40s Newsletter
- Google and IBM propose list of key open source projects
- Firefox can't access the Internet because the programmer made a wrong capitalization
- Unseen backdoor malware that kills Win, macOS, and Linux systems
- Postgraduate coded code to help rob HPV nine-valent vaccine, and was taken criminal coercive measures
- Bargaining is always a knife difference? Pinduoduo court reply: there are 6 decimal places
- The number of Linux malware increased by 35% last year
- Linux 5.17 uses new debugging features to make it easier for developers to build kernels
- Major changes to Microsoft's Edge browser based on the Chromium project
- SUSE releases new distribution for developers nostalgic for old CentOS - Liberty Linux
- Google releases beta version of Google Play Games app on Windows
- Opera releases dedicated Web3 Crypto browser
- Intel Media Driver 22 debuts with support for Alchemist/ATS-M, ADL-N
- MySQL 8.0.28 released
- "Rust For Linux" kernel patch improvements
Industry information
Google and IBM propose list of key open source projects
Due to the impact of a vulnerability incident in the open source project Log4j, the White House recently held a conference on open source security issues. Among them, Kent Walker, president of global affairs for Google and Alphabet, suggested at the meeting to establish a list of key open source projects to prioritize and allocate resources. Immediately, IBM also expressed support, hoping to urge technology organizations to join together to identify key open source projects. It is reported that the attendees also include officials from organizations such as Apache, Apple, Amazon, Microsoft, Meta, Linux and Oracle, as well as government agencies such as the Department of Defense and the Cybersecurity and Infrastructure Security Agency (CISA).
Firefox can't access the Internet because the programmer made a wrong capitalization
Recently, due to the upgrade of Firefox Firefox browser, the updated version cannot connect to the Internet. At first, many netizens blamed the Win system, and even found the reason from DNS and cloud service providers. After a series of investigations, it was found that the problem was related to Firefox's HTTP3, which can be accessed after disabling it. The root cause of the problem is that programmers make the case of their code wrong.
According to the official introduction, when parsing HTTP headers, Firefox ends with a function that usually only handles uppercase fields. Lowercase letters fail to calculate header length, causing FireForx code to get stuck in an infinite loop. Once the problem is found, the process of fixing the error is resolved. At the same time, this code will no longer be case-sensitive in the future.
Unseen backdoor malware that kills Win, macOS, and Linux systems
Researchers at security firm Intezer have discovered a never-before-seen backdoor malware written for systems running Windows, macOS or Linux that is undetectable by nearly all malware scanning engines. Software (SysJoker).
SysJoker was discovered by Intezer on a Linux-based web server at a "leading educational institution," and they estimate that SysJoker attacks will begin in the second half of 2021. The SysJoker attack, meanwhile, first masquerades as a system update, and then generates its C2 by decoding strings retrieved from text files hosted on Google Drive.
Currently, Intezer said that users can use memory scanning tools to detect SysJoker payloads in memory, or use detection content to search in EDR or SIEM; at the same time, if the system is infected, users can also kill SysJoker-related processes and delete related Registry keys and all files related to SysJoker.
Postgraduate coded code to help rob HPV nine-valent vaccine, and was taken criminal coercive measures
Recently, Nanchang, Jiangxi Province. After the graduate student Liu successfully helped his girlfriend to snatch the 9-valent vaccine on behalf of his girlfriend, he used a coding program to write code and released the information on the paid 9-valent vaccine. The hospital staff found that most of the successful appointments for the nine-valent vaccine in the hospital were registered through the scalper channel, and there were signs of damage and interference in the hospital system, so they reported the case. At present, Liu has been taken criminal compulsory measures for the crime of sabotaging the computer information system.
Bargaining is always a knife difference? Pinduoduo court reply: there are 6 decimal places
In March last year, Shanghai lawyer Liu Yuhang participated in Pinduoduo's "Hold for Free" event and received a "Super Free Single Card", but after inviting multiple people to bargain, the difference was always "0.9%". Liu Yuhang submitted indictment materials to the court on the grounds that Pinduoduo was suspected of violating the principle of good faith when providing online services, and that the use of false data concealment rules constituted fraud. During the trial of the case, in response to Liu Yuhang's prosecution and the resulting doubts, Pinduoduo said that because the page displayed a limited number of percentages, they omitted a percentage with at least 6 digits after the decimal point and displayed it as 0.9%. The 0.9% displayed on the price page is not 0.9%, but 0.9996427%.
After green screen, red and green screen, iPhone 13 pink screen has been complained by users again
The topic of iPhone13 pink screen has been on Weibo hot search, and the black cat complaint shows that after the green screen and red and green screen, a large number of netizens have complained about the iPhone pink screen problem. According to the black cat complaint, recently, some consumers complained about the pink screen of the iPhone on the black cat platform. According to the official customer service requirements, restoring the settings and upgrading the system could not solve the pink screen problem. In addition, there are also complaints from users that the iPhone has problems such as freezes, screen splashes, flashbacks, and automatic restarts.
