2

40s Newsletter

  • Microsoft: Many attackers start exploiting Log4j flaws
  • SQLite 3.37.2 fixes a potential database corruption issue
  • The 2021 revenue rankings of global IT vendors are revealed: Microsoft takes the top spot
  • Google finally adds 'Fast Pair' to Android phones: automatic switching like Apple
  • iPhone SE to be released as soon as March: Apple wants to build its cheapest 5G phone
  • Linus is the person with the most commits in the source tree in 2021
  • FTC Warns of Legal Action Against Organizations That Fail to Patch Log4j Vulnerabilities
  • Apple is testing several foldable iPhone prototypes, but has concerns about market prospects, sources say
  • IntelliJ IDEA 2021.3.1 released, improving remote development
  • Rails 7.0.1 released with Ruby 3.1 support
  • Sentinel 1.8.3 released
  • NumPy 1.22.0 released
  • WebStorm 2021.3.1 is available, supports Tailwind CSS v3.0

Industry information

Microsoft: Many attackers start exploiting Log4j flaws

Recently, Microsoft said that attackers are still actively exploiting the Log4j vulnerability, and there are still many attempts to exploit them in the last few weeks of December. Microsoft mentioned that many existing attackers have added exploits of these vulnerabilities to their existing malware toolkits and tactics, expanding the potential to exploit the Log4j vulnerability. To this end, it has updated its guidelines for preventing, detecting, and resolving Log4j 2 vulnerabilities, providing solutions and prevention options to customers, including encouraging customers to use scripts and scanning tools to assess their risk and impact, advising customers to find vulnerable devices. The additional review, and Microsoft's statement, that because of the many software and services affected, and given the pace of updates, this is expected to be a lengthy remediation process that will require constant vigilance for the vulnerability for a period of time.

SQLite 3.37.2 fixes a potential database corruption issue

The SQLite team has issued a warning that there is a bug in SQLite 3.35.0 (2021-03-12) to 3.37.1 (2021-12-30) versions that may cause database corruption, and users are advised to upgrade to 3.37.2 (2022-01-06) ) or higher. When investigating the cause of the bug, the SQLite team responded that the repeated use of SAVEPOINT and ROLLBACK TO on the memory log in the database led to excessive memory usage, and then adopted "truncating" the log in memory after ROLLBACK TO to control the memory. increase. 10 months later, researchers at Tsinghua University's Wingtecher Lab first discovered the vulnerability and reported it to the SQLite team on the forum.

The 2021 revenue rankings of global IT vendors are revealed: Microsoft takes the top spot

In the latest ranking of the two indicators of global IT enterprise revenue and revenue growth in 2021, Microsoft and Amazon took the top spots respectively, but only Huawei's performance showed a downward trend, and the decline was huge. According to data released by market analysis company Synergy Research Group, Microsoft's sales to companies and service providers in 2021 will reach $120 billion, a year-on-year increase of 24%, but on the company's revenue growth list in 2021, another American company IT giant Amazon took the crown with a 36% increase. IBM, Fujitsu, and Ericsson "stand still", and the remaining 13 companies have achieved single-digit growth.

Google finally adds 'Fast Pair' to Android phones: automatic switching like Apple

Google has finally brought a feature that many users have been waiting for to Android, which is automatic switching to Apple headphones and similar tech audio features. Google plans to add "Fast Pair" Bluetooth technology to Android phones in the next few months, which can bring the experience that a pair of AirPods headphones can automatically switch between the fingertips of an iPhone, iPad or Mac with the same ID without pairing. . Google will also start supporting a concept like spatial audio on Android, which adjusts the sound based on the user's head movement. It already supports some music services now.

iPhone SE to be released as soon as March: Apple wants to build its cheapest 5G phone

According to the latest news from the upstream supply chain, Apple is already in the final stage of preparing the new iPhone SE, which is expected to be released as early as March this year, which may be its cheapest 5G phone. The news about the "iPhone SE 3" or the 5G version of the iPhone SE has been circulating for a long time. Its shape is still 4.7 inches + Touch ID fingerprint, the processor is upgraded to A15, with 3GB RAM, it has become a small steel gun again. Earlier, a market research agency pointed out that Apple's pricing of the iPhone SE3 was set at less than $400, a further reduction from the previous generation SE2, and the starting capacity was 64GB. Given that the second-generation iPhone SE is priced at 3,299 yuan, the price of the iPhone SE3 is expected to drop further to around 3,000 yuan.

