Welcome to nsane.forums

Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.

  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates

Search the Community

Showing results for tags 'oracle'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Found 24 results

  1. Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a "time bomb" that deleted crucial financial data in the first week of the new fiscal year. The lawsuit was filed in August 2016 and is currently ongoing. The defendant is a man named Nimesh Patel from Shrewsbury, Massachusetts, who worked for Allegro between August 26, 2002, and January 8, 2016. Patel was one of Allegro's many IT workers, in charge of the company's database, and more precisely of an Oracle finance module, which the company used to manage the financial side of its business. Patel resigned from his job in 2016 During his 14-year employment at Allegro, Patel received three laptops from his employer, a well-known high-performance semiconductors manufacturer. Two of these were for business use, while a third, an older model, was provided for personal use. When he resigned from Allegro, Patel returned only one of the two business laptops he was supposed to give back, and kept the third, as he was not obliged to return the laptop he received for personal use. When Allegro discovered Patel's actions, they summoned their former IT worker to return the second laptop because the device was capable of accessing Allegro's IT network. Instead of complying with the company's request, Patel returned the older laptop, meant for personal use, after he wiped the hard drive without reinstalling a fully-functional OS. Patel used colleague's credentials to access Allegro's network On January 31, Patel entered the grounds of the Allegro headquarters in Worcester, Massachusetts, just enough to be in range of the factory's WiFi network. According to court documents, Allegro says that Patel used the second business-use laptop to connect to the company's network using the credentials of another employee. Patel had access to employee credentials because he was one of the company's senior system administrators, and kept a copy of a file with usernames and passwords on his laptop. Allegro: Patel planted a "time bomb" While connected to factory's network on January 31, Allegro claims Patel, who was one of the two people in charge of Oracle programming, uploaded a "time bomb" to the company's Oracle finance module. The code was designed to execute a few months later, on April 1, 2016, the first week of the new fiscal year, and was meant to "copy certain headers or pointers to data into a separate database table and then to purge those headers from the finance module, thereby rendering the data in the module worthless." In a complaint filed by Allegro, the company says that "defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year's fiscal year-end accounting reconciliation and financial reports." Because Patel used valid credentials to access Allegro's network, his intrusion went unnoticed and ended up in the execution of the "time bomb." Laptop electronic fingerprint gave Patel away Allegro's IT staff discovered the sabotaged Oracle finance module on April 14, 2016. Ten days later, on April 24, the IT staffers found Patel's malicious code after comparing the current database with a copy from older backups. Eventually, they traced the unauthorized access to Patel's second business laptop based on the device's "electronic fingerprint." The company is now suing Patel asking for damages. Allegro said it paid in excess of $100,000 to fix its systems after Patel's sabotage. Allegro is also seeking punishment for Patel's trespassing and accessing its network without authorization. Unless the two parties come to an agreement, a trial is set for later this year. Source
  2. VirtualBox 5.1.18 and 5.0.36 released Oracle announced the availability of two new maintenance updates for the 5.1 and 5.0 stable branches of the open-source and cross-platform Virtualbox virtualization software for all supported platforms. VirtualBox 5.1.18 is now the newest and most advanced version of the 5.1 series, bringing improvements for Shared Folders by addressing two regressions discovered in the previous point release. Specifically, it fixes an issue with access to long paths and case-insensitive filename access, but only for Windows guests. These two bug fixes for Shared Folders have also been implemented in the VirtualBox 5.0.36 release, the most advanced in the 5.0 series, which also fixes an issue with virtual machine log collection for the VBoxBugReport component, as well as the autostart service script for Linux hosts, which were also fixed in the VirtualBox 5.1.18 release. Other than that, it looks like the VirtualBox 5.1.18 update addresses a Windows Additions regression from the VirtualBox 5.1.14 release related to automatic logins for Windows Vista and newer operating systems, and patches two API bugs that improve snapshot handling of PCI device and medium attachments. Last but not least, VirtualBox 5.1.18 fixes a regression from VirtualBox 5.1.16 that makes 32-bit Windows guests in raw mode to be able to boot again when using the ICH9 chipset in settings. Download VirtualBox 5.1.18 and 5.0.36 for GNU/Linux, macOS, and Microsoft Windows operating systems right now from our website. Source
  3. VirtualBox 5.1.16 released Oracle released a few moments ago new point releases of the VirtualBox 5.1 and 5.0 stable branches of the popular and open-source virtualization software for GNU/Linux, macOS, and Microsoft Windows operating systems. VirtualBox 5.1.16 is now the most advanced version of the application, and it comes approximately seven weeks after the VirtualBox 5.1.14 maintenance update. The most important change implemented for Linux users is initial support for the upcoming Linux 4.11 kernel, whose development just started a few days with the first Release Candidate. "Oracle has released VirtualBox 5.1 Maintenance Release 16. This release includes improvements and regression fixes for Oracle VM VirtualBox 5.1," said Simon Coter, Product Management Director, Oracle VM & VirtualBox at Oracle in the release announcement. Also for Linux users, VirtualBox 5.1.16 improves the installers to no longer rebuild kernel modules if not required. The Linux Additions were improved with the implementation of a vboxsf FS modules alias, as well as support for compiling the "shared folders" kernel module on GNU/Linux distributions running Linux kernel 4.10. Additionally, it adds a new action for Linux hosts, implemented in the the .desktop file, to allow users to open the virtual machine manager window, and makes it possible to install the Linux kernel module override rule on Linux distros that don't use /etc/depmod.d. For all platforms, the VirtualBox 5.1.16 release adds multiple improvements for the Virtual Machine Manager (VMM), graphical user interface (GUI), OVF support, USB and networking support. See the full changelog attached below for more details. Download VirtualBox 5.1.16 for GNU/Linux, macOS, and Microsoft Windows operating systems right now from our website and update as soon as possible. VirtualBox 5.1.16 Changelog Source
