back to article Oracle Java police start knocking on Fortune 200's doors for first time

Oracle has started to dispatch Java audit letters to Fortune 200 companies for the first time, according to one licensing expert. Big Red announced a new licensing regime for the popular programming language and development environment in January 2023. It said Java SE Universal Subscription would offer customers "a simple, low …

  1. BinkyTheMagicPaperclip Silver badge

    Do Azul actually know what they're talking about?

    'by using Oracle Java for the PoS, and migrating the rest to open Java, they were able to achieve a 90 percent saving, she claimed.'

    You can't do that. The licensing is *by employee count* as far as I can see both on Oracle's site and other sites advising on licensing. It's the same cost for one employee in a thousand employee company, as all thousand employees using it.

    The strategy should be to move to open Java as soon as possible, and junk Oracle Java entirely.

    1. Jim Mitchell
      IT Angle

      Re: Do Azul actually know what they're talking about?

      Is it possible that the "Oracle Java for the PoS" (point of sale cash registers, probably) Java is under a different licensing regime that the $ per employee one this article is mostly about?

      1. BinkyTheMagicPaperclip Silver badge

        Re: Do Azul actually know what they're talking about?

        Possibly, but if so that would remove all of the discussion and migration that's been going on.

        However, presumably it's still tied to an Oracle licensing regime that they may change at some future point, so moving is a good idea.

        1. big_D Silver badge

          Re: Do Azul actually know what they're talking about?

          The PoS is usually a sealed device and doesn't allow the "owner" to do anything else with it. So there is probably a separate licensing agreement with the manufacturer for that, whereas a Java Runtime installed on PCs and servers in the organisation is treated separately.

      2. Mark #255

        Re: Do Azul actually know what they're talking about?

        The PoS devices might belong to legally separate entities (franchises or something like that), maybe?

  2. alain williams Silver badge

    If an organisation does not use Java SE ...

    • I hope that they reply is along the lines of that Arkell v Pressdram -- which I will not quote on a polite web site.

    • If Oracle insists on an audit that the organisation's employees time wasted shall be at Oracle's expense at Oracle consultant rates.

    1. Korev Silver badge
      Pint

      Re: If an organisation does not use Java SE ...

      An upvote and a pint for the Private Eye reference

    2. alisonken1
      Childcatcher

      Re: If an organisation does not use Java SE ...

      <quote>which I will not quote on a polite web site.</quote>

      This is a "polite" website????

  3. RachelG

    i mean, why? why run it when you can run openjdk, or temurin, or azul, or microsoft, or whatever... Oracle's java build is not different. The only purpose in running it is if you actually need to access their support. so why run it if you're not already paying for that?

    1. Zippy´s Sausage Factory

      The first thing that springs to mind is if you're buying a Java app from a third party supplier and they say that they will only support their own product running on Oracle Java. (I've worked at places that had apps that are like that)

      Other than that I can't really think of a good reason.

      1. Michael Strorm Silver badge

        It might be more convenient for *them* to effectively force all their customers to run Oracle.

        And I suspect they'll have got away with that so far, particularly if most of their customers are large corporates.

        But if we're now, finally, at the stage where Oracle's lock-in, hold-to-ransom and squeeze-until-the-pips-squeak strategy has become so egregious that even large corporations are starting to look at moving away from Oracle itself anyway, then it's quite likely that they'll be forced to change that policy and support one or more alternatives, or be discarded along with Oracle themselves.

      2. Bebu
        Windows

        "buying a Java app from a third party supplier"

        A lot of applications ship with a java run time even when they aren't primarily java apps.

        Matlab has a copy of the java run time under its install tree but as we found out with the Log4j vulnerability it was rather old.

        Flexnetls had a jre but was mostly a java app I think but the run time was also rather old.

        I am fairly sure both these could be redirected to an openjdk install as I don't think they used any Oracle(Sun) proprietary java classes.

        I guess if you were facing a visitation from Larry's toe cutters it might be a good idea to check all your installed applications for java contamination.

