Oracle Redaction in the 12c Database: Advanced security for regulatory compliance

May 8, 2015 at 3:56 pm | Posted in Oracle, Technical Tips | Comments Off on Oracle Redaction in the 12c Database: Advanced security for regulatory compliance
Tags: ,

Oracle Redaction in the 12c database is part of the Oracle Advanced Security package. It can be used as a standalone feature, or together with other components of Advanced Security. Oracle redaction allows you to set up policies so that when column data is retrieved, it can be masked or hidden from the person performing the query. It can affect all or part of the data in a column and the data can be any of the more common datatypes that Oracle supports. Redaction allows you to comply with industry regulations such as the Payment Card Industry Data Security Standard as well as the Sarbanes-Oxley Act.

You’ve probably already seen this feature at work when you receive documents from the government or your bank with key data partially hidden, such as social security numbers and credit card numbers. Social security numbers are commonly masked to allow only the last 4 digits to be read, appearing as ***-**-1234. Salary is another column that is commonly redacted in reports.

The key to using redaction is the Oracle supplied package DBMS_REDACT and the procedures and functions contained within it. The procedure DBMS_REDACT.ADD_POLICY allows you to set up a policy on a column of a table or view. For example, view the following statement:

DBMS_REDACT.ADD_POLICY(
object_schema   =>  ‘bob’,
object_name     =>  ‘employee’,
column_name     =>  ‘salary’,
policy_name     =>  ‘protect salary in bobs employee table’,
enable          =>  TRUE
)

This statement will create a new policy with the given name on the salary column of the employee table in the schema called bob. Note that all the arguments of this procedure are IN, and that the arguments shown are all VARCHAR2 with the exception of enable, which is BOOLEAN. This policy will be enabled as soon as it’s created, and it will apply to all users except SYS and any other user who happens to have the system privilege called EXEMPT_REDACTION_POLICY. Further, it will redact the entire salary column and use a 0 as the default masking character, since the datatype of the salary column is number.

All of these defaults can be changed to create complex rules with the logic encapsulated in the policy. For example, you may want the policy to apply only to users who have a particular role or who are logged in at a particular time. You also might want the salary to be displayed as a series of $ signs instead of a zero, and if you were performing redaction on social security number, you may only want to redact part of the column so that the last 4 digits are still visible. This procedure has additional arguments that allow you to do all of these things and more. You can even redact a number column such as salary so that the column appears as a random number rather than the true value or a 0. I’m hard pressed to think of a business example where you might want to use this feature, so if you have a  good example, PLEASE reply to this blog and let me know in the comments!

Redaction should apply to read-only situations, since you don’t want a user to update a column in a row without being able to see the old value in the column, or even the new value for that matter.

As far as SQL statement processing is concerned, the redaction is the very last thing that occurs.  In the past you may have said to yourself that the last thing done in a SELECT statement is to sort the returned rows if the ORDER BY clause is part of the query.  Now we have one more potential step that might be performed on the returned rows after the sort: namely, the redaction.

This post just scrapes the surface of everything you can do with this tool.  My hope is that I’ve been able to stir your interest in this topic if you have applications where redaction  is appropriate.  More information about redaction can be found in Chapter 9 of the Oracle 12c Advanced Security Guide.  Click this link if you’d like to become more familiar with this tool:  http://docs.oracle.com/database/121/ASOAG/redaction_features.htm#ASOAG601

Thanks,

Bob, the OrclTestGuy

Oracle One-Test Catch-Up Certification Opportunities for OCA and OCP in 12c

October 14, 2014 at 9:01 am | Posted in Certification Paths, Oracle | Leave a comment
Tags: , , , ,

Are you one of those individuals who has allowed your Oracle Database Administrator or Oracle Developer Certification to expire because you’ve been too busy to keep up with the required exams – not to mention any potential classroom training? Is your most recent Oracle certification back at release 9i (or even Oracle7), and are you looking for a way to pole-vault to a newer release, such as 11g or 12c?

There’s good news for you folks. Oracle has provided some new certification paths to help you upgrade to 11g or 12c via a single exam (plus any required training).  Here are the specifics on the new upgrade paths.

Oracle Certified Professionals (OCP): 7, 8, 8i, 9i, 10g, 11g to OCP 12c

If you are an existing Oracle Database Administrator Certified Professional (OCP) from Oracle7 or above, you now have a one-exam option to upgrade to the new  Oracle Database 12c Administrator Certified Professional certification with no required training. Exam 1Z0-060, Upgrade to Oracle Database 12c, is available from Oracle.

upgrade all to12c 060

Note that while coursework is not mandatory, Oracle does recommend you take the optional training course, Oracle Database 12c: New Features for Administrators.

Oracle DBA Certified Associates (OCA): 9i, 10g, 11g to OCP 12c

If you are an existing Oracle Database Administrator Certified Associate (OCA)  from Oracle9i or above, you now have a one-exam option to upgrade to the new  Oracle Database 12c Administrator Certified Professional certification. Exam 1Z0-067, Upgrade Oracle9i/10g/11g OCA to Oracle Database 12c OCP, is available from Oracle.

Upgrade to 12c OCP with exam 1Z0-067.

Oracle has traditionally required that you take classroom instruction when upgrading from an OCA to an OCP, and it is required that you complete one course before sitting the exam. You can view the list of qualifying courses here.

Oracle Certified Associates (OCA) 12c to OCP 12c

If you’ve already earned your Oracle Database Administrator Certified Associate (OCA) in Database 12c, you can take one required course (listed on the Professional Level Certification tab) plus exam 1Z0-063, Oracle Database 12c: Advanced Administration.

upgrade 12c OCA to OCP

Oracle Certified Associates (OCA): Upgrade 9i or 10g to 11g OCP

If you currently have your 9i or 10g OCA for Database Administration, and you’re not ready to go all the way to Database 12c, then successfully completing exam 1z0-034, Upgrade Oracle 9i/10g OCA to Oracle Database 11g OCP plus one required Oracle class will upgrade your current OCA certification to the 11g Oracle Database 11g Administrator Certified Professional certification.  You’ll want to review the exam topics for 1z0-034 on the Oracle certification website (choose the tab Exam Topics next to the Exam Preparation tab).

upgrade to 11g 034

Again, Oracle requires classroom instruction when upgrading from an OCA to an OCP. You can view the list of qualifying courses here.

Oracle Certified Professionals (upgrade to 11g or 10g)

Oracle also retained the earlier one-exam upgrades for the older generations of Oracle.

Is the one-exam approach right for you?

A single-exam upgrade to jump from Oracle7 or Oracle9i to Oracle Database 12 can be an amazing bargain for the right certification candidate. Some potential drawbacks to this approach, however, would be that the candidate must take a more difficult exam with a much larger question base than the tests in the conventional two-exam upgrade path. Where a conventional two-exam certification might have an 80-count or 90-count question pool, there can be up to three times as many in the all-in-one test. You must be sure to allocate enough study time to cover the volume of material that you’ll be tested on.

Another consideration is whether the candidate with an older generation of Oracle OCA needs certification in 11g. Earning a 12c certification does not automatically add the corresponding 11g credentials to your transcript. You must be separately certified in 11g to add that credential, which may be the one a potential or current employer is looking for.

Transcender has you covered with Oracle test prep products. We have already released Cert-1Z0-034, Cert-1Z0-060, and Cert-1Z0-067. And, for those who wish to move forward with new Database 12c certifications, we have 1Z0-063 in production, with a projected publication date late in the fourth quarter.

Best of luck!

Bob Bungenstock, aka OrclTestGuy

Oracle rolling out 12c certifications; grab your exam in beta for a substantial savings

December 26, 2013 at 8:48 am | Posted in Certification Paths, Oracle, Vendor news | Leave a comment
Tags:

Oracle has recently released or announced the incipient release of several Oracle Database 12c exams. While still in the beta stage, exams are only $50; once released to production they are available for full price, typically $245. If you think you have the chops to ace the exam in beta, it’s an amazingly good value (however, there’s nothing wrong with taking the time to bring yourself up to speed on a new generation of tech).

The following exams have been released to market, and are available from Pearson Vue:

The following will be released in beta soon:

To learn how to register for a beta exam, visit Oracle’s beta exam information page.

To find out about upcoming beta exams, visit Oracle’s Certification Blog.

As a final reminder, Oracle will be retiring several MySQL 5 Database exams in March 2014. For more information, visit Oracle’s exam and certification retirement page.

