System at the heart of scaled-back £30m Sheffield University project runs on end-of-life Oracle database

Extended support for 11.2.0.4.0 ended nearly a year ago


Sheffield University's mission to create a new £30.4m student information management system – which saw its original design dropped last week after years of delay – stumbled on integrating corporate software running on an effectively out-of-support Oracle database.

According to information passed to The Register, the university's Corporate Information System (CIS) is running on Oracle 11.2.0.4.0, which went out of premium support on 31 January 2015 and extended support on 31 December 2020. Oracle provides "Sustaining Support" and support options are available from third-party partners. We have asked the university if it avails itself of one of these.

Observers will question the database's role in the controversial implementation of a new Student Lifecycle Project (SLP) which dates back to 2014, when the university said it aimed to implement a "world-class" system designed to "fix fundamental technology problems that, if allowed to deteriorate further, expose the university to unpalatable risk," according to Freedom of Information requests.

Last week, news broke that the institution had abandoned the original design of the project long after staff had warned that it was not possible to deliver the update.

In a statement to The Register, a spokesperson said at the time: "The University is changing its approach to the delivery of the Student Lifecycle Programme. As is the case in any significant transformation programme across a large and complex organisation of our size, we need to take an agile approach and adapt to the things we learn as the programme develops.

"It has become clear that it will not be possible to integrate the student record management system SITS with our current Corporate Information System (CIS) as initially planned, so we will need to deliver this work in a different way. The investment in the programme has already delivered new systems that previously did not exist at the University and our work to date will underpin the development of our future plans. We are keeping our staff updated and will support them as this work progresses."

After getting the statement last week, The Register received information that the CIS runs on a Oracle 11.2.0.4.0 database, according to an insider "SELECT * FROM v$version" query.

Onlookers might question whether the plan was to upgrade the database as the Student Lifecycle Programme was being rolled out.

Oracle offers Premier support for the first five years of most products' life, followed by three years in Extended support. After that, there is the option of Sustaining Support from Oracle or third-party support.

With Sustaining Support, customers pay the same as they do for Premier Support, and get access to old fixes and the right to upgrade to the latest version. They do not get new bugs fixed or general and security updates, explained Martin Biggs, vice president and general manager of Spinnaker Support, which specialises in Oracle, SAP, and Salesforce installations.

"Even when common vulnerabilities are identified that impact this older software, Oracle only patches the newer versions," he said. "There is nothing wrong per se in running 11.2.0.4 – it's a stable and trusted version, but if something goes wrong, Oracle's response would be 'you must upgrade' – which is an incredibly expensive, risky and time-consuming activity with near-zero additional benefits unless Sheffield wants to use the new functionality of younger databases."

The university has been asked whether the effectively out-of-support database was behind problems with the SLP rollout. It was also asked if it is relying on support from Oracle or a third party to keep the database up and running, and when it plans to upgrade the system.

The Register has yet to receive a reply. ®

Similar topics

Broader topics


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022