        If I were purchasing software that included java components I would mandate a vendor guarantee of absolutely zero Oracle content and their indemnifying me against their getting that wrong. I guess I would likely end up with no java containing software... the downside of which is? ;)

        1. Anonymous Coward
          Anonymous Coward

          Re: "buying a Java app from a third party supplier"

          When an application contains an embedded copy of an Oracle JRE, then the Java licensing costs are covered by the purchase of the application itself. It's only when installing a standalone version of the Oracle JRE/JDK that Oracle can demand $$$.

          At a company I used to work for, Oracle's website was blocked by policy, so that users couldn't download Java and install it (most users couldn't download or install anything anyway, but there were exceptions).

          I heard that Oracle were also logging where visitors to their website originated from, to gather info as to which companies to target for a surprise audit. Dunno how true that is though.

          1. Roland6 Silver badge

            Re: "buying a Java app from a third party supplier"

            > I heard that Oracle were also logging where visitors to their website originated from, to gather info as to which companies to target for a surprise audit. Dunno how true that is though.

            A variation on a DoS attack comes to mind: use a botnet to download Java and wait for Oracle to start running around chasing non existent customers…

      3. Anonymous Coward
        Anonymous Coward

        > Java app from a third party supplier and they say that they will only support their own product running on Oracle Java

        we have that with one that we use, thankfully it is possible to configure it without a GUI and use command line instead

        otherwise there is a company wide project to rip Oracle Java out and go to open etc

      4. Anonymous Coward
        Anonymous Coward

        > if you're buying a Java app from a third party supplier and they say that they will only support their own product running on Oracle Java

        Pretty much this.

        $BigPublicSectorCompany I work for currently has a big web portal what does all their HR/Payroll/Finance/Procurement and which contractually requires Oracle Java.

        Not just *any* random copy of Oracle Java either; but a specific flavour: JRE8.

        The last available "free to use" version of that particular blend of buffoonery (8u201/8u202) went out of support in April 2019.

        Obviously, since the allocated software budget is less than the list price of a second class postage stamp; we're STILL on the free version.

        And we have to ignore it every single time any vulnerability reports are run or pentests get performed (that's a "known issue", mister auditor).

        Whilst there are APPARENTLY efforts in place to replace the entire steaming pile of sewage... it's a Public Sector company.

        So the smart money's on our data center getting swallowed by the sun first.

        Sadly none of the attempts by the The-Techies-That-Be over the years to change this state of affairs have met with any success (so sayeth the PHBs: "it's a regional system, our hands are tied")

        Eventually last year our own BOFH took matters into their own hands and sprang a series of "software tests" on our Beancounter and Inhuman Resources user's PCs; resulting in them all being moved across onto a combination of IcedTeaWeb plus Amazon Corretto 8 (which works with the portal just fine, is free-as-in-beer, and is at least a few gnatwings more secure than the old Oracle offering)... leaving just one single device with the previous strain installed locked in a cupboard for whenever the portal vendor inevitably points the finger at our "unsupported client setup" as a scapegoat for their server-side 404s and vulnerable Log4j-laden DLLs.

        The users themselves noted briefly that their app splash screen logo had changed slightly; and otherwise went on with their regular business of not meeting the needs of the general public.

        A surprising lack of defenestration was required.

      5. Doctor Syntax Silver badge

        "they say that they will only support their own product running on Oracle Java"

        In that case it's time to review the market.

      6. big_D Silver badge

        Agreed, but, thereagain, our vendor selection runs thus:

        Vendor: "It runs on Oracle Java SE."

        Us: "We user openJDK, does it run on that?"

        Vendor: "No, it has to run on Oracle Java SE."

        Us: "Thank you, next please."

  4. Pascal Monett Silver badge
    Flame

    "a simple, low-cost monthly subscription"

    Yeah. Simple. For your accountants.

    For everyone else, it's a rip-off.

    Could everyone please realize that no multinational has your best interest at heart ?

    Investors are the only people they care about. You are the product, nothing more.

    1. Anonymous Coward
      Anonymous Coward

      Re: "a simple, low-cost monthly subscription"

      > You are the product, nothing more.

      No? You are the customer. Java is the product.

      1. Kinetic

        Re: "a simple, low-cost monthly subscription"

        No, oracle is the gangster eyeing up your nice little business. "Shame if something was to happen to these servers. We can make sure it doesn't, for a fee of course. Then you pay and they come back next month asking for more, and more and more until you can just about survive."

        Why anyone would ever choose to use any Oracle product is beyond me. Legacy lock-in, I get, but actually making the choice to sign-up for this?

        Where does it leave Java long-term. Clearly the Oracle version will die eventually...but can the community maintain and push forward the other versions independently?

  5. JoeCool Silver badge

    How does this play out for Oracle ?

    is this like broadcom with vmware - Oracle is fine with reducing it's customer base to those incapable of escaping ?

    Do they have another card to play that will broaden the customer base ?

    1. Paul Crawford Silver badge

      Re: How does this play out for Oracle ?

      Yes

      No

    2. Anonymous Crowbar

      Re: How does this play out for Oracle ?

      We were discussing new licencing agreements with Oracle before Covid, when they informed us we would be required to licence java. That was the last straw for us and they were told getin the f**king sea. . By then of CV19 we had migrated EVERYTHING off oracle with the exception of a single archaic HR system we needed RO records from.

      ~ 10K DB cores

      ~ 5k Weblogic cores

      ~ 1K Virtualbox licences

      ~ Probably over 150k java instances [few k devs each with multiple envs, multiple exabyte cassandra rings, multiple global DCs and thousands of cloud instances]

      When the sales guy came back after with what was an extremely lucrative ongoing concern for him was told we had less than 12 cores on this legacy system and everything else was removed, I imagine he went to his car and had a good cry. I can just imagine his bottom lip quivering as he is told to FO.

      Oracle can burn in hell.

      1. PM.

        Re: How does this play out for Oracle ?

        Bravo!

    3. Cloudy Day

      Re: How does this play out for Oracle ?

      I assume the likes of JDE, Siebel etc will only be ‘supported’ on oracle Java?

  6. Anonymous Coward
    Anonymous Coward

    In a word "Adoptium"

    I moved all our Java SDK runtimes to Adoptium's OpenJDK releases about 2 years ago. It's now corp policy that we do NOT use any version of Oracle Java JDK anywhere for any reason, if it won't run then tough luck, recode it until it does.

    1. Jason Hindle

      Re: In a word "Adoptium"

      That's the spirit!

    2. Soruk

      Re: In a word "Adoptium"

      After their Java hijinks at a previous job, I won't even put Oracle Linux (supposedly free) in a corporate setting. One application supplier is migrating from CentOS 7 to Oracle Linux. I am refusing to install that as if Oracle decide to retroactively change the licence like they did with Java, it's on my neck the upshot of doing that to my employer. So they will have to lump it being installed on Alma or Rocky.

      1. CowHorseFrog Silver badge

        Re: In a word "Adoptium"

        You cant retroactively change a license.

        All software once released has that license set in stone. What Oracle can do is release new versions and change the license for that.

        No wonder companies all over the world have failed to move from Oracle Java to any of the other providers, when we have ane xample of someone who doesnt know the basics.

        1. Aitor 1

          Re: In a word "Adoptium"

          But of course that is the trick, want updates? New license.

          1. CowHorseFrog Silver badge

            Re: In a word "Adoptium"

            Of course thats the trick but its just plain wrong to state licenses can be changed for EXISTING versions which is what the original post claimed.

            1. dominickpastore

              Re: In a word "Adoptium"

              It's not wrong. It depends entirely on what the existing license says. There's very much nothing preventing you from selling a license for 1 year, and when that year is up, offering totally different terms for the next year. You can even give different customers different licenses if you want to (e.g. maybe you use a different license for government customers).

              1. CowHorseFrog Silver badge

                Re: In a word "Adoptium"

                dominick:

                It's not wrong. It depends entirely on what the existing license says. There's very much nothing preventing you from selling a license for 1 year, and when that year is up, offering totally different terms for the next year.

                cow:

                Yes and the 2nd license for the next year you mention is a NEW LICENSE. The original license and its terms have not been modified.

                They are two separate licenses, the ORIGINAL or FIRST license has NOT BEEN MODIFIED.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: In a word "Adoptium"

                  I suggest that you actually read the license you agree to the next time you click through. You seem to have some pretty big misconceptions as to what it says.

                  They reserve the right to change the license at any time. You reserve the right to stop using the software at any time.