Oracle University is seeking YOUR Java EE 7 input for a Job Task Analysis Survey

September 26, 2013 at 9:17 am | Posted in Oracle | Leave a comment
Tags: , , ,

Have you ever wondered how vendors actually build their certification exams, or choose the learning objectives for their courseware? Although they employ instructional designers and content writers, vendors also rely heavily on subject matter experts: the people “in the real world” who use the technology day in and day out.

Oracle Certification and Server Technologies Curriculum Development are in the process of building two new Java EE7 Certification exams. They write:

An Oracle certification is typically associated with a particular role related to a single technology. In the case of Java EE7, the technology is very broad and comprehensive. We are looking to you and the industry to validate our definition of these job roles. Our assumption and preliminary investigation shows that programmers and developers working with Java EE technology design and create applications using front-end technologies and/or server-side enterprise technologies.

If you have two to four years experience using the previous Java EE technology versions, or if you are involved in hiring Java programmers for front-end and server-side development, then Oracle wants your input to help shape the next release of certification exams.

Click the link to go to the survey (closes on 30 November 2013):

New to Oracle 11g: The Server Result Cache

November 5, 2012 at 12:30 pm | Posted in Oracle, Technical Tips | Leave a comment
Tags: ,

If you’ve been using the Oracle database for as many years as I have, I’m sure you’ve noticed how Oracle tends to tweak the contents of the SGA from one release to the next. Oracle release 11g is no exception to that trend, and starting with this release we now have two more caches in the Shared Pool: one called the SQL Query Result Cache and another called the PL/SQL Function Result Cache. These two caches differ from virtually all of the remaining memory areas of the SGA in that the data stored in these two buffers are NOT blocks of data. Rather, the data stored is stored in terms of returned rows from either a SQL or PL/SQL command.

Why might Oracle choose to store the results of a user’s SQL command or the return results of a user’s PL/SQL function? Simply put, if a request for a query comes along that is identical to a previous query request that Oracle had stored in one of these buffers, then it’s possible for Oracle to re-use that prior result set. This technique is even better than checking to see if the commands are identical, so you can potentially save reparsing. If the prior result set matches the new request, and the prior result set is stored in the buffer, then we can skip the effort of parsing as well as any logical or physical reads to bring blocks into the database buffer cache. Obviously, Oracle has to be sure that the result set is still accurate before deciding to use it based on a subsequent SQL statement.

Oracle has the overall responsibility for managing these two new memory areas, but you can influence the optimizer using hints such as RESULT_CACHE, the DBMS_RESULT_CACHE package, and the RESULT_CACHE_MODE init.ora parameter. The following link in the Oracle 11gR2 documentation set,
http://docs.oracle.com/cd/E11882_01/server.112/e25789/memory.htm#CNCPT1920,
will take you to an overview explanation of these two buffer caches. It will also provide links to the details of the SQL Result Cache and another to the PL/SQL Function Result Cache.

Until next time,
— Bob the OrclTestGuy

“C” Is For Cloud

July 31, 2012 at 8:34 am | Posted in Oracle | Leave a comment
Tags:

It’s possible that you may have seen Larry Ellison, the CEO of Oracle Corporation, discussing Oracle’s philosophy, offerings, and advantages as it relates to cloud computing. It’s one of Larry’s favorite topics, and to hear him speak he’d say that cloud computing is something that Oracle has been working on for almost 7 years. And what Larry is referencing is Oracle’s efforts to rewrite all of Oracle’s ERP applications into something called Fusion. Fusion is Oracle’s Open Source project to replace the entire stack of applications from Oracle’s e-business suite, PeopleSoft, and JD Edwards. The fusion applications (of which there are just over 150) and its associated 11g R2 database, along with the Enterprise Manager 12c Cloud Control, provide you with the power to monitor and manage all of these features, regardless of whether your application is sitting on a server in your own datacenter (private cloud) or a server in Oracle’s datacenter (public cloud). And because of the Open Source standards, it’s easy to move your application from your datacenter to Oracle’s, or from Oracle’s datacenter back to your own.

Oracle’s initial Application Services offerings appear to be in the areas of Fusion CRM and Fusion HCM. Customer Relationship and Human Capital comprise a big chunk of the ERP, but it’s certainly not all-inclusive. I think we can safely assume that more components should be arriving shortly. Each application also provides “built-in” social networking to identify teams and provide tools for collaboration among the team members. This appears to be something Oracle picked up in its recent acquisition of the social media company Involver. And the data that Oracle collects from its social media links will be thoroughly analyzed to detect trends, buying habits with the help of the purchase of another company specializing in social analytics, All Things Digital.

