this post was submitted on 20 Jun 2024
273 points (99.6% liked)

Programming

17423 readers
25 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 1 year ago
MODERATORS
 

Organizations that do not consider themselves Oracle customers, but who use Java, can expect a call from the Big Red in the next three to nine months, according to a software licensing specialist.

House of Brick, which has spent years advising clients on how to manage their commercial arrangements with Oracle, said it had noticed an uptick in organizations seeking advice after being contacted by the tech giant about their Java use.

"Even if you are not an Oracle customer, they are tracking product downloads and matching the IP addresses to your organization. Oracle has deployed a whole team of people in India that are contacting organizations worldwide with claims of non-compliant Java SE usage," the company said in a blog, referring to the runtime environment.

While most Oracle and Java users have become aware of the changes, those who have never dealt with Oracle for their applications, database or middleware software might be new to the arrangement.

"They don't have a relationship with Oracle. But Oracle has tracked Java SE downloads to their company. And then Oracle approached them saying 'We see that you've been downloading our Java SE product, it requires a licence.' This might be an email coming from a person that has an audit or similar title in their signature," said Nathan Biggs, House of Brick CEO.

For example, Oracle is likely to ask for the installation date and ask whether the customer also deploys on VMware.

But Oracle will be leading towards an "offer" to overlook earlier unlicensed software if they agree to sign up to the new subscription model, Biggs said.

Organizations should be careful before they take up the offer, he said. Users with legacy Oracle agreements face more than 100 percent — even 1,000 percent — cost increases when moving to the new terms. Bills going from tens of thousands of dollars to more than a million have been confirmed by multiple licensing specialists.

He said Oracle is entitled to ask for backdated payments for people already using Java since the paid-for deal was announced. But whether they should be forced to adopted the 2023 per employee arrangement is a moot point.

To start with, Oracle will limit the back-payment to three years. But it will also try to charge users under the Universal pricing arrangement introduced in January 2023.

"This is absurd because the universal pricing has only been around for a year. We always then push back on Oracle," he said.

all 44 comments
sorted by: hot top controversial new old
[–] leds@feddit.dk 75 points 4 months ago (3 children)

Remember that Microsoft offers a nicely packaged version of openjdk for download

[–] thingsiplay@beehaw.org 45 points 4 months ago (1 children)

Or on Linux systems as well. Another reason why Open Source / Libre Software is not only important, but essential to keep the freedom of users intact. There is no tracking, no artificial limitation from Oracle and no cost involved as well.

The Java implementation from Oracle needs to die. Everyone should switch to openjdk or stop using Java.

[–] eveninghere@beehaw.org 1 points 4 months ago

Company asks me if I use Oracle Java. The problem is, how would I know I'm 100% clean?

If every library dev start doing this we need a horrible amount of extra work to make sure the system is clean...

[–] tyler@programming.dev 7 points 4 months ago

Just use asdf or the alternative that works on windows. You can specify all your languages in the file even for maven or gradle or any thing else as well. No more managing installs.

[–] deathmetal27@lemmy.world 5 points 4 months ago

So do Eclipse, IBM, Amazon, Azul, Liberica, etc. There is really no reason to download any JDK version from the OTN ever.

Also if your organisation still relies on JDK 8 then using a non-Oracle openjdk version is your only option if you don't want to give Oracle money.

[–] empireOfLove2@lemmy.dbzer0.com 50 points 4 months ago (1 children)

Oracle doing Oracle things.

Never forget what their name's acronym really stands for...

[–] DmMacniel@feddit.de 9 points 4 months ago (2 children)
[–] spicystraw@lemmy.world 48 points 4 months ago (1 children)

"One Rich Asshole Called Larry", which is a common joke about the company's founder Larry Ellison.

