Favicons

Many years ago, I posted pictures of our bulldog Petunia and her daughter Cactus on the web. I hosted the site on my Linux PC running Apache, PHP, and MySQL. One of the things I did for this site was create a favicon using a head shot of Petunia. It was pretty cute.

Fast-forward ten years, and it's time to create a favicon again. In the meantime, I've forgotten where to put the favicon in the HTML code; in fact, I've forgotten what it is called. A quick search on the Wayback Machine wasn't much help; the venerable internet archive didn't capture a lot of the database-generated content of my old website.

After a bit googling and poking through code on other people's web pages,  I'm back in business. So, to start: it's called a favicon, short for "favorite icon". It's the little image file that appears to the left of the page's title in a browser tab, or to left of the page's title in the browser's bookmarks.  Look for the "LL" to the left "Lost Learnings" in the title to see this blog's favicon.

Next, where do we put it? The html header has the favicon location. The image should be called favicon.ico, and depending where your images are located, the code will look something like this, assuming our images are loading in the the images directory:

<head>
  <!-- Other head tags -->
  <link href="images/favicon.ico" type="image/ico" rel="shortcut icon"  />
</head>

Where do we get a favicon? If we're working on a corporate website, there's usually a corporate favicon that we use. Browsing the HTML header of our corporate pages with Firebug or  Chrome's developer tools will quickly reveal the location of the corporate favicon.

If we're working on our personal website, then we can use an image editing program like GIMP to create a favicon. GIMP is a very powerful image editor with lots of features. If you use GIMP to create a favicon, there are a couple of things to keep in mind. First, the favicon.ico file should be small and square. I have found that 32x32 pixels works well; it's small, but has enough detail to avoid ragged edges. Second, before we save our image, we need to flatten it so that the image does not have multiple layers. Finally, export the file as favicon.ico. This is the required name, and GIMP will convert the file during the export process.

I would like to add a favicon to my pages on Oracle's APEX demo site, so let's see how we would do this in APEX. First, we need to upload the favicon.ico image file:

• From Shared Components, click on Images link under Files
• Next, click on the Create button
• Select No Application Associated to make the image available to all applications within the workspace, or select a specific application ID.
• Use the Browse button to find the favicon.ico on your computer
• Click the Upload button

Now that the favicon is loaded into the Apex Shared Components, we're ready to use it:  Navigate to Edit Page, and click the Edit icon in the Page region of Page Rendering. In the HTML Header section, add the first line if you associated the favicon with an application id in the upload step. Add the second line if you did not associate the favicon with an application:

<link href="#APP_IMAGES#favicon.ico" rel="shortcut icon" type="image/ico" /> 

<link href="#WORKSPACE_IMAGES#favicon.ico" rel="shortcut icon" type="image/ico" /> 

Finally, let's add the favicon to our blog on blogspot.com. From the blog's main page, click on the Layout link. In the upper left corner of the layout, find the region labeled Favicon. Click the Edit link, upload the favicon.ico file using the Browse button, then click the Save button.

Now we're ready to view our pages with their favicons. If the favicon does not appear, clear the browser's cache or use shift-refresh to see the favicon.

Commitment: Commits in APEX

Commitment is such a loaded word these days. Maybe we humans can't quite get it right, but certainly we can count on our computers to get it right. After all, they're binary machines, 0 or 1, false or true: absolute logic. Or can we?

While debugging a PL/SQL block in APEX, I noticed that the code was marking the input data as processed, even if the procedure terminated with a raise_application_error.  I was focused on debugging the error causing the raise_application_error, so I didn't care that the input was marked as processed.  After fixing the problem, then it occurred to me -- wait, a minute -- why was the input marked as processed when the transaction terminated in error?

When we do transaction processing, we expect the transaction to be atomic.  Either all parts of the transaction goes in, or none of the transaction goes in.  Imagine going to the ATM machine, moving $50 from savings to checking, and the move fails in the middle of the financial transaction.   That would leave the savings debited $50, nothing credited to checking, and $50 floating in the bit-ether.  If we do transaction processing correctly, then either the money is successfully moved, or the money is left in savings.Nothing is left half-done.

Back to Apex.  I clearly did not have a correctly-working transaction.    There was nothing in my procedure that would do a commit.  But, somewhere, somehow, something was committing the database changes, even though I didn't expect it to.

