I'm a hacker! And Hyk-proxy

Ah, I'm a real hacker at last! That has been my dream since I started learning UNIX 20 years ago; being like Richard Stallman, Linus Torvalds or Alan Cox, and master any UNIX system.

Or at least so says Websense when I try to see this blog; I'm afraid they mean this new popular meaning of hacker, something like "people that enjoys stealing money with computers as a way of life". But I can't remember posting something like that in this blog; is it possible that knowledge of the ps command or the SQL select statement qualifies someone as a hacker? If so, then I can understand why there is a shortage of IT skilled people ...

Anyway, I started this blog as a mean to have access anywhere to my technical memories but Websense makes this impossible at my new assignment, unless I use something called a web proxy. I found Hyk-proxy, that is a nice proxy server that runs on Google Apps Engine service, and a client-side agent that acts as a proxy for browsers and sends requests to the GAE proxy server.

I have been using this software just one day but I think it's pretty good; I can access restricted sites like Blogger and everything seems fine and smooth even in my work's computer (just 512 Mb. of RAM), and when you complete the deployment of the server in GAE you can use the same software client in Linux or Windows or even carry it in an USB stick, because everything is written in Java.

I'm not sure if it's my fault or Hyk-proxy cannot handle HTTPS sites well, but I had some issues logging in Google and with Gmail (certificates); as long as Websense is not so strict at my workplace I decided to use Hyk-proxy for HTTP sites and a direct connect (or squid) for HTTPS sites. But there is a catch: you can send just one gigabyte and receive another gigabyte of data per day as a free service in GAE, therefore if you enjoy watching movies at YouTube or things like that then you might run out of quota very quickly.

I'm not going to explain this "hack" here because there is a well-written howto here, but in order to be able to deploy and run Hyk-proxy you will need to have a Google account, access to Google App Engine, Java, Eclipse and Google App Engine SDK installed in your computer, and download the Hyk-proxy software. As you can see it's not so easy to deploy it, but the howto and documentation are well-written and the setup scripts are very simple, and this software works like a charm.

Then, if you want to access some sites to work better or you just want to waste your time at the office, become a hacker for a few minutes and try Hyk-proxy.

sqlplus, ORA-27121 and Linux Error 13

You have an Oracle database running and everything is fine; you can login at the server with sysdba with no problem at all:

oracle@myserver:~$ sqlplus / as sysdba

SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 9 13:21:46 2011

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production

You can also connect to the database using a listener, but problems arise when you try to connect with an unprivileged user:

myuser@myserver:~$ sqlplus myusr/myusr@XE

SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 9 13:26:27 2011

Copyright (c) 1982, 2005, Oracle.  All rights reserved.


Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production

SQL> exit
Disconnected from Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production
myuser@myserver:~$ sqlplus myusr/myusr

SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 9 13:19:12 2011

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:
ORA-01034: ORACLE not available
ORA-27121: unable to determine size of shared memory segment
Linux Error: 13: Permission denied


Enter user-name: 
myuser@myserver:~$ set|grep ORA
ORACLE_HOME=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server
ORACLE_SID=XE

What is happening here? The database is up and opened, you can connect with sysdba or using a listener, but you cannot connect to the database with an ordinary user at the server.

The problem is very simple: you have to change the permissions on your $ORACLE_HOME/bin/oracle executable:

oracle@myserver:~$ ls -la $ORACLE_HOME/bin/oracle
-rwxr-x--x 1 oracle dba 74016776 May 24  2006 /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/oracle
oracle@myserver:~$ chmod ug+s $ORACLE_HOME/bin/oracle
oracle@myserver:~$ ls -la $ORACLE_HOME/bin/oracle
-rwsr-s--x 1 oracle dba 74016776 May 24  2006 /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/oracle

Doing so you will be able to connect to the Oracle database at the server with any account:

myuser@myserver:~$ sqlplus myusr/myusr

SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 9 15:01:10 2011

Copyright (c) 1982, 2005, Oracle.  All rights reserved.


Connected to:
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production

Another problem that might arise with the same root cause and solution is an ORA-12547 error:

myuser@myserver:~$ sqlplus myusr/myusr

SQL*Plus: Release 10.2.0.1.0 - Production on Tue Aug 9 15:01:10 2011

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:
ORA-12547: TNS:lost contact

It would be solved the same way:

oracle@myserver:~$ chmod 6751 $ORACLE_HOME/bin/oracle
oracle@myserver:~$ ls -la $ORACLE_HOME/bin/oracle
-rwsr-s--x 1 oracle dba 74016776 May 24  2006 /usr/lib/oracle/xe/app/oracle/product/10.2.0/server/bin/oracle

More information:

ora- shared memory segment
ORA-12547: TNS:Lost Contact From SqlPlus [ID 422173.1]