I'll try almost all food wherever I am in the world (except for Scorpios-on-a-Stick, Sheep Penis and such stuff). But I didn't try this in our hotel in Rio:

No offense - but Nuremberg (or in German: Nürnberg) is my hometown - and Nürnberger Bratwürste look a little bit different. If you'd ever visit Germany and you'll have to chance to see Nürnberg you might order "Drei im Weggla" (three [sausages] in a bread bun) and every Franconian will understand you

But still Roy and me had some fun at the breakfast buffett

Thanks a lot to everybody who did visit our workshops in Sao Paulo and Rio de Janeiro in the past days. And actually our "Thank You" or Obregado! can't express how Roy and me felt in the past days. I believe I've never felt so welcome - you all, customers, partners and Oracle folks were simply great. Thanks a lot for that. We've had a great time - and we hope you had some fun as well and enjoyed the hands-on lab as well.

Let us know if anything with your upgrades does not run as desired - or if all worked out well. And also if you'd like to try the "Turbo xTTS" technique. The note got published last night and I'll write something about it in the upcoming weeks.

So we hope to see you again - maybe in 2014 during the World Cup I'll push Murilo to setup another series of workshops by then

And thanks a lot for all your comments and feedbacks - we really appreciate that!!

Obregado!!!

Doug Gault is returning to Hotsos Symposium 2012. Doug is an entertaining speaker who focuses on Oracle's Application Express. Doug Gault is a Director & Co-Founder at Sumneva, a world-class Oracle Application Express (APEX) consulting, training & solutions firm founded in 2010. He has been working with Oracle since 1988, starting with version 5.1B, SQL*Forms 2.0 and RPT/RPF. Since then he has focused his career on Oracle's development technologies, spending the last decade on web based technologies, and the last 5 years specifically on APEX. Prior to co-founding Sumneva, Gault was Vice President of Sumner Technologies, which also focused on Oracle APEX consulting, training & solutions. Before that he served as the Product Development Director for Hotsos Enterprises, during which time he was the lead architect/developer and product manager for two commercial products written in exclusively in APEX. His 21 years of Oracle experience has taken him all over the world and involved him in some truly ground-breaking projects. Gault has presented and participated in round table discussions at a number of conferences including Oracle OpenWorld, UKOUG and ODTUG's APEXposed. He holds an Associates Degree in Computer Science, and an honorary Master's Degree from The School of Hard Knocks, believing there is no replacement for hard earned experience.

Topic: Capturing Performance Data for Interesting APEX Processes

Description: One of the features of Oracle Application Express 4 is the much improved debug information now stored in the dictionary views. This data can be used to track, monitor, and identify performance trends across your APEX application. The trick is capturing instances of this information for interesting APEX processes programmatically. This session will introduce the idea of using APEX Debug data for performance trending, the techniques and information necessary for you to mine the Oracle Application Express 4 debug data, and methods for programmatically capturing runs deemed as "interesting".

If you're into ApEx, you won't want to miss Doug's presentation. Sign up today before the price goes up on Feb 11, 2012.

This morning, the display on one of my computers was a bit odd. I rebooted the machine and when it came up I got no output on the monitor. I plugged my laptop into the monitor and that worked fine, so it looked like the graphics card had died. I popped down to a local PC store and had the choice of remortgaging my house for new graphics card, or buying a cheap and cheerful one. I did the latter. Even so, the new card was much flasher than the old one.

I put the card in the machine and it booted up and I had a display again. Trouble was, GNOME shell had failed to start and I was knocked back into fallback mode, that looks a bit like GNOME2. Sigh. Forgot to check the the card against support for the ever-so-picky GNOME shell.

I now have a choice to make:

• Ditch it and get a new graphics card… again…
• Switch to KDE or XFCE… shudder…
• Stay with the fallback option until Fedora 17, when allegedly GNOME shell will not be so bloody fussy.

I’m probably going to stick with the last option as I can’t be bothered to waste any more time on this. All of a sudden, Windows and Mac OS X don’t seem so bad after all…

Cheers

Tim…

PS. I don’t need a lecture on why GNOME shell is so picky. I know all the arguments. I’ve read all the crap. Doesn’t mean it’s not a pain in the ass when you buy a newer and more powerful graphics card and you end up with an inferior user experience.

I thought Chronicle was a cool film. Three kids find some weird object and develop super powers. How will it affect them and how will they choose to use them?

It has the “shot on my camcorder” feel, like Cloverfield, and has a kind of Akira feel to me. While I was watching it I kept expecting someone to say, “With great power comes great responsibility!”

The effects are pretty cool. At the start they look like they are going to be a bit low budget, but by the end they get pretty impressive.

Nice mix of teen angst, super powers and destruction. Obviously not targeted for 42 year old men, but it hit the mark for me. I guess that says a lot.

Cheers

Tim…

Hey Tom,Funnily enough I just published a paper about doing the same thing with NUMBER concatenations. This was an addendum to a paper I wrote in 2008 on exploit DATE concatenations - the same problem you discuss here. You can get the recent paper here: http://www.accuvant.com/capability/accuvant-labs/security-research/lateral-sql-injection-revisited-exploiting-numbers and the first paper here: http://www.databasesecurity.com/dbsec/lateral-sql-injection.pdf

the problem David mentions in http://www.accuvant.com/capability/accuvant-labs/security-research/lateral-sql-injection-revisited-exploiting-numbers only arises since NUM_PROC is owned by SYS,as far as I can see, correct ? 

So, it's not really a problem since nobody ever does something as SYS, correct.

• Create session
• Create procedure
• Create public synonym <<<=== these guys are evil!  Should be avoided

• APEX is installed in the same database as EBS (see previous post). 
• My APEX application (actually Workspace) is linked to my own (non-EBS) Oracle schema.

1. Identify where the data is in EBS
   
   If you are not familiar with the data model of EBS, it can be hard to find the right information. A good starting point would be the APPS schema, because that has access to the complete Oracle E-Business Suite data model. You can compare it with the SYSTEM schema, which has access to the entire database.
   
   This pictures shows an overview of the APPS schema and base product schemas.
   
   
   
   You can read more about the APPS schema in the EBS documentation.
   
   In my example I wanted to find the people that are in my organisation (HR). I started to look for views that would give me that information. My first query was like this:
   
   select object_name
     from user_objects
    where object_name like '%PEOPLE%'
      and object_type = 'VIEW'
   order by 1 
   
   That query returned 82 rows in my environment. In the results I saw e.g. ADS_PEOPLE_V, HRBG_PEOPLE, PER_ALL_PEOPLE, PER_PEOPLE, PER_PEOPLE_F etc.
   
   I started to look at the definitions of those, but if you are not familiar with EBS it's hard to know which one is the one you need. So my recommendation would definitely be; when you are not that familiar with EBS, talk with somebody who knows more about it. For me that is the case, I only started to look into EBS and actually do something with it, a few weeks ago.
   
   When I talked to somebody more experienced in EBS, he told me I probably wanted to look at PER_ALL_PEOPLE_F. Hmm, that wasn't in the result set of the above query. After investigating a bit more PER_ALL_PEOPLE_F is a synonym for HR.PER_ALL_PEOPLE_F.
   
   I wanted to understand the naming convention in EBS a bit better e.g. for the PER%PEOPLE% objects.
   
   
   
   Below I created a table how I interpret the EBS objects:
   
   

   View /Synonym (^)	count(*)	count(distinct person_id)	Interpretation
   per_all_people_f (^)	32295	18518	Synonym to real HR table
   per_all_people	0	0	Needs EBS session (record inFND_SESSIONS) so it knows what you can see
   per_all_people_d	32295	18518	All records but showstranslated text if user settings are applied
   per_people	0	0	Needs EBS session, showseffective records based on user's date
   per_people_f	32295	18518	EBS security implemented, youonly see records you are allowed to see
   per_people_v	0	0	Needs EBS Session, includes alot of display text and is language dependend
   per_people_x	18518	18518	EBS security implemented (sameas per_people_f), but limits to only the effective records (WHERE TRUNC(SYSDATE) BETWEEN EFFECTIVE_START_DATE ANDEFFECTIVE_END_DATE)

   
   So to me PER_PEOPLE_X looks like a good candidate to use in my APEX application. If I'm not logged into the app as an E-Business user I still see all records that are effective at the time I run the query.
   
