Pretty on par for what I expect from Oracle. I'm surprised there's no corporate contracts involved yet.
replies(1):
Whether we like it or not security incidents have become such common place in the last several years that if they just admitted to it this entire story would have likely been shrugged off and mostly forgotten about in a couple days but instead it is turning into an entire thing that just seems to be getting deeper and deeper. (Not downplaying the security incident, but that is the unfortunate reality).
Seriously if I can't trust that I am going to actually be told and not lied too when there is a security incident at the bare minimum, why would I chose to work with a company? What is Oracle's end goal here?
Are they somehow really confident that this didn't happen, maybe they don't have the logs to confirm it? Trying to think about how this is anything except them just straight up lying.
I can't remember the last time we saw a company this strongly try to deny that something like this happened. Especially when according to Ars Technica:
> On Friday, when I asked Oracle for comment, a spokesperson asked if they could provide a statement that couldn’t be attributed to Oracle in any way. After I declined, the spokesperson said Oracle would have no comment.
Matches Larry's other political and societal scandals.
OTOH, Oracle as part of BSA can demand an audit so they will inflict / make up reason to also punish (i.e. licensing or pull support). The business could invoke an MSA punishment clause and win temporarily but it will cause a headache going forward (further demands from Oracle, higher costs etc.)
Either way, Oracle gets what they want.
That being said if they put something in some communication that said "we take security seriously" or something that would probably be grounds to sue as this obviously shows they aren't serious or something. The barriers to shareholder lawsuits for securities fraud are pretty low.
I think you're coming at this from the wrong point of view. Oracle couldn't care in the slightest about what regular people think of them. Remember, they are the company that sent lawyers after the employers of folks who downloaded non-free but bundled by default extensions to VirtualBox, and the company that declared that you need to license every core their software could _potentially_ run on in your virtualisation estate (so if you have a 8 vCPU VM for some Oracle software, you need licenses for however many physical cores you have on your cluster). They've variously been described as a law firm with an engineering side business, and One Rich Asshole Called Larry Ellisson. Speaking of whom, he multiple times flat out lied on stage to make his shitty "cloud" nobody cares about seem relevant compared to AWS.
Nobody buys Oracle because they like them or their good reputation. You buy them because you have legacy stuff that depends on them and you have no choice (even Amazon took many years to get off Oracle databases, and they wrote a gloating success story one they were done with it because they were that happy to be rid of the leeches), or because your bosses' boss was convinced at a golf course they're getting a good deal. Or because their bandwidth is very cheap and you accept the risk of dealing with the devil incarnate with zero morals. (cf. Zoom).
Oracle is like Broadcom. Everyone hates their guts, everyone who worked there has a black mark on their CV. Yet they persist, continue leeching off companies too scared to make the jump elsewhere.
To be fair, they're trending down at the moment, so maybe there was something there. But truly only time will tell.
https://www.sec.gov/Archives/edgar/data/1428669/000119312508...
The punchline is, in 2022 Oracle purchased Cerner, renamed it Oracle Health, and started accelerating the process of enshittifying it. I have to tip my hat to them, it's like their BizDev team found a market segment that had as much lock-in as SQL databases do, and are now trying to replicate all the evil tricks they learned from that in another market segment. Because what are hospitals but giant bags of money to be drained so Larry Ellison can buy another yacht?
"Welcome to the (most recent) era of deregulation. Get ready for all Fortune 500s to deny, deny, deny, and bribe."
Now will the SEC enforce against oracle? In this environment I highly doubt anyone at the SEC would have the appetite but I could be wrong.
So will any investors with standing choose to bring a civil action? Could well do it. There are for sure investors (eg Elliot) who in general would fight anyone at all if they thought they had a case. I don't know if there's anyone like that who had a position in Oracle specifically, but it wouldn't suprise me.
"An Item 1.05 Form 8-K will generally be due four business days after a registrant determines that a cybersecurity incident is material. The disclosure may be delayed if the United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing." (from https://www.sec.gov/newsroom/press-releases/2023-139)
That's a good principle though. It doesn't make the initial choice good today or even back then. But change is always a risk that may not be worth it, cause you have to make sure that the inevitable semi-chaos coming with it is at all times lower than what you have. And analyzing that may be hard.
