Archive for January, 2006
Security as Marketing
There is an interesting security advisory over at the security company imperva. The paper details a network exploit fixed by Oracle in the latest CPU. The exploit itself is interesting, but reading the advisory complete with ‘advice’ that regurgitates some of the recent discussion about the timeliness of Oracle’s patching and suggests purchasing a type of product that the vendor supplies does rather bring back memories of various FUD campaigns that software vendors have conducted over the years.
I’d be interested in what readers think as, for me, this advisory steers just about as close as possible to the security as marketing boundaries as it is possible to get.
In the current climate I’m afraid I think that the demands on Oracle to make some sort of public commitment to change in their security procedures will only grow.
Possibly Related Posts:
Caffeine Fix
Given my predelictions for both Coffee and Oracle, I can’t believe that I have missed Life after Coffee up until now. This is a very nice looking blog, with great content.
There is a bunch of Oracle stuff of course, but the neatest thing that I have found so far is a replacement method for determining what is on at the cinema. My previous method would be to try to recall the name of the local cinema, type that into the url of my browser and then browse their web page. It turns out that Google is the way to go, for example for cinema listings for Bristol for tonight (and links to reviews) the american search term movie: bs8 .
Possibly Related Posts:
New Resources on Metalink
By way of an answer to a question on Oracle-l regarding how to intepret a 10053 trace file, I posted a link to one of a new series of articles available on Oracle’s Metalink service. I think it worth mentioning these articles here as well, as I haven’t seen any publicity for them.
Oracle’s Center of Expertise (COE) have put together a number (5 at the time of writing) of case studies from Oracle support. These are best accessed through metalink by selecting the knowledge tab and then support case studies from the support tools menu. Each case study details an actual support call complete with the diagnostic and troubleshooting steps the analysts took. The case studies appear to have been written primarily as a knowledge sharing tool within Oracle corp, but provide a good guide for customers for troubleshooting various issues.
As well as the 10053 example the current range includes the following support cases
Disappearing OCFS drives on windows
Slow client connections to RAC
Troubleshooting a slow query (including tkprof, event 10046 and so on)
Troubleshooting random buffer busy waits
The other encouraging factor for me is that Oracle are actively seeking suggestions for further topics for case studies, and that they appear to have at least a tentative publication schedule (the next set is due March 2006).
Update: 16 January 2006. Changed Centre of Excellence to Center of Expertise because that is the correct name. Thanks Roderick
Possibly Related Posts:
DBA as User
In this thread over on AskTom, Tom makes a thought-provoking observation namely
DBAs should not be allowed to directly modify application tables, they have no
clue what the ramifications could be.
No more than they would update the data dictionary!
The argument is that DBAs, just like anyone else, should use the appropriate API or application to modify application tables. I rather like this approach in theory. I’m not sure however how well it would work in practice. The biggest problem for me is what to do with applications or APIs that are imperfect. These can leave corporate data in an incorrect or even perhaps illegal state and especially in the case of third party supplied applications waiting for the supplier to resolve a bug (and also provide a regression tested api call/application for fixing duff records) is probably not an option. This may of course also apply to internally developed applications!
I think therefore I’d argue that DBAs should never directly modify application data unless there is no available timely alternative and the incorrect data cannot be left as is and also that it is a core duty of a dba to understand as deeply as possible how the applications that interact with the data for which they are responsible are designed and implemented.
Possibly Related Posts:
Just plain quirky
Is how Howard describes this blog’s look and feel here. (naturally just after I disappear off the net for two weeks). He goes on to make the most excellent point that look and feel counts and is a part of the content of the site. I have to say that quirky probably sums me up as well as most single word summaries would, and I’d consider it a compliment even if it were not so intended.
However I do intend to revamp the blog a bit. Partly because Howard is exactly correct – look and feel matters, though I remain to be convinced that the black on white newsprint style is an appropriate online style – but also because of a couple of other issues.
The first is retrieval of old posts, Howard and many others like the calendar, technorati like tags, blogger likes archives and I, well I don’t really like any of them. Most Oracle related blogs aren’t date but subject matter driven so I don’t like the calendar/archive approach. I also don’t like the meta-tagging approach (no I don’t much like xml either) for this to work effectively everyone needs to agree on what the tags mean (or ship and publish endless datadictionaries/schemas/taxonomies that everyone keeps up to date). This probably works to a degree for simple entities like orders but for free text content this isn’t great.
The second is that I will eventually need more space than my current isp offers for free, this means that I need to start considering some options about hosting.
so what I am after is a service that is cheap – free is good. Offers good search facilities, comments and comment verification, neat but not conventional designs, and is fairly hassle free for the blogger. It’ll also have to compete with the idea of writing something and sticking it on production XE sometime, which has no merit but technical interest.
If you’ve read so far then you’ll know what is coming. Recommendations please. Bear in mind though that I don’t much care about ease of use from my perspective, its searchability decent space allowance and good designs that I’m after, which equates I hope to ease of use from your perspective as readers.