What so special about PostgreSQL and other RDBMS?

Re: What so special about PostgreSQL and other RDBMS?

Howard J. Rogers wrote:
[color=blue][color=green]
>> And, to be quite blunt, if the only operating system it will run on
>> is Windows that becomes a limitation affecting all of the above. Any
>> time you database server is at risk from every 16 year old on the
>> planet. It can't really be called secure or stable.[/color]
>
> Oh, I dunno. Stick it behind a firewall with some AV software and at
> least keep it (OS and AV) minimally up to date, and it will do quite
> reasonable service, and the script kiddies can be largely forgotten about.
>
> Regards
> HJR[/color]

And would you then ignore all of the security patches?

If you don't ... you still need to at least once a month, likely more
often, down your production database to apply them and reboot the
server.

For what possible benefit? I'm still looking for one thing Windows
can do that, for example, Linux can't do ... except perhaps steal
cycles from the CPU.

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?

"Daniel Morgan" <damorgan@x.was hington.edu> wrote:-
[color=blue]
> And would you then ignore all of the security patches?
> If you don't ... you still need to at least once a month, likely more
> often, down your production database to apply them and reboot the
> server.[/color]

First you exaggerate that any 16 yrd old can bring down SQLServer
and now you exaggerate the need to apply security patch. Did it occur
to you that if your database server is safely behind the firewall,
the need to apply security patches reduces drastically. Almost all
of the security patches is only when your windows is exposed to
the outside world.

Our customers who run our application on SQL Server *always* use
it behind the firewall and one of them has SQL Server up and running
for more than 6 months. No problem for them.
[color=blue]
>For what possible benefit? I'm still looking for one thing Windows
>can do that, for example, Linux can't do ... except perhaps steal
>cycles from the CPU.[/color]

This is a different issue. If you want to argue on this, I will
not dispute with you. I also prefer unix over Win, but some of
your criticism against SQLServer (just because it runs on Win only)
is puerile and just shows your insecurity.

Just curious: Have you ever worked with SQLServer.

Re: What so special about PostgreSQL and other RDBMS?


"rkusenet" <rkusenet@sympa tico.ca> wrote in message
news:2gn1l9F3s1 d3U1@uni-berlin.de...[color=blue]
> "Daniel Morgan" <damorgan@x.was hington.edu> wrote:-
>[color=green]
> > And would you then ignore all of the security patches?
> > If you don't ... you still need to at least once a month, likely more
> > often, down your production database to apply them and reboot the
> > server.[/color]
>
> First you exaggerate that any 16 yrd old can bring down SQLServer
> and now you exaggerate the need to apply security patch. Did it occur
> to you that if your database server is safely behind the firewall,
> the need to apply security patches reduces drastically. Almost all
> of the security patches is only when your windows is exposed to
> the outside world.
>
> Our customers who run our application on SQL Server *always* use
> it behind the firewall and one of them has SQL Server up and running
> for more than 6 months. No problem for them.
>[color=green]
> >For what possible benefit? I'm still looking for one thing Windows
> >can do that, for example, Linux can't do ... except perhaps steal
> >cycles from the CPU.[/color]
>
> This is a different issue. If you want to argue on this, I will
> not dispute with you. I also prefer unix over Win, but some of
> your criticism against SQLServer (just because it runs on Win only)
> is puerile and just shows your insecurity.
>
> Just curious: Have you ever worked with SQLServer.
>
>
>[/color]

We have a slew of SQL Servers behind a firewall (none are outside it) and we
have to apply the patches monthly. If we do not then we have what happened
a little over a week ago when the latest worm came out. We had to apply an
emergency patch in the middle of the day on our production systems that used
Windows. If we waited the machines would have kept rebooting due to the
worm. (as they already had 5 times that day). So don't give me this hooey
that you don't have to patch the servers monthly; we are at the whims of
some teenager in some foreign land. (and sometimes not so foreign)
Jim

Re: What so special about PostgreSQL and other RDBMS?

rkusenet wrote:
[color=blue]
> "Daniel Morgan" <damorgan@x.was hington.edu> wrote:-
>[color=green]
>>And would you then ignore all of the security patches?
>>If you don't ... you still need to at least once a month, likely more
>>often, down your production database to apply them and reboot the
>>server.[/color]
>
>
> First you exaggerate that any 16 yrd old can bring down SQLServer
> and now you exaggerate the need to apply security patch. Did it occur
> to you that if your database server is safely behind the firewall,
> the need to apply security patches reduces drastically. Almost all
> of the security patches is only when your windows is exposed to
> the outside world.[/color]

I didn't exagerate anything ... I asked a question. Please note the
question mark at the end of the sentence.

