Since we’ve had a public holiday in Germany yesterday, this feels almost like my Monday-morning-rant blog post. But seriously, this question came up so many times the past weeks. And I think it is worth a blog post to answer the question: How many fixes are you missing?
Photo by Paul Hutton on Unsplash
Why would you want to know?
To be frank, customers I discussed the patch bundle topic with recently are often not interested in knowing how many fixes they are missing. Discussions quickly emerge into “quality” or “ease” or “cost” for how to apply patches. But rarely somebody sits across the table and agrees with me when I bring up two numbers when you stay on a fairly outdated Release Update (RU):
- The number of fixes you are missing
- The number of security fixes you are missing
Why is that?
Certainly, it is much easier to argue about the above topics than to confess that you are knowingly decide to miss thousands of fixes, and hundred and more security fixes.
And trust me, I see both sides of the medal. I am not neglecting the fact that we can do better. Actually, the people in charge know about it and try to improve things.
Still, you all remember when Larry ranted loudly about Equifax on stage at OOW 2017. And I blogged about it in relation to a fairy tale called Virtual Patching, too.
ORAdiff knows
We built ORAdiff to allow everybody to compare two Oracle Database (patch) releases to each other. And it is the perfect vehicle here since it not only allows you to check whether a patch you are looking for is included in a given RU, or not. But it allows you also to gather overall information. And this is what I will do here.
Let me go to “Included Fixes“, and then to “List of Fixes“.
Here, you can choose the two Release Updates to compare to each other. In my case (since this is an example from today) I choose 19.9.0 and 19.20.0 since 19.21.0 is not out yet while I write this blog post.
Now you see all the fixes being in 19.20.0 but not in 19.9.0 and below yet.
Scroll down to the bottom of the page. In the lower right corner you will see the overall number:
You are missing just 7590 fixes. We released the Release Update 19.9.0 in October 2020. You don’t have to have a PhD in math to see that this got released 36 months ago. 3 years in IT … 3 years ago nobody spoke seriously about AI, ChatGPT, Vector Databases …
And you miss lots of security fixes, too
Now, let me ask ORAdiff for the security fixes you would miss. Those are named “Fix for Bug” only telling you the bug number. Simply define a Filter with the condition “Like” and “Fix for Bug %” since this is the format.
Scroll down to the bottom of the page again now.
Are you seriously taking this risk of missing 142 security fixes?
Then please watch Larry’s keynote again – I cut out the important parts for you.
Further Links and Information
- Virtual Patching – The biggest nonsense I have ever heard about
- Larry Ellison on Equifax at OOW 2017
- ORAdiff is live – compare two Oracle Database (Patch) Releases
–Mike
Hi.
The question is not about the bugs fixed.
The question is about the bugs introduced by the update.
From the setup with known issues, we go to the setup with unknown issues, that’s questionable from the risk management point of view.
I don’t set questions – I just give an answer to a question which is coming up quite often.
And to be frank, the number of regressions introduced is very very little (even though it should be zero, I agree).
Cheers,
Mike