Oracle v Google Copyright Trial in Progress
July 22, 2016
The battle between Google and Oracle over Android’s use of Java has gone to federal court, and the trial is expected to conclude in June. CBS San Francisco Bay Area reports, “Former Google CEO Testifies in Oracle-Google Copyright Trial.” The brief write-up reveals the very simple defense of Eric Schmidt, who was Google’s CEO while Android was being developed (and is now CEO of Google’s young parent company, Alphabet): “We believed our approach was appropriate and permitted,” he stated.
Java was developed back in the ‘90s by Sun Microsystems, which was bought by Oracle in 2010. Google freely admits using Java in the development of Android, but they assert it counts as fair use—the legal doctrine that allows limited use of copyrighted material if it is sufficiently transformed or repurposed. Oracle disagrees, though Schmidt maintains Sun Microsystems saw it his way back in the day. The article tells us:
“Schmidt told the jury that when Google was developing Android nine years ago, he didn’t believe the company needed a license from Sun for the APIs. “We believed our approach was appropriate and permitted,” he said.
“Under questioning from Google attorney Robert Van Nest, Schmidt said that in 2007, Sun’s chief executive officer Jonathan Schwartz knew Google was building Android with Java, never expressed disapproval and never said Google needed a license from Sun.
“In cross-examination by Oracle attorney Peter Bicks, Schmidt acknowledged that he had said in 2007 that Google was under pressure to compete with the Apple Inc.’s newly released iPhone.”
Yes it was, the kind of pressure that can erode objectivity. Did Google go beyond fair use in this case? The federal court will soon decide.
Cynthia Murrell, July 22, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
There is a Louisville, Kentucky Hidden Web/Dark
Web meet up on July 26, 2016.
Information is at this link: http://bit.ly/29tVKpx.
Defending Against Java Deserialization Ransomware
July 13, 2016
What is different about the recent rash of ransomware attacks against hospitals (besides the level of callousness it takes to hold the well-being of hospital patients for ransom)? CyberWatch brings us up to date in, “My Layman’’s Terms: The Java Deserialization Vulnerability in Current Ransomware.” Writer Cheryl Biswas begins by assuring us it is practicality, not sheer cruelty, that has hackers aiming at hospitals. Other entities, like law enforcement agencies, which rely on uninterrupted access to their systems to keep people safe are also being attacked. Oh, goody.
The problem begins with a vulnerability at the very heart of any Java-based system, the server. And here we thought open source was more secure than proprietary software. Biswas informs us:
“This [ransomware] goes after servers, so it can bring down entire networks, and doesn’t rely on the social engineering tactics to gain access. It’s so bad US-CERT has issued this recent advisory. I’ve laid out what’s been made available on just how this new strain of ransomware works. And I’ve done it in terms to help anybody take a closer look at the middleware running in their systems currently. Because a little knowledge could be dangerous thing used to our advantage this time.”
The article goes on to cover what this strain of ransomware can do, who could be affected, and how. One key point—anything that accepts serialized Java objects could be a target, and many Java-based middleware products do not validate untrusted objects before deserialization. See the article for more technical details, and for Biswas’ list of sources. She concludes with these recommendations:
“Needs to Happen:
“Enterprises must find all the places they use deserialized or untrusted data. Searching code alone will not be enough. Frameworks and libraries can also be exposed.
“Need to harden it against the threat.
“Removing commons collections from app servers will not be enough. Other libraries can be affected.
“Contrast Sec has a free tool for addressing issue. Runtime Application Self-Protection RASP. Adds code to deserialization engine to prevent exploitation.”
Organizations the world over must not put off addressing these vulnerabilities, especially ones in charge of health and safety.
Cynthia Murrell, July 13, 2016
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Elasticsearch is the Jack of All Trades at Goldman Sachs
August 25, 2015
The article titled Goldman Sachs Puts Elasticsearch to Work on Information Week discusses how programmers at Goldman Sachs are using Elasticsearch. Programmers there are working on applications to exploit both the data retrieval capabilities as well as the faculty it has for unstructured data. The article explains,
“Elasticsearch and its co-products — Logstash, Elastic’s server log data retrieval system, and Kibana, a dashboard reporting system — are written in Java and behave as core Java systems. This gives them an edge with enterprise developers who quickly recognize how to integrate them into applications. Logstash has plug-ins that draw data from the log files of 165 different information systems. It works natively with Elasticsearch and Kibana to feed them data for downstream analytics, said Elastic’s Jeff Yoshimura, global marketing leader.”
The article provides detailed examples of how Elastic is being used in legal, finance, and engineering departments within Goldman Sachs. For example, rather than hiring a “platoon of lawyers” to comb through Goldman’s legal contracts, a single software engineer was able to build a system that digitized everything and flagged contract documents that needed revision. With over 9,000 employees, Goldman currently has several thousand using Elasticsearch. The role of search has expanded, and it is important that companies recognize the many functions it can provide.
Chelsea Kerwin, August 25, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Make Your Data Pretty
June 19, 2015
It is very easy to read and interpret data when it is represented visually. Humans are visual creatures and it can be easier to communicate via pictures for an explanation. Infographics are hugely popular on the Internet and some of them have achieved meme status. While some data can be easily represented using Adobe Photoshop or the Microsoft Office Suite, more complex data needs more complex software to simplify it visually.
Rather than spending hours on Google, searching for a quality data visualization tool Usability Tools has rounded up “21 Essential Data Visualization Tools.” What is great about this list is that it features free services that available to improve how you display data on your Web site, project, or whatever your specific needs are.
Some of the choices are obvious, such as Google Charts and Wolfram Alpha, but there are some stand outs that combine JavaScript and draw on Internet resources. Plus they are also exceedingly fun to play with. They include: Timeline.js, Tableau Public, PiktoChart, Canva, and D3.js.
None of the data visualization tools are better than the others, in fact the article’s author says what you want to use is based on your need:
“As you can see, there is plenty of Data Visualization tools that will make you understand your users in a better, more insightful way. There are many tools being launched every day, but I managed to collect those that are the most popular in the ‘industry’. Of course, they have both strong and weak sides, since there is no one perfect tool to visualize the metrics. All I can do is to recommend you trying them yourself and combining them in order to maximize the efficiency of visualizing data.”
It looks like it is time to start playing around with data toys!
Whitney Grace, June 19, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Oracle Challenges HP Autonomy Service
April 22, 2015
The article titled Oracle Adds Big Data Integration Tool To Streamline Hadoop Deployments on Silicon Angle discusses the news from Oracle that follows its determination that putting the right tools before users is the only way to allow for success. The Data Integrator for Big Data is meant to create more opportunities to pull data from multiple repositories by treating them the same. The article states,
“It’s an important step the company insists, because Big Data tools like Hadoop and Spark use languages like Java and Python, making them more suitable for programmers rather than database admins (DBAs). But the company argues that most enterprise data analysis is carried out by DBAs and ETL experts, using tools like SQL. Oracle’s Big Data integrator therefore makes any non-Hadoop developer “instantly productive” on Hadoop, added Pollock in an interview with PC World.”
Pollock also spoke to Oracle’s progress, claiming that they are the only company with the capability to generate Hive, Pig and Spark transformations from a solitary mapping. For customers, this means not needing to know how to code in multiple programming languages. HP is also making strides in this line of work with the recent unveiling of the software that integrates Vertica with HP Autonomy IDOL. Excitement ahead!
Chelsea Kerwin, April 22, 2014
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com
Set Data Free from PDF Tables
April 13, 2015
The PDF file is a wonderful thing. It takes up less space than alternatives, and everyone with a computer should be able to open one. However, it is not so easy to pull data from a table within a PDF document. Now, Computerworld informs us about a “Free Tool to Extract Data from PDFs: Tabula.” Created by journalists with assistance from organizations like Knight-Mozilla OpenNews, the New York Times and La Nación DATA, Tabula plucks data from tables within these files. Reporter Sharon Machlis writes:
“To use, download the software from the project website . It runs locally in your browser and requires a Java Runtime Environment compatible with Java 6 or 7. Import a PDF and then select the area of a table you want to turn into usable data. You’ll have the option of downloading as a comma- or tab-separated file as well as copying it to your clipboard.
“You’ll also be able to look at the data it captures before you save it, which I’d highly recommend. It can be easy to miss a column and especially a row when making a selection.”
See the write-up for a video of Tabula at work on a Windows system. A couple caveats: the tool will not work with scanned images. Also, the creators caution that, as of yet, Tabula works best with simple table formats. Any developers who wish to get in on the project should navigate to its GitHub page here.
Cynthia Murrell, April 13, 2015
Stephen E Arnold, Publisher of CyberOSINT at www.xenky.com
-
- Subscribe to Beyond Search
Feature archive
News archive
-
