Thursday, January 15, 2015

Oracle XE license issue reprised!

Since Oracle XE (Oracle Database Express Edition) was initially released in January 2006 I believed there was no usage restriction whatsoever with regards to the type of application you could build with Oracle XE and especially in combination with Oracle Application Express (Oracle APEX). 
The "free to develop, deploy and distribute image" of Oracle XE washed away from my brain when I saw this OTN forum thread 
https://forums.oracle.com/forums/thread.jspa?messageID=1454706&#1454706
raised a concern over certain usages such as building a hosted applications to store customers data is not covered under Oracle XE license, which really made me think about the usage of Oracle XE.
is Oracle XE really free for any usage?
Here's what I found out from Oracle XE Licensing information & few other blogs 
(http://docs.oracle.com/database/121/DBLIC/editions.htm#BABHHHJE) sound's like its a real open source database, with no usage restrictions. 


A big thanks to DietmarAust, who got an official confirmation from Oracle on Oracle XE license. you can browse through at http://daust.blogspot.no/2012/08/clarification-on-oracle-xe-licensing.html


In addition to this you would still have to comply to all other elements of the license agreement:http://www.oracle.com/technetwork/licenses/database-11g-express-license-459621.html , 
i.e. you have to comply to the export restriction, your end customers would have to agree to the XE license agreement and so forth. 

Friday, January 9, 2015

Not able to open microsoft office files using OpenOffice 4.1.1

Issue: Not able to open microsoft office files using OpenOffice 4.1.1

Tit - bits: No need of any extensions/plug-ins to open .doc, .docx, .xls, .xlsx, .ppt, .pptx files in OpenOffice. It does require a JRE 6 32-bit version installed in system and the same should be configured in Open Office  Tools -> Options -> Java

Cause:

1. JRE environment is not set in OpenOffice 4.1.1
2. No compatible JRE environment in system.

Resolution:

1. JRE environment is not set in OpenOffice 4.1.1

Open OpenOffice 4.1.1

Goto Tools -> options -> Java

and try to select the available JRE.

2. Check any JRE environments (JRE6 or less     and 32-bit) available in system
using the following command:
C:\> where -R c:\ rt.jar
shows the JRE file location in your system. note down the path.

C:\Java -d32

This command searches for any 32-bit jre in the system, if available, it loads it. Otherwise, throws an error as shown below:

for more information on Finding JRE in your system, go to the link: http://rantsnraves4oss.blogspot.com/2014/11/root-folder-for-jre.html


Source Code for open source software components - Oracle

The source code for open source software components such as Oracle Linux and Oracle VM products from the following link:

https://oss.oracle.com/sources/

Oracle also provides source code for many of its in-house products (firmware components) such as jdeveloper, Endeca server, Business Process Management (BPM) etc... as licensed under the applicable open source licenses.

The following is the link to source code of firmware components covered under open source licenses:  http://www.oracle.com/technetwork/opensource/index.html

Friday, January 2, 2015

Top 5 security stories 2014

2014 can be long remembered for epic hacks, major security vulnerabilities.
Thought we had seen all after the SSL vulnerability pierced the heart of internet and raised serious concerns on encryptions, but there are more attacks kept coming such as devastating attack on SONY, heartbleed, Shell Shock which shook the unix scripting world.


The following are the top 5 security stories of 2014:

1. Go(ing) to fail bug:
Apple fixed a bug in the implementation of iOS 7.0.6
It seems Apple programmers forgot to add validation steps :-D
An excerpt from Apple support portal on go to fail bug
For more information go to: http://support.apple.com/en-us/HT202934

Lesson to learned: Silly mistakes like these often puts big companies at risk.

2. Sony: insider track attack.
We do fret about digital security and often forgets physical security, it is this mistake by Sony made the whole business world rethink about their security policies in and around office premises.

Lesson to learned: secured office premises are equally important as digital security



3. Heartbleed:

security loop hole in encryptions used to avert data risks.
What an irony!

Lesson to learned:  testing is very very important




4. Shell shock:

shocking security loop hole in Bash scripting shell.  :-O
Well! its great shock to me as a linux enthusiast. We all taken unix/linux for granted when it comes to security.

Lesson to learned: Loop holes could be there in any program be it a unix/linux operable script/shell


5. Poodle: also known as SSL 3.0 Vulnerability and Information Disclosure Vulnerability

Though poodle is not too major compared to Heartbleed or Shellshock, but left the Oracle cloud users in a dilemma that whether our data is already leaked or is it still secure. Even Technology giant like Oracle uses the 3rd party software code as is, without proper testing.

Lesson to learned:  know your code, minimize the no of issues by testing the products integrated with 3rd party programs such as SSL 3.0 etc..