Web Trend Map 4 2009

Here you can find as a reference the web trends 4 map for 2009. This map is made by informationarchitects.jp and more information can be found at their website. However, the map can also be found here.. and it is real fun to have a look at it and you might even stumble upon some unknown stations.

Oracle website performance

Ever visited a website to purchase a product and had to wait for a long time before the checkout page came up? Ever waited a long time before a product search completed on a e-commerce site? Did you ever returned to that site? If you have ever experienced this the changes are great that you did not return to purchase something again from that website. The change is also great that you even aborted your purchase. And you will not be alone in this, hundreds or even thousands of customers every day get disappointed at the speed of some e-commerce websites. Those websites can provide the best products around or they can even represent the best brands, as the performance of a website is not expecting the demands of a visiting customer you will most likely lose this customer to the competition.

The financial loses of loosing customers due to under performing it systems can be enormous and even deadly in some cases. It can harm your brand in such a way that it will lose market share. For this reason companies do apply systems to measure system performance. Most of those systems monitor the health of your system. They will look at memory use, CPU utilization, network bandwidth. Some companies do probe the website from a inside or outside location and let bots crawl there website and report response times back to the IT department. All good things you should do, you should be aware of the health of your system and you should be aware if your site is till available to the outside world. However, measuring your system performance is not saying anything about how quick a page request is send to the customer who requested the page. And measuring one or more pre-defined click paths into your website from a outside location is not saying anything about the real performance a customer is experiencing.

To tackle this problem you should be looking at the speeds your real customers are experiencing. Oracle has developed Oracle Enterprise Manager Real User Experience Insight as part of the Oracle Enterprise Manager 10G stack. Oracle Enterprise Manager Real User Experience Insight or OEM-RUEI will capture, analyse and report on real customer experience by 'sniffing' network traffic. It will look at the requests send to your webserver and the response send back. So when a customer asks for somedomain.com/index.html the customers browser will send a get request to the webserver running the somedomain.com domain. The webserver will send the request back and OEM-RUEI will detect the time that the request leaves the companies network and is at the customer. The time between the get request and the moment the response is send back over the network is the real time the customer is also experiencing.

This way you can see what the real times are, if customers abort transaction and what is really happening in the eyes of the end customer. This will be of more value to indicate if a customer is having a good experience. if you see that the response times are getting up you can look more into the details and this is when the measuring of your CPU, memory and bandwidth of your server come into play in combination with the analysis of your network switches, routers and such. So all tools in the market have some value and all have a place in analyzing the performance of a website, however in my opinion OEM-RUEI is such a valuable tool that if you are running a serious website you should consider looking into this.

Configuring Apache with Tomcat

A couple of years ago, 5 to be exact, I was working on installing Apache and Tomcat on Sun Solaris webservers in combination with Oracle databases. Back then I was very very pleased with the documentation made by John Turner. So I like to include some of his documentation here.

The howto guides can be found on johnturner.com

Wordl and tag-clouds

Just found a blogpost on the Fusion ECM from William Cripe at the Oracle Blog site. Here he is discussing a new interesting kind of concept mapping. We already knew the tag-clouds and now we have “wordl” a new kind of tag clouds… in some other form. You can create a wordl quickly by checking out http://wordle.net . The picture above is a wordl made from this weblog.

Talkbiznow is launching

Today a new networking site will be launching. With already linkedin.com in the market which is valued at $1 billion and the more consumer market oriented site Facebook which is valued $15 billion the newcomer will have a hard time to fit in. Even do not much is known about talkbiznow.com there marketing group has somehow got a buzz out on the internet. Even Forbes is already writing articles about a site which is not even life.

I have pre-registered to see it as one of the first adapters and somewhere today the people who have registered will get a login send. Because I am a LinkedIn fan I will be looking very close to talkbiznow.com and inform you on all the things I encounter and I will invite you to join the site if I feel it has something to offer. However, a community site has to grow to show some use. An unpopular social networking site has no use; the more people attend the more useful it will get and the more the market value will grow.

visualcomplexity.com

I just came across a website called visualcomplexity.com, here you can find some of the best and most cool network visualizations out there. Not only visualization of computer networks but also social networks, business networks and more. Cool to have look at.

Google optimizes your website

Every now and then I get questions in my mailbox on how people can make their website more search engine friendly. How can they make sure that the page they created will be indexed completely and how will idea A be working in comparison to idea B.

You can spend lots of money by paying a company to create some reports on how to optimize your website. However the best, and very cheap (free) alternative is to let google optimize your website by making use of the Website Optimizer.

Here you will be able to test several scenarios and get tips and trick on how to improve the scenarios. And now via the Google Technology Partner program you will also have the ability to make full use of your content management system in combination with the Google Website Optimizer.

If you are new to the website optimizer you can checkout the video presentation by Tom leung from Google.

php token_get_all LifeType

We are currently running lifetype, a opensource blog platform on a Gentoo Linux machine with Apache and PHP Version 5.1.2-pl1-gentoo. In this version of PHP the function token_get_all is not included. Lifetype, or to be more precise Smarty which is included in liftype to handle the templates uses this to extract non-cacheable parts out of compiled templates.

If you do not have the token_get_all function available some pages in lifetype will show the following error:

[error] [client xxxxxxxxx] PHP Fatal error: Call to undefined function token_get_all() in /usr/home/www/xxxxxxxxxx /public_html/class/template/smarty/internals/core.write_compiled_include.php on line 45

One solution is to add the function token_get_all so LifeType will work as intended, this however will require a recompile of php. A more simple hack is to change core.write_compiled_include.php which can generally be found in $lifetype/class/template/smarty/internals/.

On line 39 you will find a statement that makes sure that the function will only work when your php version is higher than version 5.0.

$this_varname = ((double)phpversion() >= 5.0) ? '_smarty' : 'this';

Now we do not want to have this executed so we change the required version from 5.0 to 7.0 which is not the version we are currently running. By making the change we make sure that there is never a call to token_get_all and by this we solve the problem.

$this_varname = ((double)phpversion() >= 7.0) ? '_smarty' : 'this';

This however is a quick and dirty hack, a better way is to recompile PHP with the token_get_all function included.

Blogging as a job

Most people who have a blog which they keep up to date and accurate will most likely enjoy this and as everything you do what you enjoy you might from time to time wonder, “Would it not be nice if this was my job”. Well, I think I have had this thought a couple of times, and now it has become reality…. It is not becoming my job but we have started the first of a couple of corporate weblogs.

The first corporate weblog is about Oracle Supply Chain Management and as I am also a Oracle Supply Chain Consultant I will be writing a lot of articles for this weblog. Please feel free to check out the SmartApps Oracle Supply Chain Weblog.

Before starting the weblog we have given it some thought and I have been reading on about the do’s and don’ts of corporate blogging. Meaning this new SmartApps weblog will have a slight different approach, mainly it will be different on focus. This corporate weblog will be handling Supply Chain Management and related topics while my private weblog is handling various topics.

The plan is to expand the number of weblogs in the upcoming time so that other people who are not directly working with SCM will have a chance to write about the things in their area. Now about the things I will be blogging about,… I will cross-post them on this weblog also or at least make a referring to it so people can track my postings on that site.

Currently I have already posted 4 blogposts.

RFID and Oracle in the Supply Chain:
An article on how RFID tags can help you plan your Supply Chain Management and warehouse management in combination with Oracle.

Oracle and Drop Shipment:
An article on how Oracle E-Business suite can handle drop shipments.

Oracle iStore return orders:
An Article on Oracle iStore and how to handle return orders from customers with some examples of flows.

Oracle demand planning with Demantra:
A quick introduction on demand planning in Oracle E-business suite, I will be posting more on this topic on this weblog and the SmartApps weblog.

Google infrastructure

Ever imagined how your website or web application would perform when it could be run on the Google infrastructure? Well now you can, Google starts hosting your applications in their datacenter on google servers and most likely running on the Google OS.

“Google App Engine enables you to build web applications on the same scalable systems that power Google applications.”