So you would, in fact, intentionally not apply Microsoft security
patches to your database servers. That is certainly one choice.
[color=blue]
> Our customers who run our application on SQL Server *always* use
> it behind the firewall and one of them has SQL Server up and running
> for more than 6 months. No problem for them.[/color]

Which is only possible if you never applied a security patch. Once
again ... a choice.
[color=blue][color=green]
>>For what possible benefit? I'm still looking for one thing Windows
>>can do that, for example, Linux can't do ... except perhaps steal
>>cycles from the CPU.[/color]
>
> This is a different issue. If you want to argue on this, I will
> not dispute with you. I also prefer unix over Win, but some of
> your criticism against SQLServer (just because it runs on Win only)
> is puerile and just shows your insecurity.
>
> Just curious: Have you ever worked with SQLServer.[/color]

I don't criticize it "just" because it only runs on Windows. That is
just one argument among many. We could, for example, look at the
inability to cluster servers without federating data and many other
things. But that wasn't the point of the post to which I responded
and I'm not interested in starting another meaningless flame war.

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?

Daniel Morgan wrote:[color=blue]
> rkusenet wrote:
>[color=green]
>> "Daniel Morgan" <damorgan@x.was hington.edu> wrote:-
>>[color=darkred]
>>> And would you then ignore all of the security patches?
>>> If you don't ... you still need to at least once a month, likely more
>>> often, down your production database to apply them and reboot the
>>> server.[/color]
>>
>>[/color][/color]
[snip]

Following on in this current 'just curious' vein, why are any of your
database servers accessible from the internet?

Steve

Re: What so special about PostgreSQL and other RDBMS?

Daniel Morgan wrote:
[color=blue]
> Howard J. Rogers wrote:
>[color=green][color=darkred]
>>> And, to be quite blunt, if the only operating system it will run on
>>> is Windows that becomes a limitation affecting all of the above. Any
>>> time you database server is at risk from every 16 year old on the
>>> planet. It can't really be called secure or stable.[/color]
>>
>>
>> Oh, I dunno. Stick it behind a firewall with some AV software and at
>> least keep it (OS and AV) minimally up to date, and it will do quite
>> reasonable service, and the script kiddies can be largely forgotten
>> about.
>>
>> Regards
>> HJR[/color]
>
>
> And would you then ignore all of the security patches?
>
> If you don't ... you still need to at least once a month, likely more
> often, down your production database to apply them and reboot the
> server.[/color]


True enough. But not every patch needs to be applied to every server
(one can get more intelligent about these things that the CYA Microsoft
advisories suggest).

But even so. It takes me about 48 seconds to shutdown and re-start my
Windows 2000 Advanced server. I think I can live with 48 seconds of
downtime a month. I think *most* people could live with that sort of
downtime a month, actually. The number of people who truly, absolutely,
must have no compromises 5 9's uptime are actually quite small, if you
look at the planet as a whole.
[color=blue]
> For what possible benefit? I'm still looking for one thing Windows
> can do that, for example, Linux can't do ... except perhaps steal
> cycles from the CPU.[/color]

Well, that's a change in the terms of the debate. My issue is with
anyone calling Windows 'not an operating system', because it evidently
is. I didn't say it does one thing that Linux can't do. Nor vice versa.

Just accept the fact that a large number of servers around the world are
running Windows, whether you like it or not, and they somehow manage to
achieve productive work by doing so. A good DBA will therefore accept
Windows as just one more tool to be understood and used appropriately,
and not expend serious effort trying to slag it off.

Regards
HJR

Re: What so special about PostgreSQL and other RDBMS?

"Daniel Morgan" <damorgan@x.was hington.edu> wrote
[color=blue][color=green]
> > First you exaggerate that any 16 yrd old can bring down SQLServer
> > and now you exaggerate the need to apply security patch. Did it occur
> > to you that if your database server is safely behind the firewall,
> > the need to apply security patches reduces drastically. Almost all
> > of the security patches is only when your windows is exposed to
> > the outside world.[/color]
>
> I didn't exagerate anything ... I asked a question. Please note the
> question mark at the end of the sentence.[/color]

This is the not the first time. All ur rants against Windows is
well chronicled. didn't you predict that the day is not far off
when a virus in T-SQL will float around.
[color=blue]
> So you would, in fact, intentionally not apply Microsoft security
> patches to your database servers. That is certainly one choice.
> Which is only possible if you never applied a security patch. Once
> again ... a choice.[/color]

Applying a patch becomes moot if it does not even apply to you.
If it does become critical, I assure you necessity overrides anything.

[color=blue]
> I don't criticize it "just" because it only runs on Windows. That is
> just one argument among many. We could, for example, look at the
> inability to cluster servers without federating data and many other
> things. But that wasn't the point of the post to which I responded
> and I'm not interested in starting another meaningless flame war.[/color]

I guess teaching in Univ. has made you a bit of theoretician. Go out
and check the real world. There are many users who are perfectly
happy with windows and it serves them very well. Not necessary piss ant
customers. Some real big ones. I work in one such industry where SS is
firmly enterenched.

Re: What so special about PostgreSQL and other RDBMS?

Howard J. Rogers wrote:
[color=blue]
> True enough. But not every patch needs to be applied to every server
> (one can get more intelligent about these things that the CYA Microsoft
> advisories suggest).
>
> But even so. It takes me about 48 seconds to shutdown and re-start my
> Windows 2000 Advanced server. I think I can live with 48 seconds of
> downtime a month. I think *most* people could live with that sort of
> downtime a month, actually. The number of people who truly, absolutely,
> must have no compromises 5 9's uptime are actually quite small, if you
> look at the planet as a whole.[/color]

That may be true of 'your' customers. But not one of mine would find
that acceptable.

Well maybe those with RAC taking down nodes once at a time. But
otherwise they expect to be up 7x24x365. It is very hard to explain
to your web customers that you are interrupting their book purchase
or that the search they wanted to do will have to wait ... or ...
we're terribly sorry you can't purchase plane tickets or check your
bank balance for awhile.

It just isn't acceptable.

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?

rkusenet wrote:
[color=blue][color=green]
>>I didn't exagerate anything ... I asked a question. Please note the
>>question mark at the end of the sentence.[/color]
>
>
> This is the not the first time. All ur rants against Windows is
> well chronicled. didn't you predict that the day is not far off
> when a virus in T-SQL will float around.[/color]

So rather than acknowledging that you misread, intentionally or
otherwise, what I wrote you've decided to play the children's game
of changing the subject. You'll have to play that diversion game with
someone else.

Perhaps this will help you:


And be careful about your other presumptions ... they are equally
likely to be incorrect ... make that 100% likely.

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?


"Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
news:bWupc.6750 $gr.523362@attb i_s52...[color=blue]
> We have a slew of SQL Servers behind a firewall (none are outside it) and[/color]
we[color=blue]
> have to apply the patches monthly. If we do not then we have what[/color]
happened[color=blue]
> a little over a week ago when the latest worm came out. We had to apply[/color]
an[color=blue]
> emergency patch in the middle of the day on our production systems that[/color]
used[color=blue]
> Windows. If we waited the machines would have kept rebooting due to the
> worm. (as they already had 5 times that day). So don't give me this[/color]
hooey[color=blue]
> that you don't have to patch the servers monthly; we are at the whims of
> some teenager in some foreign land. (and sometimes not so foreign)
> Jim
>
>[/color]

I will give you that hooey. While in most cases we are quite religious
about applying patches, for reasons I can't get into, we could not apply the
patches against Slammer for months. And yet, Slammer had ZERO effect on us.
Why? Because there are other security measures besides patches. If someone
can't reach your SQL Server, then they can't Slammer to it. If you're
getting hit, even behind the firewall, you've suffered from the jelly donut
issue and have a bigger issue than applying patches during the middle of the
day.

Re: What so special about PostgreSQL and other RDBMS?


"Daniel Morgan" <damorgan@x.was hington.edu> wrote in message
news:1084657054 .933581@yasure. ..[color=blue]
>
> So you would, in fact, intentionally not apply Microsoft security
> patches to your database servers. That is certainly one choice.
>[/color]

Yes, in fact in many cases I would not.

Keep in mind, that most hotfixes are NOT regression tested and there's
always a fairly good sized risk from applying them.

Note the actual number of patches that apply to SQL Server vs. say IE or
Windows Media Player, etc.

In most cases those have little to no reason to be ON your SQL Server in the
first place, so applying a hotfix is generally a HIGHER risk than not
applying it.

