Feed aggregator

My Guide for Oracle OpenWorld 2012

Kuassi Mensah - Thu, 2012-09-13 17:44
Are you a Java developer, C/C++ developer, or PHP|Ruby|Perl|Python developer  looking to exploit the latest Oracle database technology?

Are you a MapReduce/Hadoop developer or administrator?

Are you MySQL developer looking to migrate or reuse your applications against Oracle?

Are you a developer or Oracle DBA looking for Net Services Enhancements with the Latest Oracle Database Technology?
Here is my list of sessions for you!
Note: I will be either presenting, coordinating or attending these sessions, so if you want to see/meet me, you know where to go!
1/ MapReduce and Hadoop developer and administrator: what is new in the latest Oracle database technology?
In-Database Hadoop: When MapReduce Meets the RDBMS
Where: Parc 55 - Embarcadero
When: 10/3/12, 15:00 - 16:00
Where: Marriott Marquis - Salon 10/11
When: 10/2/12, 17:00 - 18:00
Where: Marriott Marquis - Golden Gate C1
When: 10/2/12, 13:15 - 14:15

Where: Moscone South - 302
When: 10/2/12, 10:15 - 11:15

Visit us in the:
(i) Oracle Red Lounge in Moscone North upper lobby  
(ii) Java/JDBC demo booth (Database demo campground, Moscone South)

2/ Java developers: what is new in the latest Oracle database technology?
Where: Marriott Marquis - Golden Gate C1
When: 10/2/12, 13:15 - 14:15

Where: Marriott Marquis - Club Room
When: 10/3/12, 17:00 - 18:00

Where: Marriott Marquis - Salon 10/11
When: 10/1/12, 12:15 - 13:15

Where: Marriott Marquis - Foothill F
In-Database Hadoop: When MapReduce Meets the RDBMS
Where: Parc 55 - Embarcadero (JavaOne)
When: 10/3/12, 15:00 - 16:00

Where: Marriott Marquis - Salon 10/11
When: 10/2/12, 17:00 - 18:00


Visit us in the Java/JDBC demo booth (Database demo campground, Moscone South)


3/ C/C++ developer: what is new in the latest Oracle database technology?
Best Practices for Application Performance, Scalability, and Availability
Where: Marriott Marquis - Club Room
When: 10/1/12, 10:45 - 11:45

Meet the Developers of Database Access Services (OCI, ODBC, DRCP, PHP, Python)
Where: Marriott Marquis - Foothill F
When: 10/1/12, 19:15 - 20:00
Run MySQL Applications Against the Latest Oracle Database Technology
Where: Marriott Marquis - Salon 10/11
When: 10/1/12, 16:45 - 17:45

Syndication and Consolidation: Oracle Database Driver for MySQL Applications
Where: Marriott Marquis - Club Room
When: 10/1/12, 13:45 - 14:45 


Visit us in the Data Access and Net Services demo booth (Database demo campground, Moscone South)

4/ PHP|Python|Ruby|Perl developer5/ MySQL developer: what is new in the latest Oracle database technology?Syndication and Consolidation: Oracle Database Driver for MySQL Applications
Where: Marriott Marquis - Club Room
When: 10/1/12, 13:45 - 14:45

Run MySQL Applications Against the Latest Oracle Database Technology
Where: Marriott Marquis - Salon 10/11
When: 10/1/12, 16:45 - 17:45

Visit us in the Data Access and Net Services demo booth (Database demo campground, Moscone South)
6/ Net Services Enhancements with the Latest Oracle Database Technology
 Where: Moscone South - 303
 When: 10/3/12, 11:45 - 12:45
 

Visit us in the Data Access and Net Services demo booth (Database demo campground, Moscone South)

Forms Presentations at DOAG Conference 2012

Gerd Volberg - Thu, 2012-09-13 03:55
And here are some tips for the DOAG Conference in Germany


Jan Peter Timmermann


Wolfgang Kriebel, Christian Kühne


My own presentation :


Perry Pakull


Stephan La Rocca


And in the afternoon we can attend at the Fusion Middleware Panel with Frank Nimphius, Duncan Mills and Jürgen Menge


Gerd

Forms Modernization at Oracle Open World

Gerd Volberg - Wed, 2012-09-12 08:13
Here are some tips for the Oracle "Forms" Open World 2012

Grant talks about The Future of Oracle Forms :


Lucas presentation is about The Future, too :


Mia and Grant talk together about face-lifting-tips for Forms :


More infos can be found on Grants blog and on Mia's blog

Have fun with it
Gerd

Whatever Happened to Edward Roske?

Look Smarter Than You Are - Sun, 2012-09-09 19:23
Where have I been for 8 months?
Answering that could take a while.  Suffice to say, it's been a busy year.  The largest amount of time beyond my normal job was spent being Conference Chair for the last two years for ODTUG's Kscope conference.  If anyone ever offers to let you chair a conference and then tells you "it's mostly a symbolic position that doesn't require much work," they're lying.  Run away quickly.  Chairing these things is a lot of work, and I am happy to say that my replacement as Conference Chair, Mike Riley, will doubtless put my conference chairing to shame as he carries on the good I did and takes it up a notch from good to great.

While running Kscope was an amazing lot of work, it was definitely worth it.  I encourage every one of you to make it to Kscope13 in New Orleans, LA from June 23-27 in 2013.  Kscope13 will continue to be the home for Hyperion, Essbase, Oracle EPM & BI (in addition to ApEx, Oracle RDBMS, Fusion, and lots more) and it's adding content in those areas including entirely new tracks around EPM.  Side note: abstract submission is open through October 15, so if you want to get a free pass to Kscope13, now's your chance: http://bit.ly/Content13.

Kscope kept me busy from early in 2010 until the summer of 2012.  I then took a month off to recuperate (in other words, focus on my actual duties at interRel which apparently include CEO: who knew?) and now I'm back to blogging.  I'm sure you're shedding a single tear right now and I'm choosing to believe it's because you're so choked up with emotion.

The next few weeks are going to be filled with a great deal of travel as I'm presenting at several conferences.  I'm hoping to be able to blog from a few of these conferences.  If you're at any of them, be sure to find me either up on stage somewhere speaking or at our booth.  If you want to know more about any of these conferences, you can always send an e-mail over to the intelligent, beautiful, and obscenely overworked Danielle White at info@interrel.com.

September 11
Hyperion Solutions Road Trip to Denver
Oracle and interRel put on a series of free, multi-track training days around North America each year.  We have one on September 11 at the Grand Hyatt in Denver and like most of the Roadshows we do, it's open to both current and prospective customers of Oracle EPM & BI.  I'm giving three sessions at this conference including the keynote on the future of Oracle EPM (11.1.2.2 and beyond).  If you're anywhere near Denver (or could fly there easily), there's a great half-day agenda followed by free tickets to a Colorado Rockies game afterwards (they're playing the San Francisco Giants).  My good buddy, Glenn Schwartzberg, will also be presenting along with a few Oracle speakers talking in detail about 11.1.2.2.

September 30 to October 4Oracle OpenWorld
San Francisco, California
If you don't want to miss your annual chance to hear Oracle talk about Oracle, you'll want to come to a city vaguely resembling San Francisco during the first week of quarter close for most companies.  That's right: in what is, I'm sure, not a big "sod off" to finance and accounting users everywhere, Oracle has decided to hold their annual Oracle awesomeness conference during the first week of October.

To be completely honest, I actually like being able to hear once per year directly from Oracle their stance on recent releases and future plans. While it's huge, overcrowded, 90%+ marketing, and expensive, there are great networking and educational opportunities to be found if you know where to look.  Word of advice, though: don't ever try to stand in a cab line; you'll be there for 2 hours and it's probably quicker to just walk wherever you're headed.

I've got 3 or 4 sessions at this year's conference including a non-Hyperion one on the Fusion User Experience.  Most of my sessions will be part of the ODTUG's EPM Symposium at Moscone West in room 2008 on Sunday afternoon.  interRel also has a kiosk in the Hyperion Pavilion on the 5th floor of the Intercontinental Hotel.  Make sure you stop by and see us at one of those locations.

Pearl Jam and Kings of Leon will be performing at the Wednesday night party on Treasure Island, so bare minimum, you can get in touch with your alternative side.  There's also free booze, so ya, you got that going for you.

October 16Hyperion Solutions Road Trip to Seattle
This conference is similar to the one in Denver except for three important differences:
  1. It's in Bellevue, Washington on a different date.
  2. The keynote speaker is the VP of Oracle EPM Development, Matt Bradley.  He's a great speaker and this is an excellent opportunity to hear from development themselves about all the great things they have planned for the next year.
  3. The after event is at Lucky Strike instead of at a baseball park, because let's face it: there's no way in Hell that the Seattle Mariners will still be playing baseball in mid-October.
This event, like the other road trips, is free.  You just have to get yourself to Seattle (and not be a competitor, obviously).

October 23Hyperion Solutions Road Trip to Phoenix
This time, we're heading down South to Phoenix, Arizona.  The agenda will be very similar to the Denver event above and there will be great fun in the evening after, so join us for education and networking all for free.  Just to prove that geography is not our strong suit, in this exact same week, we'll be traveling to:

October 25Hyperion Solutions Road Trip to Calgary
I'm told that Canadians are very scary and intimidating, but I'm hoping they'll be nice as we take our first road trip North of the border.  Expect a similar agenda to the others but with a dash of vegetarian back bacon.  I'm looking forward to the Calgary Flames game after the day's education is complete because apparently hockey is trying to become a major sport, and this is my one chance to learn something about it (red line? blue line? icing?).  Jenny, our business coordinator at interRel, is from Canada and she assures me that if hockey doesn't take off, at least curling will.

      October 30Hyperion Solutions Road Trip to Los Angeles
      The agenda for this event is quite different.  Among other things, it's a full-day instead of a half-day and it has 3 full tracks instead of 2.  It's basically a one-day, free Hyperion conference.  This year, it'll be at the Hilton inside Universal Studios and our after event will be at Jillian's on the Universal City Walk.  Here's the complete agenda:
      Hyperion Solutions Road Trip to
      Southern California
      8:30 AM       
      Check In & Registration
      9:00 AM
      Keynote: Analytics-Led Business Innovation, Matt Bradley, Oracle

      Experience the Future of Oracle EPM 11.1.2.2
      Live Demos Included!
      The World of
      Hyperion Applications
      The Foundations of Business Intelligence: Oracle Essbase & OBIEE
      10:00 AM
      Taking Control of Your Hierarchies with
      DRM 11.1.2.2
      Introduction to
      Integrated Business Planning
      BI Foundation Suite:
      Integrating Oracle Essbase & The New OBIEE 11.1.1.6
      11:00 AM
      The Next Evolution
      in Forecasting:
      Hyperion Planning 11.1.2.2
      Reducing Your Close Cycle:
      Financial Close & Account Reconciliation Management
      Oracle Essbase
      Worst Practices:
      Lessons from a Moron
      11:50 PM
      Lunch
      12:20 PM
      Ask a Guru Panel Session
      1:30 PM
      Managing Your
      Project Budgets:
      Introduction to the
      New Hyperion Planning Project Module
      Best Practices for Your Strategic Oracle EPM Road Map: Building Your 3 Year Plan
      Extending the Value of Oracle eBusiness Suite with Oracle EPM
      2:30 PM
      Hyperion Financial Management 11.1.2.2: Unlimited Dimensionality & Financial Management Analytics
      Optimizing Your Oracle Hyperion Planning & Oracle Essbase Outlines
      Exalytics: In-Memory Business Intelligence for Oracle Essbase & OBIEE
      3:20 PM
      Break
      3:50 PM
      Breaking Away from the Excel Add-In:
      Welcome to
      Smart View 11.1.2.2 
      Integrating Hyperion Financial Management & Hyperion Planning
       What’s New in
      OBIEE 11.1.1.6:
      Oracle on Your iPhone & Other Cool Things
      4:40 PM
      Drawings / Networking
      5:30 PM
      Dinner/Drinks/Entertainment at Jillian’s at Universal Studios City Walk


      November 5-6
      OAUG Connection Point - EPM&BI
      Orlando, Florida
      Each year, OAUG puts on a 2-day Oracle EPM&BI focused conference.  It has nowhere near as many sessions on Hyperion as Kscope, but it's by far the second-best conference out there.  It has around 50 sessions and this year, interRel is giving 6 of them.  I'm giving a session on Exalytics and other interRel speakers will include Glenn Schwartzberg on Smart View 11.1.2.2, Tracy McMullen on multiple topics, and  Dr. Troy Seguin talking on Predictive Analytics.  We will also have a booth there with our newest 11.1.2.2 books.

      Unlike the Road Trips mentioned above, this conference isn't free.  That said, it's a lot cheaper than OpenWorld with far better targeted content.  If you're in the Southeastern United States, I strongly encourage you to make it to Connection Point at the Peabody Hotel.



      November 15-16ODTUG Seriously Practical - EPM&BI
      Auckland, New Zealand
      ODTUG is putting on two 2-day conferences in Australia and New Zealand in November.  This is the first of those conferences.  There's a charge for them, but it's minimal for the content you get over 2 days. Cameron Lackpour (ACE Director and all-around decent human being) and I are the featured speakers.

      There are actually two tracks: one is focused on Hyperion and Oracle EPM.  The other track is focused on Oracle BI.  I'm giving sessions in both rooms as well as some excellent local speakers and Oracle luminaries.  Make sure you visit the ODTUG website closer to the date for more details.


      November 19-20ODTUG Seriously Practical - EPM&BI
      Melbourne, AustraliaThis is basically the same 2-day, 2-room itinerary as the event in Auckland.  I have presented at the InSync conference in Melbourne before and I love the city.  If you can't make it to Auckland, I'm hoping you can fly down to Melbourne.  They have koalas.

      After this, I hope to return back to the good ole US-of-A with a month to spare before TEOTWAWKI.  I have some final things I need to take care of before December 21.  Among other things, I'm hoping to clean out my Inbox, because my mother always told me that you don't want to face an apocalypse unless you have a clean Inbox.

      Oh, is that all?Seriously?!?  That's the busiest conference schedule I've ever had with the exception of the 3-week multi-continent trip last year with some of the Oracle ACE Directors from the Oracle Technology Network.  I'm hoping that with all those travel dates over the next 2 months, I'll run into some of you in-person.  If you're anywhere near, please try to stop by.  I'm also hoping that all this travel will give me time to blog on airplanes.

      It's good to be back.

      Categories: BI & Warehousing

      JDeveloper Memory And Performance

      Bex Huff - Fri, 2012-09-07 17:02

      I was recently doing some training on ADF, and the students were complaining how slow JDeveloper was... Dragging and dropping Data Controls onto a JSF page? It's the pause of death if you will. Not to mention the "Out Of Memory" errors that crop up in the middle of debugging a large app. Very frustrating for developers, so I decided to once and for all get figure out what magic JVM tuning parameters would speed it up.

      As a general rule, Java is optimized for throughput, not latency. Once the garbage collector kicks in, performance drops like a rock. A 2 second pause every once in a while is OK for a server, but for an IDE it's misery. So here's the fix:

      1. Go to your JDeveloper root directory, is should be something like C:\Oracle\jdev\Middleware\jdeveloper
      2. Open the file ide\bin\ide.conf, scroll down to the default memory settings:
      3.         AddVMOption  -Xms128M
                AddVMOption  -Xmx768M
        
      4. Boost the memory to something larger, like so:
      5.         AddVMOption  -Xms1024M
                AddVMOption  -Xmx1024M
        
      6. Open the file jdev\bin\jdev.conf
      7. Add the following config settings:
      8.         # optimize the JVM for strings / text editing
                AddVMOption -XX:+UseStringCache
                AddVMOption -XX:+OptimizeStringConcat
                AddVMOption -XX:+UseCompressedStrings
        
                # if on a 64-bit system, but using less than 32 GB RAM, this reduces object pointer memory size
                AddVMOption -XX:+UseCompressedOops
        
                # use an aggressive garbage collector (constant small collections)
                AddVMOption -XX:+AggressiveOpts
        
                # for multi-core machines, use multiple threads to create objects and reduce pause times
                AddVMOption -XX:+UseConcMarkSweepGC
        
      9. Then restart JDeveloper... If it doesn't start, you'll need to reduce the amount of memory allocate in the ide.conf file from step 3.

      And that's it! Your mileage may vary, of course... And you may need additional parameters, depending on what version of JDeveloper you're running. Just keep in mind that you are tuning Java for shorter pauses, and not greater throughput.

      UPDATE 1: some students still had issues, so in addition to the JVM settings, I've found these tips also help out:

      Go to Tools / Preferences / Environment, and switch to the "Windows" look and feel. The Oracle look and feel is prettier, but slower.

      Disable all extensions that you don't need. This is usually a huge savings... Go to Tools / Preferences / Extensions, and turn off thnigs you know you don't need. One thing I do is disable all extensions by default, then enable only the ones I know I need for my current project. For example, disable everything, then enable only those extensions that start with ADF. This will automatically enable dependent extensions. Enable others (Portal, SOA, RIDC) only if needed.

