Long-time Slashdot reader slack_justyb writes: IBM announces IBM i (some you of you may know it under the old name of AS/400) 7.5 the first new release in three years since the 7.4 release. One of the big headlines with the IBM i 7.5 announcement is Merlin which stands for the Modernization Engine for Lifecycle Integration....

With the Db2 product, IBM i is now receiving Boolean data types with support for this new type in RPG and JSON environments. Larger Indexes, the previous limit was 1.6TB indexes, that has now been increased to 16TB. And Db2 is now fully compliant with SQL:2016 the most recent publication of the SQL standard, beating Oracle to the punch on full support of the standard. And finally, QSYS2-based functions for using HTTP requests to publish or consume Web services, including the use of embedded SQL in REST services. These are enhanced versions of the functions that were seen in 7.3/7.4 where IBM removed the requirement for a JVM to use SQL to consume web services.
IT Jungle has many more details. Some of the highlights: Merlin provides a lightweight, browser-based development environment for creating new applications or modernizing existing RPG-based application. It's an alternative to Rational Developer for i (RDi) based on Eclipse, which many developers seem to hate. Developed in partnership with ARCAD Software, Merlin comes pre-loaded with tools like Git and Jenkins for DevOps-style code management, as well as an RPG code-converter. It runs in a Linux-based Red Hat OpenShift container running on the Power platform. While it's not technically tied to IBM i version 7.5 or 7.4 TR6, Merlin represents an important change in how IBM is packaging and delivering capabilities for IBM i shops, as well as a recognition that IBM should take a more active role in helping users modernize their codebases....

IBM is now enabling customers to buy subscriptions to IBM i for periods of one to five years. Allowing customers to use operating expenditure (Opex) budget lines instead of the dreaded capital expenditure (CapEx) accounting code for subscriptions. IBM is focusing on lower-end IBM i environments at the moment, so the subscription is limited to four-core P05 machines at this time. As part of this shift to software subscriptions, IBM is rethinking how it bundles ancillary products that are often used with IBM i. 11 packages are being moved into the core OS entitlement.

A group of nearly two dozen investors including Sequoia Capital, Andreessen Horowitz, crypto exchange Binance and asset management firm Fidelity is backing Elon Musk's $44 billion bid to acquire Twitter. From a report: The Tesla and SpaceX chief executive said in a filing Thursday that he had raised over $7.1 billion in total from the investors. Oracle co-founder Larry Ellison delivered the largest check, at $1 billion, the filing revealed. Sequoia has chipped in $800 million, VyCapital $700 million, Binance financed $500 million, and Andreessen Horowitz has invested $400 million, the amended 13D filing said.

Oracle has begun making a new version of Solaris 11.4 available for free/open-source developers and for non-production personal use. Phoronix reports: Solaris 11.4 CBE is the "Common Build Environment" and intended for open-source developers and strictly non-production personal use... That is if you want Solaris for new installs in 2022. The new Solaris 11.4 "CBE" spin is effectively a rolling release and from Oracle's perspective hopes to ease the integration of the open-source software relied upon by Solaris rather than being bound to the dated 11.4.0 GA release.

Downloading the new Solaris 11.4 CBE does require an Oracle account. The CBE builds are also described as "similar to a beta, they are pre-release builds of a particular SRU." The non-production use license is put out under the Oracle Technology Network Early Adopter License Agreement for Oracle Solaris. Oracle will allow upgrading from these free CBE releases to paid SRU releases under Oracle support contracts. More details for those interested in Oracle Solaris 11.4 CBE via the Oracle Solaris blog.

Google's Threat Analysis Group announced on Thursday that it had discovered a pair of North Korean hacking cadres going by the monikers Operation Dream Job and Operation AppleJeus in February that were leveraging a remote code execution exploit in the Chrome web browser. From a report: The blackhatters reportedly targeted the US news media, IT, crypto and fintech industries, with evidence of their attacks going back as far as January 4th, 2022, though the Threat Analysis Group notes that organizations outside the US could have been targets as well.

