Skip navigation.

Feed aggregator

Did your data survive Juno? [VIDEO]

Chris Foot - Tue, 2015-02-17 08:09

Transcript

Hi, welcome to RDX! A couple of weeks ago, the Northeastern U.S. was hit by Juno, a blizzard that got us thinking about disaster recovery.

Take insanely cold weather, two feet of snow and strong winds, you’ve got yourself the makings of an outage. There’s a chance all those tree limbs hanging over power lines may initiate a DR plan. Ensuring your data center’s generators are protected from the cold is an essential part of keeping systems online.

But what if the worst occurs? This is where a database and server replication strategy comes into play. GoldenGate, a solution that supports log-based bidirectional data replication, can help you replicate applicable information and migrate it to online servers.

Thanks for watching! If you want to learn about how RDX can help you develop a replication strategy, check out our services page in the transcript!

The post Did your data survive Juno? [VIDEO] appeared first on Remote DBA Experts.

Next Windows Server edition postponed 'til 2016 [VIDEO]

Chris Foot - Fri, 2015-02-13 10:50

Transcript 

Hi, welcome to RDX! With all the talk about Windows 10, systems administrators are wondering what’s in store for the next version of Windows Server.

Apparently, interested parties will have to wait until 2016. ZDNet’s Mary Jo Foley noted Microsoft intends to further refine its flagship server operating system instead of releasing it at the same time as Windows 10.

Windows Server 2003 will cease to receive any support from Microsoft this July. As a result, it’s expected that companies will upgrade to Windows Server 2012 R2. In light of this prediction, some have speculated that a new version of Windows Server would not receive the adoption rates Microsoft would want to see.

Thanks for watching! Check in next time for more OS news.

The post Next Windows Server edition postponed 'til 2016 [VIDEO] appeared first on Remote DBA Experts.

Health care needs and database service requirements

Chris Foot - Fri, 2015-02-13 08:03

Delivering affordable, quality care to patients is an objective every health care organization in the United States would like to achieve, but doing so necessitates the appropriate backend systems. 

From a database administration service standpoint, hospitals, care clinics and other institutions require solutions with strict authentication protocols and integrated analytics functions. In addition, these databases must be accessible by those who frequently view patient information. These needs demand a lot from DBAs, but sacrificing operability isn't an option. 

Assessing the health care arena 
Bruce Johnson, a contributor to Supply Chain Digital, outlined how U.S. health care providers are managing the industry's forced evolution. The implementation of the Affordable Care Act incited a wave of supply chain redevelopment, technology consolidation and electronic health record systems integration. It's an atmosphere that has administrators and upper management wearing more hats than they can fit on their heads. 

Consider the impact of EHR solutions on health care workflow. The primary reason why their deployment is required by law is because they promise to allow professionals in the industry to share patient information more effectively. For example, if a person's primary care physician suspects that his or her patient may have a spinal problems, the PCP may refer that individual to a chiropractor. In order to provide the specialist with as much information as he or she needs, the PCP delivers the patient's EHR to the chiropractor.

What does this mean for databases? 
EHR software primarily handles structured information, containing data regarding an individual's ailments, past medications, height, weight and so forth. Therefore, it makes sense that these solutions would operate on top of databases using structured query language. 

One of the reasons why relational engines such as MySQL, SQL Server and Oracle 12c are necessary is because of the transaction protocol these solutions abide by: atomicity, consistency, isolation and durability.

According to TechTarget, what the ACID model does is ensure that data transfers or manipulations can be easily monitored and validated. The rule set also negates the prevalence of unauthorized or invalid data transportation or changes. For example, the "consistency" component of ACID returns all information to its original state in the event a transaction failure occurs. 

With this protocol in mind, health care organizations using relational databases to support their EHR systems should consult a database monitoring service. As EHR hold a wealth of sensitive information, hackers are likely to target these records whenever possible. 

The post Health care needs and database service requirements appeared first on Remote DBA Experts.

4 ways hackers can infiltrate your systems

Chris Foot - Thu, 2015-02-12 03:06

With the number of data breaches that have occurred of late, it's a wonder how hackers are managing to take advantage of what some would regard as solidly-built systems.

It's best to think of the cybercriminal underworld as an open source community. These figures help each other identify vulnerabilities in a wide variety of vendor-based systems and even construct malware in groups. This approach is causing a world of grievances for organizations, but how exactly are they managing to do it?

1. Phishing
All things considered, this particular tactic isn't equivalent to a secret agent sneaking into a highly-secured data center. Instead, phishing is more akin to the kind of duplicity employed by Jordan Belfort in "The Wolf of Wall Street." Phishing emails are incredibly well-crafted nowadays, and are true testaments to some hackers' use of human communication.

Presidio spoke with Cisco Cyber Security Business Development Manager for the Public Sector Peter Romness, who maintained that phishing is an incredibly common technique. Once a victim clicks a malicious link, he or she then opens corporate networks up to a wide variety of infiltration methods.

2. Installing backdoors
Dark Reading contributor Alon Nafta noted that more advanced breach methods involve the implementation of a back door. For instance, this can be done by stealing administrative rights to a Linux OS running on a corporate server and then using rootkits that have loadable kernel modules to adjust the code so that a backdoor exists.

There are many ways in which backdoors can be installed, but they're usually small in nature. The grander, more dangerous operations are conducted after further manipulation of a system has occurred through a backdoor.