Oracle hasn’t ignored those who may want to build their own custom cloud solutions using open standards. Oracle’s public cloud currently provides platform services for a Java Application Server as well as the 11gR2 database. And Oracle emphasizes the ease of moving applications from your private cloud to a public cloud, and then to another public cloud, and so on back to your own private cloud. According to Oracle, this is all made possible because open standards (such as SQL and Java) are used to build the apps. And the tool which allows Oracle to deliver the database as a service is called vFabric Data Director 2.0 from VMware.

I believe the jury is still out on whether this technology is here to stay. For organizations who want to simplify their investment in IT or provide opportunities for their developers to pursue more challenging opportunities this may be a wise decision. If you have any experience with any vendor’s public cloud, please share them with us on this blog.

Thanks for reading and sharing!
OrclTestGuy

MERGE your application to improve performance

April 23, 2012 at 2:09 pm | Posted in Oracle, Technical Tips | Leave a comment
Tags: ,

Hello, Oraclites. Have you taken a look at the new (well, relatively new) MERGE command that is now part of ANSI SQL?  In many cases, incorporating the MERGE command into your application can replace writing a 10 to 20 line program in PL/SQL. And that will lead to significantly improved performance.  This is definitely one of those cases where “less is more.”

How does MERGE work?

The MERGE command functions as either an INSERT command or an UPDATE command all in one,  depending upon a condition that you specify.  And just like INSERT and UPDATE, the new MERGE command is a DML command.  If you totally hose your data trying out the new MERGE command, you can do a ROLLBACK.  No harm, no foul.

Here’s an example that everyone can probably relate to.  WIDGETS Incorporated has 10,000 active and inactive employees, and thus 10,000 rows in the emp table.  The column status contains an I for inactive employees, and an A for active employees.

Here is the description of the emp table:

id          NUMBER(5) PRIMARY KEY
name        VARCHAR2(20) NOT NULL
dept        VARCHAR2(10) NOT NULL
salary      NUMBER(10,2)
hire_date   DATE
status      CHAR(1)

There’s also a new_emp table created by HR and used nightly to update the emp table. HR assigns a new unique ID to new employees who have never worked for WIDGET before, but those who have are reassigned their previous ID. The number of rows in new_emp varies night by night, but averages around 20 rows. Usually one or two out of the 20 represents a rehire. The structure of the new_emp table is exactly the same as the emp table; only the data is different.

What HR wants to do, and the MERGE command allows them to accomplish, is to add the personnel data for a new hire who has never before worked for the company, and assign that employee a status of A (for active). In the same pass through the data, the command should update the emp table by locating inactive employees who have been rehired.  When those records are found, the status should be changed from Inactive to Active, and the starting salary when this person is rehired should be updated in his or her row in the emp table. We’ll take care of updating the other columns later.

MERGE INTO emp E
USING (SELECT id, name, dept, salary FROM new_emp) N
ON (e.id = n.id)
WHEN MATCHED THEN UPDATE SET E.dept = N.dept, E.salary = N.salary, E.hire_date = sysdate, E.status = ‘A’
WHEN NOT MATCHED THEN INSERT VALUES (N.id, N.name, N.dept, N.salary, SYSDATE, ‘A’);

This should solve their problem!  The merge (either Inserts or Updates) are going to happen to the emp table.  We are going to use the data returned by the SELECT to compare each returned row with each row in emp to determine if the values of id are equal.  If they are, we’ll do the update in the “WHEN MATCHED” clause.  If they aren’t equal, we’ll do the INSERT in the “WHEN NOT MATCHED” clause.

That’s pretty neat, and what’s really great is we don’t need to write a program to accomplish it. Furthermore, we can deal with all the rows in a single pass of the data.

If you like this, take a look at multitable INSERTS, another great feature for developers and DBAs.

