May 20, 2007 Security

Validating Oracle SSO Configuration

A failing OC4J_SECURITY process recently had me digging out an old script I had put together to test Oracle Application Server Single-Sign-On (OSSO) configuration.

How and where the OSSO server keeps its configuration is a wierd and wonderful thing. The first few times I faced OSSO server issues I remember digging through a collection of metalink notes to piece together the story. It was after forgetting the details a second time that I committed the understanding to a script (validateSso.sh).

Appreciating the indirection used in the configuration is the key to understanding how it all really hangs together, which can really help if you are trying to fix a server config issue. Things basically hang together in a chain with 3 links:

1. Firstly, the SSO server uses a privileged connection to an OID server to retrieve the OSSO (database) schema password.

2. With that password, it can retrieve the SSO OID (ldap) server connection details from the OSSO (database) schema.

3. Thus the SSO Server finally has the information needed to connect to the OID server that contains the user credentials.

The validateSso.sh script I've provided here gives you a simple and non-destructive test of all these steps. The most common problem I've seen in practice is that the OSSO schema password stored in OID gets out of sync from the actual OSSO schema password. I think various causes of these problems, but the script will identity the exact point of failure in a jiffy.
read more and comment..

May 13, 2007 OTN Perl

Getting your Oracle Forum posts as RSS

In my last post I said one of my "Top 10" wishes for OTN was to be able to get an RSS feed of posts by a specified member to the Oracle Forums.

At first it may sound a bit narcissistic to have a feed that allows you to follow what you have written yourself!

It was my exploration of Jaiku that prompted the thought. Since "presence" is their big thing, I've been experimenting to see what's its like to have Jaiku aggregate all your web activity. So far it looks really cool - I love the interface. Must say that I'm not sure how useful Jaiku may turn out to be in the long run ... I suspect it works best if you have a whole lot of your friends also using it. NB: the Jaiku guys are particularly focused on mobile phones. Its not something I've tried yet because I think it would be a bit ex from where I live.

So Jaiku was the catalyst for me thinking about getting an RSS feed of my forum posts. Recently I've been trying to make an extra effort to contribute to the forums; frankly, they've always seemed a little quieter than I think they should be. So seeing any forums posts I make highlighted on Jaiku should be one of the neat indicators of my "web presence".

Problem is, while you can get a web page that lists your recent posts, and you can subscribe for email alerts when authors post, I wasn't able to find a way of getting an RSS feed for a specific author's posts.

So I created a little perl script that scrapes the HTML and generates an RSS feed (using XML::RSS::SimpleGen). I've packaged it as a CGI program on a server I have access to. That's what I registered on my experimental Jaiku site, and it works like a charm.

Until Oracle build this feature into the forums, feel free to take my oracleForumRSS.pl script and experiment away. Its pretty basic, but is generic for any forum user and ready to go. Sorry, but I'm not hosting it for direct use by others, so you'd have to find you own server with cgi or convert it to script that spits out a static rss xml page instead.

Post-script: Eddie Awad blogged on the "Easy Way" to do this using Dapper. Very cool, thanks Eddie!
read more and comment..

May 12, 2007 KM Deep thoughts OTN

OTN Semantic Web - first look

My last post on the state of the OTN community was probably a little long on rhetoric. So I thought since the move of Oracle Blogs! to the much vaunted Semantic Web seems well underway, it would be worth taking a first look. The old site has taken a bit of stick for being, let's say, less than engaging.

The big improvement by using the Semantic Web is of course all the slicing and dicing it allows to hone in on posts of interest, with the blogger tag cloud giving instant feedback (and access) to the bloggers most active on a given subject.

I got to say though it doesn't take long before you realise this site needs a serious design and usability facelift. Urgently!

Maybe its easy to be critical with something new. Actually, no "maybe" about it...

OK, I won't nitpick too much. The biggest problem is that we've paid for all the slice & dice flexibility in the worst possible way ... all the content has been squeezed off the page!