3. Wrapping
This particular strategy is one that enhances malware evasion, and is employed post-infection. Nafta asserted that wrapping occurs when a virus attaches itself to a legitimate file. For instance, a compromised Adobe Reader upgrade could contain a malicious payload, but the latter is typically installed before the authorized file is. IceFog is one type of malware that is usually wrapped with a valid-looking CleanMyMac download, and is employed to target those using OS X.

4. Obfuscation
Another evasive function, this involves changing high level or binary code in a manner that does not impact a program's operability, but fundamentally changes its binary signature. Malware coders employ obfuscation in order to bypass antivirus detection programs and blind manual security assessments. Nafta acknowledged that using XOR encoding can help cybercriminals employ obfuscation.

The post 4 ways hackers can infiltrate your systems appeared first on Remote DBA Experts.

Will Oracle Linux experts need a rundown of Docker?

Chris Foot - Mon, 2015-02-09 01:58

Container technology solution Docker was the talk of the industry last year, as the open source project partnered with IBM, Microsoft and a list of other tech companies in order to reduce server energy usage and drastically simplify software development.

Now, Oracle is hopping on the Docker bandwagon, making its Oracle Linux distribution available in a Docker container on the Docker Hub, according to InformationWeek's Charles Babcock. The goal is to make Oracle Linux more appealing to developers looking to transport apps across different environments. 

Ready for download 
This isn't the first Linux distro to be offered through Docker Hub. Babcock noted that Canonical's Ubuntu had integrated Docker support before Oracle (although Ubuntu is an operating system designed for desktops). In addition, server-based Linux OS distros SUSE, CentOS and Red Hat Enterprise Linux are now available via Docker Hub. 

This poses an interesting question as to how Oracle Linux support groups will integrate Docker's technology into client infrastructures. Think of the impact this development will have on Web-based businesses. Data Center Knowledge noted that more than 33 percent of the globe's websites operate on servers running off of Linux. Therefore, websites running on Oracle Linux may grow leaner, enabling developers to further test the limits of how many features and back-end functions they can add to websites. 

Not the only Oracle product 
Oracle isn't necessarily late to the game as far as Docker integration is concerned. Oracle also owns open source database MySQL, which can be downloaded from Docker Hub. Oracle Senior Vice President of Linux and Virtualization Engineering Wim Coekaertz stated how MySQL's Docker compatibility will impact DBAs who use the database engine. 

"With Oracle Linux and MySQL images available on the Docker Hub Registry, users will be able to quickly create and publish custom Docker containers that layer applications on top of Oracle Linux and MySQL, which is a great time-save for both independent software vendors and IT departments," said Coekaertz, as quoted by DCK.

Coekaertz expanded on the issue, asserting that although Docker promises to simplify virtual machines, he doesn't believe the open source project will deliver "complete isolation" to those who download the Dockerized version of Oracle Linux. 

As far as MySQL is concerned, he believes a Docker-compatible MySQL engine will enhance DevOps staff by allowing engineers to share the container across different teams. This is a role that will help Oracle experts accommodate companies looking to support hybrid environments. 

The post Will Oracle Linux experts need a rundown of Docker? appeared first on Remote DBA Experts.

Is cybersecurity a low priority for local US governments?

Chris Foot - Thu, 2015-02-05 01:08

While United States federal authorities are painstakingly trying to determine how database monitoring services and network surveillance techniques can defend them against cyberattacks, it's a wonder if state and local governments are giving the issue the attention it deserves.

Local authorities hold the type of data hackers use to commit identity theft, such as drivers license numbers, Social Security information, home addresses and phone numbers. The aim isn't to unmask military or industrial secrets, but to steal constituent data.

Defenses aren't so tight
The Financial Times study noted that more than 66 percent of US government data breaches occurred at the state or local level. Shape Security Senior Threat Researcher Wade Williamson noted such entities are "enticing targets," because they generally lack the resources or talent required to reinforce security measures. In regard to this factor, many fledgling hackers may infiltrate sparsely guarded databases that receive low maintenance in order to bolster their reputations among the hacking community.

"Hackers can expose a bunch of personal information and post it out there to show 'we broke into a site,'" said Williamson, as quoted by the source. "It is going to gain them notoriety."

Who's doing the damage?
FT noted that cybercriminals stole approximately 280,000 Social Security numbers when they infiltrated Utah state government servers in 2012, so it's clear that hackers with financial goals are a part of the problem.

Yet hacktivist groups seem to target local governments the most. After the Michael Brown shooting, notorious hacktivist entity Anonymous posted a video stating that if the Ferguson Police Department or any other judicial authority harassed or harmed the protestors in Ferguson, the entity would take all government and departmental Web-based assets offline and release personal information of police officers to the public.

Whether or not Anonymous was justified in making this threat is beside the point, which is that local authorities are not exempt from experiencing database attacks.

Priorities are elsewhere
Government Technology commented on various State of the State addresses, highlighting points made by governors who want to focus on transportation development and developing stronger curriculums in science, technology, engineering and math. As far as IT is concerned, digital services were mentioned, as well as broadband expansion.

However, cybersecurity wasn't acknowledged in the article whatsoever. The primary focus is directed toward improving constituent access to the Internet. There's nothing wrong with this priority, but ignoring cybersecurity can only lead to greater system vulnerabilities.

For a look at how the federal government is responding to increasing cyberattacks, check out our post discussing President Obama's proposal of a new breach notification law.

The post Is cybersecurity a low priority for local US governments? appeared first on Remote DBA Experts.

Internet browsers at the heart of enterprise hacks, says study

Chris Foot - Tue, 2015-02-03 09:47

Which browser are your employees using? Their choices may affect how secure your digital enterprise assets are. 

Microsoft's Internet Explorer is often characterized as being the least secure among Firefox, Chrome and Safari, but is this really the case? What features are indicative of an insecure Web browser? What sort of techniques are hackers using to access databases through Internet browsers? 

The point of infiltration 
According to a study conducted by the Ponemon Institute, and sponsored by Spikes Security, insecure Web browsers caused 55 percent of malware infections over the course of 2014. Both organizations surveyed IT professionals for the report, the majority of whom maintained that their current security tools are incapable of detecting Web-borne malware. 

"The findings of this research reveal that current solutions are not stopping the growth of Web-borne malware," said Ponemon Institute Chairman and Founder Dr. Larry Ponemon, as quoted by Dark Reading. "Almost all IT practitioners in our study agree that their existing security tools are not capable of completely detecting Web-borne malware, and the insecure Web browser is a primary attack vendor. 

The Ponemon Institute and Spikes Security also made the following discoveries: 

  • 69 percent of survey participants maintained that browser-borne malware is more prevalent than it was a year ago. 
  • Nearly half of organizations reported that Web-based malware bypassed their layered firewall defense systems.
  • 38 percent of respondents maintained sandboxing and content analysis engines still allowed Web-borne malware to infect corporate machines. 

Which is the biggest target? 
Dark Reading acknowledged that the number of flaws discovered in Chrome, Firefox, Internet Explorer, Opera and Safari decreased 19 percent in 2014. Google attributed this success to its bug bounty program. Last year, the tech giant paid $1.5 million to researchers who found more than 500 bugs in its Web browser. 

However, Firefox was the most exploited Browser at Pwn2Own 2014, a hacking challenge hosted by Hewlett-Packard, according to eWEEK. The open source Web browser possessed four zero-day flaws, all of which were taken advantage of. Since the March 2014 event, Firefox has patched these vulnerabilities. 

Yet it's important to determine which browsers are the most popular among professionals and consumers alike, as this will dictate hackers' priorities. It makes more sense for a cybercriminal to target a heavily-used browser than it is for him or her to attack one that is sparingly used. W3schools.com regarded Chrome as the most frequently used solution, so it's likely that hackers are focusing their efforts on this particular browser. 

The post Internet browsers at the heart of enterprise hacks, says study appeared first on Remote DBA Experts.

Last year's big four cybersecurity vulnerabilities [VIDEO]

Chris Foot - Mon, 2015-02-02 09:04

Transcript 

Hi, welcome to RDX! 2014 was a rough year in regard to cybersecurity. Between April and November of last year, four critical vulnerabilities were unraveled. Here’s a recap.

The Heartbleed bug is a flaw in the Open SSL cryptographic software library that allows people to steal data protected by the SSL/TLS encryption method.

Shellshock is a collection of security bugs used in the Unix Bash shell, which could potentially allow a hacker to issue unsanctioned commands through a Linux distribution.

Winshock enables those exploiting the flaw to possibly issue denial-of-service attacks and enter unauthenticated remote code executions.

Lastly, Kerberos Checksum could allow Active Directory to regard incorrect passwords as legitimate, exposing corporate networks.

As the former three vulnerabilities are applicable to both Windows and Linux server operating systems, consulting with personnel capable of assessing and patching these bugs is critical.

Thanks for watching! Visit us next time for news regarding operating system vulnerabilities.

The post Last year's big four cybersecurity vulnerabilities [VIDEO] appeared first on Remote DBA Experts.

What's new in PostgreSQL 9.4?

Chris Foot - Fri, 2015-01-30 15:02

Hi, welcome to RDX! The PostgreSQL Global Development Group recently unveiled PostgreSQL 9.4. The open source community maintains this iteration reinforces the group’s three core values: flexibility, scalability and performance.

In previous versions, JSON only allowed data to be stored in plain text format. In contrast, JSONB could only be entered in binary. Now, PostgreSQL 9.4 can use either relational or non-relational data stores simultaneously.

PostgreSQL’s Generalized Inverted Indexes are also three times faster. Speaking of speed, 9.4 comes with expedited parallel writing to the engine’s transaction log. In addition, users can rapidly reload the database cache on restart by using the pg_prewarm command.

Another notable feature is 9.4’s support for Linux Huge Pages for servers with large memory. This capability reduces overhead, and can be implemented by setting huge_pages to “on.”

Thanks for watching! Visit us next time for more PostgreSQL news!

The post What's new in PostgreSQL 9.4? appeared first on Remote DBA Experts.

2 Cybersecurity considerations Obama made in his address [VIDEO]

Chris Foot - Thu, 2015-01-29 15:42

Hi, welcome to RDX! If you didn’t catch President Obama’s State of the Union address, cybersecurity was a serious topic of discussion. To improve the United States’ ability to combat cybercriminals, Obama made two recommendations.

First, Obama maintained hackers should be charged with penalties associated with the Racketeer Influenced and Corrupt Organizations Act, or RICO, according to Dark Reading. This measure would make it easier for prosecutors and investigators to gather evidence on suspects and identify whether a larger conspiracy is at play.

In addition, Obama also advocated for the expansion of the Computer Fraud and Abuse Act. Specifically, the president wants the law to apply to people who access machines for unauthorized reasons.

If you have any questions as to how these proposed mandates would apply to your business, contact a team of security experts to give you a breakdown. Thanks for watching!

The post 2 Cybersecurity considerations Obama made in his address [VIDEO] appeared first on Remote DBA Experts.

Is purchasing security technology enough? [VIDEO]

Chris Foot - Thu, 2015-01-29 15:40

Transcript

Hi, welcome to RDX! In the wake of recent data breaches, it’s likely that you’ve considered purchasing a list of cybersecurity assets. But shouldn’t a portion of your budget be used to acquire services?

While malware detection programs and network protection devices are components of a larger data security strategy, if in-house staff can’t dedicate the time needed to fully utilize these technologies, vulnerabilities will continue to exist.

A survey of small, midsize and large enterprises conducted by Osterman Research discovered that 30 percent of all new security investments were either underutilized or neglected entirely.

Before purchasing new technology to defend your critical systems, it’s best to consult a team of experts that can inform you of which assets will add value to your arsenal.

Thanks for watching! Be sure to check in next time for more security tips!

The post Is purchasing security technology enough? [VIDEO] appeared first on Remote DBA Experts.

Is Linux haunted by ghosts?

Chris Foot - Thu, 2015-01-29 01:06

While malicious spirits aren't invading the house of Linus Torvald, there is a serious vulnerability in Linux that enables attackers to execute malicious code on servers running the OS.

The flaw known as "GHOST" by some researchers resides in the GNU C Library, according to Ars Technica. Specifically, machines that are used to deliver email, host websites and conduct a variety of Web-based tasks are at risk. Those using Linux to run Web application servers should consider contacting their Linux consultants to resolve the issue, if such partnerships have been established.

What the flaw actually is
Ars Technica noted GHOST is a buffer overflow bug that resides in the glibc function __nss_hostname_digits_dots(). A cybercriminal could employ the gethostbyname() and gethostbyname2() commands and implement arbitrary code through the permissions assigned to a user running a Web application. The source noted that cybersecurity company Qualys tested GHOST, stating its specialists were able to bypass exploit protections on both 32-bit and 64-bit machines.

The thing that's so scary about this particular bug is that glibc is the most popular code library that Linux uses, consisting of basic functions written in C and C++ to conduct common actions. In addition, GHOST also affects Linux distributions and applications written in Python, Ruby and a wide variety of other languages.

Which releases were impacted?
Exim is one particular app that is likely flawed as a result of GHOST, as well as MySQL servers, Secure Shell machines, form submission tools and other kinds of mail servers, as noted by Ars Technica. ZDNet contributor Steven Vaughan-Nichols acknowledged that Debian &, RHEL 5, 6 and 7, CentOS 6 and 7 and Ubuntu 12.04 are a few Linux operating systems that are likely to experience attacks as a result of the GHOST vulnerability. However, he did note that Ubuntu 12.04 is expected to receive a patch for the bug.

"Given the sheer number of systems based on glibc, we believe this is a high severity vulnerability and should be addressed immediately. The best course of action to mitigate the risk is to apply a patch from your Linux vendor," said Qualys CTO Wolfgang Kandek, as quoted by Vaughan-Nichols.

Once a patch is made to your Linux OS, Vaughan-Nichols advises Linux users to reboot their systems, on account of the fact that multiple core processes are initiated by the gethostbyname() command. For companies that require guidance through this process, contacting their Linux vendors is a necessity.

The post Is Linux haunted by ghosts? appeared first on Remote DBA Experts.

Innovating with Middleware Platform

Anshu Sharma - Wed, 2015-01-28 13:01

I was recently discussing with a partner executive on how Oracle can help the ISV innovate. Decided to pen my thoughts here too -

1) WebLogic Innovation - WebLogic is our market leading App Server. The area which I would like to highlight is Exalogic. Seeing more and more cases where Telco, Financial Services, Govt solution providers are seeing business benefits of running their business critical application on Exalogic. With the upcoming launch of Exalogic Cloud Software 12c and already available X5-2 hardware, WebLogic performance on Exalogic will continue to get better. But more importantly partners would be able to get a simplified experience, similar to Oracle Public Cloud, on Exalogic as explained in this blog post.

2) Middleware Platform for Industry solutions - Oracle SOA Suite solves core integration challenges for Healthcare entities, Retailers/Manufacturers, Airlines etc. Oracle BPM allows you to design complex processes for Financial Services, Telcos, Public Sector etc. Oracle Event Processing allows you to analyze and act on data from a variety of devices (IoT) in Fast Data Solutions being deployed in Telcos (Mobile Data offloading, QoS Management), Transportation (Vehicle Monitoring), Retail (Real Time Coupons), Utilities (Smart Grids) etc. Partners providing process management and integration solutions for vertical industries can roll out innovations while keeping the lights running by deploying on Oracle Middleware Platform (SOA, BPM, OEP, WLS, Exalogic, Enterprise Manager).

3) Mobile Platform - Adoption of mobility in enterprises offers tremendous opportunities to ISVs. We asked one partner, RapidValue, to share their experience. In this writeup, RapidValue explains how they were able to use power of Oracle Mobile Platform to quickly bring to market a suite of Mobile Applications for Field Service, HRMS, Approvals, Order Management, Inventory Management, and Expense Management.

4) Public Cloud – In recent years the world of application development has adopted new methodologies, like Agile, that improve the quality and speed in which applications are delivered. Tools such as automatic build utilities combined with continuous integration platforms simplify the adoption of these new methodologies. These tools are available in Oracle Developer Cloud Service for every licensee of Java Cloud Service. 

How invested are millennials in cybersecurity?

Chris Foot - Wed, 2015-01-28 00:30

As 2014 is increasingly becoming known as "the year of the breach" among some, security analysts are looking toward the future.

Specifically, these professionals are wondering whether millennials will exercise cybersecurity best practices or disregard them as basic accommodations. In addition, some fear that this generation isn't interested in making careers as data protection specialists.

