Joe Mullin, reporting for Ars Technica: Google successfully made its case to a jury last month that its use of Java APIs in Android was "fair use," and the verdict rejected Oracle's claim that the mobile system infringed its copyrights. After Google argued its case, though, Oracle filed a motion arguing that the judge should decide as a matter of law that fair use didn't cover it. In the wake of the jury's pro-Google verdict, Oracle's motion was its last hope of a trial victory. It didn't happen; US District Judge William Alsup shot down the motion on Wednesday. The same order also denied Google's motion making similar arguments, filed at the close of trial but before the jury's verdict. Alsup's stinging order [PDF], which rejects Oracle's argument [PDF] on every front, hardly comes as a surprise. But the document provides the first insights as to what Oracle might bring up in an appeal proceeding, which the company has said it will pursue. In the order, Alsup defends how he ran the trial. The evidence and instructions presented to the jury were a mix of mandates from the appeals court, which overruled Alsup on the key issue of API copyrightability, and modifications urged by both sides' lawyers.

Annette Hurst, an attorney at Orrick, Herrington & Sutcliffe who represented Oracle in the recent Oracle v. Google trial, has written an opinion piece for Ars Technica in which she urges developers and creators to not celebrate Google's win in the hard-fought copyright case as the decision -- if remains intact -- is poised to make them "suffer" everywhere and also the free software movement itself "now faces substantial jeopardy." As you're aware, in a verdict earlier this week, a federal court announced that Google's Android operating system didn't infringe on Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." Hurst writes: No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial exploitation fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use." It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy.

The Department of Defense has promised to finally stop managing the U.S. nuclear arsenal with floppy disks "by the end of 2017". But an anonymous reader shares Softpedia's report about another startling revelation this week from the Government Accountability Office: Another agency that plans to upgrade is the US Department of Veterans Affairs, which uses COBOL, a programming language from the '50s to manage a system for employee time and attendance. Unfortunately for the VA, there were funds only to upgrade that COBOL system, because the agency still uses the antiquated programming language to run another system that tracks claims filed by veterans for benefits, eligibility, and dates of death. This latter system won't be updated this year. Another serious COBOL user is the Department of Homeland Security, who employs it to track hiring operations, alongside a 2008 IBM z10 mainframe and a Web component that uses a Windows 2012 server running Java.
Personnel files are serious business. A 2015 leak of the secret service's confidential personnel files for a Utah Congressman (who was leading a probe into high-profile security breaches and other missteps) led the Department of Homeland Security to discipline 41 secret service agents.

infernalC writes: Ars Technica is reporting that the verdict is in, and that the jury decided that Google's duplication of several Java interfaces is fair use. Ars Technica writes that Google's Android OS does not infringe upon Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." The jury unanimously answered "yes" in response to whether or not Google's use of Java APIs was a "fair use" under copyright law. The trial is now over, since Google won. "Google's win somewhat softens the blow to software developers who previously thought programming language APIs were free to use," Ars Technica writes. "It's still the case that APIs can be protected by copyright under the law of at least one appeals court. However, the first high-profile attempt to control APIs with copyright law has now been stymied by a "fair use" defense." The amount Oracle may have asked for in damages could have been as much as $9 billion.

Alphabet CEO Larry Page says his company never considered getting permission from Oracle for using the latter's Java APIs in Android. Page, who appeared in a federal court, said Java APIs are open and free, which warrants them or anyone to use it without explicit permission from Oracle. From an Ars Technica report (edited for clarity): "But you did copy the code and copy the structure, sequence, and organization of the APIs?" Oracle attorney Peter Bicks asked, raising his voice. "I don't agree with 'copy code,'" Page said. "For me, declaring code is not code," Page said. "Have you paid anything to Oracle for using that intellectual property?" Bicks asked. "When Sun established Java, they established it as an open source thing," Page said. "I believe the APIs we used were pretty open. No, we didn't pay for the free and open things." [...] "Was Google seeking a license for Java?" Google lawyer Robert Van Nest asked. "Yes, and a broader deal around other things, like branding and cooperation," Page said. "After discussions with Sun broke off, did you believe Google needed a license for APIs?" Van Nest asked. "No, I did not believe that," Page said. "It was established industry practice that the API and just the headers of those things could be taken and re-implemented. [It must be done] very carefully, not to use any existing implementation of those systems. That's been done many, many times. I think we acted responsibly and carefully around these intellectual property issues."

msm1267 quotes a report from Threatpost: Three dozen global enterprises have been breached by attackers who exploited a single, mitigated vulnerability in SAP business applications. The attacks were carried out between 2013 and are ongoing against large organizations owned by corporations in the United States, United Kingdom, Germany, China, India, Japan, and South Korea, spanning 15 critical industries, researchers at Onapsis said today. [The DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University also published an alert this morning, the first in its history for SAP applications.] The severity of these attacks is high and should put other organizations on notice that are running critical business processes and data through SAP Java apps. The issue lies in the Invoker Servlet, which is part of the standard J2EE specification and enables developers to test custom Java applications. When it is enabled, developers and users can call these servlets over the Internet directly without authentication or authorization controls. Attackers, however, can take advantage of this same functionality to exploit these business critical systems.

Donald Robertson, writing for Free Software Foundation: Proprietary JavaScript is a threat to all users on the Web. When minified, the code can hide all sorts of nasty items, like spyware and other security risks. [...] On March 1st, 2016, the Copyright Office announced a call for comments on an update to their technology infrastructure. We submitted a comment urging them to institute a policy that requires all software they develop and distribute to be free software. Further, we also urged them to not require people to run proprietary software in order to communicate or submit comments to them. Unfortunately, once again, the Copyright Office requires the use of proprietary JavaScript in order to submit the comment and they are only accepting comments online unless a person lacks computer or Internet access. [...] The most absurd part of all this is that other government agencies, while still using Regulations.gov, are perfectly capable of offering alternatives to submission.

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

An anonymous reader writes: Johan Kanflo has managed to make the already small Tiny328 Arduino clone into an even smaller computing platform about the size of a single AA battery. Not only will it fit in a typical AA battery holder, but it will actually draw power from the batteries beside it as it's wired in "backwards" (with the + and - poles reversed). The Arduino platform consists of open-source hardware, open-source software, and microcontroller-based kits, making it easy to (re)program the processors, and develop software for hardware applications using a java-clone and an easy-to-learn IDE. For those interested in the AAduino, Johan has made his creation available online on Github with instructions and schematics to build your own.

An anonymous reader writes: Oracle has released the April 2016 Critical Patch Update, which provides fixes for 136 vulnerabilities in 49 products, including Java SE and MySQL, the company's Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company advised.

An anonymous reader writes: Google and Oracle executives met for six hours Friday in an unsuccessful attempt to resolve an ongoing copyright lawsuit. "Because an agreement couldn't be made, the next phase of the case will head to court in May, where a jury will decide if Google had the right to use certain parts of Oracle's programming language, Java, for free or if it owes Oracle damages..." reports Business Insider. "Last month, Google said that its damages expert strongly disagreed that it should owe Oracle upward of $8 billion for using certain parts of Oracle's software in its smartphone operating system, Android."
Friday's court-ordered talk included both Google CEO Sundar Pichai and Oracle CEO Safra Catz, and it marks the second time the two companies have failed to reach an out-of-court settlement, a fact alluded to by the case's judge in newly-released documents. "After an earlier run at settling this case failed, the court observed that some cases just need to be tried," reports the court docket. "This case apparently needs to be tried twice."

An anonymous reader cites an article on Ars Technica: More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday. About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations. Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors.

An anonymous reader writes: Microsoft's Bing search engine now includes a live code editor, allowing programmers to edit and execute snippets of example code and see the results in real-time. HackerRank announced the new educational tool on their blog, calling it "a streamlined alternative" to Stack Overflow's sites and programming sites, and sharing a video of the new feature providing results for the search "quick sort Java". "In addition to learning how a certain algorithm/code is written in a given language, users will also be able to check how the same solution is constructed in a range of other programming languages too," says Bing's Group Engineering Manager for UX Features, "providing a Rosetta-stone model for programming languages."

