Donald Robertson, writing for Free Software Foundation: Proprietary JavaScript is a threat to all users on the Web. When minified, the code can hide all sorts of nasty items, like spyware and other security risks. [...] On March 1st, 2016, the Copyright Office announced a call for comments on an update to their technology infrastructure. We submitted a comment urging them to institute a policy that requires all software they develop and distribute to be free software. Further, we also urged them to not require people to run proprietary software in order to communicate or submit comments to them. Unfortunately, once again, the Copyright Office requires the use of proprietary JavaScript in order to submit the comment and they are only accepting comments online unless a person lacks computer or Internet access. [...] The most absurd part of all this is that other government agencies, while still using Regulations.gov, are perfectly capable of offering alternatives to submission.

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

An anonymous reader writes: Johan Kanflo has managed to make the already small Tiny328 Arduino clone into an even smaller computing platform about the size of a single AA battery. Not only will it fit in a typical AA battery holder, but it will actually draw power from the batteries beside it as it's wired in "backwards" (with the + and - poles reversed). The Arduino platform consists of open-source hardware, open-source software, and microcontroller-based kits, making it easy to (re)program the processors, and develop software for hardware applications using a java-clone and an easy-to-learn IDE. For those interested in the AAduino, Johan has made his creation available online on Github with instructions and schematics to build your own.

An anonymous reader writes: Oracle has released the April 2016 Critical Patch Update, which provides fixes for 136 vulnerabilities in 49 products, including Java SE and MySQL, the company's Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company advised.

An anonymous reader writes: Google and Oracle executives met for six hours Friday in an unsuccessful attempt to resolve an ongoing copyright lawsuit. "Because an agreement couldn't be made, the next phase of the case will head to court in May, where a jury will decide if Google had the right to use certain parts of Oracle's programming language, Java, for free or if it owes Oracle damages..." reports Business Insider. "Last month, Google said that its damages expert strongly disagreed that it should owe Oracle upward of $8 billion for using certain parts of Oracle's software in its smartphone operating system, Android."
Friday's court-ordered talk included both Google CEO Sundar Pichai and Oracle CEO Safra Catz, and it marks the second time the two companies have failed to reach an out-of-court settlement, a fact alluded to by the case's judge in newly-released documents. "After an earlier run at settling this case failed, the court observed that some cases just need to be tried," reports the court docket. "This case apparently needs to be tried twice."

An anonymous reader cites an article on Ars Technica: More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday. About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations. Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors.

An anonymous reader writes: Microsoft's Bing search engine now includes a live code editor, allowing programmers to edit and execute snippets of example code and see the results in real-time. HackerRank announced the new educational tool on their blog, calling it "a streamlined alternative" to Stack Overflow's sites and programming sites, and sharing a video of the new feature providing results for the search "quick sort Java". "In addition to learning how a certain algorithm/code is written in a given language, users will also be able to check how the same solution is constructed in a range of other programming languages too," says Bing's Group Engineering Manager for UX Features, "providing a Rosetta-stone model for programming languages."

An anonymous reader writes: Google has plans to make Apple's Swift object-oriented language a "first-class" language for Android, reports The Next Web. The publication, citing sources, adds that Google doesn't mean to replace the current first-class language for Android -- Java -- at least, "initially." Google sees an "upside" in using Swift, which Apple made open source last year. But a ton of things need to fall into place for this to work. From the report, "All told, Google would have to effectively recreate its efforts with Java -- for Swift. If the company is motivated enough, it's very possible to do so without compromising on its open source values or ruffling any developer feathers along the way." The company is also discussing internally about making Kotlin as a first-class language for Android. "Unlike Swift, Kotlin works with Android Studio, Google's IDE for Android development. Unfortunately, sources tell The Next Web that Google's current mindset is that Kotlin is a bit too slow when compiling."

angry tapir quotes a report from Computerworld: Oracle is seeking as much as $9.3 billion in damages in a long-running copyright lawsuit against Google over its use of Java in Android, court filings show. Oracle sued Google six years ago, claiming the search giant needs a license to use parts of the Java platform in Google's market-leading mobile OS. The two companies first went to trial in 2012, but the jury was split on whether or not Google's use of Java was protected by "fair use." Now they're headed back to the courtroom for a new trial scheduled to begin May 9, where Oracle's Larry Ellison and Google's Eric Schmidt will be present. Currently, the sum Oracle is asking for is about 10 times as much as when the two companies went to trial in 2012.

Over the years, several governments and organizations have become increasingly focused on teaching kids how to code. It has given rise to startups such as Codecademy, KhanAcademy and Code.org that are making it easier and more affordable for many to learn how to program. Many believe that becoming literate in code is as essential as being educated in language, science, and math. But can this guarantee you a job? And can coding help you save that job? An anonymous reader cites an interesting article on Fast Company which sheds more light into this: Looking for job security in the knowledge economy? Just learn to code. At least, that's what we've been telling young professionals and mid-career workers alike who want to hack it in the modern workforce. Unfortunately, many have already learned the hard way that even the best coding chops have their limits. More and more, 'learn to code' is looking like bad advice. Anyone competent in languages such as Python, Java, or even Web coding like HTML and CSS, is currently in high demand by businesses that are still just gearing up for the digital marketplace. However, as coding becomes more commonplace, particularly in developing nations like India, we find a lot of that work is being assigned piecemeal by computerized services such as Upwork to low-paid workers in digital sweatshops. This trend is bound to increase.

mmoorebz writes: After three years of development and with over 150 contributors to the code, Apache PDFBox 2.0 has been released. With this release comes enhancements and improvements. The Apache PDFBox library is an open-source Java tool for working with PDF documents. The project allows creation and manipulation of PDF documents, and the ability to extract content from them. Support for forms in open-source PDF viewers is currently disappointing, and I hope this heralds improvement on that front.

