Oracle

Oracle Asked To Help Low-Income Residents Evicted For Its New Cloud Campus (cio.com) 202

itwbennett writes: Roughly 100 low-income families were evicted from an apartment complex on the land in Austin, Texas where Oracle plans to build a new 560,000 sq. foot cloud-computing campus. Some of the former tenants of Lakeview Apartments had leases through the end of the year, but were reportedly forced by owner Cypress Real Estate Advisors to move out early. Some have said their security deposits were not returned, and they have had no assistance as they've struggled to find comparably priced housing. Last week, some of those residents gathered near the site of their former home to protest and to appeal to Oracle for assistance.
Oracle

Google Confirms Next Android Version Won't Use Oracle's Proprietary Java APIs 215

An anonymous reader writes: Google is ditching the Java application programming interfaces (APIs) in Android and moving to only OpenJDK. The news first came by a "mysterious Android codebase commit" from last month submitted to Hacker News. Google confirmed to VentureBeat that Android N will rely solely on OpenJDK. “As an open-source platform, Android is built upon the collaboration of the open-source community,” a Google spokesperson told VentureBeat. “In our upcoming release of Android, we plan to move Android’s Java language libraries to an OpenJDK-based approach, creating a common code base for developers to build apps and services. Google has long worked with and contributed to the OpenJDK community, and we look forward to making even more contributions to the OpenJDK project in the future.”
Oracle

Oracle Settles FTC Charges Regarding Deceptive Java Security Updates (ftc.gov) 33

An anonymous reader writes: The FTC and Oracle have come to an agreement regarding Oracle's deceptive Java security updates, which only removed recent versions of vulnerable Java SE, but left behind older, insecure versions. Oracle got away without a fine, but will have to overhaul its Java update process to remove older versions as well.
Intel

Intel Offers More Insight On Its 3D Memory (itworld.com) 115

itwbennett writes: When Intel and Micron Technology first announced the 3D XPoint memory in July, they promised about 1,000 times the performance of NAND flash, 1,000 times the endurance of NAND flash, and about 10 times the density of DRAM. At OpenWorld last week, Intel CEO Brian Krzanich disclosed a little more information on the new memory, which Intel will sell under the Optane brand, and did a demo on a pair of matching servers running two Oracle benchmarks. One server had Intel's P3700 NAND PCI Express SSD, which is no slouch of a drive. It can perform up to 250,000 IOPS per second. The other was a prototype Optane SSD. The Optane SSD outperformed the P3700 by 4.4 times in IOPS with 6.4 times less latency.
Microsoft

Apple Usurps Oracle As the Biggest Threat To PC Security 320

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?
Oracle

Oracle Bakes Security Into New Chips (theregister.co.uk) 99

An anonymous reader writes: Oracle's Larry Ellison gave a presentation yesterday at OpenWorld in which he detailed how the M7 chip's new Silicon Secured Memory system works. "On the M7, pointers and their memory blocks are stamped with a 4-bit 'color,' and accesses are verified to make sure the color in the highest bits of the pointer matches the color of the memory allocation. This works with virtual memory allocated from the heap rather from the stack, it appears. Solaris tries to avoid giving adjacent blocks the same color." El Reg notes that a 4-bit security stamp doesn't really offer that many distinct options. "Four bits of color means there are 24, or 16, possible colors a memory block can have. A hijacked pointer has a one-in-16 chance of having a matching color when it accesses any block of memory, allowing it to circumvent the SSM defense mechanism. ... It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection. In short, SSM is a mitigation rather than bulletproof protection." Still, Ellison claims this would have shut down vulnerabilities like Heartbleed and Venom.
Oracle

Oracle Fixes Java Vulnerability Used By Russian Cyberspies (itworld.com) 126

itwbennett writes: Oracle said that it has fixed 154 security flaws in Java and a wide range of its other products, including one that Russian cyberespionage group Pawn Storm used to launch stealthy attacks earlier this year. The vulnerability, tracked as CVE-2015-4902, was being used by the Pawn Storm attackers to enable the execution of a malicious Java application without user interaction.
Oracle

Beware of Oracle's Licensing 'Traps,' Law Firm Warns (scottandscottllp.com) 136

itwbennett writes: Slashdot readers are no strangers to Oracle's aggressive licensing practices, practices that have earned them notoriety over the years. This week, Texas law firm Scott & Scott wrote a blog post warning enterprises about the 'traps' in Oracle software licensing. One of the biggest problems with Oracle software is how difficult it is for companies to track internally what they're using and how they're using it, said Julie Machal-Fulks, a partner with Scott & Scott, in an interview with Katherine Noyes. 'They may use just one Oracle product and think they're using it correctly, but then Oracle comes along and says, 'no, you're using it wrong — you owe us a million bucks.'
Firefox

Firefox Support For NPAPI Plugins Ends Next Year (mozilla.org) 147

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.
Unix

OpenIndiana Hipster 2015.10: Keeping an Open-Source Solaris Going 149

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the OpenIndiana.org release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.
Software

LibreOffice Turns Five 147

An anonymous reader writes: Italo Vignoli, founding member of The Document Foundation, reflects on the project's five-year mark in an article on Opensource.com: "LibreOffice was launched as a fork of OpenOffice.org on September 28, 2010, by a tiny group of people representing the community in their capacity as community project leaders. At the time, forking the office suite was a brave -- and necessary -- decision, because the open source community did not expect OpenOffice.org to survive for long under Oracle stewardship." The project that was OpenOffice.org does still exist, in the form of Apache Open Office, but along with most Linux distros, I've switched completely to LibreOffice, after some initial misgivings.
Security

When Does Software Start Becoming Malware? 165

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."
United Kingdom

UK Government Signs New Deal With Oracle 54

An anonymous reader writes: The Crown Commercial Service (CCS) has signed a deal with Oracle that should allow it to cut down on spending and licensing costs with the software provider. The three-year partnership will see the two collaborate to deliver services to public sector bodies including the National Health Service. A few weeks ago the government announced it would be cutting back on its use of Oracle software, but the new deal instead extends the existing agreement. CCS CEO Sally Collier explained: "The enhanced MoU will deliver savings across government and allow easier and more effective procurement of Oracle products and services. It lays the foundation of a more collaborative relationship between government and Oracle."
Oracle

Oracle: Google Has "Destroyed" the Market For Java 457

itwbennett writes: Oracle made a request late last month to broaden its case against Android. Now, claiming that 'Android has now irreversibly destroyed Java's fundamental value proposition as a potential mobile device operating system,' Oracle on Wednesday filed a supplemental complaint in San Francisco district court that encompasses the six Android versions that have come out since Oracle originally filed its case back in 2010: Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, Kit Kat and Lollipop.
AI

Video Tim O'Reilly and the 'WTF?!' Economy (Video) 111

This is a conversation Tim Lord had with Tim O'Reilly at OSCON. Tim O'Reilly wrote an article titled "The WTF Economy,", which started with these words: "WTF?! In San Francisco, Uber has 3x the revenue of the entire prior taxi and limousine industry." He talks about Uber and AirbnB and how, with real-time measurement of customer demand, "The algorithm is the new shift boss." And then there is this question: "What is the future when more and more work can be done by intelligent machines instead of people, or only done by people in partnership with those machines?"

