OpenIndiana Hipster 2015.10: Keeping an Open-Source Solaris Going 148

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the OpenIndiana.org release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.

LibreOffice Turns Five 147

An anonymous reader writes: Italo Vignoli, founding member of The Document Foundation, reflects on the project's five-year mark in an article on Opensource.com: "LibreOffice was launched as a fork of OpenOffice.org on September 28, 2010, by a tiny group of people representing the community in their capacity as community project leaders. At the time, forking the office suite was a brave -- and necessary -- decision, because the open source community did not expect OpenOffice.org to survive for long under Oracle stewardship." The project that was OpenOffice.org does still exist, in the form of Apache Open Office, but along with most Linux distros, I've switched completely to LibreOffice, after some initial misgivings.

When Does Software Start Becoming Malware? 165

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."
United Kingdom

UK Government Signs New Deal With Oracle 54

An anonymous reader writes: The Crown Commercial Service (CCS) has signed a deal with Oracle that should allow it to cut down on spending and licensing costs with the software provider. The three-year partnership will see the two collaborate to deliver services to public sector bodies including the National Health Service. A few weeks ago the government announced it would be cutting back on its use of Oracle software, but the new deal instead extends the existing agreement. CCS CEO Sally Collier explained: "The enhanced MoU will deliver savings across government and allow easier and more effective procurement of Oracle products and services. It lays the foundation of a more collaborative relationship between government and Oracle."

Oracle: Google Has "Destroyed" the Market For Java 457

itwbennett writes: Oracle made a request late last month to broaden its case against Android. Now, claiming that 'Android has now irreversibly destroyed Java's fundamental value proposition as a potential mobile device operating system,' Oracle on Wednesday filed a supplemental complaint in San Francisco district court that encompasses the six Android versions that have come out since Oracle originally filed its case back in 2010: Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, Kit Kat and Lollipop.

Video Tim O'Reilly and the 'WTF?!' Economy (Video) 111

This is a conversation Tim Lord had with Tim O'Reilly at OSCON. Tim O'Reilly wrote an article titled "The WTF Economy,", which started with these words: "WTF?! In San Francisco, Uber has 3x the revenue of the entire prior taxi and limousine industry." He talks about Uber and AirbnB and how, with real-time measurement of customer demand, "The algorithm is the new shift boss." And then there is this question: "What is the future when more and more work can be done by intelligent machines instead of people, or only done by people in partnership with those machines?"

My (late) father was an engineer. Politically, you could have called him a TechnoUtopian. He believed -- along with most of his engineer, ham radio, and science fiction writer and reader friends -- that as machines took over the humdrum tasks, humans would work less and create more. O'Reilly seems to have similar beliefs, even though (unlike my father) he's seen the beginnings of an economy with self-driving cars and trucks, factory machines that don't need humans to run them, and many other changes the 1950s and 1960s futurists didn't expect to see until we had flying cars and could buy tickets on Pan Am flights to the moon. Listening to these conversations, I remember my father's dreams, but O'Reilly isn't as optimistic as a full-blown TechnoUtopian. He takes a "Something's happening here; what it is ain't exactly clear" view of how work (and pay for work) will change in the near future. Please note that Tim O'Reilly has been called "The Oracle of Silicon Valley," so he's totally worth watching -- or reading, if that's your preferred method of taking in new information.

NOTE: Today we have a "main video," plus a "bonus video" that is viewable only with Flash. But we have a transcript that covers both of them. Enjoy!

Oracle Exec: Stop Sending Vulnerability Reports 229

florin writes: Oracle chief security officer Mary Ann Davidson published a most curious rant on the company's corporate blog yesterday, addressing and reprimanding some pesky customers that just will not stop bothering her. As Mary put it: "Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it." She goes on to describe how the company deals with such shameful activities, namely that "We send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer's behalf — reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already."

Later on, in a section intended to highlight how great a job Oracle itself was doing at finding vulnerabilities, the CSO accidentally revealed that customers are in fact contributing a rather significant 1 out of every 10 vulnerabilities: "Ah, well, we find 87 percent of security vulnerabilities ourselves, security researchers find about 3 percent and the rest are found by customers." Unsurprisingly, this revealing insight into the company's regard for its customers was removed later. But not before being saved for posterity.

U.K. Government Seeking To End Reliance On Oracle 190

jfruh writes: The U.K. Cabinet Office has reportedly asked government departments and agencies to try to find ways to end their reliance on Oracle software, a move motivated by the truly shocking number of Oracle licenses currently being paid for by the British taxpayer. The Department for Environment, Food and Rural Affairs alone has paid £1.3 million (US$2 million) per year for some 2 million Oracle licenses, or about 200 licenses per staff member.

Oracle To Debut Low-Cost SPARC Chip Next Month 92

jfruh writes: Of the many things Oracle acquired when it absorbed Sun, the SPARC processors have not exactly been making headlines. But that may change next month when the company debuts a new, lower-cost chip that will compete with Intel's Xeon. "Debut," in this case, means only an introduction, though -- not a marketplace debut. From the article: [T]he Sparc M7 will have technologies for encryption acceleration and memory protection built into the chip. It will also include coprocessors to accelerate database performance. "The idea of Sonoma is to take exactly those same technologies and bring them down to very low cost points, so that people can use them in cloud computing and for smaller applications, and even for smaller companies who need a lower entry point," [Oracle head of systems John] Fowler said. ... [Fowler] didn’t talk about prices or say how much cheaper the new Sparc systems will be, and it could potentially be years before Sonoma comes to market—Oracle isn’t yet saying. Its engineers are due to discuss Sonoma at the Hot Chips conference in Silicon Valley at the end of the month, so we might learn more then.

