this post was submitted on 20 Jun 2024
150 points (100.0% liked)

Programming

423 readers
9 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 1 year ago
MODERATORS
 

Organizations that do not consider themselves Oracle customers, but who use Java, can expect a call from the Big Red in the next three to nine months, according to a software licensing specialist.

House of Brick, which has spent years advising clients on how to manage their commercial arrangements with Oracle, said it had noticed an uptick in organizations seeking advice after being contacted by the tech giant about their Java use.

"Even if you are not an Oracle customer, they are tracking product downloads and matching the IP addresses to your organization. Oracle has deployed a whole team of people in India that are contacting organizations worldwide with claims of non-compliant Java SE usage," the company said in a blog, referring to the runtime environment.

While most Oracle and Java users have become aware of the changes, those who have never dealt with Oracle for their applications, database or middleware software might be new to the arrangement.

"They don't have a relationship with Oracle. But Oracle has tracked Java SE downloads to their company. And then Oracle approached them saying 'We see that you've been downloading our Java SE product, it requires a licence.' This might be an email coming from a person that has an audit or similar title in their signature," said Nathan Biggs, House of Brick CEO.

For example, Oracle is likely to ask for the installation date and ask whether the customer also deploys on VMware.

But Oracle will be leading towards an "offer" to overlook earlier unlicensed software if they agree to sign up to the new subscription model, Biggs said.

Organizations should be careful before they take up the offer, he said. Users with legacy Oracle agreements face more than 100 percent — even 1,000 percent — cost increases when moving to the new terms. Bills going from tens of thousands of dollars to more than a million have been confirmed by multiple licensing specialists.

He said Oracle is entitled to ask for backdated payments for people already using Java since the paid-for deal was announced. But whether they should be forced to adopted the 2023 per employee arrangement is a moot point.

To start with, Oracle will limit the back-payment to three years. But it will also try to charge users under the Universal pricing arrangement introduced in January 2023.

"This is absurd because the universal pricing has only been around for a year. We always then push back on Oracle," he said.

top 19 comments
sorted by: hot top controversial new old
[–] leds@feddit.dk 46 points 5 months ago (2 children)

Remember that Microsoft offers a nicely packaged version of openjdk for download

[–] thingsiplay 45 points 5 months ago (1 children)

Or on Linux systems as well. Another reason why Open Source / Libre Software is not only important, but essential to keep the freedom of users intact. There is no tracking, no artificial limitation from Oracle and no cost involved as well.

The Java implementation from Oracle needs to die. Everyone should switch to openjdk or stop using Java.

[–] eveninghere 1 points 5 months ago

Company asks me if I use Oracle Java. The problem is, how would I know I'm 100% clean?

If every library dev start doing this we need a horrible amount of extra work to make sure the system is clean...

[–] tyler@programming.dev 4 points 5 months ago

Just use asdf or the alternative that works on windows. You can specify all your languages in the file even for maven or gradle or any thing else as well. No more managing installs.

[–] empireOfLove2@lemmy.dbzer0.com 28 points 5 months ago (1 children)

Oracle doing Oracle things.

Never forget what their name's acronym really stands for...

[–] DmMacniel@feddit.de 6 points 5 months ago (1 children)
[–] Badabinski@kbin.earth 9 points 5 months ago

Someone beat me to the punch about the true meaning of Oracle, so I'll instead link this wonderful video about why you shouldn't make the mistake of anthropomorphizing Larry Ellison: https://youtube.com/watch?v=-zRN7XLCRhc&t=1981s

[–] kryllic@programming.dev 24 points 5 months ago (1 children)

But Oracle will be leading towards an "offer" to overlook earlier unlicensed software if they agree to sign up to the new subscription model, Biggs said.

So...Oracle is just adopting the mafia mentality to accomplish this? Yeesh.

[–] IHeartBadCode@kbin.run 3 points 5 months ago

Oracle is just adopting the mafia mentality

What do you mean "just"? This has always been Oracle.

[–] NigelFrobisher@aussie.zone 14 points 5 months ago

Oracle has always been the Mafia Family of tech companies. Once you’re in, you’re in for life.

[–] Luvon 14 points 5 months ago (1 children)

And that’s why we use temurin

[–] JackbyDev@programming.dev 2 points 5 months ago

Hell yes, Luvon. Temurin is the GOAT.

[–] henfredemars@infosec.pub 14 points 5 months ago

Oracle would like to know your location, but seriously they would so they can throw lawyers at you.

[–] Suppoze 9 points 5 months ago (2 children)

Honestly, the new licensing model for Oracle JDK was known for so, so long, and every company had every chance to use an open alternative. Actually I think Oracle has been pretty lenient with it's grace period, so I don't feel sorry for the companies held accountable over this

[–] senkora@lemmy.zip 13 points 5 months ago

The way the article makes it sound is, if individual employees download OracleJDK while on the company network, and use it for small personal scripts or automation, then that might be enough to trigger Oracle to act.

If your company is large enough, then enough employees may have done that to make you a reasonable target for litigation if you don’t work something out with Oracle. And Oracle is an expert at litigation.

I think that the best defense for a large company would be to IP block all Oracle domains and periodically scan employee laptops for any Oracle products (especially JDK and VirtualBox guest additions) and delete them.

You really have to treat anything that Oracle touches as malware if you want to protect yourself.

[–] lemmyvore@feddit.nl 4 points 5 months ago

Yeah this is pretty much non-news at this point. The last unencumbered versions of JDK and JRE from Oracle went out in 2019, that's 5 years ago, and they're still allowing a grace period of another 6 months.

I mean don't get me wrong, Oracle sucks and the way they go about licensing is shit, but at this point come on. If a company hasn't bothered to get rid of Oracle's version of Java for the last 6 years maybe they want to get shafted? I don't kink-shame.

[–] Corbin@programming.dev 7 points 5 months ago

This shit is why I cannot recommend Truffle/Graal. Yes, it's cool technology. Yes, it works well. Yes, I remember Chris Seaton. Yes, most of it is Free Software. However, Oracle is still the fucking lawnmower, and it's not safe to build upon anything they can convince a judge they might own.

Alternatives include RPython (my preference) and also GNU Lightning.

[–] biscuitswalrus@aussie.zone 5 points 5 months ago

One rich company trying to claim money off the other rich companies using its software. The ROI on enforcing these will come from only those that really should have afforded to pay and if they can't, shouldn't have built on the framework. Let them duke it out. I have zero empathy for either side.

The hopeful other side is with a "budget" for the license, a company can consider using that to weigh up open source contributions and expertise. Allowing those projects to have experts who have income. Even if it's only a few companies that then hire for that role of porting over, and contributing back to include needed features, more of that helps everyone.

The same happens in security, there used to be no budget for it, it was a cost centre. But then insurance providers wouldn't provide cyber insurance without meeting minimum standards (after they lost billions) and now companies suddenly have a budget. Security is thriving.

When companies value something, because they need to weigh opportunity cost, they'll find money.

[–] MonkderDritte@feddit.de 1 points 5 months ago

But it's openjre...