An anonymous reader writes: A faulty security patch has left Java users vulnerable to attacks in the past two years, researchers from Polish security firm Security Explorations are claiming. The issue in question is CVE-2013-5838, which was discovered and patched in October 2013. Two years later, going back over their researcher, the same security researchers have now discovered that Oracle had not only misclassified its impact but also botched the fix. In a Full Disclosureexposé, the researcher says that changing four characters in the company's original proof-of-concept code allowed them to exploit the flaw, despite Oracle's patch.

mmoorebz writes: Netflix is known as a place to binge watch television, but behind the scenes, there's a lot that goes on before everyone's favorite show can be streamed. The first step to deploying an application or service is building. Netflix created Nebula, a set of plugins for the Gradle build system, that "help with the heavy-lifting around building applications," said the engineers. Once the code has been built and tested locally using Nebula, the team pushes the updated source code to a Git repository. Every deployment at Neflix begins with the creation of an Amazon Machine Image, and to generate them from source, Netflix created what it calls "the Bakery." It exposes an API that facilitates the creation of AMIs globally, according to the blog. When it comes time to deploy and after the "baking" is complete, teams will use Spinnaker to manage multi-region deployments, canary releases, and red/black deployments. Netflix is continuing to look at the developer experience and determine how it can improve.

Google is releasing Android N Preview to developers today. The early release is meant to collect feedback sooner than usual, and even includes a new way to download the update. Instead of installing a drive image, you can participate in an Android Beta Program that installs pre-release versions over the air (as long as you have a relatively recent Nexus device or the Pixel C). The biggest attraction, by far, is a new multi-window mode, which lets you use split-screen modes on phones and tablets, and even specify minimum allowable dimensions. There's even a picture-in-picture video mode, too, so you can keep watching YouTube while you message your friends. Other improvements in the preview include direct reply notifications that let you reply to a message right from an alert, iOS-style. Also, Android N optionally bundles notifications from the same app so that they don't clutter your view. Marshmallow's Doze feature has been improved to save battery life whenever the screen turns off, and coders can take advantage of Java 8 features. Google is also working to reduce the memory needs of Android via Project Svelte, allowing the Android OS to run smoothly on lower specced devices.

alphadogg writes to note that just a day after announcing it would be bringing SQL Server to Linux, "Microsoft has announced that it is joining the Eclipse Foundation, an open source community for developers launched more than 10 years ago." Microsoft, which notes that it has worked with the Eclipse Foundation for years "to improve the Java experience across our portfolio of application platform and development services," made the announcement to attendees at EclipseCon, going on in Reston, Va., this week.

An anonymous reader writes: Criminal gangs in Brazil are experimenting with the first malware families that are packaged as JAR files, capable of being deployed to Windows, Linux, Mac, and even Android from the same codebase, instead of relying on 4 different versions. Right now, only the malware dropper, a component used to infect computers with banking trojans, seems to have been coded in Java, but security experts expect a full-blown banking trojan to soon follow.

An anonymous reader writes: Edge, Microsoft's new browser, uses the WinRT PDF library to automatically embed and present PDF files while navigating the web. This is what Java does with applets, and Flash with SWF files -- it unintentionally allows a hacker to append malicious code to PDF files and trigger drive-by attacks, which exploit WinRT vulnerabilities to target Windows 10 users. All that an attacker needs to do is to find and create a database of WinRT vulnerabilities it could leverage to distribute his malware.

An anonymous reader writes: Google will release a faster beta version of Angular 2 in about two weeks, with a smaller version targeted for April. "We're improving our ability to handle different languages," says Google's Brad Green, noting that 213 contributors are currently working on Angular. "Our plan is to have versions that will work with many server-side technologies, from Java to Python." Microsoft has already demonstrated how it's building Angular into ASP.NET and Google is also working with the Drupal team. But Green says they'll also continue supporting Angular 1 for at least another year, until a majority of users have transitioned to the new syntax. Google says there are currently 21.3 million developers using Angular 1, compared to just 300,000 using Angular 2. "We've got a ways go to," Green admitted.

Qbertino writes: Kotlin, one of the challengers to Java's VM, has been released in version 1. Kotlin is object-oriented, statically typed and comes with professional IDE support by Jetbrains — which is no big surprise, since it's the Jetbrains employees who developed the programming language that saw the light of day four years ago. Kotlin is already in real-world use and development will be moving into fleshing out the Kotlin feature set without breaking backwards compatibility. These features include planned support for JavaScript — which sounds interesting considering JS has gained quite some traction recently. Kotlin is FOSS and is released under the Apache license.

itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.