I was glad to be back in Seattle to attend the 2019 edition of ODTUG's famed Kscope conference. This is the second time the event is held this close to home (read my previous recount of the same conference five years ago)! And like every Kscope before, the conference always provides unique experiences, bountiful knowledge and new people to meet! Here's a quick summary and highlights of my week.
Since Oracle Application Express (APEX) version 18.1, application developers are able to easily integrate OAuth2-based authentication using many popular identity providers including Google, Facebook and Microsoft. Morten Braten, Anton Nielsen and I have previously written on this subject.
Starting May 2019, Microsoft is changing how developers manage their OAuth2 application registrations.
One of my fondest memories of my previous job was working with VMware virtualization products. With VMware Workstation, system administrators had the ability to "move" a virtual machine (VM) from a local workstation to vSphere. It was no surprise then that I was very exited (and itching to play) when VirtualBox 6.0 was released with a new feature: support for exporting a VM to Oracle Cloud Infrastructure (OCI)!
It took a little longer than I had hoped to publish the next article in this series about my experience with a 30-day Oracle Cloud trial. I had a created compute instance in the same compartment and that messed up my estimates. That's just one piece of the puzzle.
After running my Oracle Application Express (APEX) instance (see the previous article on what it takes) for more than a day, I think I have enough to take a first measure of costs and fact check the prices listed by Oracle!
Remember this ad?
IBM BladeCenters were revolutionary at its time. System Administrators would know that one of the largest expense when building out a server infrastructure is real estate costs. Shrinking racks of servers and consolidating into blade servers meant you could put more hardware in less space. However, they were expensive and had their fair share of skeptics. Adopting a proprietary backbone simply meant you were investing into a brand and hence subject to vendor lock-in.
Then came virtualization. With more powerful CPUs, cheaper RAMs and more cost-effective storage solutions, we are now able to cramp more servers into a single server. Other pieces of traditional server infrastructure, e.g. network and storage, could be "software-defined". The server footprint very much "vanished into thin air"!
I have read many comments on social media and blogs about various experiences using the Oracle Cloud for hosting web applications and databases. There are probably more bad than good accounts, and so I wanted to experience the process myself using a trial subscription.
Typically, a trial account only gets you a US$300 credit to use on the Oracle Cloud. The credits are good 30 days, after that, either your upgrade to a paid plan, or you lose everything. You are also required to provide a valid credit card for verification purposes only. According to the sign up page, users are only billed after choosing to "upgrade" the account.
When Oracle Database 18c Express Edition (18cXE) was released late last year, I was motivated to work on an image for running the newly released, FREE database using Docker. The scripts were based on the official Docker images published by Oracle. With much help from Martin D'Souza, we released the scripts to the community with pointers on how to install and run an Oracle Application Express (APEX) stack.
Late last year, I started binge watching the entire four seasons of The Last Ship. It was one of the rare TV serials that my wife and I shared a common interest in. I think this was mostly because the first season was centered around the ship and its crew's fight against total human annihilation by an infectious disease. For me though, it was also about the military hardware and camaraderie amongst the soldiers.
I have written on two occasions, "Just a Drop of Oracle APEX" and "APEX and the Affordable Cloud!", about how easy it is to get up and running on hosting providers like Linode and DigitalOcean. The approach largely involves Vagrant, and though it is an easy to use tool, it still needed a little bit of DevOps heroism, and sometimes, dealing with API keys may not necessarily be a priority for someone looking for a quick way to setup a consistent and robust Oracle Application Express environment.
Updated November 18, 2018 Added a help utility to populate an Oracle Wallet with root certificates
Oracle Database 18c Express Edition comes with a usable Oracle Wallet. In a previous article, I had described how to:
Someone had asked in the comments, what certificates were necessary for Social Sign-in in Oracle Application Express (APEX) to work. It's something that I think most of us would like to know too, so I did a little more digging and here's what I found for three of the more popular social platforms: Google, Facebook and Microsoft.
I wrote, quite a while ago, on how Oracle Application Express (APEX) developers could integrate R functionality/code in their applications. This was done primarily through Node.js packages and exposed as RESTful Web Services. Not the ideal solution, but useful for people wanting to integrate R statistical calculations and complex charting, but could not afford the hefty price tag for an Oracle Database Enterprice Edition license, plus the Oracle Advanced Analytics database option.
The revolutionary 18c release of the Oracle Database Express Edition (XE) significantly changed the Data Analytics playing field. The no-cost platform has resource caps (2 CPU, 2 GB RAM and 12 GB data storage). It's not going to help perform complex GWAS (Genome-wide Association Study), but should suffice for many smaller research projects, statistical reporting and creating useful prediction models.
Unfortunately, the XE website has only a single line that says anything about this cool feature of the database:
If you prefer R programming, Oracle Database supports that too.
How do we get started?
In a previous blog post, I provided a recipe for enforcing encryption for data-at-rest. However, it is important to remember that Transparent Data Encryption (TDE) protects your data from bad actors, who might have illegally gained access to the data files. Data exists unencrypted when loaded and accessed in the database. Malicious attacks can come from internal sources as well. When storing user confidential information, data stewards need to take greater responsibility in ensuring that data is only seen by staff who are authorized and require access to privileged information. That could mean creating tiered access and other protections like data redaction.
For example, an e-commerce website that handles credit card transactions, may require call centre staff to have access to the last four digits of a credit card number for verifying customers' identity when support call are received. Or an insurance claims website that requires claimants to submit their health identity number. The application displays the partially or fully-masked ID, enough to suggest that the data has been captured, but insufficient for a passerby to steal a glance.
Oracle's Data Redaction makes this possible, and with the latest release of Oracle Database 18c Express Edition, this technology is now acessible to developers for FREE! If you are new to Data Redaction, here's a simple recipe to get started!
Came across an interesting question on stackoverflow this morning, so I thought I'd give it a shot. Turned out to be an exciting morning of learning and a pretty lengthy response that I thought I'd cross-post to keep a copy for myself. If you have any suggestions for improvement, please feel free to contribute to the thread. Thanks!
Transparent Data Encryption (TDE) is a powerful database feature that allows developers and administrators to very quickly, persist data encrypted at-rest. Applications do not require explicit coding to encrypt data for storage. TDE manages encryption during storage, and decryption when data is read, transparently and automatically.
TDE can also be used during backups. In the typical "tape falls off the back of the truck" scenario, malicious actors would not be able to decipher the data on the lost tapes without the crucial encryption key stored in the Oracle Wallet. Assuming of course, the wallet was not backed up to the same tape.
This enterprise-grade feature is found in the Oracle Advanced Security Database Option. That requires user to be licensed for database enterprise edition. However, with Oracle Database 18c Express Edition (18cXE), Oracle has made it free and accessible by everyone!
This post was specially written for Oracle Application Express (APEX) developers who are new to this technology. It provides a simple workflow for creating an encrypted tablespaces. Since APEX application live on the database, placing the parsing schema on a TDE-enabled tablespace, automatically protects the entire application. Hopefully this will encourage you to use it for protecting Personally Identifiable Information (PII) or any other sensitive and confidential data.