Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Java

Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com) 30

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.
Businesses

Oracle Buys Dyn DNS Provider (techcrunch.com) 117

Oracle announced today it is buying DNS provider Dyn, a company that was in the press lately after it was hit by a large-scale DDoS attack in October that resulted in many popular websites becoming inaccessible. From a TechCrunch report:Oracle plans to add Dyn's DNS solution to its bigger cloud computing platform, which already sells/provides a variety of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) products. Oracle and Dyn didn't disclose the price of the deal but we are trying to find out. Dan Primack reports that it's around $600 million. We've also asked for a comment from Oracle about Dyn's recent breach, and whether the wheels were set in motion for this deal before or after the Mirai botnet attack in October.
Databases

MongoDB CEO Claims They're Luring Customers From Oracle (diginomica.com) 153

"MongoDB is increasingly encroaching on Oracle's database lead -- with enterprises becoming more and more confident with the maturing NoSQL technology," according to Diginomica, citing this new interview with CEO Dev Ittycheria: 30% of our business is migration off existing workloads to us. Two years ago it was 5%. Ditching Oracle and others, but mainly Oracle... one of the nice benefits of being in this market is that Oracle has done a great job of alienating its customer base... if there are performance reasons, regulatory reasons, developer demand -- [people] will change... We have grown business by 2.5X over last two years. And our employee base has pretty much doubled.
One reason he cites is Oracle's higher prices on their top-line products, saying MongoDB's new customers include "a large bank, whose logo you would recognize instantly [with] a very sophisticated equities trading platform." Ittycheria says MongoDB is now a nine-figure business, and after they launched their new database-as-a-service product Atlas last June, "the growth in that business has been off the charts."
Java

Java's Open Sourcing Still Controversial Ten Years Later (infoworld.com) 89

An anonymous reader quotes InfoWorld: Sun Microsystems officially open-sourced Java on November 13, 2006... "The source code for Java was available to all from the first day it was released in 1995," says [Java creator James] Gosling, who is now chief architect at Liquid Robotics. "What we wanted out of that was for the community to help with security analysis, bug reporting, performance enhancement, understanding corner cases, and a whole lot more. It was very successful." Java's original license, Gosling says, allowed people to use the source code internally but not redistribute. "It wasn't 'open' enough for the 'open source' crowd," he says... While Gosling has taken Oracle to task for its handling of Java at times, he sees the [2006] open-sourcing as beneficial. "It's one of the most heavily scrutinized and solid bodies of software you'll find. Community participation was vitally important..."

A former Oracle Java evangelist, however, sees the open source move as watered down. "Sun didn't open-source Java per se," says Reza Rahman, who has led a recent protest against Oracle's handling of enterprise Java. "What they did was to open-source the JDK under a modified GPL license. In particular, the Java SE and Java EE TCKs [Technology Compatibility Kits] remain closed source."

Rahman adds that "Without open-sourcing the JDK, I don't think Java would be where it is today."
Cloud

AWS Releases Amazon Linux Container Image For Use in On-Premises Data Centers (venturebeat.com) 33

Amazon Web Services, a division of Amazon that offers cloud computing and storage services, has released a container image of its Amazon Linux operating system -- which has, until now, only been accessible on AWS virtual machine instances -- that customers can now deploy on their own servers. From a report on VentureBeat: Of course, other Linux distributions are available for use in companies' on-premises data centers -- CentOS, CoreOS, Red Hat Enterprise Linux, Canonical's Ubuntu, and so on. Now companies that are used to Amazon Linux in the cloud can work with it on-premises, too. It's available from AWS' EC2 Container Registry. Amazon Linux is not currently available for instant deployment on other public clouds, whether Oracle's, Google's, Microsoft's, or IBM's. "It is built from the same source code and packages as the AMI and will give you a smooth path to container adoption," AWS chief evangelist Jeff Barr wrote in a blog post. "You can use it as-is or as the basis for your own images."
Google

