DBDiff: a C# program to compare two databases

In one of my current projects I have to import an Oracle database dump into a development database every two weeks. But more than once there were tables missing, columns have been changed, or indices have been removed in the new dump. Of course, that led to problems with the programs that used the database.

To be able to find the differences between the old and the new database I wrote a small C# program that “diffs” two databases. It generates a textfile containing

  • a list of all tables
  • including the number of rows per table
  • a list of all indexes
  • a list of all columns and their configuration

Furthermore, it compares two of these text files and produces an output file like this:

== Missing tables ==
TABLE1

== Added tables ==
TABLE2

= Less rows =
TABLE3: 123 -> 100

= Equal number of rows =
TABLE4: 17 -> 17

= More rows =
TABLE5: 123 -> 234

== Missing indexes ==
TABLE3.COL1

== Added indexes ==
TABLE4.COL2

== Missing Columns ==
TABLE3.COL4

== Added Columns ==
TABLE3.COL5

So, before I import the new dump, I create a textfile with DBDiff that contains the current database state. After the import I create another one and compare it to the old file giving me all the changes to the database structure. Of course, the tool could also be used to compare a production database to a development database.

Here are two screenshot showing the tool in action:

DBDiff dumping database information
DBDiff comparing two result text files

Download

You can download the program including its source code here:

All needed configuration (DSN, credentials etc.) is done in DBDiff.exe.config. The database needs to be configured and reachable as an ODBC source.

Auswertung von Google-Suchanfragen zum Thema Private Krankenversicherung (PKV)

26. April 2011 um 10:23:27 - Beitrag Nr. 1024
Schlagwörter: , ,

Vor 5 Tagen habe ich diesen Blog-Beitrag verfasst, der einem Kollegen von mir helfen soll, besser einschätzen zu können, wie schnell man bei Google zu bestimmten Suchbegriffen auf den vorderen Plätzen der Suchergebnisse landet: Test: Vergleich von Suchanfragen zur Privaten Krankenversicherung (PKV). Heute habe ich die gleichen Suchbegriffe noch einmal ausgewertet und komme zu folgendem Ergebnis (ein Klick auf die Bilder zeigt die ersten 50 Suchergebnisse an):

Google-Suche: pkv

→ nicht unter den ersten 800 Treffern

Google-Suche: private krankenversicherung

→ nicht unter den ersten 1000 Treffern

Google-Suche: private krankenversicherung vergleich

→ nicht unter den ersten 800 Treffern

Google-Suche: private krankenversicherung test

→ nicht unter den ersten 700 Treffern

Bei den generischen Suchbegriffen pkv und private krankenversicherung in Kombination mit vergleich und test schneide ich also nicht so gut ab. Das ist aber auch kein großes Wunder, da es enorm viele Websites gibt, die einfach viel mehr und besseren Content zu den Suchbegriffen bieten als mein kleiner Blog-Beitrag. Allein die vielen (Fake-?)Seiten, die die Suchbegriffe schon in ihrer Domain enthalten…

Anders sieht es aus, wenn man die generischen Suchbegriffe um den Ort (vechta) ergänzt:

Google-Suche: pkv vechta

→ auf Position 3

Google-Suche: private krankenversicherung vechta

→ auf Position 17

Allerdings stellt sich die Frage, welcher potentieller Kunde danach sucht :-)

Mit einigen weiteren Schlüsselwörtern habe ich es auch noch in Googles Index geschafft. Wenn man also gezielt Beiträge mit für bereits versicherte Kunden interessanten Begriffen erstellen würde, könnte man durchaus seine Zielgruppe erreichen:

Test: Vergleich von Suchanfragen zur Privaten Krankenversicherung (PKV)

Ein Kollege von mir schreibt gerade einen “Report” im Rahmen seiner Ausbildung zum Kaufmann für Versicherungen und Finanzen und setzt sich mit der Fragestellung auseinander, wie Unternehmen der privaten Krankenversicherung (PKV) (und dabei natürlich insb. unser Arbeitgeber, die ALTE OLDENBURGER AG) das Internet (besser) für den Kontakt zu potentiellen Kunden nutzen können.

