snydeq writes: InfoWorld's Dan Tynan offers an inside look at how high-tech software vendors such as Adobe, Oracle, and IBM play hardball over software licensing, pushing customers to "true up" to the tune of billions of dollars per year -- and using the threat of audits as a sales tool to close lucrative deals. "When it comes to software audits, the code of omerta prevails," Tynan writes. "It's not a question of whether your organizations' software licenses will get audited. It's only a question of when, how often, and how painful the audits will be. The shakedown is such a sure thing that nearly every customer we contacted asked us to keep their names out of this story, lest it make their employers a target for future audits."

An anonymous reader writes: Oracle has released the April 2016 Critical Patch Update, which provides fixes for 136 vulnerabilities in 49 products, including Java SE and MySQL, the company's Database Server and E-Business Suite, its Fusion Middleware, and its Sun Systems Products Suite. "Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay," the company advised.

Google now faces more competition charges in the European Union. The EU has accused Google of skewing the market against competitors with its Android mobile operating system. The 28-member state bloc's antitrust commissioner concluded in a preliminary decision that the search giant has abused its dominant position in the market by imposing restrictions on Android device makers. "What we found is that Google pursues an overall strategy on mobile devices to protect and expand its dominant position in internet search," said Margrethe Vestager, the EU competition chief. "The commission is concerned that Google's behaviour has harmed consumers by restricting competition and innovation," she added. "Rival search engines and mobile operating systems have not been able to compete on their merits. This is not good." Google has three months to respond to the aforementioned charges. The New York Times reports: Europe's antitrust charges might not necessarily lead to financial or other penalties against Google. If it is found to have broken the region's rules, though, the company may face fines of up to 10 percent of its global revenue, or roughly $7 billion, the maximum allowable amount. Google denies that it has broken European competition rules, saying that its dealings with cellphone manufacturers like Samsung and HTC, among others, are voluntary, and that rival mobile services are readily available on its Android software.According to EU, Google has breached antitrust rules by:1. requiring manufacturers to pre-install Google Search and Google's Chrome browser and requiring them to set Google Search as default search service on their devices, as a condition to license certain Google proprietary apps; 2. preventing manufacturers from selling smart mobile devices running on competing operating systems based on the Android open source code; 3. giving financial incentives to manufacturers and mobile network operators on condition that they exclusively pre-install Google Search on their devices."The joke in Google's cafeteria today will be "let them use bing," said Andrew Parker, VC. "So disappointing that browser dominance on Android is the only thing that the EU can get worked up about," Blaine Cook, co-founder of Poetica noted. "The European Commission's statement of objections against Android lends further credibility to Oracle's $9B copyright claim," Florian Mueller, the founder of FOSS Patents blog wrote.

An anonymous reader writes: Google and Oracle executives met for six hours Friday in an unsuccessful attempt to resolve an ongoing copyright lawsuit. "Because an agreement couldn't be made, the next phase of the case will head to court in May, where a jury will decide if Google had the right to use certain parts of Oracle's programming language, Java, for free or if it owes Oracle damages..." reports Business Insider. "Last month, Google said that its damages expert strongly disagreed that it should owe Oracle upward of $8 billion for using certain parts of Oracle's software in its smartphone operating system, Android."
Friday's court-ordered talk included both Google CEO Sundar Pichai and Oracle CEO Safra Catz, and it marks the second time the two companies have failed to reach an out-of-court settlement, a fact alluded to by the case's judge in newly-released documents. "After an earlier run at settling this case failed, the court observed that some cases just need to be tried," reports the court docket. "This case apparently needs to be tried twice."

An anonymous reader writes: Wim Coekaerts, formerly Oracle's Senior VP of Linux and Virtualization Engineering, has left Oracle for Microsoft. Many of you may know of Coekaerts as "Mr. Linux" as he delivered the first Linux products, transitioned Oracle's programming staff from Windows to Linux desktops, and turned Oracle into a Linux distributor with the launch of its Red Hat Enterprise Linux (RHEL) clone, Oracle Linux. Mike Neil, Microsoft's Corporate Vice President of the Enterprise Cloud, told ZDNet, "Wim Coekaerts has joined Microsoft as Corp VP of Open Source in our Enterprise Cloud Group. As we continue to deepen our commitment to open source, Wim will focus on deepening our engagement, contributions and innovation to the open-source community."

angry tapir quotes a report from Computerworld: Oracle is seeking as much as $9.3 billion in damages in a long-running copyright lawsuit against Google over its use of Java in Android, court filings show. Oracle sued Google six years ago, claiming the search giant needs a license to use parts of the Java platform in Google's market-leading mobile OS. The two companies first went to trial in 2012, but the jury was split on whether or not Google's use of Java was protected by "fair use." Now they're headed back to the courtroom for a new trial scheduled to begin May 9, where Oracle's Larry Ellison and Google's Eric Schmidt will be present. Currently, the sum Oracle is asking for is about 10 times as much as when the two companies went to trial in 2012.

An anonymous reader writes: A group of independent security researchers and major Silicon Valley tech giants have submitted a proposal for a new email protocol called SMTP STS (Strict Transport Security). In theory, this new extension looks like the HSTS (HTTP Strict Transport Security) extension to HTTPS. Much like HSTS, SMTP STS brings message confidentiality and server authenticity to the process of starting an encrypted email communications channel. HSTS works alongside HTTPS to avoid SSL/TLS downgrades and MitM attacks. to avoid SSL/TLS downgrades and MitM attacks. The biggest names on the contributors list include Microsoft, Google, Yahoo, LinkedIn, and Comcast. Last year, Oracle also submitted a similar proposal called DEEP (Deployable Enhanced Email Privacy).

