rastos1 writes: Oracle has announced the general availability of Java SE 9 (JDK 9), Java Platform Enterprise Edition 8 (Java EE 8) and the Java EE 8 Software Development Kit (SDK). JDK 9 is a production-ready implementation of the Java SE 9 Platform Specification, which was recently approved together with Java EE 8 in the Java Community Process (JCP). Java SE 9 provides more than 150 new features, including a new module system and improvements that bring more scalability, improved security, better performance management and easier development to the world's most popular programming platform.

Oracle went on the offensive again versus Amazon.com this week with a new cloud pricing plan that gives discounts to Oracle database customers who move their databases to the cloud. From a report: Chairman and Chief Technology Officer Larry Ellison said during an event at its Redwood City, California headquarters that while Oracle has matched Amazon Web Services for base-level computing, storage and networking services known as infrastructure as a service, it's now moving to make higher-level cloud services such as databases and analytics cheaper than AWS's. Actually, Ellison claimed that Oracle's infrastructure runs faster and therefore ends up costing less, but it's clear that the company is focusing more on its traditional strengths one tier up from the infrastructure: so-called platform as a service offerings such as the Oracle Database. Oracle said it will allow customers to move their existing licenses for databases, middleware and analytics to Oracle's platform services, just as they've allowed them to bring licenses to its infrastructure before.

Oracle has chosen the Eclipse Foundation to be the new home of the Java Platform Enterprise Edition (Java EE), the company announced this week. Oracle made the decision in collaboration with IBM and Red Hat, the two other largest contributors to the platform. From a report: "The Eclipse Foundation has strong experience and involvement with Java EE and related technologies," wrote Oracle software evangelist David Delabassee in a blog post. This will help us transition Java EE rapidly, create community-friendly processes for evolving the platform, and leverage complementary projects such as MicroProfile. We look forward to this collaboration." Mike Milinkovich, executive director of the Eclipse Foundation, is optimistic about this move, which he said is exactly what the enterprise Java needs and what the community has been hoping for.

Simon Sharwood, reporting for the Register: Soon-to-be-former Oracle staff report that the company made hundreds of layoffs last Friday, as predicted by El Reg, with workers on teams covering the Solaris operating system, SPARC silicon, tape libraries and storage products shown the door. Oracle's media relations agency told The Register: "We decline comment." However, Big Red's staffers are having their say online, in tweets such as the one below. "For real. Oracle RIF'd most of Solaris (and others) today," an employee said. A "RIF" is a "reduction in force", Oracle-speak for making people redundant (IBM's equivalent is an "RA", or "resource action"). Tech industry observer Simon Phipps claims "~all" Solaris staff were laid off. "For those unaware, Oracle laid off ~ all Solaris tech staff yesterday in a classic silent EOL of the product."

An anonymous reader quotes InfoWorld: Now that Oracle wants to turn over leadership of enterprise Java's (Java EE's) development to a still-unnamed open source foundation, might the same thing happen with the standard edition of Java (Java SE) that Oracle also controls? Such a move could produce substantial benefits... Oracle said it has no plans to make such a move. But the potential fruits of a such a move are undeniable.

For one, a loosening of Oracle's control could entice other contributors to Java to participate more... [W]ith the current Oracle-dominated setup, other companies and individuals could be reluctant to contribute a lot if they see it as benefiting a major software industry provider -- and possible rival -- like Oracle... Indeed, the 22-year-old language and platform could be given a whole new lease on life, if the open source community rises to the occasion and boosts participation...

Despite the potential to grow Java SE by ceding control, Oracle seems content to hold on to its place as the steward of JDK development. But that could change given the tempestuous relationship Oracle has with parts of the Java community. Oracle has been at loggerheads with the community over both Java SE and Java EE... Oracle may at some point decide it is easier to just cede control rather than having to keep soothing the ruffled feathers that keep occurring among its Java partners.

Shaun Nichols, reporting for The Register: Oracle is starting layoffs that will hit its hardware division, The Register has learned. Current and some soon-to-be former staffers have whispered that the database giant is shipping out packages containing the paperwork for ending their employment. The workers have received alerts from FedEx that the packages, which will need to be signed for, are en route for a September 1 delivery. "One of my co-workers emailed that he received a notification from FedEx of a label created by Oracle America, Inc," writes one anonymous employee. "I just checked and a label has been created for my home address. This is in the US. Looks like Friday is it for Sparc MicroElectronics." The layoffs are hardly a surprise, given the performance of Oracle's hardware unit as of late. In the last financial year, Oracle reported hardware revenues of $4.15bn. By comparison, in 2016 the unit logged hardware revenues of $4.67bn. In 2015 it was $5.2bn, and 2014 saw $5.37bn.