"We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques," the Google team wrote on Thursday. "It is possible that other North Korean government-backed attackers have access to the same exploit kit." Operation Dream Job targeted 250 people across 10 companies with fraudulent job offers from the likes of Disney and Oracle sent from accounts spoofed to look like they came from Indeed or ZipRecruiter. Clicking on the link would launch a hidden iframe that would trigger the exploit.

TikTok's national security clash with the U.S. government may be nearing its conclusion, without the sort of shareholder overhaul that was previously proposed. From a report: The social media company is in advanced talks with the Committee on Foreign Investment in the United States (CFIUS) to store all of its U.S. user information with Oracle, without Chinese owner ByteDance being able to access it, as first reported by Reuters and confirmed by Axios. Data sovereignty has been the core regulatory concern since this all began in mid-2020, at least for career staff. Certain political appointees of the Trump administration also expressed fears that the Chinese government could use TikTok to influence U.S. political or social sentiment, but content moderation seems outside the scope of current talks.

An anonymous reader quotes a report from The Register: Microsoft Azure has nosed ahead of AWS in the public cloud adoption stakes, according to a report from IT Management outfit Flexera. The 2022 State of the Cloud Report survey will have brought smiles to the teams at Redmond and Amazon, and less cheer to Oracle's cloud crew, which continued to languish in fourth place behind Google.

The key takeaway on the Azure front is its leadership with enterprise users, with 80 percent of respondents adopting Microsoft's public cloud, up from 76 percent the previous year. This was just ahead of AWS, which claimed a 77 percent adoption rate, down from 79 percent a year earlier. Some way behind was Google, with 48 percent, followed by Oracle Cloud Infrastructure, which tumbled to 27 percent from 32 percent a year ago. The report indicates Azure is ahead of AWS for breadth of adoption, although Google has the highest percentage for experimentation (at 23 percent). There was some cause for optimism at Oracle with the highest percentage (12 percent) planning to use its cloud, meaning there is every chance its showing in the survey could improve in the coming years. "AWS is still leading the SMB public cloud pack, although it still experienced a slight drop in adoption rate, from 72 percent to 69 percent while Azure jumped from 48 percent to 59 percent," notes The Register. "Oracle also saw strong growth, nearly doubling its adoption rate from 15 percent to 28 percent year on year."

The survey also reported an increase in wasted cloud spend. According to The Register, "respondents estimated their organizations wasted 32 percent of the cloud spend this time around, up from 30 percent the previous year."

Cogent Communications, one of the world's largest internet intercontinental backbone providers, has cut ties with Russian customers over its invasion of Ukraine. The Verge reports: In a letter to Russian customers obtained by The Washington Post, Cogent cited "economic sanctions" and "the increasingly uncertain security situation" as the motives behind its total shutdown in the country. Cogent similarly told The Verge that it "terminated its contracts" with Russian customers in compliance with the European Union's move to ban Russian state-backed media outlets.

As Doug Madory, an internet analyst at network tracking company Kentik points out... unplugging Russia from Cogent's global network will likely result in slower connectivity, but won't completely disconnect Russians from the internet... Traffic from Cogent's former customers will instead fall back on other backbone providers in the country, potentially resulting in network congestion. There isn't any indication as to whether other internet backbone providers will also suspend services in Russia.

Digital rights activists have criticized Cogent's decision to disconnect itself from Russia, arguing that it could prevent Russian civilians from accessing credible information about the invasion. "Cutting Russians off from internet access cuts them off from sources of independent news and the ability to organize anti-war protests," Eva Galperin, the director of cybersecurity at the digital rights group Electronic Frontier Foundation, said on Twitter....

Cogent's goal is to prevent the Russian government from using the company's networks for cyberattacks and propaganda, The Post reports.
The Post argues that on a larger scale,"these moves bring Russia closer to the day when its online networks face largely inward, their global connections weakened, if not cut off entirely." "I am very afraid of this," said Mikhail Klimarev, executive director of the Internet Protection Society, which advocates for digital freedoms in Russia. "I would like to convey to people all over the world that if you turn off the Internet in Russia, then this means cutting off 140 million people from at least some truthful information. As long as the Internet exists, people can find out the truth. There will be no Internet — all people in Russia will only listen to propaganda...."