Or

"One Real Asshole Called...", which is another derogatory joke about the company and its leadership.
[–] tyler@programming.dev -2 points 4 months ago (1 children)

There’s not even an e after the l

[–] Quetzalcutlass@lemmy.world 16 points 4 months ago (1 children)
[–] tyler@programming.dev 2 points 4 months ago
[–] Badabinski@kbin.earth 12 points 4 months ago

Someone beat me to the punch about the true meaning of Oracle, so I'll instead link this wonderful video about why you shouldn't make the mistake of anthropomorphizing Larry Ellison: https://youtube.com/watch?v=-zRN7XLCRhc&t=1981s

[–] bitchkat@lemmy.world 39 points 4 months ago (3 children)

Why would anyone go through the pain of installing Oracle java when you can just install openjdk from the repos. If you develop on windows, Adoptium.net will give you prebuilt openjdk.

[–] echo@lemmings.world 11 points 4 months ago (3 children)

Because they make it stupidly difficult to find the latest OpenJDK for any given major version.

[–] lemmyvore@feddit.nl 4 points 4 months ago (2 children)

What do you mean? It's very easy to find the download page for OpenJDK, and Adoptium's Temurin seems to be equally easy to find.

[–] echo@lemmings.world 4 points 4 months ago (1 children)

Google "openjdk 10 download site: openjdk.org" or any other older version and you'll get zero links that take you to the download. Change your link to /8 or /10 or whatever version you want and that doesn't work, either.

So what I mean is exactly what I said... it's too damn hard to find the download.

[–] lemmyvore@feddit.nl 1 points 4 months ago

On Google I get the link to the download page as 3rd result, and on DuckDuckGo is the first result.

There might also be some confusion related to the fact openjdk.org only called its builds "openjdk" for version 8 and for versions 11+. Versions 7, 9 and 10 were just called "JDK" so technically there's no such thing as "openjdk 10".

[–] JackbyDev@programming.dev 2 points 4 months ago (1 children)

Adoptium and OpenJDK are different builds. OpenJDK has no concept of LTS which is why they only provide the latest build. Adoptium has LTS versions and you can download past ones.

[–] lemmyvore@feddit.nl 2 points 4 months ago

You can download past versions of OpenJDK going back to 7 from the link I gave above.

[–] cheddar@programming.dev 1 points 4 months ago

That is not a good excuse for a company that makes money thanks to Java.

[–] JackbyDev@programming.dev 0 points 4 months ago

That's why you shouldn't use OpenJDK. You should use Adoptium (formerly known as AdoptOpenJDK). OpenJDK also doesn't provide builds of anything but the latest version even though the source is still receiving bug fixes for previous versions. OpenJDK has no concept of LTS.

[–] LaggyKar@programming.dev 9 points 4 months ago (1 children)

If you develop on windows, Adoptium.net will give you prebuilt openjdk.

Only if you know it exists. It's not something that comes up when searching for it.

[–] bitchkat@lemmy.world 2 points 4 months ago (1 children)

searching for "openjdk download" has Adoptium.net in the first 5 results.

[–] RagingRobot@lemmy.world 2 points 4 months ago (1 children)

Yeah but you know it exists lol how would someone just looking for the java run time know that openjdk exists to search for it?

[–] JackbyDev@programming.dev 1 points 4 months ago

I'm hoping all professional Java developers either know about the existence of OpenJDK or one of their bosses or IT does and will appropriately direct them to foss builds of the JDK. Even then, I think (hope) most people using AWS will use Coretto.

[–] kryllic@programming.dev 37 points 4 months ago (1 children)

But Oracle will be leading towards an "offer" to overlook earlier unlicensed software if they agree to sign up to the new subscription model, Biggs said.

So...Oracle is just adopting the mafia mentality to accomplish this? Yeesh.

[–] IHeartBadCode@kbin.run 3 points 4 months ago

Oracle is just adopting the mafia mentality

What do you mean "just"? This has always been Oracle.

[–] MehBlah@lemmy.world 35 points 4 months ago

A good response would be "We have blocked your networks at the firewall and are in the process of eliminating any of your software that has infected our network."

[–] NigelFrobisher@aussie.zone 25 points 4 months ago

Oracle has always been the Mafia Family of tech companies. Once you’re in, you’re in for life.

[–] mindbleach@sh.itjust.works 21 points 4 months ago

Java is an okay format owned by the devil. When two devices running Java connect via wifi, One Rich Asshole Called Larry Ellison expects the air in-between them to be properly licensed. If the free software movement had not been founded to say "fuck printers," it would have sprung into being in order to say "fuck Oracle."

If businesses spring up to advise customers how to handle your billing and legal departments, maybe you shouldn't be a company anymore.

[–] eager_eagle@lemmy.world 20 points 4 months ago* (last edited 4 months ago) (1 children)

I received an email about this one year ago from one of the universities technicians/systems maintainer to let them know if we were running non-openjdk java runtimes because they received a million-dollar "warning" email. Greedy corps are even going after universities.

[–] JackbyDev@programming.dev 1 points 4 months ago

Wowwww that's truly fucked up.

[–] henfredemars@infosec.pub 20 points 4 months ago

Oracle would like to know your location, but seriously they would so they can throw lawyers at you.

[–] Luvon@beehaw.org 14 points 4 months ago (1 children)

And that’s why we use temurin

[–] JackbyDev@programming.dev 2 points 4 months ago

Hell yes, Luvon. Temurin is the GOAT.

[–] Corbin@programming.dev 12 points 4 months ago

This shit is why I cannot recommend Truffle/Graal. Yes, it's cool technology. Yes, it works well. Yes, I remember Chris Seaton. Yes, most of it is Free Software. However, Oracle is still the fucking lawnmower, and it's not safe to build upon anything they can convince a judge they might own.

Alternatives include RPython (my preference) and also GNU Lightning.

[–] biscuitswalrus@aussie.zone 8 points 4 months ago

One rich company trying to claim money off the other rich companies using its software. The ROI on enforcing these will come from only those that really should have afforded to pay and if they can't, shouldn't have built on the framework. Let them duke it out. I have zero empathy for either side.

The hopeful other side is with a "budget" for the license, a company can consider using that to weigh up open source contributions and expertise. Allowing those projects to have experts who have income. Even if it's only a few companies that then hire for that role of porting over, and contributing back to include needed features, more of that helps everyone.

The same happens in security, there used to be no budget for it, it was a cost centre. But then insurance providers wouldn't provide cyber insurance without meeting minimum standards (after they lost billions) and now companies suddenly have a budget. Security is thriving.

When companies value something, because they need to weigh opportunity cost, they'll find money.

[–] Suppoze@beehaw.org 7 points 4 months ago (2 children)

Honestly, the new licensing model for Oracle JDK was known for so, so long, and every company had every chance to use an open alternative. Actually I think Oracle has been pretty lenient with it's grace period, so I don't feel sorry for the companies held accountable over this

[–] senkora@lemmy.zip 13 points 4 months ago

The way the article makes it sound is, if individual employees download OracleJDK while on the company network, and use it for small personal scripts or automation, then that might be enough to trigger Oracle to act.

If your company is large enough, then enough employees may have done that to make you a reasonable target for litigation if you don’t work something out with Oracle. And Oracle is an expert at litigation.

I think that the best defense for a large company would be to IP block all Oracle domains and periodically scan employee laptops for any Oracle products (especially JDK and VirtualBox guest additions) and delete them.

You really have to treat anything that Oracle touches as malware if you want to protect yourself.

[–] lemmyvore@feddit.nl 4 points 4 months ago

Yeah this is pretty much non-news at this point. The last unencumbered versions of JDK and JRE from Oracle went out in 2019, that's 5 years ago, and they're still allowing a grace period of another 6 months.

I mean don't get me wrong, Oracle sucks and the way they go about licensing is shit, but at this point come on. If a company hasn't bothered to get rid of Oracle's version of Java for the last 6 years maybe they want to get shafted? I don't kink-shame.

[–] MonkderDritte@feddit.de 2 points 4 months ago

But it's openjre...

[–] PenisWenisGenius@lemmynsfw.com 1 points 4 months ago

Wow if you don't have a vpn you're fucked these days.