Thread regarding Oracle Corp. layoffs

Meltdown & Spectre prove that Oracle is no longer even trying in the systems space

Only two major CPU architectures have not received some sort of official response from their vendors regarding Meltdown & Spectre: SPARC and Itanium. Notice any pattern here?

Look at how seriously a REAL systems company takes this:

https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/

Meanwhile, all our poor customers hear from us is deafening silence. I've heard some people suggest that SPARC is not susceptible. I doubt that, but even if that were true, then why would we not be telling everyone who will listen that our chips are safe? The truth is probably that we don't even know yet. I bet ES wishes he kept a few more of the microelectronics team around right about now. Our customers are boned.

by | Post ID: @R7CM21j
2746 views | 31 replies (last )
Comment! It's anonymous! Reply to this post anonymously by submitting the form near the bottom of the page!

31 replies (most recent on top)

@R7CM21j-jhsh

As Oracle customer I have been felt as a guinea pig:

  • My Oracle SPARC T5-2 servers had more problems that any other Sun Server in previous experience of 25 years.

  • The Oracle Database releases remember me to the first Windows 95 releases: full of bugs: I never install a version in the fist year because I know they are broken. Also I never use new features because they are broken.

  • I am fed up of Oracle RAC bugs (it has worst availability that a single server).

  • I am fed up, than Oracle doesn't fixes bugs because I am small customer.-> The bug will be fixed in the next major version :(

  • I am fed to change the parts of my server, when they were changed in the Sun era.

  • Botom line: I am fed up of being a guinea pig for Oracle, although they call it Premium Support.

If you ask why use Oracle:? I use it because the manager that makes the decisions is quite stupid.

by | Post ID: @R7CM21j-mteb

Meltdown only affects Intel x86 and a small number of ARM CPUs. SPARC isn’t special -it’s just like AMD, Itanium, POWER, MIPS, RISC V, most ARM, and every other CPU architecture out there. Even SSM doesn’t help because nothing really uses it.

by | Post ID: @R7CM21j-lipj

@R7CM21j-kiji

Who is WK? Some imaginary guy you dreamed up.

Stop spreading BS and if you are from oracle go back and work as any day could be your last!

Mods pls ban this guy.

by | Post ID: @R7CM21j-lcpl

"Hey -jhsh,

Is that you WK? I know you read this site and it sounds like your complete and utter BS you pedal."

@R7CM21j-kiji Wrong m8. You are delusional. Go back to your hole

by | Post ID: @R7CM21j-lfiw

Hey -jhsh,

Is that you WK? I know you read this site and it sounds like your complete and utter BS you pedal.

by | Post ID: @R7CM21j-kiji

I heard that for Meltdown on x86 Solaris, we're going to wait and see what Joyent does for illumos and just shoehorn that into our codebase. We just don't have the engineer time to do it ourselves. Gota love open source!!!

by | Post ID: @R7CM21j-jajg

"There are over a thousand engineers working on SPARC/Solaris today."

There's only about 20 engineers left in sustaining. The rest are gone by the cold call.

by | Post ID: @R7CM21j-jvza

@R7CM21j-jhsh

Should also add that oracle also likes to find innovative ways in shafting customers and employees too hence the anti oracle sentiment.

by | Post ID: @R7CM21j-jscq

@R7CM21j-jhsh Are u for real? Let me break this down

"Oracle is always at the top of the list of being bashed cause everyone just loves Larry so much otherwise why even bother spending so much time bashing?"

Wrong. Because Oracle is always pissing off the customers moving APAC and EMEA support and training to low cost countries where it is damn hard to get issues fixed or get some decent communication. As well, they encourage employees to work with integrity while the board finds ways of stabbing them in the back with secret restructures and sweeping HR violations under the carpet. If you want proof go to some cloud and big data meetups on meetup.com - no one talks about orcl.

"Well, if you are an Oracle customer, paying for Oracle support, you’ve all be notified already on what fixes/patches/updates are available for all of Oracle's HW systems including SPARC/Solaris."