                  1. CowHorseFrog Silver badge

                    Re: In a word "Adoptium"

                    ac: I suggest that you actually read the license you agree to the next time you click through

                    cow: What license are we talking about here ? There is more than one license and you havent actually stated which license for what product you are talking about.

                    ac: You seem to have some pretty big misconceptions as to what it says.

                    cow: Yes i do... as i have no idea which license for what product you are talking about.

                    ac: They reserve the right to change the license at any time. Yo

                    cow: Who is they ?

                    Learn to use names ...

        2. dominickpastore

          Re: In a word "Adoptium"

          A software license is just a contract. A software vendor can do whatever they want as long as they write the terms to allow it. Open source software licenses can't be changed without a new release, but that's because open source licenses say everyone who already has a copy can share it with whoever they want, forever.

      2. Anonymous Coward
        Anonymous Coward

        Re: In a word "Adoptium"

        Oracle Linux is just RedHat with a different splash screen.

        1. Soruk

          Re: In a word "Adoptium"

          Exactly, so are Alma and Rocky.

  7. bigtimehustler

    They have no legal right to access anything in another company, they are not law enforcement. Why don't these companies just ignore Oracle, or tell them they have no intention of wasting their time helping Oracle do an audit.

    1. Headley_Grange Silver badge

      I bet the licence Ts&Cs include audit rights. If they don't, they will soon.

      1. bigtimehustler

        If you don't buy any oracle, then you don't care do you. What possible suspicion could they even have to get a court case going.

    2. Richard 12 Silver badge
      Mushroom

      If they actually have an existing licence agreement with Oracle, one of the contractual clauses is that they can do an audit.

      If they don't, then Oracle can only sue.

      Trouble is, defending a lawsuit is expensive, and if it gets that far the 'discovery' phase looks a lot like an audit.

      It's lawfare, basically. Not quite the same as SLAPPs, but almost.

      The only safe thing to do is ensure there's no Oracle at all.

      1. PM.

        Yeah, and while Oracle's engineering team may be less than stellar, it's legal division is top notch, I would guess !

      2. bigtimehustler

        Sue based on what? They have no evidence of even suspicion in a company that currently buys nothing from Oracle. It would be thrown out in the first hearing.

  8. IGotOut Silver badge

    Going after these could backfire...

    ...they have the power and money to tell Oracle where to go.

    1. Richard 12 Silver badge

      Re: Going after these could backfire...

      Really hoping one of them goes to court on the basis that they've got no Oracle Java and a judge repeatedly de-yachts Oracle.

      Unlikely to happen, but one can dream.

  9. Curious

    "

    Oracle defines employee for Java licensing purposes as all of the employees of the organization, regardless of employment status, plus all of the full-time, part-time, and temporary employees of agents, outsourcers, contractors, or consultants that support the business.

    "

    Visions of Oracle auditors having to walk through US and Chinese prisons taking a headcount.

    1. Paul Hovnanian Silver badge

      Visions of Oracle auditors trying to gain entry into a SCIF. That guard at the gate with the M16 looks pretty mean.

      1. Roland6 Silver badge

        Gaining entry is one thing, gaining exit is another…

        1. Mishak Silver badge

          Reminds me of rag week at uni...

          They had a sponsored break-in to the local prison, with the guards finding an excess of "inmates" in the morning.

          "Not our fault - the place is designed to keep people in, not stop them getting in".

  10. JulieM Silver badge

    Sounds very dodgy

    All this sounds very dodgy!

    Many countries have laws specifically against what Oracle are trying to do.

    And anyone still using Java will now be adding "OpenJDK compatibility" to their list of non-negotiable requirements. If their suppliers aren't already trumpeting it as a feature .....

    1. CowHorseFrog Silver badge

      Re: Sounds very dodgy

      But in america you wont pay for universal healthcare because its communist or socialist, but you are still more than happy to pay the arsehole tax.

      Oracle and Boeing are primse examples where they are the scum of the earth and yet nobody here can actually say a precise bad word about either ceo.

