Author Archives: Seth Miller

Invest In Your People

Posted by on May 16, 2012 No comments

A Guide for Retaining Skilled Professionals

Companies hire new employees every day. The reactions employees have to negative work experiences are unpredictable. Some employees will be thankful to have a job and accept anything that happens while others may immediately decide that this isn’t the right place for them and continue to look for another job. There is a unique opportunity for an employer to structure their new employee’s environment and significantly increase the retention period and return on investment of that employee.

There is always room for improvement for the on-boarding process for new hires. Some solutions are simple and require little effort while others may require extensive coordination and resources. This article written with the information technologist in mind but applies in general to any skilled professional. An employer should consider the following points when looking at their new employee on-boarding process:

  • The first day is uncomfortable and sometimes frightening. Treat the new employee like you would a high profile dinner guest.
  • If your new employee loves what the company does, they will consider themself a part of it. Sell your new employee on the product or service they are helping to produce.
  • Establish familiarity as quickly as possible.
  • New employees are hired because they fill a need. Make them feel needed.
  • Get your employee’s physical environment set up before they start so they don’t waste precious time waiting for basic things like phone and email.
  • Documented processes are repeatable and quick to learn.
  • Every day on the payroll counts. Get your new employee acclimated and connected as soon as possible.


    • There are specific tasks an employer can do to accomplish these points. These tasks by themselves may seem pointless in some cases but in combination can have a profound effect. The current economic climate indicates an employer’s market when it comes to human capital. That may be the case for unskilled labor but for skilled professionals, especially in information technology your most valuable employees have a plethora of employers to choose from. Moreover, these skilled employees are likely looking for more than salary. They are highly motivated and focused on their career. They are looking for an employer that has their interests at heart and are willing to show it.

    The following points focus on specific tasks employers should perform to make sure the highly coveted resources companies are looking for remain a resource for an extended period of time and produce a maximum return on the significant investment it costs to hire skilled employees.

    Act quickly. Employees who are invested in the company they work for and believe in what they are helping to produce are much more effective at their job, have a more positive impact on those around them and will last longer as a resource for the company. Employers should seriously consider what happens in the first sensitive moments of an employee coming on to the company’s payroll. Once the moment passes and an employee becomes indifferent or jaded, the chances of pulling them back from that brink are very low.

    Make your mission your employee’s mission. There was tremendous thought put into your company’s logo, vision statement, mission, etc. and it has significant meaning to many within the company. It should be thoroughly explained what the origin and meaning of these statements are and to understand how they should affect the employee.

    Babysit your employee, at least for the first day. Your company probably has a new employee orientation of some kind. Once the orientation meeting completes, there should be a clear direction on where the employee should go and what they should do. The manager responsible for that employee or a delegate should be waiting to take over where HR leaves off. The actions taken for the new hire following the initial barrage of information regarding benefits, code of conduct and myriad do’s and don’ts is important to instill confidence.

    Take your new employee on a tour. Becoming acclimated to the physical surroundings of a place one will be spending eight or more hours a day is important. The new hire should be taken on a tour of the campus in which they will be working and shown the different division areas, cafeterias, popular meeting rooms, lobbies, restrooms, locker rooms, stairwells and elevators, emergency exits, coffee stations, gyms, relaxation areas and their work area. Printed maps should also be provided, especially for the conference rooms.

    Take your new employee on a virtual tour. Becoming familiar with virtual surroundings is just as important as being familiar with physical surroundings. The websites the new hire needs to be familiar with to function properly are too numerous to cover in one day. A schedule should be set throughout the first two weeks to train the new hire on how to use the intranet, file sharing, ticket tracking, change management, expense reporting, etc. The types of applications the new hire will need to be trained on will need to be catered to their position but the training schedule should be in place before their first day.