First Java 0-Day In 2 Years Exploited By Pawn Storm Hackers 122

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

Oracle Bullies Enterprise Clients Into Cloud Purchases, Consultant Claims 184

An anonymous reader writes: A consultant claims that Oracle has adopted the widespread use of 'breach notices' this year to force existing enterprise customers to adopt its newly-bolstered range of cloud services, or else be told to stop using all Oracle software within thirty days. Speaking to Business Insider, the unnamed source described the tactic as a 'nuclear option' which is now practically the default when the need to add services or users to an existing contract triggers an 'audit' by Oracle. An ex-Oracle contract negotiator who now works in the ever-expanding business niche of 'Oracle contract negotiation' commented 'Internally, the water cooler gossip there is that they've never seen this kind of aggression before. Oracle has really dialed it up. Customers are buying cloud services to make the Oracle issue go away, not because they have any intention of using cloud services.'

Exploring the Relationships Between Tech Skills (Visualization) 65

Nerval's Lobster writes: Simon Hughes, Dice's Chief Data Scientist, has put together an experimental visualization that explores how tech skills relate to one another. In the visualization, every circle or node represents a particular skill; colors designate communities that coalesce around skills. Try clicking "Java", for example, and notice how many other skills accompany it (a high-degree node, as graph theory would call it). As a popular skill, it appears to be present in many communities: Big Data, Oracle Database, System Administration, Automation/Testing, and (of course) Web and Software Development. You may or may not agree with some relationships, but keep in mind, it was all generated in an automatic way by computer code, untouched by a human. Building it started with Gephi, an open-source network analysis and visualization software package, by importing a pair-wise comma-separated list of skills and their similarity scores (as Simon describes in his article) and running a number of analyses: Force Atlas layout to draw a force-directed graph, Avg. Path Length to calculate the Betweenness Centrality that determines the size of a node, and finally Modularity to detect communities of skills (again, color-coded in the visualization). The graph was then exported as an XML graph file (GEXF) and converted to JSON format with two sets of elements: Nodes and Links. "We would love to hear your feedback and questions," Simon says.

SCOTUS Denies Google's Request To Appeal Oracle API Case 181

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.

The Next Java Update Could Make Yahoo Your Default Search Provider 328

itwbennett writes: At the company's shareholder meeting on Wednesday, Yahoo CEO Marissa Mayer announced a partnership with Oracle that could result in Yahoo becoming your default search provider in your browser. Starting this month, when users are prompted to update to the next version of Java, they'll be asked to make Yahoo their default search engine on Chrome (and Internet Explorer, for what it's worth). And, according to a Wall Street Journal report, the button will be checked by default, so if you aren't looking out for it, you might unwittingly find yourself a Yahoo user.

US Navy Solicits Zero Days 59

msm1267 writes: The US Navy posted a RFP, which has since removed from FedBizOpps.gov, soliciting contractors to share vulnerability intelligence and develop zero day exploits for most of the leading commercial IT software vendors. The Navy said it was looking for vulnerabilities, exploit reports and operational exploit binaries for commercial software, including but not limited to Microsoft, Adobe, [Oracle] Java, EMC, Novell, IBM, Android, Apple, Cisco IOS, Linksys WRT and Linux, among others. The RFP seemed to indicate that the Navy was not only looking for offensive capabilities, but also wanted use the exploits to test internal defenses.The request, however, does require the contractor to develop exploits for future released CVEs. "Binaries must support configurable, custom, and/or government owned/provided payloads and suppress known network signatures from proof of concept code that may be found in the wild," the RFP said.

Police Scanning Every Face At UK Download Festival 134

AmiMoJo writes: Leicestershire Police have announced that they will be scanning every face at the popular UK Download music festival. The announcement article on Police Oracle (paywalled) reads, "the strategically placed cameras will scan faces at the Download Festival site in Donington before comparing it with a database of custody images from across Europe." The stated goal is to catch mobile phone thieves. Last year only 91 of the 120,000 visitors to the festival were arrested, and it isn't clear if the data will be deleted once checked against the database. The linked article provides at least one image of a costume that would probably trip up any facial recognition technology yet devised.

Supreme Court May Decide the Fate of APIs (But Also Klingonese and Dothraki) 210

New submitter nerdpocalypse writes: In a larger battle than even Godzilla v. Mothra, Google v. Oracle threatens not only Japan but the entire nerd world. What is at stake is how a language can be [copyrighted]. This affects not just programming languages, APIs, and everything that runs ... well ... everything, but also the copyright status of new languages such as Klingon and Dothraki.

US Justice Department Urges Supreme Court Not To Take Up Google v. Oracle 223

New submitter Areyoukiddingme writes: The Solicitor General of the Justice Department has filed a response to the US Supreme Court's solicitation of advice regarding the Google vs. Oracle ruling and subsequent overturning by the Federal Circuit. The response recommends that the Federal Circuit ruling stand, allowing Oracle to retain copyright to the Java API.

The Reason For Java's Staying Power: It's Easy To Read 414

jfruh writes: Java made its public debut twenty years ago today, and despite a sometimes bumpy history that features its parent company being absorbed by Oracle, it's still widely used. Mark Reinhold, chief architect for the Oracle's Java platform group, offers one explanation for its continuing popularity: it's easy for humans to understand it at a glance. "It is pretty easy to read Java code and figure out what it means. There aren't a lot of obscure gotchas in the language ... Most of the cost of maintaining any body of code over time is in maintenance, not in initial creation."

Windows Remains Vulnerable To Serious 18-Year-Old SMB Security Flaw 171

Mark Wilson writes A serious security hole leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.