Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Security

POODLE Flaw Returns, This Time Hitting TLS Protocol 54

Posted by Soulskill
from the its-bite-is-worse-than-its-bark dept.
angry tapir writes: If you patched your sites against a serious SSL flaw discovered in October you will have to check them again. Researchers have discovered that the POODLE vulnerability also affects implementations of the newer TLS protocol. The POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability allows attackers who manage to intercept traffic between a user's browser and an HTTPS website to decrypt sensitive information, like the user's authentication cookies.
Operating Systems

The Schizophrenic Programmer Who Built an OS To Talk To God 452

Posted by Soulskill
from the there's-an-app-for-everything-these-days dept.
rossgneumann writes: Terry Davis, a schizophrenic programmer, has spent 10 years building an operating system to talk to God. He's done this work because God told him to. According to the TempleOS charter, it is "God's official temple. Just like Solomon's temple, this is a community focal point where offerings are made and God's oracle is consulted." [The TempleOS V2.17 welcome screen] greets the user with a riot of 16-color, scrolling, blinking text; depending on your frame of reference, it might recall DESQview, the Commodore 64, or a host of early DOS-based graphical user interfaces. In style if not in specifics, it evokes a particular era, a time when the then-new concept of "personal computing" necessarily meant programming and tinkering and breaking things.
Cloud

Amazon Goes After Oracle (Again) With New Aurora Database 102

Posted by samzenpus
from the brand-new dept.
Sez Zero writes with news about the latest from Amazon Web Services. "Once again Amazon Web Services is taking on Oracle, the kingpin of relational databases, with Aurora, a relational database that is as capable as 'proprietary database engines at 1/10 the cost,' according to AWS SVP Andy Jassy. Amazon is right that customers, even big Oracle customers who hesitate to dump tried-and-true database technology are sick of Oracle’s cost structure and refusal to budge from older licensing models. Still there are very few applications that are more “sticky” than databases, which after typically contains the keys to the kingdom. Financial institutions see their use of Oracle databases as almost a pre-requisite for compliance, although that perception may be changing."
Electronic Frontier Foundation

Computer Scientists Ask Supreme Court To Rule APIs Can't Be Copyrighted 260

Posted by Soulskill
from the pleading-for-sanity dept.
An anonymous reader writes: The EFF, representing a coalition of computer scientists, filed an amicus brief with the Supreme Court yesterday hoping for a ruling that APIs can't be copyrighted. The names backing the brief include Bjarne Stroustrup, Ken Thompson, Guido van Rossum, and many other luminaries. "The brief explains that the freedom to re-implement and extend existing APIs has been the key to competition and progress in both hardware and software development. It made possible the emergence and success of many robust industries we now take for granted—for example, mainframes, PCs, and workstations/servers—by ensuring that competitors could challenge established players and advance the state of the art. The litigation began several years ago when Oracle sued Google over its use of Java APIs in the Android OS. Google wrote its own implementation of the Java APIs, but, in order to allow developers to write their own programs for Android, Google's implementation used the same names, organization, and functionality as the Java APIs."
Databases

Ask Slashdot: Choosing a Data Warehouse Server System? 147

Posted by timothy
from the index-cards-and-an-actual-warehouse dept.
New submitter puzzled_decoy writes The company I work has decided to get in on this "big data" thing. We are trying to find a good data warehouse system to host and run analytics on, you guessed it, a bunch of data. Right now we are looking into MSSQL, a company called Domo, and Oracle contacted us. Google BigQuery may be another option. At its core, we need to be able to query huge amounts of data in sometimes rather odd ways. We need a strong ETLlayer, and hopefully we can put some nice visual reporting service on top of wherever the data is stored. So, what is your experience with "big data" servers and services? What would you recommend, and what are the pitfalls you've encountered?
Google

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40 70

Posted by samzenpus
from the get-it-out dept.
An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
Microsoft

Microsoft, Ask.com, Oracle Latest To Be Sued Over No-Poach Deal 47

Posted by timothy
from the all-in-the-same-gang-but-mostly-west-coast dept.
itwbennett (1594911) writes Oracle, Microsoft and Ask.com are facing suits alleging that they conspired to restrict hiring of staff. The suits appear to refer to a memo that names a large number of companies that allegedly had special arrangements with Google to prevent poaching of staff and was filed as an exhibit on May 17, 2013 in another class action suit over hiring practices. The former employees filing lawsuits against Microsoft, Ask.com and Oracle have asked that the cases be assigned to Judge Koh as there were similarities with the case against Google, Apple and others — and it maybe doesn't hurt that Judge Koh thought the $324.5 million settlement in that case was too low.
Databases