    Introduce them to their new home. The new hire’s cube or office will be their second home for the foreseeable future. Any items to help the new hire to be successful should be neatly stocked before they enter their cube or office for the first time. The items should include but are not limited to; writing utensils, scissors, push/T pins, white board markers and eraser, hangers, keys for lockable cabinets, hanging and manila folders, notepads, trash can, docking station, monitor(s), phone, wireless headset, shelving for books/files and at least one extra power strip or equivalent available outlets.

    Your new employee will be making copies, sending faxes and assembling documents the first day. There will likely need to be additional paperwork in the days and weeks following the hire date. The new hire should have access to and be shown how to use the copy machine, fax machine, etc. They should also be shown where to find the supplies to use those utilities such as; paper, staples, paper clips, rubber bands, etc.

    Safety first. Standard safety procedures should be shown to the new hire within the first week of their hire date. This should include showing the location of the tornado shelter areas, emergency evacuation procedures and first aid kit location and use. If there are regularly scheduled safety meetings or evacuation drills, the employee should immediately be scheduled to attend them.

    Do the heavy lifting when it comes to introductions. Walking into a room full of strangers turns most people off, especially introverts. A special effort should be made both by management and teammates to introduce themselves to the new hire during the first month. Meetings should be scheduled and prioritized with management and team leads for official introductions to the new hire through their manager.

    Introduce your new employee to the “go-to” person. Despite any preparation, the new hire will inevitably need additional supplies, access and questions answered. The new hire should be introduced to the point of contact that handles general requests and access to supplies. In most offices, this would be the office administrator or executive assistant.

    Get your new hire connected. Professionals rarely work exclusively within their own group. There will inevitably be questions about their job that will best be answered by someone in another group. Proper communication channels such as ticketing or change management systems are critical for companies to function efficiently but a short term exception should be in place for new hires. A contact list should be made available with a minimum of one point of contact for each group and a description of the types of issues the group is responsible for. This list should include group leads, divisional contacts and facilities management. These points of contact should be made aware that they should take special care to make themselves available for any questions a new hire may have.

    Caffeine is the fuel that drives Corporate America. New hires should be shown the locations of the coffee/tea stations nearest to their cube/office. They should be instructed on office etiquette for these stations and shown how to refill the coffee pots when they do not contain enough coffee for another full cup. They should also be shown the location and method of refilling the supplies such as coffee grounds, filters, creamer, sweetener, utensils, etc.

    No office environment is complete without ubiquitous meetings. Meetings are a necessary part of a successful company and every employee and contractor will need to participate. Meetings can range from productive to a waste of resources and time depending on the planning, participation and preparation of the attendees. Meeting etiquette should be published and every new hire should be trained or otherwise made aware of it within the first week of their hire date.

    The new employee’s phone should not be a distraction. Other than setting up voicemail, the phone the new hire will be using should be properly configured and fully functioning before their first day. This should include having access to and training on the online applications used to change the functionality of the phone system. If the new hire will have a cell phone and/or pager, these should be fully functional as well. The numbers for each device should be published in the company directories under the new hire’s account. Similarly, all necessary email addresses should be created and fully functional.

    Online conferencing allows us instantaneous access to the rest of the world. Information both for phone and internet conferencing should be set up properly under the new hire’s account. Proper access should be in place prior to the new hire’s first day. If the conference technologies require training, it should be scheduled ahead of the hire date but not within the first two weeks of employment.

    A computer that doesn’t work properly is just a very expensive paperweight. Most new hires will be given a laptop or desktop. Having the new hire configure their computer on their first day is confusing and time consuming. If necessary, the manager or employees within the new hire’s group may need to do additional configuration of their computer once is turned over from the desktop support group. The computer should be set up with all necessary software and permissions at the time the new hire sits at their desk for the first time. Inevitably, additional software will be required or preferred by the new hire. The new hire should be shown how to acquire or download additional software. It should also be made clear what is and is not allowed to be installed according to company, division, group or unwritten policy.

