Dreams
I have a recurring dream about doing some Oracle database security work for apartment complexes I've lived in and running into related problems with other residents. I'm not sure why; I seriously doubt any complex I've ever been to used Oracle. Maybe it reflects stress at my job over related tasks.
I usually don't write about my professional career as an Oracle DBA. When my academic career collapsed in a recession I had a difficult time restarting my professional IT career, with recruiters skeptical of "ivory tower academics" using them as a bridge on the way back to resuming my academic career but with zero "real job" IT experience in 8 years. I still remember interviewing at a well-known insurance company in the Normal/Bloomington, IL area; it was clear they had no interest in hiring me. I think meeting an unemployed PhD intrigued them. I ended up listening to some HR buffoon proudly explain how they promote from within, and I would be considered no better than the new graduates I had taught for entry-level positions.
I had gotten exposure to Oracle taking a couple of graduate database courses at UH. The local DBA sucked; our whole first class had to file incompletes because uptime was abysmal. So I had filed a mental note that, as Oracle expanded its market, there would be a strong market for competent DBA's. I had no interest from recruiters with no professional DBA experience on my resume. I did do some programming work for an IBM subsidiary in the Dallas area, but kept an eye open for Chicago area job notices. CSC had temporarily lost a federal contract including IT work at the Chicago EPA. The interim agency needed bodies and made a bargain basement offer, which at least gave me a foot in the door. Literally the second day on the job I found out that they lost a recompete, which meant I would likely be unemployed again within a few months.
I never completely went off the academic job market for the obvious reason my academic job experience of 8 years of college teaching was more salient than my meager recent IT experience. But none of my campus visits led to offers. So I applied for a position at a historic black college in Louisiana. I made my campus visit but didn't hear a thing for weeks. In the interim, some market research company in the SW Chicago suburbs, now a subsidiary of Equifax, decided to interview me; they were building Oracle databases to store marketing data that our statisticians used for modeling. I started off on the wrong foot with bad driving directions, but it worked out for about 2.5 years through the Equifax acquisition. I knew I had finally reached IT job security when I started getting unsolicited phone calls from recruiters at Coopers & Lybrand among others. And yes, the Louisiana college came back with a generous offer. It was a matter of timing. I thought they had moved on like the others. This was a tenure-track position and if I didn't win tenure, I would be back in the same boat. I figured I needed a good year or two at my new job to return to IT. It was a tough decision to turn them down because being a professor was always my dream job.
I had tons of DBA experience when I accepted a temp job near the end of 2009 to help a Russian American female owned company doing some CMS contracts (including a couple of government databases on site). I can't really discuss specifics because of contractual requirements. Some quirky older Russian immigrant was their "DBA", but he was more of a developer who had taken a couple of (practically useless) Oracle Universiivy classes and totally unsuitable to prepare for an audit. (He also had a human target full of BB holes on his office door, which I found intimidating.) There are a number of STIGs, basically security rules that clients don't want to hear. One of the biggest STIGs involves ensuring your databases have been patched with Oracle's latest quarterly security patch bundle. They had one database running a desupported version of 10G (meaning no new patches). My client boss somehow convinced himself that he was exempt from the security patching requirement. I knew the auditors would immediately focus on unpatched software. So I explained he had to upgrade 10G to the supported patch level and then apply the patch. Eventually I ended up doing this for them. And the clients had me pose as their DBA in a meeting with auditors. I had a full-time offer pending for the start of the year at USPTO for a contractor; they knew I was on a short-term gig but decided to pull the offer the day before my current client said they had run out of money to keep me on. This of course was during the Great Recession which meant likely months of unemployment. Life isn't fair.
I've had more than my fair share over the past decade of dealing with 200 or more STIGs with the current version; they are sometimes nuanced and many are open-ended; for example, it's not enough to collect audit data, they want evidence management is acting on results to control database security. This would typically require a customization or licensing Oracle/third-party software, never mind configuration. For most government clients, there is typically a funding problem. These things are widely known.
And in many cases I'm dealing with colleagues who don't conceptually understand what's behind a STIG. To give a recent example, on database backup STIGs, there was a lot of discussion of operating system backups. OS backups over live database files are generally unusable. In Oracle, we usually run RMAN or hot backup scripts over live databases where database changes are temporarily put on pause so the underlying files can be backed up. I have a colleague who wants to prematurely close STIGs. For example, one STIG implies that they want to see an exceptions report involving scheduled jobs, not in so many words. She thought it could be satisfied with a couple of queries. It's not just her; I've found a lot of IT professionals can't handle semistructured situations. It means I end up having to extensively get involved to the point I feel it would just be easier to do it myself.
I find myself getting politically targeted. For instance, in a prior gig, I was enforcing an Oracle networking client requirement for SHA-2 or better checksumming. One of our partners was still running on 11G, which Oracle had desupported, which only supported up to SHA-1. So the client DBA, a civil servant, says that he'll upgrade if and when his command decides and in the meanwhile I should revert to SHA-1 to accommodate him. Bullshit! I'm not going to violate a STIG to accommodate this idiosyncratic civil servant. He then mentions he is afraid of corrupting his 11G install by installing a 12G client. Okay, now I know I'm dealing with another civil servant village idiot, not the first. You can deploy a 12C client in a separate ORACLE_HOME. This is like Oracle DBA 101. He has no intent of doing that; he complains up his chain, "Who the fuck does this contractor think he is, telling a government employee what to do?" Idiot civil servant manager heads are exploding, not good when a single phone call can get you fired. I was later advised, go to IA (security compliance) and have them crack the whip on this bozo. The facts were on my side. It's not fun being the bad cop.
So it's not unusual for me to have STIG-related nightmares.
COVID-19 Paranoia
I'm pretty much tied down to my apartment Generally speaking I've been blessed with good health, despite my obesity (I have a separate nutrition blog). For most of my adult life I never visited a doctor. Like most Type A individuals, I strive on stress. But too much stress can affect your health, not just in terms of possible cardiac events, but in oddball ways. I've mentioned in past posts of an unpredictable West Coast boss. He decided to restart a Web Expense project, a 6 month project to less than 3 months; we had an understanding it would start in late January. He was basically writing this on my back. Even the testing environment wasn't set up. And then he threw in a complication of out of left field. He decided to allow managers to defer migration to a new email server. The bottom line is a different email address, If the email address was wrong, the submitted expense report got lost in the system; for most employees waiting on expense reimbursement this was an unacceptable moral issue. I can still remember him telling another manager, a direct report to the CEO, to try out the new system, and I made a run to my cubicle to check the CEO's listed email address. It never dawned on him that he needed to check things with me first.
So MT, the nominal PM, called me on a brief Christmas vacation (I had to be back for Y2K) to tell me his trainers going out to our branches were being told to submit new expense reports in production, effectively pushing up an already aggressive go live by 3 weeks. Nothing was set up in production. Not one communication to me, and I was the one doing virtually all the work.
What does this have to do with health? I started experiencing weird symptoms, like I, a former member of my high school choir, couldn't sing beyond a 2-note range. The other thing was a persistent dry cough. My Mom nagged me to see a doctor; the quack decided I was recovering from a cold.
When I resigned several months later, the symptoms disappeared within a couple of weeks.
So all of a sudden around Wednesday, a couple of days before a high-profile deliverable, I got hit with a nasty bug. The first thing I think is "Damn! Did I contract COVID-19?" No, I don't think so. Right now most of the symptoms have gone away with major rest; I'm mostly working on regaining my appetite; the good thing is I'm at a multi-year weight low, but it's a shitty way to lose weight. While most people are thinking of burgers Monday, I'm thinking fruit and soup.