      Open all documents in "Source" mode by default. Go to Tools / Preferences / File Types, and click the Default Editor tab. For all web pages (HTML, JSF, JSP) set the default editor to "Source". You can always click the "Design" tab to see the design. For best results, select items in the "Structure" window (by default on lower left) and edit them in the "Property Inspector" window (by default on the lower right).

      If you really want to get extreme... you can install a solid-state hard drive for your workstation. Barring that, if you have enough RAM you can allocate 4 GB and create a RAM driver for your system. This looks like a normal hard drive, but it's all in RAM. Then install JDeveloper on that, and it will be almost as good as a solid state drive.
      Other developers have had success using

      UPDATE 2: A reader has informed me that this line:

              #AddVMOption -XX:+AggressiveOpts

      Breaks offline database support in JDeveloper... so that one will have to be avoided in some cases.

      read more

      Categories: Fusion Middleware

      #Oracle #Cloud is Here!

      Bradley Brown - Thu, 2012-09-06 20:25
      Well, the long awaited for #cloud offering is finally here from Oracle.  This post will walk you through the registration process.  My next blog entry will walk you through the setup, configuration, installation, etc.

      First, just go to https://cloud.oracle.com/ and click on the "Register for Access" button:


      Then Oracle asks if you need to create a new Oracle account or if you already have one.  Answer accordingly.


      If you need to create a new account, answer the questions...


      If you already have an Oracle account like I do, just sign in:


      Tell Oracle which of their many cloud offerings you want to try out:




      Now just sit back and wait for your account to be created.  I was in the Early Adaptor (EA) program, so I had everything in the EA version.  I just signed up for my new "production" version of the offering.  In my next blog I'll let you know how long it took to get my account set up and I'll show you what I had to do from there.  The above process took me all of 1 minute...

      Sign up - good luck!

      Are Java PaaS platforms ready for enterprise?

      Debu Panda - Thu, 2012-08-30 17:38
      Cloud computing bubbles are still rising and there is a great hype for Java PaaS. Java PaaS vendors are still growing like mushrooms. Remember the good old early J2EE / EJB 1.0 days! They hold a lot of promise. Are they really ready for deploying enterprise grade applications? I spent few weeks looking at few Java PaaS vendors and I will present my thoughts at my JavaOne presentation.

      Have you deployed your enterprise application in a Java PaaS? I would be interested to know your thoughts.

      Here is a survey on Java PaaS http://www.surveymonkey.com/s/BDZRWQF

      InteliVideo Pitch

      Bradley Brown - Wed, 2012-08-29 18:37
      Check out the new InteliVideo Pitch


      Separate docs for MySQL Connectors

      Tahiti Views - Wed, 2012-08-29 13:36
      The MySQL documentation section has always had this Topic Guides page containing links to the docs for the various MySQL Connectors -- the official database drivers for various languages and programming technologies. That is the most convenient way to get the information for each Connector in PDF form, rather than downloading the entire Ref Man PDF. For HTML, it was more of a shortcut, because John Russellhttp://www.blogger.com/profile/17089970732272081637noreply@blogger.com0

      Is “Can’t” Really the Word You Want?

      Cary Millsap - Tue, 2012-08-28 12:16
      My friend Chester (Chet Justice in real life; oraclenerd when he puts his cape on) tweeted this yesterday:
      can’t lives on won’t street - i’m sure my son will hate me when he’s older for saying that all the time.

      I like it. It reminds me of an article that I drafted a few months ago but hadn’t posted yet. Here it is...

      When I ask for help sometimes, I find myself writing a sentence that ends with, “…but I can’t figure it out.” I try to catch myself when I do that, because can’t is not the correct word.

      Here’s what can’t means. Imagine a line representing time, with the middle marking where you are at some “right now” instant in time. The leftward direction represents the past, and the rightward direction represents the future.


      Can’t means that I am incapable of doing something at every point along this timeline: past, present, and future.


      Now, of course, can’t is different from mustn’t—“must not”which means that you’re not supposed to try to do something, presumably because it’s bad for you. So I’m not talking about the can/may distinction that grammarians bring to your attention when you say, “Can I have a candy bar?” and then they say, “I don’t know, can you?” And then you have to say, “Ok, may I have a candy bar” to actually have candy bar. I digress.

      Back to the timeline. There are other words you can use to describe specific parts of that timeline, and here is where it becomes more apparent that can’t is often just not the right word:
      • Didn’t, a contraction of “did not.” It means that you did not do something in the past. It doesn’t necessarily mean you couldn’t have, or that you were incapable of doing it; it’s just a simple statement of fact that you, in fact, did not.
      • Aren’t, a contraction of “are not.” It means that you are in fact not doing something right now. This is different from “don’t,” which often is used to state an intention about the future, too, as in “I don’t smoke,” or “I do not like them, Sam-I-am.”
      • Won’t, a contraction of “will not.” It means that you will not do something in the future. It doesn’t necessarily mean you couldn’t, or that you are going to be incapable of doing it; it’s just a simple statement of intention that you, right now, don’t plan to. That’s the funny thing about your future. Sometimes you decide to change your plans. That’s ok, but it means that sometimes when you say won’t, you’re going to be wrong.
      Here’s how it all looks on the timeline:


      So, when I ask for help and I almost say, “I can’t figure it out,” the truth is really only that “I didn’t figure it out.”

      “...Yet.”

      ...Because, you see, I do not have complete knowledge about the future, so it is not correct for me to say that I will never figure it out. Maybe I will. However, I do have complete knowledge of the past (this one aspect of the past, anyway), and so it is correct to speak about that by saying that I didn’t figure it out, or that I haven’t figured it out.

      Does it seem like I’m going through a lot of bother making such detailed distinctions about such simple words? It matters, though. The people around you are affected by what you say and write. Furthermore, you are affected by the the stuff you say and write. Not only do our thoughts affect our words, our words affect our thoughts. The way you say and write stuff changes how you think about stuff. So if you aspire to tell the truth (is that still a thing?), or if you just want to know more about the truth, then it’s important to get your words right.

      Now, back to the timeline. Just because you haven’t done something doesn’t mean you can’t, which means that you never will. Can’t is an as-if-factual statement about your future. Careless use of the word can’t can hurt people when you say it about them. It can hurt you when you think it about yourself.

      Listen for it; you’ll hear it all the time:
      • “Why can’t you sit still?!” If you ask the question more accurately, it kind of answers itself: “Why haven’t you sat still for the past hour and a half?” Well, dad, maybe it’s because I’m bored and, oh, maybe it’s because I’m five! Asking why you haven’t been sitting still reminds me that perhaps there’s something I can do to make it easier for both of us to work through the next five minutes, and that maybe asking you to sit still for the next whole hour is asking too much.
      • “You can’t run that fast.” Prove it. Just because you haven’t doesn’t mean you never will. Before 1954, people used to say you can’t run a four-minute mile, that nobody can. Today, over a thousand people have done it. Can you become the most commercially successful and critically acclaimed act in history of popular music if you can’t read music? Well, apparently you can: that’s what the Beatles did. I’m probably not going to, but understanding that it’s not impossible is more life-enriching than believing I can’t.
      • “You can’t be trusted.” Rough waters here, mate. If you’ve behaved in such a manner that someone would say this about you, then you’ve got a lot of work in front of you. But no. No matter what, so far, all you’ve demonstrated is that you have been untrustworthy in the past. A true statement about your past is not necessarily a true statement about your future. It’s all about the choices you make from this moment onward.
      Lots of parents and teachers don’t like can’t for its de-motivational qualities. I agree: when you think you can’t, you most likely won’t, because you won’t even try. It’s Chet’s “WONT STREET”.

      When you think clearly about its technical meaning, you can also see that it’s also a word that’s often just not true. I hate being wrong. So I try not to use the word can’t very often.

      Oracle Fusion Install - On premise (Bare Metal, OVM) or Hosted

      Krishanu Bose - Tue, 2012-08-21 11:45
      Whoever is implementing Oracle Fusion will definitely have to answer the following question; 
      Do you need to have the Oracle Fusion environment hosted on your premises or do you want to host with a third party or host this in Oracle via the Saas or OnDemand model?
      To add some more complexity, Oracle provides you with option either to install the application on 'bare metal' or leverage Oracle Virtual Machines (OVM) to host all components.
      Our experience has been that the fastest and easiest way to get going is if you use hosting service of Oracle or some third-party. However, the flip side of using a hosted applications is that you will see an increase in the turnaround time if you are upgrading, applying patches or debugging, which will be quite high in the initial days and you should keep a buffer for all these exigencies in your project plan.
      The next best alternative is to use an on-premise OVM install. You can be up and running in 3 days. Internally at Wipro we are able to set up an environment using OVM install in less than 3 days. The last route is to go for a bare-metal install. This is quite a challenge from DBA perspective and can take well over 2 weeks to set up the environment. Oracle ships both bare-metal as well as OVM versions of the releases, so customers can choose either of these.

