Feed aggregator

G+ Public Hangout Fail

Catherine Devlin - Tue, 2014-05-06 22:09
tl;dr:Do not use public Google+ Hangouts under any circumstances, because people suck.

Before the PyCon 2014 CFP came due, PyLadies hosted several G+ hangouts for talk proposal brainstorming. Potential speakers could talk over and flesh out their ideas with each other, producing better talk proposals. More importantly, it was a nice psychological stepping stone on the way to filling out that big, scary CFP form all alone. I thought they went great.

I wanted to emulate them for Postgres Open and PyOhio, which both have CFPs open now. The PyLadies hangouts had used EventBrite to preregister attendees, and I unfortunately did not consider this and the reasons why. Instead, I just scheduled hangouts, made them public, and sent out invitations with the hangout URLs, encouraging people to forward the invites onward. Why make participating any harder than it has to be?

The more worldly of you are already shaking your heads at my naiveté. It turns out that the world's exhibitionists have figured out how to automatically detect and join public hangouts. For several seconds I tried kicking out and banning them as they joined, but new ones kept arriving, faster than one per second. Then I hung up - which unfortunately did not terminate the hangout. It took me frantic minutes to find how to delete a hangout in progress. I dearly hope that no actual tech community members made it to the hangout during that time.

I had intended to create a place where new speakers, and women especially, would feel safe increasing their community participation. The absoluteness of my failure infuriates me.

Hey, Google: public G+ hangouts have been completely broken, not by technical failure, but by the degraded human condition. You need to remove them immediately. The option can only cause harm, as people accidentally expose themselves and others to sexual harrassment.

In the future, a "public" hangout URL should actually take you to a page where you request entrance from the organizer by text message (which should get the same spam filtration that an email would). But fix that later. Take the public hangouts away now.

Everybody else, if you had heard about the hangouts and were planning to participate, THANK YOU - but I've cancelled the rest of them. You should present anyway, though! I'd love to be contacted directly to talk over your ideas for proposals.

My MySQL database impressions

Kubilay Çilkara - Mon, 2014-05-05 07:30
I have been in the data and database world for over a decade now, working with mainly Oracle and data integration projects with Salesforce.

I have also spent time working with MySQL a relational database with open source roots, now part of Oracle. In this post I want to talk about my impressions of MySQL and some tips and tricks I learned working with it.

First and for all, you will have to be ready to get your hands dirty. I couldn't find a package structure for database administration in MySQL - like DBMS libraries of packages and procedures in Oracle. That means you will have to do most of the things on your own. Nevertheless good news is he database starts showing an Oracle banner when you login from version 5.0 onwards and some features like on-line Schema changes, more cost based optimisation and partitioning are added in versions 5.6 - a sign of good things to come.

Some key points

  • Data Import/Export - You can use the native mysqldump utility to dump data with parameters, but it is slow. You can dump schemas and data. I couldn't get it to dump data fast (in parallel) though that is why I strongly recommend mydumper an open source utility written by guys in Oracle and MySQL to dump data using parallel threads and is very fast. Import can be done in parallel as well and it can give you that boost provided your hardware permits it. Don't try to disable constraints, drop indexes before imports as you will read in posts and suggestions on the net, mysqldump already does that for you.
  • Hot Backup - mylvmbackup seems like the de-facto script to take hot backups when the database in online. There are tools like XtraBackup from Percona too. It takes a snapshot of the disk where your datafiles and logfiles are. At restore it does a crash recovery using the logs and brings the database transactions forwards to the point of crash. Then if you have the logs after that, you can play them forwards and bring the database to a point in time after the backup. 
  • Parallel processing - Nada, there is none! I couldn't get it do anything in parallel. The only thing I managed to do in parallel was to export and import data with mydumper, that works! So if you have many CPUs you will be watching them being idle most of the time as one thread only will be chugging away. Unless you use mydumper for your import/export operations where you can make those CPUs sweat. 
  • DBMS packages - You fancy automating, do you need scripts to do repetitive tasks? Well there is no DBMS package library to help you administer the database in MySQL. Instead, you can use Percona Toolkit scripts, a consultancy specialising in helping MySQL DBAs to do great work with MySQL databases. They have a variety of scripts from comparing (diff), syncing databases, tables to extracting metadata and GRANTS structures.  
  • Hints, Explain Plan, Performance Tuning. I couldn't see much of Cost Based Optimisation in MySQL, the data dictionary (INFORMATION_SCHEMA) has metadata names but doesn't hold any dynamic statistics about objects, estimates of counts of rows in tables and indexes it holds can be up 50% wrong. The whole thing is based on heuristics, I suppose. The EXPLAIN PLAN is just a row where it says what the optimiser will do, there is no cost analysis or logical tree structure of execution plans yet.  I couldn't see much on Join orders either, no Nested Loops, HASH or MERGE joins yet. 

MySQL is a popular, relational database. The free version of this database is probably what a small website and a start-up needs. But having said that, many sites outgrow MySQL and still stay with it.

Oracle will probably turn it to a serious database too. Adding partitioning, multi threading to it in the recent releases, is a step forwards in becoming an Enterprise size and scale database.  I don't know much about the MySQL Cluster Version and MySQL Replication I know takes a load off from the reads. I want to see it doing more Performance Tuning science.

Top tools with MySQL that I used

MySQL Workbench - SQL IDE.
Mydumper - Fast logical backup and restore.
Mylvmbackup - Hot backup script
Pentaho Kettle - PDI is an all round data integration and middle-ware tool

Categories: DBA Blogs

start python learning with "Introduction to Python"

Surachart Opun - Sun, 2014-05-04 00:53
Python is programming language, that supports object-oriented, imperative and functional programming. The key is its simplicity, easy language to learn and easy moving code from development to production more quickly. It's power tool to use with Big Data. So, I believe it's a good time to learn about Python programming language.
You can find many resources about it on the Internet. I started to learn about Python by watching "Introduction to Python" By Jessica McKellar. It's good  learning video help to start with Python.
It gives a lot of examples for Python and easy to learn. If you would like to start Python programming by your owner, starting with this and learn:
- Set up a development environment with Python and a text editor
- Explore basic data types such as integers, strings, lists, and dictionaries
- Learn how looping lets you do lots of work with a little bit of code
- Gain access to more functionality in Python with modules
- Practice reading, writing, and running your first Python programs
- Navigate the command line for writing larger programs
- Write your own functions for encapsulating useful work
- Use classes to group, name, and reuse functions and variables
- Practice what you’ve learned with the state capitals quizzer and Scrabble cheater projects
You are supposed to learn and get what are necessary for Python beginning by video course.
During study, you can follow up practice at link.
Categories: DBA Blogs

Setting up Eclipse with SVN on OSX Mavericks

Barry McGillin - Fri, 2014-05-02 10:49
So My macbook pro died the other day and much to my wife's amusement, my dell laptop died 30 minutes later with disk errors as I hadn't used in it in forever.  She wasn't laughing long though cos I swiped her Macbook Air to get me out of a hole while the Apple store replace the magsafe card. (Don't worry, though, cos Lisa grabbed one of the kids laptops and now they are the only ones fuming. )

So, here we are, no development environment to speak of on this laptop, not even Xcode tools or anything and a release to go out!  First thing out of the box was to down load eclipse, from eclipse.org, which at time of writing is still keplar.
Download it, and expand it.  then take the complete eclipse folder and drop it into your /Applications folder.  It'll look like this.
Also, when you click on the Launcher, you'll see eclipse added to the list of applications.

Now, When you run it, you may be asked if you want to install java 1.6 to run Eclipse.  Accept the install and sit back until it completes.  When its installed, you'll be able to run eclipse, so click the icon in the launcher, as above.
Eclipse will appear like this below. 
We'll want to see what java versions we have installed and for that you can go to preferences and type jdk into the filter box which will show a number of java related options. 
As you can see, we have a preference called installed JRE's which, when we click on it will only have the apple JDK we installed when we first tried to start eclipse.  I want JDK 8 and JDK 7 and I got them on the oracle site for Java.  Download both dmg files from Oracle, double click them and follow the instructions on the installer to drop them in.  If you restart eclipse, and go back to the preferences, to this page you will now see the appropriate JDKs installed and you can choose your default for your project.  

Now, part two.  Getting subversion into your eclipse, which turns out to be kinda difficult when you are trying to figure out which path to do.  There are various schools of thought on how to get subversion on to your mac, but for me so far, I have found Brew to be one of the best of the latest package installers out there.  If you do not have Brew installed you can do that really quickly by running this command in a terminal window.
which gets you this output.
lisas-MacBook-Air:~ bamcgill$ ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go/install)"
==> This script will install:

Press RETURN to continue or any other key to abort
==> /usr/bin/sudo /bin/chmod g+rwx /Library/Caches/Homebrew
==> Downloading and installing Homebrew...
remote: Counting objects: 169292, done.
remote: Compressing objects: 100% (47341/47341), done.
remote: Total 169292 (delta 120836), reused 169278 (delta 120826)
Receiving objects: 100% (169292/169292), 32.51 MiB | 121 KiB/s, done.
Resolving deltas: 100% (120836/120836), done.
From https://github.com/Homebrew/homebrew
* [new branch] master -> origin/master
HEAD is now at 23e1c24 ansible: fix --HEAD install
==> Installation successful!
You should run `brew doctor' *before* you install anything.
Now type: brew help

Badda Bing. Now, we can install subversion from the Brew repository and as all homebrew experts know, you keep your home-brews in the Cellar, so look out for /usr/local/Cellar appearing.   Now you may be asked for your administrator passwords as you do this because brew setups up the Cellar under /usr/Local and needs to create that there if it does not exist and set the permissions on the directory.
Next, we'll want to install subversion with Brew.
This will install subversion and its dependencies for you.  

Now, lastly, you'll need to install SVN support on eclipse.  The best one I've seen and have been using for ages has been Subclipse from Tigris.org. If you go to the download page, you'll see some notes on the download pages and sections for each release like this

What we want to pick up is the Eclipse update Site URL. We can then take that and use it in eclipse to install subclipse for us.
So. Open eclipse again and go to HELP > Install New Software
This will popup the window below for available software and if you use the drop box, you'll see things like eclipse and myln and other update sites which base eclipse uses.
 We need to add another for Subclipse.  Remember we grabbed the update url from the Subclipse site, we can add a new site by clicking add and pasting in the URL and a name for the site as shown.
 This will appear like this and will give you the options that below to install subclipse and the SVNKit.

Install these and its normally good to restart eclipse after these installs.  The last thing you need to do then is to make sure you are using the right svnkit in eclipse once you restart.
You can make sure of this by going to the preferences again and searching for SVN.  Click on the main SVN preference and make sure the SVN interface is set to SVNKit instead of javaHL.

Now, svn should be all set up and you can go look at adding new repositories and checking out code.


SQL*Plus error logging – New feature release 11.1

OraFAQ Articles - Fri, 2014-05-02 09:39

One of the most important things that a developer does apart from just code development is, debugging. Isn’t it? Yes, debugging the code to fix the errors that are raised. But, in order to actually debug, we need to first capture them somewhere. As of now, any application has it’s own user defined error logging table(s).

Imagine, if the tool is rich enough to automatically capture the errors. It is very much possible now with the new SQL*PLus release 11.1

A lot of times developers complain that they do not have privilege to create tables and thus they cannot log the errors in a user defined error logging table. In such cases, it’s a really helpful feature, at least during the unit testing of the code.

