UTL_HTTP, SSLv3, TLSv1 and POODLE

With the recent publicity about the POODLE bug, many web masters are turning off SSLv3 support. Depending on your Oracle database version/patch, that can present a bit of a problem for people using UTL_HTTP to access HTTPS resources, as described here.

  • UTL_HTTP Package Fails With ORA-29273 ORA-28860 When Using TLSv1 (Doc ID 727118.1) : Basically, older releases only allow SSLv3 access from UTL_HTTP. If you want TLSv1 access you need to make sure you are on a patched up version of 11.2.

Interestingly, if you upgrade to Oracle 12c, you might have problems in the other direction, since Oracle 12c prevents UTL_HTTP calls over HTTPS to anything older that TLSv1.2, as described here.

So you might have trouble accessing legacy systems, without reverting to HTTP…

Fun, fun, fun…

Cheers

Tim…

MySQL : What management tools do you use?

A quick question out to the world. What management tools do you use for MySQL?

We currently have:

  • MySQL Workbench : It’s OK, but I don’t really like it. It feels like half a product compared to tools I’ve used for other database engines…
  • phpMyAdmin : I’ve used this on and off for over a decade for my own website. While I’m typing this sentence, they’ve probably released 4 new versions. :) We have an installation of this which we use to access our MySQL databases should the need arise.
  • mysql Command Line : I use the command line and a variety of scripts for the vast majority of the things I do.

When I’m working with Oracle, my first port of call for any situation is to use SQL*Plus along with a variety of scripts I’ve created over the years. The performance stuff in Cloud Control (if you’ve paid for the Diagnostics and Tuning option) is the big exception to that of course.

I still consider myself a newbie MySQL administrator, but I’ve found myself spending more and more time at the command line, to the point where I rarely launch MySQL Workbench or phpMyAdmin these days. I’m wondering if that is common to other MySQL administrators, or if it is a carry over from my Oracle background…

Enquiring minds need to know!

Cheers

Tim…

A World View

I’ve mentioned this before, but I thought I would show something visual…

The majority of my readers come from the USA and India. Since they are in different time zones, it spreads the load throughout the day. When I wake up, India are dominant.

MorningTraffic

In the afternoon the USA come online, by which time Russia have given up, but there is still a hardcore of Indian’s going for it! :)

AfternoonTraffic

I haven’t posted an evening shot as it’s the same as the afternoon one. Don’t you folks in India ever sleep?

I’m sure this is exactly the same with all other technology-related websites, but it does make me pause for thought occasionally. Most aspects of our lives are so localised, like traffic on the journey to work or family issues. It’s interesting to stop and look occasionally at the sort of reach this internet thing has given us. It may be a little rash, but I predict this interwebs thing might just catch on!

Cheers

Tim…

OTN APAC Tour 2014 : It’s Nearly Here!

airplane-flying-through-clouds-smallIn a little less than a week I start the OTN APAC Tour. This is where I’m going to be…

  • Perth, Australia : November 6-7
  • Shanghai, China : November 9
  • Tokyo, Japan : November 11-13
  • Beijing, China : November 14-15
  • Bangkok, Thailand : November 17
  • Auckland, New Zealand : November 19-21

Just looking at that list is scary. When I look at the flight schedule I feel positively nauseous. I think I’m in Bangkok for about 24 hours. It’s sleep, conference, fly. :)

After all these years you would think I would be used to it, but every time I plan a tour I go through the same sequence of events.

  • Someone asks me if I want to do the tour.
  • I say yes and agree to do all the dates.
  • They ask me if I am sure, because doing the whole tour is a bit stupid as it’s a killer and takes up a lot of time.
  • I say, no problem. It will be fine. I don’t like cherry-picking events as it makes me feel guilty, like I’m doing it for a holiday or something.
  • Everything is provisionally agreed.
  • I realise the magnitude of what I’ve agreed to and secretly hope I don’t get approval.
  • Approval comes through.
  • Mad panic for visas, flights and hotel bookings etc.
  • The tour starts and it’s madness for X number of days. On several occasions I will want to throw in the towel and get on a plane home, but someone else on the tour will provide sufficient counselling to keep me just on the right side of sane.
  • Tour finishes and although I’ve enjoyed it, I promise myself I will never do it again.

