Re: Open Source Oracle?

From: Howard J. Rogers <hjr_at_dizwell.com>
Date: Wed, 15 Sep 2004 08:21:59 +1000
Message-ID: <41476f06$0$20580$afc38c87@news.optusnet.com.au>

Joel Garry wrote:

> Pete Finnigan <plsql_at_petefinnigan.com> wrote in message
> news:<nsFlhJBFkrRBRxpB_at_peterfinnigan.demon.co.uk>...

>> Nice thought Howard,
>> 
>> It would be very useful for security research as some parts of Oracle I
>> am sure must be very similar or the same as now and certainly from the
>> same source tree.
>> 
>> We would get the TNS protocol, the password algorithm, the C source of
>> all of the built in SQL and PL/SQL functions, the C source of wrapping
>> mechanism, a look at the SQL and PL/SQL VM's, compilers, and op codes,
>> machine code ect.... Just think how many buffer overflows would be found
>> in security alert #69 if we had access now to the source.

>
> Yes, the Open Source ideal is to find this stuff and _fix it._
> Someone would have to play the Torvalds "Benificent Dictator" role,
> and I can't see tkyte having enough time to do that :)

Just bear in mind... a forked Oracle is one thing. A freebie unfixed Oracle is something else. I'll take both if I can get it. I'll settle for the free-with-bugs version if that's all that's on offer.

>> what about all the tuning guys who can finally see "exactly" how some
>> features were implemented, extrapolating forwards to 8i, 9i and 10g
>> would be easier.
>> 

>
> That doesn't go far enough. Doesn't anyone remember what a PITA it
> was to grind through O7's idiosyncracies? Just look at, even now, how
> many posts here are like "stop thinking that way, this is Oracle, read
> the first three chapters of that book, and get a real DBA."
>
> I don't think there is any canonical listing of all the bugs
> (certainly the published list is far from complete) and misfeatures
> (EPS_ENABLED [wuzzatwhatitwas?], anyone?), nor is there likely to be.
> It's probably too much to ask to have metalink not toss O7 notes.

Why? They have 8 Exabytes to store that stuff in...

>> A lot of the security features are proprietary and not published so i
>> cannot see Oracle ever giving away the source even old source.

>
> I bet a lot of code might be just plain embarrassing, too :-)

>> 
>> Now a licence free for any purpose version of 7 or 8 for Linux would be
>> nice though.

>
> Maybe, maybe not. I've seen enough "deferred maintenance" databases
> that the thought that such a thing could be legally countenanced is
> frightening. It is a _good thing_ that old versions are decremented.
> We can finally convince people to use LMT's, for goodness sake.
> There's a lot of baggage in O7. "What does 'unable to extend' mean?"

Deferred maintenance? We're talking (well, I am anyway!) about people who don't *want* maintenance. Or can't afford it. Who wouldn't be planning on any sort of maintenace, because it's on their home PC and they're just experimenting. Or people who are, gulp, about to trust their data to MySQL or PostgreSQL... I might agree with you about version 7 (I had to start the ball rolling somewhere...) but given a toss-up between those two and, say, version 8.0, I'd go version 8.0 anytime.

But I mean, where do you draw the line? Of course LMTs are wonderful. But to toss the functional and OK in pursuit of the wonderful??

There was a time, not so very long ago, when we were all pleased as punch to be using version 8.0 and thinking it the best thing since sliced bread. It doesn't stop being nutritious and slightly doughy just because the croissant and baguette brigade (aka 10g users) have moved into the neighbourhood.

> Just wake up before the nightmare part starts.

You know how to hurt a guy....

:-)
Regards
HJR Received on Tue Sep 14 2004 - 17:21:59 CDT