I made a small demonstration in SCOTT schema using the default error log table SPERRORLOG, hope this step by step demo helps to understand easily :

NOTE : SQL*Plus error logging is set OFF by default. So, you need to “set errorlogging on” to use the SPERRORLOG table.

SP2 Error

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> desc sperrorlog;
 Name                                      Null?    Type
 ----------------------------------------- -------- ----------------------------

 USERNAME                                           VARCHAR2(256)
 TIMESTAMP                                          TIMESTAMP(6)
 SCRIPT                                             VARCHAR2(1024)
 IDENTIFIER                                         VARCHAR2(256)
 MESSAGE                                            CLOB
 STATEMENT                                          CLOB

SQL> truncate table sperrorlog;

Table truncated.

SQL> set errorlogging on;
SQL> selct * from dual;
SP2-0734: unknown command beginning "selct * fr..." - rest of line ignored.
SQL> select timestamp, username, script, statement, message from sperrorlog;





11-SEP-13 AM





selct * from dual;
SP2-0734: unknown command beginning "selct * fr..." - rest of line ignored.

ORA Error

SQL> truncate table sperrorlog;

Table truncated.

SQL> select * from dula;
select * from dula
ERROR at line 1:
ORA-00942: table or view does not exist

SQL> select timestamp, username, script, statement, message from sperrorlog;





11-SEP-13 AM





select * from dula
ORA-00942: table or view does not exist

Like shown above, you can capture PLS errors too.

If you want to execute it through scripts, you can do it like this, and later spool the errors into a file. I kept these three lines in the sperrorlog_test.sql file -

truncate table sperrorlog;
selct * from dual;
select * from dula;

SQL> @D:\sperrorlog_test.sql;

Table truncated.

SP2-0734: unknown command beginning "selct * fr..." - rest of line ignored.
select * from dula
ERROR at line 1:
ORA-00942: table or view does not exist





11-SEP-13 AM

SP2-0734: unknown command beginning "D:\sperror..." - rest of line ignored.




11-SEP-13 AM
selct * from dual;
SP2-0734: unknown command beginning "selct * fr..." - rest of line ignored.




11-SEP-13 AM
select * from dula
ORA-00942: table or view does not exist


Check Oracle documentation on SPERRORLOG.

In addition to above, if you want to be particularly specific about each session’s error to be spooled into a file you could do this -

SQL> set errorlogging on identifier my_session_identifier

Above mentioned IDENTIFIER keyword becomes a column in SPERRORLOG table. It would get populated with the string value “my_session_identifier”. Now you just need to do this -
SQL> select timestamp, username, script, statement, message
2 from sperrorlog
3 where identifier = 'my_session_identifier';

To spool the session specific errors into a file, just do this -

SQL> spool error.log
SQL> select timestamp, username, script, statement, message
2 from sperrorlog
3 where identifier = 'my_session_identifier';
SQL> spool off


Professional support offering for the JasperReportsIntegration toolkit officially announced

Dietmar Aust - Thu, 2014-05-01 14:05
You are using the free tool JasperReportsIntegration from Opal Consulting and you might be struggling with setting it up and integrating it into you own APEX applications?

Now you have somebody to talk to!

Already several years ago I have built this software for my own reporting needs in a project for a client of mine.

Then I wrapped it up, documented it and gave it to the incredible and wonderful Oracle APEX community to help them with their reporting needs as well.

As time went by it would become more difficult for me to make the free time to answer the different questions, keep developing the software and adding new features.

In order to move the free tool forward but also because some people requested a professional support offering, I have finally created one.

You will get:
  • Priority email support,
  • can schedule support calls via Skype
  • and can participate in the monthly (1 hour) conference call to ask all kinds of questions
If you are interested, you will find more details here: http://www.opal-consulting.de/site/products/

So, this is your chance to contribute back and help me to further support the APEX community.

Also, when enough people have signed up for this support offering, I will create a professional version with thrilling advanced features, so that it will be able to use the same APEX integration as the BI Publisher, i.e. using report queries and report templates (not based on RTF but on JRXML).

Hope you find it interesting.


Let me know what you think.


Oracle Midlands User Group May 2014 Meeting

Stephen Booth - Thu, 2014-05-01 07:59
On 20th May 2014 Oracle Midlands User Group will be hosting a couple of talks by Christian Antognini.  For full details see: http://oraclemidlands.com/ The first talk covers adaptive query optimisation in Oracle 12c and how it can be used to ensure that the query optimiser generates better plans more often.  The second talk delves into the internals of row chaining and migration. The venue is: Stephen Boothhttps://plus.google.com/107526053475064059763noreply@blogger.com0

April 2014 CPU

Paul Wright - Tue, 2014-04-29 17:54
Hi Oracle Security Folks, Thanks to Oracle for fixing a batch of research I sent over in August 2013 regarding ADVISOR, DIRECTORIES, GAOP(GRANT ANY OBJECT PRIVILEGE) and also a critical privilege escalation which gains 8.5 in the CPU which I am not going to publish here as I want to give folks time to patch. [...]

Learn GoldenGate – The Index

VitalSoftTech - Tue, 2014-04-29 08:51
Learn about GoldenGate Extract, Pump, Replicat, GGSCI, Logdump, Troubleshooting and Upgrade.
Categories: DBA Blogs

Nationwide Deploys Database Applications 600% Faster

Pankaj Chandiramani - Mon, 2014-04-28 04:37

Nationwide Deploys Database Applications 600% Faster

Heath Carfrey of Nationwide, a leading global insurance and
financial services organization, discusses how Nationwide saves time and
effort in database provisioning with Oracle Enterprise Manager

Key-points :

  1. Provisioning Databases using Profiles  (aka Gold Images)

  2. Automated Patching

  3.  Config/Compliance tracking

Categories: DBA Blogs

EMCLI setup

Pankaj Chandiramani - Mon, 2014-04-28 03:15

A quick note on how to install EMCLI which is used for various CLI operations from EM . I was looking to test some Database provisioning automation via EMCLI and thus was looking to setup the same . 

To set up EMCLI on the host, follow these steps:
1.    Download the emcliadvancedkit.jar from the OMS using URL https://<omshost>:<omsport>/em/public_lib_download/emcli/kit/emcliadvancedkit.jar
2.    Set your JAVA_HOME environment variable and ensure that it is part of your PATH. You must be running Java 1.6.0_43 or greater. For example:
o    setenv JAVA_HOME /usr/local/packages/j2sdk
o    setenv PATH $JAVA_HOME/bin:$PATH
3.    You can install the EMCLI with scripting option in any directory either on the same machine on which the OMS is running or on any machine on your network (download the emcliadvancedkit.jar to that machine)
java -jar emcliadvancedkit.jar client -install_dir=<emcli client dir>
4.    Run emcli help sync from the EMCLI Home (the directory where you have installed emcli) for instructions on how to use the "sync" verb to configure the client for a particular OMS.
5.    Navigate to the Setup menu then the Command Line Interface. See the Enterprise Manager Command Line Tools Download page for details on setting EMCLI.

Categories: DBA Blogs

APEX 4.2 Best Practices Training am 26.05-28.05.2014

Dietmar Aust - Sun, 2014-04-27 07:41

Wußten Sie schon, daß in APEX 4.2 alleine 130 neue Features implementiert wurden, die uns Entwickler SOFORT produktiver werden lassen und das Leben erleichern?

Auch wird jedes Release von APEX immer sicherer, es kommen immer wieder neue Security Features hinzu.

Das alles hilft uns jedoch nur, wenn wir diese Features überhaupt kennen und optimal einsetzen!

Seit 2006 bauen wir jeden Tag Applikationen mit APEX für unsere Kunden, ja genau - an jedem Tag! Na ja, vielleicht nicht am Wochende für unsere Kunden ... dann aber für die APEX Community ;).

Mobile Endgeräte, HTML 5, mehr Dynamik mit JQuery und Dynamic Actions, einbruchssichere Applikationen und REST Webservices werden immer wichtigere Themen, die man als Entwickler einfach kennen sollte.

In unseren Kursen haben wir schon über 200 APEX-Fans die besten Herangehensweisen, Tipps und Tricks beigebracht. Durch die Hands-On Übungen vertiefen wir diese und Sie können diese sofort einsetzen ... oder Sie schlagen sie nach ... wenn Sie sie später brauchen ;). Aber auf jeden Fall wissen Sie nach dem Kurs, was möglich ist!

Wir beide (Denes und Dietmar) haben schon alles mit APEX ausprobiert und auch schon alle Fehler gemacht! Nehmen Sie die Abkürzung und lernen Sie gleich, was sich immer wieder bewährt hat ... weil es funktioniert!

Mit jedem Release gibt es neue Features und auch wir passen unser Vorgehen immer wieder an - weil es sich einfach lohnt!

Wenn Sie Ihre Kenntnisse in der APEX Entwicklung auf das nächste Niveau bringen wollen, dann melden Sie sich am besten gleich an:
  1. Klicken Sie auf den Link "Anmeldung zum Kurs".
  2. Tragen Sie Ihre Anmeldedaten ein und klicken Sie auf den Button "Anmelden".
  3. Sie bekommen sofort eine Bestätigungs-Email zugeschickt.
  4. Sobald Sie in der Email auf den Link zur Bestätigung klicken, haben Sie Ihren Platz gesichert und sind auf jeden Fall dabei!
Anmeldung zum Kurs

P.S.: Wir haben es sogar, geschafft, Carsten Czarski für unseren Kurs zu gewinnen! Wir werden mit ihm mobile Applikationen bauen und er wird uns seinen Geolocation Showcase im Detail zeigen, die Packaged Application, die er für das APEX Team entwickelt hat und die mit APEX 4.2.5 weltweit ausgeliefert wird, sehr cool!

P.P.S.: Die vollständige Agenda und weitere Infos zum Kurs gibt es online in der Kursbeschreibung.

The people behind the NoCOUG Journal

Iggy Fernandez - Fri, 2014-04-25 13:53
Now in its 28th year, the NoCOUG Journal is the oldest Oracle user group publication in the world. No other small user group in the world has a printed journal. Most large user groups do not have printed journals either. But little NoCOUG does. I am the editor of the NoCOUG Journal and—I must confess—I get sad when I see […]
Categories: DBA Blogs

Don't Fear the EM12c Metric Extensions

Don Seiler - Fri, 2014-04-25 11:24
A few weeks ago, our customer support team asked us to automate part of their checklist that looks at the number of active sessions in our production database. In EM12c, this seemed like a no-brainer with the Average Active Sessions metric. So I added this to my production incident ruleset and went back to another project. Over the next few days we'd get pinged by EM12c but the support folks would say it shouldn't. After taking a look we realized that we should be looking at USER sessions, excluding the BACKGROUND sessions Oracle creates to run the instance (like DBWn and LGWR).

The trouble was that I couldn't find a metric for just the user sessions. I had resolved myself to having a scheduler job or script run the SQL that I wanted and send an email if it was over my critical threshold. On a whim I put a message out to twitter, and thankfully my friend Leighton answered. He suggested I look at adding a metric extension, something still foreign to me. I had seen the term in the EM12c interface but it sounded like some kind of plugin interface. Turns out it's simply another way of saying "user-defined metrics". Honestly, if they were labelled that way I would have started playing with them much sooner (subtle criticism).

So a quick search turned up a great video that showed just how simple it was to create a metric extension based on a SQL query. In just a few minutes I had the metric extension created, tested and published. You can create many different types of metric extensions all target types, but in my case a simple SQL query for a database instance was all I needed:

select count(*) from v$session
where type='USER' and status='ACTIVE';

I then define the warning and critical thresholds for the count and it's done! I added it to my ruleset (removing the stock Average Active Sessions metric) and haven't looked back.