  4. Oracle insinuates Google was “a plagiarist” that committed “classic unfair use.” Google successfully made its case to a jury last year that its use of Java APIs in Android was "fair use." A San Francisco federal jury rejected Oracle's claim that the mobile system infringed Oracle's copyrights. But Oracle isn't backing down. Late Friday, the company appealed the high-profile verdict to a federal appeals court. This is the latest stage of a seemingly never-ending legal battle over intellectual property that began in 2010. The conflict has meandered through two federal trials, in addition to multiple trips to the appellate courts and to the Supreme Court. Oracle opened its brief to the US Court of Appeals for the Federal Circuit right where it left off after losing its case. Among other things, Oracle is refusing to believe that the "fair use" defense to copyright-infringement allegations should have protected Google from having to pay billions of dollars in damages. "When a plagiarist takes the most recognizable portions of a novel and adapts them into a film, the plagiarist commits the 'classic' unfair use," Oracle said in its opening brief. Fair use is a defense to copyright infringement if certain elements are met. It's decided on a case-by-case basis. "There is no specific number of words, lines, or notes that may safely be taken without permission," according to the US Copyright Office. There are, however, at least four factors to be considered when deciding fair use: the purpose of use, the nature of the copyrighted work, the amount and substantiality of the portion taken, and the effect of the use upon the potential market. Before going to the appeals court, Oracle asked US District Judge William Alsup to overturn the jury's verdict. Alsup, who presided over the second trial, ruled that Google's use cleared all four factors. Here's how we got to this point: Oracle purchased Sun Microsystems and acquired the rights to Java in 2009. Oracle then sued Google in 2010, saying that Google infringed copyrights and patents connected to Java. The case went to federal trial in 2012. Oracle initially lost. But part of its case was revived on appeal and another trial was ordered. The sole issue in the second trial, the one now being appealed, was whether Google infringed the APIs in Java, which the appeals court held were copyrighted. In May, a jury found in Google's favor after the second trial. The jury found that Google's use of the APIs was protected by "fair use"—a decision Alsup refused to disturb. Google declined to comment on the appeal. Google must file its response in the coming months. By David Kravets https://arstechnica.com/tech-policy/2017/02/oracle-refuses-to-accept-pro-google-fair-use-verdict-in-api-battle/
  5. End of an error Oracle has decided that keeping its Java plug-in for browsers is completely pointless. The outfit has said that it will remove its browser plug-in from future Java releases, basically because most browsers are giving up on plug-in support. Several browser makers have either removed or announced their intentions to remove plug-in support from their desktop browsers. It all started with mobile device browsers, which lacked plug-in support from day one, but Microsoft led the way with plug-in-free desktop browsers. Its new Edge browser in Windows 10 came without plug-in support. Last year Google removed plug-in support from its latest release of Chrome, and Mozilla is planning to eliminate plug-ins from its Firefox browser by the end of 2016. Soon, only the super cool and advanced Apple Safari will remain, showing once again how Apple is on the cutting edge of development. To run a Java applet from within a browser, the browser must permit the Java plug-in to be installed. As browser makers turn away from these types of installations, it becomes more difficult to find an environment to run Java applets, which makes the Java plug-in irrelevant. The Java Applet API will be still there in the next release of the Java Development Kit (JDK), which is slated for general availability some time in 2017 but after that the Applet API from the JDK and Java Runtime Environment will be gone. Article source Thanks to @DKT27 for news link.
  6. Oracle Java Copyright War latest: Why Google's Luck Is About To Run Out Database giant claims web ads goliath tricked court, Android isn't just phones Analysis Oracle says one of the foundations of Google's legal victory in the Java API copyright trial has exploded – and that means a retrial is needed. Oracle was trying its luck in court yesterday, demanding a retrial – although regardless of its success in forcing a third trial, the outcome of the second trial is on course to be heard by an appeals court. Although the debate around whether "Android is Java" or merely "very Java-like" can and probably will continue for years, it's irrelevant from a legal point of view, for the facts aren't in dispute. Google's Android team copied some 11,000 lines of application interface code from Sun's Java core libraries as it created the mobile operating system. In evidence subsequently presented to the court shows that executives knew the team probably needed a license from Sun – and set about negotiating one. But those negotiations were never concluded. At first, Sun's ponytailed CEO Jonathan Schwartz was at the zenith of his "take everything – take it all" phase, but this changed in 2009. Java's new owner Oracle didn't share Schwartz's child-like desire to be liked, and thought giving away its intellectual property was a spectacularly stupid thing. Oracle wondered why on earth Google didn't have a license. "Ellison has made it pretty damn clear that open source is there to serve his goal of profit," The Register noted the following year. "We tried too hard to share," Scott McNealy, cofounder of Sun, admitted. "I think we got the donate part right, I don't think we got the monetize part right." Google refused to take a retrospective license, so litigation began – and it's rumbled on ever since. So how did Google achieve a victory in what seems like an unpromising situation? In part, it was through extraordinary luck. In the 2012 trial, Judge William Alsup directed the jury to make one single very narrow decision, and discard everything else. That decision was whether Google could make an affirmative defense to the copying: fair use. Fair use is not a right, it's an affirmative defense, and to use it successfully, you have to address these factors: Is the copyrighted work being used for commercial gain, nonprofit educational purposes, or somewhere in between? Is the final piece a work of genuine creative expression? Is a reasonable amount of the copyrighted work being used, or is it a substantial amount? Will the use affect the market for or value of the copyrighted work? It's hard to see how Google could satisfy any one of these, but here we are. The jury looked to Alsup for advice, and Alsup was telling them to throw out Oracle's case. In the end, Google was found guilty of copyright infringement but the jury couldn't decide if lifting the API code was fair use. In a second trial – the one that concluded in May this year – the jury decided, yes, it was fair use after all and Google therefore didn't owe Oracle billions in damages. Alsup had clouded the waters to great effect, throwing in an issue that Google exploited very well: the so-called "copyright-ability of APIs," which we've dealt with before. For now, remember that while a great deal of creative expression is theoretically "copyrightable" – and in reality is automatically "copyrighted" – that doesn't mean it can then be used to successfully prosecute a copyright infringement case. It all depends on who, what and how much is copied. In public, Google attempted to paint the trial as an extension of copyright law into new areas. But in reality, APIs had never not been under copyright. To illustrate the point that holding a copyright doesn't mean you can successfully sue, the SCO Group had acquired the copyright to UNIX's interfaces, only to discover its legal case was shot to pieces. Many musicians have seen quite decent-looking infringement arguments against plagiarists thrown out, too. In reality, just because you own a copyright on a work doesn't turn it into David's Ark of the Covenant. Purely out of self-interest, Silicon Valley's huge tech lobbyists want you to think copyright and the case law around it is crazy, but it's actually pretty sensible, and most people like it that way. It's hard to reconcile the media bubble with reality sometimes, but in Court, Google didn't deny it had copied Java, and it didn't deny it had infringed. Yesterday's courtroom arguments hinged around a peculiar legal argument Google had made in the retrial. Google had argued that the Java infringements only concerned smartphones – because Android was a smartphone system. This was an odd argument to make, since the code was copied from Java SE – basically, desktop Java – not the mobile edition, Java ME. Oracle argues that when Google announced its Android app runtime for Chromebooks at this year's I/O developer conference, Google had undermined its own argument. In other words, Google had indicated that Android and its rip off of Oracle's copyright went beyond phones and tablets. Google effectively admitted that its infringement, in theory, allowed Oracle to pursue it for Android on TV, laptops, desktop machines and other device platforms. Fortunately for Google, the presiding judge is once again its guardian angel: William Alsup. Once again, he's marking his own homework. Oracle said that by basing Android on Java, Google had gained a major advantage. It was why Android hit the ground running – developers knew the interfaces, they knew the libraries, they could build apps for it straight away. Alsup was scornful of this argument. If and when the appeals court hears the case, Guardian Angel Alsup won't be anywhere near the courtroom. The three-judge panel is not there to decide who is the more lovable. This particular court is not hostile to the notion of intellectual property, and demolished Alsup's arguments before, in pretty unambiguous terms – hence the retrial. Even a company as lucky as Google can find that its luck might run out, eventually. Source
