New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."

An anonymous reader writes: The Crown Commercial Service (CCS) has signed a deal with Oracle that should allow it to cut down on spending and licensing costs with the software provider. The three-year partnership will see the two collaborate to deliver services to public sector bodies including the National Health Service. A few weeks ago the government announced it would be cutting back on its use of Oracle software, but the new deal instead extends the existing agreement. CCS CEO Sally Collier explained: "The enhanced MoU will deliver savings across government and allow easier and more effective procurement of Oracle products and services. It lays the foundation of a more collaborative relationship between government and Oracle."

itwbennett writes: Oracle made a request late last month to broaden its case against Android. Now, claiming that 'Android has now irreversibly destroyed Java's fundamental value proposition as a potential mobile device operating system,' Oracle on Wednesday filed a supplemental complaint in San Francisco district court that encompasses the six Android versions that have come out since Oracle originally filed its case back in 2010: Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, Kit Kat and Lollipop.

This is a conversation Tim Lord had with Tim O'Reilly at OSCON. Tim O'Reilly wrote an article titled "The WTF Economy,", which started with these words: "WTF?! In San Francisco, Uber has 3x the revenue of the entire prior taxi and limousine industry." He talks about Uber and AirbnB and how, with real-time measurement of customer demand, "The algorithm is the new shift boss." And then there is this question: "What is the future when more and more work can be done by intelligent machines instead of people, or only done by people in partnership with those machines?"

My (late) father was an engineer. Politically, you could have called him a TechnoUtopian. He believed -- along with most of his engineer, ham radio, and science fiction writer and reader friends -- that as machines took over the humdrum tasks, humans would work less and create more. O'Reilly seems to have similar beliefs, even though (unlike my father) he's seen the beginnings of an economy with self-driving cars and trucks, factory machines that don't need humans to run them, and many other changes the 1950s and 1960s futurists didn't expect to see until we had flying cars and could buy tickets on Pan Am flights to the moon. Listening to these conversations, I remember my father's dreams, but O'Reilly isn't as optimistic as a full-blown TechnoUtopian. He takes a "Something's happening here; what it is ain't exactly clear" view of how work (and pay for work) will change in the near future. Please note that Tim O'Reilly has been called "The Oracle of Silicon Valley," so he's totally worth watching -- or reading, if that's your preferred method of taking in new information.

NOTE: Today we have a "main video," plus a "bonus video" that is viewable only with Flash. But we have a transcript that covers both of them. Enjoy!

florin writes: Oracle chief security officer Mary Ann Davidson published a most curious rant on the company's corporate blog yesterday, addressing and reprimanding some pesky customers that just will not stop bothering her. As Mary put it: "Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it." She goes on to describe how the company deals with such shameful activities, namely that "We send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer's behalf — reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already."

Later on, in a section intended to highlight how great a job Oracle itself was doing at finding vulnerabilities, the CSO accidentally revealed that customers are in fact contributing a rather significant 1 out of every 10 vulnerabilities: "Ah, well, we find 87 percent of security vulnerabilities ourselves, security researchers find about 3 percent and the rest are found by customers." Unsurprisingly, this revealing insight into the company's regard for its customers was removed later. But not before being saved for posterity.

jfruh writes: The U.K. Cabinet Office has reportedly asked government departments and agencies to try to find ways to end their reliance on Oracle software, a move motivated by the truly shocking number of Oracle licenses currently being paid for by the British taxpayer. The Department for Environment, Food and Rural Affairs alone has paid £1.3 million (US$2 million) per year for some 2 million Oracle licenses, or about 200 licenses per staff member.

jfruh writes: Of the many things Oracle acquired when it absorbed Sun, the SPARC processors have not exactly been making headlines. But that may change next month when the company debuts a new, lower-cost chip that will compete with Intel's Xeon. "Debut," in this case, means only an introduction, though -- not a marketplace debut. From the article: [T]he Sparc M7 will have technologies for encryption acceleration and memory protection built into the chip. It will also include coprocessors to accelerate database performance. "The idea of Sonoma is to take exactly those same technologies and bring them down to very low cost points, so that people can use them in cloud computing and for smaller applications, and even for smaller companies who need a lower entry point," [Oracle head of systems John] Fowler said. ... [Fowler] didn’t talk about prices or say how much cheaper the new Sparc systems will be, and it could potentially be years before Sonoma comes to market—Oracle isn’t yet saying. Its engineers are due to discuss Sonoma at the Hot Chips conference in Silicon Valley at the end of the month, so we might learn more then.

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

An anonymous reader writes: A consultant claims that Oracle has adopted the widespread use of 'breach notices' this year to force existing enterprise customers to adopt its newly-bolstered range of cloud services, or else be told to stop using all Oracle software within thirty days. Speaking to Business Insider, the unnamed source described the tactic as a 'nuclear option' which is now practically the default when the need to add services or users to an existing contract triggers an 'audit' by Oracle. An ex-Oracle contract negotiator who now works in the ever-expanding business niche of 'Oracle contract negotiation' commented 'Internally, the water cooler gossip there is that they've never seen this kind of aggression before. Oracle has really dialed it up. Customers are buying cloud services to make the Oracle issue go away, not because they have any intention of using cloud services.'

