Re: Oracle's relationships with expert DBAs (and the rest of us mere mortals)

  • From: "Paul Drake" <bdbafh@xxxxxxxxx>
  • To: niall.litchfield@xxxxxxxxx
  • Date: Wed, 31 May 2006 16:26:10 -0400

On 5/31/06, Niall Litchfield <niall.litchfield@xxxxxxxxx> wrote:


On 5/30/06, Mogens Nørrgaard <mln@xxxxxxxxxxxx> wrote:

>  Yo Mladen,
>
> So what is this now? I'm sitting here in Anjo Kolk's living room with
> one (just one!) whisky (40 years old) and one (just one) good beer, and then
> suddenly I'm unable to drink, because I see the most bitter, twisted and old
> man in the community not being able to accept when someone else than himself
> - or me - is making a joke?
>

The quote as reported, rather than as delivered, and from people who don't
know Mary-Ann but do know the public pronouncements by both her and David
Litchfield doesn't sound like a joke. Doesn't mean it wasn't one or that she
is stupid, just that understanding humour third hand without knowing the
person doesn't work well. It also doesn't necessarily indicate bad
journalism - its a good quote after all.

As to the substance, I happen to think that both David and Mary-Ann are
right, Oracle do need to improve internally, particularly on their
response to newly discovered bugs (since bugs will always happen) and yes
they can learn from Microsoft here; equally the prevalent culture of install
everything, run everything with maximum rights, don't apply patches and lock
down after the event needs to change. Security is a two way street and from
where I stand neither we as customers "it's all Oracle's fault" nor our
suppliers "it's all the fault of one or two individuals" are very good at
it.


-- Niall Litchfield Oracle DBA http://www.orawin.info



This one is going to get even better: (Thanks, Pete)

-----------------------------------------------------------------------------------------------------------------------
http://www.networkworld.com/news/2006/052506-w3c-oracles-davidson-coding.html

Oracle's security chief lambastes faulty coding

By Jeremy Kirk, IDG News Service, 05/25/06

Mary Ann Davidson, chief security officer for database giant Oracle,
remembers the first time she heard her company's marketing scheme that
advertised its database products as "unbreakable."

"I think my response was 'What idiot dreamed this up?," Davidson said
Thursday at the W3C conference in Edinburgh, Scotland.

...

"We use our own dumb-ass mistakes as examples," Davidson said. "Because if
you don't do that, developers think this is an academic argument."
-----------------------------------------------------------------------------------------------------------------------

Methinks that this won't get thru all of the corporate firewalls ...
Enjoy. I hope this isn't a repost.

Paul

Other related posts: