The 40s News Express

  • Financial situation of Bytedance Shoubei Company: 2020 annual revenue of 236.6 billion yuan, operating loss of 14.7 billion yuan
  • Taobao’s 1.2 billion pieces of user data, including user IDs and phone numbers, were leaked
  • MacOS Monterey removed its own PHP
  • Next generation Windows interface exposure: new start menu and taskbar, rounded corner design
  • Huawei, OPPO, VIVO and Xiaomi took the lead in formulating the fast charging agreement to unify the technology
  • Apple’s new Apple Watch has developed an image that will contain a blood sugar sensor
  • Nvidia’s deal to buy ARM failed to close on schedule and European regulators delayed approval
  • IPhone 13 debuts! Apple orders large number of A15: Enhanced 5nm process
  • Huawei’s Mate 50 comes after P50
  • GitHub has revealed details of a Linux bug that has affected numerous Linux distributions
  • Google Chrome V91.0.4472.114 is available
  • Spring Native 0.10.0 was released
  • OpenSSL 3.0 Beta1 was released, changing the open source license to Apache 2.0
  • Linux 5.14 kernel mainline is expected to be compatible with Raspberry Pi 400

Industry information

Financial situation of Bytedance Shoubei Company: 2020 annual revenue of 236.6 billion yuan, operating loss of 14.7 billion yuan

According to an internal document by Bytedance, the company’s actual revenue reached 236.6 billion yuan in 2020, up 111 percent year on year, and operating losses reached 14.7 billion yuan. By the end of 2020, the number of monthly active users of Bytedance products reached 1.9 billion worldwide, covering more than 150 countries and regions and supporting more than 35 languages. Bytedance currently has offices in more than 30 countries, including Asia, the Americas and Europe, and employs 110,000 people worldwide.

Taobao’s 1.2 billion pieces of user data, including user IDs and phone numbers, were leaked

According to a criminal judgment released by the Suiyang District People’s Court in Shangqiu City, Henan Province, two men, surnamed Li and Lu, used a crawler software developed by themselves to access Taobao’s data for eight months, and obtained nearly 1.2 billion user messages before Alibaba discovered the problem.

The court ruled that Lu and Li were both guilty of infringing on citizens’ personal information and sentenced to more than three years in prison, with a fine of 450,000 yuan and the proceeds to be turned over to the state Treasury.

In response, the Wall Street Journal quoted an Alibaba spokesman as saying that the company had taken the initiative to detect and deal with the incident and was working with law enforcement to protect users. The spokesman did not specify how many users had been affected, saying only that no user information had been sold to third parties and that no financial losses had been incurred.

But this view is not consistent with the content of the judgment.

Lu, who was employed by Li, used a web crawler software designed by herself to collect user IDs, mobile phone numbers and user comments on Taobao’s website from November 2019, and provided the mobile phone numbers of Taobao customers to Liuyang Taichuang Network Technology Co., Ltd., which was set up by Li, for business activities. The company made an illegal profit of 3.95 million yuan from August 2019 to July 2020.

Judgment also showed that liuyang ty and the network technology co., LTD. Main business is “taobao guest”, mainly in taobao WeChat group of goods promotion, to obtain taobao commissions and businessmen service charge, the witness testimony, said wang mou its community group built after the respective WeChat group will provide for the boss li a group of qr code, and then someone automatically into the group.

As one of the largest shopping platforms in China, Taobao has accumulated a huge amount of user privacy and consumption data. According to Alibaba’s latest financial report for the fourth quarter of fiscal 2021, its Chinese retail market has 925 million mobile monthly active users. In fiscal 2021, Alibaba’s global active consumers reached 1 billion.

Zhang Xuesong, co-founder and CTO of Shanghai Mole Network Technology Co Ltd, said Alibaba has the technical ability to prevent data leakage in the case of Taobao user information leakage. He speculated that the 1.2 billion pieces of information leaked may have come from flaws in the design of Taobao’s internal interface, as well as the illegal use of IP pooling to circumvent Taobao’s anti-investigation.

In this incident, what the suspect climbs is the data of taobao, but the actual victim is the user really. As for the maintenance of user privacy, Zhang Xuesong believes that Alibaba can strengthen control measures in interface Settings, especially in the privacy information such as mobile phone number.

As for the IP agent model, Zhang Xuesong believes that Alibaba is also fully capable of constructing risk database, setting risk IP as threat characteristic database and adding it into the prevention and control and risk control system. In addition, Alibaba can also appropriately introduce the cooperation mechanism of third-party security companies to conduct more comprehensive verification of massive data, which will improve the security mechanism.

MacOS Monterey removed its own PHP

Recently, when a user asked the Apple developer community about the apparent lack of PHP in MacOS 12, the engineer in charge of developer tools replied: “MacOS Monterey has removed PHP.”

Some people said they understood Apple’s decision because the PHP version shipped with the system was almost always outdated and lacked useful extensions. For anyone who uses PHP, there are now easier ways to install and manage multiple versions (brew, Docker, and so on) simultaneously without having to deal with outdated and conflicting versions.

Another user thinks it’s a huge step backwards, because one of the great things about MacOS is that it’s built into Apache, including PHP, and he thinks Apple needs to rethink that.

Next generation Windows interface exposure: new start menu and taskbar, rounded corner design

A mirror image of Microsoft’s upcoming next-generation operating system, or Windows 11 as it may be called, has appeared online since The first screenshot of Windows 11 appeared on a Baidu post bar, The Verge reports.

The screenshots show that the taskbar has undergone a major visual overhaul, such as centering the icon, cleaning up the tray area, and using a new “Start” button.

Of course, if you don’t want to center the application icon and the Start menu, you can choose to move them all back to the left. In addition, the Start menu has been simplified compared to Windows 10, such as the removal of dynamic tiles, making the overall look cleaner and more refined.

One important change you can see in the screenshot is the use of rounded corners around the world, such as the right-click menu, the Start menu, the File Explorer, and other Windows and interfaces.

Some other changes:

  • Windows widget

  • New Snap Control

  • New Microsoft Store

Huawei, OPPO, VIVO and Xiaomi took the lead in formulating the fast charging agreement to unify the technology

On May 28, the Telecom Terminal Industry Association released the Technical Specification for Fusion Fast Charging of Mobile Terminals, a standard for converged fast charging, according to the association. To solve the industry spot, green energy working group (WG10) work actively, China mail tunnels, huawei, OPPO, vivo, millet by technical specification for the mobile terminal fusion quick charge, get the glory, silicon lijie, red core micro cool, LiHui science and technology, the treasure to electronic, electrical network, terminal, chip companies and industry partners support. In the process of standard development, Huawei, OPPO, VIVO, Xiaomi and other head manufacturers broke the inherent technological thinking pattern and took the lead in developing a unified technical standard for fast charging of mobile terminals for the purpose of quick charging compatibility, so as to adapt to the long-term development needs of industrial ecology.

Apple’s new Apple Watch has developed an image that will contain a blood sugar sensor

June 15 – Apple is working on a new Apple Watch and health features, including display and speed upgrades, an extreme sports version and temperature and blood sugar sensors, people familiar with the matter said Monday.

Apple is said to be planning to update its Apple Watch product line this year with a new device likely to be code-named Apple Watch Series 7. It has a faster processor and an improved wireless connection and an upgraded display. Apple also plans to update its main Apple Watch products next year, with a new low-end Apple Watch SE and a new version for extreme sports athletes.

The source also said that Apple had originally aimed to include a temperature sensor in this year’s model, but it is now more likely to be introduced in the 2022 update. In addition, blood sugar sensors, which help diabetics monitor their blood sugar levels, are not likely to be ready for commercial release in the next few years.

For this year’s new Apple Watch, Apple has tested thinner bezels on the display and laminating technology that brings the display closer to the front cover. The new Apple Watch may be slightly thicker overall, but it won’t be noticeable to users. The new Apple Watch will include updated ultra-broadband capabilities, the same underlying technology in Apple’s Airtag Project Finder. At its Worldwide Developers Conference earlier this month, Apple showed off the upcoming WatchOS 8 software update, which will enable the device to unlock doors and hotel rooms.

Apple internally describes the Extreme Sports model as an “Explorer” or “Adventure” version. The product has been in development and was scheduled to be released as soon as this year. However, as things stand now, the extreme sports version of the Apple Watch is more likely to launch in 2022. This new version of the device will help Apple compete with the likes of Gamin and Casio. Apple’s plans remain uncertain and could change, people familiar with the matter said. So far, an Apple spokesman declined to comment on the report.

Nvidia’s deal to buy ARM failed to close on schedule and European regulators delayed approval

Nvidia’s Arm deal won’t close until March, as regulators delay their review until after the summer break.

When Nvidia bid for ARM in September 2020, it said it wanted to combine Nvidia’s AI technology with ARM’s entire ecosystem to provide the best technology for customers. In the meantime, Nvidia will provide all of ARM’s customers with new technologies that will help the ARM ecosystem continue to evolve in the AI era and gain an edge against Intel’s X86 architecture, rather than just a few giants like Qualcomm using ARM’s new technologies.

The commission asked more questions than Nvidia had anticipated, three people familiar with the matter said. According to reports, antitrust authorities have told Nvidia that if they don’t file by the end of this month, they will have to wait until September because of summer vacation for European staff. The potential delay in the deal could push it beyond the expected completion date of the acquisition in March 2022. There have been reports that Qualcomm would be willing to invest in ARM if Nvidia’s bid failed.

IPhone 13 debuts! Apple orders large number of A15: Enhanced 5nm process

According to Digitimes, well-known chip manufacturers have received a large number of orders from Apple recently, including the A15 chip, which has not yet been unveiled this year. The A15 will be built using the N5P technology, the second-generation 5nm chip. The chip will have at least 20 percent more performance and 30 percent more efficiency than the A14, the company said.

As a result, the iPhone 13, which will be unveiled in September, will not only get another boost in performance, but will also be balanced in terms of 5G and power consumption, which will be an improvement on the much-mocked 5G iPhone’s battery life.

It’s also worth noting that, in addition to improvements in chip power consumption, the iPhone 13 will have a larger battery.

According to previous reports, recently iPhone 13 brand new has passed domestic 3C certification, which shows that iPhone 13 Pro Max is 4352mAh, nearly 700mAh more than 12 Pro Max 3687mAh, The iPhone 13 is 3095mAh and the iPhone 13 Mini is 2406mAh.

This means that all iPhone 13 models will offer a better battery life, and users will no longer have to choose between 5G and battery life.

In addition, the iPhone 13 brand new this year will also be upgraded to a small fringe screen, which is the first time in four years Apple has brought a positive appearance change, screen proportion has been effectively improved, is expected to bring countless consumers in pursuit.

In terms of screen size, the four models are still 5.4 inches, 6.1 inches and 6.7 inches, but the two Pro models finally have the legend of high refresh, support up to 120Hz specification, and will introduce LTPO panel, can support 1-120Hz adaptive refresh rate adjustment, can save more power.

Pricing remains the cheapest model, the iPhone 13 Mini, at $700 for a 64GB model, and the top-end iPhone 13 Pro Max at $1,600.

Huawei’s Mate 50 comes after P50

Due to well-known reasons, Huawei’s P50 series flagship, which was supposed to be released in March or April this year, has not yet been released. As for the Mate 50 series, which was supposed to be released in the second half of this year, there is news that it has been delayed. Chinese media recently reported that Huawei will not release a new flagship phone in the Mate series this year, marking the first time the company has made a change since the launch of the Mate series in 2013.

However, according to the source’s latest information, Huawei Mate series will not stop, although it is very difficult at the moment, but Huawei will still think of every way to continue the iteration, even if not this year, will release a new generation of models next year.

For now, Huawei’s focus will remain on the P50 series.

According to recent multiple sources, Huawei has now determined the release date of the P50 series, which will be officially unveiled before September, but the specific release date has not been revealed yet.

At the recent Hongmeng press conference, Huawei has officially released a promotional video for the P50 series, which also proves that Huawei is ready for this new flagship.

From the official announcement of the appearance of the video, Huawei P50 series back design is basically the same as the previous multiple Revelations, the rear camera will use a double ring design, which will be equipped with different camera modules according to specifications.

It is worth mentioning that the source said that Huawei P50 will be standard with Sony exclusive customized IMX800 sensor, with nearly 1 inch large bottom, which is also the largest bottom sensor in Sony’s history, which can bring more powerful imaging effect.

Latest Technical Information

GitHub has revealed details of a Linux bug that has affected numerous Linux distributions

This week, GitHub disclosed details of an easily exploited Linux vulnerability that can be used to promote user privileges to root on a target system.

The vulnerability, which is classified as high risk and labeled CVE-2021-3560, affects Polkit, the licensing service that exists by default in many Linux distributions.

The security flaw was discovered by Kevin Backhouse of GitHub Security Labs. The researcher published a blog post detailing his findings, as well as a video showing the vulnerability.

A local, non-privileged attacker can take advantage of the vulnerability by simply executing a few commands at the terminal to promote permissions to root. The vulnerability has now been confirmed to affect some versions of Red Hat Enterprise Linux, Fedora, Debian and Ubuntu. The patch for CVE-2021-3560 was released on June 3rd.

“The vulnerability I found is quite old,” Backhouse said. “It was introduced in the BFA5036 submission seven years ago and first appeared with the polkit version 0.113.”

The compromised component, polkit, is a system service designed to control system-wide permissions and provide a way for unprivileged processes to communicate with privileged processes. Backhouse describes it on his blog as a service that acts as a judge, deciding whether user-initiated actions — especially those that require higher authority — can be performed directly or require additional authorization, such as entering a password.

Google Chrome V91.0.4472.114 is available

The official version of Google Chrome V91 is a major update, thanks to an all-new Sparkplug compiler and Short Builtins calling mechanism, with browser speeds up to 23% faster. The new Sparkplug compiler is designed to execute and optimize the white space between JavaScript code for maximum performance.

In addition, Google is using “built-in calls” to optimize the browser’s use of generated code to reduce the jump when calling functions. Support for desktop applications to have read-only access to the Clipboard, a feature that will allow users to attach files to emails using Clipboard keyboard shortcuts, such as Ctrl+C and Ctrl+V, rather than relying solely on drag-and-drop methods.

The official version of Google’s browser, V90, is a major update that introduces a number of user-centric enhancements, backed up by further security enhancements. SSL security transfer protocol (HTTPS) is enabled by default for all links to target websites. Technical support of the new AV1 open source video encoder greatly reduces the consumption of high-definition video. New window renaming function, can rename the opened multiple Windows, can remember the configuration of the window, in case of a crash restart will automatically restore the state. There’s also the WebXR deep API, the URL protocol setter enabled, the effects overlay layer, and security improvements such as blocking access to HTTP/HTTPS/FTP servers on port 554 to mitigate NAT Slipstream 2.0 attacks.

A major update to the official version of Google’s browser, V89, has fixed a zero-day bug that users are advised to update as soon as possible. Optimized support for APIs for HID devices such as WebHID, WebNFC and Web Serial, and NFC and Serial devices are also considered ready for production use. Support for AV1 encoding has also been initially added to WebRTC. The desktop also brings Web Share and Web Share Target support, as well as other enhancements.

Spring Native 0.10.0 was released

Spring Native 0.10.0 has been released, which is based on Spring Boot 2.5 and GraalVM 21.1. This release brings the following new features:

  • Introducing Native Testing
  • New official Gradle plugin from the GraalVM team
  • Introducing AOT(Ahead of Time) proxies that can be used for classes

It also includes 43 bug fixes, documentation improvements, and dependency upgrades.

Native tests and Gradle plugins

The Spring Native development team says it has been working with the GraalVM team to take Native images to the next level in building plug-ins. The former native image-maven-plugin is now replaced by a new native build tool that supports building and testing native applications using the native image-maven-plugin compiler.

Previously only Maven support is available, now Maven and Gradle plugins are available. If you are upgrading, the new Maven plug-in coordinates of org. Graalvm. Buildtools: native – Maven – plugin: 0.9.0, after good native build tools plug-in configuration, Not only can developers build their own applications through the MVN-PNative DSKipTests package or Gradle NativeBuild, You can also use the MVN-Pnative Test or Gradle NativeTest to run the JUnit 5 test as a native image.

For this, Spring Native itself has been upgraded to add initial test support, so @SpringBoottest runs as a Native image. This is an important milestone for native Spring Boot applications, and for the JVM ecosystem, including Spring itself, which can now use official plug-ins to improve the quality and maintainability of native support.

Can be used as an AOT(Ahead of Time) proxy for a class

For native images, the proxy needs to be defined at build time. So far, Spring Native only supports JDK proxies that can only be used on interfaces, and not proxies for classes that can be processed on the JVM through a CGLIB proxy, because the Native world does not support bytecode generation at run time.

// Typical security use case of a class proxy now supported on native @Service public class GreetingService { public String hello() { return "Hello!" ; } @PreAuthorize("hasRole('ADMIN')") public String adminHello() { return "Goodbye!" ; }}

But starting with 0.10, you can now generate proxies for classes at build time with the @AOTProxyHint annotation. Notice that the former @ProxyHint has been renamed to @JDKProxyHint to avoid confusion.

This capability allows you to implement support for security, transactions, and a wide range of other agent-based mechanisms on your classes.

OpenSSL 3.0 Beta1 was released, changing the open source license to Apache 2.0

The first Beta of OpenSSL 3.0 has been released, and the development team says that they consider it to be the RC release, so all OpenSSL users are encouraged to build and test the Beta and provide feedback.

Over the past few months, the development team has been working on the final release of OpenSSL 3.0. They stated that the overall development effort for OpenSSL 3.0 was huge, with more than 300 different contributors committing more than 7,000 commits since the start of 3.0.

Here’s a look at the major new features and changes in OpenSSL 3.0.

  • Adopt the new open source license. OpenSSL 3.0 will be released under the standard and widely used Apache License 2.0, instead of the custom “dual” License used in 1.1.1 and prior versions: OpenSSL and SSLEAY License (both used)
  • Adopt a new version control scheme
  • The architecture is based on “Provider”, which replaces the old “engine” interface, provides more flexibility and makes it easier for third party authors to add new encryption algorithms to OpenSSL
  • Add a new Provider that will be validated against FIPS 140-2
  • Fully “pluggable” TLSV1.3 groups, enabling third party authors to add new TLS key exchange/encapsulation groups through providers
  • Added new encoder and decoder support
  • Complete Certificate Management Protocol (CMP) implementation
  • New APIs for handling MAC (message authentication code), KDF (key derived function), and random numbers (EVP_RAND)
  • Integrated support for kernel TLS

OpenSSL 3.0 is a major release update, and the library’s ABI has changed, requiring users to recompile all dependent applications, as well as some minor disruptive API changes.

OpenSSL 3.0 Beta1

Linux 5.14 kernel mainline is expected to be compatible with Raspberry Pi 400

Starting with Linux 5.14, Raspberry Pi 400 will probably be perfectly compatible with the mainline kernel.

The Raspberry Pi 400 is a new single board computer that the Raspberry Pi Foundation launched in November 2020. It looks like a small keyboard with a development pad integrated inside. Officially, it performs slightly better than the Raspberry Pi 4.

The Raspberry Pi 400 actually embeds the Raspberry Pi 4 SBC into the keyboard and integrates into one large aluminum block. Buyers pay $100 for the Raspberry Pi 400 and get a keyboard with Raspberry Pi built-in, which comes with 4GB of RAM, a 1.8GHz quad-core Broadcom processor, 16GB of storage and associated peripherals. That means the buyer will be able to have a fully functional computer that doesn’t require anything other than a monitor.

The arrival of mainline kernel support will make the Raspberry Pi 400 even more attractive. The patch that has been added to the SoC/SoC “for-next” branch is Devicetree for Raspberry Pi 400. Since it is basically very close to Raspberry Pi 4, no kernel driver changes are required; However, due to the 1.8GHz clock rate, different WiFi chips, power failure handling via GPIO and the lack of ACT LEDs on the 400 model, the DTS configuration needs to be updated.

As Phoronix notes, support for the Raspberry Pi 400 is good thanks to the efforts of developers working on the next Git branch of the SoC, which now precedes the Linux 5.14 kernel. Unfortunately, this relatively simple addition took a long time to get ready for mainline use.