Since then I've created a few other metric extensions, for example a standby lag check on a standard edition physical standby. My only regret is not taking the time to learn about these sooner. I suggest anyone using EM12c do so sooner rather than later.
Categories: DBA Blogs

First ORCLAPEX New York City Meetup

Marc Sewtz - Thu, 2014-04-24 09:00
We’re excited to announce the first ever Oracle Application Express Meetup in New York City. Join us on May 23rd at the Oracle office at 120 Park Ave – right across from Grand Central. Meet other APEX developers working in the area and see what’s coming in APEX 5.0. New to APEX? Don’t worry, we’ll get you up to speed and show you what this product is all about.

As a special guest speaker, we’ll have Peter Raganitsch, from Click Click IT Solution in Vienna, Austria - known in the community for the APEXlib framework and the FOEX plug-in - show us how to use friendly URLs with your APEX applications

Cycle4Sam 5 - Riding 1000km in 6 days for $100k for Women's and Children's Hospital

Steve Button - Tue, 2014-04-22 02:07

I recently participated in a week long charity bike ride called Cycle4Sam, where funds are raised to support the palliative care unit at the Women and Children's Hospital of South Australia.

The ride is conducted on a bi-annual basis in honour of young Sam Roberts, who sadly passed away from a rare genetic disease at the age of 4. His parents, Marty and Michelle and his siblings Lucy and Charlie, created the Sam Roberts Family Fund in order to raise funds and provide help for other families who find themselves in the same situation.

As the major fundraising effort, the Cycle4Sam ride sees a group of riders raise funds through sponsors to participate in a ride of 1000km. This years ride started on April 12th from the regional South Australia city of Renmark and finished back in Adelaide on April 18th, covering 1000km over 6 days of riding.

Day 1 was run as a loop of the Riverland region, taking in Loxton, Berry and a number of other lovely little towns on the way back to Renmark.  A small ceremony was held at the start to honour and remember Sam and other little children who are suffering in the same way.

Day 2 was a transit stage, riding from Renmark to a small town along the River Murray called Walker Flat.

Day 3 took in a loop of the iconic Barossa Valley region  through the towns of Sedan, Angaston, Tanunda, Mt Prospect and back to Walker Flat.  This day had some nice climbing with the Sedan Hill and Menglers Hill included as the main climbs of the day on the back of the generally rolling terrain of the region.

Day 4 was another long day, riding from Walker Flat to the southern beach town of Carrackalinga.  A planned stop at the Woodstock winery to meet up with another family who were afflicted in the same way as the Roberts saw the day come to a slightly unscheduled but much welcomed end, with a short'ish bus transit down to the final stay over.

Day 5 was a rest-day, or more accurately a non-riding day for those of us with kids, which had us taking the kids for a lovely bike ride along the beach front from Normanville to Carrackalinga, followed by a King of the Mountain event up the Latvian Climb.  Tough work for little legs but they all did superbly.

Day 6 was a loop around the Fleurieu Peninsula taking in the lovely back road around Parawa down to Victor Harbor, down to Goolwa and back to Port Elliot for lunch.  A summit of the Crows Nest followed, by a ride up the Myponga Reservoir climb, closing by a screaming descent down to Carrackaling and back to Normanville.

Day 7 was the final day and took us back to Adelaide through the McLaren Vale, Mylor, Aldgate Valley, Stirling and down the freeway, where we were escorted by the SA Police through to the grounds of the Women's and Children's Hospital.

As part of the closing celebrations, the Roberts Family presented the Women's and Children's Hospital with a cheque for $100,000 that was raised by the event.

I was in the company of an outstanding group of people performing an outstanding service for the community and I thank them all for the privilege of letting me share the event with them.

Get a plan to increase your confidence

TalentedApps - Mon, 2014-04-21 13:59


Cross Posted from my Personal Blog

I managed to get through high school and college never taking a second language, even in the ’80s this required advanced maneuvers through the academic handbook.  Why would I do this?  Was I against taking a language?

Nope.  I desperately wanted to take a language, but I lacked confidence.

The only language offered in my high school was Spanish, and I wanted to take French or Japanese (it was the ’80s).

Later, when I went off to college, my 17 year old scholarship self, decided I would be unable to keep my required GPA taking a language, given I was already four years behind.

Recursive logic indeed, especially when you factor in the fact that I had an above average memory and a crazy serious work ethic [seriously,  I was so much older then…].  Looking back on this with the benefit of hindsight, I can say confidently, that the odds of me not being able to handle the rigor of a 101 language course was exactly 0.

So when I read that women have a confidence gap, looking for perfection in themselves before putting their hands up for consideration for professional opportunity, I recognize we need to take this seriously.  Especially when we look at the incredibly slow pace of progress for women in senior leadership in the west (in retrospect maybe I was onto something by not taking Japanese).



So what to do?

I think it comes down to recognizing the need to have a strategy for being confident.  Being angry at men for being better at this than women, completely misses the point.

Confidence is a critical skill for professional success.  Odds are you could be better.

Work on it.

Some useful suggestions

  1. Get your body and your mind helping you by improving your inner monologue and Power Posing
  2. Get someone with perspective to help you compare your qualifications more objectively
  3. Do a better job recognizing that the fact that you are skeptical of your own qualification, is a sign of your competence

Don’t let a lack of confidence get in the way of your success, practice more, work harder, figure it out.

You can do this!





