Full Contact Computing
Bare knuckles, no holds barred computing

Dec
07


I haven’t posted here for a while because studying for the PMP (Project Management Professional) has totally consumed my life. But no more! I passed the exam yesterday morning!

So just what is this PMP thing, anyway?  The PMP was created by the Project Management Institute  http://www.pmi.org/ , and is
“the most important industry-recognized certification for project managers. Globally  recognized   and demanded, the PMP® demonstrates that you have the experience, education and competency to successfully lead and direct projects.”
http://www.pmi.org/CareerDevelopment/Pages/AboutCredentialsPMP.aspx

Increasingly, companies are asking for this certification, and since I have a project management background, it was the logical step for me. That was my initial thought, anyway, but once I got into it, I found out what a treasure trove of information the PMI provides. Sure, I’ve managed a number of projects, but studying for the exam introduced me to a lot of good information, techniques, and ways of thinking about things.

So rather than thinking about the PMP as just another certification, I am a believer. It’s good stuff.  

What does it take to get it?   I’m not going to echo what’s readily available on PMI’s site http://www.pmi.org/Certification/Project-Management-Professional-PMP.aspx . Rather, I’ll tell you what it really takes. First, you have to fill out an application with your project management experience – every hour of it – broken down into categories. This can be painful if you have worked for several companies, have not kept many records from your projects, and have to track down a previous manager in rural France. Yeah, you guessed it – that’s exactly what my situation involved. Fortunately, I was able to reconnect with some people I like that I had almost lost track of.

Next is a classroom requirement. Most people solve this by taking a week-long exam prep class, as I did. These aren’t cheap, usually about a grand. Some people in the class complained that the instructor kept telling us that we would have to memorize a lot of material, and that there were few tips or hints of what or how to study. Well, here’s the reality, folks: there are no shortcuts. There is a lot (a LOT!) of sheer memorization. There is nothing a class can do to teach you how to pass the test in 5 easy steps.

As I began to study, I asked my wife, who got her PMP in 2005, how she had memorized all of the material. She said she just kept at it until it mostly got crammed in. I ended up doing the same thing. You can get there if you put the work in.

So the next step is to study.  I’ll go into this more in a minute, in the next category.

The final step is to take the exam. It’s 200 questions and it’s not easy. One of the difficult things about it is that the questions can come from a wide variety of sources. There isn’t any one book you can know cover-to-cover and be confident that you’ll know every answer. I have no idea where some of the questions came from. There were some terms that I’d never heard of, and that has been the experience of other PMPs, too. You simply can’t know everything on the exam, you just have to hit as many as you can.

OK, so how do I study for this thing?   I’ll say this again: it takes a lot of hard work. There’s no way around it. You have to read and memorize a lot, and you have to be able to apply what you know to word problems. My best tips are:

Tip #1: Take a lot of practice tests from a lot of different sources. These can be found on the Internet. The good thing about taking these tests is that you get a feel for the test format and you are introduced to terms that may not have been included in your exam prep class. If you take the same test over and over, or just take tests from one source, you’ll learn their questions and only their questions. This is a bad thing. You really need the exposure to different sources that will ask different questions and even ask the same questions in a different way.

A word of warning: Every test that I took had at least one error in it. Every single one. When you look at the questions you missed, don’t just accept what they say is the answer. Look it up and verify it.

Tip #2: Create study sheets or quick references. Once I saw there were a number of formulas in different chapters, I made up some pages with all of them neatly organized in one place. I also had references for definitions, charts, the processes, and critical path diagramming.

I memorized these so that I could sit down with blank sheets of paper and write down all of the formulas / charts / definitions / processes strictly from memory. When I started the actual test, I took the first few minutes to write all of this down on the scratch sheets.

Tip #3: Use mnemonics. Instead of trying to remember “Integration, Scope, Time, Cost, Quality, HR, Communication, Risk, Procurement” it’s much easier to remember “I See The Cost of Quality Communication on the Risk of Procurement”. 

One thing to keep in mind is that the weirder the sentence, the easier to remember. That may sound counter-intuitive, but think of it this way – who do you remember from your 1st grade class? If you’re like most people, it’s the kids you liked, the ones you disliked, and the ones who did something spectacular. Everyone else is just one of a nameless, faceless mob because you have no “hook” to remember them. So assign an immediately memorable hook to your sentences.

For example, under Cost, we find the processes Estimate Costs, Determine Budget, and Control Budget. My mnemonic here is “The Cost is the Early Bird Crashes”. I also had “HR Plans A Death Match” and “It’s Risky; Plan It Quickly, Quickly, Red Cow” for HR and Risk. You get the idea.

That’s all I have, but it worked for me. Study hard, and good luck.

Sep
08

LinkedIn has some good bones but a lot of the features fail. It’s like a house that is well-built, it just has some poor design features, like having all of the bedrooms downstairs and the kitchen upstairs, or no back door, or you have to close one door before you can open another.

One of these poor features is the employment history. It works OK if you want a straight chronological listing, but what if you want a functional one? In my own case, I worked as a consultant and was at several companies over a 10-year span, which is entirely reasonable, but I don’t want someone quickly glancing at my profile to conclude I am a job-hopper. “Look at this! He only worked here six months!” Yeah, it was a six-month contract.

So what are my options with LinkedIn?  Take it or leave it. It’s just too bad that I want a different format. I must either strap myself into their straight-jacket or simply not detail my employment history. The way I get around it is by writing up what I want in the format that I want in the Summary, but this is a work-around of a bad feature. I shouldn’t have to work around it.

Another failure is with the way LinkedIn handles small companies. I once worked as half of a partnership, truly a small company. If I want to put that company down as part of my employment history, LinkedIn doesn’t recognize it and wants me to register information about it. To do so, it wants to send me an email at my corporate address. Now, we didn’t have a website and didn’t have a “company_name.com” address. I used Gmail. But do you think I can use that Gmail address here? No, of course not. It won’t let me. I imagine the same would happen if you worked for a company that is now out of business.

Yet another area is recommendations. This is where you can sing the praises of a colleague, and it has a couple of holes in it. For one, if you are checking out someone, see if they have simply traded recommendations, i.e., giving one to get one in return. Then figure out how much that’s worth, if it was given only at the price of getting one back. I think a timeout would fix this, where you can’t receive a recommendation from someone that you’ve given one to until 6 months has elapsed.

The other problem with recommendations is that you HAVE to pick one of the positions in your employment history as part of a recommendation you give to someone. Well, see above regarding the lock-step method in which they make you list your employment history. Can you work around this by putting that company in your employment history long enough to send the recommendation and then take it out? No, of course not. If you try that it hides the recommendation until you put the history back in or associate the recommendation with another position in your employment history.  

Finally, how about adding someone to your network? First, you are interrogated by LinkedIn about how you know the individual. If you choose the “I don’t know them” option, LinkedIn basically tells you go to Hell. You can’t send an invitation; you can cancel or go back to their profile and figure out how you do know them. . . kind of like standing in the corner until you figure out the error of your ways. If we can’t use this option, then why is it even an option?!?!?!?

The other options of colleague, classmate, other, or “done business together” further demand to know where, i.e., what particular company or school, or test you to see if you know their email address, before any progress can be made. “Friend” is the only option that allows one to merely send the invite and get on with one’s life.

Why is this all so difficult? I understand that LinkedIn wants to emphasize the “link” part of the name, and connect or reconnect us with people, but how about giving us a little bit of control over it? Seriously, aren’t 99.999% of the people on LinkedIn adults? This isn’t Myspace. There aren’t a bunch of irresponsible brats running rampart here, so treat us like the adults we are. Right now, LinkedIn is about 3rd grade.

Jun
25

My computer and gadget Christmas list is almost complete and it’s not even July yet. OK, so some of the things I want aren’t actually available yet. I guess they’ll just have to stay on the list until they hit the market. Anyway, here goes:

1. A Brass Knuckle Melee Mug.  http://www.thinkgeek.com/homeoffice/mugs/b1ed/?cpg=froogle  Is this cool, or what? Instead of the typical wimpy little coffee cup, how about a 20-ouncer that has  (look-alike) brass knuckles as the handle?  It makes me laugh every time I see the photo. $15.99

 

2. Siftables. http://alumni.media.mit.edu/~dmerrill/siftables.html  and  http://sifteo.com/    Kind of like . . . um . . . blocks that interface with your computer. It’s hard to explain. It would be easier if you just watch the videos. Still in development.

 

3. An Optimus Maximus keyboard. Here is the maker’s totally unimpressive website http://www.artlebedev.com/everything/optimus/  , which lacks any videos that would show what this keyboard can do. Go here http://www.youtube.com/watch?v=xWkjtnd367Q  (be sure to turn down the volume unless you want to listen to ‘70’s porn music) and here http://www.youtube.com/watch?v=svjLIZKAHQI&feature=related  (keep the volume down; it’s just background noise from the convention). And all of that awesomeness is only $1,599.99. No, that is not a typo, it’s $1,600!

 

4. A Grand Canyon HD Display.  http://www.dreamerswanted.com/portfolio/go-l/monitors/grand_canyon/architecture/index.htm  Screen sizes up to 200”. Yes, 200 inches wide. That’s 16 feet and 8 inches! Their highest resolution, on the “small” 110 inch (over 9 feet) model is 19200 x 2400. Price? I think this is one of those “a salesman will call” type of things, but it looks like you can get to $20,000 real quickly here.

 

5. Immerz Multi-Media Device. http://www.immerz.com/   This thing looks like a set of headphones that fit over your shoulders that “sends low-frequency vibrations into the chest cavity” so that users “actually feel the experience”. Some of the reviews say that users playing games in which it is raining can feel that rain hitting their bodies, and, of course, once guns and explosions and things like that are going off, the experience is said to be amazing. Just $189.99 and ETA is Christmas 2010.

 

6.  Trackir 5.  http://www.naturalpoint.com/trackir/   This device tracks your head movements and translates that to your on-screen movements. For example, if you’re in a flight simulator, simply moving your head slightly to the right will cause your in-game avatar’s head to look to the right, something that would other wise be accomplished only by holding down a key, and possibly having to look away from the screen to do so.   $169.95

 

7. 1.5 inch LCD Digital Video Memo Recorder/Player.  http://www.amazon.com/Digital-Video-Recorder-Refrigerator-Messages/dp/B002XXBJIO   This is a great idea. It beats the heck out of a notepad on the fridge. But then, on second thought, it would make it harder to “lose” my list of “honey-dos” from my wife. Not that I would ever do such a thing. No, indeed. Especially not since she reads this blog.   $39.99

 

8. PrintBrush A4 printer.  http://www.printdreams.com/video_rmpt_full.php  How about a printer as small as a stapler that you hold in the palm of your hand and simply sweep over a page (or other flat surface) and print? About $149 but it’s not scheduled to hit the market until Q3 2011. Very cool for the road warrior.

 

9. Mouse Gloves.  http://web.mit.edu/kimt/www/6.111/final/index.html  Did you see the movie Minority Report? The best part of it was the scene in which they use a computer with gloves on both hands acting as mice. I’ve always wanted to hook two mice up and be able to use both at the same time since I’m ambidextrous. Not yet in production, but sounds like it would be pretty cheap. They do mention that they built it for less than $100. 

 

10. Panasonic TH-152UX1 152 inch 3D TV. http://www.panasonic.com/3d/  Yes, that’s right – 152 inches! This monster is {drum roll, please} 11 FEET wide by 6 FEET tall! As Panasonic says, it “dwarfs just about every existing 3D TV on the market”. No joke. I really don’t even have the wall space to fit this behemoth in anywhere. Price is rumored to be around $500,000, or more than my house cost, so that’s a moot point.

That’s my Christmas list so far. Some of it is practical and some of it is even affordable. But all of it would be cool to have.

May
19

Cloud computing is the new buzzphrase now, and for those that haven’t been keeping up, it simply means that the server/software/platform is located “somewhere else” and managed by “someone else”. It has some advantages, mainly with being able to increase or decrease one’s usage whenever needed without buying/selling hardware and reducing the cost of an in-house IT department, but it comes at the cost of giving up control. Is it worth it? Is it, as one articles asks, “the answer to all our IT problems” or “a sucker’s game that merely shifts responsibility for IT infrastructure to different hands, leads to performance issues of its own and leaves your data more open to theft”?  http://www.itbusinessedge.com/cm/blogs/cole/a-tale-of-two-clouds/?cs=40604

The Cloud Security Alliance has published a paper entitled “Top Threats to Cloud Computing V1.0”  http://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf  in which they detail seven areas of vulnerability. These include botnets, spammers, insecure interfaces, malicious insiders, the inherent insecurity of shared technology, data loss/leakage, account/service hijacking, and a catch-all “unknown” threat category.

Looking at the malicious insider threat, the 2010 CyberSecurity Watch Survey http://www.cert.org/archive/pdf/ecrimesummary10.pdf shows that 51% of the attacks were from insiders, that only 56% of the participants have a plan for reporting and responding to a cybercrime, and that a whopping 72% of the insider incidents are handled internally without legal action or the involvement of law enforcement! What does this say about the companies that host cloud computing environments? Mainly it says that there is a good chance they won’t detect if they have a malicious insider on staff, and they sure won’t report it if they do catch one. The simple fact is that you have no control over the hiring procedures of the cloud provider, have no control over any disciplinary procedures for their employees, will probably never be notified if there is a security breach, and may have no legal recourse (due to foreign laws) to prosecute or sue the offender. In addition, you have no access to the logs that would show any intrusions, so you can’t even proactively scan them, but have to rely on the vigilance (if any) of the cloud provider to do so.

How about the insecure interfaces? In a survey of 637 companies conducted last month by Symantec and the Ponemon Institute  http://www.switched.com/2010/04/29/new-security-concerns-floating-around-in-cloud-computing/  , almost 75% “did not employ procedures to approve cloud applications that use sensitive or confidential information. Over half of them simply take a provider at its word when it comes to security procedures, never asking for proof or assessing the service themselves”. That sounds pretty insecure to me.

Combine this with the “biggest target” syndrome – if someone is looking for something to shoot, they will likely shoot at the biggest target available. Therefore, people who create computer viruses, worms, and malware target Windows much more frequently than Macs because Windows has such a vast percentage of the market. So with cloud computing – fewer companies with server farms means that more shots will be taken at the remaining ones. Rather than hiding in a sea of obscurity, small companies that go to cloud computing will be setting themselves up as a target for hackers.

Still want all of your sensitive data in the cloud?

If so, conduct exhaustive research on the cloud providers you are considering. Test them. Hire a security consultant to evaluate them. Have the contract examined in minute detail by an appropriately-skilled attorney. Think of anything that could go wrong and write that into the contract – natural disaster that wipes out the cloud computing center, slow performance, data loss, upgrades, and ultimate responsibility. Look at the financial stability of the cloud provider – how long are they likely to stay in business? How about your ability to pay – will they cut off your access if you are late on a payment? What happens if other users on the same server slow your access down?

This isn’t a decision to be made lightly.

And good luck.

Apr
30

We use passwords every day, usually multiple passwords for multiple applications / operating systems, and new security rules and policies imposed by administrators and the software itself demand that our passwords be ever more complex and obscure. Is there an end in sight?

The reason I ask the question is that password cracking capabilities seem to be advancing geometrically, to the point where any password is crackable. Google “password cracking” and you come up with over 1.5 million hits, many of them links to download free and very sophisticated utilities that will not only crack passwords but will sniff unencrypted passwords from network traffic, log your keystrokes as you type in your password, and “recover lost passwords”. If you don’t want to read how to do it, YouTube has video tutorials for your viewing pleasure.

And I can personally attest that these tools do work. A few years ago I inherited a dozen computers that were stacked in a corner in the back of the server room. Rather than let them sit and become obsolete, I booted them up and found them to be password-protected with no one in possession of the passwords. Reinstall XP? Not a chance. I downloaded one of these free tools and went through all of the admin passwords like the proverbial hot knife through butter. And Windows is not alone. I once worked with a Unix administrator who constantly ran various hacking tools against his Unix servers to help him determine security weak points. I remember him with a sick look on his face telling me that a certain tool had successfully cracked the entire Unix password file, including root. 

Trying to be more scientific, and with a larger sample population than my own experience, I searched the Internet to try to determine the speed with which these cracking tools work. That proved to be a difficult task. I could find very little on the actual cracking speed of any of these tools, so I settled on theory. This page http://www.lockdown.co.uk/?pg=combi&s=articles  gives a nicely-formatted maximum time required to crack passwords of varying complexity using a simple brute-force attack. Using all of the keyboard characters, 96 of them, with an 8 character password, should take a high-horsepower computer 2-1/4 years to crack. Sounds pretty secure, right? Well, maybe not. First, that is maximum time to crack. Second, both the hardware and the software are getting faster. http://www.beowulf.org/overview/index.html  details how to build your own supercomputer out of a number of common PCs, and botnets can be created from shared computer resources   http://en.wikipedia.org/wiki/Botnet  . More computing power means more passwords that can be tried, and cracked, per second. 

And the crackers are getting smarter. Rainbow hash cracking http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html    allows a hacker to crack passwords faster by removing a huge amount of the load of the brute force attack. In this article, which is over two years old, the password “Fgpyyih804423″ is cracked in 160 seconds.

So do we need to rethink our password policies?

If passwords can be cracked in minutes or seconds, do we need stronger passwords or is it simply a lost cause, where no password will be obscure enough? On the other hand, if we have to remember many passwords of absolutely meaningless hash, that will inevitably lead to increased administrative effort and the potential loss of critical data and systems. People will write these passwords down on Post-It notes and leave them available to anyone who can open their top desk drawer. And they will forget them.

I remember hearing of an incident in the mainframe days in which the system admin – the only guy with the password – died in an automobile wreck. The company suffered horrendous financial losses and almost went out of business until IBM finally just had to reinstall the operating system and the company had to recreate its records from paper copies. Even if this story isn’t true, it could happen. How many people know the root password in your office?

I would suggest that we take a deep breath and look at the whole picture. A big part of that picture is the realistic hacker threat, and study after study reveals that the biggest threat to a company’s sensitive data is from the inside. http://www.nymity.com/Free_Privacy_Resources/Previews/ReferencePreview.aspx?guid=157ee130-7028-470d-aef4-da2544c0174d  hackers and social engineering cause only 3% of data breaches; http://netcentricsecurity.com/articles/2010/01/15/malware-malicious-insiders-top-2010-threats.aspx?admgarea=news  “Malicious insiders were listed as the top threat for 2009, but have fallen to the  No. 2 spot for 2010”, with careless employees as the number 4 threat; http://www.computerweekly.com/Articles/2009/08/26/237455/insiders-cause-most-it-security-breaches-study-reveals.htm  “Insiders cause most IT security breaches, study reveals”; and http://perimeterusa.com/blog/tag/insider-threat/ , with a number of articles, such as “How much is your client data worth to a malicious employee?”, “Trojans installed in ATMs likely by malicious insiders”, “Malicious Insider Breach Stories”, and so on.

