Feed aggregator

Oracle Midlands User Group May 2014 Meeting

Stephen Booth - Thu, 2014-05-01 07:59
On 20th May 2014 Oracle Midlands User Group will be hosting a couple of talks by Christian Antognini.  For full details see: http://oraclemidlands.com/ The first talk covers adaptive query optimisation in Oracle 12c and how it can be used to ensure that the query optimiser generates better plans more often.  The second talk delves into the internals of row chaining and migration. The venue is: Stephen Boothhttps://plus.google.com/107526053475064059763noreply@blogger.com0

April 2014 CPU

Paul Wright - Tue, 2014-04-29 17:54
Hi Oracle Security Folks, Thanks to Oracle for fixing a batch of research I sent over in August 2013 regarding ADVISOR, DIRECTORIES, GAOP(GRANT ANY OBJECT PRIVILEGE) and also a critical privilege escalation which gains 8.5 in the CPU which I am not going to publish here as I want to give folks time to patch. [...]

Learn GoldenGate – The Index

VitalSoftTech - Tue, 2014-04-29 08:51
Learn about GoldenGate Extract, Pump, Replicat, GGSCI, Logdump, Troubleshooting and Upgrade.
Categories: DBA Blogs

Nationwide Deploys Database Applications 600% Faster

Pankaj Chandiramani - Mon, 2014-04-28 04:37

Nationwide Deploys Database Applications 600% Faster

Heath Carfrey of Nationwide, a leading global insurance and
financial services organization, discusses how Nationwide saves time and
effort in database provisioning with Oracle Enterprise Manager

Key-points :

  1. Provisioning Databases using Profiles  (aka Gold Images)

  2. Automated Patching

  3.  Config/Compliance tracking

Categories: DBA Blogs

EMCLI setup

Pankaj Chandiramani - Mon, 2014-04-28 03:15

A quick note on how to install EMCLI which is used for various CLI operations from EM . I was looking to test some Database provisioning automation via EMCLI and thus was looking to setup the same . 

To set up EMCLI on the host, follow these steps:
1.    Download the emcliadvancedkit.jar from the OMS using URL https://<omshost>:<omsport>/em/public_lib_download/emcli/kit/emcliadvancedkit.jar
2.    Set your JAVA_HOME environment variable and ensure that it is part of your PATH. You must be running Java 1.6.0_43 or greater. For example:
o    setenv JAVA_HOME /usr/local/packages/j2sdk
o    setenv PATH $JAVA_HOME/bin:$PATH
3.    You can install the EMCLI with scripting option in any directory either on the same machine on which the OMS is running or on any machine on your network (download the emcliadvancedkit.jar to that machine)
java -jar emcliadvancedkit.jar client -install_dir=<emcli client dir>
4.    Run emcli help sync from the EMCLI Home (the directory where you have installed emcli) for instructions on how to use the "sync" verb to configure the client for a particular OMS.
5.    Navigate to the Setup menu then the Command Line Interface. See the Enterprise Manager Command Line Tools Download page for details on setting EMCLI.

Categories: DBA Blogs

APEX 4.2 Best Practices Training am 26.05-28.05.2014

Dietmar Aust - Sun, 2014-04-27 07:41

Wußten Sie schon, daß in APEX 4.2 alleine 130 neue Features implementiert wurden, die uns Entwickler SOFORT produktiver werden lassen und das Leben erleichern?

Auch wird jedes Release von APEX immer sicherer, es kommen immer wieder neue Security Features hinzu.

Das alles hilft uns jedoch nur, wenn wir diese Features überhaupt kennen und optimal einsetzen!

Seit 2006 bauen wir jeden Tag Applikationen mit APEX für unsere Kunden, ja genau - an jedem Tag! Na ja, vielleicht nicht am Wochende für unsere Kunden ... dann aber für die APEX Community ;).

Mobile Endgeräte, HTML 5, mehr Dynamik mit JQuery und Dynamic Actions, einbruchssichere Applikationen und REST Webservices werden immer wichtigere Themen, die man als Entwickler einfach kennen sollte.

In unseren Kursen haben wir schon über 200 APEX-Fans die besten Herangehensweisen, Tipps und Tricks beigebracht. Durch die Hands-On Übungen vertiefen wir diese und Sie können diese sofort einsetzen ... oder Sie schlagen sie nach ... wenn Sie sie später brauchen ;). Aber auf jeden Fall wissen Sie nach dem Kurs, was möglich ist!

Wir beide (Denes und Dietmar) haben schon alles mit APEX ausprobiert und auch schon alle Fehler gemacht! Nehmen Sie die Abkürzung und lernen Sie gleich, was sich immer wieder bewährt hat ... weil es funktioniert!

Mit jedem Release gibt es neue Features und auch wir passen unser Vorgehen immer wieder an - weil es sich einfach lohnt!

Wenn Sie Ihre Kenntnisse in der APEX Entwicklung auf das nächste Niveau bringen wollen, dann melden Sie sich am besten gleich an:
  1. Klicken Sie auf den Link "Anmeldung zum Kurs".
  2. Tragen Sie Ihre Anmeldedaten ein und klicken Sie auf den Button "Anmelden".
  3. Sie bekommen sofort eine Bestätigungs-Email zugeschickt.
  4. Sobald Sie in der Email auf den Link zur Bestätigung klicken, haben Sie Ihren Platz gesichert und sind auf jeden Fall dabei!
Anmeldung zum Kurs

P.S.: Wir haben es sogar, geschafft, Carsten Czarski für unseren Kurs zu gewinnen! Wir werden mit ihm mobile Applikationen bauen und er wird uns seinen Geolocation Showcase im Detail zeigen, die Packaged Application, die er für das APEX Team entwickelt hat und die mit APEX 4.2.5 weltweit ausgeliefert wird, sehr cool!

P.P.S.: Die vollständige Agenda und weitere Infos zum Kurs gibt es online in der Kursbeschreibung.

The people behind the NoCOUG Journal

Iggy Fernandez - Fri, 2014-04-25 13:53
Now in its 28th year, the NoCOUG Journal is the oldest Oracle user group publication in the world. No other small user group in the world has a printed journal. Most large user groups do not have printed journals either. But little NoCOUG does. I am the editor of the NoCOUG Journal and—I must confess—I get sad when I see […]
Categories: DBA Blogs

Don't Fear the EM12c Metric Extensions

Don Seiler - Fri, 2014-04-25 11:24
A few weeks ago, our customer support team asked us to automate part of their checklist that looks at the number of active sessions in our production database. In EM12c, this seemed like a no-brainer with the Average Active Sessions metric. So I added this to my production incident ruleset and went back to another project. Over the next few days we'd get pinged by EM12c but the support folks would say it shouldn't. After taking a look we realized that we should be looking at USER sessions, excluding the BACKGROUND sessions Oracle creates to run the instance (like DBWn and LGWR).

The trouble was that I couldn't find a metric for just the user sessions. I had resolved myself to having a scheduler job or script run the SQL that I wanted and send an email if it was over my critical threshold. On a whim I put a message out to twitter, and thankfully my friend Leighton answered. He suggested I look at adding a metric extension, something still foreign to me. I had seen the term in the EM12c interface but it sounded like some kind of plugin interface. Turns out it's simply another way of saying "user-defined metrics". Honestly, if they were labelled that way I would have started playing with them much sooner (subtle criticism).

So a quick search turned up a great video that showed just how simple it was to create a metric extension based on a SQL query. In just a few minutes I had the metric extension created, tested and published. You can create many different types of metric extensions all target types, but in my case a simple SQL query for a database instance was all I needed:

select count(*) from v$session
where type='USER' and status='ACTIVE';

I then define the warning and critical thresholds for the count and it's done! I added it to my ruleset (removing the stock Average Active Sessions metric) and haven't looked back.

Since then I've created a few other metric extensions, for example a standby lag check on a standard edition physical standby. My only regret is not taking the time to learn about these sooner. I suggest anyone using EM12c do so sooner rather than later.
Categories: DBA Blogs

First ORCLAPEX New York City Meetup

Marc Sewtz - Thu, 2014-04-24 09:00
We’re excited to announce the first ever Oracle Application Express Meetup in New York City. Join us on May 23rd at the Oracle office at 120 Park Ave – right across from Grand Central. Meet other APEX developers working in the area and see what’s coming in APEX 5.0. New to APEX? Don’t worry, we’ll get you up to speed and show you what this product is all about.

As a special guest speaker, we’ll have Peter Raganitsch, from Click Click IT Solution in Vienna, Austria - known in the community for the APEXlib framework and the FOEX plug-in - show us how to use friendly URLs with your APEX applications

Cycle4Sam 5 - Riding 1000km in 6 days for $100k for Women's and Children's Hospital

Steve Button - Tue, 2014-04-22 02:07

I recently participated in a week long charity bike ride called Cycle4Sam, where funds are raised to support the palliative care unit at the Women and Children's Hospital of South Australia.

The ride is conducted on a bi-annual basis in honour of young Sam Roberts, who sadly passed away from a rare genetic disease at the age of 4. His parents, Marty and Michelle and his siblings Lucy and Charlie, created the Sam Roberts Family Fund in order to raise funds and provide help for other families who find themselves in the same situation.

As the major fundraising effort, the Cycle4Sam ride sees a group of riders raise funds through sponsors to participate in a ride of 1000km. This years ride started on April 12th from the regional South Australia city of Renmark and finished back in Adelaide on April 18th, covering 1000km over 6 days of riding.

Day 1 was run as a loop of the Riverland region, taking in Loxton, Berry and a number of other lovely little towns on the way back to Renmark.  A small ceremony was held at the start to honour and remember Sam and other little children who are suffering in the same way.

Day 2 was a transit stage, riding from Renmark to a small town along the River Murray called Walker Flat.

Day 3 took in a loop of the iconic Barossa Valley region  through the towns of Sedan, Angaston, Tanunda, Mt Prospect and back to Walker Flat.  This day had some nice climbing with the Sedan Hill and Menglers Hill included as the main climbs of the day on the back of the generally rolling terrain of the region.

Day 4 was another long day, riding from Walker Flat to the southern beach town of Carrackalinga.  A planned stop at the Woodstock winery to meet up with another family who were afflicted in the same way as the Roberts saw the day come to a slightly unscheduled but much welcomed end, with a short'ish bus transit down to the final stay over.

Day 5 was a rest-day, or more accurately a non-riding day for those of us with kids, which had us taking the kids for a lovely bike ride along the beach front from Normanville to Carrackalinga, followed by a King of the Mountain event up the Latvian Climb.  Tough work for little legs but they all did superbly.

