DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
IT

More Than Ever, Employees Want a Say in How Their Companies Are Run (qz.com) 161

Two readers share a report: While workers have traditionally looked to unions to address their grievances, a new generation is trusting in the power of petitions to force changes. At the Wall Street Journal, 160 reporters and editors, delivered a letter to their managers protesting the lack of women and minorities running the organization, Business Insider reported yesterday. "Nearly all the people at high levels at the paper deciding what we cover and how are white men," the letter read. IBM employees are circulating an online petition objecting to the tone of CEO Ginni Rometty's letter to US president Donald Trump, and calling on her affirm what they call the company's progressive values. [...] Other employee petitions call for Oracle to oppose US president Donald Trump's second travel ban, and to let men who work at US regional supermarket Publix grow beards. Employee petitions are now so popular there's a website, coworker.org, devoted to hosting them. In some cases, the campaigns work: Starbuck's relaxed its rules about visible tattoos and unnatural hair color for baristas after thousands signed petitions asking for a change. Sometimes, they fail disastrously. Interns at one (unnamed) company described in a blog about being fired en masse after signing a petition asking for a more relaxed dress code.
Oracle

Oracle Hires Global Specialists To Explore Feasibility of Buying Accenture 58

Paul Kunert writes in an exclusive report via The Register: Oracle has hired global specialists to explore the feasibility of buying multi-billion dollar consultancy Accenture, sources have told us. The database giant has engaged a team of consultants to conduct due diligence to "explore the synergies that could be created if they [Oracle] bought Accenture lock stock and barrel," one source claimed. On top of the financial considerations, the consultants are evaluating the pros and cons including the potential impact on Oracle's wider channel. "While these things have a habit of fizzling out there are some fairly serious players around the table," a contact added. Another claimed the process was at an early stage. "If buying Accenture was a 100 meter race, Oracle is at the 10 to 15 meter stage now." [T]his buy would be an immensely bold, complicated and pricey move: NYSE-listed Accenture has a market cap of $77.5 billion, and shareholders will expect a premium offer. A deal would dwarf Oracle's $10 billion buy of PeopleSoft, its $7.4 billion deal for Sun Microsystems, and more recently, the $9.3 billion splashed on Netsuite. In buying Accenture, Oracle would be taking a leaf out of the mid-noughties handbook - when HP fatefully bought EDS and IBM acquired PWC to carve out a brighter future.
Encryption

After 20 Years, OpenSSL Will Change To Apache License 2.0, Seeks Past Contributors (openssl.org) 107

After nearly 20 years and 31,000 commits, OpenSSL wants to change to Apache License v2.0. They're now tracking down all 400 contributors to sign new license agreements, a process expected to take several months. Slashdot reader rich_salz shares links to OpenSSL's official announcement (and their agreement-collecting web site). "This re-licensing activity will make OpenSSL, already the world's most widely-used FOSS encryption software, more convenient to incorporate in the widest possible range of free and open source software," said Mishi Choudhary, Legal Director of Software Freedom Law Center and counsel to OpenSSL. "OpenSSL's team has carefully prepared for this re-licensing, and their process will be an outstanding example of 'how to do it right.'"
Click through for some comments on the significance of this move from the Linux Foundation, Intel, and Oracle.
Programming

Douglas Crockford Envisions A Post-JavaScript World (infoworld.com) 300

JavaScript developer (and JSON proponent) Douglas Crockford recently described "a theoretical post-JavaScript World," according to InfoWorld. Crockford "believes the web development staple needs a successor that can fix multiple programming nuances." An anonymous reader summarizes their report: Despite its status as the world's most popular language, Crockford told an audience at the Oracle Code conference, "It would be sad if JavaScript turns out to be the last language." He complained that JavaScript has two different ways of declaring variables -- let and var -- as well as two different "bottom variables" with no value -- both null and undefined. "There's an argument among language designers, should we have bottom values at all? But there's nobody who thinks you should have two of them."

