Skip navigation.

Feed aggregator

Instructure Releases 4th Security Audit, With a Crowd-sourcing Twist

Michael Feldstein - Sat, 2015-02-07 12:17

By Phil Hill

Phil is a consultant and industry analyst covering the educational technology market primarily for higher education. He has written for e-Literate since Aug 2011. For a more complete biography, view his profile page.

Web | Twitter | LinkedIn | Google+ | More Posts (286)

In the fall of 2011 I made the following argument:

We need more transparency in the LMS market, and clients should have access to objective measurements of the security of a solution. To paraphrase Michael Feldstein’s suggestions from a 2009 post:

  • There is no guarantee that any LMS is more secure just because they say they are more secure
  • Customers should ask for, and LMS vendors should supply, detailed information on how the vendor or open source community has handled security issues in practice
  • LMS providers should make public a summary of vulnerabilities, including resolution time

I would add to this call for transparency that LMS vendors and open source communities should share information from their third-party security audits and tests.  All of the vendors that I talked to have some form of third-party penetration testing and security audits; however, how does this help the customer unless this information is transparent and available?  Of course this transparency should not include details that would advertise vulnerabilities to hackers, but there should be some manner to be open and transparent on what the audits are saying. [new emphasis added]

Inspired by fall events and this call for transparency, Instructure (maker of the Canvas LMS) decided to hold an public security audit using a white hat testing company, where A) the results of the testing would be shared publicly, and B) I would act as an independent observer to document the process. The results of this testing are described in two posts at e-Literate and by a post at Instructure.

Instructure has kept up the process, this year with a crowd-sourcing twist:

What was so special about this audit? For starters, we partnered with Bugcrowd to enlist the help of more than 60 top security researchers. To put that number in context, typical third-party security audits are performed by one or two researchers, who follow standard methodologies and use “tools of the trade.” Their results are predictable, consistent, and exactly what you’d want and expect from this type of service. This year, we wanted an audit that would produce “unexpected” results by testing our platform in unpredictable ways. And with dozens of the world’s top experts, plus Bugcrowd’s innovative and scrappy crowdsourcing approach, that’s exactly what we got.

So while last year’s audit found six issues, this year’s process unearthed a startling 59. (Yeah, you read that right. Fifty-nine.) Witness the power of crowdsourcing an open security audit.

The blog post goes on to state that all 59 issues have been fixed with no customer impacts.

I harp on this subject not just to congratulate Instructure on keeping up the process, but to maintain that the ed tech world would benefit from transparent, open security audits. Back in 2011 there were ed tech executives who disagreed with the approach of open audits.

There are risks, however, to this method of public security testing. Drazen Drazic, the managing director of Securus Global, indicated that in talking to people around the world through security-related social networks, no other companies have chosen to use an independent observer for this testing. This is not to argue that no one should do it, but clearly we are breaking new ground here and need to be cautious.

One downside of public security assessments is that the act of publicizing results can in fact increase the likelihood that vulnerabilities would be exploited by hackers. As one executive from a competitive LMS put it to me, we need to focus on security consistently and not as a once-a-year exercise. Any public exposure of vulnerabilities can increase the likelihood of hackers exploiting those vulnerabilities, so the trick is to not disclose specific pathways to exploitation. In our case, I described the category of vulnerability found, and I avoided disclosing any information on the critical and high-risk vulnerabilities until after they had been remediated. Still, this is a tricky area.

Two competitive LMS vendors have criticized these tests as a marketing ploy that could be dangerous. In their opinion, student and client data is best protected by keeping the testing process out of the public domain. I cannot speak for Instructure’s motivations regarding marketing, but I did want to share these criticisms.

We are now in the fourth year of Instructure providing transparent security audits, and I would note the following:

  • The act of publicizing the results has not in fact enabled hackers to exploit the security vulnerabilities identified.
  • While I am sure there is marketing value to this process, I would argue that the primary benefits have been enhanced security of the product, but more importantly better information for the institutions evaluating or even using Canvas.

I repeat my call for more ed tech vendors to follow a this type of process. I would love to cover similar stories.

The post Instructure Releases 4th Security Audit, With a Crowd-sourcing Twist appeared first on e-Literate.

Little Things Doth Crabby Make – Part XVIII. Automatic Storage Management Won’t Let Me Use My Disk For My Files! Yes, It Will!

