Mike Masnick, reporting for TechDirt: Last week, the Solicitor General of the White House weighed in on Google's request for the Supreme Court to overturn the Federal Circuit's ridiculously confused ruling in the Oracle/Google case concerning the copyrightability of APIs (and whether or not repurposing them is fair use). Not surprisingly, as the Solicitor General has been siding with Oracle all along, it suggests that the Supreme Court not hear the case. Of course, it does so by completely misrepresenting what's at stake in the case -- pretending that this is about whether or not software source code is copyright-eligible:

"This case concerns the copyrightability of computer code. To induce a computer to perform a function, a person must give the computer written instructions. Typically, those instructions are written in 'source code,' which consists of words, numbers, and symbols in a particular 'programming language,' which has its own syntax and semantics. The source code is then converted into binary 'object code' -- ones and zeros -- that is readable by the computer.

It is both 'firmly established' and undisputed in this case that computer code can be copyrightable as a 'literary work[].' 1 Melville B. Nimmer & David Nimmer, Nimmer on Copyright & 2A.10[B] (2019). Section 101 defines a 'computer program' as 'a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result.' 17 U.S.C. 101. And various Copyright Act provisions recognize that a person may own a copyright in a 'computer program.'"

Masnick adds: Except... that's not what this case is about. Even remotely. Literally no one denies that software source code is subject to copyright. The question is whether or not an Application Programming Interface -- an API -- is subject to copyright.

An anonymous reader quotes Tom's Hardware: One Raspberry Pi can make a nice web server, but what happens if you put more than 1,000 of them together? At Oracle's OpenWorld convention on Monday, the company showed off a Raspberry Pi Supercomputer that combines 1,060 Raspberry Pis into one powerful cluster.

According to ServeTheHome, which first reported the story, the supercomputer features scores of racks with 21 Raspberry Pi 3 B+ boards each. To make everything run well together, the system runs on Oracle Autonomous Linux... Every unit connects to a single rebranded Supermicro 1U Xeon server, which functions as a central storage server for the whole supercomputer. The Oracle team also created custom, 3D printed brackets to help support all the Pis and connecting components...

ServeTheHome asked Oracle why it chose to create a cluster of Raspberry Pis instead of using a virtualized Arm server and one company rep said simply that "...a big cluster is cool."

An anonymous reader quotes a report from TechCrunch: Silicon Valley is terrified. In a little over three months, California will see the widest-sweeping state-wide changes to its privacy law in years. California's Consumer Privacy Act (CCPA) kicks in on January 1 and rolls out sweeping new privacy benefits to the state's 40 million residents -- and every tech company in Silicon Valley. California's law is similar to Europe's GDPR. It grants state consumers a right to know what information companies have on them, a right to have that information deleted and the right to opt-out of the sale of that information.

Since the law passed, tech giants have pulled out their last card: pushing for an overarching federal bill. In doing so, the companies would be able to control their messaging through their extensive lobbying efforts, allowing them to push for a weaker statute that would nullify some of the provisions in California's new privacy law. In doing so, companies wouldn't have to spend a ton on more resources to ensure their compliance with a variety of statutes in multiple states. Just this month, a group of 51 chief executives -- including Amazon's Jeff Bezos, IBM's Ginni Rometty and SAP's Bill McDermott -- signed an open letter to senior lawmakers asking for a federal privacy bill, arguing that consumers aren't clever enough to "understand rules that may change depending upon the state in which they reside." Then, the Internet Association, which counts Dropbox, Facebook, Reddit, Snap, Uber (and just today ZipRecruiter) as members, also pushed for a federal privacy law. "The time to act is now," said the industry group. If the group gets its wish before the end of the year, the California privacy law could be sunk before it kicks in. TechNet, a "national, bipartisan network of technology CEOs and senior executives," also demanded a federal privacy law, claiming -- and without providing evidence -- that any privacy law should ensure "businesses can comply with the law while continuing to innovate." Its members include major venture capital firms, including Kleiner Perkins and JC2 Ventures, as well as other big tech giants like Apple, Google, Microsoft, Oracle and Verizon

"It's no accident that the tech industry launched this campaign right after the California legislature rejected their attempts to undermine the California Consumer Privacy Act," Jacob Snow, a technology and civil liberties attorney at the ACLU of Northern California, told TechCrunch. "Instead of pushing for federal legislation that wipes away state privacy law, technology companies should ensure that Californians can fully exercise their privacy rights under the CCPA on January 1, 2020, as the law requires."

An anonymous reader quotes ZDNet: While Sun open-sourced some of Java as long ago as November 2006, actually using Java in an open-source way was... troublesome. Just ask Google about Android and Java. But for Java in the enterprise things have changed. On September 10, The Eclipse Foundation announced the full open-source release of the Jakarta EE 8 Full Platform and Web Profile specifications and related Technology Compatibility Kits (TCKs).

This comes after Oracle let go of most of Java Enterprise Edition's (JEE) intellectual property. Oracle retains Java's trademarks though -- thus Java EE's naming convention has been changed to Jakarta EE. But for practical programming and production purposes Jakarta EE 8 is the next generation of enterprise Java.... Jakarta EE 8 also includes the same APIs and Javadoc using the same programming model Java developers have always used. The Jakarta EE 8 TCKs are based on and fully compatible with Java EE 8 TCKs. All of this means enterprise customers will be able to migrate to Jakarta EE 8 without any changes to Java EE 8 applications.

Eclipse hasn't been doing this in a vacuum. Fujitsu, IBM, Oracle, Payara, Red Hat, Tomitribe, and other members of what was once the Java community have been working on Jakarta EE... All of the Jakarta EE Working Group vendors intend to certify their Java EE 8 compatible implementations as Jakarta EE 8 compatible. In other words, Jakarta is the future for Java EE.
Oracle is now working on delivering a Java EE 8 and Jakarta EE 8 compatible implementation of their WebLogic Server.

The Eclipse Foundation says Jakarta EE 8's release "provides a new baseline for the evolution and innovation of enterprise Java technologies under an open, vendor-neutral, community-driven process."

You really have to give Oracle a lot of points for persistence, especially where the $10 billion JEDI cloud contract procurement process is concerned. An anonymous reader shares a report:For more than a year, the company has been complaining across every legal and government channel it can think of. In spite of every attempt to find some issue with the process, it has failed every time. That did not stop it today from filing a fresh appeal of last month's federal court decision that found against the company . Oracle refuses to go quietly into that good night, not when there are $10 billion federal dollars on the line, and today the company announced it was appealing Federal Claims Court Senior Judge Eric Bruggink's decision.

An anonymous reader quotes a report from TechCrunch: Three years after closing a $9.3 billion deal to acquire NetSuite, several Oracle board members have written an extraordinary letter to the Delaware Court, approving a shareholder lawsuit against company executives Larry Ellison and Safra Catz over the 2016 deal. Reuters broke this story. According to Reuters' Alison Frankel, three board members, including former U.S. Defense Secretary Leon Panetta, sent a letter on August 15th to Sam Glasscock III, vice chancellor for the Court of the Chancery in Georgetown, Delaware, approving the suit as members of a special board of directors entity known as the Special Litigation Committee.

The lawsuit is what is called in legal parlance a derivative suit. According to the site Justia, this type of suit is filed in cases like this. "Since shareholders are generally allowed to file a lawsuit in the event that a corporation has refused to file one on its own behalf, many derivative suits are brought against a particular officer or director of the corporation for breach of contract or breach of fiduciary duty," the Justia site explained. The letter went on to say there was an attempt to settle this suit, which was originally launched in 2017, through negotiation outside of court, but when that attempt failed, the directors wrote this letter to the court stating that the suit should be allowed to proceed. As Frankel wrote in her article, the lawsuit, which was originally filed by the Firemen's Retirement System of St. Louis, could be worth billions. The report notes that Oracle was struggling to find its cloud footing in 2016, so it's "believed that by buying an established SaaS player like NetSuite, it could begin to build out its cloud business much faster than trying to develop something like it internally."

The Oracle letter can be found here.

Software company VMware on Thursday said it's acquiring Carbon Black at an enterprise value of $2.1 billion and Pivotal at an enterprise value of $2.7 billion. The deals are expected to close by the end of January 2020. From a report: These are VMware's largest acquisitions yet. The deals build on VMware's strength helping companies run their software in their own data centers. They could help VMware compete better in the security market and hybrid-cloud infrastructure operations. VMware isn't talking about cost synergies that could come out of buying two other enterprise-focused companies. However, CEO Pat Gelsinger told CNBC the companies will be operating profitably under VMware next year. Gelsinger said that by year two, Carbon Black and Pivotal will have contributed more than $1 billion in revenue incrementally, which will mean VMware will have more than $3 billion in hybrid cloud and software-as-a-service revenue.

Carbon Black was founded in 2002 and debuted on the Nasdaq under the symbol "CBLK" in May 2018. The company provides anti-malware and endpoint protection products that can see into many of a company's devices and tell if they have been hacked. [...] Pivotal and VMware go way back: The company was created from assets spun out of VMware and Dell (VMware's controlling owner) in 2013. Its products help companies build and deploy their software across different server infrastructure, including public clouds. Competitors include IBM, Oracle and SAP, among others, as well as cloud providers such as Amazon and Microsoft. Pivotal's customers include Boeing, Citi, Ford and Home Depot, according to its website.

DevNull127 writes: Hiring is broken and yours is too," argues a New York-based software developer whose LinkedIn profile says he's worked at both Amazon and Google, as well as doing architecture verification work for both Oracle and Intel. Summarizing what he's read about hiring just this year in numerous online articles, he lists out the arguments against virtually every popular hiring metric, ultimately concluding that "Until and unless someone does a rigorous scientific study evaluating different interviewing techniques, preferably using a double-blind randomized trial, there's no point in beating this dead horse further. Everyone's hiring practices are broken, and yours aren't any better."

For example, as a Stanford graduate he nonetheless argues that "The skills required for getting into Stanford at 17 (extracurriculars, SAT prep etc) do not correlate to job success as a software developer. How good a student you were at 17, is not very relevant to who you are at 25." References are flawed because "People will only ever list references who will say good things about them," and they ultimately punish people who've had bad managers. But asking for source code from past sides projects penalizes people with other interests or family, while "most work product is confidential."

Brain teasers "rely on you being lucky enough to get a flash of inspiration, or you having heard it before," and are "not directly related to programming. Even Google says it is useless." And live-coding exercises are "artificial and contrived," and "not reflective of practical coding," while pair programming is unrealistic, with the difficulty of the tasks varying from day to day.

He ultimately criticizes the ongoing discussion for publicizing the problems but not the solutions. "How exactly should we weigh the various pros and cons against each other and actually pick a solution? Maybe we could maybe try something novel like data crunch the effectiveness of each technique, or do some randomized experiments to measure the efficacy of each approach? Lol, j/k. Ain't nobody got time for that!"

President Donald Trump said on Thursday that he's seriously considering looking at a Pentagon contract that's said to be worth up to $10 billion for Microsoft or Amazon. From a report: "I never had something where more people are complaining," Trump said, adding that he's going to take a close look at it. "We're getting tremendous complaints from other companies," Trump said in a press pool at the White House during a meeting with the prime minister of The Netherlands. "Some of the greatest companies in the world are complaining about it." He named Microsoft, Oracle and IBM.

Since April, Microsoft and Amazon have been the only remaining competitors for the contract after IBM and Oracle were ruled out by the Defense Department. The contract, known as JEDI, is viewed as a marquee deal for the company that ultimately wins it, particularly as Microsoft and Amazon are aggressively pursuing government work for their expanding cloud units. While Trump didn't cite Amazon CEO Jeff Bezos by name on Thursday, the billionaire executive has been a constant source of frustration for the president. Bezos owns the Washington Post, which Trump regularly criticizes for its coverage of his administration. Trump also has gone after Amazon repeatedly for, as he claims, not paying its fair share of taxes and ripping of the U.S. Post Office.

Last year, Oracle filed a lawsuit against the U.S. government complaining about the procurement process around the Pentagon's $10 billion, decade-long JEDI cloud contract. "They claimed a potential conflict of interest on the part of a procurement team member (who was a former AWS employee)," reports TechCrunch. "Today, that case was dismissed in federal court." From the report: In dismissing the case, Federal Claims Court Senior Judge Eric Bruggink ruled that the company had failed to prove a conflict in the procurement process, something the DOD's own internal audits found in two separate investigations. Judge Bruggink ultimately agreed with the DoD's findings: "We conclude as well that the contracting officer's findings that an organizational conflict of interest does not exist and that individual conflicts of interest did not impact the procurement, were not arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law. Plaintiff's motion for judgment on the administrative record is therefore denied."

Today's ruling opens the door for the announcement of a winner of the $10 billion contract, as early as next month. The DoD previously announced that it had chosen Microsoft and Amazon as the two finalists for the winner-take-all bid.

An excerpt from a post on Trail of Bits: From major open source projects to exciting new proprietary software, we've seen it all. But one common denominator in all of these systems is that for some inexplicable reason people still seem to think RSA is a good cryptosystem to use. Let me save you a bit of time and money and just say outright -- if you come to us with a codebase that uses RSA, you will be paying for the hour of time required for us to explain why you should stop using it. RSA is an intrinsically fragile cryptosystem containing countless foot-guns which the average software engineer cannot be expected to avoid. Weak parameters can be difficult, if not impossible, to check, and its poor performance compels developers to take risky shortcuts. Even worse, padding oracle attacks remain rampant 20 years after they were discovered. While it may be theoretically possible to implement RSA correctly, decades of devastating attacks have proven that such a feat may be unachievable in practice.

An anonymous reader quotes a report from The Register: Ahead of its first day in a U.S. federal claims court in Washington DC, Oracle has outlined its position against the Pentagon's award of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract to Amazon Web Services. Big Red's lengthy filing questions the basis of Uncle Sam's procurement procedure as well as Amazon's hiring of senior Department of Defense staff involved in that procurement process. Oracle's first day in court is set for 10 July. The JEDI deal could be worth up to $10 billion over 10 years. The Department of Defense handed the contract to AWS after deciding that only Amazon and Microsoft could meet the minimum security standards required in time.

Oracle's filing said that U.S. "warfighters and taxpayers have a vested interest in obtaining the best services through lawful, competitive means... Instead, DoD (with AWS's help) has delivered a conflict-ridden mess in which hundreds of contractors expressed an interest in JEDI, over 60 responded to requests for information, yet only the two largest global cloud providers can clear the qualification gates." The company said giving JEDI, with its "near constant technology refresh requirements", to just one company was in breach of procurement rules. It accused the DoD of gaming the metrics used in the process to restrict competition for the contract. Oracle also accused Amazon of breaking the rules by hiring two senior DoD staff, Deap Ubhi and Anthony DeMartino, who were involved in the JEDI procurement process. Ubhi is described as "lead PM." A third name is redacted in the publicly released filing. The DoD, which is expected to make an offer to settle the case in late August, said in a statement: "We anticipate a court decision prior to that time. The DoD will comply with the court's decision. While the acquisition and litigation processes are proceeding independently the JEDI implementation will be subject to the determination of the court."

The 50-page filing can be found here (PDF).

Oracle has sent the following email to customers of DYN service: Since Oracle acquired Dyn in 2016 (and subsequently acquired Zenedge), the engineering teams have been working diligently to integrate Dyn;s products and network into the Oracle Cloud Infrastructure. With the completion of this upgrade to Oracle Cloud Infrastructure. Oracle is announcing the end-of-life for the free Standard DNS service in favor of the enhanced, paid subscription version on the Oracle Cloud Infrastructure platform. On May 31, 2020, the 'EOL Date', the Standard DNS will be retired and will no longer be available. The following capabilities are not currently supported in Oracle Cloud Infrastructure DNS: Webhop (HTTP redirect), Dynamic DNS, Zone transfer to external nameservers, and DNSSEC.

For years, companies like Oracle and IBM invested heavily to build new markets in China for their industry-leading databases. Now, boosted in part by escalating U.S. tensions, one Chinese upstart is stepping in, winning over tech giants, startups and financial institutions to its enterprise software. From a report: Beijing-based PingCAP already counts more than 300 Chinese customers. Many, including food delivery giant Meituan, its bike-sharing service Mobike, video streaming site iQIYI and smartphone maker Xiaomi are migrating away from Oracle and IBM's services toward PingCAP's, encapsulating a nation's resurgent desire to Buy China. PingCAP's ascendancy comes as the U.S. cuts Huawei off from key technology, sending chills through the country's largest entities while raising questions about the security of foreign-made products. That's a key concern as Chinese companies modernize systems in every industry from finance and manufacturing to healthcare by connecting them to the internet.

An anonymous reader quotes a report from Ars Technica: Oracle on Tuesday published an out-of-band update patching a critical code-execution vulnerability in its WebLogic server after researchers warned that the flaw was being actively exploited in the wild. The vulnerability, tracked as CVE-2019-2729, allows an attacker to run malicious code on the WebLogic server without any need for authentication. That capability earned the vulnerability a Common Vulnerability Scoring System score of 9.8 out of 10. The vulnerability is a deserialization attack targeting two Web applications that WebLogic appears to expose to the Internet by default -- wls9_async_response and wls-wsat.war. The flaw in Oracle's WebLogic Java application servers came to light as a zero-day four days ago when it was reported by security firm KnownSec404.

An anonymous reader reminded us about the open source reimplementation of Java Web Start, a framework originally developed by Sun Microsystems that allowed users to more easily run Java applications in an applet-like sandbox using a web browser.

From OpenWebStart.com: Java Web Start (JWS) was deprecated in Java 9, and starting with Java 11, Oracle removed JWS from their JDK distributions. This means that clients that have the latest version of Java installed can no longer use JWS-based applications. And since public support of Java 8 has ended in Q2/2019, companies no longer get any updates and security fixes for Java Web Start.

This is why we decided to create OpenWebStart, an open source reimplementation of the Java Web Start technology. Our replacement will provide the most commonly used features of Java Web Start and the JNLP standard, so that your customers can continue using applications based on Java Web Start and JNLP without any change.
Red Hat is apparently involved in its parent project, IcedTea-Web, which it distributes as part of their Windows OpenJDK distribution.

Microsoft and Oracle announced a new alliance today that will see the two companies directly connect their clouds over a direct network connection so that their users can then move workloads and data seamlessly between the two. This alliance goes a bit beyond just basic direct connectivity and also includes identity interoperability. TechCrunch reports: This kind of alliance is relatively unusual between what are essentially competing clouds, but while Oracle wants to be seen as a major player in this space, it also realizes that it isn't likely to get to the size of an AWS, Azure or Google Cloud anytime soon. For Oracle, this alliance means that its users can run services like the Oracle E-Business Suite and Oracle JD Edwards on Azure while still using an Oracle database in the Oracle cloud, for example. With that, Microsoft still gets to run the workloads and Oracle gets to do what it does best (though Azure users will also continue be able to run their Oracle databases in the Azure cloud, too).

For now, the direct interconnect between the two clouds is limited to Azure US East and Oracle's Ashburn data center. The two companies plan to expand this alliance to other regions in the future, though they remain mum on the details. It'll support applications like JD Edwards EnterpriseOne, E-Business Suite, PeopleSoft, Oracle Retail and Hyperion on Azure, in combination with Oracle databases like RAC, Exadata and the Oracle Autonomous Database running in the Oracle Cloud.