  7. FalseCONNECT Vulnerability Affects Software From Apple, Microsoft, Oracle, More Multiple other vendors may still be affected According to Decime, there is a flaw in how applications from several vendors respond to HTTP CONNECT requests via HTTP/1.0 407 Proxy Authentication Required responses. FalseCONNECT explained for dummies This flaw manifests itself only in network environments where users utilize proxy connections to get online. This type of setup is often used in enterprise networks where companies deploy powerful firewalls. Decime explains that an attacker that has a foothold in a compromised network and has the ability to listen to proxy traffic can sniff for HTTP CONNECT requests sent to the local proxy. When the attacker detects one of these requests, he then replies instead of the real proxy server, and issues a 407 Proxy Authentication Required response, asking the user for a password to access a specific service. Because the HTTP CONNECT requests are unencrypted, the attacker knows when the victim wants to access sensitive accounts such as email or Intranet servers, even if those services are delivered via HTTPS. The attacker can force the user to authenticate, sending the responses to him instead, hence the vulnerability's name of FalseCONNECT. WebKit software more vulnerable than others "WebKit-based clients are vulnerable to additional vectors due to the fact that HTML markup and JavaScript are rendered by the client Document Object Model (DOM) in the context of the originally requested HTTPS domain," a US-CERT alert reads. WebKit is used for software such as Chrome, iTunes, Google Drive, Safari, and many mobile applications. Multiple software vendors deploy applications that can handle proxy connections. Until know, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others. Technical details about this flaw can be found on a dedicated website. US-CERT has also issued an alert, in which users can track vendor responses for the FalseCONNECT vulnerability. Source
  8. This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for July 2016, which will be released on Tuesday, July 19, 2016. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 276 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible. Oracle Java SE Executive Summary This Critical Patch Update contains 13 new security fixes for Oracle Java SE. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 9.6 The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are: • Java SE • Java SE Embedded • JRockit http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html When available updates will be found at: http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html
  9. Java Tops TIOBE’s Programming Language Popularity Index, Assembly Makes An Entry TIOBE’s Programming Language Popularity Index Sees A New Top 10 Language: Assembly Programming language popularity tracker, TIOBE has released its latest index for July. Java continues to remain the most popular programming language among codes followed by C and C++. Java got an approval rating of 19.804 % followed by C with 12.238 % while C++ came in third at 6.311 %. Python and C# continue to hang in there with a slight downtick in their popularity. Java’s popularity rose at 2.08 percent while C and C++ have a little worry as their popularity shrank at -3.91 % and -2.33 %respectively. PHP, the programming language of choice among web applications developers made it to the top 5, while C# slid from the top 5. The biggest surprise however, is the jump in popularity of Assembly. Assembly, a low-level programming language has broken into top 10 for the first time. It might come as a surprise that the lowest level programming language that exists has re-entered the TIOBE index top 10. Why would anyone write code at such a low level, being far less productive if compared to using any other programming language and being vulnerable to all kinds of programming mistakes? The only satisfactory answer is machine learning and Internet of Things use Assembly language. For the uninitiated, Assembly programming language or asm, is a low-level programming language for a computer, or other programmable device, in which there is a very strong (generally one-to-one) correspondence between the language and the architecture’s machine code instructions. Assembly language is converted into executable machine code by a utility program referred to as an assembler. The conversion process is referred to as assembly, or assembling the source code. Assembly time is the computational step where an assembler is run. The only reasonable explanation for this is that the number of very small devices that are only able to run assembly code is increasing. Even your toothbrush or coffee machine are running assembly code nowadays. Another reason for adoption is performance. If performance is key, nobody can beat assembly code. Looks like machine learning and Internet of Things is a history in making. Source
  10. First of all, as we take note of all the rolling eyes over at the Googleplex, the May 26 federal district court decision disavowing Oracle’s Java copyright infringement claim against Google apparently will be appealed again, so let’s let that be the foundation for this perspective piece. Oracle as a corporation truly doesn’t understand the world of open-source software, that much is pretty clear. The world’s largest enterprise database supplier has never been a big proponent of FOSS (free and open-source software) at any time in the last two decades, and although it proclaims differently today, it’s still unclear on the concept. Oracle v Google Two recent events bear this out: Point No. 1: The verdict of a San Francisco federal court on May 26 throwing out Oracle’s claim—after six years of litigation—that Google illegally copied Java open source code into its Android mobile operating system without first obtaining a license to do so. If Oracle really understood FOSS and its global community, it never would have ventured to sue Google six years ago over its use of Java application programming interfaces (APIs) in the first place. Point No. 2: The recent exit of Oracle’s all-star Linux thought leader, Wim Coekaerts, its senior vice president of Linux and virtualization engineering. We’ll get back to this one shortly. Expanding on Point No. 1: Open-source software is meant to be copied into applications; this is its purpose in life. It’s a pretty simple concept, but even simple ideas can be misconstrued by well-meaning but misguided people. Oracle Lawyers Considering Another Appeal In fact, Oracle’s statement that it will doggedly appeal the verdict again is yet another indicator that it doesn’t get FOSS. “We believe there are numerous grounds for appeal, and we plan to bring this case back to the Federal Circuit on appeal,” its lead lawyer said. Good luck with that. There are no “numerous” grounds for appeal; they have been discussed ad nauseum for six years. This case is dead in the water, but key people at Oracle and its lawyers are motivated to keep it going. One cannot—repeat, cannot—obtain the hard legal opinion they want in order to control the business end of free and open-source software. Other people have tried and failed to define the “fair use” and “transformational” aspects of FOSS to fit their complaints of misuse; Oracle’s only the latest. It’s like trying to nail air to a wall. It’s a very good thing that free and open software is indeed free and open for developers to use. Developers need free tools and components to build, test and deploy applications without having to spend tons of licensing money doing it. This is where innovation happens. As long as its participants say please and thank you