Thursday, December 21, 2006

Happy Holidays 2006

With only a few days left to go before Christmas, I would like to take this opportunity to wish you and the family a very Merry Christmas and a Happy New Year.

May the New Year bring you and the family good health, happiness and success.

Take care.

Saturday, December 16, 2006

Storm of the century - British Columbia

Well, the storm of the century has passed and thankfully there were no fatalities with trees being toppled. The news media said that the winds exceeded 157km/hr and the last record was at 143km/hr back in 1962 when a freak typhoon hit the West Coast of BC. Our neighbours and friends south of the border didn't fared as well with a few fatalities reported in Washington State. Best wishes to my friends and their families in the states of Washington and Oregon.

We were lucky that we didn't suffered any power outages (either at home or at work) but there are thousands of folks (estimated 250,000) who are without power and will be so for the next few days as the Hydro crews worked to restore downed power lines, blown transformers, etc. City crews are working feverishly to remove downed trees. Vancouver's famed Stanley Park is closed dued to the number of downed trees some of which were hundreds of years old.

Wednesday, December 13, 2006

Ebay software pirates pays $100K fine

According to the Register's article, two eBay traders were found guilty of selling pirated software and one of the defendent were quoted as "If I had known that SIIA was checking eBay for software piracy, and if I had known the software was pirated and that I'd have to pay such a high fine, I would have never sold the pirated software to begin with." which I thought was a pretty silly statement after all I interpret that to mean "If I had known that I would get caught, I would not have done it."

My take on this is that you made your bed and you'd better sleep in it. I wondered if the customers who bought from these guys are going to lose sleep as one of the things that the convicted traders had to do was to provide a list of their "suppliers" and "customers".

Saturday, December 09, 2006

Office parties

It's that time of the year again where you will be invited to vendors' parties as well as your own organization's. You have seen those advice columns giving tips and advice on how to survive the parties without making a fool out of yourself or damage your career opportunities. It's true as I have seen many people who have gone overboard during this time of the year thinking that it is okay to let loose. Well, it's not as you are still representing your organization or yourself to your managers and executives.

Some of the things that I've seen included an employee who decided to take a $5.00 bet and walked around the boat during the company's cruise in the nude. Sad to say that he is no longer employed with the company after he strolled past the General Manager and his wife. Another one which didn't caused the person in question his job but his marriage when he decided to sleep with one of the administration staff and boasted about it at work. Another instance I recalled was a co-worker who was asked by his Director (who had a little bit too much to drink) to "be honest and tell me what you think of me" and proceeded to do so thinking that there was a rapport between him and the Director. You can figure out what happened next.

Even at the recent Oracle Open World event in San Francisco during the gala event at the Cow Palace with Elton John. I've seen folks who had too much to drink and couldn't even keep themselves upright or making out with strangers. I'm sorry but it's still a "company" event after all there are probably your colleagues who attended and peers from other organizations.

Now I am not saying don't have fun but do so moderately and know your limits. If after one drink or two, you are tipsy then don't drink or just have only one or have ice tea instead.

On an unrelated topic, this particular Speed Bump strip makes me chuckled and it's IT-related showing that "IT Matters".

Wednesday, November 29, 2006

The Long memory of the Internet

While perusing the Internet and doing a search, I came across an old Usenet posting of mine dated Nov 1990! Back then, I was doing some project work for an organization that no longer exists using Ingres 6.2 on HP-UX 7.0. I was looking at providing an User Interface where the user can enter dynamic SQL and be able to search through the resulting set using search strings. A "simple" thing to do nowadays but back then, the Ingres toolset available was not able to do the job properly. I don't remembered if there were any responses to my query nor do I remember how I ended resolving the issue.

Anyhow, I wanted to highlight how this illustrate that the Internet do indeed have a very long memory.

Updated: A reader asked for the actual Usenet posting. I don't why and don't see any reason as to why not so here the actual text:

{Peter} - view profile
Fri, Nov 16 1990 5:53 pm
{Email Address}
Not yet rated
show options

Hi there, database gurus:

I've a problem that someone out there might have solved or can point me
in the right direction to the solution.

H/W: HP-UX 7.0 on HP9000
S/W: Ingres 6.2

Need to provide a user interface where the user can specify one or more
conditions to be apply to the SQL select statement. That is the SQL
select will not be known until run-time. This implies using dynamic SQL
to prepare and execute the SQL statement. Another feature required is
that the user should able to search back and fro on the data set
retrieved by giving a pattern to match. E.g. "%Smith%".

I've tried to implement the solution using Ingres 4GL but ran into
trouble as I cannot build the SQL dynamically. I can get around this
problem by creative coding of the SQL statement. Problem is this
approach is too slow!!!.

I've also tried to implement using Ingres ESQL/FORMS but ran into
trouble when I need to implement the search feature. I cannot use the
LIKE predicate to do the search anymore either in procedures or
otherwise as, according to the manuals, the LIKE predicate syntax is as
columnname LIKE 'string constant'

I'm stumped. Can anyone help?? Please email me or post a reply.

Tuesday, November 21, 2006

Week of Day-0 bugs...Argeniss - Thumbs Down

Argeniss Information Security has announced on their website that they planned to release a Day-zero Oracle bug per day for a whole week in December. Their reasoning was that "We have 0days for all Database software vendors but Oracle is "The #1 Star" when talking about lots of unpatched vulnerabilities and not caring about security."

Now I don't agree with Argeniss as I see Oracle being serious about fixing their security flaws and also committed to training their developers in terms of writing secured code. Argeniss' actions are irresponsible and actually put Oracle's customers at risk. Argeniss has nothing to be "proud" of as you got to remember that this is a company who is willing to sell their zero day exploits for $2,500.

I don't know what dealings Argeniss or Cesar Cerrudo have had with Oracle but this is definitely not the right way to approach the security issues with the Oracle software. A lot of organizations will not be able to do anything to fix these flaws and the only approach is to have their firewall defenses configured to ensure that authorized and legit traffic are passthrough if that is even possible or doable. In the meanwhile, I can only wait to see what kind of information Argeniss will release and assess whether there is enough information (directly or indirectly) that would provide a hacker to do an exploit.

I wonder if it is shown that a hacker is able to hack in through the Oracle software as a result of Argeniss disclosing crucial information about the exploit used by the hacker, that the organizations affected could seek damages and compensation from Argeniss? Maybe something for the legal minds out there to ponder.

Wednesday, November 15, 2006

Fairlie Rego's Blog

I came across Fairlie Rego's blog via Jonathan Lewis' blog. I looked through some of his entries and they are interesting and worthwhile. Check out his blog.

Sunday, November 12, 2006


One of the things that I like about travelling is the ability to take in local newspapers and see what's of interest to the local community.

This weekend, I'm in Seattle and looking through, not a local paper but the Wall Street Journal (weekend edition), I see that one featured article is on suits and how suit makers are trying to revive sales by using S-numbers to identify the quality of their suits. The WSJ bought 10 suits from various retail outlets ranging in price from a few hundred to a few thousand dollars and one of the higher-priced suit failed its stated S-numbers as well being less durable. The comment from the spokeperson was that the suit was not intended for everyday work wear but rather for that special occasion. Well, duh, if I am going to spend several thousand dollars on a suit, it would not be for everyday work wear...

Some folks just have too much money...advertised in the WSJ, the following property for sale at Lake Tahoe, Nevada:
  • priced at US$100million;
  • 38,000 square feet spread over 8 buildings (that's not a house but a whole town!);
  • 16 garages;
  • 210 acres;
  • 14 bathrooms with 5 half baths but only 9 bedrooms;
  • almost a mile of private drive way (0.7 to be exact);
  • 11 fireplaces; and
  • theatre room with 19 seats and a 3200 bottle wine cellar.

Wow and I'm sure that it's not the most expensive property in the world...but this broods well for the realtor as the commission from the sales is going be more than what I would make in ten years...I'm in the wrong business...

Saturday, November 11, 2006

Lest we forget...'s Remembrance Day in Canada...on this day at the 11th hour and 11th minute, we stand in silence as a tribute to those brave souls who gave their lives so that we live in a world of freedom...

...Edit: Thanks...I've corrected it...I had called it Veterans' Day

Saturday, November 04, 2006

Oracle E-Business Architecture Revisited

In one of my previous post (earlier this year), I talked about our implementation of Oracle Financials and how we migrated the infrastructure from PA-RISC servers to a split configuration of PA-RISC and HP-Itanium servers. We are now in the process of implementing some Supply Chain modules including Order Management and iStore. One of the requirements is obviously for our iStore module to be highly available (a 24x7 operation) so we will be looking at restructuring our infrastructure to ensure that our E-Business Suite implementation will be able to handle the growth and demand as we move towards a 24x7 operation.

