January 11, 2010 3:47 PM
Posted by: Shayna Garlick
In Oracle’s last Critical Patch Update, the company released 38 fixes for 21 affected products, most notably some repair work for Oracle 11g, Oracle Application Server and Oracle WebLogic Server. This batch marked the first time that three fixes for Oracle’s core database had the highest vulnerability rating.
What can we expect this time around?
Oracle’s latest Critical Patch Update, to be released Jan. 12, contains only 24 new fixes, according to Oracle’s pre-release announcement. Affected products include the Oracle Database, Primavera, Oracle Application Server, Oracle E-Business Suite and Oracle WebLogic Server.
These vulnerabilities are rated on the CVSS 2.0 scoring system, with metrics that include ease of exploit and impact of a successful attack. Vulnerabilities are scored from 0.0 to 10.0, with 10.0 representing the most severe vulnerability.
Three products in this Patch Update contain vulnerabilities with a 10.0 score including Oracle Database Server and Oracle Secure Backup, both part of Oracle Database products, and the Oracle JRockit in the Oracle BEA Products Suite.
At this time last year, Oracle had 41 security fixes, and we asked the question: Are Oracle’s Critical Patch Updates really that critical?
We received a variety of responses. Some of you didn’t install them because you thought they were “just patches for pretend problems, invented by some security ‘expert’,” while others felt the patches were indeed critical, and fairly easy to apply.
Have your views on Oracle patches changed in the last year? Do you install them? If not, why not?
January 6, 2010 3:15 PM
Posted by: Shayna Garlick
It looks like Oracle is heading into the New Year with not just one, but two, legal battles to fight.
In addition to its antitrust hearings with the European Commission – from which we have still not heard any definitive news – Oracle has now been slapped with a lawsuit by the Georgia-based MB Technologies, the developer of a toolkit called Bindows.
According to MB, Oracle is violating a license agreement and unlawfully using the toolkit, which allows users to create an interface for their Web applications that has the “exact look and feel of Windows,” to develop user interfaces for its upcoming Fusion applications suite.
Oracle entered into a license agreement with Hyperion in 2004, and when Oracle acquired Hyperion in 2007, the software giant stated that it would only use the Bindows technology for Hyperion products that existed at the time of the acquisition, according to this PC World article.
The article also states that in October 2007, Oracle sent MB a new draft of its licensing agreement addendum that included a section in which it said it would license Bindows for use in Fusion apps. However, the two companies could not agree on a price and the section was removed.
Or so, MB thought. It recently learned from an Oracle executive that Oracle is using Bindows for EPM components in Fusion apps. After attempts to agree on a price and reach out to Oracle were apparently unsuccessful, MB decided to sue for a variety of damages.
Will this affect the release of the Fusion applications suite, which debuted at Oracle OpenWorld and is set to be released in 2010? That remains to be seen, as Oracle has not provided comment or filed a response. One would think however, that with all Oracle has on its plate with the approval of the Sun acquisition still in play, the software giant would be quick to get this one out of the way.
December 23, 2009 5:24 PM
Posted by: Ed Scannell
, Oracle-Sun deal
With Oracle and the European Commission (EC) on the verge of reaching agreement over the former’s proposed possession of MySQL, hopefully this is the last time I talk about the latter’s confounding lack of understanding about the open source market.
While the EC has now spent well over three months investigating the dangers of Oracle owning both the leading proprietary and open source databases fearing it would use its monopoly position for evil, their answer for achieving competitive balance in the market was out in plain view.
In a word that answer is Postgres. The Postgres open source database is not only a respected competitor in the open source database market, but has a feature set that allows it to compete against some higher-end proprietary database.
“If their (EC’s) goal is to promote competitiveness and have a truly independent open source project with hundreds of thousands of users that serves as an alternative to Oracle they should focus on Postgres,” said Ed Boyajian, EnterpriseDB’s President and CEO.
