Feed aggregator

Oracle 11g: Archive log alert log output

Hampus Linden - Tue, 2007-08-21 02:42
Starting with Oracle 11g the archivelog process is no longer logged to the alert log by default. For good and bad in my opinion, nice to get rid of the log entries on smaller databases but it can be quite useful to see the details on larger systems with multiple log destinations.

The log level is simply a database parameter and can easily be changed, look at this page to figure out what level you want. I figured 79 would be a good starting point (64+8+4+2+1). Databases running dataguard should probably have 207 (add 128) to include FAL service details.

How to set the trace level:
[oracle@vm-rac1 ~]$ rsqlplus "/ as sysdba"

SQL*Plus: Release 11.1.0.6.0 - Production on Sun Aug 19 02:35:23 2007

Copyright (c) 1982, 2007, Oracle. All rights reserved.


Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL> show parameter log_archive_trace

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
log_archive_trace integer 0
SQL> alter system set log_archive_trace=79;

System altered.

SQL> alter system switch logfile;

System altered.

SQL> Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@vm-rac1 ~]$ talert # my shell alias to tail the current alert log
Current log# 1 seq# 7 mem# 0: /u01/app/oracle/oradata/test11g/redo01.log
Sun Aug 19 02:03:14 2007
ARC3: Evaluating archive log 3 thread 1 sequence 6
ARC3: Beginning to archive thread 1 sequence 6 (627362-628594) (test11g)
ARC3: Creating local archive destination LOG_ARCHIVE_DEST_10:
'/u01/app/oracle/flash_recovery_area/TEST11G/archivelog/2007_08_19/o1_mf_1_6_%u_.arc' (thread 1 sequence 6)
(test11g)
ARC3: Creating local archive destination LOG_ARCHIVE_DEST_1:
'/u01/app/oracle/11.1.0/db_1/dbs/arch1_6_630935902.dbf' (thread 1 sequence 6)
(test11g)
ARC3: Closing local archive destination LOG_ARCHIVE_DEST_10:
'/u01/app/oracle/flash_recovery_area/TEST11G/archivelog/2007_08_19/o1_mf_1_6_3dh5pld1_.arc'
(test11g)
Committing creation of archivelog
'/u01/app/oracle/flash_recovery_area/TEST11G/archivelog/2007_08_19/o1_mf_1_6_3dh5pld1_.arc'
ARC3: Closing local archive destination LOG_ARCHIVE_DEST_1:
'/u01/app/oracle/11.1.0/db_1/dbs/arch1_6_630935902.dbf'
(test11g)
Committing creation of archivelog '/u01/app/oracle/11.1.0/db_1/dbs/arch1_6_630935902.dbf'
ARC3: Completed archiving thread 1 sequence 6 (627362-628594) (test11g)

Read details about the log trace level here and general alert log related stuff here.

Payroll Processing

RameshKumar Shanmugam - Tue, 2007-08-21 00:41
Before we start the Payroll Run. We need to assign the necessary element for the employee

For the normal payroll run we will include all the elements and process all the assignment
But under certain circumstance we may need

  • Include or exclude certain element or assignment
  • Include or exclude certain group of assignment
  • Include or Exclude certain classification of element

For the above conditions we may need to create an Assignment set or an Element set

Creating Assignment Set

Example for the use of assignment set is. We need to process the payroll for the night shift employees before the day shift employees as they need to receive the Pay advice the night before the rest
For complete details of setting up the Assignment set please refer the blog http://ramesh-oraclehrms.blogspot.com/2007/08/assignment-set.html

Creating Element Set

  • Enter the Element Set name
  • Choose the classification as ‘Run Set’
  • Save the work
  • Select the Include button and add the required element to the set

The Payroll Process

  • Quick Pay
  • Payroll run

Quick Pay

Follow the link for the Quick Pay in Detail

Follow the steps to run the Payroll Process
1) Payroll Process
Parameters: Payroll Name
Consolidation Set
Element Set
Assignment Set
Date Earned
Date Paid
Run type
2) PrePayments
Parameter: Payroll Name
Consolidation set
Start Date
End Date

3) Run the check writer Process (Enabled for few legislation)
4) Run the Direct Deposit Process
5) Payslip Archive Process

If the costing is enabled then
6) Run the costing Process
7) Costing of Payments (if you want to cost at the payment method level)
8) Transfer to GL

From the GL side, import the Journal Entry

Try it out!!!

Categories: APPS Blogs

Installing Apex 3.0.1

Pankaj Chandiramani - Mon, 2007-08-20 20:33

I have been using Apex extensively now , have created 3-4 application for production usage & i can finally say that its easy to use for us non developers also ;)

I will be covering the installation of Apex 3.0.1 in this post & will cover the SSO part in next .

Software Req:

  1. Download Apex 3.0.1 from here
  2. 10g Db
  3. Http server
In short , the process of Installing & configuring apex goes like this :
Install 10g Db --> Install Http server (i used 10g AS) -->Install Apex

Starting the Apex Installation
I assume you have 10g Db installed , else read this post for details .

You need to create 2 table space , i created  apex1 & apex2 to seed the apex data :

create tablespace apex1 datafile '/apexdb/apex1.dbf' size 50M autoextend on next 10M maxsize 300M;

create tablespace apex2 datafile '/apexdb/apex2.dbf' size 50M autoextend on next 10M maxsize 300M;

Now we will seed the db with Apex configs .
Download Apex 3.0.1 from here & unzip it .

This will craete a subdirectory with name apex , cd into it & start sqlplus as sysdba & run apexins.sql as shown below.
cd apex

sqlplus system@tns_alias as sysdba
@apexins.sql {pass} {ts for user} {ts for files} {ts for temp} /i/

Where

pass - Password for Apex Super User
ts for user - Tablespace for User data (Created above)
ts for files - Tablespace for Apex files (Created above)
ts for temp - temporary tablespace (Usually Temp)
i - is the alias for image directory configuration in Application Server (Apache httpd.conf)

According to our config above , i used :

Sqlplus > @apexins.sql welcome apex1 apex2 temp /i/

It Takes ard 1 hr to get the seed data .

After this is complete , we go to the HTTP server location to configure Apex with it . AS we have the Oracle 10g AS installed we go to $ORACLE_HOME/Apache/modplsql/conf directory .

There in dads.conf we add the below lines :

#######
Alias /i/ "/apex/images/"  (replace with your image location)

AddType text/xml xbl
AddType text/x-component htc
<Location /pls/apex>
Order deny,allow
PlsqlDocumentPath docs
AllowOverride None
PlsqlDocumentProcedure wwv_flow_file_mgr.process_download
PlsqlDatabaseConnectString host:port:service_name ServiceNameFormat
PlsqlNLSLanguage AMERICAN_AMERICA.AL32UTF8
PlsqlAuthenticationMode Basic
SetHandler pls_handler
PlsqlDocumentTablename wwv_flow_file_objects$
PlsqlDatabaseUsername APEX_PUBLIC_USER
PlsqlDefaultPage apex
PlsqlDatabasePassword apex_public_user_password
Allow from all
</Location>
###################

For above replace according to your server & install locations , we did below :
PlsqlDatabaseConnectString xyz.com:1521:apexdb apexdb

Post Install
After this you need to restart the Appache server as shown below :

dcmctl updateconfig -ct ohs
opmnctl restartproc ias-component=HTTP_Server (Restart HTTP Server to check it)
ou are all set to use the Apex , try http://hostname.domainname:port/pls/apex

I will be writing on how to configure sso in next post

Categories: DBA Blogs

It's been a while...

Janusz Marchewa - Mon, 2007-08-20 13:30
... since my last post. There is still some code waiting to be published, but I still don't have time to document it properly :( Currently I'm working on a data transformation project for one of our customers. I won't be writing any Java code in the near future. I'm changing my focus to Business Intelligence, so that will probably be the main topic of my future posts. Stay tuned.
Categories: Development

Wow

Robert Baillie - Mon, 2007-08-20 10:54
And you think software patents are bad... China Regulates Buddhist Reincarnation

Wow

Rob Baillie - Mon, 2007-08-20 10:52
And you think software patents are bad...

China Regulates Buddhist Reincarnation

Assignment Set

RameshKumar Shanmugam - Sun, 2007-08-19 16:41
Assignment set are to be defined for the following purpose
  • For processing only the subset of the Assignment for the payroll processing eg: Payroll for the People who work in the night shift need to be processed first as they need to receive the pay advice before the day shift employees
  • For generating the quick paint report for the set of assignment
  • Can be used in the BEE for creating the identical entry for all the assignment in the Assignment set

Before we start defining the Assignment set we need to decide whether we are going to use Assignment set for the payroll process or for some other process like reporting etc.

Defining the Assignment set

  • Enter the name of assignment set (Only Char, ( _ ) and Numbers are allowed and NO SPACE allowed)
  • If you need to use this assignment set only for the payroll then select the Payroll from the LOV Otherwise it is an optional field we can leave it blank.
  • Save the work

If we want to use the formula criteria for defining the Assignment set choose the button Criteria from the assignment set window

  • Enter the Seq Number
  • Leave the Condition field Blank for the first line, you can choose either AND / OR depending on the criteria
  • Choose the Database Item as the variable for the criteria (all the Database Item will be prefixed by '&')
  • Choose the Operator (=, <=, >= , etc..,)
  • Enter the Value or choose the Database Item
  • Keep entering the other criteria from the second line
  • Save the work

If you specifically want to include or exclude any assignment choose the button Amendment button

  • Choose the option Inc/Exc from the LOV
  • Select the Name from the LOV
  • Save the work

Select the Generate Button for generating the Fast Formula for the criteria defined above. The Fast formula will be created with the same name as the assignment set

Try it out!!!

Categories: APPS Blogs

Oracle 11g: basic rundown

Hampus Linden - Sun, 2007-08-19 15:09
Ok, so 11g has been out some time but I've been to busy to really dig in to it until now. 11g is probably the first release that doesn't really many new features; no, before you send me angry e-mails hear me out :)
Take a look at the new features list. What do most of these features do? Easy, they just make the most out of the fairly old but totally outstanding REDO and UNDO management in Oracle. Why not use what we already got? Ok, some things are totally new features like the improved partitioning and new data types for the medical and life-sciences industry.