A case of misplaced values?
Millennials aren't ignorant of the prevalence of database security monitoring and other IT asset defense services – they essentially grew up with the Internet at their disposal. They're aware of the security breaches that occurred at Target and other major corporations, but Dark Reading's Chris Rouland maintained millennial concern for cybersecurity pales in comparison to the way they value organic food, for instance.

Rouland asserted that millennials essentially regard security breaches as a part of daily life. After famed mobile app Snapchat was infiltrated, divulging user photos and personal information, the app's usage rose in the aftermath of the ordeal.

Services can only go so far
Essentially, the millennial culture expects these incidents to occur. Furthermore, it appears they have completely sacrificed any sense of privacy. The problem for enterprises is wondering whether this attitude will permeate into operations. Rouland referenced a survey of millennials conducted by TrackIT, which found that millennials "aren't concerned about corporate security when they use personal apps instead of corporate-approved apps."

An organization could have the best team of network and database analysts on the planet at its disposal, but if its employees are disregarding rudimentary security protocols, it makes the jobs of cybersecurity professionals that much more difficult. The idea that "there's always going to be a breach" could be eliminated if greater value for corporate security was prevalent.

Little interest in a career path?
If millennials' general attitude toward cybersecurity persists, it would be easy to assume they wouldn't pursue the topic as a career. However, maybe organizations and professionals are missing the mark: What if the issue lies not in a generation's lack of care, but ignorance?

A survey conducted by Raytheon discovered that approximately one-quarter of millennials want a job in cybersecurity. However, awareness of technology wasn't ubiquitous among participants. The largest number of respondents asserted they wanted careers as app designers and developers while others strove to become computer software engineers.

So why is cybersecurity getting the short end of the stick? Two-thirds of millennials reported they either "don't know" or "aren't sure" about what being a cybersecurity professional entails. In this regard, education seems to be the best course of action.

The post How invested are millennials in cybersecurity? appeared first on Remote DBA Experts.

SQL Server gains several notable features

Chris Foot - Tue, 2015-01-27 01:01

Cloud migration tools, hybrid cloud compatibility features and analytics capabilities are just a few of the accommodations database administrators are favoring nowadays. Throughout 2014, Microsoft made a number of revisions to its signature database engine SQL Server, which is a solution of choice among many DBA experts. 

Azure synchronization 
Microsoft Azure, which encompasses Microsoft's varying cloud services, is witnessing slow but persistent adoption rates among enterprises. For professionals using on-premise SQL Server deployments interested in either migrating these implementations to Azure or developing a hybrid cloud environment, Azure Active Directory Sync Services (ADD Sync) is expected to make these endeavors all the more simple. 

Compatible with both Azure Active Directory and Office 365, the tool replaces DirSync and eliminates the need for a Forefront Identity Management program, according to WindowsITPro. The source acknowledged ADD Sync offers the following enhancements:

  • DBAs can now synchronize multi-forest AD ecosystems without requiring access to functions within Forefront Identity Manager 2010 R2. 
  • ADD Sync sets advanced mapping, provisioning and filtering rules for objects and attributes.
  • The solution offers configuration options that allow Exchange organizations to connect to one ADD tenant. 

Satisfying DB2 migration needs 
Transitioning information from IBM's DB2 database engine to SQL Server is a decision some DBAs choose to make based on a number of reasons. InfoQ noted SQL Server Migration Assistant's sixth iteration was unrolled in 2014, and promises to automatically conduct migration assessment analyses, schemas and SQL statement conversions, making migration more manageable for DBAs. 

Best of all, because DB2 offers functions that SQL Server does not, SSMA for DB2 v6.0 establishes DB2-esque features in SQL Server to help easy workflow adaptation for DBAs. However, what these specific tools and applications are has not been publicly disclosed. 

Integrated analytics 
While Power BI offers a list of data analytics tools via Excel and Office 365, one of the program's components is a natural language query engine that enables users with little to no technical now-how to enter questions regarding aggregated information. 

To further synchronize back-end database information in SQL Server with this simple query function, SQL Server now comes with a Power BI Analysis Services Connector that enables users to establish a relationship between Power BI and an on-site occurrence of SQL Server Analysis Services. However, before a connection can be set, DBAs must install Active Directory Sync between Azure and their employers' on-site Active Directories. 

Microsoft's development leaders are obviously interested in enhancing SQL Server to accommodate more than just DBAs, and are trying assiduously to boost the solution's simplicity and capabilities. 

The post SQL Server gains several notable features appeared first on Remote DBA Experts.

Backdoor vulnerability puts Oracle database users at risk

Chris Foot - Thu, 2015-01-22 00:37

Companies using Oracle's database engine to support their enterprise application and information storage needs should consider consulting Oracle experts to help them patch a bug that could allow infiltrators to completely take over their systems. 

Researcher identifies misconfiguration
Forbes contributor Thomas Fox-Brewster noted that Australian security researcher and hacker David Litchfield discovered a vulnerability that would allow any user to receive privileges that are only reserved for system administrators. This means a hacker could change user passwords, transfer financial information across the Web and perform a number of other actions.

"They have no record of the change, no documentation as to why one of their devs did it," said Litchfield in an email to Forbes.

It is likely Oracle is conducting an investigation as to how this flaw managed to fall through the cracks. Apparently, this bug and 10 others were fixed on Jan. 21, 2015. For enterprises using Oracle's e-Business suite, having an outside party conduct a thorough assessment of all user activity is a safe step to take. Any hints of malicious activity that may have been sanctioned by an index created in the DUAL table could indicate an instance in which a public user managed to manipulate the engine. 

