Friday, November 17, 2006

Breaking News: Kirk Brocas, aka Oracle Legend, now available for contract and permanent roles

Yes folks, it is true. My time, and that of more than 20 other IT workers at Preston Aviation Solutions has ended. Preston is being absorbed into Jeppesen, another Boeing company, along with Carmen Systems.

So, if you want a talented Oracle guy in Melbourne, feel free to offer me a role!

Tuesday, October 31, 2006

New Oracle 11g Database Features

Lewis Cunningham has described the new features in Oracle 11g (the next database release), as announced this week at Open World, in OOW: Enhancements in Oracle 11g PL/SQL

There are a few that sound fantastic:
  • DML triggers are up to 25% faster.
  • Specify Trigger firing order.
  • Read only tables
  • SQL and PL/SQL result caching
  • Fine Grained Depenancy Tracking - when you add a column to a table, or a cursor to a package spec, you don't invalidate objects that are dependant on them

eWeek reports on Oracle's Enterprise Linux

A bunch of interesting articles on eWeek regarding the new Oracle Linux distribution.

As for me, I'll stay with CentOS, because for home test systems, I really don't want to pay a support license to get patches/updates!

Oracle Red Hat
The tremors from Oracle's recent decision to support its own version of Red Hat Linux less expensively than Red Hat does are still being felt in the Linux community, and both analysts and Linux corporate executives are trying to get a handle on it.

Oracle releases Oracle Enterprise Linux

After months of debate about whether Oracle would launch its own Linux, or buy a vendor, Oracle has decided to release a distribution based on Red Hat - similar to Centos, but with support. What is impressive is the price of the support - way cheaper than Red Hat - which has been exorbitantly expensive - more expensive than running Windows Server 2003 in fact.

So hats off to Oracle. Now there is some competition.

Makes me wonder though about whether Oracle's primary development platform for x64 will be 64-bit Eneterprise Linux, or whether they will use Solaris 10 x64 as announced November last year. Six months is a long time in I.T.

Personally, as a DBA that has installed and managed Oracle databases on pretty much all the UNIX distros, I would rate Solaris 10 way higher than Linux, which I still feel to be not much better than Beta software and about as stable as Windows 3.1! Linux seems to benefit from a monthly boot, while older established UNIX like AIX can run for a year without a problem.

Most of the non-responsive Oracle systems I have encountered have been on Linux, and usually an OS problem rather than anything wrong with Oracle.

How to harden IE 7 Security

Excellent article on hardening IE7 at

The article got my attention from Brian Livingston's newsletter on, which added some extra bits.

Most useful bit:

How to configure IE 7 to protect yourself

Just because certain features are enabled in IE 7, that doesn't mean you have to leave them on and expose yourself to
rogue examples of such code in the future. Shown below is a concise list of the way Arie
recommends that you configure Internet Options in IE 7 to protect your system.

In IE 7, click Tools, Internet Options, and then select the Security tab. With
the Internet zone selected, the security level by default should be set to
Medium-High. Click the Custom Level button. Set the following choices:

  • .NET Framework
    • Loose XAML: Disable
    • XAML browser applications: Disable
    • XPS documents: Disable

  • ActiveX controls and plug-ins
    • Binary and script behaviors: Disable
    • Run ActiveX controls and plug-ins: Disable
    • Script ActiveX controls marked safe for scripting: Disable

  • Downloads
    • Font download: Disable
    • Enable .NET Framework setup: Disable

  • Enable .NET Framework setup: Disable

  • Miscellaneous
    • Allow META REFRESH: Disable
    • Allow Web pages to use restricted protocols for active content: Disable
    • Display mixed content: Disable
    • Drag and drop or copy and paste files: Disable
    • Installation of desktop items: Disable
    • Launching applications and unsafe files: Disable
    • Launching programs and files in an IFRAME: Disable
    • Navigate sub-frames across different domains: Disable
    • Software channel permissions: Maximum Safety
    • Submit non-encrypted form data: Disable
    • Userdata persistence: Disable
    • Web sites in less privileged Web content zone can navigate into this zone: Disable

  • Scripting
    • Active scripting: Disable
    • Allow programmatic Clipboard access: Disable
    • Scripting of Java applets: Disable

Some of the above settings will interfere will the operation of some legitimate
Web sites. I'll describe in the following section how to work around this.

Firefox is still a better browser than IE 7

Changing IE 7's default settings can remove
some functionality from Web sites you may regularly visit. For example,
disabling "active scripting" turns off _JavaScript. Many sites use _JavaScript to
activate various menu options. For example, the menu at the
site (but not in the newsletter) shows you what second-level options are
available when you hover your mouse over a top-level option.

We've designed the menu at our site so it works (less slickly) even if _JavaScript is disabled
in a visitor's browser. For example, you can simply click a top-level menu item
and the resulting page then shows your
second-level choices.

But not all sites have this kind of fall-back design. Here are my
recommendations on how to use the Web effectively, despite the fact that you've
made IE 7 more secure:

• Use Firefox, not IE 7. Firefox is inherently a more secure browser that
Internet Explorer, even version 7.0. For example,
Firefox is not vulnerable to Secunia's test of the MHTML hole that IE 7 (and IE
6 and IE 5) suffers from.

Most sites today work with both Firefox and IE (and other major browsers, such
as Opera, Netscape, and Mac Safari). Sites that really
require IE are declining. If you haven't already installed Firefox, the new version 2.0 can
be downloaded from the Mozilla
release notes page. (Be sure
to read
the notes before installing.)

• Add legitimate IE-only sites to the Trusted Sites zone. If you encounter
a site that you know to be responsible — but it requires Internet Explorer for
some reason — you can easily add the site to IE's Trusted Sites zone. In IE 7,
pages in the Trusted Sites zone run at the Medium security level (not
Medium-High as in the Internet zone) and aren't restricted by the customizations
you've applied to the Internet zone.

To add a Web address to the Trusted Sites zone in IE, click Tools, Internet
Options, and then select the Security tab. Select the Trusted Sites zone, click
the Sites button, and add the address of the site you wish to visit. If the site
doesn't use encrypted pages, turn off the option Require server verification
(https:) for all sites in this zone.

It's even easier to add an address to your Trusted Sites if you install
Microsoft's Power Tweaks Web Accessories from the company's
download page. This applet inserts an option called Add to Trusted Zone
right on IE's Tools menu. (Microsoft's download page says the download is only
for IE 5, but it works fine on IE 6 and IE 7.)

• Easily open pages in IE while in Firefox. If you use Firefox routinely,
you can quickly open an IE-only page in IE by clicking an icon on the Firefox
toolbar. To do this, install IE View, an
extension available from You can even set specific sites to
automatically open in IE, if you absent-mindedly surf to them in Firefox.

• Install IE 7 just to protect yourself against IE 6. If you run
Firefox or some other secure browser, you may wonder why you should upgrade to
IE 7 at all. The answer is that you might be induced to visit an IE-only site
some day, and that site turns out to be infected (deliberately or accidentally).
Browsing with IE 7 instead of IE 6 does provide you with better protection,
especially if you've made the changes shown above. To install IE 7, visit
Microsoft's download page.

• Why not just set IE 7's security level to "High"? It's always
possible to crank IE's Internet Zone up to the High security level instead of
Medium-High. Doing
this, however, makes most Web sites unusable, because IE then pops up a warning
every time some harmless page script runs. Sometimes, several warnings
appear on every page of a site. Using the customized settings shown above — and
adding respected companies to your Trusted Sites zone — provides
you with fairly good protection without subjecting you to such pointless