Kevin Closson - Fri, 2015-02-06 14:52

It’s been a long time since my last installment in the Little Things Doth Crabby Make series and to be completely honest this particular topic isn’t really all that fit for a LTDCM installment because it covers something that is possible but less than expedient.  That said, there are new readers of this blog and maybe it’s time they google “Little Things Doth Crabby Make” to see where this series has been. This post might rustle up that curiosity!

So what is this blog post about? It’s about stuffing any file system file into Automatic Storage Management space. OK, so maybe this is just morbid curiosity or trivial pursuit. Maybe it’s just a parlor trick. I would agree with any of those descriptions. Nonetheless maybe there are 42 or so people out there who didn’t know this. If so, this post is for them.

ASMCMD cp Command

The cp sub-command of ASM lets you stuff certain database files into ASM. We all know this. However, just to make it all fresh in people’s minds I’ll show a screen shot of me trying to push a compressed tar archive of $ORACLE_HOME/bin/oracle up into ASM:

2014.02.04-pic-0

Well, that’s not surprising. But what happens if I take heed of the error message and attempt to placate? The block size is 8KB so the following screen shot shows me rounding up the size of the compressed tar archive to an 8192B blocking factor:

2014.02.04-pic-0.1

ASMCMD still won’t gobble up the file. That’s still not all that surprising because after ASMCMD checked the geometry of the file it then read the file looking for a header or any file magic it could understand.  As you can see ASMCMD doesn’t see a file type it understands. The following screen shot shows me pre-pending the tar archive with file magic I know ASMCMD must surely understand. I have a database with a tablespace called foo that I created in a non-Oracle Disk Manager naming convention (foo.dbf). The screen shot shows me:

  1. Extracting the foo.dbf file
  2. “Borrowing” 1MB from the head of the file
  3. Creating a compressed tar archive of the Oracle Database executable
  4. Rounding up the size of the compressed tar archive to an 8192B blocking factor

2014.02.04-pic1

 

So now I have a file that has the “shape” of a datafile and the necessary header information from a datafile. The next screen shot shows:

  1. ASMCMD cp command pushing my file into ASM
  2. Removal of all of my current working directory files
  3. ASMCMD cp command pulling the file form ASM and into my current working directory
  4. Extracting the contents of the “embedded” tar archive
  5. md5sum(1) proof the file contents survived the journey

2014.02.04-pic2

OK, so that’s either a) something nobody would ever do or b) something that can be done with some elegant execution of some internal database package in a much less convoluted way or c) a combination of both “a” and “b” or d) a complete waste of my time to post, or, finally, e) a complete waste of your time reading the post. I’m sorry for “a”,”b”,”c” and certainly “e” if the case should be so.

Now you must wonder why I put this in the Little Things Doth Crabby Make series. That’s simple. I don’t like any “file system” imposing restrictions on file types :)

 


Filed under: oracle

Integrigy Database Log and Audit Framework with the Oracle Audit Vault

Most clients do not fully take advantage of their database auditing and logging features. These features are sophisticated and are able to satisfy most organization’s compliance and security requirements. 

The Integrigy Framework for database logging and auditing is a direct result of Integrigy’s consulting experience and will be equally useful to both those wanting to improve their capabilities as well as those just starting to implement logging and auditing.  Our goal is to provide a clear explanation of the native auditing and logging features available, present an approach and strategy for using these features and a straight-forward configuration steps to implement the approach.

Integrigy’s Framework is also specifically designed to help clients meet compliance and security standards such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI), FISMA, and HIPAA.  The foundation of the Framework is PCI DSS requirement 10.2.

Integrigy’s Log and Audit Framework can be easily implemented using the Oracle Audit Vault.  The high-level summary is a follows –

Level 1

Enable database auditing as directed by the Integrigy Framework Level 1 requirements. 

Level 2
  1. Install the Oracle Audit Vault.  If already installed, it is highly recommended to perform a health check as described in Audit Vault Server Configuration Report and Health Check Script (Doc ID 1360138.1).
  2. Configure Oracle database to use Syslog per Integrigy Framework Level 2 requirements.  Set the database initialization parameter AUDIT_TRAIL parameter to equal ‘OS’ and AUDIT_FILE_DEST parameter to desired file in the directory specification.  Last set the initialization parameter AUDIT_SYSLOG_LEVEL to ‘LOCAL1.WARNING’ to generate Syslog formatted log files.
  3. Install and activate the Oracle Audit Vault collector agent OSAUD for operating system files.  Collect Syslog formatted logs located by the AUDIT_FILE_DEST parameter.
Level 3

Protect application log and audit tables by creating standard database audit policies and adding these new policies the Audit Vault Collectors.  Create database alerts based on correlations between standard database events and application audit logs.

