1. Special-sale e-commerce
In recent years, the sale model has great potential. As a website specializing in fashion sale, Vipshop will grasp the core needs of female consumers and have an absolute advantage in the field of sale. At the same time, Jumeiyoupin and other platforms are also at the ten million level. It cannot be underestimated. The above-mentioned enterprises are mostly cut into fashion fields such as apparel and beauty, while discounts, time-limited buying and other promotional methods accompany the entire e-commerce development process. The special sale model still has great potential in other commodity categories.
2. Shopping guide e-commerce
E-commerce platforms like shopping guide rebates are becoming more and more popular. Everyone is familiar with rebates and Yitao. Rebates and price comparisons are always closely related to low prices. On the one hand, they bring large-scale traffic to businesses, and on the other hand, they compress profit margins. The pure traffic model can easily trigger low-price competition and fall into a vicious circle.
3. Haitao e-commerce
Although consumers are increasingly fond of Haitao, Haitao fever does not mean Haitao APP fever. There was strong competition from Tmall International and JD.com overseas purchases, and then there was silent encroachment by Wechat and purchasing. However, the small red book transformed from the shopping sharing platform is still the leader of Haitao e-commerce, in addition to Koala Haigou, Yangpu, Miya, etc. Haitao e-commerce.
4. Comprehensive e-commerce
Comprehensive e-commerce applications mean that there are many horizontal categories of products on the e-commerce website. Comprehensive e-commerce software includes e-commerce giant mobile phone Taobao, Jingdong Mall, Tmall, Suning.com, No. 1 store and so on. With the upgrading of consumption by Chinese residents, online shopping platforms have begun to gradually get rid of the "discount" and "cheap" positioning and gradually move closer to quality. At the same time, after the online shopping festival, many aspects of the commodity supply chain, logistics and distribution are also testing the comprehensive strength of the online shopping platform.
5. Group purchase e-commerce
In recent years, the concentration of group-buying e-commerce software market is very high, and the new social play method has detonated the enthusiasm of group-buying. The top group-buying e-commerce apps include Meituan, Baidu Nuomi, Pinduoduo, Juzui, etc. In the field of group buying, the situation of the "Thousand Group War" has long since ceased to exist. There are only a few group buying apps that are still alive. The Meituan is the only one, and Baidu Nuomi is closely followed. The seemingly solidified market structure has encountered challenges from new players, and many of the main social concepts are fighting for a place in the cracks.
6. Group purchase e-commerce
Vertical e-commerce refers to an e-commerce platform focused on a certain industry. At present, the maternal and infant industry is still the mainstream, and the performance in the alcohol and sex fields is eye-catching. With the liberalization of my country's two-child policy and the upgrade of consumer demand, the size of the mother and baby market has grown rapidly. The mother-and-baby vertical e-commerce Beibei Network is at the right time and has become a role that cannot be ignored in the e-commerce field. At the same time, mobile phone APP applications such as Kid King and Miya are also intensively working in the mother and baby market. Maternal and child e-commerce platforms perform best in all verticals, while other verticals also have decent mobile phone software, such as wine e-commerce Jiuxian.com and e-commerce e-commerce.
Enterprises that want to open the door to business through APP development software must first understand more about the classification of e-commerce platforms and do a good job in market positioning. Only in the process of APP software development can they achieve twice the result with half the effort.
Intel Senior Vice President, Chief Architect, and General Manager of Architecture, Graphics and Software Raja When talking about software, Koduri said that the performance improvement that software brings to us is exponential. Through the combination of software and hardware, we can make the improvement of Moore's Law tenfold. Because Moore's Law will bring more transistors, and software can release the ultimate performance of more and more transistors. "The future world is'software first".
Software is indispensable, but with the rapid development of software today, development and maintenance are still time-consuming and error-prone tasks. Justin, director of the machine programming research department at Intel Research According to Gottschlich, this problem that has plagued generations of programmers since the birth of the software is actually not unsolvable: "I believe we can create a society where everyone is a software developer, and the machine will take over by then." "Programming" part of the work. So, we call it "machine programming."
1. What is machine programming?
Justin's job at Intel Research Institute is to lead the newly established Machine Programming Research Team (MPR) at the System and Software Research Institute. This research team is dedicated to the pioneering prospects of machine programming.
What the MPR team is doing is to design software that can automatically write software through machine learning and other automated methods. This kind of software is called "machine programming", which is essentially the automation of software development and maintenance. If machine programming is fully implemented, then everyone can express ideas freely and can develop their own software without writing any code.
In Justin's opinion, the time is right to develop machine programming. Machine programming combines multiple fields such as machine learning, formal methods, programming languages, compilers, computer systems, and so on. The automatic programming techniques it uses include both precise methods (such as formal program synthesis) and probabilistic methods (such as differential programming). Machine programming draws on all the hardware and software knowledge we have obtained so far. People have been involved in the research of machine programming since the 1950s, but Justin said, "Today is different from the past. Today we stand at a turning point in history. We have new machine learning algorithms, new hardware and Optimizing hardware, massive and diverse programming data, and these three are essential elements for developing machine programming."
Justin team's latest genetic algorithm (GA) research project ① is an example. They found that the fitness function of genetic algorithms—a complex set of heuristic algorithms developed by programming experts for machine learning—can be automated. Justin said that even a few years ago, this was impossible.
2. What problems can machine programming solve?
The first is to fill the talent gap. According to Justin, the lack of human resources for senior development engineers is a core problem faced by Intel and other leading technology companies, which directly hinders the growth of programming in various fields. According to data from code.org②, there are 500,000 programmers in the US alone, and only 50,000 computer science graduates graduate each year. This problem of talent shortage also exists in the EU. Justin said that at most only 10% of programmers in the EU talent market are trained in computer science and have the potential to become first-line senior development engineers in the future.
Today's heterogeneous hardware is diverse, with CPUs, GPUs, FPGAs, ASICs, neuromorphic chips and quantum chips that will soon be born. It will be very difficult to find developers who can write programs for these hardware correctly, efficiently and safely. This is an impossible task.
In addition to manpower problems, bugs that torment global programmers are also a major pain for all software development and maintenance. "We recently worked at Neurops The paper published in 2019 initially showed that some vulnerabilities that even programming experts could not detect in the past can be automatically detected through machine programming without any human intervention. The next step is to automatically fix these vulnerabilities. "Justin said.
Regarding the benefits of machine programming, Justin also cited a very famous example. As we all know, Google Translate can provide automatic translation services between multiple languages. For a long time, it was written by engineers through traditional programming methods with about 500,000 lines of code. After the advent of machine programming, Google rewrote this code, part of which was realized through differential programming. This rewrite reduced the 500,000 lines of code behind Google Translate to 500 lines, a 1,000-fold reduction. "Not only has the amount of code been reduced by a factor of 1,000, the accuracy of the system has also improved, which is incredible." Justin said.
3. Machine programming with many benefits, will it grab the jobs of the majority of programmers?
In Justin's view, machine programming will not only cause unemployment, but will increase employment opportunities-and may be as many as millions of jobs. In a paper co-published with researchers from the Massachusetts Institute of Technology, "The Three Pillars of Machine Programming" (The Three In Pillars of Machine Programming), Justin and his team described the future vision of machine programming.
In software development, the boring part will be automated, allowing people more freedom, flexibility, and time to create. He added: "Our vision is: as long as you can express your'intent' in a machine-understandable way-perhaps in natural language, or visual charts, or even make a gesture-machine programming will help You develop your own software.
Justin said that in order to build these advanced machine programming systems, we rely heavily on developers and scientists groups-they can develop on different platforms, can use machine learning and formal methods, heterogeneous hardware and multiple programming languages.
1. Functional experience
APP: App can realize all the functions on the mobile phone. Based on the natively developed App, it has complete functions, better interactive experience, high performance, and better user experience.
Mini-programs: Based on H5 development, the function development is limited, and it is not possible to access or develop customized functions at will. And, due to the value of WeChat for its own ecology, it has fewer open functional interfaces, which means that many functions that can be easily built on the App cannot be implemented on small programs, and the risks of the platform are blocked if there is a disagreement. However, the product characteristics of the applet are also defined in small and exquisite, so unlike the tens to hundreds of mega app, the lightness of the applet is more popular with low-frequency, non-rigid, lightweight users.
Evaluation: The App is fully functional; the small program is small and beautiful. Light and heavy match, can meet the different needs of users with two lines.
2. The threshold of use
APP: The usage path of the App is very short. After the download and installation is completed, the user only needs to open the application on the desktop of the phone to enter the App in one step.
It is suitable for users who need to open the platform with high frequency. In short, it is more conducive to the operation of highly sticky users. In addition, the App supports UnionPay, WeChat, Alipay and other types of mobile payments, which can further reduce the user payment threshold and help to increase the monetization rate.
