Oracle Weblogic 12c: Installation

After writing some things about the Oracle Fusion Middleware 12c Release and its documentation, here the screenshots from the installation. You have to start with this command:
schroff@hades:$ ./oepe-indigo-installer-
Extracting 0%....................................................................................................100%

Here i chose custom:

Running on nearly the current java version (recommended version fom www.java.com: version 6 update 30)

And ready for startup:


Oracle Fusion Middleware 12c Release 1: Documentation

Oracle has released its Weblogic Server 12c. Their press release says:
Oracle WebLogic Server 12c is now certified for the full Java EE 6 platform specification
Oracle WebLogic Server developers can now leverage Java Platform
Standard Edition (Java SE) 7 features to create cleaner, more
maintainable code.
Improved integration between Oracle WebLogic Server and Oracle Real Application Clusters (RAC)
The documentation can be found here: http://docs.oracle.com/cd/E24329_01/index.htm

The screenshot only shows the "Get Started" section. Other sections are:
  • system administration
  • programming
  • security
  • webservices
  • weblogic tuxedo connector
  • references
  • additional resources
Very interesting ist the licensing information ;-) :
WebLogic Server 12c is the first Fusion Middleware 12c product release. For licensing information for WebLogic Server please refer to Oracle Fusion Middleware Licensing Information, 11g Release 1 (11.1.1) documentation
The list of the supported standards is very helpful as well: http://docs.oracle.com/cd/E24329_01/web.1211/e24494/toc.htm#BGGBIJBI



Oracle released Solaris 11 11/11. The documentation says:
Oracle Solaris is the #1 enterprise operating system providing industry leading availability,
security and performance on both SPARC and x86 systems.

Ok.. it is the only os, which runs only on SPARC and x86 systems. Just kidding ;-). Here the key features listed in the official documentation:
• Automated Installer
• Image Packaging System
• Oracle Solaris Zones
• ZFS File System
• Simplified Administration
• Designed-in Virtualization
• Scalable Data Management
• Advanced Protection
Here my favourites:
I/O Enhancements to netcat
netcat, a popular utility used for network observation and debugging, has been enhanced to include a number of command line options that allow administrators to configure a number of previously hard coded values related to I/O and integration with zones, along with a number
of usability additions to improve familiarity with netcat on other operating systems.

Default Shell
bash(1) is now the default shell for new users added to the system using useradd(1M) command line utility if another alternative shell is not provided, and the default shell for new installations. ksh93(1) is used as the default system shell.

Resetting System Configuration
A new utility, sysconfig(1M), for unconfiguring and reconfiguring an existing Oracle Solaris 11 system has been added to replace the legacy sys-unconfig and sysidtool utilities. This tool can be used within the global zone and non-global zones to configure a set of pre-defined groupings such as system identity, network, users, naming services and location/time zones. The tool can be run interactively, using the System Configuration Interactive Tool, or in a hands-off manner using a system configuration profile.

Changing MAC Address with dladm(1M)
Support for changing the MAC address has been added to dladm(1M). Unlike changing the MAC address using ifconfig(1M), this is a persistent change across reboots, and changes the primary MAC address used by all current and future MAC clients of the underlying data
If you want to find your own favourites, just read http://www.oracle.com/technetwork/server-storage/solaris11/documentation/solaris11-whatsnew-201111-392603.pdf...


Openafs: Version 1.7.1 Client for Windows

In september 2011 openafs.org released a new windows version (1.7.1). In this version the following features were changed:
  • OpenAFS is a native Microsoft Windows file system.
  • Significantly faster than the OpenAFS 1.6 release (up to 800MB/second
    read throughput from Solid State Disk backed cache)
  • Does not require the installation of the Microsoft Windows Loopback
  • Provides support for kernel enforced Process and Thread Authentication
  • New Explorer Shell integration including AFS specific property sheets
  • Immediate access to \\AFS namespace after
    system resume
  • AFS Mount Points and Symlinks are File System Reparse Points
These features simplify the usage of AFS! First you do not have to fear windows updates, because of weird changes in some samba routines. Second: AFS really works after standby/suspend to disk. Even working in networks with no access does not require a restart of your afs client...
If you are still working on pre 1.7 releases: UPGRADE!!!
But do not forget to install MIT Kerberos for Windows. This is for 1.7 recommended...


Review at amazon: Oracle 11g R1/R2 Real Application Clusters Essentials

Last week i read Oracle 11g R1/R2 Real Application Clusters Essentials.

Ok, the cover is really cool (does anybody know, if this is a real city?), but the content (500 pages) is missing any coolness. Only three of the twelve chapters do contain informations, you cannot easily google...
The description shows the problem:
Basic understanding of Oracle DBA is required. No experience of Oracle RAC is required.
Is it really possible to describe Oracle RAC within 500 pages for Newbies? All essentials? Perhaps RAC is so easy, that after introducing HA, RAC architecture and installation (100 pages) the rest is enough.
If you are interested, take a look at my review at amazon.de (like all my reviews: written in german ;-).


Firefox: Java plugin for Firefox does not work...

Do you have a problem with getting the java plugin running on your linux?
First a site, which checks, if your plugins are installed and up to date:
You should get something like:

But how to add java into this list?
There are many tutorials out there:
  • link jdk1.6.0_23/jre/plugin/i386/ns7/libjavaplugin_oji.so
  • or copy some other libs...
But this will only result in no plugin or a crashing firefox, when you visit a website, which starts this plugin.
The only way to get the plugin running is:
  1. delete all java-lib/plugins in .mozilla/plugins
  2. create a link to YOUR-JRE/lib/i386/libnpjp2.so
    (do not copy!!!!)
Thats all...
Just check via https://www.mozilla.org/en-US/plugincheck/ again:


Oracle 11g Database Express Edition released

After the beta phase Oracle Database Express Edition 11g Release 2 was released:

Free to develop, deploy, and distribute

Oracle Database Express Edition 11g Release 2 (Oracle Database XE) is an entry-level, small-footprint database based on the Oracle Database 11g Release 2 code base.  It's free to develop, deploy, and distribute; fast to download; and simple to administer.
The installation is only for the following operating systems supported:
  • Oracle Enterprise Linux 4 Update 7
  • Oracle Enterprise Linux 5 Update 2
  • Red Hat Enterprise Linux 4 Update 7
  • Red Hat Enterprise Linux 5 Update 2
  • SUSE Linux Enterprise Server 10 SP2
  • SUSE Linux Enterprise Server 11
(only RPM-based 64 bit distributions).

Here some important license statements:
  • If Oracle Database XE is installed on a computer with more than one CPU
    (including dual-core CPUs), then it will consume, at most, processing
    resources equivalent to one CPU.
  • Only one installation of Oracle Database XE can be performed on a single computer.
  • The maximum amount of user data in an Oracle Database XE database cannot exceed 11 gigabytes.
  • The maximum amount of RAM that an Oracle Database XE database uses cannot exceed 1 gigabyte, even if more is available.
If you are interested in features which are not included with Oracle Database XE take a look here:
  • ...
  • Flashback Database
  • ...
  • Oracle Active Data Guard
  • Oracle Total Recall
  • ...
  • Oracle Real Application Clusters
  • In-Memory Database Cache
  • Oracle Diagnostic Pack
  • Oracle Partitioning
  • ...
  • Advanced Replication
  • ...


Google+ games: privacy and sharing information about played games

I read about Google+ games and i knew:
Today we’re starting to gradually roll out games in Google+. We look
forward to making them fully available to everyone in Google+ soon.
and this evening there is a new icon:

and clicking on this four connected points showed the following:

Ok. Let's go: I clicked the blue "play" button and got:

I followed the "Learn more" link:

Who can see that you're playing games

Games on Google+ are social. Information such as the games you play
and your accomplishments within the game (such as high scores and
levels) may be visible to other Google+ users.

Google+ won’t publish your gameplay information to the stream without
your consent. You get to choose when to share updates from games (and
the people you share with). So how do people see that you've played a
particular game?

In “Featured Games”

If you’re looking at the "Featured games" area, you might see the number
of people in your circles who have recently played a game, along with a
photo of a recent player. Click on played recently to bring up a box that shows who those people are.

Within Games

When you play a game, you’re consenting to share information such as
your name and profile picture with the game developer. This lets
developers design better social games.

Additionally, a game may involve multiple players in a single match
(such as a poker table). In these situations, the other players in the
room can see and interact with each other during gameplay.

Some games allow you to partner up with (or work against) another
player, such as a neighbor, ally, or an enemy/rival. These games use
your circles to suggest people to interact with. You could show up as a
suggestion to another player to become an ally or to challenge.

This sounds fair, so let's start playing one:

And then just play...


Linux VPN Client: disconnect every 600s (10min)

You are trying to connect to a Cisco Pix or Cisco ASA with a Linux PC and the connection disconnects after 10 minutes?
You tried
You found after googling around the following hints:
  • rekeying problem (not implemented for Linux)
  • missing open ports in your firewall (500 UDP, 4500 UDP, 10000 UDP)
  • write a automatic restart script
  • set MTU size on tun0 below 1300
  • disable dead pear detection (--dpd-idle 0)
    this is done via port 500
  • ...
None of this tips worked. And now?
Let's take a look at the debug messages from vpnc:
vpnc -no-detach --debug 2 profile0
after 10 minutes:
S7.2 QM_packet2 send_receive
S7.3 QM_packet2 validate type
vpnc: no response from target
Anything learned? The connection is dead again with no response from target...
Where are this response packets? Let's take a look at wireshark:

Dst Port 500...
Let's try the following:
vpnc --no-detach --debug 2 --dh dh5 gip2
and voila: no disconnects anymore...

Read this link:
The Diffie-Hellman Group 5 feature enables group 5
on all platforms that support crypto images. Group 5 specifies the
1536-bit Diffie-Hellman group, which is a method of establishing a
shared key over an insecure medium.

So my advise:
If your VPN disconnects after some minutes, try some of the cli-options of vpnc. Or ask your administrator, which Diffie-Hellman group is configured...

Here the cli-option (via vpnc --long-help)
Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files]

--gateway <ip/hostname>
IP/name of your IPSec gateway
conf-variable: IPSec gateway <ip/hostname>

--id <ASCII string>
your group name
conf-variable: IPSec ID <ASCII string>

(configfile only option)
your group password (cleartext)
conf-variable: IPSec secret <ASCII string>

(configfile only option)
your group password (obfuscated)
conf-variable: IPSec obfuscated secret <hex string>

--username <ASCII string>
your username
conf-variable: Xauth username <ASCII string>

(configfile only option)
your password (cleartext)
conf-variable: Xauth password <ASCII string>

(configfile only option)
your password (obfuscated)
conf-variable: Xauth obfuscated password <hex string>

--domain <ASCII string>
(NT-) Domain name for authentication
conf-variable: Domain <ASCII string>

enable interactive extended authentication (for challenge response auth)

conf-variable: Xauth interactive

--vendor <cisco/netscreen>
vendor of your IPSec gateway
Default: cisco
conf-variable: Vendor <cisco/netscreen>

--natt-mode <natt/none/force-natt/cisco-udp>
Which NAT-Traversal Method to use:
* natt -- NAT-T as defined in RFC3947
* none -- disable use of any NAT-T method
* force-natt -- always use NAT-T encapsulation even
without presence of a NAT device
(useful if the OS captures all ESP traffic)
* cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000
Note: cisco-tcp encapsulation is not yet supported
Default: natt
conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp>

--script <command>
command is executed using system() to configure the interface,
routing and so on. Device name, IP, etc. are passed using enviroment
variables, see README. This script is executed right after ISAKMP is
done, but before tunneling is enabled. It is called when vpnc
terminates, too
Default: /etc/vpnc/vpnc-script
conf-variable: Script <command>

--dh <dh1/dh2/dh5>
name of the IKE DH Group
Default: dh2
conf-variable: IKE DH Group <dh1/dh2/dh5>

--pfs <nopfs/dh1/dh2/dh5/server>
Diffie-Hellman group to use for PFS
Default: server
conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server>

enables weak single DES encryption
conf-variable: Enable Single DES

enables using no encryption for data traffic (key exchanged must be encrypted)
conf-variable: Enable no encryption

--application-version <ASCII string>
Application Version to report. Note: Default string is generated at runtime.
Default: Cisco Systems VPN Client 0.5.3:Linux
conf-variable: Application version <ASCII string>

--ifname <ASCII string>
visible name of the TUN/TAP interface
conf-variable: Interface name <ASCII string>

--ifmode <tun/tap>
mode of TUN/TAP interface:
* tun: virtual point to point interface (default)
* tap: virtual ethernet interface
Default: tun
conf-variable: Interface mode <tun/tap>

--debug <0/1/2/3/99>
Show verbose debug messages
* 0: Do not print debug information.
* 1: Print minimal debug information.
* 2: Show statemachine and packet/payload type information.
* 3: Dump everything exluding authentication data.
* 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS).
conf-variable: Debug <0/1/2/3/99>

Don't detach from the console after login
conf-variable: No Detach

Report bugs to vpnc@unix-ag.uni-kl.de


Google+: Huddle with your Browser - does not work...