   
2. Create a view on top of the EBS views and use some naming conventions so it's easy to recognise which objects you created and are not native EBS ones.
   
   create view apex_per_people_vw as select * from per_people_x
   
   
3. Grant access on that view to the schema that is linked to your APEX workspace and application
   
   grant select on apex_per_people_vw to apex_ebs
   
   
4. Create a view in your own schema that selects everything from the view in the apps schema.
   We do that so that the views are a one-on-one mapping between schema's, but they show up in the APEX wizards.
   
   create view apex_per_people_vw as select * from apps.apex_per_people_vw
   
   
5. Create an Interactive Report on top of the view
   
   

• E-Business Suite and APEX integration (overview)
• E-Business Suite and APEX installation
• APEX and E-Business Suite integration (OBUG event)

Just a quick reminder that the Rocky Mountain Oracle User Group Training days are just eleven days away. It’s one of the best Oracle events I’ve attended, and I’ll be there again this year. There are plenty of good speakers and interesting presentations on a wide range of topics – and if you’re wandering around between sessions with nothing to do, I’ll be around too and will be happy to say hello and have a chat.

Here’s the list of things I’ve pencilled in on my timetable so far. (Some of the gaps are there because I’m doing three presentations myself, some are there because I haven’t decided what to see yet.)

If nothing else catches your eye, don’t miss out the opportunity to hear Maria Colgan talking about the optimizer. She’s doing three presenations (and only one of them coincides with one of mine) and they’re all worth hearing.

These days, it’s hard to find a business conference or read a publication that doesn’t talk about big data. Even the recent World Economic Forum in Davos, Switzerland, featured more than 40 presentations on this hot technology. Because of all the recent talk, many people think big data is new. While it’s true that big data is suddenly gaining more attention, we at IBM have been investing in this space for many years, and are confident that we have the strongest strategy and deepest solution offering on the market. Now, an independent research firm has validated our belief.

A number of Teradata customers have moved some or all of their data and analytic applications to IBM Netezza data warehouse appliances. The reasons these customers give for their move invariably include:

• Time to value
• Agility and the ability to grow with new workloads
• Reducing their cost of ongoing maintenance
• Improving query performance – particularly for complex analytics and ad-hoc environments as data volumes grow.

The Functional Model of PaaS is nice, but the Operational Model matters more.

Let’s first define these terms.

The Functional Model is what the platform does for you. For example, in the case of AWS S3, it means storing objects and making them accessible via HTTP.

The Operational Model is how you consume the platform service. How you request it, how you manage it, how much it costs, basically the total sum of the responsibility you have to accept if you use the features in the Functional Model. In the case of S3, the Operational Model is made of an API/UI to manage it, a bill that comes every month, and a support channel which depends on the contract you bought.

The Operational Model is where the S (“service”) in “PaaS” takes over from the P (“platform”). The Operational Model is not always as glamorous as new runtime features. But it’s what makes Cloud Cloud. If a provider doesn’t offer the specific platform feature your application developers desire, you can work around it. Either by using a slightly-less optimal approach or by building the feature yourself on top of lower-level building blocks (as Netflix did with Cassandra on EC2 before DynamoDB was an option). But if your provider doesn’t offer an Operational Model that supports your processes and business requirements, then you’re getting a hipster’s app server, not a real PaaS. It doesn’t matter how easy it was to put together a proof-of-concept on top of that PaaS if using it in production is playing Russian roulette with your business.

If the Cloud Operational Model is so important, what defines it and what makes a good Operational Model? In short, the Operational Model must be able to integrate with the consumer’s key processes: the business processes, the development processes, the IT processes, the customer support processes, the compliance processes, etc.