Applets: The use of applets is deep. You need to open WeChat, search for applets, and then open the platform. However, the applet does not need to be downloaded. For users who do not intend to increase the load of the mobile phone, it is also a light and fast platform opening path, which is more conducive to user drainage.
Compared with the App, the small program is more dependent on WeChat payment, which will invisibly increase the user's payment threshold.
Evaluation: The App path is short, suitable for users with high demand and high frequency, and the payment threshold is low; small programs do not need to be downloaded, and the use threshold is low, but the payment method is relatively single. Drainage pulls new apps, and in-depth operations rely on apps.
APP: App faces all smartphone user groups, which means that the customer acquisition carrier is larger. With the extensive coverage of smartphones, its customer acquisition bonus is gradually sinking from first- and second-tier cities to third- and fourth-tier cities. At the same time, due to the birth of App For a long time, its competitive pressure is greater, and the cost of acquiring customers is increasing year by year, but there are also many free channels for acquiring customers. It can not only increase exposure through mainstream mobile application stores such as Apple, Huawei, and App Bao, but also use Douyin and WeChat. And other social platforms to promote drainage for the App. Diversion methods are diverse and require operators to dig deeper.
Mini-programs: Mini-programs rely on the WeChat ecosystem of 1.1 billion active users, and customers can be easily obtained without digging out ideas. There are as many as 60+ entrances, such as the menu bar of the public account, template messages, public account articles, and small program cards that can be easily forwarded in community chats, etc., in a variety of forms.
Although on the one hand, WeChat has also introduced users through other apps to enrich the application ecosystem, but WeChat will not always make wedding dresses for others. The propagation path of apps such as Taobao, Meituan, and Hungry has narrowed in small programs. Press the key to share the app for group chat, which gradually evolved into a garbled text that you hid and hid.
Evaluation: App has a wider audience; small programs rely on WeChat drainage. App and applet work together to fully harvest mobile traffic dividends.
4. Leading Power
APP: App can control all the functions and content in the platform, and can independently plan rich and diverse marketing activities, and users and activity data can be mastered in one hand.
Mini-program: Relying on WeChat is also subject to its constraints. Many marketing campaigns with huge drainage are often dealt with without title, the rules are ambiguous, and the risk resistance is relatively weak.
Evaluation: App is flexible and mobile; small programs are relatively constrained. Precipitation of data and operational data only mean that users are truly on their own platforms. Undoubtedly, App's autonomy, compared with the e-commerce platform, has more determination to accumulate old users. In addition, when using small programs to play low-cost drainage, users are retained through the App at the same time, which can improve the platform's resistance to risk.
1. Fast upgrade of social software
Let's go back and look. In the era of China's PC Internet, Baidu and Google occupy the top. If you can occupy search traffic, you will definitely become the top player in the ecology. Due to its own attributes, the mobile APP cannot communicate with each other, but in WeChat, the technical standard of the applet is set by WeChat. WeChat has the opportunity to retrieve the information and services of tens of millions of applets in the future. Come out, the new structured information will generate new huge business opportunities. The applet's traffic from WeChat search is constantly zooming in, and is accelerating the zooming process.
2. social product category analysis
Current social iOS and Android mobile phone software development has many similarities. Instant messaging, graphic communication or voice communication and topical community circles and their videos are social forms of entry point, which reflects the development of social software in multiple modes. Socializing in many fields such as workplace, marriage and love. Socializing is no longer limited to social app applications. Many mobile phone software development such as shopping e-commerce, news magazines and fitness entertainment have increased social functions.
3. The future social form will be more innovative
The threshold for social app mobile phone software development is relatively low, and it is relatively simple to accumulate and retain user traffic. There will be some changes in the form of social networking in the future. It is believed that the current graphics and audio and video formats are not the ultimate basic social model. Social software will also affect many industries. And what affects the survival and development of social mobile App software development is not only the strong competition and the lack of technology, but the funding of mobile phone software development companies is also a key obstacle.
If you are looking for a technical professional social software development company, you need to communicate your ideas and needs clearly in the early stage. If Renjie Electronics only needs to communicate well, the product manager will turn the product into a realizable one according to your ideas. The reality, after the plan has obtained your approval, our design team will turn it into a direct design pattern, the style is naturally consistent with your ideas. After the design style gets your approval, it will be coded and developed.
1. Opportunities for WeChat search
Let's go back and look. In the era of China's PC Internet, Baidu and Google occupy the top. If you can occupy search traffic, you will definitely become the top player in the ecology. Due to its own attributes, the mobile APP cannot communicate with each other, but in WeChat, the technical standard of the applet is set by WeChat. WeChat has the opportunity to retrieve the information and services of tens of millions of applets in the future. Come out, the new structured information will generate new huge business opportunities. The applet's traffic from WeChat search is constantly zooming in, and is accelerating the zooming process.
2. The small program live
Compared to Douyin, Kuaishou and Taobao live streaming, I think there is a greater opportunity for live streaming of small programs, because the way of live streaming of small programs allows the small programs to connect to the closed loop of the services behind and follow these users through a series of methods in the back Establishing connections, such as pulling into groups, is far better than the traffic structure on Douyin and Taobao live broadcast. The distance between the merchant and the user will be shorter, which is the opportunity for private domain traffic mentioned by many people.
3. the video number
What does the video number have to do with the applet? First of all, there is a long link under the video number, which can be linked to the article of the public number. Secondly, with the development of the video number, a pop-up box must be displayed above. When we explain the product in live broadcast, it will directly pop up the applet and link to the applet to make a purchase. When huge traffic is received in the video number, and then it is perfectly carried by the applet, plus WeChat payment transaction closed loop and sharing function, through the combination of the video number and applet, a new business model and Business opportunity.
4. The birth of a new unicorn.
Many unicorns in China in the future, from 0 to 1, from 1 to 3, only need a small program, and may later do their own APP, or even their own PC website.
In 2019, unicorns that were born and developed simply from small programs have the prosperity of Changsha and the selection of Tongcheng Life from Suzhou. Both of them are currently valued at more than 1 billion US dollars, and this year they The valuation will definitely be higher than this. There will be more than one unicorn company starting with a new applet this year.
5. The traditional offline OMO has really arrived
That is the real combination of online and offline. For example, how do offline mother and baby chain stores connect your customers?
Tell the customer that you have a website. Will the customer go back and open your website when they get home? He can't remember, because this path is too long. Let customers scan your APP to download, and users will not do it. However, it is very convenient to connect users through the applet, and there is a chance to make a flow of desire. Because WeChat is strengthening the ability of applets to connect users, especially the ability to push.
6.China's e-commerce landscape has changed dramatically
It is painful for you to open a store on these centralized platforms such as Tmall Taobao Jingdong, because the transaction cost is very high, and there is no need to compare the price in the small program, the second does not need to rush the list, and there are a large number of users, and the transaction can be completed naturally And path.
The e-commerce landscape in China has undergone tremendous changes today. In addition to e-commerce giants such as Ali, JD.com, Suning, and Vipshop, vibrato and quick hands have recently been added. Whether it is the form of live broadcast technology or the ability of the bottom of the small program, it will change the future pattern of e-commerce in China.
7.Payment scene competition moves forward
When we go to many second- and third-tier cities in China now, when the offline consumption scans out to be a small program, in fact, the small program has quietly moved the market war of China Mobile Payments, and the payment war has become a scene entry war, changing the market again. The pattern is a new small program thinking, which is worthy of our consideration for the change of offline consumption habits and the birth of new business opportunities.
8. Let new brands complete new connections
The new technology is driving the user's new perception of the brand, not just getting traffic, so the small program will be born with its own brand, similar to the Tao brand born in Tmall. The sound brand is the same. It is very important for brands and merchants to connect your past users through small programs, and implant a new brand image and new mind into the brand.
9.the combination of hardware and software and artificial intelligence
For example, Fengchao smart cabinets and smart security video access control are all very good examples of the combination of hardware and software and artificial intelligence. I believe that more will come out this year.
10. Opportunities for third parties
For example, Renjie Electronic Technology Co., Ltd. inside the small program, specializes in helping others to build small programs. Many people will not build small programs on their own. You can give it to a third party and help you make one quickly.
1. What is custom app development?
What does APP custom development mean? APP custom development means that users can make their own requests by software customization development companies, tailor-made and develop a mobile APP software. This requirement can be determined by the user according to the development of the industry in which the enterprise is located and the enterprise plan.
In addition, to customize an APP software, users need to make clear the relevant requirements, such as APP custom development platform, APP customization type, APP functional requirements, APP server language, etc. Of course, if the customer does not know much about APP development, he can listen to the suggestions of the software development company.
2.The advantages of custom-developed apps?p>
When consulting, many customers often ask, "Why is the cost of APP customization so expensive?" "Why are other companies' APP development time so short?". To explain this problem, it is necessary to understand the difference between APP module development and custom development of software custom development companies, and what are the advantages of custom APP development.
