
Simple solution
This is why everyone I know switched to an OpenJDK distribution six years ago.
Organizations that do not consider themselves Oracle customers, but who use Java, can expect a call from the Big Red in the next three to nine months, according to a software licensing specialist. House of Brick, which has spent years advising clients on how to manage their commercial arrangements with Oracle, said it had …
This post has been deleted by its author
"They don't have a relationship with Oracle. But Oracle has tracked Java SE downloads to their company. "
Or so they might at least say...
Make sure you _really_ do not use Oracle Java - there is literally not a single reason not to run whatever Java stuff is needed on OpenJDK these days, which needs exactly zero licenses from Oracle - and then tell Oracle to get lost.
This is not to say that Oracle might not be trying to muddy the water by talking just about "Java" instead of their outragoulsly priced version of "Oracle-infested Java (TM)"
Nope, not unless you can guarantee that the mere act of installing a given version of Java for evaluation purposes will NOT trigger an automatic update within the evaluation period.
Now, that *may* be at least a semi-reasonable assumption to make if you've grabbed the latest and greatest version of the installer as part of your evaluation, provided that the installer offered for download isn't merely a lightweight shell for the autoupdater in order for *that* to pull down the actual latest and greatest version on your behalf, but what if you happened to have downloaded it a while ago but have only now got around to trying it out...
i think they are not just tracking normal downloads, but also that automatic update check that is started daily / weekly in the background by pretty much ALL computers that have an Oracle JRE and/or JDK installed.
Even if the actual installer is not downloaded from their servers, the simple fact that the automated version checker sent a version query/ajax ping to their server is probably enough to tell them that you're using Oracle Java and which particular version you are using.
Short of being inside a walled garden / heavy firewalled network, that kind of update check is not usually blocked or considered malware by firewalls... after all, it's a "simple" version update notification check with just a few bytes transmitted from each side, right? (well, it used to be...)
“ Oracle has deployed a whole team of people in India that are contacting organizations worldwide with claims of non-compliant Java SE usage”
Well best they be trained in people hanging up on them then. The scammers have given these teams such a bad reputation that Oracle would have been better off using same-country nationals, but then they can’t pay them such low wages.
There’s a reason that whenever I get a call from an 020 number I ignore it. It’s either a robot or a scammer.
I just never answer phones. If someone matters, they'll leave a message. If not, they don't matter to me. That's how I operate for self employment too. My customers know they have to leave a message to get me. Or send me an email (either directly or through contact form etc.). Sure I'd get more calls if I answered my phone, but that would only mean more talking on the phone and dealing with soliciting. It's the limited time for one individual that's the bottleneck, not the number of potential customers (that's why that works for me, I mean) :-)
If I phone somebody and they don't answer I usually hang up and call again later. If still no answer it comes down to one of two approaches:
a) If I need to contact them for something I need, I'll leave a message; or
b) If it's something they need, I'll give up - if they need it they'll see two missed calls and it's up to them to call me back.
If it's a company, it's not often (a) as there are other businesses I can approach. Besides, not answering the phone tells me they're probably already too busy and won't have the time to give my work sufficient attention.
I don't know why more people don't adopt the 'Don't answer' mechanism.
One of the best managers I ever worked for had a reputation for not answering emails. I asked him about it once, he said it was quite deliberate, as if it was actually important they'd come find him or ring his phone.
When he left the company you suddenly realised he'd been managing our 3 biggest projects, well.
It also worked the other way too, he liked me as I'm one of those devs that can switch on a dime and look at a problem quickly, so he'd often ask me to take a quick look at something. I'd put the request to one side, and only ever look if he mentioned it a second time.
It's a very effective method of filtering important from 'would be nice'.
on any of my boxes since OpenOffice stopped requiring Java. No Java. No Virtual Box. No early versions of OpenOffice or derivatives thereof. No Oracle of any kind whatsoever.
I am sure that Oracle will get around to checking for ancient (10-15-20 year old) installs. I am also certain that if they try I will tell them to fuck off and that I'll see them in court. There ain't no Oracle products on any machines I run, both professionally and personally, and there have been no Oracle products on said machines for a minimum of a decade.
This new(?) Oracle policy will give rise to a new breed of extortionware.
Once installed on a compromised device, the new extortionware collects system, network, and account data, then pops up an on-screen window:
"Pay us €5000, or we'll install Oracle Java on your device, and then inform Oracle's License Enforcement and Revenue Collection Division."
Can this possibly be legal in the EU? I would expect that it's illegal to have a EULA which inflicts this sort of licensing cost retroactively on a free download.
Arkell vs. Pressdram seems relevant, but I'm also a big fan of Wally's responses to Dilbert.
IANAL, but business-to-business has lesser protection. Contracts are rarely worth the paper they're written on - one of my suppliers didn't bother actually providing the service for two years before I found out, yet I couldn't enforce the refund clauses, only fire them.
That said, the only thing that Oracle can do is take the business to court. So don't engage, just forward them straight to your lawyers.
Audit internally and block their IP ranges in your firewalls. Take off and nuke the site from orbit, it's the only way to be sure.
The salespeople will be shooting fish in a government provided barrel in Ireland. Just phone the accounts department.
Ireland's revenue service provide "ROS Online Application" which bundles Java6 u15 for downloading revenue forms and filling in revenue declarations.
Probably every accountant has it installed.
It fails when the enclosed JRE is replaced with a modern JRE, even Adoptium 8 JRE isn't great.
Harvesting IPs in the EU (and the UK for the moment) is illegal under GDPR, if the machine contacting the mothership is owned by a consumer, and not a business. If oracle are then shipping IP databases off to India for them to try to identify the owner, that again I'm pretty certain is against GDPR. Time for everyone in the EU and UK to make a complaint about the Oracle IP harvesting to their local DPA / ICO "just in case". It costs nothing, but it might get Oracle in bad water with the EU.
This post has been deleted by its author
VirtualBox also checks for updates from the mothership. I would not be surprised if the check includes information about the possibly installed extension pack. So you could be in trouble if you load it at home but use it at business.
Pro tip: most ordinary usage of VirtualBox does not actually require the extension pack.
Yeah, no.
That's the type of pointless clever-dick "get one over" suggestion you see random people make online that- in the real world- would run the very serious risk of coming back to bite your backside if Oracle had another excuse^w reason to investigate you and found out you were running that "free for personal use" software for business purposes.
While I've no moral objection to anyone screwing over a company whose modus operandi is (to all intents and purposes) legalised extortion, you're not screwing over Oracle by running their software without paying, rather than using a free alternative. Quite the opposite, you're simply running the pointless risk of giving them an additional opportunity to get *you*.
The sensible move isn't to use *more* Oracle software, quite the opposite- it's to move away from them in favour of alternatives wherever practical and to minimise use of *any* Oracle-encumbered software (down to, and including, ditching the lot).
They have an IP address. Sure. But you can't sue an IP address.
The IP address points you towards a router. But you can't sue a router.
If they want to sue the company, they have to prove that the company authorised the download and agreed to the terms. If an employee is connecting a personal device to the company Wifi, and uses that to download Java or check for Java updates, that is entirely between the employee and Oracle. The company is not obliged to help Oracle identify the employee in question.
I quite enjoyed Java, and grew up writing stuff with the SE JDK. But doing it for a hobby, wouldn't ever pay a license fee for it, especially with free alternatives.
The language isn't the issue, it's the extortionate licensing. Acquire a common and free product, then charge folks for it, then threaten to sue them if they don't pay/cooperate with the audits...