To make things more concrete, here are some of the key aspects of the Operational Model.

Deployment / configuration / management

I won’t spend much time on this one, as it’s the most understood aspect. Most Clouds offer both a UI and an API to let you provision and control the artifacts (e.g. VMs, application containers, etc) via which you access the PaaS functional interface. But, while necessary, this API is only a piece of a complete operational interface.

Support

What happens when things go wrong? What support channels do you have access to? Every Cloud provider will show you a list of support options, but what’s really behind these options? And do they have the capability (technical and logistical) to handle all your issues? Do they have deep expertise in all the software components that make up their infrastructure (especially in PaaS) from top to bottom? Do they run their own datacenter or do they themselves rely on a customer support channel for any issue at that level?

SLAs

I personally think discussions around SLAs are overblown (it seems like people try to reduce the entire Cloud Operational Model to a provisioning API plus an SLA, which is comically simplistic). But SLAs are indeed part of the Operational Model.

Infrastructure change management

It’s very nice how, in a PaaS setting, the Cloud provider takes care of all change management tasks (including patching) for the infrastructure. But the fact that your Cloud provider and you agree on this doesn’t neutralize Murphy’s law any more than me wearing Michael Jordan sneakers neutralizes the law of gravity when I (try to) dunk.

In other words, if a patch or update is worth testing in a staging environment if you were to apply it on-premise, what makes you think that it’s less likely to cause a problem if it’s the Cloud provider who rolls it out? Sure, in most cases it will work just fine and you can sing the praise of “NoOps”. Until the day when things go wrong, your users are affected and you’re taken completely off-guard. Good luck debugging that problem, when you don’t even know that an infrastructure change is being rolled out and when it might not even have been rolled out uniformly across all instances of your application.

How is that handled in your provider’s Operational Model? Do you have visibility into the change schedule? Do you have the option to test your application on the new infrastructure or to at least influence in any way how and when the change gets rolled out to your instances?

Note: I’ve covered this in more details before and so has Chris Hoff.

Diagnostic

Developers have assembled a panoply of diagnostic tools (memory/thread analysis, BTM, user experience, logging, tracing…) for the on-premise model. Many of these won’t work in PaaS settings because they require a console on the local machine, or an agent, or a specific port open, or a specific feature enabled in the runtime. But the need doesn’t go away. How does your PaaS Operational Model support that process?

Customer support

You’re a customer of your Cloud, but you have customers of your own and you have to support them. Do you have the tools to react to their issues involving your Cloud-deployed application? Can you link their service requests with the related actions and data exposed via your Cloud’s operational interface?

Security / compliance

Security is part of what a Cloud provider has to worry about. The problem is, it’s a very relative concept. The issue is not what security the Cloud provider needs, it’s what security its customers need. They have requirements. They have mandates. They have regulations and audits. In short, they have their own security processes. The key question, from their perspective, is not whether the provider’s security is “good”, but whether it accommodates their own security process. Which is why security is not a “trust us” black box (I don’t think anyone has coined “NoSec” yet, but it can’t be far behind “NoOps”) but an integral part of the Cloud Operational Model.

Business management

The oft-repeated mantra is that Cloud replaces capital expenses (CapExp) with operational expenses (OpEx). There’s a lot more to it than that, but it surely contributes a lot to OpEx and that needs to be managed. How does the Cloud Operational Model support this? Are buyer-side roles clearly identified (who can create an account, who can deploy a service instance, who can manage a deployed instance, etc) and do they map well to the organizational structure of the consumer organization? Can charges be segmented and attributed to various cost centers? Can quotas be set? Can consumption/cost projections be run?

We all (at least those of us who aren’t accountants) love a great story about how some employee used a credit card to get from the Cloud something that the normal corporate process would not allow (or at too high a cost). These are fun for a while, but it’s not sustainable. This doesn’t mean organizations will not be able to take advantage of the flexibility of Cloud, but they will only be able to do it if the Cloud Operational Model provides the needed support to meet the requirements of internal control processes.