and pay forward to the community some of what they have learned, the FOSS community will continue to be among the most inventive and successful bodies of computer science knowledge on Earth. FOSS: The Foundation of Most Useful Apps Companies can add their own secret sauces to FOSS to come up with products they then can license. This is exactly what Google did with Android. It bought the Android startup IP in 2005, added its own code, included the open-source Java APIs that connect the device to the Internet and voila: Android was ready for prime time in a span of about two years (2007), just in time for a huge market battle with Apple’s iOS, which had come out earlier that same year. Bingo. Nine years later, Android has 3 billion worldwide users and about 40 companies using it inside phones and tablets, and has brought in $42 billion (mostly in advertising fees, not licensing) to the Google’s top line because its engineers and managers knew how to get all the components in Android to work correctly. Without FOSS, we would not have the world we have today, that much is certain. All companies in Silicon Valley use it in development or in their production products at one time or another. Without FOSS, we wouldn’t have the Internet as we know it; we wouldn’t have mobile devices that can track down any fact in the world in seconds; cable TV, satellite communications, and government, military and scientific systems would all be very different and probably not nearly as efficient; we could go on and on. Expanding on Point No. 2: Wim Coekaerts was one of the few surviving former Sun Microsystems engineers at Oracle; last month he moved over to help move Microsoft into the 21st century. Coekaerts oversaw everything Linux at Oracle, including all that code that runs in the company’s databases, analytics machines and middleware. Last year he was instrumental in securing a new official image for Oracle Linux on the Docker Hub registry. Oracle Dabbles in FOSS to Appease Some Customers Remember Unbreakable Linux? That specialized Oracle kernel predated Coekaerts, but he was charged with the stewardship of that continued development for the last six years. This is a very successful initiative at Oracle, and now the company’s going to have to find another “name-brand” engineer to run it. Microsoft, like Oracle, was famously anti-everything open source until it hired CEO Satya Nadella, who then hired Coekaerts to bring his reputation into the Windows and Azure picture. Oracle has shown that it dabbles in FOSS only to satisfy the needs of some of its customers, which is what any company worth its salt must do to be successful. But this week’s court decision and Coekaerts’ move should be obvious red flags to the giant Redwood City, Calif.-based company that it needs to follow Microsoft and makes a large U-turn toward embracing FOSS more than it has in the past and realign its overall approach as a globally significant IT vendor. Oracle famously has pooh-poohed both the cloud and FOSS in the past. It’s finally seen the light in the cloud business; the time is now to become a much bigger player in FOSS, or else it faces losing a lot of deals in the future—as well as another court case to Google if it persists. The Source
  11. Op-ed: Oracle Attorney Says Google’s Court Victory Might Kill the GPL Developers shouldn't celebrate Google's win in this hard-fought copyright case. The developer community may be celebrating today what it perceives as a victory in Oracle v. Google. Google won a verdict that an unauthorized, commercial, competitive, harmful use of software in billions of products is fair use. No copyright expert would have ever predicted such a use would be considered fair. Before celebrating, developers should take a closer look. Not only will creators everywhere suffer from this decision if it remains intact, but the free software movement itself now faces substantial jeopardy. While we don't know what ultimately swayed the jury, Google's narrative boiled down to this: because the Java APIs have been open, any use of them was justified and all licensing restrictions should be disregarded. In other words, if you offer your software on an open and free basis, any use is fair use. If that narrative becomes the law of the land, you can kiss GPL (general public license) goodbye. No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial exploitation fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use." Free stuff from Google does not mean free in the sense Richard Stallman ever intended it. It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy. Google is an advertising company. It does not depend upon traditional software licensing and is therefore free to disregard the protections that traditional software licensing provides. Nonetheless, Google exerts control over its APIs. Google prohibits copying of its APIs for competitive uses. In fact, Google has in the past settled with the FTC over the manner in which it has restricted its APIs. Developers beware. You may think you got a win yesterday. But it's time to think about more than your desires to copy freely when you sit down at a keyboard. Think about the larger and longer term implications. You should have been on Oracle's side in this fight. Free stuff from Google does not mean free in the sense Richard Stallman ever intended it. Source
  12. Oracle has spent many millions trying to get a chunk of Android, to no avail. SAN FRANCISCO—Following a two-week trial, a federal jury concluded Thursday that Google's Android operating system does not infringe Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." The verdict was reached after three days of deliberations. "Ladies and gentlemen of the jury, listen to your verdict as it will stand recorded," said the court clerk, before polling each of the ten men and women on the jury. There was only one question on the special verdict form, asking if Google's use of the Java APIs was a "fair use" under copyright law. The jury unanimously answered "yes," in Google's favor. The verdict ends the trial, which began earlier this month. If Oracle had won, the same jury would have gone into a "damages phase" to determine how much Google should pay. Because Google won, the trial is over. "I salute you for your extreme hard work in this case," said US District Judge William Alsup, who has overseen the litigation since 2010. "With the thanks of your United States District Court, you are now discharged. I would like to come in the jury room and shake each of your hands individually." Four of the ten jurors declined to comment to reporters gathered in the hallway. The other six went out through a back exit. "We're grateful for the jury's verdict," said Google lead lawyer Robert Van Nest before getting into the elevator with Google's in-house lawyers. "That's it." Oracle attorneys had no comment. Google said in a statement that its victory was good for everybody. "Today's verdict that Android makes fair use of Java APIs represents a win for the Android ecosystem, for the Java programming community, and for software developers who rely on open and free programming languages to build innovative consumer products," a Google spokesperson said via e-mail. Oracle, however, vowed to appeal. "We strongly believe that Google developed Android by illegally copying core Java technology to rush into the mobile device market. Oracle brought this lawsuit to put a stop to Google's illegal behavior. We believe there are numerous grounds for appeal and we plan to bring this case back to the Federal Circuit on appeal," Dorian Daley, Oracle's general counsel, said in a statement. Google's win somewhat softens the blow to software developers who previously thought programming language APIs were free to use. It's still the case that APIs can be protected by copyright under the law of at least one appeals court. However, the first high-profile attempt to control APIs with copyright law has now been stymied by a "fair use" defense. It isn't clear how much Oracle would have asked for in the damages phase, but it could have been as much as $9 billion. That's how much Oracle asked for in an early expert report. Over the course of the two-week trial, jurors heard testimony from current and former CEOs at Sun Microsystems, Google, and Oracle, as well as in-the-trenches programmers and computer experts from both companies. Oracle, which acquired Java when it purchased Sun Microsystems, sued Google over the APIs in 2010. In 2012, following a first jury trial, US District Judge William Alsup ruled that APIs can't be copyrighted at all, but Alsup's opinion was overturned on appeal. At this month's trial, Google's only available argument was that the 37 APIs constituted "fair use." During the trial, Oracle argued that Google copied parts of Java API packages as well as related declaring code, in order to take a "shortcut at Oracle's expense." As Android prospered, Oracle's Java licensing business, centered largely around feature-phones, cratered. "They copied 11,500 lines of code," Oracle attorney Peter Bicks said during closing arguments. "It's undisputed. They took the code, they copied it, and put it right into Android." Google countered that the Java language has always been "free and open" to use—and that included re-implementing Java APIs. Sun and its CEO Jonathan Schwartz accepted Android as a legitimate, if inconvenient, competitive product. Oracle CEO Larry Ellison welcomed Android at first, but later he "changed his mind, after he had tried to use Java to build his own smartphone and failed to do it," Google attorney Robert Van Nest told the jury. The Source
  13. Shut the doors to your social media goldmine The judge in the long-running Oracle-Google copyright lawsuit has advised jurors to adjust the privacy settings on their social media outlets – noting, "I can't control the press," and warning that story-seeking journalists would look them up. Judge Alsup addressed the juror pool this morning in San Francisco as lawyers from the two tech giants attempted to whittle scores of potential jurors down to a panel of ten. Those ten people will be deciding on potentially billions of dollars in damages and a legal precedent with far-reaching impact on the software industry. The issue of social media profiles has already flared up in Goracle pre-trial hearings when the judge grew suspicious of the two companies asking for two days to review juror survey responses. He asked if they were intended to scour the internet for information on them, and lawyers for Google and Oracle admitted they were. Google later told the judge it was willing to agree not to use its own technology to research jurors, but Oracle remained unpersuaded, causing the judge to request that any online searches done on the jurors be disclosed to him. Whether the companies stuck to that agreement remains to be seen as the second juror to be excused had in fact been Oracle executive chairman Larry Ellison's accountant (the first person was excused because of a weak bladder). "I know just about everything about him personally," the beancounter told the court as tech reporters swiftly memorized her face for later. The American Bar Association has considered the issue of searching jurors' online presences and decided that it's OK for lawyers to do so. But it draws the line at them asking for access to restricted accounts, hence the judge's advice to get behind privacy walls from now until the end of the trial, which is expected to be mid-June. The irony of the situation was not lost on the judge who advised the jurors not to Google anything about the case. Ignorance is bliss As often happens in tech cases, ignorance in jurors is seen as preferable, despite the fact that cases such as this often rely on a good understanding of complex technology and technological concepts. In this case, Oracle sued Google, claiming that its Java class library APIs are covered by copyright, and that Google owes it potentially billions of dollars in fees because Android relies on those APIs. Google argued you can't copyright software interfaces, but Oracle was backed by an appeals court and the US Supreme Court wasn't interested in hearing the case. So now the matter has been punted back to a federal district court to hear Google's argument that its use of those copyrighted APIs constitutes fair use. If it is ruled fair use, Google won't have to pay Oracle a penny. The trial redux started today and is expected to last for months. In a worrying sign, when asked whether they knew what APIs were, only two potential jurors said they had ever heard of them. As per the questionnaire they were all required to fill out, there were some interesting responses on what some jurors thought about Google and Oracle. Most, for example, felt that Google was an "innovative company." And half have Android phones. One juror remembers what Oracle did to PeopleSoft and wasn't happy about it; he was excused. At the time of writing, there are 15 potential jurors left and the lawyers are finding reasons to cut the last five. Such as the guy who told the judge he believed in a higher power to him. It seems that God was going to tell him which way to vote. A fight immediately broke out between lawyers over who God was exactly: Larry Ellison or Eric Schmidt. The Source
  14. The figure appears in a report by Oracle's damages expert, which Google strongly contests Google's Android will use code from the open source OpenJDK project Oracle is seeking as much as US $9.3 billion in damages in a long-running copyright lawsuit against Google over its use of Java in Android, court filings show. Oracle sued Google six years ago, claiming the search giant needs a license to use parts of the Java platform in Google's market-leading mobile OS. The companies went to trial over the matter in 2012 but the jury was split on the crucial question of whether Google’s use of Java was protected by "fair use," which permits copying under limited circumstances. They're headed back to a federal district court in San Francisco for a new trial due to begin May 9. As last time, a parade of star witnesses is expected to take the stand, including Oracle’s Larry Ellison and Google’s Eric Schmidt. The damages figure appears in a report compiled by an expert hired by Oracle to calculate how much Google should pay for its alleged infringement. The figure could be reduced before the case gets to trial. It's currently about 10 times the sum Oracle was seeking when the case went to trial last time. The increase reflects the dramatic growth of both Android and the smartphone market in the intervening years. The new trial will cover six additional versions of Android, up to and including Lollipop. To put $9.3 billion in context, Google’s parent company, Alphabet, made $4.9 billion in profit last quarter. Google has hired its own damages expert who's sure to have come up with a much lower estimate for how much harm Oracle suffered. That damages report isn't yet public, but a filing by Oracle last week suggests Google caps at least part of the damages at $100 million. When damages estimates vary widely, juries often settle on a figure somewhere in between. Google did not respond to requests for comment, and an Oracle spokeswoman declined to comment. At issue in the case is Google's decision to use Java as the basis for its Android operating system without obtaining a license from Sun. In the first trial, a jury found Google had infringed Oracle’s copyright by copying into Android the "structure, sequence and organization" of 37 Java application programming interfaces. The trial judge, William Alsup, ruled later that APIs aren't eligible for protection under U.S. copyright law, dealing Oracle's case a seemingly fatal blow. An appeals court overturned that ruling, however. Google appealed to the Supreme Court, which declined to take the case. So it now heads back to Alsup's court to retry the issue of fair use. As Oracle tells it, Google was in a mad rush to get its operating system to market before competing platforms could take hold. It chose to use Java because there were already millions of programmers familiar with the language. Google denies any wrongdoing. It says its use of Java is covered by fair use, which allows copying in limited cases. Factors include whether the use of the copyright work was transformative, meaning whether it turned it into something new; the amount of the original work that was copied, and the impact of the copying on the market value of the original work. The estimate from Oracle's damages expert, James Malackowski, comprises two parts: $475 million for damages incurred by Oracle, and $8.8 billion for profit made by Google. Oracle/IDGNS The first figure accounts for money Oracle might have made from licensing Java to handset makers itself, if Google hadn’t developed Android. The second is for profit Google made from Android, including from mobile advertising and apps and content sold through the Android Market and Google Play. In a court filing last week, Google blasted Malackowski's report and asked Alsup to exclude parts of it from trial, saying it "ignores the statutory standard for copyright damages and fails to offer anything resembling an expert analysis." Copyright law says damages can only be claimed for profits that are "attributable to" the infringing code. And the 37 APIs are "a fraction of a percent of the code in the complex Android smartphone platform," Google’s lawyers argued. “Oracle and Malackowski improperly equate the value of the entirety of Android” with the value of the 37 APIs, Google says. The two sides are due in court April 27 for a pretrial hearing before the judge. The Source
  15. Malicious web page could achieve remote PC takeover without authentication Oracle is urging Java users to upgrade, ASAP, to crimp a very nasty bug in the desktop and browser plug-in versions of the software. Labelled CVE-2016-0636, the flaw scored a 9.3 on the Common Vulnerability Scoring System bug severity rating. That high score comes about because the flaw means attackers “can impact the availability, integrity, and confidentiality of the user's system.” Worse still, an attacker can do that remotely, without authentication. In other words, visit the wrong web site with un-patched Java and there's a decent chance crims can rummage through your entire computer then hop onto your network. What happens next doesn't bear thinking about. Big Red's posted an update version of Java, Java SE 8u77, here. Or you can trust to auto-updates on Windows. Long story short: however you get the fix, get off Oracle Java SE 7 Update 97, and 8 Update 73 and 74, on Windows, Solaris, Linux, and Mac OS X. And then go stuff yourself with Easter Eggs. The Source
  16. Google appears to be no longer using Java application programming interfaces (APIs) from Oracle in future versions of its Android mobile operating system, and switching to an open source alternative instead. Google will be making use of OpenJDK – an open source version of Oracle’s Java Development Kit (JDK) – for future Android builds. This was first highlighted by a "mysterious Android codebase commit" submitted to Hacker News. However, Google confirmed to VentureBeat that the upcoming Android N will use OpenJDK, rather its own implementation of the Java APIs. Google and Oracle have been fighting it out for years in a lawsuit, and it is hard to imagine that such a massive change is not related to the search engine giant's ongoing legal dispute with Oracle, however. What Google and Oracle are Fighting About The dispute started when Oracle sued Google for copyright in 2010, claiming that Google improperly used a part of its programming language called Java APIs and baked them into its Android mobile OS. However, Google argued that the Java APIs in question were necessary for software innovation, allowing different applications to talk to each other, and, therefore, could not be copyrighted. Google almost won the initial lawsuit in 2012, but a Federal court mostly reversed the decision in 2014 in Oracle's favor. Google reached out to the US Supreme Court to take the case, but the DoJ sent it back to a lower court, where it currently sits. The final decision is yet to be made, but one possibility could be that the company will be prohibited from using the copyrighted APIs. However, OpenJDK, the alternative to Java APIs, is still controlled by Oracle, but at least, Google is legally cleared to implement it. As for how this new change in Android affects you and me, the new code should make it somewhat easier for Android N developers, perhaps resulting in better apps and quicker updates. Source
  17. The U.S. Federal Trade Commission this past week announced it reached settlements with software giant Oracle and identity protection firm LifeLock over separate charges of allegedly deceiving users and customers about security. LifeLock agreed to pay $100 million for violating a 2010 promise to cease deceptive advertising practices. Oracle's legal troubles with the FTC stem from its failure to fully remove older, less secure versions of Java when consumers installed the latest Java software. The FTC sued Oracle over years of failing to remove older, more vulnerable versions of Java SE when consumers updated their systems to the newest Java software. Java is installed on more than 850 million computers, but only recently (in Aug. 2014) did the company change its updater software to reliably remove older versions of Java during the installation process. According to the FTC's complaint, since acquiring Java in 2010, Oracle was aware of significant security issues affecting older versions of Java SE. The FTC charges that Oracle was aware of the insufficiency of its update process. "Internal documents stated that the 'Java update mechanism is not aggressive enough or simply not working,' and that a large number of hacking incidents were targeting prior versions of Java SE's software still installed on consumers' computers," the FTC said "The security issues allowed hackers' to craft malware that could allow access to consumers' usernames and passwords for financial accounts, and allow hackers to acquire other sensitive personal information through phishing attacks." Few sites require Java to display content anymore, and most regular users can likely do without the program given the incessant security holes introduced by the program and its record of being abused by malicious software to infect millions of systems. Source / Full Article Comment: Companies that know of security holes but sit on it cannot avoid being sued, at least by the US FTC.
  18. UPDATE–Oracle, never the most researcher-friendly software vendor, has taken its antagonism to another level after publishing a blog post by CSO Mary Ann Davidson that rails against reverse engineering and saying that the company has no need for researchers to look at Oracle’s code for vulnerabilities because “it’s our job to do that, we are pretty good at it”. The post, which was removed early Tuesday morning, is still available in an archived form and is a long, rambling explanation of Davidson’s views about the practice of customers and researchers reverse engineering Oracle’s code. Davidson, who has been at Oracle for more than 25 years, said in the post that reverse engineering violates Oracle’s license agreement and that the company regularly sends letters to customers and consultants who it believes have violated the EULA. She also said that even when researchers try to report a security vulnerability in an Oracle product, the company often takes issue with how the bug was found and won’t credit researchers. I almost hate to answer this question because I want to reiterate that customers Should Not and Must Not reverse engineer our code. However, if there is an actual security vulnerability, we will fix it. We may not like how it was found but we aren’t going to ignore a real problem – that would be a disservice to our customers. We will, however, fix it to protect all our customers, meaning everybody will get the fix at the same time,” Davidson said in the post. However, we will not give a customer reporting such an issue (that they found through reverse engineering) a special (one-off) patch for the problem. We will also not provide credit in any advisories we might issue. You can’t really expect us to say ‘thank you for breaking the license agreement. Oracle is well-known in the security research community for being difficult to deal with, if not down right hostile. Davidson has spoken out in the past about not having much use for external researchers, and in the deleted post she said that virtually all of the vulnerabilities found in Oracle products are found internally, so rewarding outside researchers with credit or bug bounties is pointless. Bug bounties are the new boy band (nicely alliterative, no?) Many companies are screaming, fainting, and throwing underwear at security researchers to find problems in their code and insisting that This Is The Way, Walk In It: if you are not doing bug bounties, your code isn’t secure. Ah, well, we find 87% of security vulnerabilities ourselves, security researchers find about 