Slashdot Mirror
Beware of Oracle's Licensing 'Traps,' Law Firm Warns (scottandscottllp.com)
itwbennett writes: Slashdot readers are no strangers to Oracle's aggressive licensing practices, practices that have earned them notoriety over the years. This week, Texas law firm Scott & Scott wrote a blog post warning enterprises about the 'traps' in Oracle software licensing. One of the biggest problems with Oracle software is how difficult it is for companies to track internally what they're using and how they're using it, said Julie Machal-Fulks, a partner with Scott & Scott, in an interview with Katherine Noyes. 'They may use just one Oracle product and think they're using it correctly, but then Oracle comes along and says, 'no, you're using it wrong — you owe us a million bucks.'
Is anybody surprised by this?
Most people who have dealt with Oracle often find themselves wondering how Oracle has never been charged under the RICO act.
They're a shakedown organization.
As much as I like an Oracle database, I've seen several situations in which Oracle is the most dishonest group of people to work with, and their licensing is pretty much "give us all the fucking money".
Sometimes it just seems like they make shit up as they go.
Lost at C:>. Found at C.
"IT'S A TRAP!"
Look at their "recent posts" box. Just one Oracle article after another. I wonder if Uncle Larry's legal team can go after them for defamation or libel or something.
I did some contract work at a company once where I knew they were using Oracle products beyond their license. I brought it up with the CTO, even quoting the license contract verbatim and he assured me that it was all covered under license and Oracle knew how we were using the product. We had a pretty simple use case and didn't *need* to run Oracle at all, MySQL or PostgreSQL would have been more that sufficient for our needs (and it would have been easy to , but the CTO thought Oracle made the company more prestigious - so migrating off of Oracle was not an option.
Well, they were "lucky" enough to be chosen for an audit and after we inventoried the systems and sent over the oracle logs, Oracle said we were violating our contract terms and were short by about $250,000 worth of products and $25,000/year in back maintenance for 3 years.
Our CEO had contacts at Oracle and negotiated them down to "only" $150K + $10K/year, but that was a pretty significant hit to the company - they ended up folding about 6 months later (not entirely due to the Oracle expense, but losing a few months of burn didn't help).
Absolutely nobody should be surprised by this kind of thing. The whole industry has problems managing licensing. This has nothing to do with Oracle. You can get bit the same by Microsoft. All it takes is one disgruntled ex-employee to trigger an audit.
The fact that Oracle doesn't have an annoying license manager doesn't mean it's freeware.
A Pirate and a Puritan look the same on a balance sheet.
..it seems like more and more companies are following this model, although the religious fervor may be less. We were bitten by the VMware scam this year in an audit triggered by the retirement of a legacy system and it's Oracle CPU licenses. Another dirty trick: audit triggered on any reduction of license, nice one! I've also heard of them playing all sorts of license conversion shenanigans when converting from old licenses to new licenses. Thankfully their audit was the last straw that caused our CIO to dictate that we switch to open source RDBMS providers going forward.
http://developers.slashdot.org/comments.pl?sid=7803461&cid=50265123
Unless you are a huge enterprise with some really specialised needs, you can use PostgreSQL or any of the other FLOSS DBs that support transactions and most DB uses. Never again will I ever use anything but MariaDB or PostgreSQL. Paying a per-processor fee is a tax on the stupid. I have since moved everything I support over the FLOSS. Never again will I pay for software licenses. There is no need. Everything I need is free as in beer and in freedom. PostgreSQL for DB running on Debian stable, OpenBSD and pf for firewall, Debian and nginx for Web server, openSUSE for desktops, older trixbox running on CentOS for PBX, no need to pay anyone for anything other than for hardware.
'no, you're using it wrong — you owe us a million bucks' No, no... That was, "You're holding wrong -- you've already forked over hundreds of dollars."
We had a pretty simple use case and didn't *need* to run Oracle at all, MySQL or PostgreSQL would have been more that sufficient for our needs (and it would have been easy to , but the CTO thought Oracle made the company more prestigious
Except Oracle maintains MySQL. So going with MySQL would still make "We use Oracle software" a true statement.
larry needs a new diamond knob for his yacht.
One
Rich
A$$hole
Called
Larry
Ellison
There's no Freedom like UFP-dom
Do business with Oracle, MS, et al, you deserve the random ass rapings coming your way.
After all, you agreed to get ass raped.
What are some of these "violation of license" situations? It's kind of hard to judge Oracle without knowing what these situations are... genuine breaches or not?
I work on a team that builds and operates an enterprise service bus that runs partially on the Oracle Weblogic/OSB stack, along with other JMS brokers such as fuse/talend AMQ brokers and Solace messaging appliances. The Weblogic/OSB portion of the ESB is by far the most brittle and expensive piece of software in the system. We're working to remove the cancer that is oracle software from our network, but since it's an operational system critical to our customer's business it's taking time. We spent about six months working with thoroughly incompetent oracle support staff in an attempt to get the OWSM security modules to perform some basic encryption/decryption and SAML token validation without any success. A significant portion of that time was spent just waiting on oracle support to provide patches for all the roadblocking bugs we encountered. When the patches were finally delivered, they were provided to us completely untested 'as-is'. The first patch delivered wouldn't even run because there were class files missing. We wrote our own security module using WSS4J and java callouts in about three months after we gave up on oracle ever getting us functional patches. A few months after that, oracle performed an audit and attempted to extort additional licensing fees from us for using OWSM. We had never used OWSM for anything but development and testing, and had removed it from our systems entirely by that time. The most satisfying call I've been on working this project was listening to my PM tell the oracle goons to go fuck themselves while they were issuing legal threats via conference-call. After that incident, Oracle wanted to "repair our relationship" and sent a team of what they called "customer service specialists" to meet with us. What they actually sent was a trio of arrogant used-car salesmen. We met with them and after introductions and a system overview we started discussing what it would take to get Oracle to actually fix our laundry-list of open SRs and enhancement requests (If you've never worked with oracle support, an Enhancement Request is what they call a bug they don't plan to fix). They responded to this by bringing up a new project being worked by another team at our company that they were starting database license negotiations with. They suggested that if we could grease the wheels and guarantee that database licensing deal went through then they could put pressure on support to fix the issues we had with weblogic/osb. Their "customer service specialists" were demanding a quid-pro-quo before they'd consider giving us the support we had already paid for. That meeting ended just as poorly as the OWSM shakedown attempt. Our weekly oracle phone conference is openly hostile at this point.
One real beauty I was involved with handling from Oracle was how they can charge you for all the cores on the VM host even though you are only using say 2 out of 16 cores for your server. Of course they would not do this if you were using their VM stack.
They tried this to me for Weblogic licenses and after getting a whopping quotation that was easily 20 times what it should have been, I just ended up porting the enterprise app over to Tomcat bringing our license costs for our J2EE stack down to nil.
At my place of work (fortune 500), this type of behavior was responsible for us moving the entire business (new development, legacy can remain on Oracle) to SqlServer. I understand that SqlServer supports many of the functions of a real database, but learning to use (no lock) on everything and then finding out that didn't really mean NO lock, it only meant probably-don't-lock was quite an entertaining afternoon. I've been voting to go flat files, but so far they seem intent on sticking with MS. The funniest thing was the announcement that said we were switching to SqlServer to get away from vendor lock-in. That kept me laughing up until I had to log in to the thing.
These guys have their heads so far up their asses they should be called orifice. https://lulztees.com/product/o...
I would imagine that the contracts give them that "right" but I'd also wager than many companies running Oracle are dependent on ongoing Oracle support and updates to keep business-dependent systems up and running.
I wonder what happens when a company actually does decline to allow themselves to be audited and how long they could put it off.
Let's say you were running Oracle, but unhappy with it and you began planning a migration off it, so you quit paying for support. Oracle believes this makes you in violation and they decide they want to audit you.
The first step is the Sending of the Scary Letters. You "ignore" the first few letters because they weren't sent certified or the "signature" was some mail room drone scribble for a whole bushel basket of packages. I don't know, but I'm guessing you could dodge even certified letters for a while if the responsible parties were never available. Let's say it buys you two months.
Since you actually manage to read the letters, you finally decide to reply officially. So you start the next phase, which is the Sparring of the Lawerly Letters, where you attorney and their attorney send snail mail letters back and forth challenging each other's position. Since you rely on snail mail, you might get a couple of months of delaying action out of this.
So Oracle decides to sue to enforce the contract terms. How much delaying can you buy here? It may just be too much TV, but it seems like there's lots of room for delays here. Discovery motions, challenges to evidence, requests for delays, just getting a trial date may take months.