1. The difference between App module and custom development
APP template development means that all the functions and styles of the APP have been developed, and only the user needs to choose. A mobile software template mainly includes content application icons, application columns, functions, system selection, etc. The time it takes for a customer to register and generate a mobile APP is very short, perhaps tens of minutes or hours, and APP development and operation are also very simple.
The custom development is to redevelop a mobile APP, which requires the APP development team to complete a series of APP customization complete processes such as needs assessment, professional planning, APP customization planning, UI design, visual design, front-end production, technology development, and APP testing. The APP software development time is also relatively long, and the effort is more.
2. Where does the custom app win
Many companies now prefer to spend more on custom APP application development, mainly because these companies understand the advantages of APP customization:
APP program customization is highly targeted, and different solutions can be adopted for different enterprises; moreover, APP customization has a high degree of fit and is tailored for enterprises; the cost of custom development is also reasonable, and formal and professional APP development companies Custom APP charges are based on the development cycle, APP function, development team, etc.; Another advantage of custom software development is timely service. In the process of making APP, if there are any problems, they can be customized and developed with Fengyun office software. The company communicated and resolved in time.
3. Why is the price of customized app development so expensive?
As we all know, generally speaking, the development price of mobile APP is a very vague problem, and there are too many factors affecting it, mainly related to the complexity of the APP function, APP production method, and the choice of the APP development team.
Since the APP customization period is long, the related functions are not simple modular production, but one-to-one development, which requires higher requirements for the APP production team, so the development price of customized APP applications will be a little more expensive than module development. At the same time, due to different functional requirements, the same is customized development, the price will also vary. Some tens of thousands, hundreds of thousands, some hundreds of thousands or even millions.
After McDonald's, KFC and other catering giants have deployed the small program ecology, Starbucks has finally joined the small program queue, which undoubtedly highlights the unique application of the small program in opening the private domain traffic entrance and promoting the integration of online and offline catering industry Advantage. A The small program mainly solves four problems in the catering industry marketing: pulling new customers, keeping old customers, improving the experience, and doing promotions.
一、Attract new customers
Applets have a natural traffic advantage. Not only do they have a large user base, but the "near applets" feature also enables applets to cover potential customers around three kilometers for free. Customers can receive an electronic membership card after spending at the store, relying on marketing methods such as sharing courtesy, recharge and courtesy, etc., to attract customers to eat and socially share, thereby helping merchants quickly attract fans, bring more traffic and increase conversion.
二、Improve the experience
The catering store applet is a marketing tool for the physical catering industry. The applet can not only allow users to order without leaving the house, but also can be converted into a QR code form to post offline restaurants, allowing users to order by scanning the code. Single payment can improve the efficiency of ordering, ordering, number collection, and meal delivery. It also helps businesses manage purchasing, inventory, and finance, improve user dining experience, reduce labor costs, and empower store operations.
三、Retain old customers
The applet can be stored in the user's WeChat once. Merchants can create a complete membership growth system through the member management function of the applet, and guide members to upgrade consumption through effective marketing actions, such as: first-time consumption becomes a member, members enjoy secondary consumption discounts, and the first card is obtained Give gifts, etc. to achieve consumption drainage, attract more customers to become members and repurchase for the second time.
After the customer left the store, the merchant did not lose contact with the customer. Merchants can use the matrix of applets and public accounts to accumulate their own private domain traffic and carry out continuous marketing to existing members. Through daily brand marketing tweets, product displays, and preferential information push, etc., customers can continue to pay attention to the store, seize the user's mind, and stimulate more consumption.
The merchant's own take-away + dine-in platform realizes the seamless connection of small programs and public accounts. Create a one-stop service system from ordering, delivery to evaluation, allowing merchants to independently configure hot dishes, business hours, delivery scope, delivery costs and other parameters, as well as classified navigation, image ads, carousel maps, coupons, etc Marketing components are available.
六、 online marketing
Multi-person teamwork, bargaining, inviting courtesy, entering courtesy, membership system, equity cards, new coupons, sharing posters, etc., supporting precision marketing, SMS marketing, customer portraits, customer labels, and fission to obtain more Multiple customer sources and activate users, promote repurchase and increase turnover.
The small program is efficient, portable, and easy to obtain. It has a large user base and a good development ecology. Compared with the delivery platform such as Meituan and Hungry, it is backed by the mountain of WeChat. It helps to accumulate private domain traffic, and the marketing effect and service ability are very superior. Blackbee Technology is a leading Internet + application solution provider, focusing on APP + applet + public number + website + system customization development, to create multiple stable and smooth catering systems for the little trendy people, overseas takeaway, etc., welcome to inquire!
Then when companies develop APP software, they will pay close attention to the price, cycle, company and other issues of APP software development. There are especially many APP development companies in Changsha. You can choose an APP development company through the following points.
一、Don't go to companies with low prices
Some development companies have pushed prices down very low, and customers may find it very cost-effective. In fact, APPs with prices far below the market price, features and after-sales services cannot keep up, and even invisible consumption during development may occur.
二、Individual developers do not recommend choosing
In order to save costs, some businesses will find some individual developers to outsource. Most of the individual developers work part-time. Whether they can complete the development according to quality and quantity is a problem, and there are too many aspects involved in a complete APP. One person does not It may be all-round, so there is no guarantee in sales services.
三、Choose a company with source code
It is not recommended to choose the kind of small program generated by one key. It is recommended to find an APP software development company developed by source code. I recommend Liuyang Renjie Electronic Technology Co., Ltd., which has a professional APP development team. A large number of APP development cases are for your reference.
四、Sales-type outsourcing companies do not choose
A sales company generally does not have real technical R&D personnel. They mainly rely on sales capabilities to pull in the business, and then outsource to other software development companies. Such companies are not reliable. You must visit the site .
五、Is the after-sales service good?
The quality of after-sales service affects the professionalism of APP development companies. Professional software development companies must have professional after-sales customer service and after-sales maintenance teams. In addition to continuing to follow up after the APP is online, it will also provide maintenance customer service to deal with emergencies and BUG and other issues.
Has 10 years of custom development experience, has a professional technical development team and UI design team, excellent cases in various industries, to provide customers with high-quality APP software custom development services. If you also want to develop an APP, you can contact Renjie Electronic Customer Service online or call 0731-83030585
1. Enlarge the exposure radius of venues so that people around you know themselves. Most people are looking for venues near a company or near home. Therefore, in order to obtain a large amount of traffic, the gym must let everyone around the store know about themselves. However, a small program can help achieve this function
2. Use small programs to reduce drainage costs. First of all, the small program is developed by the fitness center itself, so it will not be like a third-party group purchase, reviews and other platforms, it is necessary to extract high commissions. Secondly, the marketing plug-ins in the applets are basically free to use, and there is no need to pay separately for fitness venues.
1. Introduction to the gym: Users can view all relevant information about the gym online in the small program, such as the establishment time, geographical location, fitness equipment, gym membership prices and activities and other related information。
2. Coach appointment: Members directly book appointments online.
3. Sports circle: Personal fitness is inevitably boring and easy to give up. The sports circle through the small program can recruit sports friends, and it is more fun to exercise together. In addition, users can also use the text, pictures, videos and other ways to expose their fitness in the sports circle of the fitness applet software, share fitness skills with more people, and make friends.
4. Member management function: For fitness venues, in addition to acquiring new customers, the maintenance of old customers is also a very important task, so the member function is essential. For example, some special offers, points redemption and other activities are launched for old customers to improve the retention rate of old customers and the probability of repurchase of old customers.
I believe that everyone has a certain understanding of the advantages and functions of the fitness applet after reading the above content. The above hopes will be helpful to the enterprise that develops the fitness mini-program.
Most of the physical chain companies have the idea to make their websites into app software and keep up with the trend. But the technology involved in app development is more professional, and it is not easy to get familiar with the development language. So, in the case that the technology has not yet passed the level, what preparation work is needed to make a mall app software?
1. Positioning of enterprise app mall
What is the demand, what is the product positioning of the mall app, it takes two weeks here, think about the positioning of the product and the needs of the first phase, after the product positioning and early needs are determined, you need to think of the product name, demand research, and competing products Research and analysis, register domain names.
Second, app version planning, architecture design stage
Plan the version according to the priority of the demand. Architects began to enter the development environment, production environment deployment, and basic code development stage according to the product development direction.
3. Internal testing and polishing stage
This step requires close communication with design, R & D, and seed users, constantly collecting problems, discovering problems, optimizing, and solving problems. During the period, 1-3 beta subversions may need to be released. At the same time, you have to find a way to maintain the enthusiasm and cooperation of seed users. This is a difficult task!
In a word: To do a good app development in a mall, you must have core app development technology and an experienced app development team to make a satisfactory app application software.
Here, we highlight several parts of the bill and a breakdown of their expected impact on software and technology companies.