Maybe this will help them move away from this obsolete Larry Ellison crapshot
This creates positive incentives, so yes.
Iow, everything probably goes as it should, really.
He's a big Zed Shaw fan.
> "As you know people, as you learn about things, you realize that these generalizations we have are, virtually to a generalization, false. Well, except for this one, as it turns out. What you think of Oracle, is even truer than you think it is. There has been no entity in human history with less complexity or nuance to it than Oracle. And I gotta say, as someone who has seen that complexity for my entire life, it's very hard to get used to that idea. It's like, 'surely this is more complicated!' but it's like: Wow, this is really simple! This company is very straightforward, in its defense. This company is about one man, his alter-ego, and what he wants to inflict upon humanity -- that's it! ...Ship mediocrity, inflict misery, lie our asses off, screw our customers, and make a whole shitload of money. Yeah... you talk to Oracle, it's like, 'no, we don't fucking make dreams happen -- we make money!' ...You need to think of Larry Ellison the way you think of a lawnmower. You don't anthropomorphize your lawnmower, the lawnmower just mows the lawn, you stick your hand in there and it'll chop it off, the end. You don't think 'oh, the lawnmower hates me' -- lawnmower doesn't give a shit about you, lawnmower can't hate you. Don't anthropomorphize the lawnmower. Don't fall into that trap about Oracle." - Bryan Cantril
Amazon got it done ahead of schedule and there’s a video of them popping champagne to celebrate when they shut the last server down.
I’m not a big Amazon fan, but the enemy of my enemy is my friend.
I asked for an incident report and received this terse response:
> There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.
I'm not sure who those ads are supposed to appeal to besides the podcasts hosts raking in the ad dollars.
Executives need to go to jail. People need to be fired.
This won’t happen though, definitely not under this current administration.
It's kind of like working for a tobacco company or arms manufacturer in payroll or something: you're not directly responsible for killing millions of people, but by choosing to work there you're still kind of condoning it.
I understand if you have absolutely no money, but even then repeatedly trying to provision a server and getting a error- something like no capacity available - isn't a fun time.
Whatever, I'll pay 7$ a month to not deal with that.
What about Google, Facebook & Microsoft. They do some things that are disliked by many. Should we consider that the engineers who work there are indirectly condoning the no-privacy, ad-infested dystopia that HN hates, and should they be penalized. I bet many of these companies and a lot of others use Oracle products and there by support them directly with money. If you know that your favorite website/product is built on top of Oracle database/products, will you stop using it?
If Oracle (or any other unpopular company) employees are really shunned, then that's only because rejecting them is a no-risk, no-cost, easy thing to do.
Exactly as you say. It's less about enforcing ethical behaviour than getting safe revenge on what is perceived as an easy target. For example considering the rise of LLMs, people affiliated with google search are probably about to feel the full force of 10+ years of increasing frustration with declining quality, rather than being legendary high value hires. Unhirables that are completely ostracized? Of course not. But a black mark? Yes, probably.
This is just your opinion. Most people I know who work there feel just fine if not very happy. Pay/benefits are good. Work is about same everywhere. In fact depending on group there maybe good, challenging technical work there.
As far as CV is concerned working there is mostly positive or at best neutral in term of job change.
> Nobody buys Oracle because they like them or their good reputation.
Oracle is quite expensive but they have reputation of solid database for enterprise workloads.
Also their cloud business is doing fine and growing and not irrelevant. One can see that from their quarterly results.
One thing I have learned in my two decades of SWE'ing is how vitally important active competition is. One of the major competitors voluntarily taking themselves out of the competition so it can be sucked dry of value always seems to be good news for the market share, dominance, and profitability of the #1 in the market, and bad news for everyone's customers.
Ask HN: Do you penalize hiring candidates from companies that do shady things? | 1 point by neilv 1 hour ago| 3 comments | https://news.ycombinator.com/item?id=43538530
It morbidly amuses me that this kind of argument can still be made given what's going on in Ukraine. Governments have militaries for a reason, and there's a reason Europe is now scrambling to re-arm itself.
