Sunday, 23 December 2007

pcWatcher 1.0 Uploaded

I have just uploaded pcWatcher to my website. A screenshot can be viewed here and the program can be downloaded free of charge here. Here’s an extract from the README file supplied with the program:

PCWATCHER is a Windows utility, written in .NET that performs three functions:

Memory Monitor: pcWatcher monitors the amount of memory that you are using and displays it in real time within the window.

File Monitor: pcWatcher can monitor files that are Created, Deleted or Changed and displays these to the screen.

Spy Alert: pcWatcher checks for the existence of the spy programs Spector Pro and eBlaster, and alerts you if these are installed on your system.

In addition pcWatcher displays additional information such as the status of your network connection, the version of windows you are using, the computer and user name.

"Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you." - Carl Sandburg

GenDAT: Fantastic Software have included GenDAT in their collection of 2000 of the best Freeware programs. Good Stuff ☺

"If you treat people right they will treat you right - ninety percent of the time." - Franklin D Roosevelt

Oracle: User Account Security ...

Oracle has a bewildering array of security features to help you to make sure that your users access only what they need and to ensure that you have very fine control over their abilities.

A couple of things you should look at first, the following parameters are off by default and you should make sure that unless you have a very good reason, they stay set to false:


In addition you should check the privileges that have been assigned to PUBLIC and remove any that you are not comfortable with. Remember the principle of ‘Least Privilege’.

You should also absolutely minimise the amount of users who have ADMIN access.

Whenever an Oracle database is created the users SYS and SYSTEM are also created. If you use DBCA (Database Configuration Assistant) to create your database you will also have SYSMAN and DNSNMP.

SYS - Data Dictionary Owner
SYSTEM - Admin Account
SYSMAN - Used by Enterprise Manager (EM)
DBSNMP - Used by Enterprise Manager (EM)

Check all the default accounts that are created and make sure that those you don’t initially need are locked and have their password expired. The following statement shows how this is accomplished:


Assuming you are using database authentication of your users, then password security rules are enforced through profiles. Listed below are some of the password security profile parameters that you can use:

FAILED_LOGIN_ATTEMPTS - maximum consecutive count
PASSWORD_LOCK_TIME - days (or part of ie: 5/1440 = 5 Minutes) to lock the account
PASSWORD_LIFE_TIME - maximum days for this password to exist
PASSWORD_GRACE_TIME - number of days following the first successful login after the password expiry and the users are reminded to change their password, but can still log in
PASSWORD_REUSE_TIME - minimum days before password reuse
PASSWORD_REUSE_MAX - minimum changes of password before reuse allowed

These parameters are set in the following way:


"Courage is fear that has said its prayers." - Dorothy Bernard

Oracle Views

An Oracle database consists of a vast amount of underlying metadata that stores information about the database itself. This metadata is extremely cryptic and as such Oracle have provided ‘user friendly’ views to enable the user or DBA to view this data in a meaningful format.

There are two types of Oracle Views:

Data Dictionary Views
Dynamic Performance Views

Data Dictionary Views begin with DBA_ , USER_ or ALL_ . The difference is as follows: DBA_ Views show information on all the tables in the database, ALL_ shows information on all the tables that you own or have been granted access to. USER_ shows information on all the tables that you own.

There are some differences between Data Dictionary Views and Dynamic Performance Views:

Data Dictionary Views usually have plural names (DBA_TABLES), Dynamic Performance Views, singular (V$DATAFILE)
Data Dictionary Views are only available whilst the database is open, some V$ Views are available when the DB is not fully open
The data in Data Dictionary Views is usually UPPERCASE whilst V$ data is usually lowercase
The data in Data Dictionary Views is static and not cleared when the DB is restarted, V$ data is cleared after a restart

Examples of Data Dictionary Views


Examples of Dynamic Performance Views


"The truth is not simply what you think it is; it is also the circumstances in which it is said, and to whom, why and how it is said." - Vaclav Havel

Oracle: COMMENT ON ...

