Oracle has changed the way it charges users to run its software in Amazon Web Services, effectively doubling the cost along the way. From a report: Big Red's previous licensing regime recognised that AWS's virtual CPUs were a single thread of a core that runs two threads. Each virtual CPU therefore counted as half a core. That's changed: Oracle's new cloud licensing policy says an AWS vCPU is now treated as a full core if hyperthreading is not enabled. A user hiring two AWS vCPUS therefore needs to pay full freight for both, effectively doubling the number of Oracle licences required to run Big Red inside AWS. And therefore doubling the cost as well. The new policy also says: "When counting Oracle Processor license requirements in Authorized Cloud Environments, the Oracle Processor Core Factor Table is not applicable." That table says Xeons cores count as half a licence. Making the Table inapplicable to the cloud again doubles the licence count required.

An anonymous reader writes: According to the Mercury News, Oracle is laying off approximately 450 employees in its Santa Clara hardware systems division. Reports at The Layoff, a discussion board for technology business firings, claim about 1,800 employees company-wide are being pink-slipped. Oracle claims the company isn't closing the Santa Clara facility with this reduction in force. Instead, "Oracle is refocusing its Hardware Systems business, and for that reason, has decided to lay off certain of its employees in the Hardware Systems Division."

An anonymous reader quotes BleepingComputer: Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running. Oracle originally planned MD5's deprecation for the current Critical Patch Update, released this week, which included a whopping 270 security fixes, one of the biggest security updates to date. The company decided to give developers and companies more time to prepare and delayed MD5's deprecation for the release of Oracle Java SE 8u131 and the next Java CPU, scheduled for release in April...

Oracle removed MD5 as a default code signing option from Java SE 6, released in 2006. Despite this, there will be thousands of Java apps that will never be resigned. For this, Oracle will allow system administrators to set up custom deployment rule sets and exception site lists to allow Java applets and Java Web Start applications signed with MD5 to run. Sometimes in the second half of 2017, Oracle also plans to change the minimum key length for Diffie-Hellman algorithms to 1024 bits. These updates are part of Oracle's long-standing plan for changes to the security algorithms in the Oracle Java Runtime Environment and Java SE Development Kit.

bobthesungeek76036 writes: According to The Register, Solaris 12 has been removed from Oracle roadmaps. This pretty much signals the demise of Solaris (as if we didn't already know that...) From the report: "The new blueprint -- dated January 13, 2017 -- omits any word of Solaris 12 that Oracle included in the same document's 2014 edition, instead mentioning 'Solaris 11.next' as due to debut during this year or the next complete with 'Cloud Deployment and Integration Enhancements.' At the time of writing, search engines produce no results for 'Solaris 11.next.' The Register has asked Oracle for more information. The roadmap also mentions a new generation of SPARC silicon in 2017, dubbed SPARC Next, and then in 2020 SPARC Next+. The speeds and capabilities mentioned in the 2017 document improve slightly on those mentioned in the 2014 roadmap.

An anonymous reader quotes a report from USA Today: Oracle is being sued by the Labor Department for paying white men more than their counterparts and for favoring Asian workers when recruiting and hiring for technical roles. The administrative lawsuit is the latest from the Labor Department to take aim at the human resources practices of major technology companies. The Labor Department warned the lawsuit could cost Oracle hundreds of millions in federal contracts. Oracle makes software and hardware used by the federal government. "The complaint is politically motivated, based on false allegations, and wholly without merit," Oracle spokesman Deborah Hellinger said in a statement. "Oracle values diversity and inclusion, and is a responsible equal opportunity and affirmative action employer. Our hiring and pay decisions are non-discriminatory and made based on legitimate business factors including experience and merit." The lawsuit is the result of an Office of Federal Contract Compliance Programs review of Oracle's equal employment opportunity practices, the Labor Department said. According to the lawsuit, Oracle America paid white male workers more, leading to pay discrimination against women, African American and Asian employees. The Labor Department also accused Oracle of favoring Asians for product development and other technical roles, resulting in discrimination against non-Asian applicants. Oracle refused to comply with the Labor Department's investigation, which began in 2014, such as refusing to provide compensation data for all employees, complete hiring data for certain business lines and employee complaints of discrimination, according to the federal agency.

An anonymous reader writes: According to CVE Details, a website that aggregates historical data on security bugs that have received a CVE identifier, during 2016, security researchers have discovered and reported 523 security bugs in Google's Android OS, winner by far of this "award." The rest of the top 10 is made up by Debian (319 bugs), Ubuntu (278 bugs), Adobe Flash Player (266 bugs), openSUSE Leap (259 bugs), openSUSE (228 bugs), Adobe Acrobat DC (227 bugs), Adobe Acrobat Reader DC (227 bugs), Adobe Acrobat (224 bugs), and the Linux Kernel (216 bugs).