[E]ven two weeks ago, Russia's Internet was comparatively free and integrated into the larger online world, allowing civil society to organize, opposition figures to deliver their messages and ordinary Russians to gain ready access to alternative sources of news in an era when Putin was strangling his nation's free newspapers and broadcast stations.... Patrick Boehler, head of digital strategy at Radio Free Europe, said CrowdTangle data showed that independent news stories in the Russian language worldwide were getting shared many more times on social media than stories from state-run media. He said that once the Kremlin lost control of the narrative, it would have been hard to regain.

Now the last independent journalistic outposts are gone, and the Internet options are increasingly constricted through a combination of forces — all spurred by war in Ukraine but coming from both within and outside Russia.... Government censors also blocked access to the BBC, Voice of America, Radio Free Europe/Radio Liberty and Deutsche Welle, as well as major Ukrainian websites. The BBC, CNN and other international news organizations said they were suspending reporting in Russia because of a new law that could result in 15 years of prison for publishing what government officials deem false news on the war.
Meanwhile, Politico reminds us that even Oracle has shut down its Russian cloud service operations. Laura Manley, the executive director of Harvard University's Shorenstein Center on Media, Politics and Public Policy, said Russia is creating a perfect situation to control its narrative and limit outside coverage of its Ukrainian invasion by Western social media sources. "You have the lack of eyewitness information because you have critical infrastructure being shut off," she said. "So it's sort of a worst case scenario in terms of getting real-time accurate information."

Linux programmers fixed bugs faster than anyone — in an average of just 25 days (improving from 32 days in 2019 to just 15 in 2021). That's the conclusion of Google's "Project Zero" security research team, which studied the speed of bug-fixing from January 2019 to December 2021.

ZDNet reports that Linux's competition "didn't do nearly as well." For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days.

By Project Zero's count, others, which included primarily open-source organizations and companies such as Apache, Canonical, Github, and Kubernetes, came in with a respectable 44 days.

Generally, everyone's getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.

As for mobile operating systems, Apple iOS with an average of 70 days is a nose better than Android with its 72 days. On the other hand, iOS had far more bugs, 72, than Android with its 10 problems.

Browsers problems are also being fixed at a faster pace. Chrome fixed its 40 problems with an average of just under 30 days. Mozilla Firefox, with a mere 8 security holes, patched them in an average of 37.8 days. Webkit, Apple's web browser engine, which is primarily used by Safari, has a much poorer track record. Webkit's programmers take an average of over 72 days to fix bugs.

An anonymous reader quotes a report from Gizmodo: It's been less than a month since the New York Times bought Wordle, but it's wasting no time in ruining everyone's favorite word game in all the shitty ways you'd expect from a billion-dollar behemoth. And -- you guessed it -- that means your little daily puzzles are being loaded with ad trackers now, too. Most of us assumed that this was going to happen eventually. I mean, the Times dropped a cool seven-figure sum on a game that's still free to play (at least for right now), so those profits would need to be recouped from somewhere. And this week, some code-savvy Worlders stumbled onto where that "somewhere" was: a dozen different trackers shoved into places where there were literally zero before. Taking a look for ourselves, Gizmodo found that some of the trackers were from the New York Times proper, but most were used to send data to third-party players like Google. [...]

Here's just one nightmare scenario out of the bajillion or so that could come out of a system like this: Ad trackers were created to shove t-shirts and mugs onto all of our timelines, but they can also be used for outright surveillance. There are countless cases of cops using the data gleaned from those shitty ads to track protestors, immigrants, and anyone else they'd want completely warrant-free. And two of the companies that officers tap on the regular for this work -- Google and Oracle (via its infamous Bluekai subsidiary) -- are tied up in Wordle's shiny new trackers. Every time you open the page to see the day's puzzle to complain about how hard it is, the page pings details back to those companies -- and the data it shares can be extremely detailed, as Bluekai's own documents (PDF) lay out. At the very least, it's likely sending broad strokes to say you were on the site at a certain time, while your device was at a certain location.

