Government

US Justice Department Urges Supreme Court Not To Take Up Google v. Oracle 223

Posted by timothy
from the leave-well-enough-alone dept.
New submitter Areyoukiddingme writes: The Solicitor General of the Justice Department has filed a response to the US Supreme Court's solicitation of advice regarding the Google vs. Oracle ruling and subsequent overturning by the Federal Circuit. The response recommends that the Federal Circuit ruling stand, allowing Oracle to retain copyright to the Java API.
Java

The Reason For Java's Staying Power: It's Easy To Read 414

Posted by samzenpus
from the easy-on-the-eyes dept.
jfruh writes: Java made its public debut twenty years ago today, and despite a sometimes bumpy history that features its parent company being absorbed by Oracle, it's still widely used. Mark Reinhold, chief architect for the Oracle's Java platform group, offers one explanation for its continuing popularity: it's easy for humans to understand it at a glance. "It is pretty easy to read Java code and figure out what it means. There aren't a lot of obscure gotchas in the language ... Most of the cost of maintaining any body of code over time is in maintenance, not in initial creation."
Microsoft

Windows Remains Vulnerable To Serious 18-Year-Old SMB Security Flaw 171

Posted by samzenpus
from the protect-ya-neck dept.
Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.
Oracle

Oracle Sues 5 Oregon Officials For 'Improper Influence' 83

Posted by Soulskill
from the software-versus-politics dept.
SpzToid writes: Following up on an earlier Slashdot story, the Oracle Corporation has filed a rather timely suit against five of former governor John Kitzhaber's staff for their "improper influence" in the decision to shutter the Cover Oregon healthcare website, while blaming Oracle to defuse the political consequences. Oracle argues the website was ready to go before the state decided to switch to the federal exchange in April.

"The work on the exchange was complete by February 2014, but going live with the website and providing a means for all Oregonians to sign up for health insurance coverage didn't match the former-Governor's re-election strategy to 'go after' Oracle," Oracle spokeswoman Deborah Hellinger said in a statement.

Kitzhaber resigned last week amid criminal probes into an influence-peddling scandal involving allegations that his fiancée used her position in his office for personal gain.
Sun Microsystems

Five Years After the Sun Merger, Oracle Says It's Fully Committed To SPARC 190

Posted by timothy
from the wish-they'd-bring-back-the-sun-name dept.
jfruh (300774) writes "Sun Microsystems vanished into Oracle's maw five years ago this month, and you could be forgiven for thinking that some iconic Sun products, like SPARC chips, had been cast aside in the merger. But Oracle claims that the SPARC roadmap is moving forward more quickly than it did under Sun, and while the number of SPARC systems sold has dropped dramatically (from 66,000 in Q1 '03 to 7,000 in Q1 '14), the systems that are being sold are fully customized and much more profitable for the company."
Open Source

Live Patching Now Available For Linux 117

Posted by timothy
from the not-big-and-fancy dept.
New submitter cyranix writes "You may never have to reboot your Linux machine ever again, even for kernel patching," and excerpts from the long (and nicely human-readable) description of newly merged kernel code that does what Ksplice has for quite a while (namely, offer live updating for Linux systems, no downtime required), but without Oracle's control. It provides a basic infrastructure for function "live patching" (i.e. code redirection), including API for kernel modules containing the actual patches, and API/ABI for userspace to be able to operate on the patches (look up what patches are applied, enable/disable them, etc). It's relatively simple and minimalistic, as it's making use of existing kernel infrastructure (namely ftrace) as much as possible. It's also self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code). It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works (adding arch-specific support basically boils down to teaching ftrace about regs-saving).
Oracle

VirtualBox Development At a Standstill 288

Posted by Soulskill
from the not-with-a-virtual-bang,-but-a-virtual-whimper dept.
jones_supa writes: Phoronix notes how it has been a long time since last hearing of any major innovations or improvements to VirtualBox, the virtual machine software managed by Oracle. This comes while VMware is improving its products on all platforms, and KVM, Xen, Virt-Manager, and related Linux virtualization technologies continue to advance as well. Is there any hope left for a revitalized VirtualBox? It has been said that there are only four paid developers left on the VirtualBox team at the company, which is not enough manpower to significantly advance such a complex piece of software. The v4.3 series has been receiving some maintenance updates during the last two years, but that's about it.
Oracle