The new corporate tax rate law reduced the corporate tax rate from 35% to 21%, completely abolishing the enterprise substitution low tax (AMT). Both modifications are permanent
For large technology companies, these two regulations are obviously good news, reducing the rate, making the world's Amazon, Apple and Google more conducive to global competition. Decline in corporate tax rate and elimination of corporate AMT- The latter allows Company C to use effectively prohibited credit and incentives to further reduce its tax liability-which will enable millions of people to reinvest in these companies, thereby providing substantial opportunities for growth.
In addition to lowering corporate tax rates, the new regulations also reduce pass-through taxes by lowering personal tax rates and deducting tax rates of up to 20% through qualified business income (QBI). The new law maintains the tax structure of the seven pillars, but the tax rates of several tax classes have fallen, and the new high tax rate is 37%.
In addition, the law restricts those hit by AMT by increasing the level of income exemption-a single filer is $ 70,300, a joint filer is $ 109,400, a single filer is $ 500,000, and a joint filer is $ 1 million.
Given that they may be organized to pass on and comprehensively reduce personal tax rates, these are modifications that bring benefits to startup software development companies and small and medium-sized technology companies. However, it should be noted that with regard to QBI deductions, some restrictions will affect deductions, the key of which is based on W-2 wage restrictions.
Importantly, although Team C has received a big windfall from the bill, some of the amendments will benefit small and medium-sized technology companies and startups.
In addition to the above-mentioned changes in domestic taxation, the new law has also significantly reformed the international taxation system of American multinational companies from a global taxation system to a quasi-regional system. The bill imposes a one-time repatriation tax on multinational companies and converts their overseas profits-cash and cash equivalent assets- 15.5% of earnings held by stocks, current assets, etc.-and 8% of earnings attributed to non-cash assets-actual real estate, other hard foreign assets, and not taxed at the 21% corporate tax rate.
The legislation also includes a 10.5% tax on future foreign profits.
EAM The purpose is to manage corporate assets across departments and facilities to maximize their use, save money and improve quality. It integrates control and optimization technologies in the asset life cycle (such as design, operation, and replacement). EAM is used in industries that rely on complex physical assets such as heavy equipment, factories, and vehicles. Users include aerospace, energy, government, mining, oil and gas, shipbuilding and utilities. "EAM software allows your critical assets and resources to operate efficiently," IBM Stephan, Vice President of Product Management, Watson Internet of Things Biller said. He believes that by helping customers implement a comprehensive predictive maintenance plan, the overall EAM system can reduce asset downtime by double digits. In addition, they help to optimize labor efficiency through more effective scheduling, field service deployment and resource optimization. Biller said that with the EAM system, maintenance teams can more accurately predict maintenance needs and manage suppliers more effectively, thereby reducing inventory costs. "EAM systems can help companies increase asset utilization, thereby improving throughput and quality through excellent maintenance."
CRL, Senior Maintenance Reliability Consultant, Fluke Accelix agreed and stated that EAM software manages all assets in the facility, from process control and operations to maintenance and inventory. Similar to EAM, computerized maintenance management software (CMMS) manages maintenance work to maintain assets. Perry thinks CMMS 100% is dedicated to the planning, scheduling and execution of maintenance activities, including asset hierarchy, asset operating parameters, work order scheduling, and generation and inventory management. "We saw the need to integrate data directly into the CMMS so that technicians, managers and planners would not spend a lot of time manually entering data," Perry said. Data from EAM tools and sensors can be automatically integrated with selected CMMS systems to simplify the process. Although EAM and CMMS both provide industrial maintenance functions, CMMS usually does not have the same extensive functions as EAM.
"We saw the need to integrate data directly into the CMMS so that technicians, managers and planners would not spend a lot of time manually entering data," Perry said. Data from EAM tools and sensors can be automatically integrated with selected CMMS systems to simplify the process. Although EAM and CMMS both provide industrial maintenance functions, CMMS usually does not have the same extensive functions as EAM.
The EAM Internet of Things provides sensor data for the cloud, which can be analyzed to create more in-depth data analysis for EAM. Sensors measure temperature, pressure, flow, vibration, voltage, or current at different points on an asset, said Kevin Price, a technology product communicator and strategist at Infor.
However, sensors may also transmit the geographic location of mobile assets or anomalies captured in asset embedded software. "No matter what is measured, this information can be processed and stored in an environment that allows more in-depth data analysis," Price said. Biller said that the EAM system combined with the powerful functions of IoT data from people, sensors and devices can provide asset warnings, reduce unplanned downtime and improve operational efficiency. "Connecting equipment, advanced analytics and artificial intelligence are changing the way maintenance is done." With these data, EAM can achieve near real-time visibility of asset usage across multiple sites, extend the life of equipment, increase return on assets, and postpone new buy.
According to Price, assets can be huge and complex structures, as large as entire factories or railways, containing tens of thousands of sensors. For example, he said that the Internet of Things and EAM will play an important role in the development of smart cities, which monitor the conditions of critical infrastructure, including bridges, streets, water and power systems. By integrating EAM solutions into the Internet of Things, the industry can optimize maintenance plans and inventory locations, monitor tool and equipment locations, track asset performance to provide proactive repair or replacement, and use energy more efficiently.
Matt, Senior Portfolio Marketing Manager, AVEVA Asset Performance Newton said that with the influx of smart sensors, mobile devices and IoT device data that industrial organizations now face, a simple EAM that automates basic maintenance tasks is no longer enough. Today's advanced EAM solutions have been developed to support the Internet of Things, and are fully scalable and configurable. "This allows the solution to easily meet everyone's business needs and decision chain- From field operators to senior management, ”Newton said. With mobile and web access capabilities, employees can be more capable of making informed decisions.“ In the era of the Internet of Things, it ’s not about open hardware that is easily integrated with existing and future investments EAM is essential. "
Scale As the company continues to move from traditional systems to modern EAM software, the EAM market size is expected to grow. According to Jerry, senior consultant of IFS Asset and Service Management According to Browning, there are currently a large number of indigenous legacy systems and outdated CMMS systems being replaced. Compared with modern object-oriented applications, some of these systems are file-based. "These old file-based systems and even most CMMS systems have no rules for your data, and there is no built-in way for asset management costs to flow directly into the general ledger," Browning said. Modern EAM solutions allow users to write objects, job types, and department information to encode all transactions without human intervention.
According to Biller, the EAM market measured by analysts is growing steadily, but there are areas where there is accelerated growth. This includes SaaS / Cloud solutions market, its growth rate reached double digits. There are several regions near the traditional EAM market that are growing. Biller provides, "For example, customers are leveraging the IoT technology of existing EAM solutions to build asset performance management (APM) and asset investment planning capabilities- Go beyond traditional maintenance and core operations. " Price also believes that the EAM market will grow, and he believes that as new solutions develop and mature, including the Internet of Things, artificial intelligence, machine learning, and drones, it will grow with it. "Ultimately, the future of EAM will be driven by the exchange of information between equipment, components and people," he explained. As more information is passed into the system from other locations, more people can access the information in new ways.
How can we make a way out of this difficult time, I believe everyone has the answer, that is, online business. Next, I will use two industries to take advantage of online operations as an example.
1. Education and Training Industry
Some time ago, a friend told me that I had just resigned from a training institution, saying that because the epidemic was delayed and did not start school, there was no income, and I could only hold a basic salary of more than 1,000 yuan. Yes, with repeated delays in the start of school, enrollment has also become a difficult task, so how to achieve online operations? First of all, each educational institution needs to have its own program. Institutional teachers can take classes in their own programs through live broadcast and recording, which not only facilitates students but also teachers, and no longer needs to worry about appointments At the same time, if students have questions that they do not understand, they can also consult teachers online to discuss. In this way, you don't have to worry about enrollment even if you don't leave home.
2. The fitness industry
The fitness industry is also a victim of the impact of this epidemic, and even recently saw a more hot topic "fitness coaches go to takeaway because they have no income." How can we realize the profit in this period of non-business, the editor summarizes the following points:
First, move the store online through a small program, occupying more paths to reach consumers, and fulfilling customers' needs for online card purchases, booking courses, and participating in activities;
Second, members can book courses online, or have one-on-one lessons with private teachers online
Third, the social fission function of the small program (many times go to the gym with friends, the gym industry is more prominent and more dependent on activities) regardless of the extreme heat and cold winter, fitness membership consultants are promoting on the street day after day, they are for the fitness industry Has made a huge contribution to the development of, but with the development of the times and the arrival of small programs, it can help the fitness industry to multi-channel new customers faster, save costs, improve efficiency, and adapt to network changes.
In summary, online operations are not only able to play a role in special periods, they will bring great convenience to merchants and customers in the future. Online operation is bound to become a trend. If merchants want to survive in this fiercely competitive market, they need to find the right way to continue.
Article 2 If key information infrastructure operators (hereinafter referred to as operators) purchase network products and services that affect or may affect national security, they shall conduct network security reviews in accordance with these Measures.
