Oracle Java sucks.
1 09 Mar 2019 20:18 by u/ThisIsMyRealName
With the next release of my devs' software, we're moving from TLSv1 to 1.2. I installed the software in the test environment, and much to my shock the client servers were unable to communicate with the application server with 1.2 enabled. This is a Java application, created by Java developers, intended to run in Oracle's VM, so hiccups are par for the course.
I retraced all of my upgrade steps, ensuring all of the configuration options were correct, all of the files were where they needed to be with all of the correct permissions. I checked my Java version, and yes it was the current version. Hold up. I'm running the latest version, but it's over 20 builds behind the recommended build of the JRE.
The Oracle Java website distributes one build per version rev. I did not realize that. My devs coded for a newer build, which is only available to download from Oracle's Support site. Surely a build number, not even a minor release number, wouldn't solve what is most likely a problem I caused during the upgrade.
Yeah, you know already. TLSv1.2 is bugged in early builds of the latest Java 8 JRE. After upgrading to build 32 as was recommended, the servers started talking to each other. SAME VERSION NUMBER, but a build released about a month after initial release fixed the bug.
Oracle Java sucks.
31 comments
0 u/TheBuddha 09 Mar 2019 20:26
One Raging Asshole Called Larry Ellison.
0 u/ThisIsMyRealName [OP] 10 Mar 2019 04:55
Larry Ellison is not an asshole. I don't think he has the capacity to be an asshole if he tried. He just craves money. Anything for more money. Money is winning.
0 u/libman 15 Mar 2019 00:06
The Silicon Valley is far from a free market. It had tons of government R&D money poured into it since WW2, and it's still heavily in bed with Fed domestic spying agencies - especially Oracle. Its use by so many large corporations and universities is all about group-think and historical momentum, not actual quality.
0 u/yellowthread 09 Mar 2019 20:27
Whoever came up with not assigning a minor release number is getting a big bonus for "bug-free code"!
This has to be some new project management thing, Microsoft does it too. What the fuck is a 1709? 1834? Year/week of build I guess, but why even have all these different builds maintained in parallel?
0 u/AnthraxAlex 09 Mar 2019 20:31
I swear to god microsoft release numbers are a fucking trainwreck. To make it worse release numbers are shared across OS versions so there is all sorts of confusion about what release and version of product people are talking about whatever bug was fixed in. THis is pajeet level bullshit devised by pajeet engineers since thats the only people those companies hire now.
0 u/thebearfromstartrack 09 Mar 2019 21:17
Oracle THANKS to East Indian infiltration has become a diabolical nightmare of NON elegant confusion. East Indian philosophy NO DOUBT. Just take the RMAN utility! Or any of the other major development features over the past decade. Non elegant, non obvious, overly complex and confusing options NEVER adequately explained. Hell just patching the damn database is a nightmare, as some patches might screw you up if your didn't need them.
0 u/ThisIsMyRealName [OP] 09 Mar 2019 21:31
Honestly, the nicest thing I could possibly say about Oracle is that they have an okay database. I have to admin three of them, and for the most part they just work. I don't like working with them, but they do work.
0 u/thebearfromstartrack 09 Mar 2019 21:59
What version and what features? Failover? ASM?
0 u/ThisIsMyRealName [OP] 09 Mar 2019 22:18
I've been an admin with 10-12 versions. I had to do the 11 to 12 upgrade personally with one of the (two) systems I was working on that used Oracle DB. That wasn't particularly easy, because the upgrade utility failed out in the middle of it with little explanation of why. The DB seemed to be okay though. Everything started up just fine, and the data was there.
The only real problem I've had was when we setup Transparent Data Encryption in 12, just after the upgrade. For some unexplained and unknown reason, we couldn't use the same wallet for both server to server communication and for encrypting the data at rest. The only way I could make it work was to have two wallets with two different certificates, one for encrypting data in transit, and the other for encrypting the data at rest.
0 u/thebearfromstartrack 09 Mar 2019 22:28
Exactly. Stuff like that is NEVER adequately explained. Were you paying for Oracle support? Have access to the support website and stuff? Ever try patching? Or are you casual about that? I had to do TONS of research to find and apply the PROPER patch(es) ONLY. Due to risks (boss).
0 u/ThisIsMyRealName [OP] 09 Mar 2019 22:32
I don't give any money to Oracle. That's for the managers to decide and figure out. But yes, I do get patches from the support site. Only problem I've ever had applying a patch was due to my own negligence in reading the README, which stated I needed a newer version of Opatch. CPUs go pretty smoothly for me.
0 u/thebearfromstartrack 09 Mar 2019 22:33
PLUS it's become HELLA expensive. Not to mention Sar bannes oxelly (sp?) and HIPPA pretty much REQUIRE you to have Oracle features now.
0 u/thebearfromstartrack 09 Mar 2019 22:35
BTW do you use audit trails at all where you are? Also how many East Indian immigrants do you employ v white citizens?