Day 6 was a loop around the Fleurieu Peninsula taking in the lovely back road around Parawa down to Victor Harbor, down to Goolwa and back to Port Elliot for lunch.  A summit of the Crows Nest followed, by a ride up the Myponga Reservoir climb, closing by a screaming descent down to Carrackaling and back to Normanville.

Day 7 was the final day and took us back to Adelaide through the McLaren Vale, Mylor, Aldgate Valley, Stirling and down the freeway, where we were escorted by the SA Police through to the grounds of the Women's and Children's Hospital.

As part of the closing celebrations, the Roberts Family presented the Women's and Children's Hospital with a cheque for $100,000 that was raised by the event.

I was in the company of an outstanding group of people performing an outstanding service for the community and I thank them all for the privilege of letting me share the event with them.

Get a plan to increase your confidence

TalentedApps - Mon, 2014-04-21 13:59


Cross Posted from my Personal Blog

I managed to get through high school and college never taking a second language, even in the ’80s this required advanced maneuvers through the academic handbook.  Why would I do this?  Was I against taking a language?

Nope.  I desperately wanted to take a language, but I lacked confidence.

The only language offered in my high school was Spanish, and I wanted to take French or Japanese (it was the ’80s).

Later, when I went off to college, my 17 year old scholarship self, decided I would be unable to keep my required GPA taking a language, given I was already four years behind.

Recursive logic indeed, especially when you factor in the fact that I had an above average memory and a crazy serious work ethic [seriously,  I was so much older then…].  Looking back on this with the benefit of hindsight, I can say confidently, that the odds of me not being able to handle the rigor of a 101 language course was exactly 0.

So when I read that women have a confidence gap, looking for perfection in themselves before putting their hands up for consideration for professional opportunity, I recognize we need to take this seriously.  Especially when we look at the incredibly slow pace of progress for women in senior leadership in the west (in retrospect maybe I was onto something by not taking Japanese).



So what to do?

I think it comes down to recognizing the need to have a strategy for being confident.  Being angry at men for being better at this than women, completely misses the point.

Confidence is a critical skill for professional success.  Odds are you could be better.

Work on it.

Some useful suggestions

  1. Get your body and your mind helping you by improving your inner monologue and Power Posing
  2. Get someone with perspective to help you compare your qualifications more objectively
  3. Do a better job recognizing that the fact that you are skeptical of your own qualification, is a sign of your competence

Don’t let a lack of confidence get in the way of your success, practice more, work harder, figure it out.

You can do this!





Oracle Linux 7 Beta 1 (fixed with CVE-2014-0160 with openssl-1.0.1e-23.0.1.el7)

Surachart Opun - Sun, 2014-04-20 00:35
Last post, I blog about Oracle Linux Beta 1 that I would like to learn more after it has changed to use Systemd targets. In this post, I just wanted to update for some people who have installed Oracle Linux 7 Beta 1 or have been testing it. On Oracle Linux Beta 1, that uses openssl version (openssl-1.0.1e-23.el7) and it's issue about CVE-2014-0160. Users can go Oracle Linux Early Access Downloads and download "openssl-1.0.1e-23.0.1.el7" to fix it.
Note: MOS note #1663998.1Version openssl-1.0.1e-23.0.1.el7  includes a fix backported from openssl-1.0.1gDownloaded openssl* packages and Updated.
[root@ol7beta ~]# rpm -qa |grep openssl

[root@ol7beta ~]# lsof | awk 'NR==1 || 0-/libssl.so.1.0.1e/'
COMMAND     PID   TID    USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
firewalld   488          root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
gmain       488  1511    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507          root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
gmain       507   677    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   679    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   680    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   682    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
master     1661          root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
qmgr       1681       postfix  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794          root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16821    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16822    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16823    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16824    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16825    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16826    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16827    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16828    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16829    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16830    root  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
pickup    17190       postfix  mem       REG              252,1    438896  134650208 /usr/lib64/libssl.so.1.0.1e
[root@ol7beta ~]#
[root@ol7beta ~]#
[root@ol7beta ~]# grep libssl.so.1.0.1e /proc/*/maps | cut -d/ -f3 | sort -u | xargs -r ps uf
root     16794  0.0  0.9 461652 16852 ?        Ssl  08:48   0:00 /usr/sbin/libvirtd
root      1661  0.0  0.1  89336  2152 ?        Ss   Apr15   0:00 /usr/libexec/postfix/master -w
postfix   1681  0.0  0.2  89504  3860 ?        S    Apr15   0:00  \_ qmgr -l -t unix -u
postfix  17190  0.0  0.2  89440  3832 ?        S    09:56   0:00  \_ pickup -l -t unix -u
root       507  0.0  0.8 547684 16044 ?        Ssl  Apr15   0:06 /usr/bin/python -Es /usr/sbin/tuned -l -P
root       488  0.0  1.1 325176 21052 ?        Ssl  Apr15   0:00 /usr/bin/python /usr/sbin/firewalld --nofork --nopid
[root@ol7beta ~]#
[root@ol7beta ~]# ls -l openssl-*
-rw-r--r--. 1 root root  718380 Apr 20  2014 openssl-1.0.1e-23.0.1.el7.x86_64.rpm
-rw-r--r--. 1 root root 1228140 Apr 20  2014 openssl-devel-1.0.1e-23.0.1.el7.x86_64.rpm
-rw-r--r--. 1 root root  923368 Apr 20  2014 openssl-libs-1.0.1e-23.0.1.el7.x86_64.rpm
[root@ol7beta ~]# rpm -Uvh openssl-*
error: Failed dependencies:
        krb5-devel(x86-64) is needed by openssl-devel-1:1.0.1e-23.0.1.el7.x86_64
        zlib-devel(x86-64) is needed by openssl-devel-1:1.0.1e-23.0.1.el7.x86_64

[root@ol7beta ~]# rpm -ivh /mnt/Packages/krb5-devel-1.11.3-31.el7.x86_64.rpm  /mnt/Packages/zlib-devel-1.2.7-10.el7.x86_64.rpm
error: Failed dependencies:
        keyutils-libs-devel is needed by krb5-devel-1.11.3-31.el7.x86_64
        libcom_err-devel is needed by krb5-devel-1.11.3-31.el7.x86_64
        libselinux-devel is needed by krb5-devel-1.11.3-31.el7.x86_64
        libverto-devel is needed by krb5-devel-1.11.3-31.el7.x86_64
[root@ol7beta ~]# ^C
[root@ol7beta ~]#
[root@ol7beta ~]# cat /etc/yum.
yum.conf     yum.repos.d/
[root@ol7beta ~]# cat /etc/yum.repos.d/iso.repo
name=Local CD Repo
[root@ol7beta ~]# df
Filesystem          1K-blocks    Used Available Use% Mounted on
/dev/mapper/ol-root  49747968 1071868  48676100   3% /
devtmpfs               886508       0    886508   0% /dev
tmpfs                  893876       0    893876   0% /dev/shm
tmpfs                  893876    2940    890936   1% /run
tmpfs                  893876       0    893876   0% /sys/fs/cgroup
/dev/sda1              487652   91380    366576  20% /boot
tmpfs                  893876       0    893876   0% /tmp
/dev/sr0              4673160 4673160         0 100% /mnt
[root@ol7beta ~]# yum install krb5-devel zlib-devel
Resolving Dependencies
--> Running transaction check
---> Package krb5-devel.x86_64 0:1.11.3-31.el7 will be installed
--> Processing Dependency: libverto-devel for package: krb5-devel-1.11.3-31.el7.x86_64
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.11.3-31.el7.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.11.3-31.el7.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.11.3-31.el7.x86_64
---> Package zlib-devel.x86_64 0:1.2.7-10.el7 will be installed
--> Running transaction check
---> Package keyutils-libs-devel.x86_64 0:1.5.8-1.el7 will be installed
---> Package libcom_err-devel.x86_64 0:1.42.8-2.el7 will be installed
---> Package libselinux-devel.x86_64 0:2.1.13-21.el7 will be installed
--> Processing Dependency: libsepol-devel >= 2.1.9-1 for package: libselinux-devel-2.1.13-21.el7.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.1.13-21.el7.x86_64
---> Package libverto-devel.x86_64 0:0.2.5-2.el7 will be installed
--> Running transaction check
---> Package libsepol-devel.x86_64 0:2.1.9-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package                                         Arch                               Version                                     Repository                         Size
 krb5-devel                                      x86_64                             1.11.3-31.el7                               local                             606 k
 zlib-devel                                      x86_64                             1.2.7-10.el7                                local                              49 k
Installing for dependencies:
 keyutils-libs-devel                             x86_64                             1.5.8-1.el7                                 local                              37 k
 libcom_err-devel                                x86_64                             1.42.8-2.el7                                local                              29 k
 libselinux-devel                                x86_64                             2.1.13-21.el7                               local                             168 k
 libsepol-devel                                  x86_64                             2.1.9-1.el7                                 local                              70 k
 libverto-devel                                  x86_64                             0.2.5-2.el7                                 local                              11 k
Transaction Summary
Install  2 Packages (+5 Dependent packages)
Total download size: 968 k
Installed size: 2.0 M
Is this ok [y/d/N]: y
Downloading packages:
Total                                                                                                                                   3.5 MB/s | 968 kB     00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libcom_err-devel-1.42.8-2.el7.x86_64                                                                                                                 1/7
  Installing : libsepol-devel-2.1.9-1.el7.x86_64                                                                                                                    2/7
  Installing : libselinux-devel-2.1.13-21.el7.x86_64                                                                                                                3/7
  Installing : libverto-devel-0.2.5-2.el7.x86_64                                                                                                                    4/7
  Installing : keyutils-libs-devel-1.5.8-1.el7.x86_64                                                                                                               5/7
  Installing : krb5-devel-1.11.3-31.el7.x86_64                                                                                                                      6/7
  Installing : zlib-devel-1.2.7-10.el7.x86_64                                                                                                                       7/7
  Verifying  : zlib-devel-1.2.7-10.el7.x86_64                                                                                                                       1/7
  Verifying  : keyutils-libs-devel-1.5.8-1.el7.x86_64                                                                                                               2/7
  Verifying  : libverto-devel-0.2.5-2.el7.x86_64                                                                                                                    3/7
  Verifying  : libsepol-devel-2.1.9-1.el7.x86_64                                                                                                                    4/7
  Verifying  : libcom_err-devel-1.42.8-2.el7.x86_64                                                                                                                 5/7
  Verifying  : libselinux-devel-2.1.13-21.el7.x86_64                                                                                                                6/7
  Verifying  : krb5-devel-1.11.3-31.el7.x86_64                                                                                                                      7/7
  krb5-devel.x86_64 0:1.11.3-31.el7                                                   zlib-devel.x86_64 0:1.2.7-10.el7
Dependency Installed:
  keyutils-libs-devel.x86_64 0:1.5.8-1.el7   libcom_err-devel.x86_64 0:1.42.8-2.el7   libselinux-devel.x86_64 0:2.1.13-21.el7   libsepol-devel.x86_64 0:2.1.9-1.el7
  libverto-devel.x86_64 0:0.2.5-2.el7
[root@ol7beta ~]#
[root@ol7beta ~]# rpm -Uvh openssl-*
Preparing...                          ################################# [100%]
Updating / installing...
   1:openssl-libs-1:1.0.1e-23.0.1.el7 ################################# [ 20%]
   2:openssl-1:1.0.1e-23.0.1.el7      ################################# [ 40%]
   3:openssl-devel-1:1.0.1e-23.0.1.el7################################# [ 60%]
Cleaning up / removing...
   4:openssl-1:1.0.1e-23.el7          ################################# [ 80%]
   5:openssl-libs-1:1.0.1e-23.el7     ################################# [100%]
[root@ol7beta ~]# rpm -qa |grep openssl

