Skip navigation.

Feed aggregator

Log Buffer #380, A Carnival of the Vanities for DBAs

Pythian Group - Fri, 2014-07-18 07:48

There are plethora of ideas sprouting in technology arena on daily basis and bloggers are catching up with them pretty nicely. This Log Buffer Edition skims some of them.

Oracle:

Building Dynamic Branded Digital Experiences with Oracle WebCenter

ORA-19909: datafile 1 belongs to an orphan incarnation

Opatchauto for OEM Management Servers

Get more out of Product Information Management with PIM Training Resources

ADF Mobile 12c (MAF) Support for Master-Detail Data Control

SQL Server:

Convert Rows into Columns

Developing a Custom SSIS Source Component

Stairway to SQL Server Security Level 3: Principals and Securables

Automate Registering and Maintaining Servers in SQL Server Management Studio (SSMS)

Implementation of partition switching within SSIS

MySQL:

High Availability with mysqlnd_ms on Percona XtraDB Cluster

Oracle Critical Patch Update for MySQL

MySQL Slave Scaling and more

ClouSE 1.0 is generally available

Install Apache2, PHP5 And MySQL Support On CentOS 7 (LAMP)

Categories: DBA Blogs

Planned Maintenance This Weekend!

Tim Hall - Fri, 2014-07-18 02:14

Just a quick heads-up to you folks…

On Saturday I’ll be transferring my website and blog to a new server. It’s with the same hosting company, so hopefully the DNS changes will not be too drastic.

The site is already in place on the new box and it seems to be working fine, so on Saturday morning I will do a backup of the MySQL databases and transfer them to the new machine, then initiate the DNS change.

The last time I did this, which was between different hosting companies, there were some issues in some geographical regions for a couple of days, but most people were seeing the site as normal within about an hour.

Note. If you happen to post on the forum or comment on a blog post during Saturday, it might be lost depending on the timing. Also, my email address my go wonky for a little while…

Fingers crossed… :)

Cheers

Tim…

 

Planned Maintenance This Weekend! was first posted on July 18, 2014 at 9:14 am.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

Oracle EM agent 12c thread leak on RAC

Yann Neuhaus - Thu, 2014-07-17 22:24

In a previous post about nproc limit, I wrote that I had to investigate the nproc limit with the number of threads because my Oracle 12c EM agent was having thousands of threads. This post is a short feedback about this issue and the way I have found the root cause. It concerns the enterprise manager agent 12c on Grid Infrasctructure >= 11.2.0.2

 

NLWP

The issue was:

 

ps -o nlwp,pid,lwp,args -u oracle | sort -n
NLWP   PID   LWP COMMAND
   1  8444  8444 oracleOPRODP3 (LOCAL=NO)
   1  9397  9397 oracleOPRODP3 (LOCAL=NO)
   1  9542  9542 oracleOPRODP3 (LOCAL=NO)
   1  9803  9803 /u00/app/oracle/product/agent12c/core/12.1.0.3.0/perl/bin/perl /u00/app/oracle/product/agent12c/core/12.1.0.3.0/bin/emwd.pl agent /u00/app/oracle/product/agent12c/agent_inst/sysman/log/emagent.nohup
  19 11966 11966 /u00/app/11.2.0/grid/bin/oraagent.bin
1114  9963  9963 /u00/app/oracle/product/agent12c/core/12.1.0.3.0/jdk/bin/java ... emagentSDK.jar oracle.sysman.gcagent.tmmain.TMMain

 

By default ps has only one entry per process, but each processes can have several threads - implemented on linux as light-weight process (LWP). Here, the NLWP column shows that I have 1114 threads for my EM 12c agent - and it was increasing every day until it reached the limit and the node failed ('Resource temporarily unavailable').

The first thing to do is to know what those threads are. The ps entries do not have a lot of information, but I discovered jstack which every java developer should know, I presume. You probably know that java has very verbose (lengthy) stack traces. Jstack was able to show me thousands of them in only one command:

 

Jstack
$ jstack 9963
2014-06-03 13:29:04
Full thread dump Java HotSpot(TM) 64-Bit Server VM (20.14-b01 mixed mode):

"Attach Listener" daemon prio=10 tid=0x00007f3368002000 nid=0x4c9b waiting on condition [0x0000000000000000]
   java.lang.Thread.State: RUNNABLE

"CRSeOns" prio=10 tid=0x00007f32c80b6800 nid=0x3863 in Object.wait() [0x00007f31fe11f000]
   java.lang.Thread.State: TIMED_WAITING (on object monitor)
	at java.lang.Object.wait(Native Method)
	at oracle.eons.impl.NotificationQueue.internalDequeue(NotificationQueue.java:278)
	- locked  (a java.lang.Object)
	at oracle.eons.impl.NotificationQueue.dequeue(NotificationQueue.java:255)
	at oracle.eons.proxy.impl.client.base.SubscriberImpl.receive(SubscriberImpl.java:98)
	at oracle.eons.proxy.impl.client.base.SubscriberImpl.receive(SubscriberImpl.java:79)
	at oracle.eons.proxy.impl.client.ProxySubscriber.receive(ProxySubscriber.java:29)
	at oracle.sysman.db.receivelet.eons.EonsMetric.beginSubscription(EonsMetric.java:872)
	at oracle.sysman.db.receivelet.eons.EonsMetricWlm.run(EonsMetricWlm.java:139)
	at oracle.sysman.gcagent.target.interaction.execution.ReceiveletInteractionMgr$3$1.run(ReceiveletInteractionMgr.java:1401)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
	at oracle.sysman.gcagent.util.system.GCAThread$RunnableWrapper.run(GCAThread.java:184)
	at java.lang.Thread.run(Thread.java:662)
...
 