Nerval's Lobster writes: Simon Hughes, Dice's Chief Data Scientist, has put together an experimental visualization that explores how tech skills relate to one another. In the visualization, every circle or node represents a particular skill; colors designate communities that coalesce around skills. Try clicking "Java", for example, and notice how many other skills accompany it (a high-degree node, as graph theory would call it). As a popular skill, it appears to be present in many communities: Big Data, Oracle Database, System Administration, Automation/Testing, and (of course) Web and Software Development. You may or may not agree with some relationships, but keep in mind, it was all generated in an automatic way by computer code, untouched by a human. Building it started with Gephi, an open-source network analysis and visualization software package, by importing a pair-wise comma-separated list of skills and their similarity scores (as Simon describes in his article) and running a number of analyses: Force Atlas layout to draw a force-directed graph, Avg. Path Length to calculate the Betweenness Centrality that determines the size of a node, and finally Modularity to detect communities of skills (again, color-coded in the visualization). The graph was then exported as an XML graph file (GEXF) and converted to JSON format with two sets of elements: Nodes and Links. "We would love to hear your feedback and questions," Simon says.

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.

itwbennett writes: At the company's shareholder meeting on Wednesday, Yahoo CEO Marissa Mayer announced a partnership with Oracle that could result in Yahoo becoming your default search provider in your browser. Starting this month, when users are prompted to update to the next version of Java, they'll be asked to make Yahoo their default search engine on Chrome (and Internet Explorer, for what it's worth). And, according to a Wall Street Journal report, the button will be checked by default, so if you aren't looking out for it, you might unwittingly find yourself a Yahoo user.

msm1267 writes: The US Navy posted a RFP, which has since removed from FedBizOpps.gov, soliciting contractors to share vulnerability intelligence and develop zero day exploits for most of the leading commercial IT software vendors. The Navy said it was looking for vulnerabilities, exploit reports and operational exploit binaries for commercial software, including but not limited to Microsoft, Adobe, [Oracle] Java, EMC, Novell, IBM, Android, Apple, Cisco IOS, Linksys WRT and Linux, among others. The RFP seemed to indicate that the Navy was not only looking for offensive capabilities, but also wanted use the exploits to test internal defenses.The request, however, does require the contractor to develop exploits for future released CVEs. "Binaries must support configurable, custom, and/or government owned/provided payloads and suppress known network signatures from proof of concept code that may be found in the wild," the RFP said.

AmiMoJo writes: Leicestershire Police have announced that they will be scanning every face at the popular UK Download music festival. The announcement article on Police Oracle (paywalled) reads, "the strategically placed cameras will scan faces at the Download Festival site in Donington before comparing it with a database of custody images from across Europe." The stated goal is to catch mobile phone thieves. Last year only 91 of the 120,000 visitors to the festival were arrested, and it isn't clear if the data will be deleted once checked against the database. The linked article provides at least one image of a costume that would probably trip up any facial recognition technology yet devised.

New submitter nerdpocalypse writes: In a larger battle than even Godzilla v. Mothra, Google v. Oracle threatens not only Japan but the entire nerd world. What is at stake is how a language can be [copyrighted]. This affects not just programming languages, APIs, and everything that runs ... well ... everything, but also the copyright status of new languages such as Klingon and Dothraki.

New submitter Areyoukiddingme writes: The Solicitor General of the Justice Department has filed a response to the US Supreme Court's solicitation of advice regarding the Google vs. Oracle ruling and subsequent overturning by the Federal Circuit. The response recommends that the Federal Circuit ruling stand, allowing Oracle to retain copyright to the Java API.

jfruh writes: Java made its public debut twenty years ago today, and despite a sometimes bumpy history that features its parent company being absorbed by Oracle, it's still widely used. Mark Reinhold, chief architect for the Oracle's Java platform group, offers one explanation for its continuing popularity: it's easy for humans to understand it at a glance. "It is pretty easy to read Java code and figure out what it means. There aren't a lot of obscure gotchas in the language ... Most of the cost of maintaining any body of code over time is in maintenance, not in initial creation."

Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.

SpzToid writes: Following up on an earlier Slashdot story, the Oracle Corporation has filed a rather timely suit against five of former governor John Kitzhaber's staff for their "improper influence" in the decision to shutter the Cover Oregon healthcare website, while blaming Oracle to defuse the political consequences. Oracle argues the website was ready to go before the state decided to switch to the federal exchange in April.

"The work on the exchange was complete by February 2014, but going live with the website and providing a means for all Oregonians to sign up for health insurance coverage didn't match the former-Governor's re-election strategy to 'go after' Oracle," Oracle spokeswoman Deborah Hellinger said in a statement.

Kitzhaber resigned last week amid criminal probes into an influence-peddling scandal involving allegations that his fiancée used her position in his office for personal gain.

jfruh (300774) writes "Sun Microsystems vanished into Oracle's maw five years ago this month, and you could be forgiven for thinking that some iconic Sun products, like SPARC chips, had been cast aside in the merger. But Oracle claims that the SPARC roadmap is moving forward more quickly than it did under Sun, and while the number of SPARC systems sold has dropped dramatically (from 66,000 in Q1 '03 to 7,000 in Q1 '14), the systems that are being sold are fully customized and much more profitable for the company."