Oracle Will Officially Appeal Its 'Fair Use' Loss Against Google (arstechnica.com) 99

An anonymous reader quotes a report from Ars Technica: The massive Oracle v. Google litigation has entered a new phase, as Oracle filed papers (PDF) yesterday saying it will appeal its loss on "fair use" grounds to the U.S. Court of Appeals for the Federal Circuit. For a brief recap of the case: after Oracle purchased Sun Microsystems and acquired the rights to Java, it sued Google in 2010, saying that Google infringed copyrights and patents related to Java. The case went to trial in 2012. Oracle initially lost but had part of its case revived on appeal. The sole issue in the second trial was whether Google infringed the APIs in Java, which the appeals court held are copyrighted. In May, a jury found in Google's favor after a second trial, stating that Google's use of the APIs was protected by "fair use." Oracle's appeal is no surprise, but it will be a long shot. The four-factor "fair use" test is a fairly subjective one, and Oracle lawyers will have to argue that the jury's unanimous finding must be overturned. There are various ways a jury could arrive at the conclusion that Google was protected by fair use. The case will go back to the Federal Circuit, the same appeals court that decided APIs could be copyrighted in the first place. That decision overruled U.S. District Judge William Alsup, the lower court judge, and was extremely controversial in the developer community. However, the same decision that insisted APIs can be copyrighted clearly held the door open to the idea that "fair use" might apply. Unless Oracle pulls off a stunning move on appeal, its massive legal expenditures in this case will be for naught.
Java

Oracle Formally Proposes That Java Adopt Ahead-of-Time Compilation (infoworld.com) 104

An anonymous Slashdot reader quotes InfoWorld: Java applications will get faster startup times thanks to a formal proposal to include ahead-of-time compilation in the platform. The draft Java Development Kit proposal, authored by Vladimir Kozlov, principal technical staff member at Oracle, is targeted for inclusion in Java 9, which is expected to be available next summer. "We would love to see this make it into JDK 9, but that will of course depend on the outcome of the OpenJDK process for this JDK Enhancement Proposal," said Georges Saab, vice president of software development in the Java platform group at Oracle, on Thursday. Ahead-of-time compilation has been a stated goal for Java 9 to address the issue of slow startup...

The proposal summary notes that Java classes would be compiled to native code prior to launching the virtual machine. The ultimate goal is to improve the startup time of small or large Java applications while having "at most" a limited impact on peak performance and minimizing changes to the user workflow.

Tests indicates some applications perform better while some actually perform worse, so it's being proposed as an opt-in feature where dissatisfied users "can just rebuild a new JDK without ahead-of-time libraries."
Microsoft

Vladimir Putin Is Replacing Microsoft Programs With Domestic Software (bloomberg.com) 277

An anonymous reader quotes a report from Bloomberg: Moscow city will replace Microsoft Corp. programs with domestic software on thousands of computers in answer to President Vladimir Putin's call for Russia's authorities to reduce dependence on foreign technology amid tensions with the U.S. and Europe. The city will initially replace Microsoft's Exchange Server and Outlook on 6,000 computers with an e-mail system installed by state-run carrier Rostelecom PJSC, Artem Yermolaev, head of information technology for Moscow, told reporters Tuesday. Moscow may expand deployment of the new software, developed by Russia's New Cloud Technologies, to as many as 600,000 computers and servers, and may also consider replacing Windows and Office, Yermolaev said. Putin is urging state entities and local companies to go domestic amid concerns over security and reliability after U.S. firms shut down paid services in Crimea following Russia's 2014 annexation. The plan poses a challenge to the likes of Microsoft, SAP SE and Oracle Corp. in the country's $3 billion software market. Adding to pressure, Putin's internet czar German Klimenko wants to raise taxes on U.S. technology companies to help Russian competitors such as Yandex NV and Mail.ru Group Ltd.
Google

Judge Skewers Oracle Attorney For Revealing Google, Apple Trade Secrets (arstechnica.com) 68

An anonymous reader quotes a report from Ars Technica: The federal judge who presided over the Google-Oracle API copyright infringement trial excoriated one of Oracle's lawyers Thursday for disclosing confidential information in open court earlier this year. The confidential information included financial figures stating that Google generated $31 billion in revenue and $22 billion in profits from the Android operating system in the wake of its 2008 debut. The Oracle attorney, Annette Hurst, also revealed another trade secret: Google paid Apple $1 billion in 2014 to include Google search on iPhones. Judge William Alsup of San Francisco has been presiding over the copyright infringement trial since 2010, when Oracle lodged a lawsuit claiming that Google's Android operating system infringed Oracle's Java APIs. After two trials and various trips to the appellate courts, a San Francisco federal jury concluded in May that Google's use of the APIs amounted to fair use. Oracle's motion before Alsup for a third trial is pending. Oracle argues that Google tainted the verdict by concealing a plan to extend Android on desktop and laptop computers. As this legal saga was playing out, Hurst blurted out the confidential figures during a January 14 pre-trial hearing, despite those numbers being protected by a court order. The transcript of that proceeding has been erased from the public record. But the genie is out of the bottle. Google lodged a motion (PDF) for sanctions and a contempt finding against Hurst for unveiling a closely guarded secret of the mobile phone wars. During a hearing on that motion Thursday, Judge Alsup had a back-and-forth with Hurst's attorney, former San Francisco U.S. Attorney Melinda Haag. According to the San Francisco legal journal The Recorder, Haag said that her client Hurst -- of the law firm Orrick, Herrington and Sutcliffe -- should not be sanctioned because of "one arguable mistake made through the course of a very complex litigation."
Oracle

Larry Ellison Says 'Amazon's Lead is Over' As Oracle Unveils New Cloud Infrastructure (venturebeat.com) 157

Oracle has unveiled its second generation of cloud infrastructure for third-party developers to run their applications in Oracle data centers. What is interesting about the announcement is that Oracle co-founder and chief technology officer Larry Ellison claiming that "Amazon's lead is over. Amazon's going to have serious competition going forward." From a VentureBeat report: One particular instance, or virtual-machine (VM) type, that Oracle is making available in this second-generation offering -- the Dense IO Shape -- offers 28.8TB, 512GB, and 36 cores, at a price of $5.40 per hour. This product offers more than 10 times the input-output capacity of Amazon Web Services (AWS), specifically the i2.8xlarge instance, said Ellison. Currently, AWS leads the cloud infrastructure market, with Microsoft Azure, Google Cloud Platform, and IBM trailing behind. Oracle's public cloud was not included in the most recent version of Gartner's highly regarded cloud infrastructure as a service (IaaS) Magic Quadrant, which was released last month. "Oracle also does not have enough market share to qualify for inclusion," the authors of the report wrote.
Oracle

Will Oracle Surrender NetBeans to Apache? (infoworld.com) 69

An anonymous Slashdot reader quotes InfoWorld: Venerable open source Java IDE NetBeans would move from Oracle's jurisdiction to the Apache Software Foundation under a proposal... endorsed by Java founder James Gosling, a longtime fan of the IDE. Moving NetBeans to a neutral venue like Apache, with its strong governance model, would help the project attract more contributions from various organizations, according to the proposal posted in the Apache wiki.

"Large companies are using NetBeans as an application framework to build internal or commercial applications and are much more likely to contribute to it once it moves to neutral Apache ground," the proposal says. While Oracle will relinquish its control over NetBeans under the proposal, individual contributors from Oracle are expected to continue contributing to the project.