  11. Martin Summers

    Oracle's PoS Simphony (and it really is a piece of shit) runs Java and so does their hotel management system. Both are horrendously widely used and embedded. I can imagine some Oracle executives delight (think the Tim Curry Home Alone Grinch Scene) when they realised they could double dip on the licence fees because both products run Java, wouldn't likely be supported unless they ran Oracle's Java (you didn't get a choice with Simphony) and they already knew the customer ran it and on how many machines.

    The money tap was well and truly turned on to full when they came up with this wheeze. Java runtime was an enabler for developers to sell products, it was never the product. Amazing bait and switch there. They should be taken to court for this and forced to stop.

    1. MadocOwain

      Oracle software I deal with that contain Java, or WebLogic, or other Oracle Middleware products? Those products' licenses come bundled with the software. No double-dipping (yet).

      1. Doctor Syntax Silver badge

        But are they licenced on the basis of the number of seats or the total number of employees, irrespective of whether the one is substantially less than the other?

  12. Kevin McMurtrie Silver badge

    Deals with the devil

    Places stuck with a legacy Oracle database will get locked into using only Oracle Java to maintain the DB contract requirements. The lowest cost solution is to run the old Oracle Java 8 that is still free.

    I hear Java 8 and withdraw from job applications. It means being forever frozen in the year 2015 and maintaining an enormous load of tech debt. Safe and timely technology upgrades should be part of the business plan.

  13. Wade Burchette

    Oracle is pure evil

    Oracle makes their employees sign binding arbitration clauses. And when the Oracle paid arbitrator has the audacity to bite the hand that feeds them, Oracle sues them. Oracle can sue you, but will not let you sue them. They are an evil company. To this day I am convinced they have a factory dedicated to punching puppies and kicking kittens. I would rather do without than to give them any money, ever.

  14. FuzzyTheBear
    Mushroom

    Why ?

    Why do companies accept that sh&& from Oracle is beyond my understanding.

    1. JulieM Silver badge

      Re: Why ?

      Why does anyone choose to pay for software at all?

      If you pay for software, you get slapped with a massive list of restrictions of what you can and can't do with it and how many people can use it -- and they can keep demanding more money if, for example, you grow your business and take on more employees. It might even refuse to work, if the vendors suspect you are trying to use it in some way that's more expensive than you have paid for.

      If you don't pay for software, it is completely unrestricted in use; you get the full Source Code and Modification Rights; you can make as many copies as you like; and you will never, ever have to pay for it.

      It ought to be a complete no-brainer. But for some reason -- and it eludes me, too -- people keep paying for software, despite the obviety that they would be better off not paying.

      1. CowHorseFrog Silver badge

        Re: Why ?

        Oracle is only considered, because all the dumb management types have no idea, and buy it becaue its got a big office.

      2. Mishak Silver badge

        Re: Why ?

        I use both, as both have their advantages (and disadvantages). I also contribute to "free" projects when I find the software helpful or use it for financial gain.

  15. Kinetic

    You do a deal with the devil....

    I imagine the next step will be to move to end-user licensing, where if you have a website written with Java on the backend, and it has 1M yearly users, then you pay for each of those. I mean, they are getting value out of Oracle's IP too, right? Right?

    1. OhForF' Silver badge

      Re: You do a deal with the devil....

      If that website is connected to the internet it is not just 1M existing users. You'll have to get a licence for every web browser that was ever installed because it could potentially acces the web site.

  16. Anonymous Coward
    Anonymous Coward

    Larry Ellison

    Does he need a new yacht?

    Oracle doing this just puts people off Oracle.

    1. Dave 13

      Re: Larry Ellison

      More likely he needs to buy another island.

    2. Anonymous Coward
      Anonymous Coward

      Re: Larry Ellison

      People still using Oracle aren't the ones paying for it. We have a drop down selector for database setup. We moved Postgres to the top, Oracle to the bottom of it.

      Yes - that's how much thought people put into their database selection...

      1. OhForF' Silver badge

        Re: Larry Ellison

        A user of your setup can choose to use Oracle or Postgres at the same cost and you're paying for the license?

        To get the users to pay attention you have to make them pay for the license and prominently show the cost next to the selection.

  17. Long John Silver Bronze badge
    Pirate

    Making hay while the sun shines?

    The mode of business deployed by Oracle, Microsoft, and many other software companies, lives on borrowed time. Therefore, they must make the best of it whilst opportunity remains.

    Rip-off pricing for intangible goods (these lacking scarcity necessary for price discovery) cannot be sustained now that the USA's grip upon the world is failing. How much revenue from the Russian Federation reaches Oracle? Soon, ditto for BRICS, including China; these shall be rethinking impositions of 'rental' from abroad for digital products. Such payments, regardless of being taken from business or from private individuals (e.g. accessing knowledge and for entertainment) impact upon disposable incomes (national, corporate, and personal); software costs must factor into charges made by purveyors of tangible goods and services.

    Monoliths like Oracle and Microsoft are set for eventual collapse because sheer size makes them increasingly unmanageable, and sclerosing arteries diminish the flow of innovation. This appears to be a general rule concerning corporate giants once their 'lean and hungry' originators step back. Boeing exemplifies this. Regarding software, vibrant cottage industries will arrive; these also eventually to give way to others.

    In the meantime, Oracle, Microsoft, et al., could (briefly) extend their existences as giants by becoming early adopters of the business ethos their agile successors perforce must embrace: acceptance that digit products contain no intrinsic monetary value — this despite effort in their making — but what are marketable are skills in their making, and associated 'added value' goods and services; for software vendors, 'added value' lies in support services, including bespoke adaptations of software, the possessors of the software voluntarily contract to receive.

  18. Dave 13

    Uncle Larry never seems to change his spots - sue, sue, sue...

  19. Anonymous Coward
    Anonymous Coward

    One of the bits of software we use requires Java Webstart, and we've never found a replacement Open Java that provides one that works. So I guess we'll be moving away from that bit of software. Probably not before time, mind.

    1. Anonymous Coward
      Anonymous Coward

      Have you tried OpenWebStart? Paired with an Open JRE it's a possible solution.

    2. Paul Crawford Silver badge

      I had to look up what that was, seems it was discontinued by Oracle in recent versions (SE11+) so you won't be getting bug-fixes from them anyway, even if you decide to bend over and take their new licencing terms.

      Just from a security point of view you really should be replacing that with a supported version like OpenWebStart ASAP. They offer paid support which I will bet is a lot less painful than Oracle, and as a smaller company they might actually support you in a timely manner.

  20. aldolo

    forbidden by hr dept

    in my company there is an official recall from hr dept to anyone installing java

    1. Anonymous Coward
      Anonymous Coward

      Re: forbidden by hr dept

      Our company force reinstalls Oracle Java in our laptops.. while we suport corretto, not Oracle java.

  21. Randall Shimizu

    Predatory licensing

    Sounds like Oracle is out to lock their customers in licensing & jack up the prices. Time for the Java community to move to openjdk...!!

  22. Anonymous Coward
    Anonymous Coward

    Why can they even audit your equipment?

    Just wondering... what gives that company the right to audit your company's IT infrastructure?

    Can they do it only in the US? I don't think they just could walk into a swiss bank and say: give us your root passwords....

    1. OhForF' Silver badge

      Re: Why can they even audit your equipment?

      See https://www.oracle.com/downloads/licenses/javase-license1.html

      <Quote>Oracle may audit an Entity's use of the Programs</Quote>

      If you concede to Oracle that you agreed to this or a similar license they have the right to audit you. This won't allow them to ask for unrestricted access and do whatever they please in your systems but outright denying the audit would break the terms of the license agreement. If the oracle audit teams knocks on the door you'd better contact the legal department to ask what you have to allow to be compliant.

  23. This post has been deleted by its author

  24. Anonymous Coward
    Anonymous Coward

    Never one of the "put ZFS in Linux" people around...

    ...when discussing Oracle licensing?

  25. OllieJones

    OpenJDK? Americas Cup Yacht?

    Let’s see. Would I be happier seeing Larry Ellison enter the Americas Cup with another yacht we bought him?

    Or, use OpenJDK?

    Gouging long-time legacy customers seems a harvesting endgame. Like the Broadcom / VMware price increases.

    I hope our whole line of work isn’t flipping over into harvest mode.

    Stupid high legacy costs from rent-seeking by financialized vendors should figure into the decision whether to maintain legacy stuff or do greenfield restarts.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like