Java9 – new features

  • More Module System, e.g.  self-describing collection of code and data
    • Using jlink, to introduce a new optional phase, link time, which is in-between compile time and run time, during which a set of modules can be assembled and optimized into a custom runtime image
    • The modular JAR file with module-info.class file in its root directory.
    • Using jmod tool, the New JMOD format can be created. (new packaging format similar to JAR)
  • New version schema ($MAJOR.$MINOR.$SECURITY.$PATCH)
  • java shell: jshell
  • Compile for old java version (6 – java6)
    javac -source 6 -target 6 HelloWorld.java
  • More Diagnostic Commands: jcmd (jcmd pid help command)
  • Multi-Release JAR Files: Extends the JAR file format to enable multiple, Java release-specific versions of class files to coexist in a single archive
  • Removes the hprof, jhat from the JDK
  • More Security: DTLS, TLS,  disable X.509 certificate chains with SHA-1-based signatures,  PKCS12 keystores by default, SHA-3 cryptographic hash functions
  • The Garbage-First Garbage Collector (G1 GC) is the default garbage collector in JDK 9.
  • JavaDB, which was a rebranding of Apache Derby, isn’t included in JDK 9.
  • The launchers java-rmi.exe from Windows and java-rmi.cgi from Linux and Solaris have been removed.
  • In JDK 9, the Windows 32–bit client VM is not available. Only a server VM is offered.
  • Java VisualVM isn’t bundled with JDK 9.
  • The AppleScript engine is removed in JDK 9.

Windows Registry Key Changes

The Java 9 installer creates these Windows registry keys when installing the JRE:

  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\JRE”
  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\JRE\9”

The Java 8u152 installer creates these Windows registry keys when installing the JRE:

  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment”
  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8”
  • “HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Runtime Environment\1.8.0_152”
Advertisements

Dirty Cow – CVE-2016-5195

One vulnerability in the Linux kernel

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

Centos/Redhat affected versions: 5/6/7

Detail:

https://access.redhat.com/security/vulnerabilities/DirtyCow

Script to check the vulnerability: https://access.redhat.com/sites/default/files/rh-cve-2016-5195_5.sh

How to test apple pay transactions

Apple Pay –  mobile payment technology

apple pay testing

Testing Apple Pay Transactions

Use the Apple Pay Sandbox environment to test your transactions with test payment cards.

  1. In iTunes Connect, create a test account. This account works for both App Store and Apple Pay testing.

  2. On a valid test device, log into iCloud using the test account.

  3. In the Wallet app, add a new card using manual entry.

Logging in and out of your iCloud account removes your cards.

Tips: Don’t forget to enable the Apple Pay capabilities in Xcode.

More details: https://developer.apple.com/