Granted, EnterpriseDB may be the biggest supporter of Postgres and has built its business around the product. But Boyajian makes a couple of important points as to why Postgres can keep democracy alive in the open source database market.
For instance, from the start MySQL was built to accommodate the creation of lightweight, Web-based apps developers can use to create using scripting languages, it was hardly meant to create applications capable of handling heavy duty workloads.
“MySQL helped create apps that were read intensive, Web-based, not the sort of apps created by traditional corporate developers who work with C and C++ and Java. The fact is MySQL never competed with Oracle for that type of workload,” Boyajian said.
Postgres on the other hand is designed to create true enterprise-class applications that require concurrency and data consistency, according to Boyajian, the kind of applications that can give Oracle and IBM a run for its money.
“This is not a subtle thing to the people in the database market, but it looks to be a subtlety to the EC. This is something they are not fully understanding in this investigation,” Boyajian said.
What bolstered Postgres’ position as a strong alternative to MySQL is the recent investment by IBM in Enterprise DB. With IBM’s backing — a major competitor to Oracle in the proprietary database market and strong supporter of open source – Postgres future looks pretty secure.
The other distinction the EC has seemed to overlook, Boyajian notes, is the basic fact there are two kinds of open source companies: those that are community controlled and so truly independent like Postgres, Apache and Linux; and those which are commercially sponsored such as MySQL and JBoss.
This is not to say a commercially sponsored open source product can’t be successful. After all the creators of MySQL sold it to Sun for $1 billion, but it will be better for users to have an alternative that doesn’t come with a Big Brother lurking over its shoulder.
Let’s hope with the dawning of the New Year, the EC confirms reports last week’s reports it has come to some meaningful compromise with Oracle so we can save jobs at Sun, stimulate competition among enterprise competitors, and put all this nonsense behind us.
December 15, 2009 10:26 PM
Posted by: Ed Scannell
, Oracle-Sun deal
It’s almost done.
After three months of investigation, and some pointed exchanges between the two along the way, it appears Oracle and the European Commission are on the verge of settling their differences over Oracle’s proposed acquisition of Sun Microsystems.
Earlier today the EC issued a statement indicating Oracle had made a number of concessions that eased its antitrust concerns, and were now “optimistic” that such a deal would not pose a threat to the European database market, according to a story in the New York Times.
According to the report, Oracle has agreed to protect the viability of the MySQL open source database, meaning it would not discontinue it or otherwise not support and maintain it as well as they could, thereby opening up more opportunity for Oracle’s own proprietary database.
Neelie Kroes, the EU’s Competition Commissioner, said that Oracle has made “significant” commitments to support MySQL, and that once Oracle takes over MySQL promises to extend MySQL’s existing licenses for up to five years. Oracle will also pledge to make guarantees to end user organizations and individuals now using MySQL that it will not pursue intellectual property claims, according to the Times story.
In a statement Kroes said she believed the commission’s investigation would have “a satisfactory outcome.”
Another concession by Oracle involves spending over $72 million spread over the next three years on research and development that would go towards improving MySQL, a sum Oracle has claims is more money than Sun itself had spent on developing the program.
Also, Oracle promises to spend more than $72 million over the next three years in research and development to improve and refine MySQL, which Oracle said was more money than Sun had been spending on developing the program.
While the parties seem to be a matter of days from finalizing an agreement, some European observers quoted in the Times story caution that the deal is not a certainty and will not be until both parties jointly announce it.
There was no indication in the EU’s statement or from Oracle officials when the EU’s approval of the Sun acquisition would formally be announced.
December 8, 2009 9:52 PM
Posted by: Shayna Garlick
, Oracle open source
Up until now, most of the opinions we’ve heard about the possible fate of MySQL in the hands of Oracle have been limited to Oracle and the European Commission (EC). Well, at least until Dec. 10 when Oracle competitors are expected to offer their views of Oracle taking charge of the world’s leading open source database.
But exactly how would Oracle taking control of the open source database affect open source software users themselves?
