Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Goodbye, Cruel Sun (

Get Behind the Mule writes: I blogged some of my thoughts about Oracle's acquisition of my former employer, Sun Microsystems, particularly about the extravagant compensation and golden parachutes that went to executives who, on objective terms, failed at their jobs.

... I think it's fair to say that, for all the miscues that eventually led to its demise, the company created many products and technologies of value along the way, enough so that Oracle thought it was worth it to acquire them and try to keep them going.

However, I think that it's equally fair to conclude that, after years of running losses, including about $2 billion in fiscal 2009, so that a buyout was necessary to avoid looming bankruptcy, Sun's executives did nothing to deserve lavish rewards, by any conceivable meaning of the word "deserve". But what actually happened is by now a familiar story.

Comment Oracle may be making concessions (Score 2, Informative) 278

Oracle has announced a statement today making commitments concerning MySQL that may (or may not) address some of these concerns -- of both Widenius and the EU.

These include:

* Continued Availability of Storage Engine APIs
* Commitment to enhance MySQL in the future under the GPL
* Support not mandatory
* Increase spending on MySQL research and development
* Continuing to maintain the MySQL Reference Manual
* Preserve Customer Choice for Support

And some other things about preserving the conditions of licenses currently held by storage vendors.

Healthy skepticism is of course always a good idea. On first reading, I can't tell how binding these commitments are (the statement says "Oracle hereby publicly commits to the following", and that's about it), and it doesn't exactly make Widenius' commitment to the timeliness of new releases and patches, except for the commitment to increase spending, which Oracle presumably would like to have result in new revenue.

But Oracle is evidently trying to address the EU's concerns in an effort to get the deal approved, and the EU might get them to make these commitments binding. The EU's initial reaction appears to be positive:

The European Commission said Oracle’s proposal addresses concerns about the acquisition of Sun’s MySQL database product, signaling the EU will approve the acquisition next month. European Competition Commissioner Neelie Kroes said in a statement that she’s “optimistic that the case will have a satisfactory outcome.”

“Neelie Kroes has switched on the green traffic light,” Charles van Sasse van Ysselt, a competition lawyer at NautaDutilh in Brussels, said in a telephone interview today. “She is optimistic and this is a step in the right direction.”

Comment Configurable sleep() (Score 2, Interesting) 683

So we had a race condition on database transactions using two-phase commit, your usual mind-fucking WTF situation, drove us up the walls for days, you all know what I mean. We knew it was a race condition because if we put a sleep() statement at the end of one of the transactions, everything ran fine. sleep(10) was always long enough, and since all of this ran asynchronously in the back end, an end user would never notice the difference.

So we went to the customer. We told them that we could continue to bust our brains trying to find a "real" fix, and didn't know how long that would take, or we could just leave the sleep() in. And we could even make the length of the sleep interval configurable, so they could try to make it shorter than 10 seconds, if they really felt like fiddling around with it.

The customer went for the configurable sleep().

Comment Praise Allah to squish the bugs (Score 1) 233

Years ago we had one of those bugs that was driving us around the bend, you all know how those are, so once when we were trying a fix, I started chanting "Praise Allah", for no other reason except for sheer desperation. And I kid you not, the fix worked on that very run.

Ever since then, we always remembered to praise Allah whenever we were struggling with a sticky problem. I live in Germany, so what we were actually saying was "lobet Allah", but over time we found that "Allahu Akhbar" works much better, especially when accompanied by gestures of supplication.

Occasionally we found that a difficult problem persisted for a while, until we realized that we had forgotten to praise Allah. After that, the issue was quickly resolved.

Don't try to give me some kind of egg-headed explanation for all this, this was just simply supernatural forces at work, that's all there is to it.

Comment Re: Phishing appears to be good enough (Score 1) 303

According to the report, at least some of the phishing was carefully devised with obvious effort made to trick (socially engineer) its specific target into opening an infected Word document.

An example given was an email sent to the office of the Dalai Lama, which was crafted to appear legitimate and relevant, and included an infected attachment whose trojan was detected by only 11 out of 30-odd commercial virus checkers.

Touché. So in addition to the narrowly-targeted phishing, they took advantage of a slight lead in the "arms race" between virus checkers and attackers. And that was enough to get a helluva job done.

Is there any realistic way to prevent something like this in the future? I'm afraid I don't see anything obvious.

Comment Phishing appears to be good enough (Score 1) 303

As near as I can tell from the Markoff article, the infiltration was made possible by run-of-the-mill phishing attacks. (Markoff says it's called "whaling" when it's directed at specific high-level targets. I've never heard of that, and don't really see any substantive difference.)

If so, then technically speaking there's probably nothing really new here. What seems interesting to me is:

- Obviously, the vast scale, the sensitivity of the targets, and the potential political impact.

- The operation has not been publicly revealed by government agencies (FBI sez "no comment"), but rather by Nart Villeneuve et al. at the University of Toronto.

- Phishing is evidently effective enough to make widespread infiltration like this possible. Sure, there are more sophisticated things that attackers could do, and of course most users should know better than to blindly click links in their email. But here we are, phished to death all over the world. Why should an attacker go to any more trouble?

I wonder how much security improvement would be gained if Thunderbird & Outlook disabled the automatic opening of a browser when you click on a link in email, and made us go back to the old days of copying & pasting links. Would users be more careful if they could more easily see what they're doing?

Slashdot Top Deals

In the realm of scientific observation, luck is granted only to those who are prepared. - Louis Pasteur