Thursday, August 31, 2017

Failed to Catch Snorlax


Failed to Catch Snorlax




- Pic from Internet

- wong chee tat :)

Praise the Lord!




Praise the Lord!




- Pic from Internet


- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Wednesday, August 30, 2017

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Tuesday, August 29, 2017

Tired



Tired



- Pic from Internet


- wong chee tat :)

Aug 2017 Singapore Savings Bonds - GX17090X

Issuance details - GX17090X

Bond ID
GX17090X
Amount available
$150 million
Issue date
4 Sep 2017
Maturity date(1)
1 Sep 2027
Interest payment dates(1)
The 1st interest payment will be made on 
1 Mar 2018, and subsequently every six 
months on 1 Sep and 1 Mar every year.
Investment amounts
You can invest a minimum of $500, and in 
multiples of $500 up to $50,000 for this issue. 
The total amount of Savings Bonds held across 
all issues cannot be more than $100,000.
Application period
Opens: 6.00pm, 1 Aug 2017 
Closes: 9.00pm, 28 Aug 2017 
Results: After 3.00pm, 29 Aug 2017
Keep track of the important dates with our 
Apply through
DBS/POSB, OCBC and UOB ATMs and Internet Banking, 
OCBC Mobile Application from 7.00am - 9.00pm, Mon - Sat, 
excluding Public Holidays. On 1 Aug 2017, these channels 
will be open from 6.00pm to 9.00pm. CPF and SRS 
funds are not eligible.


This bond will be reflected as "SBSEP17 GX17090X" in your CDP statement and "CDP-SBSEP17" in your bank statement.

Interest rates

Year from issue date
1
2
3
4
5
6
7
8
9
10
Interest, %
1.15
1.32
1.52
1.73
1.97
2.23
2.52
2.80
3.08
3.35
Average return per year, %*
1.15
1.23
1.33
1.43
1.53
1.64
1.76
1.88
2.00
2.12
* At the end of each year, on a compounded basis
Calculate the interest you will earn based on your desired investment amount using the Interest Calculator.
(1)If this day is not a business day, payment will be made on the next business day.

Got?

- wong chee tat :)

Smile




Smile


- Pic from Internet


- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Monday, August 28, 2017

Meow Monday!




Meow Monday!



- Pic from Internet


- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Sunday, August 27, 2017

家和萬事興 - 邱金蘭




家和萬事興 - 邱金蘭.

大乱!



- Pic from Internet


- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

8u141 Update Release Notes

8u141 Update Release Notes




Java™ SE Development Kit 8, Update 141 (JDK 8u141)

July 18, 2017
The full version string for this update release is 1.8.0_141-b15 (where "b" means "build"). The version number is 8u141.

IANA Data 2017b

JDK 8u141 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u141 are specified in the following table:
JRE Family VersionJRE Security Baseline
(Full Version String)
81.8.0_141-b15
71.7.0_151-b15
61.6.0_161-b13

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u141) will expire with the release of the next critical patch update scheduled for October 17, 2017.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u141) on November 17, 2017. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.



Known Issues


deploy/webstart
JAR file validation changes
After upgrading to the JDK July CPU release (8u141/7u151/6u161), when executing Java Webstart applications, customers may encounter an exception like
“java.lang.SecurityException: digest missing for …” that prevents the application from loading.

The issue is observed in signed JAR files whose manifest contains package version information[1] and does not have a trailing "/" in the name of the package (e.g.: Name:org/apache/xml/resolver). While we work towards resolving this issue, in the interim, users can work-around the issue as follows:

NOTE: We recommend use of this workaround only if the distributor of the JAR files can "re-sign" the JAR files.

1. Extract the contents of the signed JAR file (e.g.: jar xf jar-file ).
2. Modify META-INF/MANIFEST.MF file and add a trailing “/” to the name of the package ( e.g.: Name: org/apache/xml/resolver/).
3. Remove the current signature files ( e.g.: rm -f META-INF/*.SF META-INF/*.RSA META-INF/*.DSA ).
4. Recreate the JAR file ( e,g.: jar cfm jar-file META-INF/MANIFEST.MF input-file(s) ).

NOTE: You must use the jar utility. Other jar creation tools might re-introduce the issue.