0 u/ThisIsMyRealName [OP] 09 Mar 2019 22:39
I configured the DB to audit according to DISA STIG, and audit records go to syslog so we have everything in one easily manageable place, easily offloaded to a logging server.
I'm the DBA and system administrator, and I'm white. What do you do? You ask a lot of questions. What is your experience?
0 u/thebearfromstartrack 09 Mar 2019 22:57
What about the rest of your staff?
I'm a contractor (did 13 years at hospital). I'm primarily a developer but go roped in Oracle DBA (under a HEINOUS witch who later left in disgrace) the last 3 years of that. I have 3 patents (parallel programming), went to grad school on full scholarship. Now everywhere I go the place is CRAMMED with East Indian Immigrants. Oracle (California headquarters) included.
0 u/ThisIsMyRealName [OP] 09 Mar 2019 23:07
I'm the DBA and the admin. I'm the staff. My managers aren't pajeets either.
I'm also a contractor, but I work with the DoD. All opinions are my own and do not reflect those of the DoD or related organizations.
Rest easy at night knowing that our military (mostly) does not rely on software created by opportunists here by H-1B and unicorn farts.
0 u/thebearfromstartrack 09 Mar 2019 23:13
Hmm. DoD. Perhaps I should look into that. So you're a small shop? How many users of your DB's? Size?
I had about 20 dbs (under MY wing) in a 4 person department. Size of 1-2TB per. I handled pharmacy and various outpatient stuff as well as employee/personnel related DBS. I replaced 2 people devoured by our heinous witch boss, until I too couldn't stand it anymore.
0 u/cantaloupe6 09 Mar 2019 23:51
Sometimes it makes one wonder.
China use a very Sun Tsu style of spying - atttacking vacuities - places undefended. It should have been obvious; what were they thinking?
"China obtained the information through a complex information gathering matrix that included direct spying and the use of "front companies" in the United States as well as "a network of individuals and organizations that engage in a vast array of contacts with scientists, business people and academics," the report say
http://www.cnn.com/US/9905/25/cox.report.02/
0 u/inner-city-youf 09 Mar 2019 21:46
What, did you just start developing? These kinds of things aren't specific to Oracle nor are they rare - this shit happens all the time. That's what makes good developers good - knowing how to efficiently troubleshoot. If Oracle recommended a build and you didn't use that to begin with, that's totally on you.
0 u/ThisIsMyRealName [OP] 09 Mar 2019 22:22
I don't get paid to develop. I admin the shit developers make.
0 u/inner-city-youf 09 Mar 2019 23:20
Ah right. Those that can - do. Those that can't - administrate.
0 u/ThisIsMyRealName [OP] 09 Mar 2019 23:49
Without us admins, who will restart your code when it inevitably dies?
0 u/roznak 10 Mar 2019 00:06
You need to get better developers.
0 u/ThisIsMyRealName [OP] 10 Mar 2019 00:26
Yeah, probably. Where can I find this mythical beast?
0 u/roznak 10 Mar 2019 01:37
Me and some people in my team can be hired when our current mission completes. We fix broken projects we inherit that have been broken for many years. No restart of our services are required for years.
0 u/cantaloupe6 09 Mar 2019 23:36
The closer one gets to the code the lower the faith in technology working, lol.
0 u/parnellsUprising 09 Mar 2019 21:55
Look at the licensing, you should be using open jdk
0 u/ThisIsMyRealName [OP] 09 Mar 2019 22:09
I know. I've explained this to my managers. It's their decision, not mine.
0 u/albeit 09 Mar 2019 21:59
Their executives' attitude towards security makes me worry. It wouldn't surprise me if there are more bugs (security flaws) in their TLS implementation. But don't look too closely at Oracle's products, just trust Oracle, or else maybe they will sue you.
0 u/UndeadTed 10 Mar 2019 02:55
Yeah they changed their default TLS version, without the command line switch to set the version you want it won't work
0 u/libman 15 Mar 2019 00:01
Everything from Oracle sucks. And all Java sucks.
Use PostgreSQL. Most Russian businesses switched from Oracle / SQL Server to PostgreSQL when they were hit by the sanctions, and it's quickly catching up with the most important features. There are lots of extensions, and proprietary support if needed. Given the cost of Oracle licenses, you can save money by hiring developers to write any features you're missing in PostgreSQL, for the benefit of all humankind!
Use a copyfree statically-typed programming language like Nim, D, Haskell,
Rust,Go, etc. (Strikeouts are for languages from left-wing organizations / corporations that lobby for bigger government.) Some aforementioned languages easily beat Java performance benchmarks, including for low-powered devices and Web scale APIs. Or use a scripting language like Ruby, Python, Tcl, etc - if you must.You don't need a heavy Java IDE. VS Code is the most feature-rich editor for the languages mentioned above (ex Rust, D, Nim), and it has a pretty low learning curve. Better still is learning vim or kakoune.