The Maximum Availability Architecture (MAA) team at Oracle has done a superb job of documenting the various configurations of MAA for Oracle products and one of their latest was on MAA for E-Business Suite (two documents; PowerPoint presentation and Word document) which was one of the sessions at OOW 2006. Basically if you look at what Oracle has to offer in terms of high availability, you are talking RAC, DataGuard and for E-Business, multiple nodes for the application tier. The MAA team has basically set the architecture as RAC for the database servers, standby database utilizing DataGuard and multi-nodes for the application tier.

Our E-Business environment is a little bit more complicated as we will have an external facing application tier (iStore), a Single Sign-On (SSO) server which defers authentication to CA's eTrust (SiteMinder and IdentityMinder). Please see Metalink Note 287176.1 for further information. We also contracted a consultant from Oracle Consulting to provide us with feedback and recommendations and one of the key recommendations was for us to migrate our application tier from the HP PA-RISC server to Linux as the PA-RISC is end of life and provide no room for growth whereas Linux is the direction that Oracle themselves are committed to.

So, after some considerations on future direction, we decided to take the plunge and move our application tier to Linux (making use of Metalink Note 238276.1). This is currently in progress and my DBA tells me that some of the patches mentioned in the article required him to open and log a Service Request with Oracle Support in order to get the required patches. At the end of the day, we should have our R11i database still running at 10gR1 on HP-UX (Itanium) and our R11i application tier running on RH Linux on Intel including the iStore tier and our SSO server. Oh, I should mentioned that our SSO will be running on 10gAS whereas our R11i is still on 9iAS following Metalink Note 233463.1 Build 4.

I still have not totally figure out how everything is going tie in together yet to provide us with the underlying infrastructure for a 24x7 operation with the appropriate failover/switchover in case of outages at our main server room but we will be doing things in phases with the initial phase of just protecting the database using DataGuard. That is also one reason why I sought out Richard Exley of the MAA group in order to solicit some assistance as we begin our journey to bring our EBusiness implementation MAA style. I will definitely blog about our journey and our experiences with getting us to the end goal.

Thursday, November 02, 2006

Fusion Applications Screenshots pulled...

Steven Chan posted a series of Fusion Application screenshots on his blog but those have been retracted over concerns about intellectual property and/or liability about screenshots not matching actual product, etc. I wondered if they censored the recorded video of John Wookey's keynote address when these screenshots came up. Maybe they will come up with a way to wipe the memories of those attendees who saw the keynote address.

Meanwile, Kevin Closson has a very interesting entry/comment about one point of Chuck Rowzat's keynote address on Oracle Server "11g" which according Ellison is due out end of this calendar year. Chuck claims that Oracle has optimized reads to be as fast if not faster than a filesystem read and he had a video/demo of that happening where it was two bars of 11g read and a file system read. Take a look at Kevin's post and draw your own conclusions.

Wednesday, November 01, 2006

Strange things going on with Blogger

Hmm...I checked my blog and noticed that my latest entry on "Oracle Unbreakable Linux" has somehow not being published although I have received comments on the entry and it had shown up on the Oracle News Aggregator site. For some strange reason, the latest entry being shown is "Jonathan Lewis - Weblog".

If this keeps up, then I will have to consider moving the blog to Wordpress or some other blogger hosting site. Let's see if this entry gets published; if not, then it's time to move onto better things.

Anyhow, if you don't already know, some of the presentations and X-treme workshop handouts are now available for download from the OOW Content Catalog site. Check out the various presentations and there are a lot of them. I've already ordered the DVD/CD set so that we don't have to go the trouble of clicking and downloading the sessions.

Update: Clearing my Firefox cache seems to clear up the problem. Don't know why it would go to the cache considering that it does not seems to do that for any other sites.

Monday, October 30, 2006

Oracle Unbreakable Linux 2.0

Everyone who's involved with Oracle in one form or another has heard about Oracle Unbreakable Linux v2.0 which basically has Oracle Corporation making a hostile overtune to Red Hat. Now, it's v2.0, so what was v1.0?

I did a search on "Unbreakable Linux" and found the following article dated June 2, 2002 (more than 4 years ago) when Larry Ellison (Oracle), Michael Dell (Dell Computers), and Matthew Szulik (Red Hat CEO) jointly announced "Unbreakable Linux" and I am assuming that this is v1.0 since I think that was the first time that "Unbreakable Linux" was used.

What was interesting was the quote by Matthew Szulik at that time, "Boy it feels awfully good to get here, I guess you could call this an 'Unbreakable' partnership." Boy, I would say that's putting your foot in your mouth or famous last words given "Unbreakable Linux v2.0".

What would be challenging is how Oracle is going to syncronize the new RH releases with what they already got since what Oracle has is no longer RH. If you check the current Linux downloads at Oracle's website, you will see the installation has no traces of RH logos (after all, they won't be able to do so without RH filing suit) so in all practicality, Oracle is offering their own Linux distros. If Oracle releases a patch to RH AS 3 or AS 4 but that patch never made it to the formal channels of Linux mainline coders, then what would that make the patched RH install? Definitely not RH anymore nor it be Open Source since the patch is not part of the Open Source Linux code base.

How about if I switch over to Oracle support and am running RH AS 4 and after patching, I'm no longer RH AS4 (let call it OUL AS4a) and RH releases AS4.5 without the patch, how do I get my install to syncronize with RH AS4.5? Probably not until Oracle can extract the AS4.5 bits and supply a patch update to bring my install to OUL AS4.5a assuming that nothing else will break.

All in all, very interesting and I think Oracle chose RH because that's the market leader and doing their own Linux distros is an uphill battle as they would have to convince existing RH customers to switch which is likely to succeed when pigs can fly. This way, they can probably and quickly grab a share of the Linux market riding on RH coat tails.

Only time will tell whether "Unbreakable Linux v2.0" is successful and what "Unbreakable Linux v3.0" would look like. To quote "May we live in interesting time" and I think we are and who knows, a decade from now, we would look back and marvel at the audacity of Larry Ellison much like when Oracle came on the market back in the late 70's.

Sunday, October 29, 2006

Jonathan Lewis - Weblog

I saw from Tom Kyte's blog that Jonathan Lewis finally bit the bullet and decided to give blogging a try. So far he has three interesting entries and he is definitely one that you would want to track if you are involved in any Oracle technologies. Having said that, his regular website is still a must for Oracle pundits.

Welcome Jonathan!

OOW 2006 - Swag...

Swag or freebies or spoils of the conference. Actual meaning was "Goods acquired by unlawful means"...but in this case, goods obtained from OOW.

For those alumni attendees, if you are the first 3,000 registrants, you will get an alumni jacket. which I think looks great (at least on the folks wearing them as I have not worn mine yet). If you are registered in one of the X-treme programs, you will get an t-shirt just like what Henry Collingwood wore at the Blogger's Meetup.

Obviously there were tons of free t-shirts, pens, stick-it notes. Microsoft was giving away their Vista RC1, SUSE gave away their SUSE Linux 9 (180-day evaluation) and ditto for RH with their AS 4. The vendors prizes included (on top of the regular notebooks/laptops and iPods) HDTV televisions, a Harley-Davidson motorbike, a Vespa scooter and a Segway which Eddie Awad tried. Unfortunately I did not win any although if I had, I probably would have to turn it over to my employer as there are rules in place to discourage government employees of accepting gifts from ventors over a certain amount ($20 in my case).

Oracle gave away free "Unbreakable Linux" t-shirts, mousepads and stickers after Larry Ellison's keynote amongst other items. One item that wasn't officially on any freebies was an Oracle logo blanket which were handed out during lunch at certain locations as the weather was nice and sunny so that the attendees could actually use the blanket to sit on while they eat their lunches. A couple of years ago, it was an Oracle logo golf umbrella.

I managed to collect 4 leather wallets from Oracle which I have given to my team of DBAs and System Administrators along with t-shirts. They can't say that I don't have their interests at heart...;D

Saturday, October 28, 2006

OOW - Wrap up

Thursday was the last day of the Conference and there were no keynotes scheduled other than sessions. The exhibit halls opened at 10 and closed 3 hours later at 1 pm. Most attendees were all checking out of their hotels and getting ready to go home, some will stayed and enjoy playing tourists.

The highlights at OOW for me are:

  • the release of E-Business Suite Release 12 with its new look;
  • the announcement of Oracle Unbreakable Linux, basically wiping 17% off of Red Hat's stock price the next day;
  • the roadmaps for Oracle products including Fusion Applications and Server 11;
  • the Elton John concert;
  • the keynotes; and
  • last but not least, the Bloggers Meetup.

  • All the keynotes are available for download in almost all formats. The sessions notes will be ready for download within the next 4 weeks or so. With over 1600 sessions, well, it's gonna take a while so I've decided to order the Conference DVD/CD set instead.

    Next year's conference is scheduled for Nov 11th although the venue is in question as it seems that OOW has grown so much that it might be too big for the Moscone Centre. Rumours are Vegas or Orlando being places with big enough convention space. Me, I'm betting that it will still be in San Francisco as the revenue is something that the city would probably do not want to lose.

    In closing, this year's last day saw some drama where some of the street folks managed to get hold of attendee badges (probably from the trash after the attendees had discarded them) and got into the building. One wandered around the second level of Moscone West picking up empties. If he had gone up one level, he would have been able to get his hands on the rest of the refreshments being wheeled out at 2:45pm. Another was seen dashing out with an army of security personnel in tow. Now, he was still holding onto a cup of coffee but I doubt that it was a cup of coffee that initiated the pursuit. So, bit of advice for next year; if you are going to discard your attendee badge, put the pocket guide into the recycled bin, the plastic badge holder with the badge can be left at the Registration desk. I kept my badge as a souvenior.

    Thursday, October 26, 2006

    OOW - Day 4 (Wednesday)

    Boy, it sure is getting harder to keep track of the days and my apologies for the delay in getting this entry off.

    The big news, obviously, was Larry Ellison's keynote and in a nutshell, Oracle will now offer Enterprise class support for RH Linux and this is applicable to all RH customers not just Oracle customers running RH. Please check the following blogs for more details (no point in me repeating what has already said): Amis Blog; Andrew Clarke; IT-Eye and Oracle Linux

    My own sessions consisted of attending Jonathan Lewis' presentation on "Recent Improvement with the CBO" which was very, very good. Lots of food for thought and he provided convicing arguements on why you should always upgrade.

    My second session was on "Identity Management with Oracle E-Business suite" which was a terrible, terrible presentation. The speaker definitely needs to work on his presentation and actually try and provide better information that what was attempted. It's too bad as customer-based presentations are supposed to be a good source of sharing experiences that you can take back to the office and work.

    The next session that I attended was on "Securing your E-Biz Suite" and nothing new there other than the reinforcement of utilizing the two key Metalink articles on securing the EBS. The two articles are entitled "Best Practices for Securing your E-Business Suite" and "Setting up E-Business in a DMZ".

    My last session of the day was on "The making of the 10g:Faster and more Scalable" and it was an interesting session where the Oracle product manager highlighted some of the areas that they focused on when developing 10g. I will post more details on this when I get back to the office.

    Wednesday, October 25, 2006

    OOW - Rocketman!

    Wow! Elton John was fantastic but now I got "Rocketman" running through my head even the next morning...Urgh! Tuesday was a very productive day as I found the sessions to be extremely informative and to top it off with the Blogger Meetup followed by seeing Elton John perform is just the icing on the cake.

    The day started off with Thomas Kurian's keynote and it was very informative although unfortunately the in-house TV where I was watching from (OTN Lounge) cut off just as he was beginning to talk about WebCentre. One tip that Thomas advised folks is to build new web services or web service-enabled their legacy applications. This is actually one tip that I hope the Application Group at my work will take to heart as one of the manager there is pretty set against it. Workflow Manager (as you probably heard already) is obsolete to be replaced by BPEL Process Manager but Oracle has no intention of converting the Workflow Manager lists over to BPEL. Thomas also spoke about the Enterprise Service Bus which will tie services together and there is a new set of Business Intelligence tools (10gR3).

    The next session that I attended was on High Availability for the upcoming "11g" by Juan Loaiza. I doubt if the final name for the next release will be 11g but that's what was being referenced for a lack of a better name. Juan did an excellent presentation highlighting the direction that was taken which was to focus on maturity and stability of the HA components of the Oracle Server. ASM has been enhanced to be able to repair corrupted blocks utilizing data from the mirrored copy and ability to freeze I/O to unavailable SAN and replay those writes later when the SAN becomes available.

    Secured Backup (which I still think is not ready for primetime yet) will skip UNDO and thus speed up the backup time and reduces the size of the backup. The selling feature is that it only cost $3000/tape drive and no charge if you back up to drive (via virtual tape drive). There is a "new" Data Repair Advisor which will provide analysis and recommend recovery solutions. Data corruptions can be detected and prevented via Ultra-Safe mode but uses more hardware resources (CPU cycles increases by 10 to 20%). There is also buffer integrity and block contents checking.

    Improvements to Dataguard includes the ability to do real-time query on a Physical standby and will support RAC on Primary and Standby databases and the ability to handle all data types. A new standby type (Snapshot) will be available and can be leverage for use in testing which will allow the customer to discard the writes/changes done during testing and applying the redo logs generated by the Primary during the testing period. This will be done via one command, "Alter database conver to Physical Standby;" The HA team has also optimize failover so that it happens as fast as can be done. SYS is no longer required for redo shipping. If you recall, current DataGuard setup requires that the Primary and Standby database MUST have the same SYS password in order for the Redo Apply to work.

    Other features includes Proactive Patching, Online Patching, Rolling DB upgrades using Physical Standby. The Online Patching provides the ability to apply one-off patches while the instance is running and is currently only available on Linux and Solaris. A key Fusion Application initiative is to provide online Applications upgrade which would be a huge plus for Oracle Applications customers. There is also Edition-based redefinition (versioning of db objects other than tables), easier and faster to add columns with default values, "invisible indexes" where new indexes can be created but not available for use right away. Lastly, there is no need to recompile dependent objects when the base object was modified.

    The next session that I attended was on MAA for E-Business suite. The MAA team has managed to identified and documented the process and procedures to move from a single EBS instance to a highly available and robust infrastructure consisting of RAC and standby databases. It is still a work-in-progress and the paper should be available on the Oracle website (do a search for MAA with E-Business). We are looking at doing something similar with our EBS implementation and I will be in touch with the MAA folks on further details.

    The final session that I attended was on Tuning the E-Business suite and it was a long presentation but a very useful one as it provided a lot of suggestions on areas to look and tune. The only problem was that I couldn't stay for the end as it went way over the allocated time. For those who wishes more details on what was suggested, please let me as there are a lot of suggestions. Thankfully it was the last presentation of the day as everyone was getting ready to head out to the Cow Palace for the Conference Gala Appreciation event. I on the other hand, have to head out to the Bloggers Meetup at the Thirsty Bear but needed to head back to hotel to change and pick up my pass for the Gala event. Talk about a series of unfortunate events, when I got back to the hotel, I was told that the buses would not be running back to the Conference centre and I will have to make my own arrangements. It was suggested that the cable car would be the quickest and I headed over to the stop only to be told that the system has broken down and a shuttle bus is on its way. 20 minutes later, it was suggested that I should go up a block and catch the #30 bus and 20 minutes, the shuttle bus showed and I had ran the block in order to catch it. Needless to say, I was about 35 minutes late for the Meetup and thankfully most folks are still around. It was great finally to meet the folks who I have been reading but Tom Kyte did not managed to show and Sue Harper had left. Mark Rittman was very gracious as the host and I got to meet and chat with Lewis Cunningham, Eddie Awad, Mike Siebert, Tim Hall, Dimitri Gellis, Lucas Jellema, Andrew Clarke, Henry Collingwood, Laurent Schneider just to name a few. We had folks from New Zealand, Belgium, Holland, Canada, US and the UK.

    The evening was topped off with some of us heading to the Cow Palace to listen to Elton John and we chatted more during the ride to the venue. Overall, a great evening. Oh, for pictures, please check Eddie's blog and Mark's blog.

    Tuesday, October 24, 2006

    OOW - Monday (Day 2)

    I guess that it is officially day 2 of OOW 2006 as Sunday was considered to be the first day with Charles Philips kicking off the opening keynote. I didn't managed to make it for Hector de J. Ruiz's (AMD) keynote but caught the last part of it. I was interested in Chuck Rozwat's keynote and I gotta tell you that he usually peppered his keynote with hooky videos usually of him and other Oracle employees doing something silly to emphasize a point. Chuck mentioned 11g Server is in beta and they have incorporated 482 new features. Some of which included better patch/change management (hot patching), new snapshot standby (as compared to physical and logical standby), workload capture & replay at the database and SQL level, and online application upgrade with no impact on users when applying changes.

    The theme this year is "Better Information, Better Results" so the set of "utilities/tools" are Oracle's Content DB, Records DB, Secured System Search, Business Intelligence, Application Express, Spatial DB, 10gR3 Grid, Fusion Middleware and Warehouse Builder which is now part of the Oracle Server Enterprise Edition.

    I've learned not to go to the keynote hall to attend since getting and getting out after the keynote is a hassle. Best bet is to find one of the TV monitors where they feed the keynote and you can sit either on the floor or if you are lucky enough, find a beanbag or chair.

