Monthly Archives: April 2017

Oracle Critical Patch Update

Oracle has released the latest quarterly critical patch update (CPU). The database gets off lightly this time with two moderate severity vulnerabilities in SQL*Plus and the Oracle JVM. On the other hand, Oracle Secure Backup is not very secure with a bug that can be remotely exploited without authentication. Bad.

The Fusion Middleware stack gets 31 fixes, of which 20 are in the bad group of remotely exploitable without authentication. There is a lot of WebCenter stuff as well as some WebLogic and little Oracle Service Bus. Read the notes and update your environments.

Almost all of the Oracle applications (E-Business Suite, Siebel, J.D. Edwards) are also vulnerable, many through the critical Apache Struts 2 vulnerability (CVE-2017-5638). Oracle has fixed everything related to this Struts 2 bug in this CPU, but if you are running anything else based on Struts 2, make sure you update to a non-vulnerable version.

Do You Need to Learn a New Technology?

TL;DR: Yes.

Developers often ask me which language or tool they should use or learn. I have definite opinions on good and bad tools for various tasks, but the most important tip is to continue learning new technologies. This gives you joy in your life, prevents burnout, and provides a platform when the time comes to move on from your current technology.

For your day job, you want a language that is stable or increasing. It doesn’t matter if it is outside the top ten in rankings like the TIOBE index. For example, Oracle’s proprietary PL/SQL database language has been hovering around place number 20 for many years, and PL/SQL programmers are not likely to be out of a job anytime soon.

But you still need to continually add to your skill set. People who keep doing the same thing lose the joy and wonder of making something work, which is often what got them started in IT in the first place. To prevent burnout, carve out time to work on something new every week.

Don’t expect your employer to give you this time. In some organizations, you might be able to use allocated training time to learn something on your own, but even Google’s famous “20% time” for side projects is 20% on top of the 100% you already work.

You should be grateful you have the privilege to work in IT. To keep that privilege, you should invest time in yourself and your life.

This is an excerpt from the monthly Spiritual Programmer newsletter. Don’t miss the next issue, sign up here

IT Entering the Dark Ages (Again)

Historians have described the period following the collapse of the Western Roman Empire (400 to 1400 AD) as the “Dark Ages.” Existing knowledge was lost and society regressed to a more primitive organization and technology.

In IT, we do not learn from history. We routinely throw away existing knowledge to start over, constantly emerging from each dark age only to enter a new one.

I was just reminded of this unfortunate tendency when I opened The Economist on my iPad. I used to read the magazine in traditional form on dead trees (aka paper) but moved to their iPad app to get my magazine on the publication date and not two days later. Their first iPad app reproduced the magazine layout with several narrow columns of text, re-using centuries of typographical knowledge. But in the new version, the clueless digital natives have decided to make the text one wide column with the lines way too close together, which makes it much harder to read.

Next time you get the bright idea to change something that has worked well (a page layout, a business process, or an IT framework), reflect on whether the change will really make it easier for the system to fulfill its promise.