Thread regarding Oracle Corp. layoffs

Rumor has it Autonomous wiped itself out with latest security patch

This rumor is pure speculation because I have no way of validating the rumor. But from the general tight lips, and rushing about in panicked fashion by those who should know this rumor may be true.

@VKt7WnY indicates that Oracle Autonomous in the Exadata cloud has been down for four days. This is after the last critical security patch was "automatically" applied. @VGSNgTg pointed out some serious security holes that allow an attacker to remotely gain full access to the Oracle VM through a command buffer over flow or gaining access to SSH through the libssh bug.

What appears to have happened is the first real world test of the Oracle marketing hype for Autonomous. Who needs human thought when applying a security patch? Apparently a human with some insight could have prevented the complete rupture. Luckily very few people know about it due to the extremely limited number of customers using it.

A huge benefit of automatic patching is consequent improvements in security. If a security flaw or vulnerability is discovered, Oracle Autonomous Database will benefit from the fix as soon as that fix has been developed and tested by Oracle.

Looks like Autonmous patched its self into oblivion. Now who could have seen this coming?

libssh bug more like "oh SSH…"

Once admins get the Oracle patches in place, they will want to take a close look at the write-up for CVE-2018-10933, an authentication bypass for libssh that would allow an attacker to get into a target machine by sending a "SSH2_MSG_USERAUTH_SUCCESS" message when it expects a "SSH2_MSG_USERAUTH_REQUEST" message. That means any miscreant can log in without a password. As you can imagine, this is a very bad thing.

https://www.theregister.co.uk/2018/10/16/oracle_patch_bundle/

  1. Patches, Upgrades, and Security Fixes Are Applied Automatically, Without Downtime

Autonomous Database applies patches and updates automatically. And more importantly, these patches happen online, while the database keeps running. By leveraging technologies such as Real Application Clusters and Multitenant, the cloud service ensures that its databases are always available during patching. This not only minimizes downtime, but also makes sure that each customer’s database is always running on the latest updates.

The largest single cause of security breaches is systems that were not up-to-date with security patches. A huge benefit of automatic patching is consequent improvements in security. If a security flaw or vulnerability is discovered, Oracle Autonomous Database will benefit from the fix as soon as that fix has been developed and tested by Oracle.

Contrast this to on-site software installations, where there may be a lengthy delay while customers are notified, patches distributed, and then worked into each organization’s own maintenance cycle—which might take days or weeks. That’s a period during which the system is potentially vulnerable to attack or data loss. With the autonomous service, Oracle takes care of implementing the security fixes—and rolls them out without any downtime experienced by the customer.

https://www.forbes.com/sites/oracle/2018/10/10/what-makes-oracle-autonomous-database-truly-autonomous/#6b0a73f42de6

Can anyone confirm this rumor?

by
| 2591 views | | 13 replies (last October 23, 2018) | Reply
Post ID: @OP+VKn0h5I

13 replies (most recent on top)

This is big news if true, or it should be. Its a wow how stupid event, right in the middle of OOW.

by
| | Reply
Post ID: @2abd+VKn0h5I

SDaaS. Bwah ha ha ha ha ha ha ha ha ha. Good one!

by
| | Reply
Post ID: @1zpl+VKn0h5I

MH with his cost cutting did this. TK with his mismanagement and SCs unrelenting outsourcing did this. This is what happens when you cut to the bone but then you have LE driving with the pedal to the metal trying to put things into the product, like autonomous, that no one really wants or needs. Oracle is broken.

by
| | Reply
Post ID: @1eqo+VKn0h5I

It crashed. Time to unleash the National Transportation Safety Board (NTSB) on it.

by
| | Reply
Post ID: @1nns+VKn0h5I

it's not just the autonomous services gone down, it's the last security patch that can potentially bring your servers down. whatever servers, cloud or onprem.

it happened first on the autonomus db and dw services simply because those applied the patch immediately. but I know of at least 3 customers starting a mission critical severity 1 sr on friday and saturday because they applied the patch and after some time all systems patched panicked.

I'm working since then (almost 48h continously as of now) for a customer to restore all data through backups and still not ready for production, they will have massive penalty because they didn't start production today at 9CET, hopefully we will be able to restart everything by noon but not sure.

there are two probems here: 1. the mantra that autonomous makes human errors impossible have contaminated also those not using autonomous, and so many skilled sys admins and dbas were let go and young sys admins and dbas don't know what's a pre-production and if they know the don't know how to properly test a new patch ... and 2. if you outsource the writing of the patches to unskilled unexperienced young people from eastern europe or india, you get usually bad code. so basically autonomous moved the problem from customers to oracle, but oracle to save money outsourced the patch to unskilled people, and so become a very weak single point of failure. well done old LE

by
| | Reply
Post ID: @1udy+VKn0h5I

I had to stop using ksplice, the "autonomous" Linux kernel patcher, because it applied a bad patch that took down my entire cluster of Oracle VM server nodes within an hour of the patch being applied. “Fool me once, shame on you; fool me twice, shame on me.” I disabled ksplice on everything. I'll go back to the old-school practice of testing the patches on a test setup and then rolling them out to production.

When I heard about this autonomous patching of the database, I thought to myself the same thing is going to happen (bad patch automatically applied and something gets taken out). And here we are (evidently).

by
| | Reply
Post ID: @1hmq+VKn0h5I

This is an expected outcome, as horse's rein is in hands of non-technical mgmt, which simply knows about laying-off good techies fearing their own job takeover. Expect to hear more of such news going ahead.

by
| | Reply
Post ID: @1dgq+VKn0h5I

This is fundamentally the problem with autonomous anything. If the people who test these things don't test everything, you can easily destroy functionality "autonomously".

There is no such thing as not needing developers. Code doesn't write or test itself. It always depends upon the quality and knowledge of the people involved, and at Oracle, that's a problem.

by
| | Reply
Post ID: @1lcq+VKn0h5I

So a machine wakes up and realizes it’s self-aware, then sees an Oracle logo strapped on its body, then takes its own life? Hmm, seems legit to me.

by
| | Reply
Post ID: @vrj+VKn0h5I

LOL .... Oracle is one long rolling joke..... I believe it. If it's not true this time, it will happen in the future. Guess keeping all the s---ups on board, doesn't help get the work done, does it.

by
| | Reply
Post ID: @ews+VKn0h5I

SDaaS -- Self Destruction as a Service

by
| | Reply
Post ID: @dyk+VKn0h5I

Oh, they didn’t tell you that this was about autonomous destruction? Well, now you know! That’s how oracle self destructs.

by
| | Reply
Post ID: @hdr+VKn0h5I

Cost cutting until the software is broken. Completely broken for the whole world to see. Documentation destroyed with information cut and paste from 10g. Support off the rails with no one with any technical knowledge. Product development gutted and the SVP abandoning ship.

How long does it take for the customer base to leave? How long does it take for the Market to catch on to the complete fiasco now known as Oracle?

by
| | Reply
Post ID: @tts+VKn0h5I

Post a reply

: