Thursday, February 26, 2009

Ian Abramson, president of the Independent Oracle User Group, had a very thoughtful blog posting today regarding spending in the current economic times. Companies have to make tough choices when it comes to spending and sometimes it is difficult to make a difference as a "rank and file" employee. One thing to do is make sure you are getting the most out of what they will give you. This includes making the right choices and pushing the right areas for your career.

I have been attending IOUG events since 2000. This was after attending several classes from Oracle, a couple programming classes, a Sun Solaris class, and some project management classes. The interesting thing is that there are sessions on all of these subjects in the one week of Collaborate and after the session you can have an adult beverage (or a soda) with the presenter and ask him/her real world questions. If you are fortunate enough to have a company that still is able to send you to training, think about the best way to spend those dollars. One week on one subject... or one week on about 400 subjects. Check out the session offerings at the Collaborate 09 site and you can even download a pre-written letter to your manager helping you to sell the experience.

My next post is planned for my adventure while writing my paper for Collaborate so stay tuned. Until then... stay clean!

Wednesday, February 25, 2009

IOUG Relases Security Survey

Today, the Independent Oracle User Group released the results of a survey conducted of members about their processes for applying Critical Patch Updates. These patches are Oracle’s method to fix any security holes in the software. Others have described in depth the methodology and the findings, so I will include those links at the end. As for what this means to me, it very much fits into how I have been looking at CPU’s since Oracle started releasing them.

Before I talk about my opinions, I need to have a little disclosure. I am a member of the Independent Oracle User Group and was involved in promoting the survey. The comments included in this blog are my opinions and are not a reflection of other members of IOUG. Hopefully that will protect me if I tick someone off!

The CPU process is relatively simple to apply. Shutdown the databases that are running using the affected Oracle software installation, run the patch process, restart the database, and run the .sql script that is delivered. This patch process has been around for a long time for “one-off” patches and the Security team in Oracle has made it relatively fool-proof.

So why, as the survey finds, do people not install these as regularly as Oracle would like? I believe there are a couple reasons and these are somewhat reflected by the answers to the survey. First, everyone is busy keeping their environments running and implementing new projects. Most people are attempting to accomplish more within their organizations with less resources and it is difficult to find the time to perform the patching. Second, Oracle tells us that these patches have been through numerous tests, and I believe they have. Up to this point, however, people have been instructed to test, test, and test again. It is difficult to get through a full test cycle on the patches within the three months between the patch cycles. Finally, when technologists (a fancy word for those of us that are in charge of the patching) approach management about needing down time to apply the patches, management wants to know why and what are they gaining. For the most part, plugging security holes is not high on a manager’s priority list when there is a backlog of projects that need to be implemented.

How do we as technologists work through the listed challenges? I think the most important thing is to make sure you are educated. This can be done by reading Oracle’s readme files and any documentation about Critical Patch Updates. Also, conferences, such as Collaborate 09 have many sessions presented by users and by Oracle regarding the CPU process and security in general. Another point to work on is convincing management that these patches are important and have relatively low risk. We still need to run some testing, but most people will not be required to complete a full blown regression test.

Check out the survey and read what others are saying. The survey can be found here:

http://enterprisesig.oracle.ioug.org

Two other blogs can be found at the following. I will also update as any other news or commentary is posted.

http://blogs.oracle.com/security http://michelledbaunleashed.blogspot.com


The 5 Ws of My Blog

For my initial blog entry, I decided to ask myself and then answer a few questions. Who am I? Why would I write a blog? What will I write about? Where can you find my interests on the internet? When will I post entries to my blog?

Who Am I?

Ah yes, one of the most asked questions in the universe. My name is Todd Sheetz. I am an Oracle DBA in the Milwaukee, WI area. I currently work for Veolia Environmental services and support a PeopleSoft/Oracle 10g environment. I live, with my wife and two daughters, in Waukesha, a suburb of Milwaukee. I am an active member of the Independent Oracle User Group, but more on that later.


Why would I write a blog?

For lack of a better reason, why not? I figure this will help me to organize thoughts, hopefully start some discussions, and be one more area to promote groups and events that I think are worthwhile.


What will I write about?

For the most part, I plan on writing about projects I am working on and organizations I am involved with. Other “life” topics may find their way here, but those will be few. My interests, work-wise, include Oracle database administration, Enterprise Manager Grid Control, Linux, PeopleSoft administration, and disaster recovery. Besides work, I am a member of the Independent Oracle User Group and have been very involved in the Special Interest Groups. I will be posting updates about the going’s on of those groups also.


Where can you find my interests on the internet?

Besides trying to see how this blogging thing will go, I am on LinkedIn and Facebook. I will have links as I go to www.ioug.org and various SIG events.


When will I post entries to my blog?

Usually, I plan on posting when something interesting piques my interest. There are several webinars coming up that I will be participating in so I will post links and possibly summaries for those. Otherwise, it will just be when I have something that I think others may be interested in.

Until next time… stay clean!