Apple data cable is priced at 949 yuan; China strives to open WiFi on the moon; React 18's first RC version is released | Sifu Weekly

40s Newsletter

• New U.S. law intends to let mobile phone users sideload apps, Apple hurriedly wrote a letter saying it was "too dangerous"
• Google intends to buy cybersecurity firm Mandiant to fight Microsoft Azure
• Chief designer of the lunar exploration project: China strives to open WiFi on the moon
• Apple's 1.8-meter cable sells for 949 yuan
• WeChat internal test half-screen applet
• After Nvidia, Samsung was also hacked to steal data
• TikTok may reach a data storage agreement with Oracle
• iPhone 13 Pro Cangling Green Appears in Friends of Samsung
• Android new features are online: 60% storage space can be released
• Firefox 98 released
• Easy-to-exploit dirty pipe vulnerability found in Linux kernel
• Google Chrome 100 Beta Released
• Visual Studio 2022 v17.1.1 Released, Fixing Multiple Vulnerabilities
• The first RC version of React 18 is released

Industry information

New U.S. law intends to let mobile phone users sideload apps, Apple hurriedly wrote a letter saying it was "too dangerous"

According to reports, Apple has always believed that the software sideloading behavior of iPhone users poses a security risk, but some members of the US Congress believe that Apple has exaggerated this security concern. Apple recently sent a letter to members of Congress explaining and appealing.

The so-called "software sideloading" refers to users bypassing the official software store and installing application software developed by third-party organizations in the mobile phone system by themselves.

The US Congress is preparing legislation to reform the mobile software market and open up a larger market to third-party developers. Once the legislation is successful, the two major software stores, Apple and Google, will be curbed in the future.

Google intends to buy cybersecurity firm Mandiant to fight Microsoft Azure

Shares of cybersecurity firm Mandiant closed up 16 percent on Monday after reports that Google was interested in acquiring the company. Mandiant, with a market value of about $5.25 billion, was previously part of FireEye before being sold. FireEye helped Microsoft uncover the SolarWinds hacker that attacked government systems last year.

Chief designer of the lunar exploration project: China strives to open WiFi on the moon

The fourth phase of China's lunar exploration project has begun. The main goal is to build a basic type of lunar scientific research station at the lunar south pole. Wu Weiren, member of the Standing Committee of the National Committee of the Chinese People's Political Consultative Conference and chief designer of China's lunar exploration project, said that there may be WiFi on the lunar scientific research station in the future, and the future international lunar scientific research station may serve as a transit station for deep space exploration.

Apple's 1.8-meter cable sells for 949 yuan

In the early morning of March 9th, Apple's spring conference launched a new external display Studio Display, which comes with a 1-meter Thunderbolt 4 Pro cable. According to Apple's official website, the new 1.8-meter-long Thunderbolt 4 Pro cable is priced at 949 yuan. In addition, a 3-meter-long one will be launched soon, priced at 1169 yuan.

WeChat internal test half-screen applet

The official development document of WeChat applet has recently launched a new function. Starting from the basic library 2.20.1, it will support "half-screen applet": when the applet needs to open another applet for the user to perform shortcut operations, the The applet is quickly pulled up in the form of a half screen.

At present, this function is in the internal testing stage. According to the calling process, the developer needs to declare the applet that needs to be opened in the half-screen form in the embeddedAppIdList field of the global configuration app.json. If it is not configured, it will be downgraded to Ordinary applet jumps to applet. No configuration is required from version 2.23.1 and above.

After Nvidia, Samsung was also hacked to steal data

Following the recent intrusion of Nvidia’s intranet by the hacker group Lapsus$, which resulted in the leakage of about 1TB of related data, this week, South Korean technology giant Samsung Electronics was also targeted by the hacker group and leaked a large amount of confidential data, including biological Features unlock device algorithms, some basic service source code, and even confidential source code from Qualcomm.

Samsung Electronics issued an internal announcement on March 7, local time, saying that after discovering user data or leaked loopholes, it immediately activated the information protection center of the company and the security team of the MX department responsible for mobile terminals to strengthen the security system to respond. It has been confirmed that the leaked information includes part of the source code required by the Galaxy driver, but does not include personal information of employees and users. The company's business is not affected, and we apologize for causing public concern.

TikTok may reach a data storage agreement with Oracle

According to Reuters, TikTok is about to reach an agreement with Oracle to store data on US users on the latter’s servers, sources familiar with the matter said.

It is reported that Oracle will store all TikTok's US user data on Oracle's data servers, and set up a US data management team consisting of hundreds of people as a "gatekeeper" for US user information. The two companies are discussing a structure under which the U.S. data management team would not be controlled or overseen by TikTok.

iPhone 13 Pro Cangling Green Appears in Friends of Samsung

After the release of Apple's iPhone 13 series Cangling Green color scheme, Samsung's official US account made a statement on social platforms, saying "we are sincerely flattered", suggesting that Apple's new green version of the iPhone is inspired by Samsung.

Android new features are online: 60% storage space can be released

Google Play product manager Lidia Gaymond announced that Google has developed a feature called "App Archiving" for the Android operating system, which is designed to solve the problem of insufficient 64GB storage space. According to Google, using App Archiving can free up up to 60% of storage space.

Latest technical developments

Firefox 98 released

Mozilla released Firefox 98.

Major update content

• Optimize the download flow, no longer prompt every time, the file will be downloaded automatically;
• optional search engine changes;
• Open the app for a specific file type setting;
• security fixes, etc.

Easy-to-exploit dirty pipe vulnerability found in Linux kernel

Max Kellermann of web hosting company IONOS launched an investigation after receiving numerous complaints from customers about corrupted log files on log servers and found a high-severity vulnerability in the Linux kernel, similar to the DirtyCow privilege escalation vulnerability exposed years ago, but easier use. He named the vulnerability irty pipe.

Dirty pipes exist in Linux since 5.8 and are caused by uninitialized variables that allow anyone to write data to any file, even if the file is O_RDONLY or immutable. It can be used to inject code into arbitrary processes. The vulnerability is fixed in Linux 5.16.11, 5.15.25, and 5.10.102.

Google Chrome 100 Beta Released

Google wrote in a Chromium blog post:

"Chromium 100 will be the last version to support unreduced User-Agent Strings (UA) by default (and the related navigator.userAgent, navigator.appVersion and navigator.platform DOM APIs). Origin experiments that allow sites to test User-Agent will Ends April 19, 2022. After that date, the user-agent string will be decremented".

Visual Studio 2022 v17.1.1 Released, Fixing Multiple Vulnerabilities

Visual Studio 2022 v17.1.1 is officially released with the following updates:

from the developer community

• Fixed regression with CMake->vcxproj in version 17.1.0 when using CONFIG in custom commands
• Fixed a VSSDK API crash that would cause the IDE to crash or hang

Security

• CVE-2020-8927: A remote code execution vulnerability exists in .NET 5.0 and .NET Core 3.1 with a buffer overflow in Brotli library versions prior to 1.0.8.
• CVE-2022-24464: A denial of service vulnerability exists in .NET 6.0, .NET 5.0, and .NET CORE 3.1 when parsing certain types of http form requests
• CVE-2022-24512: A remote code execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1, and a stack buffer overflow occurs in the .NET Double Parse routine.
• CVE-2021-3711: A potential buffer overflow vulnerability exists in OpenSSL caused by Git for Windows, which can be resolved by updating Git for Windows to version 2.35.1.2.

The first RC version of React 18 is released

The first RC version of React 18 has been released. According to the plan, the official version will be launched in 2 to 4 weeks.

React 18 introduced the "concurrent rendering" mechanism, which allows React to prepare multiple versions of the UI at the same time. This mechanism works mostly behind the scenes, but it opens up so many new possibilities for React to improve the real and perceived performance of an application.

Additionally, React 18 offers an asymptotic adoption strategy for existing applications.

Major update content

• Updates to the client-side rendering API
• Updates to the Server-Side Rendering API
• Automatic Batching
• Update Strict Mode
• Internet Explorer is no longer supported
• Updated to remove "setState on unmounted component" warning
• Suspense no longer needs fallbackprop to catch
• Components can now be rendered in an undefined state
• Deprecated renderSubtreeIntoContainer
• StrictMode updated to not silent double logging by default