What defines a "backdoor" vulnerability? 
The flaw discovered by Litchfield is classified as a "backdoor" flaw. This particular kind of bug allows a malicious actor to ignore normal authentication protocols and obtain remote access to a machine or application while remaining unprotected. Some of these backdoor vulnerabilities are relatively easy to exploit, which exacerbates the severity of these flaws. 

Software receives the brunt of attention from organizations in regard to backdoor flaws, but hardware isn't exempt either. The Next Web contributor Josh Ong noted that espionage agencies in the United Kingdom, Australia and the United States apparently banned the use of Lenovo PCs due to remote access bugs. However, this conclusion has been regarded as unsubstantiated.

Yet Ong cited a paper released by the Australian Financial Review that said intelligence entities banned the machines in the mid-2000s "after intensive laboratory testing of its equipment allegedly documented 'back-door' hardware and 'firmware' vulnerabilities in Lenovo chips." Specifics regarding these flaws or the alleged bans have not been disclosed to the public. 

Either real or perceived, it's important to have a team of analysts specializing in databases, operating systems and business applications sweep these assets for backdoor flaws. 

The post Backdoor vulnerability puts Oracle database users at risk appeared first on Remote DBA Experts.

OBAT BIUS DAN PERANGSANG WANITA

Kristian Jones - Wed, 2015-01-21 19:28
Obat bius lokal/anestesi lokal atau yang sering disebut pemati rasa adalah obat yang menghambat hantaran saraf bila digunakan secara lokal pada jaringan saraf dengan kadar yang cukup. Obat bius lokal bekerja pada tiap bagian susunan saraf.
Obat bius lokal bekerja merintangi secara bolak-balik penerusan impuls-impuls saraf ke Susunan Saraf Pusat (SSP) dan dengan demikian menghilangkan atau mengurangi rasa nyeri, gatal-gatal, rasa panas atau rasa dingin.
Obat bius lokal mencegah pembentukan dan konduksi impuls saraf. Tempat kerjanya terutama di selaput lendir. Disamping itu, anestesia lokal mengganggu fungsi semua organ dimana terjadi konduksi/transmisi dari beberapa impuls. Artinya, anestesi lokal mempunyai efek yang penting terhadap SSP, ganglia otonom, cabang-cabang neuromuskular dan semua jaringan otot
Persyaratan obat yang boleh digunakan sebagai anestesi lokal:
Tidak mengiritasi dan tidak merusak jaringan saraf secara permanen
Batas keamanan harus lebar
Efektif dengan pemberian secara injeksi atau penggunaan setempat pada membran mukosa
Mulai kerjanya harus sesingkat mungkin dan bertahan untuk jangka waktu yang yang cukup lama
Dapat larut air dan menghasilkan larutan yang stabil, juga stabil terhadap pemanasan.
Secara kimia, anestesi lokal digolongkan sebagai berikut :
Senyawa ester
Adanya ikatan ester sangat menentukan sifat anestesi lokal sebab pada degradasi dan inaktivasi di dalam tubuh, gugus tersebut akan dihidrolisis. Karena itu golongan ester umumnya kurang stabil dan mudah mengalami metabolisme dibandingkan golongan amida. Contohnya: tetrakain, benzokain, kokain, prokain dengan prokain sebagai prototip.
Senyawa amida
Contohnya senyawa amida adalah dibukain, lidokain, mepivakain dan prilokain.
Lainnya
Contohnya fenol, benzilalkohol, etilklorida, cryofluoran.
Anestesi lokal sering kali digunakan secara parenteral (injeksi) pada pembedahan kecil dimana anestesi umum tidak perlu atau tidak diinginkan.
Jenis anestesi lokal dalam bentuk parenteral yang paling banyak digunakan adalah:
Anestesi permukaan.
Sebagai suntikan banyak digunakan sebagai penghilang rasa oleh dokter gigi untuk mencabut geraham atau oleh dokter keluarga untuk pembedahan kecil seperti menjahit luka di kulit. Sediaan ini aman dan pada kadar yang tepat tidak akan mengganggu proses penyembuhan luka.
Anestesi Infiltrasi.
Tujuannya untuk menimbulkan anestesi ujung saraf melalui injeksi pada atau sekitar jaringan yang akan dianestesi sehingga mengakibatkan hilangnya rasa di kulit dan jaringan yang terletak lebih dalam, misalnya daerah kecil di kulit atau gusi (pada pencabutan gigi).
Anestesi Blok
Cara ini dapat digunakan pada tindakan pembedahan maupun untuk tujuan diagnostik dan terapi.
Anestesi Spinal
Obat disuntikkan di tulang punggung dan diperoleh pembiusan dari kaki sampai tulang dada hanya dalam beberapa menit. Anestesi spinal ini bermanfaat untuk operasi perut bagian bawah, perineum atau tungkai bawah.
Anestesi Epidural
Anestesi epidural (blokade subarakhnoid atau intratekal) disuntikkan di ruang epidural yakni ruang antara kedua selaput keras dari sumsum belakang.
Anestesi Kaudal
Anestesi kaudal adalah bentuk anestesi epidural yang disuntikkan melalui tempat yang berbeda yaitu ke dalam kanalis sakralis melaluihiatus skralis.
Efek sampingnya adalah akibat dari efek depresi terhadap SSP dan efek kardiodepresifnya (menekan fungsi jantung) dengan gejala penghambatan penapasan dan sirkulasi darah. Anestesi lokal dapat pula mengakibatkan reaksi hipersensitasi.
Ada anggapan bahwa obat bius lokal dianalogikan dengan obat "doping" sehingga dilarang seperti kokain yang merupakan obat doping yang merangsang. Kokain adalah anestetik lokal yang pertama kali ditemukan. Saat ini, penggunaan kokain sangat dibatasi utuk pemakaian topikal khususnya untuk anestesi saluran napas atas.
ANESTESI SPINAL
Anestesi spinal (subaraknoid) adalah anestesi regional dengan tindakan penyuntikan obat anestetik lokal ke dalam ruang subaraknoid. Anestesi spinal/ subaraknoid juga disebut sebagai analgesi/blok spinal intradural atau blok intratekal.
Hal –hal yang mempengaruhi anestesi spinal ialah jenis obat, dosis obat yang digunakan, efek vasokonstriksi, berat jenis obat, posisi tubuh, tekanan intraabdomen, lengkung tulang belakang, operasi tulang belakang, usia pasien, obesitas, kehamilan, dan penyebaran obat.
Pada penyuntikan intratekal, yang dipengaruhi dahulu ialah saraf simpatis dan parasimpatis, diikuti dengan saraf untuk rasa dingin, panas, raba, dan tekan dalam. Yang mengalami blokade terakhir yaitu serabut motoris, rasa getar (vibratory sense) dan proprioseptif. Blokade simpatis ditandai dengan adanya kenaikan suhu kulit tungkai bawah. Setelah anestesi selesai, pemulihan terjadi dengan urutan sebaliknya, yaitu fungsi motoris yang pertama kali akan pulih.
Di dalam cairan serebrospinal, hidrolisis anestetik lokal berlangsung lambat. Sebagian besar anestetik lokal meninggalkan ruang subaraknoid melalui aliran darah vena sedangkan sebagian kecil melalui aliran getah bening. Lamanya anestesi tergantung dari kecepatan obat meninggalkan cairan serebrospinal.
Indikasi
Anestesi spinal dapat diberikan pada tindakan yang melibatkan tungkai bawah, panggul, dan perineum. Anestesi ini juga digunakan pada keadaan khusus seperti bedah endoskopi, urologi, bedah rectum, perbaikan fraktur tulang panggul, bedah obstetric, dan bedah anak. Anestesi spinal pada bayi dan anak kecil dilakukan setelah bayi ditidurkan dengan anestesi umum.
Kontraindikasi
Kontraindikasi mutlak meliputi infeksi kulit pada tempat dilakukan pungsi lumbal, bakteremia, hipovolemia berat (syok), koagulopati, dan peningkatan tekanan intracranial. Kontraindikasi relatf meliputi neuropati, prior spine surgery, nyeri punggung, penggunaan obat-obatan preoperasi golongan AINS, heparin subkutan dosis rendah, dan pasien yang tidak stabil, serta a resistant surgeon.
Persiapan Pasien
Pasien sebelumnya diberi informasi tentang tindakan ini (informed concernt) meliputi pentingnya tindakan ini dan komplikasi yang mungkin terjadi.
Pemeriksaan fisik dilakukan meliputi daerah kulit tempat penyuntikan untuk menyingkirkan adanya kontraindikasi seperti infeksi. Perhatikan juga adanya scoliosis atau kifosis. Pemeriksaan laboratorium yang perlu dilakukan adalah penilaian hematokrit. Masa protrombin (PT) dan masa tromboplastin parsial (PTT) dilakukan bila diduga terdapat gangguan pembekuan darah.
Perlengkapan
Tindakan anestesi spinal harus diberikan dengan persiapan perlengkapan operasi yang lengkap untuk monitor pasien, pemberian anestesi umum, dan tindakan resusitasi.
Jarum spinal dan obat anestetik spinal disiapkan. Jarum spinal memiliki permukaan yang rata dengan stilet di dalam lumennya dan ukuran 16G sampai dengan 30G. obat anestetik lokal yang digunakan adalah prokain, tetrakain, lidokain, atau bupivakain. Berat jenis obat anestetik lokal mempengaruhi aliran obat dan perluasan daerah teranestesi. Pada anestesi spinal jika berat jenis obat lebih besar dari berat jenis CSS (hiperbarik), maka akan terjadi perpindahan obat ke dasar akibat gravitasi. Jika lebih kecil (hipobarik), obat akan berpindah dari area penyuntikan ke atas. Bila sama (isobarik), obat akan berada di tingkat yang sama di tempat penyuntikan. Pada suhu 37oC cairan serebrospinal memiliki berat jenis 1,003-1,008.
Perlengkapan lain berupa kain kasa steril, povidon iodine, alcohol, dan duk steril juga harus disiapkan.
Jarum spinal. Dikenal 2 macam jarum spinal, yaitu jenis yang ujungnya runcing seperti ujung bamboo runcing (Quincke-Babcock atau Greene) dan jenis yang ujungnya seperti ujung pensil (whitacre). Ujung pensil banyak digunakan karena jarang menyebabkan nyeri kepala pasca penyuntikan spinal.
Teknik Anestesi Spinal
Berikut langkah-langkah dalam melakukan anestesi spinal, antara lain:
Posisi pasien duduk atau dekubitus lateral. Posisi duduk merupakan posisi termudah untuk tindakan punksi lumbal. Pasien duduk di tepi meja operasi dengan kaki pada kursi, bersandar ke depan dengan tangan menyilang di depan. Pada posisi dekubitus lateral pasien tidur berbaring dengan salah satu sisi tubuh berada di meja operasi.
Posisi permukaan jarum spinal ditentukan kembali, yaitu di daerah antara vertebrata lumbalis (interlumbal).
Lakukan tindakan asepsis dan antisepsis kulit daerah punggung pasien.
Lakukan penyuntikan jarum spinal di tempat penusukan pada bidang medial dengan sudut 10o-30o terhadap bidang horizontal ke arah cranial. Jarum lumbal akan menembus ligamentum supraspinosum, ligamentum interspinosum, ligamentum flavum, lapisan duramater, dan lapisan subaraknoid.
Cabut stilet lalu cairan serebrospinal akan menetes keluar.
Suntikkan obat anestetik local yang telah disiapkan ke dalam ruang subaraknoid. Kadang-kadang untuk memperlama kerja obat ditambahkan vasokonstriktor seperti adrenalin.
Komplikasi
Komplikasi yang mungkin terjadi adalah hipotensi, nyeri saat penyuntikan, nyeri punggung, sakit kepala, retensio urine, meningitis, cedera pembuluh darah dan saraf, serta anestesi spinal total.

