Just when you thought the six-year, $9 billion lawsuit was over, an anonymous reader quotes this report from the Bay Area Newsgroup: Oracle has asked a judge -- again -- to throw out the verdict that found Google rightfully helped itself to Oracle programming code to create the Android operating system... A judge already rejected a bid in May by Oracle to get the verdict thrown out. But the software and cloud company hasn't given up. On July 6, Oracle filed a motion in San Francisco U.S. District Court again asking the same judge, William Alsup, to toss the verdict.

The company cited case law suggesting use is not legal if the user "exclusively acquires conspicuous financial rewards'' from its use of the copyrighted material. Google, said Oracle, has earned more than $42 billion from Android. "Google's financial rewards are as 'conspicuous' as they come, and unprecedented in the case law," Oracle's filing said. Oracle wants the judge to adhere to the narrower and more traditional applications of fair use, "for example, when it is 'criticism, comment, news reporting, teaching ... scholarship, or research.'"

TIOBE's "Programming Community Index" measures the popularity of languages by the number of skilled engineers, courses, and third-party vendors. Their July report indicates that Assembly has become one of the 10 most popular languages: It might come as surprise that the lowest level programming language that exists has re-entered the TIOBE index top 10. Why would anyone write code at such a low level, being far less productive if compared to using any other programming language and being vulnerable to all kinds of programming mistakes? The only reasonable explanation for this is that the number of very small devices that are only able to run assembly code is increasing. Even your toothbrush or coffee machine are running assembly code nowadays. Another reason for adoption is performance. If performance is key, nobody can beat assembly code.
The report also noted that CFML (ColdFusion) jumped from #102 to #66, Maple from #94 to #74, and Tcl from #65 to #48. But Java still remains the #1 most-popular language, with C and C++ still holding the #2 and #3 positions. Over the last five years, C# and Python have risen into the #4 and #5 spots (made possible by PHP's drop to the #6 position) while JavaScript now holds the #7 position (up from #9 in 2011). Visual Basic .NET came in at #8, and Perl at #9.

Media reports, citing anonymous Oracle engineers, noted earlier this week that development of Java EE (Enterprise Edition) projects at Oracle had been "practically ceased" since last fall. This led many to wonder about the future of Java. Well, it's all cosy, says Oracle. The software firm assures that it is "committed" to Java. The Register reports: The Redwood City titan said it will present fresh plans for the future of Java EE 8 at its JavaOne conference in San Francisco in September. Version eight is due to be released in the first half of 2017. However, over the past six months, it appeared Oracle had pretty much ceased development of the enterprise edition -- a crucial component in hundreds of thousands of business applications -- and instead quietly focused its engineers on other products and projects. Oracle spokesman Mike Moeller tonight sought to allay those fears, and said a plan for the future of Java EE is brewing. "Oracle is committed to Java and has a very well defined proposal for the next version of the Java EE specification -- Java EE 8 -- that will support developers as they seek to build new applications that are designed using micro-services on large-scale distributed computing and container-based environments on the Cloud," said Moeller.

While anticipating new features in Java 9, developers also have other concerns, according to an anonymous Slashdot reader: ArsTechnica is reporting that Oracle has quietly pulled funding and development efforts away from Java EE, the server-side Java technology that is part of hundreds of thousands of Internet and business applications. Java EE even plays an integral role for many apps that aren't otherwise based on Java, and customers and partners have invested time and code. It wouldn't be the first time this has happened, but the implications are huge for Java as a platform.
"It's a dangerous game they're playing..." says one member of the Java Community Process Executive Committee. "It's amazing -- there's a company here that's making us miss Sun." Oracle's former Java evangelist even left the company in March and became a spokesman for the "Java EE Guardians," who have now created an online petition asking Oracle to "clarify" its intent and resume development or "transfer ownership of Java EE 8".

An anonymous reader writes: On Monday, Google Maps has received a makeover with 700 trillion pixels of new data added to the service. The Atlantic reports: "The new map, which activates this week for all users of Google Maps and Google Earth, consists of orbital imagery that is newer, more detailed, and of higher contrast than the previous version. Most importantly, this new map contains fewer clouds than before -- only the second time Google has unveiled a "cloudless" map. Google had not updated its low- and medium- resolution satellite map in three years. The new version of the map includes data from Landsat 8, the newer version of the same satellite (Landsat 7, the U.S. government satellite which supplied the older map's imagery data), letting Google clear the ugly artifacts. Google's new update doesn't include imagery at the highest zoom levels, like the kind needed to closely inspect an individual house, pool, or baseball field. Those pictures do not come from Landsat at all, but from a mix of other public and private aerial and space-based cameras, including DigitalGlobe's high-resolution satellites. The image processing for this most recent map was completed entirely in Google Earth Engine, the company's geospatial-focused cloud infrastructure. In fact, the entire algorithm to create the cloudless map was written in Javascript in the Earth Engine development interface."

"Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit," warns ZDNet's blog Zero Day, adding "the severe flaw allows attackers to remotely execute code." Slashdot reader msm1267 writes: A serious parameter injection vulnerability exists in the Swagger Code Generator that could allow an attacker to embed executable code in a Swagger JSON file. The flaw affects NodeJS, Ruby, PHP, Java and likely other programming languages. Researchers at Rapid7 who found the flaw disclosed details...as well as a Metasploit module and a proposed patch for the specification. The matter was privately disclosed in April, but Rapid7 said it never heard a response from Swagger's maintainers.

Swagger produces and consumes RESTful web services APIs; Swagger docs can be consumed to automatically generate client-server code. As of January 1, the Swagger specification was donated to the Open API Initiative and became the foundation for the OpenAPI Specification. The vulnerability lies in the Swagger Code Generator, and specifically in that parsers for Swagger documents (written in JSON) don't properly sanitize input. Therefore, an attacker can abuse a developer's trust in Swagger to include executable code that will run once it's in the development environment.

Apple's web browser Safari 10, which will ship with macOS Sierra, will disable Flash, Java, Silverlight, QuickTime and other plug-ins by default. The move will help the company improve the overall web browsing experience by focusing on HTML5 content. From a post on WebKit blog, authored by Apple's Safari team: When a website directly embeds a visible plug-in object, Safari instead presents a placeholder element with a "Click to use" button. When that's clicked, Safari offers the user the options of activating the plug-in just one time or every time the user visits that website. Here too, the default option is to activate the plug-in only once.

Joe Mullin, reporting for Ars Technica: Google successfully made its case to a jury last month that its use of Java APIs in Android was "fair use," and the verdict rejected Oracle's claim that the mobile system infringed its copyrights. After Google argued its case, though, Oracle filed a motion arguing that the judge should decide as a matter of law that fair use didn't cover it. In the wake of the jury's pro-Google verdict, Oracle's motion was its last hope of a trial victory. It didn't happen; US District Judge William Alsup shot down the motion on Wednesday. The same order also denied Google's motion making similar arguments, filed at the close of trial but before the jury's verdict. Alsup's stinging order [PDF], which rejects Oracle's argument [PDF] on every front, hardly comes as a surprise. But the document provides the first insights as to what Oracle might bring up in an appeal proceeding, which the company has said it will pursue. In the order, Alsup defends how he ran the trial. The evidence and instructions presented to the jury were a mix of mandates from the appeals court, which overruled Alsup on the key issue of API copyrightability, and modifications urged by both sides' lawyers.

Annette Hurst, an attorney at Orrick, Herrington & Sutcliffe who represented Oracle in the recent Oracle v. Google trial, has written an opinion piece for Ars Technica in which she urges developers and creators to not celebrate Google's win in the hard-fought copyright case as the decision -- if remains intact -- is poised to make them "suffer" everywhere and also the free software movement itself "now faces substantial jeopardy." As you're aware, in a verdict earlier this week, a federal court announced that Google's Android operating system didn't infringe on Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." Hurst writes: No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial exploitation fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use." It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy.

The Department of Defense has promised to finally stop managing the U.S. nuclear arsenal with floppy disks "by the end of 2017". But an anonymous reader shares Softpedia's report about another startling revelation this week from the Government Accountability Office: Another agency that plans to upgrade is the US Department of Veterans Affairs, which uses COBOL, a programming language from the '50s to manage a system for employee time and attendance. Unfortunately for the VA, there were funds only to upgrade that COBOL system, because the agency still uses the antiquated programming language to run another system that tracks claims filed by veterans for benefits, eligibility, and dates of death. This latter system won't be updated this year. Another serious COBOL user is the Department of Homeland Security, who employs it to track hiring operations, alongside a 2008 IBM z10 mainframe and a Web component that uses a Windows 2012 server running Java.
Personnel files are serious business. A 2015 leak of the secret service's confidential personnel files for a Utah Congressman (who was leading a probe into high-profile security breaches and other missteps) led the Department of Homeland Security to discipline 41 secret service agents.

infernalC writes: Ars Technica is reporting that the verdict is in, and that the jury decided that Google's duplication of several Java interfaces is fair use. Ars Technica writes that Google's Android OS does not infringe upon Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." The jury unanimously answered "yes" in response to whether or not Google's use of Java APIs was a "fair use" under copyright law. The trial is now over, since Google won. "Google's win somewhat softens the blow to software developers who previously thought programming language APIs were free to use," Ars Technica writes. "It's still the case that APIs can be protected by copyright under the law of at least one appeals court. However, the first high-profile attempt to control APIs with copyright law has now been stymied by a "fair use" defense." The amount Oracle may have asked for in damages could have been as much as $9 billion.

Alphabet CEO Larry Page says his company never considered getting permission from Oracle for using the latter's Java APIs in Android. Page, who appeared in a federal court, said Java APIs are open and free, which warrants them or anyone to use it without explicit permission from Oracle. From an Ars Technica report (edited for clarity): "But you did copy the code and copy the structure, sequence, and organization of the APIs?" Oracle attorney Peter Bicks asked, raising his voice. "I don't agree with 'copy code,'" Page said. "For me, declaring code is not code," Page said. "Have you paid anything to Oracle for using that intellectual property?" Bicks asked. "When Sun established Java, they established it as an open source thing," Page said. "I believe the APIs we used were pretty open. No, we didn't pay for the free and open things." [...] "Was Google seeking a license for Java?" Google lawyer Robert Van Nest asked. "Yes, and a broader deal around other things, like branding and cooperation," Page said. "After discussions with Sun broke off, did you believe Google needed a license for APIs?" Van Nest asked. "No, I did not believe that," Page said. "It was established industry practice that the API and just the headers of those things could be taken and re-implemented. [It must be done] very carefully, not to use any existing implementation of those systems. That's been done many, many times. I think we acted responsibly and carefully around these intellectual property issues."

msm1267 quotes a report from Threatpost: Three dozen global enterprises have been breached by attackers who exploited a single, mitigated vulnerability in SAP business applications. The attacks were carried out between 2013 and are ongoing against large organizations owned by corporations in the United States, United Kingdom, Germany, China, India, Japan, and South Korea, spanning 15 critical industries, researchers at Onapsis said today. [The DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University also published an alert this morning, the first in its history for SAP applications.] The severity of these attacks is high and should put other organizations on notice that are running critical business processes and data through SAP Java apps. The issue lies in the Invoker Servlet, which is part of the standard J2EE specification and enables developers to test custom Java applications. When it is enabled, developers and users can call these servlets over the Internet directly without authentication or authorization controls. Attackers, however, can take advantage of this same functionality to exploit these business critical systems.

Donald Robertson, writing for Free Software Foundation: Proprietary JavaScript is a threat to all users on the Web. When minified, the code can hide all sorts of nasty items, like spyware and other security risks. [...] On March 1st, 2016, the Copyright Office announced a call for comments on an update to their technology infrastructure. We submitted a comment urging them to institute a policy that requires all software they develop and distribute to be free software. Further, we also urged them to not require people to run proprietary software in order to communicate or submit comments to them. Unfortunately, once again, the Copyright Office requires the use of proprietary JavaScript in order to submit the comment and they are only accepting comments online unless a person lacks computer or Internet access. [...] The most absurd part of all this is that other government agencies, while still using Regulations.gov, are perfectly capable of offering alternatives to submission.

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

An anonymous reader writes: Johan Kanflo has managed to make the already small Tiny328 Arduino clone into an even smaller computing platform about the size of a single AA battery. Not only will it fit in a typical AA battery holder, but it will actually draw power from the batteries beside it as it's wired in "backwards" (with the + and - poles reversed). The Arduino platform consists of open-source hardware, open-source software, and microcontroller-based kits, making it easy to (re)program the processors, and develop software for hardware applications using a java-clone and an easy-to-learn IDE. For those interested in the AAduino, Johan has made his creation available online on Github with instructions and schematics to build your own.

An anonymous reader writes: Oracle has released the April 2016 Critical Patch Update, which provides fixes for 136 vulnerabilities in 49 products, including Java SE and MySQL, the company's Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company advised.

An anonymous reader writes: Google and Oracle executives met for six hours Friday in an unsuccessful attempt to resolve an ongoing copyright lawsuit. "Because an agreement couldn't be made, the next phase of the case will head to court in May, where a jury will decide if Google had the right to use certain parts of Oracle's programming language, Java, for free or if it owes Oracle damages..." reports Business Insider. "Last month, Google said that its damages expert strongly disagreed that it should owe Oracle upward of $8 billion for using certain parts of Oracle's software in its smartphone operating system, Android."
Friday's court-ordered talk included both Google CEO Sundar Pichai and Oracle CEO Safra Catz, and it marks the second time the two companies have failed to reach an out-of-court settlement, a fact alluded to by the case's judge in newly-released documents. "After an earlier run at settling this case failed, the court observed that some cases just need to be tried," reports the court docket. "This case apparently needs to be tried twice."

An anonymous reader cites an article on Ars Technica: More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday. About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations. Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors.

An anonymous reader writes: Microsoft's Bing search engine now includes a live code editor, allowing programmers to edit and execute snippets of example code and see the results in real-time. HackerRank announced the new educational tool on their blog, calling it "a streamlined alternative" to Stack Overflow's sites and programming sites, and sharing a video of the new feature providing results for the search "quick sort Java". "In addition to learning how a certain algorithm/code is written in a given language, users will also be able to check how the same solution is constructed in a range of other programming languages too," says Bing's Group Engineering Manager for UX Features, "providing a Rosetta-stone model for programming languages."