Given that we can only do so much to limit employee access to data without hindering their productivity, I think we need to look more closely at the physical security of the data that is restricted.  

For the typical server room, there is a mag card or cipher lock and video cameras in the room itself. To access the server remotely, the employee needs at least a low-level login to even begin to upgrade it to root access or to find the password file to crack. Overall, it has been my experience that access to root/database/admin users is extremely tightly controlled. 

For a typical Windows machine sitting on a desk, however, the security is much lighter. As I found out, simply booting the PC with a cracking software CD in the drive will work remarkably well. The question is: will that gain anything? Obviously the answer is going to be different for every company. Is sensitive data stored on the PC or is it really used mainly as a terminal to interact with a server, where the sensitive data is actually stored? If the PC does contain vital data, maybe it should be locked up at night. This may entail locating the PC in a room with a lockable door, software that requires a password and possibly a time lock that restricts access to normal working hours, biometric locks that read fingerprints, and/or locking computer cases that prevent access to the CD/DVD and USB, to prevent copying data to or booting from these media.

Basically, I am advocating increased physical security and a diminished reliance on obscure passwords, which apparently don’t work very well in the first place. Passwords should certainly be sophisticated to a point; “password1” won’t do, but “R66$%be8&5_*^” is over the top. Also, a more reasonable security policy should include an audit of what sensitive data is stored where, along with a justification of why it has to be stored on less-secure systems such as laptops and desktops.

And to end on a humorous note, I once worked with a government organization that required users to lock their PCs (CTRL-ALT-DEL) whenever they left their desk. One of the computer people had an evil streak, and whenever she found an unlocked PC, she would change the system colors to black text on a black background. Try getting that set back to something legible!

Apr
21

 

This blog has been getting a lot of hits on “run_interrupt_driven_hooks: still waiting after 60 seconds for xpt_action”, which I mentioned in my entry on FreeNAS https://fccomputing.wordpress.com/2009/12/21/freenas-is-nasty-and-not-in-a-good-way/

In it, I noted that I just disabled the 1394 (FireWire) and USB ports and avoided the error, but I didn’t detail how to do this exactly, and have been getting some questions. So here we go:

When you first boot up a computer, it goes through a startup process called the BIOS, basic input/output system. The BIOS is software stored on a chip and it identifies, tests, and initializes system devices such as the hard disk, video card, CD and DVD drives, keyboard, etc. Once it is completed, then the operating system (Windows, Linux, etc.) takes over and starts running. It also goes through an initialization of the hardware as part of its bootup process but this is a more high-level process. For example, the mouse is generically recognized by the BIOS but it is not until Windows boots up and runs the Logitech software that a Logitech multi-button mouse is fully functional.

Basically, a computer can perform only one instruction at a time, so it has to be interrupted to get it to do something else. The mouse and other devices are therefore assigned interrupts, which are signals that indicate what device is interrupting. When you move the mouse, it interrupts, and the cursor moves where you point it. The computer then goes back to what it was doing, or processes whatever the mouse function may have started up.

The BIOS and the operating system both reserve the interrupts and agree that the mouse interrupt, for example, is indeed the mouse interrupt and not the DVD interrupt. So what happens with this particular error is that the BIOS runs fine but as FreeNAS starts to load, it fails on processing the interrupts for certain devices. I looked briefly at several forums and it seems to be more of a problem with some older motherboards, but then that’s typically the hardware that something like FreeNAS will be run on.  

The quickest and easiest solution is to simply get into the BIOS and disable the 1394 (FireWire) and USB ports. So, how to do that?

The first step is to boot up the computer and carefully watch the screen. Typically several messages will flash by. The one you’re looking for will say something like “To enter setup, press F1” or something like that. The exact key or key combination to press is specific to the BIOS, but is frequently F1, DEL, or ESC.

Usually by the time you see the message and hit the specified key, it’s too late, so reboot the PC again. Note that if the PC runs an operating system, like Windows, you may have to select “Shut Down” which will power off the machine, and then start it to see the BIOS startup screen again. This is called a “cold boot”. Windows and other operating systems may go through a “warm boot” which restarts the operating system itself but does not access the BIOS setup.

This time, hit the specified key(s) to get into the setup as soon as you see the “To enter setup” message. Hit the key multiple times – there is no penalty for multiple keypresses, and there may be a short window of opportunity where it will accept the keypress. I just keep hitting the key as quickly as I can until the setup screen appears.

