Slashdot Deals: Deal of the Day - 6 month subscription of Pandora One at 46% off. ×

Intel Offers More Insight On Its 3D Memory ( 115

itwbennett writes: When Intel and Micron Technology first announced the 3D XPoint memory in July, they promised about 1,000 times the performance of NAND flash, 1,000 times the endurance of NAND flash, and about 10 times the density of DRAM. At OpenWorld last week, Intel CEO Brian Krzanich disclosed a little more information on the new memory, which Intel will sell under the Optane brand, and did a demo on a pair of matching servers running two Oracle benchmarks. One server had Intel's P3700 NAND PCI Express SSD, which is no slouch of a drive. It can perform up to 250,000 IOPS per second. The other was a prototype Optane SSD. The Optane SSD outperformed the P3700 by 4.4 times in IOPS with 6.4 times less latency.

Apple Usurps Oracle As the Biggest Threat To PC Security 320

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?

Oracle Bakes Security Into New Chips ( 99

An anonymous reader writes: Oracle's Larry Ellison gave a presentation yesterday at OpenWorld in which he detailed how the M7 chip's new Silicon Secured Memory system works. "On the M7, pointers and their memory blocks are stamped with a 4-bit 'color,' and accesses are verified to make sure the color in the highest bits of the pointer matches the color of the memory allocation. This works with virtual memory allocated from the heap rather from the stack, it appears. Solaris tries to avoid giving adjacent blocks the same color." El Reg notes that a 4-bit security stamp doesn't really offer that many distinct options. "Four bits of color means there are 24, or 16, possible colors a memory block can have. A hijacked pointer has a one-in-16 chance of having a matching color when it accesses any block of memory, allowing it to circumvent the SSM defense mechanism. ... It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection. In short, SSM is a mitigation rather than bulletproof protection." Still, Ellison claims this would have shut down vulnerabilities like Heartbleed and Venom.

Oracle Fixes Java Vulnerability Used By Russian Cyberspies ( 126

itwbennett writes: Oracle said that it has fixed 154 security flaws in Java and a wide range of its other products, including one that Russian cyberespionage group Pawn Storm used to launch stealthy attacks earlier this year. The vulnerability, tracked as CVE-2015-4902, was being used by the Pawn Storm attackers to enable the execution of a malicious Java application without user interaction.

Beware of Oracle's Licensing 'Traps,' Law Firm Warns ( 136

itwbennett writes: Slashdot readers are no strangers to Oracle's aggressive licensing practices, practices that have earned them notoriety over the years. This week, Texas law firm Scott & Scott wrote a blog post warning enterprises about the 'traps' in Oracle software licensing. One of the biggest problems with Oracle software is how difficult it is for companies to track internally what they're using and how they're using it, said Julie Machal-Fulks, a partner with Scott & Scott, in an interview with Katherine Noyes. 'They may use just one Oracle product and think they're using it correctly, but then Oracle comes along and says, 'no, you're using it wrong — you owe us a million bucks.'

Firefox Support For NPAPI Plugins Ends Next Year ( 147

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

OpenIndiana Hipster 2015.10: Keeping an Open-Source Solaris Going 149

An anonymous reader writes: It's been five years since Oracle killed off OpenSolaris while the community of developers are letting it live on with the new OpenIndiana "Hipster" 15.10 release. OpenIndiana 15.10 improves its Python-based text installer as it looks to drop its GUI installer, switches out the Oracle JDK/JRE for OpenJDK, and updates its vast package set. However, there are still a number of outdated packages on the system like Firefox 24 and X.Org Server 1.14 while the default office suite is a broken OpenOffice build, due to various obstacles in maintaining open-source software support for Solaris while being challenged by limited contributors. Download links are available via the release notes. There's also a page for getting involved if wishing to improve the state of open-source Solaris.

LibreOffice Turns Five 147

An anonymous reader writes: Italo Vignoli, founding member of The Document Foundation, reflects on the project's five-year mark in an article on "LibreOffice was launched as a fork of on September 28, 2010, by a tiny group of people representing the community in their capacity as community project leaders. At the time, forking the office suite was a brave -- and necessary -- decision, because the open source community did not expect to survive for long under Oracle stewardship." The project that was does still exist, in the form of Apache Open Office, but along with most Linux distros, I've switched completely to LibreOffice, after some initial misgivings.

When Does Software Start Becoming Malware? 165

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the toolbar. Even though many users objected to the inclusion of the toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the toolbar as malware."
United Kingdom

UK Government Signs New Deal With Oracle 54

An anonymous reader writes: The Crown Commercial Service (CCS) has signed a deal with Oracle that should allow it to cut down on spending and licensing costs with the software provider. The three-year partnership will see the two collaborate to deliver services to public sector bodies including the National Health Service. A few weeks ago the government announced it would be cutting back on its use of Oracle software, but the new deal instead extends the existing agreement. CCS CEO Sally Collier explained: "The enhanced MoU will deliver savings across government and allow easier and more effective procurement of Oracle products and services. It lays the foundation of a more collaborative relationship between government and Oracle."

Oracle: Google Has "Destroyed" the Market For Java 457

itwbennett writes: Oracle made a request late last month to broaden its case against Android. Now, claiming that 'Android has now irreversibly destroyed Java's fundamental value proposition as a potential mobile device operating system,' Oracle on Wednesday filed a supplemental complaint in San Francisco district court that encompasses the six Android versions that have come out since Oracle originally filed its case back in 2010: Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, Kit Kat and Lollipop.

Video Tim O'Reilly and the 'WTF?!' Economy (Video) 111

This is a conversation Tim Lord had with Tim O'Reilly at OSCON. Tim O'Reilly wrote an article titled "The WTF Economy,", which started with these words: "WTF?! In San Francisco, Uber has 3x the revenue of the entire prior taxi and limousine industry." He talks about Uber and AirbnB and how, with real-time measurement of customer demand, "The algorithm is the new shift boss." And then there is this question: "What is the future when more and more work can be done by intelligent machines instead of people, or only done by people in partnership with those machines?"

My (late) father was an engineer. Politically, you could have called him a TechnoUtopian. He believed -- along with most of his engineer, ham radio, and science fiction writer and reader friends -- that as machines took over the humdrum tasks, humans would work less and create more. O'Reilly seems to have similar beliefs, even though (unlike my father) he's seen the beginnings of an economy with self-driving cars and trucks, factory machines that don't need humans to run them, and many other changes the 1950s and 1960s futurists didn't expect to see until we had flying cars and could buy tickets on Pan Am flights to the moon. Listening to these conversations, I remember my father's dreams, but O'Reilly isn't as optimistic as a full-blown TechnoUtopian. He takes a "Something's happening here; what it is ain't exactly clear" view of how work (and pay for work) will change in the near future. Please note that Tim O'Reilly has been called "The Oracle of Silicon Valley," so he's totally worth watching -- or reading, if that's your preferred method of taking in new information.

NOTE: Today we have a "main video," plus a "bonus video" that is viewable only with Flash. But we have a transcript that covers both of them. Enjoy!

Oracle Exec: Stop Sending Vulnerability Reports 229

florin writes: Oracle chief security officer Mary Ann Davidson published a most curious rant on the company's corporate blog yesterday, addressing and reprimanding some pesky customers that just will not stop bothering her. As Mary put it: "Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it." She goes on to describe how the company deals with such shameful activities, namely that "We send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer's behalf — reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already."

Later on, in a section intended to highlight how great a job Oracle itself was doing at finding vulnerabilities, the CSO accidentally revealed that customers are in fact contributing a rather significant 1 out of every 10 vulnerabilities: "Ah, well, we find 87 percent of security vulnerabilities ourselves, security researchers find about 3 percent and the rest are found by customers." Unsurprisingly, this revealing insight into the company's regard for its customers was removed later. But not before being saved for posterity.

U.K. Government Seeking To End Reliance On Oracle 190

jfruh writes: The U.K. Cabinet Office has reportedly asked government departments and agencies to try to find ways to end their reliance on Oracle software, a move motivated by the truly shocking number of Oracle licenses currently being paid for by the British taxpayer. The Department for Environment, Food and Rural Affairs alone has paid £1.3 million (US$2 million) per year for some 2 million Oracle licenses, or about 200 licenses per staff member.

Oracle To Debut Low-Cost SPARC Chip Next Month 92

jfruh writes: Of the many things Oracle acquired when it absorbed Sun, the SPARC processors have not exactly been making headlines. But that may change next month when the company debuts a new, lower-cost chip that will compete with Intel's Xeon. "Debut," in this case, means only an introduction, though -- not a marketplace debut. From the article: [T]he Sparc M7 will have technologies for encryption acceleration and memory protection built into the chip. It will also include coprocessors to accelerate database performance. "The idea of Sonoma is to take exactly those same technologies and bring them down to very low cost points, so that people can use them in cloud computing and for smaller applications, and even for smaller companies who need a lower entry point," [Oracle head of systems John] Fowler said. ... [Fowler] didn’t talk about prices or say how much cheaper the new Sparc systems will be, and it could potentially be years before Sonoma comes to market—Oracle isn’t yet saying. Its engineers are due to discuss Sonoma at the Hot Chips conference in Silicon Valley at the end of the month, so we might learn more then.

First Java 0-Day In 2 Years Exploited By Pawn Storm Hackers 122

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

Oracle Bullies Enterprise Clients Into Cloud Purchases, Consultant Claims 184

An anonymous reader writes: A consultant claims that Oracle has adopted the widespread use of 'breach notices' this year to force existing enterprise customers to adopt its newly-bolstered range of cloud services, or else be told to stop using all Oracle software within thirty days. Speaking to Business Insider, the unnamed source described the tactic as a 'nuclear option' which is now practically the default when the need to add services or users to an existing contract triggers an 'audit' by Oracle. An ex-Oracle contract negotiator who now works in the ever-expanding business niche of 'Oracle contract negotiation' commented 'Internally, the water cooler gossip there is that they've never seen this kind of aggression before. Oracle has really dialed it up. Customers are buying cloud services to make the Oracle issue go away, not because they have any intention of using cloud services.'

Exploring the Relationships Between Tech Skills (Visualization) 65

Nerval's Lobster writes: Simon Hughes, Dice's Chief Data Scientist, has put together an experimental visualization that explores how tech skills relate to one another. In the visualization, every circle or node represents a particular skill; colors designate communities that coalesce around skills. Try clicking "Java", for example, and notice how many other skills accompany it (a high-degree node, as graph theory would call it). As a popular skill, it appears to be present in many communities: Big Data, Oracle Database, System Administration, Automation/Testing, and (of course) Web and Software Development. You may or may not agree with some relationships, but keep in mind, it was all generated in an automatic way by computer code, untouched by a human. Building it started with Gephi, an open-source network analysis and visualization software package, by importing a pair-wise comma-separated list of skills and their similarity scores (as Simon describes in his article) and running a number of analyses: Force Atlas layout to draw a force-directed graph, Avg. Path Length to calculate the Betweenness Centrality that determines the size of a node, and finally Modularity to detect communities of skills (again, color-coded in the visualization). The graph was then exported as an XML graph file (GEXF) and converted to JSON format with two sets of elements: Nodes and Links. "We would love to hear your feedback and questions," Simon says.

SCOTUS Denies Google's Request To Appeal Oracle API Case 181

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.

The Next Java Update Could Make Yahoo Your Default Search Provider 328

itwbennett writes: At the company's shareholder meeting on Wednesday, Yahoo CEO Marissa Mayer announced a partnership with Oracle that could result in Yahoo becoming your default search provider in your browser. Starting this month, when users are prompted to update to the next version of Java, they'll be asked to make Yahoo their default search engine on Chrome (and Internet Explorer, for what it's worth). And, according to a Wall Street Journal report, the button will be checked by default, so if you aren't looking out for it, you might unwittingly find yourself a Yahoo user.