The 451 Group, an independent technology-industry analyst company, recently tried to gain insight into this question by surveying a group of 1,000+ members of the “Commercial Adoption of Open Source (CAOS) open source user community,” asking them about their MySQL usage and opinions on the Oracle-Sun acquisition.
According to the results of that survey, MySQL usage is expected to drop if Oracle gains control of the open source database. The report said that while 82.1% of the respondents use MySQL today, that number will decline to 78.7% in 2011 and 72.3 % in 2014. This is further borne out as 15% of open source users and 14.4% MySQL users said they would be less likely to use the product if indeed Oracle acquires it, according to the report.
But can the survey results be used as an accurate forecaster of what would happen should Oracle come into possession of MySQL?
This part seems a bit tricky. For example, the survey is only focusing on a 347-person sample when current open source users number in the millions. A much broader sampling could very likely bring a very different result. And isn’t Oracle’s argument centered on the idea that since it does not directly compete with MySQL, it has no motive to make changes to the open source database?
Still, this survey shows that not everyone has faith in Oracle’s stated MySQL motives. Only 4.3% of respondents thought that Oracle should sell it to another vendor, but 32.6% thought that Oracle should set up an independent foundation for MySQL. And with recent rumored reports of a compromise by Oracle in which it will set up a separate MySQL business unit, that just might be the direction in which the software giant is heading.
Are you an open source software user? Does it matter to you who owns the open source software you use? Are you apprehensive about Oracle gaining ownership of MySQL? Let us know what you think.
December 4, 2009 3:55 PM
Posted by: Ed Scannell
, open source database
, Oracle-Sun deal
In his eyeball-to-eyeball stare down with the European Commission (EC) over MySQL, Oracle chairman Larry Ellison may have blinked.
Multiple reports today say Ellison is willing to setup a separate entity within the combined Oracle-Sun that would be responsible for operating the MySQL open source database business, as a way to appease the EC and bring to a swift end that organization’s three-month long investigation of the deal.
Reports say Oracle plans to present the proposal to the EC before its scheduled Dec. 10 hearing with that agency in Brussels. At that meeting Oracle is expected to present its case for why its gaining control of MySQL will not create unfair competition in the database market thereby limiting buying choices among European buyers.
Oracle’s decision to initiate a compromise comes as something of a surprise, given the decidedly uncompromising comments Ellison made less than a month ago saying he planned to “vigorously oppose the European Commission’s Statement of Objections,” and he was confident that Oracle would “obtain unconditional clearance of the transaction.”
There were no specifics in the reports detailing exactly how a firewall would be set up between MySQL and the rest of the Oracle-Sun business, particularly Oracle’s proprietary database business. Oracle reportedly however is willing to establish a separate board of directors for the proposed entity overseeing MySQL’s business.
December 2, 2009 4:21 PM
Posted by: Ed Scannell
, European Commission
, Larry Ellison
, Sun Microsystems
This past March I wrote a blog inspired by some bold remarks Oracle chairman Larry Ellison made a while ago, predicting there eventually would be only three legitimate competitors left in the IT world.
Oracle, of course, was going to be one of them along with IBM and Hewlett-Packard. Larry didn’t consider Microsoft or Dell to be legitimate competitors selling to large enterprises and/or he assumed they would be marginalized by the competitive strategies of Oracle and the other two surviving kings of IT.
About a month after that blog, Oracle announced its plans to acquire Sun Microsystems, and it appeared Larry had taken a giant step toward crystallizing his prediction. Indeed, acquiring the core assets of Sun gives him all of the major hardware and software assets – both proprietary and open source — he lacked to compete worldwide against IBM. The delicious irony there was Larry grabbed Sun away from IBM.
I did note in that March blog that what would secure Oracle’s fate as one of the last three IT survivors, once it acquired Sun, would be buying Red Hat given its dominant position in the open source world. As cost-conscious IT shops both large and small gravitate in even bigger numbers to open source, I still think Oracle will buy them over the next year or two.
But since early September, when the European Commission (EC) announced it was going to investigate the Oracle-Sun deal, focusing particularly on Oracle’s possession of the open source MySQL database, Larry’s plan for domination of Planet IT is on hold.
It remains inconceivable to me that the EC will block this deal, a deal that passed muster with the U.S. Department of Justice. But now seeing the almost religious crusade the EC is on more clearly, together with the almost legendary obstinance of one Lawrence Joseph Ellison, it now seems a more real possibility the deal could be blocked. I suppose we’ll know better how to evaluate that prospect after the Dec. 10 meeting where Oracle gets to plead its case, and certainly by Jan. 27, which is the deadline for the EC to make its final ruling.
But if it does happen, and Larry doesn’t pursue what figures to be a lengthy process through the European courts, it will be bad not only for Sun but for Oracle as well. It’s bad for Sun for obvious reasons given its rapidly declining market share and revenues in servers. With Sun losing $100 million a month the last few months, who would be interested in taking it over? No one is my guess, not even IBM which made a generous offer in hindsight.
But Oracle will suffer, too. It will certainly have to give up its dreams of selling a variety of integrated hardware-software stacks, something top company officials have made clear would give them a huge advantage over its software-only competitors such as SAP and Microsoft. It won’t be able to compete as a broad-based solutions provider armed with chips, servers, storage devices, a significantly expanded open source portfolio and, oh yeah, control of a little piece of software called Java ala IBM.
It will have to revert back to being plain ol’ Oracle. Not that it’s bad thing to be a $25 billion company with a commanding share of the database market with its fire hose-like flow of maintenance revenues, as well as being a major contender in several other enterprise software markets. And Larry can still be as bad as he wants to be, flamboyant, brash and intimidating competitors as well as his own users alike. He’ll just have to do it without the collection of shiny hardware toys.
More seriously, not only will Oracle not have these weapons, but in the meantime its major archrivals have grown and will grow stronger. IBM will be an even more formidable presence when it comes to selling hardware-software-services solutions without Oracle-Sun to compete with.
Without MySQL Oracle will not be able to take advantage of the growing service and maintenance revenues in the open source database market and not have the chance to help shape the direction of open source in general.
Without Sun’s portfolio of virtualization and storage products, competitors such as VMware, IBM and Microsoft can lengthen their already significant lead over Oracle in areas such as cloud computing. (And yes I know Larry doesn’t formally recognize the term cloud computing, but he sure would recognize the future revenues from it).
If Larry’s prediction of a three-company IT world doesn’t come to pass, it won’t be for his lack of trying. Who knows, Larry may actually like living in a five-, six-, or seven-company IT world. One thing I do know, if the latter scenario comes to pass Sun as we know it won’t be around to see it.
Let’s hope for the sake of thousands of American jobs the EC wakes up and approves this deal so another iconic high tech company doesn’t fade away.
November 20, 2009 5:51 PM
Posted by: Shayna Garlick
, Oracle-Sun deal
The European Union (EU) has not been making Oracle’s acquisition of Sun an easy one, putting the “acquisition machine” in quite a different situation than it’s used to.
The deal, which has already been approved by the U.S. Department of Justice, came under scrutiny by the EU in September, when European regulators expressed concern over many parts of the takeover, especially Oracle’s pending ownership of Sun’s MySQL open source database.
Then, earlier this month, the European Commission (EC) released a Formal Statement of Objections against the deal. The EC said that Oracle has not yet shown evidence that the deal does not violate European laws regulating unfair competition. Oracle responded with its own statement, which included that the acquisition “does not threaten to reduce competition in the slightest, including the database market,” and the EC’s concerns about MySQL show that they do not understand the idea of open source.
Now, however, it looks like European regulators are giving Oracle something they want — or are they?
Oracle has asked for more time to develop its argument against the EC’s concerns, and the EC announced today that it would extend the deadline of its antitrust review of the deal from Jan. 19 to Jan. 27.
But is an extra six working days really enough time?
That remains to be seen, but it does look like European regulators aren’t the only ones working against Oracle. For example, Florian Mueller, coordinating opposition to Oracle’s purchase of Sun Microsystems and MySQL, sent a note today applauding the news that the EU granted Oracle a delay – but for a different reason than Oracle may have.
“If the EU’s objections were baseless, Oracle wouldn’t need more time now to develop its arguments. The best way Oracle can make use of this extra week is to think really hard about selling MySQL to a suitable third party,” he wrote.
Is there any chance that the EU will approve the deal with so many objections? We’ll now have to wait an extra six days to find out.
November 18, 2009 3:21 PM
Posted by: Ed Scannell
, Indepedent Oracle Users Group
, Oracle-Sun deal
As tension builds in the standoff between Oracle and the European Commission (EC) over Oracle’s proposed ownership of MySQL, Redwood Shores has picked up the support of the Independent Oracle Users Group (IOUG).
This is hardly a stunning development, although Chairman Ellison may find some comfort in knowing he has the backing of 20,000 database administrators, developers, architects, technical managers as he continues on his crusade.
Late last week the IOUG released a letter opposing the EC’s Statement of Objection, in which the EC made clear – again — what would happen to European users’ freedom of choice if Oracle controlled both its own dominant proprietary database and MySQL.
In the IOUG letter president Ian Abramson tried to make the case that by owning MySQL, Oracle would actually increase competition in the database market instead of limiting it. As evidence he pointed to Oracle’s staunch support of open standards along with how it has treated several open source technologies it has acquired over the past decade.
“Consistently, Oracle has demonstrated its intention to define standard approaches that are open to all, and the acquisition of MySQL is expected to be no different,” Abramson wrote. “Oracle has shown it is a company that supports open standards. We anticipate that Oracle will continue to foster innovation and openness with MySQL following the acquisition and not hinder competition.”
Underlining his point about how well Oracle is capable of working and playing well with others in the open source world, he cites several acquisitions the company has made and how well those technologies have done since including TimesTen, Berkeley DB and Hyperion’s Essbase.
Abramson added that should Oracle decide to “deviate” from this pattern of behavior of the way it has treated the technologies it has acquired, it is his belief the market would be quick to drive a whole new set of viable competitors into the open source world.
In the latest go round involving the EC’s Statement Of Objection to the Oracle-Sun deal, Ellison and the EC’s Neelie Kroes slapped each other around pretty good. Ellison gave the EC a backhander saying its objections were based on a “profound misunderstanding of how open source worked, and Kroes countered with a sharp left hook labeling Ellison’s criticism as “facile and superficial.”
Why is this battle over a free piece of software, which represents such a small part of the overall $7.4 billion deal growing increasingly contentious? Some good answers were given in a New York Times story that points out this case is helping surface the very different views of open source software.
First open source software is much more economically important to Europeans than it is to Americans. In the story Michael Cusumano, a professor at MIT’s Sloan School of Management says the trans-Atlantic “megawar” makes sense in that “the Europeans come to the defense of open-source companies because the big proprietary companies are nearly all American.”
The story goes on to say European governments have looked at open source software as a “potential tool of economic development and independence.” For instance, according to the story, several major European countries actively encourage local and central governments to consider products like MySQL and Linux over proprietary platform such as Oracle databases and Microsoft’s Windows.
The EC is clearly considering what this decision might mean to the overall health of some European economies. It appears to be a much more important consideration to the EC than it was to the U.S. Department of Justice who approved the deal with not too much muss and fuss months ago.
So this battle could serve to resolve a much larger issue than what havoc Oracle might wreak among its competitors with a free database. It continues to be a crime that Sun employees lose their jobs as these two haggle over what this solution should be? If it goes badly for Oracle at the scheduled Nov. 25 meeting with the EC, and the latter formally blocks the deal by the Jan. 19 deadline, and if Oracle decides to take the EC through a protracted trial, there won’t enough of Sun left to make this worth Oracle’s while.