An anonymous reader writes: Moody's Investors Service released an analysis Friday that shows Apple, Microsoft, Alphabet, Cisco Systems, and Oracle are sitting on $504 billion, which is roughly 30% of the $1.7 trillion in cash and cash equivalents held by U.S. non-financial companies in 2015. Almost all of their earnings ($1.2 trillion) are stashed overseas in an effort to avoid paying taxes on moving profits back to the U.S. under the country's complex tax code. Apple has more than 90 percent of its money located outside of the U.S., according to its most recent filings. Moody's said in its report that "we expect that overseas cash balances will continue to grow unless tax laws are changed to encourage companies to repatriate money." Some of the other tech and Silicon Valley companies in the top 50 include Intel, Gilead Sciences, Facebook, Amazon, Qualcomm, eBay, Hewlett-Packard and Yahoo.

Alphabet CEO Larry Page says his company never considered getting permission from Oracle for using the latter's Java APIs in Android. Page, who appeared in a federal court, said Java APIs are open and free, which warrants them or anyone to use it without explicit permission from Oracle. From an Ars Technica report (edited for clarity): "But you did copy the code and copy the structure, sequence, and organization of the APIs?" Oracle attorney Peter Bicks asked, raising his voice. "I don't agree with 'copy code,'" Page said. "For me, declaring code is not code," Page said. "Have you paid anything to Oracle for using that intellectual property?" Bicks asked. "When Sun established Java, they established it as an open source thing," Page said. "I believe the APIs we used were pretty open. No, we didn't pay for the free and open things." [...] "Was Google seeking a license for Java?" Google lawyer Robert Van Nest asked. "Yes, and a broader deal around other things, like branding and cooperation," Page said. "After discussions with Sun broke off, did you believe Google needed a license for APIs?" Van Nest asked. "No, I did not believe that," Page said. "It was established industry practice that the API and just the headers of those things could be taken and re-implemented. [It must be done] very carefully, not to use any existing implementation of those systems. That's been done many, many times. I think we acted responsibly and carefully around these intellectual property issues."

theodp writes: The problem with Oracle v. Google," explains Motherboard's Sarah Jeong, "is that everyone actually affected by the case knows what an API is, but the whole affair is being decided by people who don't, from the normals in the jury box to the normals at the Supreme Court." Which has Google's witnesses "really, really worried that the jury does not understand nerd shit." Jeong writes, "Eric Schmidt sought to describe APIs and languages using power plugs as an analogy. Jonathan Schwartz tried his hand at explaining with 'breakfast menus,' only to have Judge William Alsup respond witheringly, 'I don't know what the witness just said. The thing about the breakfast menu makes no sense.'

"Schwartz's second attempt at the breakfast menu analogy went much better, as he explained that although two different restaurants could have hamburgers on the menu, the actual hamburgers themselves were different -- the terms on the menu were an API, and the hamburgers were implementations." And Schwarz's explanation that the acronym GNU stands for 'GNU is Not Unix' drew the following exchange: "The G part stands for GNU?" Alsup asked in disbelief. "Yes," said Schwartz on the stand. "That doesn't make any sense," said the 71-year-old Clinton appointee.

An anonymous reader cites a story on Ars Technica: Maintainers of the OpenSSL cryptographic library have patched high-severity holes that could make it possible for attackers to decrypt login credentials or execute malicious code on Web servers. The updates were released Tuesday morning for both versions 1.0.1 and 1.0.2 of OpenSSL, which a large portion of the Internet relies on to cryptographically protect sensitive Web and e-mail traffic using the transport layer security protocol. OpenSSL advisories labeled the severity of both vulnerabilities "high," meaning the updates fixing them should be installed as soon as possible. The fixes bring the latest supported versions to 1.0.1t and 1.0.2h. The decryption vulnerability is the result of what cryptographers call a padding oracle weakness, which allows attackers to repeatedly probe an encrypted payload for clues about the plaintext content inside. According to TLS expert Filippo Valsorda, the bug allows for only 16 bytes of encrypted traffic to be recovered, and even then only when an end user sends it repeatedly.

snydeq writes: InfoWorld's Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing, pushing customers to "true up" to the tune of billions of dollars per year -- and using the threat of audits as a sales tool to close lucrative deals. "When it comes to software audits, the code of omerta prevails," Tynan writes. "It's not a question of whether your organizations' software licenses will get audited. It's only a question of when, how often, and how painful the audits will be. The shakedown is such a sure thing that nearly every customer we contacted asked us to keep their names out of this story, lest it make their employers a target for future audits."

