IOUG Live! 2003 Day #3 (Tuesday)

by Stephen Andert

Over the past 2 days I've been noticing the crowds and session "fill-ratio" & discussing this with other people. Sorry, I can't find an appropriate "wait-event" to properly address crowd size. With no information available yet from the IOUG, the general opinion is that this year "feels" bigger than last year, but not as big as 2001.

Roger Snowden's presentation gave a good overview on the buffer cache. He used very good images to explain how spin count works. The recommendation is that you probably should not mess with spin count unless you have a PhD in queing theory.

Kirtikumar Deshpande gave a great presentation on Automatic Undo Management. Some dba's are hesitant to let Oracle manage rollback segments. The 9i database still allows us to maintain control in the same way we are used to, but this is not recommended by Oracle and in fact will most likely remove this ability in the future. This was a "quick tip" presentation which only has 30 minutes. Kirti used this time very well and covered this material quickly but well.

Richmond Shee gave a presentation titled 10046 Alternatives. This was really a session on 10046 Complements since he discussed how various other tools fill various weaknesses in the 10046 trace methodology. He also had a good table that shows when to use various tools. I didn't see any place in this table where there was a need for any type of hit ratio monitoring. Richmond used humor well to help convey concepts that can be difficult.

I also attended a vendor presentation that talked about using 9i RAC on Linux. The speaker discussed the benefits of Linux and RAC. He said that while there is no required application changes to move from a single instance database to RAC, but in order to implement Transparent Application Failover (TAF) you need to enhance the application to deal with failover. I appreciate 2 kinds of vendor presentations. One kind gives information without pushing their product. The other kind gives me the product information that I want. This one gave me the information that they advertised and didn't make me feel like I needed to be a CTO or CIO with a big budget and was expected to be ready to sign a purchase order.

I have had an interest in security for a long time so I guess it makes sense that one of the most impactful sessions I've attended so far this year was on Hack Proofing Oracle. Aaron Newman explained how to stop thinking like a DBA and start thinking like a Hacker in order to better implement security. He also gave several excellent demos on how hackers can exploit improperly protected databases and applications. This was a real eye-opener as to how security holes can be used to access data without any access on the server.

The annual Big Bash was moved inside due to rain. After the food, bar and band got set-up, the party took off. Since I'm presenting tomorrow, I took off early but the party was in full swing when I left and people were having a good time. I'll be back tomorrow with more news, including a view from the other side of the speakers podium.

Do you have a specific security person or group that addresses security in your databases?