Businesses

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org) 67

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
The Internet

A Broken Undersea Cable Knocked Mauritania Offline For Two Days, Affected Another Five Nations (fortune.com) 36

The West African nation of Mauritania lost all internet access for 48 hours due to an undersea cable break, according to infrastructure analysts. From a report: The break, which took place a couple weeks ago, provides a reminder of how much internet users rely on the cables that connect their countries. According to Dyn, the Oracle-owned internet performance firm, the African Coast to Europe (ACE) cable was cut near Noukachott in Mauritania on March 30. It's not clear what caused the break, but six countries entirely rely on that one cable for their connectivity, and all -- Sierra Leone, Mauritania, Liberia, Guinea-Bissau, Guinea and the Gambia -- saw a big impact. The impact in Mauritania was the worst, with its two-day outage, while Sierra Leone also had big problems. The latter country also had a big outage on April 1, but that may well have been down to government action -- African governments are notorious for interfering with citizens' internet access, particularly around election time or during periods of unrest.
Piracy

Three Execs Get Prison Time For Pirating Oracle Firmware & Solaris OS Update (bleepingcomputer.com) 119

An anonymous reader writes: Three of four TERiX executives were sentenced to prison yesterday for a scheme through which they created three fake companies to pirate Oracle firmware patches and Solaris OS updates. By doing this, the execs avoided paying a per-server fee for every Oracle product their company serviced, instead paying for one patch/update alone.

Court documents show that Oracle was aware of the scheme and eventually connected the dots between the fake companies and TERiX when one of the execs downloaded files from Oracle's servers via one of the fake company's accounts from a TERiX IP address. Oracle filed a complaint with the FBI, but also a civil suit. A judge awarded Oracle damages last year totaling $57.423 million. The judge also barred TERiX from servicing Oracle products.

Google

Oracle Wins Revival of Billion-Dollar Case Against Google (bloomberg.com) 332

Google could owe Oracle billions of dollars after an appeals court said it didn't have the right to use the Oracle-owned Java programming code in its Android operating system on mobile devices. From a report: Google's use of Java shortcuts to develop Android went too far and was a violation of Oracle's copyrights, the U.S. Court of Appeals for the Federal Circuit ruled. The case was remanded to a federal court in California to determine how much the Alphabet unit should pay.

The dispute is over pre-written directions known as application program interfaces, or APIs, which can work across different types of devices and provide the instructions for things like connecting to the internet or accessing certain types of files. By using the APIs, programmers don't have to write new code from scratch to implement every function in their software or change it for every type of device. The case has divided Silicon Valley for years, testing the boundaries between the rights of those who develop interface code and those who rely on it to develop software programs.

Java

Oracle Releases Java 10, Promises Much Faster Release Schedule (adtmag.com) 134

An anonymous reader quotes Application Development Trends: Oracle announced the general availability of Java SE 10 (JDK 10) this week. This release, which comes barely six months after the release of Java SE 9, is the first in the new rapid release cadence Oracle announced late last year. The new release schedule, which the company is calling an "innovation cycle," calls for a feature release every six months, update releases every quarter, and a long-term support (LTS) release every three years. Java 10 is a feature release that obsoletes Java 9. The next LTS release will be Java 11, expected in September. The next LTS version after that will be Java 17, scheduled for release in September 2021...

The six-month feature release cadence is meant to reduce the latency between major releases, explained is Sharat Chander, director of Oracle's Java SE Product Management group, said in a blog post. "This release model takes inspiration from the release models used by other platforms and by various operating-system distributions addressing the modern application development landscape," Chander wrote. "The pace of innovation is happening at an ever-increasing rate and this new release model will allow developers to leverage new features in production as soon as possible. Modern application development expects simple open licensing and a predictable time-based cadence, and the new release model delivers on both."

This release finally adds var to the Java language (though its use is limited to local variables with initializers or declared in a for-loop). It's being added "to improve the developer experience by reducing the ceremony associated with writing Java code, while maintaining Java's commitment to static type safety, by allowing developers to elide the often-unnecessary manifest declaration of local variable type."
Open Source