According to InfoWorld, Crockford "also presented a scenario with JavaScript being turned into a purely functional programming language by getting rid of 'impurities' like date, the delete operation, math.random and object.assign. Afterward, he stressed replacing JavaScript rather than adding functional capabilities to it... The next language also should be better able to deal with multiple cores. Most languages have followed the sequential model of Fortran, executing one operation after another, he said. 'That's not how the world works anymore. We now have lots of cores available to us, which all want to be running at the same time.'"

In other news, Crockford also proposed ending the "spaces vs. tabs" debate by simply eliminating tabs altogether.
Android

Oracle Refuses To Accept Android's 'Fair Use' Verdict, Files Appeal (wsj.com) 155

An anonymous reader quotes the Wall Street Journal: The seven-year legal battle between tech giants Google and Oracle just got new life. Oracle on Friday filed an appeal with the U.S. Court of Appeals for the Federal Circuit that seeks to overturn a federal jury's decision last year... The case has now gone through two federal trials and bounced around at appeals courts, including a brief stop at the U.S. Supreme Court. Oracle has sought as much as $9 billion in the case.

In the trial last year in San Francisco, the jury ruled Google's use of 11,000 lines of Java code was allowed under "fair use" provisions in federal copyright law. In Oracle's 155-page appeal on Friday, it called Google's "copying...classic unfair use" and said "Google reaped billions of dollars while leaving Oracle's Java business in tatters."

Oracle's brief also argues that "When a plagiarist takes the most recognizable portions of a novel and adapts them into a film, the plagiarist commits the 'classic' unfair use."
Government

97 Tech Companies Including Apple, Google, Microsoft Call Travel Ban Unlawful In Rare Coordinated Legal Action (washingtonpost.com) 626

An anonymous reader shares a WashingtonPost report: Silicon Valley is stepping up its confrontation with the Trump administration. On Sunday night, technology giants Apple, Facebook, Google, Microsoft, Netflix, Twitter, Uber and many others filed a legal brief opposing the administration's contentious entry ban. The move represents a rare coordinated action across a broad swath of the industry (Editor's note: the link could be paywalled; alternate source) -- 97 companies in total -- and demonstrates the depth of animosity toward the Trump ban. The amicus brief was filed with the U.S. Court of Appeals for the 9th Circuit, which is expected to rule within a few days on an appeal by the administration after a federal judge in Seattle issued late Friday a temporary restraining order putting the entry ban on hold. The brief comes at the end of a week of nationwide protests against the plan -- as well as a flurry of activity in Silicon Valley, a region that sees immigration as central to its identity as an innovation hub.From a TechCrunch report: Notably absent from the list of 97 companies are several who met with Trump prior to his inauguration: Amazon, Oracle, IBM, SpaceX and Tesla. Although Amazon CEO Jeff Bezos was highly critical of Trump prior to his election, he has not spoken out against the immigration policy. Oracle CEO Safra Catz is serving as an advisor to the Trump transition team, while SpaceX and Tesla CEO Elon Musk has defended his decision to remain on an advisory council for Trump.
Security

14,000 Domains Dropped Dyn's DNS Service After Mirai Attack (securityledger.com) 27

chicksdaddy New data suggests that some 14,500 web domains stopped using Dyn's Managed DNS service in the immediate aftermath of an October DDoS attack by the Mirai botnet. That's around 8% of the web domains using Dyn Managed DNS... "The data show that Dyn lost a pretty big chunk of their customer base because they were affected by (Mirai)," said Dan Dahlberg, a research scientist at BitSight Technologies in Cambridge, Massachusetts... BitSight, which provides security rating services for companies, analyzed a set of 178,000 domains that were hosted on Dyn's managed DNS infrastructure before and immediately after the October 21st attacks.
It's possible some of those domains later returned to Dyn -- and the number of actual customers may be smaller than the number of hosted domains. But in the end it may not have mattered much, since Dyn was acquired by Oracle the next month, and TechCrunch speculates that the deal had already been set in motion before the attack.