A little known / little used feature of Oracle is the COMMENT ON TABLE / COMMENT ON COLUMN facility. Basically this allows each table and column to have a descriptive text applied to it. It is common to have descriptive text for both tables and columns contained within your application schema, or in a separate data dictionary type document, but it would be nice for that information to be available via external tools that access and / or modify the database without referring to separate documentation.

The feature is used in the following way:

COMMENT ON TABLE mytable IS ‘This is my Master Table’

COMMENT ON COLUMN mytable.primarykey IS ‘Unique ID from Sequence SEQ_MASTER’

The comments can be displayed by querying the following views:


If you have a schema within your application that contains comments on both the table and column levels it should be very straightforward to write a small program to loop through your schema data and write those comments into Oracle. It could be a couple of hours well spent.

"The excellence of a gift lies in its appropriateness rather than in its value." - Charles Dudley Warner

Only In America ...

Rockdale USA. Police have initiated a program of placing a yellow sticker on your car if you happen to have left valuables on display. The sticker warns of the dangers of leaving valuables where thieves may see them.

Of course if you happen to be a thief you can just target the cars with yellow stickers .... mmmmm ....

For the article see here.

"If you are pained by external things, it is not they that disturb you, but your own judgment of them. And it is in your power to wipe out that judgment now." - Marcus Aurelius Antoninus

Would You Trust ...

Would you trust the UK Government to run a National ID Card Database ?

The recent loss of a disk containing 25 Million Child Benefit details is incredible. Not only did they lose the disk but they neglected to encrypt the information on it. It is quite possible to, very simply and cheaply, encrypt information in such a way that would make that disk worthless to anyone who gained access to it.

Instead, Bank Account details, Dates of Birth, National Insurance Numbers for millions of people are out in the wild. This should *never* happen. Ever. There is absolutely, categorically no excuse for this.


"The guy who takes a chance, who walks the line between the known and unknown, who is unafraid of failure, will succeed." - Gordon Parks

Security, Slippery Slope ...

In October 2007 a law came into being that allows the government to force you to hand over encryption keys so that they can access your secured information. To the layman this is a necessary weapon in the war against terrorism, and that is exactly how it was sold to the public.

So why this month was this ‘Section 49 / Section 51’ law used to force a group of animal rights activists to hand over the encryption keys for their computers ?

A law that is only 2 months old and is already being used and abused by the powers that be. The ‘threat of terrorism’ is being used by both the British and American Governments to implement laws that would not be passed otherwise. Our personal freedoms are being eroded daily and most of us have not even noticed - yet.

Thanks for Bruce Schneier for revealing this.

"To die is nothing; but it is terrible not to live." - Victor Hugo

Trouble with Oracle 10g on a VM

I have been having trouble until recently running Oracle 10G within a Virtual Machine environment. I have tried Parallels / VMWare / Virtual Server and Fusion. Always the same result, the database runs ok and maybe survives a couple of reboots, however sooner or later the database will refuse to start. The Operating System installed within the VM is Windows Server 2003 R2.

I have found a solution that works to restart the database successfully, although I have not yet found the reason for the problem in the first place. If you find yourself in a similar situation and you are presented with the following when attempting to connect to your Oracle Database:

ORA-01034: ORACLE Not Available
ORA-27101: Shared Memory Realm Does Not Exist

then this is what you need to do to start the database:

Firstly open the Command Line shell and perform the following (shown in bold):

C:\ sqplus /nolog
SQL> conn system/password as sysdba
SQL> shutdown abort
SQL> startup

Here is an alternative method that has also worked for me:

Create a file in the root of drive C: called startup.sql, these are the contents:


then create a file called Startup.Bat with the following contents:

c:\Oracle\product\10.2.0\<SID>\bin\sqlplus -s "/ as sysdba" @ c:\startup.sql

(Obviously replace <SID> with your database ORACLE_SID)

When you wish to start the database just run the startup.bat batch file.

That’s it. With luck your database with startup as required and all is well with the world. Now to find out why it happens in the first place ...

"You cannot escape the responsibility of tomorrow by evading it today." - Abraham Lincoln