'Java EE' Has Been Renamed 'Jakarta EE' (i-programmer.info) 95

An anonymous reader quotes i-Programmer: The results are in for the vote on the new name for Java Enterprise Edition, and unsurprisingly the voters have chosen Jakarta EE. The renaming has to happen because Oracle refused to let the name Java be used. The vote was to choose between two options - 'Jakarta EE' and 'Enterprise Profile'. According to Mike Milinkovich, executive director at the Eclipse Foundation, almost 7,000 people voted, and over 64% voted in favour of Jakarta EE. The other finalist, "Enterprise Profile," came in at just 35.6% of the votes when voted ended last Friday.
"Other Java projects have also been renamed in Eclipse," notes SD Times. "Glassfish is now Eclipse Glassfish. The Java Community Process is now the Eclipse EE.next Working Group, and Oracle development management is now Eclipse Enterprise for Java Project Management Committee."
Open Source

'Is It Time For Open Processors?' (lwn.net) 179

Linux kernel developer (and LWN.net co-founder) Jonathan Corbet recently posted an essay with a tantalizing title: "Is it time for open processors?" He cited several "serious initiatives", including the OpenPOWER effort, OpenSPARC, and OpenRISC, adding that "much of the momentum" appears to be with the RISC-V architecture. An anonymous reader quotes LWN.net: The [RISC-V] project is primarily focused on the instruction-set architecture, rather than on specific implementations, but free hardware designs do exist. Western Digital recently announced that it will be using RISC-V processors in its storage products, a decision that could lead to the shipment of RISC-V by the billion. There is a development kit available for those who would like to play with this processor and a number of designs for cores are available... RISC-V seems to have quite a bit of commercial support behind it -- the RISC-V Foundation has a long list of members. It seems likely that this architecture will continue to progress for some time.
Here's some of the reasons that Corbet argues open souce hardware "would certainly offer some benefits, but it would be no panacea."
Electronic Frontier Foundation

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules (eff.org) 82

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.
Transportation

Google Loses Up to 250 Bikes a Week (siliconbeat.com) 208

What's happening to Google's 1,100 Gbikes? The Mercury News reports: Last summer, it emerged that some of the company's bikes -- intended to help Googlers move quickly and in environmentally friendly fashion around the company's sprawling campus and surrounding areas -- were sleeping with the fishes in Stevens Creek. And now, a new report has revealed that 100 to 250 Google bikes go missing every week, on average. "The disappearances often aren't the work of ordinary thieves, however. Many residents of Mountain View, a city of 80,000 that has effectively become Google's company town, see the employee perk as a community service," the Wall Street Journal reported.

And for the company, here's one Google bike use case that's got to burn a little: 68-year-old Sharon Veach told the newspaper that she sometimes uses one of the bicycles as part of her commute: to the offices of Google's arch foe, Oracle... Mountain View Mayor Ken Rosenberg even admitted to helping himself to a Google bike to go to a movie after a meeting at the company's campus, according to the WSJ.

One Silicon Valley resident reportedly told a neighbor that "I've got a whole garage full of them," while Veach describes the bikes as "a reward for having to deal with the buses" that carry Google employees. Google has already hired 30 contractors to prowl the city in five vans looking for lost or stolen bikes -- only a third of which have GPS trackers -- and they eventually recover about two-thirds of the missing bikes.

They've discovered them as far away as Mexico, Alaska, and the Burning Man festival in Nevada.
Cloud

Can Docker Survive Google? (bloomberg.com) 98

Though Docker has 400 corporate customers -- and plans to double its sales staff -- "here's what happens to a startup when Google gets all up in its business," reads a recent headline at Bloomberg: Docker Inc. helped establish a type of software tool known as containers...and they've made the company rich. Venture capitalists have poured about $240 million into the startup, according to research firm CB Insights. Then along came Google, with its own free container system called Kubernetes. Google has successfully inserted Kubernetes into the coder toolbox. While Docker and Kubernetes serve slightly different purposes, customers who choose Google's tool can avoid paying Docker.

The startup gives away its most popular product while trying to convince developers to pay for extras, notably a program that does the same thing as Google's. "Kubernetes basically has ruled the industry, and it is the de facto standard," said Gary Chen, an analyst at IDC. "Docker has to figure out how do they differentiate themselves." It's up to [Docker CEO] Steve Singh to escape a situation that's trapped many startups battling cash-rich tech giants like Google, dangling free alternatives... "They invented this great tech, but they are not the ones profiting from it," said Gary Chen, an analyst at IDC.

