• I use a vaultwarden docker image on my DS420j NAS

• Vaultwarden is completely free

• I can use the standard Bitwarden clients (Desktop and Browser extensions)

• I can share my passwords between all my laptops (Mac OS, Linux and Windows)

• It has an integrated SSH agent, so I can use my SSH keys throughout my development stack on all my devices

Very important, make sure (on Mac OS) to use brew to install Bitwarden:

 brew install --cask bitwarden

then make sure that your environment is set correctly (I did it in my "~/.zshrc" file:

export SSH_AUTH_SOCK=~/.bitwarden-ssh-agent.sock

Finally, make sure that the MacOS environment is properly configured for VS Code to pick up the setting:

 launchctl setenv SSH_AUTH_SOCK "$SSH_AUTH_SOCK"

Now, when I open a git repo from gitlab, github or whatever git server, VS Code tries to open the SSH Agent and my Bitwarden desktop client asks me to authorize the request; Brilliant.

• Dominik H on the Oracle forum: https://forums.oracle.com/ords/apexds/post/opentelemetry-in-apex-24-2-2174

  • Steve Muench (Oracle) replied on this by pointing out a japanese website:
    https://apexugj.blogspot.com/2025/01/apex242-new-feature-opentelemetry.html

The blog is available in a gazillion languages through Google Translate, that helps a lot. Nevertheless I thought, let me rephrase Yuji in English and add English screenshots as well.

Support for OpenTelemetry in Oracle APEX 24.2

Yuji checked the settings for OpenTelemetry, a new feature added in Oracle APEX 24.2. As far as he can tell from 2.31 Java Script Library Upgrades in the Oracle APEX 24.2 Release Notes , the following libraries are built into the front end of Oracle APEX as the OpenTelemetry SDK:

2.31 JavaScript Library Upgrades

• @opentelemetry/api 1.9.0

• @opentelemetry/core 1.26.0

• @opentelemetry/instrumentation 0.53.0

• @opentelemetry/instrumentation-document-load 0.39.0

• @opentelemetry/instrumentation-fetch 0.53.0

• @opentelemetry/instrumentation-xml-http-request 0.53.0

• @opentelemetry/sdk-trace-base 1.26.0

• @opentelemetry/sdk-trace-web 1.26.0

In Oracle APEX 24.2, there is little configuration required to enable sending client-side telemetry data through OpenTelemetry.

Oracle APEX 24.2 introduces OpenTelemetry to Workspace Utilities .

Configure OpenTelemetry by setting the client logging service URL and token relay URL .

The APEX application's application definition user interface now includes a section for OpenTelemetry, where you set the product family .

It was unclear to Yuji what OpenTelemetry settings settings such as Client Logging Service URL , Token Relay URL , and Product Family corresponded to, but it appears that Oracle APEX 24.2's OpenTelemetry support is intended to send data to the observability framework provided by Oracle's SaaS products .

Since connecting to Oracle SaaS is difficult, we will implement the client logging service URL and token relay URL processing in Oracle REST Data Services to verify the operation of OpenTelemetry in Oracle APEX 24.2.

Creating your own collector

An OpenTelemetry-enabled APEX application sends trace data from the browser in HTTP/JSON format, compressed with gzip. The Client Logging Service URL is the destination for this data. This data format is likely to be received directly by an OpenTelemetry Collector receiver.

Create a table to store the received traces. Name the table OTEL_TRACES .

create table otel_traces (
    id         number generated by default on null as identity
               constraint otel_traces_id_pk primary key,
    trace      clob,
    created    date default on null sysdate
);

You can do this in the SQL-workshop or any other (more appropriate tool)

Now we have the table, we can create a rest-service on it:

I'll provide the scripts that create all services below as well.

The module name is OpenTelemetry and the module base path is /otel/

Create traces as a URI template in the created module OpenTelemetry.

Register the POST handler in template traces.
Write the following as a source . The received data is decompressed with gzip and the extracted JSON document is saved in the TRACE column of the EBAJ_OTEL_TRACES table.

declare
   l_uncompressed_blob blob;
   l_json              clob;
begin
   l_uncompressed_blob := utl_compress.lz_uncompress(:body);
   l_json := apex_util.blob_to_clob(l_uncompressed_blob);
   insert into otel_traces(trace) values(l_json);
   dbms_lob.freeTemporary(l_uncompressed_blob);
end;

The client logging service is now complete. Copy and record the full URL of the resource handler as you will set it as the client logging service URL.

Creating the Token Relay Service

The whole process however is a bit different than we are used to as APEX / ORDS service developers. Instead of providing a client-id / secret to the application, remember we only gave APEX a "Token Relay URL". This will be a public service that APEX will call to retrieve a token.