Freshly Exhumed writes: The former Microsoft executive excoriated by some industry watchers for the collapse of Nokia Mobile Phones, Stephen Elop, has re-emerged down under. Telstra says Elop is being appointed to the new role of Group Executive Technology, Innovation and Strategy, "leading Telstra's strategy to become a world class technology company" (stop giggling, you in the back row). Telstra cites Elop's "deep technology experience" and "innate sense of customer expectations."

An anonymous reader writes: A faulty security patch has left Java users vulnerable to attacks in the past two years, researchers from Polish security firm Security Explorations are claiming. The issue in question is CVE-2013-5838, which was discovered and patched in October 2013. Two years later, going back over their researcher, the same security researchers have now discovered that Oracle had not only misclassified its impact but also botched the fix. In a Full Disclosureexposé, the researcher says that changing four characters in the company's original proof-of-concept code allowed them to exploit the flaw, despite Oracle's patch.

whoever57 writes: A California jury in one of the cases between Synopsys and Atoptech found copyright infringement in Atoptech's use of the "Primetime commands". These companies compete in the field of EDA ("Electronic Design Automation") software: software that is used by semiconductor companies to design ICs. The Primetime commands are merely an interface. Atoptech has their own implementation of the functionality that these commands [provide]. This can be seen as similar to the Oracle vs. Google lawsuit, in which an appeals court has found that providing a similar interface (via header files) can constitute copyright infringement. Naturally, there will be appeals in this case.

itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.

An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.

An anonymous reader writes: After Mozilla said in October that it would stop supporting Firefox plugins on the older NPAPI technology, Oracle had no choice now but to announce the deprecation of the Java browser plugin starting with the release of the JDK version 9, which is set for release in March 2017, and developers are urged to start using the Java Web Start pluginless technology instead. Security issues also had a big part in Java's demise.

phantomfive writes: As the Google v. Oracle copyright case drags on, Oracle is claiming that Android has generated $31 billion in revenue for Google, $22 billion of which was profit. Court records also show Google paid Apple $1 billion USD to keep their search bar on the iPhone. A revenue sharing agreement was in place as well. At one point, Apple got 34% of the revenue generated by Google searches on iPhones. Both companies later requested that the information be redacted from the record, but once something is released on the internet, it tends to stay there.

prisoninmate writes: Oracle's Unbreakable Enterprise Kernel (UEK) Release 4 is an important engineering effort and introduces performance improvements and enhancements for some of the most essential components, including CPU schedulers and Automatic NUMA Balancing, along with powerful new features, such as real-time kernel patching, which is possible thanks to the Ksplice open-source extension of the Linux kernel 4 branch, which lets users to apply patches to the running kernel without the need to reboot the system, thus improving security and simplify the management of cloud infrastructures.

An anonymous reader writes: Oracle's database management system has seen the biggest rise in terms of popularity in the past year. Oracle didn't only see a rise in the number of deployed instances, job offerings and mentions on LinkedIn profiles, but for the first time also became a popular topic on Twitter and a constant mention on StackOverflow, a popular Q&A support forum for developers. Second on DB-Engine's popularity list was MongoDB, which barely missed winning the DBMS of the Year award for the third time in a row.

itwbennett writes: Roughly 100 low-income families were evicted from an apartment complex on the land in Austin, Texas where Oracle plans to build a new 560,000 sq. foot cloud-computing campus. Some of the former tenants of Lakeview Apartments had leases through the end of the year, but were reportedly forced by owner Cypress Real Estate Advisors to move out early. Some have said their security deposits were not returned, and they have had no assistance as they've struggled to find comparably priced housing. Last week, some of those residents gathered near the site of their former home to protest and to appeal to Oracle for assistance.

An anonymous reader writes: Google is ditching the Java application programming interfaces (APIs) in Android and moving to only OpenJDK. The news first came by a "mysterious Android codebase commit" from last month submitted to Hacker News. Google confirmed to VentureBeat that Android N will rely solely on OpenJDK. “As an open-source platform, Android is built upon the collaboration of the open-source community,” a Google spokesperson told VentureBeat. “In our upcoming release of Android, we plan to move Android’s Java language libraries to an OpenJDK-based approach, creating a common code base for developers to build apps and services. Google has long worked with and contributed to the OpenJDK community, and we look forward to making even more contributions to the OpenJDK project in the future.”

An anonymous reader writes: The FTC and Oracle have come to an agreement regarding Oracle's deceptive Java security updates, which only removed recent versions of vulnerable Java SE, but left behind older, insecure versions. Oracle got away without a fine, but will have to overhaul its Java update process to remove older versions as well.

itwbennett writes: When Intel and Micron Technology first announced the 3D XPoint memory in July, they promised about 1,000 times the performance of NAND flash, 1,000 times the endurance of NAND flash, and about 10 times the density of DRAM. At OpenWorld last week, Intel CEO Brian Krzanich disclosed a little more information on the new memory, which Intel will sell under the Optane brand, and did a demo on a pair of matching servers running two Oracle benchmarks. One server had Intel's P3700 NAND PCI Express SSD, which is no slouch of a drive. It can perform up to 250,000 IOPS per second. The other was a prototype Optane SSD. The Optane SSD outperformed the P3700 by 4.4 times in IOPS with 6.4 times less latency.