Oracle has been ordered to pay HP $3 billion in damages by a California jury over HP's claim that Oracle reneged on a deal to support HP computer servers running on Itanium chips from Intel. Oracle said it will appeal. BBC reports:The court battle over the contract was settled in 2012 but the damages HPE was due have only now been agreed. HP was split into two in 2015 with HPE taking over the running of its servers and services business. In court, HPE argued that although the 2012 legal judgement meant Oracle had resumed making software for the powerful chips, its business had suffered harm. It argued that Oracle took the decision in 2011 to stop supporting Itanium in a bid to get customers to move to hardware made by Sun -- a hardware firm owned by Oracle. Oracle said that its decision in 2011 was driven by a realisation that Itanium was coming to the end of its life. It also argued that the contract it signed never obliged it to keep producing software in perpetuity. Intel stopped making Itanium chips in late 2012 and many companies that used servers built around them have now moved to more powerful processors.

steveb3210 writes: Today, Ruby On Rails released version 5.0.0 of the platform. Major new features include ActionCable which brings support for WebSockets and a slimmed-down API-only mode From the official blog post:After six months of polish, four betas, and two release candidates, Rails 5.0 is finally done! It's taken hundreds of contributors and thousands of commits to get here, but what a destination: Rails 5.0 is without a doubt the best, most complete version of Rails yet. It's incredible that this community is still going so strong after so long. Thanks to everyone who helped get us here. [...] Note: As per our maintenance policy, the release of Rails 5.0 will mean that bug fixes will only apply to 5.0.x, regular security issues to 5.0.x and 4.2.x, and severe security issues also to 5.0.x and 4.2.x (but when 5.1 drops, to 5.1.x, 5.0.x, and 4.2.x). This means 4.1.x and below will essentially be unsupported! Ruby 2.2.2+ is now also the only supported version of Rails 5.0+.

Trailrunner7 quotes a report from On the Wire: A powerful California congressman is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients. The pressure is coming from Rep. Ted Lieu (D-Calif.) and follows comments from officials at the Department of Health and Human Services about the department's plan to issue guidance to health care organizations about ransomware attacks. The Office for Civil Rights section of HHS, which has responsibility for health information privacy, will provide guidance on how to handle ransomware attacks, and Lieu is eager to ensure that the guidance specifically addresses how ransomware attacks relate to data breach regulations. "I welcome the news of HHS providing guidance to health providers on a matter that threatens so many hospital IT systems. However, we need to make clear that ransomware is not the same as conventional breaches. The threat to patients from ransomware is typically due to the denial of access to their medical records and medical services. Not only could this be a threat to privacy, but it could result in medical complications and deaths if hospitals can't access patient information," Lieu said in a statement. He sent a letter to the deputy director for health information privacy in the Office of Civil Rights at HHS, Deven McGraw, asking him to instruct health organizations and providers to notify patients of an attack if it results in a denial of access to a medical record or a loss of functionality thats necessary to provide patient care. In the past, Lieu has called for a full congressional investigation into the aforementioned widespread flaw in global phone networks that allows hackers to track anyone's location and spy on their phone calls and text messages. He was also one of the first lawmakers to publicly express his pro-encryption view after a federal judge ordered Apple to help the FBI break into the San Bernardino shooter's iPhone, saying it effectively "forces private-sector companies like Apple to be used as an arm of law enforcement."

An anonymous reader writes from a report via The Stack: A 2014 version of the World-Check database containing more than 2.2 million records of people with suspected terrorist, organized crime, and corruption links has been leaked online. The World-Check database is administered by Thomson-Reuters and is used by 4,500 institutions, 49 of the world's 50 largest banks and by over 300 government and intelligence agencies. The unregulated database is intended for use as "an early warning system for hidden risk" and combines records from hundreds of terror and crime suspects and watch-lists into a searchable resource. Most of the individuals in the database are unlikely to know that they are included, even though it may have a negative impact on their ability to use banking services and operate a business. A Reddit user named Chris Vickery says he obtained a copy of the database, saying he won't reveal how until "a later time." To access the database, customers must pay an annual subscription charge, that can reach up to $1 million, according to Vice, with potential subscribers then vetted before approval. Vickery says he understands that the "original location of the leak is still exposed to the public internet" and that "Thomas Reuters is working feverishly to get it secured." He told The Register that he alerted the company to the leak, but is still considering whether to publish the information contained in it.