As google states:
#-----------------------------------
What Is Google App Engine?
Google App Engine lets you run your web applications on Google's infrastructure. App Engine applications are easy to build, easy to maintain, and easy to scale as your traffic and data storage needs grow. With App Engine, there are no servers to maintain: You just upload your application, and it's ready to serve your users.

You can serve your app using a free domain name on the appspot.com domain, or use Google Apps to serve it from your own domain. You can share your application with the world, or limit access to members of your organization.

App Engine costs nothing to get started. Sign up for a free account, and you can develop and publish your application for the world to see, at no charge and with no obligation. A free account can use up to 500MB of persistent storage and enough CPU and bandwidth for about 5 million page views a month.

During the preview release of Google App Engine, only free accounts are available. In the near future, you will be able to purchase additional computing resources.
#-----------------------------------

I have tried to get a first account,… however…. I have been put on the waiting list because to many other people have applied for a developers account.

Ubuntu Brainstorm

Ubuntu, a popular Linux distribution, has released Ubuntu Brainstorm. A place where everyone can post and vote ideas that should be developed for upcoming releases of Ubuntu. Quite like Dell did some time ago.

A great way for people to tell what they think about the current state of the distribution and to comment on the ideas of others. By voting a idea can get high up the request list for the Ubuntu Developers and make it to the next release. In my opinion a great idea! Go Ubuntu!

Google Web Toolkit

Ajax, Asynchrone Java And Xml, already for sometime now a promising buzzword which also have gained some momentum in developers communities. Web2.0 is mostly powered by AJAX and AJAX like applications and enables us to have a lot more fun on the web. However, how to work with it is still for some a little mystery and I have no intentions to clear that up in this blogpost. I do intend to give some more insight in some tools and ways you can play with AJAX and I might give some start pointers away. To be honest AJAX is quite simple and can be learned by example from the web. Recently I was asked to code a little web tool and this gave me the opportunity to get some more knowledge to AJAX and after a very little effort I was able to put in to use.

First, Google Web Toolkit, google claims the following on the website:
Google Web Toolkit (GWT) is an open source Java software development framework that makes writing AJAX applications like Google Maps and Gmail easy for developers who don't speak browser quirks as a second language. Writing dynamic web applications today is a tedious and error-prone process; you spend 90% of your time working around subtle incompatibilities between web browsers and platforms, and JavaScript's lack of modularity makes sharing, testing, and reusing AJAX components difficult and fragile.

GWT lets you avoid many of these headaches while offering your users the same dynamic, standards-compliant experience. You write your front end in the Java programming language, and the GWT compiler converts your Java classes to browser-compliant JavaScript and HTML.

And I think this is completely accurate. On the google website you can find a lot of examples, books and articles to get you started. What Google offers is a quite good set of pre developed solutions you can put to work for you. You want HTML / AJAX tabs on your website, just issue the command and you have your tabs. You want,...... issue the command and you have it. There is quite a big library of nice "things" you can use and this can speed up your development in a big way.

Secondly a nice thing to explore is the Oracle Berkeley DB Java Edition as a Persistence Manager for the Google Web Toolkit. Oracle has written a whitepaper about this subject and gives away some very nice coding examples for you to use. You can find the document on the oracle website.

I also found a nice video from Google Developers you might want to watch.

SQL injection

SQL injection is a method where a attacker is inserting new statements into existing statements. Instead of inserting values as they are expected by the application they will try to create a escape out of the standard code and insert there own code in a way that it will be executed. Even do this is a very old technique it turns out that still thousands and thousands of web applications are vulnerable to SQL injection.

In basis it can be said that a SQL injection possibility is due to bad coding. When SQL injection was quite new it could be very hard in some cases to close a possible SQL injection vulnerability. At this moment there are so many standard ways of making sure that a client will send you what you expect him to send and make sure he is not able to "break out" of a web application that this is no longer a excuse.

Even do it is quite standard to test your application on this, and other, possible security vulnerabilities it is handy to have some documentation ready and read them so you can even gain a better understanding of this technique and how to prevent it from happening.

Before cleaning them up from my desk I like to share some of documents I will be shredding and which I found quite good in getting the basic understanding of SQL injection. The best way however is trying to hack into (your own) web-applications. Trying to find the possibilities, the loopholes and the way to close them.

A good read is:

Advanced SQL Injection in SQL Server Applications:
"This document discusses in detail the common 'SQL injection' technique, as it applies to the popular Microsoft Internet Information Server/Active Server Pages/SQL Server platform. It discusses the various ways in which SQL can be 'injected' into the application and addresses some of the data validation and database lockdown issues that are related to this class of attack. The paper is intended to be read by both developers of web applications which communicate with databases and by security professionals whose role includes auditing these web applications."

An Introduction to SQL Injection Attacks for Oracle Developers:
"Most application developers underestimate the risk of SQL injections attacks against applications that use Oracle as the back-end database. Our audits of custom web applications show many application developers do not fully understand the risk of SQL injection attacks and simple techniques used to prevent such attacks. This paper is intended for application developers, database administrators, and application auditors tohighlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable. It is not intended to be a tutorial on executing SQL attacks and does not provide instructions on executing these attacks."

SQL Injection:
"SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries, but without first stripping potentially harmful characters. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to focus the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general."

Blogging a full year

One full year of blogging...... Started in 2006 I now have finished a complete year of blogging,... the year 2007. For those who are intereseted i have placed the visitor results here (2006 and 2007):

ZOHO online database

ZOHO, very web2.0. A online database application builder which might be a little inspired by Oracle Application Express. It looks very nice and can be fun to play with. However if you are thinking about a more serious way of maintaining your data and creating an application you might consider a different approach. Even do, applause for the developers of ZOHO, they have done a very good job in creating a very very nice online application.

Oracle Webcache error.

Currently we are running Oracle Application Server 10g (10.1.2.0.2) with Oracle HTTP Server / OracleAS Web-Cache 10g (10.1.2.0.2) at some of the servers running a high traffic website. For some time we have had the following error message shown in the clients web browsers at random times:

------------------------------------------------------
Illegal Characters in Request/Response

The security gateway refused to process and retrieve the URL you requested because of a protocol violation:

The security gateway saw the request/response:
HTTP/1.1 200 OK Date: Tue, 13 Nov 2007 14:41:56 GMT Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (H;max-age=214741422+0;age=66556;ecid=1194964916: 10.32.4.3:8357:0:5777b\37777777613\001 ) Cache-Control: private Content-Type: text/html Content-Encoding: gzip Content-Length: 3497 X-Pad: avoid browser bug X-Cache: MISS from amssys02.dmz-out.smartapps.nl Keep-Alive: timeout=15, max=100 Connection: Keep-Alive \037\37777777613\010

This kind of protocol violation is denied in order to protect Web clients/servers from attacks that include control and other non-printable characters. It is also denied to ensure that only HTTP traffic is passed by the HTTP proxy, thus ensuring the integrity of your site's security policy.

If you believe that this request should have been allowed, contact the Web site administrator and request that their application be modified to be HTTP compliant.
------------------------------------------------------

After some research we found that the “server” header from the response from the webserver contained the illegal characters mentioned. Below we see a header that is passed correctly to the client without being refused by the security gateway. At the end of the “server” string we can see the following text “2136out.smarÇTÄ)” This text is changing every time you request the page. Meaning that in some cases the characters are not compliant to the characters that are agreed on in the RFC.

------------------------------------------------------
GET / HTTP/1.1
Host: www.thetasteoflife.nl
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025

Firefox/2.0.0.9
Accept:

text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;

q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: __utma=83643603.296507212.1191756626.1195044105.1195049174.28; __utmz=83643603.1193130261.16.3.utmccn=(referral)|utmcsr=miele.nl|utmcct=/apps/vg/nl/miele/Miele001.nsf/LookUpPage/Homepage|utmcmd=referral; __utmc=83643603; __utmb=83643603

HTTP/1.1 200 OK
Date: Wed, 14 Nov 2007 14:09:42 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server

