Organizations that do not consider themselves Oracle customers, but who use Java, can expect a call from the Big Red in the next three to nine months, according to a software licensing specialist.

House of Brick, which has spent years advising clients on how to manage their commercial arrangements with Oracle, said it had noticed an uptick in organizations seeking advice after being contacted by the tech giant about their Java use.

“Even if you are not an Oracle customer, they are tracking product downloads and matching the IP addresses to your organization. Oracle has deployed a whole team of people in India that are contacting organizations worldwide with claims of non-compliant Java SE usage,” the company said in a blog, referring to the runtime environment.

While most Oracle and Java users have become aware of the changes, those who have never dealt with Oracle for their applications, database or middleware software might be new to the arrangement.

“They don’t have a relationship with Oracle. But Oracle has tracked Java SE downloads to their company. And then Oracle approached them saying ‘We see that you’ve been downloading our Java SE product, it requires a licence.’ This might be an email coming from a person that has an audit or similar title in their signature,” said Nathan Biggs, House of Brick CEO.

For example, Oracle is likely to ask for the installation date and ask whether the customer also deploys on VMware.

But Oracle will be leading towards an “offer” to overlook earlier unlicensed software if they agree to sign up to the new subscription model, Biggs said.

Organizations should be careful before they take up the offer, he said. Users with legacy Oracle agreements face more than 100 percent — even 1,000 percent — cost increases when moving to the new terms. Bills going from tens of thousands of dollars to more than a million have been confirmed by multiple licensing specialists.

He said Oracle is entitled to ask for backdated payments for people already using Java since the paid-for deal was announced. But whether they should be forced to adopted the 2023 per employee arrangement is a moot point.

To start with, Oracle will limit the back-payment to three years. But it will also try to charge users under the Universal pricing arrangement introduced in January 2023.

“This is absurd because the universal pricing has only been around for a year. We always then push back on Oracle,” he said.

  • leds@feddit.dk
    link
    fedilink
    arrow-up
    69
    ·
    5 months ago

    Remember that Microsoft offers a nicely packaged version of openjdk for download

    • thingsiplay@beehaw.org
      link
      fedilink
      arrow-up
      42
      ·
      5 months ago

      Or on Linux systems as well. Another reason why Open Source / Libre Software is not only important, but essential to keep the freedom of users intact. There is no tracking, no artificial limitation from Oracle and no cost involved as well.

      The Java implementation from Oracle needs to die. Everyone should switch to openjdk or stop using Java.

      • eveninghere@beehaw.org
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        Company asks me if I use Oracle Java. The problem is, how would I know I’m 100% clean?

        If every library dev start doing this we need a horrible amount of extra work to make sure the system is clean…

    • tyler@programming.dev
      link
      fedilink
      arrow-up
      5
      ·
      5 months ago

      Just use asdf or the alternative that works on windows. You can specify all your languages in the file even for maven or gradle or any thing else as well. No more managing installs.

    • deathmetal27@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      5 months ago

      So do Eclipse, IBM, Amazon, Azul, Liberica, etc. There is really no reason to download any JDK version from the OTN ever.

      Also if your organisation still relies on JDK 8 then using a non-Oracle openjdk version is your only option if you don’t want to give Oracle money.

  • bitchkat@lemmy.world
    link
    fedilink
    English
    arrow-up
    39
    ·
    5 months ago

    Why would anyone go through the pain of installing Oracle java when you can just install openjdk from the repos. If you develop on windows, Adoptium.net will give you prebuilt openjdk.

    • echo@lemmings.world
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      5 months ago

      Because they make it stupidly difficult to find the latest OpenJDK for any given major version.

        • echo@lemmings.world
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          Google “openjdk 10 download site: openjdk.org” or any other older version and you’ll get zero links that take you to the download. Change your link to /8 or /10 or whatever version you want and that doesn’t work, either.

          So what I mean is exactly what I said… it’s too damn hard to find the download.

          • lemmyvore@feddit.nl
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            On Google I get the link to the download page as 3rd result, and on DuckDuckGo is the first result.

            There might also be some confusion related to the fact openjdk.org only called its builds “openjdk” for version 8 and for versions 11+. Versions 7, 9 and 10 were just called “JDK” so technically there’s no such thing as “openjdk 10”.

        • JackbyDev@programming.dev
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          Adoptium and OpenJDK are different builds. OpenJDK has no concept of LTS which is why they only provide the latest build. Adoptium has LTS versions and you can download past ones.

          • lemmyvore@feddit.nl
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            You can download past versions of OpenJDK going back to 7 from the link I gave above.

      • JackbyDev@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        5 months ago

        That’s why you shouldn’t use OpenJDK. You should use Adoptium (formerly known as AdoptOpenJDK). OpenJDK also doesn’t provide builds of anything but the latest version even though the source is still receiving bug fixes for previous versions. OpenJDK has no concept of LTS.