Article 3 Cybersecurity review adheres to the combination of preventing cybersecurity risks and promoting the application of advanced technologies, the combination of fair and transparent processes and intellectual property protection, the combination of pre-examination and continuous supervision, the combination of corporate commitment and social supervision, and the safety of products and services. Review the aspects of sex and possible national security risks.
Article 4 Under the leadership of the Central Network Security and Information Technology Commission, the National Internet Information Office, together with the National Development and Reform Commission of the People ’s Republic of China, the Ministry of Industry and Information Technology of the People ’s Republic of China, the Ministry of Public Security of the People ’s Republic of China, and the Ministry of National Security of the People ’s Republic of China, The Ministry of Finance of the People ’s Republic of China, the Ministry of Commerce of the People ’s Republic of China, the People ’s Bank of China, the State Administration of Market Supervision and Administration, the State Administration of Radio and Television, the State Secrets Administration, and the State Encryption Administration have established a national cybersecurity review mechanism.
The Cyber Security Review Office is located at the National Internet Information Office, and is responsible for formulating the relevant regulations and standards for cyber security review and organizing cyber security review.
Article 5 If an operator purchases network products and services, it shall anticipate the national security risks that the products and services may bring after they are put into use. If it affects or may affect the national security, it shall file a cyber security review with the cyber security review office.
The key information infrastructure protection department may formulate pre-judgment guidelines for this industry and this field.
Article 6 For procurement activities applying for cyber security review, the operator shall request the product and service providers to cooperate with the cyber security review through procurement documents, agreements, etc., including the commitment not to use the convenience of providing products and services to illegally obtain user data and illegal control And operating user equipment without interrupting product supply or necessary technical support services without justifiable reasons.
Article 7 Operators should submit the following materials when applying for cyber security review:
(1) Declaration form;
(2) Analysis report on the impact or possible impact on national security;
(3) Procurement documents, agreements, contracts to be signed, etc .;
(4) Other materials needed for network security review.
Article 8 The network security review office shall determine whether review is required and notify the operator in writing within 10 working days after receiving the review application materials.
Article 9 The network security review focuses on assessing the possible national security risks brought by the purchase of network products and services, mainly considering the following factors:
(1) The risk of key information infrastructure brought about by the use of products and services being illegally controlled, subject to interference or destruction, and the theft, leakage, or damage of important data;
(2) The disruption of the supply of products and services to the business continuity of critical information infrastructure;
(3) The safety, openness, transparency, diversity of sources, reliability of supply channels, and the risk of supply disruption due to political, diplomatic, and trade factors;
(4) Product and service providers' compliance with Chinese laws, administrative regulations, and departmental regulations;
(5) Other factors that may jeopardize the security of critical information infrastructure and national security.
Article 10 If the Cyber Security Review Office deems it necessary to conduct a cyber security review, it shall complete the preliminary review within 30 working days from the date of written notification to the operator, including forming the review conclusion recommendations and sending the review conclusion recommendations to the cyber security review work The member units of the mechanism and relevant key information infrastructure protection departments solicit opinions; if the situation is complicated, it can be extended for 15 working days.
Article 11 The member units of the network security review mechanism and relevant key information infrastructure protection departments shall reply in writing within 15 working days from the date of receipt of the review conclusion recommendations.
If the members of the network security review mechanism and the relevant key information infrastructure protection departments agree, the network security review office will notify the operator of the review conclusion in writing; if the opinions are not consistent, the special review procedure will be followed and the operator will be notified.
Article 12 In case of handling in accordance with the special review procedure, the Cyber Security Review Office shall listen to the opinions of relevant departments and units, conduct in-depth analysis and evaluation, form the review conclusion and recommendations again, and solicit the member units of the cyber security review mechanism and relevant key information infrastructure protection The opinions of the working department shall be reported to the Central Cyber Security and Informatization Committee for approval in accordance with the procedure, and a review conclusion shall be formed and the operator shall be notified in writing.
Article 13 Generally, the special review procedure should be completed within 45 working days. If the situation is complicated, it can be extended appropriately.
Article 14 If the Cyber Security Review Office requests supplementary materials, operators, product and service providers shall cooperate. The time for submitting supplementary materials is not included in the review time.
Article 15: Network products and services that are considered by the member units of the network security review mechanism as affecting or likely to affect national security shall be reviewed by the Cyber Security Review Office in accordance with the procedures and submitted to the Central Cyber Security and Informatization Committee for review, in accordance with these Measures.
Article 16 Relevant agencies and personnel involved in cybersecurity review shall strictly protect the business secrets and intellectual property rights of the enterprise, and shall keep confidential the undisclosed materials submitted by operators, product and service providers, and other undisclosed information learned during the review Obligations; without the consent of the information provider, it may not be disclosed to unrelated parties or used for purposes other than review.
Article 17 Operators or network product and service providers who believe that the reviewers are not objective and fair, or fail to undertake confidentiality obligations for the information learned in the review work, may report to the network security review office or relevant departments.
Article 18 The operator shall urge the product and service providers to fulfill the commitments made in the cybersecurity review. The Cyber Security Review Office strengthens supervision before and after the event by accepting reports and other forms.
Article 19 Operators who violate the provisions of these Measures shall be dealt with in accordance with the provisions of Article 65 of the "Network Security Law of the People's Republic of China".
Article 20 The key information infrastructure operator in these measures refers to the operator identified by the key information infrastructure protection department.。
The network products and services mentioned in these Measures mainly refer to core network equipment, high-performance computers and servers, mass storage equipment, large databases and application software, network security equipment, cloud computing services, and other important impacts on the security of critical information infrastructure Network products and services.
Article 21 If it involves state secret information, it shall be carried out in accordance with the relevant state secrecy regulations.
Article 22 These Measures shall be implemented as of June 1, 2020, and the Measures for the Safety Review of Network Products and Services (Trial) shall be repealed at the same time.
* Source of this article: Net Letter China, please indicate the original sourceRead the original
Corsight said the financing will be used for product marketing and subsequent development.
The face recognition system provided by Corsight can process camera images and solve the problem of face recognition caused by many people wearing masks during the epidemic. For example, this technology can be used to warn people who violate the isolation regulations and wear masks without permission. In addition, if someone in an organization is found to be infected with the new coronavirus, then the system can quickly generate a close contact report.
The company said it has deployed permanent systems in airports and hospitals in Europe, cities in Asia, police stations and border crossings in South America, and mines and banks in Africa.
Corsight was founded at the end of 2019 and currently has 15 employees. It is a subsidiary of the Cortica Group. Cortica Group has completed $ 70 million in financing to develop artificial intelligence technology.
Source: Sina TechnologyRead the original
Ao Li, director of the Institute of Technology and Standards of the China Information and Communication Research Institute, said: "During the epidemic period, the key supporting role of broadband networks for social and economic operations and people's production and life has become more prominent, and it has also caused the frequency of use and demand of the network to surge It poses a huge challenge to the network's support capacity. "
To alleviate network congestion, the EU calls on major video sites to temporarily reduce the picture quality of European users in order to ensure the normal use of the network; a broadband professional analysis website has detected that during the severe epidemic, the network download rate in 88 cities across the United States has declined significantly.
According to the monitoring data of China's Broadband Development Alliance, in the first quarter of 2020, in the face of the explosive network traffic growth of 1.4 billion people living in isolation, although the growth rate of China's fixed and mobile broadband download rates slowed down, it remained stable overall.
Although home isolation has brought explosive growth in network traffic, the consumer experience of netizens in China has not been compromised.
"Rome was not built in a day." Wen Ku said, "Without the leaps and bounds of network development in recent years, the lives of ordinary people during the epidemic could not be so rich. Tens of millions of enterprises and institutions, home online offices, involved hundreds of millions of students The 'no-stop non-stop' will be difficult to proceed smoothly. "
According to data from the Ministry of Industry and Information Technology, China's fixed broadband users have exceeded 450 million, and the penetration rate of fixed broadband households has exceeded 91%; mobile broadband (3G / 4G / 5G) users have exceeded 1.3 billion.
The penetration rate of mobile broadband users exceeds 95%, and the proportion of broadband for administrative villages exceeds 98%.
This article is reproduced from: Science and Technology DailyRead the original
Some places report health information through Alipay, WeChat, etc., and the big data in the background analyzes and approves the applicants in many ways, and automatically generates personal health codes. Some companies have developed mini-programs, posted QR codes at prominent locations at the entrances of industrial parks, and scanned them with their mobile phones before they can enter the epidemic prevention and control mini-programs. Once an epidemic occurs, it can be traced back to employee information as soon as possible.
The "combination punch" supported by big data can make all work arrangements more precise and effective, and coordinate the prevention and control of epidemic situation and economic and social development. The construction of Internet infrastructure and the popularization of mobile phones make almost everyone ’s behavior leave data on the mobile Internet, which provides the possibility of timely, effective and accurate dynamic management, helps to scientifically classify the risk level of the epidemic, and better Divisional classification and classification, coordinating the "two-handed grasp" to achieve "double victory".