Linus is the person with the most commits in the source tree in 2021

Recently, Phoronix, a Linux hardware review site, released a report on Git development statistics for 2021. According to the report, as of December 31, 2021, when GitStats was running on the Linux kernel source tree, the repository had 1,060,172 commits from around 243,000 different authors. The source tree currently consists of 32.2 million lines involving 74,300 files. The Linux kernel line count continues to grow at a fairly steady rate and into the mainline as new features continue to be developed and hardware support expands. In addition to this, the Linux kernel will add 3.2 million lines and remove 1.3 million lines in 2021, down from 4 million lines added and 1.5 million lines removed in 2020. Meanwhile, Linus Torvalds is statistically the most prolific committer in the source tree.

FTC Warns of Legal Action Against Organizations That Fail to Patch Log4j Vulnerabilities

The U.S. Federal Trade Commission (FTC) has warned that U.S. organizations that fail to protect customer data from a Log4Shell vulnerability could face legal consequences. Log4Shell is the widely used name for a zero-day vulnerability in the Log4j Java logging library. A critical vulnerability, first discovered in December, is being exploited by a growing number of attackers, posing a "serious risk" to millions of consumer products, the FTC warned. The open letter urges organizations to address the loophole to reduce the potential for harm to consumers and avoid the risk of legal action. "When discovered and exploited, these vulnerabilities can result in the loss or disclosure of personal information, financial loss and other irreversible harm," the agency said. "Including the Federal Trade Commission Act and Financial Services Modernization Laws, including the Act, require reasonable steps to address known software vulnerabilities. Companies that rely on Log4j and their suppliers must act now to reduce the potential for harm to consumers and avoid legal action by the FTC. One point is crucial."

Apple is testing several foldable iPhone prototypes, but has concerns about market prospects, sources say

According to reports, the source revealed that Apple is indeed developing a foldable iPhone, and there are more than one prototypes being tested, but Apple still has concerns about the foldable iPhone and will not launch it in the short term. The source said that due to market concerns and technical deficiencies, Apple is currently improving the shortcomings of competitors' products, and is also paying attention to the state of the market. Apple's goal is to make sure the foldable iPhone isn't a step backwards from current iPhones.

Latest technical developments

IntelliJ IDEA 2021.3.1 released, improving remote development

IntelliJ IDEA has released version 2021.3.1. In order to mitigate and reduce the risks associated with opening projects from unknown untrusted sources, the concept of trusted projects is introduced in IntelliJ IDEA 2020.3.3.

In the latest v2021.3.1, the behavior and implementation of the Trusted Project dialog have been officially changed. This release brings some important fixes, such as a fix for dialogs in macOS Big Sur buggy windows.

Rails 7.0.1 released with Ruby 3.1 support

Rails 7.0.1 has been officially released, and it is worth noting that this version supports Ruby 3.1, which was released during last Christmas (December 25, 2021).

Main update content

  • Fixed Class#descendants and DescendantsTracker#descendants
  • allow named expression indexes to be reversible;
  • Change QueryMethods#in\_order\_of to delete records not listed in value

Sentinel 1.8.3 released

Sentinel 1.8.3 is officially released with several features and improvements.

Main update content

  • Cluster flow control token server supports Envoy RLS v3 API to support the newer version of Envoy (#2336), new JMX metric exporter module (#2275), Consul dynamic data source supports ACL token (#2307), improves system rules inbound QPS conditions for policy judgment;
  • Use pass QPS instead of complete QPS (#2455) etc.

NumPy 1.22.0 released

NumPy 1.22.0 is a large release with the work of 153 contributors spread over 609 pull requests.

Major update content

  • Annotations for the main namespace are basically complete, upstream is a moving target, so there may be further improvements, but the main work is done;
  • Provided a preliminary version of the proposed Array-API, NumPy now has a DLPack backend;
  • The version of Python is 3.8-3.10, Python 3.7 has been removed

WebStorm 2021.3.1 is available, supports Tailwind CSS v3.0

WebStorm 2021.3.1 is now available.

main update content

  • Support for Tailwind CSS v3.0;
  • Improvements to the component and different colored label setting functions;
  • Can see icons for live templates, tags and words in HTML;
  • Stylelint improvements and more

snakesss
1.1k 声望244 粉丝

SegmentFault 思否编辑,欢迎投稿优质技术资讯!