Trailrunner7 writes "Database security super-genius David Litchfield has found a way to manipulate common Oracle data types, which were not thought to be exploitable, and inject arbitrary SQL commands. The new method shows that you can no longer assume any data types are safe from attacker input, regardless of their location or function. 'In conclusion, even those functions and procedures that don't take user input can be exploited if SYSDATE is used. The lesson here is always, always validate and prevent this type of vulnerability getting into your code. The second lesson is that no longer should DATE or NUMBER data types be considered as safe and not useful as injection vectors: as this paper (PDF) has proved, they are,' Litchfield writes."

conan1989 writes to tell us that a recent report from the Standish Group is claiming that open source is costing the traditional software market somewhere in the neighborhood of $60 billion per year in revenue. "MySQL Marten Mickos has often spoken of 'taking a $10 billion market and making it a $3 billion market.' If you consider that open source has taken out $60 billion of traditional software revenues there will be a bloodletting in the proprietary world soon enough. It's a great time to be an open source company."

An anonymous reader writes "From the MySQL User's Conference, Sun has announced, and former CEO Marten Mickos has confirmed, that Sun will be close sourcing sections of the MySQL code base. Sun will begin with close sourcing the backup solutions to MySQL, and will continue with more advanced features. With Oracle owning Innodb, and it being GPL, does this mean that MySQL will be removing it to introduce these features? Sun has had a very poor history of actually open sourcing anything."

stoolpigeon writes "IBM has made a move to support open source RDBMS PostgreSQL by investing in EnterpriseDB, a company that supports PostgreSQL as well as selling their own proprietary extensions to the database product. IBM participated in a $10 million funding round, though the article doesn't say how much they invested. In the past EnterpriseDB has primarily advertised itself as an Oracle competitor, though the article says, 'Derek Rodner, EnterpriseDB's director of product strategy, explained that Postgres Plus 8.3 also adds in new application quick starts which are supposed to help with installation issues. They will also help in EnterpriseDB's battle against MySQL for open source database supremacy.'"

OTDR alerts us to the latest software patent stupidity in the news as patent number 6,418,462, "methods allowing clients to perform tasks through a sideband communication channel, in addition to the main communication channel between a client and server," snubs its nose at AJAX, ftp, and decades of prior art and goes on sale next month in San Fransisco. "Singled out are AJAX mashups including Google Maps and Gmail, and Microsoft 'Live'... Also in the frame are Amazon's S3 and EC2 and clusters from Microsoft, VMware, and Oracle. eBay's Skype, Napster, and Microsoft's Groove are also listed as potentially infringing on the patent in P2P."

alx5000 writes "In an interview conducted last week with Consumer Eroski (link in Spanish; Google translation), the father of Tetris Alexey Pajitnov claimed that 'Free Software should have never existed,' since it 'destroys the market' by bringing down companies that create wealth and prosperity. When asked about Red Hat or Oracle's support-oriented model, he called them 'a minority,' and also criticized Stallman's ideas as 'belonging to the past' where there were no software 'business possibilities.'"

Reservoir Hill writes "Randall Stross has an insightful article in the NY Times that says that if Microsoft thinks this is the right time to try a major acquisition on a scale it has never tried before, it should pursue not Yahoo but SAP, another major player in business software, thus merging Microsoft's strength with that of another. This is more likely to produce a happy outcome than yoking two ailing businesses, Yahoo's and Microsoft's own online offerings, and hoping for a miracle. Stross points to Oracle as a company whose acquisition strategy has picked up key products and customers while avoiding venturing too far from its core business, or overpaying. Stross recommends that Microsoft acquire SAP and leave it alone as an autonomous division — which would avoid a culture-clash integration fiasco. Besides, large enterprise customers are arguably the best customers a software company can have. A few dozen well-paying Fortune 500 customers may actually be more valuable than tens of millions of Web e-mail 'customers' who pay nothing for the service and whose attention is not highly valued by online advertisers."

sleeplesseye writes "In a speech at the Midem music industry convention in Cannes, Paul McGuinness, longtime manager of the band U2, has called on Internet service providers to immediately introduce mandatory French-style service disconnections to end music downloading, and has urged governments to force ISPs to adopt such policies. McGuinness criticized Radiohead's 'In Rainbows' pay-what-you-want business model, saying that 'the majority of downloads were through illegal P2P download services like BitTorrent and LimeWire'. He also accused ISPs, telcos, device makers, and numerous specifically named companies such as Apple, Google, Yahoo!, Oracle, and Facebook of building 'multi billion dollar industries on the back of our content without paying for it', and of being 'makers of burglary kits' who have made 'a thieves' charter' to steal money from the music industry. The full text of his speech has been posted on U2's website."

