Friday, March 28, 2008

Oracle bug codes, complete list

I a previous post I already showed some bug codes you can get when you raise a bug at Oracle Metalink. Now I received upon request the “more” complete list of bug codes from Oracle Development.

[10, Description Phase] 10 - Description Phase
[11, Code Bug (Response/Resolution)] 11 - Code Bug (Response/Resolution)
[13, Doc Bug (Response/Resolution)] 13 - Doc Bug (Response/Resolution)
[14, Bug Assigned to Solution Partner] 14 - Bug Assigned to Solution Partner
[15, To Internal (Oracle) Review] 15 - To Internal (Oracle) Review
[16, Support bug screening] 16 - Support bug screening
[30, Additional Information Requested] 30 - Additional Information Requested
[31, Could Not Reproduce. To Filer] 31 - Could Not Reproduce. To Filer
[32, Not a Bug. To Filer] 32 - Not a Bug. To Filer
[33, Suspended, Reqd Info not Avail] 33 - Suspended, Reqd Info not Avail
[34, Merge To Base Bug] 34 - Merge To Base Bug
[35, To Filer for Review] 35 - To Filer for Review
[36, Duplicate Bug. To Filer] 36 - Duplicate Bug. To Filer
[37, To Filer for Review/Merge Required] 37 - To Filer for Review/Merge Required
[38, Dup of AIME LRG] 38 - Dup of AIME LRG
[39, Approved, waiting for codeline to open] 39 - Approved, waiting for codeline to open
[40, Waiting for the base bug fix] 40 - Waiting for the base bug fix
[41, Base Bug fixed,awaiting base Label/Patch] 41 - Base Bug fixed,awaiting base Label/Patch
[43, Product/Platform Obsolete, to Filer] 43 - Product/Platform Obsolete, to Filer
[44, Not Feasible to fix, to Filer] 44 - Not Feasible to fix, to Filer
[45, Vendor OS Problem, to Filer] 45 - Vendor OS Problem, to Filer
[51, Support approved backport - to Dev] 51 - Support approved backport - to Dev
[52, Pending approval by PL] 52 - Pending approval by PL
[53, Backport/Patchset Req Rejected] 53 - Backport/Patchset Req Rejected
[54, One Off Request Approved] 54 - One Off Request Approved
[60, CM: Awaiting Promote] 60 - CM: Awaiting Promote
[66, CM: Awaiting Deployment] 66 - CM: Awaiting Deployment
[70, Closed, data fix, cause - user error] 70 - Closed, data fix, cause - user error
[71, Closed, data fix, cause - data import] 71 - Closed, data fix, cause - data import
[72, Closed, data fix, cause - code error] 72 - Closed, data fix, cause - code error
[73, Closed, data fix, cause - unknown] 73 - Closed, data fix, cause - unknown
[74, Closed, Verified by QA] 74 - Closed, Verified by QA
[75, Closed, code fix, not verified] 75 - Closed, code fix, not verified
[80, Development to Q/A] 80 - Development to Q/A
[81, Q/A to Dev/Patch or Workaround Avble] 81 - Q/A to Dev/Patch or Workaround Avble
[83, Closed, Product/Platform Obsolete] 83 - Closed, Product/Platform Obsolete
[84, Closed, not feasible to fix] 84 - Closed, not feasible to fix
[87, Fix verified/Merge Required] 87 - Fix verified/Merge Required
[88, Closed as Dup of AIME LRG] 88 - Closed as Dup of AIME LRG
[90, Closed, Verified by Filer] 90 - Closed, Verified by Filer
[91, Closed, Could Not Reproduce] 91 - Closed, Could Not Reproduce
[92, Closed, Not a Bug] 92 - Closed, Not a Bug
[93, Closed, Not Verified by Filer] 93 - Closed, Not Verified by Filer
[95, Closed, Vendor OS Problem] 95 - Closed, Vendor OS Problem
[96, Closed, Duplicate Bug] 96 - Closed, Duplicate Bug


Sunday, March 23, 2008

Game development strategy

When playing games you see more and more a strategy of the developing companies that the user becomes part of the development team. It used to be that a gamer got his game from the shop, played and after finishing the game it was all done. After that came the possibility that gamers could create levels themselves, which was a great step forward, now they even get introduced to developing new features in the game, introducing new units and ways of laying the game.

This strategy is already used on many game platforms where the developers of the game provide a game engine and some basic game units and leave it to the gaming community to develop new features and such. Some games even got popular only because of this approach. And now there is ARMA on the market. We even can find some things developed by the gaming community in the new expansion pack.

The ARMA gaming and development community is weekly uploading new units, levels and remodels and so keeping the game alive instead of a ones developed game…


Oracle SOA Invoice processing

Oracle released a new whitepaper where they discuss the development of a SOA Invoice Processing in a Service-Oriented Environment. The “whitepaper” is a step by step guide on how to develop the code and all the surroundings needed for the environment to work correctly. This is a great introduction to the SOA technology stack and the Oracle Enterprise Service Bus. Development is done in java with Oracle jDeveloper.

Oracle Free Penetration Testing and Vulnerability Research

Eastern is a great time to surf the web and check some of the regular pages you want to check from time to time. The weblog of Pete Finnigan is one of those. And here I just read about the new version of the Free Penetration Testing and Vulnerability Research Toolkit “Inguma”. Currenlty now on release 0.0.7.2.

Inguma version 0.0.7.2 has been released. In this version I have added new modules and exploits, fixed many, many, many bugs as well as enhancing existing modules, such as the Oracle related stuff.

PyShellcodelib has been enhanced as well and now supports Mac OS X. But, for the moment, just BSD syscalls. Mach syscalls implementation is on the way. You will also notice that it is now object oriented as opossed to the previous versions.

Among with the aforementioned changes, I'm releasing 5 new Oracle modules: 4 modules for bugs fixed in the Critical Patch Update of January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give to the module the target's address and port and run "oragateway". The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened.

The new modules added to the framework are the following:

nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).

archanix: As you may imagine, it gathers information from archaic Unix services.
brutesmtp: A brute forcer for SMTP servers.
anticrypt: A tool to guess the encryption algorithm of a password's hash. It saves a lot of time when auditing passwords.


Oracle E-business suite laptop

Last week I went to Paris to give a 2-day workshop about Oracle E-business suite. While working on the preparations we where discussing the possibilities of connections from France back to the datacenter in the Netherlands. Concerned about possible problems with firewalls which would prevent us from setting up a proper VPN connection we decided to run Oracle E-Business suite on a 4 Gig memory laptop instead of taking the changes on the VPN connection. Initially I installed Oracle Unbreakable Linux on a laptop and my colleague Bas Klaassen cloned a existing Oracle E-business suite to the laptop.

After returning from my 2 day session I have to say that the performance of the laptop was super and as good as running it on a full-fetched server. Remember this was a situation that only one or a very limited number of people where working on the machine. Even do, the performance was great!

Monday, March 17, 2008

MaNET, mobile ad-hoc networking

MaNET, mobile ad-hoc network, a way of making a ad-hoc larger network of several WiFi points. Think about all the WiFi points in your surroundings, most likely all working with their own gateway to the internet, now imagine that they are connection also in a bridge mode to several of those other WiFi points and if your gateway fails it will use the gateway of one of the other points. Or even imagine load balancing over all those gateways. If it is to busy on your gateway routing the traffic from the clients connected to your WiFi point, over the airwaves, to a other WiFi point and using that gateway.

Now think about moving to a new area to live, no internet connection yet, however when you boot your WiFi router it will detect a MaNET mash and connect to it and uses the gateways available to you. When your internet connection is back online you will also share your gateway with others.

Now think about a group of nodes in the MaNET mash having a gateway and a lot not, the WiFi points who can connect direct to a gateway enabled node will have access to the internet, however they will be able to relay the communication of nodes that are too far away for direct connect via themselves or even several nodes to a gateway enabled node.

These are several options of a MaNET, keeping a ad-hoc WiFi network running with sharing of gateway nodes and trying to make a mash so tight that everyone can jump in the mobile network.

Now we have talked only about this possibility with privately owned nodes of people who like to join a grid, now think about all those things you see in the streets that could potentially be networked via WiFi, securely for the original intention but also publicly being part as a relay point or even gateway point of a bigger mash. Think about traffic lights, vending machines, public transportation information systems, kiosks, bars, coffee shops and people owning a node themselves. All these nodes connecting to a large and free available network where everyone can hook into, someone coming to live in the surroundings or someone traveling and in need of WiFi access.


There are already some of these networks running in some cities around the globe, however my feeling is that a lot need to be done to get things running more smoothly. Now some technical knowledge is required to things up and running which is a shame because a lot of people will not take the time to join the grid.

On the technical side however a lot of projects are on the way to improve this. Here you can find some links to nice projects:

The Grid Ad Hoc Networking Project” from MIT.
Integrating Mobile Ad Hoc Networks into the Internet” from the Universität of Paderborn.