In diesem Zusammenhang untersucht er, welche Möglichkeiten bestehen, um bei Suchmaschinen (insb. bei Google) mit generischen Schlüsselwörtern (wie z.B. pkv, private krankenversicherung oder private krankenversicherung vergleich) auf den vorderen Plätzen der Suchergebnisse zu landen. Unser Unternehmen ist zur Zeit über allgemeine Suchbegriffe wenn überhaupt nur auf den hinteren Rängen zu finden (unter den ersten 900 (!) Suchergebnissen zum Suchbegriff private krankenversicherung sind wir aktuell nicht vertreten) und das soll sich ändern :-) Gerade weil wir ein kleines Unternehmen sind, aber trotzdem (oder vielleicht gerade deswegen!?) regelmäßig sehr gute Bewertungen von renommierten Rating-Unternehmen wie Assekurata erhalten, bietet das Internet und hier auch gerade der Bereich Social Media ein gewaltiges (weil kostengünstiges) Potential um (Neu-)Kunden zu erreichen. Und nicht nur das: unseren neuen Studenten für das duale Studium Wirtschaftsinformatik haben wir z.B. über meinen Blog-Beitrag zu dem Thema gefunden. Kein Wunder, da die entsprechende Suchanfrage (duales studium vechta) nicht etwa die entsprechende Seite unseres Unternehmens als Treffer liefert, sondern dieses Blog :-)

Um meinen Kollegen beim praktischen Teil seiner Arbeit zu unterstützen, habe ich nun diesen Blog-Artikel angelegt, der zugepflastert ist mit Schlüsselwörtern zum Thema PKV. Ich warte nun einfach ein paar Tage ab und kontrolliere, ob ich mit diesem Beitrag in die Suchergebnisse bei Google komme oder nicht. Allgemein indexiert Google dieses Blog recht schnell (dank Pingbacks und der Google Webmaster-Tools) und WordPress ist eine sehr “suchmaschinenfreundliche” Blog-Software, sodass ich vielleicht eine geringe Chance habe, unter die ersten 50(0) Treffer zu kommen.

Viele Tipps zur Suchmaschinenoptimierung (SEO) kenne ich bereits und das Wichtigste ist wie so oft der Inhalt der Website: content is king. Durch informative, interessante, ansprechend geschriebene Artikel (z.B. über die private Krankenversicherung, die allgemeine Entwicklung im deutschen Gesundheitswesen oder die ganz konkreten Probleme und Fragen der versicherten Personen zu Themen wie Beitragsrückerstattung, Alterungsrückstellung, Übertragungswert usw.) kann ein Unternehmen Besucher auf seine Website leiten und sie auch dort halten oder sie gar dazu bringen, selbst “Werbung” (z.B. bei Twitter, Facebook usw.) für den Inhalt (und damit indirekt für das Unternehmen) zu machen. Stichwort: Virales Marketing.

Das wichtigste Kriterium für den erfolgreichen Einsatz des Internets und von Social Media ist allerdings eine authentische, offene Kommunikation mit den (potentiellen) Kunden. Alles andere kann sehr schnell ins Gegenteil umschlagen, wie inzwischen viele gewichtige Negativbeispiele unter Beweis stellen: 13 große Social Media Fails (Klaus Eck), Social Web: Trigemas „Beinahe-Social-Media-Desaster“ (Falk Hedemann), Social-Media-Desaster, Teil 3: Jung von Matt (Alex Kölling). Der Erfolg von “Maßnahmen” im Internet setzt somit eine entsprechende offene Unternehmenskultur voraus. Online-Beiträge müssen schnell und authentisch veröffentlicht werden dürfen und nicht erst durch drei Hierarchieebenen abgesegnet werden müssen. Viele Unternehmen (z.B. Daimler) haben bereits Social Media-Richtlinien für ihre Mitarbeiter aufgestellt, um sich den Herausforderungen des Internets zu stellen. Ein sehr interessantes Beispiel aus der Praxis (für den authentischen Einsatz von Twitter) sind die Wynn-Hotels: Hanselminutes Podcast 208 – Social Media and the Business of Social – The Wynn Resorts.