In an event not as surprising as this morning's buyout announcement, but still noteworthy, Oracle has purchased BEA Systems. The middleware maker was snapped up for the sum of $8.5 billion, the second offer Oracle put forward. "BEA had long been considered a prime takeover target in an industry that has been consolidating for several years, but BEA executives had repeatedly dismissed Oracle's overtures, saying the company could perform better independently. Mr. Icahn began buying up BEA shares last summer, and today owns 13 percent of the company. The deal makes Oracle the undisputed leader in the market for middleware, business software that gets its name from its role as a layer of programming code that resides between a company's database system and the payroll, human resources and inventory systems that use the same data."

alphadogg writes "The open source industry in 2008 will be marked by more news out of Microsoft, IBM, Oracle and other big IT vendors, less start-up funding, more M&A activity, and an increasingly serious talent shortage, according to Raven Zachary, open source research director for The 451 Group. One example of the talent shortage will be people with expertise in the Tomcat open source Java servlet middleware from the Apache Foundation. 'There are 25 or so core contributors to that project,' Zachary said. 'Over the past four or five years that number has stayed virtually [unchanged]... but the growth of Tomcat has been astronomical.'"

BobB writes "Oracle is going after its piece of the hot virtualization market by introducing an open source Xen-based hypervisor to compete against those from Novell, Red Hat, and VMware. Oracle VM, unveiled Monday at the Oracle OpenWorld convention in San Francisco, enables virtualization on Oracle and non-Oracle software applications and on the Linux and Windows OSs. It also operates on industry-standard x86- and x86-64-based servers. Oracle claims it offers virtualization at a lower cost than competitors can." VMware stock dropped over 10% on the news; Oracle's stock rose. The market was not punishing Oracle for the unpatched zero-day vulnerability (public exploit available) that the company won't patch until Jan. 15.

Of all the titles in the Legend of Zelda series, some of the most-respected have been for handheld consoles. Link's Awakening, the Oracle duo, and Minish Cap all manage to combine on-the-road gaming with a certain purity of Zelda-ness. Link's most recent adventure on the small screen, Phantom Hourglass, generally continues this tradition and introduces a number of new elements to the property. Unique controls, a true sequel, and cel-shaded graphics all make Hourglass stand out from 'traditional' Zelda games, and together the whole hangs together fairly well. Read on for my impressions of this pint-sized return to Hyrule.

shadowmage13 writes "Google just announced that starting tonight, developers can start writing applications using the social API for Orkut, MySpace, Engage.com, Friendster, hi5, Hyves, imeem, LinkedIn, Ning, Oracle, Plaxo, Salesforce.com, Six Apart, Tianji, Viadeo, and XING at http://code.google.com/apis/opensocial. Will Facebook give in?" There is quite a bit of analysis of this announcement available in yesterday's discussion.

andy1307 writes to tell us that according to the Mercury News, Oracle has made an unsolicited bid to buy BEA Systems for about $6.7 billion. BEA confirmed that it rejected the $17 a share bid as too low. "BEA told Phillips that its board of directors believes BEA 'is worth substantially more to Oracle, to others and, importantly, to our shareholders than the price indicated in your letter.' Oracle's aggressive bid may be an attempt to pre-empt an acquisition by others, Finley said. Those named in the past as potential suitors include IBM, the German software company SAP AG and Hewlett-Packard. Trip Chowdhry of Global Equity Research said he expects a counterbid from SAP, which he said needs BEA to survive. 'If they don't get BEA, probably in two years SAP will be on the block to sell itself,' Chowdhry predicted. Oracle needs to keep BEA out of competitors' hands, he said. Chowdhry said the offer currently 'is not right. Probably at $21 the deal will get done.'"

bednarz writes "IBM has added a twist to its new commitment to help OpenOffice.org battle Microsoft Office by donating code that was originally derived in part from a Microsoft-developed technology. IBM's iAccessible2, code-named Project Missouri, is a specification for technology used to help the visually impaired interact with Open Document Format (ODF)-compliant applications and was developed in part using Microsoft Active Accessibility (MAA). 'When the specification was donated to the Linux Foundation, Oracle, Sun, and SAP committed to help with future development. Mozilla is committed to incorporating it into its Firefox browser, and vendors GW Micro and Freedom Scientific will also use it in their own screen reader products. In addition, Project Missouri has won accolades from the American Association of People with Disabilities, the American Foundation for the Blind, and the National Federation of the Blind in Computer Science.'"

An anonymous reader writes "The Computer & Communications Industry Association filed a complaint this month with the FTC 'alleging that professional sports leagues, Hollywood studios, and book publishers were all using copyright notices that misrepresented the law'. That is, they were aggressively pursuing 'right' that they were not entitled to. Now a group, backed by companies like Oracle, Microsoft, Google, Yahoo, Sun, and Red Hat, has launched a web site called Defend Fair Use that shows they are serious about making the complaint stick. From the article: 'In contrast to copyright notices that take no account of fair use and claim control over "all accounts and descriptions" of a game, the CCIA offers a different copyright notice of its own. "We recognize that copyright law guarantees that you, as a member of the public, have certain legal rights," it says, "You may copy, distribute, prepare derivative works, reproduce, introduce into an electronic retrieval system, perform, and transmit portions of this publication provided that such use constitutes 'fair use' under copyright law, or is otherwise permitted by applicable law."'"

Jaden writes "Oracle expanded the list of hardware compatible with its Linux distribution and added support for Novell's YAST administration tool. They have now certified six hardware configurations able to run Oracle Enterprise Linux. Certified products include those made by Compellent Technologies, Dell, Egenera, EMC, Hewlett-Packard, Pillar Data Systems and Unisys. Oracle also said it is releasing an open-source version of the YAST Linux installation and configuration tool for Oracle Enterprise Linux and Red Hat Enterprise Linux under the General Public License."

anticlimate writes "A new benchmark published on SPEC shows PostgreSQL's performance approaching that of Oracle's and surpassing or on par with MySQL (however the test-hardwares of the other DB systems are somewhat different). The test was put together by PostgreSQL's core developers working at Sun. They certainly are not unbiased, but this is the first 'real' benchmark with PostgreSQL — according to Josh Berkus's blog. The main difference compared to earlier benchmarks (and anecdotes) seems to be the tuning of PostgreSQL."

netbuzz writes "SAP's CEO Henning Kagermann uses the undoubtedly lawyered term 'inappropriate download' to describe the company's questionable actions. Henning blames a rogue business unit, but there can be no mistaking the fact that Oracle caught SAP with its hand in the IP jar on this one. The legal proceedings that will follow should prove interesting. 'The admission hurts SAP's reputation in the battle with Larry Ellison's Oracle in the $56 billion market for software that manages tasks such as payroll. The rivalry between SAP and Oracle escalated when Oracle filed its March 22 lawsuit claiming SAP workers hacked into a Web site and stole software codes on a grand scale.'"

coondoggie writes "Looking to address critics, the US Patent and Trademark Office this week is starting a program to speed up and improve the review of computer hardware and software technologies. The agency is set to launch a peer-review pilot project that will give technical experts in computer technology, for the first time, the opportunity to submit technical reports relevant to the claims of a published patent application before an examiner reviews it. The idea is to get as much knowledge about a particular claim in front of an examiner as quickly as possible so they can make a decision faster, the agency said. IBM, Microsoft, General Electric, Hewlett-Packard, CA, and Red Hat have already agreed to review some software patent applications for the one-year community review project. Intel, Sun, Oracle, Yahoo, and others are also part of the project. The pilot is a joint initiative with the Community Patent Review Project, organized by the New York Law School's Institute for Information and Policy.