Sure, adtech players can (and will) pull much shadier shit to share more data on the regular. But as a for instance, if a cop wanted to set a geofence warrant around your neighborhood -- tracking which devices are caught in a specific area at a specific time -- they could easily tap into Bluekai's ad data to get those wheres and whens. And now the fact that you Wordle'd at your local coffee shop on a Tuesday becomes one of the reasons that you ended up on some fed's watch list for a crime you didn't commit but will somehow end up jailed for anyway. This absolute nightmare is almost certainly not what's happening on Wordle right now (phew). And again, this scenario applies to most of the sites you likely visit every day, not just Wordle. But the real scary part about all of this -- at least to me -- is that it can.

IBM has resurrected its sale process for IBM Watson Health, with hopes of fetching more than $1 billion, people familiar with the situation told Axios. From the report: Big Blue wants out of health care, after spending billions to stake its claim, just as rival Oracle is moving big into the sector via its $28 billion bet for Cerner. IBM spent more than $4 billion to build Watson Health via a series of acquisitions. The business now includes health care data and analytics business Truven Health Analytics, population health company Phytel, and medical imaging business Merge Healthcare. IBM first explored a sale of the division in early 2021, with Morgan Stanley leading the process. WSJ reported at the time that the unit was generating roughly $1 billion in annual revenue, but was unprofitable. Sources say it continues to lose money.

Oracle is expected to pay more than $30 billion including debt for electronic-medical-records company Cerner, WSJ reported Monday, citing people familiar with the matter. From a report: The all-cash deal is expected to be announced later Monday and value Cerner at about $95 a share, one of the people said.

The U.S. General Services Administration said Friday that the Defense Department has solicited bids from Amazon, Google, Microsoft and Oracle for cloud contracts. From a report: The outreach comes after the Pentagon set aside a highly contested $10 billion contract that Microsoft had won and Amazon had challenged. The value of the new contracts is not known, but the Defense Department estimates it could run into the multiple billions of dollars. The new effort, known as Joint Warfighting Cloud Capability, or JWCC, appears like it will bolster the top global cloud infrastructure providers, Amazon and Microsoft, although it could also provide more credibility to two smaller entities.

"The Government anticipates awarding two IDIQ contracts -- one to Amazon Web Services (AWS) and one to Microsoft Corporation (Microsoft) -- but intends to award to all Cloud Service Providers (CSPs) that demonstrate the capability to meet DoD's requirements," the GSA said in its announcement. An indefinite delivery, indefinite quantity, or IDIQ, contract includes an indefinite amount of services for a specific period of time.

The Oracle JDK "is available free of charge for production use again," reports InfoQ, under a new "Oracle No-Fee Terms and Conditions" license.

The move, announced in mid-September, "reverses a 2018 decision to charge for Oracle JDK production use and does not affect Oracle's OpenJDK distribution," they write, noting that the new license "applies to the recently released version 17 of Oracle JDK and future versions." Donald Smith, Senior Director of Product Management at Oracle, explained the reason for this decision in a recent blog post, writing:

"Providing Oracle OpenJDK builds under the GPL was highly welcomed, but feedback from developers, academia, and enterprises was that they wanted the trusted, rock-solid Oracle JDK under an unambiguously free terms license, too. Oracle appreciates the feedback from the developer ecosystem and are pleased to announce that as of Java 17 we are delivering on exactly that request."

Smith explicitly stated that the No-Fee Terms and Conditions license "includes commercial and production use" [although the license does not seem to highlight this fact] and stated that "redistribution is permitted as long as it is not for a fee."

The Tesla Oracle blog reports on a newly-released security feature "that enables Tesla owners to remotely view what's happening around their vehicles in real-time using their mobile phones..."

