From Oracle's Chief Security Officer: one of the finest marketing posts for free software I've seen in 2015

Paul Boddie paul at
Tue Aug 11 14:33:37 UTC 2015

On Tuesday 11. August 2015 14.27.16 David Gerard wrote:
> It's apparently 404ing for at least some people. Archive copy:

Great stuff: damage limitation in action; damage already done!

> On 11 August 2015 at 10:51, David Gerard <dgerard at> wrote:
> > This is an ... amazing piece. This Oracle executive (read: someone who
> > is high up enough that their words won't be edited) seriously thought
> > this made Oracle look competent and trustworthy:
> > 
> >
> > 
> > It's one of the finest marketing posts for Postgres, and for free
> > software in general, that I can recall this year. It really makes the
> > point, and I suggest circulating it widely.

It certainly is one of the finest marketing posts for Free Software: the 
proprietary vendor keeping its customers powerless and even threatening them 
with lawsuits for doing things on their own computers.

It doesn't help that this comes from someone at the company who brought you 
scott/tiger and a variety of unsecured services well into the modern Internet 

> > (My day job is in the midst of an Oracle->Postgres migration. It's
> > going *really well*. If you're stuck somewhere that's on Oracle, show
> > them this post, explain the serious security and competence concerns
> > it raises, and get moving to Postgres. One of the nicest things about
> > it: we give every app its own cluster of two PG boxes, because you
> > have the freedom to just do that instead of running a centralised
> > monster box with an expensive license. It turns out that just
> > everything not having to play nice with others makes stuff
> > stupendously easier to manage. And that's entirely before the benefits
> > of approachable developers and viewable code.)

It saddens me that even today people talk about how many licences they have 
acquired and the exciting things that they intend to do with them - maybe set 
up a virtual machine or two! - when all that per-machine, per-CPU, per-
whatever licensing are just the strings on the puppet, where the puppet is the 
customer who gladly dances to the vendor's tune.

(And I agree with you about PostgreSQL. I've done reasonably big data and it 
did the job just fine. I've used Oracle in the thankfully increasingly distant 
past, and all the time it was "don't hit the database" which even in read-only 
form could not somehow be replicated (probably because of the licence fee 
situation) and where the database administrator could frequently be heard 
cursing Oracle and smashing his keyboard against his desk. I've worked on a 
project where Oracle offered something but where the local representative 
admitted that you wouldn't want to build a product on that feature because it 
could easily go away (which I believe it did), and on another where the 
success of that project was predicated on some feature that may still exist 
today, but where the project struggled to make it work (perhaps because it 
didn't throw enough hardware at the problem, as Oracle seems to demand). 
Oracle should be to database systems what Sun was to hardware once the dot-com 
bubble burst and people realised that the equipment they needed to buy didn't 
have to be an expensive aspirational statement about what their enterprise was 
supposedly going to achieve.)


More information about the Discussion mailing list