On Facebook, Gosling posted the proposal meant "folks like me can more easily contribute to our favorite IDE. The finest IDE in existence will be getting even better, faster!" InfoWorld reports that when aked if Oracle had neglected NetBeans, Gosling said, "Oracle didn't single out NetBeans for neglect, they neglect everything... I'm thrilled that the NetBeans community will now be able to chart its own course."
United States

Oregon Settles $6 Billion Lawsuit Over Oracle's Botched Healthcare Website (registerguard.com) 113

"While the crippled website eventually worked, Oregon failed to enroll a single person online [and] had to resort to hiring 400 people to process paper applications." An anonymous Slashdot reader quotes the AP: The state paid Oracle $240 million to create its Cover Oregon website but ultimately abandoned the site and joined the federal exchange to comply with the Affordable Care Act... The state initially asked for more than $6 billion in punitive damages when it filed the lawsuit in 2014 against the Redwood City company, but Oregon ultimately accepted a package that included $35 million in cash payments and software licensing agreements and technical support with an estimated upfront worth of $60 million...

Six years of unlimited Oracle software and technical support included in the deal will save the state hundreds of millions of dollars in years to come and ends a bitter legal battle that has damaged Oregon's "collective psyche," Attorney General Ellen Rosenblum said in a statement. "The beauty of the deal is that if we choose to take full advantage of the free (software), we are uniquely situated to modernize our statewide IT systems over the next six years -- something we could not otherwise afford to do," she said.

"Oracle has insisted the website worked but former Gov. John Kitzhaber chose not to use it for political reasons."
Open Source

Is Apache OpenOffice Finally On the Way Out? (apache.org) 137

Reader JImbob0i0 writes: After almost another year without a release and another major CVE leaving users vulnerable for that year the Chairman of the Project Management Committee has started public discussions on what it will entail to retire the project, following the Apache Board showing concern at the poor showing.
It's been a long battle which would have been avoided if Oracle had not been so petty. Did this behaviour actually help get momentum in the community underway though? What ifs are always hard to properly answer. Hopefully this long drawn out death rattle will finally come to a close and the wounds with LibreOffice can heal with the last few contributors to AOO joining the rest of the community.

Java

Slashdot Asks: What Are Your Favorite Java 8 Features? (infoworld.com) 427

New submitter liveedu shares with us a report from InfoWorld: When Java 8 was released two years ago, the community graciously accepted it, seeing it as a huge step toward making Java better. Its unique selling point is the attention paid to every aspect of the programming language, including JVM (Java Virtual Machine), the compiler, and other help-system improvements. Java is one of the most searched programming languages according to TIOBE index for July 2016, where Java ranks number one. Its popularity is also seen on LiveCoding, a social live coding platform for engineers around the world, where hundreds and thousands of Java projects are broadcasted live. InfoWorld highlights five Java 8 features for developers in their report: lambda expressions, JavaScript Nashorn, date/time APIs, Stream API and concurrent accumulators. But those features only scratch the surface. What makes Java 8 amazing in your opinion? What are your favorite Java 8 features that help you write high quality code? You can view the entire list of changes made to the programming language here.
Programming

C Programming Language Hits a 15-Year Low On The TIOBE Index (businessinsider.com) 232

Gamoid writes: The venerable C programming language hit a 15-year low on the TIOBE Index, perhaps because more mobile- and web-friendly languages like Swift and Go are starting to eat its lunch. "The C programming language has a score of 11.303%, which is its lowest score ever since we started the TIOBE index back in 2001," writes Paul Jansen, manager of TIOBE Index. With that said, C is still the second most popular programming language in the world, behind only Java. Also worth noting as mentioned by Matt Weinberger via Business Insider, "C doesn't currently have a major corporate sponsor; Oracle makes a lot of money from Java; Apple pushes both Swift and Objective-C for building iPhone apps. But no big tech company is getting on stage and pushing C as the future of development. So C's problems could be marketing as much as anything."
Oracle