Yes we got it but was told we had to patch when we are running paas when oracle should do it. Also there was no notification of the silly weblogic miner issue that affected hundreds of systems so oracle dropped the ball big time

" Some are already available and of course, some, like for Solaris and SPARC are not yet available. Why? Maybe because Oracle likely doesn't want to release fixes prematurely without proper testing so customers do not become the guinea pigs? After all, these vulnerabilities have been around for a while now so probably wise to do critical testing considering most of Oracles customers are running mission critical workloads and clearly cant afford the lame fixes/patches that have been released in the wild by most of the other vendors."

That's because there's no engineers motivated enough to test after all the headcount reductions.

" And no, SPARC and Solaris is far from dead! There are over a thousand engineers working on SPARC/Solaris today. And whats incredible, is that its one of the only architectures out there that’s not impacted by Meltdown which is the worst of the 3 vulnerabilities! And guess what, Venom, Heartbleed and many other hacks involving memory buffer overflow are also not possible on SPARC due to its Silicon Secured Memory. And when Solaris 11.4 gets released later this year, will be the worlds leading OS to protect/secure systems, years ahead of what Linux or other Unixes will be able to achieve."

Pretty much doubt that now there are hardly any sparc engineers left

So many lies in your post @R7CM21j-jhsh. Go back to where you came from!!!

by | Post ID: @R7CM21j-jqxh

I just love reading all the b---s--- on this "anonymous" site. Real easy for competitors to make any sort of comments and claims, bashing competitors, and of course mine could be too. Oracle is always at the top of the list of being bashed cause everyone just loves Larry so much otherwise why even bother spending so much time bashing?

So Its clear that Meltdown and Spectre has taken the world by storm and these are hacks/bugs/design flaws that most vendors knew about over 6 months ago but haven't really made any noise about it until the press, mostly thanks to the Register, decided it was time to air out the dirty laundry and drive up click-revenue during the usually very slow January/February timeframe. Which has forced everyone to react and figure out how to fix this immediately!

Folks, these vulnerabilities have been around for last 6+ years and now all of a sudden, you want a fix tomorrow? Clearly Intel, Linus, Microsoft have all wanted to get "in front" of this, getting free marketing that they're reacted quickly and are seen as the "saviors". But look what it has gotten them? Patches and fixes that have bricked systems, slowed systems down to almost being useless, and have caused myriads of problems/issues because they spent little time testing/verifying/validating across the millions of possible variables involved with these patches. And who are the guinea pigs? We are! Customers are!

So now, its been almost a month since the news was leaked, and everyone is bashing Oracle for not releasing any public statement, no news on how its hardware is impacted, and surprisingly, everyone wondering about SPARC? Gee, if this was a dead architecture, why are so many questioning/commenting that its dead, yet everyone wants to know, is it vulnerable?

Well, if you are an Oracle customer, paying for Oracle support, you’ve all be notified already on what fixes/patches/updates are available for all of Oracle's HW systems including SPARC/Solaris. Some are already available and of course, some, like for Solaris and SPARC are not yet available. Why? Maybe because Oracle likely doesn't want to release fixes prematurely without proper testing so customers do not become the guinea pigs? After all, these vulnerabilities have been around for a while now so probably wise to do critical testing considering most of Oracles customers are running mission critical workloads and clearly cant afford the lame fixes/patches that have been released in the wild by most of the other vendors. And no, SPARC and Solaris is far from dead! There are over a thousand engineers working on SPARC/Solaris today. And whats incredible, is that its one of the only architectures out there that’s not impacted by Meltdown which is the worst of the 3 vulnerabilities! And guess what, Venom, Heartbleed and many other hacks involving memory buffer overflow are also not possible on SPARC due to its Silicon Secured Memory. And when Solaris 11.4 gets released later this year, will be the worlds leading OS to protect/secure systems, years ahead of what Linux or other Unixes will be able to achieve.

by | Post ID: @R7CM21j-jhsh

@R7CM21j-5vci : exactly

The security engineering was basically all in the Solaris team, which is mostly gone now.