Though Docker's CEO is hoping to take the company public someday, Slashdot reader oaf357 predicts a different future: To say that Docker had a very rough 2017 is an understatement. Aside from Uber, I can't think of a more utilized, hyped, and well funded Silicon Valley startup (still in operation) fumbling as bad as Docker did in 2017. People will look back on 2017 as the year Docker, a great piece of software, was completely ruined by bad business practices leading to its end in 2018.
His article criticizes things like the new Moby upstream for the Docker project, along with "Docker's late and awkward embrace of Kubernetes... It's almost as if Docker is conceding itself to being a marginal consulting firm in the container space." And he suggests that ultimately Docker could be acquired by "a large organization like Oracle or Microsoft."
Crime

Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails (newsweek.com) 321

An anonymous reader writes: Newsweek's National Politics Correspondent reports on "a horny nest of prostitution 'hobbyists' at tech giants Microsoft, Amazon and other firms in Seattle," citing "hundreds" of emails "fired off by employees at major tech companies hoping to hook up with trafficked Asian women" between 2014 and 2016, "67 sent from Microsoft, 63 sent from Amazon email accounts and dozens more sent from some of Seattle's premier tech companies and others based elsewhere but with offices in Seattle, including T-Mobile and Oracle, as well as many local, smaller tech firms." Many of the emails came from a sting operation against online prostitution review boards, and were obtained through a public records request to the King County Prosecutor's Office.

"They were on their work accounts because Seattle pimps routinely asked first-time sex-buyers to prove they were not cops by sending an employee email or badge," reports Newsweek, criticizing "the widespread and often nonchalant attitude toward buying sex from trafficked women, a process made shockingly more efficient by internet technology... A study commissioned by the Department of Justice found that Seattle has the fastest-growing sex industry in the United States, more than doubling in size between 2005 and 2012. That boom correlates neatly with the boom of the tech sector there... Some of these men spent $30,000 to $50,000 a year, according to authorities." A lawyer for some of the men argues that Seattle's tech giants aren't conducting any training to increase employees' compassion for trafficked women in brothels. The director of research for a national anti-trafficking group cites the time Uber analyzed ride-sharing data and reported a correlation between high-crime neighborhoods and frequent Uber trips -- including people paying for prostitutes. "They made a map using their ride-share data, like it was a funny thing they could do with their data. It was done so flippantly."

Programming

2017: The Year in Programming Languages (infoworld.com) 117

InfoWorld writes that 2017 "presented a mixed bag of improvements to both long-established and newer programming languages." An anonymous reader quotes their report: Developers followed a soap opera over Java, with major disagreements over a modularization plan for standard Java and, in a surprising twist, Oracle washing its hands of the Java EE enterprise variant. Microsoft's TypeScript, meanwhile, has increased in popularity by making life easier for developers looking for an alternative to JavaScript. Microsoft also launched Q#, a language for quantum computing...

In web development, developers received a lot of help building with JavaScript itself or with JavaScript alternatives. Among the tools released in 2017 were: Google's Angular 5 JavaScript framework, released in November, featuring a build optimizer and supports progressive web apps and use of Material Design components... And React, the JavaScript UI library from Facebook, went to Version 16 in September, featuring a rewriting of the React core to boost responsiveness for complex applications...

TypeScript was not the only JavaScript alternative making waves this year. For web developers who would rather use Google's Go (Golang) language instead of JavaScript, the beta Joy compiler introduced in December promises to allow cross-compilation. Another language that offers compilation to JavaScript -- although it began on the JVM -- is Kotlin, which has experienced rising fortunes this year. It was boosted considerably by Google endorsing it in May for building Android applications, which has been chiefly the domain of Java...

2017 also saw the release of the long-awaited C++ 17.

Another 2017 memory: Eric Raymond admitting that he hates C++, and predicting that Go (but not Rust) will eventually replace C -- if not a new language like Cx.
IBM

Blockchain Brings Business Boom To IBM, Oracle, and Microsoft (fortune.com) 94

An anonymous reader quotes Fortune's new report on blockchain: Demand for the technology, best known for supporting bitcoin, is growing so much that it will be one of the largest users of capacity next year at about 60 data centers that IBM rents out to other companies around the globe. IBM was one of the first big companies to see blockchain's promise, contributing code to an open-source effort and encouraging startups to try the technology on its cloud for free. That a 106-year-old company like IBM is going all in on blockchain shows just how far the digital ledger has come since its early days underpinning bitcoin drug deals on the dark web. The market for blockchain-related products and services will reach $7.7 billion in 2022, up from $242 million last year, according to researcher Markets & Markets.

That's creating new opportunities for some of the old warships of the technology world, companies like IBM and Microsoft Corp. that are making the transition to cloud services. And products that had gone out of vogue, such as databases sold by Oracle Corp., are becoming sexy again... In October, Oracle announced the formation of Oracle Blockchain Cloud Service, which helps customers extend existing applications like enterprise-resource management systems. A month earlier, rival SAP SE said clients in industries like manufacturing and supply chain were testing its cloud service. And on Nov. 20, Microsoft expanded its partnership with consortium R3 to make it easier for financial institutions to deploy blockchains in its Azure cloud. Big Blue, meanwhile, has been one of key companies behind the Hyperledger consortium, a nonprofit open-source project that aims to create efficient standards for commercial use of blockchain technology.

A Juniper Research survey found six in 10 larger corporations are considering blockchain, according to the article, which adds that blockchain "is increasingly being tested or used by companies such as Wal-Mart Stores Inc. and Visa Inc. to streamline supply chain, speed up payments and store records."

And because of blockchain's popularity, the CEO of WinterGreen Research predicts that 55% of large companies with over 1,000 employees will use the cloud rather than their own data centers within five years -- up from 17% today.
Security

Old Crypto Vulnerability Hits Major Tech Firms (securityweek.com) 32

wiredmikey writes: A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world's top websites. The attack/exploit method against a Transport Layer Security (TLS) vulnerability now has a name, a logo and a website. It has been dubbed ROBOT (Return Of Bleichenbacher's Oracle Threat) and, as the name suggests, it's related to an attack method discovered by Daniel Bleichenbacher back in 1998. ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. While proof-of-concept (PoC) code will only be made available after affected organizations have had a chance to patch their systems, the researchers have published some additional details. Researchers have made available an online tool that can be used to test public HTTPS servers. An analysis showed that at least 27 of the top 100 Alexa websites, including Facebook and PayPal, were affected.
Google

Inside Oracle's Cloak-and-dagger Political War With Google (recode.net) 86

schwit1 shares a Recode report: The story that appeared in Quartz this November seemed shocking enough on its own: Google had quietly tracked the location of its Android users, even those who had turned off such monitoring on their smartphones. But missing from the news site's report was another eyebrow-raising detail: Some of its evidence, while accurate, appears to have been furnished by one of Google's fiercest foes: Oracle. For the past year, the software and cloud computing giant has mounted a cloak-and-dagger, take-no-prisoners lobbying campaign against Google, perhaps hoping to cause the company intense political and financial pain at a time when the two tech giants are also warring in federal court over allegations of stolen computer code. Since 2010, Oracle has accused Google of copying Java and using key portions of it in the making of Android. Google, for its part, has fought those claims vigorously. More recently, though, their standoff has intensified. And as a sign of the worsening rift between them, this summer Oracle tried to sell reporters on a story about the privacy pitfalls of Android, two sources confirmed to Recode.
Facebook

This Time, Facebook Is Sharing Its Employees' Data (fastcompany.com) 45

tedlistens writes from a report via Fast Company: "Facebook routinely shares the sensitive income and employment data of its U.S.-based employees with the Work Number database, owned by Equifax Workforce Solutions," reports Fast Company. "Every week, Facebook provides an electronic data feed of its employees' hourly work and wage information to Equifax Workforce Solutions, formerly known as TALX, a St. Louis-based unit of Equifax, Inc. The Work Number database is managed separately from the Equifax credit bureau database that suffered a breach exposing the data of more than 143 million Americans, but it contains another cache of extensive personal information about Facebook's employees, including their date of birth, social security number, job title, salary, pay raises or decreases, tenure, number of hours worked per week, wages by pay period, healthcare insurance coverage, dental care insurance coverage, and unemployment claim records."

Surprisingly, Facebook is among friends. Every payroll period, Amazon, Microsoft, and Oracle provide an electronic feed of their employees' hourly work and wage information to Equifax. So do Wal-Mart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. Even Edward Snowden's former employer, the sometimes secretive N.S.A. contractor Booz Allen Hamilton, sends salary and other personal data about its employees to the Equifax Work Number database. It now contains over 296 million employment records for employees at all wage levels, from CEOs to interns. The database helps streamline various processes for employers and even federal government agencies, says Equifax. But databases like the Work Number also come with considerable risks. As consumer journalist Bob Sullivan puts it, Equifax, "with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans' personal information ever created." On October 8, a month after Equifax announced its giant data breach, security expert Brian Krebs uncovered a gaping hole in the separate Work Number online consumer application portal, which allowed anyone to view a person's salary and employment history "using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax."