CRSeOns

I don't paste all of them here. We have the 'main', we have a few GCs and 'Gang workers' which are present in all JVMs and we have a few enterprise manager threads. And what was interesting was that I had thousands of "CRSeOns" that seemed to be increasing.

Some guesses: I'm on RAC, and I have a 'ons' resource and the EM agent tries to subscribe to it. Goggle search returned nothing, and that's the reason I put that in a blog post now. Then I searched MOS, and bingo, there is a note: Doc ID 1486626.1. It has nothing to do with my issue, but has an interesting comment in it:

In cluster version 11.2.0.2 and higher, the ora.eons resource functionality has been moved to EVM. Because of this the ora.eons resource no longer exists or is controlled by crsctl.

It also explains how to disable EM agent subscription:

emctl setproperty agent -name disableEonsRcvlet -value true

I'm in 11.2.0.3 and I have thousands of threads related to a functionality that doesn't exist anymore. And that leads to some failures in my 4 nodes cluster.

The solution was simple: disable it.

For a long time I have seen a lot of memory leaks or CPU usage leaks related to the enterprise manager agent. With this new issue, I discovered a thread leak and I also faced a SR leak when trying to get support for the 'Resource temporarily unavailable' error, going back and forth between OS, Database, Cluster and EM support teams...

ADF Mobile 12c (MAF) Support for Master-Detail Data Control

Andrejus Baranovski - Thu, 2014-07-17 14:15
ADF 12c is shipped with renamed mobile platform framework - Oracle Mobile Application Framework (MAF). Previously this was named ADF Mobile. 12c MAF is based on ADF Mobile and provides additional functionality and improvements. Everyone familiar with ADF Mobile 11g, should get up to speed with 12c without issues. I would like to highlight one interesting improvement implemented in 12c MAF - out of the box support for Master-Detail relationship. In previous 11g release, master record key was not preserved across different pages - developer was forced to store selected key in memory, to call execute method through invoke action in the second page and finally to reset a key. There was an alternative solution, described by Steven Davelaar - ADF Mobile – Preserving the Current Row Across Pages. Approach described in Steven's blog seems to be integrated into 12c MAF, there is no need to manage selected Master key manually, framework does this for you.

Sample application - MAFMobileLocalApp.zip, is based on HR schema loaded into local SQLite database and implements 2 level Details. Top Master is a Region:


First Detail screen brings a list of all Countries, from selected Region:


Second Detail screen displays available Locations, from selected Country:


Sample application provides navigation springboard, now there is only one Task Flow available - Address (may be there will be more options in the future):


Overall, 12c MAF is a great step forward - improved performance, better and cleaner UI, new features. MDS Seeded Customizations are supported now for mobile applications implemented with 12c MAF.

Sample comes with HR schema structure and data:


HR structure and data is loaded to the local SQLite database on initial application startup:


SQLite database is a physical file and we are opening JDBC connection. This is a database for single user, one user will be using it - no concurrency:


I will describe below, how to create Master-Detail structure and generate Data Control. There is a special extension available for similar task - A-Team Mobile Persistence Extension for Oracle MAF. However, for this exercise I would like to do it myself.

Firstly we should start with a model. There is Master-Detail relationship between Regions and Countries. Region object included a list of Country objects:


Country object in turn includes a list of Location objects, this is 2nd dependency:


This is our basic model, nothing complex. Model needs to be populated with data, this can be done with SQL, as all our data is stored locally in SQLite DB. Region, Country and Location rows are retrieved using SQL, Master-Detail relationship is populated manually:


Master-Detail relationship would not work, if there would be no Primary Key defined for Master object. By default, key is not set, when Data Control is generated. We need to edit Data Control object explicitly:


Here we can set a Primary Key for the attribute:


Task Flow displays relationship between Regions -> Countries -> Locations, there must be Primary Key set at least for Regions and Countries:


Important rule to know, 12c MAF doesn't really remembers current row in Data Control - it rather searching for iterator name and retrieves current state. This means, iterators in different pages must have the same names, otherwise current row key will not be resolved (even for the same data model object).