An anonymous reader writes: Github's transparency report for 2015 shows that the site received many DMCA notices that removed more than 8,200 projects. "In 2015, we received significantly more takedown notices, and took down significantly more content, than we did in 2014," Github reports. For comparison, the company received only 258 DMCA notices in 2014, 17 of which responded with a counter-notice or retraction. In 2015, they received 505 takedown notices, 62 of which were the subject of counters or withdrawals. TorrentFreak reports: "Copyright holders are not limited to reporting one URL or location per DMCA notice. In fact, each notice filed can target tens, hundreds, or even thousands of allegedly infringing locations." September was a particularly active month as it took down nearly 5,834 projects. "Usually, the DMCA reports we receive are from people or organizations reporting a single potentially infringing repository. However, every now and then we receive a single notice asking us to take down many repositories," Github explains. They are called 'Mass Removals' when more than 100 repositories are asked to be removed. "In all, fewer than twenty individual notice senders requested removal of over 90% of the content GitHub took down in 2015."

theodp writes from a report via USA Today: "If there was any lingering doubt as to tech's favored presidential candidate," writes USA Today's Jon Swartz, "Hillary Clinton put an end to that Tuesday with a tech plan that reads like a Silicon Valley wish list. It calls for connecting every U.S. household to high-speed internet by 2020, reducing regulatory barriers and supporting Net neutrality rules, [which ban internet providers from blocking or slowing content.] It proposes investments in computer science and engineering education ("engage the private sector and nonprofits to train up to 50,000 computer science teachers in the next decade"), expansion of 5G mobile data, making inexpensive Wi-Fi available at more airports and train stations, and attaching a green card to the diplomas of foreign-born students earning STEM degrees." dcblogs shares with us a report from Computerworld that specifically discusses Clinton's support of green cards for foreign students who earn STEM degrees: As president, Hillary Clinton will support automatic green cards, or permanent residency, for foreign students who earn advanced STEM degrees. Clinton, the presumptive Democratic presidential candidate, wants the U.S. to "staple" green cards on the diplomas of STEM (science, technology, engineering, math) masters and PhD graduates "from accredited institutions." Clinton outlined her plan in a broader tech policy agenda released today. Clinton's "staple" idea isn't new. It's what Mitt Romney, the GOP presidential candidate in 2012, supported. It has had bipartisan support in Congress. But the staple idea is controversial. Critics will say this provision will be hard to control, will foster age discrimination, and put pressure on IT wages.

schwit1 writes from a report via Daily Mail: [Daily Mail reports:] "The Artificial intelligence (AI) developed by a University of Cincinnati doctoral graduate was recently assessed by retired USAF Colonel Gene Lee -- who holds extensive aerial combat experience as an instructor and Air Battle Manager with considerable fighter aircraft expertise. He took on the software in a simulator. Lee was not able to score a kill after repeated attempts. He was shot out of the air every time during protracted engagements, and according to Lee, is 'the most aggressive, responsive, dynamic and credible AI I've seen to date.'" And why is the US still throwing money at the F35, unless it can be flown without pilots. The AI, dubbed ALPHA, features a genetic fuzzy tree decision-making system, which is a subtype of fuzzy logic algorithms. The system breaks larger tasks into smaller tasks, which include high-level tactics, firing, evasion, and defensiveness. It can calculate the best maneuvers in various, changing environments over 250 times faster than its human opponent can blink. Lee says, "I was surprised at how aware and reactive it was. It seemed to be aware of my intentions and reacting instantly to my changes in flight and my missile deployment. It knew how to defeat the shot I was taking. It moved instantly between defensive and offensive actions as needed."

An anonymous reader writes: On Monday, Google Maps has received a makeover with 700 trillion pixels of new data added to the service. The Atlantic reports: "The new map, which activates this week for all users of Google Maps and Google Earth, consists of orbital imagery that is newer, more detailed, and of higher contrast than the previous version. Most importantly, this new map contains fewer clouds than before -- only the second time Google has unveiled a "cloudless" map. Google had not updated its low- and medium- resolution satellite map in three years. The new version of the map includes data from Landsat 8, the newer version of the same satellite (Landsat 7, the U.S. government satellite which supplied the older map's imagery data), letting Google clear the ugly artifacts. Google's new update doesn't include imagery at the highest zoom levels, like the kind needed to closely inspect an individual house, pool, or baseball field. Those pictures do not come from Landsat at all, but from a mix of other public and private aerial and space-based cameras, including DigitalGlobe's high-resolution satellites. The image processing for this most recent map was completed entirely in Google Earth Engine, the company's geospatial-focused cloud infrastructure. In fact, the entire algorithm to create the cloudless map was written in Javascript in the Earth Engine development interface."

An anonymous reader writes: Google has launched a hardware project dubbed 'Project Bloks' to help teach kids how to code. There are three components to the learning experience: Brain Board, Base Boards, and Pucks. The Brain Board features a processing unit that is based off of Raspberry Pi Zero, which controls and provides power to the rest of the connected components. It does also interact with Wi-Fi and Bluetooth devices. The Base Boards are connective units that let users design instruction flows. Finally, the Pucks are the components you interact with. They're shaped with switches, arrows, buttons, dials and more, and can be programmed to turn things on or off, move avatars, play music, and more. What's neat is you can record instructions from multiple pucks into a single one. Some of them can be made with simple, inexpensive materials like paper with conductive ink. You can watch the official introduction video on YouTube. Google did release a subsequent video about the project called "Developing on Project Bloks."

Microsoft on Monday announced the release of .NET Core, the open source .NET runtime platform. Finally! (It was first announced in 2014). The company also released ASP.NET Core 1.0, the open-source version of Microsoft's Web development stack. ArsTechnica reports:Microsoft picked an unusual venue to announce the release: the Red Hat Summit. One of the purposes of .NET Core was to make Linux and OS X into first-class supported platforms, with .NET developers able to reach Windows, OS X, Linux, and (with Xamarin) iOS and Android, too. At the summit today, Red Hat announced that this release would be actively supported by the company on Red Hat Enterprise Linux.

New submitter lefticus writes: The upcoming C++17 standard has reached Committee Draft stage, having been voted on in the standards committee meeting in Oulu, Finland this Saturday. This makes C++17 now feature complete, with many new interesting features such as if initializers and structured bindings having been voted in at this meeting.

An [audio] interview with the C++ committee chair, Herb Sutter, about the status of C++17 has also been posted.

An anonymous Slashdot reader writes: Ecma International, the organization in charge of managing the ECMAScript standard, has published the most recent version of the JavaScript language. ECMAScript 2016 (ES7 or JavaScript 7th Edition in the old naming scheme) comes with very few new features. The most important is that JavaScript developers will finally get a "raise to the power" operator, which was mysteriously left out of the standard for 20 years. The operator is **...
It will also become much easier to search for data in a JavaScript array with Array.prototype.includes(), but support for async functions (initially announced for ES2016), has been deferred until next year's release. "From now on, expect smaller changelogs from the ECMAScript team," reports Softpedia, "since this was the plan set out last year. Fewer breaking changes means more time to migrate code, instead of having to rewrite entire applications, as developers did when the mammoth ES6 release came out last year."

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.
The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."

"Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit," warns ZDNet's blog Zero Day, adding "the severe flaw allows attackers to remotely execute code." Slashdot reader msm1267 writes: A serious parameter injection vulnerability exists in the Swagger Code Generator that could allow an attacker to embed executable code in a Swagger JSON file. The flaw affects NodeJS, Ruby, PHP, Java and likely other programming languages. Researchers at Rapid7 who found the flaw disclosed details...as well as a Metasploit module and a proposed patch for the specification. The matter was privately disclosed in April, but Rapid7 said it never heard a response from Swagger's maintainers.

Swagger produces and consumes RESTful web services APIs; Swagger docs can be consumed to automatically generate client-server code. As of January 1, the Swagger specification was donated to the Open API Initiative and became the foundation for the OpenAPI Specification. The vulnerability lies in the Swagger Code Generator, and specifically in that parsers for Swagger documents (written in JSON) don't properly sanitize input. Therefore, an attacker can abuse a developer's trust in Swagger to include executable code that will run once it's in the development environment.

An anonymous reader writes: After changing its DRM to exclude ReVive last month, Oculus has changed its mind again and is now allowing HTC Vive games to play on the Oculus Rift. "We continually revise our entitlement and anti-piracy systems, and in the June update we've removed the check for Rift hardware from the entitlement check. We won't use hardware checks as part of DRM on PC in the future," Oculus VR said. "We believe protecting developer content is critical to the long-term success of the VR industry, and we'll continue taking steps in the future to ensure that VR developers can keep investing in ground-breaking new VR content." VentureBeat reports: "ReVive developers have acted quickly following the removal of the check. An update to the software has been posted on GitHub to bring it back in line, meaning you'll now be able to access the games that were previously available without jumping through extra hoops. Perhaps even more games might work going forward. CrossVR, one of the system's developers, took to Reddit to thank Oculus for the decision. 'I'm delighted to see this change and I hope it can generate a lot of goodwill for Oculus.' CrossVR said."

