Passwords, or just semi-secret passphrase?

As my friend Matt Topper posted (only because he begged me to let him post first–I can’t stand seeing grown men cry), we’ve both experienced a number of cases lately where we’ve been disappointed by security practices we’ve observed. My personal pet peeve is when I call my cell phone provider and they attempt to … Continue reading “Passwords, or just semi-secret passphrase?”

As my friend Matt Topper posted (only because he begged me to let him post first–I can’t stand seeing grown men cry), we’ve both experienced a number of cases lately where we’ve been disappointed by security practices we’ve observed. My personal pet peeve is when I call my cell phone provider and they attempt to verify my identity by asking for the password on the account. Now, I know what they’re asking for and I do have an online password that I use when visiting the website, but I instead tell them that I don’t know the password. They are just as happy to verify me by the last four numbers in my SSN (which is another rant for another day). Anyway, I comply and as soon as I’ve been “verified” by this method, they read me the password on the account.

My primary gripe is not so much that they read me the password (which is stupid and wrong), but that they *could* read me the password. Why oh why is the password stored in any way that is retrievable? As Matt pointed out, there are almost countless, very well-documented ways to store passwords such that they are safe and non-retrievable (by the customer service reps or anyone else). I am not completely insensitive to the company’s issue when someone like my mother calls up because she forgot her password and just wants them to reminder her what it is. However, I think it is silly that she had to call them–the “forgot password” link should verify identity and allow her to reset the password on the spot or email a validation link to her unique email address.

So, my point is that there are many, many ways to protect me and my information, but it’s extremely frustrating to have to deal with vendors that just haven’t caught up with the last 30+ years of low-hanging fruit. If anyone from Sprint PCS IT is listening, please, oh my God please, fix this.

OpenWorld 07 QuickConnect

Oracle OpenWorld has been on my mind lately as I just got confirmed acceptance of my regular conference session presentation late last week. Today, I created my QuickConnect card. I have seen other posts about this card thingy, but I didn’t realize how interesting it is (or at least it may be) until I got … Continue reading “OpenWorld 07 QuickConnect”

Join Me at Oracle OpenWorld Connect!Oracle OpenWorld has been on my mind lately as I just got confirmed acceptance of my regular conference session presentation late last week. Today, I created my QuickConnect card. I have seen other posts about this card thingy, but I didn’t realize how interesting it is (or at least it may be) until I got to check it out first-hand. My card is to the left. Please feel free to contact me and set up a time to meet! I look forward to seeing you in San Francisco.

Good Passwords

No kidding, I can’t make this up. This is the screen I got when I clicked on the “Password Rules” link for an application used to manage maintenance requests for my office building. Granted, it isn’t a system that holds the nuclear launch codes, but still… Happy Friday everyone!

No kidding, I can’t make this up. This is the screen I got when I clicked on the “Password Rules” link for an application used to manage maintenance requests for my office building. Granted, it isn’t a system that holds the nuclear launch codes, but still…

Argus Anywhere Password Rules

Happy Friday everyone!

Oracle Clusterware & Fencing

I was just catching up on my reading and found an excellent post on Kirk McGowan’s blog discussing Oracle Clusterware’s fencing mechanisms. As Kirk details, there are many theories regarding the effectiveness and safety of Oracle’s fencing approach and he provides his usual no-nonsense responses to those theories. Incase you are lost, a little background … Continue reading “Oracle Clusterware & Fencing”

I was just catching up on my reading and found an excellent post on Kirk McGowan’s blog discussing Oracle Clusterware’s fencing mechanisms. As Kirk details, there are many theories regarding the effectiveness and safety of Oracle’s fencing approach and he provides his usual no-nonsense responses to those theories.

Incase you are lost, a little background may helpful. Fencing (generally speaking) is a mechanism employed by clusterware software to force one or more nodes out of a cluster in the event of a problem. The problems can be, and usually are, serious ones and if fencing algorithms weren’t included, it is likely that most clusters would implode and be very unstable. There are many different approaches to fencing. Some vendors provide I/O fencing which works with the storage to stop any I/O from the node being evicted from the cluster and therefore, prevents corruption to the cluster filesystem and/or database files residing in non-filesystem storage (like ASM or RAW). Oracle performs fencing at the node-level and it uses a modified algorithm known as STONITH (Shoot The Other Node In The Head). As Kirk explains, since there are not easily-accessible APIs to do remote power-off for other cluster nodes, Oracle Clusterware instead uses node suicide where instead of kicking the other node out of the cluster, it removes itself by rebooting. Presumably, when the node restarts, if there is some persistent failure, the node won’t be able to rejoin the cluster and administrator intervention will be required to resolve the problem.

Anyway, Kirk’s treatment of the topic is great and I learned a lot (as I often do when listening to Kirk). Thanks for a great article (and your usual wit) Kirk!

Oracle OpenWorld, IOUG, and New Job (oh my!)

I’ve been MIA for a while as I’ve had a number of events all happening at the same time. They say when it rains, it pours, and the last 2 weeks or so have been pouring! First, I’ve been busy working with the IOUG to help coordinate some sessions for the IOUG Forum event on … Continue reading “Oracle OpenWorld, IOUG, and New Job (oh my!)”

I’ve been MIA for a while as I’ve had a number of events all happening at the same time. They say when it rains, it pours, and the last 2 weeks or so have been pouring!

First, I’ve been busy working with the IOUG to help coordinate some sessions for the IOUG Forum event on Sunday (November 11) at Oracle OpenWorld. I’m going to be involved with two sessions that day, first will be a repeat of the “High Availability Options for Oracle Database” session and the second is a co-presentation with my friend Matt Topper titled “Is That Really You? Prove It!” detailing some of the new features available in the Bharosa product set acquired recently by Oracle. During the regular conference, I’ll be presenting an updated “RAC For Beginners: The Basics” session (not sure when yet).

I’ve also been invited to join the IOUG SIG Council. This is a group within the IOUG that is focused on advancing and developing the various IOUG Special Interest Groups and a great team of people to to work with. Judi Hotspillner and Michelle Malcher lead this group and I’m excited about joining and becoming more active in the IOUG.

Last week, I was also informed that I’ll be one of the three IOUG DBA Track Managers for the Collaborate 08 conference in April 2008. Of course, my work will be long over by the time April rolls around as the track managers are responsible for reviewing and selecting presentations to fill the session slots at the conference. Watch for the call for presentations on the IOUG website in the next few months.

I’ve been busy with transition duties as well since I’m leaving IT Convergence for another opportunity. Don’t worry–I’m still going to be lurking in the usual places and working on Oracle-related things. More about my new gig once I get started there in another week or two. Stay tuned. Obviously, this move and the period leading up to such a decision make for a busy time even when there’s nothing much else going on. So, now that the choice is made, I’m looking forward to writing a bit more often than I have recently (which shouldn’t be too hard!).

Today’s Dilbert

Today’s Dilbert somehow struck me as especially funny. I’ll hope to get back to technical writings next week, but for now, laugh a little.

Today’s Dilbert somehow struck me as especially funny. I’ll hope to get back to technical writings next week, but for now, laugh a little.

Dilbert 20070803

Oracle buys Bharosa

I’m completely impressed just by the descriptions of the new tools that Oracle is getting with its Bharosa acquisition. If this stuff does even half of what it is advertising it can do, I’ll be very impressed. If you’re wondering what this is all about, please check out the post on the Talking Identity blog … Continue reading “Oracle buys Bharosa”

I’m completely impressed just by the descriptions of the new tools that Oracle is getting with its Bharosa acquisition. If this stuff does even half of what it is advertising it can do, I’ll be very impressed. If you’re wondering what this is all about, please check out the post on the Talking Identity blog at http://blogs.oracle.com/talkingidentity/2007/07/25#a135. What a great an exciting addition this tool will make to the Suite!

As I learn more, I’ll be continuing to post more information here. For now, it’s on to a vacation day tomorrow!

The Best Oracle Database 11g New Features

Oracle Database 11g was officially launched today. As a beta tester for the product, I can say that this product has some very interesting new features that really make me want to recommend the upgrade to Oracle Database 11g. Here are my thoughts on a few of the new features in Oracle Database 11g. Database … Continue reading “The Best Oracle Database 11g New Features”

Oracle Database 11g was officially launched today. As a beta tester for the product, I can say that this product has some very interesting new features that really make me want to recommend the upgrade to Oracle Database 11g.

Here are my thoughts on a few of the new features in Oracle Database 11g.

  • Database Replay (Real Application Testing): This feature allows you to capture the actual workload on one system and then “play back” that workload on another database. It acts sort of like a load testing tool, but better because it actually uses the real workload from a live system to generate the load on the secondary system. The capture will include all queries, DDL, DML, and all other activity in the database. It also includes the actual timing for each event so that concurrency is also kept the same. For me, this is the most compelling new feature in Oracle Database 11g and I think it will ultimately have the most impact. If the capture can be gathered on a 10g or 9i database, the feature will be even more compelling. Rumors abound, but I’ve heard that a 10g capture may be coming in the future. Just imagine–what if you could actually test your real application workload on a new database release before doing the upgrade…awesome!
  • SecureFiles: I didn’t put this new feature through any performance tests, but from the technical descriptions I’ve received, it will certainly have a positive impact. Basically, SecureFiles are the next generation of LOBs. Syntactically, you can almost miss the STORE AS SECUREFILE in the CREATE TABLE syntax. However, you won’t likely miss the performance impact of using SecureFiles–some testing has shown peformance comparable to filessytem access.
  • Invisible Indexes: Ever have one query that could use that extra index, but that index causes severe problems for the other queries accessing that object? If so, then an invisible index may be the answer. Basically, an invisible index is one that the optimizer only considers when it is hinted to consider that index. In all other situations, it is ignored (because it is “invisible”).
  • Partitioning Enhancements: You can use just about any combination of partitioning and subpartitioning schemes together in 11g. The restrictions from previous versions are lifted. The SQL Access Advisor now also includes the ability to recommend partitioning for an object if you’re not sure whether or not it will help.
  • PL/SQL Enhancements:
    • PL/SQL Fine-Grained Dependency Checking: This will enable PL/SQL stored code to remain valid if the object doesn’t require invalidation. For example, if you add a column to a table, the PL/SQL package that depends on that table shouldn’t become invalid in most cases.
    • PL/SQL Automatic Native Compilation: Native Compilation has been available for the past several releases, but it had significant prerequisites including a C compiler. This new feature includes the necessary compiler and automates the steps involved so that PL/SQL can be natively compiled automatically.
  • Results Caching: I’m a skeptic, but if this really does work well and gives current, non-stale data, it will be a very, very big deal.
  • Flashback Data Archive (“Total Recall”): If you liked the flashback table and flashback transaction features, you’ll love this. It basically takes the undo information that is used to provide the flashback table feature and archive that data so that flashback table can be performed for as long as you have disk space to support it.
  • Segregation of Ownership: One of the important features for larger organizations is the ability to segregate ownership of the Oracle software. For Oracle RAC clusters, there are typically three separate installations: Clusterware, ASM, and DBMS. With Oracle Database 11g, the beginning of support for separation of duties is visible. Oracle has acknowledged that some customers have system administrators that care for the Clusterware, but don’t know (or really care about) the database. The storage administrators are very interested in ASM and how it works so they can configure and support database storage better, but they don’t really know much about the database. And finally, while some DBAs are fluent in Clusterware and ASM, many know a little about Clusterware, a little more about ASM, but mainly focus on the database. Oracle’s new release will include documentation arranged in a manner that supports this segregation of duties.
  • Rolling Upgrades: This new feature is what you think it is, but it won’t apply to upgrades to 11g. It will, however, apply to many of the patches that will be released on top of the 11g database. That’s another big motivating factor to upgrade–so that future patches and upgrades will incur less downtime.
  • Automatic Partition Adds (Interval Partitioning): This is the automation that many people have done via a custom process for years. Basically, if you have a partitioned object that regularly requires you to add new partitions (commonly, this is when s date is in the partition key). With this new feature, Oracle will automatically add the new partition on the first insert that should go into this new partition. Obviously, you can still create new partitions by your own methods, but you might consider doing that by just running an insert and rollback instead of through a custom process as many customers do today.
  • Managed Recovery Physical Standby: Finally! You can apply logs to a physical standby database while it is open read-only. There’s some black magic that makes this possible that I’m sure will be the source of much speculation until it’s guts are exposed.

Besides these highlights, there are many other features that deserve mention. Many of those features are related to lifecycle management. Some very interesting advancements related to query tuning, testing those tuned queries, and rolling the new execution plans into production in a controlled, straightforward manner are among some of the most interesting to me. In another area of lifecycle management, managing less-frequently-accessed data, Oracle provides methods to migrate that data to less expensive storage to use the storage budget most efficiently without taking data offline.

Oracle Database 11g Launch

Today, July 11th, was the launch of Oracle Database 11g. From a technologist’s point of view, it’s a somewhat anticlimactic day since you can’t actually get your hands on the bits yet. However, there was some technical information posted on OTN and a nice overview presentation that was webcast online live from New York City. … Continue reading “Oracle Database 11g Launch”

db 11g logoToday, July 11th, was the launch of Oracle Database 11g. From a technologist’s point of view, it’s a somewhat anticlimactic day since you can’t actually get your hands on the bits yet. However, there was some technical information posted on OTN and a nice overview presentation that was webcast online live from New York City.

I’ve got a lengthy article prepared on some of my favorite features of 11g, but I’m not sure if I can post it yet. I need to sort out what information they’ve made public and which parts haven’t been disclosed yet. My company and I are participating in the 11g beta program, so I want to be sure I don’t let the cat out of the bag too soon with respect to some of the new features that may not have yet been disclosed. In fact, as we’re reminded often, some of the features we tested may not be in the final product if they aren’t ready or mature enough.

So, watch for an article from me either here or on OTN in the next week or two after I make sure it’s properly censored. In the meantime, I encourage everyone to read the whitepapers on OTN.

Licensing continues to “uninterest” me

I am spending more and more time lately reading the writings of others in the Oracle technology space. Many of those readings start by following a link posted on the Oracle-L list. Today’s linkfest led me to a great Open Letter to Larry Ellison on AWR and ASH Licensing by Mark Brinsmead. I first had … Continue reading “Licensing continues to “uninterest” me”

I am spending more and more time lately reading the writings of others in the Oracle technology space. Many of those readings start by following a link posted on the Oracle-L list.

Today’s linkfest led me to a great Open Letter to Larry Ellison on AWR and ASH Licensing by Mark Brinsmead. I first had to understand the issue as I’ve made it a high priority to learn as little about Oracle Licensing as possible. Right or wrong, I’ve continued to contend that it seems to change week-to-week and there’s at least a full-time job to just keep up with the changes.

Anywho, the issue is that in order to have any interaction with the Automatic Database Diagnostic Monitor (ADDM), Automatic Workload Repository (AWR) or Active Session History (ASH), you must license the Enterprise Manager Diagnostic Pack. (Don’t believe me?) This pack is licensed on top of your database license and currently lists for $60 per named user or $3,000 per processor.

As you’ll find linked in the open letter posting above, I found more interesting reading in this area in a few articles, one by Jared Still on DBAzine.com, and from last year, another by Jonathan Lewis.

While there was no interest in licensing that could be “sparked” by this new finding, I do like to help customers (and my own employer) stay in compliance with licensing restrictions, so this is good to know. I’d encourage you to add your name to the list of signatories on Mark’s open letter.