Oracle Linux 7 Beta 1 (fixed with CVE-2014-0160 with openssl-1.0.1e-23.0.1.el7)

Surachart Opun - Sun, 2014-04-20 00:35
Last post, I blog about Oracle Linux Beta 1 that I would like to learn more after it has changed to use Systemd targets. In this post, I just wanted to update for some people who have installed Oracle Linux 7 Beta 1 or have been testing it. On Oracle Linux Beta 1, that uses openssl version (openssl-1.0.1e-23.el7) and it's issue about CVE-2014-0160. Users can go Oracle Linux Early Access Downloads and download "openssl-1.0.1e-23.0.1.el7" to fix it.
Note: MOS note #1663998.1Version openssl-1.0.1e-23.0.1.el7  includes a fix backported from openssl-1.0.1gDownloaded openssl* packages and Updated.
[root@ol7beta ~]# rpm -qa |grep openssl

[root@ol7beta ~]# lsof | awk 'NR==1 || 0-/libssl.so.1.0.1e/'
COMMAND     PID   TID    USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
firewalld   488          root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
gmain       488  1511    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507          root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
gmain       507   677    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   679    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   680    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   682    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
master     1661          root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
qmgr       1681       postfix  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794          root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16821    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16822    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16823    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16824    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16825    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16826    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16827    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16828    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16829    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16830    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
pickup    17190       postfix  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
[root@ol7beta ~]#
[root@ol7beta ~]#
[root@ol7beta ~]# grep libssl.so.1.0.1e /proc/*/maps | cut -d/ -f3 | sort -u | xargs -r ps uf
root     16794  0.0  0.9 461652 16852 ?        Ssl  08:48   0:00 /usr/sbin/libvirtd
root      1661  0.0  0.1  89336  2152 ?        Ss   Apr15   0:00 /usr/libexec/postfix/master -w
postfix   1681  0.0  0.2  89504  3860 ?        S    Apr15   0:00  \_ qmgr -l -t unix -u
postfix  17190  0.0  0.2  89440  3832 ?        S    09:56   0:00  \_ pickup -l -t unix -u
root       507  0.0  0.8 547684 16044 ?        Ssl  Apr15   0:06 /usr/bin/python -Es /usr/sbin/tuned -l -P
root       488  0.0  1.1 325176 21052 ?        Ssl  Apr15   0:00 /usr/bin/python /usr/sbin/firewalld --nofork --nopid
[root@ol7beta ~]#
[root@ol7beta ~]# ls -l openssl-*
-rw-r--r--. 1 root root  718380 Apr 20  2014 openssl-1.0.1e-23.0.1.el7.x86_64.rpm
-rw-r--r--. 1 root root 1228140 Apr 20  2014 openssl-devel-1.0.1e-23.0.1.el7.x86_64.rpm
-rw-r--r--. 1 root root  923368 Apr 20  2014 openssl-libs-1.0.1e-23.0.1.el7.x86_64.rpm
[root@ol7beta ~]# rpm -Uvh openssl-*
error: Failed dependencies:
        krb5-devel(x86-64) is needed by openssl-devel-1:1.0.1e-23.0.1.el7.x86_64
        zlib-devel(x86-64) is needed by openssl-devel-1:1.0.1e-23.0.1.el7.x86_64