Well, no. When a customer at my job makes a mistake, we don't send lawyers chasing after them because we're assholes. And when someone proposes something that will hurt those customers, people speak up and voice their disagreement.
I'll never understand the West's public aversion to military R&D and manufacturing. How do you people think WW2 was won? Nice words, trade deals and hookers? At some point diplomacy fails and you need to be able to do something about it.
He seems to have stopped blogging a few years back. I kinda miss his epic rants and Learning $whatever The Hard Way stuff. Part of me hopes them and whoever used to run n-gate moved to Portland and are now running a bespoke hand made piano business together or something.
Often this technology has been in place for some time and the original creators are long gone for one reason or another. To migrate away from this system the business will need to spend a significant amount on contractors/consultants to understand both the system they have well enough, and the system they are moving to. It can be a huge expense and companies are very willing to push that off into the future.
Yes. Oracle is absolutely the tech vendor that's going to be dropped on the engineering team with zero input and no consideration for whether it fits the problems they have, after your CTO spends a a few days on the golf course and high end steak restaurants and, depending on how much money their enterprise sales team thinks they have, either high class escorts or sleazy strip joints. Given how common that story (or one very like it) is, I'm close to 100% certain those trips also include discreet photographers and hotel rooms wired with 4k video recording.
But we're talking about Oracle here so that's par for the course.
Oracle futzed it, and after a complete roll of the construction firms board of directors, they were in negotiations to buy their own program back for twice the price.
Neither, but perhaps worse: I am young.
Are there any compilations of apocryphal stories of the events you described? It sounds too fantastic to be real.
> When a customer at my job makes a mistake, we don't send lawyers chasing ...
Maybe you own the company or are in its executive ranks and can take decision on such scenarios. But in large companies most rank and file employees do not particularly feel good or bad about their employers.
To me this assumption that rank and file employees would find their employer evil but keep working there nonetheless is unrealistic.
Universally hated, but the legal aspects alone are hateworthy.
Luckily, AI is about to make that particular tactic ineffective:
When you can deepfake any video evidence, the original becomes useless.
> In 2000, Oracle attracted attention from the computer industry and the press after hiring private investigators to dig through the trash of organizations [...] When asked how he would feel if others were looking into Oracle's business activities, Ellison said: "We will ship our garbage to Redmond, and they can go through it. We believe in full disclosure."
They have probably decided it's cheaper to simply deny the event (therefore not triggering those clauses).
If it gets to court, Oracle will find some expert who says there was no incident, and the other side will present clear evidence there was an incident, but the non-technical judge will probably still not be sure.
After running every hour for several months I gave up (always out of capacity and it was impossible to change the region on free tier back then). They either had a bug that still showed my account as using the deleted resources or no capacity, both which seem out of place in a “cloud” infrastructure.
https://en.wikipedia.org/wiki/File:Larry_Ellison_-_American_...
It does come with internal redundancy, but do you need that? Also the cluster nature of it can come with some surprises as compared to a single database.
https://docs.oracle.com/en/cloud/saas/enterprise-performance...
And even assuming that's true for the sake of argument, what? Lockheed Martin, Raytheon, et al. are just supposed to shut down for good the moment one politician makes a morally questionable decision? Life is not that black and white.
To repeat: if you work for an arms manufacturer, you condone killing people. Hopefully it's because you think the weapons are killing enough Nazis/terrorists/bad guys to outweigh the occasional innocent civilian, but their blood is still on your hands.
I was ready to jump ship if they changed the terms, but I was not expecting a security incident.
Not to every company per se but it’s been commonplace well probably for as long as business itself has been.
Just an example - nothing that happened in wolf of wall street was original to them - just the getting famous for being caught part. And that was only a few decades ago.
The defense and finance industries are famous for that sort of thing. I’m sure it’s pervasive elsewhere too.
There’s nothing special about software or tech or clouds that makes schmoozing impossible.
.png){kind=link}