Python-LMDB In a High-Performance Environment 98

Posted by Soulskill
from the fast-enough-to-cause-drama dept.
lkcl writes: In an open letter to the core developers behind OpenLDAP (Howard Chu) and Python-LMDB (David Wilson) is a story of a successful creation of a high-performance task scheduling engine written (perplexingly) in Python. With only partial optimization allowing tasks to be executed in parallel at a phenomenal rate of 240,000 per second, the choice to use Python-LMDB for the per-task database store based on its benchmarks, as well as its well-researched design criteria, turned out to be the right decision. Part of the success was also due to earlier architectural advice gratefully received here on Slashdot. What is puzzling, though, is that LMDB on Wikipedia is being constantly deleted, despite its "notability" by way of being used in a seriously-long list of prominent software libre projects, which has been, in part, motivated by the Oracle-driven BerkeleyDB license change. It would appear that the original complaint about notability came from an Oracle employee as well.
Java

Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days 111

Posted by Soulskill
from the of-pots-and-kettles dept.
mask.of.sanity writes: Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button to enable Java.
Oracle

Oracle Database Certifications Are No Longer Permanent 108

Posted by Soulskill
from the you're-now-allowed-to-forget-things dept.
jfruh writes: It used to be that you could get an Oracle database certification and declare yourself Oracle-certified for the rest of your career. That time is now over, causing a certain amount of consternation among DBAs. On the one hand, it makes sense that someone who's only been certified on a decade-old version of the product should need to prove they've updated their skills. On the other, Oracle charges for certification and will definitely profit from this shift."
Patents

Interviews: Ask Florian Mueller About Software Patents and Copyrights 187

Posted by samzenpus
from the go-ahead-and-ask dept.
Florian Mueller is a blogger, software developer and former consultant who writes about software patents and copyright issues on his FOSSPatents blog. In 2004 he founded the NoSoftwarePatents campaign, and has written about Microsoft's multi-billion-dollar Android patent licensing business and Google's appeal of Oracle's Android-Java copyright case to the Supreme Court. Florian has agreed to give us some of his time in order to answer your questions. As usual, ask as many as you'd like, but please, one per post.
Google

Google Takes the Fight With Oracle To the Supreme Court 146

Posted by timothy
from the by-the-power-your-black-robe-we-beseech-thee dept.
whoever57 writes Google has asked the Supreme Court to review the issue of whether APIs can be copyrighted. Google beat Oracle in the trial court, where a judge with a software background ruled that APIs could not be copyrighted. but the Appeals court sided with Oracle, ruling that APIs can be copyrighted. Now Google is asking the Supreme Court to overturn that decision. (Also of interest.)
Cloud

Vax, PDP/11, HP3000 and Others Live On In the Cloud 62

Posted by Soulskill
from the cloud-of-the-living-dead dept.
judgecorp writes: Surprisingly, critical applications still rely on old platforms, although legacy hardware is on its last legs. Swiss emulation expert Stromasys is offering emulation in the cloud for old hardware using a tool cheekily named after Charon, the ferryman to the afterlife. Systems covered include the Vax and PDP/11 platforms from Digital Equipment (which was swallowed by Compaq and then HP) as well as Digital's Alpha RISC systems, and HP's HP3000. It also offers Sparc emulation, although Oracle might dispute the need for this.
Oracle

Oracle CEO Larry Ellison Steps Down 142

Posted by timothy
from the one-real-american-named-larry-ellison dept.
mrspoonsi writes Oracle founder Larry Ellison is stepping down as CEO. He will be replaced by two executives. Former Oracle presidents Safra Catz and Mark Hurd will be co-CEOs. Ellison will be the Executive Chairman of Oracle's Board, and the company's CTO. Oracle's shares are off by 3% on the news. "Larry has made it very clear that he wants to keep working full time and focus his energy on product engineering, technology development and strategy," said the Oracle Board's Presiding Director, Dr. Michael Boskin.
Databases

UK's National Health Service Moves To NoSQL Running On an Open-Source Stack 198

Posted by Soulskill
from the deciding-to-DROP-it dept.
An anonymous reader sends this news from El Reg: The U.K.'s National Health Service has ripped the Oracle backbone from a national patient database system and inserted NoSQL running on an open-source stack. Spine2 has gone live following successful redevelopment including redeployment on new, x86 hardware. The project to replace Spine1 had been running for three years with Spine2 now undergoing a 45-day monitoring period. Spine is the NHS’s main secure patient database and messaging platform, spanning a vast estate of blades and SANs. It logs the non-clinical information on 80 million people in Britain – holding data on everything from prescriptions and payments to allergies. Spine is also a messaging hub, serving electronic communications between 20,000 applications that include the Electronic Prescription Service and Summary Care Record. It processes more than 500 complex messages a second.
Government

Oregon Suing Oracle Over Obamacare Site, But Still Needs Oracle's Help 116

Posted by samzenpus
from the I-hate-you-now-help-me dept.
jfruh writes Oracle and the state of Oregon are in the midst of a particularly nasty set of lawsuits over the botched rollout of Oregon's health care exchange site, with Oregon claiming that Oracle promised an "out-of-the-box solution" and Oracle saying that Oregon foolishly attempted to act as its own systems integrator. But one aspect of the dispute helps illustrate an unpleasant reality of these kinds of disputes: even as Oregon tries to extract damages from Oracle, it still needs Oracle's help to salvage the site.
Java

If Java Wasn't Cool 10 Years Ago, What About Now? 511

Posted by timothy
from the pretty-good-drink-especially-with-honey-and-cream dept.
10 years ago today on this site, readers answered the question "Why is Java considered un-cool?" 10 years later, Java might not be hip, but it's certainly stuck around. (For slightly more than 10 years, it's been the basis of the Advanced Placement test for computer science, too, which means that lots of American students are exposed to Java as their first formally taught language.) And for most of that time, it's been (almost entirely) Free, open source software, despite some grumbling from Oracle. How do you see Java in 2014? Are the pessimists right?
Oracle

Oregon Sues Oracle For "Abysmal" Healthcare Website 212

Posted by timothy
from the finest-consultants-in-the-land dept.
SpzToid (869795) writes The state of Oregon sued Oracle America Inc. and six of its top executives Friday, accusing the software giant of fraud for failing to deliver a working website for the Affordable Care Act program. The 126-page lawsuit claims Oracle has committed fraud, lies, and "a pattern of activity that has cost the State and Cover Oregon hundreds of millions of dollars". "Not only were Oracle's claims lies, Oracle's work was abysmal", the lawsuit said. Oregon paid Oracle about $240.3 million for a system that never worked, the suit said. "Today's lawsuit clearly explains how egregiously Oracle has disserved Oregonians and our state agencies", said Oregon Atty. Gen. Ellen Rosenblum in a written statement. "Over the course of our investigation, it became abundantly clear that Oracle repeatedly lied and defrauded the state. Through this legal action, we intend to make our state whole and make sure taxpayers aren't left holding the bag."

Oregon's suit alleges that Oracle, the largest tech contractor working on the website, falsely convinced officials to buy "hundreds of millions of dollars of Oracle products and services that failed to perform as promised." It is seeking $200 million in damages. Oracle issued a statement saying the suit "is a desperate attempt to deflect blame from Cover Oregon and the governor for their failures to manage a complex IT project. The complaint is a fictional account of the Oregon Healthcare Project."
Censorship

Russia Cracks Down On Public Wi-Fi; Oracle Blocks Java Downloads In Russia 254

Posted by timothy
from the interesting-times dept.
Linking to a story at Reuters, reader WilliamGeorge writes "Russia is further constraining access to the internet and freedom of speech, with new laws regarding public use of WiFi. Nikolai Nikiforov, the Russian Communications Minister, tweeted that "Identification of users (via bank cards, cell phone numbers, etc.) with access to public Wifi is a worldwide practice." This comes on top of their actions recently to block websites of political opponents to Russian president Vladimir Putin, require registration of prominent bloggers, and more. The law was put into effect with little notice and without the input of Russian internet providers. Sergei Plugotarenko, head of the Russian Electronic Communications Association, said "It was unexpected, signed in such a short time and without consulting us." He added, "We will hope that this restrictive tendency stops at some point because soon won't there be anything left to ban." In addition to the ID requirement to use WiFi, the new law also requires companies to declare who is using their web networks and calls for Russian websites to store their data on servers located in Russia starting in 2016." That's not the only crackdown in progress, though: former Slashdot code-wrestler Vlad Kulchitski notes that Russian users are being blocked from downloading Java with an error message that reads, in essence, "You are in a country on which there is embargo; you cannot download JAVA." Readers at Hacker News note the same, though comments there indicate that the block may rely on a " specific and narrow IP-block," rather than being widespread. If you're reading this from Russia, what do you find?
Java

Oracle Hasn't Killed Java -- But There's Still Time 371

Posted by Unknown Lamer
from the common-lisp-rising dept.
snydeq (1272828) writes Java core has stagnated, Java EE is dead, and Spring is over, but the JVM marches on. C'mon Oracle, where are the big ideas? asks Andrew C. Oliver. 'I don't think Oracle knows how to create markets. It knows how to destroy them and create a product out of them, but it somehow failed to do that with Java. I think Java will have a long, long tail, but the days are numbered for it being anything more than a runtime and a language with a huge install base. I don't see Oracle stepping up to the plate to offer the kind of leadership that is needed. It just isn't who Oracle is. Instead, Oracle will sue some more people, do some more shortsighted and self-defeating things, then quietly fade into runtime maintainer before IBM, Red Hat, et al. pick up the slack independently. That's started to happen anyhow.'

Never tell people how to do things. Tell them WHAT to do and they will surprise you with their ingenuity. -- Gen. George S. Patton, Jr.

Working...