      Oracle Fusion Applications - Next generation in ERP

      Krishanu Bose - Tue, 2012-08-21 10:52

      Oracle Fusion Apps is the next generation in ERP space. It's completely web-based and takes in the best in class of all products under the Oracle umbrella. Some truely world-class features include the following:
      - co-exist with third party legacy applications, thereby giving huge business benefits where customers have already invested heavily in legacy applications and want to plug and play Fusion Apps with existing system.
      - Best in class user roles and responsibility features. Truely amazing if we compare this with R11i and R12 stack of products.
      - Complete web-based solution, so no hassles of installing client thin or thick. Only thing that you need to be up and running is a browser. Fusion works great on Google chrome, Mozilla along with IE.
      - Oracle Fusion Applications feature embedded business intelligence. So, you have plenty of Dashboards, BI reports, smart reporting tools like Smartview (uses an excel add-in) and FR Studio (again uses the best from Hyperion reporting)
      - complete SOA based architecture, makes processing and integration real cool.

      Put Up or Shut Up

      Mary Ann Davidson - Fri, 2012-08-17 15:10

      One of the (usually) unfortunate concomitants of being a veteran in the cybersecurity space (“veteran” as in, I can remember when everyone called it “information security”) is that you get to hear the same themes over and over again (and solve the same security problems over and over again, only with different protocols).* Not to mention, you experience many technical revival meetings, which is industry’s way of promoting the same old same old under new exhortations (“Praise the Lord! I found eternal life with <insert sexy technology cult du jour>!”)

      One of the topics that I am tired of talking about and would like us collectively to do something about is (drum roll) information sharing. Now, information sharing is not a cure-all for every ill in cybersecurity. It is a means to anend, not an end in itself. Specifically, information sharing is a means to enhance situational awareness, which in turn helps networked entities defend themselves better (“Excuse me, I see a mugger is about to swipe your purse. You might want to hit him with it or switch it to your other shoulder.”)

      As a basic enabler of better defense, information sharing is certainly a no-brainer, and yet it largely doesn’t happen, or doesn’t happen enough, at least among the good guys. The bad guys, of course, are really good at information sharing. Techniques, tools, top ten lists of badly secured web sites – bring it on, woo hoo. The hacker toolkits are so good now that even someone as technically challenged as I am could probably become a competent Internet evildoer (not that I have any plans to do so). And yet industry and government have spent more time writing tomes, doing PPTs and drafting policy papers that use the magic words “public-private partnership” than making actual – make that “almost any” – progress. Sharing policy papers, I hasten to add, is not the kind of information sharing that solves actual problems. So here it is, all y’all: time to put up or shut up on information sharing.

      I say this in my experience as a member of the IT industry Information Sharing and Analysis Center (IT-ISAC) (OK, I am the current president, but I am not speaking for the IT-ISAC) and as a security weenie at Oracle. I can state pretty categorically that I have been astonished – and depressed – at what currently passes for information sharing, despite years of gum flapping about it. The government agencies that are tasked with it generally don’t do it, for example. I find it ironic that the same entities that can’t or won’t tell you you are being broken into – or are about to be – think in some cases that the better solution is for them to just take over protection of your company’s networks after you’ve being broken into. Huh?

      More to the point, surprisingly, and delightedly, other agencies that are not tasked with information sharing (e.g., an entity I cannot name by name but that is not part of the Department of Homeland Security (DHS)) recently went to great lengths to contact the IT-ISAC and bring “interesting information” to the attention of the IT-ISAC because they’d seen suspicious activity related to some member companies. Bravo Zulu to you, Unnamed Government Entity. It was not your mission to share that information, but you made an effort and did it, anyway. I wish you'd make a hostile takeover attempt on the entity that is supposed to share information and doesn’t, probably because their lawyers are still mulling it over. If I sound harsh, consider that I have spent 10 years having the exact same conversations over and over and over and nothing seems to change except the people you are having the conversations with. To quote Yoda, “Do or do not. There is no try.”

      Other government agencies may call you but you get mysterious intimations and in some cases nothing actionable. I certainly understand that a recipient doesn’t – and probably shouldn’t – receive information about how the reporter got the information (e.g., sources and methods). I know I don’t have a “need to know.” But the information has to be actionable or it’s useless. For example (and I know they meant well), I once got a phone call from Agency X who said, “we have a credible threat that an entity in Country Y (and We All Know Who That Is) is interested in stealing (only they used a more bureaucratic term) the source code for Oracle Product Foo.” Gosh, really? The only news there would be if that country were not out to rip off…er…steal…er…conduct industrial espionage…er…enhance their native manufacturing capacity by ‘active acquisition’… of someone else’s core intellectual property. The next statement was even less helpful: “The details about the threat are classified.” On the one hand, glad Agency X called. Points for trying. On the other hand, the warning was so vague it was not actionable and it certainly didn’t tell me anything I didn’t already know. I wish they’d saved the 35 cents that the call cost and used it to reduce our national debt.

      So, the agencies that should share information don’t share much if anything and ones that do in some cases don’t give you information in enough detail such that you can do anything with it. And other good agencies do the right thing although they aren’t tasked with it. It’s not a great report card for the government (more on industry below, lest anyone think I am being one-sided in my criticism). Note that there are people across the political spectrum (and better security really should be an ecumenical issue) who, to their credit, have tried to pass legislation that would help provide “better information sharing” as one of several things we could do to help improve cybersecurity. “Better information sharing” seems a mom-and-secure-apple-pie proposition if ever there was one. Except that a bill that proposed that – and various other iterations of bills – did not pass and for now Congress has gone on vacation like so many of us do in August. There are many reasons why there hasn’t been a consensus cyber bill passed – and I’m not going to go into all that **– but for Pete’s sake, improving government information sharing with industry and vice versa really should be something everyone agrees on.

      Another reason that even “kumbaya information sharing 101” couldn’t get a consensus was because of Privacy Concerns. You do wonder about people who are really happy telling intimate details of their lives on Facebook but don’t think the government should be able to receive information about anybody’s attempts to hack critical infrastructure. (Because that’s what we are talking about, not “sending information about the amount of time you spent visiting cutepuppiesandbunniesandduckies.com to the National Security Agency,” which, I am pretty sure, is truly not interested in that information – they have bigger evil fish to fry – and doesn’t view your bunny obsession as a national security threat.)

      This is a good time to say that the type of information sharing I am talking about is the voluntary kind (though “highly encouraged” information sharing pursuant to a court order is also good – I’m nothing if not law-abiding). I have zero interest in handing over everything, including the digital kitchen sink, because someone decides they should get everything you have and only then figure out what they actually need. “Need to know” goes for the government, too.

      Ergo, at a macro level, I’m glad there are people who are concerned and involved as regards digital privacy. But at the same time, I am frustrated because any time there is even a common sense proposal (legislative or otherwise) about information sharing, privacy hawks seem to come out of the woodwork and Express Grave Concern that either national security or homeland security agencies might actually get useful information from industry to enable them to do their national or homeland security jobs better. Or, God forbid, that industries under non-stop attack from bad guys (including hostile nation states intent on ripping us all off) might actually receive useful and actionable intelligence to help them close open digital doors and windows and keep vermin out. Wouldn’t that be awful?

      Because I like analogies, I’d like to offer some perspectives from the real (non-cyber) world that will, at least, illustrate why I am so frustrated and want us to stop talking and start doing. I’d observe that in the physical world, we really don’t seem to have these Concerned Discussions,*** mostly because people understand that we live in communities and that we have a collective interest in making sure we have a secure commons. (Duh, it’s exactly the same issue in the digital world.) Here we go:

      Scenario 1: I see a couple walking their dog on the street. They walk by my house and my neighbor’s house. The dog is a Labradope that barks incessantly and the owners don’t clean up after him. ****

      Result: I might not like the fact the dog doo-dooed on the arctic willows I painstakingly planted, but this is not a national emergency and it’s not suspicious activity. I’ll clean up after the dog and be done with it. I’m not calling the Wood River Animal Shelter Dog Doo Hotline or the Ketchum Police Department Canine Crap Cop.

      Scenario 2: I see someone attempting to enter a window in my neighbor’s house, at 7PM, when my neighbor has gone to the Sun Valley Symphony (they are playing Mahler, whom I don’t care for, which is why I am home instead of at the symphony).