An anonymous reader quotes InfoWorld: To shore up Java's security, a private group that operates outside the normal open source community process is under consideration. The proposed OpenJDK Vulnerability Group would provide a secure, private forum in which trusted members of the community receive reports on vulnerabilities in code bases and then review and fix them... The vulnerability group and Oracle's internal security teams would work together, and it may occasionally need to work with external security organizations.

Due to the sensitive nature of its work, membership in the group would be more selective, there would be a strict communication policy, and members or their employers would need to sign both a nondisclosure and a license agreement, said Mark Reinhold, chief architect of the Java platform group at Oracle. "These requirements do, strictly speaking, violate the OpenJDK bylaws," Reinhold said. "The governing board has discussed this, however, and I expect that the board will approve the creation of this group with these exceptional requirements." If the Java security group is approved, Andrew Gross, leader of Oracle's internal Java vulnerability team, would lead it.

An anonymous reader quotes InfoWorld: Oracle wants to end its leadership in the development of enterprise Java and is looking for an open source foundation to take on the role. The company said Thursday that the upcoming Java EE (Enterprise Edition) 8 presents an opportunity to rethink how the platform is developed. Although development is done via open source with community participation, the current Oracle-led process is not seen as agile, flexible, or open enough. "We believe that moving Java EE technologies to an open source foundation may be the right next step, to adopt more agile processes, implement more flexible licensing and change the governance process," Oracle said in a statement...

Despite its desire to retreat from Java EE leadership, Oracle said it plans to continue participating in the evolution of Java EE technologies. "But we believe a more open process, that is not dependent on a single vendor as platform lead, will encourage greater participation and innovation, and will be in best interests of the community"... Oracle's goals for offloading Java EE would have Oracle not lead the project as it still effectively does with Java SE.
Red Hat's senior principal product manager called this "a very positive move," while Eclipse's executive director said that moving Java EE to a vendor-neutral open source foundation "would be great for both the platform and the community," adding "If asked to so, the Eclipse Foundation would be pleased to serve as the host organization."

"The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016," reports BleepingComputer. An anonymous reader writes: The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers.

Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5 [of this PDF], researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

An anonymous reader shares a report: Big Red has changed its database release cycle, scrapping names that see decimal points and numbers added on for an indeterminate amount of time, instead plumping for annual releases numbered by the year. So what would have been Oracle Database 12.2.0.2 will now be Oracle Database 18; 12.2.0.3 will come out a year later, and be Oracle Database 19. The approach puts Oracle only about 20 years behind Microsoft in adopting a year-based naming convention (Microsoft still uses years to number Windows Server, even though it stopped for desktop versions when it released XP). [...] Well, Big Red will surely be using the revamp as a way to boost sales of database licences -- a crucial part of its business -- which have been in decline for two years running. In fiscal 2016, Oracle reported a 12 per cent drop in annual sales of new software licences, and its most recent results for fiscal 2017 revealed a further 5 per cent drop. And, for all that Oracle has shouted about its cloudy success of late, it isn't yet a major money-maker for the biz. New software license sales make up a quarter of overall revenue, while support for that software makes up a further 45 per cent. In part, the new numbering will be a handy marketing ploy. Rather than playing with the decimal points, a release with a new whole number could be an attempt to give the impression of agility in the face of younger, fresher competitors. Meanwhile, fewer patches and releases on each system also allows Oracle to know more quickly, and more accurately, what security features each customer has. The annual numbering system is also a very simple way of telling you your system is old.

Apple, Google and Microsoft are sitting on a mountain of cash -- and most of it is stashed far away from the taxman. Those three tech behemoths held a total of $464 billion in cash at the end of last year, according to a Moody's report published this week. From a report: Apple alone had a stunning quarter-trillion dollars of cash thanks to years of gigantic profits and few major acquisitions. That's enough money to buy Netflix three times. It's also more cash than what's sitting on the balance sheet of every major industry except tech and health care. All told, non-financial U.S. companies studied by Moody's hoarded $1.84 trillion of cash at the end of last year. That's up 11% from 2015 and nearly two and a half times the 2008 level. Roughly $1.3 trillion -- 70% of the total -- is being held overseas, where the money isn't subject to U.S. taxes. Apple, Google owner Alphabet, Microsoft, Cisco, and Oracle hold 88% of their cash overseas. Moody's said the tower of money stashed abroad reflects the "negative tax consequences of permanently repatriating money to the U.S."