[root@ol7beta ~]# rpm -ivh /mnt/Packages/krb5-devel-1.11.3-31.el7.x86_64.rpm  /mnt/Packages/zlib-devel-1.2.7-10.el7.x86_64.rpm
error: Failed dependencies:
        keyutils-libs-devel is needed by krb5-devel-1.11.3-31.el7.x86_64
        libcom_err-devel is needed by krb5-devel-1.11.3-31.el7.x86_64
        libselinux-devel is needed by krb5-devel-1.11.3-31.el7.x86_64
        libverto-devel is needed by krb5-devel-1.11.3-31.el7.x86_64
[root@ol7beta ~]# ^C
[root@ol7beta ~]#
[root@ol7beta ~]# cat /etc/yum.
yum.conf     yum.repos.d/
[root@ol7beta ~]# cat /etc/yum.repos.d/iso.repo
name=Local CD Repo
[root@ol7beta ~]# df
Filesystem          1K-blocks    Used Available Use% Mounted on
/dev/mapper/ol-root  49747968 1071868  48676100   3% /
devtmpfs               886508       0    886508   0% /dev
tmpfs                  893876       0    893876   0% /dev/shm
tmpfs                  893876    2940    890936   1% /run
tmpfs                  893876       0    893876   0% /sys/fs/cgroup
/dev/sda1              487652   91380    366576  20% /boot
tmpfs                  893876       0    893876   0% /tmp
/dev/sr0              4673160 4673160         0 100% /mnt
[root@ol7beta ~]# yum install krb5-devel zlib-devel
Resolving Dependencies
--> Running transaction check
---> Package krb5-devel.x86_64 0:1.11.3-31.el7 will be installed
--> Processing Dependency: libverto-devel for package: krb5-devel-1.11.3-31.el7.x86_64
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.11.3-31.el7.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.11.3-31.el7.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.11.3-31.el7.x86_64
---> Package zlib-devel.x86_64 0:1.2.7-10.el7 will be installed
--> Running transaction check
---> Package keyutils-libs-devel.x86_64 0:1.5.8-1.el7 will be installed
---> Package libcom_err-devel.x86_64 0:1.42.8-2.el7 will be installed
---> Package libselinux-devel.x86_64 0:2.1.13-21.el7 will be installed
--> Processing Dependency: libsepol-devel >= 2.1.9-1 for package: libselinux-devel-2.1.13-21.el7.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.1.13-21.el7.x86_64
---> Package libverto-devel.x86_64 0:0.2.5-2.el7 will be installed
--> Running transaction check
---> Package libsepol-devel.x86_64 0:2.1.9-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package                                         Arch                               Version                                     Repository                         Size
 krb5-devel                                      x86_64                             1.11.3-31.el7                               local                             606 k
 zlib-devel                                      x86_64                             1.2.7-10.el7                                local                              49 k
Installing for dependencies:
 keyutils-libs-devel                             x86_64                             1.5.8-1.el7                                 local                              37 k
 libcom_err-devel                                x86_64                             1.42.8-2.el7                                local                              29 k
 libselinux-devel                                x86_64                             2.1.13-21.el7                               local                             168 k
 libsepol-devel                                  x86_64                             2.1.9-1.el7                                 local                              70 k
 libverto-devel                                  x86_64                             0.2.5-2.el7                                 local                              11 k
Transaction Summary
Install  2 Packages (+5 Dependent packages)
Total download size: 968 k
Installed size: 2.0 M
Is this ok [y/d/N]: y
Downloading packages:
Total                                                                                                                                   3.5 MB/s | 968 kB     00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libcom_err-devel-1.42.8-2.el7.x86_64                                                                                                                 1/7
  Installing : libsepol-devel-2.1.9-1.el7.x86_64                                                                                                                    2/7
  Installing : libselinux-devel-2.1.13-21.el7.x86_64                                                                                                                3/7
  Installing : libverto-devel-0.2.5-2.el7.x86_64                                                                                                                    4/7
  Installing : keyutils-libs-devel-1.5.8-1.el7.x86_64                                                                                                               5/7
  Installing : krb5-devel-1.11.3-31.el7.x86_64                                                                                                                      6/7
  Installing : zlib-devel-1.2.7-10.el7.x86_64                                                                                                                       7/7
  Verifying  : zlib-devel-1.2.7-10.el7.x86_64                                                                                                                       1/7
  Verifying  : keyutils-libs-devel-1.5.8-1.el7.x86_64                                                                                                               2/7
  Verifying  : libverto-devel-0.2.5-2.el7.x86_64                                                                                                                    3/7
  Verifying  : libsepol-devel-2.1.9-1.el7.x86_64                                                                                                                    4/7
  Verifying  : libcom_err-devel-1.42.8-2.el7.x86_64                                                                                                                 5/7
  Verifying  : libselinux-devel-2.1.13-21.el7.x86_64                                                                                                                6/7
  Verifying  : krb5-devel-1.11.3-31.el7.x86_64                                                                                                                      7/7
  krb5-devel.x86_64 0:1.11.3-31.el7                                                   zlib-devel.x86_64 0:1.2.7-10.el7
Dependency Installed:
  keyutils-libs-devel.x86_64 0:1.5.8-1.el7   libcom_err-devel.x86_64 0:1.42.8-2.el7   libselinux-devel.x86_64 0:2.1.13-21.el7   libsepol-devel.x86_64 0:2.1.9-1.el7
  libverto-devel.x86_64 0:0.2.5-2.el7
[root@ol7beta ~]#
[root@ol7beta ~]# rpm -Uvh openssl-*
Preparing...                          ################################# [100%]
Updating / installing...
   1:openssl-libs-1:1.0.1e-23.0.1.el7 ################################# [ 20%]
   2:openssl-1:1.0.1e-23.0.1.el7      ################################# [ 40%]
   3:openssl-devel-1:1.0.1e-23.0.1.el7################################# [ 60%]
Cleaning up / removing...
   4:openssl-1:1.0.1e-23.el7          ################################# [ 80%]
   5:openssl-libs-1:1.0.1e-23.el7     ################################# [100%]
[root@ol7beta ~]# rpm -qa |grep openssl

[root@ol7beta ~]#
After updating openssl, Services will need to be restarted. [root@ol7beta ~]#
[root@ol7beta ~]# grep libssl.so.1.0.1e /proc/*/maps | cut -d/ -f3 | sort -u | xargs -r ps uf
root     16794  0.0  0.9 461652 16852 ?        Ssl  08:48   0:00 /usr/sbin/libvirtd
root      1661  0.0  0.1  89336  2152 ?        Ss   Apr15   0:00 /usr/libexec/postfix/master -w
postfix   1681  0.0  0.2  89504  3860 ?        S    Apr15   0:00  \_ qmgr -l -t unix -u
postfix  17190  0.0  0.2  89440  3832 ?        S    09:56   0:00  \_ pickup -l -t unix -u
root       507  0.0  0.8 547684 16044 ?        Ssl  Apr15   0:06 /usr/bin/python -Es /usr/sbin/tuned -l -P
root       488  0.0  1.1 325176 21052 ?        Ssl  Apr15   0:00 /usr/bin/python /usr/sbin/firewalld --nofork --nopid
[root@ol7beta ~]# lsof | awk 'NR==1 || 0-/libssl.so.1.0.1e/'
COMMAND     PID   TID    USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
firewalld   488          root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
gmain       488  1511    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507          root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
gmain       507   677    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   679    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   680    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   682    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
master     1661          root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
qmgr       1681       postfix  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794          root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16821    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16822    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16823    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16824    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16825    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16826    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16827    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16828    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16829    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16830    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
pickup    17190       postfix  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e

