Feed aggregator

Oracle OPatch Security Holes

Radoslav Rusinov - Tue, 2005-08-23 01:05
A new white paper is coming from one of the leading security companies - NGS (Next Generation Security) Software Ltd.It will be related to discovered problems after using of the OPatch utility for applying of Oracle patches and the title is "Patch Verification of Oracle Database Servers".Some quotes from this Eweek news story: Security Firm: Oracle Opatch Leaves Firms Uncovered:A total of more Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com0

Pete Finnigan's Weblog

Radoslav Rusinov - Mon, 2005-08-22 10:28
Pete Finnigan has mentioned my blog in his Oracle Security weblog, especially the security-related post: How to see the MOD_PLSQL passwords in clear textThanks to him for his comments!I want to note that this information can be found at his book: Oracle Security Step-by-Step (Version 2.0) as step 8.1.2 from Phase 8 - Application Servers and the Middle Tier.Additional information online:Fact Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com0

The Don Burleson's article

Radoslav Rusinov - Sun, 2005-08-21 06:17
Added from Rado (23 August): Don updated his article again yesterday (see the link below). Now it is more detailed and there are lot of quoted documents.But there is again some questionable information:No RAM sort may use more than 5% of pga_aggegate_target or _pga_max_size, whichever is smaller. This means that no task may use more than 200 megabytes for sorting or hash joins.Again, for serial Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com13

Petals Around the Rose

Wijaya Kusumo - Sat, 2005-08-20 20:42
A friend introduced this interesting game to me. It is more like an observation game plus a little bit of math. Apparently it took Dr. Richard Duke at the University of Michigan over a year to "see the solution". He claimed "the smarter you were, the longer it took to figure it out". Maybe smarter people tend to think too much, or loose themselves in the details.... (hint) Interestingly I got it

The _PGA_MAX_SIZE hidden parameter

Radoslav Rusinov - Thu, 2005-08-18 11:38
Check the following links for more details regarding to my previous post (Management of the Oracle9i PGA): Discussion from Don Burleson's Oracle forum: Question for Don, Regarding _pga_max_size Article from Ora!Ora!Oracle mail magazine: Sort Metalink discussion thread: high pga_aggregate_target but low "cache hit percentage" Metalink discussion thread: PGA memory usage exceeding Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com5

Management of the Oracle9i PGA

Radoslav Rusinov - Thu, 2005-08-18 02:43
If you think that your PGA can be configured properly just by increasing of the PGA_AGGREGATE_TARGET parameter, think twice - it is NOT!See this article from Don Burleson: Undocumented secrets for super-sizing your PGAIt shows that there are two hidden parameters that can help for proper using of the PGA. Otherwise, Oracle will never use more than 200 MB for the whole PGA nor will it use more Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com3

Using of BULK COLLECT and FORALL for better performance

Radoslav Rusinov - Tue, 2005-08-16 12:38
Lets see some quotes from the Oracle documentation:---PL/SQL engine executes procedural statements but sends SQL statements to the SQL engine, which executes the SQL statements and, in some cases, returns data to the PL/SQL engine.Too many context switches between the PL/SQL and SQL engines can harm performance. That can happen when a loop executes a separate SQL statement for each element of a Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com6

Mac OS X on your PC

Wijaya Kusumo - Mon, 2005-08-15 20:58
With Apple moves to x86 architecture, it is no wonder people start to do "what if" scenario. And now someone built a Mac for US $199! http://osx86project.org/ It is a shame why it took Apple so long to realize its cash cow is actually on x86 platform. Just imagine if you get a Dell box pre-installed with Mac OS!

Where is Oracle?

Denis Goddard - Sat, 2005-08-13 16:34
I spent about 8 years working at Oracle Headquarters in Redwood Shores, California.
Actually, I almost took a job working for Oracle as a consultant in Columbus, Ohio; it was a tough decision. The consulting job offered more money, and Ohio is closer to my family in the midwest.

In the end, though, it was a no-brainer; I wanted to be in Development, and especially in the specific area of Configuration Management, and that job was in California.
Having made that decision, the first few years it seemed easy; Redwood Shores is the center of the Oracle universe -- the place to be!

Now, I work extremely closely with a team of (brilliant, by the way) engineers in Thames Valley Park, in England.
Also, half my team are in Bangalore (aka India Development Center, aka "IDC"). Last but not least, I made some friends in the Adelaide, Australia office (including one with an OraBlog).

Anyway... meeting times with TVP and IDC were always a hassle when I worked in California. There really is no convenient time between these 3 nearly equidistant geographical points!

Now I have spent the past 2 months working in Oracle's New England Development Center (NEDC) in Nashua, New Hampshire.
I can honestly say, from the standpoint of working with people in England and India, New England is a far, far more advantageous place to be. The 3 timezones offset from California mean I have several hours each day where the British and Indians are reasonably available. As everyone is connected via Oracle RTC (Oracle's chat program), it's quite easy to interact with everyone.

I would say to anyone that's working with folks in Bangalore or Britain -- you ought to have a look at New England. Aside from being a really nice place in its own right, the timezones are quite favorable.

For the next week I'll be back in Redwood Shores, visiting my boss, my team at Headquarters, making presentations, etc.
No doubt, I will also be eating as much Indian cuisine as I can get my hands on -- there are precious few Indian restaurants here in Nashua.

