To patch or not to patch?

Mary Ann Davidson wrote a great piece on her security blog today, which basically talked about focusing on the important vulnerabilities, not necessarily the ones that get the most press. Added to that, the risk associated with a vulnerability may well be different for you compared to everyone else, depending on how your system is used. I agree with what she is saying, but I’m going to take a slightly different angle on the subject.

Over the years I’ve come across lots of different attitudes to database patching from management and DBAs. As more DBAs are now involved in looking after middle tier products like WebLogic, some of those attitudes to patching have moved into that world too. It seems to break down into three camps.

  1. We don’t need no stinkin’ patches. If this is the way you roll you are a dumb-ass!
  2. We only patch stuff that represents a vulnerability for us. This sounds kind-of sensible, but life can get very difficult trying to decide what constitutes a threat, especially when you have to consider all layers of the technology stack.
  3. We always apply all patches. This is logically simple, but you are going to apply a lot more patches, a lot more frequently, which is going to require a lot more testing.

Patching is not just about security.

  • Support of some products is tied into the patch version. We see this with Oracle products all the time. There are some important deadlines coming up soon! :)
  • The rest of the world is moving on around you. You might be happy with your unpatched product, but things might break because of external factors. If someone turns off SSLv3 on their application server, you aren’t doing HTTPS callouts from your database to it unless you patch up to 11.2.0.3 or later. Your applications will probably get browser compatibility issues on newer browsers and mobile devices unless you keep on top of patching your development frameworks.
  • Patches like the database PSUs come with extra functionality, including backports of features from newer releases (redaction – 11.2.0.4). They can also bring with them features that make future upgrades easier (transport database – 11.2.0.3 onward).

Choosing not to patch is not really an option these days. Your company has to understand this and allocate the correct amount of resource to getting it done. That might mean more staff resources allocated to patching and subsequent testing (rather than doing “productive” work), outsource the work where you can or moving to cloud services where regular patching is part of the deal.

Cheers

Tim…

UKOUG System Event : I’ve got a paper selected.

I’ve just found out I’ve got a paper selected for the UKOUG System Event on May 20th. Check out my badge. :)

I was a spectator at last year’s event. At first glance you might think much of the content is not directly related to my job, since I’m not a system administrator, virtual infrastructure administrator and I don’t use any Oracle engineered systems, appliances or storage products. Having said all that, it’s hard to be a DBA these days without having a finger in several pies. Most of the information discussed at these events is relevant, even if you are not using the exact same kit or doing the exact same job as the speaker.

Hope to see you there.

Cheers

Tim…

Oracle Linux 7.1 Preinstall Packages available for 11gR2 and 12cR1

Every so often I have a nose around the contents of the Oracle Linux public yum repositories and guess what I found in the OL7.1 base and OL7 latest repositories.

Yeeeeeaaaaahhhhhh!

The datestamps suggest they’ve been around since the 5th February, but I think these only became available with the release of OL7.1.

On the positive side, this means installations of 11g and 12c just got a whole lot easier on Oracle Linux 7. On the downside, I’ve got some minor rewrites to do. :)

Cheers

Tim…

Birmingham City University (BCU) Talk #2

As mentioned in a previous post, when I was at Birmingham City University (BCU) speaking at the UKOUG Next Gen event, one of the lecturers saw me and subsequently asked if I would come in and do some technical talks for the students. I did the first about a month ago. Yesterday I had the morning off work to pop across to do another talk.

This talk was on virtualization. It’s based on the slides for my “Cure for Virtual Insanity” session, but I frame the subject a little differently and skip some of the content. I like doing this talk. It’s not too heavy and it gives an introduction into virtualization, which links into the current batch of DBaaS cloud offerings. I think it’s good for people to understand some of the building blocks their “magic” cloud services are built on. :)

I feel like the talk went well and I got some questions, so people must have been paying attention. :)

Afterwards I chatted with the guys about the session and more generally about how to move this guest speaker thing forward. If everything goes to plan I will be doing 4-6 of these sessions per year. I think it’s great how they are looking for feedback from external people and companies to help develop their students. It’s not like the antiquated approach lecturers used when I was at university. :)

Onwards and upwards…

Cheers

Tim…

OUG Ireland 2015 : The Journey Home

After saying a quick goodbye to everyone, I got in a taxi and headed for the airport. I was a little on the early side, but as I’ve said before, it’s better to be early than late where airports are concerned. I wanted do have a Guinness in the bar in the airport, like I did with Patrick Hurley last year, but the queue was too long, so I settled for an authentic Irish diet coke instead. The flight home was a little less “eventful” than the flight out. I arrived in Birmingham at about 23:00 and after a taxi ride home, was in bed by 00:00. So all in all it was a 20 hour day! :)

Dublin is seriously easy for me to get to. It is cheaper (£27 return) and easier (40 mins) for me to get to Dublin than it is to get to London. I did spot one of my fellow Oracle Midlands folks there, who had also flown in for the day to check out the conference. It’s definitely worth considering the trip! This event is now one of my staples for the year!