Partitioning and compression
The coolest things in 11g is probably the VLDB features for partitioning and compressions, can really reduce storage costs (at the same time as storage costs are plummeting with the competition from iSCSI). It is now possible to create "automatic" partitions, i.e. instead of adding a partition every month with DDL when doing a bulk load Oracle can automatically partition the table as per predefined rules. Pretty cool and saves a lot of time.

Direct NFS
Another pretty cool feature, at least for me as I'm using a lot of Netapp NFS storage, is the Direct NFS client in Oracle (Linux). Switch to the direct NFS lib and Oracle will do NFS ops outside the Linux kernel, which removes the NFS caching layer and kernel block device mapping etc. Gives a quite massive performance increase on some workloads. This is what I'm playing most with at the moment.

Data Guard
Lots of new cool stuff for Data Guard. Most significantly is probably the fact that you can have an open standby, available for real-time queries such as reporting applications and other read only operations. In fact, you can even open a Data Guard instance in read-write mode and mess about with it and later just flashback to a SCN where the db was in sync with the Data Guard master db and just roll forward to the current SCN using the normal FAL services. How sweet isn't that for DR testing and schema change testing. DR testing during live operations, that's a couple of late nights saved.
Other new data guard features include redo shipping compression, the normal improvements to the DG broker, sqlplus manageability etc.


Workload replay
Another thing that is really useful for deployment testing and change control is the database replay feature, one can "record" all transactions over a period of time and replay them after a change has happened to ensure performance and functionality has not degraded.


Improved ASM features.
You can now bring online a replaced drive and new writes will go directly to the drive while Oracle sync data from a redundant mirror in the background. Reduces resync time quite a fair bit.

PL/SQL
Couple of improvements to plsql;
Use of sequences in declares.
Real compound triggers.

New data types
Not really my thing but probably useful for a lot of people.
Spatial and multimedia support for medical imaging, life-sciences and other fairly odd things. :) Docs here.

A couple of minor things have changed as well, the alert log lives in a new place (with it's buddies in the new diag system), the logging levels in the alert log can now be adjusted as well (got a blog entry about that in a couple of days).

Lots of fun things to play with and to blog about.

Ah, almost forgot. Larry pulled a version hack on us again. As some of you may now there was never an Oracle Version 1 release, the first version was called 2 since Larry Ellison didn't think anyone would buy version 1. The first (public) 11g release is 11.1.0.6

Back from vacation

Peter Khos - Sun, 2007-08-19 12:25
It has been a blast for me, taking two complete weeks off work and with "limited" access to the Internet although I have my Blackberry. I came back to over 2000 email messages in my work inbox with around 440 of them being meaningful, the rest were either alerts or notification messages.I'm now busy trying to catch up on news (the pile of newspaper) and also what is happening in the Oracle Peter Khttp://www.blogger.com/profile/14068944101291927006noreply@blogger.com0

Mike Shaw's 10 Tips for protecting your 'APPS' password

Madhu Thatamsetty - Sat, 2007-08-18 02:37
10 Tips for protecting your 'APPS' password - is a very nice post by Oracle Corp - Mike Shaw. Out of the 10 tips in the post by M.Shaw, #7 & #10 are my favourites.#7. Ensure no processes are running with APPS username/password in command line - This is very important as Apps DBAs are always tempted to use sqlplus apps/apps-password at unix command prompt. Any other users who are not supposed to Madhu Sudhanhttp://www.blogger.com/profile/11947987602520523332noreply@blogger.com4

Upgrading Application with Forms Patchset 18

Madan Mohan - Fri, 2007-08-17 10:28
Action Plan for Forms Patchset 18 Upgrade (4948577)


1. Take a backup of the the Printer File.

If you have customized the printer configuration file located in ORACLE_HOME/guicommon6/tk60/admin/uiprint.txt with your printer definitions, you will have to redo the configurations after applying the Developer 6i patch. Your previous uiprint.txt is backed up as $ORACLE_HOME/guicommon6/tk60/admin/uiprint.txt.PRE_P4948577

cp $ORACLE_HOME/guicommon6/tk60/admin/uiprint.txt $ORACLE_HOME/guicommon6/tk60/admin/uiprint.txt.PRE_P4948577

2. Apply the Main Patch 4948577
3. Apply the Apps Interop Patch 4888294 ----11i Patch


Apply the Additional Patches

a. Apply the Patch 4968700

To apply this patch, please follow the steps below:

1) Stop your web listeners and Forms Server.

2) Make a patch directory for this bug, and put your patch files in it:
% cd $ORACLE_HOME
% mkdir bug5034714
% cd bug5034714
% cp bug5034714.zip to $ORACLE_HOME/bug5034714
% unzip bug5034714.zip

3) If you don't have genshlib in $ORACLE_HOME/bin directory then copy this
file over there.
% cp genshlib $ORACLE_HOME/bin
% chmod ug+x $ORACLE_HOME/bin/genshlib

4) Copy your original objects in case you ever need it:
% cd $ORACLE_HOME/lib
% cp libiffw.a libiffw.a.pre5034714
% cp libiwfw.a libiwfw.a.pre5034714

5) Archive objects into the libraries:
% ar rv libiffw.a $ORACLE_HOME/bug5034714/iftm.o
% ar rv libiwfw.a $ORACLE_HOME/bug5034714/iwit.o

6) Generate the shared libraries:
% cd $ORACLE_HOME/lib
% $ORACLE_HOME/bin/genshlib iwfw 0
% $ORACLE_HOME/bin/genshlib iffw 0

7) Generate forms executables
% cd $ORACLE_HOME/forms60/lib
% make -f ins_forms60w.mk install

Note: If you are an Oracle Applications customer, please also run adrelink.
E.g. to relink f60webmx for Oracle Applications:
% adrelink.sh force=y "fnd f60webmx"

8) Restart Forms server and Web listeners.


b. Apply the Patch 4261542.

Installation instructions for Apps customers
--------------------------------------------

[Part 1] Shut down the listeners and copy the patch files

1. Stop your web listeners and Forms Server.

2. Make a patch directory within your 6i ORACLE_HOME and unzip this file
within it to create a new subdirectory. You will be able to see the
folder 4261542 which contains the actual one-off files.

%cd $ORACLE_HOME
%unzip p4261542_600_GENERIC.zip


[Part 2] Unzip the java class files and regenerate your JAR files

3.Backup the Forms class files, i.e.$ORACLE_HOME/forms60/java/oracle/forms/handler/AlertDialog.class
%cp -r $ORACLE_HOME/forms60/java/oracle/forms/handler/AlertDialog.class
$ORACLE_HOME/forms60/java/oracle/forms/handler/AlertDialog.class.PRE_BUG4261542
%cp -r $ORACLE_HOME/forms60/java/oracle/forms/engine/Main.class
$ORACLE_HOME/forms60/java/oracle/forms/engine/Main.class.PRE_BUG4261542



4. Inside folder 4261542 in step-2 has class files in oracle\forms\engine directory.
Copy this file into ORACLE_HOME/forms60/java/oracle/forms/engine
%cd $ORACLE_HOME/4261542/oracle/forms/engine
%cp Main.class $ORACLE_HOME/forms60/java/oracle/forms/engine/Main.class
%cd $ORACLE_HOME/4261542/oracle/forms/handler
%cp AlertDialog.class $ORACLE_HOME/forms60/java/oracle/forms/handler/AlertDialog.class


5. Make sure that you have set up custom certificates for JAR file signing.
Run adadmin administration utility. Select the "Maintain Files" option
and then the "Generate JAR Files" sub-option.

6. Spot check that the JAR files have been generated by verifying the timestamp.

[Part 3] Restart the listeners

7. Restart the Forms Server.

8. Restart the web listener serving Forms Applets (e.g. Apache or WebDB 2.2).


c. Apply the Patch 5216496.

- Not Availbale for HP TRU64.


STEPS INVOLVED in PATCHING

STEPS Involved in patching
***************************

1. Install the Developer 6i Patch

2. Install the Additional Developer 6i Patches

3. Relink Applications Executables on UNIX Platforms


You can relink these executables by running adadmin
When the Main Menu appears select 'Maintain Applications Files Menu' and then select 'Relink Applications Program'
Answer the questions below as follows, in order to select the individual executables for relinking.

Enter list of products to link ('all' for all products)[all] : fnd
Generate specific executables for each selected product [No] ? y
Relink with debug information [No] ? n

(You will then be offered a list of executables that are available for relinking)

Enter executables to relink, or enter 'all' [all] : f60webmx ar60run ar60runb ar60rund *

* In a multi-node configuration, not all these executables exist on each node. The list of executables will show those that do exist on the node you are currently running on, and only those should be entered to avoid errors.

Refer to the Maintaining Oracle Applications manual for more information on how to use the AD Administration Utility or AD Relink Utility for relinking executables.


4. Apply the Oracle Applications 11i Interoperability Patch


5. Verify your upgrade

Verify that the fndforms.jar and fndewt.jar JAR files have been rebuilt by checking the timestamp for both files in the $OA_JAVA/oracle/apps/fnd/jar directory. If the timestamp is not current and the previous steps completed successfully, run the AD Administration Utility (adadmin), select Maintain Applications Files, then select Generate Product JAR Files. Do not force the regeneration of all JAR files. Again, verify that the fndforms.jar and fndewt.jar JAR files have been rebuilt by checking their timestamps again.
If your JAR files are still not updated, verify all the prior steps, and the Known Issues section below.
If you have applied Developer 6i Patch 6 or above, verify that the PL/SQL version installed is 8.0.6.3.x. You can run '$ORACLE_HOME/bin/f60gen help=y' to display various component versions. (If the version shown is still 8.0.6.0.x please refer to Metalink Note 191573.1 )
For Microsoft Windows platforms, look under Control Panel - Services to see if additional Forms and Reports services were added. If so, disable the new ones by pressing the Startup button, and setting the Startup Type toDisabled.