They also add that "Oracle, of course, is no stranger to breaches itself: in August it was found that hundreds of its own computer systems were breached."
Oracle

Oracle Effectively Doubles Licence Fees To Run Its Stuff in AWS (theregister.co.uk) 198

Oracle has changed the way it charges users to run its software in Amazon Web Services, effectively doubling the cost along the way. From a report: Big Red's previous licensing regime recognised that AWS's virtual CPUs were a single thread of a core that runs two threads. Each virtual CPU therefore counted as half a core. That's changed: Oracle's new cloud licensing policy says an AWS vCPU is now treated as a full core if hyperthreading is not enabled. A user hiring two AWS vCPUS therefore needs to pay full freight for both, effectively doubling the number of Oracle licences required to run Big Red inside AWS. And therefore doubling the cost as well. The new policy also says: "When counting Oracle Processor license requirements in Authorized Cloud Environments, the Oracle Processor Core Factor Table is not applicable." That table says Xeons cores count as half a licence. Making the Table inapplicable to the cloud again doubles the licence count required.
Oracle

Oracle Lays Off More Than 1,000 Employees (zdnet.com) 171

An anonymous reader writes: According to the Mercury News, Oracle is laying off approximately 450 employees in its Santa Clara hardware systems division. Reports at The Layoff, a discussion board for technology business firings, claim about 1,800 employees company-wide are being pink-slipped. Oracle claims the company isn't closing the Santa Clara facility with this reduction in force. Instead, "Oracle is refocusing its Hardware Systems business, and for that reason, has decided to lay off certain of its employees in the Hardware Systems Division."
Java

Oracle to Block JAR Files Signed with MD5 Starting In April (bleepingcomputer.com) 55

An anonymous reader quotes BleepingComputer: Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running. Oracle originally planned MD5's deprecation for the current Critical Patch Update, released this week, which included a whopping 270 security fixes, one of the biggest security updates to date. The company decided to give developers and companies more time to prepare and delayed MD5's deprecation for the release of Oracle Java SE 8u131 and the next Java CPU, scheduled for release in April...

Oracle removed MD5 as a default code signing option from Java SE 6, released in 2006. Despite this, there will be thousands of Java apps that will never be resigned. For this, Oracle will allow system administrators to set up custom deployment rule sets and exception site lists to allow Java applets and Java Web Start applications signed with MD5 to run. Sometimes in the second half of 2017, Oracle also plans to change the minimum key length for Diffie-Hellman algorithms to 1024 bits. These updates are part of Oracle's long-standing plan for changes to the security algorithms in the Oracle Java Runtime Environment and Java SE Development Kit.

Operating Systems

Oracle Scraps Plans For Solaris 12 (theregister.co.uk) 127

bobthesungeek76036 writes: According to The Register, Solaris 12 has been removed from Oracle roadmaps. This pretty much signals the demise of Solaris (as if we didn't already know that...) From the report: "The new blueprint -- dated January 13, 2017 -- omits any word of Solaris 12 that Oracle included in the same document's 2014 edition, instead mentioning 'Solaris 11.next' as due to debut during this year or the next complete with 'Cloud Deployment and Integration Enhancements.' At the time of writing, search engines produce no results for 'Solaris 11.next.' The Register has asked Oracle for more information. The roadmap also mentions a new generation of SPARC silicon in 2017, dubbed SPARC Next, and then in 2020 SPARC Next+. The speeds and capabilities mentioned in the 2017 document improve slightly on those mentioned in the 2014 roadmap.
Oracle