    Two of my sessions are on Roadmaps and Trends for the E-Business suite (Financials and Supply Chain). Not totally what I expected but did get more information on Release 12 of Oracle E-Business and the upcoming Fusion Applications. Since the theme was better information, the focus was getting better information to the business in order for them to make the right decision and the right time with the right information with improved foorecasting accuracy, demand insight, single Tax engine, consolidated Bank model, etc. The Fusion Applications will be built on top of the E-Business R12 data model so naturally some questions are of "do I have to be on R12 to upgrade to Fusion" type and the answer is no if you are on 11.5.7+ onwards. It all sounds pretty exciting and with my employer totally in bed with Oracle E-Business, it is going to be a learning experience for me and my guys to quickly come up to speed with the changing role (from pure DBA to Application DBA).

    One of the last sessions that I attended today was on DataGuard: Customers Experiences (Tips and Tricks). There were three customers who discussed their experiences with DataGuard and how well it works. Pretty standard stuff from what I had experienced with the DataGuard X-treme program but I do have a question that I will need to get answered when I get to the DemoGrounds today. It's not how switchover/failover happened but actually how my application will recognize that switchover/failover has happened and there is no loss of connectivity or that the users will have to disconnect (from the failed database) and reconnect to the new Primary. One tip was ensuring the password for the SYS schema MUST BE the same amongst the Primary and the Standbys (in Eli Lilly's case, they have 7 standbys).

    The evening finished up with us attending the Pacific Northwest Oracle customers appreciation event at the St. Regis Hotel (a very nice hotel) but we had to cut out since we wanted to attend OTN night at the Westin St. Francis. It was a fun night with a game for the technie folks and I gotta tell you that none of the contestents did very well with answering questions about Oracle products. You have to wonder about the quality of Oracle eductional courses but I gotta admit that I was stumped on a few of them too. Some questions are too vague and I actually like the old format better where they actually use questions from the OCP exams. Overall it was fund and I met some great folks and I am looking forward to Tuesday as the main event for the evening is the Elton John concert at the Cow Palace plus the Blogger meetup at the Thirsty Bear.

    Sunday, October 22, 2006

    OOW - X-treme Program Day 2

    Today's session is much, much better than yesterday's. The focus today was on DataGuard and the hands-on lab repeats but in a good way as things are shown and done via Grid Control and then done via the Dataguard command line utility. I like it.

    We had to configure and set up the Primary database for standby with the various failover, switchover scenarios utilizing fast-failover and so on. It was a great session and the hands-on labs were good as they take you through the steps of configuration and then actually prove to you that the standby database is actually receiving the changes from the Primary. We are planning to implement DataGuard for our E-Biz implementation as an initial step and once that's is done, the next step is to focus on RAC to provide higher availability and then on to the application tier with multiple nodes for improved throughput and availability.

    Charles Philips provided the keynote to kick off the event. It was kind of hooky as he also took the opportunity to introduce Oracle Corp as the new sponsor of the Golden State Warriors (National Basketball Association) arena and this was followed by Judy Sims providing attendees with a rundown of this year's event with an estimated 41,000 registered attendees, 1600+ sessions, half a million pounds of freight, 187 buses to ferry the attendees from the hotels to the centre. Charles Philips mentioned that Oracle has three core businesses; Database, Middleware and Applications. He also got two of his executives to come on stage to demo the new Oracle Accelerate program. Apparently Oracle has a new website that customers/implementers can utilized to quickly and easily configure their new E-Biz applications utilizing a series of questions and answers with templates. That sounds very promising and is something that I will be checking out when I get back to the office.

    The Welcoming reception sponsored by NetApp was okay but I didn't stay long, instead opting for the IBM Canada event in the Marriott.

    Monday is going to be a busy day going from 8:30am right up to 5:45pm to be following by a couple of cocktails events and then the big event for the night; OTN Night which this year is at the Westin St. Francis hotel right by Union Square. I will blog about that tomorrow.

    OOW - X-treme program

    Arrived in San Francisco around 6pm local time. Took longer as the flight didn't get out of Vancouver until 3:55pm and my colleague's luggage actually made it to SF before he did and we didn't know until all the luggage from our flight were taken leaving us standing around the baggage claim area wondering what's going on.
    The Hilton @Fisherman's Wharf is a nice hotel and the room is big but unfortunately it looks like there won't be time for me to enjoy the room too much other than to sleep. Only downside is that there is no swimming pool at the hotel.
    So, I'm in the two-day X-treme program and I've chosen Building Highly Available Environments with Oracle Database 10g as my choice and yesterday was the first part where we were shown the Flashback feature, followed by Recovery Manager and then Secured Backup (with encryption). How are all these features considered "High Availability"? Well, they do contribute to minimize downtime but heh, I wouldn't classified them to be "high availability" features. They minimize recovery time but the database or objects in question are still unavailable while being recovered.
    As for Secured Backup, I would wait as I think it is still pretty much first release with first release features. The good news is that a second release (10.2) is in the works and should be ready pretty soon. Hopefully the second part of the session would be good as it deals with Data Guard which is one feature that we want to implement for our Supply Chain business.
    More and more delegates are here as tonight is the official kickoff of OOW and I have already seen Don Burleson hanging around outside smoking.

    Tuesday, October 17, 2006

    Limited free X-treme passes for OOW attendees

    I see on Steven Chan's blog that Oracle has a number of free passes for OOW attendees to take one of the X-treme program (scheduled for Sat/Sun before the official openning of the conference). For government/public sector employees, it's a little bit tricky as most of them do have a policy against receiving goodies from vendors. I am already registered for one of the X-treme program and for $650, I think that's a great deal.

    Friday, October 13, 2006

    8.4 Billion Hours and other numbers

    8.4 billion hours. That's a huge number of hours. According to the US Accountability Office, that was the estimated number of hours that US citizen spent in filling out paperwork (such as tax returns) required by the government for 2005. That's just plain wasteful. If you think about it, assuming that each hour is worth $5.00 (very low end), you are looking at $42 billion just in filling out paperwork. I personally think that a better way is to tax at source and not worry about paperwork. Sure, you are going to have folks who would earn money on the side without declaring (which you do now, anyways) but if the penalties are structured so that it is really not worth the effort to not pay taxes, I'm sure over 90% of the folks wouldn't look at tax evasion.

    Another number; 654,965.

    According to the Vancouver daily press, this is the number of people killed since the US invasion of Iraq three years ago. That's more than the entire population of the city of Vancouver. Scary and really sad.

    10.56 Billion.

    Amount that college students (in the US) are expected to spend on electronics for 2006. Wow, in my college days, I would be lucky to even be able to afford to buy a stereo system.

    5.9 Million.

    The number of Sony-made notebook batteries that were recalled because they could catch on fire. Locally, a condo complex caught fire and suffered $2 million (estimated) in damages because a notebook left on a glass coffee table got too hot and shattered the glass top and fell on top of some newspaper which ignite and started the blaze. Luckily no one was killed or injured as the fire occurred in the early evening.

    50,000 Attendees.

    The estimated number of attendees expected at this year Oracle Open World...see you all there.

    Thursday, October 12, 2006

    More blogs added to the blog roll

    You will see that I have added some of the regular blogs that I check out every so often. For me right now, the one that I keep on top of is Steven Chan's blog which deals with the Oracle E Business Suite and Technology Stack since my organization is busy implementing the application for our Supply Chain folks.

    Sunday, October 08, 2006

    Recent Interviews...Embellishment of resumes

    No, I was not the one going for interviews but rather was doing the interviewing. We were looking for a Senior Oracle DBA on a 7-month contract to come in and back-fill for one of our DBA (who will be almost full time on a project). Anyhow, I had hope for someone who has more than 5 years of solid Oracle DBA experience supplemented by 2 to 3 years of Oracle Application DBA work.

    Anyhow the responses are mixed and I can tell you that it wasn't easier finding someone who has both solid Oracle DBA AND Oracle Application experience. Potential candidates either have only Oracle DBA experience or just Oracle Application. One of the things that I found in going through the resumes and conducting the interviews was that the resumes were "padded". By "padded", I meant that it makes the candidate sounded more experience than they actually are. The candidates are not lying at all but things like "experience with implementing backups/recovery procedures" could turn into (when questioned) "yeah, well, the team that I worked in did the implementation and my actual role was actually run these backup and recovery scripts" or something to that effect. Now I would not say that the candidates were lying but rather their resumes were embellished.

    I don't know if this is the right thing to do but I would not want to do that as I think it would come across as not being upfront about it. This is, of course, not just restricted to resumes but also to profiles/biographies of folks (sometimes folks listed as Executives, Directors of organizations). I have seen profiles/bios listed on the company's website of folks that I know and their work experience and I know that what they actually did was not exactly what was listed.