Doch eins nach dem anderen. Zunächst bin ich mal gespannt auf das Google-Ranking, das ich mit diesem Beitrag erziele. Aktuell (21.04.2011) sehen die Ergebnislisten (jeweils die ersten 50 Einträge) von Google zu den entsprechenden Suchbegriffen wie folgt aus (die Suchergebnisse werden nach einem Klick auf das entsprechende Vorschaubild angezeigt):

Google-Suche: pkv
Google-Suche: private krankenversicherung
Google-Suche: private krankenversicherung vergleich
Google-Suche: private krankenversicherung test
Google-Suche: pkv vechta
Google-Suche: private krankenversicherung vechta

In ein paar Tagen werde ich die gleichen Suchanfragen noch einmal stellen und die Ergebnisse dann mit den aktuellen vergleichen. Mal schauen, ob sich dann tatsächlich etwas getan hat. Nach 5 Tagen habe ich die gleichen Suchanfragen noch einmal ausgeführt und hier sind die Ergebnisse: Auswertung von Google-Suchanfragen zum Thema Private Krankenversicherung (PKV)

Um das Thema Social Media kümmere ich mich dann danach :-) Ich lade euch aber natürlich bereits jetzt alle herzlich ein, in den Kommentaren mit mir über das Thema zu diskutieren.

Single Sign On with Kerberos using Debian and Windows Server 2008 R2

Recently, I wanted to add single sign on (SSO) functionality to our intranet server, which runs a Debian Linux. Users should be automatically logged in to the website using their Windows user accounts, which are stored in an Active Directory on a Windows Server 2008 R2, without entering their credentials again. To make this work in the described Linux/Windows environment, Kerberos is the method of choice.

Now, after looking at the small bit of configuration that is actually needed to get SSO working, the complete day I spent figuring it out seems like a waste of time :-) But while searching the web for answers to all the problems I faced during the initial configuration, I got a feeling that many others had to struggle with Kerberos, too.

Anyway, here is how to make SSO run on Debian Linux against Windows Server 2008 R2, started from scratch:

Make sure to use only the latest packages available, especially the ones regarding Samba and Kerberos. Otherwise Kerberos may not work due to changes in Windows Server 2008. I used the following configuration in /etc/apt/sources.list:

deb http://ftp.de.debian.org/debian/ squeeze main
deb-src http://ftp.de.debian.org/debian/ squeeze main

These are the packages’ versions on my Debian machine:

ii  samba                             2:3.5.6~dfsg-3squeeze2       SMB/CIFS file, print, and login server for Unix
ii  samba-common                      2:3.5.6~dfsg-3squeeze2       common files used by both the Samba server and client
ii  samba-common-bin                  2:3.5.6~dfsg-3squeeze2       common files used by both the Samba server and client
ii  krb5-config                       2.2                          Configuration files for Kerberos Version 5
ii  krb5-multidev                     1.8.3+dfsg-4                 Development files for MIT Kerberos without Heimdal conflict
ii  krb5-user                         1.8.3+dfsg-4                 Basic programs to authenticate using MIT Kerberos
ii  libgssapi-krb5-2                  1.8.3+dfsg-4                 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii  libkrb5-3                         1.8.3+dfsg-4                 MIT Kerberos runtime libraries
ii  libkrb5-dev                       1.8.3+dfsg-4                 Headers and development libraries for MIT Kerberos
ii  libkrb53                          1.8.3+dfsg-4                 transitional package for MIT Kerberos libraries
ii  libkrb5support0                   1.8.3+dfsg-4                 MIT Kerberos runtime libraries - Support library

Install the needed packages and go through the basic configuration as described here:

In my case the basic needed configuration looks like this:

  • /etc/krb5.conf
    [libdefaults]
        default_realm = YOURDOMAIN.COM
    [realms]
        YOURDOMAIN.COM = {
            kdc = DOMAINCONTROLLER.YOURDOMAIN.COM
            master_kdc = DOMAINCONTROLLER.YOURDOMAIN.COM
            admin_server = DOMAINCONTROLLER.YOURDOMAIN.COM
            default_domain = YOURDOMAIN.COM
        }
    [login]
        krb4_convert = true
        krb4_get_tickets = false
  • /etc/samba/smb.conf
    workgroup = YOURDOMAIN
    realm = YOURDOMAIN.COM
    netbios name = WEBSERVER
    security = ADS
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    machine password timeout = 0 # needed when using only the machine account as described below
  • /var/www/kerberos/.htaccess
    AuthType Kerberos
    KrbAuthRealms YOURDOMAIN.COM
    KrbMethodNegotiate On
    KrbMethodK5Passwd On
    KrbServiceName HTTP/webserver.yourdomain.com
    Krb5KeyTab /etc/krb5.keytab
    require valid-user

Now you basically have two choices for Kerberos authentication against the Active Directory: Using a seperate technical user account (which should be the preferred method) or using only the Linux server’s machine account.

Using a seperate technical user account

  • (re)join the Linux server to the domain
    webserver:~# net ads join -U administrator
    Enter administrator's password:
    Using short domain name -- YOURDOMAIN
    Joined 'WEBSERVER' to realm 'yourdomain.com'
  • restart the services
    webserver:~# /etc/init.d/samba restart
    Stopping Samba daemons: nmbd smbd.
    Starting Samba daemons: nmbd smbd.
    webserver:~# /etc/init.d/winbind restart
    Stopping the Winbind daemon: winbind.
    Starting the Winbind daemon: winbind.
  • check whether everything works
    webserver:~# wbinfo -t
    checking the trust secret for domain YOURDOMAIN via RPC calls succeeded
  • add a technical user to your Active Directory, e.g. tukerberos with password Kerber0s
  • create and attach the needed service principals for the website to the technical user on the domain controller
    ktpass -princ HOST/webserver.yourdomain.com@YOURDOMAIN.COM -mapuser tukerberos@YOURDOMAIN.COM -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass Kerber0s -out c:\krb5.keytab
    ktpass -princ HTTP/webserver.yourdomain.com@YOURDOMAIN.COM -mapuser tukerberos@YOURDOMAIN.COM -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass Kerber0s -out c:\krb5.keytab -in c:\krb5.keytab
  • copy \\domaincontroller\c$\krb5.keytab to webserver:/etc/krb5.keytab
  • set the needed file system permissions on the keytab file
    webserver:~# chown root.www-data /etc/krb5.keytab
    webserver:~# chmod 0640 /etc/krb5.keytab
  • open http://webserver/ in Internet Explorer → the user should be logged in automatically

Using only the Linux server’s machine account

  • (re)join the Linux server to the domain (the error message may be ignored for now)
    webserver:~# net ads join -U administrator
    Enter administrator's password:
    Using short domain name -- YOURDOMAIN
    Joined 'WEBSERVER' to realm 'yourdomain.com'
    [2011/04/19 10:54:35.026049,  0] libads/kerberos.c:333(ads_kinit_password)
      kerberos_kinit_password WEBSERVER$@YOURDOMAIN.COM failed: Preauthentication failed
  • reset the (newly created) machine account in your Active Directory so the machine’s password is reset to the initial value (i.e. the machine’s hostname, webserver)
  • change the machine’s password to a new value (e.g. Kerber0s)
    webserver:~# kpasswd webserver
    Password for webserver@YOURDOMAIN.COM: webserver
    Enter new password: Kerber0s
    Enter it again: Kerber0s
    Password changed.
  • add the needed service principals (e.g. HTTP/webserver, HTTP/webserver.yourdomain.com) to the machine account using adsiedit.msc on your domain controller
  • request an initial Kerberos ticket
    webserver:~# kinit webserver
    Password for webserver@YOURDOMAIN.COM: Kerber0s
  • find out the current kvno of the service principal
    webserver:~# kvno HTTP/webserver
    HTTP/webserver@YOURDOMAIN.COM: kvno = 18
  • create a Kerberos keytab file
    webserver:~# ktutil
    ktutil:  addent -password -p HOST/webserver.yourdomain.com@YOURDOMAIN.COM -k 18 -e rc4-hmac
    Password for HTTP/webserver.yourdomain.com@YOURDOMAIN.COM: Kerber0s
    ktutil:  addent -password -p HTTP/webserver.yourdomain.com@YOURDOMAIN.COM -k 18 -e rc4-hmac
    Password for HTTP/webserver.yourdomain.com@YOURDOMAIN.COM: Kerber0s
    ktutil:  wkt /etc/krb5.keytab
    ktutil:  q
  • set the needed file system permissions on the keytab file
    webserver:~# chown root.www-data /etc/krb5.keytab
    webserver:~# chmod 0640 /etc/krb5.keytab
  • open http://webserver/ in Internet Explorer → the user should be logged in automatically