Labor Department Sues Oracle For Paying White Men More (usatoday.com) 317

An anonymous reader quotes a report from USA Today: Oracle is being sued by the Labor Department for paying white men more than their counterparts and for favoring Asian workers when recruiting and hiring for technical roles. The administrative lawsuit is the latest from the Labor Department to take aim at the human resources practices of major technology companies. The Labor Department warned the lawsuit could cost Oracle hundreds of millions in federal contracts. Oracle makes software and hardware used by the federal government. "The complaint is politically motivated, based on false allegations, and wholly without merit," Oracle spokesman Deborah Hellinger said in a statement. "Oracle values diversity and inclusion, and is a responsible equal opportunity and affirmative action employer. Our hiring and pay decisions are non-discriminatory and made based on legitimate business factors including experience and merit." The lawsuit is the result of an Office of Federal Contract Compliance Programs review of Oracle's equal employment opportunity practices, the Labor Department said. According to the lawsuit, Oracle America paid white male workers more, leading to pay discrimination against women, African American and Asian employees. The Labor Department also accused Oracle of favoring Asians for product development and other technical roles, resulting in discrimination against non-Asian applicants. Oracle refused to comply with the Labor Department's investigation, which began in 2014, such as refusing to provide compensation data for all employees, complete hiring data for certain business lines and employee complaints of discrimination, according to the federal agency.
Google

Android Was 2016's Most Vulnerable Product, Oracle the (bleepingcomputer.com) 147

An anonymous reader writes: According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award." The rest of the top 10 is made up by Debian (319 bugs), Ubuntu (278 bugs), Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).

When it comes to software vendors, the company for which the largest number of new CVE numbers have been assigned was Oracle, with a whopping 798 CVEs, who edged out Google (698 bugs), Adobe (548 bugs), Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).

Facebook

Facebook Buys Data From Third-Party Brokers To Fill In User Profiles (ibtimes.com) 116

An anonymous reader quotes a report from International Business Times: According to a report from ProPublica, the world's largest social network knows far more about its users than just what they do online. What Facebook can't glean from a user's activity, it's getting from third-party data brokers. ProPublica found the social network is purchasing additional information including personal income, where a person eats out and how many credit cards they keep. That data all comes separate from the unique identifiers that Facebook generates for its users based on interests and online behavior. A separate investigation by ProPublica in which the publication asked users to report categories of interest Facebook assigned to them generated more than 52,000 attributes. The data Facebook pays for from other brokers to round out user profiles isn't disclosed by the company beyond a note that it gets information "from a few different sources." Those sources, according to ProPublica, come from commercial data brokers who have access to information about people that isn't linked directly to online behavior. The social network doesn't disclose those sources because the information isn't collected by Facebook and is publicly available. Facebook does provide a page in its help center that details how to get removed from the lists held by third-party data brokers. However, the process isn't particularly easy. In the case of the Oracle-owned Datalogix, users who want off the list have to send a written request and a copy of a government-issued identification in the mail to Oracle's chief privacy officer. Another data collecting service, Acxiom, requires users provide the last four digits of their social security number to see the information the company has gathered about them.
Java

Oracle Begins Aggressively Pursuing Java Licensing Fees (theregister.co.uk) 295

Java SE is free, but Java SE Suite and various flavors of Java SE Advanced are not, and now Oracle "is massively ramping up audits of Java customers it claims are in breach of its licenses," reports the Register. Oracle bought Java with Sun Microsystems in 2010 but only now is its License Management Services division chasing down people for payment, we are told by people familiar with the matter. The database giant is understood to have hired 20 individuals globally this year, whose sole job is the pursuit of businesses in breach of their Java licenses... Huge sums of money are at stake, with customers on the hook for multiple tens and hundreds of thousands of dollars.
Slashdot reader rsilvergun writes, "Oracle had previously sued Google for the use of Java in Android but had lost that case. While that case is being appealed, it remains to be seen if the latest push to monetize Java is a response to that loss or part of a broader strategy on Oracle's part." The Register interviewed the head of an independent license management service who says Oracle's even targeting its own partners now.

