Wednesday, November 29, 2006

The Long memory of the Internet

While perusing the Internet and doing a search, I came across an old Usenet posting of mine dated Nov 1990! Back then, I was doing some project work for an organization that no longer exists using Ingres 6.2 on HP-UX 7.0. I was looking at providing an User Interface where the user can enter dynamic SQL and be able to search through the resulting set using search strings. A "simple" thing to do nowadays but back then, the Ingres toolset available was not able to do the job properly. I don't remembered if there were any responses to my query nor do I remember how I ended resolving the issue.

Anyhow, I wanted to highlight how this illustrate that the Internet do indeed have a very long memory.

Updated: A reader asked for the actual Usenet posting. I don't why and don't see any reason as to why not so here the actual text:

{Peter} - view profile
Fri, Nov 16 1990 5:53 pm
{Email Address}
Not yet rated
show options

Hi there, database gurus:

I've a problem that someone out there might have solved or can point me
in the right direction to the solution.

H/W: HP-UX 7.0 on HP9000
S/W: Ingres 6.2

Need to provide a user interface where the user can specify one or more
conditions to be apply to the SQL select statement. That is the SQL
select will not be known until run-time. This implies using dynamic SQL
to prepare and execute the SQL statement. Another feature required is
that the user should able to search back and fro on the data set
retrieved by giving a pattern to match. E.g. "%Smith%".

I've tried to implement the solution using Ingres 4GL but ran into
trouble as I cannot build the SQL dynamically. I can get around this
problem by creative coding of the SQL statement. Problem is this
approach is too slow!!!.

I've also tried to implement using Ingres ESQL/FORMS but ran into
trouble when I need to implement the search feature. I cannot use the
LIKE predicate to do the search anymore either in procedures or
otherwise as, according to the manuals, the LIKE predicate syntax is as
columnname LIKE 'string constant'

I'm stumped. Can anyone help?? Please email me or post a reply.

Tuesday, November 21, 2006

Week of Day-0 bugs...Argeniss - Thumbs Down

Argeniss Information Security has announced on their website that they planned to release a Day-zero Oracle bug per day for a whole week in December. Their reasoning was that "We have 0days for all Database software vendors but Oracle is "The #1 Star" when talking about lots of unpatched vulnerabilities and not caring about security."

Now I don't agree with Argeniss as I see Oracle being serious about fixing their security flaws and also committed to training their developers in terms of writing secured code. Argeniss' actions are irresponsible and actually put Oracle's customers at risk. Argeniss has nothing to be "proud" of as you got to remember that this is a company who is willing to sell their zero day exploits for $2,500.

I don't know what dealings Argeniss or Cesar Cerrudo have had with Oracle but this is definitely not the right way to approach the security issues with the Oracle software. A lot of organizations will not be able to do anything to fix these flaws and the only approach is to have their firewall defenses configured to ensure that authorized and legit traffic are passthrough if that is even possible or doable. In the meanwhile, I can only wait to see what kind of information Argeniss will release and assess whether there is enough information (directly or indirectly) that would provide a hacker to do an exploit.

I wonder if it is shown that a hacker is able to hack in through the Oracle software as a result of Argeniss disclosing crucial information about the exploit used by the hacker, that the organizations affected could seek damages and compensation from Argeniss? Maybe something for the legal minds out there to ponder.

Wednesday, November 15, 2006

Fairlie Rego's Blog

I came across Fairlie Rego's blog via Jonathan Lewis' blog. I looked through some of his entries and they are interesting and worthwhile. Check out his blog.

Sunday, November 12, 2006


One of the things that I like about travelling is the ability to take in local newspapers and see what's of interest to the local community.

This weekend, I'm in Seattle and looking through, not a local paper but the Wall Street Journal (weekend edition), I see that one featured article is on suits and how suit makers are trying to revive sales by using S-numbers to identify the quality of their suits. The WSJ bought 10 suits from various retail outlets ranging in price from a few hundred to a few thousand dollars and one of the higher-priced suit failed its stated S-numbers as well being less durable. The comment from the spokeperson was that the suit was not intended for everyday work wear but rather for that special occasion. Well, duh, if I am going to spend several thousand dollars on a suit, it would not be for everyday work wear...

Some folks just have too much money...advertised in the WSJ, the following property for sale at Lake Tahoe, Nevada:
  • priced at US$100million;
  • 38,000 square feet spread over 8 buildings (that's not a house but a whole town!);
  • 16 garages;
  • 210 acres;
  • 14 bathrooms with 5 half baths but only 9 bedrooms;
  • almost a mile of private drive way (0.7 to be exact);
  • 11 fireplaces; and
  • theatre room with 19 seats and a 3200 bottle wine cellar.