(note Service Packs are regression tested and we tend to be much more likely
to apply those.)

[color=blue][color=green]
> > Our customers who run our application on SQL Server *always* use
> > it behind the firewall and one of them has SQL Server up and running
> > for more than 6 months. No problem for them.[/color]
>
> Which is only possible if you never applied a security patch. Once
> again ... a choice.[/color]

Yes, of course it's a choice. Your point?

Re: What so special about PostgreSQL and other RDBMS?

Daniel Morgan wrote:[color=blue]
> Howard J. Rogers wrote:
>[color=green]
>> True enough. But not every patch needs to be applied to every server
>> (one can get more intelligent about these things that the CYA
>> Microsoft advisories suggest).
>>
>> But even so. It takes me about 48 seconds to shutdown and re-start my
>> Windows 2000 Advanced server. I think I can live with 48 seconds of
>> downtime a month. I think *most* people could live with that sort of
>> downtime a month, actually. The number of people who truly,
>> absolutely, must have no compromises 5 9's uptime are actually quite
>> small, if you look at the planet as a whole.[/color]
>
>
> That may be true of 'your' customers. But not one of mine would find
> that acceptable.[/color]

Daniel. Before you type, why don't you read? And why don't you just stop
to pause a little and think who comes to this group?

I frankly couldn't care about *your* customers. I carefully didn't
include them in my comments by using the word "most".

I didn't make any sweeping statements about *my* customers either. That
also is the function of the word "most".

If you actually took time to read and consider what others posted here,
you wouldn't come up with some of the smartass comments that you do.

[color=blue]
> Well maybe those with RAC taking down nodes once at a time. But
> otherwise they expect to be up 7x24x365. It is very hard to explain
> to your web customers that you are interrupting their book purchase
> or that the search they wanted to do will have to wait ... or ...
> we're terribly sorry you can't purchase plane tickets or check your
> bank balance for awhile.
>
> It just isn't acceptable.[/color]

That's just fine and dandy, and FOR THAT REASON, you wouldn't recommend
they use Windows. Perfectly understandable, perfectly reasonable. A
*reasoned* business decision.

But I wasn't talking about your customers. I was talking about the
*generality* of customers on the planet *as a whole*. And *they*, my
friend, might very well (correction: do) find Windows a perfectly
acceptable platform on which to run vital and important databases.
Monthly patching and 1 minute downtime due to patching-inspired reboots
included.

What I'm asking you to do, Daniel, is to lift your nose from *your*
perspective and *your* customers, and consider a rather bigger picture.

And if you did that, you wouldn't be sitting there rubbishing one of the
more common operating systems a wide-perspective DBA is likely to
encounter in his/her professional career.

That is all.

HJR

Re: What so special about PostgreSQL and other RDBMS?


"Greg D. Moore (Strider)" <mooregr_delete th1s@greenms.co m> wrote in message
news:ClCpc.1925 39$M3.152517@tw ister.nyroc.rr. com...[color=blue]
>
> "Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
> news:bWupc.6750 $gr.523362@attb i_s52...[color=green]
> > We have a slew of SQL Servers behind a firewall (none are outside it)[/color][/color]
and[color=blue]
> we[color=green]
> > have to apply the patches monthly. If we do not then we have what[/color]
> happened[color=green]
> > a little over a week ago when the latest worm came out. We had to apply[/color]
> an[color=green]
> > emergency patch in the middle of the day on our production systems that[/color]
> used[color=green]
> > Windows. If we waited the machines would have kept rebooting due to the
> > worm. (as they already had 5 times that day). So don't give me this[/color]
> hooey[color=green]
> > that you don't have to patch the servers monthly; we are at the whims of
> > some teenager in some foreign land. (and sometimes not so foreign)
> > Jim
> >
> >[/color]
>
> I will give you that hooey. While in most cases we are quite religious
> about applying patches, for reasons I can't get into, we could not apply[/color]
the[color=blue]
> patches against Slammer for months. And yet, Slammer had ZERO effect on[/color]
us.[color=blue]
> Why? Because there are other security measures besides patches. If[/color]
someone[color=blue]
> can't reach your SQL Server, then they can't Slammer to it. If you're
> getting hit, even behind the firewall, you've suffered from the jelly[/color]
donut[color=blue]
> issue and have a bigger issue than applying patches during the middle of[/color]
the[color=blue]
> day.
>
>
>[/color]

You are probably in a small shop then. We have tens of thousands of
computers on our global network. Bank of America got hit, Siebel's site was
down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be a
pattern here.... I guess we could do what the CIA and NSA do and make sure
there isn't a connection to the outside world, the ultimate firewall.
Jim

Re: What so special about PostgreSQL and other RDBMS?

