Tag Archives: Oracle

Tips for Social Media as an Oracle Ace (Part 2)

06 Monday Apr 2020

Posted by in General, Oracle, Technology

Leave a comment

Tags

, , , , ,

The second part of a two part article about the sort of things an Ace Associate or anyone else in a Technology Advocacy programme such as the Ace & Groundbreakers could approach social media has been published.

You can check out at (http://www.oraworld.org/home/ – page 10)

You can check part 1 (http://www.oraworld.org/home/ – page 15) along with other articles in the 19th edition of OraWorld covering subjects as diverse as Open World, Apex and Spam (read and you’ll understand).

I’d like to thank my colleagues, particularly James Neate for the inspiration behind this article.

Oracle Cloud Shell Tool

15 Sunday Mar 2020

Posted by in General, Oracle, Technology

Leave a comment

Tags

, , , , , ,

A few weeks ago Oracle announced a new tool for all Oracle cloud users including the Always Free tier. Cloud Shell provides a Linux (Oracle v7.7) environment to freely use ( (within your tenancy’s monthly limits) – no paying for VM or using your limited set of VMs (for free-tier users) or anything like that.

As you can see the Shell can be started using a new icon at the top right (highlighted).  When you open the shell for the 1st time, it takes a few moments to instantiate – and you’ll see the message at the top of the console window (also highlighted). The window provides a number of controls which allows you to expand to full screen and back again etc.

The shell comes preconfigured with a number of tools, such as Terraform with the Oracle extensions, OCI CLI, Java and Git, so linking to Developer Cloud or GitHub for example to manage your scripts etc is easy (as long as you know you GIT CLI – cheat sheet here).  The info for these can be seen in the following screenshots.

In addition to the capabilities illustrated, the Shell is set up with:

  • Python (2 and 3)
  • SQL Plus
  • kubectl
  • helm
  • maven
  • Gradle

The benefit of all of this is that you can work from pretty much any device you like. It removes the need to manage and refresh security tokens locally to run scripts.

A few things to keep in mind whilst trying to use the Shell:

  • It is access controlled through IAM, so you can of course grant or block the use of the tool. Even with access to the shell, users will need to obviously have to have access to the other services to use the shell effectively.
  • The capacity of the home folder is limited to 5GB – more than enough for executing scripts and a few CLI based tools and plugins – but that will be all.
  • If the shell goes unused for 6 months then the tenancy admin will be warned, but if not used, then the storage will be released.  You can, of course, re-activate the Shell features at a future date, but of course, it will be a blank canvas again.
  • For reasons of security access to the shell using SSH is blocked.

The shell makes for a great environment to manage and perform infrastructure development from and will be a dream for Linux hard code users.  For those who like to be lazy with a visual IDE, there are ways around it (e.g. edit in GitHub) and sync. But power users will be more than happy with vim or vi.

Oracle’s own documentation can be fiound at https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/cloudshellintro.htm

Tips for Social Media as an Oracle Ace

03 Monday Feb 2020

Posted by in General, Oracle, Technology

Leave a comment

Tags

, , , , ,

The first part of a two part article about the sort of things an Ace Associate, or anyone else in a Technology Advocacy programme such as the Ace & Groundbreakers could approach social media has been published.  Go check it out (http://www.oraworld.org/home/ – page 15) along with other articles in the latest edition of OraWorld covering subjects as diverse as Open World, Apex and Spam (read and you’ll understand).

I’d like to thank my colleagues, particularly James Neate for the inspiration behind this article.

Security Vulnerabilities in Solution Deployment

04 Saturday Jan 2020

Posted by in development, General, Technology

Leave a comment

Tags

, , , , , , , ,

To varying degrees, most techies are aware of the security vulnerabilities identified in the OWASP Top 10 (SQL Injection, trying to homebrew Identity management etc), although I still sometimes have conversations where I feel the need to get the yellow or red card out. But the bottom line is that these risks are perhaps more appreciated because it is easier to understand external entities attacking seeking direct attacks to disrupt or access information. But there are often subtler and at least more costly to repair attacks such as internal attacks and indirect attacks such as compromising software deployment mechanisms.

This, later attack Is not a new risk, as you can see from the following links, been recognised by the security community for some time (you can find academic papers going back 10+ years looking at the security risks for Yum and RPM for example).

But software is becoming ever more pervasive, we’re more aware than ever that maintaining software to the latest releases means that known vulnerabilities are closed. As a result, we have seen a proliferation in mechanisms to recognise the need to update and deploying updates. 10 years ago, updating frameworks where typically small in number and linked to vendors who could/had to invest in making the mechanisms as a secure as possible – think Microsoft, Red Hat. However we have seen this proliferate, any browser worthy of attention has automated updating let alone the wider software tools. As development has become more polyglot every language has its central repos of framework libraries (maven central, npm, chocolatey ….). Add to this the growth in multi-cloud and emphasis on micro deployments to support microservices and the deployment landscape gets larger and ever more complex and therefore vulnerable.

What to do?

Continue reading

Development Standards for API Policies?