With less than a week to go, I booked the last of my hotels this morning, so you can tell what stage I’m at now… :)

I was reflecting on this last night and I think I know the reason I agree to these silly schedules. When I was a kid, only the “posh” kids did foreign holidays. You would come back from the summer break and people would talk about eating pasta on holiday and it seemed rather exotic. Somewhere in the back of my head I am still that kid and I don’t really believe any of these trips will ever happen, so I agree to anything. :)

Cheers

Tim…

 

 

phpBB 3.1 Ascraeus Released

Just a quick heads-up for those that use it, phpBB 3.1 Ascraeus as been released. It’s a feature release, so the upgrade is a bit messy. I did the “automatic” upgrade. There was so much manual work involved, I would recommend you take the approach of deleting the old files, replacing with the new ones, then running the database upgrade from there. I’ve not tried that approach, but the docs say it is OK to do it that way…

I figured I might as well upgrade, even though the forum is locked. :)

Cheers

Tim…

Website Outage Warning : 26 Oct 2014 20:00-00:00 GMT

DiagnosticsJust a quick note to say the website will be out of action this evening for 3-4 hours.

There have been a couple of random failures recently. With nothing in the logs to work with, I figured I’d try testing the hardware. Yesterday I tested the disks and they came back OK. Tonight it’s the turn of the memory. The plan is for the site to go down about 20:00 UK Time (GMT) and be up by midnight.

Sorry if this annoys anyone, but I’ve been looking through the site statistics trying to find the best time to do this and Sunday night seems to be the quietest time.

I’ll let you know how it goes. :)

Cheers

Tim…

PS. You can read the stuff from Google’s cache in the short term. Search for the item on Google. When you get it, click the down-arrow next to the URL and select “Cached”. No need to miss anything… :)

GoogleCache

Update: It didn’t happen as the data centre people got back to me too late to start it (this morning). I’ll pencil this in for next week…

Oracle ACE Program: Follow Up

I just wanted to write something as a follow up to my recent and provocatively titled Oracle ACE = Oracle’s Bitch? post. Obviously, that subject has been preying on my mind a little… I said before, it is hard to be objective about yourself, so maybe some aspects of the “being an Oracle ACE changes you” debate may be true. It would be wrong of me to deny that outright, but I think there are some indirect consequences of being an ACE that might alter my opinions about things, so I thought I would share my thoughts…

Access to Information

I don’t want this to sound patronising, but there are a lot of people out there spouting rubbish about things that happen in the tech industry with no knowledge of the history or actual decision processes that lead up to the final result. If you don’t know what is actually going on, it is easy to come to the wrong conclusion. Let’s use Oracle Linux as an example.

When Oracle Linux was announced it seemed like the whole internet was full of people saying, “Poor Red Hat. Oracle is trying to kill them!”. If you had spoken to people in the Oracle Linux team you would know that Oracle was incredibly frustrated with how long it was taking Red Hat to get performance improvements through to the kernel because of the way they manage their long term support of versions. Apart from critical updates, many major performance features will not be added into the kernel until the next major release. This was exactly what was happening with RHEL5. There were a whole host of performance improvements in the mainline Linux kernel, that had not been added to the RHEL5 kernel, but would be in the RHEL6 kernel. The problem was RHEL6 was *massively* delayed. That delay meant the performance of Oracle on Linux was essentially being crippled by Red Hat’s release cycles. Add to that other features like InfiniBand support that were being held back and you start to see the problem.

One option was for Oracle to make a binary clone of RHEL (like CentOS, Scientific Linux etc.) and give the option of their own kernel (UEK) that was closer to the mainline Linux kernel and therefore included all the latest performance stuff, without having to wait for Red Hat to get their ass in gear. That is what Oracle did with Oracle Linux. We had the performance of RHEL6, but we were still effectively using RHEL5. What’s more, by breaking this dependency between the distro version and the kernel version, the incentive to upgrade from RHEL5 to RHEL6 to RHEL7 was broken. For the most part, Oracle servers use a minimal amount of the features in the full distro. Who cares what version of Firefox is on the database server? For some people, running OL5 + UEK is pretty much like running OL7, so why bother upgrading as long as you still have erata produced?

Most people out there had not spoken to the Oracle Linux team, so they were quite happily spouting the “Oracle are killing Red Hat” crap, without knowing the real motivation. When someone like me comes along and sings the praises of Oracle Linux and actively defends Oracle’s position, I sound like a kiss ass, but really I’m just standing up for what I believe to be right.

Caveats: The arguments I was told could have been fiction used to influence me, but I was there through much of the process and have a lot of respect for the people involved, so a choose to believe them!

Why that long explanation? If I had not been in the ACE program, I personally would never have had that contact with the people in the Oracle Linux team and I would have been one of those people saying Oracle were a bunch of bastards! Because of my involvement in the ACE program, I got to see “behind the curtain” and chose a different path. So yes, being an Oracle ACE did change me!

I’ve used Oracle Linux as an example, but I could have used a whole bunch more!

Access to Support

We have all lived through Oracle Support nightmares. I’ve written several things in the past ranting about support. Since being part of the ACE program I’ve got to know a number of product managers (and in some cases developers) at Oracle, so when I have problems I can contact them directly and ask questions. In many cases, that significantly reduces the amount I actually have to interact with Oracle Support. If I know I will be working with product X, I actively seek out people in that field (ACEs and Oracle employees) and use that networking to my advantage. A case in point is the 12c JSON support. At Oracle OpenWorld I made a point of going to the demo grounds and speaking to Mark Drake about it. When I met up with David Peake I asked him some questions about what I was planning to do with APEX in 12c to get a second opinion. As long as you don’t bug these folks with stupid questions, they are usually willing to help.

If I had not been part of the ACE program, I would probably never have met these people and this sort of thing would not be possible for me *. That must have changed me, but I don’t think of it as incidious. I guess in this case I could say being an Oak Table member has changed me because of my access to people and information also…

Maybe you see change where there has been no change?

You hear those stories about people winning the lottery then losing all their friends, because their friends don’t want to be seen as “hangers on” so they avoid them. In some cases it is possible that the people who become ACEs haven’t changed, but your perception of them has. Before I became an ACE, if I said something supportive of Oracle you probably wouldn’t notice. If I say the same thing now I am a sell-out. :) I can think of a couple of cases.

Grid Control/Cloud Control : I’ve used OEM in its various forms since 9i, where it was the Java-based console on top of the Management Server. Back then you couldn’t admit to using it in public or you would be ridiculed. You had to quickly close it down and open SQL*Plus if someone came in the room. Over the course of 10g and 11g Grid Control, then Cloud Control, became cool and everyone talks about it now. When I am presenting and I say things like, “I believe every DBA should use Cloud Control”, I mean it because I think it is true. The problem is I sound like a suck-up now. I’m just telling people what Oracle want me to say! Back in the 9i days when I was afraid to admit I used the 9i OEM Management Server I had credibility. :)

Certification : I’ve been doing certifications since Oracle 7. I started doing them to confirm to myself I really did know something about being a DBA. :) Now it is all about my personal development. From time to time I have contact with Oracle Education about my views on certification. For a few years they interviewed me at OOW and so far have used about 5 seconds on the footage. Why? Because my views don’t line up with theirs. Just before OOW14 I was asked if I would write a post for the Oracle Certification Blog. I was willing to do one with a focus on personal development, but said I could not fall in line with the Oracle Education message. I don’t think that post will happen now, which is a pity. I think the people involved are a great group of people and I’ve met many of them for years at OOW, but we do have a difference of opinion where the value of certification is concerned. So now when I say I like certification (for my reasons) and I agree with Oracle’s new re-certification policy I am a drone that constantly spouts the Oracle message!

Conclusion

If you are looking for conspiracy you will find it, but it doesn’t mean it’s real!

I’m sorry this post has been so long, but I do care about what I do and I care about the ACE program. It’s been a big part of my life for the last 8 years. As you can tell, I’m a little butt-hurt about this subject, but I know that trying to defend yourself makes you look all the more guilty… :)

Sod it. It’s nearly the weekend, which means I get more time to play with Oracle…

Cheers

Tim…

* For clarification, I wasn’t suggesting I can only speak to these people because I’m an ACE. I meant that I (me personally) only came into contact with them in the first place because I’m an ACE.

Pattern Matching (MATCH_RECOGNIZE) in Oracle Database 12c

I’ve spent the last couple of evenings playing with the new SQL pattern matching feature in Oracle 12c.