Wow and I'm sure that it's not the most expensive property in the world...but this broods well for the realtor as the commission from the sales is going be more than what I would make in ten years...I'm in the wrong business...

Saturday, November 11, 2006

Lest we forget...'s Remembrance Day in Canada...on this day at the 11th hour and 11th minute, we stand in silence as a tribute to those brave souls who gave their lives so that we live in a world of freedom...

...Edit: Thanks...I've corrected it...I had called it Veterans' Day

Saturday, November 04, 2006

Oracle E-Business Architecture Revisited

In one of my previous post (earlier this year), I talked about our implementation of Oracle Financials and how we migrated the infrastructure from PA-RISC servers to a split configuration of PA-RISC and HP-Itanium servers. We are now in the process of implementing some Supply Chain modules including Order Management and iStore. One of the requirements is obviously for our iStore module to be highly available (a 24x7 operation) so we will be looking at restructuring our infrastructure to ensure that our E-Business Suite implementation will be able to handle the growth and demand as we move towards a 24x7 operation.

The Maximum Availability Architecture (MAA) team at Oracle has done a superb job of documenting the various configurations of MAA for Oracle products and one of their latest was on MAA for E-Business Suite (two documents; PowerPoint presentation and Word document) which was one of the sessions at OOW 2006. Basically if you look at what Oracle has to offer in terms of high availability, you are talking RAC, DataGuard and for E-Business, multiple nodes for the application tier. The MAA team has basically set the architecture as RAC for the database servers, standby database utilizing DataGuard and multi-nodes for the application tier.

Our E-Business environment is a little bit more complicated as we will have an external facing application tier (iStore), a Single Sign-On (SSO) server which defers authentication to CA's eTrust (SiteMinder and IdentityMinder). Please see Metalink Note 287176.1 for further information. We also contracted a consultant from Oracle Consulting to provide us with feedback and recommendations and one of the key recommendations was for us to migrate our application tier from the HP PA-RISC server to Linux as the PA-RISC is end of life and provide no room for growth whereas Linux is the direction that Oracle themselves are committed to.

So, after some considerations on future direction, we decided to take the plunge and move our application tier to Linux (making use of Metalink Note 238276.1). This is currently in progress and my DBA tells me that some of the patches mentioned in the article required him to open and log a Service Request with Oracle Support in order to get the required patches. At the end of the day, we should have our R11i database still running at 10gR1 on HP-UX (Itanium) and our R11i application tier running on RH Linux on Intel including the iStore tier and our SSO server. Oh, I should mentioned that our SSO will be running on 10gAS whereas our R11i is still on 9iAS following Metalink Note 233463.1 Build 4.

I still have not totally figure out how everything is going tie in together yet to provide us with the underlying infrastructure for a 24x7 operation with the appropriate failover/switchover in case of outages at our main server room but we will be doing things in phases with the initial phase of just protecting the database using DataGuard. That is also one reason why I sought out Richard Exley of the MAA group in order to solicit some assistance as we begin our journey to bring our EBusiness implementation MAA style. I will definitely blog about our journey and our experiences with getting us to the end goal.

Thursday, November 02, 2006

Fusion Applications Screenshots pulled...

Steven Chan posted a series of Fusion Application screenshots on his blog but those have been retracted over concerns about intellectual property and/or liability about screenshots not matching actual product, etc. I wondered if they censored the recorded video of John Wookey's keynote address when these screenshots came up. Maybe they will come up with a way to wipe the memories of those attendees who saw the keynote address.

Meanwile, Kevin Closson has a very interesting entry/comment about one point of Chuck Rowzat's keynote address on Oracle Server "11g" which according Ellison is due out end of this calendar year. Chuck claims that Oracle has optimized reads to be as fast if not faster than a filesystem read and he had a video/demo of that happening where it was two bars of 11g read and a file system read. Take a look at Kevin's post and draw your own conclusions.

Wednesday, November 01, 2006

Strange things going on with Blogger

Hmm...I checked my blog and noticed that my latest entry on "Oracle Unbreakable Linux" has somehow not being published although I have received comments on the entry and it had shown up on the Oracle News Aggregator site. For some strange reason, the latest entry being shown is "Jonathan Lewis - Weblog".

If this keeps up, then I will have to consider moving the blog to Wordpress or some other blogger hosting site. Let's see if this entry gets published; if not, then it's time to move onto better things.

Anyhow, if you don't already know, some of the presentations and X-treme workshop handouts are now available for download from the OOW Content Catalog site. Check out the various presentations and there are a lot of them. I've already ordered the DVD/CD set so that we don't have to go the trouble of clicking and downloading the sessions.

Update: Clearing my Firefox cache seems to clear up the problem. Don't know why it would go to the cache considering that it does not seems to do that for any other sites.