Oracle Java police start knocking on Fortune 200's doors for first time Oracle has started to dispatch Java audit letters to Fortune 200 companies for the first time, according to one licensing expert. Big Red announced a new licensing regime for the popular programming language and development environment in January 2023. It said Java SE Universal Subscription would offer customers "a simple, low …
'by using Oracle Java for the PoS, and migrating the rest to open Java, they were able to achieve a 90 percent saving, she claimed.'
You can't do that. The licensing is *by employee count* as far as I can see both on Oracle's site and other sites advising on licensing. It's the same cost for one employee in a thousand employee company, as all thousand employees using it.
The strategy should be to move to open Java as soon as possible, and junk Oracle Java entirely.
The PoS is usually a sealed device and doesn't allow the "owner" to do anything else with it. So there is probably a separate licensing agreement with the manufacturer for that, whereas a Java Runtime installed on PCs and servers in the organisation is treated separately.
• I hope that they reply is along the lines of that Arkell v Pressdram -- which I will not quote on a polite web site.
• If Oracle insists on an audit that the organisation's employees time wasted shall be at Oracle's expense at Oracle consultant rates.
The first thing that springs to mind is if you're buying a Java app from a third party supplier and they say that they will only support their own product running on Oracle Java. (I've worked at places that had apps that are like that)
Other than that I can't really think of a good reason.
It might be more convenient for *them* to effectively force all their customers to run Oracle.
And I suspect they'll have got away with that so far, particularly if most of their customers are large corporates.
But if we're now, finally, at the stage where Oracle's lock-in, hold-to-ransom and squeeze-until-the-pips-squeak strategy has become so egregious that even large corporations are starting to look at moving away from Oracle itself anyway, then it's quite likely that they'll be forced to change that policy and support one or more alternatives, or be discarded along with Oracle themselves.
A lot of applications ship with a java run time even when they aren't primarily java apps.
Matlab has a copy of the java run time under its install tree but as we found out with the Log4j vulnerability it was rather old.
Flexnetls had a jre but was mostly a java app I think but the run time was also rather old.
I am fairly sure both these could be redirected to an openjdk install as I don't think they used any Oracle(Sun) proprietary java classes.
I guess if you were facing a visitation from Larry's toe cutters it might be a good idea to check all your installed applications for java contamination.
If I were purchasing software that included java components I would mandate a vendor guarantee of absolutely zero Oracle content and their indemnifying me against their getting that wrong. I guess I would likely end up with no java containing software... the downside of which is? ;)
When an application contains an embedded copy of an Oracle JRE, then the Java licensing costs are covered by the purchase of the application itself. It's only when installing a standalone version of the Oracle JRE/JDK that Oracle can demand $$$.
At a company I used to work for, Oracle's website was blocked by policy, so that users couldn't download Java and install it (most users couldn't download or install anything anyway, but there were exceptions).
I heard that Oracle were also logging where visitors to their website originated from, to gather info as to which companies to target for a surprise audit. Dunno how true that is though.
> I heard that Oracle were also logging where visitors to their website originated from, to gather info as to which companies to target for a surprise audit. Dunno how true that is though.
A variation on a DoS attack comes to mind: use a botnet to download Java and wait for Oracle to start running around chasing non existent customers…
> Java app from a third party supplier and they say that they will only support their own product running on Oracle Java
we have that with one that we use, thankfully it is possible to configure it without a GUI and use command line instead
otherwise there is a company wide project to rip Oracle Java out and go to open etc
> if you're buying a Java app from a third party supplier and they say that they will only support their own product running on Oracle Java
Pretty much this.
$BigPublicSectorCompany I work for currently has a big web portal what does all their HR/Payroll/Finance/Procurement and which contractually requires Oracle Java.
Not just *any* random copy of Oracle Java either; but a specific flavour: JRE8.
The last available "free to use" version of that particular blend of buffoonery (8u201/8u202) went out of support in April 2019.
Obviously, since the allocated software budget is less than the list price of a second class postage stamp; we're STILL on the free version.
And we have to ignore it every single time any vulnerability reports are run or pentests get performed (that's a "known issue", mister auditor).
Whilst there are APPARENTLY efforts in place to replace the entire steaming pile of sewage... it's a Public Sector company.
So the smart money's on our data center getting swallowed by the sun first.
Sadly none of the attempts by the The-Techies-That-Be over the years to change this state of affairs have met with any success (so sayeth the PHBs: "it's a regional system, our hands are tied")
Eventually last year our own BOFH took matters into their own hands and sprang a series of "software tests" on our Beancounter and Inhuman Resources user's PCs; resulting in them all being moved across onto a combination of IcedTeaWeb plus Amazon Corretto 8 (which works with the portal just fine, is free-as-in-beer, and is at least a few gnatwings more secure than the old Oracle offering)... leaving just one single device with the previous strain installed locked in a cupboard for whenever the portal vendor inevitably points the finger at our "unsupported client setup" as a scapegoat for their server-side 404s and vulnerable Log4j-laden DLLs.
The users themselves noted briefly that their app splash screen logo had changed slightly; and otherwise went on with their regular business of not meeting the needs of the general public.
A surprising lack of defenestration was required.
No, oracle is the gangster eyeing up your nice little business. "Shame if something was to happen to these servers. We can make sure it doesn't, for a fee of course. Then you pay and they come back next month asking for more, and more and more until you can just about survive."
Why anyone would ever choose to use any Oracle product is beyond me. Legacy lock-in, I get, but actually making the choice to sign-up for this?
Where does it leave Java long-term. Clearly the Oracle version will die eventually...but can the community maintain and push forward the other versions independently?
We were discussing new licencing agreements with Oracle before Covid, when they informed us we would be required to licence java. That was the last straw for us and they were told getin the f**king sea. . By then of CV19 we had migrated EVERYTHING off oracle with the exception of a single archaic HR system we needed RO records from.
~ 10K DB cores
~ 5k Weblogic cores
~ 1K Virtualbox licences
~ Probably over 150k java instances [few k devs each with multiple envs, multiple exabyte cassandra rings, multiple global DCs and thousands of cloud instances]
When the sales guy came back after with what was an extremely lucrative ongoing concern for him was told we had less than 12 cores on this legacy system and everything else was removed, I imagine he went to his car and had a good cry. I can just imagine his bottom lip quivering as he is told to FO.
Oracle can burn in hell.
After their Java hijinks at a previous job, I won't even put Oracle Linux (supposedly free) in a corporate setting. One application supplier is migrating from CentOS 7 to Oracle Linux. I am refusing to install that as if Oracle decide to retroactively change the licence like they did with Java, it's on my neck the upshot of doing that to my employer. So they will have to lump it being installed on Alma or Rocky.
You cant retroactively change a license.
All software once released has that license set in stone. What Oracle can do is release new versions and change the license for that.
No wonder companies all over the world have failed to move from Oracle Java to any of the other providers, when we have ane xample of someone who doesnt know the basics.
It's not wrong. It depends entirely on what the existing license says. There's very much nothing preventing you from selling a license for 1 year, and when that year is up, offering totally different terms for the next year. You can even give different customers different licenses if you want to (e.g. maybe you use a different license for government customers).
dominick:
It's not wrong. It depends entirely on what the existing license says. There's very much nothing preventing you from selling a license for 1 year, and when that year is up, offering totally different terms for the next year.
cow:
Yes and the 2nd license for the next year you mention is a NEW LICENSE. The original license and its terms have not been modified.
They are two separate licenses, the ORIGINAL or FIRST license has NOT BEEN MODIFIED.
I suggest that you actually read the license you agree to the next time you click through. You seem to have some pretty big misconceptions as to what it says.
They reserve the right to change the license at any time. You reserve the right to stop using the software at any time.
ac: I suggest that you actually read the license you agree to the next time you click through
cow: What license are we talking about here ? There is more than one license and you havent actually stated which license for what product you are talking about.
ac: You seem to have some pretty big misconceptions as to what it says.
cow: Yes i do... as i have no idea which license for what product you are talking about.
ac: They reserve the right to change the license at any time. Yo
cow: Who is they ?
Learn to use names ...
A software license is just a contract. A software vendor can do whatever they want as long as they write the terms to allow it. Open source software licenses can't be changed without a new release, but that's because open source licenses say everyone who already has a copy can share it with whoever they want, forever.
If they actually have an existing licence agreement with Oracle, one of the contractual clauses is that they can do an audit.
If they don't, then Oracle can only sue.
Trouble is, defending a lawsuit is expensive, and if it gets that far the 'discovery' phase looks a lot like an audit.
It's lawfare, basically. Not quite the same as SLAPPs, but almost.
The only safe thing to do is ensure there's no Oracle at all.
"
Oracle defines employee for Java licensing purposes as all of the employees of the organization, regardless of employment status, plus all of the full-time, part-time, and temporary employees of agents, outsourcers, contractors, or consultants that support the business.
"
Visions of Oracle auditors having to walk through US and Chinese prisons taking a headcount.
All this sounds very dodgy!
Many countries have laws specifically against what Oracle are trying to do.
And anyone still using Java will now be adding "OpenJDK compatibility" to their list of non-negotiable requirements. If their suppliers aren't already trumpeting it as a feature .....
But in america you wont pay for universal healthcare because its communist or socialist, but you are still more than happy to pay the arsehole tax.
Oracle and Boeing are primse examples where they are the scum of the earth and yet nobody here can actually say a precise bad word about either ceo.
Oracle's PoS Simphony (and it really is a piece of shit) runs Java and so does their hotel management system. Both are horrendously widely used and embedded. I can imagine some Oracle executives delight (think the Tim Curry Home Alone Grinch Scene) when they realised they could double dip on the licence fees because both products run Java, wouldn't likely be supported unless they ran Oracle's Java (you didn't get a choice with Simphony) and they already knew the customer ran it and on how many machines.
The money tap was well and truly turned on to full when they came up with this wheeze. Java runtime was an enabler for developers to sell products, it was never the product. Amazing bait and switch there. They should be taken to court for this and forced to stop.
Places stuck with a legacy Oracle database will get locked into using only Oracle Java to maintain the DB contract requirements. The lowest cost solution is to run the old Oracle Java 8 that is still free.
I hear Java 8 and withdraw from job applications. It means being forever frozen in the year 2015 and maintaining an enormous load of tech debt. Safe and timely technology upgrades should be part of the business plan.
Oracle makes their employees sign binding arbitration clauses. And when the Oracle paid arbitrator has the audacity to bite the hand that feeds them, Oracle sues them. Oracle can sue you, but will not let you sue them. They are an evil company. To this day I am convinced they have a factory dedicated to punching puppies and kicking kittens. I would rather do without than to give them any money, ever.
Why does anyone choose to pay for software at all?
If you pay for software, you get slapped with a massive list of restrictions of what you can and can't do with it and how many people can use it -- and they can keep demanding more money if, for example, you grow your business and take on more employees. It might even refuse to work, if the vendors suspect you are trying to use it in some way that's more expensive than you have paid for.
If you don't pay for software, it is completely unrestricted in use; you get the full Source Code and Modification Rights; you can make as many copies as you like; and you will never, ever have to pay for it.
It ought to be a complete no-brainer. But for some reason -- and it eludes me, too -- people keep paying for software, despite the obviety that they would be better off not paying.
The mode of business deployed by Oracle, Microsoft, and many other software companies, lives on borrowed time. Therefore, they must make the best of it whilst opportunity remains.
Rip-off pricing for intangible goods (these lacking scarcity necessary for price discovery) cannot be sustained now that the USA's grip upon the world is failing. How much revenue from the Russian Federation reaches Oracle? Soon, ditto for BRICS, including China; these shall be rethinking impositions of 'rental' from abroad for digital products. Such payments, regardless of being taken from business or from private individuals (e.g. accessing knowledge and for entertainment) impact upon disposable incomes (national, corporate, and personal); software costs must factor into charges made by purveyors of tangible goods and services.
Monoliths like Oracle and Microsoft are set for eventual collapse because sheer size makes them increasingly unmanageable, and sclerosing arteries diminish the flow of innovation. This appears to be a general rule concerning corporate giants once their 'lean and hungry' originators step back. Boeing exemplifies this. Regarding software, vibrant cottage industries will arrive; these also eventually to give way to others.
In the meantime, Oracle, Microsoft, et al., could (briefly) extend their existences as giants by becoming early adopters of the business ethos their agile successors perforce must embrace: acceptance that digit products contain no intrinsic monetary value — this despite effort in their making — but what are marketable are skills in their making, and associated 'added value' goods and services; for software vendors, 'added value' lies in support services, including bespoke adaptations of software, the possessors of the software voluntarily contract to receive.
I had to look up what that was, seems it was discontinued by Oracle in recent versions (SE11+) so you won't be getting bug-fixes from them anyway, even if you decide to bend over and take their new licencing terms.
Just from a security point of view you really should be replacing that with a supported version like OpenWebStart ASAP. They offer paid support which I will bet is a lot less painful than Oracle, and as a smaller company they might actually support you in a timely manner.
See https://www.oracle.com/downloads/licenses/javase-license1.html
<Quote>Oracle may audit an Entity's use of the Programs</Quote>
If you concede to Oracle that you agreed to this or a similar license they have the right to audit you. This won't allow them to ask for unrestricted access and do whatever they please in your systems but outright denying the audit would break the terms of the license agreement. If the oracle audit teams knocks on the door you'd better contact the legal department to ask what you have to allow to be compliant.
This post has been deleted by its author
Let’s see. Would I be happier seeing Larry Ellison enter the Americas Cup with another yacht we bought him?
Or, use OpenJDK?
Gouging long-time legacy customers seems a harvesting endgame. Like the Broadcom / VMware price increases.
I hope our whole line of work isn’t flipping over into harvest mode.
Stupid high legacy costs from rent-seeking by financialized vendors should figure into the decision whether to maintain legacy stuff or do greenfield restarts.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