The "combination punch" that can be supported by big data can help to resume production as soon as possible. With the exception of Hubei, all regions are now focusing on smoothing the flow of people, logistics, and supply chain, simplifying resumption of work procedures, and making every effort to provide convenience for enterprises to resume production. Using big data can achieve from strict closed management to control key people, let go of healthy people, thereby providing scientific support for resuming production and restoring normal economic and social order. In addition, big data can also change traditional management methods, making work more convenient and labor-saving. Use big data to enable efficient and accurate management, no longer need to spend a lot of energy on filling out forms, and do not need to spend a lot of manpower to engage in human tactics. The time and energy saved can be more focused on comprehensive research and overall planning.
Of course, the "combination punch" supported by big data should also pay attention to the connection and sharing of data, and cannot form a "data island." This requires relevant departments to do some research on data sharing and come up with methods. The development of technology has prepared favorable conditions for us to change the governance method. The key is to see whether it will be used and how to use it. This is also a test of the governance capabilities of various departments in various regions. At present, after arduous efforts, the situation of epidemic prevention and control has undergone positive changes, but it cannot be paralyzed and relaxed. Neither the rebound of the epidemic caused by the return to work nor the economic development caused by the prevention and control of the epidemic requires us to strictly implement the requirements of the central government, classify according to law, and rely on scientific and technological means to work hard on "precision".
It should be pointed out that the "combination punch" supported by big data can not only accurately implement strategies, lay the foundation for winning the epidemic prevention and control and blocking the war, and achieving the established economic and social development goals, but also provide good ideas for new social governance . In every crisis, new opportunities and new developments are born. In the process of combating the epidemic and restoring economic and social order, a new trend of accelerated digitalization has emerged, and digital communities and digital parks have emerged. The framework of digital governance is beginning to emerge. Let us seize the opportunity to turn crises into opportunities, so that our governance level can catch up with the new technology express, take the modern new track, and move towards a better tomorrow.
This article is reproduced from the Economic DailyRead the original
Targeted user base
WeChat Mini Program: for all WeChat users, with more than 800 million monthly active users and 570 million daily accounts;
APP: for all smartphone users, about 2 billion units;
WeChat Mini Program: limited to the functions provided by the WeChat platform;
APP: complete functions can be realized;
Download and install
WeChat Mini Program: You can get it through WeChat scan code, mini program search, chat sharing between friends
APP: Download and install from major application stores
About memory usage
WeChat Mini Program: No installation required, shared WeChat memory, almost negligible
APP: Installed in the memory of the mobile phone, the more accumulated memory space is used, the more apps may cause insufficient memory of the mobile phone;
WeChat Mini Program: Blue Ocean Market, you can seek many good opportunities in new usage scenarios;
App: The market is basically saturated, almost all fields have been covered;
WeChat Mini Program：One development, multi-terminal adaptation;
App：Need to adapt to various mainstream mobile phones, the development cost is large;
WeChat Mini Program：The average development cycle is about 2 weeks；
App：The average development cycle of a perfect dual platform App is about 2 months;
WeChat Mini Program：Submit to WeChat public platform for review and cloud push;
App：Submitting review to more than a dozen application stores, and the materials required by each application store are different, very cumbersome.
The above are some of the differences summarized by the editor. I hope it can help major companies and merchants make good choices.
1. What is the current market situation of the applet? What about the future development trend?
2. Does the company need / is suitable for small programs?
3. How to make money through applets?
The editor compiled the following points and hopes to help everyone
First of all, it is necessary to position the industry. Which industry does the enterprise belong to? Are there any similar small programs in this industry? If so, what is the current market situation of the applet. If not, creating a new mini-program in this industry does not meet market demand, does not comply with the official regulations of mini-programs, and does not comply with national policies. Each detail question determines whether it is really necessary to make a small program.
Enterprises make a small program, need to consider the user's use scenarios. Under what kind of scenarios the user will use to change the program. What is the frequency of use, duration of use, and viscosity of use? Are there any specific requirements and concerns when using it? Do you need other people to cooperate? What is the mood when using it? Before doing this, you should think clearly about these issues.
For users, small programs made by enterprises are not easy to use and disseminate. What are the ways and means of dissemination? What are the benefits for users to spread without cost? In fact, a small program can solve the special problems of a specific group, then this small program can form a good resonance in the group, if there is an appropriate point, it will form an outbreak.
It is also important that whether users use the applet will form a behavior habit, is it necessary to use it every day? Or when the user wants to solve a certain problem, it can happen that the applet can solve this problem. If you can, it proves that this small program needs to be developed.
In general, before an enterprise makes a small program, it is still necessary to think about some specific issues, such as: the positioning of the small program, the use scenario of the small program, the function and interface style of the small program, the use habits of the small program, The creativity and promotion of small programs and so on.
Supported by huge traffic pool, strong social attributes, easy to spread
The applet is attached to WeChat, a huge user traffic platform, and has a natural advantage in social distribution. Many users contact the applet through other people ’s sharing, private chat or Obtained by the fission method, we can see that applets such as Pinduoduo, Meituan takeaway, and Ctrip ticket grabbing are some applets that users often share in WeChat groups or daily chats with friends. The powerful social attributes of applets help many companies achieve low-cost user growth。
Lightweight, no installation, almost no memory, easy to open, easy to use and easy to close
The applet is attached to WeChat, a huge user traffic platform, and has a natural advantage in social distribution. Many users contact the applet through other people ’s sharing, private chat or Obtained by the fission method, we can see that applets such as Pinduoduo, Meituan takeaway, and Ctrip ticket grabbing are some applets that users often share in WeChat groups or daily chats with friends. The powerful social attributes of applets help many companies achieve low-cost user growth.
For small and medium-sized enterprises, the emergence of small programs has given them the opportunity to operate small “APPs”. The development cost and difficulty of development are relatively low. Making small programs has become the preferred option for many small and medium-sized enterprises that do not have the ability to develop APPs.
Scene connection, expansion and reconstruction
The emergence of small programs has achieved a business model of online and offline integration. When going offline, customers can scan the small program code in the offline store to get an overview of the products and services in the offline store, and then place an order to purchase; while online, customers can also buy goods through the small program Or services, and then receive the goods by express delivery.
Operating applets helps merchants face the entire WeChat ecosystem, expands consumption scenarios, increases the contact between merchants and customers, and improves customer stickiness. In addition, for offline stores, the launch of applets also changes their stores' operating hours It gets longer. The small program uses the small program code as the entrance, and the six major access channels such as offline code scanning, WeChat search, and public account: RJET association, friend recommendation, historical records, and nearby stores have reconstructed the consumption scenario and greatly released The potential of consumers.
Conducive to precision marketing
The applet can help merchants to accurately market by collecting data such as the user ’s consumption age and consumption habits. At the same time, it can use social networking in WeChat to complete activities such as powder sucking, promotion, and order-free through social and social fission Mutual assistance to help achieve the purpose of profitability for businessmen.
The list was posted on a popular hacker forum, which included the IP address of each device, as well as the username and password of the Telnet service, which is a remote access protocol that can be used to control devices through the Internet.
According to the experts ZDNet spoke with this week and the leakers themselves, the list was compiled by scanning the entire Internet to find devices that exposed its Telnet port. Then, the hacker tries to use (1) the factory-set default username and password, or (2) a custom but easy-to-guess password combination.
These types of lists (called "robot lists") are common components of IoT botnet operations. Hackers scan the Internet to build roamer lists, then use them to connect devices and install malware.
These lists are usually private, although some lists have been leaked online in the past, such as the list of 33,000 Telnet credentials that were leaked in August 2017. To our knowledge, this is the largest Telnet password leak known to date.
Data leaked by DDOS service operators;
According to ZDNet, the list is published online by the maintainer of the DDoS lease (DDoS bootloader) service.
When asked why he released such a huge list of "robots," the leaker said he upgraded DDoS services from work on top of IoT botnets to a new model of relying on renting high-output servers from cloud service providers.
All lists leaked by hackers are dated from October to November 2019. Some of these devices may now run on different IP addresses or use different login credentials.
ZDNet does not use any combination of user name and password to access any device, because it is illegal, so we cannot tell that many of the credentials are still valid.
By using IoT search engines such as BinaryEdge and Shodan, ZDNet can identify devices all over the world. Some devices are on the network of known Internet service providers (indicating that they are home routers or IoT devices), while others are on the network of major cloud service providers.
The danger remains
An IoT security expert (want to remain anonymous) told ZDNet that even if some items in the list are no longer valid because the device may have changed their IP address or password, the list is still very useful for skilled attackers.
Misconfigured devices are not evenly distributed on the Internet, but because ISP employees will misconfigure them when deploying them to their respective customer bases, they are usually clustered on an ISP's network.
An attacker may use the IP addresses included in the list, determine the service provider, and then rescan the ISP's network to update the list with the latest IP address.