    Another example was a consultant that I knew and he had listed himself (after becoming an Executive for a new startup) as being the youngest Director on the board of a big multi-national organization but the truth was far from that. The actual fact was that he was on a Board of Directors but not for the whole organization but rather for a specific project (much akin to a Project Steering committee).

    Bottom-line: Be very aware that what is listed on a resume could very be embellished to make the candidate appear more experienced and have greater responsibilities or bigger role than what they actually did.

    Saturday, October 07, 2006

    It has been a while

    Seems that I never managed to get solid time to sit down and get this blogging going again. Things have been crazy at work with a new Supply Chain implementation project starting and we actually lost complete power to our server room twice in Sept. This is on top of the one on July 5th, details here. On Sept 11th (yes, 9/11 - talk about karma), an electrician working on installing new power outlets, short-circuited one of the new outlets which in turn created a loopback or something like that which caused our main GFCI (Ground Fault Circuit Interrupter) to kick in before our breakers could. This in turn caused a surge to our centralized UPS which shut down in order to protect the equipment downstream. No power and no UPS, down goes the servers. We eventually got power restored and managed to have all systems up and running by around 9pm (about 12 hrs later). And while recovering from that outage, three days later, an accident on the street took out the transformer and we again lost power to the whole building including the server room. Thank goodness, the UPS kicked in this time and we are able to gracefully shut down all systems/servers until power was restored. Things came up pretty well and we were done by around 3pm. We still got to finalize the recovery process as everything was still pretty much in flux. One thing that worked pretty well was to designate someone as the "incident commander" and have this person drive the whole recovery process which included communication to the various affected business areas.

    Hopefully that was it for us for a long time. I will try and keep regular updates and I think for the Oracle Open World, it might be best if I do blog each day so that I don't forget what was done as I will need to debrief our IT guys when I get back from the conference.

    Friday, September 22, 2006

    Oracle ACE of the year (2006)

    I haven't blogged for a while but I have thought about all the topics and so on and never got time to do anything with them.

    Anyhow, just want a quick shout out to Tim Hall who has been named Oracle ACE of the year (2006).

    Congratulations Tim!

    Thursday, August 17, 2006

    Oracle Open World 2006

    So it's official. I'm heading to OOW2006 this October and looking forward to it. I've been before and if you are new, it's a bit overwhelming as you get this sea of people frocking from one session/building to another.

    There are over 1300 sessions this year and with each session averaging one hour and a break of 15 minutes in between. The last time I was there, it took almost half an hour to get all the registered attendees into the more popular sessions so the 15 minute gap might not be enough. Some notable bloggers includes Tom Kyte, Jonathan Lewis, Andrew Clarke, Steven Chan, Steven Feuerstein, just to name a few.

    One of the things that struck me was that Oracle sent out their Conference Builder link to registered attendees but I was not able to log in until a day later. An email to the support contact did not result in any response. I have finished my conference schedule and unfortunately I am missing Tom Kyte's session on "Database worst practices" as it conflict with another session that I need to attend as it pertains to the usage of Oracle technologies in my organization.

    This year, the Conference social event is featuring Elton John and scheduled for Tuesday evening so that should be a blast. There's a welcome reception being hosted on Sunday evening and I would think that Oracle Canada is hosting a reception for their Canadian attendees on Monday evening although there is OTN and Oracle Develop that same evening so maybe the Canadian reception might be on Wednesday (last evening of the conference).

    It's going to be a long week as I would like time to attend the vendor booths to see what they have to offer and also to pick up the usual assortment of swag (t-shirts, caps, mugs, etc.)

    For those of attending, come early or stay later to enjoy the sights of San Francisco. I will be flying in Friday evening and then attending the X-treme sessions on Saturday and Sunday so will probably have minimum free time to take in the sights before heading home Thursday evening. I've been to San Francisco a number of times already so that's not a priority for me.

    Sunday, July 09, 2006

    The night the lights went out in the server room.

    Well, it had to happen. We lost complete power to our server room Wednesday morning. Kaput! Wished I could say that we were prepared and the failover process kicked in and we were humming along just fine.

    Nope. No such luck. We do have a newly installed centralized UPS which replaced our individual server UPSes. The problem was that the new UPS was not fully configured to gracefully do a shut down of our servers if power was not restored within an acceptable timeframe. Apparently power failure occurred around 5:45-ish am but because we are not a 24x7 operations, nobody knew until the first shift started at 6:30am even though alarms were beeping. The culprit was the circuit breaker for the power coming into the UPS which in turn powers all of our servers. The power in the rest of the building was just fine.

    It took us up to 5:00 am the following morning to recover all servers and verified that all systems (with some exceptions) were a go and that interrupted processing were rolled back or at least recovered. That’s a total of almost 24 hours of down-time! Good thing we are a government organization otherwise we would have been out of business. The biggest impact was to our Distribution business areas where we had to send the warehouse folks home since they are unable to work without the systems but we were able to get the stores full operational by 1:00 pm (when power was restored). The stores were able to function prior to that with the exception of being able to take customer gift cards since the validation of gift cards are done by a third party but transactions are routed via Head Office which was down because the network hub and switches are also located in the server room.

    The recovery process should not have taken so long but there were instances where nothing could be done other than to wait. For example, it took a while for the electrician to pinpoint the circuit breaker as the culprit and then he has to go offsite to get a replacement circuit breaker and it was 1pm when power was restored. Once that huddle was dealt with, it was time for the systems folks to get down to work. During the wait for replacement circuit breaker, we worked out the priorities and tasks needed for recovery identifying the order that servers/systems needed to be brought back online. We had also contacted our vendor support to give them a heads up and also to reduce the turnaround time if we do need their support and assistance. Unfortunately one of them did not come through as needed which further delayed our recovery process by at least two and a half hours.

    To add to our woes, our SAN management servers crashed while we were recovering so that set us back another hour or so. The systems were functional by around 11pm or so and the verification began and didn’t finished until 4:45am! By the time I head home around 5:15am for a shower and change of clothing, we were almost fully functional except for two of our systems which are non-critical and we were back to “normal” by 10am. So the total down-time from powered down to “normal” was from 6:45 am to 10am the following day for a total of 27 hours and 15 minutes! Imagine that! There will be definite changes once we completed our post-mortem review but it was quite an

    Saturday, June 24, 2006

    Burleson's DBA Forum Hacked

    Surprise, surprise. I received an email claiming to be from Janet Burleson with regard to my account on their DBA Forums ( The title of the email was "HACKED (Oracle DBA Forums)" and here's the text of the email.

    Received: from ([]) by ;
    Sat, 24 Jun 2006 10:44:12 -0700
    Received: from nobody by with local (Exim 4.52)
    id 1FuCAt-0007Iq-1r
    for ; Sat, 24 Jun 2006 12:44:03 -0500
    Subject: HACKED ( Oracle DBA Forums )
    MIME-Version: 1.0
    Content-type: text/plain; charset="iso-8859-1"
    From: "Oracle DBA Forums"
    X-Priority: 3
    X-Mailer: IPB PHP Mailer
    Date: Sat, 24 Jun 2006 12:44:03 -0500
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse
    X-AntiAbuse: Primary Hostname -
    X-AntiAbuse: Original Domain -
    X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
    X-AntiAbuse: Sender Address Domain -
    X-Country: US
    X-UIDL: 449E1620.A.583


    Better luck next time

    Oracle DBA Forums Statistics:
    Registered Users: 4410
    Total Posts: 1
    Busiest Time: 121 users were online on 2nd May 2006 - 06:43 AM

    Handy Links
    Board Address:
    Log In:
    Lost Password Recovery:

    So, is it true that the DBA Forums got hacked or was it a phising attempt? I went to the site by typing in the URL (not clicking on the link specified in the email) and everything seems okay. I don't think it's a phising attempt as there is no value in stealing a forum account unlike PayPal where there is money involved.

    Saturday, June 03, 2006

    Our current E-Biz work

    In one of my previous entry, I talked about the licencing pricing that we had to get in order to ensure that our Oracle Financials implementation is properly licenced and for the future, our Supply Chain components too.

    So, as a result, we had to migrate our existing Oracle Financials environment from a two server box to new servers (properly sized to meet current and future needs). Well, you would think that it's a no-brainer after all there are a lot of documentation in Metalink that show how an E-biz suite install can be "rapidly cloned" to new infrastructure, right? Errr...not really as it depends on the hardware involved and the nature of the "move".

    In our case, we are moving from HP-UX (PA-RISC) to HP-UX (Itanium) and with Itanium in the picture, things gets a little bit complicated. Let me paint you a picture of what we current have. We currently have a separate server for the application tier which is a PA-RISC HP-UX server and it has everything except the database, the Concurrent Manager and the Reports Server which are on another PA-RISC HP-UX server. We want to move towards a totally separate database server without the Concurrent Manger and Reports Server which should be moved back to the application tier.

    Since HP do not plan to carry the PA-RISC processor line beyond this calendar year, it does not make sense for us to keep our database on the PA-RISC server. Instead, we intend to move it over to one of the new Itanium servers and we would have loved to also move the Application tier to another Itanium server but unfortunately that has not been certified by Oracle yet (64-bit code). In this situation, we will be running the E-biz suite in what Oracle term a "split configuration" with the application tier on a PA-RISC server and the database tier on an Itanium server. Metalink has lots of articles on the various configuration including an FAQ. To further complicate things, we also want to upgrade the database version from to (10gR1). You might well asked, why not 10gR2? It's just that eventhough 10gR2 has been certified on the Itanium HP-UX server, E-biz itself has not been certified on the 10gR2 HP-UX split configuration although it has been certified for Linux Itanium. Go figure. Oracle plans to have the complete E-biz suite certified for HP-UX Itanium before the end of the calendar year.

    Back to the approach that we are taking. First we have to do a merge since we are going from two application tier servers to one (remember, the Concurrent Manager and Reports Server are on a different server than the rest of the application tier). Since we are also moving to new hardware too, it will also be a clone and a database migration (to the new Itanium server) and finally an upgrade from to Whew! That's it. As part of the database upgrade, we will also need to follow the steps listed in the 10g Interoperability article. The challenge is that although Oracle has posted metalink articles on how to do each of these scenarios, nothing has been posted on how to do them all in one go so we are working out the timing and we will have to compress the actual work that needed to be done for final cut over as we probably only have a 48 hour window (the weekend) to shut down the existing Oracle Financials production environment, cut over, verify and start up the new environment for use come Monday morning.

    It's all pretty exciting and we have already ran into obstacles and challenges which is a very good thing as it provides a fuller learning experience than if everything goes smoothly.

    Once we are done in mid-July, I will provide a more detailed post on the actual steps that we took and the miscellaneous problems that we ran into.

    Update June 9/06: I should note that this entry is a result of the work done by my team and the Oracle consultant who was contracted to help us with the migration.

    Thursday, June 01, 2006

    Yellow whiteboard markers & Oracle CPU

    What's with the yellow whiteboard markers? You can hardly see them on the whiteboard and who ever came up with that colour schema should be taken out back and shot!

    Most of the time, all the darker colours (black, blue, red, green, orange, purple) are used first leaving Mr. Yellow all by himself and full.

    On a different topic, I see that Pete Finnigan has spent about 6 blog entries talking about Oracle's Chief Security Officer, Mary-Ann Davidson, interview in the press about the "patch mentality" and the follow-up responses from various folks to her comments. I think she's right. Look at the current Oracle CPU process being released quarterly. It's almost unworkable as you would probably spend the first couple of weeks going through the CPU notes and then another two weeks to work out the patch process (i.e. ensuring that there were no errors in the documented steps), another two-three weeks testing out the patches and then another four-six weeks applying the patches to all of your databases and then the whole cycle starts all over again. I can't see an normal organization doing that where every three months, you go through and apply patches to your environments trying to keep ahead of the hackers who probably already have zero day exploits (considering that we also have security researchers selling zero day exploits information).

    Right now, we are trying to streamline our patch process so that we minimize the work and effort required while at the same time, ensuring that we are on current with patching.

    Sunday, May 28, 2006

    Project Lockdown - Phased approach to securing your Oracle environment

    Arup Nanda has written a four-part paper on securing your Oracle environment using a phased approach, Project Lockdown as it is called is available on OTN. I have not yet finished going through all four parts but so far, it is a pretty good write up although there are sections that I thought Arup could expand a little bit more and some that I don't totally agree with.

    For example, changing default passwords and how passwords in Oracle are maintained could be expanded to include the fact that the username and clear text password are concatenated together as input for the one-way encryption so that if you set the SYS password as TEMMANAGER then you will get the encrypted value for the SYSTEM default password. I also don't agree with limiting the SYSDBA login as suggested. I think a better way is to forcing the DBAs to have individual accounts and doing a su to the Oracle account. The SYS and SYSTEM database accounts then can be secured by setting the encrypted password value to a constant string that will never be equated to by the encryption algorithm. I talked about this in my previous post.

    Anyhow, what I wanted to point out in this entry is that the article is worth the read and a lot of the suggestions are very good suggestions and should be followed wherever possible according to your organization's needs and requirements.

    A couple of good sites includes Pete Finningan and the Center for Internet Security

    Friday, May 19, 2006

    SYS and SYSTEM user accounts

    For those of you who are Oracle DBAs (in fact, if you deal with Oracle RDBMS), you know that by default, the SYS and SYSTEM accounts are created when a database is created. You know (or should know) too that Oracle Corp recommends that these accounts should not be used for daily administrative tasks:
    "It is suggested that you create at least one additional administrator user, and grant that user the DBA role, to use when performing daily administrative tasks. It is recommended that you do not use SYS and SYSTEM for these purposes."

    The other part is to secure SYS and SYSTEM so that no one can access these accounts without first having to change the passwords. The accounts can be secured by setting the encrypted passwords to an uncryptable value by utilizing the undocumented command of ALTER USER IDENTIFIED BY VALUES "password". e.g. ALTER USER SYSTEM IDENTIFIED BY VALUES "unbreakable" would set the encrypted password value to "unbreakable". This effectively prevent brute-force password guessing as there is no way that the cleartext login credentials will be encrypted to the password value specified.

    Now, I am curious to know how many organizations are actually following Oracle's recommendations and issuing individual DBA accounts and securing the SYS and SYSTEM accounts. I have had discussions with one of my DBA on these very issues where he insisted that it is almost a daily occurance where he has to be logged as SYSTEM to do his work. My counter arguements had (still are) that SYS and SYSTEM should only be required if there are reconfiguration work that needed to be done where the DBA role does not have the required privileges.

    As of today, we are still not further ahead with implementing individual DBA accounts but the plan for me is to push ahead with the change and know that there will be times when it might cause my DBA some additional steps to get certain things done.

    Saturday, May 13, 2006

    A tribute to Cecilia Zhang

    Pic of Cecilia Zhang

    Haven't blogged for a long while as I've been pretty busy and actually needed some down time after work. Anyhow, just wanted to pay a tribute to Cecilia Zhang. Cecilia Zhang was a 9 year Toronto girl who was murdered over two years ago. She went missing from her home (taken in the middle of the night from her bedroom) by a very selfish young man who wanted to ransom her for $25K in order to pay for a sham marriage so that he can continue to stay in Canada instead of returning to China after doing poorly in his studies. He has pled guilty to second-degree murder which carries an automatic life and has since been sentenced to 15 years in prison without parole so he will be 38 years old before he can apply for parole. So much for not wanting to lose face.

    As a tribute, I'm re-posting the Sherry Xu's victim impact statement at the young man's sentencing hearing. I can only say that I cried and held my kids tight after reading the statement.

    My name is Sherry Xu. I was born in China. After my marriage to Raymond Zhang, a beloved daughter was born to us on March 30, 1994 and we named her Dongyue Zhang. Her English name was Cecilia.

    I understand that this video recording is very important. I need to tell the judge and all those present how we spent the 161 days and nights since our daughter disappeared and until we discovered she was killed; that's how long Oct. 20, the day Cecilia was taken, is till March 27, the day Cecilia was found: 161 days. From that horrible discovery until today, how we spent these 720 days and nights, that's how many days it's been from March 27, the day Cecilia was found, until today: 720 days and nights, and how our family sank into a deep abyss. But please forgive me; I am unable to do this.

    Here's where Sherry broke down wept before gathering herself to continue.

    I am unwilling to talk about my pain; unwilling, because even being misunderstood, mistrusted, and slandered is nothing. What kind of pain can compare with the agony of facing death? Cecilia can no longer speak. Who can tell me what kind of pain she had endured? Who can tell me? Cecilia was only nine years old, but she had to face murder totally alone. As a mother, I gave birth to her, but I was unable to protect her, so what face do I have to talk about my own pain? I cannot.

    I am unwilling to talk about my pain. I cannot tell the whole world my agony, and allow my beloved family and friends to experience once more the sadness my suffering has brought them. I have lost my only flesh and blood, and her departure has hurt all the hearts of those who loved her; there has been too much suffering in this extended loving family. I can no longer withstand the tears and sobbing of the elderly grandparents, I cannot bear the looks of older brothers and sisters that are filled with sadness and pity. I am fully convinced that happiness can be shared, but pain can only be borne in silence. I am reluctant for my relatives to suffer again, and I cannot bear to watch the sorrow of my beloved and loving relatives. I cannot ever bear to talk about my feelings about Cecilia with my husband, who is the most intimate person that I have in this world. Neither of us had any will left to live after talking about it once in 2004. Therefore, I cannot talk about my pain, because I have no strength left to bear the consequences of being so open.

    I only want to say a few words for Cecilia. Spring has arrived. Looking at nature springing back to life, the lovely green lawns and beautiful flowers, kids playing on the lawn; where is my Cecilia, where is she? She can no longer hold my hand, singing children's tunes, the way we used to do as we went home after school. She can no longer run and laugh on the grass; but forever separated from all the wonderful things in this world. Where is she? She is lying in a cold grave, the warmth of spring cannot awaken her; and yet, how she loved life!

    In her homework "My Wishes" that she left behind, she told me she loved her school so much that she wished her classroom would appear in her bedroom. But she can longer go to school, and cannot play with her friends. She loved nature so much, she wished for all the animals to become her friends; she wished that human beings can create their own meat for food without killing animals; but the irony is that she herself was cruelly killed by her fellow "human" kind in order to fulfill his greedy desire. She wised the world would be filled with love and equality, and wished that there would be no more killings. But her own right to live in this world was snatched from her. She was only nine years old, nine years old; what kind of life was this?

    I did not see her remains as I was advised best not to look at her remains. She was abandoned in the wilderness by her murdered and was covered by snow for 161 days. It was the howling of a wolf that called the attention of the neighbours, and lead to her discovery three days before her birthday. And on that very day, we were waiting for the police and some imposters of the kidnapping to make an exchange; we were fantasizing in vain that on her birthday, she could be returned to our embrace. How cruel is the human heart!

    The last I saw of Cecilia was her pair of footprints. A pair of footprints. Pain cannot be conveyed by words. All these cannot be simply expressed by the word "pain".

    Cecilia will never come back, she's gone forever. For me, I hope that what people will remember from the trial is her smile, her love and fervert wishes for live and this world; and I wish that no more mothers will lose their children, and hope that there will be no more killers of children. Mothers share the same tears. What in this world can equal life? A mere nine-year old, a life that is full of love; a sweet and wise life; a fragile and innocent life. How many years of imprisonment must a killer serve in order to be equal that???

    Sherry then ended her statement with a poem that she'd wrote for Cecilia in the hope that she would be found and returned before her 10th birthday. Cecilia is the only child of Raymond Zhang and Sherry Xu and as a parent of young children, I cannot imagine the horror, fear and helplessness that the Zhangs went through and still are going through. My prayers are with them and best wishes for them as they struggle to get through this very tragic event in their lives.

    Saturday, April 08, 2006

    Oracle E-Biz suite

    In one of my previous post, I mentioned about eye-opening licencing negotiations with Oracle with regard to their E-Biz suite of applications. My employer recently implemented Oracle Financials (11.5.10) and the project proceeded in two phases with the first phase being an package evaluation and selection followed by implementation. Well, in the first phase, Oracle E-biz was chosen over another product which is Microsoft based and the negotiation for licencing was completed with hardly any input from IT but basically we are licenced for Oracle E-biz (although the licencing details were a killer). Now, we found out much later that there are actually three major components to Oracle E-biz licencing which are the application itself, the middle tier of Oracle Application Server and the database tier. During our implementation done by a big consulting firm, my employer also looked at getting Oracle Supply Chain so an evaluation was done and licencing negotiations commences. During the course of the latest round of negotiations, we (in IT) found out that our Oracle Financials (in the process of being implemented) are only licenced for a single CPU Application Server licence! Yikes!! An emergency sizing exercise was done in conjunction with Oracle and our server vendor and we found that we are about 11 CPU licence short! I can tell you that the licencing for Application Server is not cheap and even though we got a very good discount on our first Application Server licence, this latest round of getting the additional 11 licences did not even come close to the original discount. You would think that we should be getting at the very least the same discount but unfortunately we are not in a position to demand a better deal as we have to buy the licences otherwise our Financials implementation will be in violation of Oracle licencing policy.

    So, after spending an additional $300K for the additional Application Server licences, we are now in compliance but Oracle should take note that the refusal to provide a better discount rate (short term gain) than the original licence deal did not endear them to my employer and what goes around comes around. If we are asked to provide a referal for Oracle, it's probably going to be "watch out for the licencing".

    Friday, March 31, 2006

    Non Production databases

    How do you deal with non-production databases at your current place of work? Currently we have a mix of Commercial-Off-The-Shelves (COTS) and in-house applications and we are going the route of COTS instead of custom build. For example, our HR/payroll is PeopleSoft and those guys have 5 or 6 different environments beside Production and we are being asked to provide more environments for future projects. The approach taken by Application Services is to have multiple copies of development/test for each individual projects so that there is no fear of disruption from other projects. Just think of the number of databases that have to be cloned and supported per application per project!

    So, how do you deal with it? I'm planning to just restrict and limit the number of databases by telling Application Services that they will just have to be nice and share but for some COTS like PeopleSoft and Oracle E-Biz Suite, we might just have to set up instances like INT_TEST (mirror of Production) so that we can debug problems encountered in Production, DEV for developing or adding new functionalities, TEST to allow for full testing of modifications, PATCH to test out patches before applying them to the necessary environments, and DEMO, a vanilla environment but populated with standard corporation information like the sample VISIO data that comes with Oracle E-Biz Suite that can be used to verify bugs, issues, etc.

    Monday, March 20, 2006

    It's settled for four years

    Our union, the BCGEU (BC Government Employees Union), finally came to a tentative agreement with the government on a new four year deal. As an added initiative to settle, the Finance Minister has set aside a billion dollars for signing bonuses for unions who settle before the March 31st deadline. A number of other public sector unions have settled in order to take advantage of the signing bonus offer. Two other big unions are still outstanding as their contracts do expire until June this year. The Teachers and Nurses unions are critical and although their contracts do not expire until June, the bonuses are available for them too.

    The whole driver behind getting union peace is the upcoming 2010 Olympics where the government do not want the event to be marred or disrupted by union walkouts or strikes.

    Highlights of the tentative agreement includes a 63 cent/hour increase for all employees in the first year following by 3%, 2.5% and 2% increases for subsequent years, a signing bonuse of $1.10/hour for an approximate total of $4,000 for each employee who are full time during Apr 1, 2004 to Mar 31, 2006 and increase in health, dental and other benefits.

    For the folks in IT/IM, we have been getting a temporary market adjustment (TMA) on top of our regular pay in order to bring our compensation level in line with the marketplace. Under the new tentative agreement, the TMA stays and the only difference that I could see was that folks at grid level 30 will get an increase in their TMA from 6.6% to 9.9%

    Anyhow the Union has about three weeks to get the general membership to vote whether to accept the deal. I hope they do as going on strike doesn't strike (pun intended) me as being beneficial to either parties.

    Thursday, March 16, 2006

    It's been a while

    My apologies for such a wide gap in between posts. There were really no excuse other than the fact that it was procrastination and I just recently finished reading a book, The On-Time, On-Target Manager by Ken Blanchard, on procrastination too!

    There are a lot of stuff going on right now both in terms of work and personal life and Bill S was kind enough to check up on me to make sure that things are okay on my end. Much appreciated, Bill.

    So a number of stuff has been happening in the Oracle world as blogged by various folks and the Hotsos Symposium came and went and seems that all the Oaktable members were in attendence (presenting). Here at work, we are trying desperately to implement Oracle E-biz suite (Financial component) before our new fiscal year start otherwise that we will have to carry two set of books going forward. We are also in the planning stage for our supply chain and have had a very interesting meeting with Oracle on licencing and pricing. That was an eye opener and I'm sure some choice words will be sent Oracle's way. Having Oracle E-biz introduced a whole bunch of changes to the way that we (IT) operates and it will be interesting to see how some of my team including myself adjust to these changes.

    Oh, if you haven't keep up with the new Oracle Corp blogs, a lot more Oracle Executives have their own blogs now so that's nice although I still uses Brian Duff's Orablogs to provide me with a quick summary of the various Oracle-based bloggers. Oh yeah, Google also provided maps of Mars and speaking of Google, have you ever click on the more link on Google's main page to see what more has to offer? Give it a try. Google also got itself negative press in agreeing to censor "unacceptable" searches for China Google in order to do business in China. Obviously this is a highly charged issue as we (the Western world) believes in freedom of speech and China, on the other hand, see it it differently and some folks have argued that limited censorship is better than total censorship. We definitely live in interesting times.

    Tuesday, February 14, 2006

    Oracle official blogs

    Oracle included a new section listing weblogs of employees/executives and other non-Oracle employees who blogs about Oracle technologies.

    It's interesting to note who's there and who's not. For example, no links to Burleson Consulting (e.g. Mike Ault, Don Burleson, Robert Freeman) but other noteables are Jeff Moss of Oramoss. Technically, Jonathan Lewis's site is not a blog so that's not included. Another thing to note is that Tom Kyte, eventhough he's a Vice President is not considered to be part of the Oracle Executives.