      Result: I’m calling the police. I’m also going to give the police as much information as I can about the person doing the B and E (breaking and entering) – what he looks like, how old, how he is dressed, etc. What I am not going to do is think, “Wait, I can’t provide a description of the breaker-inner because gosh, that might violate the perp’s right to privacy and bad taste in clothes. The police showing up when the criminal is doing a breaking and entering job is creating a hostile work environment for him, too.” If you are breaking into someone’s home, you do not have a right to privacy while doing it. Even realizing that there might be false positives (it’s the neighbor's kid, he locked himself out and is breaking into his own house), most of us would rather err on the side of caution and call the cops. We aren’t telling everyone on the planet about “attempted break-in on Alpine Lane,” but we are providing targeted information about a malefactor to the group (Ketchum Police Department) that can do something about it.

      In short, if I am a decent neighbor, I should do what I can to protect my neighbor’s house. And as long as I am on the subject, if every house in the neighborhood has been broken into, I would like to know that before someone tries to break into my house. It would be nice if the police told me if there is a rash of B and Es in my neighborhood. (Given it’s a small town in Idaho and we have really good police department, I’m pretty sure they will tell me.)*****

      This is what information sharing is, folks. It’s not telling everybody everything whether or not it is interesting or useful. The above examples all have “cyber equivalents” in terms of the difference between sharing “all information” and “sharing interesting information” – which is exactly what we are talking about when we speak of information sharing. There isn’t a neighbor in the world that is busy taping everyone walking dogs by their house (and don’t forget those close-ups of the Labrador committing indiscretions on your plants). Nobody cares about your incontinent Labrador. You share information that is targeted, of value, of interest and where possible, actionable. That’s true in the physical world and in the cyber world.

      I’ve been doing a bit of government bashing regarding “failure of government agencies to share information.” Is it only fair that I also do some industry bashing, because information sharing is something some sectors do a lot better than others, yet it is something everyone could and should benefit from. Not to mention, I am mindful of the Biblical wisdom of “Physician, heal thyself” (Luke 4:23).

      While the government can add value in information sharing, it is not their job to defend private networks, especially when the private sector – merely by virtue of the fact that they have more digital real estate – gets to see more and thus potentially has more information to share with their neighbors. Not to mention, industry cannot have it both ways. There is a lot of legitimate concern about regulation of cyberspace, mostly because so much regulation has unintended, expensive and often unfortunate consequences. This is all the more reason to Be A Good Cyber Citizen instead of waiting for the government to be the source of all truth or to tell you How To Be A Good Cyber Citizen. Industry participation in information sharing forums is a demonstration of voluntary sector cybersecurity risk management without the force of regulation. As I said earlier, “put up or shut up,” which goes just as much if not more for industry as for government.

      While ISACs are not the only information sharing vehicles that exist, they were set up specifically for that purpose (in response to Presidential Decision Directive 63, way back in 1998). It’s a fair cop that some of the ISACs have done better at performing their mission than others. Not all ISACs are equal or even have the same mission. Still, each ISAC has its own examples of success and it is often difficult for those not participating in specific ISACs to see the value they deliver to members (to protect member information that is shared, most ISACs have non-disclosure agreements that prevent information from being shared outside the ISAC membership).

      I’d specifically note that the multi-state ISAC and the financial services ISAC both seem to operate very well. There are, I think, many reasons for their success. First of all, the multi-state ISAC and the financial services ISAC have more homogeneity, for lack of a better word. A state is a state is a state – it’s not also a planet. (Except California and Texas, which often seem like Mars to the rest of the country. Bless their lil’ ol’ hearts.) This makes it easier to recognize the obvious benefit of cooperation. To quote Ben Franklin: "We must, indeed, all hang together, or most assuredly we shall all hang separately.” The financial services sector gets this really well: any perceived threat to an individual financial services company is likely to affect all of them, either because of the perception problem that a successful hack creates (“online banking is insecure!”) or because criminals like to repeat successes (to quote Willy Sutton when asked why he robbed banks, “that’s where the money is”). You can’t imagine a bad guy saying, “I’m only going to hack Bank of Foobaria because I don’t like that bank, but Bank of Whateversville is a really nice bank – they hand out dog biscuits – so I am not going to hack them.”

      I think leadership is also a factor. I don’t know the originators and past presidents of the Financial Services ISAC, but Bill Nelson has done a tremendous job as the current President of the Financial Services ISAC. I also know Will Pelgrin at the multi-state ISAC and he is a very good, very skilled leader, indeed, and a generous colleague, to boot. Will has been gracious with his time and expertise to me personally in my role as the IT-ISAC president, and I am grateful for it.

      While the IT-ISAC has a long list of accomplishments that it is justifiably proud of, the IT-ISAC also faces unique challenges. One of them is the nature of the ISAC and its constituency. The IT industry is less homogeneous than other sectors, including both “soup to nuts” stack vendors as well as security solution vendors that make a business out of sharing threat information. Being a die-hard capitalist, I don’t expect these companies to give away their secret sauce, plus French fries and a hot apple pie to avoid Ben Franklin’s collective hanging. While I think the diversity of the IT sector, the variance in business practices and the “not giving away the store” issues are real challenges to the IT-ISAC, they also provide real benefits. The IT-ISAC provides a forum for bringing together subject matter experts from diverse companies to engage on and discuss common security threats. The IT-ISAC is also moving from an organization focused on vendor vulnerabilities to one that assists members in understanding the rapidly-changing threat environment. For example, we have established a group within the IT-ISAC membership that has agreed to share threat indicator information with each other.

      As President of the IT-ISAC, I am committed to doing what I can to try to expand membership, to find common ground (e.g., threat information that even security vendors feel comfortable sharing that benefits everyone, without expecting them to share secret sauce recipes), and finding ways to work with our counterparts in the public sector. I am not the first, and won’t be the last, IT-ISAC president, and I am blessed with an extremely capable executive director and with the generosity of colleagues on the Board. As I learned in my Navy days, I must do my best to steer a steady course to favorable shores.

      Lastly, I think the biggest hurdle we in industry collectively need to get over is the trust issue. We seem to be more fearful of other companies than we are of being hacked by bad guys. (“If I share this information, will a competitor use it against me?”) Trust has to be earned, but it can be garnered by outreach and by making an effort to start somewhere. I think of a fine gentleman and public servant who has recently retired from NSA, Tony Sager. Tony was a public face of NSA in terms of working with industry in the information assurance directorate (IAD). He and his team did a lot of outreach: here’s who we are, here’s what we do, let’s talk. Tony did a lot of listening, too. I have said often that if I had a problem in a particular area, I’d not hesitate to call Tony and his team. They had the creds, they had the smarts, and they had earned – yes, earned – my trust. We in industry, who see most of the threats, who are so often the direct victims of them, should take a cue from Tony. Use our “creds” and our intelligence (of all types) to improve the commons. We can start by sharing useful, actionable, valuable information that will help all of us be more secure. It is often said the bad guys are a step ahead of the defenders. This is true with information sharing as well: the bad guys play nicely with other bad guys – so why can’t we good guys get along?

      If you are sitting on the sidelines, it is time to get involved and engaged. Instead of sitting on the outside complaining that there is no effective way to share information, join an information sharing organization (I’m partial to ISACs), get involved in it, and help shape and move the organization so that it meets your needs. Just get on with it, already!

      * The fact that technology changes but stupidity repeats endlessly is job security for security weenies. Rule number 1 of  nformation security is “never trust any unverified data from a client.” Rule 2 is “see rule 1.” Most security defects stem from failure to heed rule 1 – and we keep doing it every time we introduce new clients or new protocols. The excuse for lazy-ass servers or middle tiers is always, “Gosh, it’s just so much easier to accept any old thing the client hands you because it is computationally intensive to verify it. And nobody would send evil data to a middle tier, wouldthey?” Right. Just like, think of all the cycles we’d save if we didn’t verify passwords. I’m sure if a client says he is John Doe, he IS John Doe! (Good luck with that.)

      ** Ok, I lied. One of the reasons various bills failed is because the bill drafters wanted “better security to protect critical infrastructure” but could not actually define “critical infrastructure.” If “it” is important enough to legislate, “it” should be clearly defined in the language of the bill, instead of subject to interpretation (and vast scope increase ex post facto). Just my opinion.

      *** With the prospect of increased drone use in our domestic environs, we are going to have a lot more privacy discussions. What I barbecue in my backyard is none of anyone else’s goldurn business.

      **** Ok, I know a lot of people love Labs. Apologies to anybody I offended.

      ***** Since I live a couple of blocks from the police, it’s pretty darn stupid of anybody to try to break into any house in the neighborhood.