[root@ol7beta ~]#
After updating openssl, Services will need to be restarted. [root@ol7beta ~]#
[root@ol7beta ~]# grep libssl.so.1.0.1e /proc/*/maps | cut -d/ -f3 | sort -u | xargs -r ps uf
root     16794  0.0  0.9 461652 16852 ?        Ssl  08:48   0:00 /usr/sbin/libvirtd
root      1661  0.0  0.1  89336  2152 ?        Ss   Apr15   0:00 /usr/libexec/postfix/master -w
postfix   1681  0.0  0.2  89504  3860 ?        S    Apr15   0:00  \_ qmgr -l -t unix -u
postfix  17190  0.0  0.2  89440  3832 ?        S    09:56   0:00  \_ pickup -l -t unix -u
root       507  0.0  0.8 547684 16044 ?        Ssl  Apr15   0:06 /usr/bin/python -Es /usr/sbin/tuned -l -P
root       488  0.0  1.1 325176 21052 ?        Ssl  Apr15   0:00 /usr/bin/python /usr/sbin/firewalld --nofork --nopid
[root@ol7beta ~]# lsof | awk 'NR==1 || 0-/libssl.so.1.0.1e/'
COMMAND     PID   TID    USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
firewalld   488          root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
gmain       488  1511    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507          root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
gmain       507   677    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   679    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   680    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
tuned       507   682    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
master     1661          root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
qmgr       1681       postfix  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794          root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16821    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16822    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16823    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16824    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16825    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16826    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16827    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16828    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16829    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
libvirtd  16794 16830    root  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e
pickup    17190       postfix  DEL       REG              252,1            134650208 /usr/lib64/libssl.so.1.0.1e

[root@ol7beta ~]# systemctl restart postfix
[root@ol7beta ~]#
[root@ol7beta ~]#  systemctl restart firewalld
[root@ol7beta ~]#
[root@ol7beta ~]# systemctl restart libvirtd
[root@ol7beta ~]# systemctl restart tuned
[root@ol7beta ~]#
[root@ol7beta ~]#
[root@ol7beta ~]#
[root@ol7beta ~]# lsof | awk 'NR==1 || 0-/libssl.so.1.0.1e/'
COMMAND     PID   TID    USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
master    17390          root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
pickup    17391       postfix  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
qmgr      17392       postfix  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
firewalld 17481          root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
gmain     17481 17919    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035          root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18036    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18037    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18038    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18039    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18040    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18041    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18042    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18043    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18044    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
libvirtd  18035 18045    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
tuned     18162          root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
gmain     18162 18165    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
tuned     18162 18166    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
tuned     18162 18167    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
tuned     18162 18168    root  mem       REG              252,1    438904  134650204 /usr/lib64/libssl.so.1.0.1e
[root@ol7beta ~]# grep libssl.so.1.0.1e /proc/*/maps | cut -d/ -f3 | sort -u | xargs -r ps uf
root     18162  0.4  0.8 547684 16000 ?        Ssl  10:13   0:00 /usr/bin/python -Es /usr/sbin/tuned -l -P
root     18035  0.3  0.9 461652 16852 ?        Ssl  10:13   0:00 /usr/sbin/libvirtd
root     17481  0.8  1.1 325376 21140 ?        Ssl  10:12   0:00 /usr/bin/python /usr/sbin/firewalld --nofork --nopid
root     17390  0.0  0.1  89336  2044 ?        Ss   10:11   0:00 /usr/libexec/postfix/master -w
postfix  17391  0.0  0.2  89440  3828 ?        S    10:11   0:00  \_ pickup -l -t unix -u
postfix  17392  0.0  0.2  89504  3852 ?        S    10:11   0:00  \_ qmgr -l -t unix -u
[root@ol7beta ~]#My test virtualbox - OL7 beta1, it's all right for openssl.

MOS note #1663998.1
Oracle Linux Early Access Downloads
Categories: DBA Blogs

Security Alert CVE-2014-0160 (‘Heartbleed’) Released

Oracle Security Team - Fri, 2014-04-18 14:38

Hi, this is Eric Maurice.

Oracle just released Security Alert CVE-2014-0160 to address the publicly disclosed ‘Heartbleed’ vulnerability which affects a number of versions of the OpenSSL library.  Due to the severity of this vulnerability, and the fact that active exploitation of this vulnerability is reported “in the wild,” Oracle recommends that customers of affected Oracle products apply the necessary patches as soon as they are released by Oracle.

The CVSS Base Score for this vulnerability is 5.0.  This relative low score denotes the difficulty in coming up with a system that can rate the severity of all types of vulnerabilities, including the ones that constitute blended threat. 

It is easy to exploit vulnerability CVE-2014-0160 with relative impunity as it is remotely exploitable without authentication over the Internet.  However a successful exploit can only result in compromising the confidentiality of some of the data contained in the targeted systems.  An active exploitation of the bug allows the malicious perpetrator to read the memory of the targeted system on which resides the vulnerable versions of the OpenSSL library.  The vulnerability, on its own, does not allow a compromise of the availability (e.g., denial of service attack) or integrity of the targeted system (e.g., deletion of sensitive log files). 

Unfortunately, this vulnerability is very serious in that it is contained into a widely used security package, which enables the use of SSL/TLS, and the compromise of that memory can have serious follow-on consequences.  According to http://heartbleed.com the compromised data may contain passwords, private keys, and other sensitive information.  In some instances, this information could be used by a malicious perpetrator to decrypt private information that was sent months or years ago, or log into systems with stolen identity.   As a result, this vulnerability creates very significant risks including unauthorized access to systems with full user rights.


For more information:


The Advisory for Security Alert CVE-2014-0160 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html

The ‘OpenSSL Security Bug - Heartbleed / CVE-2014-0160’ page on OTN is located at http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

The ‘Heartbleed’ web site is located at http://www.heartbleed.com.  Note that this site is not affiliated with Oracle.





I Love Logs

Gary Myers - Thu, 2014-04-17 21:08
It occurred to me a few days ago, as I was reading this article on DevOps, that I might actually be a DevOps.

I think of myself as a developer, but my current role is in a small team running a small system. And by running, I mean that we are 

  • 'root' and 'Administrator' on our Linux and Windows servers
  • 'oracle / sysdba' on the database side, 
  • the apex administrator account and the apex workspace administrators,
  • the developers and testers, 
  • the people who set up (and revoke) application users and 
  • the people on the receiving end of the support email
Flashbacked to Jeff Smith's article on Developers in Prod. But the truth is that there's a lot of people wearing multiple hats out there, and the job titles of old are getting a bit thin. 

The advantage of having all those hats, or at least all those passwords, is that when I'm looking at issues, I get to look pretty much EVERYWHERE. 

I look at the SSH, FTP and mailserver logs owned by root. The SSH logs generally tell me who logged on where and from where. Some of that is for file transfers (some are SFTP, some are still FTP), some of it is the other members of the team logging on to run jobs. The system sends out lots of mail notifications, and occasionally they don't arrive so I check that log to see that it was sent (and if it may have been too big, or rejected by the gateway).

Also on the server are the Apache logs. We've got these on daily rotate going back a couple of years because it is a small enough system that the logs sizes don't matter. But Apex stuffs most of those field values into the URL as a GET, so they all get logged by Apache. I can get a good idea of what IP address was inquiring about a particular location or order by grepping the logs for the period in question.

I haven't often had the need to look in the Oracle alert logs or dump directories, but they are there if I want to run a trace on some code. 

In contracts, I'm often looking at the V$ (and DBA_) views and tables. The database has some audit trail settings so we can track DDL and (some) logons. Most of the database access is via the Apex component, so there's only a connection pool there.

The SELECT ANY TABLE also gives us access to the underlying Apex tables that tell us the 'private' session state of variables, collections etc. (Scott Wesley blogged on this a while back). Oh, and it amazing how many people DON'T log out of an application, but just shut their browser (or computer) down. At least it amazed me. 

The apex workspace logs stick around for a couple of weeks too, so they can be handy to see who was looking at which pages (because sometimes email us a screenshot of an error message without telling us how or where it popped up). Luckily error messages are logged in that workspace log. 

We have internal application logs too. Emails sent, batch jobs run, people logging on, navigation menu items clicked. And some of our tables include columns with a DEFAULT from SYS_CONTEXT/USERENV (Module, Action, Client Identifier/Info) so we can automatically pick up details when a row is inserted.

All this metadata makes it a lot easier to find the cause of problems. It isn't voyeurism or spying. Honest. 

Oracle E-Business Suite R12 Pre-Install RPM available for Oracle Linux 5 and 6

Wim Coekaerts - Thu, 2014-04-17 18:44
One of the things we have been focusing on with Oracle Linux for quite some time now, is making it easy to install and deploy Oracle products on top of it without having to worry about which RPMs to install and what the basic OS configuration needs to be.

A minimal Oracle Linux install contains a really small set of RPMs but typically not enough for a product to install on and a full/complete install contains way more packages than you need. While a full install is convenient, it also means that the likelihood of having to install an errata for a package is higher and as such the cost of patching and updating/maintaining systems increases.

In an effort to make it as easy as possible, we have created a number of pre-install RPM packages which don't really contain actual programs but they 're more or less dummy packages and a few configuration scripts. They are built around the concept that you have a minimal OL installation (configured to point to a yum repository) and all the RPMs/packages which the specific Oracle product requires to install cleanly and pass the pre-requisites will be dependencies for the pre-install script.

When you install the pre-install RPM, yum will calculate the dependencies, figure out which additional RPMs are needed beyond what's installed, download them and install them. The configuration scripts in the RPM will also set up a number of sysctl options, create the default user, etc. After installation of this pre-install RPM, you can confidently start the Oracle product installer.

We have released a pre-install RPM in the past for the Oracle Database (11g, 12c,..) and Oracle Enterprise Manager 12c agent. And we now also released a similar RPM for E-Business R12.

This RPM is available on both ULN and public-yum in the addons channel.

Supplemental Logging and Securefiles Causing DBWn to Block

Don Seiler - Thu, 2014-04-17 09:00
A few weeks back, we began making changes to prepare for using Oracle Golden Gate. One of the first steps required is to enable "minimal supplemental logging" at the database level. We did this during an evening maintenance window. However by the time the morning workload picked up, we started seeing a lot of sessions blocking, and the root blocker was one of the DB Writer (DBWn) processes.

Looking at the blocked sessions, a query similar to this was a common theme:

SET foo_data = :data, foo_time = systimestamp
WHERE foo_id = :id

This statement was run by many sessions from our webservers as part of a page load process. Very high-frequency call rate. We knew that the only change in the database was the minimal supplemental logging. Obviously we were preparing to turn it off, but took some time to look into it. It is important to note that for the most part the contention was only with sessions running this update statement.

Looking at the table involved, one unique feature was that foo_data field is an encrypted CLOB, which Oracle refers to as a securefile in 11g.

SQL> desc foo
Name            Null?    Type
--------------- -------- ----------------------------
FOO_DATA                 CLOB ENCRYPT

We opened an SR with Oracle and they pointed us to this unpublished bug:


They described it for us as:

Confirmed as "not a bug" in this bug.

It was stated: "write complete waits in this case are unfortunately, expected and can not be avoided/tuned. Even for NOLOGGING case there is a short invalidation redo that must be generated, and for correct crash recovery, dbwr must wait for redo to be written to disk first before data blocks can be written."Basically telling us that this is working as intended and there is no workaround if you're using securefiles. For us it was important that we move forward with Golden Gate, so we would need to have a solution that let us keep minimal supplemental logging on. Looking closer, we knew that this table was on an encrypted tablespace already, so we felt comfortable changing the table so that it used a regular "basicfile" CLOB:

SQL> desc foo
Name            Null?    Type
--------------- -------- ----------------------------
FOO_DATA                 CLOB

Since making this change, the problems have gone away. Obviously we were lucky in that we could change the table to not use securefiles. If you have a table that sees a lot of DML with securefiles, you're probably going to have a painful experience with supplemental logging. Beware!
Categories: DBA Blogs

Oracle Java Cloud Service - April 2014 Critical Patch Update

Oracle Security Team - Thu, 2014-04-17 08:59

Hi, this is Eric Maurice.

In addition to the release of the April 2014 Critical Patch Update, Oracle has also addressed the recently publicly disclosed issues in the Oracle Java Cloud Service.  Note that the combination of this announcement with the release of the April 2014 Critical Patch Update is not coincidental or the result of the unfortunate public disclosure of exploit code, but rather the result of the need to coordinate the release of related fixes for our on-premise customers. 

Shortly after issues were reported in the Oracle Java Cloud Service, Oracle determined that some of these issues were the result of certain security issues in Oracle products (though not Java SE), which are also licensed for traditional on-premise use.  As a result, Oracle addressed these issues in the Oracle Java Cloud Service, and scheduled the inclusion of related fixes in the following Critical Patch Updates upon completion of successful testing so as to avoid introducing regression issues in these products.


For more information:

The April 2014 Critical Patch Update Advisory is located at http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html

More information about Oracle Software Security Assurance, including details about Oracle’s secure development and ongoing security assurance practices is located at http://www.oracle.com/us/support/assurance/overview/index.html

OSP #3a: Build a Standard Cluster Platform

Jeremy Schneider - Thu, 2014-04-17 06:15

This is the fifth article in a series called Operationally Scalable Practices. The first article gives an introduction and the second article contains a general overview. In short, this series suggests a comprehensive and cogent blueprint to best position organizations and DBAs for growth.

We’ve looked in some depth at the process of defining a standard platform with an eye toward Oracle database use cases. Before moving on, it would be worthwhile to briefly touch on clustering.

Most organizations should hold off as long as possible before bringing clusters into their infrastructure. Clusters introduce a very significant new level of complexity. They will immediately drive some very expensive training and/or hiring demands – in addition to the already-expensive software licenses and maintenance fees. There will also be new development and engineering needed – perhaps even within application code itself – to support running your apps on clusters. In some industries, clusters have been very well marketed and many small-to-medium companies have made premature deployments. (Admittedly, my advice to hold off is partly a reaction to this.)

When Clustering is Right

Nonetheless there definitely comes a point where clustering is the right move. There are four basic goals that drive cluster adoption:

  1. Parallel or distributed processing
  2. Fault tolerance
  3. Incremental growth
  4. Pooled resources for better utilization

I want to point out immediately that RAC is just one way of many ways to do clustering. Clustering can be done at many tiers (platform, database, application) and if you define it loosely then even an oracle database can be clustered in a number of ways.

Distributed Processing

Stop for a moment and re-read the list of goals above. If you wanted to design a system to meet these goals, what technology would you use? I already suggested clusters – but that might not have been what came to your mind first. How about grid computing? I once worked with some researchers in Illinois who wrote programs to simulate protein folding and DNS sequencing. They used the Illinois BioGrid – composed of servers and clusters managed independently by three different universities across the state. How about cloud computing? The Obama Campaign in 2008 used EC2 to build their volunteer logistics and coordination platforms to dramatically scale up and down very rapidly on demand. According to the book In Search of Clusters by Gregory Pfister, these four reasons are the main drivers for clustering – but if they also apply to grids and clouds then then what’s the difference? Doesn’t it all accomplish the same thing?

