Oracle Critical Patch Update or CPU is a collection of patches for multiple security vulnerabilities across all Oracle product lines. The details of the CPU have been announced prior to the actual release of the patches for the first time ever starting this year. The CPU is scheduled to release every quarterly, on January, April, July and October each year.
Oracle makes two efforts to ease the patching process - Pre-Release Announcement and CVSS Risk Matrix. The Common Vulnerability Scoring System is a vendor agnostic, industry open standard designed to convey vulnerability severity and help determine urgency and priority of response.
The ability to score information system vulnerabilities is extremely important to the professional computing world. CVSS provides the foundation for a standard process for stakeholders to prioritize their actions and respond to the threat vulnerabilities present. Vulnerabilities with a CVSS base score of 0.0 represent problems that are not exploitable in a default database environment. The higher the base score the greater the severity of the vulnerability.
Best Practices on Software Requirements Elicitation
0 Comments Published November 16th, 2006 in Technology.
Karl E. Wiegers is a two times Software Development Productivity Award winner, a guru in software requirements. His new book titled More About Software Requirements - Thorny Issues and Practical Advice is published by Microsoft Press after his popular Software Requirements, Second Edition in 2003.
On chapter two of the book, he outlines some universally applicable advices on software requirements which he puts them as “cosmic truths”.
- #1 If you don’t get the requirements right, it doesn’t matter how well you execute the rest of the project.
- #2 Requirements development is a discovery and invention process, not just collection process.
- #3 Change happens.
- #4 The interests of all the project stakeholders intersect in the requirements process.
- #5 Customer involvement is the most critical contributor to software quality.
Continue reading ‘Best Practices on Software Requirements Elicitation’
The new Oracle 11g database has 482 new features, cutting across such areas such as manageability, high availability, scalability, content management, infrastructure and business intelligence. The key theme of 11g is to provide “change assurance”. The following is a glimpse of a subset of all the new features:
- Compression technology that can reduce the amount of storage required for data sets by up to two thirds
- Speed boost allowing Oracle to finally beat file systems on reading data
- Data Guard - the ability to create a standby snapshot for the purpose of regression testing and to keep it in sync with your production database
- Replay Workload - the ability to capture all (or just SQL) database activities and then moving it to a testing environment without using a midtier tool
- Online Application Upgrades - hot patching, the ability to install upgrades or patches online with no downtime
- Quick Fault Resolution - the ability to capture of all diagnostics related to a fault automatically
- Database Repair Advisor - a wizard/expert system that guides DBAs through the fault diagnosis and resolution process
- Partition by logical object and automated partition creation to help manage Very Large Databases (VLDBs)
- New high-performance Large Objects (LOB) infrastructure
- Native Java & PL/SQL compilers
- Re-engineered driver for PHP
via OTN TechBlog
Jeffrey Hunter has published an insightful article about building an Oracle RAC 10g R2 Cluster with less than $1,800. If you are struggling to maintain an Oracle RAC at your work, do take a look. The system involved comprises a dual-node cluster (each with a single processor) running Linux (CentOS 4.2 or Red Hat Enterprise Linux 4) with a shared disk storage based on IEEE1394 (FireWire) drive technology.
Mr. Cantrill came up with the general idea for DTrace in 1996, while he was a computer-science student at Brown University, but didn’t get to start work on it until late 2001. It took nearly three years for him and his team — Michael Shapiro, a Sun distinguished engineer, and Adam Leventhal, a staff engineer — to make it work; a final version shipped early last year as part of Sun’s Solaris 10 operating system.
Where most debugging takes place as software is being developed, DTrace analyzes problems with systems that are in production — running a company’s database, say, or executing stock trades. It does this with a process called “dynamic tracing,” which enables a developer or systems administrator to run diagnostic tests on a system without causing it to crash. Before DTrace, such tests often took days or weeks to reproduce the problem and identify the cause. With DTrace, performance problems can be tracked to their underlying causes in hours, even minutes.
It is time to get serious about DTrace folks. Sun has provided quite a number of guides to get you started. You can find the official resources at BigAdmin DTrace and also enough examples to get you excited at Brendan Gregg’s Homepage.
via WSJ
Large sequential I/O can cause performance problems due to excessive use of the memory page cache. One way to avoid this problem is to use direct I/O on filesystems where large sequential I/Os are common. Direct I/O is a mechanism for bypassing the memory page cache alltogether.
DIRECTIO_ON allows you to force directio per-file and is used by Oracle database. The idea is that with a properly sized memory area the database can manage its own buffering and avoid the overhead of copying to kernel buffers. Even after the database is shut down directio will persist for a long time. The flag is set in the inode’s i_flag and hangs around cached within the inode in the DNLC and will effect files until the inode is flushed from the DNLC.
John Alderson demonstrated the problem using two simple C programs.