Oracle E-Business Suite Example

To use the Oracle Audit Vault with the Oracle E-Business Suite, no additional patches required either for the E-Business Suite or the Oracle database.  This is because the Oracle Audit Vault uses only standard Oracle database functionality. 

There are two steps for Level 3.  The first is to protect the Oracle E-Business Suite audit tables, the second is to build alerts and reports that correlate application and database log information.  To protect the E-Business Log and Audit tables, enable standard auditing on them.  The second step is to define the Audit Vault alerts and reports.

Below is an example of event E12 - Protect Application Audit Data

The sign-on audit tables log user logon and navigation activity for the professional forms user interface.  This data needs to be protected.

Steps
  1. Enable Standard Auditing
  2. Create Audit Vault Alert
  3. Forward to Alert to Syslog (This feature is available as of Oracle AVDF version 12.1.2)

To enable standard auditing:

AUDIT UPDATE, DELETE ON APPLSYS.FND_LOGINS BY ACCESS;

AUDIT UPDATE, DELETE ON APPLSYS.FND_LOGIN_RESPONSIBILITIES BY ACCESS;

AUDIT UPDATE, DELETE ON APPLSYS.FND_LOGIN_RESP_FORMS BY ACCESS;

AUDIT UPDATE, DELETE ON APPLSYS.FND_UNSUCCESSFUL_LOGINS BY ACCESS;

 

To create an alert in Audit Vault:

Audit Vault -> Auditor -> Policy -> Alerts -> Create Alert

 

Name: E12 - Modify audit and logging

Condition:

 :TARGET_OWNER='APPLSYS' AND :EVENT_NAME in ('UPDATE','DELETE') AND :TARGET_OBJECT in ('FND_LOGINS','FND_LOGIN_RESPONSIBILITIES','FND_LOGIN_RESP_FORMS','FND_UNSUCCESSFUL_LOGINS')

Example:

 

                             

If you have questions, please contact us at mailto:info@integrigy.com

Reference Tags: AuditingOracle Audit Vault
Categories: APPS Blogs, Security Blogs

PeopleTools 8.54 Features: Dynamic Alert Sliding Windows

Javier Delgado - Thu, 2015-02-05 23:54
One of my first memories in the PeopleSoft world was from by training bootcamp when I joined PeopleSoft. The instructor was showing us the Process Monitor functionality in PeopleSoft 7.5, where the button used to refresh the list of scheduled processes was represented by fetching dog named Sparky shown to the right of this paragraph.

It actually surprised me that an application button had a name, but that was the PeopleSoft style. Anyway, the poor dog did not last too much. In year 2000, with the introduction of PeopleSoft 8, our beloved Sparky was replaced by a boring Refresh button.

PeopleTools 8.54 has pushed this functionality to the next generation, making it potentially redundant. One of the new features in this release is the ability to show the status of the process within the same page were it is scheduled. This is a major usability improvement, as the users do not need to navigate to Process Monitor to check the status of the process instance. True, in previous PeopleTools versions there was also the possibility of running the process with output to Window, which using REN Server would achieve a similar result. The main drawback of REN Server is that it opened a new page/tab even before the process was finished, making the navigation more complicated.

The new functionality is called Dynamic Alert Sliding Windows, which is still more boring than Sparky, but what matters is the functionality, not the name. These notifications are enabled in the Process Scheduler System Settings page:


In this page, the administrator chooses which Status are going to be displayed to the user when running a process. As you see, the functionality is quite easy to setup and a significant step forward in usability of batch process scheduling.
Note (Feb 6th 2015): There is a great blog post by Srinivas Reddy demonstrating this functionality from an user perspective. Here is the link: http://srinivasreddy18.blogspot.it/2015/02/peopletools-854-dynamic-alert-sliding.html



Partner Webcast – Enterprise Mobility: Remote Data Synchronization in Oracle Mobile Application Framework

Digital disruption – you have probably heard this concept quite many times recently and this is for a reason. Disruption means changing old ways of doing things, especially in business. Many...