Howard J. Rogers wrote:[color=blue][color=green]
>>
>> That may be true of 'your' customers. But not one of mine would find
>> that acceptable.[/color]
>
> Daniel. Before you type, why don't you read? And why don't you just stop
> to pause a little and think who comes to this group?[/color]

I've thought about it. What conclusion would you like me to reach?
I think the people that come here, and please note this is going to
two different groups, are interested in multiple opinions ... and in
the end make up their own minds based on their situation.
[color=blue]
> That's just fine and dandy, and FOR THAT REASON, you wouldn't recommend
> they use Windows. Perfectly understandable, perfectly reasonable. A
> *reasoned* business decision.[/color]

I didn't say the words you put in my mouth. There are times when Windows
is the appropriate solution. But that said ... one makes that decision
based on understanding the reality of the impact it will have on every
aspect of the database and its operations.

The thread I was responding two, if you review it, will clearly show
that the first posting related to a list that seemed to sum up
decision making as based on performance and extras. I pointed out
that there were more important considerations such as security,
stability, and scalability.

That you have latched onto a single sentence about Windows in which I
made reference to its specific issues related to stability is your
decision and a segue from the point I was trying to make.
[color=blue]
> That is all.[/color]

Hopefully ;-)[color=blue]
>
> HJR[/color]

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?

Jim Kennedy wrote:
[color=blue]
> "Greg D. Moore (Strider)" <mooregr_delete th1s@greenms.co m> wrote in message
> news:ClCpc.1925 39$M3.152517@tw ister.nyroc.rr. com...
>[color=green]
>>"Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
>>news:bWupc.67 50$gr.523362@at tbi_s52...
>>[color=darkred]
>>>We have a slew of SQL Servers behind a firewall (none are outside it)[/color][/color]
>
> and
>[color=green]
>>we
>>[color=darkred]
>>>have to apply the patches monthly. If we do not then we have what[/color]
>>
>>happened
>>[color=darkred]
>>>a little over a week ago when the latest worm came out. We had to apply[/color]
>>
>>an
>>[color=darkred]
>>>emergency patch in the middle of the day on our production systems that[/color]
>>
>>used
>>[color=darkred]
>>>Windows. If we waited the machines would have kept rebooting due to the
>>>worm. (as they already had 5 times that day). So don't give me this[/color]
>>
>>hooey
>>[color=darkred]
>>>that you don't have to patch the servers monthly; we are at the whims of
>>>some teenager in some foreign land. (and sometimes not so foreign)
>>>Jim
>>>
>>>[/color]
>>
>>I will give you that hooey. While in most cases we are quite religious
>>about applying patches, for reasons I can't get into, we could not apply[/color]
>
> the
>[color=green]
>>patches against Slammer for months. And yet, Slammer had ZERO effect on[/color]
>
> us.
>[color=green]
>>Why? Because there are other security measures besides patches. If[/color]
>
> someone
>[color=green]
>>can't reach your SQL Server, then they can't Slammer to it. If you're
>>getting hit, even behind the firewall, you've suffered from the jelly[/color]
>
> donut
>[color=green]
>>issue and have a bigger issue than applying patches during the middle of[/color]
>
> the
>[color=green]
>>day.
>>
>>
>>[/color]
>
>
> You are probably in a small shop then. We have tens of thousands of
> computers on our global network. Bank of America got hit, Siebel's site was
> down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be a
> pattern here.... I guess we could do what the CIA and NSA do and make sure
> there isn't a connection to the outside world, the ultimate firewall.
> Jim[/color]

Thanks Jim because I think you are absolutely correct. Small shops don't
need a lot of things required by larger shops. My customers tend to be
in telecommunicati ons, aerospace, government, and many with 7x24x365 web
sites. Being off-line is something for which they have a dollar figure
calculated and in some cases that dollar figure is very very large.
When servers come down, and/or an SLA is not met ... people lose their
jobs.

If that is not true in a smaller shop, or in another country, on that
I can not comment. But those persons need to at least appreciate the
nature of their environment and the fact that their decisions is a good
one within their specific context only. There is no context in which
having a server that doesn't need to be off-lined is a bad thing.

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)