Oracle has just implemented the generic linux patches for Meltdown/Spectre to the OUK, no engineering needed here.

We don't have no more any resource to analyse the issues with SPARC, and we are just waiting for Fujitsu to come up with something (both on SPARC fw and Solaris patch... Fujitsu has access to Solaris code), and meanwhile all SPARC customers are possibly exposed to the Spectre exploits (Meltdown is ineffective on SPARC)

This is why the so-called "public statement" (which is actually not public) is just referring to the availability of Intel-only patches

by | Post ID: @R7CM21j-5bci

"It would be interesting to know whether Google and Intel gave them advanced warning of the issues."

Actually they didn't, since Oracle is only recognized as a marginal tier3 HW vendor. Google alerted only Intel, AMD and ARM back in june17 https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Then Intel alerted some tier1 HW vendors, and ARM alerted Samsung.

by | Post ID: @R7CM21j-5oaz

They're probably waiting for the Linux code from Red Hat to fix the Linux systems.

Joyent has started fixing the issues so Oracle will probably wait for their changes and take the IP - until they learn the world diverged.

Perhaps they will ask Fujitsu for help with the SPARC stuff.

I was in a group that would have heard about the issue last summer but we weren't told. I'm guessing Oracle found out about it when details of it started to leak in December.

Who will be first to set up cryptomining operations on OPC and make the usage look low so the daily & weekly usage reports look normal? I read a story that an Oracle app server vulnerability was used precisely to do that last year and the perps made a tidy sum of money.

by | Post ID: @R7CM21j-5vci

We certainly knew about this before the the public did. Some non-OS software groups were let in on it back in December. As both an OS and CPU vendor, I'm sure Oracle would have been contacted last Summer like all the other vendors. There is no way they would have left us out.

We knew, sadly security just isn't our thing... God help our cloud users...

by | Post ID: @R7CM21j-5huc

Oracle is as incapable of dealing with this issues as it is in dealing with any number of other issues. Dead company staggering into its grave as customers run away and revered dry up. But hey LE and mH are having wild parties with all these Class of kids - isn’t that all that matters? Well, apparently it is !

by | Post ID: @R7CM21j-5jlu

Makes me wonder if Oracle received the same early disclosure of the vulnerability as Intel & Co. mid last year. Could imagine that a company (executives) that loves to make enemies everywhere might be “overlooked”.

by | Post ID: @R7CM21j-4kdi

Wow, this is really interesting. I know someone at HP who is working on these issues, apparently it's extremely complicated to deal with.

I suspect that Oracle just doesn't have the people to support doing anything about this, let alone looking into the details. I am not in the hardware area, but some severely stupid things were done in my area. Wrong people gone, code moved to India without any process.

The Oracle upper level management is completely clueless.... no doubt they just pulled up a big spreadsheet and without knowing anything about the people they were laying off, they just randomly chopped people out. Who knew those people might actually matter?

"Who knew healthcare could be so complicated?" DJT, supreme airhead in chief.

Same thing at Oracle.

by | Post ID: @R7CM21j-4kxq

There is an meltdownattack on Oracle executives ....

by | Post ID: @R7CM21j-4rmq

How embarrassing! They really don't care. Perhaps they've fired so many people they are incapable of responding properly.

If I were an Oracle systems customer, I would be extremely pissed right now. Pay big $$$ for support and find them asleep at the wheel when it matters.

It would be interesting to know whether Google and Intel gave them advanced warning of the issues.

by | Post ID: @R7CM21j-4dtd

The Register posted this 9 hours ago:

"Oracle has just told us it has no comment or statement about Meltdown/Spectre for now. Yet it sells x86 systems, runs an x86 cloud, has a Linux ... What do you think peeps?"