As for example, Region fragment:


Is based on data retrieved from regionsIterator:


This means Country fragment, displaying detail data:


Must have reference to Master iterator with the same name, as it is created in the first page Region (regionsIterator):

Taking a Look at the New Oracle Big Data SQL

Rittman Mead Consulting - Thu, 2014-07-17 13:15

Oracle launched their Oracle Big Data SQL product earlier this week, and it’ll be of interest to anyone who saw our series of posts a few weeks ago about the updated Oracle Information Management Reference Architecture, where Hadoop now sits alongside traditional Oracle data warehouses to provide what’s termed a “data reservoir”. In this type of architecture, Hadoop and its underlying technologies HDFS, Hive and schema-on-read databases provide an extension to the more structured relational Oracle data warehouses, making it possible to store and analyse much larger sets of data with much more diverse data types and structures; the issue that customers face when trying to implement this architecture is that Hadoop is a bit of a “wild west” in terms of data access methods, security and metadata, making it difficult for enterprises to come up with a consistent, over-arching data strategy that works for both types of data store.

Oracle Big Data SQL attempts to address this issue by providing a SQL access layer over Hadoop, managed by the Oracle database and integrated in with the regular SQL engine within the database. Where it differs from SQL on Hadoop technologies such as Apache Hive and Cloudera Impala is that there’s a single unified data dictionary, single Oracle SQL dialect and the full management capabilities of the Oracle database over both sources, giving you the ability to define access controls over both sources, use full Oracle SQL (including analytic functions, complex joins and the like) without having to drop down into HiveQL or other Hadoop SQL dialects. Those of you who follow the blog or work with Oracle’s big data connector products probably know of a couple of current technologies that sound like this; Oracle Loader for Hadoop (OLH) is a bulk-unloader for Hadoop that copies Hive or HDFS data into an Oracle database typically faster than a tool like Sqoop, whilst Oracle Direct Connector for HDFS (ODCH) gives the database the ability to define external tables over Hive or HDFS data, and then query that data using regular Oracle SQL.

Where ODCH falls short is that it treats the HDFS and Hive data as a single stream, making it easy to read once but, like regular external tables, slow to access frequently as there’s no ability to define indexes over the Hadoop data; OLH is also good but you can only use it to bulk-load data into Oracle, you can’t use it to query data in-place. Oracle Big Data SQL uses an approach similar to ODCH but crucially, it uses some Exadata concepts to move processing down to the Hadoop cluster, just as Exadata moves processing down to the Exadata storage cells (so much so that the project was called “Project Exadoop” internally within Oracle up to the launch) – but also meaning that it’s Exadata only, and not available for Oracle Databases running on non-Exadata hardware.

As explained by the launch blog post by Oracle’s Dan McClary, Oracle Big Data SQL includes components that install on the Hadoop cluster nodes that provide the same “SmartScan” functionality that Exadata uses to reduce network traffic between storage servers and compute servers. In the case of Big Data SQL, this SmartScan functionality retrieves just the columns of data requested in the query (a process referred to as “column projection”), and also only sends back those rows that are requested by the query predicate.

NewImage

Combined with Hive’s ability to map unstructured data sources into regular columns and tables, and Big Data SQL’s support for Oracle NoSQL database, the promise of this new technology is the ability to run queries against both relational, Hadoop and NoSQL data sources using a common data dictionary and common set of identity and data access controls.

There’s a couple of potential downsides, though. First-off, Big Data SQL will only be available as part of Oracle Big Data Appliance, which though an impressive bit of hardware and software is a much smaller market than the total set of Oracle customers looking to combine relational and Hadoop-based data; it’s also restricted to Oracle 12c on Exadata meaning you’ll most probably need to do a database upgrade even if you’ve already got the required Exadata servers in-place. Finally, it’s also restricted to the Oracle-specific distribution of Cloudera Hadoop, though if you’re using the BDA you’ll be using this anyway.

My other concern though is that Oracle now focus on SQL as their only access mechanism into Hadoop and big data, in a similar way to how they focused on SQL as their access route into OLAP when they incorporated Oracle Express into the Oracle Database, back in the mid-2000’s. Focusing on SQL over multidimensional languages such as Express 4GL and MDX meant you missed the real point of using a multidimensional, OLAP database – which of course was being able to use a multidimensional query language, and my concern with Big Data SQL is that we’ll end up focusing on that rather than languages such as Spark, Pig and NoSQL query languages which, combined with schema-on-read, is the real differentiator for Hadoop-based systems. As long as Big Data SQL is positioned as a “bonus” – a convenient way of getting data out of Hadoop once it’s been processed and analysed using more Hadoop-native technologies – then Big Data SQL will be a great enabling and acceptance technology for enterprises, rather than one that ends up restricting them.

We’re not aware of any beta program and I don’t think the launch webcast mentioned a specific date or BDA version when Big Data SQL will be out, but with Openworld coming up soon I’d expect to hear more about this over the next few months. We’re involved in a couple of significant Oracle Big Data Appliance implementations at the moment and this product would address a real, pressing need at the moment with our customers, so I’m looking forward to getting more involved in it over the next few months.

This article was updated on 18th July to add the fact that Big Data SQL is only available on Exadata, and is not a generic Oracle Database 12c technology.

Categories: BI & Warehousing

What to look for in a cloud database security company

Chris Foot - Thu, 2014-07-17 12:58

Companies new to the world of cloud computing often express apprehension in regard to security.

Unsure as to how internal teams are supposed to deploy effective protection, a number choose to outsource to database administration services capable of monitoring all network and server activity around the clock. As there are so many such companies to choose from, some enterprises are unclear as to what they should be looking for.

Seek clarification
Gilad Paran-Nassani, a contributor to SYS-CON, acknowledged the puzzle organizations encounter when weighing cloud deployment capabilities with IT defenses. He outlined a number of points leaders should be sure to cover before signing a contract with a database security provider:

  1. Define who can access information: In addition to assigning company personnel the authorization codes, organizations should get a clear idea of who on the DBA end of the operation can obtain and view data. Any opacity in this regard should be thoroughly assessed.
  2. Know how data is encrypted in the cloud: The CIO and managers of the DBA service should sit down and outline how information will be hidden during transfers. Make sure there are no loopholes in the procedure and that it can be adjusted to new security needs.
  3. Conduct a background check: Get into contact with the prospective DBA's customers and ask them questions regarding their own experiences. In addition, ask the business to provide a list of any credentials pertaining to cloud platform protection.

What to look for
When seeking out a company that can provide remote database management for cloud environments, or on-premise solutions for that matter, there are a number of enterprise characteristics businesses should favor. MSPmentor contributor Michael Brown outlined four elements executives should look for when speaking with DBA services face-to-face:

  1. A fundamental concept: If the professionals on the other end of the table have a unique approach to how they tackle security, then they're most likely a sure bet.
  2. Honesty: A cloud security provider that acknowledges past mistakes and explains how it has evolved from those mishaps is filled with motivated, adaptable individuals.
  3. Transparency: When answering tough questions, a DBA should divulge its capabilities and shortcomings so trust can be quickly established.
  4. Commitment: Dedication should go beyond day-to-day security amenities. A DBA must seek ways to improve protection while ensuring system workability on a consistent basis.

As one can observe, selecting the right DBA to protect enterprise cloud environments requires human characteristics as well as technical ability. These considerations will help organizations find the right fit.

The post What to look for in a cloud database security company appeared first on Remote DBA Experts.

Interesting SLOB Use Cases – Part I. Studying ZFS Fragmentation. Introducing Bart Sjerps.

Kevin Closson - Thu, 2014-07-17 10:35

This is the first installment in a series of posts I’m launching to share interesting use cases for SLOB. I have several installments teed up but to put a spin on things I’m going to hit two birds with one stone in this installment. The first bird I’ll hit is to introduce a friend and colleague, Bart Sjerps, who I just added to my blogroll. The other bird in my cross-hairs is this interesting post Bart wrote some time back that covers a study of ZFS fragmentation using SLOB.

Bart Sjerps on ZFS Fragmentation. A SLOB study.

As always, please visit the SLOB Resources Page for SLOB kit and documentation.

 


Filed under: Silly Little Oracle Benchmark, SLOB, ZFS, ZFS Performance

Oracle Critical Patch Update Advisory – July 2014

Oracle in Action - Wed, 2014-07-16 23:52

RSS content

Oracle has released July Critical Patch Update on 15 July 2014.

This Critical Patch Update provides 113 new security fixes across a wide range of product families including: Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Linux and Virtualization, Oracle MySQL, and Oracle and Sun Systems Products Suite.

For more details, please click here.



Tags:  

Del.icio.us
Digg

Comments:  0 (Zero), Be the first to leave a reply!You might be interested in this:  
Copyright © ORACLE IN ACTION [Oracle Critical Patch Update Advisory - July 2014], All Right Reserved. 2014.

The post Oracle Critical Patch Update Advisory – July 2014 appeared first on ORACLE IN ACTION.

Categories: DBA Blogs

Oracle Priority Service Infogram for 16-JUL-2014

Oracle Infogram - Wed, 2014-07-16 19:45

They’re baaack! Time for quarterly patching:
July 15, 2014
Oracle Critical Patch Update for July 2014

Dear Oracle Security Alert Subscriber,

The Critical Patch Update for July 2014 was released on July 15th, 2014.
Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes the list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities for each product suite, and links to other important documents. Supported products that are not listed in the "Supported Products and Components Affected" section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information. Critical Patch Update Advisories are available at the following location:

Oracle Technology Network:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html

The Critical Patch Update Advisory for July 2014 is available at the following location:

Oracle Technology Network:
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

The next four dates for Critical Patch Updates are:
  • October 14, 2014
  • January 20, 2015
  • April 14, 2015
  • July 14, 2015
Thank you,
Oracle Security AlertsOpenWorld
Five Reasons to Attend Oracle OpenWorld, from Oracle PartnerNetwork Strategy Blog. And the sixth reason, from your editor: Free COCKTAIL SHRIMP!
RDBMS
From A Wider View: Oracle DBA Training Options Are Changing.
Virtualization
From The art of virtualization: Network Virtualization High Availability.
Social Networking
From ZDNet: Oracle lands LinkedIn support on Social Cloud, updates Marketing platform
Visualization
From Oracle Data Visualizations Blog: Videos on New Features in Data Visualizations now available on Oracle Technology Network.
BI
From BI & Analytics Pulse: BI Mobile: The Data Access Dilemma – the Gray Space.
Java
Release: Java SE Embedded 8 Update 6 and Java SE 8 U6 for ARM, from The Java Source.
ADF
ADF Faces Responsive Design - 12.1.3 Update, from Shay Shmeltzer's Weblog.
Writing Code for a Living
The Top Programming Languages, Ranked by Job Demand, Popularity, More, from lifehacker.
WebCenter
Framework Folder Support for WebCenter Portal? It's Coming!, from the Proactive Support - Portals blog.
OUD
From Sylvain Duloutre's Weblog: ODSM Silent Install.
Security
From SemiconductorEngineering: The Next Big Threat: AI Malware. EBS
From Integrigy: Oracle E-Business Suite Security - Signed JAR Files - What Should You Do – Part II
From the Oracle E-Business Suite Support Blog:
Discrete LCM Integration Key Setup Analyzer
Need more information on Online Accruals in Procurement?
Appearing Soon - New Interactive Troubleshooting Flows for Receivables Transaction Workbench and Receipt Workbench
How To Customize Oracle Asset Tracking to Meet Specific Business Requirements
My Oracle Support Community New Functionality Sneak Peak!
United States (US) Second Quarter (Q2) 2014 Statutory Update Released
Learn About Troubleshooting Reports & Printing Issues


Password Change Sample - Updated

Anthony Shorten - Wed, 2014-07-16 17:31

In the Technical Best Practices whitepaper ((Doc Id: 560367.1), available from My Oracle Support, there is a section (Password Management Solution for Oracle WebLogic) that mentions a sample password change JSP that used to be provided by BEA for WebLogic. That site is no longer available but the sample code is now available on this blog.

Now, this is an example only and is very generic. It is not a drop and install feature that you can place in your installation but the example is sufficient to give an idea of the Oracle WebLogic API available for changing your password. It is meant to allow you to develop a CM JSP if you required this feature.

There is NO support for this as it is sample code only. It is merely an example of the API available. Link to this code is here. Examine it to get ideas for your own solutions.

The API used will most probably work for any security system that is configured as an authentication security provider.

have fun anyone heading out to OOW 2014

Grumpy old DBA - Wed, 2014-07-16 16:29
For anyone who has never attended a San Francisco Oracle Open World you really should go at some point.  The city is beautiful and the event well organized if a little on the chaotic side.

I have been lucky enough to attend quite a few of them over the last 10 years but missed out last year and also will be missing out this year.

It has been just once that one of my presentation abstracts was accepted out there.  I applied this year with two of what I think are quite good presentations but well no dice.

I have a free pass for the conference ( thanks Oracle Ace program ) but work is not willing to give me time off to attend this year and also not willing therefore to help pay for it.  I could take vacation off to attend but well it is very expensive and I need the time off that I do have for other things.

Have fun anyone that does make it out there!  Maybe I will make it to OOW 2015?
Categories: DBA Blogs

So, a Researcher and Six Developers Join a Coding Challenge

Oracle AppsLab - Wed, 2014-07-16 14:07

Editor’s Note: Hey, a new author! Colleague and Friend of the ‘Lab, Joyce Ohgi, a principal usability researcher here at Oracle Applications User Experience, joined several of our guys and tall man, all-around good dude and Friend of the ‘Lab, Rafa Belloni (@rafabelloni), to form a super-powered team last week.

This is her story, as told from the inside. Enjoy.

I earned $600 in a coding challenge without writing a single line of code.

Well, strictly speaking, $600/7 = $85.71, 7 being the number of members on our team. The challenge in question? The Oracle Applications User Experience Beacons Developer Challenge, a contest between internal Oracle teams to devise a creative solution using Estimote’s beacons and Oracle Facilities data provided by Oracle Spatial.

We were given: the beacons, some sample data, icons, and images, an example app, a pack of poster gum to stick the beacons on walls, and the freedom to do whatever we could: 1) dream up and 2) execute in 48 hours.

Fast forward: Anthony Lai (@anthonslai) and I are standing in front of a room of developers and five judges about to give a presentation on our app, whose back end I still did not fully grasp. How did I get there?

My journey started two days before the official challenge start date. I ate lunch with Tony, one of the developers, and he suggested I join the team because “Why not? It’ll be fun.”

I had heard of the challenge but thought it wasn’t for someone like me, as my now-rusty coding skills were last used for an Intro to C programming class in college; what could I contribute to a contest whose purpose is literally to generate code? But I like Tony, and he promised me it would be fun. So I decided, well, if the team will have me, I’d like to try it out. So I signed up.

One day before the challenge: the team decides to meet in order to: 1) learn each other’s names and 2) come up with a list of ideas, which would be narrowed down once the contest started.

After we all introduced ourselves, the brainstorming began immediately and organically. But, to my surprise, not a single dev was taking notes. How were we going to remember all the ideas and organize ourselves?

As a researcher, one of the basic rules of my job is to always observe and always take notes.

I could be useful! I whipped out my handy iPad with keyboard case and typed away. But some of the ideas didn’t make sense to me, and for the good of the team, I realized I also should be voicing my questions and opinions, not just act as the scribe.

So, I asked questions. It was scary. I was worried they would tease me for not knowing the back-end stuff they were talking about, or for speaking about ideas in terms of users’ needs, instead of the system constraints or technology features.

But the team listened to me. They even agreed with me. Okay, they also disagreed with me sometimes. But they treated me with the same respect they treated each other.

Day of the challenge - final code check-in: Honestly, the whole coding challenge experience is a blur. As a researcher, I’m trained not just to always take notes, but also to take photos whenever possible to retain key details that could be otherwise forgotten.

I got so wrapped up in our project, that I didn’t take a single photo of our group. I did take several pictures of our competition though.

Luckily Kathy Miedema dropped by to wish us luck and also snapped a picture.

Mail Attachment

Photo by Kathy Miedema, used with permission

As for the experience itself, I can only attempt to describe it by painting a picture in words.

We are all seated in the AUX Team’s little Design Room. Although all the chairs are occupied, silence reigns, interrupted only by the soft clicking of keyboards, and the occasional low conversation.

Usually, the mental image of collaboration is of a group of people talking together in a group. But in this case, even though it looked like we were all doing our own separate thing, it was intensely collaborative.

Each of our parts would need to come together by the deadline, so we did constant, impromptu, little check-ins to make sure the pieces we were building would integrate quickly.

I checked-in constantly as well, seeking confirmation that, of the many research methodologies I could use, the ones I chose gave the team the data they needed, i.e. user interviews to capture wants, needs and task flows of the current processes and feedback sessions with key stakeholders.

By the way, if you are interested in learning more about research methodology, you can find more info at UX Direct.

So, back to Anthony and me, standing in front of a crowd, about to launch into our demo.

It was crazy; we didn’t have time to do a run-through before; we had some weird display lags using the projector and the Samsung Gear Live smartwatch; the script was too long, and we ran out of time.

Believe me, I have a list of things that we can improve upon for the next challenge, but our idea was good.

Technically, it was solid, because of the deep expertise of the team, which aggregated probably comes close to 100 years of total development experience, and it was based on real users’ needs because of my research.

Happily, we won 2nd place, and $600. Next year, we’ll be gunning for 1st and the cool $1000 prize, which would net $142.86 for each of us.

All kidding aside, it’s not about the prize money or the recognition. It’s about people using their unique skill sets to build something better than any of them could have built on their own.

I will close with a text exchange between Anthony and me, post-challenge:

Me: Thx for letting me participate. I enjoyed seeing “your world” aka development.
Anthony: Uh oh. We are a test species to you.
Me: Don’t worry. A good researcher observes to understand, not to pass judgment.

And later, when I was fretting that I cost our team the win by not contributing any code, Anthony wrote to me:

Contributing code does not mean contributing; contributing does not mean contributing code.

Editor again: Joyce thought the post needing a closing. Thanks to Joyce, Rafa and our guys, Anthony, Luis, Osvaldo, Raymond and Tony for all their hard work. Consider the post closed. Oh, and find the comments.Possibly Related Posts:

PeopleCode Coding Discipline

Jim Marion - Wed, 2014-07-16 11:23

Java, JavaScript, C++, C Sharp, Objective C, Groovy... what do these languages have in common? Yes, curly braces, but besides that... actually, there are a lot of similarities between these languages. Throw Visual Basic, Perl, Python, or any other well-known language into the mix and the number of similarities drops significantly. Setting semantics and syntax aside, a common attribute of all well-known languages is standards and best practices. Some of those best practices (such as coding style) differ by language. For example, bash scripts can either look like, uh... bash scripts or they can look like c-style logic statements. Obviously, bash best practices prefer you make bash code look like bash code. Other standards are personal: do you prefer real tabs or spaces? How many spaces does your tab consume? Do you put curly braces on a new line?

How does all of this fit into PeopleCode? Forget about code formatting preferences. Application Designer has its own code formatting ideas. But there are other best practices that can help you write better code with fewer defects (fewer defects = better code). By following best practices your code will be easier to read, you will be more productive, and your users will be happier because you deliver better solutions faster.

Even though best practices usually result in code that is more efficient to process, that isn't really the point. Computers can interpret just about anything. Compilers and interpreters are really good at eliminating useless words and resolving seemingly incomprehensible logic. I love Martin Fowler's quote, "Any fool can write code that a computer can understand. Good programmers write code that humans can understand." Best practices are really about writing code that humans can easily comprehend. For example, avoid complex logic (including double negatives, or any negative logic, for that matter), keep your method and function code short, etc. If you write some code, leave it for a night, and then come back the next day and either need to read lots of comments to figure it out or spend a few minutes "remembering" what that code does, then the code is probably too complex. The problem with complex code is that it is easily misinterpreted by humans. Another problem with complex code is we actually ignore it when trying to resolve problems. We know it takes time to digest complex code, so we avoid it, preferring to test simple code first. Why waste time trying to understand complex code if it might be functioning properly?

Today's Quest Newsletter contained a link to 10 Bad Coding Practices That Wreck Software Development Projects. These are language agnostic practices that we can easily apply to PeopleSoft development.