      Put Up or Shut Up

      Mary Ann Davidson - Fri, 2012-08-17 15:10



      Intellectual Property
      EOP
      Joint Strategic Plan, Intellectual Property
      12.00



      Normal
      0





      false
      false
      false

      EN-US
      X-NONE
      X-NONE













      MicrosoftInternetExplorer4














      DefSemiHidden="true" DefQFormat="false" DefPriority="99"
      LatentStyleCount="267">
      UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
      UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>






















      UnhideWhenUsed="false" QFormat="true" Name="Title"/>



      UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>




      UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
      UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>




      UnhideWhenUsed="false" Name="Table Grid"/>

      UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
      UnhideWhenUsed="false" Name="Light Shading"/>
      UnhideWhenUsed="false" Name="Light List"/>
      UnhideWhenUsed="false" Name="Light Grid"/>
      UnhideWhenUsed="false" Name="Medium Shading 1"/>
      UnhideWhenUsed="false" Name="Medium Shading 2"/>
      UnhideWhenUsed="false" Name="Medium List 1"/>
      UnhideWhenUsed="false" Name="Medium List 2"/>
      UnhideWhenUsed="false" Name="Medium Grid 1"/>
      UnhideWhenUsed="false" Name="Medium Grid 2"/>
      UnhideWhenUsed="false" Name="Medium Grid 3"/>
      UnhideWhenUsed="false" Name="Dark List"/>
      UnhideWhenUsed="false" Name="Colorful Shading"/>
      UnhideWhenUsed="false" Name="Colorful List"/>
      UnhideWhenUsed="false" Name="Colorful Grid"/>
      UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
      UnhideWhenUsed="false" Name="Light List Accent 1"/>
      UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
      UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
      UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
      UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
      Name="Revision"/>
      UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
      UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
      UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
      UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
      UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
      UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
      UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
      UnhideWhenUsed="false" Name="Dark List Accent 1"/>
      UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
      UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
      UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
      UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
      UnhideWhenUsed="false" Name="Light List Accent 2"/>
      UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
      UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
      UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
      UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
      UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
      UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
      UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
      UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
      UnhideWhenUsed="false" Name="Dark List Accent 2"/>
      UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
      UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
      UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
      UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
      UnhideWhenUsed="false" Name="Light List Accent 3"/>
      UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
      UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
      UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
      UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
      UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
      UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
      UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
      UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
      UnhideWhenUsed="false" Name="Dark List Accent 3"/>
      UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
      UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
      UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
      UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
      UnhideWhenUsed="false" Name="Light List Accent 4"/>
      UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
      UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
      UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
      UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
      UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
      UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
      UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
      UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
      UnhideWhenUsed="false" Name="Dark List Accent 4"/>
      UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
      UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
      UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
      UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
      UnhideWhenUsed="false" Name="Light List Accent 5"/>
      UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
      UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
      UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
      UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
      UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
      UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
      UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
      UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
      UnhideWhenUsed="false" Name="Dark List Accent 5"/>
      UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
      UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
      UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
      UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
      UnhideWhenUsed="false" Name="Light List Accent 6"/>
      UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
      UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
      UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
      UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
      UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
      UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
      UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
      UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
      UnhideWhenUsed="false" Name="Dark List Accent 6"/>
      UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
      UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
      UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
      UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
      UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
      UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
      UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
      UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>





      /* Style Definitions */
      table.MsoNormalTable
      {mso-style-name:"Table Normal";
      mso-tstyle-rowband-size:0;
      mso-tstyle-colband-size:0;
      mso-style-noshow:yes;
      mso-style-priority:99;
      mso-style-qformat:yes;
      mso-style-parent:"";
      mso-padding-alt:0in 5.4pt 0in 5.4pt;
      mso-para-margin:0in;
      mso-para-margin-bottom:.0001pt;
      mso-pagination:widow-orphan;
      font-size:10.0pt;
      font-family:"Calibri","sans-serif";}


      One of the (usually) unfortunate concomitants of being a veteran in the cybersecurity space (“veteran” as in, I can remember when everyone called it “information security”) is that you get to hear the same themes over and over again (and solve the same security problems over and over again, only with different protocols).* Not to mention, you experience many technical revival meetings, which is industry’s way of promoting the same old same old under new exhortations (“Praise the Lord! I found eternal life with <insert sexy technology cult du jour>!”)


      One of the topics that I am tired of talking about and would like us collectively to do something about is (drum roll) information sharing. Now, information sharing is not a cure-all for every ill in cybersecurity. It is a means to an
      end, not an end in itself. Specifically, information sharing is a means to enhance situational awareness, which in turn helps networked entities defend themselves better (“Excuse me, I see a mugger is about to swipe your purse. You might want to hit him with it or switch it to your other shoulder.”)


      As a basic enabler of better defense, information sharing is certainly a no-brainer, and yet it largely doesn’t happen, or doesn’t happen enough, at least among the good guys. The bad guys, of course, are really good at information sharing. Techniques, tools, top ten lists of badly secured web sites – bring it on, woo hoo. The hacker toolkits are so good now that even someone as technically challenged as I am could probably become a competent Internet evildoer (not that I have any plans to do so). And yet industry and government have spent more time writing tomes, doing PPTs and drafting policy papers that use the magic words “public-private partnership” than making actual – make that “almost any” – progress. Sharing policy papers, I hasten to add, is not the kind of information sharing that solves actual problems. So here it is, all y’all: time to put up or shut up on information sharing.


      I say this in my experience as a member of the IT industry Information Sharing and Analysis Center (IT-ISAC) (OK, I am the current president, but I am not speaking for the IT-ISAC) and as a security weenie at Oracle. I can state pretty categorically that I have been astonished – and depressed – at what currently passes for information sharing, despite years of gum flapping about it. The government agencies that are tasked with it generally don’t do it, for example. I find it ironic that the same entities that can’t or won’t tell you you are being broken into – or are about to be – think in some cases that the better solution is for them to just take over protection of your company’s networks after you’ve being broken into. Huh?


      More to the point, surprisingly, and delightedly, other agencies that are not tasked with information sharing (e.g., an entity I cannot name by name but that is not part of the Department of Homeland Security (DHS)) recently went to great lengths to contact the IT-ISAC and bring “interesting information” to the attention of the IT-ISAC because they’d seen suspicious activity related to some member companies. Bravo Zulu to you, Unnamed Government Entity. It was not your mission to share that information, but you made an effort and did it, anyway. I wish you'd make a hostile takeover attempt on the entity that is supposed to share information and doesn’t, probably because their lawyers are still mulling it over. If I sound harsh, consider that I have spent 10 years having the exact same conversations over and over and over and nothing seems to change except the people you are having the conversations with. To quote Yoda, “Do or do not. There is no try.”


      Other government agencies may call you but you get mysterious intimations and in some cases nothing actionable. I certainly understand that a recipient doesn’t – and probably shouldn’t – receive information about how the reporter got the information (e.g., sources and methods). I know I don’t have a “need to know.” But the information has to be actionable or it’s useless. For example (and I know they meant well), I once got a phone call from Agency X who said, “we have a credible threat that an entity in Country Y (and We All Know Who That Is) is interested in stealing (only they used a more bureaucratic term) the source code for Oracle Product Foo.” Gosh, really? The only news there would be if that country were not out to rip off…er…steal…er…conduct industrial espionage…er…enhance their native manufacturing capacity by ‘active acquisition’… of someone else’s core intellectual property. The next statement was even less helpful: “The details about the threat are classified.” On the one hand, glad Agency X called. Points for trying. On the other hand, the warning was so vague it was not actionable and it certainly didn’t tell me anything I didn’t already know. I wish they’d saved the 35 cents that the call cost and used it to reduce our national debt.


      So, the agencies that should share information don’t share much if anything and ones that do in some cases don’t give you information in enough detail such that you can do anything with it. And other good agencies do the right thing although they aren’t tasked with it. It’s not a great report card for the government (more on industry below, lest anyone think I am being one-sided in my criticism). Note that there are people across the political spectrum (and better security really should be an ecumenical issue) who, to their credit, have tried to pass legislation that would help provide “better information sharing” as one of several things we could do to help improve cybersecurity. “Better information sharing” seems a mom-and-secure-apple-pie proposition if ever there was one. Except that a bill that proposed that – and various other iterations of bills – did not pass and for now Congress has gone on vacation like so many of us do in August. There are many reasons why there hasn’t been a consensus cyber bill passed – and I’m not going to go into all that **– but for Pete’s sake, improving government information sharing with industry and vice versa really should be something everyone agrees on.


      Another reason that even “kumbaya information sharing 101” couldn’t get a consensus was because of Privacy Concerns. You do wonder about people who are really happy telling intimate details of their lives on Facebook but don’t think the government should be able to receive information about anybody’s attempts to hack critical infrastructure. (Because that’s what we are talking about, not “sending information about the amount of time you spent visiting cutepuppiesandbunniesandduckies.com to the National Security Agency,” which, I am pretty sure, is truly not interested in that information – they have bigger evil fish to fry – and doesn’t view your bunny obsession as a national security threat.)