I’m doing some sessions on analytic functions in some upcoming conferences and I thought I should look at this stuff. I’m not really going to include much, if anything, about it as my sessions are focussed on beginners and I don’t really want to scare people off. The idea is to ease people in gently, then let them scare themselves once they are hooked on analytics. :) I’m thinking about Hooked on Monkey Fonics now…

At first glance the pattern matching seems pretty scary. There are a lot of options and as soon as you throw regular expressions into the mix it does make your head swim a little. After a couple of half-baked attempts, where I found convenient excuses to give in when the going got tough, I finally sat down and plugged through the docs. If you actually RTFM it is a lot easier than hoping to wing it. Who’da thunk it? :)

I’ve tried to keep the article really light. The docs are pretty good for this stuff (if you read them) and they have a lot of examples. I started adding more and more detail to the article, then chopped most of it out. There is no point regurgitating all the options when it is in the docs. Most of the examples I’ve seen before just talk about basic patterns, like V and W shapes, but it’s quite simple to do complicated stuff once you start playing. In fact it takes more time to set up the example data than it does to figure out the queries to bring it back.

In the near future I will be copy/pasting examples and adjusting them or just sitting with my article and the docs when trying to use this stuff. I think it’s going to take a long time before I can type this stuff from memory. Partly that’s because I can’t see myself having lots of cause to use it. I can’t think of any scenarios I’ve experienced where this would have been a natural fit. Having said that, I’ve never worked in things like stock markets, betting and stuff like that where I can imagine this sort of pattern matching is needed all the time. I seem to remember one person at a conference, who shall remain nameless, saying this feature was one of their drivers for upgrading to 12c. I wonder if that was for real or an exaggeration?

Anyway, if you need this sort of analysis, I think it’s worth checking out, but try to remember it’s not as scary as it first looks. :)

Cheers

Tim…

Oracle ACE = Oracle’s Bitch?

I got a comment today on my recent Oracle fanboy post, which I thought was very interesting and worthy of a blog post in reply. The commenter started by criticising the Oracle license and support costs (we’ve all had that complaint) as well as the quality of support (yes, I’ve been there too), but that wasn’t the thing that stood out. The final paragraph was as follows…

“One addition. I know you, your past work and you are very brainy person but since last couple of years you became Oracle doctrine submissive person just like most of the rest of ACE Directors. When you were just ACEs, you were more trustworthy than now and you weren’t just Oracle interpreters… And unfortunately I’m not the only person with this opinion, but probably I’m only one who is not affraid to make it public.”

I think that’s a really interesting point and one that I feel compelled to write about…

Let me start by saying I don’t believe this comment was in any way directed at the main body of my website. The articles there have always been “how-to” style articles and typically don’t contain much in the way of opinions about the functionality. I’ve always tried to keep facts in the articles and opinions and random junk on the blog. With that distinction in place, let’s talk about my blog…

When I first joined the Oracle ACE Program in 2006 I was very concious of what *I thought it meant* about what I could and couldn’t say. On the one hand I didn’t want to piss off Oracle as I was very proud of my little ACE badge, but I also didn’t want to be considered Oracle’s Bitch. I quickly learned a couple of things:

  • You are selected for what you are currently doing in the community. If you just keep doing what you do, life will be good. If you spend your whole time slagging off Oracle, you probably won’t get invited on to the program in the first place. If over time you turn into a complete hater, you will probably be asked to leave the program. I guess that’s pretty obvious and true of any evangelism program out there. Does that mean you can’t ever criticise Oracle? Hell no! Instead, I think it makes it your obligation to give constructive criticism whenever possible. One of the things we are encouraged to do is to make stronger links with the product managers so we can give more feedback to help improve the products. If you witnessed the amount of moaning and complaints that get fired at some of the Oracle teams during the ACE Director briefings, you would have no doubts about this. :)
  • The value of the Oracle ACE Program to Oracle is that it is made up of “real” people who think Oracle is cool enough to spend their own time talking about it. If the Oracle ACE Program becomes a collection of yes-men and yes-women, then they might as well send a bunch of sales people to every conference. Oracle have (so far), never complained or tried to veto anything I’ve said in any presentation, blog post or article.