Oracle Releases Massive Security Update 79

Posted by samzenpus
from the protect-ya-neck dept.
wiredmikey writes Oracle has pushed out a massive security update, including critical fixes for Java SE and the Oracle Sun Systems Products Suite. Overall, the update contains nearly 170 new security vulnerability fixes, including 36 for Oracle Fusion Middleware. Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password.
Programming

Interviews: Alexander Stepanov and Daniel E. Rose Answer Your Questions 42

Posted by samzenpus
from the read-all-about-it dept.
samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions."
Open Source

Big Names Dominate Open Source Funding 32

Posted by Soulskill
from the all-about-the-open-source-benjamins dept.
jones_supa writes: Network World's analysis of publicly listed sponsors of 36 prominent open-source non-profits and foundations reveals that the lion's share of financial support for open-source groups comes from a familiar set of names. Google was the biggest supporter, appearing on the sponsor lists of eight of the 36 groups analyzed. Four companies – Canonical, SUSE, HP and VMware – supported five groups each, and seven others (Nokia, Oracle, Cisco, IBM, Dell, Intel and NEC) supported four. For its part, Red Hat supports three groups (Linux Foundation, Creative Commons and the Open Virtualization Alliance).

It's tough to get more than a general sense of how much money gets contributed to which foundations by which companies – however, the numbers aren't large by the standards of the big contributors. The average annual revenue for the open-source organizations considered in the analysis was $4.36 million, and that number was skewed by the $27 million taken in by the Wikimedia Foundation (whose interests range far beyond OSS development) and the $17 million posted by Linux Foundation.
Technology

Ask Slashdot: What Tech Companies Won't Be Around In 10 Years? 332

Posted by Soulskill
from the those-who-fail-to-adapt dept.
An anonymous reader writes: It's interesting to look back a decade and see how the tech industry has changed. The mobile phone giants of 10 years ago have all struggled to compete with the smartphone newcomers. Meanwhile, the game console landscape is almost exactly the same. I'm sure few of us predicted Apple's rebirth over the past decade, and many of us thought Microsoft would have fallen a lot further by now. With that in mind, let's make some predictions. What companies aren't going to make it another 10 years? Are Facebook, Twitter, and the other social networking behemoths going to fade as quickly as they arose? What about the heralds of the so-called 'sharing economy,' like Uber? Are IBM and Oracle going to hang on? Along the same lines, what companies do you think will definitely stick around for another decade or more? Post your predictions for all to see. I'll buy you a beer in 10 years if you're right.
Security

POODLE Flaw Returns, This Time Hitting TLS Protocol 54

Posted by Soulskill
from the its-bite-is-worse-than-its-bark dept.
angry tapir writes: If you patched your sites against a serious SSL flaw discovered in October you will have to check them again. Researchers have discovered that the POODLE vulnerability also affects implementations of the newer TLS protocol. The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers who manage to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies.
Operating Systems

The Schizophrenic Programmer Who Built an OS To Talk To God 452

Posted by Soulskill
from the there's-an-app-for-everything-these-days dept.
rossgneumann writes: Terry Davis, a schizophrenic programmer, has spent 10 years building an operating system to talk to God. He's done this work because God told him to. According to the TempleOS charter, it is "God's official temple. Just like Solomon's temple, this is a community focal point where offerings are made and God's oracle is consulted." [The TempleOS V2.17 welcome screen] greets the user with a riot of 16-color, scrolling, blinking text; depending on your frame of reference, it might recall DESQview, the Commodore 64, or a host of early DOS-based graphical user interfaces. In style if not in specifics, it evokes a particular era, a time when the then-new concept of "personal computing" necessarily meant programming and tinkering and breaking things.
Cloud