Strange behaviour of the CBO, part 2

Radoslav Rusinov - Thu, 2005-08-11 03:08
After playing around with setting of columns to allow NULL values or not (setting COL1 and COL3 to allow NULL values, test and put it again to their default condition) and precomputing statistics, the issue from previous post become more unclear.Now the structure of the table is the same like it was before, statistics are fresh but cost for the execution plan is always 175. It doesn't matter whatRadoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com0

Strange behaviour of the CBO, part 1

Radoslav Rusinov - Wed, 2005-08-10 11:36
The following interesting issue does not have clear explanation till now.I have query that is using the following predicates. ... AND COL1 LIKE '%%' AND COL2 LIKE '%%' AND COL3 LIKE '%%' AND COL4 LIKE '%%' ...May be I should explain from where is coming this strange query.If you are developping some application and you Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com2

How to see the MOD_PLSQL passwords in clear text

Radoslav Rusinov - Wed, 2005-08-10 09:37
If you have some web-based PL/SQL application then you can be interested in the following information.May be many DBAs who have been involved in the database security have asked themselves: "How to be sure that my DAD files hides well the application schema passwords?"Well, Oracle doesn't have very good solution for this problem.Lets take a look at one DAD file used from an Oracle Application Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com0

Forcing Oracle to use LOGGING mode

Radoslav Rusinov - Wed, 2005-08-10 08:43
I've just read an interesting newsletter about that how we can force the database (or some tablespace) to use the LOGGING mode for all operations. For example, lets imagine that we don't want someone improperly to start some operation in NOLOGGING mode that will lead the database to impossibility of performing of full database recovery after media failure. This could be important issue if a Radoslav Rusinovhttp://www.blogger.com/profile/18163031714036680150noreply@blogger.com0

Laws of Economics

Denis Goddard - Sun, 2005-07-31 14:15
I was listening to (a podcast of) this show and it tickled some things I've been thinking about a lot lately.

First, the laws of Economics are as valid and as real any any law of physics.
I mean this quite literally. The most well-understood economic laws are
those in idealized situations: millions of people, all acting (too) perfectly reasonably.
This is no different than the fact that Newton's Laws only hold for moles of atoms, all acting like little marbles.

Another notion I've been noodling lately is that the flow of currency through the world's people is
extraordinarliy similar in concept to the assignment of resources by an operating system.
It's not the agent that controls what happens; but it does describe how it happens.
Economics is literally the Operating System for Planet Earth.

As such, it behooves one to learn a little about Economics.
So, My plugs:

There's some more of my rant at a post on the abovementioned show's forum.

OK, back to working on this ADE Enhancement :-)

Hotel California

Denis Goddard - Tue, 2005-07-26 14:08
I just gotta say, I am so happy to be living in New Hampshire!

Aside from no state income tax, and way more trees and greenspace that California had,
the Live Free or Die state is attracting nationwide attention for the "Lost Liberty Hotel".
There was a great segment on Hannity & Colmes the other day.
Check it out!

Okay, I gotta get back to programming now...

iExpenses... things I learnt this week

Jo Davis - Tue, 2005-07-26 00:34
On 11.5.10 you can...
- display any or all of the AFF segments
- elect a percentage or otherwise of expense reports to be audited for receipts by Payables staff
- credit card charges from hotels can be itemised automatically in the upload
- policies (whilst great functionality) are a bit of a pain when trying to demo
- we can finally dispute credit card transactions on credit cards instead of just on P-Cards
- the credit card audit screen is a pain - can I go back to using the payables screen please? :)

Have a great day!

The Post Acquisition World.....

Jo Davis - Wed, 2005-07-20 23:31
Read an interesting article in the Australian CIO which raises a few points on the brave new world (post PeopleSoft acquisition) of ERP. Interesting. It might just be that the next few years are the time for everyone to sit back and have a bit of a strategic think about the world of ERP and effective strategies for managing it....


Wijaya Kusumo - Wed, 2005-07-20 03:51
Google map now has a branch in the moon! Google Moon, as it called, is unfortunately lacking the powerful locality search for now. Not until July 20th, 2069..... sigh!

Should we use Transparent Data Encryption?

Wijaya Kusumo - Tue, 2005-07-19 02:08
If your data requires the highest level of privacy and security, by all means, use it. However if it falls somewhere in the mid to low range, then you may want to carefully consider your options.   Transparent Data Encryption (TDE) is a new feature of Oracle 10gR2 database that provides transparent encryption and decryption of table columns. Transparent means there is no code change required,

TLA Clarifications

Denis Goddard - Mon, 2005-07-18 09:08

It has been brought to my attention that I used (and will continue to use) the term "SCM" in my blog, and that this TLA has two meanings: Oracle Supply Chain Management, and Oracle Software Configuration Manager.
Please take note: I always mean the latter, and never the former. I'm deeply involved with Oracle's Software Configuration Management system, and have nothing at all to do with Supply Chain stuff. By the way, no, I had nothing to do with choosing this name, though I confess I think it's pretty cool to work on a product whose acronym is pronouncable as "Scum".

Another common acronym in my namespace: ADE. That stands for Advanced Development Environment. No, I didn't choose this name either. ADE is the name given to the Perl-based front-end of the SCM system. My plan is to get rid of it, by which I mean, to move all (or the vast majority of) the code from the client side into middleware and server-side logic. SCM10 will take us about 75% of the way to that goal. ADE was originally envisioned by Dr. Alan Demers as a way to minimize the impact of the fact that ClearCase (which we used at the time) kept crashing. I took Al's ball and ran with it -- ADE became the technology to migrate all of our SCM data out of ClearCase and into an Oracle database. Which brings us to...

ODE, in the context of SCM and ADE, stands for "Oracle Development Environment". I would really like to get rid of "SCM" and instead use "ODE", but for some reason or other the people who make these decisions aren't with me on that one :-)
Anyway, "ODE" has come to mean, the specific database instance that holds the SCM data for Server Technologies.

Well, There's a bit of Oracle TLA trivia for ya. If you want to hear way more about all the above at length at any time, buy me a few beers and I'll be happy to yammer at length.


Subscribe to Oracle FAQ aggregator