Oracle Node.js Database Driver

John Scott - Tue, 2015-01-20 18:43

I’ve been eagerly awaiting the first release of the Official Oracle Node.js Driver and Christopher Jones (@ghrd) just tweeted this –

 

So I hopped over to the Github repository to take a look and try it out…

…I’m very impressed so far…

Back in 2014, I presented at KScope on “Oracle APEX + Node.JS – A Primer” where I showed many demos on just how you can integrate Node.JS into your APEX applications. For example I showed –

  • Office Integration – produce Word, Excel, Powerpoint documents
  • Consume and Publish REST Webservices from the database
  • Using Node to automatically export your APEX application and supporting objects
  • Integrating GRUNT into your APEX workflow
  • TextToSpeech from an APEX application (so you could have your APEX application talk to you!). This one was a fun one to do, even though it might not have many practical applications it’s kind of cool to do something that hasn’t really been done before.

Many more…

I first came across Node.JS a few years ago and became interested in ways to use it to extend APEX applications, I encourage you to take a look at it.

p.s. I’ve been asked by a lot of people to share the demos I presented and I’ll be doing exactly that in a series of upcoming blog posts. Except this time I’ll use the Oracle Node Database driver!

Database popularity: Is Oracle still on top? [VIDEO]

Chris Foot - Tue, 2015-01-20 14:14

Transcript 

Hi, welcome to RDX! While Oracle has often been regarded as the undisputed leader of database technology, other engines are growing more popular among database administrators.

DB-Engines, which ranks a solution’s popularity based on how many times a database is mentioned and searched for on the Web, found that Oracle’s database engine is still top of the line. In general, relational databases remained at the top of the list, with MySQL, Microsoft’s SQL Server and PostgreSQL bringing up the rear.

Although Oracle’s proprietary offering is at the top of the list, open source engines are receiving more recognition among enterprises, particularly MySQL and PostgreSQL. For business interested in deriving full value from these systems, partnering with a DBA expert with the know-how needed to do so is a guaranteed win.

Thanks for watching! For more database news, be sure to check in next time!

The post Database popularity: Is Oracle still on top? [VIDEO] appeared first on Remote DBA Experts.

IS flexes its hacking skills

Chris Foot - Tue, 2015-01-20 01:00

The Islamic State in Iraq and the Levant has received much attention as of late, and not for nothing.

As the organization took a long time to prepare for its assault on Iraq, Syria, Israel, Lebanon and other states within the region that is considered the Levant, it's no surprise that the Islamic State group spent resources developing assets to be used in cyberwarfare.

US government caught off guard 
The United States military has not been exempt from the Islamic State group's cyberattacks. According to TechCrunch, Cyber Caliphate, a hacker organization that has associated itself with the Islamic State group, obtained control over United States Central Command's (CENTCOM) Twitter and YouTube accounts. The entity then tweeted a message titled "Pentagon networks hacked. AMERICAN SOLDIERS WE ARE COMING, WATCH YOUR BACK. ISI. #CyberCaliphate."

The aforementioned message also had links that supposedly led to confidential U.S. Army documents, although some have speculated that those files were either previously disclosed or are not highly confidential. Once the Twitter account was hacked, Cyber Caliphate members posted the following information:

  • Scenarios displaying how the U.S. would combat North Korea in the event the latter nation invaded South Korea
  • Three separate Army commands and 10 distinct Army service component commands 
  • A picture showing the interior of a U.S. military base taken through a PC camera
  • A message stating the group's intent to break into networks and the personal devices of soldiers

This particular instance is a sign that U.S. military databases are no doubt being targeted by the Islamic State group. Although the hack of CENTCOM's Twitter account was a demonstration of the organization's proficiency in cyberwarfare, more serious undertakings could lead to the disclosure of highly classified information. 

Duplicity, social media as assets
The Islamic State group also found a unique way to hack into smartphones by making an app titled "The Dawn of Glad Tidings" available for download via the Google Play store. IDG Connect reported that between 5,000 and 10,000 people have downloaded the app, aggregating 4.9 stars out of 600 reviews. The app allows users to receive updates from the Islamic State group, but the organization took over their phones as a result. 

Although Google Play has since removed "The Dawn of Glad Tidings" from its selection of apps, the program's moderate success demonstrates the technical prowess of its developers. 

In general, the Islamic State group's ability to use social media as a tool through which to attract new recruits should not be underestimated. Its use of social media could be argued as one of its most vital assets. 

The post IS flexes its hacking skills appeared first on Remote DBA Experts.