Oracle Is Funding a New Anti-Google Group (fortune.com) 156

An anonymous reader writes from a report via Fortune: Oracle says it is funding a new non-profit called "Campaign for Accountability," which consists of a campaign called "The Google Transparency Project" that claims to expose criminal behavior carried out by Google. "Oracle is absolutely a contributor (one of many) to the Transparency Project. This is important information for the public to know. It is 100 percent public records and accurate," said Ken Glueck, Senior Vice President of Oracle. Fortune reports: "Oracle's hidden hand is not a huge surprise since the company has a history of sneaky PR tactics, and is still embroiled in a bitter intellectual property lawsuit with Google." One would think Microsoft may be another contributor, but the company said it is not. Daniel Stevens, the deputy director of the CfA, declined to name the group's other donors, or to explain why it does not disclose its funders. Why does this matter? "When wealthy companies or individuals pose as a grass-roots group like the so-called 'campaign for accountability' project, [it] can confuse news and public relations, and foster public cynicism," writes Jeff John Roberts via Fortune.
Google

Oracle Says Trial Wasn't Fair, It Should Have Known About Google Play For Chrome (arstechnica.com) 182

Two and a half months after a federal jury concluded that Google's Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use," Oracle's attorney says her client missed a crucial detail in the trial, adding that this detail could change everything. ArsTechnica reports: Oracle lawyers argued in federal court today that their copyright trial loss against Google should be thrown out because they were denied key evidence in discovery. Oracle attorney Annette Hurst said that the launch of Google Play on Chrome OS, which happened in the middle of the trial, showed that Google was trying to break into the market for Java SE on desktops. In her view, that move dramatically changes the amount of market harm that Oracle experienced, and the evidence should have been shared with the jury. "This is a game-changer," Hurst told U.S. District Judge William Alsup, who oversaw the trial. "The whole foundation for their case is gone. [Android] isn't 'transformative'; it's on desktops and laptops." Google argued that its use of Java APIs was "fair use" for several reasons, including the fact that Android, which was built for smartphones, didn't compete with Java SE, which is used on desktops and laptops. During the post-trial hearing today, Hurst argued that it's clear that Google intends to use Android smartphones as a "leading wedge" and has plans to "suck in the entire Java SE market. [...] Android is doing this using Java code," said Hurst. "That's outrageous, under copyright law. This verdict is tainted by the jury's inability to hear this evidence. Viewing the smartphone in isolation is a Google-gerrymandered story."In the meanwhile, Google attorney said Oracle was aware of Google's intentions of porting Android to laptops and desktops, and that if Oracle wanted to use this piece of information, it could have.
Bug

FalseCONNECT Vulnerability Affects Software From Apple, Microsoft, Oracle, More (softpedia.com) 32

An anonymous reader writes from a report via Softpedia: "Researcher Jerry Decime revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products," reports Softpedia. The flaw can be used to collect user credentials by tricking victims into re-authenticating, sending data to a third-party. Multiple software vendors deploy applications that can handle proxy connections. Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others.
Microsoft

Microsoft's Bill Gates Is Richest Tech Billionaire With $78 Billion Fortune (gulfnews.com) 102

An anonymous reader quotes a report from GulfNews: The "100 Richest Tech Billionaires In The World 2016" list has been topped by Microsoft founder Bill Gates with an estimated fortune of $78 billion. The titans on Forbes' second annual list of the world's richest in technology are worth a combined $892 billion, six percent more than a year ago. Just over half of the 100 richest in tech are from the U.S., including eight of the top 10 richest on the list. Forbes said the second richest person in tech Amazon founder and CEO Jeff Bezos is also the biggest gainer on the list this year and has an estimated $66.2 billion fortune, an increase of $18.4 billion since this list was released last year. That puts him ahead of Oracle chairman Larry Ellison, who comes in on the fourth spot. Ellison was also beaten by Facebook founder and CEO Mark Zuckerberg, who climbed from fourth to third place thanks to a 30 percent jump in the value of Facebook's stock; he is now also California's richest person, another title that previously belonged to Ellison.
Security

Data Breach At Oracle's MICROS Point-of-Sale Division (krebsonsecurity.com) 33

Brian Krebs reports: A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle's MICROS point-of-sale credit card payment systems. Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had "detected and addressed malicious code in certain legacy MICROS systems." It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal. MICROS is among the top three point-of-sale vendors globally. Oracle's MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS's systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.

Slashdot Top Deals