In fact the exact definition of “clustering” can be a little vague and there is a lot of overlap between clouds, grids, clusters – and simple groups of servers with strong & mature standards. In some cases these terms might be more interchangeable than you would expect. Nonetheless there are some general conventions. Here is what I have observed:

CLUSTER Old term, most strongly implies shared hardware resources of some kind, tight coupling and physical proximity of servers, and treatment of the group as a single unit for execution of tasks. While some level of single system image is presented to clients, each server may be individually administered and strong standards are desirable but not always implied. GRID Medium-aged term, implies looser coupling of servers, geographic dispersion, and perhaps cross-organizational ownership and administration. There will not be grid-wide standards for node configuration; individual nodes may be independently administered. The grid may be composed of multiple clusters. Strong standards do exist at a high level for management of jobs and inter-node communication.

Or, alternatively, the term “grid” may more loosely imply a group of servers where nodes/resources and jobs/services can easily be relocated as workload varies. CLOUD New term, implies service-based abstraction, virtualization and automation. It is extremely standardized with a bias toward enforcement through automation rather than policy. Servers are generally single-organization however service consumers are often external. Related to the term “utility computing” or the “as a service” terms (Software/SaaS, Platform/PaaS, Database/DaaS, Infrastructure/IaaS).

Or, alternatively, may (like “grid”) more loosely imply a group of servers where nodes/resources and jobs/services can easily be relocated as workload varies.

Google Trends for Computers and Electronics Category

Google Trends for Computers and Electronics Category

These days, the distributed processing field is a very exciting place because the technology is advancing rapidly on all fronts. Traditional relational databases are dealing with increasingly massive data volumes, and big data technology combined with pay-as-you-go cloud platforms and mature automation toolkits have given bootstrapped startups unforeseen access to extremely large-scale data processing.

Building for Distributed Processing

Your business probably does not have big data. But the business case for some level of distributed processing will probably find you eventually. As I pointed out before, the standards and driving principles at very large organizations can benefit your commodity servers right now and eliminate many growing pains down the road.

In the second half of this article I will take a look at how this specifically applies to clustered Oracle databases. But I’m curious, are your server build standards ready for distributed processing? Could they accommodate clustering, grids or clouds? What kinds of standards do you think are most important to be ready for distributed processing?

Webcast: Database Cloning in Minutes using Oracle Enterprise Manager 12c Database as a Service Snap Clone

Pankaj Chandiramani - Thu, 2014-04-17 05:02

Since the demands
from the business for IT services is non-stop, creating copies of production
databases in order to develop, test and deploy new applications can be
labor intensive and time consuming. Users may also need to preserve private
copies of the database, so that they can go back to a point prior to when
a change was made in order to diagnose potential issues. Using Snap Clone,
users can create multiple snapshots of the database and “time
” across these snapshots to access data from any point
in time.

Join us for an in-depth
technical webcast and learn how Oracle Cloud Management Pack for Oracle
Database's capability called Snap Clone, can fundamentally improve the
efficiency and agility of administrators and QA Engineers while saving
CAPEX on storage. Benefits include:

  • Agile provisioning
    (~ 2 minutes to provision a 1 TB database)

  • Over 90% storage

  • Reduced administrative
    overhead from integrated lifecycle management


April 24 — 10:00 a.m. PT | 1:00 p.m. ET

May 8 — 7:00 a.m. PT | 10:00 a.m. ET | 4:00 p.m. CET

May 22 — 10:00 a.m. PT | 1:00 p.m. ET

Categories: DBA Blogs

SQL Developer’s Interface for GIT: Interacting with a GitHub Repository Part 2

Galo Balda's Blog - Wed, 2014-04-16 18:46

In this post I’m going to show to synchronize the remote and local repositories after an existing file in local gets modified. What I’ll do is modify the sp_test_git.pls file in our local repository and then push those changes to the remote repository (GitHub).

First, I proceed to open the sp_test_git.pls file using SQL Developer, add another dbms_output line to it and save it. The moment I save the file, the Pending Changes (Git) window gets updated to reflect the change and the icons in the toolbar get enabled.


Now I can include a comment and then add the file to the staging area by clicking on the Add button located on the Pending Changes (Git) window. Notice how the status changes from “Modified Not Staged” to “Modified Staged”.


What if I want to compare versions before doing a commit to the local repository? I just have to click on the Compare with Previous Version icon located on the Pending Changes (Git) window.


The panel on the left displays the version stored in the local repository and the panel on the right displays the version in the Staging Area.

The next step is to commit the changes to the local repository. For that I click on the Commit button located on the Pending Changes (Git) window and then I click on the OK button in the Commit window.


Now the Branch Compare window displays information telling that remote and local are out of sync.


So the final step is to sync up remote and local by pushing the changes to GitHub. For that I go to the main menu and click on  Team -> Git -> Push to open the “Push to Git” wizard where I enter the URL for the remote repository, the user name and password to complete the operation. Now I go to GitHub to confirm the changes have been applied.


Filed under: GIT, SQL Developer, Version Control Tagged: GIT, SQL Developer, Version Control

Categories: DBA Blogs


Subscribe to Oracle FAQ aggregator