Conclusion

Some of the ways in which the Cloud Operational Model materializes can be unexpected. They can seem old-fashioned. Let’s take Amazon Web Services (AWS) as an example. When they started, ownership of AWS resources was tied to an individual user’s Amazon account. That’s a big Operational Model no-no. They’ve moved past that point. As an illustration of how the Operational Model materializes, here are some of the features that are part of Amazon’s:

• You can Fedex a drive and have Amazon load the data to S3.
• You can optimize your costs for flexible workloads via spot instances.
• The monitoring console (and API) will let you know ahead of time (when possible) which instances need to be rebooted and which will need to be terminated because they run on a soon-to-be-decommissioned server. Now you could argue that it’s a limitation of the AWS platform (lack of live migration) but that’s not the point here. Limitations exists and the role of the Operational Model is to provide the tools to handle them in an acceptable way.
• Amazon has a program to put customers in touch with qualified System Integrators.
• You can use your Amazon support channel for questions related to some 3rd party software (though I don’t know what the depth of that support is).
• To support your security and compliance requirements, AWS support multi-factor authentication and has achieved some certifications and accreditations.
• Instance status checks can help streamline your diagnostic flows.

These Operational Model features don’t generate nearly as much discussion as new Functional Model features (“oh, look, a NoSQL AWS service!”) . That’s OK. The Operational Model doesn’t seek the limelight.

Business applications are involved, in some form, in almost every activity taking place in a company. Those activities take many different forms, from a developer debugging an application to an executive examining operational expenses. The PaaS Operational Model must meet their needs.

I shudder at the thought of how much time I have wasted searching for information during my professional career. I would bet that the number of keywords and keyword combinations I have used to search network file shares, local drives, email, and enterprise content management (ECM) systems numbers in the hundreds. And as I think about how many of my searches resulted in me finding the information I was looking for in the first place, I would guess around a 70% success rate. For the other 30%, I would end up either re-creating content that already existed, emailing colleagues asking them if they knew where “high value content item A” could be found, or many times I would just simply give up and move on to my next work task that did not require ancillary information to complete.

My enterprise search experiences probably aren’t much unlike yours, and even if they are, I think we can all agree that time any time wasted searching for information in our organizations leads to increased costs, reduced knowledge sharing, and frustrated employees. And frankly, employees like me are frustrated because we aren’t always sure what system has the information we need. Industry statistics suggest that most large organizations have at least two content repositories and Gartner has even suggested 66% of enterprise have more than six. So it is really no wonder that up to 25% of a knowledge workers time is spent searching for information because they don’t know where to find it or the system they think has it doesn’t. Content management users that cannot find the information they need from those systems will quickly abandon them and instead choose to store and retrieve content from file shares or local drives. This only perpetuates the growth of repositories within organizations further increasing costs, decreasing knowledge sharing and frustrating employees even more.

Eliminating most of the above issues can be achieved by providing ECM users with search capabilities that provide the ability to search multiple repositories and return highly relevant, categorized results. The Google Search Appliance (GSA) offers out-of-the-box capabilities to search files systems and websites and return results through the familiar Google interface. Fishbowl Solutions has leveraged the capabilities of the GSA and extended them to WebCenter Content users through their GSA Connector for WebCenter. With Version 2.0 of this connector, WebCenter users are provided with a search template that can be configured to enable searches for not only WebCenter Content, but also content in SharePoint sites, file shares, as well as blog and wiki articles – All directly from WebCenter Content. This effectively provides WebCenter Content users with an enterprise search system within the context of their WebCenter user interface. For more information on Fishbowl’s GSA Connector Version 2.0 for Oracle WebCenter Content, please click on the following links:

• Press Release: Fishbowl Solutions Releases Version 2.0 of their Google Search Appliance Connector for Oracle WebCenter Content
• Demo Viewlet (9 minutes)
• Product Brochure
• Case Study: Fairview Health Services

•     What business insight can big data uncover?
•     How do you manage big data?
•     How do you integrate big data into decision-making?

An old Chinese proverb says: “When planning for a year, plant corn. When planning for a decade, plant trees. When planning for life, train and educate people.”