Now you will be presented with a screen with various sections for Date and Time, Devices and I/O Ports, System Information, etc. READ THE DIRECTIONS. Somewhere on the screen it will tell you how to go from one screen to the next, how to make changes, and so on. You will have to find your way to the devices or peripherals screen, select the USB port and disable it, and then the same for the 1394 or FireWire port.

Now follow the directions to save the changes. The computer should then startup and you can try the install once again. The bad part, of course, is that a USB or FireWire device will not work in this PC now, so remember to enable the interrupts again if you go to a different operating system.

  

Apr
01

I was on a job interview a while back for a DBA position with a billion-dollar international corporation and I was asked an interesting question: “Describe one or more situations in which there was a major problem and you jumped in and became the hero by fixing it”.

Here’s how I answered it:

“I can think of only two. In one, a SAN crashed and when the Linux admins got it back up, everything was corrupted. They wiped it clean and I had to install Oracle, patch it up to the right version, and then use RMAN to recover three instances. I got everything back, no problem.

“In the other, the Senior DBA moved an instance to another mount point and told me to delete everything on the old mount point. I did, and we quickly found two problems: One is that the senior DBA only had one controlfile for the instance he had moved, and the other  – but then, you’ve already guessed it, haven’t you? – is that his one and only controlfile was on the mount point he told me to wipe clean. So that was a day that lasted from 7 a.m. until about 2:30 a.m. for me as I worked with Oracle support on the phone until we got it fixed.

“But I think that’s really a trick question. If you have a guy that pops up and says, ‘Yeah, there was this problem that I fixed, and this one, and this one, and that one, and another one over there’ – then I would want to look very closely at exactly why he was having all of these problems.

“I mean, is it something external, like a hardware failure, or is he being a sloppy DBA? My philosophy is that you become the DBA hero if you install the software correctly, you patch it correctly, you set up your instances correctly, and you monitor and maintain them. You’re not a hero if you create a problem with bad practices and then you jump in and fix it. That makes you a chump. The real hero has all of his stuff squared away and he never has those problems in the first place.

“So I would be very suspicious of anyone who has a long list of disasters with his databases. I’ve been a DBA for 8 years with well over 100 instances and I’ve only had two disasters. One was not my fault, and the other – well, I guess I could have checked to make sure that the controlfile was not in use, but then it wasn’t my habit to double-check everything that the Senior DBA did. So I’ll take half the fault on that one.”

I got the job.

But the real question is for you: are you a DBA hero or a DBA chump?

Apr
01

Sometimes you have to do battle with SQL*Plus to get it to do what you want. Here are some airstrikes you can call in if it seems to be winning.

In this blog  https://fccomputing.wordpress.com/2010/03/31/sqlplus-substitution-variables/  I talked about substitution variables. SQL*Plus uses the ampersand (&) as a substitution variable, which can cause some problems if you want to use the ampersand as a character in your data. Suppose you want to insert “a & b” into a table:

SQL> insert into scott.dept values (‘77’,’a & b’,’HERE’);

SQL is going to then prompt me:

Enter value for b:

It sees the ampersand as a variable. If I enter the letter b, then it will accept and insert the row. However, the ampersand will be gone, since it was considered a variable that is now replaced by b:

SQL> select * from scott.dept where deptno = ‘77’;

DEPTNO   DEPTNAME     LOC
————-  ——————  ——–
             77   a b                      HERE

Now any query that relies on the deptname being “a & b” will fail since there is no “&”.

Solution #1 – Change the substitution variable to something else (~ instead of &):

SQL> SET DEFINE ~   
insert into  scott.dept values (‘67’,’a & b’,’THERE’);
1 row created.

SQL> select * from scott.dept where deptno = ‘67’;
DEPTNO   DEPTNAME     LOC
————-  ——————  ——–
             67   a & b                      THERE

Solution #2 – Set the substitution variable to undefined:

SQL> SET DEFINE OFF 
SQL> insert into  scott.dept values (‘57’,’a & b’,’ELSEWHERE’);
1 row created.

SQL> select * from scott.dept where deptno = ‘57’;
DEPTNO   DEPTNAME     LOC
————-  ——————  ——–
             57   a & b                      ELSEWHERE

Solution #3 – Tell SQL to not look for a substitution variable:

SQL> SET SCAN OFF 
SQL> insert into  scott.dept values (‘87’,’a & b’,’NOWHERE’);
1 row created.

SQL> select * from scott.dept where deptno = ‘87’;
DEPTNO   DEPTNAME     LOC
————-  ——————  ——–
             87   a & b                      NOWHERE

Solution #4 – Concatenate the statement to allow the &:

SQL> insert into  scott.dept values (‘89’,’a ‘ ||’&’|| ‘ b’,’EVERYWHERE’);
1 row created.

Note that in the above insert statement, there is a space after the “a” and a space before the “b”. This is important since the result will be “a&b” vs the desired “a & b” if no spaces are within the quotes.

