Ikalduse väljasttellimine

Enne avanes tahiti.oracle.com’i peal selline pilt. Näib, et Oracle on majanduslanguse viljastavates tingimustes ka ikalduste korraldamise outsoorssinud…


Ikalduse väljasttellimine

Kuidas olla poliitikute vastu väga hea

Veel üks tsitaat, sedapuhku Matthew Symondsi raamatust “Softwar. An intimate portrait of Larry Ellison and Oracle“.

Disklaimer: järgnev jutt ei ole kohe üldse maadevahetamiste ja kinkekaartidega seotud. Kuid väikseid järeldusi kohaliku poliitilise kultuuri kohta võib teha küll…

Al Gore, with his carefully cultivated contacts in the tech business and high-profile support for the Internet, might have seemed a natural home for some of Ellison’s money. But Ellison despised Gore. After buying the parallel processing computer firm nCUBE, Ellison went to see then Senator Gore to complain about the preferential treatment that a rival, Thinking Machines, seemed to be getting. Not only was Thinking Machines winning government contracts at nCUBE’s expense, but it was also being directly supported with tax dollars that Gore had been instrumental in steering its way. Ellison says that when he complained to Gore about this double whammy, the future vice president smiled and said to him, “What you’ve got to understand, Larry, is that Thinking Machines has been very good to me.” Ellison exploded. “What do you mean, they’ve been good to you? Just how good have they been, Senator? What units of goodness are we talking about here?” Ellison says simply, “I guess he just wanted me to offer him a campaign contribution similar to the one he was getting from Thinking Machines, but back then I didn’t know how the game was played, so I just kind of lost it. Now I know how the game is played, but I don’t want to play it.”

Ääremärkuse korras, Obama presidendikampaania lõpusirgel oli tema vastu väga hea näiteks Oracle president Charles Phillips

Kuidas olla poliitikute vastu väga hea

Päeva tsitaat: Mary Ann Davidson web 2.0’ist, turvalisusest ja defconnist

Mary Ann, Oracle CSO kirjutab niimoodi:

I was reminded in a frightening way recently that people worship new technology without in many cases either analyzing what problem it solves or whether the benefits are worth the risks. Specifically, I recently heard a highly placed official in the Department of Defense opine about the fact that DoD wants to embrace Web 2.0 because (to paraphrase), “We need to attract and keep all these young people and they won’t work here if we don’t let them use Facebook in the workplace.” What are people going to use Facebook for in the Defense Department, one wants to know? <”Hi, my name is Achmed and I am an Al Qaeda operative. I like long walks on the beach and IEDs. Will you be my friend?” I don’t think so.>

The official went on to say that industry really needed to secure all these Web 2.0 technologies. At that point, I could not contain myself. I asked the gentleman if the Department of Defense was planning on taking container ships and retrofitting them to be aircraft carriers, or buying Lear jets and making them into F-22 Raptors? No, he said. Then why, I offered, does DoD think that the IT industry can take technologies that were never designed with security in mind and “secure them?” Why is IT somehow different that we can, ex post facto, make things secure that were never designed for the threat environment in which they are now deployed?


Your “tools” need to be designed for the environment in which they are going to operate. If they aren’t, you are going to have trouble my friend, right here in River City (with apologies to Meredith Willson). To put it even more succinctly (more apologies to Meredith Willson): “You gotta know the territory.” Meredith Willson was not writing about security when he wrote The Music Man, but “you gotta know the territory” is as succinct a description of a security weenie’s responsibilities as ever there was.

Mind you, I understand that the idea of collaboration is a powerful one and, if it is appropriately secure, can be a powerful construct. We read, for example, that the intelligence community has created an internal Web 2.0 construct called Intellipedia (along the same lines as Wikipedia). It makes sense that, instead of having one expert on, say, Syrian antiaircraft defense, that that person’s knowledge can be written down and accessed by others. In a way, that kind of collaboration facilitates “legacy” because someone who knows something valuable can share it with others far more easily than through one-on-one oral transmission. But there is a big difference between “let’s embrace collaborative constructs” and “let’s allow insecure and unsecurable Web 2.0 technologies into a classified environment.”

The key to the new is remembering the universal truths of old – legacies. This is particular true in security in that, while the attack vectors may change as the technology does, there are principles of security that do not change (“trust, but verify” works just as well for IT security as for arms control).

Suurepärane artikkel, soovitan soojalt lugeda.

Päeva tsitaat: Mary Ann Davidson web 2.0’ist, turvalisusest ja defconnist

Gregor Samsa bites again

Probably you have heard about a guy called Gregor Samsa, who turned into a cockroach in Franz Kafka’s Metamorphosis. Seems that Gregor is pretty well these days and kicking around in the Java-related software. On first moment I thought  BEA Oracle JRockit developers have found their own inner Gregor Samsa:

[INFO ][memory ] Allocation of 314136 bytes failed for heap ""
[INFO ][memory ] TLA bailout requested (heap=0x9bf1f1f0)!
[INFO ][memory ] TLA unwind thread links.
[INFO ][memory ] Throwing OutOfMemory: CG(q0) [GregorSamsa.()V] JVM@cgFail (src/jvm/code/codemanager.c:693). Java heapsize=2147483648, paged memory=20
07:10:23|xxxmanagedserver+|ERROR|exceptions.WebErrorHandler|Fatal error occured.|
java.lang.NoClassDefFoundError: GregorSamsa
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
        at java.lang.Class.newInstance0(Class.java:350)
        at java.lang.Class.newInstance(Class.java:303)
        at com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl.getTransletInstance(TemplatesImpl.java:338)
        at com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl.newTransformer(TemplatesImpl.java:367)

But no, this is the same old Apache Xalan joke.

Gregor Samsa bites again