If I were to summarize Coding best practices, I think I would do it like this: two.sentenc.es. Now, arguably, short does not equal comprehensible. There are programmers that err on the terse side because it is clever. This is true, often short code is clever. It is also hard to read. Most of us, however, err the other way. E. F. Schumacher said, "Any fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage — to move in the opposite direction." Schumacher died in 1977, so this problem is not new.

Computer programming is about communication. As programmers we have two audiences:

  • Computers (which can interpret anything -- even complex stuff)
  • Humans (who have a limited attention span, distractions, and a preference for simplicity)

Here is why I think discipline and best practices are critical for good PeopleCode:

We use PeopleCode to create business rules, but PeopleCode is NOT a business rules language. PeopleCode is a Metadata manipulation language. (Note: this is purely my opinion)

Here is why I believe PeopleCode is for metadata, not business rules: PeopleCode only has Metadata objects: records, fields, SQL, components, menus, etc. These are all metadata. These are the low level API's we use to write business logic. Consider the following PeopleCode:

Local record &rec = CreateRecord(Record.PSOPRDEFN);
Local field &descr;

&rec.SelectByKey("jimsoprid");
&descr = &rec.GetField(Field.OPRDEFNDESC);

&descr.Value = "Jim Marion";

&rec.Update();

This code implements business logic, but does so by manipulating metadata objects. PeopleCode metadata objects are building blocks for business logic. If we were to rewrite this using a business logic language, it would probably look something like this:

Local User &u = GetUser("jimsoprid");

&u.descr = "Jim Marion";
&u.Update();

And this is why discipline and best practices are SO important for PeopleCode developers: We are trying to speak business logic with a metadata vocabulary. We start with a communication deficit. It is like trying to teach advanced weaving using an automobile mechanics vocabulary. The two subjects have different vocabularies. But if you combine the words correctly, you can communicate the same meaning.

Oracle CPU July 2014 + Oracle Exploit CVE-2013-3751

Alexander Kornbrust - Wed, 2014-07-16 10:03

Yesterday, Oracle released a new critical patch update (CPU Jul 2014) for July 2014. This CPU contains fixes for 5 database vulnerabilities. The most critical one, CVE-2013-3751, has a base score of 9.0 and affects Oracle 12.1 only. The same issue was already fixed for Oracle 11.2 in July 2013 (CPU Jul 2013).

After a short research on the web (google and twitter, less than 5 minutes) I found an exploit for the CVE-2013-3751.

This vulnerability was found by Nicolas Grégoire: He released an exploit nearly 1 year after the patch was published by Oracle. But it seems that he was not aware that Oracle forgot to fix this issue in Oracle 12.1

Timeline of CVE-2013-3751:

  • January 2012: Vulnerability found (fuzzing)
  • February 2012: Vulnerability reported to ZDI
  • March 2012: Vulnerability contracted $500
  • November 2012: Reported to Oracle by ZDI
  • July 2013: Patch published by Oracle
  • March 2014: Oracle’s Cloud still not patched
  • June 2014: Exploit released at INS#14 conference
  • July 2014: Patch for Oracle 12.1 published by Oracle

 

Exploit:

———-

select * from dual where xmltype(q'{<aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
abbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbcccccccccccccccccccccccccccccccccccccccccccccccc
ddddddddddddddddddddddddddddddddddddddddddddddddeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
ffffffffffffffffffffffffffffffffffffffffffffffffhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
iiiiiiiiiiiiiiiiiiiiiiiiii foo="bar[a &lt; b]"/>}') like '0wn3d_again';

———-

VirtualBox 4.3.14

Tim Hall - Wed, 2014-07-16 07:23

Oracle have given birth to VirtualBox 4.3.14. Mother and baby are doing well, with the downloads and changelog in the usual places.

Happy upgrading…

Cheers

Tim…

PS. Looks like the baby might be still-born. Fails pretty badly on Windows 7 at the moment…

PPS. Seems to work fine on Mac and Linux (Fedora 20)…

VirtualBox 4.3.14 was first posted on July 16, 2014 at 2:23 pm.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

Using Database In-Memory Column Store with Complex Datatypes (1)

Marco Gralike - Wed, 2014-07-16 05:51
The Oracle database 12.1.0.2 version, with the In-Memory option, isn’t yet released, but a lot of detail is already out there since it’s announcement by...

Read More

Portrait of a Technology Artist: Smart Cropping

Usable Apps - Tue, 2014-07-15 22:52

By Joe Goldberg, Ph.D., CPE, Chief Research Scientist, Oracle Applications User Experience

Sometimes it’s the little things that make or break a user experience.

Consider a common scenario: You’ve just found the perfect image of yourself and uploaded it to your employee profile page. After a page refresh, your headshot is cropped to fit the vertical aspect ratio of its container frame. The only problem: The right side of your face is now missing because the technology cropped the upper left of the image. Unless you want to be mistaken for a Cyclops, you now must manually re-crop in Photoshop, or whatever’s handy, and upload again, hoping for better results.