Intrusion Detection for Mobile Ad Hoc Networks” from the university of California.
Secure Mobile Networking Project" from The Portland State University.
Self-Organized Routing in Mobile Ad Hoc Networks
Passive Autoconfiguration for Mobile Ad hoc Networks (PACMAN)”
Message Ferrying for Sparse and Disconnected Mobile Network” from Georgia Tech.

Sunday, March 16, 2008

Linux TimeLine

We all know that Linux is already some time around. Do we however know how we came to the version you are currently using? From which is your version derived, which fork are you on? What is the root of your linux distribution? You can all find it on the linux map you can see below.




Adaptive Algorithms for Online Optimization

Google released a new google techtalk video and now on the subject of Adaptive Algorithms for Online Optimization presented by Seshadhri Comandur a Research Scientist. A list of his publications can be found at his website.

ABSTRACT

The online learning framework captures a wide variety of learning problems. The setting is as follows - in each round, we have to choose a point from some fixed convex domain. Then, we are presented a convex loss function, according to which we incur a loss. The loss over T rounds is simply the sum of all the losses. The aim of most online learning algorithm is to minimize *regret* : the difference of the algorithm's loss and the loss of the best fixed decision in hindsight. Unfortunately, in situations where the loss function may vary a lot, the regret is not a good measure of performance. We define *adaptive regret*, a notion that is a much better measure of how well our algorithm is adapting to the changing loss functions. We provide a procedure that converts any standard low-regret algorithm to one that provides low adaptive regret. We use an interesting mix of techniques, and use streaming ideas to make our algorithm efficient. This technique can be applied in many scenarios, such as portfolio management, online shortest paths, and the tree update problem, to name a few.



More Google YouTube API

More information on the YouTube API set released by Google/YouTube. You can now find here a short video of some example tutorials on how to use the API to build some own custom applications.

Also on other places on the web you can find some good resources on how to use the YouTube API set. For example programmableweb.com is a good starter and you must read the information on the google code pages on the YouTube Data API.


Friday, March 14, 2008

you have insufficient privileges for the current operation

After cloning an Oracle E-business suite environment we encountered the problem that nobody could login to EBS. After supplying the username and password the user was directly redirected to the login page again without any error messages. When entering a username combined with a faulty password the user was presented with a error message indicating that the username password combination was incorrect.

In the Apache access log file we found a error message stating “you have insufficient privileges for the current operation”.

After some searching we found that the cloned environment had a wrong session cookie domain value set. This was still pointing to the old domain where the original environment was running.

A “select SESSION_COOKIE_DOMAIN from ICX_PARAMETERS;” will give you the current value of the session cookie domain which is set. If this is not matching with the domain where your server is running you have to update this with a update statement. “update ICX_PARAMETERS set SESSION_COOKIE_DOMAIN='.domainname';”.

Other reasons this problem can occur are for example the use of a underscore in your domain and or host name which are not compliant with the domain naming conventions. So this is also a thing to look at when you run in troubles like this.


Thursday, March 13, 2008

Google YouTube API

Google released a set of API’s for youtube which will give developers the freedom to build their own code which will interact with the YouTube database. We are already used to the fact that Google releases almost for every product or service a set of API’s so it was only a matter of time.

They released a JAVA API consisting of a set of Java classes and a PHP API. To use the PHP client library, you must be running PHP >= 5.1.4. You also need to be using Zend_Gdata >= 1.5RC2, which is distributed as part of the Zend Framework. To use the Java client library, you must be running Java 1.5. After downloading the client library, you'll find the classes you need to get started in the java/lib/gdata-client-1.0.jar and java/lib/gdata-youtube-1.0.jar files.

There are also some Player API’s which can be used, a Javascript API and a flash API. The complete information about the new API's can be found on the google code pages.



Saturday, March 08, 2008

Oracle Application Express 3.1

Oracle Application Express 3.1 is now available for downloading from the Oracle Website. Currently the following platforms are supported to run Oracle Application Express 3.1 on: Linux x86, Microsoft Windows (32-bit), Mac OS X Server, Linux on Power, Linux x86-64, z/Linux, Linux Itanium, Solaris x86, Microsoft Windows (64-bit Itanium), Microsoft Windows (x64), Solaris Operating System (SPARC) (64 bit), AIX5L, HP-UX PA-RISC, HP Tru64 UNIX and HP-UX Itanium.

Oracle Application Express (Oracle APEX) is a rapid web application development tool for the Oracle database. Using only a web browser and limited programming experience, you can develop and deploy professional applications that are both fast and secure.



Thursday, March 06, 2008

Oracle iStore, Error in IAS Cache.

Working on a Oracle iStore test environment I came across some strange behavior of some pages. Quite randomly it was only showing parts of the catalog pages and was giving errors in the shopping basket parts of the page. After opening the source of the HTML page I came across a “Error in IAS Cache: java.io.NotSerializableException: oracle.apps.ibe.store.UomKey” error stack message in the source which was causing the problems.

The complete message was:

Message: Error in IAS Cache: java.io.NotSerializableException: oracle.apps.ibe.store.UomKey
Stack:
oracle.apps.jtf.base.resources.FrameworkException: Error in IAS Cache: java.io.NotSerializableException: oracle.apps.ibe.store.UomKey
at oracle.apps.jtf.cache.IASCacheProvider.get(IASCacheProvider.java:718)
at oracle.apps.jtf.cache.CacheManager.getInternal(CacheManager.java:4794)
at oracle.apps.jtf.cache.CacheManager.get(CacheManager.java:2945)
at oracle.apps.jtf.cache.CacheManager.get(CacheManager.java:2893)
at oracle.apps.ibe.catalog.Item.getPrimaryUOM(Item.java:944)
at _oa__html._ibeCCtdAddItemBin._jspService(_ibeCCtdAddItemBin.java:412)
at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
at oracle.jsp.app.JspApplication.dispatchRequest(JspApplication.java:417)
at oracle.jsp.JspServlet.doDispatch(JspServlet.java:267)
at oracle.jsp.JspServlet.internalService(JspServlet.java:186)
at oracle.jsp.JspServlet.service(JspServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:588)
at oracle.jsp.provider.Jsp20RequestDispatcher.include(Jsp20RequestDispatcher.java:103)
at oracle.jsp.runtime.OraclePageContext.include(OraclePageContext.java:475)
at _oa__html._ibeCCtdItemDetail._jspService(_ibeCCtdItemDetail.java:1871)
at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
at oracle.jsp.app.JspApplication.dispatchRequest(JspApplication.java:417)
at oracle.jsp.JspServlet.doDispatch(JspServlet.java:267)
at oracle.jsp.JspServlet.internalService(JspServlet.java:186)
at oracle.jsp.JspServlet.service(JspServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:588)
at oracle.jsp.provider.Jsp20RequestDispatcher.forward(Jsp20RequestDispatcher.java:162)
at oracle.jsp.runtime.OraclePageContext.forward(OraclePageContext.java:187)
at _oa__html._ibeCCtpItmDspRte._jspService(_ibeCCtpItmDspRte.java:1051)
at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
at oracle.jsp.app.JspApplication.dispatchRequest(JspApplication.java:417)
at oracle.jsp.JspServlet.doDispatch(JspServlet.java:267)
at oracle.jsp.JspServlet.internalService(JspServlet.java:186)
at oracle.jsp.JspServlet.service(JspServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:588)
at org.apache.jserv.JServConnection.processRequest(JServConnection.java:456)
at org.apache.jserv.JServConnection.run(JServConnection.java:294)
at java.lang.Thread.run(Thread.java:595)
Caused by: oracle.apps.jtf.base.resources.FrameworkException:
An exception occurred in the method CacheAccess.get
java.io.NotSerializableException: oracle.apps.ibe.store.UomKey
The base exception is:
oracle.apps.ibe.store.UomKey
at oracle.apps.jtf.base.resources.FrameworkException.convertException(FrameworkException.java:607)
at oracle.apps.jtf.base.resources.FrameworkException.addException(FrameworkException.java:585)
at oracle.apps.jtf.base.resources.FrameworkException.(FrameworkException.java:66)
at oracle.apps.jtf.base.resources.FrameworkException.(FrameworkException.java:88)
at oracle.apps.jtf.base.resources.FrameworkException.(FrameworkException.java:202)
at oracle.apps.jtf.base.resources.FrameworkException.(FrameworkException.java:218)
at oracle.apps.jtf.base.resources.FrameworkException.(FrameworkException.java:249)
... 33 more
Error in IAS Cache: java.io.NotSerializableException: oracle.apps.ibe.store.UomKey
oracle.ias.cache.NetworkException:
An exception occurred in the method CacheAccess.get
java.io.NotSerializableException: oracle.apps.ibe.store.UomKey
The base exception is:
oracle.apps.ibe.store.UomKey
at oracle.ias.cache.Net.exceptionHandler(Unknown Source)
at oracle.ias.cache.Net.broadcast(Unknown Source)
at oracle.ias.cache.Net.broadcast(Unknown Source)
at oracle.ias.cache.CacheHandle.broadcastManipulation(Unknown Source)
at oracle.ias.cache.CacheHandle.manipulateCascade(Unknown Source)
at oracle.ias.cache.CacheHandle.manipulate(Unknown Source)
at oracle.ias.cache.CacheHandle.invalidate(Unknown Source)
at oracle.ias.cache.CacheHandle.checkTtl(Unknown Source)
at oracle.ias.cache.CacheHandle.findObject(Unknown Source)
at oracle.ias.cache.CacheHandle.locateObject(Unknown Source)
at oracle.ias.cache.CacheAccess.get(Unknown Source)
at oracle.apps.jtf.cache.IASCacheProvider.get(IASCacheProvider.java:656)
at oracle.apps.jtf.cache.CacheManager.getInternal(CacheManager.java:4794)
at oracle.apps.jtf.cache.CacheManager.get(CacheManager.java:2945)
at oracle.apps.jtf.cache.CacheManager.get(CacheManager.java:2893)
at oracle.apps.ibe.catalog.Item.getPrimaryUOM(Item.java:944)
at _oa__html._ibeCCtdAddItemBin._jspService(_ibeCCtdAddItemBin.java:412)
at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
at oracle.jsp.app.JspApplication.dispatchRequest(JspApplication.java:417)
at oracle.jsp.JspServlet.doDispatch(JspServlet.java:267)
at oracle.jsp.JspServlet.internalService(JspServlet.java:186)
at oracle.jsp.JspServlet.service(JspServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:588)
at oracle.jsp.provider.Jsp20RequestDispatcher.include(Jsp20RequestDispatcher.java:103)
at oracle.jsp.runtime.OraclePageContext.include(OraclePageContext.java:475)
at _oa__html._ibeCCtdItemDetail._jspService(_ibeCCtdItemDetail.java:1871)
at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
at oracle.jsp.app.JspApplication.dispatchRequest(JspApplication.java:417)
at oracle.jsp.JspServlet.doDispatch(JspServlet.java:267)
at oracle.jsp.JspServlet.internalService(JspServlet.java:186)
at oracle.jsp.JspServlet.service(JspServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:588)
at oracle.jsp.provider.Jsp20RequestDispatcher.forward(Jsp20RequestDispatcher.java:162)
at oracle.jsp.runtime.OraclePageContext.forward(OraclePageContext.java:187)
at _oa__html._ibeCCtpItmDspRte._jspService(_ibeCCtpItmDspRte.java:1051)
at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
at oracle.jsp.app.JspApplication.dispatchRequest(JspApplication.java:417)
at oracle.jsp.JspServlet.doDispatch(JspServlet.java:267)
at oracle.jsp.JspServlet.internalService(JspServlet.java:186)
at oracle.jsp.JspServlet.service(JspServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:588)
at org.apache.jserv.JServConnection.processRequest(JServConnection.java:456)
at org.apache.jserv.JServConnection.run(JServConnection.java:294)
at java.lang.Thread.run(Thread.java:595)


An exception occurred in the method CacheAccess.get
java.io.NotSerializableException: oracle.apps.ibe.store.UomKey
The base exception is:
oracle.apps.ibe.store.UomKey


Oracle metalink advised applying patch 6709272 in note 434121.1.The route cause, claimed by metalink is:

The issue is caused by the following setup: Distributed cache mode enabled for non-serializable
key classes.

The class oracle.apps.ibe.store.UomKey is being used as a key for the cache that is declared distributed. The key class must be serializable but the key class in this case is not serializable. The keys are made serializable in Release 12.
For 11.5.10 don't use distributed flag for the following cache components:
oracle.apps.ibe.store.UomKey.java
java/displayManager/MediaKey.java
java/catalog/ItemCacheKey.java
java/catalog/ItemLangCacheKey.java
java/catalog/RelatedPriceCacheKey.java
java/catalog/SectionLangCacheKey.java
As per Note 275879.1 "The Component Caches using distributed functionality must use keys that are serializable".

Applying the patch worked for us they however do also provide a temporary workaround you can use before applying the patch on your systems.
1. Login to CRM HTML Administration Responsibility
2. Go to Performance > Components
3. Choose "iStore" for the View
4. Select the below cache components and view the Edit Component Cache page -
IBE_ITEM_CACHE
IBE_MEDIA_CACHE
IBE_UOM_CACHE
Uncheck the Distributed Mode checkbox for the above components
5. Clear the java cache and bounce the apache server.
6. Retest the issue.