An anonymous reader writes: Oracle has released the April 2016 Critical Patch Update, which provides fixes for 136 vulnerabilities in 49 products, including Java SE and MySQL, the company's Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company advised.

Google now faces more competition charges in the European Union. The EU has accused Google of skewing the market against competitors with its Android mobile operating system. The 28-member state bloc's antitrust commissioner concluded in a preliminary decision that the search giant has abused its dominant position in the market by imposing restrictions on Android device makers. "What we found is that Google pursues an overall strategy on mobile devices to protect and expand its dominant position in internet search," said Margrethe Vestager, the EU competition chief. "The commission is concerned that Google's behaviour has harmed consumers by restricting competition and innovation," she added. "Rival search engines and mobile operating systems have not been able to compete on their merits. This is not good." Google has three months to respond to the aforementioned charges. The New York Times reports: Europe's antitrust charges might not necessarily lead to financial or other penalties against Google. If it is found to have broken the region's rules, though, the company may face fines of up to 10 percent of its global revenue, or roughly $7 billion, the maximum allowable amount. Google denies that it has broken European competition rules, saying that its dealings with cellphone manufacturers like Samsung and HTC, among others, are voluntary, and that rival mobile services are readily available on its Android software.According to EU, Google has breached antitrust rules by:1. requiring manufacturers to pre-install Google Search and Google's Chrome browser and requiring them to set Google Search as default search service on their devices, as a condition to license certain Google proprietary apps; 2. preventing manufacturers from selling smart mobile devices running on competing operating systems based on the Android open source code; 3. giving financial incentives to manufacturers and mobile network operators on condition that they exclusively pre-install Google Search on their devices."The joke in Google's cafeteria today will be "let them use bing," said Andrew Parker, VC. "So disappointing that browser dominance on Android is the only thing that the EU can get worked up about," Blaine Cook, co-founder of Poetica noted. "The European Commission's statement of objections against Android lends further credibility to Oracle's $9B copyright claim," Florian Mueller, the founder of FOSS Patents blog wrote.

An anonymous reader writes: Google and Oracle executives met for six hours Friday in an unsuccessful attempt to resolve an ongoing copyright lawsuit. "Because an agreement couldn't be made, the next phase of the case will head to court in May, where a jury will decide if Google had the right to use certain parts of Oracle's programming language, Java, for free or if it owes Oracle damages..." reports Business Insider. "Last month, Google said that its damages expert strongly disagreed that it should owe Oracle upward of $8 billion for using certain parts of Oracle's software in its smartphone operating system, Android."
Friday's court-ordered talk included both Google CEO Sundar Pichai and Oracle CEO Safra Catz, and it marks the second time the two companies have failed to reach an out-of-court settlement, a fact alluded to by the case's judge in newly-released documents. "After an earlier run at settling this case failed, the court observed that some cases just need to be tried," reports the court docket. "This case apparently needs to be tried twice."

An anonymous reader writes: Wim Coekaerts, formerly Oracle's Senior VP of Linux and Virtualization Engineering, has left Oracle for Microsoft. Many of you may know of Coekaerts as "Mr. Linux" as he delivered the first Linux products, transitioned Oracle's programming staff from Windows to Linux desktops, and turned Oracle into a Linux distributor with the launch of its Red Hat Enterprise Linux (RHEL) clone, Oracle Linux. Mike Neil, Microsoft's Corporate Vice President of the Enterprise Cloud, told ZDNet, "Wim Coekaerts has joined Microsoft as Corp VP of Open Source in our Enterprise Cloud Group. As we continue to deepen our commitment to open source, Wim will focus on deepening our engagement, contributions and innovation to the open-source community."

angry tapir quotes a report from Computerworld: Oracle is seeking as much as $9.3 billion in damages in a long-running copyright lawsuit against Google over its use of Java in Android, court filings show. Oracle sued Google six years ago, claiming the search giant needs a license to use parts of the Java platform in Google's market-leading mobile OS. The two companies first went to trial in 2012, but the jury was split on whether or not Google's use of Java was protected by "fair use." Now they're headed back to the courtroom for a new trial scheduled to begin May 9, where Oracle's Larry Ellison and Google's Eric Schmidt will be present. Currently, the sum Oracle is asking for is about 10 times as much as when the two companies went to trial in 2012.