An anonymous reader writes: [Softpedia reports:] "A study from GeoEdge (PDF), an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves. The company argues that for video ads, the primary root of malvertising is the VAST and VPAID advertising standards. VAST and VPAID are the rules of the game when it comes to online video advertising, defining the road an ad needs to take from the ad's creator to the user's browser. Even if the ad is Flash or HTML5, there are critical points in this ad delivery path where ad creators can alter the ad via JavaScript injections. These same critical points are also there so advertisers or ad networks can feed JavaScript code that fingerprints and tracks users." The real culprit is the ability to send JavaScript code at runtime, and not if the ad is a Flash object, an image or a block of HTML(5) code.

If you're on the fence on whether or not should you spring for learning how to code, Google is willing to offer a helping hand. The company has partnered with Udacity to offer a "nanodegree" class designed for people with no programming experience at all. The program costs $199 per month. ZDNet reports:The course material, developed by Google, is hosted on learning platform Udacity and builds on earlier programs such as the Android Nanodegree for Beginners. The basics course takes around four weeks if the student commits six hours a week and upon completion they'll have created two basic apps built in Android Studio."Google, in partnership with Udacity, is making Android development accessible and understandable to everyone, so that regardless of your background, you can learn to build apps that improve the lives of people around you," Google announced on its developer blog.

blottsie writes: Chris Vickery, a security researcher at MacKeeper, has uncovered a new voter database containing 154 million voter records, exposed as a result of a CouchDB installation error. The database includes names, addresses, Facebook profile URLs, gun ownership, and more. Who exposed the voter database? Vickery believes the suspect may be linked to L2, a company specializing in voter data utilization, after he noticed that the voter ID field was labeled "LALVOTERID." After calling the company, L2 said the database likely belongs to one of their clients, noting that there are very few clients big enough to have a national database like that. The database was secured within three hours of their phone call. L2's CEO Bruce Willsie said that the client told L2 that they were hacked and the firewall had been taken down. Their client is conducting their own research to figure out the extent of the incursion. The Daily Dot reports: "Why does this keep happening, and what is our government doing about it? No federal agency is enforcing data security in political organizations or non-profits, and so far, neither are state attorneys general."

An anonymous reader writes from a report via The Verge: TechPowerUp discovered that the MSI GeForce GTX 1080 Gaming X card they were sent for review was running at faster GPU and memory clock speeds than the retail version. This was because the review card was set to operate in the OC (overclocking) mode out of the box, whereas the retail card runs in the more regular Gaming mode out of the box. This may result in an unobservant reviewer accidentally misrepresenting the OC performance numbers as the stock results from the card, lending MSI's product an unearned helping hand. The site found this was a recurring pattern with MSI stretching back for years. Fellow Taiwanese manufacturer ASUS, in spite of having better global name recognition and reputation, has also show itself guilty of preprogramming review cards with an extra overclocking boost. Needless to say, the only goal of such actions is to deceive -- both the consumer and the reviewer -- though perhaps some companies have felt compelled to follow suit after the trend was identified among competitors. The Verge notes that TechPowerUp revealed its finding on Thursday of last week, and has not received any official response from either MSI or ASUS. They did update their story to note that MSI addressed the matter, in a comment provided to HardOCP Editor-in-Chief Kyle Bennett, back in 2014.

An anonymous reader quotes a report from Paste Magazine: Indie developer TinyBuild, the studio behind Punch Club, Party Hard and SpeedRunners, had thousands of their game codes stolen through fraudulent credit card purchases, which then wound up on G2A.com, a site that allows people to resell game codes. The basic idea behind G2A is straightforward and pretty harmless: with the amount of game codes sold through Steam, the Humble Store/Bundle, and more, the site gives consumers a place to sell unwanted game codes. However, in doing so, G2A has created a huge black market for game codes sales. As TinyBuild described in their blog post on the matter, the common practice for scammers is to "get ahold of a database of stolen credit cards on the dark web. Go to a bundle/3rd party key reseller and buy a ton of game keys. Put them up onto G2A and sell them at half the retail price." This allows scammers to make thousands of dollars while preventing any profit from reaching the game developers because, once the stolen credit cards are processed, the payments will be denied. G2A states that TinyBuild's retail partners are the ones selling the codes on G2A, not scammers, despite the thousands of codes they lost through their online store to fraudulent credit card purchases. In 2011, TinyBuild was in the news for uploading their own game, a platformer called No Time To Explain, to the Pirate Bay.