Well, there's a mystery solved at least.
I wondered who had inherited Jobs' Reality Distortion Field generator (since it obviously left Apple when he ascended to glory) and now we know.
Billionaire Oracle chief Larry Ellison has announced his company's public and private cloud services and a multi-tenant version of his core database product, completing his Saul-like conversion from befuddled skeptic. The database company's chief executive opened his annual Oracle Open World (OOW) conference announcing a …
Having heard the youtube clip you nicely linked I can understand why he said what he did from a Databse perspective back then. From a compute perspective he is funny I'll admit. Now they own Sun and getting there heard around there purchase and picking up from there stagnation of there new toy they are moving forward with Cloud's. Does this mean we can call Oracle fashin victims now :).
PXG is a serial offender I'm afraid.
Hopefully this is due to his using English as a second language in which case then he's doing better than I am in learning two languages but it is equally possible he is simply the result of our modern school system and their less than exemplary standards.
In fact I doubt he is an EaaSL speaker, because most of those who I've met have actually been better (English) writers than many natives speakers that I've met.
Oracle Listener ports are normally firewalled off because they are insecure as hell. Ca 1997 I could crash the Oracle Listener of Oracle 8 by telnet-ing into the port and then randomly hitting the keyboard. No password required whatsoever. Maybe my brain was a top secret hacker weapon then or maybe their code was pure shit.
You betcha (as Mad Sarah would say) that a "multi-tenant" Oracle database is a major security risk, if they have not re-written basically everything. I suspect their code is to 50% from the 1980s and crafty hackers will have a field day. Think of buffer overflows in SQL statements.
A colleague of mine recently crashed the MySQL server reliably with some sort of "unexpected" SQL recently. Of course that is a different Oracle product, but I fail to see why their "main" RDBMS should be substantially more safe. Maybe the good Larry can rationalize about it. His first version, that it is a big fat security risk without OS-level virtualization appears to be quite correct to me.
According to
http://www.cio.com/article/717632/Oracle_CEO_Ellison_Reveals_Most_Detail_to_Date_About_39_multitenant_39_12c_Database
Mr Larry does NOT do real multi-tenancy on the same database instance. Instead each customer apparently gets his own set of Oracle RDBMS processes. He essentially relies on the MMU of the processor to keep the hacker separate from valuable corporate data. So his 1980s code might be subverted, but that (might !) not be an issue. It WILL be an issue, if Oracle does not run the crap with very strict tcp/domain socket firewalling enabled. One customer's communication ports must not be reachable from other customer's processes. Otherwise the attacker will take over some Ora process (by means of buffer overflow which almost certainly exist in the millions of 80s/90s lines of code) and then try to connect to processes of other customers on that machine.
Essentially, he relies on Unix user permissions (to protect files, shared memory, semaphores etc) and firewalls such as iptables. Modern unices probably share executable code pages between processes and some filesystem state as compared to OS level virtualization. Instruction Cache usage will be better.
Is it worth the larger attack surface ?
"We own it. We manage it. We upgrade it. You only pay for what you use,"
Sounds like the IBM high-end systems model to me! Definitely a different track for Oracle to be going down, but not surprising given their software model. I can definitely see large organizations salivating at the thought of getting rid of those pesky, expensive Oracle and Solaris admins. The IBM System p and System z platforms run like this too -- you have some control since the machines are physically there, but the daily maintenance is handled by IBM and they send out part-swappers when physical tasks need to be performed. The machine even calls in the tickets by itself. And when you want more capacity, they just turn on more processors, which they happily provide you because the cost to use them way outweighs the cost of providing the physical hardware to your site.
Only problem with this model? Huge hundreds-of-percent margin for the vendor and massive lock in. Imagine trying to extract something like this private, Oracle-managed cloud from your datacenter. Not that locally run Solaris and Oracle software are any less of a lock-in, but when you own the systems you at least have the option to get rid of it without rebuying things. I can see a couple of customer types for this service -- customers who just want to absolve themselves of any responsibility beyond paying the IT bill, and those without the staffing levels to work through all the crazy Oracle software problems that pop up from day to day.
Multi-Tenancy databases are a pain in the arse, couldn't agree more having to had to deal with multiple apps in one DB due budgetary constraints! Although isn't it interesting that if you start segregating apps into their own little databases that you have have a more interesting licensing deal to negotiate with Old Tom, sorry Larry?
"We own it. We manage it. We upgrade it. You only pay for what you use,"
Who pays the electricity bill?
You can buy perfectly respectable ex-corporate HP and Dell servers on eBay for £20-30 and I used to run a couple for fun (including an Oracle database) but the fun had to stop when I got the electricity bill:it was costing me £30 a month to run £40's worth of server - which is the first nearly convincing argument I've heard for trusting corporate data to the Cloud!
AndyD 8-)#