Google "officially declared Kotlin the go-to language for Android development last week at its Google I/O developer conference," reports Mike Melanson's "This Week in Programming" column, "and the company is backing that up with a couple of initiatives around making it easier (and free) to learn the language now used by a majority of Android developers." Google teamed up with Udacity to offer Developing Android Apps with Kotlin , a free, self-paced online course on how to build Android apps with Jetpack and Kotlin, meant for people who have programming experience and are comfortable with Kotlin basics. Google also announced "Kotlin/Everywhere, a series of community-driven events focussing on the potential of Kotlin on all platforms," which it is putting on in conjunction with JetBrains.

Of course, this leaves the question that has been asked many times before -- why Kotlin? -- and IT consultant Kristen Carter offers a take on how Android app development became Kotlin-first. Carter offers some business angles, such as the 2010 lawsuit against Google by Oracle, which predates Kotlin by just a year, and she speculates may have been the impetus behind the language's development as "Google has always wanted to get away from the [Java] ecosystem." At the same time, Carter offers some language-specific reasoning too, such as the comparably succinct nature of Kotlin, the absence of Java's NullPointerExceptions, and the ease with which Java developers could transition to Kotlin. Carter ends her piece by posing the possibility that Oracle "knows the significance of Java in android app development" and could "ship Java with a few upgrades in its next version to take on Kotlin."

"Whether it is consumers' data or competitors' code, Google's view seems to be the same: What's mine is mine, and what's yours is mine," argues Oracle executive vice president Kenneth Glueck.

Google had urged America's Supreme Court to rule in their ongoing legal case about access to Java's APIs, a case which Google says hinges on "whether developers should be able to create new applications using standard ways of accessing common functions. Those functions are the building blocks of computer programming, letting developers easily assemble the range of applications and tools we all use every day. Making it harder to connect with those functions would lock developers into existing platforms, thus reducing competition and, ultimately, hurting consumers. Access to software interfaces like these is the key to interoperability, the foundation of great software development."

That editorial -- written by Google's senior vice president for global affairs, Kent Walker, notes that 175 startups, developers, academics and other tech companies (including Microsoft) are also asking the Supreme Court to hear this case. Google warns of a risk to innovation posed if companies like Oracle become "gatekeepers to interoperability," calling it "a defining battle of the digital era."

Oracle's executive responds that "There are many 'defining battles' of the digital era -- 5G, Artificial Intelligence, autonomous devices -- but Oracle v. Google is surely not among them." Only in Google's world does weaker intellectual property protection lead to more innovation. It is settled in law and in economics that the opposite is true. And at a time when the U.S. is circling the globe to enhance the protection of U.S. intellectual property -- including strong copyright protection -- Google takes the opposite view...

In a stunning what's-up-is-down and down-is-up statement, Walker attempts to wrap Google in the cloak of interoperability. Java defined the era of interoperability with its "write once, run everywhere" architecture. It was Google that copied Java, built Android around it, and altered it so it was only interoperable with itself (i.e., write once, run only on Google). Android killed Java interoperability, and now Google argues that killing interoperability is good for interoperability?

Those facts are not in dispute. The only issue in dispute is Google's assertion that its actions were all "fair." On this point, the federal circuit court clearly analyzed and methodically decided against Google's fair-use defense. This makes sense because, under no interpretation of fair use, may you copy a competitor's software code and turn around and compete against that competitor in the marketplace. Hard stop... There is no matter of law in question, nor is there a conflict among circuit courts. Google was caught killing interoperability and is now trying to concoct a new "we are too important" legal defense.
Reuters reports that this week the Supreme Court asked the White House "to offer its views on whether it should hear Google's bid to end Oracle's copyright infringement lawsuit."

Hackers have broken into an internet infrastructure firm that provides services to dozens of the world's largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard reported Tuesday. From the report: The attackers have also threatened to release data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material. Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company's website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday. "Citycomp has been hacked and blackmailed and the attack is ongoing," Bartsch wrote. "We have to be careful as the whole case is under police investigation and the attacker is trying all tricks."