Before you ultimately have to give in, you could possibly have bought a year fighting this. Maybe by then you've migrated to your new DB platform, removed all the Oracle and there's nothing for them to audit. Maybe between a friendly local judge and a good attorney, you intimidate Oracle by getting some kind of a discovery motion that makes them want to fold rather than give up "all emails related to licensing and audit policies and procedures" for fear you'll find out it really is a fishing/shakedown expedition.
The other scenario I wonder about is the company that has some kind of defense contract. "No, I'm sorry, but auditing those systems is impossible. They're classified. If we let you audit them, both of us have just violated national security and are subject to prosecution for espionage."
Neil Gaiman, Good Omens: The Nice and Accurate Prophecies of Agnes Nutter, Witch
For many years I did the PL/SQL thing to separate the "business logic" and I built fairly large systems for fairly huge companies. I can make three very qualified statements:
One is that I never really liked working with Oracle as a developer or a DBA. The install was damn easy but configuring and tweaking the DB was a pain on a single machine and a huge pain on multiple machines. Backups and their restoration could easily go very wrong unless you had experienced people and still only after triple checking that things were properly being backed up. The same with any kind of failover etc.
Second is that while I am not too bad at estimating I pretty much refused to guess as to how much an Oracle licence was going to be. Getting a straighforward answer out of Oracle was actually a dangerous move careerwise as they would often want to send in salesmen when they would hear the names of the companies I was working for. They would basically then try to pull shit that would make me very unhappy. I was fairly certain that they were trying to do things such as replace me with more Oracle friendly consultants once they started to buy whole SaaS companies I cut oracle out of my life.
My last and most important statement is that at this point in history anyone using Oracle is a fool. MariaDB, PostgreSQL, Redis, or just about any one of a zillion good datastores out there is so much better than Oracle that I simply don't know why anyone would use Oracle even if Oracle was free I would still use the others. If someone said that I had two choices Amazon Aurora or Oracle I would use Aurora even though I have never used it before. I will simply assume that it is easier to use, faster, cheaper, and less dangerous to my career.
I will give a classic Oracle use case that I did maybe 15 years ago. My client (fortune 50) wanted a system built that would allow you to browse their catalogue and buy stuff online (radical idea at the time). With about 200 main products and an estimated 200,000 to 1 million sales per year estimated (it was 15 years ago) everyone here can guess as to what kind of DB back end we are looking at. Transactional, reliable, blah blah. So we are putting this on a small cluster of machines with about 4 processors each. They insisted upon Oracle as they had been snowed by Oracle into thinking that to have Oracle plus another DB in the same company would blow them up. So I build the system which will then go onto about $400,000 worth of hardware. The entire development time was also spent trying to get Oracle to give them a price which I had said could be insane. So we deliver and the DB licensing was going to be $800,000.
I had seen this coming so our SQL was completely abstracted and very generic. There was no lock in PL/SQL.
The client basically loses their crap thinking that this project was going to make them look like a fool in their company and that this could be a career damaging move. So I point out that we saw this coming and have developed the system so that we can swap it over to an Open Source database that not only will be better but runs much faster meaning a more responsive website combined with lower harware costs because they now had more effective hardware capacity than they had with it running Oracle.
So since that project I have done zero Oracle work and will only do projects that either don't use Oracle or the project involves converting an Oracle database to something else; anything else.
The odd thing is that out of about maybe 300 developers with whom I have discussed Oracle as a DB 3 or so might have defended it. Without exception they were fully certified in using some Oracle product or another. The other 99% hated Oracle and everything it stood for. As in people who dropped MySQL soon after Oracle bought it. So how on earth is Oracle still in business? How is it that every time that Oracle is brought up in a technical discussion that the experts don't say. "Why don't we just hire people to punch us in the face while we develop the system? For using Oracle is about an equal act of self loathing."
Oracle and Sun had a "gentleman's agreement" where is Sun sold you some additional CPUs for say, your E6500 servers, delivery of the new CPUs was often quickly followed by a visit from your Oracle sales rep with an invoice for more power units.
I know, Cool story bro...
I have run a company.
We treated our clients with respect and fair pricing.
You don't have to be a dick to run a successful company. I feel sorry for the companies who think you must be and I avoid dealing with those companies whenever possible.
Oracle is at the top of the list. EMC, VMware, Apple, Microsoft, Lenovo, Adobe, Google, Facebook, Twitter, Comcast, AT&T, Verizon, Cox, Cisco and a few other tech companies are as well.
And if you think it is bad being a customer of Oracle that buys their kit, consider that it is worse being an employee: the only thing that Oracle can do right is the amount of money they pay you. So if all you care about is money (Hello Han Solo!) then Oracle is perfect for you.
The choice is simple, pay a good engineer for correctly setting up your free Postgres, or
pay a huge maintenance contract to Oracle to have them solve those issues for you.
"fuck off, we'll use postgres instead".
There are Microsoft shops out there, and there are some that I've worked with that are happy with Microsoft.
There are IBM shops out there, and there are some that I've worked with that are happy with IBM.
There are Best of Breed shops, (LAMP/OSS/etc) and they are happy as hell.
There are Oracle shops out there, and never have I heard a client say "We Love Oracle!"
I'll have to say my views of VMWare and Microsoft changed recently after having some clients receive a self audit from each.
VMWare said licensing was being broken because there were hosts hooked to vcenter running licenses without support while also having hosts connected that did have support contracts. This is supposedly a support loophole and they could get support on licenses that don't have a support contract. Such a huge waste of time and a ridiculous claim.
Microsoft then self audited a tiny client of mine that doesn't even have a single microsoft server in house. I guess using office 365 opens users up to an audit. They had a very long spreadsheet that needed to be filled out and even asked how many office 365 licenses were being used!? Don't they know how many are on the bill?
I don't think it should be legal to require companies to self audit and leave them with the expense of that. I believe I would take more regular phone home license activation schemes over this.
Software companies are a little out of control with what they are allowed to do to customers.
As revenge and/or a bargaining chip for the Java lawsuits, Google could have bought PostgreSql stewardship and fleshed out the rough spots to make it more competitive and compatible with Oracle. Not too late.
Table-ized A.I.
Why the fuck do you have me click to show me the rest of the comment when there is no more. A few time in the past, I'd click to show the rest of the comment, only to have half a sentence revealed. Fucking games by assholes trying to push additional ad views would be my guess. Fuck You is about all I have to say.
We had one small installation of Oracle on a VM running some old legacy database. Oracle audited and noted that the default packages were installed. The poor DBA didn't realise he was supposed to remove all of the default install-time packages as we had only licensed the base installation, but despite the fact we were only actually using the base packages, Oracle kindly notified us we were under licensed and owed money for several years with all the out-of-the-box features. Also because we were running oracle on a small 1vCPU Virtual machine, we had licensed for 1 CPU, but Oracle doesn't recognise "soft partitioning" hypervisor like ESX, only Oracle VM or "Hard Partitioning"... so we also got hit up for the full count of CPUs on the underlying ESX host (8!). After a lot of wrangling, Legal departments going back and forth we made a deal and purchased double the licensing we actually needed (so they had a sale and we were out of pocket for software we will never use). Needless to say, we have since divested in Oracle and will never use their products again. Oh, that reminds me. Oracle Java is a pain in the arse now, and the sooner it dies the better.
I'm absolutely no fan of Oracle, in fact my company often competes with Oracle in certain domains and I think we have many similar problems when it comes to protecting our company and our product. We price it by (1) number of cores on the server where it will be used, or (2) number of users or (3) other project-specific metrics that we and the buyer can agree on (this is not common but every once in a while necessary).
We have customers that buy 1 core's worth of licensing and then try to run the software on a 1024 core machine. We have customers that buy 1 development license and copy it across a multi-site development team of 10 or 20 developers. A company field engineer will show up on site to support that one developer and find themselves talking to a roomful of people who are all using the software.
We are currently fighting a situation where a government integrator is making unlimited copies of a single license and installing that same license into a system that get deployed out on military equipment that is disconnected from the network so that there is a limited ability for each instance of our product to determine that it's not legal.
I don't much like Oracle but when it comes to audits I feel their pain. Far too many people believe that everything should be free and the don't give a crap about using stuff they haven't paid for or lying about how they are using it so they can save a buck.
The abuses by the government and commercial sector are rampant and they are destroying our company.
My last and most important statement is that at this point in history anyone using Oracle is a fool. MariaDB, PostgreSQL, Redis, or just about any one of a zillion good datastores out there is so much better than Oracle that I simply don't know why anyone would use Oracle even if Oracle was free I would still use the others.
There is no sane alternative to Oracle APEX, unfortunately. It's waaay to easy to whip out company-wide applications that require no client installation, nothing, no opensource system could do the same.