Wednesday, August 29, 2007

Some interesting and informative blog postings

Some of the recently added postings caught my interest and I thought I should point them out in the event that you might not have seen them.

Coskan's post on recovery, "When you lose your controlfile backups". This would be a good interview question.

Tanel Poder's posts on "Advanced Oracle Troubleshooting Part 1 and Part 2".

Laurent Schneider on "Cascade Delete".

OOW 2007

It looks like I won't be attending this year's OOW as my role within my organization has changed. One of the other managers will attend instead. Darn! I might end up going to Orlando for the annual Gartner Symposium instead so if any of you readers are planning to attend, drop me a line and maybe we can organize for a meetup.

Saturday, August 25, 2007

Monster.com security breach

So, Monster.com (one of the world's biggest online job seekers site) suffered a huge security breach. Now what? I've registered with Monster years ago (around 2000) but have never gotten any responses from them over the years other than notifications from alert agents that I'd set up years ago.

Obviously like everything else, if someone from Monster.com or other company contact you regarding potential job opportunities, common sense has to prevail especially when it comes to divulging personal and sensitive information without checking out the companies. We do use Monster.com to post vacancies and now will probably need to revisit that particular approach.

On a different matter, with the current spotlight on things/products made in China, I'm reminded by how much stuff in N. America (in fact, in the Western world) are made in third world countries where anything could and can happen. Take software for instance, a number of commercial software products are developed overseas and Oracle is definitely no exception. We had an incident a while ago (which I can now blog about) with a commercial package from a well-known software organization (no, not Oracle).

One of our administrators was trying to install this product (in use for a number of years in our organization) on a new server and was running into some problems (it was a new install on a Linux server which we have never installed the product on Linux previously) so he decided to poke around to see what parameters could be specified with the install. Using a Unix dump utility, he dumped the software executable and something suspicious. Beside the list of valid parameters, there was a string "Death to the Infidels" and since it was a dump not a reverse engineered effort, he has no way of telling whether it was part of a command or a constant string. We had to contact the National law enforcement in Canada and turn everything over to them (documentation, software CD's and a formal signed statement). It took months before we heard anything and it turned out to be nothing more serious than an embedded string but it could have been worse.

I am sure that the software development for the product has been outsourced and whatever QA processes/procedures in place did not managed to catch the "flaw". Nowadays, with the global economy and village being almost next door (through the miracle of technologies), how can we be sure that there are safeguards in place to protect us from malicious code embedded in the software products that we use daily? Can we be assured by our vendors/partners that they have done everything possible to safeguard us against threats by "insiders"? What is there to guarantee that the next software product that you purchase to help run your organization might not have a time/logic bomb set to go off to do the most damage? Software testing the hell out of the product still do not guarantee that every single line of code is tested and working according to specifications especially if you are looking at a major product like Oracle RDBMS. According to Oracle Magazine, Oracle 10g has more than 100,000 automated tests so you can imagine the number of lines of code for Oracle.

Anyhow, food for thought, eh?

Wednesday, August 22, 2007

Oracle Licensable components

Recently I attended a half-day 11g launch locally in Vancouver where the local Oracle office invited a couple of Oracle Directors from San Francisco to talk about 11g. Obviously there are too many 11g features to talk about so a few were highlighted and it dawned on me that a number of these highlighted features requires additional licenses on top of the usual RDBMS Enterprise Edition. A way to get more revenue for Oracle?

Do you know what components/add-ons/options are licensable?

Fortunately Oracle Corporate site does provide a list ( it is not comphensive or exhaustive) but it's a start and a more complete list is available here. I know that Mark Brinsmead of Pythian had blogged about another component that is not on the list, namely the AWR. The AWR is actually part of the Oracle Diagnostics Pack.

You can also check out Howard Rogers' link to the actual list of licensable options for Oracle RDBMS EE.