But after acquiring Sun in 2010, why did Oracle's License Management Services wait a full six years? "It is believed to have taken that long for LMS to devise audit methodologies and to build a detailed knowledge of customers' Java estates on which to proceed."
United States

Donald Trump To Tech Leaders: 'No Formal Chain Of Command' Here (cnbc.com) 488

A confab of tech titans had a "productive" meeting with President-elect Donald Trump at Trump Tower on Wednesday, Amazon CEO Jeff Bezos told CNBC, as Trump moved to mend fences with Silicon Valley before taking office in January. Apple, Alphabet, Microsoft, Amazon, Facebook, Intel, Oracle, IBM, Cisco and Tesla were among the C-suite executives in attendance, with Apple CEO Tim Cook and Tesla CEO Elon Musk expected to get private briefings, according to transition staff. From the report: "We want you to keep going with the incredible innovation," Trump said. "There's no one like you in the world. ... anything we can do to help this go along, we're going to be there for you. You can call my people, call me -- it makes no difference -- we have no formal chain of command around here." At the meeting, Trump introduced billionaire Wilbur Ross, his Commerce secretary pick, and Goldman Sachs executive Gary Cohn, his choice for director of the National Economic Council. "They're going to do fair trade deals," Trump said. "They're going to make it easier for you to trade across borders, because there are a lot of restrictions, a lot of problems. If you have any ideas on that, that would be great."
Java

Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.
Businesses

Oracle Buys Dyn DNS Provider (techcrunch.com) 117

Oracle announced today it is buying DNS provider Dyn, a company that was in the press lately after it was hit by a large-scale DDoS attack in October that resulted in many popular websites becoming inaccessible. From a TechCrunch report:Oracle plans to add Dyn's DNS solution to its bigger cloud computing platform, which already sells/provides a variety of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) products. Oracle and Dyn didn't disclose the price of the deal but we are trying to find out. Dan Primack reports that it's around $600 million. We've also asked for a comment from Oracle about Dyn's recent breach, and whether the wheels were set in motion for this deal before or after the Mirai botnet attack in October.
Databases

MongoDB CEO Claims They're Luring Customers From Oracle (diginomica.com) 153

"MongoDB is increasingly encroaching on Oracle's database lead -- with enterprises becoming more and more confident with the maturing NoSQL technology," according to Diginomica, citing this new interview with CEO Dev Ittycheria: 30% of our business is migration off existing workloads to us. Two years ago it was 5%. Ditching Oracle and others, but mainly Oracle... one of the nice benefits of being in this market is that Oracle has done a great job of alienating its customer base... if there are performance reasons, regulatory reasons, developer demand -- [people] will change... We have grown business by 2.5X over last two years. And our employee base has pretty much doubled.
One reason he cites is Oracle's higher prices on their top-line products, saying MongoDB's new customers include "a large bank, whose logo you would recognize instantly [with] a very sophisticated equities trading platform." Ittycheria says MongoDB is now a nine-figure business, and after they launched their new database-as-a-service product Atlas last June, "the growth in that business has been off the charts."
Java

Java's Open Sourcing Still Controversial Ten Years Later (infoworld.com) 89

An anonymous reader quotes InfoWorld: Sun Microsystems officially open-sourced Java on November 13, 2006... "The source code for Java was available to all from the first day it was released in 1995," says [Java creator James] Gosling, who is now chief architect at Liquid Robotics. "What we wanted out of that was for the community to help with security analysis, bug reporting, performance enhancement, understanding corner cases, and a whole lot more. It was very successful." Java's original license, Gosling says, allowed people to use the source code internally but not redistribute. "It wasn't 'open' enough for the 'open source' crowd," he says... While Gosling has taken Oracle to task for its handling of Java at times, he sees the [2006] open-sourcing as beneficial. "It's one of the most heavily scrutinized and solid bodies of software you'll find. Community participation was vitally important..."

A former Oracle Java evangelist, however, sees the open source move as watered down. "Sun didn't open-source Java per se," says Reza Rahman, who has led a recent protest against Oracle's handling of enterprise Java. "What they did was to open-source the JDK under a modified GPL license. In particular, the Java SE and Java EE TCKs [Technology Compatibility Kits] remain closed source."

Rahman adds that "Without open-sourcing the JDK, I don't think Java would be where it is today."

Slashdot Top Deals