3% and the rest are found by customers,” Davidson said in the post. A statement sent by Oracle PR said that the company removed the post because it didn’t fit with the company’s relationship with customers. The security of our products and services has always been critically important to Oracle. Oracle has a robust program of product security assurance and works with third party researchers and customers to jointly ensure that applications built with Oracle technology are secure. We removed the post as it does not reflect our beliefs or our relationship with our customers,” said Edward Screven, Executive Vice President and Chief Corporate Architect, at Oracle. The reaction from the security community to Davidson’s post, and its subsequent removal, was swift and ugly. Many researchers who have had difficult interactions with Oracle in the past said they weren’t surprised by the post, and others pointed out that Davidson’s post seems to seek a return to the time when vendors were openly hostile to researchers and wanted no part of bug reports. Application security is an enormous software supply chain issue for both enterprises and software vendors because we all rely on software provided by others. Vendors need to be responsive to their customers’ valid requests for assurance, and to security researchers who are trying to make the software we all consume better,” Chris Wysopal, CTO and CISO at Veracode, said. Leaders in the industry – Google, Apple, Microsoft, Adobe – all encourage third-party code audits and bug bounty programs as a valuable extension of their own security processes. Discouraging customers from reporting vulnerabilities or telling them they are violating license agreements by reverse engineering code, is an attempt to turn back the progress made to improve software security. Wysopal said in an interview that the views Davidson expressed in the post are the opposite of the way the security community and vendors have been moving for years. The community has been moving more to embrace bug reports and there’s more of that activity going on than ever before, at places like Tesla and United. She’s really sailing against the tide here,” he said. We will engage with the vendor on the things she mentioned, like understanding that there are mitigating factors that could prevent a bug from being exploited. She doesn’t want to engage at all in the process. She just says no, no, no, we have it covered. Our customers don’t believe that and I don’t think most of the community believes it either. There could be a positive outcome from all this, however. They can’t be the only outlier on this and not engage the community. I’m hopeful that this whole thing will lead to a turnaround,” Wysopal said. This story was updated on Aug. 8 to add the comments from Wysopal. Soruce
  19. When it comes to individual software programs spreading potentially unwanted programs (PUP), it is Adobe Flash and Oracle's Java that need to be mentioned in this regard in particular due to the immense reach both products have. Adobe's been spreading McAfee Security Scan Plus with Flash downloads while Oracle had an agreement with Ask to spread the company's toolbar to user systems. The latter appears a thing of the past though as the Wall Street Journal is reporting that Oracle will soon replace the Ask Toolbar offer included in new Java installations and upgrades with Yahoo offers. Yahoo's Chief Executive Marissa Mayer announced the deal on the company's shareholder conference according to the magazine. Users who install Java anew or run upgrades on their systems will be "prompted to make Yahoo their browser's default search engine and home page". The offer appears to be only integrated in the online installer that Oracle pushes out by default. Offline installers, which you find listed on this page on the Java website, appear clean at this point in time. It is unclear if the offer is limited geographically, for instance US-only, or worldwide. Oracle did not comment on the deal and why it switched from offering the Ask Toolbar to Java downloaders to Yahoo's offer instead. While it may be tempting to assume that this has something to do with Microsoft classifying the Ask Toolbar as a threat, it could very well have other reasons, for instance that Yahoo's offer was better financially or that the constant spreading of Ask's Toolbar has saturated the market and lowered Oracle's income in the process. End users who install Java on their computer systems are as affected as before by the third-party offer. While it will "only" replace homepage, search engine and tab page in the browser and not install add-ons on top of that, it is still highly problematic due to the opt-in nature of the offer and the time it takes to undo those changes if unwanted. Source: ghacks.net
  20. Oracle has released a critical patch update fixing 167 vulnerabilities across hundreds of its products, warning that the worst of them could be remotely exploited by hackers. The pressing fixes involve several of Oracle's most widely used products and scored a full 10.0 rating on the CVSS 2.0 Base Score for vulnerabilities, the highest score available."The highest CVSS 2.0 Base Score for vulnerabilities in this critical patch update is 10.0 for Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite and M10-4S Servers of Oracle Sun Systems Products Suite," read the advisory. "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply critical patch update fixes as soon as possible." Oracle warned that the updates for Fujitsu M10-1 of Oracle Sun Systems Products Suite are particularly important. "This critical patch update contains 29 new security fixes for the Oracle Sun Systems Products Suite," the advisory said. "Ten of these vulnerabilities may be remotely exploitable without authentication [and] may be exploited over a network without the need for a username and password." The Oracle Java SE update fixes 19 flaws, 14 of which were also remotely exploitable. The next most serious flaws relate to Oracle's Fusion Middleware, which received 35 security fixes. The worst carries a 9.3 rating and could also be remotely exploited. The update follows reports that hackers are targeting enterprise companies with malware-laden patches purporting to come from Oracle. The news comes during a period of heated debate about patching best practice. Microsoft announced plans on 9 January to stop offering non-paying customers advanced patch notifications. The announcement led to a backlash in the security community, many feeling that the move is a money-grabbing tactic by Microsoft. Prior to the move, Microsoft came to blows with Google over the search firm's public disclosure of a Windows bug. Google Project Zero researchers publicly disclosed the bug in December 2014 having privately reported it to Microsoft in September. The move led to a debate about what constitutes responsible threat disclosure. Affected Products and ComponentsSecurity vulnerabilities addressed by this Critical Patch Update affect the following products: Oracle Database Server, version(s) 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, 12.1.0.2Oracle Fusion Middleware, version(s) 10.1.3.5, 11.1.1.7, 11.1.2.1, 11.1.2.2, 12.1.2, 12.1.3Oracle Fusion Applications, versions 11.1.2 through 11.1.9Oracle Access Manager, version(s) 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2Oracle Adaptive Access Manager, version(s) 11.1.1.5, 11.1.1.7, 11.1.2.1, 11.1.2.2Oracle BI Publisher, version(s) 10.1.3.4.2, 11.1.1.7Oracle Business Intelligence Enterprise Edition, version(s) 10.1.3.4.2, 11.1.1.7Oracle Containers for J2EE, version(s) 10.1.3.5Oracle Directory Server Enterprise Edition, version(s) 7.0, 11.1.1.7Oracle Exalogic Infrastructure, version(s) 2.0.6.2.0 (for all X2-2, X3-2, X4-2)Oracle Forms, version(s) 11.1.1.7, 11.1.2.2Oracle GlassFish Server, version(s) 3.0.1, 3.1.2Oracle HTTP Server, version(s) 10.1.3.5.0, 11.1.1.7.0, 12.1.2.0, 12.1.3.0Oracle OpenSSO, version(s) 8.0 Update 2 Patch 5Oracle Real-Time Decision Server, version(s) 11.1.1.7, RTD Platform 3.0.xOracle Reports Developer, version(s) 11.1.1.7, 11.1.2.2Oracle SOA Suite, version(s) 11.1.1.7Oracle Waveset, version(s) 8.1.1Oracle WebCenter Content, version(s) 11.1.1.8.0Oracle WebLogic Portal, version(s) 10.0.1.0, 10.2.1.0, 10.3.6.0Oracle WebLogic Server, version(s) 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, 12.1.3.0Enterprise