My (late) father was an engineer. Politically, you could have called him a TechnoUtopian. He believed -- along with most of his engineer, ham radio, and science fiction writer and reader friends -- that as machines took over the humdrum tasks, humans would work less and create more. O'Reilly seems to have similar beliefs, even though (unlike my father) he's seen the beginnings of an economy with self-driving cars and trucks, factory machines that don't need humans to run them, and many other changes the 1950s and 1960s futurists didn't expect to see until we had flying cars and could buy tickets on Pan Am flights to the moon. Listening to these conversations, I remember my father's dreams, but O'Reilly isn't as optimistic as a full-blown TechnoUtopian. He takes a "Something's happening here; what it is ain't exactly clear" view of how work (and pay for work) will change in the near future. Please note that Tim O'Reilly has been called "The Oracle of Silicon Valley," so he's totally worth watching -- or reading, if that's your preferred method of taking in new information.

NOTE: Today we have a "main video," plus a "bonus video" that is viewable only with Flash. But we have a transcript that covers both of them. Enjoy!
Oracle

Oracle Exec: Stop Sending Vulnerability Reports 229

florin writes: Oracle chief security officer Mary Ann Davidson published a most curious rant on the company's corporate blog yesterday, addressing and reprimanding some pesky customers that just will not stop bothering her. As Mary put it: "Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it." She goes on to describe how the company deals with such shameful activities, namely that "We send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer's behalf — reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already."

Later on, in a section intended to highlight how great a job Oracle itself was doing at finding vulnerabilities, the CSO accidentally revealed that customers are in fact contributing a rather significant 1 out of every 10 vulnerabilities: "Ah, well, we find 87 percent of security vulnerabilities ourselves, security researchers find about 3 percent and the rest are found by customers." Unsurprisingly, this revealing insight into the company's regard for its customers was removed later. But not before being saved for posterity.
Oracle

U.K. Government Seeking To End Reliance On Oracle 190

jfruh writes: The U.K. Cabinet Office has reportedly asked government departments and agencies to try to find ways to end their reliance on Oracle software, a move motivated by the truly shocking number of Oracle licenses currently being paid for by the British taxpayer. The Department for Environment, Food and Rural Affairs alone has paid £1.3 million (US$2 million) per year for some 2 million Oracle licenses, or about 200 licenses per staff member.
Databases

Oracle To Debut Low-Cost SPARC Chip Next Month 92

jfruh writes: Of the many things Oracle acquired when it absorbed Sun, the SPARC processors have not exactly been making headlines. But that may change next month when the company debuts a new, lower-cost chip that will compete with Intel's Xeon. "Debut," in this case, means only an introduction, though -- not a marketplace debut. From the article: [T]he Sparc M7 will have technologies for encryption acceleration and memory protection built into the chip. It will also include coprocessors to accelerate database performance. "The idea of Sonoma is to take exactly those same technologies and bring them down to very low cost points, so that people can use them in cloud computing and for smaller applications, and even for smaller companies who need a lower entry point," [Oracle head of systems John] Fowler said. ... [Fowler] didn’t talk about prices or say how much cheaper the new Sparc systems will be, and it could potentially be years before Sonoma comes to market—Oracle isn’t yet saying. Its engineers are due to discuss Sonoma at the Hot Chips conference in Silicon Valley at the end of the month, so we might learn more then.
Security

First Java 0-Day In 2 Years Exploited By Pawn Storm Hackers 122

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.
Oracle

Oracle Bullies Enterprise Clients Into Cloud Purchases, Consultant Claims 184

An anonymous reader writes: A consultant claims that Oracle has adopted the widespread use of 'breach notices' this year to force existing enterprise customers to adopt its newly-bolstered range of cloud services, or else be told to stop using all Oracle software within thirty days. Speaking to Business Insider, the unnamed source described the tactic as a 'nuclear option' which is now practically the default when the need to add services or users to an existing contract triggers an 'audit' by Oracle. An ex-Oracle contract negotiator who now works in the ever-expanding business niche of 'Oracle contract negotiation' commented 'Internally, the water cooler gossip there is that they've never seen this kind of aggression before. Oracle has really dialed it up. Customers are buying cloud services to make the Oracle issue go away, not because they have any intention of using cloud services.'

Slashdot Top Deals