When it comes to software vendors, the company for which the largest number of new CVE numbers have been assigned was Oracle, with a whopping 798 CVEs, who edged out Google (698 bugs), Adobe (548 bugs), Microsoft (492 bugs), Novell (394), IBM (382 bugs), Cisco (353 bugs), Apple (324 bugs), Debian Project (320 bugs), and Canonical (280 bugs).

An anonymous reader quotes a report from International Business Times: According to a report from ProPublica, the world's largest social network knows far more about its users than just what they do online. What Facebook can't glean from a user's activity, it's getting from third-party data brokers. ProPublica found the social network is purchasing additional information including personal income, where a person eats out and how many credit cards they keep. That data all comes separate from the unique identifiers that Facebook generates for its users based on interests and online behavior. A separate investigation by ProPublica in which the publication asked users to report categories of interest Facebook assigned to them generated more than 52,000 attributes. The data Facebook pays for from other brokers to round out user profiles isn't disclosed by the company beyond a note that it gets information "from a few different sources." Those sources, according to ProPublica, come from commercial data brokers who have access to information about people that isn't linked directly to online behavior. The social network doesn't disclose those sources because the information isn't collected by Facebook and is publicly available. Facebook does provide a page in its help center that details how to get removed from the lists held by third-party data brokers. However, the process isn't particularly easy. In the case of the Oracle-owned Datalogix, users who want off the list have to send a written request and a copy of a government-issued identification in the mail to Oracle's chief privacy officer. Another data collecting service, Acxiom, requires users provide the last four digits of their social security number to see the information the company has gathered about them.

Java SE is free, but Java SE Suite and various flavors of Java SE Advanced are not, and now Oracle "is massively ramping up audits of Java customers it claims are in breach of its licenses," reports the Register. Oracle bought Java with Sun Microsystems in 2010 but only now is its License Management Services division chasing down people for payment, we are told by people familiar with the matter. The database giant is understood to have hired 20 individuals globally this year, whose sole job is the pursuit of businesses in breach of their Java licenses... Huge sums of money are at stake, with customers on the hook for multiple tens and hundreds of thousands of dollars.
Slashdot reader rsilvergun writes, "Oracle had previously sued Google for the use of Java in Android but had lost that case. While that case is being appealed, it remains to be seen if the latest push to monetize Java is a response to that loss or part of a broader strategy on Oracle's part." The Register interviewed the head of an independent license management service who says Oracle's even targeting its own partners now.

But after acquiring Sun in 2010, why did Oracle's License Management Services wait a full six years? "It is believed to have taken that long for LMS to devise audit methodologies and to build a detailed knowledge of customers' Java estates on which to proceed."

A confab of tech titans had a "productive" meeting with President-elect Donald Trump at Trump Tower on Wednesday, Amazon CEO Jeff Bezos told CNBC, as Trump moved to mend fences with Silicon Valley before taking office in January. Apple, Alphabet, Microsoft, Amazon, Facebook, Intel, Oracle, IBM, Cisco and Tesla were among the C-suite executives in attendance, with Apple CEO Tim Cook and Tesla CEO Elon Musk expected to get private briefings, according to transition staff. From the report: "We want you to keep going with the incredible innovation," Trump said. "There's no one like you in the world. ... anything we can do to help this go along, we're going to be there for you. You can call my people, call me -- it makes no difference -- we have no formal chain of command around here." At the meeting, Trump introduced billionaire Wilbur Ross, his Commerce secretary pick, and Goldman Sachs executive Gary Cohn, his choice for director of the National Economic Council. "They're going to do fair trade deals," Trump said. "They're going to make it easier for you to trade across borders, because there are a lot of restrictions, a lot of problems. If you have any ideas on that, that would be great."

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks.

Oracle announced today it is buying DNS provider Dyn, a company that was in the press lately after it was hit by a large-scale DDoS attack in October that resulted in many popular websites becoming inaccessible. From a TechCrunch report:Oracle plans to add Dyn's DNS solution to its bigger cloud computing platform, which already sells/provides a variety of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) products. Oracle and Dyn didn't disclose the price of the deal but we are trying to find out. Dan Primack reports that it's around $600 million. We've also asked for a comment from Oracle about Dyn's recent breach, and whether the wheels were set in motion for this deal before or after the Mirai botnet attack in October.

"MongoDB is increasingly encroaching on Oracle's database lead -- with enterprises becoming more and more confident with the maturing NoSQL technology," according to Diginomica, citing this new interview with CEO Dev Ittycheria: 30% of our business is migration off existing workloads to us. Two years ago it was 5%. Ditching Oracle and others, but mainly Oracle... one of the nice benefits of being in this market is that Oracle has done a great job of alienating its customer base... if there are performance reasons, regulatory reasons, developer demand -- [people] will change... We have grown business by 2.5X over last two years. And our employee base has pretty much doubled.
One reason he cites is Oracle's higher prices on their top-line products, saying MongoDB's new customers include "a large bank, whose logo you would recognize instantly [with] a very sophisticated equities trading platform." Ittycheria says MongoDB is now a nine-figure business, and after they launched their new database-as-a-service product Atlas last June, "the growth in that business has been off the charts."

An anonymous reader quotes InfoWorld: Sun Microsystems officially open-sourced Java on November 13, 2006... "The source code for Java was available to all from the first day it was released in 1995," says [Java creator James] Gosling, who is now chief architect at Liquid Robotics. "What we wanted out of that was for the community to help with security analysis, bug reporting, performance enhancement, understanding corner cases, and a whole lot more. It was very successful." Java's original license, Gosling says, allowed people to use the source code internally but not redistribute. "It wasn't 'open' enough for the 'open source' crowd," he says... While Gosling has taken Oracle to task for its handling of Java at times, he sees the [2006] open-sourcing as beneficial. "It's one of the most heavily scrutinized and solid bodies of software you'll find. Community participation was vitally important..."

A former Oracle Java evangelist, however, sees the open source move as watered down. "Sun didn't open-source Java per se," says Reza Rahman, who has led a recent protest against Oracle's handling of enterprise Java. "What they did was to open-source the JDK under a modified GPL license. In particular, the Java SE and Java EE TCKs [Technology Compatibility Kits] remain closed source."
Rahman adds that "Without open-sourcing the JDK, I don't think Java would be where it is today."

Amazon Web Services, a division of Amazon that offers cloud computing and storage services, has released a container image of its Amazon Linux operating system -- which has, until now, only been accessible on AWS virtual machine instances -- that customers can now deploy on their own servers. From a report on VentureBeat: Of course, other Linux distributions are available for use in companies' on-premises data centers -- CentOS, CoreOS, Red Hat Enterprise Linux, Canonical's Ubuntu, and so on. Now companies that are used to Amazon Linux in the cloud can work with it on-premises, too. It's available from AWS' EC2 Container Registry. Amazon Linux is not currently available for instant deployment on other public clouds, whether Oracle's, Google's, Microsoft's, or IBM's. "It is built from the same source code and packages as the AMI and will give you a smooth path to container adoption," AWS chief evangelist Jeff Barr wrote in a blog post. "You can use it as-is or as the basis for your own images."

An anonymous reader quotes a report from Ars Technica: The massive Oracle v. Google litigation has entered a new phase, as Oracle filed papers (PDF) yesterday saying it will appeal its loss on "fair use" grounds to the U.S. Court of Appeals for the Federal Circuit. For a brief recap of the case: after Oracle purchased Sun Microsystems and acquired the rights to Java, it sued Google in 2010, saying that Google infringed copyrights and patents related to Java. The case went to trial in 2012. Oracle initially lost but had part of its case revived on appeal. The sole issue in the second trial was whether Google infringed the APIs in Java, which the appeals court held are copyrighted. In May, a jury found in Google's favor after a second trial, stating that Google's use of the APIs was protected by "fair use." Oracle's appeal is no surprise, but it will be a long shot. The four-factor "fair use" test is a fairly subjective one, and Oracle lawyers will have to argue that the jury's unanimous finding must be overturned. There are various ways a jury could arrive at the conclusion that Google was protected by fair use. The case will go back to the Federal Circuit, the same appeals court that decided APIs could be copyrighted in the first place. That decision overruled U.S. District Judge William Alsup, the lower court judge, and was extremely controversial in the developer community. However, the same decision that insisted APIs can be copyrighted clearly held the door open to the idea that "fair use" might apply. Unless Oracle pulls off a stunning move on appeal, its massive legal expenditures in this case will be for naught.

An anonymous Slashdot reader quotes InfoWorld: Java applications will get faster startup times thanks to a formal proposal to include ahead-of-time compilation in the platform. The draft Java Development Kit proposal, authored by Vladimir Kozlov, principal technical staff member at Oracle, is targeted for inclusion in Java 9, which is expected to be available next summer. "We would love to see this make it into JDK 9, but that will of course depend on the outcome of the OpenJDK process for this JDK Enhancement Proposal," said Georges Saab, vice president of software development in the Java platform group at Oracle, on Thursday. Ahead-of-time compilation has been a stated goal for Java 9 to address the issue of slow startup...

The proposal summary notes that Java classes would be compiled to native code prior to launching the virtual machine. The ultimate goal is to improve the startup time of small or large Java applications while having "at most" a limited impact on peak performance and minimizing changes to the user workflow.
Tests indicates some applications perform better while some actually perform worse, so it's being proposed as an opt-in feature where dissatisfied users "can just rebuild a new JDK without ahead-of-time libraries."