Oracle looks to be the only large or medium sized vendor without a response on: https://meltdownattack.com

by | Post ID: @R7CM21j-4qqi

ZFSSA is Solaris x86 based (hence does not have separate kernel / user address spaces) and does allow users to log in and drop to a shell. It would be possible to use one of the demonstrated exploits to intercept the root password.

ZFSSA is not intended to run customer code, other than workflow scripts, but there is nothing stopping anyone from running their own apps on it.

by | Post ID: @R7CM21j-4bue

ZFSSA does not run customer-supplied code so it does not need these patches.

by | Post ID: @R7CM21j-4ekz

They don't just need patches for Solaris, they also need them for the derivative products such as ZFSSA.

The longer it takes to patch their sh-- again, the longer everyone gets to mine coins at their expense.

https://arstechnica.com/information-technology/2018/01/hackers-turn-weblogic-peoplesoft-servers-into-cryptocoin-miners/

by | Post ID: @R7CM21j-3iri

Itanium is safe by design regarding meltdown:

no out-of-order

no x86 (even with KAISER some x86 address spaces are mapped to the user space; as Itanium has no x86 (which was his dead), it is safe)

Itanium and Spectre...?

by | Post ID: @R7CM21j-2uwl

Ah, the good old "silent EOL" where Oracle stops supporting their products years or even decades before the published EOL date arrives. Sure, you can open a service request, but there are no more product engineers left of do any real investigation or fix anything. But you can chat with some random support dude in India who has probably never even seen a SPARC machine in his life.

by | Post ID: @R7CM21j-2iir

There is no way Oracle can or want to blow the trumpet for SPARC. Hardware business is a closed off chapter/book for Oracle.

A cynical view is that Oracle can see the situation to even accelarate the closure of it. Oracle probably hope that customers give up on the hardware early so that Oracle is not faced with legal period of support for existing hardware customers...

by | Post ID: @R7CM21j-2qke

Even hardware that doesn't F---ING exist yet is beating Oracle to the punch with a public statement.

https://www.techpowerup.com/240310/risc-v-foundation-issues-statement-on-spectre-meltdown-exploits

by | Post ID: @R7CM21j-2yic

SPARC is safe against Meltdown simply because Solaris implemented KPTI long ago.

As far as I know, KPTI has not been ported to Solaris x86, so this OS is not safe. And most probably given the Solaris x86 resources available, it will never be ported.

SPARC, like ALL other cpus using BP / SE is not safe against Spectre, and a patch is needed. I strongly doubt anyone is working on this for SPARC, given the very few Solaris kernel engineers remaining in Oracle.

We will shortly (today or tomorrow) make the patches for OL for Meltdown and Spectre 1 available. Spectre 2 is not currently patchable, and this is true for everyone. But the way Spectre2 works, it will affect heavily only cloud services, on-prem should be reasonably safe.

by | Post ID: @R7CM21j-1lzf

Itanium is not an out of order speculating processor. It's freaky and really does seem to be safe at the hardware level. Pity they canned the whole concept now they need it

The other people who still haven't heard are MIPS customers. The embedded stuff is probably fine but nobody seems too sure about R10K

by | Post ID: @R7CM21j-1wvp

This is typical Oracle.

The claims that SPARC isn't affected by SPECTRE come from Oracle marketing and PR types. There has been no official statement from Oracle regarding SPECTRE.

The consensus among technical people is that SPARC is indeed vulnerable to SPECTRE.

The SPECTRE vulnerability is not specific to a particular CPU or architecture. It is found in any modern processor that has speculative execution and branch prediction. SPARC is one of these processors.

The burden of proof is on Oracle.

by | Post ID: @R7CM21j-1mrm

Believe me, the deafening silence is deafening!

Oracle should really put out a statement about this, even if it's to say they are still 'evaluating'. Keeping silent about this is giving us the impression that they simply no longer have sufficient Solaris based resources to handle this.

On the other hand, if the speculation that SPARC is not affected, then Oracle should be out there blowing a trumpet!

by | Post ID: @R7CM21j-1omi

Post a reply

: