Beside its an opensource and supported by community, what's the fundamental
differences between PostgreSQL and those high-price commercial database (and
some are bloated such as Oracle) from software giant such as Microsoft SQL
Server, Oracle, and Sybase?
Is PostgreSQL reliable enough to be used for high-end commercial
application? Thanks
Jul 20 '05
125  14540 
Dmytri Kleiner (qu***@syntac.net) writes: Good thing that you only mislead a few customers into overpaying for
crap. Your company is just a bankruptcy waiting for a competent
competitor to make it happen.
Our customers seems to be quite satisfied with our system.
And - in difference to you - they actually know the system in question,
so I think they are somewhat better apt to tell whether it is crap or
not.
What bunk, saying the competitor tried 'precicely what I teach' and
thus failed is an obvious attempt to fallaciously discredit my
argument with out actually addressing it. You're a ham fisted shill.
I think that I made it quite clear in my first post that your suggested
strategy indeed may be very valid sometimes. But what I've been pointing
out is that this far from always the case.
Doing the sort of abstraction you suggested is *very* expensive, and
for small companies like ours or our competitor, this a huge enterprise
to take on for systems with over 500 tables and over 3500 stored procedures.
(That data is for our system; Obviously I don't have the data for our
competitor's system, but I do know the business they were targeting.)
--
Erland Sommarskog, SQL Server MVP, so****@algonet.se
Books Online for SQL Server SP3 at http://www.microsoft.com/sql/techinf...2000/books.asp
Erland Sommarskog <so****@algonet.se> wrote in message news:<Xn**********************@127.0.0.1>... Dmytri Kleiner (qu***@syntac.net) writes:
Good thing that you only mislead a few customers into overpaying for
crap. Your company is just a bankruptcy waiting for a competent
competitor to make it happen.
Our customers seems to be quite satisfied with our system.
And - in difference to you - they actually know the system in question,
so I think they are somewhat better apt to tell whether it is crap or
not.
The Application that you wrote I have no reason to doubt is of
sufficient quality to keep your customers satisfied.
Unfortunately you have created unneeded dependencies for them, the
worst of which is not MS SQL, since it is fairly easy to get at data
in MS SQL and archive it or export it in a usefull way, the worst is
that you have tied your customers to a terrible Operating System with
a terrible licence, even Oracle users are not so screwed since at the
very least they have a choice when it comes to OS.
What bunk, saying the competitor tried 'precicely what I teach' and
thus failed is an obvious attempt to fallaciously discredit my
argument with out actually addressing it. You're a ham fisted shill.
I think that I made it quite clear in my first post that your suggested
strategy indeed may be very valid sometimes. But what I've been pointing
out is that this far from always the case.
I would say you made it quite clear that your basic message was that
it would be folly to do what I was suggesting, and that was your whole
purpose in posting, as I said, I can tell this by the obvious
rhetorical devices you used, claiming this unnamed third party did
'precicely what I teach' a wretchedly unlikely and unqualified
generalisation, followed by saying that this, implying that this
_alone_, lead to the failure of their project. This is obvious FUD.
The lack of any other content, or even specifics in your post is the
final damning evidence. As I said, you are a shill, and a ham fisted
one at that.
Doing the sort of abstraction you suggested is *very* expensive,
It is not, as I've said, it can be as simple as writing a wrapper
function around your data access.
Not as expensive as having the system itself obsoleted by an obsoleted
dependency or the inabilty to get support for a dependency due to a
licencing dispute.
But for you, this is probably useless advice, since no doubt not only
have you chosen a SQL server with a bad licence, and an OS with a bad
licence, but no doubt you have also choses a development platform with
a bad licence, let me guess: Visual Basic?
As I said, enjoy your solvency while it lasts.
and
for small companies like ours or our competitor, this a huge enterprise
to take on for systems with over 500 tables and over 3500 stored procedures.
(That data is for our system; Obviously I don't have the data for our
competitor's system, but I do know the business they were targeting.)
All the more reason to protect your investment and that of your
customer by not getting trapped into becoming dependant on a third
party for the continued operation of their own system.
But it's pretty clear that encouraging such pitiable dependencies is
exactly what you are here to do.
Daniel Morgan <da******@x.washington.edu> wrote in message news:<1083695957.163784@yasure>... Sarah Tanembaum wrote:
Beside its an opensource and supported by community, what's the fundamental
differences between PostgreSQL and those high-price commercial database (and
some are bloated such as Oracle) from software giant such as Microsoft SQL
Server, Oracle, and Sybase?
Is PostgreSQL reliable enough to be used for high-end commercial
application? Thanks
PostgreSQL is highly overrated and not suitable for any environment
where little things like crash recovery and security are a priority.
What database does Google use?
Steve
"Quirk" <qu***@syntac.net> schrieb im Newsbeitrag news:4e*************************@posting.google.co m... "Volker Hetzer" <vo***********@ieee.org> wrote in message news:<c7**********@nntp.fujitsu-siemens.com>...
> > > That's not true. > > Yes it is.
> What was the value of this reply?
What was the value of yours? Or this latest one?
A question is not an answer.
And what was your reply?
I asked first.
Yes, you have the right to be overcharged for work that may or may not
not suit your needs by only _one_ vendor, and no right to go elsewhere
when they fail, ignore you outright, stop supporting your application
or vanish from the face of the earth. Have you actually read your
contract or software licence? Of course. See the end of this posting.
It only protects the vendor, not you.
I've read the licence and done even more: I've used the software and tested the contract.
Realy, care to quote the part of the Contract that Gaurantees you any
rights?
http://oracle.com/support/index.html?policies.html
By "tested the contarct" what you mean is you agreed to pay them
completely on their terms and where satisified with the results they
chose to give you.
So, in what way is it different from let's say, buying a cucumber?
Have you tested alternatives?
The other example was buyig gcc support from cygnus.
One bug, never got resolved in one year, consequently
we cancelled support.
> > > The right to modify is a red herring.
> >
> > Not if your application and the permenancy of your data is important. > You didn't read my posting, right?
You are one funny guy. Really. I'll bet you're the first guy in usenet
to ever ask this question rhetoricly. Nice way of avoiding an answer.
Are so so stupid that you actually expect a serious answer that was
obviously a
hostile attempt to insult by way of a rhetorical question?
Ok, so for you explicitly: That was not a rhetorical question. Your response
indicated youy didn't read my posting, or at least not the relevant part, so I
wanted to check whether it was worth posting any more.
I don't *want* to create my own development
> team competing with the original one. I don't want to merge my change back
> into their code with every new release! I don't want to develop code and
> then have them decide whether they condescend to incorporate it or not! I
> want the authors of the software to do the coding based on what I'm willing
> to pay for!
You are dependent on their licence I'm dependent on the author's licence regardless of which database I use.
Yes, which is why you should choose one that give you a perpetual
right to the source code, otherwise you are locked into a dependancy
that may prove fatal to your application.
I start to repeat myself here. The right to the source code does not mean
anything useful, see the part you quoted below.
It's just that some licences give me the illusion of being able to do
something while mainly giving me in reality the ability to shoot myself in
the foot or paying someone else to shoot me in the foot.
Unsubstantiated bunk, if you have the source code, it is not magic to
fix it, or extend it, just normal progamming.
Right. So, if I do CAD programming, why should I learn database programming
only to support a dead database? It's much easier to migrate to another one.
Besides, have you considered that quite a few open source projects get abandoned
because they have become unmaintainable? Anyone remembers hurd? Groff?
What was the last gmake improvement? And if the authors throw up their hands,
what can I do? Ask my boss to form a department for the beating of dead horses?
Simple calling something
an illusion does not explain why you condsider it impossible to
actually change a program. Perhaps you should consider a different
line of work.
Oh, it's pretty easy to change a program. Working through millions
of lines of code and repairing it with less time or money than it would
cost to migrate to another database is the trick. Convincing the customer to
install *my* database version is another, particularly if three or four
developers do this.
because you built your own
application on top of a platform for which you have no source code, Same question: Did you read what I wrote?
A better question: What kind of an idiot are you that, in the face of
good sense, the best you can do is attemp insulting, evasive
rehetoric?
It's not a better question. You keep bringing up that stupid
source code argument totally ignoring the fact that it simply doesn't
work, at least not for the money a normal support contract costs.
And if support doesn't work, I still won't support it on my own.
I don't care about the source code, I care about product and support
quality. And, since I am not the developer of the software, nor is anyone else,
apart from *the* developers,
As I said, my comments where ment *FOR DEVELOPERS* that is those who
are developing *NEW* appliciations, and my advice is simple enough,
despite your contortions: If your application is important to you, do
not engineer a dependency on code you do not have access to.'
Do you develop for platforms other than linux?
anyone else is going to make a worse job than
them. So, I get the best support when I'm paying them and no one else.
More unsubstantiated bunk, first of all, in many cases you can hire
the original developers,
Yeah, exactly. A man year here costs about USD200000,-. A support
contract with oracle costs me about a tenth of that.
And even if I buy some incident based support contract, there is still
no difference from an incident based support contract with oracle.
As long as that guy exists and I can sue him into doing his job I don't
need the source code (he needs) and otherwise I have no one to
replace him.
But thanks for acknowleding that reliable support costs money.
regardless of your right to the source code,
secondly, by hiring the "Copyright Holders" you *ARE NOT NECESSARLIY
HIRING THE DEVELEORS*, who may not even be with the company anymore,
in fact you are often hiring some peon who they scooped of the
consulting market 5 minutes before sending him to your office as an
certified solutions prodiver or whatever idiotic buzzword whey have
for their unskilled labour.
Try it. Besides, remember, the company has an interest in providing
support because they live off it.
And finaly, it is a falalcy to say that someone will do a worse job
simply because they are not the original developer.
So, if I pick some average application programmer off the street,
how long do you think it takes before he can start smoothing
out bugs in the postgres optimizer?
and no right to modify, you then also have no leverage with the vendor
of the orginal software.
You have no rights at all, wether or not you are willing to pay. Read oracles licence some time. There it says very clearly what
you get if you enter a support agreement.
But it stops short of guaranting that your apllication will actualy
work,
Of course they don't offer that. But they offer to put effort
in it. And they are dependent from me for my money.
or that your existing version of the software will be supported.
They provide upgrades and desupport dates. Ok, they do
what I pay for.
In anycase, I am not arguing agianst using Oracle, as I said, if
Oracle suits your needs and you think it's worth the money, use it,
however, my advice is that if you do develop an application, write
your code in such a way that you do not depend on Oracle, but can
easily switch it over the the greatest extent possible.
Why "the greatest extent"? That costs me more time and money
and customers that it's worth. Just look at informix to see how
it goes when a db disappears from the market:
They had a big market share, market share dwindled, they got weak
and sold themselves to ibm because that's better than going bancrupt.
Now IBM handles the migration to db2 and supports me as application
developer in porting my app to db2. This is much better than handing
me the source code and telling me that from now on I have to develop
all the new features and fix bugs on my own or simply buy a new db
and do the migration on my own.
I have no idea why you are insisting on jumping up and down like this
is crazy talk, the only plausible theory is that you get some kind of
thrill out of embarassing yourself.
Where do I jump up and down?
I dunno, because you're culturaly issolated and have a poor
imagination? No, it's because the phrase "elegant coding" is just as empty.
Or as the phrase "the one true god" uttered by people of
different religions.
This is just stupid, elegnt coding is hardly as unatainable an ideal
as you seem to be conviced, in fact in this specific case it's a
simply matter of using a standard wrapper function throughtout your
aplication to access your data rather than using proprietary bindings
throughout your application, if your application is sufficently
complicated, perhaps a data abstaction object might be usefull for
this function, perhaps not, if you use any non standard features of
your database server, then write some additional functions as wrappers
for these. It is anything but rocket science.
So you have defined "elegant" as "abstraction" and expect the rest
of the programmers to agree that that's it?
Thanks for solving that problem for the rest of the world.
For db computing, reducing server load is the important thing.
No, it is not, in most cases CPU is not the most limited resource.
> Interoperability
> typically means primitive, network/db intensive sql. Yup. Which, in a well configured db is CPU load because
caching, indexing and db specific sql takes care of the i/o load.
What about the human and financial load? As in the load on the DBA,
inhouse developers, consulting budgets and application support staff?
The load on the DBA depends on the problems the application makes.
That typical increases if the application ignores load reducing features for the
sake of being generic. This creates an excessive amoung of simple
queries and lots of network traffic. Right now we have huge problems
getting an application to work properly that claims to support mysql and
oracle. They could have done half the app in PL/SQL and saved 90%
of the network and client load.
Also, if the database is not the standard one (because you have
fixed/improved it) I have, at the worst, maintain two independent installations,
at best, two independent update cycles.
Developers are constrained by (among other things) the load they are allowed
to put on the db. That's a business decision.
As for consulting, we pay a flatrate for db support, so we unload as much
of our problems on the oracle people. Works fine.
Ditto for support staff. Our users have oracle, so the more we make the db do
the less problems we have in our own code.
Nevertheless, I concede, it *is* possible to have such a
horribly configured system that i/o load becomes an issue. It's also
possible to have a database that permits so few actions
that the dba can't do anything about a badly written app.
fortunately, oracle is different. No, interoperability means abilty to integrate applications in a
heterogeneus environment. It means standards and flexibilty.
So? What's more "standardised" about mysql's socket interface than
about oracles OCI or ESQL?
Are you having a nightmare in which we are dicussing the various
merits of MySQL versus Oracle? Please follow your own advice and read
this thread again so that you might figure out what is it we are
actually taking about.
We are talking about open source versus commercial databases. I picked
those two as examples because I have worked with both of them.
> > > If it's important it must not matter whether one tries to
> > > access the data from a local or remote machine. > > Interesting that you believe that this can not be accomblished with
> > network security.
> Yes. Now you figure out why.
Because you don't know what you are doing maybe? Wrong. Try again.
The more you talk, the clearer it is how right I was.
Oh wait, you don't
need to, after all, you have decided to pay a vendor to know for you,
I remember now.
Right. The alternative is not paying anyone and trying to figuring out the
source code on my own, right? Or paying someone else who starts
from scratch too?
More straw men and red herrings. If you are a Developer, which is who
my comments are addressed to, it is your responsiblilty to your users
and clients to know how your application works and to be able to
support it without allowing some third party to hold them hostage.
No one holds anyone hostage. I let people do what they are good at.
I'm ok with application programming in the CAD world. Oracle (or
IBM, or microsoft) are good at programming databases. So, I
profit from their expertise by being able to provide a better application
than if I had to do db development (or fixing) as well.
So far no one has complained.
Care to elaborate? An insecure network does not mean that someone can
log on to the database server from anywhere but the console screwed onto
it. And securing the listener (in case of oracle) is part of the database
configuration.
If the above is true, that someone can only access any of the devices
on your Database server via the local console, then your network *IS*
secure
one can of course log on to the database. Via the listener and all the stuff.
In theory from an unsecure network. So, db security is not network security,
because all the stuff of protecting data from different users needs the
cooperation of the database.
This is what I'm trying to say, that network security comes first,
You can have a secure database within an insecure network.
because Database security can only depend on it, not being able to
actualy protect devices, which is the burden on the OS and networking
environment.
The os protects devices, not the network. Or, daring to think the unthinkable,
do you mean that you consider it ok to have database data on nfs mounts?
Once again, It must be assumed that your consternations to contend
this point are some weird form of self-flagilation.
> Right. You show me how do convert VENUS chip designs into Synopsys
> without going into a museom for the original hardware and getting all
> the versions in between.
What does this have to do with "Self Contained, Self Describing, Human
Readable" files that can be read on any system past or present? It has to do with permanency. Try to read what you quote.
What does reading text files have to do with Chip design?
Because some tool will have to parse the text and create the chip out of it.
This tool typically costs in the range of USD100000-200000 for a synopsys
ASIC compiler. You need the same tool because any other tool creates
totally different designs, ignores the original constraints and rules and
uses a different library which may even force a complete redisign.
Compared to that, a database migration is truly a breeze.
I can read
text files I created on my Apple ][, and no, I do not have the orginal
hardware (well maybe my mom does somewhere in her basement).
Not all textfiles are notices for you to read.
Try to avoid making an ass of yourself with further pretentions.
tell me, how much do you know about my
experience, What your arguments tell me.
Which ones? That abstracting access to suspect dependencies is a good
idea?
That elegance is abstraction. That database security is secondary to network security?
Yes. That
one should keep archives in a format that is likely to be readable
forever?
Yes.
Those are the tree main reasons. The fourth one is your persistent
belief that the right to the source code is of value.
All these things come from experience,
So, what migrations have you done so far?
Right now I'm in the process of doing two, one boing our board design
toolchain, with plenty of data translation and the other a business flow app.
So far we've spent at least four man years on the CAD flow and it's far
from over. As for the other, try to imagine having a small busines flow
tool and then introducing SAP companywide.
And we get migration support from the new vendor.
Believe me, a database migration is *EASY* compared to that.
Even if I hardwire OCI calls into my c-code and then switch to
ODBC or something.
your attempt to question my
experience, only show that you are unable to formalute an actual
argument, so you try and discredit the arguer instead of the argument.
I did. You just didn't understand it.
and why do you feel that talking about _me_ is a response
to my argument? Because your argument isn't backed by anything. Give me some
substance and we can talk about it.
Oh please, my argument has been presented well enough, attacking me
just shows you can not defend your own, that is if you actually had
one.
You might have noticed that you got responses from different people
whereas you are the only one who thinks my arguments are rubbish.
Now, statistics is not fact, but it's evidence and should get you thinking.
If my argument was not backed up by anything it would easy enough to
refute it without attempting to insult me,
I don't insult you I'm trying to get through to you.
Reasonable arguments didn't work.
All I've hear so far is the
usual open source rethoric about me or someone else being able
to magically support a product in a few days or weeks after the
original developers have abandoned it, or me.
These must be voices in your head that you are hearing. Since my
argument have been quite clear and even sumerized several times.
Yes. The right to source code balances nonexisting support and
buying support for a open source software (instead of trying to
fix things oneself) is somehow better than doing the same with
commercial software. Did I leave out anything important?
Your arguments amount to the metaphysical belief that only the
copyright holders of your favourite proporiety software know how to
program,
No, that they are the only ones that should be allowed because they
are the only ones that can take responsibility.
that the very concept of good programming is an illussion,
No, it's just that so far no one has found out what it is, because
despite all the attempts software still is not substantially more stable
than software written 30 years ago.
and therfore the only way forward is to make yourself both tehnicaly
and legaly dependent on them as much as possible.
You forget that they depend on me. Namely, on my money.
> If you have the source code, you are the developer, > Wrong. I am the user, t.
Oh, well then I guess we have nothing further to discuss, my comments
here where meant for actual developers. So, oracle people should further develop oracle and mysql people
mysql. Did I get this right?
No, that's not right, that's not even wrong.
So, what is it?
(with applogies to Wolfgang Pauli)
Application developers should avoid locking themselves in to external
dependencies, either by not using products to which they have no right
to the source code, or abstracting access when they do use such
products. Simple.
There it is again, this source code right thingie. And you complain about me
getting rude.
Again: The source code is no guarantee of fixed bugs, much less improvements.
It's not even what I want. I also can go and tinker with the airbag of my car
if I think it's broken, I don't do that either but go to a repair shop.
And if you are worrying about expiring licences, for many products
(purify and our oracle installation spring to mind) you get permanent licences and pay yearly
for support, so I can still use the app when the vendor goes bust.
And before you come again about the source code I can fix and improve,
or pay someone to do it, I won't because that would be wasting company
money and that would be because a migration is cheaper than tinkering with
the old software and it wouldn't lose us customers either because customers
don't like dead software.
When we figured out that our new CAD tool doesn't support oracle 9.2
we gave them a ding behind the ear and, see, the next release, out
in two months supports it and til then we got a workaround.
And having right to the source code does not mean that the program is
'open source,' as you can purchace such a right for propretary code,
as is common for libraries.
And still, if something goes wrong, I file a service request.
And if the company does ceases to offer the product I change company.
Of course, when the program _is_ open source, you are guaranteed that
right.
You have no such right, ever, the only right you _can_ have is the
right to modify it yourself or contract someone to do it. Please read
your licence. "Assistance with my SRs 24 hours per day, 7days a week". Practically I
usually get two or three guys working on a typical SR of mine, depending on
how log it takes. Without a contract I'd get a 'buzz off, I'm doing my exams > this month'.
"Assitance" only means that they will provide someone whose time they
can bill you for,
As I said, we pay a flatrate.
not that anything will be accomplished.
Then they lose money if they don't accomplish anything.
Many large companies, and profesional develpoers provide source
licences and/or support open source products, including the largest
computer company in the world, IBM.
Yep, so I can buy support, mess up the code I've access to and let
IBM sort it out, is this what I get by using a IBM supported mysql?
If not, what's the difference to buying db2 support?
(One thing more: No, if IBM abandons mysql I'm still not taking
on the support task, ok?)
Greetings!
Volker
I noticed that Message-ID:
<6f**************************@posting.google.com > from Steve contained
the following: PostgreSQL is highly overrated and not suitable for any environment
where little things like crash recovery and security are a priority.
What database does Google use?
Google's data is stored in data coops. http://www.google.com/technology/pigeonrank.html
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
"Quirk" <qu***@syntac.net> schrieb im Newsbeitrag news:4e*************************@posting.google.co m... "Volker Hetzer" <vo***********@ieee.org> wrote in message news:<c7**********@nntp.fujitsu-siemens.com>...
"Quirk" <qu***@syntac.net> schrieb im Newsbeitrag news:4e************************@posting.google.com ... ed*****@highstream.net (Edward Lloyd Hillman) wrote in message news:<10*************@news.supernews.com>...
> > You have no such right, ever, the only right you _can_ have is the
> > right to modify it yourself or contract someone to do it. Please read
> > your licence.
>
>
> Got a news flash for ya...
Oh boy, it's Seseme Street News, OK Kermit, keep talking.
> If you have a maintenance contract with a vendor and something of
> theirs' is broken, they must fix it if you need it.
Perhaps, but when the product in question is proprietary you have no
recourse when they fail, because no one else has any right to modify
the source code. I have, at most, the right to sue them,
What cold comfort that is. I would prefer the right to make my
aplication work without their good graces.
Before you consider suing them I suggest you reiview your contact with
an actual lawyer. So you can understand exactly how painted into a
corner you really are.
Look, we've got about 50 people here dealing with
exactly those questions, telling us what contracts to enter and what not.
When we buy support, we *know* what we are in for and when and
what to sue them for and how to deal with them before we sue them.
at least, the right to cancel the
contract which hurts them way more
How can you cancel the contract when your entire application is
dependanton there product? Can you afford to throw away your
application too?
See my other posting. Compared to changing the application (replacing
it with another), changing the underlying database is easy.
than if I go to a postgres developer
and tell him I'm not interested any more. So, unlike open source developers,
they actually have an interest in doing something.
What on earth are you trying to say here? Why is a postgresql
developer any more or less interested in your contarct than one who
pedals proprietary software?
A developer who does not earn mony by it is less interested in providing
work than one who does. Therefore, support contracts make sense.
I was talking about the case where I go to the developer and ask him
to do something for free.
When you have a right to the source code you can sign such a contarct
with any firm you like, and fire their ass and hire another when they
fail. But it doesn't make sense to use any other firm than the guys who wrote it.
Why? What magic powers are possesed by the firm that holds the
copyright? Expcet the power to prevent anyone else from touching or
looking at their code?
They developed it.
See my other postings and the reply about division of labour. You might
also read up on Maos Great Leap Forward and north coreas policy of doing
everything themselves.
You're not seriously trying to draw me into to a discusion on
communist history are you? If so, please go ahead, it may be
intersting. I've been reading the Fabian writing of George Bernard
Shaw recently myself.
Right. Mao wanted every village to be self-reliant and do everything on
their own. I think the best published example was that more or less
every village had its own steel factory, resulting in a very low efficiency
and crap steel. If you read about north corea you will sooner or later
stumble on something similar, called "Juche". A fierce desire to be
independent, an inability to recognize you can't be a specialist of
everything and, consequently, a desaster.
By the way, I am _not_ arguing that one must do everything
themeselves, only that one should not get locked into being dependant
on a single provide.
As I'v said, I'm baffled that this is so controversial that you all
expect me to defend my good name merely for saying it.
I'm not sure what this example is supposed to illustrate. The vendor
failed to fix the bug originaly and ony did so under dures, The point was that contracts work.
It was quite a poorly demonstrated point, as they nearly did and could
well have lost their own customer under the arrangement.
Not "nearly", the legal opinion was correct and therefore the only ones
to worry were the sued ones.
which only
shows how vulnerable you where to begin with, Why was he vulnerable if he had a contract that required the vendor to work?
Because there is no such requirement,
See my other posting.
As the old joke goes: "if this fire alarm fails, and your house burns
down, we will refund the entire purchase price (not including the
battaries)."
OTOH, "if you install this fire alarm, you will pay less insurance on
the house".
if you had the right to
say 'OK, were going to fire you and give someone else the contract'
they would have fixed your bug pronto with no back talk.
No, they wouldn't, because first they would have to understand the code.
Maybe, but in case of open source software they'd say 'Good luck
working into our source code, see you in two years'.
Were do you get this idea? You can contract many companies, large and
small, to support your open source product, the difference being that
you can hire another when when they fail, because you have a right to
the source code, where as you have no recource when the provider has
all the rights.
Like, suse and redhat, each doing their own distributions?
Could you provide a link where IBM actually provides support
for mysql? The only thing I have found is them bragging that MySQL AB
(fully) supports the AIX port, not that IBM supports MySQL.
The only way you can get that kind of support is with a maintance
> contract. With Open Source we'd have had to spend many extra
> man-hours trying to find where the problem was and how to fix it
> without breaking anything else.
Why? You could have the exact same contarct with a vendor supporting
an open source product, Yes, but then it would cost like any other product, right?
Yes, developing applications costs money, it is this investment I am
advising people to protect by not getting locked into third party
dependencies.
I do get locked into a third party dependency, even if I can change
the third party. I agree, on the plus side, I can change support without
changing code, so who actually owns the code and merges the
fixes from the other guy, provided they don't want to keep them themselves
because they want to keep the customers?
or negotiate access to source for the vendors
product, the only difference being that you then have leverage. The access to the source means nothing, see above.
It means everthing.
Why? I can't change it.
It means the difference being being the master of
your applications and contracts or being a slave to a third party
vendor.
He's my slave because I pay him.
Or
failing that, your application could have been designed to to give you
alternatives, Right. And the customer throws away years of experience with one db system
and pulls a finished, reliable and maintainable alternative installation out
of the hat.
Maybe not 'out of the hat' but with less expense and retraining that
having to reprogram the entire application which was programmed with
proprietary bindings everwhere instead of properly abstracted code.
Abstraction can make the job easier, you are right here, but then
changing a database is not that hard too, as long as both are relational ones.
Including people who have been trained on it.
In what way is a change from oracle to db2 easier than a change from
postgresql to mysql?
Well, for one, you would never have to change away from the open
source products because of a dispute with the developer.
Yes, I would. Because I'm not going to maintain my own database
distribution.
But in
anycase, my argument is not, and never was, oracle and db2 versus
postgresql or mysql. But rather for abstraction when you do not have
source code, or sometimes then too.
If I have abstraction it's even less necessary to mess around with
the db because it's easier to change the db.
But you put yourself in a position were you may have been unable you
support your own customer _AT_ALL_ except for the good graces of your
vendor.
Why? He doesn't support the db. The db vendor does that. All he has to do is > to show that it's othe db's fault, at which point
his customer's maintenance contract with the db vendor kicks in. Normal business practice.
Yes, passing the buck is unfortunalty the normal business practice,
however good firms neither do it or put up with it.
And that is why special libraries, databases or servers exist?
I certainly would
not expect my clients or users to be satisfied when I told them, I'm
sorry the application I provided for you doesn't work, but you will
have to discuss this with Larry Ellison. Nor would I be satisfied
giving such an excuse.
It's different for databases.
A) the customer quite often already has a database and expertise
maintaining it. He has an interest not to have another.
B) the customer may trust Larry ellison, or IBM more than me.
C) the customer may want a database that can do more than I could
implement or maintain, like incremental backups, logical/physical
standby databases or security.
Another case where it's different would, for instance be the OS.
How much linux maintenance do you think you can provide,
compared to redhat or suse? Is this really your corebusiness
or area of expertise?
Greetings!
Volker
"Steve" <st**********@yahoo.com> schrieb im Newsbeitrag news:6f**************************@posting.google.c om... Daniel Morgan <da******@x.washington.edu> wrote in message news:<1083695957.163784@yasure>... Sarah Tanembaum wrote:
Beside its an opensource and supported by community, what's the fundamental
differences between PostgreSQL and those high-price commercial database (and
some are bloated such as Oracle) from software giant such as Microsoft SQL
Server, Oracle, and Sybase?
Is PostgreSQL reliable enough to be used for high-end commercial
application? Thanks
PostgreSQL is highly overrated and not suitable for any environment
where little things like crash recovery and security are a priority.
What database does Google use?
They offer jobs maintaining a "Linux cluster consisting of more than 10,000 servers".
I doubt that any single database scales that far.
Lots of Greetings!
Volker
Daniel Morgan <da******@x.washington.edu> wrote in message news:<1084253467.342535@yasure>... Probably. But only right up until it crashed or some cracker tried
to break in. Then it would likely be both as fragile and as transparent
as a sheet of glass.
FUD
"As a cryptography and computer security expert, I have never
understood the current fuss about the open source software movement.
In the cryptography world, we consider open source necessary for good
security; we have for decades. Public security is always more secure
than proprietary security. It's true for cryptographic algorithms,
security protocols, and security source code. For us, open source
isn't just a business model; it's smart engineering practice."
-- Bruce Schneier, Founder and CTO Counterpane Internet Security, Inc.
http://www.schneier.com/crypto-gram-...rceandSecurity
"Microsoft is really good at producing really cool stuff. Security
isn't cool, I want to produce good stuff and customers want dancing
pigs."
-- Carl Ellison, security architect at Microsoft Corp.
http://www.eweek.com/article2/0,1759,1386333,00.asp
Does anyone really believe that if SAP and PeopleSoft could make as
much or more money writing their products to work against these
products they wouldn't?
SAP does:
http://www.mysql.com/news-and-events...e_2003_16.html
Does anyone really believe that CFOs and CIOs,
looking at their budgets, wouldn't be running to these products en-mass?
They are. http://www.dwheeler.com/oss_fs_why.html
"Volker Hetzer" <vo***********@ieee.org> wrote in message news:<c7**********@nntp.fujitsu-siemens.com>... What cold comfort that is. I would prefer the right to make my
aplication work without their good graces.
Before you consider suing them I suggest you reiview your contact with
an actual lawyer. So you can understand exactly how painted into a
corner you really are.
Look, we've got about 50 people here dealing with
exactly those questions, telling us what contracts to enter and what not.
When we buy support, we *know* what we are in for and when and
what to sue them for and how to deal with them before we sue them.
Your argument, as usual, is that I should just believe you, not
because you have explained yourself, but just because you *know*.
Wether you have 50 people or 100 people 'around there', the fact
remains that it is very unlikely that your investment can be saved by
a lawsuit, for every 50 you have, Oracle has more. And if you do have
more legal might than Oracle, you are the exception, not the rule.
For most organisations, sueng Oracle, or anyother major corporation is
simply not an option.
My orignal comments still hold true, the right to sue is cold comfort,
the right to pick up your pieces and try somewhere else, keeping your
application in tact as much as possible, is better.
at least, the right to cancel the
contract which hurts them way more
How can you cancel the contract when your entire application is
dependanton there product? Can you afford to throw away your
application too?
See my other posting. Compared to changing the application (replacing
it with another), changing the underlying database is easy.
Even easier if you have abstracted your data access with a simple
function, and then used that function throught your application. I
have no idea why you find this so hard to believe.
And for what purposes are you bringing up changing the application?
How is this comparison relevent? I am trying to explain how to protect
your investment in your application; to change it as little as
possible.
You make so little sence I wonder what is motivating you to carry on.
Abstraction of your database access is a good idea. Why are you so
hell bent to dispute this.
than if I go to a postgres developer
and tell him I'm not interested any more. So, unlike open source developers,
they actually have an interest in doing something.
What on earth are you trying to say here? Why is a postgresql
developer any more or less interested in your contarct than one who
pedals proprietary software?
A developer who does not earn mony by it is less interested in providing
work than one who does.
Why would anyone provide work for you without earning money? Geez, I
feel like I should be earning a paycheque just for talking to you.
As I've said, their are many profesional developers who provide
support for open source products, or provide source licences for their
own.
Therefore, support contracts make sense.
Of course they do.
They make even more sence if you are not locked in to a single source.
I was talking about the case where I go to the developer and ask him
to do something for free.
Why would anybody do work fo you for free? Are you a charity of some
sort?
Why? What magic powers are possesed by the firm that holds the
copyright? Expcet the power to prevent anyone else from touching or
looking at their code?
They developed it.
Not necessarily, they merely own the copyright. And even so, that
still does not mean that somebody else can't modify it, and do so
well, sometimes even better than the original developers.
See my other postings and the reply about division of labour. You might
also read up on Maos Great Leap Forward and north coreas policy of doing
everything themselves.
You're not seriously trying to draw me into to a discusion on
communist history are you? If so, please go ahead, it may be
intersting. I've been reading the Fabian writing of George Bernard
Shaw recently myself.
Right. Mao wanted every village to be self-reliant and do everything on
their own. I think the best published example was that more or less
every village had its own steel factory, resulting in a very low efficiency
and crap steel. If you read about north corea you will sooner or later
stumble on something similar, called "Juche". A fierce desire to be
independent, an inability to recognize you can't be a specialist of
everything and, consequently, a desaster.
And the relevance of this is....?
By the way, I am _not_ arguing that one must do everything
themeselves, only that one should not get locked into being dependant
on a single provide.
As I'v said, I'm baffled that this is so controversial that you all
expect me to defend my good name merely for saying it.
> I'm not sure what this example is supposed to illustrate. The vendor
> failed to fix the bug originaly and ony did so under dures, The point was that contracts work.
It was quite a poorly demonstrated point, as they nearly did and could
well have lost their own customer under the arrangement.
Not "nearly", the legal opinion was correct and therefore the only ones
to worry were the sued ones.
If it did come to a dispute, they could not have supported there own
application, they where exclusively dependendant on an outside firm.
> which only
> shows how vulnerable you where to begin with,
Why was he vulnerable if he had a contract that required the vendor to > > > > work?
Because he had no right to go elsewhere if the vendor failed to
deliver.
As the old joke goes: "if this fire alarm fails, and your house burns
down, we will refund the entire purchase price (not including the
battaries)."
OTOH, "if you install this fire alarm, you will pay less insurance on
the house".
Relevence? What insurance is provided in the case here?
Fire insurance you can buy, I have never heard of application
obsoletion insurance.
The original point being, you can not recoup your own investment, just
the purchace price.
> if you had the right to
> say 'OK, were going to fire you and give someone else the contract'
> they would have fixed your bug pronto with no back talk.
No, they wouldn't, because first they would have to understand the code.
If they where a credible provider of support and development for this
particular product, they would certainly understand the code.
Maybe, but in case of open source software they'd say 'Good luck
working into our source code, see you in two years'.
Were do you get this idea? You can contract many companies, large and
small, to support your open source product, the difference being that
you can hire another when when they fail, because you have a right to
the source code, where as you have no recource when the provider has
all the rights.
Like, suse and redhat, each doing their own distributions?
Huh? No, like a competent development comany providing devlopment
services, exactly like Oracle does, but without trapping you into a
sole source situation.
Could you provide a link where IBM actually provides support
for mysql? The only thing I have found is them bragging that MySQL AB
(fully) supports the AIX port, not that IBM supports MySQL.
Your question is yet another fallacy, since you are responding to a
general statement, that many large companies, including IBM, support
open source applications or provide source licences for there own
applications, but if you really want to hire IBM to support your
MySQL implemtation, you can, I would recomend you try MySQL AB first
though.
IBM Application development and systems integration
http://www-1.ibm.com/services/us/ind...t/bcs/a1000402
Yes, developing applications costs money, it is this investment I am
advising people to protect by not getting locked into third party
dependencies.
I do get locked into a third party dependency, even if I can change
the third party.
If you can change it, you are not 'locked in.'
I agree, on the plus side, I can change support without
changing code, so who actually owns the code and merges the
fixes from the other guy, provided they don't want to keep them themselves
because they want to keep the customers?
All these question depend on the case, and have nothing to do with the
topic, if you have a right to the source you are safer that if you do
not, if you have abstracted your access you are safer still. What is
it you can not understand?
This conversation is becoming surreal.
> or negotiate access to source for the vendors
> product, the only difference being that you then have leverage. The access to the source means nothing, see above.
It means everthing.
Why? I can't change it.
You have the *right* to use it and have it changed for ever and ever,
not only by the permission of some outside company.
It means the difference being being the master of
your applications and contracts or being a slave to a third party
vendor.
He's my slave because I pay him.
No, he can simply ignore you if he decides the relationship is no
longer profitable for him. You can do nothing.
Maybe not 'out of the hat' but with less expense and retraining that
having to reprogram the entire application which was programmed with
proprietary bindings everwhere instead of properly abstracted code.
Abstraction can make the job easier, you are right here, but then
changing a database is not that hard too, as long as both are relational
ones.
That's all I'm saying, Abstraction is a good idea. I was giving some
simple, good advice. What are you saying?
Including people who have been trained on it.
In what way is a change from oracle to db2 easier than a change from
postgresql to mysql?
Well, for one, you would never have to change away from the open
source products because of a dispute with the developer.
Yes, I would. Because I'm not going to maintain my own database
distribution.
Nobody asked you to. You have the right to use the product and never
talk to the developer if you like. You don't need to change it to
enjoy the rights that source code gives, that is the right to use the
product for ever, and even have it changed *if you need to*
My advice is to abstract when you have no source code, and perhaps
even then, I have repeated this many times and am not sure what you
are even disputing.
But in
anycase, my argument is not, and never was, oracle and db2 versus
postgresql or mysql. But rather for abstraction when you do not have
source code, or sometimes then too.
If I have abstraction it's even less necessary to mess around with
the db because it's easier to change the db.
Yes, that's why I am *recomending* abstraction. Are you just typing
compulsively at this point?
I certainly would
not expect my clients or users to be satisfied when I told them, I'm
sorry the application I provided for you doesn't work, but you will
have to discuss this with Larry Ellison. Nor would I be satisfied
giving such an excuse.
It's different for databases.
A) the customer quite often already has a database and expertise
maintaining it. He has an interest not to have another.
Abstaction means your application can run for different clients with
different databases then. double plus good.
However if your application is tied to one database, then the very
client you are describing is the very client that you will not get if
they use a different database from yours.
B) the customer may trust Larry ellison, or IBM more than me.
But if they only sent there money to Lary because they purchaced your,
unabstracted application, they would be pissed off when it did not
work, and you blamed it on Larry.
C) the customer may want a database that can do more than I could
implement or maintain, like incremental backups, logical/physical
standby databases or security.
Exactly, so how are you going to accomplish this with your
unabstracted application? Do you even remember what side of this
debate you are on?
Another case where it's different would, for instance be the OS.
How much linux maintenance do you think you can provide,
compared to redhat or suse? Is this really your corebusiness
or area of expertise?
Why do I have to? Since I can hire one of a million support providers
for any OS, however for OSes without source, they can't do much when
the problem is with the OS itself. Same with the database.
Again, my argument summerized for the millionth time: If you have no
source Abstract access for sure, and it's also a good idea to abstract
access even if you do. I'm baffled how you've turned this into such a
long conversation.
Dmytri Kleiner (qu***@syntac.net) writes: The Application that you wrote I have no reason to doubt is of
sufficient quality to keep your customers satisfied.
Unfortunately you have created unneeded dependencies for them, the
worst of which is not MS SQL, since it is fairly easy to get at data
in MS SQL and archive it or export it in a usefull way, the worst is
that you have tied your customers to a terrible Operating System with
a terrible licence, even Oracle users are not so screwed since at the
very least they have a choice when it comes to OS.
The fact that you may found Windows a terrible operation system is
of course completely irrelvant to the discussion.
If it wasn't clear: we offer our customers a product, and they are not
only tied to the DBMS and operating system, they are just as well tied
to our product. They can still change a competing system, and this
has happened, for instance in conjunctions with mergers. (In which case
it is more an issue of politicis and which company that buys which
that determines which system they go for, than the technical qualities
of the respective systems.) Converting data from one system to another
is of course a major task.
As for the platform, the customers knows what they get when they buy
our system. If they don't accept Windows, they are not likely to go
for us either.
I would say you made it quite clear that your basic message was that
it would be folly to do what I was suggesting,
Yes, it would be a folly to do so out of principle always. Sometimes
it may be necessary, sometimes you are better off tying yourself to
one single platform.
It is not, as I've said, it can be as simple as writing a wrapper
function around your data access.
Yes, if you build your system with all logic in a middle layer. Which
often can result in serious performance problems, because a lot of
data has to travel forth and back over the network. We have a lot of
the business logic in stored procedures, and we have also found that
this works best.
Not as expensive as having the system itself obsoleted by an obsoleted
dependency or the inabilty to get support for a dependency due to a
licencing dispute.
Well, my company has worked this system since 1992, and nothing close
to that has happened yet.
--
Erland Sommarskog, SQL Server MVP, so****@algonet.se
Books Online for SQL Server SP3 at http://www.microsoft.com/sql/techinf...2000/books.asp qu***@syntac.net (Quirk) wrote in message news:<4e*************************@posting.google.c om>... "Volker Hetzer" <vo***********@ieee.org> wrote in message news:<c7**********@nntp.fujitsu-siemens.com>...
Yes, you have the right to be overcharged for work that may or may not
not suit your needs by only _one_ vendor, and no right to go elsewhere
when they fail, ignore you outright, stop supporting your application
or vanish from the face of the earth. Have you actually read your
contract or software licence?
Of course. See the end of this posting.
It only protects the vendor, not you.
I've read the licence and done even more: I've used the software and tested the contract.
Realy, care to quote the part of the Contract that Gaurantees you any
rights?
Instead, what you will find is that the contracts insists that the
Software is not gauranteed to be usefull for any particilar purpose,
and that they deny all responsibilitty for it to the extent possible
by law.
By "tested the contarct" what you mean is you agreed to pay them
completely on their terms and where satisified with the results they
chose to give you.
Have you tested alternatives?
....
> I don't *want* to create my own development
> team competing with the original one. I don't want to merge my change back
> into their code with every new release! I don't want to develop code and
> then have them decide whether they condescend to incorporate it or not! I
> want the authors of the software to do the coding based on what I'm willing
> to pay for!
You are dependent on their licence I'm dependent on the author's licence regardless of which database I use.
Yes, which is why you should choose one that give you a perpetual
right to the source code, otherwise you are locked into a dependancy
that may prove fatal to your application.
It's just that some licences give me the illusion of being able to do
something while mainly giving me in reality the ability to shoot myself in
the foot or paying someone else to shoot me in the foot.
Unsubstantiated bunk, if you have the source code, it is not magic to
fix it, or extend it, just normal progamming. Simple calling something
an illusion does not explain why you condsider it impossible to
actually change a program. Perhaps you should consider a different
line of work.
As someone who has profited greatly from this, I must point out that
he is correct. I've profited both from the fact that during and after
the lawsuit there is a great, _and artificially created_, shortage of
technical talent, and the fact that companies will indeed shoot
themselves in the foot by automating existing processes rather than
reengineering them, if having the source code allows them to do so.
And when it gets obsolete and no young 'uns want to deal with it,
that's when the big bucks begin.
....
As I said, my comments where ment *FOR DEVELOPERS* that is those who
are developing *NEW* appliciations, and my advice is simple enough,
despite your contortions: If your application is important to you, do
not engineer a dependency on code you do not have access to.
New or old, they get old or they die horribly. Until there is some
desire in the industry for stability over time, this is a red herring.
anyone else is going to make a worse job than
them. So, I get the best support when I'm paying them and no one else.
More unsubstantiated bunk, first of all, in many cases you can hire
the original developers, regardless of your right to the source code,
secondly, by hiring the "Copyright Holders" you *ARE NOT NECESSARLIY
HIRING THE DEVELEORS*, who may not even be with the company anymore,
in fact you are often hiring some peon who they scooped of the
consulting market 5 minutes before sending him to your office as an
certified solutions prodiver or whatever idiotic buzzword whey have
for their unskilled labour.
Make buckets o' cash following them, too.
And finaly, it is a falalcy to say that someone will do a worse job
simply because they are not the original developer.
Not necessarily. I've seen plenty of "design drift," especially over
time when the newbies may not have the context of the original
developers, and the managers feel the need to compete with completely
different things from competitors. There is also the classic case of
developers going from place to place because they are only interested
in new stuff, so follow-on developers miss a lot of the organizational
wisdom.
....
In anycase, I am not arguing agianst using Oracle, as I said, if
Oracle suits your needs and you think it's worth the money, use it,
however, my advice is that if you do develop an application, write
your code in such a way that you do not depend on Oracle, but can
easily switch it over the the greatest extent possible.
Well, this is double-edged. As someone who has spent a great deal of
the last couple of decades dealing with heterogenousity, I can state
with some confidence that the lowest-common-denominator approach will
make it very easy for the competition to eat your lunch after you've
created their market. I think SAP has seen this and that is why they
are so hot on controlling mysql, and I think Oracle has seen this and
that is why they are so hot on controlling peoplesoft (they scheduled
the court date for September IIRC?), and I think MS has seen this, and
I think everyone else has seen that MS has seen this, and all the low
to midrange enterprise app competition are already going under. Niche
markets excepted, but perhaps even more sensitive to LCD.
....
This is just stupid, elegnt coding is hardly as unatainable an ideal
as you seem to be conviced, in fact in this specific case it's a
simply matter of using a standard wrapper function throughtout your
aplication to access your data rather than using proprietary bindings
throughout your application, if your application is sufficently
complicated, perhaps a data abstaction object might be usefull for
this function, perhaps not, if you use any non standard features of
your database server, then write some additional functions as wrappers
for these. It is anything but rocket science.
If you use non-standard features, your wrapper has to emulate it for
those db's that don't have it. This may well be rocket science you
are reinventing. I've seen it be a problem over and over.
.... > If you have the source code, you are the developer, Wrong. I am the user, t.
Oh, well then I guess we have nothing further to discuss, my comments
here where meant for actual developers.
So, oracle people should further develop oracle and mysql people
mysql. Did I get this right?
No, that's not right, that's not even wrong.
(with applogies to Wolfgang Pauli)
Application developers should avoid locking themselves in to external
dependencies, either by not using products to which they have no right
to the source code, or abstracting access when they do use such
products. Simple.
And having right to the source code does not mean that the program is
'open source,' as you can purchace such a right for propretary code,
as is common for libraries.
Of course, when the program _is_ open source, you are guaranteed that
right.
OK, give me the source to the Redhat 5 tape driver.
....
"Assistance with my SRs 24 hours per day, 7days a week". Practically I
usually get two or three guys working on a typical SR of mine, depending on
how log it takes. Without a contract I'd get a 'buzz off, I'm doing my exams > this month'.
ROTFL!
"Assitance" only means that they will provide someone whose time they
can bill you for, not that anything will be accomplished. And you
discredit yourself by attemping the fallacy that the only way to have
access to an applications source code is to hire some one who is doing
exams. Many large companies, and profesional develpoers provide source
licences and/or support open source products, including the largest
computer company in the world, IBM.
It's so funny, because I've heard it. And at one time, I almost
actually said it. I did once say something like "I'm not coming in
while my wife is having a baby merely because your 'lead dba' can't
follow instructions to load a test database."
jg
--
@home.com is bogus.
I change my vote, unmoderated is more fun: http://groups.google.com/groups?selm...&output=gplain
"Volker Hetzer" <vo***********@ieee.org> wrote in message news:<c7**********@nntp.fujitsu-siemens.com>... And what was your reply?
I asked first.
Is this grade school?
Realy, care to quote the part of the Contract that Gaurantees you any
rights?
http://oracle.com/support/index.html?policies.html
I asked you to QUOTE the part of the Contract that Guarantees you any
rights, not post a link to a description of support options and what
they cost.
And even so, if you bother to read that page you would have noticed
that it is mostly about protecting Oracle's rights from you, not
granting you any.
For example:
"Oracle may provide additional releases or versions of its programs
in the form of an Update as part of our technical support services. It
may become necessary as a part of Oracle's product lifecycle to
desupport the programs and, therefore, Oracle reserves the right to
desupport its programs."
What do think "Desupport its progams" means?
By "tested the contarct" what you mean is you agreed to pay them
completely on their terms and where satisified with the results they
chose to give you.
So, in what way is it different from let's say, buying a cucumber?
If my application required a cucumber, I wouldn't sign a deal with a
cucumber vendor that insisted I could only buy cucumbers from them,
for ever, even if their cucumbers no longer work for me, while they
could stop providing cucumbers any time they feel like it and still
forbid me to use my own, proprietary cucumber dependant, application.
I would, at least, make my application work with any cucumber.
This converation has gotten ridiculous, can it be that you really
don't know the difference between a cucumber and an application
dependency?
Have you tested alternatives?
The other example was buyig gcc support from cygnus.
One bug, never got resolved in one year, consequently
we cancelled support.
Yet in this case, you could have purchaced gcc support from another
company, however, without source, you would not have this option.
Are so so stupid that you actually expect a serious answer that was
obviously a
hostile attempt to insult by way of a rhetorical question?
Ok, so for you explicitly: That was not a rhetorical question. Your response
indicated youy didn't read my posting, or at least not the relevant part, so > I wanted to check whether it was worth posting any more.
What nonsence, please demonstrate this by comparison, I have clearly
responded to all your arguments, regardless of how little sense they
made.
You attempt empty rhetoric exactly because you have no real argument.
Worth posting what? Your great advice that developers should *NOT*
abstract their code?
I start to repeat myself here.
Too bad you have no actual argument to repeat, you are merely
repeating your empty rhetoric and unsubstantiated bunk.
The right to the source code does not mean
anything useful, see the part you quoted below.
Yes it does, it's too bad you don't understand it.
If I have the source code, I know I can relly on a product for ever,
and never talk to the original developer again if I so chose. Withouth
source, the developer holds all the cards.
Let's take a simple case, say you hired a consultant to write you a
simple
application, say a specialized contact manager.
When the project was over, would you let the consultant leave your
office, only turning over a compiled binary of the application? Or
would you insist that he provide the source?
Unsubstantiated bunk, if you have the source code, it is not magic to
fix it, or extend it, just normal progamming.
Right. So, if I do CAD programming, why should I learn database programming
only to support a dead database? It's much easier to migrate to another one.
Why are you struggling so hard with such simple logic?
- If a Dead Database means your application is also dead, if
migration is impossible; having source code can save the day.
- If migration is possible, migrating is easier with abstraction.
- If you have source *AND* you have abstracted, whoa nelly, you are
in *really* good shape.
- If your data is archived in a self contained, self describing,
human readable format, why, you are all but invincable.
Thus my advice.
Besides, have you considered that quite a few open source projects get abandoned
because they have become unmaintainable?
And closed-source applications have never been abondoned???
Another simple question: If your application is abandoned, are you in
better shape with, or without source code?
Anyone remembers hurd? Groff?
Yeah, what about them?
What was the last gmake improvement? And if the authors throw up their hands,
what can I do? Ask my boss to form a department for the beating of dead
horses?
If you are dependent on them, at least you always have the source code
and can thus continue to use the product, even have it modified if you
need to.
If, however, you are dependent on a closed-source dead horse, well,
you are horse-shit out of luck.
Simple calling something
an illusion does not explain why you condsider it impossible to
actually change a program. Perhaps you should consider a different
line of work.
Oh, it's pretty easy to change a program. Working through millions
of lines of code and repairing it with less time or money than it would
cost to migrate to another database is the trick.
Reminder: I am an the one advocating Abstraction, which would make it
easier to migrate to another database. What the hell are you talking
about?
And If, for some reason, you *must* repair the database, say the bug
is simple and is easier to fix than to migrate a large working
implemtation, at least with the source, you can, without the source
you can not.
Convincing the customer to
install *my* database version is another, particularly if three or four
developers do this.
Leaving the customer stranded because your application is hosed by an
obsoleted dependency is even a harder sell.
Same question: Did you read what I wrote?
A better question: What kind of an idiot are you that, in the face of
good sense, the best you can do is attemp insulting, evasive
rehetoric?
It's not a better question. You keep bringing up that stupid
source code argument totally ignoring the fact that it simply doesn't
work, at least not for the money a normal support contract costs.
You keep basing your entire argument on nonsencical out-of-hand
dismissals, like 'it simply doesn't work.'
It does work, let me let you into a little secret: programmers modify
source code, that's how programs are made and fixed. Without source
code you can not fix a program.
And if support doesn't work, I still won't support it on my own.
You can do what you want, my advice is just that, advice, many people
are in different situtations from you, and have a different point of
view.
As I said, my comments where ment *FOR DEVELOPERS* that is those who
are developing *NEW* appliciations, and my advice is simple enough,
despite your contortions: If your application is important to you, do
not engineer a dependency on code you do not have access to.'
Do you develop for platforms other than linux?
Yes, I have and do develop for many platforms, but *I* am not the
topic of this thread, despite your desperation. Once again, you only
attack the arguer because you have no argument.
The assertion you quote remains true, and your response, as usual, is
not a response at all.
More unsubstantiated bunk, first of all, in many cases you can hire
the original developers,
Yeah, exactly. A man year here costs about USD200000,-. A support
contract with oracle costs me about a tenth of that.
In many cases you can aquire a support contract from corporations that
have the original developers working for them.
And even if I buy some incident based support contract, there is still
no difference from an incident based support contract with oracle.
Yes there is, since you value the original developers so highly, we'll
try this example.
The best original developer of Oracle, the one with the greatest
knowledge of the system and code, quits Oracle and goes to work for
Databases-R-Us, since you have no source, you must continue to deal
with Oracle, the copyright holder, and can not hire Databases-R-Us,
who employ the developer.
The best original developer of MySQL, the one with the greatest
knowledge of the system and code, quits MySQL AB and goes to work for
Databases-R-Us, since you do have source, you no longer need to deal
with MySQL AB, the copyright holder, and can instead, choose
Databases-R-Us, who employ the developer.
Just one simple example of how having the source gives you more
freedom, and how the developer and the copyright holder are not the
exact same thing, to say nothing of the support peon they actually let
you talk to.
As long as that guy exists and I can sue him into doing his job I don't
need the source code (he needs) and otherwise I have no one to
replace him.
Suing him is a red herring. You applicaion is not powered by law
suits, but rather by compiled source code.
But thanks for acknowleding that reliable support costs money.
If stating the obvious is somehow of help to you, you're welcome.
regardless of your right to the source code,
secondly, by hiring the "Copyright Holders" you *ARE NOT NECESSARLIY
HIRING THE DEVELEORS*, who may not even be with the company anymore,
in fact you are often hiring some peon who they scooped of the
consulting market 5 minutes before sending him to your office as an
certified solutions prodiver or whatever idiotic buzzword whey have
for their unskilled labour.
Try it.
Try what? The paragraph you are quoting explains the difference
between original developer and copyright holder, what are you
suggesting I try?
Besides, remember, the company has an interest in providing
support because they live off it.
They also have an interest in dumping relationships that are no longer
profitable, and may not be interested in your obscure problem or
implemention, but rather more interested in selling you (or someone
else) something new.
Other organisations may be quite interested in helping you, but are
unable to because you have no source code for them to fix.
And finaly, it is a falalcy to say that someone will do a worse job
simply because they are not the original developer.
So, if I pick some average application programmer off the street,
how long do you think it takes before he can start smoothing
out bugs in the postgres optimizer?
I would not recomed you 'pick some average application programmer off
the street' if you want to sort a bug in the postgres optimizer.
Many developers could do whatever you want, for instance: PostgreSQL,
Inc (not to be confused with PostgreSQL Org), Cybertec Geschwinde &
Schoenig, NuSphere, or many others which know the system well.
However when Oracle lets you talk to a programmer, that is just who
they let you talk to, some average programmer they picked off the
street, the good programmers in their organisations to not work in the
support department, but rather on new features for new versions and
products to sell.
But it stops short of guaranting that your apllication will actualy
work,
Of course they don't offer that. But they offer to put effort
in it.
Only as long as it is profitable for them and no more, then you get
'Desupported'
And they are dependent from me for my money.
Just you?
or that your existing version of the software will be supported.
They provide upgrades and desupport dates. Ok, they do
what I pay for.
Only as long as you pay, and only on their terms, if you have source,
you need not change a working system just because it is not supported
by Oracle anymore.
In anycase, I am not arguing agianst using Oracle, as I said, if
Oracle suits your needs and you think it's worth the money, use it,
however, my advice is that if you do develop an application, write
your code in such a way that you do not depend on Oracle, but can
easily switch it over the the greatest extent possible.
Why "the greatest extent"? That costs me more time and money
and customers that it's worth.
Because it will save you time and money in the long run in many cases,
but it is, like everything else a case by case call, I was not trying
to make design decisions for you or anybody else, just giving some
advice, good advice, I have no idea what you are trying to do other
than be a crank.
Just look at informix to see how
it goes when a db disappears from the market:
They had a big market share, market share dwindled, they got weak
and sold themselves to ibm because that's better than going bancrupt.
Now IBM handles the migration to db2 and supports me as application
developer in porting my app to db2. This is much better than handing
me the source code and telling me that from now on I have to develop
all the new features and fix bugs on my own or simply buy a new db
and do the migration on my own.
Or instead of IBM they could have been bought by CA, and fucked up
royaly. Or just been allowed to disapear. Again, you are depending on
good luck and good graces, if you have source, you know for sure, but
as I've said many times, it's even better to have an abstracted
application.
And by the way, don't think that IBM is above squeezing these newly
aquired hostages for every penny they are worth, and tosing aside the
ones who helping would not be profitable. You dont become a 100
billion dollar company by being stupid.
I have no idea why you are insisting on jumping up and down like this
is crazy talk, the only plausible theory is that you get some kind of
thrill out of embarassing yourself.
Where do I jump up and down?
When you stoop to making ridiculous, incoherent, awkward streches of
logic to keep this conversation going on and on in the face of clearly
explained, good advice.
This is just stupid, elegnt coding is hardly as unatainable an ideal
as you seem to be conviced, in fact in this specific case it's a
simply matter of using a standard wrapper function throughtout your
aplication to access your data rather than using proprietary bindings
throughout your application, if your application is sufficently
complicated, perhaps a data abstaction object might be usefull for
this function, perhaps not, if you use any non standard features of
your database server, then write some additional functions as wrappers
for these. It is anything but rocket science.
So you have defined "elegant" as "abstraction" and expect the rest
of the programmers to agree that that's it?
Thanks for solving that problem for the rest of the world.
Se here is a good example of your jumping up and down waving around a
fallacy a s if it was a point.
I did no such thing, I only explain what an elegent solution might be
//in this specific case// just as it says.
I never claimed to solve the general problem of elegent coding for the
rest world, this is just you wildly contorting yet again.
What about the human and financial load? As in the load on the DBA,
inhouse developers, consulting budgets and application support staff?
The load on the DBA depends on the problems the application makes.
That typical increases if the application ignores load reducing features for > the sake of being generic
And so does constantly changing everything to support differnet
databases when he finds your unabstarcted application does not use the
database that all his other applications do.
This creates an excessive amoung of simple
queries and lots of network traffic. Right now we have huge problems
getting an application to work properly that claims to support mysql and
oracle.
There are bad application out there, including ones that are
Abstracted, and ones that are not.
They could have done half the app in PL/SQL and saved 90%
of the network and client load.
And locked themselves out of the portion of the market which does not
use PL/SQL, but rather something else, or simply does not want to
bear the cost that using PL/SQL adds to the product not only on
implementation, but also in anual licencing and support costs.
Also, if the database is not the standard one (because you have
fixed/improved it) I have, at the worst, maintain two independent
installations,
No, you only have to maintain the one you actuall have in production.
As for consulting, we pay a flatrate for db support, so we unload as much
of our problems on the oracle people. Works fine.
Just because it works fine sometimes, in some cases, does not mean
that it works fine in all cases, my advice was generic, I am not
anti-Oracle.
In most cases it does not make sence to build your application to
depend on Oracle, or any thing else, exclusively. However there are
certainly worse products to be dependant on, MS SQL for example.
Ditto for support staff. Our users have oracle, so the more we make the db do
the less problems we have in our own code.
Your specific case is not neccesarily the general or even common case.
Are you having a nightmare in which we are dicussing the various
merits of MySQL versus Oracle? Please follow your own advice and read
this thread again so that you might figure out what is it we are
actually taking about.
We are talking about open source versus commercial databases.
Again, if by 'We' you mean some imaginary person the rest of can't see
or hear, please ignore my intrusion, however if you mean You and I, we
are not.
We are talking about two different things, the advantages of source,
and the advangates of abstarction of access, I have made no comments
in this thread regarding commercial versus open source databases
except to agree that the commercial ones _do_ have more features, that
alone however does not always
make them the best choice.
I picked
those two as examples because I have worked with both of them.
Great, sadly however, not relevent.
* More straw men and red herrings. If you are a Developer, which is who
my comments are addressed to, it is your responsiblilty to your users
and clients to know how your application works and to be able to
support it without allowing some third party to hold them hostage.
No one holds anyone hostage. I let people do what they are good at.
I'm ok with application programming in the CAD world. Oracle (or
IBM, or microsoft) are good at programming databases. So, I
profit from their expertise by being able to provide a better application
than if I had to do db development (or fixing) as well.
However, a closed source contract is designed to hold you hostage, and
to keep competitors away.
So far no one has complained.
No one you know is not no one.
because Database security can only depend on it, not being able to
actualy protect devices, which is the burden on the OS and networking
environment.
The os protects devices, not the network. Or, daring to think the
unthinkable,
The OS is a part of Network security, what manages user priviledges?
The Switch? What controls device permissions? Your ethernet cables?
Your network security is a product of the collection of OSes that make
up the nodes of your network. And the network is exactly as secure as
the weakest node.
do you mean that you consider it ok to have database data on nfs mounts?
See, you have just provided an example of how bad network security can
undermine good database security, there are plenty of others as well.
My point, once again, is that you can only have Database security,
*IF* you have a secure network, which means that the nodes on it are
secure.
What does reading text files have to do with Chip design?
Because some tool will have to parse the text and create the chip out of it.
Yes, that tool being the Application, the very thing following my
advice will help you protect. Also, not all data is about creating
chips, in many cases the data is the purpose of the appliction, and
can outlive it, sometimes it must, by law, be accessible for a really
really long time, like in the case of public data, as I said. In this
case in particular, keeping your data in a self contained, self
describing, human readable file format is good sence. That is why
things like XML and dublin core get invented.
It's unfortunate that you can not see the value of something simply
because you it is not needed for your specific application, and waste
my time and yours trying to convice me that because you do not need
it, I shouldn't recomend it to anyone, and by doing so I prove that I
am inexperienced, however many years of experience I may or may not
have.
This tool typically costs in the range of USD100000-200000 for a synopsys
ASIC compiler. You need the same tool because any other tool creates
totally different designs, ignores the original constraints and rules and
uses a different library which may even force a complete redisign.
Compared to that, a database migration is truly a breeze.
Then your data does not have a long life span, so why are you
presenting it as an argument, when my advice was specificly qualified
to "ensure the perminancy and portabilty of your important data?"
If your data does not need to be either perment nor portable, why are
you discussing this, do you really imagine that because you data does
not need to be permenent or portable, that therefore no data needs to
be?
I can read
text files I created on my Apple ][, and no, I do not have the orginal
hardware (well maybe my mom does somewhere in her basement).
Not all textfiles are notices for you to read.
Yet some are, and for this data my advice holds true, I have never
implied that all data must be kept accessable forever, rather advising
on what to consider when it does.
Which ones? That abstracting access to suspect dependencies is a good
idea?
That elegance is abstraction.
The quote says "That abstracting access to suspect dependencies is a
good idea" not "elegance is abstraction"
Here you are jumping up and down again.
That database security is secondary to network security?
Yes.
It is, if you ask a security expert you will find they agree with me.
That
one should keep archives in a format that is likely to be readable
forever?
Yes.
Instead, archives should be kept in a format that can not be readable
forever? What do you think archives are for? I don't mean simple
backups.
Those are the tree main reasons. The fourth one is your persistent
belief that the right to the source code is of value.
The right to source code is very much of value in many cases, even if
it's not of value to you.
You still have demonstrated nothing about my experience, which you
still know nothing about. And your insisting on having pretentions of
being more experienced than me only help you make an ass of yourself.
All these things come from experience,
So, what migrations have you done so far?
As I've said, I'll rather leave my arguments speak for themselves
rather than be drawn into a pissing contest about who has done more
migrations. Since having done more migrations would not make me
automaticaly correct.
As I've already tried to explain to you, an argument that attacks the
arguer instead of the argument is a fallacy.
When I attack you, it is purely for the fun of it, I refute your
arguments by addressing them directly.
Right now I'm in the process of doing two, one boing our board design
toolchain, with plenty of data translation and the other a business flow app.
So far we've spent at least four man years on the CAD flow and it's far
from over. As for the other, try to imagine having a small busines flow
tool and then introducing SAP companywide.
And we get migration support from the new vendor.
Believe me, a database migration is *EASY* compared to that.
Even if I hardwire OCI calls into my c-code and then switch to
ODBC or something.
You mean the same SAP that developed the Open Source SAP DB and is now
working with MySQL DB in making it MaxDB? Did you not tell them that
source is of no value? Think of all the effort you could have saved
them! Forunatly there customers, who value their data, told them
different.
In anycase, I'm not intersted in what you are working on. It's
irrelevent and it sounds banal. Nor does it in anyway strengthen your
arguments.
your attempt to question my
experience, only show that you are unable to formalute an actual
argument, so you try and discredit the arguer instead of the argument.
I did. You just didn't understand it.
Yeah, sure. I don't understand your arguments. They are
incomprehensible nonsence.
Oh please, my argument has been presented well enough, attacking me
just shows you can not defend your own, that is if you actually had
one.
You might have noticed that you got responses from different people
And I responded in kind, if one of them made an argument you feel I
didn't address well enough, feel free to quote it, although I am happy
you feel a sence of support from MS SQL shills.
whereas you are the only one who thinks my arguments are rubbish.
How do you know what everybody thinks? you think what is posted in
this thread represent what everyone thinks?
Now, statistics is not fact, but it's evidence and should get you thinking.
Better evidence is how easily all your arguments are refuted.
If my argument was not backed up by anything it would easy enough to
refute it without attempting to insult me,
I don't insult you I'm trying to get through to you.
Thanks, from now on I will never abstract my database access, ignore
network security, refuse to accept source code for any dependency of
my applications, insist on being locked in to single source for all my
support contracts and always, always keep my archives in an
incoprehensible filesystem blob that I can only access by way of a
third party, closed-source deamon.
Now that you have educated me on the fact that law suits and not
source code is what I should depend on, I will give up my long career
as a developer and begin training to be a lawyer.
You've really set me straight.
I bow before your awesome experience.
Reasonable arguments didn't work.
Always ready to go beyond the call of duty for a good cause, huh?
These must be voices in your head that you are hearing. Since my
argument have been quite clear and even sumerized several times.
Yes. The right to source code balances nonexisting support and
buying support for a open source software (instead of trying to
fix things oneself) is somehow better than doing the same with
commercial software. Did I leave out anything important?
Yes, my entire argument, but dont let that stop you from blathering.
Your arguments amount to the metaphysical belief that only the
copyright holders of your favourite proporiety software know how to
program,
No, that they are the only ones that should be allowed because they
are the only ones that can take responsibility.
See, "the only ones that can," -- they posses a special metaphysical
quality that no one else posses. Interesting faith you have.
that the very concept of good programming is an illussion,
No, it's just that so far no one has found out what it is, because
despite all the attempts software still is not substantially more stable
than software written 30 years ago.
So we should not try to write good programms then? Quick, someone tell
Don Knuth.
and therfore the only way forward is to make yourself both tehnicaly
and legaly dependent on them as much as possible.
You forget that they depend on me. Namely, on my money.
God help them then.
Fortunatly there are other customers.
So, oracle people should further develop oracle and mysql people
mysql. Did I get this right?
No, that's not right, that's not even wrong.
So, what is it?
A non sequitor, a red herring, a straw man, a fallacy, irrelevent,
what it isn't is a response to my argument, neither a right, nor a
wrong response.
Application developers should avoid locking themselves in to external
dependencies, either by not using products to which they have no right
to the source code, or abstracting access when they do use such
products. Simple.
There it is again, this source code right thingie. And you complain about me
getting rude.
I don't complain, go ahead and serve, I'll snap. I like dozens. I just
wonder why you're such a glutten for punishement.
Again: The source code is no guarantee of fixed bugs, much less improvements.
Again: Not having source is a guarantee that one CAN NOT fix bugs.
It's not even what I want.
Yet others may not want what you want, do you think that my advice was
directed at you and your application specifically?
I also can go and tinker with the airbag of my car
if I think it's broken, I don't do that either but go to a repair shop.
Yes, and just like software, your financing contract may allow you to
go to any repair shop, or even fix it yourself if you are able to, or
it may force you into only using the repair shop of the dealer. The
later, by the way, is sometimes a rip off.
And if you are worrying about expiring licences, for many products
(purify and our oracle installation spring to mind) you get permanent
licences and pay yearly for support, so I can still use the app when the
vendor goes bust.
Who will fix the bugs when the vendor goes bust? Or compile it for
your new OS, or your new CPU? Or to link a updated library for which
there is a security patch?
And before you come again about the source code I can fix and improve,
or pay someone to do it, I won't because that would be wasting company
money and that would be because a migration is cheaper than tinkering with
the old software and it wouldn't lose us customers either because customers
When we figured out that our new CAD tool doesn't support oracle 9.2
we gave them a ding behind the ear and, see, the next release, out
in two months supports it and til then we got a workaround.
don't like dead software.
You just do whatever you want, I'm sick of talking to you, however
surely you must know that not everyone agrees with you, even if you
haven't noticed that, your reasoning is based on nothing substantial
but your insistances and pretentions, even so you are entitiled to
hold your goofy ideas. Good luck to you. Just dont bore me with what
you want, or what you do, or anything about you at all, or me for that
matter, stick to the topic or go away.
And trim your posts better, you don't need to quote every line in the
previous post, only the ones you actually respond to.
And having right to the source code does not mean that the program is
'open source,' as you can purchace such a right for propretary code,
as is common for libraries.
And still, if something goes wrong, I file a service request.
And if the company does ceases to offer the product I change company.
Sometimes it's best to change companies and keep the product,
sometimes it's best to abstract your code to make changing products
easier. What is your point exactly?
"Assitance" only means that they will provide someone whose time they
can bill you for,
As I said, we pay a flatrate.
And you get what you pay for, do not imagine they will consent to
losing money on you for long if their costs go above your flat rate.
not that anything will be accomplished.
Then they lose money if they don't accomplish anything.
Right, if fixing it costs them more that what you are paying them,
then they desupport you, and you, not having source code can not find
someone who can (or will) do it cheaper, and you, thinking that
database access abstraction is a waste of time, must change your
entire application. Have fun. Your systems and data may have a short
enough life span that this works for you, do not assume that this is
the case for all applications and all data.
Many large companies, and profesional develpoers provide source
licences and/or support open source products, including the largest
computer company in the world, IBM.
Yep, so I can buy support, mess up the code I've access to and let
IBM sort it out, is this what I get by using a IBM supported mysql?
Who is the developer, you or IBM? If you are hiring IBM, why are you
messing with the code? I'm sure, if you are willing to pay them
enough, IBM corporate services will indulge this crazy plan of yours,
but they will probably at least suggest you decide wether it is you
*OR* them who are developing the code, and if you already have screwed
it up, perhaps they might prefer to start with a fresh copy from MySQL
AB.
But anyway, this is nothing more than you jumping up and down again
making ludicrous examples.
If not, what's the difference to buying db2 support?
(One thing more: No, if IBM abandons mysql I'm still not taking
on the support task, ok?)
IBM corporate services will not abondon anything as long as you keep
paying, heck, this is the company that created VisaulAge Cobol and
CICS for NT, however if you do have source, you can get someone else
to take over if you chose. But I know, source code is useless, good
programming is a myth, data abstraction a waste of time, readable file
formats are for novices, and network security is nothing but humbug.
Thanks for enlightening us all. I'm sure you think normalized data
models are for pussies too.
Regards,
Dmytri Kleiner
Wide eyed heretic, who believes tabs are better than spaces, does not
have a preference between Emacs or vi, yet actually thinks coding
standards matter. Go figure.
"Quirk" <qu***@syntac.net> wrote in message
news:4e*************************@posting.google.co m...
Unfortunately you have created unneeded dependencies for them, the
worst of which is not MS SQL, since it is fairly easy to get at data
in MS SQL and archive it or export it in a usefull way, the worst is
that you have tied your customers to a terrible Operating System with
a terrible licence, even Oracle users are not so screwed since at the
very least they have a choice when it comes to OS.
I'm curious about this terrible OS you refer to. I know the one I use is
stable, hasn't crashed on me once for SQL Server on 1/2 dozen machines for
4+ years and so far has not succumbed to any security holes. Or is this
just blatant bias?
"Greg D. Moore \(Strider\)" <mo****************@greenms.com> wrote in message news:<0w********************@twister.nyroc.rr.com> ... "Quirk" <qu***@syntac.net> wrote in message
news:4e*************************@posting.google.co m...
Unfortunately you have created unneeded dependencies for them, the
worst of which is not MS SQL, since it is fairly easy to get at data
in MS SQL and archive it or export it in a usefull way, the worst is
that you have tied your customers to a terrible Operating System with
a terrible licence, even Oracle users are not so screwed since at the
very least they have a choice when it comes to OS.
I'm curious about this terrible OS you refer to. I know the one I use is
stable, hasn't crashed on me once for SQL Server on 1/2 dozen machines for
4+ years and so far has not succumbed to any security holes. Or is this
just blatant bias?
Eeek. Someone actually wants me to discuss Windows.
If you're really interested in learning, which I doubt, read this: http://kirch.net/unix-nt
"Why Windows NT Server 4.0 continues to exist in the enterprise would
be a topic appropriate for an investigative report in the field of
psychology or marketing, not an article on information technology."
-- John Kirch, Networking Consultant and Microsoft Certified
Professional
NOTE TO SELF: remember to notice when groups like
comp.databases.ms-sqlserver are in the newsgroup list and remove them
in replies, lets at least maintain //some// level of quality in these
discussions.
On Wed, 12 May 2004 13:14:39 +0200, "Volker Hetzer"
<vo***********@ieee.org> wrote (more or less):
"Quirk" <qu***@syntac.net> schrieb im Newsbeitrag news:4e*************************@posting.google.co m... "Volker Hetzer" <vo***********@ieee.org> wrote in message news:<c7**********@nntp.fujitsu-siemens.com>...
> > > > > That's not true.
>
> > > > Yes it is.
>
> > > What was the value of this reply?
> >
> > What was the value of yours? Or this latest one?
> A question is not an answer.
And what was your reply?
I asked first.
> > Yes, you have the right to be overcharged for work that may or may not
> > not suit your needs by only _one_ vendor, and no right to go elsewhere
> > when they fail, ignore you outright, stop supporting your application
> > or vanish from the face of the earth. Have you actually read your
> > contract or software licence?
> Of course. See the end of this posting.
> > It only protects the vendor, not you.
> I've read the licence and done even more: I've used the software and tested the contract.
Realy, care to quote the part of the Contract that Gaurantees you any
rights?
http://oracle.com/support/index.html?policies.html
By "tested the contarct" what you mean is you agreed to pay them
completely on their terms and where satisified with the results they
chose to give you.
So, in what way is it different from let's say, buying a cucumber?
You are unlikely to be locked-in to purchase decision for your
cucumber for very long.
IME they start to go runny after only a week or two in the fridge.
--
Cheers,
Euan
Gawnsoft: http://www.gawnsoft.co.sr
Symbian/Epoc wiki: http://html.dnsalias.net:1122
Smalltalk links (harvested from comp.lang.smalltalk) http://html.dnsalias.net/gawnsoft/smalltalk
[comp.databases.ms-sqlserver removed from Groups, not intersted in
windows versus unix holy war]
Erland Sommarskog <so****@algonet.se> wrote in message news:<Xn**********************@127.0.0.1>... Dmytri Kleiner (qu***@syntac.net) writes:
The fact that you may found Windows a terrible operation system is
of course completely irrelvant to the discussion.
That it is terrible is irrelevant, yes, that your application is tied
to it is relevent.
If it wasn't clear: we offer our customers a product, and they are not
only tied to the DBMS and operating system, they are just as well tied
to our product.
Which would be a better product if it were not tied to a particular OS
at the very least, and, if possible, not to a particular database
either.
Oracle or Sybase, at least run on several OSes. Not to mention
PostgreSQL and Firebird. One of these would certainly be a better
choice than MS SQL, again, not that MS SQL server is particularly bad,
it's not, part of was writen by Sybase . It's that it traps you in
Windows.
As for the platform, the customers knows what they get when they buy
our system. If they don't accept Windows, they are not likely to go
for us either.
Good comanpies educate there clients, bad companies take advantage of
their ignorance.
I would say you made it quite clear that your basic message was that
it would be folly to do what I was suggesting,
Yes, it would be a folly to do so out of principle always.
Ah, thw word 'always' -- after duress, some qualification!
I have never recomended doing anything always, only given some good
advice.
Sometimes
it may be necessary, sometimes you are better off tying yourself to
one single platform.
There are always exceptions to all rules of thumb, however, in the
case of data abstraction, only extream performance concerns are
generaly a good enough reason, and then, if your application is so
specialized that abstraction is not workable, you are _usualy_ better
off using something for wich you have source code.
It is not, as I've said, it can be as simple as writing a wrapper
function around your data access.
Yes, if you build your system with all logic in a middle layer. Which
often can result in serious performance problems, because a lot of
data has to travel forth and back over the network. We have a lot of
the business logic in stored procedures, and we have also found that
this works best.
try this:
* create a wrapper around the execute binding, that way your
application can at least execute stored procured on any backend that
supports them.
* use standard syntax as much as possible.
* issolate the use of non standardized syntax in as few procedures as
possible.
How difficult is that?
Not as expensive as having the system itself obsoleted by an obsoleted
dependency or the inabilty to get support for a dependency due to a
licencing dispute.
Well, my company has worked this system since 1992, and nothing close
to that has happened yet.
Come gather 'round people
Wherever you roam
And admit that the waters
Around you have grown
And accept it that soon
You'll be drenched to the bone.
If your time to you
Is worth savin'
Then you better start swimmin'
Or you'll sink like a stone
For the times they are a-changin'.
Quirk (qu***@syntac.net) writes: [comp.databases.ms-sqlserver removed from Groups, not intersted in
windows versus unix holy war]
It appears that you failed to do that. That is the newsgroup from
where I read this thread. If you feel this group is not the venue
for you, just don't reply at all.
And if you want to avoid holy wars, don't come with blanket statments
about "terrible operating system" or barf just because people say
"SQL Server".
Which would be a better product if it were not tied to a particular OS
at the very least, and, if possible, not to a particular database
either.
Only if you hold non-tiedness as a religious belief. Making a system
portable over platforms, not the least RDBMSs, is very expensive, and
I would suggest that our customers prefer to get more functionality
out of the system.
try this:
* create a wrapper around the execute binding, that way your
application can at least execute stored procured on any backend that
supports them.
* use standard syntax as much as possible.
* issolate the use of non standardized syntax in as few procedures as
possible.
How difficult is that?
Very.
And if you had any experience of developing an enterprise OLTP system
you would know that.
only extream performance concerns are generaly a good enough reason,
Rewriting an UPDATE statement which actually used standard syntax
(correlated subquery in the SET clause), to one that use the
proprietary FROM clause with a derived table, slashed execution time
from two minutes to a few seconds.
And those cases are common place when you work with an RDBMS. Even if
your standard SQL ports from one RDBMS to another (not all support
the same subset of the standard), you cannot rely on that you
performance does.
--
Erland Sommarskog, SQL Server MVP, so****@algonet.se
Books Online for SQL Server SP3 at http://www.microsoft.com/sql/techinf...2000/books.asp
"Quirk" <qu***@syntac.net> wrote in message
news:4e************************@posting.google.com ... "Greg D. Moore \(Strider\)" <mo****************@greenms.com> wrote in
message news:<0w********************@twister.nyroc.rr.com> ...
I'm curious about this terrible OS you refer to. I know the one I use
is stable, hasn't crashed on me once for SQL Server on 1/2 dozen machines
for 4+ years and so far has not succumbed to any security holes. Or is this
just blatant bias?
Eeek. Someone actually wants me to discuss Windows.
If you're really interested in learning, which I doubt, read this:
No, I don't seem to be the one who has the closed mind.
http://kirch.net/unix-nt
"Why Windows NT Server 4.0 continues to exist in the enterprise would
be a topic appropriate for an investigative report in the field of
psychology or marketing, not an article on information technology."
Interesting, but not the OS in question.
Thanks for playing troll.
-- John Kirch, Networking Consultant and Microsoft Certified
Professional
NOTE TO SELF: remember to notice when groups like
comp.databases.ms-sqlserver are in the newsgroup list and remove them
in replies, lets at least maintain //some// level of quality in these
discussions.
Yes, we would rather keep the level of discussion professional and based on
facts, so please, in the future excuse yourself.
Sarah Tanembaum wrote: Beside its an opensource and supported by community, what's the fundamental
differences between PostgreSQL and those high-price commercial database (and
some are bloated such as Oracle) from software giant such as Microsoft SQL
Server, Oracle, and Sybase?
Is PostgreSQL reliable enough to be used for high-end commercial
application? Thanks
_Short Summary_
*PostgreSQL*
Free, loaded with features, not particularly fast, some extras
*MySQL*
Free, not so loaded with features, very fast, some extras
*SQL Server*
/Definetly/ not free, jam packed with features, very fast, lots of extras
*Sybase and Oracle*
Can't say, I have no experience with them.
_Answer to your question_
Suitable for a high-end commercial application? I'm not sure I would risk my job
on it...
We use SQL Server where I work and we well, beat the shit out of the server. The
hardware is backed with F.C. NAS from Network Appliance. The actual hardware is
a Dell 4-way (excluding Hyper Threading) with ~8GB of RAM and considering what a
beating the box has to endure it does really well until one of the developers
starts joining half a million records off of a table with insufficient indexes.
But I digress...
Personally, I wouldn't use it for commercial apps. The commercial solutions have
something very useful, commercial backing. This gives them the opportunity to
work on the server itself, extra features, extras like management interfaces and
clustering software.
IMHO current open source RDBMS do not have the robustness, stability, or
performance to use in mission-critical situations.
_A Message to Open Source Bible Beaters_
I'm one of you too, but I also work in a company where we make thousands of
dollars per minute. Downtime is /not/ an option and frankly, open source
databases are not quite there yet. I forsee things seriously shifting in the
next decade or so.
[comp.databases.ms-sqlserver group removed]
Jeff Rodriguez <ne********@gurugeek.EXAMPLENOSPAM.com> wrote in message news:<40**************@gurugeek.EXAMPLENOSPAM.com> ... *PostgreSQL*
Free, loaded with features, not particularly fast, some extras
*MySQL*
Free, not so loaded with features, very fast, some extras
*SQL Server*
/Definetly/ not free, jam packed with features, very fast, lots of extras
*Sybase and Oracle*
Can't say, I have no experience with them.
Ok, in very general terms, true enough, but of course anyone making
such a choise should ask themselves, what are my performance needs,
which features to I need, which extras do I need, etc.
_Answer to your question_
Suitable for a high-end commercial application? I'm not sure I would risk my > job on it...
But you *would* risk your Job on developing "high-end commercial"
applications for which you have no source code for dependencies, or
even perpetual access (at any cost) to the dependencies, and a sole
source for your support?
Interesting priorities your employer has, certainly no real software
developement company, like microsoft for instance, would put
themselves in
such a position, namely making their //own// software, that they have
invested there own money in developing, depend exclusively on an
//external// product, for which they only have a binary.
We use SQL Server where I work and we well, beat the shit out of the server. > The hardware is backed with F.C. NAS from Network Appliance. The actual
hardware is a Dell 4-way (excluding Hyper Threading) with ~8GB of RAM and
considering what a beating the box has to endure it does really well until
one of the developers starts joining half a million records off of a table
with insufficient indexes.
But I digress...
You do digress, so I'll take this window of offtopicness to say that
in no way am I suggesting that one should _never_ use proprietary or
closed source applications. For high end or very specialized
applications they often make a lot of sence, and are sometimes the
_only_ solution.
What I am trying to do, is to give some sensibile advice on what a
choice between closed and open source really means, namely that closed
source means an *exclusive* external dependency, when entering such a
dependency you are extreamly vulnerable and should only do so with
both eyes open, after you have determined that this is justified for
you needs. And even then, you should have an exit strategy so that
your investment is not lost when the relationship ends or the external
provider's product loses whatever advantage they had when you made the
deal.
Personally, I wouldn't use it for commercial apps. The commercial solutions
have something very useful, commercial backing. This gives them the
opportunity to work on the server itself, extra features, extras like
management interfaces and clustering software.
Commercial backing is available for //all// products, closed or open
source, except that with open source, you can chose the commercial
backer, and with closed source, you can only chose the copyright
holder.
IMHO current open source RDBMS do not have the robustness, stability, or
performance to use in mission-critical situations.
That depends on the mission. If your mission really does depend on
million record table joins, I may agree with you, if your mission
depends on being able to build new commodity-grade servers anytime you
need one, with out risking getting sued for 'over-deployment' I may
not.
_A Message to Open Source Bible Beaters_
I'm one of you too,
Then why do you preach FUD?
In anycase, open source is a good engineering practice, not a
religion, we do not need 'bible beaters' thank you.
The real 'bible beaters' are those that endlessly repeat their
metephysical belief in the infallibility of closed source vendors, and
even they can not agree on *which* closed source vendor is the real
infallible one, simular to actual bible beaters and their scriptural
disputes. The open source community are better compared to Quakers, no
source is sacred.
Most of the poor closed-source zealots do not even realize what a
small segment of the computer industry licence vending closed-source
software developers actualy are.
but I also work in a company where we make thousands of
dollars per minute.
If I where I you I would feel antsy about an application where being
down for
a minute would cost me a thousand dollars, and yet I had no source
code and was locked into a exclusive external support contract. But
good luck.
Downtime is /not/ an option and frankly,
Microsoft released an unprecedented release of eight patches that
repaired 21 security holes on April 13, how safe where you on April
12? Since you have no source code, no one knows but Microsoft (and the
hackers).
I'm glad you trust Microsoft, I would rather trust the likes of Bruce
Schneier.
open source databases are not quite there yet.
For million record table joins, perhaps not, but for large
commodity-grade clusters that can handle billions of simple
transactions, they may be, as I said, it all depends on the
application. Google, perhaps the worlds biggest database application,
doesn't use any database products at all, comercial or otherwise, but
rather uses their own specialized code built on top of as many lines
of open source code as they can their mits on.
I forsee things seriously shifting in the
next decade or so.
Really? I see the barbarians of the Open Source database world
storming the datacenters quite aggresively, PostgreSQL, MySQL, MaxDB,
Firebird, SQLite, and many other less prominent ones. And NetApp is
losing ground to the likes of DRDB. Huge powerhouses like IBM, SAP and
Novell are joining the charge, if you think the paradigm shift is a
decade off, you need get out of your chair and look out of the window
a little.
Not much longer than a decade ago there was no MS SQL Server.
Quirk (qu***@syntac.net) writes: [comp.databases.ms-sqlserver group removed]
You really need training! You failed again! (And while you are at it,
drop comp.lang.ruby which we both were requested by mail to do.)
But you *would* risk your Job on developing "high-end commercial"
applications for which you have no source code for dependencies, or
even perpetual access (at any cost) to the dependencies, and a sole
source for your support?
It happens to the be the case that in my position as an SQL Server MVP
I could get access to the source code for SQL Server, or at least I
think so. But I have not taken up on this offer. Why? Because I would
absolutely no use for it. I know about SQL programming, the SQL Server
source code is a lot of C++ code which is far beyond my field of
expertise.
And this applies to the very vast majority of SQL Server users.
Most of the poor closed-source zealots do not even realize what a
small segment of the computer industry licence vending closed-source
software developers actualy are.
I don't know if there are any closed-source zealots out there. I am
certainly not one of them. If I knew that MySQL or PostgresSQL was
the best solution for someone, I would not hesitate from making the
recomendation. Admittedly, it is a bit unlikely, but that is only
because my expert knowledge lies with SQL Server, so I would really
know what I am recommending. (And, no, I would not recommend SQL
Server, just because I know that one well.)
--
Erland Sommarskog, SQL Server MVP, so****@algonet.se
Books Online for SQL Server SP3 at http://www.microsoft.com/sql/techinf...2000/books.asp
Part of the beauty of SQL is that there are standards which if you try and stick
with, you can relatively easily migrate to another solution such as PostgreSQL
once they reach maturity. PostreSQL really does support a lot, however they're
missing the speed, tools, and high-availability addons of MS SQL Server.
For a company that does thousands of dollars worth of transactions per minute,
such as the one I work for, that $14,000 per processor is a small price to pay
for the reliability we can get from a commercial app. such as MS SQL Server.
Do I like the fact that MS SQL Server is closed source? Of course not, however,
if I had a choice of commercial support providers I would definetly choose
Microsoft; open source or not. I don't know if you've ever had to use their
support, but you can get on the phone with them and within a couple hours have
just about anything worked out. Why? Because they're big, they've seen damn near
everything.
I do not believe that closed source software it infallible, however nither is
open source. Now I'm not going to say that we've never been hacked, because
saying so will make me out to sound like an ignorant ass. Instead I'll say that
we are not aware of ever having any problems with our SQL Server being hacked.
Anyway, down to what matters: What I am trying to do, is to give some sensibile advice on what a
choice between closed and open source really means, namely that closed
source means an *exclusive* external dependency, when entering such a
dependency you are extreamly vulnerable and should only do so with
both eyes open, after you have determined that this is justified for
you needs. And even then, you should have an exit strategy so that
your investment is not lost when the relationship ends or the external
provider's product loses whatever advantage they had when you made the
deal.
In the case of SQL Servers, sticking as close to standard sql as possible gives
you an exit strategy. Extremely vulnerable? I disagree, if Microsoft were to die
tomorrow by some will of the software gods, someone would just pick up the
pieces and carry on where they left off. MS SQL Server would be sold to someone,
along with the licensees, yadda yadda yadda.
In conclusion I do not agree that using a closed SQL solution makes you
vulnerable, because there will always be support for you as long as the product
is still popular. MS SQL Server is very popular, and by the time one might
consider switching to a new solution, the open source solutions will be large
enough to be considered viable. Hell, if we're lucky maybe Novell will pick up
PostgreSQL...
On Fri, 14 May 2004, ne********@gurugeek.EXAMPLENOSPAM.com wrote: Part of the beauty of SQL is that there are standards which if
you try and stick with, you can relatively easily migrate to
another solution such as PostgreSQL once they reach
maturity.
I like the seats and dashboards of my BMW, so just yesterday, I
pulled them out and put them in my wifes Ford Escort, but damn,
the car just doesn't seem to perform as well. I really thought
the car industry standard was supposed to take care of these
performance degradations.
--
Galen Boyer
Jeff Rodriguez wrote: _Short Summary_
*PostgreSQL*
Free, loaded with features, not particularly fast, some extras
*MySQL*
Free, not so loaded with features, very fast, some extras
*SQL Server*
/Definetly/ not free, jam packed with features, very fast, lots of extras
*Sybase and Oracle*
Can't say, I have no experience with them.
_Answer to your question_
Suitable for a high-end commercial application? I'm not sure I would
risk my job on it...
Interesting list ... Speed and extras. Not one would be on my list
of most important considerations. How about rating them on:
1. Security
2. Stability
3. Scalability
If it isn't secure who cares how fast it is?
If it isn't stable who cares how many features it has?
If it won't scale to the number of users who gives a rip about extras?
And, to be quite blunt, if the only operating system it will run on
is Windows that becomes a limitation affecting all of the above. Any
time you database server is at risk from every 16 year old on the
planet. It can't really be called secure or stable.
--
Daniel Morgan http://www.outreach.washington.edu/e...ad/oad_crs.asp http://www.outreach.washington.edu/e...oa/aoa_crs.asp da******@x.washington.edu
(replace 'x' with a 'u' to reply)
Daniel Morgan wrote: Jeff Rodriguez wrote:
_Short Summary_
*PostgreSQL*
Free, loaded with features, not particularly fast, some extras
*MySQL*
Free, not so loaded with features, very fast, some extras
*SQL Server*
/Definetly/ not free, jam packed with features, very fast, lots of extras
*Sybase and Oracle*
Can't say, I have no experience with them.
_Answer to your question_
Suitable for a high-end commercial application? I'm not sure I would
risk my job on it...
Interesting list ... Speed and extras. Not one would be on my list
of most important considerations. How about rating them on:
1. Security
2. Stability
3. Scalability
If it isn't secure who cares how fast it is?
If it isn't stable who cares how many features it has?
If it won't scale to the number of users who gives a rip about extras?
And, to be quite blunt, if the only operating system it will run on
is Windows that becomes a limitation affecting all of the above. Any
time you database server is at risk from every 16 year old on the
planet. It can't really be called secure or stable.
Oh, I dunno. Stick it behind a firewall with some AV software and at
least keep it (OS and AV) minimally up to date, and it will do quite
reasonable service, and the script kiddies can be largely forgotten about.
Would I want to do a database on Windows that was servicing 2000 users?
No, not really, though I think it might just conceivably stretch that
far. But 200? Yes. With rather vital data? Yup. Been there, done that.
Can't mention specific names, but the Australian securities market
springs to mind.
Windows *is* an operating system. It might not be perfect (which one is?
And you're not allowed to mention VMS in your reply to that rhetorical
question!). And it might have its issues (they all do). It might even
have more issues than most others. But it does the job, for many people,
in many circumstances.
As a happy user, at one time or another, of DOS, Windows Kiddie (er, 2.0
to 98), Windows Proper (NT to XP), Linux, Solaris, Tru64, Novell, BeOS
and OS X, all have their quirks and all have their perks. I know which
one I'd implement Oracle on (Linux by choice). And I know which one will
be easiest to manage (Windows by a long shot).
But life would be far more productive if people would stop dissing the
tools that others use perfectly happily, and instead were to concentrate
how to make the best use of *whatever* tools that fall readily to hand.
Regards
HJR
Howard J. Rogers wrote: And, to be quite blunt, if the only operating system it will run on
is Windows that becomes a limitation affecting all of the above. Any
time you database server is at risk from every 16 year old on the
planet. It can't really be called secure or stable.
Oh, I dunno. Stick it behind a firewall with some AV software and at
least keep it (OS and AV) minimally up to date, and it will do quite
reasonable service, and the script kiddies can be largely forgotten about.
Regards
HJR
And would you then ignore all of the security patches?
If you don't ... you still need to at least once a month, likely more
often, down your production database to apply them and reboot the
server.
For what possible benefit? I'm still looking for one thing Windows
can do that, for example, Linux can't do ... except perhaps steal
cycles from the CPU.
--
Daniel Morgan http://www.outreach.washington.edu/e...ad/oad_crs.asp http://www.outreach.washington.edu/e...oa/aoa_crs.asp da******@x.washington.edu
(replace 'x' with a 'u' to reply)
"Daniel Morgan" <da******@x.washington.edu> wrote:- And would you then ignore all of the security patches?
If you don't ... you still need to at least once a month, likely more
often, down your production database to apply them and reboot the
server.
First you exaggerate that any 16 yrd old can bring down SQLServer
and now you exaggerate the need to apply security patch. Did it occur
to you that if your database server is safely behind the firewall,
the need to apply security patches reduces drastically. Almost all
of the security patches is only when your windows is exposed to
the outside world.
Our customers who run our application on SQL Server *always* use
it behind the firewall and one of them has SQL Server up and running
for more than 6 months. No problem for them.
For what possible benefit? I'm still looking for one thing Windows
can do that, for example, Linux can't do ... except perhaps steal
cycles from the CPU.
This is a different issue. If you want to argue on this, I will
not dispute with you. I also prefer unix over Win, but some of
your criticism against SQLServer (just because it runs on Win only)
is puerile and just shows your insecurity.
Just curious: Have you ever worked with SQLServer.
"rkusenet" <rk******@sympatico.ca> wrote in message
news:2g************@uni-berlin.de... "Daniel Morgan" <da******@x.washington.edu> wrote:-
And would you then ignore all of the security patches?
If you don't ... you still need to at least once a month, likely more
often, down your production database to apply them and reboot the
server.
First you exaggerate that any 16 yrd old can bring down SQLServer
and now you exaggerate the need to apply security patch. Did it occur
to you that if your database server is safely behind the firewall,
the need to apply security patches reduces drastically. Almost all
of the security patches is only when your windows is exposed to
the outside world.
Our customers who run our application on SQL Server *always* use
it behind the firewall and one of them has SQL Server up and running
for more than 6 months. No problem for them.
For what possible benefit? I'm still looking for one thing Windows
can do that, for example, Linux can't do ... except perhaps steal
cycles from the CPU.
This is a different issue. If you want to argue on this, I will
not dispute with you. I also prefer unix over Win, but some of
your criticism against SQLServer (just because it runs on Win only)
is puerile and just shows your insecurity.
Just curious: Have you ever worked with SQLServer.
We have a slew of SQL Servers behind a firewall (none are outside it) and we
have to apply the patches monthly. If we do not then we have what happened
a little over a week ago when the latest worm came out. We had to apply an
emergency patch in the middle of the day on our production systems that used
Windows. If we waited the machines would have kept rebooting due to the
worm. (as they already had 5 times that day). So don't give me this hooey
that you don't have to patch the servers monthly; we are at the whims of
some teenager in some foreign land. (and sometimes not so foreign)
Jim
rkusenet wrote: "Daniel Morgan" <da******@x.washington.edu> wrote:-
And would you then ignore all of the security patches?
If you don't ... you still need to at least once a month, likely more
often, down your production database to apply them and reboot the
server.
First you exaggerate that any 16 yrd old can bring down SQLServer
and now you exaggerate the need to apply security patch. Did it occur
to you that if your database server is safely behind the firewall,
the need to apply security patches reduces drastically. Almost all
of the security patches is only when your windows is exposed to
the outside world.
I didn't exagerate anything ... I asked a question. Please note the
question mark at the end of the sentence.
So you would, in fact, intentionally not apply Microsoft security
patches to your database servers. That is certainly one choice.
Our customers who run our application on SQL Server *always* use
it behind the firewall and one of them has SQL Server up and running
for more than 6 months. No problem for them.
Which is only possible if you never applied a security patch. Once
again ... a choice. For what possible benefit? I'm still looking for one thing Windows
can do that, for example, Linux can't do ... except perhaps steal
cycles from the CPU.
This is a different issue. If you want to argue on this, I will
not dispute with you. I also prefer unix over Win, but some of
your criticism against SQLServer (just because it runs on Win only)
is puerile and just shows your insecurity.
Just curious: Have you ever worked with SQLServer.
I don't criticize it "just" because it only runs on Windows. That is
just one argument among many. We could, for example, look at the
inability to cluster servers without federating data and many other
things. But that wasn't the point of the post to which I responded
and I'm not interested in starting another meaningless flame war.
--
Daniel Morgan http://www.outreach.washington.edu/e...ad/oad_crs.asp http://www.outreach.washington.edu/e...oa/aoa_crs.asp da******@x.washington.edu
(replace 'x' with a 'u' to reply)
Daniel Morgan wrote: rkusenet wrote:
"Daniel Morgan" <da******@x.washington.edu> wrote:-
And would you then ignore all of the security patches?
If you don't ... you still need to at least once a month, likely more
often, down your production database to apply them and reboot the
server.
[snip]
Following on in this current 'just curious' vein, why are any of your
database servers accessible from the internet?
Steve
Daniel Morgan wrote: Howard J. Rogers wrote:
And, to be quite blunt, if the only operating system it will run on
is Windows that becomes a limitation affecting all of the above. Any
time you database server is at risk from every 16 year old on the
planet. It can't really be called secure or stable.
Oh, I dunno. Stick it behind a firewall with some AV software and at
least keep it (OS and AV) minimally up to date, and it will do quite
reasonable service, and the script kiddies can be largely forgotten
about.
Regards
HJR
And would you then ignore all of the security patches?
If you don't ... you still need to at least once a month, likely more
often, down your production database to apply them and reboot the
server.
True enough. But not every patch needs to be applied to every server
(one can get more intelligent about these things that the CYA Microsoft
advisories suggest).
But even so. It takes me about 48 seconds to shutdown and re-start my
Windows 2000 Advanced server. I think I can live with 48 seconds of
downtime a month. I think *most* people could live with that sort of
downtime a month, actually. The number of people who truly, absolutely,
must have no compromises 5 9's uptime are actually quite small, if you
look at the planet as a whole.
For what possible benefit? I'm still looking for one thing Windows
can do that, for example, Linux can't do ... except perhaps steal
cycles from the CPU.
Well, that's a change in the terms of the debate. My issue is with
anyone calling Windows 'not an operating system', because it evidently
is. I didn't say it does one thing that Linux can't do. Nor vice versa.
Just accept the fact that a large number of servers around the world are
running Windows, whether you like it or not, and they somehow manage to
achieve productive work by doing so. A good DBA will therefore accept
Windows as just one more tool to be understood and used appropriately,
and not expend serious effort trying to slag it off.
Regards
HJR
"Daniel Morgan" <da******@x.washington.edu> wrote First you exaggerate that any 16 yrd old can bring down SQLServer
and now you exaggerate the need to apply security patch. Did it occur
to you that if your database server is safely behind the firewall,
the need to apply security patches reduces drastically. Almost all
of the security patches is only when your windows is exposed to
the outside world.
I didn't exagerate anything ... I asked a question. Please note the
question mark at the end of the sentence.
This is the not the first time. All ur rants against Windows is
well chronicled. didn't you predict that the day is not far off
when a virus in T-SQL will float around.
So you would, in fact, intentionally not apply Microsoft security
patches to your database servers. That is certainly one choice.
Which is only possible if you never applied a security patch. Once
again ... a choice.
Applying a patch becomes moot if it does not even apply to you.
If it does become critical, I assure you necessity overrides anything.
I don't criticize it "just" because it only runs on Windows. That is
just one argument among many. We could, for example, look at the
inability to cluster servers without federating data and many other
things. But that wasn't the point of the post to which I responded
and I'm not interested in starting another meaningless flame war.
I guess teaching in Univ. has made you a bit of theoretician. Go out
and check the real world. There are many users who are perfectly
happy with windows and it serves them very well. Not necessary piss ant
customers. Some real big ones. I work in one such industry where SS is
firmly enterenched.
Howard J. Rogers wrote: True enough. But not every patch needs to be applied to every server
(one can get more intelligent about these things that the CYA Microsoft
advisories suggest).
But even so. It takes me about 48 seconds to shutdown and re-start my
Windows 2000 Advanced server. I think I can live with 48 seconds of
downtime a month. I think *most* people could live with that sort of
downtime a month, actually. The number of people who truly, absolutely,
must have no compromises 5 9's uptime are actually quite small, if you
look at the planet as a whole.
That may be true of 'your' customers. But not one of mine would find
that acceptable.
Well maybe those with RAC taking down nodes once at a time. But
otherwise they expect to be up 7x24x365. It is very hard to explain
to your web customers that you are interrupting their book purchase
or that the search they wanted to do will have to wait ... or ...
we're terribly sorry you can't purchase plane tickets or check your
bank balance for awhile.
It just isn't acceptable.
--
Daniel Morgan http://www.outreach.washington.edu/e...ad/oad_crs.asp http://www.outreach.washington.edu/e...oa/aoa_crs.asp da******@x.washington.edu
(replace 'x' with a 'u' to reply)
rkusenet wrote: I didn't exagerate anything ... I asked a question. Please note the
question mark at the end of the sentence.
This is the not the first time. All ur rants against Windows is
well chronicled. didn't you predict that the day is not far off
when a virus in T-SQL will float around.
So rather than acknowledging that you misread, intentionally or
otherwise, what I wrote you've decided to play the children's game
of changing the subject. You'll have to play that diversion game with
someone else.
Perhaps this will help you: http://www.ubersoft.net/d/20040507.html
And be careful about your other presumptions ... they are equally
likely to be incorrect ... make that 100% likely.
--
Daniel Morgan http://www.outreach.washington.edu/e...ad/oad_crs.asp http://www.outreach.washington.edu/e...oa/aoa_crs.asp da******@x.washington.edu
(replace 'x' with a 'u' to reply)
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:bWupc.6750$gr.523362@attbi_s52... We have a slew of SQL Servers behind a firewall (none are outside it) and
we have to apply the patches monthly. If we do not then we have what
happened a little over a week ago when the latest worm came out. We had to apply
an emergency patch in the middle of the day on our production systems that
used Windows. If we waited the machines would have kept rebooting due to the
worm. (as they already had 5 times that day). So don't give me this
hooey that you don't have to patch the servers monthly; we are at the whims of
some teenager in some foreign land. (and sometimes not so foreign)
Jim
I will give you that hooey. While in most cases we are quite religious
about applying patches, for reasons I can't get into, we could not apply the
patches against Slammer for months. And yet, Slammer had ZERO effect on us.
Why? Because there are other security measures besides patches. If someone
can't reach your SQL Server, then they can't Slammer to it. If you're
getting hit, even behind the firewall, you've suffered from the jelly donut
issue and have a bigger issue than applying patches during the middle of the
day.
"Daniel Morgan" <da******@x.washington.edu> wrote in message
news:1084657054.933581@yasure...
So you would, in fact, intentionally not apply Microsoft security
patches to your database servers. That is certainly one choice.
Yes, in fact in many cases I would not.
Keep in mind, that most hotfixes are NOT regression tested and there's
always a fairly good sized risk from applying them.
Note the actual number of patches that apply to SQL Server vs. say IE or
Windows Media Player, etc.
In most cases those have little to no reason to be ON your SQL Server in the
first place, so applying a hotfix is generally a HIGHER risk than not
applying it.
(note Service Packs are regression tested and we tend to be much more likely
to apply those.) Our customers who run our application on SQL Server *always* use
it behind the firewall and one of them has SQL Server up and running
for more than 6 months. No problem for them.
Which is only possible if you never applied a security patch. Once
again ... a choice.
Yes, of course it's a choice. Your point?
Daniel Morgan wrote: Howard J. Rogers wrote:
True enough. But not every patch needs to be applied to every server
(one can get more intelligent about these things that the CYA
Microsoft advisories suggest).
But even so. It takes me about 48 seconds to shutdown and re-start my
Windows 2000 Advanced server. I think I can live with 48 seconds of
downtime a month. I think *most* people could live with that sort of
downtime a month, actually. The number of people who truly,
absolutely, must have no compromises 5 9's uptime are actually quite
small, if you look at the planet as a whole.
That may be true of 'your' customers. But not one of mine would find
that acceptable.
Daniel. Before you type, why don't you read? And why don't you just stop
to pause a little and think who comes to this group?
I frankly couldn't care about *your* customers. I carefully didn't
include them in my comments by using the word "most".
I didn't make any sweeping statements about *my* customers either. That
also is the function of the word "most".
If you actually took time to read and consider what others posted here,
you wouldn't come up with some of the smartass comments that you do.
Well maybe those with RAC taking down nodes once at a time. But
otherwise they expect to be up 7x24x365. It is very hard to explain
to your web customers that you are interrupting their book purchase
or that the search they wanted to do will have to wait ... or ...
we're terribly sorry you can't purchase plane tickets or check your
bank balance for awhile.
It just isn't acceptable.
That's just fine and dandy, and FOR THAT REASON, you wouldn't recommend
they use Windows. Perfectly understandable, perfectly reasonable. A
*reasoned* business decision.
But I wasn't talking about your customers. I was talking about the
*generality* of customers on the planet *as a whole*. And *they*, my
friend, might very well (correction: do) find Windows a perfectly
acceptable platform on which to run vital and important databases.
Monthly patching and 1 minute downtime due to patching-inspired reboots
included.
What I'm asking you to do, Daniel, is to lift your nose from *your*
perspective and *your* customers, and consider a rather bigger picture.
And if you did that, you wouldn't be sitting there rubbishing one of the
more common operating systems a wide-perspective DBA is likely to
encounter in his/her professional career.
That is all.
HJR
"Greg D. Moore (Strider)" <mo****************@greenms.com> wrote in message
news:Cl********************@twister.nyroc.rr.com.. .
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:bWupc.6750$gr.523362@attbi_s52... We have a slew of SQL Servers behind a firewall (none are outside it)
and we have to apply the patches monthly. If we do not then we have what happened a little over a week ago when the latest worm came out. We had to apply
an emergency patch in the middle of the day on our production systems that
used Windows. If we waited the machines would have kept rebooting due to the
worm. (as they already had 5 times that day). So don't give me this
hooey that you don't have to patch the servers monthly; we are at the whims of
some teenager in some foreign land. (and sometimes not so foreign)
Jim
I will give you that hooey. While in most cases we are quite religious
about applying patches, for reasons I can't get into, we could not apply
the patches against Slammer for months. And yet, Slammer had ZERO effect on
us. Why? Because there are other security measures besides patches. If
someone can't reach your SQL Server, then they can't Slammer to it. If you're
getting hit, even behind the firewall, you've suffered from the jelly
donut issue and have a bigger issue than applying patches during the middle of
the day.
You are probably in a small shop then. We have tens of thousands of
computers on our global network. Bank of America got hit, Siebel's site was
down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be a
pattern here.... I guess we could do what the CIA and NSA do and make sure
there isn't a connection to the outside world, the ultimate firewall.
Jim
Howard J. Rogers wrote:
That may be true of 'your' customers. But not one of mine would find
that acceptable.
Daniel. Before you type, why don't you read? And why don't you just stop
to pause a little and think who comes to this group?
I've thought about it. What conclusion would you like me to reach?
I think the people that come here, and please note this is going to
two different groups, are interested in multiple opinions ... and in
the end make up their own minds based on their situation.
That's just fine and dandy, and FOR THAT REASON, you wouldn't recommend
they use Windows. Perfectly understandable, perfectly reasonable. A
*reasoned* business decision.
I didn't say the words you put in my mouth. There are times when Windows
is the appropriate solution. But that said ... one makes that decision
based on understanding the reality of the impact it will have on every
aspect of the database and its operations.
The thread I was responding two, if you review it, will clearly show
that the first posting related to a list that seemed to sum up
decision making as based on performance and extras. I pointed out
that there were more important considerations such as security,
stability, and scalability.
That you have latched onto a single sentence about Windows in which I
made reference to its specific issues related to stability is your
decision and a segue from the point I was trying to make.
That is all.
Hopefully ;-)
HJR
--
Daniel Morgan http://www.outreach.washington.edu/e...ad/oad_crs.asp http://www.outreach.washington.edu/e...oa/aoa_crs.asp da******@x.washington.edu
(replace 'x' with a 'u' to reply)
Jim Kennedy wrote: "Greg D. Moore (Strider)" <mo****************@greenms.com> wrote in message
news:Cl********************@twister.nyroc.rr.com.. .
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:bWupc.6750$gr.523362@attbi_s52...
We have a slew of SQL Servers behind a firewall (none are outside it)
and
we
have to apply the patches monthly. If we do not then we have what
happened
a little over a week ago when the latest worm came out. We had to apply
an
emergency patch in the middle of the day on our production systems that
used
Windows. If we waited the machines would have kept rebooting due to the
worm. (as they already had 5 times that day). So don't give me this
hooey
that you don't have to patch the servers monthly; we are at the whims of
some teenager in some foreign land. (and sometimes not so foreign)
Jim
I will give you that hooey. While in most cases we are quite religious
about applying patches, for reasons I can't get into, we could not apply
the
patches against Slammer for months. And yet, Slammer had ZERO effect on
us.
Why? Because there are other security measures besides patches. If
someone
can't reach your SQL Server, then they can't Slammer to it. If you're
getting hit, even behind the firewall, you've suffered from the jelly
donut
issue and have a bigger issue than applying patches during the middle of
the
day.
You are probably in a small shop then. We have tens of thousands of
computers on our global network. Bank of America got hit, Siebel's site was
down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be a
pattern here.... I guess we could do what the CIA and NSA do and make sure
there isn't a connection to the outside world, the ultimate firewall.
Jim
Thanks Jim because I think you are absolutely correct. Small shops don't
need a lot of things required by larger shops. My customers tend to be
in telecommunications, aerospace, government, and many with 7x24x365 web
sites. Being off-line is something for which they have a dollar figure
calculated and in some cases that dollar figure is very very large.
When servers come down, and/or an SLA is not met ... people lose their
jobs.
If that is not true in a smaller shop, or in another country, on that
I can not comment. But those persons need to at least appreciate the
nature of their environment and the fact that their decisions is a good
one within their specific context only. There is no context in which
having a server that doesn't need to be off-lined is a bad thing.
--
Daniel Morgan http://www.outreach.washington.edu/e...ad/oad_crs.asp http://www.outreach.washington.edu/e...oa/aoa_crs.asp da******@x.washington.edu
(replace 'x' with a 'u' to reply)
Daniel Morgan wrote: Howard J. Rogers wrote:
That may be true of 'your' customers. But not one of mine would find
that acceptable.
Daniel. Before you type, why don't you read? And why don't you just
stop to pause a little and think who comes to this group?
I've thought about it. What conclusion would you like me to reach?
That the people who come here are a wide and varied bunch, and the fact
that *your* customers need to run 24x7x365 is not sufficient
justification for rubbishing the O/S and database they have decided to use.
I think the people that come here, and please note this is going to
two different groups,
I am quite well aware of the fact.
are interested in multiple opinions ... and in
the end make up their own minds based on their situation.
Rubbishing one of the most common O/Ses, and one of the top three
RDBMSs, does not constitute an 'opinion'. It is, however, something you
do a lot of. Not on any technical basis, because that might be a
discussion worth having, but because "my customers wouldn't find that
acceptable".
That's just fine and dandy, and FOR THAT REASON, you wouldn't
recommend they use Windows. Perfectly understandable, perfectly
reasonable. A *reasoned* business decision.
I didn't say the words you put in my mouth.
More's the pity then, because they are reasonable words. Although it
helps not to snip the context in which they were said, and if you are
going to snip (which is actually most unlike you) to indicate that you
have done so.
There are times when Windows
is the appropriate solution. But that said ... one makes that decision
based on understanding the reality of the impact it will have on every
aspect of the database and its operations.
The thread I was responding two,
if you review it, will clearly show
that the first posting related to a list that seemed to sum up
decision making as based on performance and extras. I pointed out
that there were more important considerations such as security,
stability, and scalability.
No, Daniel. That is called "re-writing history". You didn't make
reasoned comments about those three things, but said Windows was
insecure, needed patches all the time and so on. What I have called
"rubbishing Windows". I was merely trying to point out that a reasoned
business decision can be made for running on Windows because security
and stability and scalability can be managed in a way that will keep the
vast majority of customers happy.
Rather than graciously accept that a reasoned business decision might
actually favour Windows and SQL Server from time to time, you simply
announced "well, that wouldn't suit my customers".
My point was then: so effing what? Or put another way, your experience,
with your customers, doesn't (obviously) qualify you to comment on the
experience and needs of the vast majority of O/S and RDBMS users on the
face of this planet.
That you have latched onto a single sentence about Windows in which I
made reference to its specific issues related to stability is your
decision and a segue from the point I was trying to make.
No, not a single sentence. An attitude that speaks volumes.
That is all.
Hopefully ;-)
Why? Do you dislike having to actually justify the sweeping statements
you are occasionally prone to making?
Humility, Daniel, consists in part in understanding that your particular
experiences are not necessarily indicative of the experiences of others.
You could try it sometime.
HJR
Howard J. Rogers wrote: Daniel Morgan wrote:
Howard J. Rogers wrote:
That may be true of 'your' customers. But not one of mine would find
that acceptable.
Daniel. Before you type, why don't you read? And why don't you just
stop to pause a little and think who comes to this group?
I've thought about it. What conclusion would you like me to reach?
That the people who come here are a wide and varied bunch, and the fact
that *your* customers need to run 24x7x365 is not sufficient
justification for rubbishing the O/S and database they have decided to use.
I hardly "rubbished" an operating system. I stated that it had a
weakness. Would you claim otherwise? If you can find an operating system
that doesn't contain a weakness please inform us all.
are interested in multiple opinions ... and in
the end make up their own minds based on their situation.
Rubbishing one of the most common O/Ses, and one of the top three
RDBMSs, does not constitute an 'opinion'. It is, however, something you
do a lot of. Not on any technical basis, because that might be a
discussion worth having, but because "my customers wouldn't find that
acceptable".
You think it is an 'opinion' that major corporations reported spending
billions last year downing servers and cleaning up after a variety of
worms? You think all of the down time suffered by US banks and other
financial institutions is an opinion? That hospitals have had pharmacy
systems stop functioning while trying to get meds to patients an
opinion?
Give me a break Howard. It is not an opinion ... it is documented
non-disputable fact.
Maybe you have some version of Windows down there in Australia that
doesn't require patching? Or maybe there are no viruses or worms
that infect systems south of the equator? Or maybe you think that
the only companies using Microsoft products are such light-weights
that they don't care if their systems come down regularly. But among
my clients last year was the largest toy company on the planet. Their
Oracle system was, and still is, on Win2K. And they are not exactly
happy with the number of sales they lost due to down-time related to
the operating system ... not the database.
There are times when Windows
is the appropriate solution. But that said ... one makes that decision
based on understanding the reality of the impact it will have on every
aspect of the database and its operations.
The thread I was responding two, if you review it, will clearly show
that the first posting related to a list that seemed to sum up
decision making as based on performance and extras. I pointed out
that there were more important considerations such as security,
stability, and scalability.
No, Daniel. That is called "re-writing history". You didn't make
reasoned comments about those three things, but said Windows was
insecure, needed patches all the time and so on.
Are you going to accuse Microsoft this same blasphemy?
http://www.microsoft.com/downloads/s...ndTopList=true
I count 17 security patches that you apparently choose to ignore because
you are behind a firewall: Fine! Some of us have had experiences that
demonstrate that your strategy is not fool-proof. And far from it have
experienced very expensive outages.
Rather than graciously accept that a reasoned business decision might
actually favour Windows and SQL Server from time to time, you simply
announced "well, that wouldn't suit my customers".
Are you serious? I use Windows. I have customers that use Windows. But
we go into it understanding that it is a limitation. If you have a list
of specifications under which you think SQL Server on Windows is a
better choice than Sybase or Informix on Linux by all means put it
forward. Just please address the points I originally raised ...
security, stability, and scalability ... not extras.
My point was then: so effing what? Or put another way, your experience,
with your customers, doesn't (obviously) qualify you to comment on the
experience and needs of the vast majority of O/S and RDBMS users on the
face of this planet.
Nor does yours. So why so much angst over this? You have an opinion. I
have an opinion. So what? Why so much adrenaline over a matter of so
little consequence?
No, not a single sentence. An attitude that speaks volumes.
By all means tell me what my attitude is. I really want to know?
Why? Do you dislike having to actually justify the sweeping statements
you are occasionally prone to making?
If you don't like my sweeping statements ... contradict them with facts
not emotions. Do you wish to dispute the cost to industry for dealing
with Windows security issues? If so ... have at it.
Start by going to Google and putting in the following search criterion:
"Cost of" AND "Windows Security"
Humility, Daniel, consists in part in understanding that your particular
experiences are not necessarily indicative of the experiences of others.
You could try it sometime.
Have you considered looking into a mirror when making such statements?
You are criticizing me for exactly, and I do mean EXACTLY, what you are
doing yourself. Have a beer and relax. This is software not the possible
end of civilization as we know it.
HJR
--
Daniel Morgan http://www.outreach.washington.edu/e...ad/oad_crs.asp http://www.outreach.washington.edu/e...oa/aoa_crs.asp da******@x.washington.edu
(replace 'x' with a 'u' to reply)
Daniel Morgan wrote:
[snip] I hardly "rubbished" an operating system. I stated that it had a
weakness. Would you claim otherwise? If you can find an operating system
that doesn't contain a weakness please inform us all.
Quote:
If it isn't secure who cares how fast it is?
If it isn't stable who cares how many features it has?
If it won't scale to the number of users who gives a rip about extras?
And, to be quite blunt, if the only operating system it will run on
is Windows that becomes a limitation affecting all of the above.
Unquote
In 5 lines, you've said Windows isn't secure, stable or scalable. I call
that "rubbishing".
[snip]
You think it is an 'opinion' that major corporations reported spending
billions last year downing servers and cleaning up after a variety of
worms? You think all of the down time suffered by US banks and other
financial institutions is an opinion? That hospitals have had pharmacy
systems stop functioning while trying to get meds to patients an
opinion?
Give me a break Howard. It is not an opinion ... it is documented
non-disputable fact.
Once again, you've missed (ie, changed) the point. I haven't commented
at all on the above, or suggested anything about it. What I have said is
that your one-liner response to me that "my customers wouldn't find that
acceptable" is not sufficient as a basis for rubbishing an entire
platform. And that you might broaden your horizons a little and realise
that many, many businesses and organisations find what you find so easy
to diss a perfectly acceptable platform on which to run rather important
business-critical databases and related functions.
Maybe you have some version of Windows down there in Australia that
doesn't require patching? Or maybe there are no viruses or worms
that infect systems south of the equator? Or maybe you think that
the only companies using Microsoft products are such light-weights
that they don't care if their systems come down regularly. But among
my clients last year was the largest toy company on the planet. Their
Oracle system was, and still is, on Win2K. And they are not exactly
happy with the number of sales they lost due to down-time related to
the operating system ... not the database.
Then they should consider changing their operating system, clearly. And
that's a decision that would seem to be based upon business needs versus
technical realities. But for every Daniel that is dealing with Boeing,
Amazon and the biggest toy company on the planet, there will be
thousands of other DBAs who are not, and where the needs v realities
assessment will suggest other outcomes. And (here's the real point) when
you post, you might attempt to give some room for them and their
decision-making processes, and not seek or seem to dismiss them as being
ill-informed or badly done.
[snip]
I count 17 security patches that you apparently choose to ignore because
you are behind a firewall: Fine! Some of us have had experiences that
demonstrate that your strategy is not fool-proof. And far from it have
experienced very expensive outages.
It isn't my strategy, and I didn't say I would ignore them. I said that
there can be a bit more intelligence applied to the business of
installing them than you appear to give credit to. And that, for me, and
for many of my customers, and for most customers around the world, I
suspect, a minute or so of downtime a month as a consequence of NOT
ignoring them would be acceptable.
That's all. I'm not in Microsoft's corner. I'm not making claims for the
O/S which you seem to think I'm making. I personally wouldn't install
Oracle, for example, onto anything other than Linux or Unix if I had a
choice in the matter, though that has more to do with memory management
than anything else. But I wouldn't dismiss an entire operating system in
5 lines of thoughtlessness, either.
Rather than graciously accept that a reasoned business decision
might >> actually favour Windows and SQL Server from time to time, you
simply >> announced "well, that wouldn't suit my customers". Are you serious?
Your post is on the record. It started with the line "That may be true
of 'your' customers. But not one of mine would find
that acceptable." Even though now, apparently, one of them does, somehow.
So yes, I am serious.
I use Windows.
Of course you do. Most people do, you know.
I have customers that use Windows. But
we go into it understanding that it is a limitation.
Case closed.
If you have a list
of specifications under which you think SQL Server on Windows is a
better choice than Sybase or Informix on Linux by all means put it
forward. Just please address the points I originally raised ...
security, stability, and scalability ... not extras.
I did address them. But apparently "not one of [your] customers would
find it acceptable" to do likewise, so they weren't worthy of further
discussion by you.
That is my point.
My point was then: so effing what? Or put another way, your
experience, with your customers, doesn't (obviously) qualify you to
comment on the experience and needs of the vast majority of O/S and
RDBMS users on the face of this planet.
Nor does yours. So why so much angst over this? You have an opinion. I
have an opinion. So what? Why so much adrenaline over a matter of so
little consequence?
Because, Daniel, this isn't a matter of my opinion versus yours, but of
a global reality versus your ego, apparently.
Not that, even so, this is a matter of adrenaline on my part at least.
Just an attempt to extract a modicum of moderation from you. A smidgen
of a realisation that your work history is not perhaps representative.
That others, lots of them, might find perfectly reasonable, scalable,
secure and stable solutions using technology you simply see as a limitation.
That the Book of Daniel is not necessarily a gospel for our times.
No, not a single sentence. An attitude that speaks volumes.
By all means tell me what my attitude is. I really want to know?
Please read my posts, then.
Why? Do you dislike having to actually justify the sweeping statements
you are occasionally prone to making?
If you don't like my sweeping statements ... contradict them with facts
not emotions. Do you wish to dispute the cost to industry for dealing
with Windows security issues? If so ... have at it.
Nice try. I haven't attempted to dispute anything but your dismissive
attitude to one of the most prevalent O/Ses and RDBMSs in use. And you
might factor that scale of usage into your calculations of why these
security issues cost so much to deal with whilst you're at it.
Start by going to Google and putting in the following search criterion:
"Cost of" AND "Windows Security"
Humility, Daniel, consists in part in understanding that your
particular experiences are not necessarily indicative of the
experiences of others. You could try it sometime.
Have you considered looking into a mirror when making such statements?
You are criticizing me for exactly, and I do mean EXACTLY, what you are
doing yourself.
No, Daniel. I am not. Unlike you, I take an open-minded approach to
platforms, OSes and RDBMSs, and I wouldn't dismiss one of the most
prevalent with a 5-line pay-off, nor then attempt to justify it with a
one-line "My customers wouldn't find it acceptable".
I am on record here as 'hating' Linux, because I find it so damn obscure
at times. But I use it, regularly, and recommend it to many, because it
has clear advantages in certain circumstances. Would that you could be
likewise platform-agnostic.
Have a beer and relax. This is software not the possible
end of civilization as we know it.
Nice try yet again. The issue is *you*, Daniel. Not software, which most
people recognise needs assessing on its case-by-case merits. Nor the end
of civilisation, which isn't actually at issue in this thread. Just you,
your attitude, and the way you have expressed it in this thread.
The people who write about "M$", "Micro$oft" and "Windoze" are similarly
encumbered. It's a silly attitude to have, frankly. More to the point,
perhaps, it's unprofessional.
But it is clearly brick-wall-and-head time again.
HJR
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:AuEpc.19040$6f5.1748445@attbi_s54... You are probably in a small shop then.
Huh? So what you're basically saying is that large shops can ignore basic
security steps and then complain when they get bit?
It doesn't matter if I have 1 or 1000 SQL Servers, the basic security steps
(such as blocking port 1433 to the outside world) are the same. If
corporations had simply blocked 1433 and 1434 at the firewall, Slammer would
have been a non-event, patches or no patches.
We have tens of thousands of
computers on our global network. Bank of America got hit, Siebel's site
was down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be a
pattern here.... I guess we could do what the CIA and NSA do and make
sure there isn't a connection to the outside world, the ultimate firewall.
Funny though. I can get to servers of the CIA and the NSA. But I can't get
to critical systems. So if you "guess" you could do that, I'd suggest
that's exactly what you do. Partitioning systems that are required to be
secure from non-secure systems is basic security 101.
The biggest pattern I've seen is that most Windows administrators don't know
the basics about administering in a high security and high availability
environment.
Take a Unix administrator w/o a snobbish attitude (and yes, I've found quite
a few that are snobs and a number that are open-minded) and you'll find that
many of the same techniques that can be used to secure Unix systems and make
them highly available can be applied to Windows systems with similar degrees
of success.
The problem in my experience is not so much the OS as the operators.
Jim
"Daniel Morgan" <da******@x.washington.edu> wrote in message
news:1084719755.450820@yasure... Jim Kennedy wrote:
Thanks Jim because I think you are absolutely correct.
No he isn't.
Small shops don't
need a lot of things required by larger shops.
Wrong. SOME small shops don't need a lot of the things required by larger
shops. And some do. And some larger shops don't need them.
My customers tend to be
in telecommunications, aerospace, government, and many with 7x24x365 web
sites. Being off-line is something for which they have a dollar figure
calculated and in some cases that dollar figure is very very large.
When servers come down, and/or an SLA is not met ... people lose their
jobs.
That can be just as true for smaller shop.
You build your system based on your requirements. If you need 24x7x365,
you'll pay what's require, large shop or small.
If that is not true in a smaller shop, or in another country, on that
I can not comment.
And yet you just did above.
But those persons need to at least appreciate the
nature of their environment and the fact that their decisions is a good
one within their specific context only. There is no context in which
having a server that doesn't need to be off-lined is a bad thing.
I'll tell that to my CFO next time I'm budgetting an upgrade. "Sir, we only
use this system 9-5 and even then only 2-3 people use it. If it's down, they
can work on other stuff w/o any loss in effeciency. But we need to build a
clustered HA environment, since there's no context where having a server
that doesn't need to be off-lined is a bad thing."
I'll let you know how he takes that.
(btw, I do have a database that basically meets the above requirement and
it's doing just fine on Access.)
--
Daniel Morgan
http://www.outreach.washington.edu/e...ad/oad_crs.asp
http://www.outreach.washington.edu/e...oa/aoa_crs.asp
da******@x.washington.edu
(replace 'x' with a 'u' to reply)
"Greg D. Moore (Strider)" <mo****************@greenms.com> wrote in message
news:PP********************@twister.nyroc.rr.com.. .
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:AuEpc.19040$6f5.1748445@attbi_s54... You are probably in a small shop then.
Huh? So what you're basically saying is that large shops can ignore basic
security steps and then complain when they get bit?
It doesn't matter if I have 1 or 1000 SQL Servers, the basic security
steps (such as blocking port 1433 to the outside world) are the same. If
corporations had simply blocked 1433 and 1434 at the firewall, Slammer
would have been a non-event, patches or no patches.
Fire wall is blocked on those ports and many more, has been for a many
years. That's not the problem. The problem is when one of these things
gets inside the firewall then the firwall doesn't help much does it? Gee,
don't have this problem on port 1521 with Oracle. If it were as shoddily
written as MS SQLServer's security you know people would be attacking it
and it would be in the news. It isn't because the products come from 2
different mind sets. When someone's mainframe goes down or suffers an
undexpected service interuption then the CEO is on the phone with the CEO of
the mainframe company demanding to know why and when the fix is going to be
installed. I remember encountering a problem with Oracle's SQLNet product
to DB2 running on a mainframe, where if the client rebooted it locked up a
CPU on the mainframe. American Transtech called Oracle and Oracle had
someone out there to fix it the next morning. (from California to
Jacksonville) When someone's PC goes down people don't call MS (because
that is useless); they just reboot and hope it goes away. Same project.
Tried a sophisticated mail merge with Word and the OS would crash after 50
documents (Windows 3.11 which was the latest version at the time) due to a
memory leak in Word and Excel. Sent MS a test case and they admitted it was
a defect. No solution, it might get fixed some day. Never mind we had to
do a mail merge of 150,000 letters and documents. We had paid about
$350,000 for super special support from MS and that was the best they could
do, tell us to wait for some future release and it might be fixed then, 50
at a time wasn't going to cut the mustard. We switched to WordPerfect.
But clearly the company attitudes are very different with regards to
stability, security, and performance. I agree that one should use the right
tool for the right job. However, one should also look at all the costs one
is going to occur in using the tool. (unexpected downtime, loss of data,
performance etc.) If the trade offs are okay, go for it; just don't be
niave they don't exist.
We have tens of thousands of
computers on our global network. Bank of America got hit, Siebel's site
was down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be
a pattern here.... I guess we could do what the CIA and NSA do and make
sure there isn't a connection to the outside world, the ultimate firewall.
Funny though. I can get to servers of the CIA and the NSA. But I can't
get to critical systems. So if you "guess" you could do that, I'd suggest
that's exactly what you do. Partitioning systems that are required to be
secure from non-secure systems is basic security 101.
You can get to their public web servers. Big woop. That's as far as you
can get.
The biggest pattern I've seen is that most Windows administrators don't
know the basics about administering in a high security and high availability
environment.
The big problem is that Bill declared the shortest month of the year
security month. Says a lot doesn't it. It isn't important to MS. They
give lip service to it. When programming security is like performance and
scalability; they are aspects of the job, not things to be bolted on
afterwards. You have to do them all the time, not "at the end of the
project" if we have time. That attitude means it isn't important.
MS is mainly a marketing organization,
Take a Unix administrator w/o a snobbish attitude (and yes, I've found
quite a few that are snobs and a number that are open-minded) and you'll find
that many of the same techniques that can be used to secure Unix systems and
make them highly available can be applied to Windows systems with similar
degrees of success.
The problem in my experience is not so much the OS as the operators.
You can't fix something broken by design. How many Security certifications
does SQL Server or Windows 2000 have? (none)
Jim
Jim
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:5lSpc.62944$xw3.3682312@attbi_s04... Fire wall is blocked on those ports and many more, has been for a many
years. That's not the problem. The problem is when one of these things
gets inside the firewall then the firwall doesn't help much does it?
In other words, you have a jelly donut of a network. Again, why are you
blaming a poor security design on the OS?
Gee,
don't have this problem on port 1521 with Oracle.
"So Far". That's the problem with approaches such as patching to security.
It assumes you know about the threat. What happens if someone tomorrow
comes out with the Oracle version of slammer? You're in just as much
trouble.
If it were as shoddily
written as MS SQLServer's security you know people would be attacking it
and it would be in the news. It isn't because the products come from 2
different mind sets. When someone's mainframe goes down or suffers an
undexpected service interuption then the CEO is on the phone with the CEO
of the mainframe company demanding to know why and when the fix is going to
be installed. I remember encountering a problem with Oracle's SQLNet product
to DB2 running on a mainframe, where if the client rebooted it locked up a
CPU on the mainframe. American Transtech called Oracle and Oracle had
someone out there to fix it the next morning. (from California to
Jacksonville) When someone's PC goes down people don't call MS (because
that is useless);
It is? Gee, I guess those times where they've fixed my problems is just a
myth.
"Greg D. Moore (Strider)" <mo****************@greenms.com> wrote in message
news:bN********************@twister.nyroc.rr.com.. .
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:5lSpc.62944$xw3.3682312@attbi_s04... Fire wall is blocked on those ports and many more, has been for a many
years. That's not the problem. The problem is when one of these things
gets inside the firewall then the firwall doesn't help much does it?
In other words, you have a jelly donut of a network. Again, why are you
blaming a poor security design on the OS?
Should read:
" In other words, you have a jelly donut of a network. Again, why are you
blaming a poor security design on the poorly designed OS?"
Security is not locking everything up so no one can get to anything. Sure
you won't have any "breaches", but you won't have any access either. If the
problem was only Slammer I wouldn't worry about it, but it happens about
aevery 3 or 4 months despite staying up with patches. (and all the attendant
testing before putting a patch into production. Don't have all that problem
on my UNIX boxes and they get some patches, just not as many and not as
urgent. Why? Because the OS is a heck of a lot more secure. The
manufacture is more careful. I go by pragmatic experience and not some
nebulose claim that the company's security is at fault.
(eg companys are not hit as hard with attacks on non-windows production
systems, and they do happen, because the supplier is a better more careful
producer of software and hardware.)Gee,
don't have this problem on port 1521 with Oracle.
"So Far". That's the problem with approaches such as patching to
security. It assumes you know about the threat. What happens if someone tomorrow
comes out with the Oracle version of slammer? You're in just as much
trouble.
I assure you that if it was vulerable it would have happened. Larry put out
the Unbeakable challange in 8i (years ago) and of course attracted a lot of
hackers. Nothing came of it and it has been years. As I said before, it is
a matter of what the vendor thinks is important. MS doesn't think its
important. If it were as shoddily
written as MS SQLServer's security you know people would be attacking
it and it would be in the news. It isn't because the products come from 2
different mind sets. When someone's mainframe goes down or suffers an
undexpected service interuption then the CEO is on the phone with the
CEO of the mainframe company demanding to know why and when the fix is going to be installed. I remember encountering a problem with Oracle's SQLNet
product to DB2 running on a mainframe, where if the client rebooted it locked up
a CPU on the mainframe. American Transtech called Oracle and Oracle had
someone out there to fix it the next morning. (from California to
Jacksonville) When someone's PC goes down people don't call MS (because
that is useless);
It is? Gee, I guess those times where they've fixed my problems is just a
myth.
Logic problems are not the same as finding a major problem with a vendor's
product. I love it that you haven't given one example where you found a new
(new to the vendor - MS) critical (to you) flaw in their software and they
produced a patch for you. You can't because MS won't do that. Had problems
with them for over a decade and not once did they issue a patch to fix my
problem. Yet, I have with other major software vendor's repeatedly.
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:AwTpc.62041$536.10434195@attbi_s03... Logic problems are not the same as finding a major problem with a vendor's
product. I love it that you haven't given one example where you found a
new (new to the vendor - MS) critical (to you) flaw in their software and
they produced a patch for you. You can't because MS won't do that. Had
problems with them for over a decade and not once did they issue a patch to fix my
problem. Yet, I have with other major software vendor's repeatedly.
I can't because that would violate confidentiality agreements. But they
have in fact done so.
But, I can't give details. Sorry.
"Greg D. Moore (Strider)" <mo****************@greenms.com> wrote in message
news:AP*******************@twister.nyroc.rr.com...
"Jim Kennedy" <ke****************************@attbi.net> wrote in message
news:AwTpc.62041$536.10434195@attbi_s03... Logic problems are not the same as finding a major problem with a
vendor's product. I love it that you haven't given one example where you found a
new (new to the vendor - MS) critical (to you) flaw in their software and
they produced a patch for you. You can't because MS won't do that. Had
problems with them for over a decade and not once did they issue a patch to fix
my problem. Yet, I have with other major software vendor's repeatedly.
I can't because that would violate confidentiality agreements. But they
have in fact done so.
But, I can't give details. Sorry.
Of course, I'll believe that. I'm also looking to buy a bridge over the
East River in NY.
Jim This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Sarah Tanembaum |
last post by:
Beside its an opensource and supported by community, what's the fundamental
differences between PostgreSQL and those high-price commercial database (and
some are bloated such as Oracle) from...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| | |
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