We share our skills to maximize your revenue!
Categories: DBA Blogs

Alliance 2015

Jim Marion - Thu, 2015-02-05 16:42

I am looking forward to seeing everyone at the Alliance conference in Nashville next month. I was just reviewing my schedule and see lots of interesting technical sessions (as always). If you have room in your schedule, I invite you to attend my session on Tuesday, Mar 17, 2015 from 11:15 AM to 12:15 PM in Presidential D. The session is titled PeopleSoft PeopleTools Developer: Tips and Techniques. If you can't make it to my session, then perhaps I'll see you shortly thereafter at Meet the Experts from 1:45 to 2:45 (table 11)? I'll be around the conference all week and will be working in the demo grounds when I'm not attending sessions. See you in a few weeks!

Changing Target ownership after the discovery of Targets in EM12c

Arun Bavera - Thu, 2015-02-05 16:29
Building emcli commands to Change ownership of  Targets


select 'emcli change_target_owner -target="'||target_name||':host" -owner="EM_ADMIN" -new_owner="WEB_ADMIN"' from mgmt$target where target_type='host' and target_name like 'mypattern%'

Ref:
http://docs.oracle.com/cd/E24628_01/em.121/e17786/cli_verb_ref.htm#CACGFIDA

Categories: Development

Oracle Priority Support Infogram for 05-FEB-2015

Oracle Infogram - Thu, 2015-02-05 13:52

RDBMS
An Oracle Instance is Like An Upmarket Restaurant, from Martin Widlake's Yet Another Oracle Blog
Bulk Data Insertion into Oracle Database in C#, from DZone.
Another great issue of Pythian’sLog Buffer: Log Buffer #407, A Carnival of the Vanities for DBAs.
Performance
Dev Tip - Tracking Process Resource Use, from OTN.
MAF
How to manage iOS log files in MAF 2.1, from The Oracle Mobile Platform Blog.
WebLogic
From WebLogic Partner Community EMEA: Whats new in GlassFish 4.1? by C2B2.
And from The WebLogic Server Blog: WebLogic and Arquillian: A Bare-Bones Example
SOA
From SOA & BPM Partner Community Blog: SOA Suite 12c Demo GSE just got more valuable with Internet Accessible Demos and Customer Guest Access.
BI
Oracle BI Mobile Security Toolkit 11.1.1.7.0 (11.6.20) for iOS is now Available, from Business Analytics - Proactive Support.
Fusion
From the Oracle A-Team Chronicles: Disaster Recovery for On-Premise Fusion Applications.
Oracle Utilities
Installing the Oracle Application Management Pack for Oracle Utilities, from The Shorten Spot.
Solaris
From Darryl Gove's blog: Digging into microstate accounting.
Security
A few figures that should give people pause to think…then check versions on their company’s installed browser base: IT security: Companies are lulled into a false sense of security, from the EMEA Midsize Blog.

EBS
From Oracle E-Business Suite Support Blog:
Critical Patch Updates for 2015
How To Upload Meter Readings Using the Install Base Counter Readings Open Interface
Webcast: Memory Based Planner Errors
Webcast: Demantra Integration and the MSD_DP_SCN_ENTRIES_DENORM (Denorm) Table
Webcast: Cost Rollup Process For Configured Items (CTO)
Important Information for Retropay Users!

New R12 Consolidated Patch for R12 1099 Reporting Available!

A Primer on Oracle Documents Cloud Service Administration - Part 3

WebCenter Team - Thu, 2015-02-05 09:26

by Thyaga Vasudevan, Senior Director, Oracle WebCenter Product Management

All this week, we have been covering quick tips on how to get started with Oracle Documents Cloud Service (DOCS) administration. In my first post in the series, I shared how you can easily add a user or a group of users to  DOCS. The second post focused on assigning user quota and how to reset a user's password. In this final post in the series, we will take a look at how to create a Public Link to securely share with external collaborators. We would also discuss how to monitor system usage to optimize services and savings.

And remember, while this is a final post in THIS series, there is much to discuss and discover. So, stay tuned for our next installment and in between, if you have a hankering for more Oracle Documents Cloud Service, don't forget to visit our website loaded with comprehensive demos and materials and catch us at an Oracle Cloud Day near you. For your desk viewing, we now also have the replay of Oracle Cloud Platform Online Forum available.

In the meantime, here we go on to the next two tips on DOCS administration.

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";}

Tip 4. Public Link Policy

As an administrator, you definitely want your end-users to be more productive by getting the most out of the Documents Cloud Service. You also want to ensure that security of documents is maintained.

Creating public links is a very easy way for end-users to create a link to a file / folder and share it externally. Using the admin console, you set policies to enable / disable public links for files/folders by following these steps.

1. Open your web browser and sign in to Oracle Documents Cloud Service as an administrator.

2. Open your user menu in the top right corner and click Administration.

3. Select System-Wide Settings from the left menu.

4. Enable public links to files and folders by clicking Yes.

5. Define the default role for public links. You can choose from Downloader or Viewer.

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";}

Tip 5. Monitor System Usage

We know how important it is to have a pulse on how well the Document Service is being used within your organization. Also, as an administrator, you want to have complete insight into the state of the service.

Oracle Documents Service provides a rich dashboard which has a wealth of information. To get to it, follow the following steps:

  1. Sign in to the My Services Application.
  2. On the dashboard, select the service and click the Overview or Metrics icon on the left side of the page.

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";}

As you can see, Oracle Document Cloud Service is fairly intuitive and user friendly. With comprehensive security and user administration features, it is no wonder that organizations are adopting Oracle Document Cloud Service as their enterprise-class Electronic File Sharing System (EFSS). For more information, visit us at cloud.oracle.com/documents and reach out to our technology experts at a Cloud Day event coming to a city near you.

And, of course, we look forward to hearing from you. So, if you have any questions, comments or need more information, do leave us a comment.

The Next-Generation of Oracle Engineered Systems: New Markets, New Opportunities for Partners

The Data Center of the Future—Low Cost and Engineered for Innovation On January 21st Larry Ellison announced the next generation of Oracle Engineered Systems as the cornerstone of the Oracle...

We share our skills to maximize your revenue!
Categories: DBA Blogs

Is cybersecurity a low priority for local US governments?

Chris Foot - Thu, 2015-02-05 01:08

While United States federal authorities are painstakingly trying to determine how database monitoring services and network surveillance techniques can defend them against cyberattacks, it's a wonder if state and local governments are giving the issue the attention it deserves.

Local authorities hold the type of data hackers use to commit identity theft, such as drivers license numbers, Social Security information, home addresses and phone numbers. The aim isn't to unmask military or industrial secrets, but to steal constituent data.

Defenses aren't so tight
The Financial Times study noted that more than 66 percent of US government data breaches occurred at the state or local level. Shape Security Senior Threat Researcher Wade Williamson noted such entities are "enticing targets," because they generally lack the resources or talent required to reinforce security measures. In regard to this factor, many fledgling hackers may infiltrate sparsely guarded databases that receive low maintenance in order to bolster their reputations among the hacking community.

"Hackers can expose a bunch of personal information and post it out there to show 'we broke into a site,'" said Williamson, as quoted by the source. "It is going to gain them notoriety."

Who's doing the damage?
FT noted that cybercriminals stole approximately 280,000 Social Security numbers when they infiltrated Utah state government servers in 2012, so it's clear that hackers with financial goals are a part of the problem.

Yet hacktivist groups seem to target local governments the most. After the Michael Brown shooting, notorious hacktivist entity Anonymous posted a video stating that if the Ferguson Police Department or any other judicial authority harassed or harmed the protestors in Ferguson, the entity would take all government and departmental Web-based assets offline and release personal information of police officers to the public.

Whether or not Anonymous was justified in making this threat is beside the point, which is that local authorities are not exempt from experiencing database attacks.

Priorities are elsewhere
Government Technology commented on various State of the State addresses, highlighting points made by governors who want to focus on transportation development and developing stronger curriculums in science, technology, engineering and math. As far as IT is concerned, digital services were mentioned, as well as broadband expansion.

However, cybersecurity wasn't acknowledged in the article whatsoever. The primary focus is directed toward improving constituent access to the Internet. There's nothing wrong with this priority, but ignoring cybersecurity can only lead to greater system vulnerabilities.

For a look at how the federal government is responding to increasing cyberattacks, check out our post discussing President Obama's proposal of a new breach notification law.

The post Is cybersecurity a low priority for local US governments? appeared first on Remote DBA Experts.

Babson Study of Online Learning Released

Michael Feldstein - Wed, 2015-02-04 23:52

By Phil Hill

Phil is a consultant and industry analyst covering the educational technology market primarily for higher education. He has written for e-Literate since Aug 2011. For a more complete biography, view his profile page.

Web | Twitter | LinkedIn | Google+ | More Posts (285)

Babson Survey Research Group (BSRG) just released its annual survey of online learning in US higher education (press release here). This year they have moved from use of survey methodology for the online enrollment section to use of IPEDS distance education data. Russ Poulin from WCET and I provided commentary on the two data sources as an appendix to the study.