An anonymous reader writes: Google has plans to make Apple's Swift object-oriented language a "first-class" language for Android, reports The Next Web. The publication, citing sources, adds that Google doesn't mean to replace the current first-class language for Android -- Java -- at least, "initially." Google sees an "upside" in using Swift, which Apple made open source last year. But a ton of things need to fall into place for this to work. From the report, "All told, Google would have to effectively recreate its efforts with Java -- for Swift. If the company is motivated enough, it's very possible to do so without compromising on its open source values or ruffling any developer feathers along the way." The company is also discussing internally about making Kotlin as a first-class language for Android. "Unlike Swift, Kotlin works with Android Studio, Google's IDE for Android development. Unfortunately, sources tell The Next Web that Google's current mindset is that Kotlin is a bit too slow when compiling."

angry tapir quotes a report from Computerworld: Oracle is seeking as much as $9.3 billion in damages in a long-running copyright lawsuit against Google over its use of Java in Android, court filings show. Oracle sued Google six years ago, claiming the search giant needs a license to use parts of the Java platform in Google's market-leading mobile OS. The two companies first went to trial in 2012, but the jury was split on whether or not Google's use of Java was protected by "fair use." Now they're headed back to the courtroom for a new trial scheduled to begin May 9, where Oracle's Larry Ellison and Google's Eric Schmidt will be present. Currently, the sum Oracle is asking for is about 10 times as much as when the two companies went to trial in 2012.

Over the years, several governments and organizations have become increasingly focused on teaching kids how to code. It has given rise to startups such as Codecademy, KhanAcademy and Code.org that are making it easier and more affordable for many to learn how to program. Many believe that becoming literate in code is as essential as being educated in language, science, and math. But can this guarantee you a job? And can coding help you save that job? An anonymous reader cites an interesting article on Fast Company which sheds more light into this: Looking for job security in the knowledge economy? Just learn to code. At least, that's what we've been telling young professionals and mid-career workers alike who want to hack it in the modern workforce. Unfortunately, many have already learned the hard way that even the best coding chops have their limits. More and more, 'learn to code' is looking like bad advice. Anyone competent in languages such as Python, Java, or even Web coding like HTML and CSS, is currently in high demand by businesses that are still just gearing up for the digital marketplace. However, as coding becomes more commonplace, particularly in developing nations like India, we find a lot of that work is being assigned piecemeal by computerized services such as Upwork to low-paid workers in digital sweatshops. This trend is bound to increase.

mmoorebz writes: After three years of development and with over 150 contributors to the code, Apache PDFBox 2.0 has been released. With this release comes enhancements and improvements. The Apache PDFBox library is an open-source Java tool for working with PDF documents. The project allows creation and manipulation of PDF documents, and the ability to extract content from them. Support for forms in open-source PDF viewers is currently disappointing, and I hope this heralds improvement on that front.

An anonymous reader writes: A faulty security patch has left Java users vulnerable to attacks in the past two years, researchers from Polish security firm Security Explorations are claiming. The issue in question is CVE-2013-5838, which was discovered and patched in October 2013. Two years later, going back over their researcher, the same security researchers have now discovered that Oracle had not only misclassified its impact but also botched the fix. In a Full Disclosureexposé, the researcher says that changing four characters in the company's original proof-of-concept code allowed them to exploit the flaw, despite Oracle's patch.

mmoorebz writes: Netflix is known as a place to binge watch television, but behind the scenes, there's a lot that goes on before everyone's favorite show can be streamed. The first step to deploying an application or service is building. Netflix created Nebula, a set of plugins for the Gradle build system, that "help with the heavy-lifting around building applications," said the engineers. Once the code has been built and tested locally using Nebula, the team pushes the updated source code to a Git repository. Every deployment at Neflix begins with the creation of an Amazon Machine Image, and to generate them from source, Netflix created what it calls "the Bakery." It exposes an API that facilitates the creation of AMIs globally, according to the blog. When it comes time to deploy and after the "baking" is complete, teams will use Spinnaker to manage multi-region deployments, canary releases, and red/black deployments. Netflix is continuing to look at the developer experience and determine how it can improve.

Google is releasing Android N Preview to developers today. The early release is meant to collect feedback sooner than usual, and even includes a new way to download the update. Instead of installing a drive image, you can participate in an Android Beta Program that installs pre-release versions over the air (as long as you have a relatively recent Nexus device or the Pixel C). The biggest attraction, by far, is a new multi-window mode, which lets you use split-screen modes on phones and tablets, and even specify minimum allowable dimensions. There's even a picture-in-picture video mode, too, so you can keep watching YouTube while you message your friends. Other improvements in the preview include direct reply notifications that let you reply to a message right from an alert, iOS-style. Also, Android N optionally bundles notifications from the same app so that they don't clutter your view. Marshmallow's Doze feature has been improved to save battery life whenever the screen turns off, and coders can take advantage of Java 8 features. Google is also working to reduce the memory needs of Android via Project Svelte, allowing the Android OS to run smoothly on lower specced devices.