If Oracle do nothing else, they should push all the filtering and clouds out of the way to make a nice, big section of the page available for the star of the show - the content. Use AJAX to make all the filtering available in an instant, but avoid the clutter. At that point, we have a decent replacement for the old blog site.

But for OTN to truely find its Web 2.0 mojo, I think the Semantic Web is probably laying some important foundations but its just the beginning.

My Top 10 OTN/Semantic Web Wishlist
OK, so quick brainstorm, and here's a selection of things I'd really love to see happen on OTN:

1. Take Down This Wall ... between content types (not what Justin originally meant, I know)! The current layout of the Semantic Web page puts concrete delineation between content types (podcast, blogs, forums and other personally attributed content) at the top of the page. At first that may sound fine, but its locking us into a mindset and behaviour patterns that assume these are all distinct in terms of production and consumption. A destructive and divisive fallacy. Get rid of it, and make the content type just another filter.
   


2. Long live the forums! These are places where you can actually have a conversation (instead of trying to have a conversation in blog comments). OK, so they look a bit dated, and the level of participation can be a problem. Nothing a lick'a paint can't fix, and use the Semantic Web to drive usage.
   


3. Give Oracle's "celebrity" bloggers a personal forum that links neatly off their blog so that conversations can be usefully launched on the back of a blog post. What the heck, let everyone have a personal forum!
   


4. Let me take an RSS feed of my forum post history. Its the kind of thing I'd put on my Jaiku page. At the moment, we can just watch via email.
   


5. Let me take an RSS feed of any Semantic Web page I find/define (with all the current filtering etc).
   


6. Drop the barriers to participation. The Semantic Web makes concerns of the "quality" of bloggers irrelevent. If they never post, they get buried. OTN registration should include an opt-in for an Oracle-host blog, or a link to an externally hosted blog.
   


7. An OTN Community Site Badge. To promote participation, how about a logo/widget/javascripty thing that bloggers can put on their blog? It would both brand their blog as part of the OTN community, and also provide a link back to the OTN Semantic Web. It would be neat if it actually had a function (like clustermaps), but I can't think of anything useful right now.
   


8. Invert the Semantic Web. OK, we're getting used to coming top down. But what if I *start* from someone's blog post? It could be a really neat thing to be able to then explore the Semantic Web from that point out ... to discover related or linked pages. Worth an experiment I think.
   


9. Drop the dopomene theme. I'm in the Semantic Web, discovering fascinating information in ways that have never been possible before. This is really exciting! ... but the look and feel is blaring a very incongruous message that messes with your psyche. We need a better use of colour and graphics.
   


10. ... and a dozen other insanely cool Web 2.0 things that I can't even imagine right now, and if I could I'd be well on my way to my first $1b.
    

Wow, I'm actually getting excited now...
read more and comment..

May 11, 2007 KM Deep thoughts OTN

No respect! Should Justin care?

Justin "Dangerfield" Kestelyn launched one of the most lively discussions the Oracle community has ever had with his "I Don't Get It" post some weeks back.

"In particular," he states, "Oracle gets zero credit in this community for its rather aggressive support of blogging (by employees and nonemployees), despite the fact that a rather large blogging community exists and has for some time"

Strangely, there seems to be pretty unanimous agreement that there is a large number of bloggers out there, and some very good ones at that. Vincent McBurney's blog made special mention of Nishant Kaushik, Rob Smythe and Steven Chan for example.

And if we also consider the OTN Podcasts (my favourites being the ones that feature interviews with the "names" like Tom Kyte and Wim Coekaerts), it seems to me pretty evident that we actually have a pretty healthy community of content creators.

But when I look back at what Justin actually said, he was referring specifically to the lack of credit from the Web 2.0 community.

I think the OTN team - and Justin in particular - have been doing a fantastic job with the blogsphere and podcasts. But is that enough to make a stir in the Web 2.0 scene? Maybe a year or two ago it would have, but not any more. Sadly (for Justin) it is now just all too routine.

How many "Web 2.0 firsts" can OTN really claim? The harsh reality is that to make a splash and get some respect in the Web 2.0 community, Oracle needs to do much much more. And I don't think its about content or whether our blog etiquette is any good. Leadership and innovation is the name of the game in two important areas:

• How to build more effective social networks and find new and better ways for this to deliver real benefit to the community. At present, I'm not sure we even deserve the "community" moniker .. it feels more like a public swimming pool we all just happen to go to, rather than a forum (in the Roman sense) where we meet, discuss and debate.
  


• Invent and apply cutting-edge Web 2.0 techniques and technologies to support this goal. Yes, this IS about technology;) The Web 2.0 community is incredibly dynamic and creative at this point. Take blogs for example. They've been around for a while. Long enough for people to discover that for some things they are really good, but in other ways they suck (like trying to have a "conversation" in comments). So we now have sites like twitter, tumblr, virb and jaiku all experimenting with different approaches and trying to push the envelope in meaningful ways. Its this kind of creative experiementation that we haven't seen Oracle doing in the past ... with the one recent exception being the semantic web (hopefully an indicator of more great things to come). If Oracle really wants Web 2.0 street cred, OTN should be the playground where it is seen to be exploring the outer limits of what is possible - some of which may find its way back into the Fusion Middleware product line.
  

One notion we must definitely reject is that somehow we need to coach all the Oracle bloggers into becoming Web Celebs. To do so totally ignores (and destroys) the value of diversity in the community. Personally, I identify five "kinds" of web presence we should embrace:

1. Leadership and Product Management as a "conversation". These are the celebs and thought leaders engaging with the community, but very much with their corporate responsibility at the fore. Funny thing is, I had the impression Oracle was doing much better in this regard, but it doesn't hold up to inspection. Mark Wilcox is one of the few getting close. Perhaps commercial considerations actually make it a very hard thing to do without tipping the competition too much, or just sounding like a mouthpiece for marketing.
   


2. Web 2.0 as Shared Memory. I think one of the completely understated revolutions going on. As I've blogged before, and epitomised by the likes of Alejandro Vargas, this is all about using the web to finally Get Knowledge Management Right. These tend to be boring as hell to try and follow unless they are right in your niche. Scenario: One day, you'll be sweating a problem. Ask google, and thank your lucky stars that there are people around like Alejandro.
   


3. Living your professional life online. Probably the most common approach today on OTN. Its a diary, scrapbook and log. You may find some really good gems, but there's no harm in being obscure in this category... you're just one of the community and its often done more for your own personal benefit.
   


4. The personal/social presence. And yes there is room for all those who are part of the community (because they work at Oracle for example) but just want to talk about baseball!
   


5. The audience. Let's not forget the vast majority of people who are searching and reading, but will never do much more that perhaps post a question to a forum or maybe a comment on a blog. For a whole range of reasons there's no value or motivation for them to go further. Don't try and make them blog. It won't work. But should we do everything possible to make sure they are well served by the community ... yes!! Numerically, they ARE the community.
   

Justin finished his initial post with a somewhat flippant "...maybe I shouldn't even care!". But perhaps he unwittingly hit the nail on the head.

It's a truism in business that if you forget who your customers are, you are doomed. Similarly, if OTN becomes preoccupied with impressing the Web 2.0 community as its primary mission, I'm pretty sure they will find success "inexplicably" elusive (and prove that all of Justin's denials of it being a PR conspiracy are lies!!).

Success will come most easily if OTN focuses on serving its real constituency first - the Oracle community of employees, users and developers. Do that well, and if OTN is indeed pushing the boundaries, then the Web 2.0 cred will be the just reward.

I guess in a way its like being cool. Try to be cool and you'll fail. You just are (or not, as the case may be).
read more and comment..