There's a lot going on here.  Partly it's semantics and syntax.  My APEX code was not doing anything I hadn't done in COBOL/DB2 with host variables, and the COBOL/DB2 transactions always worked correctly.  Partly, it's an understanding, or misunderstanding of what's happening in Apex.   Let's start with syntax and semantics first.

Imagine we have COBOL/DB2 program and some PL/SQL in an Apex block. Both code snippets will do the same thing. Here's the COBOL:

   EXEC SQL
      INSERT INTO MYTABLE(MY_COLUMN) VALUES(1)
   END-EXEC.

   EXEC SQL
      SELECT DUMMY
      INTO :WS-DUMMY
      FROM SYSIBM.DUMMY1
   END-EXEC;

   EXEC SQL
      ROLLBACK
   END-EXEC.

Now lets look at the PL/SQL code in APEX. Each of these anonymous blocks runs in its own APEX process in the same page after the page is submitted.

begin

   insert into mytable (my_column) values(1);

end;

begin 

   select dummy
   into :p1_dummy
   from dual;

end;

begin

   rollback;

end;

Well, that's pretty simple. Except for wrapping the PL/SQL inside an anonymous block and wrapping the COBOL up for the DB2 pre-processor, these code snippets should do the same thing. But they don't. Run each piece of code several times. The COBOL example will never add a row to MYTABLE, while the ORACLE APEX page adds a row to MYTABLE. Notice I said "adds a row", but more on that later.

This isn't an Oracle/DB2 issue.  Login to an Oracle SQLPLUS session, and try the PL/SQL code snippets in SQLPLUS.  The SQLPLUS session yields the same results as the COBOL test.

Syntax and semantics:  in an ideal world, there's a tight correlation between syntax and semantics.  We would like things that look the same to behave the same. Our variables, :WS-DUMMY and :p1_dummy, look like two ordinary "host variables". An astute reader of Apex documentation will call :p1_dummy a "session variable", and that's our first clue. Session variables may look like host variables (syntax is the same), but session variables do not behave like host variables (semantics differ). Mostly they do behave the same, with an important exception: changing a session variable causes APEX to take a commit. 

 Back to "adds a row":  only one row is added.  If we run our code snippet in Apex a few times, and examine the table, we find there is one row.  Why aren't there a few rows?  After all, didn't we select data into :p1_dummy each time?  That's the second point:  changing a session variable causes APEX to take a commit. If we move the same value into a session variable, if the value does not change, then APEX does not take a commit.   This means that our code will behave differently depending on the data!

For gremlins, this is a good thing.  For developers, this is not so good.  Here are a few tips to avoiding obscure errors caused by buggy transaction processing:

1. During development, turn on DEBUG.  Examine the debug logs, looking for text like Session State: Saved Item "P1_DUMMY" New Value="".  Anytime we see this, APEX has taken a commit.
2. Use local variables declared in the anonymous block rather than session variables. Use session variables to store values that will be displayed on the web page, or to save values that you need between page submits. Otherwise, use local variables.
3. If you pass session variables as IN OUT arguments to an external procedure, changing the parameter values in the procedure is the same as changing the session variables.
4. APEX only performs commits after a process is run. If you find an error, rollback the transaction and set an error before your process exits.  This is true for both anonymous blocks in APEX and external procedures called by APEX.
5. If you need a commit, explicitly code the commit. Do not assume that APEX will take a commit just because the procedure set a session variable.  If the value of the session variable didn't change, APEX won't take a commit.
6. Be aware of how APEX processes tabular forms (more on that below).

Searching the APEX document is rather discouraging. Searching for keywords like COMMIT and TRANSACTION do not turn up any applicable information. Searching the Internet was more fruitful.  Daniel McGhan blogged this topic in August, 2012, and he notes seven situations where APEX takes a commit.

1. On load, after a page finishes rendering 
2. On submit, before branching to another page
3. On submit, if one or more validations fail, before re-rendering the page
4. After a PL/SQL process that contains one or more bind variables has completed
5. After a computation
6. When APEX_UTIL.SET_SESSION_STATE is called
7. When APEX_MAIL.PUSH_QUEUE is called

The Oracle forums are another good source of information.  According to an Oracle employee responding to a question in the Oracle forums:

Commits are issued when your code does so explicitly, when a page show or accept request reaches the end, or when anything within your code causes session state to be saved. Session state -altering actions include PL/SQL assignments to (or "select into") bind variables which are page- or application-item references, calls to session-state updating APIs, and page or application computations.