When new IT applications are created, how often does someone plan about the future of the data? Its growth, reorganization, what is being logged, how often unnecessary data is purged and deleted; what is being audited and how? I guess we all know the answer. Here is a picture from The Data Affordability GAP Widens – Year by Year

Building the Knowledge! That is the starting point. Andy Flower, the president of IOUG, wrote an excellent article in the January/February 2012 issue of Oracle Magazine entitled “Building the Knowledgebase”.

Andy Flower says: “30 percent of organizations have seen data grow at an annual rate of more than 25 percent, with 10 percent seeing greater than 50 percent growth. 27 percent of respondents currently have more than 100 TB of data. Nearly 1 out of 10 sites now has data stores in the petabyte range.”

1. Unnecessary data is seldom deleted, purged or archived. I have often (rather quite often) seen databases where less that 10% of the data stored is used on daily basis. Oracle AWR reports can provide you excellent information where the physical and logical reads come from and with what percentage. Here is a simple example:

2. Databases often get fragmented, and they need regular reorganization. An interesting example is a global database which was 7TB in size (now bigger I guess) with real data less than 1TB. If that’s not a classical example of database fragmentation, then please give me a better one. Datafiles had so much white space! You may use this query to check for datafile fragmentation:

set lines 256 set pages 999 col "File Name" for A47 column file_name format a40; column highwater format 9999999999; SELECT /*+ RULE */ df.File_id, Substr(df.file_name,1,47) "File Name", Round(df.bytes/1024/1024,2) "Size (M)", Round(e.used_bytes/1024/1024) "Used (M)", Round(f.free_bytes/1024/1024) "Free (M)", round((b.maximum+c.blocks-1)*d.db_block_size/(1024*1024)) "HWM (M)" FROM dba_data_files df, (SELECT file_id, Sum(Decode(bytes,NULL,0,bytes)) used_bytes FROM dba_extents GROUP by file_id) e, (SELECT Max(bytes) free_bytes, file_id FROM dba_free_space GROUP BY file_id) f, (SELECT file_id, max(block_id) maximum from dba_extents group by file_id) b, dba_extents c, (SELECT value db_block_size from v$parameter where name='db_block_size') d WHERE e.file_id (+) = df.file_id AND df.file_id = f.file_id (+) AND df.file_id = b.file_id and c.file_id = b.file_id and c.block_id = b.maximum ORDER BY df.tablespace_name, df.file_name /

I am sorry about the RULE hint but it really runs faster with RBO.

Two key benefits of regular database reorganization are:

- better performance as data and indexes are spread over less blocks and thus less I/O and CPU are needed to access the data (and less memory of course)
- backups take less time and occupy less storage and tape (accordingly restore & recovery will be faster)

3. Databases are copied one-to-one from environment to another when data refresh is needed. Just like that. Copy and Paste. Not really, but often with the RMAN’s command “duplicate target database to ..” Have a look at what Oracle has to offer these days: the Oracle Test Data Management Pack for Oracle and non-Oracle Databases. The key benefits of the pack are:

- Reduce application storage costs dramatically through data subsetting
- Increase developer productivity through right-sized production copies
- Eliminate labor-intensive error-prone manual process to create test systems by automating application discovery, data relationship modeling, dynamic subset rules and parameter-driven execution

One really doesn’t need all the data from Production in the Development or the Test environment!

4. Data growth is often not monitored and seldom one knows which data can be deleted. I have just 3 words for this: “Oracle Cloud Control”.

A very detailed explanation of the problem is described by IBM in Control application data growth before it controls your business. Let me quote part of the executive summary:

“What are these effects? The most obvious are complexity and risk, along with storage and management costs. Data that has accumulated at a significant rate is highly distributed over multiple applications, databases and platforms creating complicated data relationships that are difficult to define, understand, control and house. Also, managing years of historical data in production databases can impact service levels and disaster recovery initiatives. Expanding online and batch processing windows, along with routine maintenance tasks, takes much more time and can reduce application availability significantly.”

Wonder why people started all of a sudden talk about Big Data?