on their behalf but excludes national security and defense activities. Implementation is overseen by a Conference of the Parties, ensuring compliance and international cooperation. Activities within the AI system lifecycle must adhere to seven fundamental principles, ensuring compliance with human rights, democracy, and the rule of law. The treaty also establishes remedies, procedural rights and safeguards, and risk and impact management requirements to promote accountability, transparency, and responsible AI development. The treaty consists of five chapters. Chapter I contains general provisions. Chapter II states the general obligation to protect human rights and the integrity of democratic processes and respect of the rule of law. The main principles and rights are contained in Chapter III, which consists of Articles 6 to 13. Chapter IV (Articles 14 to 15) sets up the legal remedies. Chapter V states the risk and impact management framework. Chapter VI facilitates the implementation criteria of the treaty. Chapter VII sets the co-operation and oversight mechanisms. Chapter VIII contains various concluding clauses. Article 1 declares the objectives of the treaty, to ensure that activities within the lifecycle of artificial intelligence systems are fully consistent with human rights, democracy and the rule of law. == Entry into force == The treaty will enter into force on the first day of the month following the expiration of a period of three months after the date on which five ratification made by five countries, including three member states of the Council of Europe. == Competing approaches == While the CoE's AI Convention represents a multilateral effort to regulate AI through a human rights-based approach, alternative frameworks have also been proposed. One notable example is the Munich Draft for a Convention on AI, Data and Human Rights, an initiative led by legal scholars and policymakers in Germany. The Munich Draft advocates for stronger safeguards against AI-related risks, emphasizing stricter data protection measures, accountability for AI developers, and explicit prohibitions on high-risk AI applications, such as mass surveillance and autonomous lethal weapons. Unlike the CoE convention, which focuses on balancing innovation with regulation, the Munich Draft takes a more precautionary stance, calling for tighter controls over AI deployment in sensitive domains. Other competing international efforts include the OECD’s AI Principles, the GPAI (Global Partnership on AI), and the European Union's AI Act, each of which offers different regulatory strategies to govern AI at regional and global levels. == Signatories == Signatories include Andorra, Canada, the European Union, Georgia, Iceland, Israel, Japan, Liechtenstein, the Republic of Moldova, Montenegro, Norway, San Marino, Switzerland, Ukraine, the United Kingdom, the United States, and Uruguay. == Endorsement == The treaty was widely endorsed by leading AI policy experts, including Stuart J. Russell, Virginia Dignum, Emma Ruttkamp-Bloem, Pascal Pichonnaz, Maria Helen Murphy, Angella Ndaka, Hannes Werthner, Katja Langenbucher, Gry Hasselbalch, Ricardo Baeza-Yates, Kutoma Wakunuma, Gianclaudio Malgieri, Oreste Pollicino, Nagla Rizk, Giovanni Sartor, Lee Tiedrich, Ingrid Schneider, Eduardo Bertoni, Garry Kasparov, Merve Hikcok, and Marc Rotenberg. The treaty was also endorsed by notable political leaders, including Theodoros Roussopoulos, President of the Parliamentart Assembly in the Council of Europe, and Christopher Holmes, Member of the House of Lords of the United Kingdom, and by the International Bar Association (IBA), and personally by Almudena Arpón de Mendívil, President of the IBA. The Center for AI and Digital Policy (CAIDP) has been carrying out a campaign to promote endorsement of the treaty by urging various countries to sign and ratify the treaty. The CAIDP further urged the countries to make a clear and firm commitment to ensure the full inclusion of the private sector under the treaty’s provisions.