Drones have moved from the military field to industrial production and people's daily lives. Gartner ’s latest forecast indicates that by 2020, companies will deploy drones more frequently. Global IoT enterprise drone shipments will reach 526,000, an increase of 50% over 2019. It is estimated that by 2023, global shipments will reach 1.3 million.
Behind technological development and convenient service are safety considerations. The manufacturing cost of unmanned aerial vehicles has been continuously reduced, and the number of production has also increased dramatically. However, the security problems faced by drones are also increasing. In 2016, at the "315" party, the case of hackers using wireless communication security vulnerabilities to hijack drones caused heated discussion. Manage and operate the drone through applications on users' mobile phones, computers and other devices, such as transmitting video, images and other data. Using wireless, wifi, GPS for network hijacking, these will pose a security threat to the drone, data theft, forced landing, lost contact, malicious attacks, etc., the consequences are very serious.
The "drone threat theory" advocated by the United States in the past two years is directed at China. Among them, the use of drones to steal transmission data is also mentioned as a potential threat to information infrastructure. This shows that the security threats of drones range from national politics to social life. Paying attention to the safety risks of UAVs and a series of derivative hazards is a prerequisite for people to avoid risks and propose solutions.
UAV system is mainly composed of three parts, including UAV, ground station and communication link to transmit information. Among them, the UAV part includes the power system, the main controller, the communication link module, the sensor, and the task execution unit. The ground station part contains remote controller, intelligent terminal and communication link module. Control commands are transmitted to the UAV through the ground station, and the data collected by the UAV and its operation data will also be transmitted to the ground station. The communication link part includes the communication link between the UAV and the ground station, the satellite communication link, and the UAV to UAV communication link.
The security threats faced by UAV systems are directed at different components, and the types of threats suffered are also different. Threats to ground stations include software vulnerabilities, viruses, malware, Trojan horses, keyloggers, etc. Security threats to communication links between system components include password cracking, identity spoofing, cross-layer attacks, and multi-protocol attacks. At present, attacks from the four aspects of UAV sensors, communications, software and networks are relatively common.
On the UAV, the main controller issues corresponding commands to the power system based on the data collected by various sensors to maintain the normal flight of the UAV. If the information collected by the sensor is incorrect, the flight safety of the UAV Will be affected or even crashed. At present, there are two attack methods for UAV sensors, including ultrasonic interference gyro and GPS spoofing.
Under the guidance and control of the ground station, the UAV can complete the flight mission, and the control command and data interaction between the UAV and the ground station rely on the communication link. The threats to its communications are network monitoring, spoofing attacks, denial of service attacks, and signal interference. For the connection between the drone and the smart device, the drone will establish a WIFI hotspot, and the smart device can communicate with the drone by connecting the hotspot. Using a tool to evaluate the security of the WIFI network can attack the WIFI link, leak images and videos of the drone, and even capture the drone. In addition, there are other attack methods, such as radio remote control signal spoofing and ADS-B information attack.
The drone's flight control software cooperates with sensors and management equipment to enable the drone to fly autonomously. However, most flight control systems have certain software security vulnerabilities on the control side, and these vulnerabilities are easily exploited by hackers. For example, the Maldrone drone software vulnerability is an attack program that can be used by hackers. After the intrusion network is connected to the drone, a backdoor program is installed on the control end, and the program is used to monitor the data collection of the drone sensor or perform remote control. Zigbee chip threats, keyboard Trojan threats, etc. are also means of attack against drone software.
In certain scenarios, drones need multiple machines to perform tasks collaboratively, and it is crucial to build an information connection channel between drones, ultimately forming an Adhoc network for drones. UAV Adhoc network is a subcategory of mobile Adhoc network. The main security threats faced are wormhole attack, Rushing attack, joint attack, Sybil attack, denial of service attack and eavesdropping attack. Each mobile node composed of drones is basically in an open environment and has a unique dynamic topology, which makes it easy to be attacked. If a malicious node releases false information after being attacked, other nodes may also spread unconsciously. This shows that UAV network security is very fragile.
As mentioned earlier, the use of unmanned aerial vehicle vulnerabilities or network attacks can cause data leakage, drone hijacking and other hazards. However, its security threats are much more than that. For example, if a falling event occurs during the flight of the UAV itself, it will cause damage to people and property; the "black flight" and "flight flying" behavior of the UAV will once break into the no-fly zone, such as airports, military bases, Nuclear power plants, etc., can disrupt order, cause chaos, leak state secrets, etc .; drones "peep" at residents, invading residents' privacy, and other hazards. What's more, they use drones to carry dangerous devices, hit buildings, and carry out assassinations. All of these drone security risks can be carried out using cyber attacks. Information acquisition and hijacking manipulation are factors that people cannot ignore when considering drone network security protection.
The most common drone disrupting social order is the drone harassment incident. According to statistics, in the five years from 2014 to 2018, there were 36 reports of nearly collision accidents between drones and manned aircraft. The cases of airport flight delays caused by drones are even more numerous. In 2018, there were almost 10 collision accidents, second only to 11 in 2015. In 2019, there have also been many incidents in China where UAVs have interfered, causing flights to return to the ground.
In addition, there have also been cases in France where two drones flew into a nuclear power plant, captured video, and collided with the nuclear power plant. Fortunately, they were found in time and shot down without serious consequences. But the harm of drones to the country's key infrastructure is self-evident. Once the person behind the drone uses the drone to carry an explosive device to hit a building or fly to a crowd, the consequences are obviously unimaginable.
Caused by cyber hijacking of drones "Random flying" is a risky one, which also reminds us to increase the airspace control of drones and reduce "black flying" and "random flying". In addition, attention should also be paid to cybersecurity regulations for drones. The U.S. Department of Justice recently updated its drone policy to replace the 2015 policy guidance. The new version of the policy "requires the assessment of cybersecurity risks of drones and the prevention of potential threats from the supply chain and the Ministry of Justice network." The policy also specifically mentions the information collected from cameras and sensors, and says it will weigh the government ’s interests with “potential violations and impact on privacy and civil liberties.” The update of U.S. drone law shows that UAV cyber security occupies an important position in future security risks, and it will become a trend to use the network to carry out drone attacks.
Security panic and technological development
After Japan no longer buys Huawei, it is suspected to continue to follow the pace of the United States and stop buying Chinese drones. In December 2019, the Japan Maritime Security Agency added a fee to replace the UAVs made in China with those made in other countries in the 2020 annual budget. The reason for increasing this budget is that the agency believes that the continued use of Chinese-made drones will risk the leakage of confidential information.
As early as 2017, the United States set off a wave of "drone threat theory", pointing directly at China. In May 2019, the US Department of Homeland Security also warned that Chinese drones can transmit flight data to manufacturers, which may be obtained by government departments. Therefore, drones are a potential risk for information infrastructure. DJI drones, which have been targeted by the United States, have repeatedly denied such unfounded allegations.
Under the guise of cybersecurity, the United States advocates the "drone threat theory." On the one hand, this is a political means of combating each other between countries. The importance of UAV network security is increasing day by day, exaggerating the security threats of Chinese drones and attacking China. Not only for Chinese drones, but for Huawei and Douyin's overseas version of TikTok.
On the other hand, the behavior of the United States and Japan also reflects a panic about the progress of China's drone technology. China's drone technology is developing rapidly. When we face doubts from other countries, we need not be afraid, we should be more Confident, I believe that the country's technology is booming, but at the same time, we must be alert to the risk of future drones becoming cyber-attack weapons. The application and challenges of drones in the future cyberspace will only be more complicated.
Unmanned aerial vehicle safety problems are not formed overnight. With the development of technology, safety problems will become more and more complicated. At the same time, it will also promote the development of other new things, such as the construction of low-altitude networks. Fan Bangkui, academician of the Chinese Academy of Engineering, said that for the UAV system, whether it is a handheld remote control, a mobile phone, a portable control station, a car station, or a fixed station, it is basically one station and one machine. However, the one-station, one-machine control method has many shortcomings such as high construction cost, tight frequency resources, limited control range, and difficulty in multi-machine collaboration. The demand for network-oriented drone control is very urgent. In the future, the drone is an intelligent terminal for aerial maneuvering. The altitude changes greatly, and the existing ground network cannot meet the demand. The drone industry calls for the emergence of a new type of low-altitude network. Comprehensive innovations in management and business types.
All in all, from the security fracture of the internal drone equipment itself to the context of the political environment, and the use of drone security threats between countries to carry out attacks, drone safety should be the focus of people's future attention. In terms of security, size sensor security, communication bus security, software security, self-organizing network security, etc., should all be included in the UAV security research, and be constantly improved to repair potential security vulnerabilities and reduce threats. The appearance of laws and regulations, in addition to the introduction of drone supervision regulations, should also strengthen the supervision and correction of network security. Some new UAV policies like the United States address the network security risks of drones.