        • RagingRobot@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          Yeah but you know it exists lol how would someone just looking for the java run time know that openjdk exists to search for it?

          • JackbyDev@programming.dev
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            I’m hoping all professional Java developers either know about the existence of OpenJDK or one of their bosses or IT does and will appropriately direct them to foss builds of the JDK. Even then, I think (hope) most people using AWS will use Coretto.

  • kryllic@programming.dev
    link
    fedilink
    arrow-up
    35
    ·
    5 months ago

    But Oracle will be leading towards an “offer” to overlook earlier unlicensed software if they agree to sign up to the new subscription model, Biggs said.

    So…Oracle is just adopting the mafia mentality to accomplish this? Yeesh.

    • IHeartBadCode@kbin.run
      link
      fedilink
      arrow-up
      3
      ·
      5 months ago

      Oracle is just adopting the mafia mentality

      What do you mean “just”? This has always been Oracle.

  • MehBlah@lemmy.world
    link
    fedilink
    arrow-up
    33
    arrow-down
    1
    ·
    5 months ago

    A good response would be “We have blocked your networks at the firewall and are in the process of eliminating any of your software that has infected our network.”

  • mindbleach@sh.itjust.works
    link
    fedilink
    arrow-up
    20
    ·
    5 months ago

    Java is an okay format owned by the devil. When two devices running Java connect via wifi, One Rich Asshole Called Larry Ellison expects the air in-between them to be properly licensed. If the free software movement had not been founded to say “fuck printers,” it would have sprung into being in order to say “fuck Oracle.”

    If businesses spring up to advise customers how to handle your billing and legal departments, maybe you shouldn’t be a company anymore.

  • Eager Eagle@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    edit-2
    5 months ago

    I received an email about this one year ago from one of the universities technicians/systems maintainer to let them know if we were running non-openjdk java runtimes because they received a million-dollar “warning” email. Greedy corps are even going after universities.

  • Corbin@programming.dev
    link
    fedilink
    English
    arrow-up
    11
    ·
    5 months ago

    This shit is why I cannot recommend Truffle/Graal. Yes, it’s cool technology. Yes, it works well. Yes, I remember Chris Seaton. Yes, most of it is Free Software. However, Oracle is still the fucking lawnmower, and it’s not safe to build upon anything they can convince a judge they might own.

    Alternatives include RPython (my preference) and also GNU Lightning.

  • Suppoze@beehaw.org
    link
    fedilink
    arrow-up
    9
    arrow-down
    2
    ·
    5 months ago

    Honestly, the new licensing model for Oracle JDK was known for so, so long, and every company had every chance to use an open alternative. Actually I think Oracle has been pretty lenient with it’s grace period, so I don’t feel sorry for the companies held accountable over this

    • senkora@lemmy.zip
      link
      fedilink
      arrow-up
      12
      ·
      5 months ago

      The way the article makes it sound is, if individual employees download OracleJDK while on the company network, and use it for small personal scripts or automation, then that might be enough to trigger Oracle to act.

      If your company is large enough, then enough employees may have done that to make you a reasonable target for litigation if you don’t work something out with Oracle. And Oracle is an expert at litigation.

      I think that the best defense for a large company would be to IP block all Oracle domains and periodically scan employee laptops for any Oracle products (especially JDK and VirtualBox guest additions) and delete them.

      You really have to treat anything that Oracle touches as malware if you want to protect yourself.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      4
      ·
      5 months ago

      Yeah this is pretty much non-news at this point. The last unencumbered versions of JDK and JRE from Oracle went out in 2019, that’s 5 years ago, and they’re still allowing a grace period of another 6 months.

      I mean don’t get me wrong, Oracle sucks and the way they go about licensing is shit, but at this point come on. If a company hasn’t bothered to get rid of Oracle’s version of Java for the last 6 years maybe they want to get shafted? I don’t kink-shame.

  • biscuitswalrus@aussie.zone
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    5 months ago

    One rich company trying to claim money off the other rich companies using its software. The ROI on enforcing these will come from only those that really should have afforded to pay and if they can’t, shouldn’t have built on the framework. Let them duke it out. I have zero empathy for either side.

    The hopeful other side is with a “budget” for the license, a company can consider using that to weigh up open source contributions and expertise. Allowing those projects to have experts who have income. Even if it’s only a few companies that then hire for that role of porting over, and contributing back to include needed features, more of that helps everyone.

    The same happens in security, there used to be no budget for it, it was a cost centre. But then insurance providers wouldn’t provide cyber insurance without meeting minimum standards (after they lost billions) and now companies suddenly have a budget. Security is thriving.

    When companies value something, because they need to weigh opportunity cost, they’ll find money.