It will then use that token to call the Client Logging Service

The process below falls apart in these steps:

1. create rest client (Client-ID and Secret)

2. store these client-credentials within APEX builder

3. create the Token Relay service that will turn the client-credentials into a token

The OpenTelemetry implementation in Oracle APEX expects the client logging service URL to be protected with OAuth2 authentication, and the token relay URL is called to obtain the access token to be placed in the Authorization header.

Configure the module that implements the client logging service to require OAuth2 authentication when accessing OpenTelemetry .

Run the following script. It will secure the module OpenTelemetry with OAuth2 and print the client_id and client_secret needed to access it.

declare
  C_MODULE_NAME constant varchar2(40) := 'OpenTelemetry';
  C_ROLE_NAME   constant varchar2(40) := 'opentelemetry_client';
  C_PRIV_NAME   constant varchar2(40) := 'opentelemetry.priv';
  C_OAUTH_NAME  constant varchar2(40) := 'opentelemetry_client';
  l_priv_roles    owa.vc_arr;
  l_priv_patterns owa.vc_arr;
  l_priv_modules  owa.vc_arr;
  l_exist number;
  l_client_id     user_ords_clients.client_id%type;
  l_client_secret user_ords_clients.client_secret%type;
begin
  -- check if role C_ROLE_NAME is exist
  select count(*) 
  into l_exist 
  from user_ords_roles 
  where name = C_ROLE_NAME;
  if l_exist = 0 then
    -- create role
    ords.create_role( p_role_name => C_ROLE_NAME );
    dbms_output.put_line('Role ' || C_ROLE_NAME || ' is created.');
  else
    dbms_output.put_line('Role ' || C_ROLE_NAME || ' not created.');
  end if;
  -- check if privilege C_PRIV_NAME is exist
  select count(*) 
  into l_exist 
  from user_ords_privileges
  where name = C_PRIV_NAME;
  if l_exist = 0 then
    -- create priv
    l_priv_roles(1)   := C_ROLE_NAME;
    l_priv_modules(1) := C_MODULE_NAME;
    ords.define_privilege(
      p_privilege_name => C_PRIV_NAME
     ,p_roles    => l_priv_roles
     ,p_patterns => l_priv_patterns
     ,p_modules  => l_priv_modules
     ,p_label    => 'opentelemetry'
     ,p_description => 'priv for opentelemetry traces url'
     ,p_comments => ''
     );
    dbms_output.put_line('Privilege ' || C_PRIV_NAME || ' created.');
  else
    dbms_output.put_line('Privilege ' || C_PRIV_NAME || ' not created.');
  end if;
  -- check if oauth client is exist
  select count(*) 
  into l_exist
  from user_ords_clients
  where name = C_OAUTH_NAME;
  if l_exist = 0 then
    -- create oauth client
    oauth.create_client(
      p_name => C_OAUTH_NAME
     ,p_grant_type => 'client_credentials'
     ,p_description => 'access OpenTelemetry receivers'
     ,p_support_email   => 'your.email@example-domain.com'
     ,p_privilege_names => C_PRIV_NAME
     );
    dbms_output.put_line('OAuth client ' || C_OAUTH_NAME || ' created.');
  else
    dbms_output.put_line('OAuth client ' || C_OAUTH_NAME || ' not created.');
  end if;
  -- grant role to oauth client
  oauth.grant_client_role(
      p_client_name => C_OAUTH_NAME
      ,p_role_name  => C_ROLE_NAME
  );
  dbms_output.put_line('Role ' || C_ROLE_NAME || ' has is granted to OAuth user ' || C_OAUTH_NAME || '.');
  -- print client_id and client_secret
  select client_id
        ,client_secret
  into l_client_id
      ,l_client_secret
  from user_ords_clients
  where name = C_OAUTH_NAME;
  dbms_output.put_line('grant_type: client_credentials');
  dbms_output.put_line('client_id: ' || l_client_id);
  dbms_output.put_line('client_secret: ' || l_client_secret);
end;
/

Copy and record the client_id and client_secret that are printed as you will need them when creating web credentials for APEX .

declare
  C_ROLE_NAME  constant varchar2(40) := 'opentelemetry_client';
  C_PRIV_NAME  constant varchar2(40) := 'opentelemetry.priv';
  C_OAUTH_NAME constant varchar2(40) := 'opentelemetry_client';
  l_exist number;
begin
  -- delete OAuth client.
  select count(*) 
  into l_exist
  from user_ords_clients 
  where name = C_OAUTH_NAME;
  if l_exist = 1 then
    oauth.delete_client( p_name => C_OAUTH_NAME );
    dbms_output.put_line('OAuth client deleted.');
  end if;
  -- delete privilege.
  select count(*) 
  into l_exist
  from user_ords_privileges 
  where name = C_PRIV_NAME;
  if l_exist = 1 then
    ords.delete_privilege( p_name => C_PRIV_NAME );
    dbms_output.put_line('Privilege deleted.');
  end if;
  -- delete role.
  select count(*)
  into l_exist
  from user_ords_roles
  where name = C_ROLE_NAME;
  if l_exist = 1 then
    ords.delete_role( p_role_name => C_ROLE_NAME );
    dbms_output.put_line('Role is deleted.');
  end if;
end;
/

Open the Workspace Utilities Web Credentials and create a new web credential.

Create a web credential named OpenTelemetry with a static ID of OPENTELEMETRY . Select OAuth2 Client Credentials as the authentication type.

Enter the client_id value printed as a result of running the script above as the client ID or username , and the client_secret value as the client secret or password.

That's it.

A web credential , OpenTelemetry (Static ID: OPENTELEMETRY ), has been created.

Create a service in Oracle REST Data Services that uses these web credentials to obtain an access token - this service will be your token relay .

Open the RESTful service and create a module, name it OpenTelemetry-Auth and use the base path / otel-auth/.

There are two solutions:

• Start the datamodeler by running the “./Datamodeler.app/Content/MacOS/datamodeler.sh”

This is what I did for a couple of moths. Cumbersome, but it works! I created a “.command” file in the /Applications folder, so I could double-click that to start the datamodler.

The downside of course is that it will also start a terminal window. This must be closed manually after use of the modeler.

• Start the modeler with a double-click as we’re used to

For this you need to right click the Datamodeler.app file:

uncheck the “Open using Rosetta” tick-box.

You’re done.

I use Google authentication a lot, and always used the “fa-google” icon on the button that allows such authentication. Without even thinking about it. This morning suddenly I thought: What other icons do I have?
I therefore went to the link on github and had a look. To my surprise I couldn’t find any of them. They were however properly displayed in my app. So where are they defined and what other icons are available?

Looking at the HTML and CSS of my displayed google icon I found that these “extras” do heavily rely on the font-apex.min.css however they are not defined there. Their definition is in Core.min.css, part of the universal theme.

Here is a list of icons that we can find there:

All css classes are prefixed with “fa-”. Just like you’re used to with other font-apex icons.

I hope the APEX team reads this… :-) I do have some ideas for other brands to be included:

• apple (fa-apple)

• android (fa-android)

• bluesky (fa-bluesky)

• hashnode (fa-hashnode)

• windows (fa-mswindows)

• mac-os (fa-macos)

Next to all these “branded” icons we now also have “flag-icons”:

A full list of flag-icons can be retrieved with following SQL:

select * 
  from APEX_DG_BUILTIN_FONTAPEX 
 where ICON_CATEGORY = 'FLAG' 
 order by icon_name

The first time I met Joel was at the OGH (now NLOUG) conference APEX-World in Zeist. I think it was the last time the conference was held at the Figi Hotel there. I felt so honored to have met him.

But I remember him on so many more occasions and am happy I was able to introduce him to my wife Indyra and son Eric one Saturday. It was this Saturday that we spent having a beer (or some..) at the monastery close to my home-town of Tilburg (https://uk.latrappetrappist.com/gb/en.html?uri=/content/latrappe/gb/en.html) We were practicing his presentation that he would do next Monday.. The result you can see below.

Joel, you are still in our prayers... I am convinced you are in the presence of the Lord we both love. If anybody ever showed to be worthy of such a privilege it is you. I thank you for having been in my life.

Here is how I do that.

function auth_pwgen return varchar2 is
  l_pos integer;
  l_pw  varchar2(100);
  l_c   varchar2(100) := 'bcdfghjklmnprstvwz'; --consonants
  l_v   varchar2(100) := 'aeiou'; --vowels
  l_a   varchar2(100) := l_c || l_v; --both
  l_s   varchar2(100) := '!@#$%^&*()';
begin
  --use three syllables...
  for ii in 1 .. 3
  loop
    l_pw := l_pw || substr(l_c, trunc(dbms_random.value(0, length(l_c))), 1);
    l_pw := l_pw || substr(l_v, trunc(dbms_random.value(0, length(l_v))), 1);
    l_pw := l_pw || substr(l_a, trunc(dbms_random.value(0, length(l_a))), 1);
  end loop;
  --... Make one Uppercase
  l_pos := round(dbms_random.value(1, length(l_pw)));
  l_pw  := substr(l_pw, 1, l_pos - 1) 
        || upper(substr(l_pw, l_pos, 1)) 
        || substr(l_pw, l_pos + 1);
  --... and add a nice number
  l_pw := l_pw || round(dbms_random.value(10, 99));
  --... and add a special character
  l_pw := l_pw || substr(l_s, dbms_random.value(1, length(l_s)), 1);

  return l_pw;

end auth_pwgen;

PL/SQL developer connects to the database using an Oracle Client. This can be a full blown client or it can be the InstantClient. I use the latter.