This article is reproduced from FreeBuf.COM, author: Sandra1432， Read the original
Song Dongsheng, co-founder of Wyze, published a forum post during Christmas that said the incident was caused by an accidental exposure of an internal database to the Internet. Song said that the exposed database is an Elasticsearch system, not a production system. However, the server stores valid user data. The Elasticsearch server uses a technology that supports ultra-fast search queries to help the company classify large amounts of user data.
In response, Wyze executives explained:
To help manage Wyze's rapidly growing user base, we recently launched a new internal project to measure basic business indicators, such as device activation and connection failure rates. We copied some data from the main production server and put it in a more flexible database for easy query. When this new data sheet was originally created, the data sheet was safe. However, Wyze employees made an error when using this database on December 4th, resulting in the deletion of the previous security agreement for the data sheet. We are still investigating this incident to find out why and how it happened.
The server that leaked the data was discovered and recorded by network security consulting company Twelve Security, and confirmed by a reporter from IPVM (blog dedicated to video surveillance products).
Song expressed dissatisfaction with the ways in which both Twelve Security and IPVM handled data breaches. Before publicizing the results of the investigation, Wyze took only 14 minutes to solve the data leak problem.
A reporter from IPVM.com contacted us through a support ticket at 9:21 am on December 26. The information was quickly reported (posted to Twitter at 9:35 am). A blog post by a private security company was also published on December 26. We only learned from the community members of the article at about 10 am.
Song confirmed that the server exposed the customer's details, such as the customer email address used to create the Wyze account, the nickname user assigned to the Wyze security camera, the SSID identifier of the WiFi network, and the AlexaToken of 24,000 users. Can be connected to Alexa devices.
Wyze executives denied that the Wyze API login authorization was made public through the server. Twelve Security claimed in their blog post that they found the API Token, they said that these tokens can give hackers arbitrary access to the Wyze account of iOS or Android devices.
Second, Song also denied Twelve Security's claim that they were sending user data back to China's Alibaba Cloud server.
Third, Song also clarified that Twelve Security claims that Wyze is collecting customer health information. Wyze executives said they only collected the health data of 140 users who are currently beta testing the new smart scale products.
Song did not deny the details of height, weight and gender collected by Wyze. However, he did deny other collected information.
"We have never collected bone density and daily protein intake, and we have no scale to achieve that level." Wyze executives said.
For now, the three parties involved in the disclosure of the incident appear to be inconsistent in terms of some specific leaked details. In any case, Wyze has expressed its decision to force cancellation of all Wyze accounts. Unlike all third-party application integration, after the user has logged in again and reconnected the Alexa device to the Wyze account, a new Wyze can be generated API Token and Alexa Token.
This article is reproduced from FreeBuf.COM, author: Sandra1432, Read the original
GitHub stated in a press release, "The mission of the GitHub Security Lab is to inspire and empower the global security research community and protect the security of the global code. The team will lead by example and make every effort to find and report vulnerabilities in key open source projects.
The founding members of the security lab come from well-known organizations such as Microsoft, Google, Intel, Mozilla, Oracle, Uber, VMWare, LinkedIn, JP Morgan, NCC Group, IOActive, F5, Trail of Bits and HackerOne etc. GitHub stated that the founding members of the security lab have discovered, reported, and assisted in fixing more than 100 security vulnerabilities in open source projects.
Other organizations and personal safety researchers can also join. GitHub has also established a bug reward program with a maximum reward of $ 3,000 to compensate for the time invested by bug hunters in finding bugs in open source projects.
The vulnerability reward program requires that the vulnerability report submitted must include a CodeQL query. CodeQL is GitHub A new open source tool just launched, it is a semantic code analysis engine designed to find different versions of the same vulnerability in a large number of codes. In addition to the GitHub platform, CodeQL has been used in vulnerability code scanning activities on other platforms, such as Mozilla.
Broader plans to improve safety
GitHub's launch of the Security Lab project is not groundless. GitHub has been working to improve the overall security of the GitHub ecosystem. For example, GitHub Safety notices have been introduced for the past two years to warn project maintainers about dependencies that contain safety defects.
Earlier this year, GitHub began testing a feature that enables project authors to create "automated security updates." When GitHub When a security defect is detected from the project's dependency, the dependency will be automatically updated and a new version will be released on behalf of the project maintainer.
In 2019, the beta version of this feature has been open to testing for all projects, and from today onwards automatic security updates already exist and are rolled out to all active libraries that initiate security warning messages.
In addition, GitHub has recently become an authorized CVE number issuer, which means it can issue CVE numbers for vulnerabilities. This function has been added to the "Security Advice" service function. These are the items "IssuesTracker" Special entries, where security deficiencies are handled in private.
After the vulnerability is fixed, the project owner can issue a security bulletin, and GitHub will notify all upstream project owners who use the vulnerable version of the original maintainer's code. Before the security announcement, the project owner can also directly request and receive from GitHub CVE number。
Previously, due to the rigorous process, many project owners who hosted open source projects on GitHub were discouraged from applying for a CVE number. However, it is important to obtain the CVE number because these IDs And other details can be integrated into many other security tools that scan source code and project vulnerabilities, helping companies detect vulnerabilities that would otherwise be missed from the open source tools used.
In addition to the newly launched security lab, GitHub also launched the GitHub security bulletin database, which is used to collect all security bulletins that can be found on the platform, making it easier for everyone to track security vulnerabilities found in GitHub hosted projects.
Finally, GitHub also updated its own service for Token Scanning. It can scan API keys and tokens left inadvertently in the source code in user projects. The service was previously able to detect APIs for 20 services The token, and the format that the new version can detect adds four more vendors: GoCardless, HashiCorp, Postman, and Tencent Cloud.
This article is reproduced from FreeBuf.COM, author: Cian letter codes defender, Read the original
Why is ICS?
First, what is an industrial control system? It includes a variety of control systems used in industrial production, monitoring and data acquisition systems (SCADA), distributed control systems (DCS) and other smaller control systems, such as programmable logic controllers (PLC), which have been widely used In the industrial sector and critical infrastructure. It is because industrial control systems often involve important infrastructure in a city or country, such as electricity, gas, and running water. Once the "stroke", the consequences are very serious.
In 2015 and 2016, there were two grid power outages in Ukraine, which caused inestimable losses.
Australia installed radio-controlled sewage treatment equipment, but the pumping station malfunctioned due to the use of laptop computers and radio transmitters by the former employees of the installation company, resulting in sewage overflow and damage to the waters, and a large number of marine life was killed.
It can be said that the industrial control system moves the whole body at once, and with the increasingly fierce security confrontation in cyberspace, the critical infrastructure becomes the main target of the attackers, and the industrial control security problem becomes more serious. In the existing ATT & CK framework for enterprise systems, some of them are indeed applicable to industrial control systems, but their completeness and pertinence are not high. Therefore, organize ATT & CK The for ICS knowledge base is indeed a top priority.
ATT＆CK for ICS
It is understood that more than 100 participants from 39 organizations have participated in the survey, for ATT & CK for The establishment of the ICS knowledge base provided assistance. These include network intelligence and security companies specializing in ICS, industrial product manufacturers, national laboratories, research institutions, universities, information sharing and analysis centers, and government agencies that support public and private key infrastructure.
Currently, the ATT & Ck for ICS knowledge base covers ATT & Ck for The four dimensions of ICS technology framework, software used by ICS threat actors, threat groups and assets. MITER has listed 10 threat groups, 81 attack techniques, 17 malware families and 7 assets.
It can be said that ATT & CK for The establishment area of ICS distinguishes ICS invasion from ordinary enterprise IT invasion. The first goal is to attack the attacker by attacking the industrial control system to disrupt the industrial control process, destroy property or cause temporary / permanent injury or death to humans. Secondly, because the ICS system operator needs to keep the system in a safe working state 24/7, and is the main target of the attacker. Therefore, in this knowledge base, the characteristics of specialized applications and protocols commonly used by ICS system operators are emphasized, and opponents use these characteristics to interact with physical devices.
As the core of the entire knowledge base, ATT & CK for ICS technical framework provides an overview of TTP related to threat participants who have attacked ICS systems.
Establishing a targeted standard language not only allows asset owners and maintainers to understand the means and techniques of adversaries attacking industrial control systems, to improve their defense capabilities, to report incidents to security practitioners, to develop incident response manuals, to determine The priority of defense and the discovery of vulnerabilities are also important.
This article is reproduced from FreeBuf.COM, author: kirazhou,Read the original
Address: No. 170, Lihua Middle Road, Jili Street, Liuyang City, Changsha City, Hunan Province
Address: Hongyi Industrial Park, High-tech Zone, Liuyang City, Changsha City, Hunan Province
Address: 3rd Floor, Building 5, Dingfeng Building Materials City, Jili Street, Liuyang City, Changsha City, Hunan Province
Liuyang Renjie Electronic Technology Co., Ltd. All Rights Reserved
RJET Official Weibo：RJET
RJET Official Tik Tok：rjet