SQL> select * from scott.dept where deptno = ‘89’;
DEPTNO   DEPTNAME     LOC
————-  ——————  ——–
             89   a & b                      EVERYWHERE


Single Quotes

OK, suppose you need to insert a single quote. The insert statement will need extra single quotes depending on where the desired quote mark is in the name. For a quote in the middle (a ‘n b), add in one extra single quote:

SQL> insert into  scott.dept values (‘99’,’a ‘’n b’,’NEAR’);
1 row created.

SQL> select * from scott.dept where deptno = ‘99’;
DEPTNO   DEPTNAME     LOC
————-  ——————  ——–
             99   a ‘n b                      NEAR

If the single quote is at the beginning of the word (‘a) you’ll have to insert two extra single quotes:

SQL> insert into  scott.dept values (‘49’,’’’a’,’FAR’);
1 row created.

SQL> select * from scott.dept where deptno = ‘49’;
DEPTNO   DEPTNAME     LOC
————-  ——————  ——–
             49   ‘a                          FAR

Same thing applies if the quote is at the end (a’) – use ‘a’’’ in your insert statement.
If you want single quotes on both sides of the name (‘a’), use ‘’’a’’’.
Want just a single quote? Use four single quotes in the insert: ‘’’’.
Two single quotes? Use six single quotes in the insert: ‘’’’’’.
Inserting a null value, use just two single quotes: ‘’.
Double quotes are easy, just enclose them in single quotes: ‘”a”’ inserts as “a”.

Bogus Characters

Last tip: Have you ever done a SQL*Loader insert and found that the file was created in Windows and has bogus ASCII characters at the end of every line? They can be eliminated!

The first step is to figure out what the bogus character is. Find an ASCII chart (here’s a Google search for you  http://www.google.com/#hl=en&source=hp&q=ascii+chart&aq=f&aqi=n1g-s1g9&aql=&oq=&gs_rfai=&fp=25bac56246434a91  )

I think this one is the easiest to read:

http://www.columbia.edu/kermit/ascii.html

 So suppose you have ^M (called CTRL-M or Control-M) at the end of every line. These are carriage returns, and the chart listed above helpfully shows:

 Char Dec Col/Row Oct Hex  Name and Description
        13    00/13      15   0D    CR  (Ctrl-M)  CARRIAGE RETURN

The leftmost column tells us that this is “character 13”.  Now we have all we need to build our “character 13”-killing code:

     update owner.table_name
     set column_name=replace(column_name, chr(13), ”);

That’s 2 single quotes at the end. Remember from above that 2 single quotes will insert a null value. So what this command does is replace all of the ^M characters with a null value. Simple, easy, do a commit and you’re done. Now maybe you can figure out what is inserting those bogus characters and make it stop so you don’t have them there in the first place.

Now go forth and bend SQL*Plus to your will!

Mar
31

SQL*Plus is powerful and sometimes powerfully frustrating. One key is to be aware of the substitution variable. By default, this is the ampersand, that twisted almost-figure 8 thing – &. Yeah, that’s the culprit.

Actually it can be very useful in the right hands. Suppose you want to create a script that will prompt for a name when querying for salary:

 SQL> SELECT sal FROM scott.emp WHERE ename LIKE ‘&NAME’;
Enter value for name: SCOTT
old   1: SELECT sal FROM emp WHERE ename LIKE ‘&NAME’
new   1: SELECT sal FROM emp WHERE ename LIKE ‘SCOTT’

       SAL
———-
      3000

You can run the statement again and it will prompt for the name again. You can put in a different name and get their salary result:

SQL> /    (A forward slash will rerun the previous SQL command.)
Enter value for name: WARD
old   1: SELECT sal FROM emp WHERE ename LIKE ‘&NAME’
new   1: SELECT sal FROM emp WHERE ename LIKE ‘WARD’

       SAL
———-
      1250

A double ampersand will create a permanent substitution variable. In the above statement, replace &NAME with &&NAME and it will prompt for the name the first time it is run. Thereafter, it will keep that name as the variable even if you log out of SQL and log back in. Not very variable, is it?

But you can change it. Just type   DEFINE   to see what is set. It should show date, user, and some other things but the list should include a line like this, probably at the bottom:
DEFINE NAME  = ‘SCOTT’ (CHAR)  

Or you could simply type  DEFINE NAME  and it will only show that line without all of the other definitions. Now type  UNDEFINE NAME  and it will be variable once again, until a new value is entered.

