Category: Technology

Chrome 68, HTTPS , Let’s Encrypt and ORDS

In February Google released a post about Chrome 68, due for release in July, which will increase the pressure to adopt HTTPS for all websites because of this behaviour change.

Basically HTTP sites will be marked as insecure, rather than just getting the (i) symbol.

Recently I’ve seen a bunch of sponsored posts talking about this in an attempt to sell certificates. GoDaddy are pushing the advertising hard. I just wanted to remind people there is a free alternative called Let’s Encrypt you might want to consider.

Let’s Encrypt

I’ve been using HTTPS for a few years now, but over a year ago I switched to using the free Let’s Encrypt service to get my certificates and so far I’ve had no problems. I wrote about this in a blog post here. That links to this article about using CertBot to automate the certificate renewal, which includes the Apache HTTP Server config.

The article also links to this article about configuring HTTPS for Tomcat, which includes an example of using a Let’s Encrypt certificate.

I always run Oracle REST Data Services (ORDS) under Tomcat, so this is how I HTTPS enable ORDS. If you would prefer to run ORDS in standalone mode, but still want to use a real certificate Kris Rice has your back with this article.

Of course, you shouldn’t be having direct traffic to Tomcat servers or standalone ORDS services you care about. They should be sitting behind some form of reverse proxy, or a load balancer acting as a reverse proxy, which is performing the SSL termination. In my company, we have the real certificates on the load balancers, which perform the SSL termination, then re-encrypt to speak to the services below them.

Thoughts

In general I think the push towards HTTPS is a good thing, but I do have a few reservations.

  • There are plenty of sites, like my own, that don’t really do anything that requires encrypted connections. You are just there to read publicly available stuff. Marking them as insecure seems a little stupid to me. Update: As pointed out in the comments, it does make it harder for people to intercept and change the information during transit.
  • A bigger beef is the fact that anything with a valid HTTPS certificate is marked as “Secure”. If you work in IT you understand this just means the connection is secure, but what does it mean to other people? I could understand it if some people thought it meant it was a safe website to visit, when it means nothing of the sort. If HTTPS is the new “normal”, I think the browser should stop marking it as secure, and only flag when it is insecure. Update: It seems this is going to change (here). Thanks to Gary for pointing this out.
  • It worries me that Google can make this decision and the rest of the world has to jump. This all started when they began to alter index ranking based on the presence of HTTPS, which is why I first enabled HTTPS on my website about 4-5 years ago I think. Now the Chrome market share of about 60% is such that they can make big changes like this without having to get buy in from the rest of the world. The motives are good, but I don’t like it.
  • I’m not saying you shouldn’t pay for certificates. My company still does. I’m just saying you have a choice, especially if it is something that you do for fun like this website. In this case the free option is always the good one. 🙂

Happy encrypting…

Cheers

Tim…

Paying someone to learn for you?

In my previous post called Nobody is an expert at Oracle Database 18c I said,

“There will be lots of people and companies who will happily take your money to learn the new tech, but that’s probably the subject of another post…”

Here is that post. 🙂

I see two distinct scenarios, and have two very different attitudes to them.

The Good

When something is new to the market, there is nobody that has the skills you need, but there are people/companies with a wealth of experience and a proven track record of picking up new skills and delivering good results.

I totally understand someone wanting to pay these types of people/companies to help them get to their goal. This is mutually beneficial as the customer gets to their goal in a shorter space of time than if they did it all themselves, and the person/company doing the investigation and work gets new skills and real world experience at the new tech.

The important point is both sides need to clearly understand this situation before work gets underway, as it might affect timescales and cost of the work.

The Bad and the Ugly

There are a lot of people and companies that are using their clients to improve their skills without the customer being aware of the relationship they are in. To me this is robbery. They have represented themselves as something they are not and that is a problem.

In some cases they might still deliver a reasonable product in a reasonable timescale, but in some cases not. 🙁 In some ways the result is not really the issue, it’s the deceit that is the problem. It’s usually really easy to spot, as the saying goes, you don’t have to know how to swim to recognise when someone is drowning.

Solution?

I’m surprised how many people don’t ask for reference customers, or if they do, they never follow up on them properly. You can tell a lot by what is said and what is not said if you are asking the right questions. If the person/company doesn’t have a track record of delivering the thing you are asking for, do you really want them?

I emphasised the thing you are asking for, because it is a really important point. A person/company might be awesome at some related stuff, which might not be exactly what you are looking for, but might fool you into thinking they know what they are doing. To use myself as an example, I know a bit about Oracle databases and WebLogic, but does that mean I’m the right person to work on OBIEE that uses Oracle databases and WebLogic? I can tell you the answer to that. It’s NO! If I were an expert at eBusiness Suite does that mean I’m the right person to work on Oracle Cloud Applications? I can tell you the answer to that too. It’s NO!

As I mentioned before, if both parties understand what they are getting into I totally understand why you would want to pay someone to learn some new stuff for you. If you as a customer don’t know this is what is happening, that’s a problem!

Cheers

Tim…

The Definition of Done

One of things I find myself getting increasingly frustrated with is the definition of done by some people and companies.

For context, I’m speaking about work that is allegedly entirely complete, not necessarily what I expect out of the first sprint on a project. Sorry for stating the obvious, but someone will try to explain to me what the “Definition of Done” is from an agile perspective and I’ll get cranky… 🙂

Just off the top of my head I can think some things I think are important.

  • It has to work : I mean actually work! It needs to do what I need it to do, and it needs to do it without falling over every 5 minutes.
  • Functional Testing * : It should have some defined functional testing to prove it works. That should preferably be automated, but manual will do. Either way there should be a definition of what has been tested and the known limitations of that testing.
  • Load Testing * : Just because it works on your PC with one row in the database, that is no reflection on how it will react in a multi-user system with lots of data.
  • Tooling/Automation : There needs to be enough automation and/or tooling to allow the day-to-day operations to happen without having to refer back to the code or run SQL directly on the database to fix things.
  • Documentation : There must be some concise and accurate documentation so people know how to use the product, and what operational tasks, if any, need to happen in order to stop the thing falling in a heap after a few days, weeks, months.
  • Support : I need to know who to fall back on if I’m stuck.

* These may not be fully transparent to you if it is a 3rd party product, but you will soon know if it is happening when you use the product. 🙂

It’s surprising how many things I encounter on a daily basis that don’t seem to live up to this off-the-cuff list. This is not just internal developments, but work produced by expensive consultancy firms and 3rd party products.

Please, please, please finish the darn stuff before you give it to me!

Cheers

Tim…

A week with my Windows 10 desktop…

I mentioned in a previous post I was done with the MacBook Pro, but the combination of it no longer being a brick and my inherent laziness has meant I’ve lost momentum on the switch and I’ve not ordered a new laptop (pause for dramatic effect) yet… Even so I’ve been using a Windows 7 PC at work for nearly six years and last week it got swapped out for a new PC with Windows 10 on it. The new machine is a pretty standard desktop machine (i7, 16G RAM and 500G SSD), so a similar spec to my MBP.

These are the go-to things I must have on my work computer. There are a bunch of other things as well, but these are the mainstays.

  • DropBox : I use this to hold my personal KeePass file on Windows at work, and Mac and Linux boxes at home.
  • KeePass : Each system I log into has a strong unique password. I don’t know any of them. Without KeePass I would be screwed. I use KeePassXC on Mac and KeePass2Android on my phone. I used to run KeePass with Wine on my Linux desktop, but KeePassXC is a better alternative now.
  • Chrome : Other browsers are available. I don’t dislike Edge, but Chrome syncs on all my machines, so I don’t have to mess about maintaining bookmarks.
  • MobaXTerm : My go-to shell. IMHO it’s much better than anything else on Windows, Mac or Linux.
  • UltraEdit : I have a multi-platform unlimited upgrades license, so I use this on all operating systems. If I hadn’t already bought the license I would probably use NotePad++ on Windows, or maybe one of those editors the cool kids use…
  • VirtualBox : I run this on my Windows PC at work, on my MBP at home and on my Linux servers at home. I don’t mind Hyper-V or KVM, but having one product on all three operating systems I use is nice.
  • SQLcl : I recently wrote about my switch from SQL*Plus to SQLcl.
  • SQL Developer : I don’t use this a lot because I am a command line kid, but it’s good to have just in case.
  • SQL Server Management Studio : I don’t write about it a lot, but I do look after a bunch of SQL Server databases, so this is really handy.
  • PortableApps : This is a neat way to run a load of different apps and utils on a Windows box without having to install them. It works great on a memory stick, but if there is a PortableApps version of an application, I will often pick it over a regular install and just have it sitting on my PC.
  • Git Extensions : On my Mac and Linux boxes I use the command line for Git, but on Windows I use Git Extensions. I don’t know why I use a GUI on Windows when I could just use the command line. 🙂 Of all the clients I’ve tried, this is the one that suits me the best. Some of the more popular clients, like GitHub Desktop and SourceTree, drive me nuts.
  • SnagIt : Great for screen/window/region captures, delayed and auto captures,  and annotations when producing docs. I use it on my Windows PC at work and MBP at home. Could use the free “Snipping Tool” on Windows, or the built in stuff on MBP, but I like SnagIt. On Linux I used to use Shutter, but it’s not great.
  • Spotify : Don’t judge me! 🙂

By looking at this list you can probably see why I don’t have too many problems doing my job on any OS. Most of the tools I use are available on the big two desktop operating systems, and Linux in some form. There are just a lot more options for Windows in the non-work arena, which is why I’m interested in switching back to it at home too…

A week in and I’m really happy with Windows 10. I support family members who’ve used it for a long time, so it wasn’t a big shock to me. If anything, this experience has strengthened my resolve to ditch the Mac when I eventually replace my home desktop/laptop. Windows 10 is quick, responsive and it looks nice.

Cheers

Tim…

Update: Someone pointed out I didn’t mention AV. I just assume all Windows PCs, Macs and Linux Desktops are running AV and probably malware stuff. I know I do on all devices. In this case we are talking about a corporate PC, so it’s definitely there.

WordPress 4.9.3 and 4.9.4

I’ve given up on posting about new WordPress releases as most of you who are self-hosting are probably using the automatic update feature, so by the time you read my release announcement you’ve already upgraded automatically. Not this time… 🙂

Yesterday WordPress 4.9.3 was released and got automatically applied to the five WordPress blogs I look after. As well as fixing a bunch of bugs, 4.9.3 also broke the automatic update feature, so you are going to be stuck on 4.9.3 until you manually click the upgrade button. If you are self hosting WordPress, it’s a good idea to log in and manually click the upgrade button, so you get WordPress 4.9.4, and all subsequent upgrades automatically. 🙂

Cheers

Tim…

Mac updates disaster (again) and a return to Windows desktop?

A couple of nights ago I tweeted about my MacBook Pro being a brick after the latest updates were applied. It was totally unresponsive. The only thing that would work is the “Option” key at boot to alter the boot order.

This is not the first time this has happened to me, and not just on this machine. I think in total I’ve had to restore the entire OS from TimeMachine three times. Once on a previous MBP and twice on the latest one. Twice it was after updates and once because it just stopped working and I never found out why.

Being a DBA, backups are my thing, so I have a TimeMachine partition on my NAS, as well as manual backups for some of the important things, which in turn get pushed up to an AWS bucket. For good measure I also have an external drive with some backups on, because it always pays to be prepared. 🙂

Due to past issues I always keep a Mac Recovery USB Drive waiting to go. This is how I recovered from the latest issue. The recovery took 6+ hours, then it took about 30+ minutes to apply the update that started all this fiasco. So I now have a patched and working MBP again, for now…

I also mentioned on Twitter I might be moving back to Windows for my main desktop, possibly even installing it on the MBP. That prompted a few comments, so I figured I would mention my current opinions on the top-3 Operating Systems, from a *desktop perspective*.

macOS

I bought my first MacBook Pro in 2009 and have used one as my travel machine since then. About 2.5 years ago I bought a 15″ retina, which became my home desktop machine, and travel laptop combined. The 2009 13″ MBP is next to my bed, used every day as my Netflix machine. 🙂

I was convinced to give Macs a go because loads of people at conferences kept telling me how good macOS was. It’s over 8 years, but I’m still waiting to fall in love with it. This seems to have happened for other people instantly, but I just don’t see the major appeal.

I still find it annoying how little support there is for Macs from software companies. Most of what I want to do it fine, but every now and then I want to try something and it’s not supported on Mac, or I’ve got to wait a few months for the Mac version to be released. It’s still a Windows world, so I’m still using Windows VMs occasionally.

The only really positive thing I can say is I like the build quality of the case, but after my Staingate issue and a problem with the fan I had in the first few weeks of the latest machine, I’m not sure the build quality is quite what it was when I bought my first MBP.

Linux

I first used Linux in the RedHat 5.1 days (not RHEL), which Wikipedia tells me was 1998. At some point I ditched Windows at home and Red Hat Linux became my main desktop. I can’t remember which exact version I switched to, but I’m thinking Red Hat Linux 8. When Red Hat Linux became Fedora I made that move also. When I started to do presentations I bought a laptop which used Windows Vista, which wasn’t as bad as people made out. Later on I switched to a MacBook Pro, but Fedora was my main desktop OS until about 2.5 years ago. Once again, I can’t remember the exact version, but it was one of the 20’s. Somewhere between Fedora 21 and 23 at a guess. Since moving away from a Linux desktop I have kept up with Fedora for every release, but it’s not been a 100% desktop for me.

I learned a lot by using Linux as my desktop, but I spent a lot of time trying to get round device compatibility issues, or get what felt like part-finished software to work. I was forever having to use Wine or Mono to run additional software because the Linux support didn’t exist, or didn’t really work properly. I was also having to use a Windows VM to run some software I needed for my business. Like I said, great learning experience, but hardly what I would call an efficient use of time for a regular user.

Someone on Twitter asked me what I wanted from a Linux desktop and I said,

“Support for all apps I want to use and devices, without having to do weekend projects to fix problems…”

Jared Still commented,

“Twice I have made serious attempts to use Linux on a laptop. It is just too fiddly; every time something New needs to be done it is a new project. All my Databases run on Linux, I do dev on Linux, but it was just too much trouble for many common tasks.”

I agree. I am a total devotee of Linux on the server, but using Linux on the desktop is not a viable option for me. Been there. Done it for a lot of years. Moved on!

Windows

I wrote my PhD thesis on Microsoft Word using Windows 3.11. At every job I’ve ever had, Windows has been my main desktop OS, so I’ve lived through all the versions since Windows 3.11. Even when I switched to Linux at home, I was using Windows at work, and supporting family members using Windows. My work desktop still uses Windows 7, but as of next week it will be Windows 10. My family used Windows 8.0, then 8.1 and now Windows 10. Like most IT people, I have to support family PCs, so it was me who did the upgrades and I’ve used these versions a lot. I’m doing the last minute checks to this post on my brother’s Windows 10 laptop.

Windows is far from perfect, but if you’ve not been using it regularly for the last few years, I think you might be surprised. I like Windows 10.

Conclusion

I think my next move will be Windows.

I have a long history of all three operating systems, so it’s not like I’m going into this blind. I think I probably have a better grounding in all three than most of the people who are trying to push their preference on me. 🙂

Most of the time I am in a shell or a browser, so I can work OK on all three operating systems without much trouble, but it’s when I want to go off piste the differences start to become evident.

You don’t have to agree with me. My choice does not mean your choice is wrong. Likewise, your choice doesn’t mean my choice is wrong.

Cheers

Tim…

Pretrospectives : The death of any project!

If you’ve never heard of “pretrospectives”, that’s because it’s a made up word.

I was working in a team who were “a little frustrated”, so we vented by writing our Fragile Manifesto. It wasn’t a new idea, but it served its purpose and made us chuckle. It came up in conversation a few days ago so I took a look at it again, and one of the things that stood out was the “pretrospective”, which continues to be a problem. So here’s our definition.

“Pretrospectives : Similar to the Retrospectives of Agile, but they are done before any work is started, hence the “Pre”. These should last as long as it takes to identify any possible problem you may encounter during the lifespan of the project. Possible problems should not only be discussed, but documented thoroughly. Remember to include many blank pages, with the words “Page left blank intentionally”. This will increase the page count, and therefore the value of the documentation. Pretrospectives should be by far the longest phase of any Dawdle.”

I guess you now realise this is a jab at that waterfall approach of trying to define everything up front, only to find all the requirements have changed by the time you actually start to code, if you ever start that is. I’ve worked on projects where external consultants have produced hundreds of thousands of pages of documentation, at a cost in excess of £1 per page, only to have the whole lot scrapped.

I tend to think good DBAs are worriers, constantly thinking about what could go wrong and trying to figure out how to avoid it, or what they will do to fix it if it does happen. You have to be careful how you present this information to others or it can feed into the mindset that leads to pretrospectives. In a list of pros & cons, some people can’t see past the cons. 🙂

You have to break down large ventures into smaller, easily accomplishable tasks or you don’t stand a chance of even getting started, let alone finishing. I often say the thought of writing a book is really daunting, but everyone can write a page. A book is a collection of pages. You can call things user stories and story points or magic pixies steps. I don’t care. You’ve just got to stop sitting around “planning” and get something done…

I don’t really know what the point of this post was, but I suspect it was another way of me venting. 🙂

Cheers

Tim…