6. Start the Forms, Reports, HTTP, Concurrent Manager Servers

a. Stop the Forms Server process.

b. Add the following environment variable to the 'Oracle Forms 6.0 environment variables' section of
your '$APPL_TOP/< SID >.env' file as;

FORMS60_RESTRICT_ENTER_QUERY="TRUE"
export FORMS60_RESTRICT_ENTER_QUERY

c. Source the environment, then restart the Forms Server process

The McKinsey Quarterly - Beyond manufacturing: The evolution of lean production

Chris Grillone - Thu, 2007-08-16 11:13
"Many nonmanufacturing sectors are rapidly adopting lean techniques. Soon they will no longer be a differentiating factor in themselves; the important thing will be how well you implement them."

Implement with Oracle Flow Manufacturing!

http://www.mckinseyquarterly.com/article_abstract_visitor.aspx?ar=2033&l2=1&l3=24&srid=17

Code For Freedom - Calling all India colleges

Siva Doe - Wed, 2007-08-15 15:09

Well, the timing cant have been better. On the day India celebrates her 60th year of independence, Sun India has announced Code For Freedom.

Wish this happened when I was still in my college (Anna University) so that I can participate in this event. Any one remember what was the name of the x86 OS that Sun (interex???) had before the Solaris  x86 port? Well, Anna Univ had that and I had done my project on that box.

Good luck to all the participants!!
 

vi for Apps DBAs

Madhu Thatamsetty - Wed, 2007-08-15 08:33
I intend to start of my first Blog with "vi for DBAs". I used to receive queries ( not sql queries :) ) from fellow DBAs on how to search and replace in "vi". A collection of complex (which I think are) search and replace commands of vi that I came across are summarized below. These commands are useful for DBAs in their day-to-day Administration. #1. Once upon a time a user sent Madhu Sudhanhttp://www.blogger.com/profile/11947987602520523332noreply@blogger.com6

Speed Bumps

Mary Ann Davidson - Tue, 2007-08-14 12:15

Summertime tends to be the time of year when people naturally slow down. (In some cases, it is because of absolutely unbearable heat -- who wants to move fast when it's 98 degrees out?) Summer is the season when you take vacations, change gears and get away from work. You realize there is a big wide world out there that comes to you through other vectors than email and the Internet. Even if you are working, there are a lot of distractions, like warm summer nights, sun-dappled days for bike rides, warm water and late sunsets for surfing. Summer is just one big speed bump telling you to slow down, observe, to pay attention to something other than the daily commute. You need those speed bumps.


 


I was out surfing recently at my usual surf habitat in Pacifica. Normally, you catch a wave, the face slopes; you slot into it and keep riding the face of the wave. My best surfing buddy, Kerry, calls me "the Queen of Trim," because when I catch a wave, I am really good at finding the absolutely right spot on the board to keep it in perfect trim: slotted into the wave so I can keep riding until there is no more wave. In my opinion, "kicking out" before the ride is done is the 8th deadly sin and a waste of a perfectly good wave.


 


The local surf break I frequent has a bit at the north end of the beach that's kind of steep, so depending on the tides, you may be riding in and find that you meet the backwash of the previous wave -- or two. Those backwash bumps are really a surprise when you hit them, because you end up riding UP the back of a wave and down the front again, sometimes more than once. Fun. Strange. Shakes up the surf session. Surfing is not, in general, supposed to be like riding a roller coaster. Except when it is. You remember not to surf on autopilot or you will wipe out when you hit the "speed bump." It's the ocean's way of getting you to pay attention.


 


Some of the speed bumps I get are in my inbox: I hear from people I haven't heard from in awhile, I end up being distracted from my "regular work," only the distraction turns out to be pretty important. I got an email recently from a colleague and friend -- Jaime Chanaga. I was impressed with Jaime the first time I met him (I think we were on a panel together at some security-fest or another). Jaime is among the few -- the very few -- who, as a CISO several years ago was already putting questions in his RFPs asking about the kind of care his vendors took in the way they built security into products.


 


Anyway, Jaime recently emailed me with a PPT he had done on security excellence, which, in my own nosy parker way, I suggested he turn into a blog (he did). His security excellence principles include things like valuing people and leading with integrity. Why is his blog a good speed bump? Because you could read an endless procession of Management Tomes without ever finding useful advice like this. His advice is good, solid, and timeless. I know this because I spent two years getting an expensive graduate business degree from Wharton and I am not really sure that most people there know or care about the difference between management and leadership. (Unfortunately, too many people who espouse "principle-centered leadership" -- or whatever the latest business buzzword is -- are not practitioners of it: "look after people" really means "look after (self; by using) people."


 


Since I know him, I can say with confidence that Jaime practices what he preaches. His suggestions for security excellence are good reminders for those days when you are feeling like crankily cutting corners with people you work with or who work for you. Thank you, Jaime, for a speed bump reminder -- your email -- that being a decent and good person of high integrity is among the most valuable business skills there are, for security gurus and others. (These principles are mom-approved, too.)


 


I am playing fast and loose with the term "speed bump," but I would like to extend it to various other cautionary signs that admonish some attention on the road from where you've been to where you are going. I add that some of these signs have real meaning here in Idaho.