Our pages often include some simple items(text boxes, select lists, date pickers, etc.) plus a tabular form for repeating elements.  If we're going to process the page as one transaction properly, we need to know if there are any implicit commits in the APEX Page Processing post-submit processes.   If we create a tabular region, we find that Apex adds two post-submit processes:   ApplyMRU and ApplyMRD. 
Ideally, we should be able add our post-submit process and have all of the post-submit process run as one transaction. Either everything is committed, or none of it committed. We do not want half a transaction.

In the absence of good documentation to guide us, let's do some testing. We'll test in APEX 4.2, the results may differ in other versions. We can test for implicit commits by building a one-page applicaton with a tabular region on the DEMO_CUSTOMER table. For our first test, let's try some inserts and updates. Our three post-submit processes will be:

10. ApplyMRU
15. Rollback
20. ApplyMRD

Click the Submit button, wait for the page to redisplay, and the envelope, please:  Any updates or added rows are committed.  The rollback has no effect; any updates or added rows are committed. This is not the behavior we expect. We expect a rollback to undo any inserts or updates from ApplyMRU.

For our second test, let's try some deletes. We'll move our rollback step after the ApplyMRD. Our three post-submit processes will look like this:

10. ApplyMRU
20. ApplyMRD
25. Rollback

Check a few delete boxes, click the Delete button, confirm that we want to delete the rows, wait for the page to refresh, and the envelope, please:  APEX displays a message saying the rows are deleted, but in fact, the deleted rows are still in the table. The rollback worked as we expected.

There are two important points: First, ApplyMRU takes an implicit commit. Second, ApplyMRU and ApplyMRD do not behave the same way! ApplyMRU and ApplyMRD are not executed at the same time, their process is driven by either the Submit button or Delete button, so we don't need to worry about running them together if the tabular form is the only updatable elements on the page.

But we do need to be careful if we run other processes after the submit button is clicked. If ApplyMRU runs first and commits changes, and if a second process runs and fails, then we have an half-completed transaction. Clearly, that's a bad thing. So, to the list of suggestions above, let's add two more:

7. Order post-submit process so that ApplyMRU and ApplyMRD run after any other process. If the early processes raise an error, the ApplyMRU and ApplyMRD will not run, and there will not be a half-completed transaction.
8. In some cases, it will make more sense to split a page into two (or more pages), and save all the database processing until the last page. APEX can save session variables on the first pages, and the session variables are available on the last page when all the database updates occur.

APEX is powerful development environment. However, if we want our transactions to process properly, if we don't want to spend time tracking down obscure bugs, then we need to be aware of when APEX takes implicit commits.

Quirks Mode

"The good thing about standards is that there are so many to choose from."  I had a good laugh when I read that years ago. Andrew Tanenbaum, in his book Computer Networks, is quite correct.  It was true of computer networks twenty years ago (remember SNA, DECNet, Arpanet, and BITNET, just to name a few), and it's true of web standards and web browsers today.

After laying out a page with <div> tags and testing the page with Internet Explorer, Chrome, Safari, and Firefox, one tester reported the page was not displaying properly.  A bit of investigation revealed that the tester was using Internet Explorer 9.  As of this writing, IE9 is only one release behind the current IE10, so we were puzzled why  IE9 did not render the page as expected.   Further investigation revealed that IE9 behaves differently when viewing intra-net pages and inter-net pages.  For pages served within our corporate firewall, IE 9 runs in "quirks mode", and behaves like IE 5!  "The good thing about standards..."  For pages served from the external network, IE9 behaves like a modern browser.  Google "IE quirks mode", and you will find lots of discussion regarding IE in quirks mode and standards mode. 

We are using APEX to deliver the problem page, so we'll examine one solution to handling this problem in APEX.  Our page just displays information with some links,  and we are not collecting any information nor interacting with the end-user.  This makes things much simpler. Our solution will consist of three parts:

• we will detect the browser and save the browser in an Apex item
• we will use two APEX regions, one for newer browsers and a second for older browsers
• Each region will have a Condition, and we will display the region (or not) depending on the browser

 I discussed browser detection in an earlier post, so I grabbed some code from the demo page. After adding a hidden item in the first region named "P1_BROWSER",  add this PL/SQL anonymous block to a "Before Header" process on the Apex page:

declare

   v_browser_string varchar2(512) := null;

begin

   v_browser_string := upper(owa_util.get_cgi_env('HTTP_USER_AGENT') ) ;

   if instr(v_browser_string,'MOZILLA/4.0') > 0       -- older browser
         or instr(v_browser_string,'MSIE 9') > 0 then -- IE9
      :p1_browser := 'OLD';
   else
      :p1_browser := 'NEW';
   end if;
    

end;

Unfortunately, when we have an IE9 browser, we can't tell what document mode the browser is in.  We could examine the client's IP address, too, but now we're introducing network variables into our code. And the end-user can switch document modes, too.   So, we'll just treat IE9 as an old browser.