Possible errors and how to fix them

This is how a successful Kerberos login looks in the Apache logfile:

[Tue Apr 19 11:09:04 2011] [debug] src/mod_auth_kerb.c(1628): [client 10.120.22.74] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Tue Apr 19 11:09:04 2011] [debug] src/mod_auth_kerb.c(1240): [client 10.120.22.74] Acquiring creds for HTTP/webserver.yourdomain.com
[Tue Apr 19 11:09:04 2011] [debug] src/mod_auth_kerb.c(1385): [client 10.120.22.74] Verifying client data using KRB5 GSS-API
[Tue Apr 19 11:09:04 2011] [debug] src/mod_auth_kerb.c(1401): [client 10.120.22.74] Client didn't delegate us their credential
[Tue Apr 19 11:09:04 2011] [debug] src/mod_auth_kerb.c(1420): [client 10.120.22.74] GSS-API token of length 163 bytes will be sent back

However, these are all the different error messages I got throughout my initial attempt:

[Mon Apr 18 16:57:30 2011] [debug] src/mod_auth_kerb.c(1101): [client 10.120.22.74] GSS-API major_status:000d0000, minor_status:0000000d
[Mon Apr 18 16:57:30 2011] [error] [client 10.120.22.74] gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more information (, Permission denied)

→ wrong file system permissions for /etc/krb5.keytab, i.e. not readable for the webserver’s Linux user

[Mon Apr 18 17:51:54 2011] [debug] src/mod_auth_kerb.c(1101): [client 10.120.22.74] GSS-API major_status:000d0000, minor_status:025ea101
[Mon Apr 18 17:51:54 2011] [error] [client 10.120.22.74] gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more information (, Key table entry not found)

→ missing service principal (possibly HTTP/webserver.yourdomain.com@YOURDOMAIN.COM) in /etc/krb5.keytab

[Tue Apr 19 08:40:38 2011] [debug] src/mod_auth_kerb.c(1429): [client 10.120.22.74] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
[Tue Apr 19 08:40:38 2011] [debug] src/mod_auth_kerb.c(1101): [client 10.120.22.74] GSS-API major_status:00010000, minor_status:00000000
[Tue Apr 19 08:40:38 2011] [error] [client 10.120.22.74] gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error)

→ the website is not in zone “Local Intranet” in IE or IE is configured incorrectly, see Authentication Uses NTLM instead of Kerberos

[Tue Apr 19 09:31:43 2011] [debug] src/mod_auth_kerb.c(1101): [client 10.120.20.81] GSS-API major_status:000d0000, minor_status:000186a3
[Tue Apr 19 09:31:43 2011] [error] [client 10.120.20.81] gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information (, )

→ wrong kvno or machine password in /etc/krb5.keytab → recreate the keytab using the correct information
→ OR problem with local Kerberos ticket cache on your workstation, use Kerbtray.exe to purge the ticket cache and open the website in IE again

Slow DNS resolution on Windows Server 2008 R2

A colleague of mine had a problem with a Windows Server 2008 R2 today: After configuring the server as the DNS server for the local domain, name resolution on a Debian client was extremely slow. A ping returned the correct IP and only took a few milliseconds but between each single ping a few seconds passed:

Windows Server 2008 slow DNS

When adding -n (disable address resolution) to the list of ping‘s options everything worked fine. So it had to be a problem with the DNS server. Volker Helms seemed to have the same problem and his blog post lead me towards the right solution.

Apparently, the problem was the DNS server trying to forward each DNS request to a root server on the internet which it could not reach (due to firewall settings) although the client tried to resolve a host in the DNS server’s own DNS domain. However, after adding the root zone (.) to the DNS server, the ping worked just fine. But because I thought that this was a bad solution, I searched for a better one and found the following setting: Properties – Advanced – Server options – Disable recursion (see Microsoft’s explanation here: Disable Recursion on the DNS Server). After enabling the setting the ping worked as expected.

Windows Server 2008 R2 slow DNS 2

Optional NTLM authentication for a website on Apache with PHP

This article shows how to configure the Apache webserver and a PHP website to optionally use NTLM authentication (Integrated Windows Authentication) to authenticate the website’s users. That means, a user may log in via his or her Windows account but does not have to. If he cannot be logged on (automatically), he just gets shown the basic website without the content for only logged on users.

First of all, you need to configure your Apache webserver to use NTLM authentication against your Windows domain. I followed this step-by-step guide to make it work: Using the NTLM part of Samba for Apache on Linux.

Then you need to configure the webserver so that access to the file auth.php is restricted to authenticated Windows users:

  1. <Files "auth.php">
  2.   # require the user to login via his Windows account when accessing auth.php
  3.   NTLMAuth on
  4.   AuthType NTLM
  5.   AuthName "NTLM Authentication"
  6.   NTLMAuthHelper "/usr/bin/ntlm_auth –helper-protocol=squid-2.5-ntlmssp"
  7.   NTLMBasicAuthoritative on
  8.   Require valid-user
  9.   # if the user cannot be authenticated he gets redirected to the main page
  10.   ErrorDocument 401 /index.php
  11. </Files>

If the user gets authenticated, auth.php stores the Windows username in the user’s session like this:

  1. // NTLM sets REMOTE_USER to the current Windows username automatically
  2. $_SESSION[‘username’] = $_SERVER[‘REMOTE_USER’];
  3. header("Location: index.php");

Now, if the user opens the main page of the website (index.php) for the first time he needs to be redirected to auth.php to authenticate. If the authentication fails, he gets re-redirected to index.php (via ErrorDocument 401 index.php in the Apache config) and is not logged on but may browse the content of the site that is visible to everybody. But if he got authenticated correctly he is now able to see the complete content of the website.

  1. $username = "";
  2. $user_is_logged_in = false;
  3.  
  4. // when the user visits the site for the first time
  5. // he has not yet been authenticated and his session is empty
  6. if (!isset($_SESSION[‘username’]))
  7. {
  8.     // initialize the username so the user does not get
  9.     // redirected over and over again
  10.     $_SESSION[‘username’] = "";
  11.     header("Location: auth.php");
  12. }
  13. else
  14. {
  15.     $username = trim($_SESSION[‘username’]);
  16.     // if the user got authenticated, auth.php stored the
  17.     // username in the session
  18.     if ($username != "")
  19.     {
  20.         $user_is_logged_in = true;
  21.     }
  22. }
  23.  
  24. if (!$user_is_logged_in)
  25. {
  26.     echo ‘not logged in<br/>’;
  27.     echo ‘<a href="auth.php">login</a><br/>’;
  28. }
  29. else
  30. {
  31.     echo ‘logged in as: ‘ . $username . ‘<br/>’;
  32.     echo ‘content only visible for logged in users<br/>’;
  33. }
  34.  
  35. echo ‘content visible for all users<br/>’;

Download example website

Oracle: enable UTL_FILE.PUT_LINE to write output to a file

Today I wanted to log some database output to a text file with UTL_FILE.PUT_LINE but when I called this procedure:

  1.   file UTL_FILE.file_type;
  2.   file := UTL_FILE.fopen(‘/tmp’, ‘test.txt’, ‘A’);
  3.   UTL_FILE.put_line(file, line);
  4.   UTL_FILE.fflush(file);
  5.   UTL_FILE.fclose(file);
  6.   DBMS_OUTPUT.put_line(line);
  7. END writeLog;

it produced an ORA-29280 error: invalid directory path:

ORA-29280: invalid directory path
ORA-06512: in "SYS.UTL_FILE", line 29
ORA-06512: in "SYS.UTL_FILE", line 448
ORA-06512: in "AOM.WRITELOG", line 5

Apparently, you need to set the list of file system directories Oracle is allowed to write to (parameter UTL_FILE_DIR) in the database’s configuration. I found this article describing the needed action: Initialization Parameter files: PFILEs vs. SPFILEs.

After entering this simple command and restarting the database it worked:

  1. ALTER SYSTEM SET utl_file_dir=‘/tmp’ SCOPE=BOTH;

Is Punk Rock already mainstream?

22. März 2011 um 18:51:59 - Beitrag Nr. 931
Schlagwörter:

Today during my morning break I read the following headline from wasteofmind.de:

Rise Against hits German charts
(Rise Against hits the top of the German album charts)

So it seems as if “good music” finally made it into the German charts ;-) What I don’t know is whether to be happy about it or not. “Endgame” surely is a great album (with catchy songs like Disparity By Design or Satellite), but not as “punk rocky” as the older ones (e.g. my favourite: Revolutions per Minute). You can definitely hear the difference (e.g. slower rhythms, “easier” song structures). I heard through the complete album almost ten times up until now and most of the songs in the second half of the album needed quite a few times of hearing to get into my head (they seem to have put the killer songs on the first half), but I still like most of them (Broken Mirrors and This is letting go are the two exceptions).

Go and visit their Myspace page and listen to some of the new songs and then (of course) go and BUY the album:

SQL command for killing Oracle user sessions

Here’s a small piece of SQL to generate SQL commands for killing all user sessions of a given user (you need to be sys/system):

select 'alter system kill session ''' || sid || ',' || serial# || ''';'
from gv$session
where username='USER'
and machine='PCNAME';

Job interview questions for system administrators

During the last few weeks I interviewed quite a few candidates for the position as a system administrator in our company (job ad here). But what questions do you ask a prospective administrator to check whether he or she has the needed skills for the job? We needed someone who could administer a Windows domain and some Linux servers, all virtualized by VMWare. For me, it was almost instantly clear that theoretical questions alone would not suffice to form an opinion of the candidate’s skills.

The developers I interviewed for another position needed to “pair program” (although in fact they were the only ones to write a line of code) some small applications with me. There are tons of example programs out there for this task. For example, I chose FizzBuzz, a linked list, and a prime factors generator. By watching the contestants program “live” you can get a good grasp of their programming and analytical skills very quickly.

So, a colleague and I tried to come up with a small test for our new administrator and ended up with a scenario in a virtualized Windows/Debian environment. We provided a W2K8 domain controller and two Windows 7 clients, of which one had direct network access to the DC and the other one was in another virtual network. The Debian server was in the same network as the DC but had the wrong IP configuration. In this environment the candidate had to work through a bunch of tasks right at the keyboard/screen so we could watch if and how he managed the tasks, whether he used keyboard shortcuts or the online help, knew the needed tools (e.g. ping, nslookup), etc. By doing so, we were able to objectively rate the contestants’ results opposed to each other and quickly found our new colleague :-)

Here are some of the tasks the candidates needed to perform:

  • connect to the DC via RDP
  • add some OUs, users and groups to the Active Directory
  • configure the ACLs of a network share
  • assign a network share to a user as a network drive
  • add a machine to the domain
  • find network configuration errors and reconfigure the machine
  • add a new harddisk to the DC (in VMWare and in Windows)
  • add and configure a GPO
  • configure a user to use a roaming profile
  • configure and activate a NIC under Debian
  • mount a network share
  • share a directory with samba
  • find common mistakes in a given Word document (e.g. manual page numbers and table of contents)

The fastest contestant took the test in about an hour without any bigger problem. The slowest contestant didn’t even know how to connect to the DC. As with developers, it all comes down to the tiny problems…