In the first months in my new role as product responsible I had more or less weekly meetings with the team responsible for Enterprise Manager and in those meetings we made decisions sometimes. But what happened was that a few months down the road we (including myself) could not remember what exactly we had decided or why. And worse, new discussions then started about what to do. Often motivation to do so was because people from other teams had dropped earlier in the week telling we did things all wrong in their opinion.
And at one point I had enough of forgetting decisions and to keep coming back on decisions. I thought “Dammit, I’ve read Decisive (by Dan and Chip Heath). I should know better than this.” Continue reading
We operations people often are rather charmed by Netflix’ idea of Chaos Monkey. This is a tool that identifies a group of systems and randomly terminates one system in that group. If you’ve never heard of Chaos Monkey, you might ask why you would do such a thing. In production even.
Chaos Monkey runs during business hours and the idea is that if anything is wrong with the high availability configuration in that group, you’ll discover it during business hours when lot’s of people are available to solve the problem. But also, and this is the part we operations people like, it makes all people responsible for the application very aware that if they don’t do the right things to make their applications high available, their applications will fail soon. So it raises awareness. Lately Netflix even has a tool called Chaos Kong, which disables whole AWS (Amazon Web Services) regions. Continue reading
Yesterday I read that there is a totally new release of nmap, the network mapping tool. I’ve blogged about Nmap before. Version 7 has attacks against Heartbleed, it has mature IPv6 support, faster scans on Windows and BSD systems. And it has 171 new scripts and 20 libraries (new since Nmap 6 though).
The release notes make mention of a script called oracle-brute-stealth script, which can exploit the CVE-2012-3137 vulnerability, a weakness in Oracle’s O5LOGIN authentication scheme in a lot of 11g versions (except when protocol 12 is required). This vulnerability has been fixed in the Critical Patch Update of October 2012.
I got all excited. But then I realized that oracle-brute-force actually exists in this form since 2012. I’m going to test this out anyway, because it’s an interesting way to gain access to unpatched Oracle 11g databases.