Manager Base Platform, version(s) 12.1.0.3, 12.1.0.4Enterprise Manager Ops Center, version(s) 11.1, 11.1.3, 12.1, 12.1.4, 12.2Oracle E-Business Suite, version(s) 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, 12.2.4Oracle Agile PLM, version(s) 9.3.3Oracle Agile PLM for Process, version(s) 6.1.0.3Oracle Transportation Management, version(s) 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5PeopleSoft Enterprise HRMS, version(s) 9.1PeopleSoft Enterprise PeopleTools, version(s) 8.52, 8.53, 8.54JD Edwards EnterpriseOne Tools, version(s) 9.1.5Oracle Enterprise Asset Management, version(s) 8.1.1, 8.2.2Siebel Applications, version(s) 8.1.1, 8.2.2Oracle iLearning, version(s) 6.0, 6.1Oracle Communications Diameter Signaling Router, version(s) 3.x, 4.x, 5.0Oracle Communications Messaging Server, version(s) 7.0.5.33.0 and priorOracle MICROS Retail, version(s) Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, 6.5.2Oracle Healthcare Master Person Index, version(s) 1.x, 2.xOracle Java SE, version(s) 5.0u75, 6u85, 7u72, 8u25Oracle Java SE Embedded, version(s) 7u71Oracle JRockit, version(s) R27.8.4, R28.3.4Fujitsu M10-1, M10-4, M10-4S Servers, version(s) prior to XCP 2240Integrated Lights Out Manager(ILOM), version(s) prior to 3.2.4Solaris, version(s) 10, 11Solaris Cluster, version(s) 3.3, 4.1SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, version(s) before XCP 1119Oracle Secure Global Desktop, version(s) 4.63, 4.71, 5.0, 5.1Oracle VM VirtualBox, version(s) prior to 3.2.26, 4.0.28, 4.1.36, 4.2.28, 4.3.20MySQL Server, version(s) 5.5.40 and prior, 5.6.21 and priorSource And Info From Oracle
  21. Support engineers with Oracle are warning users not to download any patches that don’t come directly from the company after learning that attackers are circulating fake fixes for Oracle error messages. Antonella Giovannetti, a member of the company’s SOA Proactive response team, wrote in a blogpost on Monday that “non-Oracle sites” have been spotted propagating patches, but at this point it’s still unclear exactly which sites are pushing the patches and for which vulnerabilities. “You probably already don’t need to be told,” Giovannetti wrote, before warning that the fake fixes are: Not authorized by [Oracle] in any wayMore than likely to be dangerous to your systemWhen reached Wednesday, a spokesman for Oracle said the company was still gathering information about the bogus patches. Disguising malware as fixes for bugs, genuine or fake, is an age-old trick employed by attackers. Several years ago, attackers tried to dupe Windows users into installing patches masquerading as Patch Tuesday updates while other scams trying to get users to install everything from fake antivirus to fixes for Java – a platform now owned by Oracle – have been commonplace over the past decade or so. This particular scam comes about a week before Oracle is scheduled to push its first Critical Patch Update of 2015. The company releases its updates quarterly, on the Tuesday closest to the 17th day of January, April, July and October, meaning the next batch of legitimate fixes is due for release next Tuesday, Jan. 20. Source
  22. Larry Ellison, CEO of multinational software company Oracle, is leaving his position as CEO effective immediately. According to the company's official statement, Larry Ellison will continue to work for the company as its Executive Chairman and Chief Technology Officer. In his stead, Oracle executives Mark Hurd (formerly of HP) and Safra Katz will take over as co-CEOs. Oracle's statement says that Ellison will continue to be in charge of "all software and hardware engineering functions" in his new role as the company's CTO. "Safra and Mark will now report to the Oracle Board rather than to me," said Ellison via the statement. "All the other reporting relationships will remain unchanged. The three of us have been working well together for the last several years, and we plan to continue working together for the foreseeable future." Ellison launched Oracle in 1977 with cofounders Bob Miner and Ed Oates as Software Development Laboratories. The company was renamed Relational Software Inc. in 1979, after releasing Oracle Version 2, the first commercial SQL database. The company would not become known as Oracle until 1982. It is perhaps most well-known for its Oracle Database product, an extremely scalable (and extremely expensive) relational database management solution in use at many, if not most, of the world's biggest companies. Source
  23. Oracle Corp won a legal victory against Google Inc on Friday as a U.S. appeals court decided Oracle could copyright parts of the Java programming language, which Google used to design its Android smartphone operating system. The case, decided by the U.S. Court of Appeals for the Federal Circuit in Washington, is being closely watched in Silicon Valley. A high-profile 2012 trial featured testimony from Oracle's chief executive, Larry Ellison, and Google CEO Larry Page, and the legal issues go to the heart of how tech companies protect their most valuable intellectual property. Google's Android operating system is the world's best-selling smartphone platform. Oracle sued Google in 2010, claiming that Google had improperly incorporated parts of Java into Android. Oracle is seeking roughly $1 billion on its copyright claims. A San Francisco federal judge had decided that Oracle could not claim copyright protection on parts of Java, but on Friday the three-judge Federal Circuit panel reversed that ruling. "We conclude that a set of commands to instruct a computer to carry out desired operations may contain expression that is eligible for copyright protection," Federal Circuit Judge Kathleen O'Malley wrote. Pamela Samuelson, a professor at University of California, Berkeley, School of Law who wrote a brief supporting Google in the case, said the Federal Circuit's decision means software companies now face uncertainty in determining how to write interoperable computer programs that do not violate copyright. "What we have is a decision that will definitely shake up the software industry," said Samuelson. But Oracle attorney E. Joshua Rosenkranz said the law has always been clear on these issues. "There's nothing at all astounding in what the Federal Circuit did," he said. Not the end of legal dispute The case examined whether computer language that connects programs - known as application programming interfaces, or APIs - can be copyrighted. At trial in San Francisco, Oracle said Google's Android trampled on its rights to the structure of 37 Java APIs. U.S. District Judge William Alsup ruled that the Java APIs replicated by Google were not subject to copyright protection and were free for all to use. The Federal Circuit disagreed on Friday, ruled for Oracle and instructed the lower court to reinstate a jury's finding of infringement as to 37 Java API packages. "We find that the district court failed to distinguish between the threshold question of what is copyrightable - which presents a low bar - and the scope of conduct that constitutes infringing activity," O'Malley wrote. The unanimous Federal Circuit panel ordered further proceedings before Alsup to decide whether Google's actions were protected under fair use. Programmers could still craft interoperable programs if the opinion stands, but lawyers will have to be more involved in signing off on what is permissible, said Eric Goldman, a professor at Santa Clara University School of Law. "That's really expensive and lawyers are not going to give yes or no answers, and that's going to be stressful for everybody," Goldman said. Google had argued that software should only be allowed to be patented, not copyrighted. However, O'Malley wrote that the Federal Circuit is bound to respect copyright protection for software, "until either the Supreme Court or Congress tells us otherwise." Oracle General Counsel Dorian Daley called the decision a "win" for an industry "that relies on copyright protection to fuel innovation." Google said it set a "damaging precedent for computer science and software development" and was considering its options © Thomson Reuters 2014
  24. I've encountered a fatal bug in VirtualBox 4.2.18 after just normal installation, windows can't go sleep! and it's not shown in any powercfg / reports or processes ,so it took me lives to figure out which hinder sleep. I said I better note you people....