Our modern browser region was laid out in three columns with <div> tags.  For older browsers, we can lay out the page with <table> tags:

<table width=100%>
  <tbody>
   <tr>
      <td width=20%>
         <!-- Column 1 content -->
      </td>
      <td width=40%>
         <!-- Column 2 content -->
      </td>
      <td width=40%>
         <!-- Column 2 content -->
      </td>
   </tr>
   </tbody>
</table>      

Next, we need to add a Condition to the modern browser region and the old browser region. The condition should be "PL/SQL Function Body Returning a Boolean", and the code should look like the first line for the modern browser region or the second line for the old browser region.

return :p1_browser = 'NEW';

return :p1_browser <> 'NEW';

Now when a browser requests our page, we detect the browser and display the region that is appropriate for that browser. Modern browsers get the <div> layout, older browers get the <table> layout, and our end-users see the same layout.

Finally, a rant and a plug. When I read Tanenbaum's Computer Networks, I was really impressed by how well written the book is.  Computer Networks was a pleasure to read; I can not say that about many technical books.  Why shouldn't a technical book read as well as a good novel?  Sure, we're all geeks, and we love to learn; but I could read Tanenbaum's book just for the fun of reading it.

Retirement

Cloud computing is the rage these days. As we migrate old systems to the cloud, we need to retire the old system that we left behind. This is usually a several step process: we start with the easiest step to implement and undo, and we finish with the most difficult step to undo.

Assuming that the retired application has its own schema, the easiest first step is to simply revoke all the privileges on the underlying database schema. We leave the data and the programs in place, and we simply deny all users other than the owner access to the database objects. If we're retiring a large system, there will be hundreds of grants to revoke. We would like an easy way to find all the grants and revoke them. Also, we would like an easy way to undo these changes!

I work in an Oracle shop, so we'll use the Oracle system catalog as an example. Using two two views in the Oracle catalog, we can find all the information we need to revoke every grant on the retired schema's objects.  The USER_TAB_PRIVS view shows all the objects where the schema is object owner, grantor, or grantee.  We want to revoke every grant where the schema is the grantor and owner of the object.   From USER_TAB_PRIVS we get the object name and the privilege.  The  USER_OBJECTS view shows us all the objects that belong to the schema.  From USER_OBJECTS we get the object type, and we use the object type to skip PACKAGE BODYs and TYPE BODYs, because the grants belong to the PACKAGE or TYPE, not the PACKAGE BODY nor TYPE BODY.

Here's our script.  We open a cursor from the join of the two views, we concatenate a string to revoke the privilege, and then we execute the string.   The SPOOL command writes the results in an output file. SQL/Developer does not support the spool command, so login to the retired schema and run this script using sqlplus.   If you're a bit nervous about running the script under the wrong user or schema, change the USER function to the quoted name of the schema instead.

set serveroutput on
spool 'Revoked_Grants.txt' 
begin

    for c in (

        select 'REVOKE ' || a.privilege ||
                  ' ON ' || a.table_name ||
                  ' FROM ' || a.grantee as revoke_command
        from user_tab_privs a
        inner join user_objects b
          on a.table_name = b.object_name
        where b.object_type not in ('PACKAGE BODY', 'TYPE BODY')
          and a.owner  =  user
          and a.grantor = user) loop
    
        dbms_output.put_line(c.revoke_command);

        begin
           execute immediate c.revoke_command;
        exception
           when others then dbms_output.put_line(' *** ' || sqlerrm);
        end;
   
    end loop;
   
end;
/
spool off

When we run this script, the spool command writes a file listing every grant that we revoked. In addition to logging the results for audit purposes, we can use this file to reverse the changes. Simply edit the file, change the REVOKEs to GRANTs, change the FROMs to TOs, save the file, and process it through  sqlplus. Now we have an easy way to revoke all the privileges and an easy way to restore them if necessary.