 


"Game crossing," for example, does not mean a bunch of geeks with X-boxes are likely to cross Highway 20, no sirree. Not only do "Game Crossing" signs in Idaho mean that herds of critters -- like elk -- move along various corridors that cross highways, the state of Idaho adds a flag to the Game Crossing signs during the seasons when the animals are most active. It's Idaho Fish and Game's way of saying, "Pay attention: we really mean it!" I just read a blog entry by the former police chief of Hailey, Idaho talking about near misses with large critters. His theory is that suicidal and vengeful deer cross the highway to target people who have hunting licenses. (I feel compelled to add that Brian's blog entry provides a far better sense of a road trip across America than most anything else I have read.)


 


Game crossing signs, aside from mitigating the risk of "bull elk as unwanted hood ornament," do help you slow down and look at the scenery, which in Idaho is pretty spectacular. On the road from Boise to Ketchum, I've seen elk, moose, deer, antelope, peregrine falcons (Idaho is the home of the World Center for Birds of Prey, and has done more than any other state to help bring the peregrine falcon back from near-extinction), coyote, skunk, owls, porcupine, sand hill cranes, and foxes. There are wolves in the northern part of the Wood River Valley, though I've never seen them. Only last night, I saw a mother mule deer and twin fawns crossing Sun Valley Road at dusk. I hope I never get jaded at seeing such amazing animals. (It sure beats doing that 512th email of the day.)


 


The other speed bumps that really mean something around here are the fire warning signs. This summer has been unusually hot, dry, and windy. A perfect (fire) storm. Large parts of the west are burning, in some cases because of lightning strikes, in other cases because of stupid and careless individuals. A sign in a campground that says "No Campfires" means no campfires. "Please do not set off illegal fireworks," means it, too. The first fire of the summer here in Blaine County burned one of my favorite walks in Sun Valley -- Trail Creek. The entire mountain is blackened and looks like a moonscape. All because someone carelessly set a fire during high burn conditions. If you are camping or hiking in the west this summer, be careful, folks. Fire warning signs really mean something this year and there is no Undo button if you get it wrong.


 


Since I happily set up a topic on cautionary notes/speed bumps, I am going to add one myself, and it goes to the always contentious, World-Wrestling-Federation-has-never-seen-anything-like-it area of how to handle security vulnerabilities. I'm going to avoid the pothole -- for now -- of responsible disclosure vs. full disclosure except to note that, like everything else in life, there is no perfect disclosure policy that optimizes on all parameters. And in fact, there are no perfect patching policies, either. Only in Never- Never Land or Oz can you patch every single security vulnerability of every single severity in real time on all affected versions such that patch application is real time and perfect, too. That should be obvious -- when we get into these discussions -- but it isn't.


 


The gritty reality is that life is constrained. No company or organization or individual has infinite resources ("resource" includes time, expertise, people, pretty much anything that you need to effect positive change but doesn't grow on trees). By definition, something that is not infinite or free  -- or both -- is constrained. For example, I don't have to pay to use the ocean, but my surfing is constrained by the number of other people out in the water, the time between swells (sometimes it's a good 20 minutes between waves, some days it's more like "catch a wave, paddle out, catch another wave right away, come in after 45 minutes because you are exhausted") and so on. Even surfing is constrained because while there are an infinite number of waves -- over time -- there are only so many during the time I am out surfing and each wave holds two people at most.


 


We shouldn't always attribute evil motives to the fact that organizations live with constraints. Constraints affect both vendors and their customers. Vendors cannot always create patches for every single issue on every single old version of product (sometimes, a fix would require an architectural change, which we all know can't happen on old products in all cases since architectural fixes aren't always backportable). Constrained resources also apply to the companies who apply patches. At a minimum, companies need their systems to be up some reasonable amount of time so that people can work (one reason that companies really, truly hate taking systems down for "emergency fixes" unless it's truly an emergency -- and not a manufactured emergency, either).


 


Even if a vendor could create the equivalent of The Security Patch That Ate Cleveland (e.g., a patch that includes fixes for all security vulnerabilities from the beginning of time), the amount of work for a customer to actually apply The Security Patch That Ate Cleveland is equivalent to upgrading to a new product version (containing all those fixes already), which many customers do regularly for other reasons. Living with constraints mean that as a vendor, you sit around and try, within some basic principles, to figure out how to do the most effective good for the most people. It doesn't mean doing the minimum and hoping nobody notices, but it does mean weighing a lot of different factors in trying to make the best use of time and people to protect the most customers you can in the most cost effective way for them.


 


Small digression: this is a good time to give a quick recap of the amount of work that does go into fixing security issues, which is why we continue to work to avoid these problems in the first place (through coding standards, better vulnerability testing tools, process improvements, and so on). So, here goes: Oracle has multiple large product stacks, each of which has multiple supported versions, each of which runs on multiple operating systems (the last major release of the Oracle database alone shipped on something like 19 OSs). The stacks are interdependent (for example, Oracle eBusiness Suite runs on Oracle Application Server and the Oracle Database).  And of course, we have made many product acquisitions that also have "other Oracle product" dependencies.