You must have heard about Oracles “Always Free Autonomous cloud”. I love it.

When you create a database and must connect to it, be it SQL Developer or an OCI using program (like PLSQL Developer). You first must dowload a wallet. We should make a small change to our sqlnet.ora file and copy the entries into our tnsnames.ora. This works like a charm, until you must connect to multiple databases, in multiple domains.

I solved it as follows:

1. My client resides in C:\Oracle\

2. My windows environment says: TNS_ADMIN = C:\Oracle\

3. I created an extra folder structure:

   1. C:\Oracle\wallets\devdomain

   2. C:\Oracle\wallets\tstdomain

4. The wallet.zip for the devdomain I placed in the “devdomain” directory and of course the tstdomain.zip I placed in “tstdomain” and unzipped both in their folders

5. I didn’t touch the sqlnet.ora for me it looks like
   SSL_SERVER_DN_MATCH=yes

6. I refer to the wallet location in the tnsnames.ora file:

    oraconfxdev_high.richardmartens.oci = 
       (description= (retry_count=20)(retry_delay=3)
          (address=(protocol=tcps)(port=1522)
             (host=adb.eu-amsterdam-1.oraclecloud.com))
       (connect_data=
          (service_name=something_goes_here_high.adb.oraclecloud.com))
       (security=
          (MY_WALLET_DIRECTORY = "C:\the\dir\containing\unzipped\wallet")
          (ssl_server_dn_match=yes)))
   

So I added the line that says where this entry should take the wallet from. (MY_WALLET_LOCATION)

Now PLSQL Developer is able to connect to all my instances, however before switching from one DB to another I first nicely must log-off. Logging on into a database while still connected to another gives me a ORA-12529: TNS:connect request rejected based on current filtering rules.

Logging of before establishing a new connection is something I can live with.

Regards,
Richard

In the Agile world, Kanban and Scrum have been seen as separate frameworks/practices, but as we all know Scrum teams practice Kanban as well.

With this guide, The practice of Kanban within Scrum is formalized without adding or deducting anything from Scrum or Kanban but recognizing the strength of using both.

We probably can learn a lot and improve our Kanban practices, so that’s why I proposed doing a Kanban workshop, so we can look at this guide and see how we can improve flow, focus and collaboration using Kanban.

Please download the file below

2018 Kanban Guide for Scrum Teams_0

The solution lies in creating a proxy in between your database and the final API endpoint.
Like this:

1. your pl/sql program uses UTL_HTTP or APEX_WEB_SERVICE.MAKE_REST_REQUEST to do the API-request to your Apache proxy.

2. The proxy uses its configuration to forward the request to the final endpoint

3. The endpoint replies to your proxy

4. Your proxy reverse proxies it to the requesting code inside your database

In this drawing the green numbers are regular HTTP requests and the orange numbers represent HTTPS requests and responses.

This all sounds very promising. Getting rid of the Oracle wallet seems like a good idea. However you can set the greens to be HTTPS as well, in which case you only need to have one certificate in your wallet.

Considerations

• My Oracle database server uses a private IP range.

• My Apache server is accessible from the internet, but has a second network interface connected to the private IP range.

Setting up your proxy

Setting up the proxy consists of creating a new (virtual) site on your server. I chose to use the domain "revprox.local" because this domain will never get resolved into a real IP-number:

I now need to edit the httpd.conf for my apache server:

RewriteEngine On
ProxyVia On

## proxy for linkedin
ProxyRequests Off
SSLProxyEngine On


  Order deny,allow
  Allow from all


ProxyPass        /www.linkedin.com/     https://www.linkedin.com/
ProxyPassReverse /www.linkedin.com/     https://www.linkedin.com/
ProxyPass        /api.linkedin.com/     https://api.linkedin.com/
ProxyPassReverse /api.linkedin.com/     https://api.linkedin.com/

As you see in the linked-in API documentation, all API endpoint either are on https://www.linkedin.com/ or on http://api.linkedin.com. It is therefore sufficient to define these two in my httpd.conf.

Setting up your database

As I mentioned before, the url http://revprox.local will never resolve into anything useful. We must tell the database what to do when a request for revprox.local comes around.

We now only need to alter the /etc/hosts file as thus:

192.168.1.1     revprox.local

The trick lies in the last line:

• 192.168.1.1 is the private IP number of my apache-proxy

• In the example I removed extra lines that are not relevant for my story

Making a web-request

Now we set up the proxy and made changes to the /etc/hosts file we can actually start using them.

For example, when getting an oauth2 token from linked-in, the documentation tells us to make a request to:

https://www.linkedin.com/uas/oauth2/accessToken

Instead we will be stubborn and use:

http://revprox.local/www.linkedin.com/uas/oauth2/accessToken

as the API endpoint.

That's all folks.