–Bob the OrclTestGuy

Using Function-Based Indexes to Improve Oracle Performance

April 6, 2012 at 10:08 am | Posted in Oracle, Technical Tips | Leave a comment
Tags: ,

There are a number of reasonably easy steps that database administrators and database developers can take to improve the performance of both an Oracle database and the applications that run against the database. Some of these steps would probably be considered the responsibility of the DBA; others would typically be handled by the application developer. Of course, there are a number of shops where the IT professional wears multiple hats, so I’ll just provide the tuning information and leave it to you to determine who in your shop might find this useful.

Function-Based Indexes

Let’s take a look at the world of indexes when it comes to speeding up data retrieval. Normally, it would be good practice to put an index on a column of a table when the following conditions are met:

  1. The table is relatively large.
  2. The column doesn’t have many nulls.
  3. The data in the column has good cardinality.
  4. There isn’t a lot of DML activity against that column going on in your database.
  5. Your application code often uses that column to search or sort.
  6. The indexed column isn’t typically involved in a mathematical expression or a function.

Take a look at this code:

SELECT student_id, major, class, advisor FROM students WHERE last_name = ‘Monsalvatge’

Assuming there are thousands of rows in the students table, and that there are very few rows where last_name is NULL, there are very few last names that are identical, last names don’t need to be updated often, and that our statement runs many times during the day, then according to the 6 rules above it would be a good idea to create a B-tree index on that column. (I wrote more about B-tree indexes in this post here.)

But now consider this situation. Suppose the way last names got entered into the table wasn’t very well controlled. Different users used different capitalization standards when they entered the last names. Some had the last name in all caps, some had it in mixed case, and others had it in all lowercase. If the last name stored in the database is ‘MONSALVATGE’ or ‘monsalvatge’ or ‘MonSalvatge’, it will not match the literal ‘Monsalvatge’ string in the SELECT statement, regardless of whether there is or isn’t an index on the last_name column.

But you’re a smart person, so you have a fix. You write your code like this:

SELECT student_id, major, class, advisor FROM students WHERE INITCAP(last_name) = ‘Monsalvatge’

Now the SELECT statement will find what it’s supposed to find regardless of how the capitalization of last_name is stored in the database. Good job!

That’s the good news, but there’s some bad news as well. Remember that index we built on the last_name column? It’s still there, but guess what? According to rules above, the column we have indexed (at least in this specific SELECT statement) is having the function INITCAP applied to the column before the WHERE clause comparison is made. When that happens, the optimizer is unable to use the index on that column. The same would be true is we performed any other manipulation or function to the last_name column.

Consider this SELECT:

SELECT student_id, major, class, advisor FROM students WHERE tuition > 5000

In this case, if the six conditions listed above are met, then you probably want an index on the tuition column. However, if there was B-tree index on the tuition column and your SELECT was written like this:

SELECT student_id, major, class, advisor FROM students WHERE
tuition + 1 > 5000

then the optimizer would be unable to use that index because it has a mathematical expression on the index column (namely, add 1 dollar).

Interestingly enough, this SELECT statement is logically equivalent to the previous one:

SELECT student_id, major, class, advisor FROM students WHERE
tuition > 5000 – 1

Recall from algebra class that adding 1 (one) to the left side of an equation or inequality is the same thing as subtracting 1 (one) from the right-hand side. Furthermore, the optimizer, when building the parse tree and execution plan, will be able to choose using that index on tuition, since the functions and/or mathematical work is on the other side of the equation/inequality.

So how do you solve this dilemma? If you don’t put in the function to adjust the capitalization on last name, then you won’t get all of the correct answers. That’s unacceptable! If you put the INITCAP function into your SQL statement, you will get all of the correct answers, but the performance will take a hit since the optimizer won’t be able to use the index you created on last_name.

To give you the best of both worlds, Oracle created function-based indexes. This is simply an index that is built, not on the column, but on the function or mathematical expression defined on the column. For example, to create an index on the INITCAP function applied to the last name column, you simply type the following:

CREATE INDEX my_func_indx_1 ON students(INITCAP(last_name))

And, if you want to create an index on the tuition column plus $1, you would simply type the following:

CREATE INDEX my_index ON students(tuition + 1)

You can even have more than one function-based index on the same column. For example, you might have one index on the INITCAP of last_name, and another on the UPPER of last_name.

Search your application code, and I’ll bet you that there are a number of places where these function-based indexes will speed up the performance of your queries.

Until next time,

–Bob the orcltestguy

Rebirth of the Webinar

March 16, 2012 at 10:14 am | Posted in Oracle, Technical Tips, Vendor news | Leave a comment
Tags: , , , , ,

As a technology professional, it is not uncommon to find yourself attending product training and demonstrations. Luckily, many of these events no longer require expensive face-to-face time. Unfortunately, the term webinar leaves a bad taste in many people’s mouths. That’s because often these events boil down to a poorly organized sales meeting led by a person that likes the sound of their own voice. Don’t judge….you know what I’m talking about.

So, when I attended the Oracle Virtual Developer Days for WebLogic Server 12c and Java 7, I was not expecting anything beyond the standard webinar. I could not have been more wrong! Their functional presentation and depth of information blew me away.  Besides the requisite keynote session, there were breakout tracks that included a focused Q/A and hands-on labs and even a networking lounge to chat with other attendees. Overall, the experience was engaging, easy-to-navigate and best of all, educational.

Virtual Campus

Virtual Sessions

I had only minor hiccups with the video streaming, and those were quickly addressed using the chat, where moderators helped to resolve this (among many, I’m sure) issue. All of the presentations were pre-recorded, so I could pause and rewind as needed. The hands-on-labs required me to download and install software prior, but this was a lot less buggy than working in virtual cloud.

Having used this dynamic Oracle Developer Day platform, I am now spoiled. We can only hope other vendors take a page from Oracle and up their virtual education game to this level. I’ll keep you posted on any other webinar gems, and if you’ve attended one that you loved be sure to share the new here.

–Josh Hester

“Divide and Conquer” with partitioning in Oracle

February 29, 2012 at 5:25 pm | Posted in Oracle, Technical Tips | Leave a comment
Tags: ,

One of the best features of the Oracle RDBMS over the last ten years has been partitioning. If your shop needs to handle large volumes of data, if you are running OLAP applications, if you often need to move datasets around, if you are responsible for staging data for a rolling  twelve-month period, or if you want to improve the performance of you SQL statements, then this is the tool for you!

The basic idea behind partitioning is “divide and conquer”. We’re going to take a very large object (such as a table with six million rows), divide it into logical piece parts, and then manage the smaller pieces. Oracle provides us with a number of different strategies on how we can divide our data. If your data represented orders from your customers, and that was a stored column in the table, you could partition your data by order date. You could break the data into twelve partitions, one for order data for each month over the past year. You could also break your table data into partitions by a selected range. For example, all customers whose last name begins with A – C could go in partition 1, D – H into partition 2, etc.

Another way to “divide and conquer” is to partition by a list when you have discrete values. For example, customers who live in Illinois and Indiana go into partition 1; Pennsylvania, Ohio, and Kentucky go into partition 2; and so on.

Now that you’ve got the idea, let’s talk about the benefits of this tactic. If you can divide your data into 10 partitions, each partition can go into its own tablespace. Radical, huh? That means if you need to move the customers whose last names begin with A – C, you only need to move that single partition, not the entire table. If the data is divided into ten partitions of approximately the same number of row, you will only need to move 10% of the data, instead of 100%. The same is true if you only need to back up one specific partition; your typical O/S tasks would only take 10% of the time they used to take.

The optimizer is also aware of partitioning. If you query your customer table looking for a customer whose last name is Baker, the optimizer knows that it only needs to search in Partition1, since this partition contains customers whose last names range from A – C. You don’t have to spend any time searching through the other nine partitions, because Oracle knows it will never find what you’re looking for in any of the remaining partitions. You can also choose to create an index on just that partition.

There’s still a lot more to know about partitioning, and I encourage you to take a look at it, especially if the size of your Oracle datafiles is starting to become unmanageable, and you’re seeing a degradation of performance at the same time.

Start with the following resources:

Oracle Database Concepts 11g Release 2 (11.2)
Chapter 4  Partitions, Views, and Other Schema Objects
http://docs.oracle.com/cd/E11882_01/server.112/e25789/schemaob.htm#CFAGCHCD
Also, another title that is related to this topic is VLDB Oracle® Database VLDB and Partitioning Guide 11g Release 2 (11.2), Part Number E25523-01. Chapters 2, 3, 4, 5, 6, and 7 all address partitioning.

I hope that you can learn whether this technique is something that could benefit you and your organization.
The OrclTestGuy

Next Page »

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: