Included in the patch are critical fixes for Java SE and the Oracle Sun Systems Products Suite.
All up this means that the update contains nearly 170 new security vulnerability fixes, including 36 for Oracle Fusion Middleware. Twenty-eight of these may be remotely exploitable without authentication and can possibly be exploited over a network without the need for a username and password.
The worst of the bugs are in Java SE, Fujitsu M10-1, M10-4 and M10-4S. In the case of Java SE, a CVSS Base Score of 10.0 was reported for four distinct client-only vulnerabilities.
Writing in the company blog, Oracle said that out of these 19 Java vulnerabilities, 15 affect client-only installations, two affect client and server installations, and two affect JSSE installations.
The blog says that the lower number of Oracle Java SE fixes reflect the results of Oracle’s strategy for addressing security bugs affecting Java clients and improving security development practices in the Java development organization.
While that might be true, the ton of patches in the rest of the software suggests that while Java is being closely watched, other bits are not.
In the case of the Oracle Sun Systems Products Suite, CVE-2013-4784 has a CVSS rating of 10.0 and affects XCP Firmware versions prior to XCP 2232. Overall, there are 29 security fixes for the suite.
The update also includes eight new security fixes for Oracle Database Server, none of which are remotely exploitable without authentication. Oracle MySQL has nine security fixes.
There are also: 10 fixes for Oracle Enterprise Manager Grid Control; 10 for Oracle E-Business Suite; six for the Oracle Supply Chain Products Suite; seven security fixes for Oracle PeopleSoft products; 17 for Oracle Siebel CRM; one for Oracle JD Edwards Products; two for Oracle iLearning; two for Oracle Communications Applications; one for Oracle Retail Applications; one for Oracle Health Sciences Applications and 11 new security fixes for Oracle Virtualisation.
Ellison introduced the company’s X5 as “the future of the datacentre” based on Intel Xeon® E5-2600 v3 processor family (Haswell-EP with up to 32 cores) and support for high bandwidth NVM Express (NVMe) flash drives.
The X5-2, a 1U two socket server, is designed and optimised for running Oracle Database in a clustered configuration. Optional four NVMe drives can be used to accelerate Database performace via Smart Flash Cache. This server is targeted at high-density vitualization environments.
The X5-2L, a 2U platform, is targeted for single-node databases and enterprise storage applications. The supports up to 758GB of memory, and configured for a maximum of 50.4TB of direct attached storage.
Also announced was Oracle’s NVM Express (NVMe) design providing up to 6.4TB of hot-swappable flash providing 2.5X the data rate of older SAS3 SSD interface drives using PCIe Gen3 Small Form Factor NVM SSD drives (12Gb/s vs. 32Gb/s). NVM Express flash technology is optimized to accelerate Oracle Database using a feature called Database Smart Flash Cache. This feature keeps recently accessed data warm in flash storage, reducing the chance that the database needs to fetch the data from slower magnetic media that may be direct attached or resident on a NAS/SAN fabric. In addition to the high-bandwidth interface to the NVM Express SSDs, the flash technology itself has been engineered to be high-endurance and write-optimized for Oracle Database.
Ellison’s new “vision” entails connecting datacentres efficiently and at lowest cost to the cloud – “There has to be some degree of compatibility between the public cloud and your private datacentre”, Ellison said.
Ellison emphasised Oracle’s “new strategy” using Intel processors to compete for the two-socket core business. The new “Virtual Compute Appliance X5” converged infrastructure system, consists of compute servers and software defined networking.
That integration comes in the form of th Virtual Compute Appliance X5 converged infrastructure system, consisting of compute servers, software-defined networking and Oracle designed hardware. Ellison went on to highlight the company’s abilities in software defined configuration of server and storage networks on VCA, supporting infiniband internal networking with external connectivity provided by Ethernet and Fibre Channel to link with existing networks.
Included within the X5 product portfolio are Oracle’s Big Data Appliance for Hadoop and NoSQL big data jobs and Exalogic X5-2 for private clouds.
Ellison described Oracles Zero Data Loss Recovery Appliance capable of full data recovery with real-time “redo” transport and fully automated recovery functions, log re-examination with extraction of malicious transactions followed by re-entry of those processes again allows the appliance to be restored to any point in time.
Further the appliance, which can handle thousands of databases with backup connections to on-site datacentre, remote datacenters and cloud. “The big deal is it’s fully automated, so it’s easy to operate, and you never lose data. It’s a no brainer appliance as we have, “Ellison stated.
Ellison reminded the audience that “Oracle manufactures tests and supports all of these products in-house”, naming rivals Cisco, EMC, VMware, Microsoft and Red Hat hinting at more expensive and fragmented support by rivals. Further “One appliance alone can handle thousands of databases with potential backup connections to on-site datacentres, remote datacentres, and the cloud.” he said.
“The big deal is it’s fully automated, so it’s easy to operate, and you never lose data. It’s as a no-brainer appliance as we have,” Ellison remarked.
He further stressed Oracle has manufactured, tested, and support all these pieces in-house, calling out rivals Cisco, EMC, VMware, Microsoft, and Red Hat and hinting at more fragmented (not to mention expensive) deployment options. All X5 machines are available now.
The rumor of the Intel invasion of Oracle has been circulating since OracleWorld 2012. This is a major shift for Oracle. The company’s management, currently in the midst of a “reinvention period”, includes the fact that Larry Ellison is executing a gradual accession plan as he moves toward retirement.
The X5 release is seen as one aspect of the company’s new strategy – one in which the company protects their private datacentre market base while adjusting to a world increasingly enveloped by the evolution of open hardware, software and the cloud. Ellison is a sharp toothed shark and Oracle is having a problem finding a way to replace his natural instincts – how this evolves is another one of those “only in the valley” stories.
It is looking like a very good year for Intel’s E5000 series though…,
The appointment of Safra Catz and Mark Hurd as co-CEOs at Oracle made considerable sense to Wall Street, but sources in the database firm were surprised that Thomas Kurian did not come out of it as well as they expected.
This indicates that Chairman Larry Ellision is up to something.
Kurian was appointed president of software development, but that seems to underplay his importance at Oracle.
Reuters points out that Ellison often turns to Kurian for a second opinion and affirmation on product decisions and conversations.
A former executive told Reuters that Ellison always looks back at Thomas and asks him what he thinks.
This has led many to believe that Kurian, not Herd or Catz will end up replacing Ellison when the 70 year old retires.
After Hurd and Catz were promoted, top executives worried about keeping Kurian motivated and happy. He continued to report directly to Ellison, now executive chairman of the board, along with Hurd, Catz and two others.
Ellison seems to be in no hurry to leave and was appointed Oracle’s chief technology officer in September, but he has in recent years spent an increasing amount of time on other interests, including his sailing team, and as he develops the Hawaiian island he largely controls into an eco-tourism destination.
When Ellison does eventually hand over the reins, he will want to entrust Oracle to someone who lives and breathes technology, and Kurian is seen fitting that job description best among the top executives.
However outside Oracle Kurian is an unknown. He is seen as a technologist who understands Oracle’s products inside out, works long hours, executes Ellison’s vision and is pants at small talk.
He is the man behind Oracle’s middleware business developing into a substantial enterprise and Oracle’s vast and still rapidly evolving suite of products, from business software applications to servers and databases.
Ellison has put him in charge of the company’s move to the cloud and if he manages it, it will be difficult for his detractors to deny him the top spot.
What stands against him is his tendency not to delegate and he likes to get involved in a minutia.
However the same applies to Ellison, and it would appear that he has plans for Kurian, which should worry the Herd of Katz he has placed as joint CEOs.
For those who came in late, Oracle sued SAP over its TomorrowNow unit, which the German company bought to provide software support to Oracle customers at lower rates than what Oracle charged, hoping to persuade them to become SAP customers.
In 2007 Oracle noticed thousands of suspicious downloads of its software. A California jury awarded Oracle $1.3 billion in 2010, but that amount was knocked down in subsequent judicial rulings. Earlier this year a federal appeals court said Oracle could either accept $356.7 million, or opt for a retrial against SAP.
Oracle’s general counsel Dorian Daley called the end of the case a “landmark recovery “ and was “extremely gratified that our efforts to protect innovation and our shareholders’ interests are duly rewarded”.
SAP said it was pleased that the courts “ultimately accepted SAP’s arguments to limit Oracle’s excessive damages claims and that Oracle has finally chosen to end this matter.”
SAP conceded that its employees were illegally downloading Oracle files, but it could not agree with Oracle on how much it should pay. The 2010 trial between the two companies was widely watched, as top Oracle executives Larry Ellison and Safra Catz testified.
There was also a criminal probe, which SAP agreed to pay $20 million to make go away.
Aurora is Amazon’s relational database which it claims is just as capable as proprietary database engines and costs 90 percent less.
Aurora is the latest battle in a long war with Oracle which started with Amazon’s RedShift a few years ago.
The database will compete with MySQL, SQL Server, PostgreSQL, and yes Oracle on the company’s Relational Database Service (RDS) lineup. And it is compatible with MySQL, Amazon said.
Amazon has worked out that people have had a gutsful of Oracle’s cost structure and refusal to budge from older licensing models. The outfit has mostly saved itself because no one wants to dump their database.
To try to encourage the Oracle, Amazon has released a new AWS CodeDeploy, code-named Apollo, which the company said will enable rolling upgrades and ease deployments to multiple instances. It is available now and will work with customers’ existing toolsets.
King of consumer toys, Apple is attempting its biggest push into the consumer market, according to Reuters.
Reuters claims that Apple is hiring a dedicated sales force just to talk with potential clients like Citigroup.
This is on top of its partnership with IBM to develop apps for corporate clients and sell them on devices, the iPhone maker plans to challenge sector leaders HP, Dell, Oracle and SAP.
Of course no one is saying much in the way of details, Reuters seems to think that the deal with Big Blue will mean that Apple will be welcomed into the corporate world and give HP and Dell a kicking. This will result in the collapse of Microsoft, Samsung and Google’s own efforts in mobile work applications.
Apparently Job’s Mob is working closely with a group of startups, including ServiceMax and PlanGrid, that already specialise in selling apps to corporate America. Apple is already in talks with other mobile enterprise developers to bring them into a more formal partnership.
For example, PlanGrid is a mobile app for construction workers to share and view blueprints. ServiceMax is a mobile app that makes it easy for companies to manage fleets of field service technicians by ensuring they have access to the right information.
ServiceMax, whose existing customers include Procter & Gamble (PG.N) and DuPont, has co-hosted eight dinners with Apple over the past year in locations across the United States. About 25 or 30 chief information officers and “chief service officers” typically show up at these joint marketing and sales events.
But there are huge problems with Reuter’s desire to see Apple in charge of the world. The most obvious is that Apple makes toys it does not make corporate devices. Corporates are obsessed with security, Apple’s iCloud can’t even protect b list celebs from having their naked pictures being hacked.
Tablets were an Apple inspired Fad and any belief that corporates will rush to buy them never really happened. If they are ever adopted by corporates, they will be a low-level function which will require something a lot cheaper than Jobs’ Mob wants to support. Apple really needed BYOD to take off, which it didn’t.
Apple’s success has been due to its cult following, but religion does not work very well when it comes to business. Apple lacks functionality with business systems, corporates also take a dim view of the sort of things that Apple user agreements desire from their followers. Apple is also slow to confirm security flaws, and even slower to fix them. Its insistence on its own security, rather than that of the client also does not sit well with big business.
In short, to get business customers, Apple needs to change its mentality – something historically it has been unable to do. It not only has to deal with the experts in business, such as Microsoft, HP, Dell and SAP, its traditional rivals, such as Samsung are also harbour similar ambitions.
Samsung has confirmed that it is stepping up its efforts to sell devices to large enterprise clients and hired former chief information officer Robin Bienfait to spearhead that effort. It might hit the same experience problems that Apple has, and there is no reason to suspect it will be any more successful.
Apple’s IBM partnership might not be that key to the corporations either. It relies on IBM’s sales team selling Apple projects. IBM has as much experience selling consumer products as Apple has selling into business. Jobs’ Mob also has no clue about business software, which is the key to getting into the business market — for decades its networking technology has been the weak point of the few Apple installations in corporates.
Apple appears to hope that if it can hook the client on the software and content, they will keep them coming back for the hardware. However, that simply does not work in the corporates. Hell, Microsoft was unable to get corporates to upgrade to Windows 7 because they could not see a need. What chance does Apple’s business model have against that attitude?
The report said that demand for fast data access and storage continues to rise and that’s creating more and more datacentres. Datacentre automation is sometimes known as Software Defined Data Centres (SDDCs). Automation helps management deal with scalability, flexibility, manageability and reduced costs.
The market research company said it segments the datacentre automation market by hardware such as network automation, server automation and storage automation. It also values the secor by service including consulting services, installation and support.
The demand for data is forcing businesses to either build new datacentres or upgrade existing sites.
And the cost of datacentre infrastructure continues to increase at the same time as IT budgets continues to decrease.
Majr vendors in the industry include HP, Oracle, Dell, Brocade, Cisco, IBM, CA and BMC Software.
The suit against Microsoft filed by former employees Deserae Ryan and Trent Rau charges, among other things, that Microsoft and other companies entered into anti-solicitation and restricted hiring agreements without the consent or knowledge of its workers.
Oracle, Microsoft and Ask.com are facing suits alleging that they conspired to restrict hiring of staff. The suits are connected to a memo which names a large number of companies that allegedly had special arrangements with Google to prevent poaching of staff.
The document was filed as an exhibit in another class action suit in the US District Court for the Northern District of California, San Jose division over hiring practices. The tech workers who filed that suit alleged that Google, Apple, Intel, Adobe, Intuit, Lucasfilm and Pixar put each other’s employees off-limits to other companies by introducing measures such as “do-not-cold-call” lists.
Those seven tech companies had earlier settled similar charges in 2010 with the U.S. Department of Justice while admitting no wrongdoing, but agreed not to ban cold calling and enter into any agreements that prevent competition for employees.
Google, Apple, Adobe and Intel appealed in September District Judge Lucy Koh’s rejection of a proposed settlement of US$324.5 million with the tech workers, which she found was too low. Intuit, Lucasfilm and Pixar had previously settled for about $20 million.
Now it seems that former employees filing lawsuits against Microsoft, Ask.com and Oracle have asked that the cases be assigned to Judge Koh as there were similarities with the case against Google, Apple and others.
The companies might try to say that since the DOJ did not see it fit to prosecute them before 2010 they must have been legal.
Oracle said that it was excluded from all prior litigation filed in this matter because all the parties investigating the issue concluded there was absolutely no evidence that Oracle was involved.
Microsoft said the employees omit the fact that the DOJ looked into the same claims in 2009 and decided there was no reason to pursue a case against the company.
Ellison has given up his position as chief executive of the enterprise software behemoth he co-founded 37 years ago, however he stuck to his tradition of delivering the main presentation at Oracle OpenWorld. Oracle will now depend on a two headed CEO monster based around presidents Safra Catz and Mark Hurd.
The 70-year-old Ellison is staying on as executive chairman and chief technology officer and as far as developers were concerned it was him that they had come to hear.
Speaking to a standing-room-only crowd in a football-field-sized room, Ellison mostly pitched Oracle’s newest offerings in software and cloud computing.
But he won laughter with a handful of off-script comments about his new role at the company, including one during a demonstration of a new service that lets customers easily move applications from their own data centres to Oracle’s cloud.
“I’m CTO now, I have to do my demos by myself. I used to have help, now it’s gone,” Ellison joked. “I love my new job by the way.”
As he filled in a webpage as part of the same demonstration, he joked, “They took away my CEO title, they took away my name. It’s been a rough few weeks.”
In an IT world which has lost Bill Gates, Steve Ballmer and Steve Jobs over the last few years, Ellison was one of the few left who could still rustle up a good show.
Close to 60,000 people were enrolled for this year’s OpenWorld, which includes technical courses, cocktail parties and a concert by Aerosmith
Ellison apologised to the assorted throngs for skipping his keynote speech at last year’s OpenWorld to be on the water with his Oracle Team USA sailing team during the final neck-and-neck races of the America’s Cup regatta.
It was the second presentation in three days that Ellison devoted to talking up the progress Oracle has made in cloud computing, which accounts for just five percent of his company’s revenue.
IDC defines integrated infrastructure and platforms as pre-integrated certified systems containin server hardware, disk storage systems, networking equipment and systems management software.
IDC said over 833 petabytes of storage capacity shipped, up 63.4 percent compared to the same quarter in 2013. All in all, the first half of 2014 showed the market grew by 35.9 percent compared to the first half of 2013 and was worth $4.3 billion.
IDC believes that integrated systems are considered critical by business. Jed Scaramella, research director of enterprise servers at IDC said enterprise customers were “bullish” in adopting integrated systems and many more consider these when making IT procurement choices.
The top vendors in integrated platforms, were Oracle, IBM, HP, Hitachi and the usual “others”. But an examination of the revenue growth delivered by these companies showed that HP managed to grow revenues by 92.1 percent compared to the same quarter in 2013, while IBM was in stasis and Oracle grew by 18.3 percent.
In the field of worldwide integrated infrastructure, the top three spots were occupied by VCE, Cicsco/Netapp and EMC.
Ellison will still be the executive chairman of Oracle’s board, as well as the company’s chief technology officer.
Catz has been at Oracle for 15 years, serving as an executive in a variety of roles. She has been a president since 2004. From 2005 to 2008, she was CFO. While Ellison has chewed up and spat out many executives, that has been fairly cool for Catz, who has not only survived but thrived.
Soft porn star fancier Mark Hurd has been at Oracle since 2010 and was previously CEO of HP. He was ousted after fudging his expense accounts while trying to pick up a b-movie starlet named Jodie Fisher.
Adam Lashinsky at Fortune revealed that Hurd was thrown out because he did not want to disclose publicly that Fisher, and her attorney Gloria Allred, were accusing him of sexual harassment. The board wanted Hurd to disclose the charge, because they knew it would eventually get out.
As Hurd fought over disclosure, the board gradually lost faith in Hurd. Hurd was not exactly popular at HP – he fired people and killed the company’s R&D budget. This made him loved by Wall Street but unloved by HP.
It is not clear why Ellison wants out of Oracle which he founded in the late ’70s. The company’s software has become a key backbone for the internet and is widely used by the government and banking sectors.
Through aggressive sales methods, Ellison turned Oracle into one of the most valuable companies in the world. Its market cap is about $183 billion. It’s expected to do $40.2 billion in sales this year.
Ellison is the seventh richest man in the world, with a net worth of $46 billion.
But Ellison was, how do you say, a little aggressive. His motto for life comes from Genghis Khan: “It’s not sufficient I succeed. Everyone else must fail”. While Gates was spending his cash trying to save Africans from the mosquito, Ellison was buying his own Hawaiian island, and many homes, yachts, and cars. He was also investing huge wodges of cash to beat New Zealand in the America Cup.
All this makes his exit seem very strange indeed. In fact, we would not be surprised if he has to fend off rumours that he has some illness which prevents him from working. It would have to be a nasty illness that stops Larry doing anything Larry does not want to do. Of course his quitting could simply because he wants to build an iron man suit and save the world.
But Oracle Board’s Presiding Director, Michael Boskin said that Ellison had made it very clear that he wants to keep working full time and focus his energy on product engineering, technology development and strategy.
Dubbed Spine2, the new Ellison free backbone has gone live on x86 hardware. Spine is the NHS’s main secure patient database and messaging platform. It is a bit of serious technology logging the non-clinical information on 80 million Brits.
It also runs a messaging hub between 20,000 applications that include the Electronic Prescription Service and Summary Care Records.
The first version of Spine had run on Oracle under an out-sourced contract managed by telecoms giant BT, but the Health and Social Care Information Center (HSCIC) – the NHS organisation running the system thought that open source and NoSQL will be easier to live with.
Oracle’s relational database has been replaced with a NoSQL distributed system called Riak, from Basho.
Other open-source elements are Redis, Nginx, Tornado and RabitMQ while Splunk has been used for logging and reporting.
The Spine2 contract was awarded under the Cabinet Office’s G-Cloud framework, which encourages government types to buy from small providers like Basho.
It seems to have been much cheaper too some of that is not having to pay an Oracle license, or a maintenance fee, but some of it was also managed by consolidating the hardware.
Riak is up to two times cheaper than Oracle while the infrastructure will cost five per cent that of the old setup.
What is also odd is that HSCIC has saved money by bringing Spine2 back in house with on-going development. This is bad news for BT, but could be the start of a backlash against open sourcing.
Oracle’s $5.3m takeover of retail and hospitality technology firm Micros Systems still has to get shareholder approval.
However, the EC said the planned purchase of the Columbia, Maryland-based company, announced in late June, raises no competitive issues as far as the EU was concerned and can go ahead.
The commission thought that the combined market share of Micros and Oracle was limited and many strong competitors would remain after the acquisition.
Micros sells mobile and cloud services, consulting, hardware, and point-of-sale software for restaurants, hotels and retail. Its own board unanimously approved the transaction.
It had been suggested that Larry Ellison only wrote a cheque for Micros to divert attention away from a series of disappointing quarterly results from Oracle, a cloud strategy that is still forming, and concerns about application growth.
It was the biggest deal that Oracle had done for a long time. In fact, it was the largest since Oracle bought Sun Microsystems in 2010 for $7.4billion. In 2008, it paid $8.5bn to take over BEA Systems but its most expensive purchase remains PeopleSoft, bought for $10.3bn in 2005.
Oracle president and CFO Safra Catz said that the sale would make Oracle a lot of dosh straight away and help the company to expand over time.
Micros management and employees will form a dedicated business within Oracle.
Top security analyst David Litchfield has returned to hunting holes in Oracle software, after a comparatively less daunting task of finding Great White Sharks, and he apparently found Larry Ellison’s team has not improved during his time off.
Litchfield retired a few years ago from his job of creating major headaches for Oracle and went scuba diving and looking for sharks. Apparently, the sharks gig was dull in comparison to his job hunting holes in Oracle software so he returned to dry land.
Litchfield has been looking at Ellison’s new data redaction service called the Oracle 12c. The service is designed to allow administrators to mask sensitive data, such as credit card numbers or health information, during certain operations.
However Litchfield told the Black Hat USA conference that it is packed with trivially exploitable vulnerabilities
If Oracle had followed any sort of software development life cycle instead of just paying lip service to it, every one of these flaws would have been caught. It is kindergarten stuff, he said.
Litchfield found several methods for bypassing the data redaction service and tricking the system into returning data that should be masked.
Litchfield said that it was so simple to hack the service he did not feel right calling them exploits.
He said Oracle was still not learning he lessons that people were leaning in 2003. He said that in the space of a few minutes he could find a bunch of things that I can send to Oracle as exploitable.
The data redaction bypasses that Litchfield found have been patched, but he said he recently sent Oracle a critical flaw that enables a user gain control of the database. That flaw is not patched yet but is coming.