After submitting some posts, let's take a look at other features:
If you read http://www.google.com/intl/en/+/learnmore/, you can find the following:

This sound nice, so let's try it.
But where is this icon:

Google's demo video shows huddle only on a smart phone. Does this only work with an app?
I was invited to a huddle:

If i click the > and then "join the conversation" i am directed to this page:

So i conclude: There is no huddle for webbrowsers...


Google+: How to submit posts

After completing the registration process you have to add people to your circles. This can be done via drag and drop:

This is straigth forward. But how to write postings and submit them?
Google calls this "stream". You have to go back to your home:

Now add some text on the dialog in the middle:

and configure the circles to which this posting should be submitted. The four icons on the left are for adding a photo, video, link or your location. It is really nice, that you can configure, which circles get the postings.


Joining Google+: the registration process

Here a short report about the new social network google+. Today i got a inviation and here the first steps into the circles...

First you have to do the registration:

Then google fills the first name and lastname from your google account and the foto, too:

The Privacy Policy can be found via this link. Here some important facts:
People in your circles (but not the name of the circle) will appear to others on your Google Profile, unless you choose not to display that information.

If you do not want us to store metadata (such as photo details) associated with your photos and videos, please remove that data before uploading the content.

We may display posts to which you’ve attached your location to users who seek to view Google+ posts "nearby" the location where you created your post. Those posts will be viewable only by those with whom the content has been shared.

Then one thing about your picasa albums:

This sounds ok, if your fotos are for everyone...

After that you can start with google+


Firefox 5.0 ready for download...

Just to clarify: It is ready for download but Mozilla has not released 5.0 yet.
But you can get it here (Win, linux, mac).
After startup you get the following page:

But if you query the version via Help-> About Firefox, you will get:

And the good news, most of the plugins work (for me at least ;-)


Review at amazon: IPv6 Security

World IPv6 day is now one week ago and still many participants announce their websites with AAAA records.
But what does this mean? -> IPv6 is already around us - and it is time (ok, it is a little bit late, but hopefully not too late ;-) to dive deep...

One book which you dive through is:

Here some phrases of the summary:
IPv6 Security Protection measures for the next Internet Protocol As the
world's networks migrate to the IPv6 protocol, networking professionals
need a clearer understanding of the security risks, threats, and
challenges this transition presents.

In IPv6 Security, two of the
world's leading Internet security practitioners review each potential
security issue introduced by IPv6 networking and present today's best

IPv6 Security offers guidance for avoiding security problems
prior to widespread IPv6 deployment.

The book covers every component of
today's networks, identifying specific security deficiencies that occur
within IPv6 environments and demonstrating how to combat them.

authors describe best practices for identifying and resolving weaknesses
as you maintain a dual stack network.

Then they describe the security
mechanisms you need to implement as you migrate to an IPv6-only network.
This book is one of the best IPv6 books on the market. In contrast to IPv6 for Enterprise Networks every topic is well introduced and then explained with really good figures and commented configurations. Even if you are just looking for the commands on different operating systems: chapter 7 is your candidate - Windows, Linux, BSD, Solaris... If you want to build a firewall: chapter 5 contains a list of subnets you should block and what else is important for ipv6 firewalls...
You are interested in transition mechanisms? Read chapter 10 (for the next years this will be an important chapter...)

If you are interested, take a look at my review at amazon.de (like all my reviews: written in german ;-).


World IPv6 Day: The Future is forever!

The Internet Society has announced the world IPv6 day:

On 8 June, 2011, Google, Facebook, Yahoo!, Akamai and Limelight Networks will be amongst some of the major organisations
that will offer their content over IPv6 for a 24-hour “test flight”.
The goal of the Test Flight Day is to motivate organizations across the
industry – Internet service providers, hardware makers, operating system
vendors and web companies – to prepare their services for IPv6 to
ensure a successful transition as IPv4 addresses run out.
My company has decided to take part in this initiative. The AAAA record is announced, so www.gip.com is translated into 2002:d58b:8be3:2000::2
$ dig www.gip.com AAAA +short
If you have native ipv6 connectivity or if you are using 6to4 or other transition mechanism:
You can get our website via

If you are using IPv4 only, than you should expirience nothing...
There a many other companies, which will anounce their domain with AAAA-records tomorrow. Up to now 65% of the participating companies are already reachable via IPv6 (for online chart click the image).