Thanks to the folks at OUG Ireland and UKOUG for getting the event up and running. Thanks to all the attendees and speakers for turning up. Without you it would not happen. Even though this was a self-funded event for me, I would still like to thank the Oracle ACE Program for letting me fly the flag!

See you all next year!

Cheers

Tim…

OUG Ireland 2015 : The Event

Having got to OUG Ireland, here’s what happened…

The first session I got to see was Nikolay Kovachev from TechnoLogica speaking about “12c PDBs, Snapshots & Change Management”. Bulgaria in da house! The session started with an intro to ZFS (snapshots, copy-on-write (COW), clones), then a quick intro to the Oracle multitenant architecture. From there it was on to PDB snapshot cloning using ZFS. Because of the ZFS COW functionality, this is really quick. Similar cloning times to Clonedb. From there is was on to Cloud Control 12c Change Management, using the lifecycle management pack. After doing that, it was demo time, with a demo for everything covered in the session. Even with the power of modern day laptops, I am always nervous of live demos of Cloud Control. It’s resource eating beast… The ZFS and cloning demos worked fine, but there were some issues with the change management pack demo because of the amount of stuff running on a single laptop. It was a pity, but such are the joys, and pains, of live demos. I’ve been there myself several times. I definitely need to spend some time looking at the snapshot clones of PDBs in 12c.

My first sessions was “Pluggable Databases : What they will break and why you should use them anyway!” When I did this at Oracle Midlands #8 it was described as scary by a couple of people. I tried to lighten it a little this time, so I hope I didn’t scare anyone. :)

After my first talk it was off to lunch, where I got to meet up and chat with a bunch of people, which is really the best part of any conference. Can we have the soup in mugs next time please? :)

Next up was Marcin Przepiorowski from Delphix  speaking about “How To Avoid Boring Work – Automation For DBAs”. When I tweeted this one of the replies asked if it was a Delphix sales pitch. One of the things I like about companies like Delphix, Dbvisit, Enkitec and Pythian is they send people out to conferences without forcing them to do the hard sell. Marcin is a Delphix employee, but this session wasn’t anything to do with Delphix. It started off with examples of using Cloud Control to automate tasks, then moved on to using Ansible. I’ve not used Ansible, but it looks pretty neat for automation of tasks across your whole server real estate. It’s on my to-do list.

My second session was “A Cure for Virtual Insanity: A vendor-neutral introduction to virtualization without the hype“. I was kind-of expecting nobody to turn up to this session as there was a whole bunch of great sessions on at the same time and it wasn’t directly about Oracle. As it turned out I was pleasantly surprised. I like doing this session. It’s quite light and fluffy, but allows me to dispel some of the FUD associated with virtualization.

Next up was the closing keynote by Maria Colgan. Apparently, the In-Memory Column Store is a software version of walking into a pub, standing on the bar and asking which of the blokes is suitable relationship material. I tried this once and couldn’t walk straight for days. :) Maria also picked up her UKOUG lifetime achievement award for winning the best speaker prize three times. This means she can no longer be selected as best speaker, which makes it that much easier for the rest of us… :)

After the closing keynote it was drinks and nibbles then the event was over.

Thank you messages in the next post…

Cheers

Tim…

OUG Ireland 2015 : The Journey Begins

The day started early, about 1 hour before my alarm in fact. I got up, lay in the bath for a while drinking a can of Monster and considering the day ahead, got out of the bath, puked, then got my shit together ready for the taxi. I’ve been ill this week. That combined with sleep deprivation, nerves and the Monster kinda turned my stomach.

The taxi ride to the airport was really good. The driver was a really cool bloke and I enjoyed talking to him.

I arrived at the airport with a couple of hours to spare. It’s a bit silly for such a short flight when I have to check in online and I only have a laptop as baggage, but I would rather be early than late for my £27 flight to Dublin. :)

We got seated in the plane and were told we had a 60 minute delay. One guy started to freak out. It was like an episode of the Jeremy Kyle show. I was waiting for someone to come in with the DNA results, to prove he was not the father of the baby etc. No punches were thrown…

We ended up taking off about 50 minutes late. My first session was after 12:00, so I wasn’t too worried. The girls next to me used the time to do their make-up. Apparently it takes about 40 minutes to achieve “the natural look”. The combination of that, the selfies and the giggling about stuff on Snapchat made me feel very old!

On arrival it was a quick taxi ride to Croke Park, then OUG Ireland started for me.

Cheers

Tim…

PDB Logging Clause : What you give with one hand, you take away with the other…

The Oracle 12c 12.1.0.2 release came with a bit of functionality called the PDB Logging Clause. Or to put it another way, it didn’t because the feature just didn’t work. I raised an SR highlighting the issue.

The PDB logging clause is meant to allow you to define a default logging clause for the whole PDB. If a tablespace is created in the PDB without an explicit logging clause, the current PDB logging clause setting should be used.

It was listed as a new feature in 12.1.0.2, but like I said, it just didn’t work. You could alter the PDB logging clause setting, but the CREATE TABLESPACE command seemed oblivious to this setting…

I wrote an article about the feature, with a big note about it not working, because it confused the hell out of me when I was looking at it and I saw a bunch of other blogs talking about the feature, without mentioning it was actually broken. I figured it might be worth setting the record straight for any confused parties out there.

Today (6 months later) I got an update to the SR telling me the issue had been fixed by patch 18902135. I downloaded the patch and applied it to a test instance. At first it looked like it was working, but it has introduced a new problem. Once patched the functionality does the following.

  • If the PDB logging clause is set to NOLOGGING, any new tablespaces created without an explicit logging clause are created as NOLOGGING. That sounds like a step in the right direction! It didn’t do this before the patch was applied. :)
  • Unfortunately, you *can’t* override this by explicitly specifying the logging clause in the CREATE TABLESPACE command.

The docs are quite clear about how it should work.

“The specified attribute is used to establish the logging attribute of tablespaces created within the PDB if the logging_clause is not specified in the CREATE TABLESPACE statement.”

Fortunately, there is a workaround, which is to assume the feature doesn’t exist and keep doing things the way you always have. That is, manually define tablespaces as NOLOGGING when you need them.

I’ve added the problems associated with the current “bug fix” to my SR and this has been referred back to development. Let’s see how long the fix for this takes… :)

Cheers

Tim…

Oracle Midlands Event #8 : Summary

Last night was Oracle Midlands Event #8 sponsored by Redgate.

There was a problem with the projector, but fortunately there were a couple of large TV screens, so it didn’t have to be a complete no-slide zone. Neither of the talks relied on displaying lots of code, so I don’t think this caused a big problem.

First up was Chris Saxon speaking about Edition-Based Redefinition. I’ve done talks on this subject, so I was interested to see how Chris approached it. The talk started with an explanation of the problems associated with deploying new versions of PL/SQL code to production, then moved on to possible solutions available prior to 11gR2. Once that ground work had been established, he moved on to explain how EBR can be used to make the process more robust, focussing on some specific pieces of the EBR functionality. I preferred his approach to the subject than my own, so I was taking a bunch of notes about his presentation style. There is always something to learn. I thought it was a really good session and Chris handled the subject (and the projector issue) really well. His recent move to Steven Feuerstein’s advocacy/evangelist team at Oracle means I should get to see him speaking some more in the future, which will be cool.

After the food break, it was my session on “Pluggable Databases – What they will break and why you should use them anyway!” It was the first time I’ve done this session in front of a crowd, which is always a bit nervy. It seemed to go down pretty well. Here is the feedback from those who filled in the evaluations.

  • “Good presentation”
  • “Good presentation, dynamic material & delivery”
  • “A lot of content, probably requires a part 2″
  • “Scary!!!”
  • “Good information and entertaining delivery style”
  • “Excellent – superb topic & presentation skills”
  • “Very good talk. Much information gained”
  • “Brilliant & scary!”
  • “Informative, passionate & useful”
  • “Brilliant”
  • “Really good insight/information. Real world understanding which makes a real difference. As always brilliant!”
  • “Not bad for a beginner”
  • “Really enjoyed & challenging subject matter”
  • “Fantastic!”
  • “Good”

The, “Not bad for a beginner”, comment made me LOL when I read it. There are a couple of people I’m putting in the frame for that one. :)

It wasn’t my intention to make the Mulitenant option seem really scary. I thought I was doing a sales pitch for it, not scaring people off. Maybe I need to re-frame things a little… :)

Thanks to Mike for getting the event sorted and thanks to Redgate for the sponsorship. Thanks to Chris for coming along. Hopefully we can get him back again in the future. Big thanks to everyone who turned up to the event last night. Let’s keep this train rolling!

Cheers

Tim…