Open Source

Oracle Engineer Talks of ZFS File System Possibly Still Being Upstreamed On Linux (phoronix.com) 131

New submitter fstack writes: Senior software architect Mark Maybee who has been working at Oracle/Sun since '98 says maybe we "could" still see ZFS be a first-class upstream Linux file-system. He spoke at the annual OpenZFS Developer Summit about how Oracle's focus has shifted to the cloud and how they have reduced investment in Solaris. He admits that Linux rules the cloud. Among the Oracle engineer's hopes is that ZFS needs to become a "first class citizen in Linux," and to do so Oracle should port their ZFS code to Oracle Linux and then upstream the file-system to the Linux kernel, which would involve relicensing the ZFS code.
Businesses

Oracle, Apple, Google, Amazon, Facebook Blow Even More Cash on Lobbying (theregister.co.uk) 73

An anonymous reader shares a report: American tech giants have ramped up the amount of cash they spend on lobbying US lawmakers to get their own way, yet again. As congressmen consider regulating organizations from Facebook to Google, and mull antitrust crackdowns against Amazon, said corporations have responded by flinging more dosh at the problem. The money is spent on, ahem, holding meetings between company execs and politicians so that businesses can push their agenda and swing decisions in their favor, which may not be in the interests of the people who elected said politicians. Facebook's $2.85m for the third quarter of the year -- disclosed this week as required by law -- is beaten only by the amount it spent in the first quarter: $3.21m. In its second quarter, it blew $2.38m. Overall, Facebook's lobbying bills for 2017 looks set to smash the $9.85m it spent in 2015 and the $8.7m in 2016. The social network is being investigated by both halves of Congress for its role in the Russian propaganda campaign during the US presidential election, and this month has been on a huge PR campaign in the capital. Likewise Amazon spent its highest ever amount on professional lobbyists -- both individuals and companies that book face time with lawmakers and their staff where they press the company's viewpoints. Amazon spent $3.41m in the third quarter, up from $3.21m for the second quarter -- which was also a record spend for the company. Apple has already blown past the $4.67m in spent in 2016 -- which was then its highest-ever spending. So far in 2017, the iPhone maker has spent $5.46m bending lawmakers' ears. Google spent less in the third quarter of the year to the wallet-busting Q2 spend of $5.93m, but it still spent $4.17m -- higher than its average spend of $4.0m per quarter over the past five years. But perhaps the most notable increase in spending has come from Oracle, which spent a whopping $3.82m on lobbying in the third quarter: double what it normally spends.
Programming

Profile of William H. Alsup, a Judge Who Codes and Decides Tech's Biggest Cases (theverge.com) 49

Sarah Jeong at The Verge has an interesting profile of William H. Alsup, the judge in Oracle v. Google case, who to many's surprise was able to comment on the technical issues that Oracle and Google were fighting about. Alsup admits that he learned the Java programming language only so that he could better understand the substance of the case. Here's an excerpt from the interview: On May 18th, 2012, attorneys for Oracle and Google were battling over nine lines of code in a hearing before Judge William H. Alsup of the northern district of California. The first jury trial in Oracle v. Google, the fight over whether Google had hijacked code from Oracle for its Android system, was wrapping up. The argument centered on a function called rangeCheck. Of all the lines of code that Oracle had tested -- 15 million in total -- these were the only ones that were "literally" copied. Every keystroke, a perfect duplicate. It was in Oracle's interest to play up the significance of rangeCheck as much as possible, and David Boies, Oracle's lawyer, began to argue that Google had copied rangeCheck so that it could take Android to market more quickly. Judge Alsup was not buying it. "I couldn't have told you the first thing about Java before this trial," said the judge. "But, I have done and still do a lot of programming myself in other languages. I have written blocks of code like rangeCheck a hundred times or more. I could do it. You could do it. It is so simple." It was an offhand comment that would snowball out of control, much to Alsup's chagrin. It was first repeated among lawyers and legal wonks, then by tech publications. With every repetition, Alsup's skill grew, until eventually he became "the judge who learned Java" -- Alsup the programmer, the black-robed nerd hero, the 10x judge, the "master of the court and of Java."
Communications

Slack Locks Down Oracle Partnership Targeting Enterprises (reuters.com) 43

From a report: Slack Technologies has secured a partnership with Oracle to integrate the tech giant's enterprise software products into the popular workplace messaging app, the two companies told Reuters. The partnership is a victory for Slack as the young startup ramps up its efforts to win the business of large enterprises in an increasingly competitive marketplace that has seen the entry of Microsoft, Facebook and countless startups. "As you see all these large enterprise software companies looking at messaging as a major platform, they're looking to partner with us first and foremost," said Brad Armstrong, Slack's head of global business and corporate development. The partnership will allow workers to use Slack as the interface for Oracle's sales, human resources and business software.

Slashdot Top Deals