Another way to create or change a permanent variable is to define it with a new value. Let’s see what it is now:

SQL> DEFINE NAME
DEFINE NAME = ‘SCOTT’ (CHAR)
If you run the SQL command again it will show the 3000 salary result.
SQL> /   
old   1: SELECT sal FROM emp WHERE ename LIKE ‘&NAME’
new   1: SELECT sal FROM emp WHERE ename LIKE ‘SCOTT’

       SAL
———-
     3000

Now we change it:
SQL> DEFINE NAME = ‘WARD’

And here it is changed:
SQL> DEFINE NAME
DEFINE NAME = ‘WARD’ (CHAR)

And the SQL command will show the 1250 salary.

The third way to change this permanent variable is with the ACCEPT command:
ACCEPT NAME char prompt ‘What name? ‘

When we hit the ENTER key after typing this command, we will be prompted with:
What name?

If we type  KING  then it will go back to a SQL prompt and we can see that it has indeed taken the name KING with:
SQL> DEFINE NAME
DEFINE NAME = ‘KING’ (CHAR)

And if we run our SQL command it will pull the salary info for King:

SQL> /   
old   1: SELECT sal FROM emp WHERE ename LIKE ‘&NAME’
new   1: SELECT sal FROM emp WHERE ename LIKE ‘KING’

       SAL
———-
      5000

 That’s it. You can now create, view, and change variables!

Mar
21

I’ve been using Limewire  http://www.limewire.com/  for music downloads file sharing with friends and it worked great up until a few months ago when it seemed the number of results started to go through the floor. Now I barely get any hits at all. Limewire is really easy to use, only nags a little to go to the paid Pro edition, and allows you to browse other user’s files. But if you don’t have a good selection, it’s time to move on.

I first tried Frostwire http://www.frostwire.com/  , which seems to be a clone of Limewire with different colors . . . and an even lower number of results. Uninstall.

Next came Shareaza http://shareaza.sourceforge.net/  . I have been using this for a few months, actually, and have been fairly happy with it. It usually returns a large number of hits, is easy to use, and allows for browsing other users. It also returns a large amount of garbage in every search. Part of this garbage is Shareaza’s fault – it shows you results where the source is mistrusted or behind a firewall. Why in the world would we want to see these in the first place? I don’t understand.

The second source of garbage is the people trying to foist off malicious files as songs. Sure, all P2P software is going to return junk like this, but Shareaza does it with every search. If your search returns no valid hits, it is still guaranteed to return a half-dozen or more garbage hits. Fortunately they are fairly easy to spot. For one, they usually have (TOPHIT) or (REMIX) or (solo version) appended to the song name. They also usually show a download speed of 4.88MB, which is fast and therefore attractive. And lastly, they make a hash of multi-word titles, so that a search for, say, Turn the Page by Bob Seger will come out as “the Seger Page Turn Bob (REMIX)”.

But Shareaza is not so great on some of the older or more obscure songs, so I continued the search to Ares  http://aresgalaxy.sourceforge.net/ . Ares is simple, clean, easy to use, and fast. I am keeping it for now for further evaluation, but so far so good.

Bearshare was next on my list and the first irritation came up during install when it asked for a lot of personal information and offered to hook me up with girls. Umm . . . wait a minute, is this for file sharing or dating??!?!  But I was able to bypass those screens without giving the information. So I ran a search and got some hits back, clearly marked as to whether the download was free or had to be paid for. I clicked on one of the free ones and now Bearshare asked whether I would like to buy a one-year subscription for $20 or one of their other paid options. What a minute, isn’t Bearshare free? Apparently not. It does say “Free download” on their website and the download was, indeed, free. The installation was free, too, and the search was free. But if you want to actually download anything, well, now, there’s where you have to pay. I consider this to be a deceptive practice and have not included a web link for Bearshare because of this. This software got the boot very quickly!

eMule was my next and final (so far) try. Running a quick search is simple, but after that, eMule definitely has a steeper learning curve than any of the others. For one, you may want to find out why your download isn’t running, or why it is running so slowly, so you will end up reading the info pages on their website with this software.

Basically, eMule encourages you to share your files, so the longer you have eMule running, and the more files you share, the better credit you get. The better credit rating you have, the faster you can download files. Even so, the documentation says that a normal connection and good file sharing on your part will only bring you about 20 – 30 kB/s download speeds. SLOW, in other words.

The redeeming feature of eMule, however, is that it apparently has a huge userbase. I was able to find entire albums by fairly obscure artists. None of the other software could even come close to matching these returns.

So what’s the bottom line?

Limewire – no, based on lack of search results.
Frostwire – no, with even worse search results.
Shareaza – yes, but watch out for the garbage returns.
Ares – yes, and it may edge out Shareaza. We’ll have to see over a bit more time.
Bearshare – absolutely not.
eMule – very slow but also the absolute best source I’ve found for older and less well-known songs.

So my conclusion is to use Shareaza or Ares for a quick download of something that’s popular or contemporary, and load up eMule with a large queue of rare tracks and oldies and let it run overnight. We’ll see how that works out!