An anonymous reader writes: A group of independent security researchers and major Silicon Valley tech giants have submitted a proposal for a new email protocol called SMTP STS (Strict Transport Security). In theory, this new extension looks like the HSTS (HTTP Strict Transport Security) extension to HTTPS. Much like HSTS, SMTP STS brings message confidentiality and server authenticity to the process of starting an encrypted email communications channel. HSTS works alongside HTTPS to avoid SSL/TLS downgrades and MitM attacks. to avoid SSL/TLS downgrades and MitM attacks. The biggest names on the contributors list include Microsoft, Google, Yahoo, LinkedIn, and Comcast. Last year, Oracle also submitted a similar proposal called DEEP (Deployable Enhanced Email Privacy).

Freshly Exhumed writes: The former Microsoft executive excoriated by some industry watchers for the collapse of Nokia Mobile Phones, Stephen Elop, has re-emerged down under. Telstra says Elop is being appointed to the new role of Group Executive Technology, Innovation and Strategy, "leading Telstra's strategy to become a world class technology company" (stop giggling, you in the back row). Telstra cites Elop's "deep technology experience" and "innate sense of customer expectations."

An anonymous reader writes: A faulty security patch has left Java users vulnerable to attacks in the past two years, researchers from Polish security firm Security Explorations are claiming. The issue in question is CVE-2013-5838, which was discovered and patched in October 2013. Two years later, going back over their researcher, the same security researchers have now discovered that Oracle had not only misclassified its impact but also botched the fix. In a Full Disclosureexposé, the researcher says that changing four characters in the company's original proof-of-concept code allowed them to exploit the flaw, despite Oracle's patch.

whoever57 writes: A California jury in one of the cases between Synopsys and Atoptech found copyright infringement in Atoptech's use of the "Primetime commands". These companies compete in the field of EDA ("Electronic Design Automation") software: software that is used by semiconductor companies to design ICs. The Primetime commands are merely an interface. Atoptech has their own implementation of the functionality that these commands [provide]. This can be seen as similar to the Oracle vs. Google lawsuit, in which an appeals court has found that providing a similar interface (via header files) can constitute copyright infringement. Naturally, there will be appeals in this case.

itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.

An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.

An anonymous reader writes: After Mozilla said in October that it would stop supporting Firefox plugins on the older NPAPI technology, Oracle had no choice now but to announce the deprecation of the Java browser plugin starting with the release of the JDK version 9, which is set for release in March 2017, and developers are urged to start using the Java Web Start pluginless technology instead. Security issues also had a big part in Java's demise.

phantomfive writes: As the Google v. Oracle copyright case drags on, Oracle is claiming that Android has generated $31 billion in revenue for Google, $22 billion of which was profit. Court records also show Google paid Apple $1 billion USD to keep their search bar on the iPhone. A revenue sharing agreement was in place as well. At one point, Apple got 34% of the revenue generated by Google searches on iPhones. Both companies later requested that the information be redacted from the record, but once something is released on the internet, it tends to stay there.

prisoninmate writes: Oracle's Unbreakable Enterprise Kernel (UEK) Release 4 is an important engineering effort and introduces performance improvements and enhancements for some of the most essential components, including CPU schedulers and Automatic NUMA Balancing, along with powerful new features, such as real-time kernel patching, which is possible thanks to the Ksplice open-source extension of the Linux kernel 4 branch, which lets users to apply patches to the running kernel without the need to reboot the system, thus improving security and simplify the management of cloud infrastructures.

An anonymous reader writes: Oracle's database management system has seen the biggest rise in terms of popularity in the past year. Oracle didn't only see a rise in the number of deployed instances, job offerings and mentions on LinkedIn profiles, but for the first time also became a popular topic on Twitter and a constant mention on StackOverflow, a popular Q&A support forum for developers. Second on DB-Engine's popularity list was MongoDB, which barely missed winning the DBMS of the Year award for the third time in a row.