An anonymous reader quotes a report from Bloomberg: Moscow city will replace Microsoft Corp. programs with domestic software on thousands of computers in answer to President Vladimir Putin's call for Russia's authorities to reduce dependence on foreign technology amid tensions with the U.S. and Europe. The city will initially replace Microsoft's Exchange Server and Outlook on 6,000 computers with an e-mail system installed by state-run carrier Rostelecom PJSC, Artem Yermolaev, head of information technology for Moscow, told reporters Tuesday. Moscow may expand deployment of the new software, developed by Russia's New Cloud Technologies, to as many as 600,000 computers and servers, and may also consider replacing Windows and Office, Yermolaev said. Putin is urging state entities and local companies to go domestic amid concerns over security and reliability after U.S. firms shut down paid services in Crimea following Russia's 2014 annexation. The plan poses a challenge to the likes of Microsoft, SAP SE and Oracle Corp. in the country's $3 billion software market. Adding to pressure, Putin's internet czar German Klimenko wants to raise taxes on U.S. technology companies to help Russian competitors such as Yandex NV and Mail.ru Group Ltd.

An anonymous reader quotes a report from Ars Technica: The federal judge who presided over the Google-Oracle API copyright infringement trial excoriated one of Oracle's lawyers Thursday for disclosing confidential information in open court earlier this year. The confidential information included financial figures stating that Google generated $31 billion in revenue and $22 billion in profits from the Android operating system in the wake of its 2008 debut. The Oracle attorney, Annette Hurst, also revealed another trade secret: Google paid Apple $1 billion in 2014 to include Google search on iPhones. Judge William Alsup of San Francisco has been presiding over the copyright infringement trial since 2010, when Oracle lodged a lawsuit claiming that Google's Android operating system infringed Oracle's Java APIs. After two trials and various trips to the appellate courts, a San Francisco federal jury concluded in May that Google's use of the APIs amounted to fair use. Oracle's motion before Alsup for a third trial is pending. Oracle argues that Google tainted the verdict by concealing a plan to extend Android on desktop and laptop computers. As this legal saga was playing out, Hurst blurted out the confidential figures during a January 14 pre-trial hearing, despite those numbers being protected by a court order. The transcript of that proceeding has been erased from the public record. But the genie is out of the bottle. Google lodged a motion (PDF) for sanctions and a contempt finding against Hurst for unveiling a closely guarded secret of the mobile phone wars. During a hearing on that motion Thursday, Judge Alsup had a back-and-forth with Hurst's attorney, former San Francisco U.S. Attorney Melinda Haag. According to the San Francisco legal journal The Recorder, Haag said that her client Hurst -- of the law firm Orrick, Herrington and Sutcliffe -- should not be sanctioned because of "one arguable mistake made through the course of a very complex litigation."

Oracle has unveiled its second generation of cloud infrastructure for third-party developers to run their applications in Oracle data centers. What is interesting about the announcement is that Oracle co-founder and chief technology officer Larry Ellison claiming that "Amazon's lead is over. Amazon's going to have serious competition going forward." From a VentureBeat report: One particular instance, or virtual-machine (VM) type, that Oracle is making available in this second-generation offering -- the Dense IO Shape -- offers 28.8TB, 512GB, and 36 cores, at a price of $5.40 per hour. This product offers more than 10 times the input-output capacity of Amazon Web Services (AWS), specifically the i2.8xlarge instance, said Ellison. Currently, AWS leads the cloud infrastructure market, with Microsoft Azure, Google Cloud Platform, and IBM trailing behind. Oracle's public cloud was not included in the most recent version of Gartner's highly regarded cloud infrastructure as a service (IaaS) Magic Quadrant, which was released last month. "Oracle also does not have enough market share to qualify for inclusion," the authors of the report wrote.

An anonymous Slashdot reader quotes InfoWorld: Venerable open source Java IDE NetBeans would move from Oracle's jurisdiction to the Apache Software Foundation under a proposal... endorsed by Java founder James Gosling, a longtime fan of the IDE. Moving NetBeans to a neutral venue like Apache, with its strong governance model, would help the project attract more contributions from various organizations, according to the proposal posted in the Apache wiki.

"Large companies are using NetBeans as an application framework to build internal or commercial applications and are much more likely to contribute to it once it moves to neutral Apache ground," the proposal says. While Oracle will relinquish its control over NetBeans under the proposal, individual contributors from Oracle are expected to continue contributing to the project.
On Facebook, Gosling posted the proposal meant "folks like me can more easily contribute to our favorite IDE. The finest IDE in existence will be getting even better, faster!" InfoWorld reports that when aked if Oracle had neglected NetBeans, Gosling said, "Oracle didn't single out NetBeans for neglect, they neglect everything... I'm thrilled that the NetBeans community will now be able to chart its own course."