OracleAS-Web-Cache-10g/10.1.2.0.2

(H;max-age=214748349+0;age=157949;ecid=1195049382:10.32.4.3:8408:0:2136out.smarÇTÄ)
Cache-Control: private
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 1701
X-Cache: MISS from amssys02.dmz-out.smartapps.nl
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
------------------------------------------------------

If this is the case and some of the “random” characters are not in the character map agreed upon in the RFC the security gateway will close the connection and the client will get the following http header error (Illegal Character in Response Header):

------------------------------------------------------
GET / HTTP/1.1
Host: www.thetasteoflife.nl
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025

Firefox/2.0.0.9
Accept:

text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;

q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: __utma=83643603.296507212.1191756626.1194798880.1195044105.27; __utmz=83643603.1193130261.16.3.utmccn=(referral)|utmcsr=miele.nl|utmcct=/apps/vg/nl/miele/Miele001.nsf/LookUpPage/Homepage|utmcmd=referral;__utmc=83643603

HTTP/1.x 400 Illegal Character in Response Header
MIME-Version: 1.0
Date: Wed, 14 Nov 2007 13:58:49 GMT
Connection: close
Content-Type: text/html
------------------------------------------------------

This will result in the error page in the browser on the client side. Meaning as long as the random chars are not hitting “faulty” characters the website is shown correct, if not the client is showing a error page. To prevent this the “server” header in the response headers needed to be modified. To do so in Oracle Web Cache you need to modify the webcache settings in the webcache.xml configuration file and restart webcache. Change the string:

<debuginfo header="YES" eventlog="NO" htmlcomment="NO" switchstring="+wcdebug">

To:

<debuginfo header="NO" eventlog="NO" htmlcomment="NO" switchstring="+wcdebug">

After that, restart webcache and your “server” response header will look clean and will not have “random” chars in it which can create the error.

“Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2”

Powerpoint online

Web2.0 is all about sharing and user generated content online. Some web2.0 initiatives are great for sharing your pictures online, placing them on a "google" map and give the rest of the world the option to look at places via your pictures. Also web2.0 have brought us the possibility to work online in word like applications and now we have some sort of powerpoint online in the form of ShowBeyond, a place where can you create and share slideshows online. A great online app which, if it starts to pick up speed can become a great tool.

Web 2.0 goes corporate

Serious business, Web 2.0 goes corporate is the title of a comprehensive report done by "The Economist Intelligence Unit" and which is sponsored by FAST.

The report is based upon a survey done in January 2007 by the EIU and polled 406 senior executives from around the world on the impact of Web2.0 on their business. Sponsored by FAST, the online survey focused on the prospects for improved internal and external collaboration, increasing in revenue or profitability, and implementation challenges.

Respondents included 406 senior executives, of which 41% were from the C-suite or the board. The average company size was about US2.5bn in revenue, and the major industry segments including financial and professional services, life sciences, IT/Telecoms and media. Two-fifths of the respondents were located in north America, about one-quarter each in Europe and the Asia/Pacific region, and the rest from elsewhere in the world.

The survey was supplemented with in-depth interviews with senior executives across a range of industries, including financial services, telecoms, advertising and publishing.

Some nice figures turned p in the results of the survey and show that web2.0 is picking up speed also in the corporate areas.To read the complete report you can go to the website of the Social Media Group and download it from there.

Oracle Application Server Hosting

Running a website which attracts large numbers of vistors and which generates large numbers of data throughput takes more than a simple standard Apache webserver running on a standard Linux box. When you expect large numbers of visitors which you have to serve 24 hours a day 7 days a week you will have to think about network architecture, failover clustering, scaling your machines and what system should be behind your website, Apache or something else.

Oracle Application Server, more known for running Oracle E-business suite in most cases can also be used to run a website. Oracle Application Server 10g is developed with a demanding 24*7 environment in mind and copes with all the questions like "can I use grid computing" or "what about backup servers". I never experienced the power of Oracle Application Server as a web platform for consumer intended content and graphical rich websites until recently I was involved in the setup of a high availability website for a Dutch TV program named "the taste of life". This website is developed with some partners by SmartApps who are also providing the hosting of the Oracle Application Server.

When developing a high availability web platform you might want to take a look into Oracle Application Server.