 


In short, it's not enough just to fix a product problem where it occurs, you need to make sure it does not break something else that depends on the product, otherwise the "fix" is useless to a customer. And of course, all the moving parts (patches) across the company have to come out on the same day, because you don't want customers bringing down, for example, Oracle Application Server one week to apply an Oracle Database (client-side) patch, the second week to fix an Oracle Application Server bug, and the third week to patch some Oracle Collaboration Suite components that run on the middle tier. The interdependencies, time constraint (we have a fixed delivery date that can't move) and "ripple" effect are the main reason why fixing a security issue is something measured on a calendar, not a stopwatch. I try to explain this in terms of the well-known Mastercard ads:


 



  • Two line code change fixing security bug -- 20 minutes
  • Finding all similar/related bugs, on all affected product versions, fixing them, thoroughly testing the fix across all versions and product dependencies -- 3 months
  • Handing customers a fix that doesn't break anything else --priceless

Where does this leave us? With a speed bump that says, in effect, newer versions of products -- almost any vendor's products -- are probably, all other things being equal, "more secure." This seems obvious, but it is worth stating. Vendors -- most of us -- know more about secure development and secure coding than we did even three or four years ago. Newer products reflect that. Also, even if we can't fix every single security issue on old product versions, we certainly are going to fix it in new versions. Preferably, as soon as we can because it is just good business and common sense to do this.


 


I think I should pause now and comment on a predictable screaming point -- the idea unfortunately -- but widely -- promulgated that all security issues should be fixed at exactly the same time for everybody. If they aren't, the conventional wisdom goes, the vendor is being evil-minded towards their customers.


 


With all due respect, that is a lot of hooey, for reasons that should be obvious.


 


Suppose I am a developer building a housing development containing 100 houses. Suppose also that 20 houses into my development, I realize that I have a problem with leaky bathroom sinks. In fact, it's systemic enough that I need a different sink to be dropped in. I can't just fix the leaks -- I need to swap out the sink. I have several choices here:


 


n      I can finish the 80 other houses with the old leaky sinks, so everybody's house is equally leaky. Then, I rip out 100 sinks and retrofit them all at the same time. In the construction business (and I know this because I used to work in construction) this option is called "How Dumb Can You Be?"


 


n      I can use the new sinks in the next house I build (number 21) and in the rest of them (houses 22-100). I can then go back and fix the 20 houses with the old bad sinks. We can argue about the exact timing of who, in houses 1 through 20, gets the new sinks when, but one thing that is clear -- if I am just about to drop a bathroom sink into house number 21, and I have a chance to put a WORKING sink in that doesn't leak, that's what I should do. Having 100 flooded bathrooms to prove a principle of equality is a recipe for being out of business. It's also really dumb, expensively so, for everybody.


 


Note that I am not disputing that maybe, the sink design should have been reviewed earlier, or more carefully. Or that the contractor should learn from the sink problem so new housing developments have better sinks (maybe the architect was at fault, or maybe the contractor had a bad supplier). These are all good points, and valid ones. But the reality is, and I also know this from working in construction, there is just no such thing as a building that goes up with absolutely no change orders (contract modifications due to something needing to be fixed during construction). I spent about 80% of my first job in the Navy negotiating change orders to construction contracts, and about 20% of my time managing the actual contracts. And I had mostly good architects, good engineers, and good contractors.


 


Oracle has tried to optimize fixing critical -- and we mean critical -- security issues in reasonably consumable chunks, four times a year for people on older product versions. We call these "critical patch updates." I also note that we actually fix security issues going forward (in new versions and patch sets) FIRST. This means, all things being equal, newer versions and patch sets have more security fixes, and generally have them sooner. We do this because, if we have a product train leaving the station, and there is a critical security problem, it makes sense -- and protects customers best -- if we get that critical issue fixed going forward if we possibly can. We bundle many -- but not all -- security fixes into critical patch updates and release those four times a year. Because of the amount of overhead in fixing, backporting, testing and integrating combined fixes, it means that there may be and often is a time lag to get a fix into older product versions (which is when we announce the fix -- when a patch goes out for those older versions). Just like the folks in houses 1-20 might have to wait to get new sinks (while people in houses 21-100 don't have that problem). It's not a perfect solution, but it is better than not fixing anything going forward to the point that everybody ends up having to install the The Security Patch That Ate Cleveland.


 


The most unpleasant conversations I ever have with customers, and I have had several of these, occurs when a customer has never applied any security fixes (in the days when we did security alerts) and is running on a version that was (at that time) long out-of-support. (Even with new support models we've put in place, we do not issue security alerts or CPUs for all versions.) The customer is now running on what can only be construed as an archeological version of product (as in, Oracle7 or Oracle 7.2, and I am not making that up), and yet it is a mission critical application. The customer wants to know if they are "at risk" from unpatched security vulnerabilities. I think I can safely say that they are. And I have. I also tell them that we do not do security analysis on out-of-support versions of product, but in many cases an issue we are fixing (via a critical patch update) has been in code awhile and probably does exist in the really old, out-of-support product version.


 


I know people like nice, stable versions of product; who doesn't? (I drove a Honda CRX for 17 years and only got a new car since the Honda was coming up on 300,000 miles and I couldn't retrofit cup holders into it.) But I tell customers they need to plan on some regular maintenance, and -- all things being equal -- newer versions of product are more secure. If I had to put this into rote form, it would be: "Dear customer: it is in your interests to upgrade from time to time, because we cannot fix every single security issue of every single severity on every single old version. Nobody can. We try as best we can to protect the most customers to the best of our ability. Part of that also means making newer versions better. Please don't move to the second-from-oldest supported version to 'get current,' please move to the latest and greatest product version if you possibly can."


 


I offer the above as my own speed bump -- a chance for people racing along the highway of security and in particular, security vulnerability handling to stop, look, observe, and slow down.


 


For more information:


 


Jaime Chanaga's good advice on security leadership (July 16 blog entry):


 


http://blog.csoboard.com/cso/


 


The Hailey, Idaho (former) police chief's blog on Vengeful Deer, Jesus and Bob and Big Water:


 


http://blog.sunvalleyonline.com/index.php/msg-from-the-chief/1906/


 


Pictures of the Trail Creek fire:


 


http://www.sunvalleyonline.com/news/article.asp?ID_Article=3681


 


The World Center for Birds of Prey:


 


http://www.peregrinefund.org/world_center.asp


 


The release of the new Idaho quarter (with a peregrine falcon on it!):


 


http://www.doi.gov/news/07_News_Releases/070803.html


 

Platform Migration from Sun-Solaris to HP-UX PA RISC

Madan Mohan - Tue, 2007-08-14 10:22
Pre-requisites
***************

Source
-------

----> For Customer Specific patch

1. Apply the Platform Migration patch 3453499 (ADX.F)
2. Make sure you have zip2.3 installed on Source Machine
3. Generate and upload the manifest of customet specific files.
- Log into source as applmgr user and source the APPL_TOP environment file.
- Generate the customer specific file manifest by executing the below command.It
generates the file adgenpsf.txt under $APPL_TOP/admin/$TWO_TASK/out

- perl $AD_TOP/bin/adgenpsf.pl
4. Go to http://updates.oracle.com/PlatformMigration and use your metalink username
and password and follow the instructions on the screen to upload the manifest
file "adgenpsf.txt" which was created in step3.

----> Foe export / import

5. Apply the AD minipack F 2141471 (conditional).
6. Apply the Applications consolidated export/import utility patch 4872830.
7. If source is on 11.5.7, then apply the materialized views patch 2447246.
8. Apply latest Applications database preparation scripts patch 4775612.
9. Identify the Global_name
- select global_name from global_name;
10. create the export parameter file "exp_parameter.dat



Target
-------
1. Run the Rapid Install to create the 9.2.0 Home withour database portion.

Cost Allocation flexfield and Costing process

RameshKumar Shanmugam - Mon, 2007-08-13 17:40
Following are the important Key flexfield in HR and Payroll

HRMS

  • Job Flexfield
  • Position flexfield
  • Grade Flexfield
  • People Group
  • Cost Allocation
  • Competence Flexfield
  • Personal Analysis Flexfield
  • Soft Coded KeyFlexfield
Payroll

  • People Group Flexfield
  • Cost Allocation Flexfield
  • Bank Details KeyFlexField
Setting up of Cost allocation flexfield is an mandatory setup step for the Payroll Setup

Cost allocation Flexfield is used to accumulate the employee costing information, if we use Oracle Payroll we can accumulate the cost associated with the payroll and transfer to GL and if we are not using Oracle Payroll we can able to interface the costing information to the third Party Payroll system

Few important points which should be taken care before creating the Cost allocation flexfield.

  • If we are planning to integrate with the GL, then the number segment in the cost allocation flexfield should be same or more than the accounting flexfield.

  • We should atleast have one segment for the cost allocation flexfield otherwise will run into error when defining payroll or in other form which is having this flexfield

Cost Allocation flexfiled makes use of qualifiers, we can use the segment qualifiers to control the level at which the costing information can be entered in the system.the various level at which we can cost are

  • Element entry
  • Assignment
  • Organization
  • Element Link
  • Payroll

If the element is not costed at any level then the final costing information will get accumulated in the suspense account which is defined in the payroll form.

Use the GL Map window to map the cost allocation flexfield with the GL Accounting flexfield, we should map each cost allocation segment with the GL Segment for each Payroll. for the addition segment in the cost allocation flexfield should be mapped to 'Null'

Following are the process that you need to run for transferring the costing information from Oracle to Payroll

  • Costing process
  • Costing of Payment
  • Transfer to GL

Try it out!!!

Categories: APPS Blogs

SPAM

Herod T - Mon, 2007-08-13 14:04
Due to the LARGE amount of spam this blog is getting, I am going to switch comments to registered bloggers only. Sorry all, but I have had enough of deleting the SPAM posts. Death to all spammers.

Oracle Flow Manufacturing is gaining referenceable early majority customers

Chris Grillone - Mon, 2007-08-13 13:43

Oracle Flow Manufacturing is crossing the chasm of the technology adoption life cycle and gaining referenceable customers in the early majority. An extremely detailed market analysis was conducted to prioritize the next enhancements to Flow.


Pages

Subscribe to Oracle FAQ aggregator