      This is a good time to say that the type of information sharing I am talking about is the voluntary kind (though “highly encouraged” information sharing pursuant to a court order is also good – I’m nothing if not law-abiding). I have zero interest in handing over everything, including the digital kitchen sink, because someone decides they should get everything you have and only then figure out what they actually need. “Need to know” goes for the government, too.


      Ergo, at a macro level, I’m glad there are people who are concerned and involved as regards digital privacy. But at the same time, I am frustrated because any time there is even a common sense proposal (legislative or otherwise) about information sharing, privacy hawks seem to come out of the woodwork and Express Grave Concern that either national security or homeland security agencies might actually get useful information from industry to enable them to do their national or homeland security jobs better. Or, God forbid, that industries under non-stop attack from bad guys (including hostile nation states intent on ripping us all off) might actually receive useful and actionable intelligence to help them close open digital doors and windows and keep vermin out. Wouldn’t that be awful?


      Because I like analogies, I’d like to offer some perspectives from the real (non-cyber) world that will, at least, illustrate why I am so frustrated and want us to stop talking and start doing. I’d observe that in the physical world, we really don’t seem to have these Concerned Discussions,*** mostly because people understand that we live in communities and that we have a collective interest in making sure we have a secure commons. (Duh, it’s exactly the same issue in the digital world.) Here we go:


      Scenario 1: I see a couple walking their dog on the street. They walk by my house and my neighbor’s house. The dog is a Labradope that barks incessantly and the owners don’t clean up after him. ****


      Result: I might not like the fact the dog doo-dooed on the arctic willows I painstakingly planted, but this is not a national emergency and it’s not suspicious activity. I’ll clean up after the dog and be done with it. I’m not calling the Wood River Animal Shelter Dog Doo Hotline or the Ketchum Police Department Canine Crap Cop.


      Scenario 2: I see someone attempting to enter a window in my neighbor’s house, at 7PM, when my neighbor has gone to the Sun Valley Symphony (they are playing Mahler, whom I don’t care for, which is why I am home instead of at the symphony).


      Result: I’m calling the police. I’m also going to give the police as much information as I can about the person doing the B and E (breaking and entering) – what he looks like, how old, how he is dressed, etc. What I am not going to do is think, “Wait, I can’t provide a description of the breaker-inner because gosh, that might violate the perp’s right to privacy and bad taste in clothes. The police showing up when the criminal is doing a breaking and entering job is creating a hostile work environment for him, too.” If you are breaking into someone’s home, you do not have a right to privacy while doing it. Even realizing that there might be false positives (it’s the neighbor's kid, he locked himself out and is breaking into his own house), most of us would rather err on the side of caution and call the cops. We aren’t telling everyone on the planet about “attempted break-in on Alpine Lane,” but we are providing targeted information about a malefactor to the group (Ketchum Police Department) that can do something about it.


      In short, if I am a decent neighbor, I should do what I can to protect my neighbor’s house. And as long as I am on the subject, if every house in the neighborhood has been broken into, I would like to know that before someone tries to break into my house. It would be nice if the police told me if there is a rash of B and Es in my neighborhood. (Given it’s a small town in Idaho and we have really good police department, I’m pretty sure they will tell me.)*****


      This is what information sharing is, folks. It’s not telling everybody everything whether or not it is interesting or useful. The above examples all have “cyber equivalents” in terms of the difference between sharing “all information” and “sharing interesting information” – which is exactly what we are talking about when we speak of information sharing. There isn’t a neighbor in the world that is busy taping everyone walking dogs by their house (and don’t forget those close-ups of the Labrador committing indiscretions on your plants). Nobody cares about your incontinent Labrador. You share information that is targeted, of value, of interest and where possible, actionable. That’s true in the physical world and in the cyber world.


      I’ve been doing a bit of government bashing regarding “failure of government agencies to share information.” Is it only fair that I also do some industry bashing, because information sharing is something some sectors do a lot better than others, yet it is something everyone could and should benefit from. Not to mention, I am mindful of the Biblical wisdom of “Physician, heal thyself” (Luke 4:23).


      While the government can add value in information sharing, it is not their job to defend private networks, especially when the private sector – merely by virtue of the fact that they have more digital real estate – gets to see more and thus potentially has more information to share with their neighbors. Not to mention, industry cannot have it both ways. There is a lot of legitimate concern about regulation of cyberspace, mostly because so much regulation has unintended, expensive and often unfortunate consequences. This is all the more reason to Be A Good Cyber Citizen instead of waiting for the government to be the source of all truth or to tell you How To Be A Good Cyber Citizen. Industry participation in information sharing forums is a demonstration of voluntary sector cybersecurity risk management without the force of regulation. As I said earlier, “put up or shut up,” which goes just as much if not more for industry as for government.


      While ISACs are not the only information sharing vehicles that exist, they were set up specifically for that purpose (in response to Presidential Decision Directive 63, way back in 1998). It’s a fair cop that some of the ISACs have done better at performing their mission than others. Not all ISACs are equal or even have the same mission. Still, each ISAC has its own examples of success and it is often difficult for those not participating in specific ISACs to see the value they deliver to members (to protect member information that is shared, most ISACs have non-disclosure agreements that prevent information from being shared outside the ISAC membership).


      I’d specifically note that the multi-state ISAC and the financial services ISAC both seem to operate very well. There are, I think, many reasons for their success. First of all, the multi-state ISAC and the financial services ISAC have more homogeneity, for lack of a better word. A state is a state is a state – it’s not also a planet. (Except California and Texas, which often seem like Mars to the rest of the country. Bless their lil’ ol’ hearts.) This makes it easier to recognize the obvious benefit of cooperation. To quote Ben Franklin: "We must, indeed, all hang together, or most assuredly we shall all hang separately.” The financial services sector gets this really well: any perceived threat to an individual financial services company is likely to affect all of them, either because of the perception problem that a successful hack creates (“online banking is insecure!”) or because criminals like to repeat successes (to quote Willy Sutton when asked why he robbed banks, “that’s where the money is”). You can’t imagine a bad guy saying, “I’m only going to hack Bank of Foobaria because I don’t like that bank, but Bank of Whateversville is a really nice bank – they hand out dog biscuits – so I am not going to hack them.”


      I think leadership is also a factor. I don’t know the originators and past presidents of the Financial Services ISAC, but Bill Nelson has done a tremendous job as the current President of the Financial Services ISAC. I also know Will Pelgrin at the multi-state ISAC and he is a very good, very skilled leader, indeed, and a generous colleague, to boot. Will has been gracious with his time and expertise to me personally in my role as the IT-ISAC president, and I am grateful for it.


      While the IT-ISAC has a long list of accomplishments that it is justifiably proud of, the IT-ISAC also faces unique challenges. One of them is the nature of the ISAC and its constituency. The IT industry is less homogeneous than other sectors, including both “soup to nuts” stack vendors as well as security solution vendors that make a business out of sharing threat information. Being a die-hard capitalist, I don’t expect these companies to give away their secret sauce, plus French fries and a hot apple pie to avoid Ben Franklin’s collective hanging. While I think the diversity of the IT sector, the variance in business practices and the “not giving away the store” issues are real challenges to the IT-ISAC, they also provide real benefits. The IT-ISAC provides a forum for bringing together subject matter experts from diverse companies to engage on and discuss common security threats. The IT-ISAC is also moving from an organization focused on vendor vulnerabilities to one that assists members in understanding the rapidly-changing threat environment. For example, we have established a group within the IT-ISAC membership that has agreed to share threat indicator information with each other.


      As President of the IT-ISAC, I am committed to doing what I can to try to expand membership, to find common ground (e.g., threat information that even security vendors feel comfortable sharing that benefits everyone, without expecting them to share secret sauce recipes), and finding ways to work with our counterparts in the public sector. I am not the first, and won’t be the last, IT-ISAC president, and I am blessed with an extremely capable executive director and with the generosity of colleagues on the Board. As I learned in my Navy days, I must do my best to steer a steady course to favorable shores.


      Lastly, I think the biggest hurdle we in industry collectively need to get over is the trust issue. We seem to be more fearful of other companies than we are of being hacked by bad guys. (“If I share this information, will a competitor use it against me?”) Trust has to be earned, but it can be garnered by outreach and by making an effort to start somewhere. I think of a fine gentleman and public servant who has recently retired from NSA, Tony Sager. Tony was a public face of NSA in terms of working with industry in the information assurance directorate (IAD). He and his team did a lot of outreach: here’s who we are, here’s what we do, let’s talk. Tony did a lot of listening, too. I have said often that if I had a problem in a particular area, I’d not hesitate to call Tony and his team. They had the creds, they had the smarts, and they had earned – yes, earned – my trust. We in industry, who see most of the threats, who are so often the direct victims of them, should take a cue from Tony. Use our “creds” and our intelligence (of all types) to improve the commons. We can start by sharing useful, actionable, valuable information that will help all of us be more secure. It is often said the bad guys are a step ahead of the defenders. This is true with information sharing as well: the bad guys play nicely with other bad guys – so why can’t we good guys get along?


      If you are sitting on the sidelines, it is time to get involved and engaged. Instead of sitting on the outside complaining that there is no effective way to share information, join an information sharing organization (I’m partial to ISACs), get involved in it, and help shape and move the organization so that it meets your needs. Just get on with it, already!



      * The fact that technology changes but stupidity repeats endlessly is job security for security weenies. Rule number 1 of  nformation security is “never trust any unverified data from a client.” Rule 2 is “see rule 1.” Most security defects stem from failure to heed rule 1 – and we keep doing it every time we introduce new clients or new protocols. The excuse for lazy-ass servers or middle tiers is always, “Gosh, it’s just so much easier to accept any old thing the client hands you because it is computationally intensive to verify it. And nobody would send evil data to a middle tier, would
      they?” Right. Just like, think of all the cycles we’d save if we didn’t verify passwords. I’m sure if a client says he is John Doe, he IS John Doe! (Good luck with that.)


      ** Ok, I lied. One of the reasons various bills failed is because the bill drafters wanted “better security to protect critical infrastructure” but could not actually define “critical infrastructure.” If “it” is important enough to legislate, “it” should be clearly defined in the language of the bill, instead of subject to interpretation (and vast scope increase ex post facto). Just my opinion.


      *** With the prospect of increased drone use in our domestic environs, we are going to have a lot more privacy discussions. What I barbecue in my backyard is none of anyone else’s goldurn business.


      **** Ok, I know a lot of people love Labs. Apologies to anybody I offended.


      ***** Since I live a couple of blocks from the police, it’s pretty darn stupid of anybody to try to break into any house in the neighborhood.


      “Check if the DISPLAY variable is set” error – Installing Oracle Forms from a Mac

      Renaps' Blog - Mon, 2012-08-13 15:14

      While installing Oracle Forms and Reports 11gR2 (11.1.2.0.0)  from a Mac (OS/x Mountain Lion) the following error occurred executing the runInstaller installation script:

      $ ./runInstaller

      Starting Oracle Universal Installer…
      Checking Temp space: must be greater than 270 MB.   Actual 40478 MB    Passed
      Checking swap space: must be greater than 500 MB.   Actual 4094 MB    Passed
      Checking monitor: must be configured to display at least 256 colors
          >>> Could not execute auto check for display colors using command /usr/bin/xdpyinfo. Check if the DISPLAY variable is set.    Failed <<<<
      Some requirement checks failed. You must fulfill these requirements before
      continuing with the installation,
      Continue? (y/n) [n] y
      I have a remote session from my mac using terminal.  To export the display, I typed ssh -Y user@servername.
      I have upgraded my O/S to Mountain Lion a couple of days ago.  So I though that might be the cause.  I tried to manually start X11 and I received the following message:
      click on the continue button and get redirected  to the following URL: About X11 and OS X Mountain Lion explaining X11 is no longer part of the O/S and that I should use XQuartz from now on.
       download and Install XQuartz and there you go!
      You can now continue with the rest of the Install via the Installer GUI.

      Categories: DBA Blogs

      OWB – Configuration Templates, Default Values

      Antonio Romero - Mon, 2012-08-13 11:04

      The 11gR2 release of OWB introduced ways of overriding the default values for properties – users may wish to change the seeded default values for properties (for all objects of a type. You can do this using the enterprise feature supplied in Configuration Templates.

      These configuration templates are defined on the global tree, once you create a configuration template it is used in a configuration – then any objects created will inherit these default values.

      You can create a new template and provide a name and description;

       

      This then brings up the editor for the configuration template, the properties are in the tree, and the columns such as PRODUCTION_DEFAULTS is where you can change the property value.

      So for example if you wanted to change the property value for Generation Mode – so rather than generation All Operating Modes which is the default, you can just generate Set Based, you would find this property;

      Then change the value to Set Based for your configuration template;

      Lots of property defaults are here, see there is also one for Default Operating Mode, if you were to change the default code gen to just be Set Based, it makes sense to also change the default operating mode to Set Based.

      Remember these are defaults so you are not setting specific values on an object – these are the defaults of o overriden value is specified. There are many other interesting properties from tablespace info for tables to all sorts of properties for mappings.

      The final piece of the jigsaw is to use this configuration template in a configuration – otherwise it will never be used.

      Win A Free Copy of Packt's Oracle Database XE 11gR2 Jump Start Guide eBook

      Asif Momen - Mon, 2012-08-13 02:00

      I am pleased to announce that Packt Publishing is organizing a giveaway especially for you. All you need to do is just comment below the post and win a free copy of Oracle Database XE 11gR2 Jump Start Guide. Two lucky winners stand a chance to win an e-copy of the book. Keep reading to find out how you can be one of the Lucky One.


      Overview of Oracle Database XE 11gR2 Jump Start Guide eBook
      Build and manage the Oracle Database 11gR2 XE environment with this fast paced, practical guide. The book helps beginners to install, administer, maintain, tune, backup and upgrade the Oracle Database Express Edition.

      Read more about this book and download free Sample Chapter:

      How to Enter?

      All you need to do is head on over to this page and look through the product description of this book and drop a line via the comments below to let us know what interests you the most about these books. It’s that simple.

      DeadLine:


      The contest will close on 26-AUG-2012. Winners will be contacted by email, so be sure to use your real email address when you comment!


      All the best !!!

      The Two Ways of Doing a Job

      Robert Vollman - Sat, 2012-08-11 20:19
      Whether it's deployment, development, performance tuning, troubleshooting or something else, there are two fundamentally different ways of doing your job: doing it fast and doing it completely. Doing it Fast Sometimes you can make a case for doing something fast.  If you're dealing with something you're only going to do once, in a problem space you're either already deeply familiar with or Robert Vollmanhttp://www.blogger.com/profile/08275044623767553681noreply@blogger.com24

      Create Google Tasks by sending email to Google GMail Address

      Ittichai Chammavanijakul - Fri, 2012-08-10 07:59

      I use Google Tasks for a quick to-do list. It has clean interface and is easy to use. On desktop or laptop machine, it is built-in to Google Mail for a quick access. On smartphones, many to-do apps including Tasks N Todos sync with Google tasks.

      The neat thing is that in the Google Mail, you can add Gmail messages into the task list very easily by selecting the messages and then using More Actions > Add to Tasks.

      What if you want to add email messages from other mails like that from work, or Yahoo Mail, etc., it doesn’t seem that there is a straightforward way to do so.

      I found this web log on the automated email-to-task with Google Apps Script by DJ Adams. The Google Apps Script is able to parse the email with a specific filtered label and create a task automatically. Let’s give it a try.

      The overall process is as follows:

      • Two new Gmail labels need to be created – newtask and newtaskdone. When a new email is arrived, the filter will label it with newtask. Once the script processes this email, it will be re-labeled to newtaskdone so it won’t be processed again.
      • To make sure that only specified emails – not all – are processed, one of the hidden features of Gmail will be used. The filter will look for only +task@gmail.com (such as ittichai+task@gmail.com) in the TO address to apply new label. Read this on how to use “+” (plus ) or “.” (dot) in your Gmail address.
      • The Apps Script is from the Google Spreadsheet. The original post is to use only the email’s subject for the task’s title but I modified codes a bit to include the email’s body to be the task’s body as well.
      • One of the important things is to integrate the script with Google API so it will allow to use the Google Tasks’ API service and content.
      • Schedule it to run with a needed interval. I’m doing it every 30 minutes. Note that there is a courtesy limit of 5,000 requests per day. But this should be more than enough for a normal use.

      Courtesy Limit of Tasks API

      • Now just simply forward all emails to+task@gmail.com if you want to add them into the task list. It should show up in the Google Tasks within your specified interval.

      All step-by-step instructions can be found at my wiki site.

      Categories: DBA Blogs

      Generating an EJB SDO Service Interface for Oracle SOA Suite

      Edwin Biemond - Thu, 2012-08-09 13:51
      In Oracle SOA Suite you can use the EJB adapter as a reference or service in your composite applications. The EJB adapter has a flexible binding integration, there are 3 ways for integrating the remote interface with your composite. First you have the java interface way which I described here this follows the JAX-WS way. It means you need to use Calendar for your Java date types and leads to one

      Pages

      Subscribe to Oracle FAQ aggregator