Google publishes a nice statistic, which shows the IPv6 traffic to their site:

Tomorrow this graph should reach 1%? 10%? 50%? Let's wait for the results....


StatCounter with new web interface

StatCounter started be testing their new site. Here just two screenshots to show you the difference:



For more details just read the official StatCounter Blog.


NXClient: using only one screen on a dual-screen system

If you want to use Linux applications remote on a windows box, have a lot of options. But if you have only limited bandwidth, your should use NX from nomachine:

Thanks to its outstanding compression, session resilience and resource management
and its integration
with the powerful audio, printing and resource sharing capabilities of the Unix world, NX makes it possible
to run any graphical application on any operating system across any network connection.
NX accessing remote desktops, servers and applications, whatever
their location, is just as fast, easy and secure as if you were sitting
in front of them.
But if you use a dual-screen system and want to get the remote desktop using both screen, this did not work in the past. But upgrading the client to a version > will do the job. You only have to check "spread over multiple screens" and connect...


Openafs: disconnected network drive?!

You are using the Andrew File System?
You like local caching of files and using YOUR filesystem everywhere you go?
On Linux/Unix everything is quite ok?
But on Windows there are many users complaining about the label "disconnected network drive" for every AFS network drive although the drive is connected and working well?

But there are some solutions to get rid of this label:
  1. Read the mail at openafs-info:
    But this does not work on every windows machine. One thing you should take care of is:
    However, if 
    you are using global drives, the explorer shell will not ever remove those
    newly created GUIDs and it will begin to fill up over time with registry
    entries. This is BAD.
  2. Do not use global drives, if possible.
    But how to get your drives mounted? With openafs clients > 1.5.6 you can not manage local drives within the openafs control panel....
    This is not a problem: Just add a network drive and type "\\afs\yourcell\..." and this will be mounted without this ugly "disconnected network drive"-label....
By the way: Openafs plans to add IPv6 support...


Review at amazon: IPv6 for Enterprise Networks

I was looking for books talking about IPv6. One book i found was:

The summary sounds quite good:
Four leading Cisco IPv6 experts present a practical approach to organizing and executing your large-scale IPv6 implementation. They show how IPv6 affects existing network designs, describe common IPv4/IPv6 coexistence mechanisms, guide you in planning, and present validated configuration examples for building labs, pilots, and production networks.
Finally, they translate IPv6 concepts into usable configurations. Up-to-date and practical, IPv6 for Enterprise Networks is an indispensable resource for every network engineer, architect, manager, and consultant who must evaluate, plan, migrate to, or manage IPv6 networks.
Some chapters are really informative and cover some really nice aspects. But the main chapter (chapter 6) is unclear and confusing:
  • Many Cisco configurations without explanations
  • Many Topics without any grouping and structure
If you have the time to implement the configurations in your lab, then this book might be helpful. But if you only want to read, you should look for an alternative.
If you are interested, take a look at my review at amazon.de (like all my reviews: written in german ;-).


Oracle Database XE 11g beta

Last week Oracle announced database XE 11g beta:

The beta edition supports only two operating systems:

So what about using the Linux x64 edition?
But first: You should consider the following licensing restrictions (see here):
  • Only one CPU will be used.
  • Only one installation on a single computer allowed.
  • The maximum amount of user data in an Oracle Database XE database cannot exceed 11 gigabytes.
  • The maximum amount of RAM that an Oracle Database XE database uses cannot exceed 1 gigabyte
  • HTTPS is not supported natively.
The installation itself is straight forward:
  1. Log on to your computer with root permissions.
  2. Go to the following Web site:


  3. Click Free Download and follow the instructions to select and download the Linux version of Oracle Database XE.
  4. Run the Oracle Database XE executable oracle-xe-11.2.0-0.4.x86_64.rpm to install Oracle Database XE.
    $ rpm -ivh downloads/oracle-xe-11.2.0-0.4.x86_64.rpm

    The installation displays a status of its progress.

  5. When prompted, run the following command:
    $ /etc/init.d/oracle-xe configure
  6. Enter the following configuration information:
    • A valid HTTP port for the Oracle APEX (the default is 8080)
    • A valid port for the Oracle database listener (the default is 1521)
    • A password for the SYS and SYSTEM administrative user accounts
    • Whether you want the database to start automatically when the computer starts
      If you enter Yes, then the database starts immediately

That's it.