    I think it's a great start for folks wanting to connect with all the various personalities that makes up the Oracle community and hopefully the list of blogs will grow as more and more Oracle professionals take the plunge and start blogging.

    Monday, February 13, 2006

    Security/Privacy on the Net

    I promised to write about one of the sessions that I attended at the Security & Privacy conference last week. This particular one was put on by a lady by the name of Linda from Microsoft. She's in charge of product safety and her topic was on how products are not designed to provide the user community with safe usage. For example, lots and lots of folks are blogging on the Net but yet privacy/security does not seems to be integrated with the various tools.

    As an example, she showed how quickly she can identify and pin point the identity and location of a specific blogger just from information posted on that person's blog. In just about 9 minutes, she was able to identify the full name, address, telephone number, high school and close friends of this female teenage who had posted a couple of pictures on her blog. Of course Linda did not publish the information but rather had blacked out the sensitive information. This is of course quite scary as someone else who have other intents could also track down the teenager. The teenager and family was contacted and shown how she still can blog and yet still remain anonymous. This is in no way restricted to kids and teenagers. Linda went on to another case of a 47 year woman who wrote too much personal information and this time, it only took 2 minutes to track her down.

    Bottom line: If you are blogging or know people who are blogging, please have a review to before publishing to see whether there is a risk of unknowingly providing more information than you intent which could come back and haunt you. There is also the possibility of people you know who would publish information about you. As an example, posting of photos.

    If you are interested in seeing the presentation as well others from the Security & Privacy conference, check out the following site. NB: Presentations will be available March 1/2006.

    Thursday, February 09, 2006

    Recently I blogged about the fact that George W Bush has signed into law a bill that has implications for anonymous posters/bloggers (see New US law slipped through under unrelated bill ). Today ZD News has an article on a service provider filing a lawsuit to challenge this particular legislation, Lawsuit challenges new 'e-annoyance' law.

    Anyhow, I'm at a Security and Privacy conference this week and one of the more interesting presentation was Microsoft on "Safety on the Internet" as it pertains to kids. I will try and post more details on this as I get time but it sure open up your eyes to the "innocent" blogging and revelation of details where information about ourselves, family, and friends.


    Friday, February 03, 2006

    Who got egg on their faces now?

    In his rush to publish an unfixed vulnerbility in Oracle E-biz suite, David Litchfield cobble together a quick workaround/fix that he claimed is easy to apply and work. Oracle, predictablely, said that the "fix" will break the E-biz suite and should not be applied. Oh boy, who do believe? Along came Stephen Krost with a detailed analysis of the vulnerbility and Litchfield's "fix" and Stephen showed why the "fix" would not work and will indeed break the Oracle E-biz suite. Stephen has three recommendations with one being to disable mod_plsql and to follow Oracle Metalink Note 287176.1 for configurating your E-Biz suite in a DMZ. By disabling mod_plsql, you are of course disabling certain functionalities and it's up to each organization to determine the impact of loss of functionality vs vulnerability. The second recommendation was to modify the mod_plsql configuration but you will take a performance hit and possibily loss of functionalities as some valid calls to path aliases might be blocked. The last recommendation is status quo and wait for Oracle to release a patch (either emergency or in the next scheduled release). Stephen Krost's analysis could be found at his Integrigy site. If you have not read it, please do.

    Saturday, January 28, 2006

    Kung Hei Fatt Choy

    Happy Chinese New Year...the year of the dog. I would guessed that most folks would have followed the debate between David Litchfield and Oracle. It's a shame, really. I don't like the fact that the security researchers are releasing details of vulnerbilities immediately after a patch release much less before they are fixed.

    Yeah I know the logic behind it and that the hard-cored hackers already know about the vulnerbilities, etc. The fact remains that the customers (like my employer) are at risk and will be at greater risk now that it is guaranteed that every hackers and lackeys know about the vulnerbility. What is this about Alex K releasing a version 2.0 of his rootkit where
    "The new version will allow attackers to disguise malicious elements without modifying the database views, Kornbrust said. Also, evidence of the hack will disappear whenever the database is restarted, Kornbrust said."

    Okay, what is the purpose of the rootkit, then? This is akin to saying that you are designing a tool (not for the sole purpose of destroying or killing someone) but never did put in the necessary safeguards to ensure that the tool cannot be misused by accident (at least guns have safety locks that has to be dis-engaged before they can be fired). Can my employer sue Red Database Security if the rootkit was utilized by a hacker to cover their tracks after setting up backdoors and data logger?

    Edited: Feb 2/06
    As RN pointed out in his comment, that I had misunderstood the nature of rootkit. My apologies and my thanks to RN. I've edited the entry to clarify what I really meant to say. My original statement was "Can my employer sue Red Database Security if the rootkit was utilized by someone to hack into their databases?" which was totally incorrect as the nature of a rootkit

    Thursday, January 19, 2006

    Oracle Jan 2006 Patch & Exploits publication

    As many of you very well know, Oracle released its Jan2006 CPU on Jan 17th and almost immediately after, Alex of Red Database Security released details of exploits of 5 of the bugs fixed in the latest patch plus Impreva also released details of another exploit of a bug fixed in the patch.

    Okay, it's fine to release the exploits in get credit or whatever knowledgement but come on, we (Oracle customers) are in a bind as now we have to get the patches applied as quickly as possible and hope that we are not exposed while trying to apply the patch to all the databases within our organization. This is damm irresponsible of Alex and Impreva! Impreva can forget about getting any business from my organization now and in future. We are essentially put in a position of being at risk if we don't apply the patch sooner or at the risk of something else breaking by applying the patch without fullly testing to ensure that existing critical applications still works.


    Tuesday, January 17, 2006

    New Oracle Q&A "repository"

    Eddie Awad recently launched his new Oracle Q & A site which generated some strong opinions from Howard Rogers and others but Tom Kyte and others are for the new site.

    I, myself, think that it is great that there is yet another resource for the Oracle community to go to for answers but I can see validity in the points that Howard had made. It would be nice to able to identify the versions that these "tips" applied to but I think, regardless, that it is prudent for each individual to actually test and verify these "tips" before applying them to their environments. "Trust but Verify" is a very good motto to live by in our Oracle world as is evident from lots of other sites that still posts advice and/or tips that are either no longer valid or are very specific to unique situations.

    On the other hand, David Aldridge has to deal with an interesting problem where one of his article was published word for word on another blog without permission (although there was acknowledgement that David was the source). In this case, I would request that the blogger remove the entry and provide a link unless he (the blogger) was providing an extract of David's article. I actually peruse that blog and didn't like some of the articles and entries as they listed tips/articles that are no longer valid or very specific to unique environments/situations.

    Monday, January 09, 2006

    New US law slipped through under unrelated bill

    ZDNet News has an interesting article on a new bill just signed into law in the US. Apparently this was bundled in with an unrelated bill and now make it a criminal offense to "annoy" someone online without divulging your real identity and is punishable by up to two years in prison.

    If true, then Google is going to be busy with legal requests/subpoenas asking for the identities of various folks who frequent the c.d.o.s. Usenet groups as well as anyone involved in online forums/blogs where their identity are unknown or anonymous.

    Now, it didn't say whether the bill is retroactive to past postings. I would suspect not and nor do I understand what the implications are to non-US residents like myself. For example, if you are not based in the US but uses a US-based service (e.g. Google), are you then subject to this new law?

    I think it would be purdent to keep an eye/ear on how this will progress via the Electronic Frontier Foundation as they definitely will have updates on the implications/cases of this new bill.

    Sunday, January 01, 2006

    2005 - Year in review

    Looking back on 2005 (Wow! 5 years after the Y2K fiasco), it seems to be the year of natural catastrophic disasters (the Tsunami, Katrina, South Asia Earthquake) but there's more.

    On the Canada front, we were faced with politic scandal and corruption under the Liberal government which eventually led to a political first (the Opposition tabling a vote of non-confidence) and the Liberal minority government was brought down. We also have the legalization of same-sex marriages. The push is on to legalize marijuana but not before the US managed to have the Canadian authorities arrest a leading proponent for selling marijuana seeds over the Internet to US citizens.

    On the family front, we welcome our third baby girl who came 10 weeks earlier than expected and gave us a good scare. Thankfully everything is working out and she's now almost 11 months and healthy.

    On the work front, it's dealing with security and people-related issues that was keeping me busy. Started this blog to provide an outlet for me to vent but it has turn to something more. Got into some pretty interesting "debate" with certain Oracle folks and also made a lot more acquitances/friends in the Oracle community.

    Here's to 2006 and the new challenges that it brings. Happy blogging!