The number of Linux malware increased by 35% last year
The number of malicious programs targeting Linux devices grew by 35% last year, and these malicious programs mainly launch DDoS attacks by infecting IoT devices and forming botnets. IoT devices running different versions of Linux have limited capabilities, but together they can launch DDoS attacks on a staggering scale. In addition to launching DDoS capabilities, Linux IoT devices can also be used to mine cryptocurrencies, send spam, and more. According to a report by security firm Crowdstrike, the number of malicious programs targeting Linux systems in 2021 will increase by 35% compared to 2020; among them, XorDDoS, Mirai and Mozi malware families account for 22%; among them, Mozi has the largest number, and the number of Mozi malware samples A 10x year-over-year increase, XorDDoS grew 123% year-over-year.
Linux 5.17 uses new debugging features to make it easier for developers to build kernels
Over the years, the Linux kernel has supported various features such as sanitizers, memory leak detectors, etc., which are mainly used to help diagnose and fix bugs in the kernel. However, all of these debug-optimized features are not centralized, making it difficult for system administrators and developers to discover these numerous features when manually configuring kernel builds. Now, with the introduction of Linux 5.17, that's changing.
What Linux 5.17 did was introduce debug.config as the default kernel build configuration, optimized for debugging. debug.config will enable various features by default, such as kernel address sanitizer, undefined behavior sanitizer, KMemLeak, and many other kernel features that have been added over time to help debug or track kernel issues. So, with just one command, you can get the officially recommended kernel configuration and enable many different debugging features.
Major changes to Microsoft's Edge browser based on the Chromium project
Recently, Microsoft announced that starting with version 96 of Edge, web applications will be able to use protocol handlers in the browser. The latest feature will allow installed web apps (or PWAs) to navigate preset or custom protocols. Installed web applications will also be able to register with the operating system as a protocol handler and start when a specific protocol is invoked. In other words, a user can set a web page as the default handler, for example if the user wants to create an email, the system will open a certain website in the browser by default.
Additionally, developers can generate Web application customizations by registering protocols prefixed with web+. Protocol handlers can be used for web application communication, where one application directly calls another application and passes data over a custom protocol link.
Latest technical developments
SUSE releases new distribution for developers nostalgic for old CentOS - Liberty Linux
Since 2020, when Red Hat announced the end of support for CentOS Linux and replaced it with CentOS Stream, alternatives to RHEL have emerged one after another. SUSE, a well-known Linux distribution vendor, has brought a brand new SUSE Liberty Linux product. According to the official introduction, with SUSE Liberty Linux, users can get trusted support with proven optional management tools optimized for mixed Linux environments, including Red Hat Enterprise Linux, CentOS, and users expect openSUSE and SUSE Linux Enterprise Server. To a certain extent, Liberty Linux is equivalent to the current Red Hat release, RHEL 8.5, and is compatible with packages from Red Hat's own EPEL repository.
Google releases beta version of Google Play Games app on Windows
Google revealed last month that it would bring Android games to all Windows platforms. Now it has officially released the beta version of the Google Play Games app, which is currently only open for testing in some regions. Google says the Google Play Games app allows users to browse, download and play select mobile games on a Windows desktop or laptop, supporting the use of a keyboard and mouse, seamless synchronization between devices, and integration with Google Play Points. The app does not currently support Macs. System requirements Windows 10 (v2004), 8GB RAM, solid state drive, 20 GB storage space, 8-core processor, gaming graphics card (supported by low-end graphics cards currently on the market), and hardware virtualization enabled.
Opera releases dedicated Web3 Crypto browser
Recently, Opera released a beta version of the Web3 Crypto browser with built-in cryptocurrency wallet, easier access to cryptocurrency/NFT exchanges, support for decentralized applications dApps, and more. Opera EVP Jorgen Arnensen said the new browser is designed to simplify the Web3 user experience. Web3 is a blockchain-based decentralized Internet, which is currently the most popular new thing for cryptocurrency proponents, but its use experience may confuse ordinary users. Opera's new browser aims to solve this problem, and its wallet supports blockchains including cryptocurrencies such as Ethereum, Bitcoin, Celo and Nervos. It even has a secure clipboard feature to ensure that users cannot access the data by other applications when copying and pasting wallet addresses.
Intel Media Driver 22 debuts with support for Alchemist/ATS-M, ADL-N
Intel Media Driver 22.1.1 is released, the first release of the 22.x series of open source GPU video encoding/decoding software.
Major updates
- Added support for DG2/Alchemist (also known as ATS-M);
- Added Alder Lake N (ADL-N) platform support;
- Improved robustness of AV1 video decoding;
- Added VA-API vaCopy cap report and various optimizations, etc.
MySQL 8.0.28 released
MySQL Server 8.0.28 and 5.7.37, new versions of the popular open source database management system, have been released with the 8.0.28 connector and component products. MySQL Cluster 8.0.28 (latest GA
) and 7.6.21, 7.5.25, 7.4.35 releases. MySQL Cluster is a distributed, shared-nothing variant of MySQL. It is officially recommended that production systems use the above versions.
"Rust For Linux" kernel patch improvements
Recently, Miguel Ojeda, one of the lead developers of the "Rust for Linux" project, released the third iteration of his patch, which implements the basic infrastructure to support the Rust programming language in the Linux kernel. The updated Rust for Linux kernel code is now moved to Rust 1.58 as the compiler version, which automatically detects if a suitable Rust toolchain is available. The Improvements section also includes other build system improvements, documentation improvements, and other general code cleanups and improvements.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。