The report highlights the significant drop in growth of online education in the US (which I covered previously in this e-Literate post). Some of the key findings:

  • Previous reports in this series noted the proportion of institutions that believe that online education is a critical component of their long-term strategy has shown small but steady increases for a decade, followed by a retreat in 2013.
  • After years of a consistently growing majority of chief academic officers rating the learning outcomes for online education “as good as or better” than those for face-to-face instruction, the pattern reversed itself last year.
  • This report series has used its own data to chronicle the continued increases in the number of students taking at least one online course. Online enrollments have increased at rates far in excess of those of overall higher education. The pattern, however, has been one of decreasing growth rates over time. This year marks the first use of IPEDS data to examine this trend.
  • While the number of students taking distance courses has grown by the millions over the past decade, it has not come without considerable concerns. Faculty acceptance has lagged, concerns about student retention linger, and leaders continue to worry that online courses require more faculty effort than face-to-face instruction.

BSRG looked at the low growth (which I characterized as ‘no discernible’ growth’ due to noise in the data) and broke down trends by sector.

Growth by sector

The report also found that more institutions are viewing online education as ‘critical to the long term strategy of my institution’.

Strategic online

 

There’s lots of good data and analysis available – read the whole report here.

I’ll write more about the critique of data sources that Russ and I provided in the next few days.

We are especially pleased that Phil Hill and Russ Poulin have contributed their analysis of the transition issues of moving to IPEDS data. Their clear and insightful description will be of value for all who track distance education.

I want to personally thank Jeff Seaman for the opportunity he and his team provided for us to provide this analysis.

The post Babson Study of Online Learning Released appeared first on e-Literate.

Steps to Blackout Agent of Cloud Control 12c

Pakistan's First Oracle Blog - Wed, 2015-02-04 18:09
1) Set the environment to the cloud control agent. You can agent name from /etc/oratab file.

myserver: $ . oraenv
ORACLE_SID = [ORCL] ? agent12c

2) Check which targets are being monitored by the cloud control agent on this server:

myserver: $ emctl config agent listtargets
Oracle Enterprise Manager Cloud Control 12c Release 4 
Copyright (c) 1996, 2014 Oracle Corporation.  All rights reserved.
[MYSERVER, host]
[MYSERVER:3872, oracle_emd]
[ORCL, oracle_database]

3) Check if there is any existing blackout of agent on this server:

myserver: $ emctl status blackout
Oracle Enterprise Manager Cloud Control 12c Release 4 
Copyright (c) 1996, 2014 Oracle Corporation.  All rights reserved.
No Blackout registered.

4) Start the blackout:

myserver: $ emctl start blackout orcl_down_20150204 ORCL:oracle_database
Oracle Enterprise Manager Cloud Control 12c Release 4 
Copyright (c) 1996, 2014 Oracle Corporation.  All rights reserved.
Blackout orcl_down_20150204 added successfully
EMD reload completed successfully

5) Again check the status of the blackout:

myserver: $ emctl status blackout
Oracle Enterprise Manager Cloud Control 12c Release 4 
Copyright (c) 1996, 2014 Oracle Corporation.  All rights reserved.
Blackoutname = orcl_down_20150204
Targets = (ORCL:oracle_database,)
Time = ({2015-02-04|16:51:37,|} )
Expired = False

6) Stop the blackout:

myserver: $ emctl stop blackout orcl_down_20150204
Oracle Enterprise Manager Cloud Control 12c Release 4 
Copyright (c) 1996, 2014 Oracle Corporation.  All rights reserved.
Blackout orcl_down_20150204 stopped successfully
EMD reload completed successfully

7) Again check the status of blackout:

myserver: $ emctl status blackout
Oracle Enterprise Manager Cloud Control 12c Release 4 
Copyright (c) 1996, 2014 Oracle Corporation.  All rights reserved.
No Blackout registered.
Categories: DBA Blogs

APEX 5.0 Fixed Headings for Interactive Reports

Dimitri Gielis - Wed, 2015-02-04 17:30
When you click on the Attributes of your Interactive Report there's a neath little new features included called "Heading - Fixed to" with as options: None, Region and Page


We've got this request from many customers and it has always been a pain to get it working in every condition with APEX 4.x, but no hacking anymore - it's there now in APEX 5.0.
When you start to scroll the column header will move up and the content will scroll underneath it.

Here's a quick demo:

Categories: Development

APEX 5.0 EA3 - Universal Theme Styles - Gray!

Dimitri Gielis - Wed, 2015-02-04 16:17
In APEX 5.0 theme 42 is included - this is the Universal Theme. The theme comes with two styles: Blue and Gray.


The UI is so much improved in APEX 5, it's really a game changer. When you look at the details for example from such a style you will see it's using a Less file (Less is a CSS pre-processor) behind the scenes. So it's very easy to make changes to the CSS. But you probably even don't need to do that as the development team allows you to make customisations with ThemeRoller which generates JSON (another nice example where JSON is used - interested in JSON - I did some other posts on this blog about JSON).

To change the color for example, below you see the JSON for that.


Note that Theme Roller will generate the JSON for you. Accept from those customisations, the blue and gray style are using the exact same css.

From the Blue style many screenshots have been posted already, but I love the Gray style too, here's a screenshot when you switch the sample application's style to Gray.

Categories: Development

Developing On-Device Java Mobile Apps for iOS...and Android Too

Shay Shmeltzer - Wed, 2015-02-04 15:25

At the last JavaOne conference I presented a session titled "Developing On-Device Java Mobile Apps for iOS...and Android Too"

The recording of this session just became available, and I wanted to share it with you.

This session should be a good introduction to how Oracle enables Java developers to take their skills to the mobile world.

The first 28 minutes provide the overview, but if you are not into slides fast forward to minute 29 and start watching the extensive demo of developing an iOS application with Java and Eclipse. 

<br />


Categories: Development

Just a few days left to submit abstracts for GLOC 2015

Grumpy old DBA - Wed, 2015-02-04 14:09
The Cleveland based Great Lakes Oracle Conference 2015 is going to be a big event.  Hoping to pass 350 in attendance its going to be two days of track based sessions and a 1/2 day of workshops on monday.

Full details here GLOC 2015

We have a great set of abstracts in already and we want you to consider submitting one before we stop accepting them ( February 9th 2015 ) is last day.  Please consider attending even if you do not submit a presentation proposal!

Call for abstracts is GLOC 2015 abstract call

Thanks! John
Categories: DBA Blogs

Moving Oracle Inventory from one location to Another

Arun Bavera - Wed, 2015-02-04 13:03
Moving Oracle Inventory from one location to Another:

cp -pR /home/emuser/oraInventory/*  /opt/app/oracle/oraInventory

sed -i 's|'/home/emuser/oraInventory'|'/opt/app/oracle/oraInventory'|g' oraInst.loc
sed -i 's|'/home/emuser/oraInventory'|'/opt/app/oracle/oraInventory'|g' orainstRoot.sh


grep -rl 'oraInventory' ./ | xargs sed -i 's|'/home/emuser/oraInventory'|'/opt/app/oracle/oraInventory'|g'

vi /etc/oraInst.loc
inventory_loc=/opt/app/oracle/oraInventory
inst_group=oinstall


[root@myhostname oraInventory]# ./orainstRoot.sh
Changing permissions of /opt/app/oracle/oraInventory
Adding read,write permissions for group,Removing read,write,execute permissions for world.
Changing groupname of /opt/app/oracle/oraInventory to oinstall.
The execution of the script is complete
 
Categories: Development

Introduction to MongoDB Security

Tugdual Grall - Wed, 2015-02-04 12:12
View it on my new blog Last week at the Paris MUG, I had a quick chat about security and MongoDB, and I have decided to create this post that explains how to configure out of the box security available in MongoDB. You can find all information about MongoDB Security in following documentation chapter: http://docs.mongodb.org/manual/security/ In this post, I won't go into the detail about Tugdual Grallhttps://plus.google.com/103667961621022786141noreply@blogger.com0

INDEX FULL SCAN (MIN/MAX) with two identical MIN()

XTended Oracle SQL - Wed, 2015-02-04 09:39

I’ve just noticed an interesting thing:

Assume, that we have a simple query with “MIN(ID)” that works through “Index full scan(MIN/MAX)”:

SQL> explain plan for
  2  select
  3     min(ID)      as x
  4  from tab1
  5  where ID is not null;

Explained.