    Where does your employee put and retrieve files? Your company network probably contains a plethora of share drives and file repositories. Understanding the basic functionality and methods of access to the drives relevant to the new hire should be explained or written down. While a new hire should have basic knowledge on how to use email and simple file systems, the corporate folder structure and expectations of the new hire on using certain folders for certain tasks should be explained or included in training. Most groups will have internal documents, scripts, configuration files and check lists. These should be established in a repository or at least in a shared directory and given to the new hire to share in the benefit of their team’s experience.

    Ask your employees to speak up and take their opinions seriously. In order for a new hire to feel like they are a part of the company they work for, they must feel like their opinion is received and fully considered. The company should establish an outlet of communication between employees and decision makers for the company via a forum, idea box, listserv, etc. The personnel monitoring this outlet should consider every opinion and idea and provide feedback to the submitter regardless of the action taken. New hires should immediately be shown how to use this outlet and encouraged to participate in the evolution of the company.

    Seeing one’s name in print is a powerful thing. While it may not seem like much, seeing one’s name in print has an emotional impact and establishes a feeling of ownership and responsibility. The new hire’s cube or office should have their name spelled correctly and in place within the cube placard or on their desk. There should also be a personal welcome letter bearing their name on quality paper, signed in ink and personalized to their position preferably written by their manager.

    Give your new employee a gift to make them feel like an important part of the team. A small but meaningful gift can go a long way to establishing a strong relationship with someone. A thoughtful gift should await the new hire with the intention of immediately establishing a connection with the company while at the same time inculcating an expectation of excellence from them.

    It is in the interest of all parties that the employer invest in their employees, especially in the beginning of the employee’s tenure when simple tasks done can have the greatest impact. Make sure the company’s mission becomes the employee’s mission. Act quickly on the first day and make sure there is clear direction from the start. Show your new employee around both the physical and virtual campus so they become acclimated to their new environment. Even if your new employee is a number cruncher or a button pusher, put them in front of their colleagues and make sure they know who to talk to when they need something. Have phones, computers and websites set up ahead of time so your new resource can get started in their new job right away. Listen to, consider and when appropriate implement your employee’s ideas. Make sure your employee understands the office etiquette when it comes to things like meetings and coffee stations. Finally, go beyond your new employee’s expectations by having their workspace adorned with their name, a welcome letter and a special gift to offer a warm welcome.

    Career professionals, especially at the mid and senior level, are some of the most sought after individuals in the work force. These individuals need to find value beyond a good salary in the company they choose to work for. Establishing a cohesive and value driven relationship immediately between an employee and the company will yield employee loyalty, higher quality and quantity of work and better morale from the employee and reduce the risk of losing a valuable investment. Despite the unemployment rate, high quality professionals are difficult to find and even more difficult to retain. When investing in personnel, an employer should consider how to establish an investment from the new employee in the company and to do it as quickly as possible. When done with effort and sincerity, relatively easy tasks done by an employer to invest in their employees can pay off in dividends for years.

    Basic Backup Still Eludes Most IT Professionals

    Posted by on April 19, 2012 No comments

    I can’t believe this is still prevalent among senior level IT professionals. A colleague of mine was literally sweating when his laptop wouldn’t boot up. He was on the verge of losing no less than a half a decade of data. His response to my inquiry of what type of backup of his data he does is “I have never had time to set that up.”

    It’s really not that hard and for those of you that have “never had time” or “have been meaning to get to it”, I’ll give you a head start. Since most companies use the Windows operating system on their laptops and PCs, I am using Windows commands.

    Chances are, you have your very own cozy little share drive that has been provided you for exactly this type of situation. If it’s already mapped to a drive and persistent across boots…great. Use that drive letter in your script. If the drive is not persistent across boots or not mapped at all, I have that covered too.

    Create a batch file in a location that is going to get backed up. Feel free to get fancy with variables, loops and myriad echo statements, or just simply:

    xcopy "C:\Users\Dococ\Documents\*" "W:\Documents\" /C /H /E /D /Y

    Here is the meaning of each of the xcopy flags being used:
    /C Continues copying even if errors occur.
    /H Copies hidden and system files also.
    /E Copies directories and subdirectories, including empty ones.
    Same as /S /E. May be used to modify /T.
    /D:m-d-y Copies files changed on or after the specified date.
    If no date is given, copies only those files whose
    source time is newer than the destination time.

    The nice thing about this is it is only going to copy new files and those that have been updated so if you have a lot of files to copy, you don’t have to worry about swamping the network or your PC every time it runs.

    Add another line for each directory you want to back up. Be specific about what you want and add another line to the file every time you add something you want to recover or discover a configuration file you want to keep. Here are a few ideas.

    xcopy "C:\Users\Dococ\Pictures\*" "W:\Pictures\" /C /H /E /D /Y
xcopy "C:\Users\Dococ\Scripts\*" "W:\Scripts\" /C /H /E /D /Y
xcopy "C:\Users\Dococ\Putty\*" "W:\Putty\" /C /H /E /D /Y
xcopy "C:\Users\Dococ\Putty Sessions\*" "W:\Putty Sessions\" /C /H /E /D /Y
xcopy "C:\Program Files (x86)\Vim\*" "W:\Vim\" /C /H /E /D /Y
xcopy "C:\Users\Dococ\AppData\Roaming\Microsoft\Templates\*" "W:\Outlook Templates\" /C /H /E /D /Y
xcopy "C:\Users\Dococ\AppData\Local\Microsoft\Outlook\archive.pst" "W:\PSTs\" /C /H /E /D /Y
xcopy "C:\Users\Dococ\AppData\Roaming\Microsoft\Windows\Libraries\*" "W:\Libraries\" /C /H /E /D /Y
xcopy "C:\Users\Dococ\AppData\Roaming\Microsoft\UProof\*" "W:\UProof\" /C /H /E /D /Y

    If you don’t have a persistent drive mapped to your share include a create and delete statement for it.

    net use w: \\server\Dococ /persistent:no
net use w: /delete /y

    Add a simple task to execute this script the number of times that satisfies your personal recovery point objective.
    backup task Basic Backup Still Eludes Most IT Professionals

    Take a little time for the really important stuff and this is really important. If you would like to share ideas about making this script a little more fancy, please leave them in the comments and I will add them to the post.

    Google 2-Step Verification and Tablets/Phones

    Posted by on April 16, 2012 No comments

    The Google 2-Step verification virtually eliminates account hijacking but can be a pain when trying to sign in from a new computer or device. I highly advise those of you with Google accounts to use the 2-step verification and for Pete’s sake, make your password at least a little complicated. If you are going to continue using your last name followed by the number one, you are explicitly giving everyone affected permission to make fun of you for no less than one year.

    If you aren’t familiar with how this works, here’s a quick run down. When you sign into your Google account (which includes Google+, Gmail, etc.) your only verification by default is your (hopefully complicated) password. The second step which can be easily added to your account then sends you a verification number by SMS, phone call or a number of other techniques that must be entered as well to make sure you are who you say you are.

    I use the cell phone SMS as a source for verification codes since I almost always have my phone on my person. However, the 2-step verification assumes you are using a browser when you are signing into your account and it has the ability to pop up another page asking for the verification code. When this is not a possibility, there is another option.

    Google has created “Application-specific Codes” to allow you to generate a code ahead of time so you are doing both steps of verification at once. Follow the instructions on Google’s help page and enjoy the added security of 2-step verification without sacrificing your devices or your security.

    Find Instances and Listeners in Linux

    Posted by on March 16, 2012 No comments

    I created this script to make it very easy to see which instances and listeners are running on my server. I mostly use it to make sure everything is down when patching in RAC. Stick it in your profile script, or better yet your /etc/bashrc so all users have access to it.

    function pl {
echo
echo "Database Instances Running"
echo "=========================="
ps -ef | grep pmon | grep -v grep | tr -s ' ' | cut -d ' ' -f 8 | cut -d '_' -f 3 | sort
echo
echo "Listeners Running"
echo "=========================="
ps -ef | grep tns | grep -v grep | tr -s ' ' | cut -d ' ' -f 9
echo
}

    MedTech

    Posted by on March 1, 2012 No comments

    I’ve been reading about the products my company produces. I see a lot of pictures around the building of cool looking stuff, but up until recently I had no idea how it works. I also hear a lot of medical technology language that I’m not sure what function it has on the human body. So, after seeing the CEO on cable news talking about the latest investment report, I decided to do some research.

    What I found was absolutely amazing. Over one weekend, I spent a solid eight to ten hours reading on elementary and not so elementary medical knowledge. The problem I had is that the research I was doing turned out to be the chain, or more accurately a tree of which the branches of different subjects I had to follow in order to understand the original subject seemed almost endless.

    Take the heart for example. Do you know how it works? Yes, it’s a muscle that pumps blood, but it’s not magic, it’s science. And the steps it takes for your cardiovascular system to work properly are incredible. Although, I’m sure I learned all about it in high school, I have since forgotten almost everything I learned before the turn of the century.

    I find myself staring at the pictures in the hall, the images on the TV screens in the lobbies and the equipment in the demo room. I so badly want to learn more both for my own curiosity and for the fact that I see an incredible opportunity to become a bridge between the IT technology and the products.

    I can see that the product doesn’t seem to interest many people that I talk to in the area that I work, but maybe they just haven’t been introduced to it yet. I didn’t think anything of it until I just became a little curious one day. Anything to do with medicine would have been the last thing I would have said I have an interest in if someone were to ask me.

    I have started to reach out to people in the company that are working with the products in hopes that I can thoroughly plant myself in the middle of it both so I can see more of what it can do for people as well as to get a better foothold in the business side to advance my career.

    Copying Command Text From Office Programs

    Posted by on February 10, 2012 No comments

    I just had to post this because it’s one of those things that I would have continued to waste time “putting up with” had I not taken a few minutes to figure it out.

    Most SOPs and other documentation I write is in Microsoft Word if it is going to be distributed. I stick with Vim if it is just for me, but generally I want to share the information I take time to put together.

    If I’m using commands from documentation done in an Office product, there is an unfortunate side effect of having those commands in a neat bulleted list. By default, highlighting and selecting something will include the formatting of the list and look like this:

    •	select 'alter user '||name||' identified by values '''||password||''';'
from user$ where upper(name) = upper('&USER');

    If I paste that into my terminal, it will look something like this:

    SYS@ORCL > b"select 'alter user '||name||' identified by values '''||password||''';'
from user$ where upper(name) = upper('&USER');
SP2-0734: unknown command beginning "b"select '..." - rest of line ignored.

    There does not appear to be any way to change the behavior of copying text to not include formatting. A simple solution is to put a space in front of the command and do not include it in the selection. This will give you a copy of text that doesn’t include any bullets or list settings.

    SQL> select 'alter user '||name||' identified by values '''||password||''';'
from user$ where upper(name) = upper('&USER');
Enter value for user: scott
old   1: select 'alter user '||name||' identified by values '''||password||''';'
from user$ where upper(name) = upper('&USER')
new   1: select 'alter user '||name||' identified by values '''||password||''';'
from user$ where upper(name) = upper('scott')

'ALTERUSER'||NAME||'IDENTIFIEDBYVALUES'''||PASSWORD||''';'
--------------------------------------------------------------------------------
alter user SCOTT identified by values '351CD6466E9C1771';

SQL>

    su Forking and the Incorrect Trapping of SIGINT (CTRL-C)

    Posted by on February 1, 2012 2 comments

    This issue taunted me from the first day at my current employer. It took about a month before I figuratively threw my hands in the air and proclaimed that I would delay what I was working on to find the cure.

    The symptoms of the issue were very difficult to search for since it was somewhat hard to describe the behavior. Basically, I would log into the server as myself. Then I would su to oracle with sudo. Once I was at the command prompt as the oracle user (or any other non-privileged user), I would either want to clear what I had on the command line or cancel a tail using a ctrl-c. However, when I typed ctrl-c, I was brought back to the user I logged into the server with.

    What I found out later when investigating the problem was that the process I tried to cancel out of (tail for example) was still running in another pseudo-terminal (pts). The issue turned out to be an unintended consequence of a security fix to su.

    What really threw me off was that this issue was reproducible on all of the servers except for one, which led me to believe it was a pts or shell setting of some kind.

    I had access to the root account, so I tried suing to root first, then suing to oracle which worked just fine. In addition to the obscurity caused by the inconsistency between servers, the lack of reproducibility when not using sudo seemed to point to sudo as the culprit.

    I probed some people that had been running into the issue for awhile to see what had been done. The issue had in fact been brought to the Unix team who could not reproduce it. They were just suing without using the full sudo command that I was limited to using.

    The full sudo command I was using to switch to the oracle user was:

    sudo /bin/su - oracle -c /usr/bin/sudosh

    The last part of the command is a monitoring tool to replay the terminal output of a session. The behavior is that the user is switched to oracle and sudosh returns control of the terminal back to the screen in a similar way that screen does.

    There did not need to be anything running to pass a SIGINT to the terminal. Once the signal was passed, the prompt was returned to the original user. In addition, the terminal settings were completely different from what they were before. There is now no echo of characters returned to the terminal and line feed settings seem to be corrupted.

    [oracle ~]$ (control c pressed here) [milles ~]$ [milles ~]$ [milles ~]$ [milles ~]$ [milles ~]$ [milles ~]$ [milles ~]$ Password:
                                                                                                                su: incorrect password
              [milles ~]$

    I found out that the terminal settings are being cleared. Resetting them (stty sane) gets back to a normal terminal but now I have to sudo again and start over on what I was doing.

    Here are the stty settings in a broken and fixed (normal) state:

    Broken:
speed 38400 baud; line = 0;
intr = <undef>; quit = <undef>; erase = <undef>; kill = <undef>; eof = ^A;
start = <undef>; stop = <undef>; susp = <undef>; rprnt = <undef>;
werase = <undef>; lnext = <undef>; flush = <undef>; min = 0; time = 0;
-icrnl ixany -imaxbel
-opost -onlcr
-isig -icanon -iexten -echo -echoe -echok -echoctl -echoke

Normal:
[milles ~]$ stty –a
speed 38400 baud; rows 45; columns 120; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>; start = ^Q;
stop = ^S; susp = ^Z; rprnt = ^R; werase = ^W; lnext = ^V; flush = ^O; min = 1; time = 0;
-parenb -parodd cs8 -hupcl -cstopb cread -clocal -crtscts -cdtrdsr
-ignbrk brkint -ignpar -parmrk -inpck istrip -inlcr -igncr icrnl ixon -ixoff -iuclc -ixany imaxbel -iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke

    I tried trapping SIGINT and several other signals with various methods including the trap command. The signals never made it to the terminal which led me to believe that the terminal I was working in did not have the functionality of a fully operation terminal. In other words, another terminal was trapping my signals before they could reach my working terminal.

    Looking at the processes confirmed that there was indeed two terminals running, one a child of the other. The child terminal was hosting sudosh which my command prompt was running out of. 

    [milles ~]$ sudo /bin/su - oracle -c /usr/bin/sudosh
[oracle ~]$ ps -ef | grep sudo | grep -v grep
root     16258  2670  0 21:03 pts/2    00:00:00 /bin/su - oracle -c /usr/bin/sudosh
oracle   16279 16258  0 21:03 pts/1    00:00:00 /usr/bin/sudosh

    However, in the server that was not reproducing the issue and functioning correctly, sudosh was running as a different process, but in the same terminal.

    [milles ~]$ sudo /bin/su - oracle -c /usr/bin/sudosh
[oracle ~]$ ps -ef | grep sudo | grep -v grep
root      4615  5676  0 15:00 pts/1    00:00:00 /bin/su - oracle -c /usr/bin/sudosh
oracle    4616  4615  0 15:00 pts/1    00:00:00 /usr/bin/sudosh

    The biggest difference between these two systems is age, but the second biggest difference is version of the operating system. The latter example above was running RHAS 4 and the former running OEL 5.

    su is part of an RPM called coreutils. I checked the difference in version of coreutils between the two servers as well:

    [milles@RHAS4 ~]$ rpm -qi coreutils
Name        : coreutils                    Relocations: (not relocatable)
Version     : <strong>5.2.1</strong>                             Vendor: Red Hat, Inc.
Release     : 31.8.el4                      Build Date: Thu 29 May 2008 08:09:45 AM CDT
Install Date: Wed 03 Feb 2010 03:22:53 PM CST      Build Host: hs20-bc1-5.build.redhat.com
Group       : System Environment/Base       Source RPM: coreutils-5.2.1-31.8.el4.src.rpm
Size        : 7655912                          License: GPL
Signature   : DSA/SHA1, Tue 10 Jun 2008 01:22:58 PM CDT, Key ID 219180cddb42a60e
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL         : ftp://alpha.gnu.org/gnu/coreutils/
Summary     : The GNU core utilities: a set of tools commonly used in shell scripts
Description :
These are the GNU core utilities.  This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.
    [milles@OEL5 ~]$ rpm -qi coreutils
Name        : coreutils                    Relocations: (not relocatable)
Version     : <strong>5.97</strong>                              Vendor: Oracle USA
Release     : 23.el5_4.2                    Build Date: Wed 24 Feb 2010 12:35:24 PM GMT
Install Date: Fri 10 Jun 2011 06:42:00 PM GMT      Build Host: ca-build9.us.oracle.com
Group       : System Environment/Base       Source RPM: coreutils-5.97-23.el5_4.2.src.rpm
Size        : 9035080                          License: GPLv2+
Signature   : DSA/SHA1, Wed 24 Feb 2010 12:35:52 PM GMT, Key ID 66ced3de1e5e0159
URL         : http://www.gnu.org/software/coreutils/
Summary     : The GNU core utilities: a set of tools commonly used in shell scripts
Description :
These are the GNU core utilities.  This package is the combination of
the old GNU fileutils, sh-utils, and textutils packages.

    Through the painful and long process of troubleshooting the issue, I found that there was a bug found somewhere between these two versions that identified a security vulnerability. The change to fork any programs started using the –c flag was put in version 5.93-2. The developer later identified that there was a valid reason to keep the ability to run programs within the same terminal despite the security flaw so they included the - -session-command flag to give the program the former functionality.

    sudo runs every command it executes as the root user. The purpose of the new fix was to prevent users from running a program like sudosh that allows a user to be returned to a prompt and be able to kill that command and drop down into the parent root process, therefore giving them complete root access. With the fix in place, the user could drop out of the program executed, but they would be dropped into the forked non-privileged terminal.

    This terminal forking also affects other built-ins and functionality such as shopt. When running the shell inside the child terminal, the automatic resize of the shell window if the terminal program (i.e. Putty) changes the window size was not functioning and the window size variables had to be changed manually.

    The final fix was to run the sudosh program with the flag - -session-command instead of -c. This essentially reverts the functionality of su to its former vulnerable self but gives the signal trapping and other standard functionality back to the terminal in which it belongs.

    Using this workaround to regain functionality is not ideal since it takes away a layer of the security onion. However, using sudosh is not the most secure way of monitoring session activity either. The time saved using the workaround is tremendous. Although I couldn’t find examples of others running into this issue, they must be out there. I hope this helps someone.

    Please leave comments if you see any inaccuracies.

    Efficient DBA Part 1 Presentation

    Posted by on January 21, 2012 No comments

    I presented to the Twin Cities Oracle User Group on January 19th, 2012 on part one of an ongoing series called “Efficient DBA”. The focus of the series is how to minimize or eliminate processes or keystrokes for doing repeatable steps in a DBA’s day-to-day activities.

    The PowerPoint presentation can be downloaded here.

    New Digs

    Posted by on November 16, 2011 No comments

    I’d like to say that my absence over the last few months has something to do with my job change, but that just doesn’t hold water. Especially, since I only changed jobs three weeks ago. I just haven’t felt like writing anything for the last few months. I often think about blogging but it seems that every time I psyche myself up to do it, I can’t think of anything unique to offer. In other words, the stuff that I want to write about has already been done and written about many times over. I’m slowly convincing myself that it doesn’t matter and that this medium is as much of an outlet for me as it is a consumable for others.

    I have a lot of complaints about my previous employer, but no regrets. I learned a lot from my work, the technology I used, the people I worked with and the experiences I gained over the last three years. I left amicably (as amicably as possible when leaving a job) and could see myself there again sometime in the future. In fact, I suggested as much.

    My new employer as of the beginning of November is entirely different from my previous one. For one thing, it is a large company, as in many, many times the size in people and revenue. I was very hesitant because I have only worked in small or medium size companies for my entire IT career. I have always had all the keys, passwords and clearance.

    Now I have very little and my jurisdiction is clearly defined. In the past three weeks, I have come to love the fact that I am somewhat locked down in my silo of database services. Database is what I fell in love with and committed to way back in the beginning. A recent trip to Oracle OpenWorld renewed that passion and made this transition the obvious right choice.

    So now I am a “Database Analyst – Oracle” (according to my business card). Everything else is provided to me through a company service. By the time I see the server the OS is installed, the configuration of the network, disk, etc. is done and verified and the installation files I need are mounted on an NFS share. Sweet! You mean I actually get to start and finish a project without having to babysit or do every process in between that I’m not supposed to be doing? I’ll take it.

    Here’s the really fun part. I’m working directly with people that are as passionate about technology and career growth as I am. Everywhere I look there is someone to laud and strive to emulate. These things make for a very challenging and fulfilling work day.

    Possibly the most important thing is the person I report to. Management methods vary as much as personalities so finding the right person to work under can be very challenging. I believe I have found close to what I have characterized in my mind as the ideal manager. The way I see a manager in a professional environment is someone whose end goal is to deliver objectives to his superior. Everything else should be a means to that end.

    So when I hear my manager say that he doesn’t have time to manage me as an individual and he only expects me to deliver the finished product on time, I feel that the totality of the effort I put in to succeed in my job is going to make myself look just as good to my manager as my manager will look to his director. I don’t have to worry about the stuff that doesn’t matter like figuratively punching a timecard or worrying about scheduling dentist appointments after work hours.

    I realize I am only in week three and a lot can change in a short time, but I feel like I’m in the right place now and I’m ready to really showcase my skills and see if this company is ready to accommodate what I am looking for and capable of producing.

    By the way, the coffee here is fantastic and free!

    Use Service Name in Oracle to Disable Database Login

    Posted by on June 13, 2011 No comments

    Recently I was trying to do some database updates to a development database, but I was running into problems truncating and deleting from tables because other users on the system had rows locked with NOWAIT. I wanted to find a way to disable user access without actually taking down the database. I also had the problem of having other production databases on the same server so just shutting down the listener was not an option. The third option was to take down the forms application server, but that is also serving multiple instances. So the best option seemed to be to disable the service that the listener was connecting to.

    First, I confirmed the tnsnames.ora on the app server was pointing to service name instead of sid. Then, I used dbms_service to disable the service.

    execute dbms_service.STOP_SERVICE(‘serv’);

    That didn’t seem to do anything though so I looked at the dba_services table to make sure it was disabled. What I found was that all of the services were disabled.

    SYS$BACKGROUND NO
    SYS$USERS NO
    servXDB NO
    serv NO

    I’m not sure why this didn’t work or why all of the services are disabled, but I ended up altering the tnsnames.ora on the application server so that the forms couldn’t connect. If there are any thoughts as to how to accomplish what I was trying to do, please leave a comment.