An anonymous reader quotes InfoWorld:With a new round of voting completed this week, the Java Community Process Executive Committee passed by a 24-0 vote the Java Platform Module System public review ballot, the subject of Java Specification Request 376. In May, the same group, citing concerns over the plan being disruptive and lacking consensus, voted the measure down, 13 to 10... Red Hat, which voted no on the previous ballot but abstained from the latest one, said there were still several items in the current proposal that it wanted further work on. "However, we do not want to delay the Java 9 release," Red Hat said. Getting "real world" feedback on the modularity system will be key to determine where further changes need to occur, Red Hat said. The Eclipse Foundation, Hazelcast, and Twitter, all of which voted no previously and yes this time around, cited sufficient progress with modularity.
Java 9 is still slated for release on September 21st.

msm1267 writes: Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors made patches available Monday, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.

The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system. They would now be able to chain this vulnerability with other critical issues, including the recently addressed Sudo vulnerability, and then run arbitrary code with the highest privileges, said researchers at Qualys who discovered the vulnerability.

An anonymous reader quotes InfoWorld: Java 9 won't be released on July 27 after all. Oracle has proposed that Java 9 Standard Edition be delayed until September 21 so the open source community that is finalizing Java 9 can address the ongoing controversy over a planned but later rejected approach to modularity, said Georges Saab, vice president of software development in the Java platform group at Oracle and chairman of the OpenJDK governing board...

The [Java Platform Module System] measure was sent back to the proposal's expert group for further discussion. Since then, the group has reached consensus on addressing the modularity concerns, Saab said. But they cannot rework Java 9 in time for the original July 27 release date... If the revised JSR 376 approved, as expected, work can proceed on implementing it in the official version of Java 9 SE. This setback for Java 9s upcoming upgrade, however, should just be temporary, with Oracle expecting a more rapid cadence of Java SE releases going forward, Saab said.

The legendary computer scientist and founder of Java, James Gosling, is joining forces with Amazon Web Services. Gosling made the announcement today on Facebook saying that he's "starting a new Adventure" with the cloud computing juggernaut as a Distinguished Engineer. GeekWire reports: Gosling wrote Java, one of the most widely used programming languages in the history of computing, while at Sun Microsystems in the early 1990s. After leaving Sun following its acquisition by Oracle, Gosling did a short stint at Google before settling in for almost six years at Liquid Robotics, which is working on an autonomous boat called the Wave Glider. He likely ruffled a few feathers in Seattle last year after speaking out about fears of cloud vendor lock-in. "You get cloud providers like Amazon saying: 'Take your applications and move them to the cloud.' But as soon as you start using them you're stuck in that particular cloud," he said at IP Expo according to The Inquirer, echoing the sentiment of some skeptical IT organizations burned by enterprise vendors in the past.

An anonymous reader quotes a report from Ars Technica: In its continued efforts to make Azure a platform that appeals to the widest range of developers possible, Microsoft announced a range of new features at Build, its annual developer conference. Many of the features shown today had a data theme to them. The most novel feature was the release of Cosmos DB, a replacement for, or upgrade to, Microsoft's Document DB NoSQL database. Cosmos DB is designed for "planet-scale" applications, giving developers fine control over the replication policies and reliability. Replicated, distributed systems offer trade-offs between latency and consistency; systems with strong consistency wait until data is fully replicated before a write is deemed to be complete, which offers consistency at the expense of latency. Systems with eventual consistency mark operations as complete before data is fully replicated, promising only that the full replication will occur eventually. This improves latency but risks delivering stale data to applications. Document DB offered four different options for the replication behavior; Cosmos DB ups that to five. The database scales to span multiple regions, with Microsoft offering service level agreements (SLAs) for uptime, performance, latency, and consistency. There are financial penalties if Microsoft misses the SLA requirements. Many applications still call for traditional relational databases. For those, Microsoft is adding both a MySQL and a PostgreSQL service; these provide the familiar open source databases in a platform-as-a-service style, removing the administrative overhead that comes of using them and making it easier to move workloads using them into Azure. The company is also offering a preview of a database-migration service that takes data from on-premises SQL Server and Oracle databases and migrates it to Azure SQL Database. Azure SQL Database has a new feature in preview called "Managed Instances" that offers greater compatibility between on-premises SQL Server and the cloud variant, again to make workload migration easier.

An anonymous reader quotes The Hill: Oracle voiced support on Friday for FCC Chairman Ajit Pai's controversial plan to roll back the agency's net neutrality rules. In a letter addressed to the FCC, the company played up its "perspective as a Silicon Valley technology company," hammering the debate over the rules as a "highly political hyperbolic battle," that is "removed from technical, economic, and consumer reality"... Oracle wrote in their letter [PDF] that they believe Pai's plan to remove broadband providers from the FCC's regulatory jurisdiction "will eliminate unnecessary burdens on, and competitive imbalances for, ISPs [internet service providers] while enhancing the consumer experience and driving investment"... Other companies in support of Pai's plan, like AT&T and Verizon, have made the argument that the rules stifled investment in the telecommunications sector, specifically in broadband infrastructure.
Cisco has also argued that strict net neutrality laws on ISPs "restrict their ability to use innovative network management technology, provide appropriate levels of quality of service, and deliver new features and services to meet evolving consumer needs. Cisco believes that allowing the development of differentiated broadband products, with different service and content offerings, will enhance the broadband market for consumers."

An anonymous reader quotes InfoWorld: The next edition of standard Java had been proceeding toward its planned July 27 release after earlier bumps in the road over modularity. But now Red Hat and IBM have opposed the module plan. "JDK 9 might be held up by this," Oracle's Georges Saab, vice president of development for the Java platform, said late Wednesday afternoon. "As is the case for all major Java SE releases, feedback from the Java Community Process may affect the timeline..."

Red Hat's Scott Stark, vice president of architecture for the company's JBoss group, expressed a number of concerns about how applications would work with the module system and its potential impact on the planned Java Enterprise Edition 9. Stark also said the module system, which is featured in Java Specification Request 376 and Project Jigsaw, could result in two worlds of Java: one for Jigsaw and one for everything else, including Java SE classloaders and OSGI. Stark's analysis received input from others in the Java community, including Sonatype.
"The result will be a weakened Java ecosystem at a time when rapid change is occurring in the server space with increasing use of languages like Go," Stark wrote, also predicting major challenges for applications dealing with services and reflection. His critique adds that "In some cases the implementation...contradicts years of modular application deployment best practices that are already commonly employed by the ecosystem as a whole." And he ultimately concludes that this effort to modularize Java has limitations which "almost certainly prevent the possibility of Java EE 9 from being based on Jigsaw, as to do so would require existing Java EE vendors to completely throw out compatibility, interoperability, and feature parity with past versions of the Java EE specification."

An anonymous reader writes: Oracle sought to position itself once again this week as the best place for everything companies need to move to cloud computing. On Thursday, executives at the database and business software giant distanced Oracle from public cloud leaders such as Amazon Web Services, Google Cloud Platform and Microsoft Azure that provide computing, storage and other services to corporations looking to reduce or eliminate their data centers. "Our cloud is more comprehensive than any other cloud in the market today, a full end-to-end cloud," said David Donatelli, Oracle's executive vice president of converged infrastructure. "We design from the chip all the way up to the application, fully vertically integrated." What's interesting about that messaging, which Oracle has been refining since at least its OpenWorld conference last September, is not simply the competitive positioning. Oracle is essentially saying that the nature of cloud computing suggests customers need to move away from the notion that has dominated information technology since personal computers and PC-based servers began to displace mainframes and minicomputers: cherry-picking the best applications and hardware and cobbling together their own IT setups. In short, Oracle contends, it's time for another broad swing back to the integrated, uber-suppliers of a bygone era of technology. Of course, the new tech titans such as Google, Facebook and Amazon arguably wield as much power in their particular domains of advertising and e-commerce as the Big Blue of old. But it has been a long time since a soup-to-nuts approach has worked for enterprise tech companies, and for those few still attempting it, such as Dell and Oracle, it's far from obvious it will work. The cloud, Oracle contends, may well change that.

Stack Overflow data scientist David Robinson recently calculated when people visit the popular programming question-and-answer site, but then also calculated whether those results differed by programming language. Quoting his results:

• "C# programmers start and stop their day earlier, and tend to use the language less in the evenings. This might be because C# is often used at finance and enterprise software companies, which often start earlier and have rigid schedules."
• "C programmers start the day a bit later, keep using the language in the evening, and stay up the longest. This suggests C may be particularly popular among hobbyist programmers who code during their free time (or perhaps among summer school students doing homework)."
• "Python and Javascript are somewhere in between: Python and Javascript developers start and end the day a little later than C# users, and are a little less likely than C programmers to work in the evening."

The site also released an interactive app which lets users see how the results for other languages compared to C#, JavaScript, Python, and C, though of those four, "C# would count as the 'most nine-to-five,' and C as the least."

And they've also calculated the technologies used most between 9 to 5 (which "include many Microsoft technologies, such as SQL Server, Excel, VBA, and Internet Explorer, as well as technologies like SVN and Oracle that are frequently used at enterprise software companies.") Meanwhile, the technologies most often used outside the 9-5 workday "include web frameworks like Firebase, Meteor, and Express, as well as graphics libraries like OpenGL and Unity. The functional language Haskell is the tag most visited outside of the workday; only half of its visits happen between 9 and 5."