SQL> select * from table(dbms_xplan.display);

PLAN_TABLE_OUTPUT
---------------------------------------------------------------------------------------
Plan hash value: 4170136576

---------------------------------------------------------------------------------------
| Id  | Operation                   | Name    | Rows  | Bytes | Cost (%CPU)| Time     |
---------------------------------------------------------------------------------------
|   0 | SELECT STATEMENT            |         |     1 |     4 |     3   (0)| 00:00:01 |
|   1 |  SORT AGGREGATE             |         |     1 |     4 |            |          |
|   2 |   FIRST ROW                 |         |     1 |     4 |     3   (0)| 00:00:01 |
|*  3 |    INDEX FULL SCAN (MIN/MAX)| IX_TAB1 |     1 |     4 |     3   (0)| 00:00:01 |
---------------------------------------------------------------------------------------

Predicate Information (identified by operation id):
---------------------------------------------------

   3 - filter("ID" IS NOT NULL)

Spoiler:: Test tables SelectShow
create table tab1(id, x, padding)
as 
   with gen as (select level n from dual connect by level<=1000)
   select g1.n, g2.n, rpad(rownum,10,'x')
   from gen g1,gen g2;
create index ix_tab1 on tab1(id, x);
exec dbms_stats.gather_table_stats('','TAB1');


But look what will happen if we add one more “MIN(ID)”:

SQL> explain plan for
  2  select
  3     min(ID)      as x
  4   , min(ID)+1000 as x1000
  5  from tab1
  6  where ID is not null;

Explained.

SQL> select * from table(dbms_xplan.display);

PLAN_TABLE_OUTPUT
---------------------------------------------------------------------------------
Plan hash value: 3397888171

---------------------------------------------------------------------------------
| Id  | Operation             | Name    | Rows  | Bytes | Cost (%CPU)| Time     |
---------------------------------------------------------------------------------
|   0 | SELECT STATEMENT      |         |     1 |     4 |  3075  (17)| 00:00:02 |
|   1 |  SORT AGGREGATE       |         |     1 |     4 |            |          |
|*  2 |   INDEX FAST FULL SCAN| IX_TAB1 |   999K|  3906K|  3075  (17)| 00:00:02 |
---------------------------------------------------------------------------------

Predicate Information (identified by operation id):
---------------------------------------------------

   2 - filter("ID" IS NOT NULL)

At first I thought it was the old limitation from “MIN/MAX index access is not used if query has multiple MIN/MAX functions (Doc ID 316467.1)”, but we can get same plan by using hint:

SQL> explain plan for
  2  select/*+ index(tab1) */
  3     min(ID)      as x
  4   , min(ID)+1000 as x1000
  5  from tab1
  6  where ID is not null;

Explained.

SQL> select * from table(dbms_xplan.display);

PLAN_TABLE_OUTPUT
---------------------------------------------------------------------------------------
Plan hash value: 4170136576

---------------------------------------------------------------------------------------
| Id  | Operation                   | Name    | Rows  | Bytes | Cost (%CPU)| Time     |
---------------------------------------------------------------------------------------
|   0 | SELECT STATEMENT            |         |     1 |     4 |  3433  (22)| 00:00:02 |
|   1 |  SORT AGGREGATE             |         |     1 |     4 |            |          |
|   2 |   FIRST ROW                 |         |   999K|  3906K|  3433  (22)| 00:00:02 |
|*  3 |    INDEX FULL SCAN (MIN/MAX)| IX_TAB1 |   999K|  3906K|  3433  (22)| 00:00:02 |
---------------------------------------------------------------------------------------

Predicate Information (identified by operation id):
---------------------------------------------------

   3 - filter("ID" IS NOT NULL)

So, we can see that the real problem lies in the wrong cardinality calculation.

Of course, we can avoid this problem using the old method – with simple inner view:

SQL> explain plan for
  2  select x, x+1000
  3  from (
  4        select
  5           min(ID)      as x
  6        from tab1
  7        where ID is not null
  8       );

Explained.

SQL> select * from table(dbms_xplan.display);

PLAN_TABLE_OUTPUT
----------------------------------------------------------------------------------------
Plan hash value: 2347179087

----------------------------------------------------------------------------------------
| Id  | Operation                    | Name    | Rows  | Bytes | Cost (%CPU)| Time     |
----------------------------------------------------------------------------------------
|   0 | SELECT STATEMENT             |         |     1 |    13 |     3   (0)| 00:00:01 |
|   1 |  VIEW                        |         |     1 |    13 |     3   (0)| 00:00:01 |
|   2 |   SORT AGGREGATE             |         |     1 |     4 |            |          |
|   3 |    FIRST ROW                 |         |     1 |     4 |     3   (0)| 00:00:01 |
|*  4 |     INDEX FULL SCAN (MIN/MAX)| IX_TAB1 |     1 |     4 |     3   (0)| 00:00:01 |
----------------------------------------------------------------------------------------

Predicate Information (identified by operation id):
---------------------------------------------------

   4 - filter("ID" IS NOT NULL)
Categories: Development