5. Re-sign the JAR file.

[1]https://docs.oracle.com/javase/8/docs/technotes/guides/versioning/spec/versioning2.html#wp91706




Certificate Changes


New Let's Encrypt certificates added to root CAs
One new root certificate has been added:
ISRG Root X1 
alias: letsencryptisrgx1 
DN: CN=ISRG Root X1, O=Internet Security Research Group, C=US
JDK-8177539 (not public)



New Features


security-libs/java.security
Disable SHA-1 TLS Server Certificates
Any TLS server certificate chain containing a SHA-1 certificate (end-entity or intermediate CA) and anchored by a root CA certificate included by default in Oracle's JDK is now blocked by default. TLS Server certificate chains that are anchored by enterprise or private CAs are not affected. Only X.509 certificate chains that are validated by the PKIX implementation of the CertPathValidator andCertPathBuilder APIs and the SunX509 and PKIX implementations of theTrustManagerFactory API are subject to the restrictions. Third-party implementations of these APIs are directly responsible for enforcing their own restrictions.
To implement this restriction and provide more flexibility for configuring your own restrictions, additional features have been added to the jdk.certpath.disabledAlgorithms andjdk.jar.disabledAlgorithms Security Properties in the java.security file, as follows:
  • jdk.certpath.disabledAlgorithms:
    Three new constraints have been added to this Security Property:
    A new constraint named jdkCA, that when set, restricts the algorithm if it is used in a certificate chain that is anchored by a trust anchor that is pre-installed in the JDK cacerts keystore. This condition does not apply to certificate chains that are anchored by other certificates, including those that are subsequently added to the cacerts keystore. Also, note that the restriction does not apply to trust anchor certificates, since they are directly trusted.
    A new constraint named denyAfter, that when set, restricts the algorithm if it is used in a certificate chain after the specified date. The restriction does not apply to trust anchor certificates, since they are directly trusted. Also, code signing certificate chains as used in signed JARs are treated specially as follows:
    • if the certificate chain is used with a signed JAR that is not timestamped, it will be restricted after the specified date
    • if the certificate chain is used with a signed JAR that is timestamped, it will not be restricted if it is timestamped before the specified date. If the JAR is timestamped after the specified date, it will be restricted.
    A new constraint named usage, that when set, restricts the algorithm if it is used in a certificate chain for the specified use(s). Three usages are initially supported: TLSServer for TLS/SSL server certificate chains, TLSClient for TLS/SSL client certificate chains, andSignedJAR for certificate chains used with signed JARs.
Multiple constraints can be combined to constrain an algorithm when delimited by '&'. For example, to disable SHA-1 TLS Server certificate chains that are anchored by pre-installed root CAs, the constraint is "SHA1 jdkCA & usage TLSServer".
  • jdk.jar.disabledAlgorithms:
    A new constraint has been added named denyAfter, that when set, restricts the algorithm if it is used in a signed JAR after the specified date, as follows:
    • if the JAR is not timestamped, it will be restricted (treated as unsigned) after the specified date
    • if the JAR is timestamped, it will not be restricted if it is timestamped before the specified date. If the JAR is timestamped after the specified date, it will be restricted.
    For example, to restrict SHA1 in JAR files signed after January 1st 2018, add the following to the property: "SHA1 denyAfter 2018-01-01". The syntax is the same as the certpath property, however certificate checking will not be performed by this property.




Changes


core-svc/java.lang.management
JMX Diagnostic improvements
com.sun.management.HotSpotDiagnostic::dumpHeap API is modified to throwIllegalArgumentException if the supplied file name does not end with “.hprof” suffix. Existing applications which do not provide a file name ending with the “.hprof” extension will fail withIllegalArgumentException. In that case, applications can either choose to handle the exception or restore old behavior by setting system property 'jdk.management.heapdump.allowAnyFileSuffix' to true.
JDK-8176055 (not public)


security-libs/javax.net.ssl
Custom HostnameVerifier enables SNI extension
Earlier releases of JDK 8 Updates didn't always send the Server Name Indication (SNI) extension in the TLS ClientHello phase if a custom hostname verifier was used. This verifier is set via thesetHostnameVerifier(HostnameVerifier v) method in HttpsURLConnection. The fix ensures the Server Name is now sent in the ClientHello body.


xml/jax-ws
Tighter secure checks on processing WSDL files by wsimport tool
The wsimport tool has been changed to disallow DTDs in Web Service descriptions, specifically:
  • DOCTYPE declaration is disallowed in documents
  • External general entities are not included by default
  • External parameter entities are not included by default
  • External DTDs are completely ignored
To restore the previous behavior:
  • Set the System property com.sun.xml.internal.ws.disableXmlSecurity to true
  • Use the wsimport tool command line option –disableXmlSecurity
    NOTE: JDK 7 and JDK 6 support for this option in wsimport will be provided via a Patch release post July CPU
JDK-8182054 (not public)


Bug Fixes


This release contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see theJDK 8u141 Bug Fixes page.



- Link:

- wong chee tat :)