Sunday, August 19, 2007

Back from vacation

It has been a blast for me, taking two complete weeks off work and with "limited" access to the Internet although I have my Blackberry. I came back to over 2000 email messages in my work inbox with around 440 of them being meaningful, the rest were either alerts or notification messages.

I'm now busy trying to catch up on news (the pile of newspaper) and also what is happening in the Oracle community. I know that registration for OOW07 opened just before I left for vacation and that a few of the bloggers like Eddie Awad, Lewis Cunningham, Tim Hall, etc have confirmed that they will be attending (for free as Oracle ACE directors) but have to foot their own transportation and lodgings. I am not sure whether I will be attending this year as my role within my organization has changed (one of the negatives of the new job).

My vacation took me from Vancouver to Seattle where we flew to Las Vegas and then drove to Los Angeles (Anaheim to be exact) and back again to Las Vegas. We were supposed to drive from LA to Palm Springs and back to Vegas before flying back to Seattle but change plans to stay longer in LA and a few more days in Vegas. Overall, the flight to Vegas from Seattle were about $150 cheaper per person than flying from Vancouver to Seattle. We weren't able to fly directly from Vancouver as the family did not all have valid passports (a requirement from the US Homeland Security) but we were able to use photo identifications and proof of Canadian citizenships to cross the border by land.

A view from the room at MGM Grand. Las Vegas was a blast and there were a couple of occasions that I didn't get back to the hotel until the wee hours of the morning. We were traveling with another family and my friend manages to win a few hundred dollars each outing whereas I am more prone to losing although with this trip, I managed to come out ahead by a couple of hundred dollars. The kids had a blast at Disneyland in Anaheim and also enjoyed the kids arcade in Vegas. One thing that always amazed me about Vegas is the amount of power utilization by the various casinos and how they could sustain that kind of consumption, seemingly in a middle of the desert.

Oh well, back to catching up on my e-mails and the various happenings within the Oracle community.

Saturday, August 04, 2007

Some thoughts on the ACE program

You know with the recent revamping of the Oracle ACE program and the recent spat between a couple of well-known individuals in the Oracle community and subsequent related blog entries in the Oracle Blogsphere, I wonder where these two individuals fit within the Oracle ACE program. A quick check to the Oracle ACE site reveals that one of the individual is already an Oracle ACE but not the other. What gives?

The criteria to meet are as follows:
Oracle ACE Qualifications ACE

To qualify for the Oracle ACE award, candidates should meet as many of the following qualifications as possible.

  • Oracle-related blog
  • OTN discussion forum activity
  • Published white paper(s) and/or article(s)
  • Presentation experience
  • Beta program participant
  • Oracle user group member
  • Oracle certification
Let's see, said individual definitely meets the first four criteria, not sure about the fifth one "Beta Program Participant" and I believe he meets the sixth one as an "Oracle user group member". I am not sure about the last one though but a quick check at his resume listed on his site indicated that he is a "Certified Oracle Professional" and a "Certified Oracle Database Administrator" so yep, he meets the last criteria. So out of the 7 criteria, he is confirmed for 6 of them and the requirements stated that "candidates should meet as many of the criteria as possible". Did no one nominate the fellow (I don't believed that!)? I downloaded the nomination form to see whether there was additional criteria but found none. You can draw your own conclusions.

Anyhow, I just found it interesting but then who am I to criticize as I definitely don't meet the criteria at all (didn't even meet a single criterion) plus I'm pseudo-anonymous.

Bottom line: With "experts/gurus" abound, the best advice has been given by numerous folks but I will point you to Lisa Dobson's post which to me, capture the mantra that everyone should follow. Keep in mind, even the experts are wrong sometimes and all those titles, letters after their names don't mean that they know all. In closing, I wish that the Oracle ACE program will include a criterion on "Ethics and Conduct". I expect my staff to be professional in their dealings with each other, the clients and the general public, why should I expect less from the gurus/experts?