So have I become one of Oracle’s bitches over the last few years? Well, I’ve been an ACE since 1st April 2006 (yes, April fool’s day) and I’ve been an ACE Director since some time in 2007 or 2008. I can’t really remember to be honest, but let’s say for the sake of argument it’s been 6 years as an ACED. If it was becoming an ACED that made me an “Oracle doctrine submissive person” in the last couple of years, it must have taken Oracle four years of work to make me that way. :)

I don’t believe I alter my beliefs to fit any criteria, but I guess it is really difficult to be subjective about yourself and I would be very interested to know what other people think about this. If I think about some common topics of discussion over the last few years where I don’t fall “on message”, they would probably be:

  • I believe Oracle is too expensive.
  • I believe the diagnostics and tuning pack should be part of the base product and available in all editions for free.
  • I believe anything to do with security should be part of the base product and available in all editions for free.
  • I don’t agree with the pricing of data guard standby nodes that are only used for managed recovery. If they are opened for use (read-only, active DG or snapshot standby) I can see why Oracle would want to charge.
  • Although I love the functionality of Cloud Control, I think the implementation is suffering from really bad bloat. It also exhibits some irregularities when different teams work on different aspects of the same functionality, as I discussed here.
  • I am a fan of certification from the perspective of personal development, but I don’t think the piece of paper is worth anything in itself. I’ve written about this here. Having said that, I do agree with the recent re-certification thing.

I’ve just had a look through my posts over the last year and if anything, I would say I’m promoting KeePass and MobaXterm more than Oracle. :) I know I get a little gushy about the ACE Program during conference write ups, and maybe that annoys people a bit, but I just can’t see that I’ve become a total drone… (Denial is not just a river in Africa?)

Anyway, I have two things to say in closing:

  • To people in the Oracle ACE program : If you are worried about what you should and shouldn’t say, my advice is try to be as honest as possible. If the people in the community lose faith in the members of the program, then it is worth nothing!
  • To people in the community : If you honestly believe you see a change in behaviour when someone joins the program you should call them out on it. I would suggest you do this in private and give some examples of situations that give you concern. If they are “the type of people the program needs”, they should be concerned about this also!

Cheers

Tim…

PS. For those that feel the need to, please don’t wade in with comments in my defence as I don’t think this is either necessary or helpful. I think the person in question had a genuine concern and quite frankly that makes it a concern of mine also…

The Ad Hoc Reporting Myth

Empowering users! Giving users access to the information they need, when they need it! Allowing users to decide what they need! These are all great ideas and there are plenty of products out there that can be used to achieve this. The question must be, is it really necessary?

There will always be some users that need this functionality. They will need up-to-the-second ad hoc reporting and will invest their time into getting the most from the tools they are given. There is also a large portion of the user base that will quite happily use what they are given and will *never* invest in the tool set. They don’t see it as part of their job and basically just don’t care.

Back when I started IT, most projects had some concept of a reporting function. A group of people that would discuss with the user base the type of reporting that was needed and identify what was *really needed* and what were just the never ending wish list of things that would never really be used. They would build these reports and they would go through user acceptance and be signed off. It sounds like the bad old days, but what you were left with were a bunch of well defined reports, written by people who were “relatively speaking” skilled at reporting. What’s more, the reporting function could influence the application design. The quickest way to notice that “One True Lookup Table” is a bad design is to try and do some reporting queries. You will soon change your approach.

With the advent of ad hoc reporting, the skills base gradually eroded. We don’t need a reporting function any more! The users are in charge! All we need is this semantic layer and the users can do it all for themselves! Then the people building the semantic layers got lazy and just generated what amounts to a direct copy of the schema. Look at any database that sits behind one of these abominations and I can pretty much guarantee the most horrendous SQL in the system is generated by ad hoc reporting tools! You can blame the users for not investing more time in becoming an expert in the tool. You can blame the people who built the semantic layer for doing a poor job. You can blame the tools. What it really comes down to is the people who used ad hoc reporting as a “quick and easy” substitute for doing the right thing.

There will always be a concept of “standard reports” in any project. Stuff that is known from day one that the business relies on. These should be developed by experts who do it using efficient SQL. If they are not time-critical, they can be scheduled to spread out the load on the system, yet still be present when they are needed. This would relieve some of the sh*t-storm of badly formed queries hitting the database from ad hoc reporting.

I’m going to file this under #ThoseWereTheDays, #GrumpyOldMen and #ItProbablyWasntAsGoodAsIRemember…

Cheers

Tim…