U.S. Dept of State Online Passport Application Picture Cropping Tool

Personal images are used widely in applications on the web, from social media profiles to human capital management portraits and public sector IDs. Note this tool from the U.S. Department of State’s passport application website.

What’s needed is a way to crop headshots so that faces remain fully intact.

Smart Cropping does just that. This Oracle Applications User Experience prototype feature automatically finds a person’s face in an image and then pads and crops the image to a desired aspect ratio so that the face is at the center of the cropped image. The technology that underlies Smart Cropping is OpenCV, an open-source computer vision library now being used extensively in consumer applications, such as cameras and cars.

OpenCV uses Haar Cascades from previously trained decision tree-based classifiers to rapidly find the coordinates of any faces in an image. This computer vision technology is transparent to the end user, who now enjoys perfect face cropping.

Smartcropping feature correctly detects and centers the image for the optimal portrait

The image on the left shows a headshot that is horizontally centered, but vertically above the image’s center. The image on the right shows the output of the Smart Cropping feature, where the image is both horizontally and vertically centered.

OpenCV is a great example of how the energies of the open source development community, scientific UX insight, and consumerization of technology come together to meet user expectations about how things should work in an easy and familiar way to solve a common problem. This alignment of the social and scientific stars underwrites the Oracle Applications User Experience (OAUX) design principles.

Visit the Usable Apps website to find out more about how you can participate in shaping our UX and how to build great solutions using the same techniques and science that OUAX uses.

Interested in discovering more?

July 2014 Critical Patch Update Released

Oracle Security Team - Tue, 2014-07-15 13:41
Normal 0 false false false EN-US X-NONE X-NONE

Hello, this is Eric Maurice.

Oracle today released the July 2014 Critical Patch Update. This Critical Patch Update provides 113 new security fixes across a wide range of product families including: Oracle Database, Oracle Fusion Middleware, Oracle Hyperion, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle PeopleSoft Enterprise, Oracle Siebel CRM, Oracle Industry Applications, Oracle Java SE, Oracle Linux and Virtualization, Oracle MySQL, and Oracle and Sun Systems Products Suite.

This Critical Patch Update provides 20 additional security fixes for Java SE. The highest CVSS Base Score for the Java vulnerabilities fixed in this Critical Patch Update is 10.0. This score affects a single Java SE client vulnerability (CVE-2014-4227). 7 other Java SE client vulnerabilities receive a CVSS Base Score of 9.3 (denoting that a complete compromise of the targeted client is possible, but that that access complexity to exploit these vulnerabilities is “medium.”) All in all, this Critical Patch Update provides fixes for 17 Java SE client vulnerabilities, 1 for a JSSE vulnerability affecting client and server, and 2 vulnerabilities affecting Java client and server. Oracle recommends that home users visit http://java.com/en/download/installed.jsp to ensure that they run the most recent version of Java. Oracle also recommends Windows XP users to upgrade to a currently-supported operating system. Running unsupported operating systems, particularly one as prevalent as Windows XP, create a very significant risk to users of these systems as vulnerabilities are widely known, exploit kits routinely available, and security patches no longer provided by the OS provider.

This Critical Patch Update also includes 5 fixes for the Oracle Database. The highest CVSS Base Score for these database vulnerabilities is 9.0 (this score affects vulnerability CVE-2013-3751)).

Oracle Fusion Middleware receives 29 new security fixes with this Critical Patch Update. The most severe CVSS Base Score for these vulnerabilities is 7.5.

Oracle E-Business Suite receives 5 new security fixes with this Critical Patch Update. The most severe CVSS Base Score reported for these vulnerabilities is 6.8.

Oracle Sun Systems Products Suite receive 3 new security fixes with this Critical Patch Update and one additional Oracle Enterprise Manager Grid Control fix is applicable to these deployments. Fixes that exist because of the dependency between individual Oracle product components are listed in italics in the Critical Patch Update Advisory. These bugs are listed in the risk matrices of the products they initially exist in, as well as in the risk matrices of the products they are used with. The most severe CVSS Base Score for these Oracle Sun Systems Products Suite vulnerabilities is 6.9.

As a reminder, Critical Patch Update fixes are intended to address significant security vulnerabilities in Oracle products and also include code fixes that are prerequisites for the security fixes. As a result, Oracle recommends that this Critical Patch Update be applied as soon as possible by customers using the affected products.

For More Information:

The July 2014 Critical Patch Update Advisory is located at http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

The Oracle Software Security Assurance web site is located at http://www.oracle.com/us/support/assurance.

Java home users can detect if they are running obsolete versions of Java SE and install the most recent version of Java by visiting http://java.com/en/download/installed.jsp

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Oracle OpenWorld and JavaOne SF 2014 - Early Bird Ends July 18th!

OTN TechBlog - Tue, 2014-07-15 13:34
Get the most. Save the most.

There are things to do at Oracle OpenWorld and JavaOne you can't do anywhere else. One of them is scoring Early Bird savings, which end on July 18, THIS FRIDAY!

Register for Oracle OpenWorld

Register for JavaOne

OTN will be posting it's list of 'can't do anywhere else' activities that we will be hosting at Oracle OpenWorld and JavaOne soon.