"While you have opened the live camera view of your parked Tesla car, you can talk back to the people in the vehicle's surroundings." The Tesla vehicle will change your voice, amplify and output it via an external speaker installed under the car. Teslas built since January 2019 have this speaker installed as part of the pedestrian warning system, a requirement by the NHTSA. In the last year's holiday software update package, Tesla introduced the Boombox feature using this external speak. Boombox lets Tesla owners add custom horn and pedestrian warning sounds to the vehicle.

Tesla owners will now be able to warn potential vandals more explicitly by giving them verbal warnings from a remote location...
In a tweet Wednesday, Elon Musk joked the feature was also "great for practical jokes."

Big data "has big designs on a big cloud," reports NBC News: A steady drumbeat from some of the most influential executives in the technology industry has emerged in recent months to push the idea that the U.S. government should invest in a "national research cloud" — a hub for U.S. research into artificial intelligence where researchers from academia and smaller tech companies could share data sets and other resources.

It's an idea that has been backed by a government commission led by ex-Google CEO Eric Schmidt and including executives from Amazon, Microsoft and Oracle, which recommended that the Biden administration create a hub for U.S. research into artificial intelligence. The White House has warmed up to the idea, ordering another report on it due next year with an eye toward competing with China on the development of artificial intelligence. "We should be able to stay ahead of China. We estimated that we are one to two years ahead of China, broadly speaking, in this area. I hope that's true," Schmidt said in an interview with NBC News. "Investments that are targeted in research — new algorithms — should be able to keep us ahead," he said.

The stakes could be enormous. Some experts in artificial intelligence believe it has the potential to transform the economy — automating some jobs, while creating new ones — and the potential military applications have spurred investment by the Pentagon.

But this month, the idea began getting fresh pushback. Research groups including New York University's AI Now Institute and Data & Society, a nonprofit technology research group based in New York, say the very tech companies pushing this idea stand to profit from it, because the national hub would likely be housed in the same companies' commercial cloud computing services. They say that's a conflict, and little more than a cash grab by what's effectively the next generation of military contractors. The plan also could entrench the very same tech companies that President Joe Biden's antitrust enforcers are working to rein in, these critics say.

The U.S. Supreme Court turned away a lingering appeal by Oracle stemming from its challenge to the now-scrapped $10 billion cloud-computing contract the Pentagon awarded to Microsoft in 2019. From a report: The rejection was a formality given the Defense Department's decision in July to drop the contract and divide the work among multiple bidders, potentially between Microsoft and Amazon. Oracle's appeal centered on alleged conflicts of interest involving Amazon, and on claims that the Pentagon violated its own rules when it set up the contract to be awarded to a single firm.

Oracle's Java magazine takes a look at some current JDK Enhancement Proposals, "the vehicle of long standing for updating the Java language and the JVM." Today, concurrency in Java is delivered via nonlightweight threads, which are, for all intents, wrappers around operating-system threads... Project Loom aims to deliver a lighter version of threads, called virtual threads. In the planned implementation, a virtual thread is programmed just as a thread normally would be, but you specify at thread creation that it's virtual. A virtual thread is multiplexed with other virtual threads by the JVM onto operating system threads. This is similar in concept to Java's green threads in its early releases and to fibers in other languages... Because the JVM has knowledge of what your task is doing, it can optimize the scheduling. It will move your virtual thread (that is, the task) off the OS thread when it's idle or waiting and intelligently move some other virtual thread onto the OS thread. When implemented correctly, this allows many lightweight threads to share a single OS thread. The benefit is that the JVM, rather than the OS, schedules your task. This difference enables application-aware magic to occur behind the curtains...

Project Valhalla aims to improve performance as it relates to access to data items... by introducing value types, which are a new form of data type that is programmed like objects but accessed like primitives. Specifically, value types are data aggregates that contain only data (no state) and are not mutable. By this means, [value types] can be stored as a single array with only a single header field for the entire array and direct access to the individual fields...

Project Panama simplifies the process of connecting Java programs to non-Java components. In particular, Panama aims to enable straightforward communication between Java applications and C-based libraries...

Several Amber subprojects are still in progress.

Sealed classes, which have been previewed in the last few Java releases and are scheduled to be finalized in Java 17. Sealed classes (and interfaces) can limit which other classes or interfaces can extend or implement them...

Pattern matching in switches is a feature that will be previewed in Java 17...
The article concludes that Java's past and current projects "testify to how much Java has evolved and how actively the language and runtime continue to evolve."

The Supreme Court of California has thrown out Oracle's appeal against a decision to award $3 billion damages to HPE in a case which dates back a decade and relates to Big Red's commitment to develop on Itanium hardware. From a report:On Wednesday, the court denied a review of Oracle's appeal against a summary judgement, apparently without comment or any written dissents. The decision follows a ruling made in the California Court of Appeal that affirmed HPE's $3.14bn win for alleged contract violation, stating that an agreement between the firms had created a legal obligation for Oracle to support software on HPE's Itanium server. The case hinged on the companies' statements that they had a "longstanding strategic relationship" and a "mutual desire to continue to support their mutual customers." The agreement stated that Oracle, for its part, "will continue to offer its product suite on HP platforms" while HPE "will continue to support Oracle products (including Oracle Enterprise Linux and Oracle VM) on its hardware." The ruling reads: "We conclude that the second sentence, moreover, does more than declare an aspiration or intent to continue working together, as Oracle claims. It commits the parties to continue the actions specified (Oracle offering its product suite and HP supporting the products)," as it had done previously.

At the SAS 2021 security conference today, analysts from security firm Kaspersky Lab published details about a new Chinese cyber-espionage group that has been targeting high-profile entities across South East Asia since at least July 2020. From a report: Named GhostEmperor, Kaspersky said the group uses highly sophisticated tools and is often focused on gaining and keeping long-term access to its victims through the use of a powerful rootkit that can even work on the latest versions of Windows 10 operating systems. "We observed that the underlying actor managed to remain under the radar for months," Kaspersky researchers explained today. The entry point for GhostEmperor's hacks were public-facing servers. Kaspersky believes the group used exploits for Apache, Oracle, and Microsoft Exchange servers to breach a target's perimeter network and then pivoted to more sensitive systems inside the victim's network.

"One project going dark — due to a DMCA takedown or otherwise — can impact thousands of developers," GitHub warns in a blog post this week: We saw that firsthand with both leftpad and mimemagic. That's why GitHub's designed its DMCA process to follow the law in requiring takedown requests to identify specific content. We want developers on our platform and elsewhere to have a clear opportunity to remove infringing code yet keep non-infringing code up for others to use, modify, and learn from.

Ensuring that software copyright allegations are specific and actionable benefits the entire developer ecosystem. That's why GitHub submitted a "friend of the court" brief in the SAS Institute, Inc. v. World Programming Ltd. case before a Federal Court of Appeals.

This case is the most recent in a ten-year litigation spanning both the UK and the US. SAS Institute has brought copyright and non-copyright claims against World Programming's software that runs code written in the SAS language, and the copyright claims drew comparison to the recent Google v. Oracle Supreme Court case. But this case is different from Google v. Oracle because here the alleged copyright infringement is based on a claim of "nonliteral" infringement. That means there is no allegation that specific lines of code were literally copied, but only that other aspects, like the code's overall structure and organization, were used. In nonliteral infringement claims, the questions arise: what aspects of the "nonliteral" features were taken and are they actually protected by copyright...?

GitHub believes that for claims involving nonliteral copying of software, it is critical that a copyright owner provide — as early as possible — examples that would allow a developer, a court, or a software collaboration platform like GitHub to identify what was claimed to be copied. Our brief helps educate the court why specificity is especially important for developers.... We urged the court to think about efficiency in dispute resolution to avoid FUD (fear, uncertainty, and doubt). The sooner infringement allegations can be made specific and clear, the sooner infringing code can be changed and non-infringing code can stay up. That should be the result for both federal lawsuits, as well as DMCA infringement notices.