[root@ol7beta ~]# systemctl restart postfix
[root@ol7beta ~]#
[root@ol7beta ~]#  systemctl restart firewalld
[root@ol7beta ~]#
[root@ol7beta ~]# systemctl restart libvirtd
[root@ol7beta ~]# systemctl restart tuned
[root@ol7beta ~]#
[root@ol7beta ~]#
[root@ol7beta ~]#
[root@ol7beta ~]# lsof | awk 'NR==1 || 0-/libssl.so.1.0.1e/'
COMMAND     PID   TID    USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
master    17390          root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
pickup    17391       postfix  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
qmgr      17392       postfix  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
firewalld 17481          root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
gmain     17481 17919    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035          root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18036    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18037    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18038    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18039    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18040    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18041    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18042    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18043    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18044    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18045    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
tuned     18162          root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
gmain     18162 18165    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
tuned     18162 18166    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
tuned     18162 18167    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
tuned     18162 18168    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
[root@ol7beta ~]# grep libssl.so.1.0.1e /proc/*/maps | cut -d/ -f3 | sort -u | xargs -r ps uf
root     18162  0.4  0.8 547684 16000 ?        Ssl  10:13   0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P
root     18035  0.3  0.9 461652 16852 ?        Ssl  10:13   0:00 /usr/sbin/libvirtd
root     17481  0.8  1.1 325376 21140 ?        Ssl  10:12   0:00 /usr/bin/python /usr/sbin/firewalld --nofork --nopid
root     17390  0.0  0.1  89336  2044 ?        Ss   10:11   0:00 /usr/libexec/postfix/master -w
postfix  17391  0.0  0.2  89440  3828 ?        S    10:11   0:00  \_ pickup -l -t unix -u
postfix  17392  0.0  0.2  89504  3852 ?        S    10:11   0:00  \_ qmgr -l -t unix -u
[root@ol7beta ~]#My test virtualbox - OL7 beta1, it's all right for openssl.

MOS note #1663998.1
Oracle Linux Early Access Downloads
Categories: DBA Blogs

Security Alert CVE-2014-0160 (‘Heartbleed’) Released

Oracle Security Team - Fri, 2014-04-18 14:38

Hi, this is Eric Maurice.

Oracle just released Security Alert CVE-2014-0160 to address the publicly disclosed ‘Heartbleed’ vulnerability which affects a number of versions of the OpenSSL library.  Due to the severity of this vulnerability, and the fact that active exploitation of this vulnerability is reported “in the wild,” Oracle recommends that customers of affected Oracle products apply the necessary patches as soon as they are released by Oracle.

The CVSS Base Score for this vulnerability is 5.0.  This relative low score denotes the difficulty in coming up with a system that can rate the severity of all types of vulnerabilities, including the ones that constitute blended threat. 

It is easy to exploit vulnerability CVE-2014-0160 with relative impunity as it is remotely exploitable without authentication over the Internet.  However a successful exploit can only result in compromising the confidentiality of some of the data contained in the targeted systems.  An active exploitation of the bug allows the malicious perpetrator to read the memory of the targeted system on which resides the vulnerable versions of the OpenSSL library.  The vulnerability, on its own, does not allow a compromise of the availability (e.g., denial of service attack) or integrity of the targeted system (e.g., deletion of sensitive log files). 

Unfortunately, this vulnerability is very serious in that it is contained into a widely used security package, which enables the use of SSL/TLS, and the compromise of that memory can have serious follow-on consequences.  According to http://heartbleed.com the compromised data may contain passwords, private keys, and other sensitive information.  In some instances, this information could be used by a malicious perpetrator to decrypt private information that was sent months or years ago, or log into systems with stolen identity.   As a result, this vulnerability creates very significant risks including unauthorized access to systems with full user rights.


For more information:


The Advisory for Security Alert CVE-2014-0160 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html

The ‘OpenSSL Security Bug - Heartbleed / CVE-2014-0160’ page on OTN is located at http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

The ‘Heartbleed’ web site is located at http://www.heartbleed.com.  Note that this site is not affiliated with Oracle.





I Love Logs

Gary Myers - Thu, 2014-04-17 21:08
It occurred to me a few days ago, as I was reading this article on DevOps, that I might actually be a DevOps.

I think of myself as a developer, but my current role is in a small team running a small system. And by running, I mean that we are 

  • 'root' and 'Administrator' on our Linux and Windows servers
  • 'oracle / sysdba' on the database side, 
  • the apex administrator account and the apex workspace administrators,
  • the developers and testers, 
  • the people who set up (and revoke) application users and 
  • the people on the receiving end of the support email
Flashbacked to Jeff Smith's article on Developers in Prod. But the truth is that there's a lot of people wearing multiple hats out there, and the job titles of old are getting a bit thin. 

The advantage of having all those hats, or at least all those passwords, is that when I'm looking at issues, I get to look pretty much EVERYWHERE. 

I look at the SSH, FTP and mailserver logs owned by root. The SSH logs generally tell me who logged on where and from where. Some of that is for file transfers (some are SFTP, some are still FTP), some of it is the other members of the team logging on to run jobs. The system sends out lots of mail notifications, and occasionally they don't arrive so I check that log to see that it was sent (and if it may have been too big, or rejected by the gateway).

Also on the server are the Apache logs. We've got these on daily rotate going back a couple of years because it is a small enough system that the logs sizes don't matter. But Apex stuffs most of those field values into the URL as a GET, so they all get logged by Apache. I can get a good idea of what IP address was inquiring about a particular location or order by grepping the logs for the period in question.

I haven't often had the need to look in the Oracle alert logs or dump directories, but they are there if I want to run a trace on some code. 

In contracts, I'm often looking at the V$ (and DBA_) views and tables. The database has some audit trail settings so we can track DDL and (some) logons. Most of the database access is via the Apex component, so there's only a connection pool there.

The SELECT ANY TABLE also gives us access to the underlying Apex tables that tell us the 'private' session state of variables, collections etc. (Scott Wesley blogged on this a while back). Oh, and it amazing how many people DON'T log out of an application, but just shut their browser (or computer) down. At least it amazed me. 

The apex workspace logs stick around for a couple of weeks too, so they can be handy to see who was looking at which pages (because sometimes email us a screenshot of an error message without telling us how or where it popped up). Luckily error messages are logged in that workspace log. 

We have internal application logs too. Emails sent, batch jobs run, people logging on, navigation menu items clicked. And some of our tables include columns with a DEFAULT from SYS_CONTEXT/USERENV (Module, Action, Client Identifier/Info) so we can automatically pick up details when a row is inserted.

All this metadata makes it a lot easier to find the cause of problems. It isn't voyeurism or spying. Honest. 


Subscribe to Oracle FAQ aggregator