16 Monday Dec 2019

Posted by in API Platform CS, General, tools

Leave a comment

Tags

, , , , , , ,

When it comes to development, we have had coding standards for almost as long as we have been coding. We tend to look at coding standards for purposes of helping to promote good quality code and reduce the likelihood of bugs and so on. But they also help with readability, making it easy to navigate a code base and so on. This is sufficiently important that there is a vast choice of tools to help us ensure we align with good practices.

That readability etc, when it comes to code interfaces lends to making it easier to use an interface as it promotes consistency and as Don Norman would say avoids ‘cognitive load‘, in other words, the effort involved in performing actions with the interface. Any Java Developer will tell you, want to print out an object (any object) you get a string representation using the .toString() method and direct it using the io packages.

That consistency and predictability are important not just for code if you look at any API best practises documents you’ll encounter directly or indirectly the need to use conventions that drive consistency – use of singular or plural for the name of entities, application of case – camel case, snake case etc. Good naming etc and we’ll see related things appear together in the documentation. Products such as Apiary and SwaggerHub include tooling to help police this in our API design work.

But what about policies that we use to define how an API Gateway handles the receipt and routing of API invocations? Well yes, we should have standards here as well. Some might say, governance gone mad. But gateways are often shared services, so making it easy to see and logically group APIs together at very least by using a good naming convention will help as a minimum. If API management is being administered in a more DevOps fashion, then information security professionals will probably want assurance that developers are applying policies in a recommended manner.

Continue reading

Techfest 19 & ACED

06 Friday Dec 2019

Posted by in General, Technology, UKOUG

Leave a comment

Tags

, , , , , , , ,

 

TF_speaking_twitter-01This year’s UKOUG TechFest 19 conference is over.  The first time in a number of years where the user group conference hasn’t been a combined Tech, Apps and JD Edwards event.  I have to admit that I was a little concerned with the separation of Tech and Apps as some of the tech stack overlaps for the two groups – for example, Integration Cloud.

That said, the situation being what it was, I got involved with the committee for planning the event including inheriting the stream lead responsibilities for Dev (in the sense of modern development e.g. microservices etc) and what had been historically referred to as middleware (Integration Cloud, Digital Assistant, Helidon, WebLogic) with a lot of support and input from Mark Simpson, Grant Ronald and Susan Duncan.

From my perspective, I  don’t think there was a concern (and this isn’t an attempt at being self-congratulatory) as the hard graft is done by the UKOUG office staff.

As the number of people was smaller, we had a smaller venue rather than the ICC in Birmingham or the ACC Convention Centre in Liverpool – which actually worked out well. The problem of the ICC and particularly the ACC is that main community spaces had been very large as a result atmosphere suffered. This time the Grand Hotel in Brighton was really busy and vibrant as a result.

Reception Desk

 

We had a good blend of sessions covering traditional integration, low code, cloud, microservices, API, UI with people from customers, partners and Oracle travelling in from all over Europe and the US to participate and present.

In terms of my presentations and the ones, I managed to see, I’d particularly recommend checking out in the UKOUG library …

Continue reading

Notifications from Oracle API Platform Cloud Service

11 Monday Nov 2019

Posted by in API Platform CS, General, Oracle, Technology, tools

2 Comments

Tags

, , , , , , , , , ,

There are circumstances in which notifications from the Oracle API Platform CS could be seen as desirable.  For example, if you wish to ensure that the developers are defining good APIs and not accidentally implementing APIs that hit the OWASP Top 10 for APIs. Then you will probably configure things such that developer users can design the APIs, configure the policies, but only request an API to be deployed.

However, presently notifications through mechanisms such as email or via collaboration platforms such as Slack aren’t available.  But implementing a solution isn’t difficult.  For the rest of this blog we’ll explore how this might be implemented, complete with a Slack implementation.

Continue reading

More Free Oracle Cloud than you might know

04 Monday Nov 2019

Posted by in Cloud, General, Oracle, Technology

Leave a comment

Tags

, , , , , ,

free-750x536The news about Oracle offering some free cloud services ‘for life’ is making an impact.  But, the free services don’t end there. The pricing of some other native cloud services includes some free bands. So it’s worth keeping an eye on the fine print. I wouldn’t be surprised if we see limited capacity access in other areas.

Oracle Functions – whilst the core of this service is built on the open-source Fn Project (also largely driven by Oracle) the managed service has a free tier allowing up to 2 million invocations that can consume 400, 000 gigabytes of memory per second use (details can be seen here). Plenty enough to experiment with the concepts behind Serverless aka FaaS capabilities.

Oracle Notifications whilst focussed on the technical side of gathering key event data from OCI and its services, as the document states “sending notifications to numerous interested parties, or even synchronizing the moving parts of a distributed application” – this obviously means a service with characteristics a bit like AWS’ SNS. Like SNS it can be hooked up to email and other HTTPS services using Oracle Events which also has free use. Events is particularly interesting as it is bases the event structure on the CNCF CloudEvents spec. There is an excellent illustration of such a use case in the Oracle blogs here.

It will be interesting to see if we a similar trend with other Oracle cloud-native services. A new take on the now-defunct Application Container Cloud Service (ACCS) would be an ideal vehicle – whether there is sufficient demand for such a capability is not clear (it would in effect be an always live service like a Kubernetes solution, but the simpler, smaller footprint more like Functions in a multi-tenant environment. At the same time, it doesn’t have potential latency of a Function being activated).