Amazon Goes After Oracle (Again) With New Aurora Database 102

Posted by samzenpus
from the brand-new dept.
Sez Zero writes with news about the latest from Amazon Web Services. "Once again Amazon Web Services is taking on Oracle, the kingpin of relational databases, with Aurora, a relational database that is as capable as 'proprietary database engines at 1/10 the cost,' according to AWS SVP Andy Jassy. Amazon is right that customers, even big Oracle customers who hesitate to dump tried-and-true database technology are sick of Oracle’s cost structure and refusal to budge from older licensing models. Still there are very few applications that are more “sticky” than databases, which after typically contains the keys to the kingdom. Financial institutions see their use of Oracle databases as almost a pre-requisite for compliance, although that perception may be changing."
Electronic Frontier Foundation

Computer Scientists Ask Supreme Court To Rule APIs Can't Be Copyrighted 260

Posted by Soulskill
from the pleading-for-sanity dept.
An anonymous reader writes: The EFF, representing a coalition of computer scientists, filed an amicus brief with the Supreme Court yesterday hoping for a ruling that APIs can't be copyrighted. The names backing the brief include Bjarne Stroustrup, Ken Thompson, Guido van Rossum, and many other luminaries. "The brief explains that the freedom to re-implement and extend existing APIs has been the key to competition and progress in both hardware and software development. It made possible the emergence and success of many robust industries we now take for granted—for example, mainframes, PCs, and workstations/servers—by ensuring that competitors could challenge established players and advance the state of the art. The litigation began several years ago when Oracle sued Google over its use of Java APIs in the Android OS. Google wrote its own implementation of the Java APIs, but, in order to allow developers to write their own programs for Android, Google's implementation used the same names, organization, and functionality as the Java APIs."
Databases

Ask Slashdot: Choosing a Data Warehouse Server System? 147

Posted by timothy
from the index-cards-and-an-actual-warehouse dept.
New submitter puzzled_decoy writes The company I work has decided to get in on this "big data" thing. We are trying to find a good data warehouse system to host and run analytics on, you guessed it, a bunch of data. Right now we are looking into MSSQL, a company called Domo, and Oracle contacted us. Google BigQuery may be another option. At its core, we need to be able to query huge amounts of data in sometimes rather odd ways. We need a strong ETLlayer, and hopefully we can put some nice visual reporting service on top of wherever the data is stored. So, what is your experience with "big data" servers and services? What would you recommend, and what are the pitfalls you've encountered?
Google

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40 70

Posted by samzenpus
from the get-it-out dept.
An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
Microsoft

Microsoft, Ask.com, Oracle Latest To Be Sued Over No-Poach Deal 47

Posted by timothy
from the all-in-the-same-gang-but-mostly-west-coast dept.
itwbennett (1594911) writes Oracle, Microsoft and Ask.com are facing suits alleging that they conspired to restrict hiring of staff. The suits appear to refer to a memo that names a large number of companies that allegedly had special arrangements with Google to prevent poaching of staff and was filed as an exhibit on May 17, 2013 in another class action suit over hiring practices. The former employees filing lawsuits against Microsoft, Ask.com and Oracle have asked that the cases be assigned to Judge Koh as there were similarities with the case against Google, Apple and others — and it maybe doesn't hurt that Judge Koh thought the $324.5 million settlement in that case was too low.
Databases

Python-LMDB In a High-Performance Environment 98

Posted by Soulskill
from the fast-enough-to-cause-drama dept.
lkcl writes: In an open letter to the core developers behind OpenLDAP (Howard Chu) and Python-LMDB (David Wilson) is a story of a successful creation of a high-performance task scheduling engine written (perplexingly) in Python. With only partial optimization allowing tasks to be executed in parallel at a phenomenal rate of 240,000 per second, the choice to use Python-LMDB for the per-task database store based on its benchmarks, as well as its well-researched design criteria, turned out to be the right decision. Part of the success was also due to earlier architectural advice gratefully received here on Slashdot. What is puzzling, though, is that LMDB on Wikipedia is being constantly deleted, despite its "notability" by way of being used in a seriously-long list of prominent software libre projects, which has been, in part, motivated by the Oracle-driven BerkeleyDB license change. It would appear that the original complaint about notability came from an Oracle employee as well.
Java

Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days 111

Posted by Soulskill
from the of-pots-and-kettles dept.
mask.of.sanity writes: Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button to enable Java.