What so special about PostgreSQL and other RDBMS?

Re: What so special about PostgreSQL and other RDBMS?

Daniel Morgan wrote:[color=blue]
> Howard J. Rogers wrote:
>[color=green][color=darkred]
>>>
>>> That may be true of 'your' customers. But not one of mine would find
>>> that acceptable.[/color]
>>
>>
>> Daniel. Before you type, why don't you read? And why don't you just
>> stop to pause a little and think who comes to this group?[/color]
>
>
> I've thought about it. What conclusion would you like me to reach?[/color]

That the people who come here are a wide and varied bunch, and the fact
that *your* customers need to run 24x7x365 is not sufficient
justification for rubbishing the O/S and database they have decided to use.
[color=blue]
> I think the people that come here, and please note this is going to
> two different groups,[/color]

I am quite well aware of the fact.
[color=blue]
> are interested in multiple opinions ... and in
> the end make up their own minds based on their situation.[/color]

Rubbishing one of the most common O/Ses, and one of the top three
RDBMSs, does not constitute an 'opinion'. It is, however, something you
do a lot of. Not on any technical basis, because that might be a
discussion worth having, but because "my customers wouldn't find that
acceptable".
[color=blue][color=green]
>> That's just fine and dandy, and FOR THAT REASON, you wouldn't
>> recommend they use Windows. Perfectly understandable, perfectly
>> reasonable. A *reasoned* business decision.[/color]
>
>
> I didn't say the words you put in my mouth.[/color]

More's the pity then, because they are reasonable words. Although it
helps not to snip the context in which they were said, and if you are
going to snip (which is actually most unlike you) to indicate that you
have done so.
[color=blue]
> There are times when Windows
> is the appropriate solution. But that said ... one makes that decision
> based on understanding the reality of the impact it will have on every
> aspect of the database and its operations.
>
> The thread I was responding two,
> if you review it, will clearly show
> that the first posting related to a list that seemed to sum up
> decision making as based on performance and extras. I pointed out
> that there were more important considerations such as security,
> stability, and scalability.[/color]

No, Daniel. That is called "re-writing history". You didn't make
reasoned comments about those three things, but said Windows was
insecure, needed patches all the time and so on. What I have called
"rubbishing Windows". I was merely trying to point out that a reasoned
business decision can be made for running on Windows because security
and stability and scalability can be managed in a way that will keep the
vast majority of customers happy.

Rather than graciously accept that a reasoned business decision might
actually favour Windows and SQL Server from time to time, you simply
announced "well, that wouldn't suit my customers".

My point was then: so effing what? Or put another way, your experience,
with your customers, doesn't (obviously) qualify you to comment on the
experience and needs of the vast majority of O/S and RDBMS users on the
face of this planet.
[color=blue]
> That you have latched onto a single sentence about Windows in which I
> made reference to its specific issues related to stability is your
> decision and a segue from the point I was trying to make.[/color]

No, not a single sentence. An attitude that speaks volumes.
[color=blue]
>[color=green]
>> That is all.[/color]
>
>
> Hopefully ;-)[/color]

Why? Do you dislike having to actually justify the sweeping statements
you are occasionally prone to making?

Humility, Daniel, consists in part in understanding that your particular
experiences are not necessarily indicative of the experiences of others.
You could try it sometime.

HJR

Re: What so special about PostgreSQL and other RDBMS?

Howard J. Rogers wrote:
[color=blue]
> Daniel Morgan wrote:
>[color=green]
>> Howard J. Rogers wrote:
>>[color=darkred]
>>>> That may be true of 'your' customers. But not one of mine would find
>>>> that acceptable.
>>>
>>> Daniel. Before you type, why don't you read? And why don't you just
>>> stop to pause a little and think who comes to this group?[/color]
>>
>> I've thought about it. What conclusion would you like me to reach?[/color]
>
> That the people who come here are a wide and varied bunch, and the fact
> that *your* customers need to run 24x7x365 is not sufficient
> justification for rubbishing the O/S and database they have decided to use.[/color]

I hardly "rubbished" an operating system. I stated that it had a
weakness. Would you claim otherwise? If you can find an operating system
that doesn't contain a weakness please inform us all.
[color=blue][color=green]
>> are interested in multiple opinions ... and in
>> the end make up their own minds based on their situation.[/color]
>
> Rubbishing one of the most common O/Ses, and one of the top three
> RDBMSs, does not constitute an 'opinion'. It is, however, something you
> do a lot of. Not on any technical basis, because that might be a
> discussion worth having, but because "my customers wouldn't find that
> acceptable".[/color]

You think it is an 'opinion' that major corporations reported spending
billions last year downing servers and cleaning up after a variety of
worms? You think all of the down time suffered by US banks and other
financial institutions is an opinion? That hospitals have had pharmacy
systems stop functioning while trying to get meds to patients an
opinion?

Give me a break Howard. It is not an opinion ... it is documented
non-disputable fact.

Maybe you have some version of Windows down there in Australia that
doesn't require patching? Or maybe there are no viruses or worms
that infect systems south of the equator? Or maybe you think that
the only companies using Microsoft products are such light-weights
that they don't care if their systems come down regularly. But among
my clients last year was the largest toy company on the planet. Their
Oracle system was, and still is, on Win2K. And they are not exactly
happy with the number of sales they lost due to down-time related to
the operating system ... not the database.
[color=blue][color=green]
>> There are times when Windows
>> is the appropriate solution. But that said ... one makes that decision
>> based on understanding the reality of the impact it will have on every
>> aspect of the database and its operations.
>>
>> The thread I was responding two, if you review it, will clearly show
>> that the first posting related to a list that seemed to sum up
>> decision making as based on performance and extras. I pointed out
>> that there were more important considerations such as security,
>> stability, and scalability.[/color]
>
> No, Daniel. That is called "re-writing history". You didn't make
> reasoned comments about those three things, but said Windows was
> insecure, needed patches all the time and so on.[/color]

Are you going to accuse Microsoft this same blasphemy?



I count 17 security patches that you apparently choose to ignore because
you are behind a firewall: Fine! Some of us have had experiences that
demonstrate that your strategy is not fool-proof. And far from it have
experienced very expensive outages.
[color=blue]
> Rather than graciously accept that a reasoned business decision might
> actually favour Windows and SQL Server from time to time, you simply
> announced "well, that wouldn't suit my customers".[/color]

Are you serious? I use Windows. I have customers that use Windows. But
we go into it understanding that it is a limitation. If you have a list
of specifications under which you think SQL Server on Windows is a
better choice than Sybase or Informix on Linux by all means put it
forward. Just please address the points I originally raised ...
security, stability, and scalability ... not extras.
[color=blue]
> My point was then: so effing what? Or put another way, your experience,
> with your customers, doesn't (obviously) qualify you to comment on the
> experience and needs of the vast majority of O/S and RDBMS users on the
> face of this planet.[/color]

Nor does yours. So why so much angst over this? You have an opinion. I
have an opinion. So what? Why so much adrenaline over a matter of so
little consequence?
[color=blue]
> No, not a single sentence. An attitude that speaks volumes.[/color]

By all means tell me what my attitude is. I really want to know?
[color=blue]
> Why? Do you dislike having to actually justify the sweeping statements
> you are occasionally prone to making?[/color]

If you don't like my sweeping statements ... contradict them with facts
not emotions. Do you wish to dispute the cost to industry for dealing
with Windows security issues? If so ... have at it.

Start by going to Google and putting in the following search criterion:
"Cost of" AND "Windows Security"
[color=blue]
> Humility, Daniel, consists in part in understanding that your particular
> experiences are not necessarily indicative of the experiences of others.
> You could try it sometime.[/color]

Have you considered looking into a mirror when making such statements?
You are criticizing me for exactly, and I do mean EXACTLY, what you are
doing yourself. Have a beer and relax. This is software not the possible
end of civilization as we know it.
[color=blue]
> HJR[/color]

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?

Daniel Morgan wrote:

[snip]
[color=blue]
> I hardly "rubbished" an operating system. I stated that it had a
> weakness. Would you claim otherwise? If you can find an operating system
> that doesn't contain a weakness please inform us all.[/color]

Quote:
If it isn't secure who cares how fast it is?
If it isn't stable who cares how many features it has?
If it won't scale to the number of users who gives a rip about extras?

And, to be quite blunt, if the only operating system it will run on
is Windows that becomes a limitation affecting all of the above.
Unquote

In 5 lines, you've said Windows isn't secure, stable or scalable. I call
that "rubbishing ".

[snip]
[color=blue]
> You think it is an 'opinion' that major corporations reported spending
> billions last year downing servers and cleaning up after a variety of
> worms? You think all of the down time suffered by US banks and other
> financial institutions is an opinion? That hospitals have had pharmacy
> systems stop functioning while trying to get meds to patients an
> opinion?
>
> Give me a break Howard. It is not an opinion ... it is documented
> non-disputable fact.[/color]

Once again, you've missed (ie, changed) the point. I haven't commented
at all on the above, or suggested anything about it. What I have said is
that your one-liner response to me that "my customers wouldn't find that
acceptable" is not sufficient as a basis for rubbishing an entire
platform. And that you might broaden your horizons a little and realise
that many, many businesses and organisations find what you find so easy
to diss a perfectly acceptable platform on which to run rather important
business-critical databases and related functions.
[color=blue]
> Maybe you have some version of Windows down there in Australia that
> doesn't require patching? Or maybe there are no viruses or worms
> that infect systems south of the equator? Or maybe you think that
> the only companies using Microsoft products are such light-weights
> that they don't care if their systems come down regularly. But among
> my clients last year was the largest toy company on the planet. Their
> Oracle system was, and still is, on Win2K. And they are not exactly
> happy with the number of sales they lost due to down-time related to
> the operating system ... not the database.[/color]

Then they should consider changing their operating system, clearly. And
that's a decision that would seem to be based upon business needs versus
technical realities. But for every Daniel that is dealing with Boeing,
Amazon and the biggest toy company on the planet, there will be
thousands of other DBAs who are not, and where the needs v realities
assessment will suggest other outcomes. And (here's the real point) when
you post, you might attempt to give some room for them and their
decision-making processes, and not seek or seem to dismiss them as being
ill-informed or badly done.

[snip]
[color=blue]
> I count 17 security patches that you apparently choose to ignore because
> you are behind a firewall: Fine! Some of us have had experiences that
> demonstrate that your strategy is not fool-proof. And far from it have
> experienced very expensive outages.[/color]

It isn't my strategy, and I didn't say I would ignore them. I said that
there can be a bit more intelligence applied to the business of
installing them than you appear to give credit to. And that, for me, and
for many of my customers, and for most customers around the world, I
suspect, a minute or so of downtime a month as a consequence of NOT
ignoring them would be acceptable.

That's all. I'm not in Microsoft's corner. I'm not making claims for the
O/S which you seem to think I'm making. I personally wouldn't install
Oracle, for example, onto anything other than Linux or Unix if I had a
choice in the matter, though that has more to do with memory management
than anything else. But I wouldn't dismiss an entire operating system in
5 lines of thoughtlessness , either.
[color=blue][color=green]
>> Rather than graciously accept that a reasoned business decision[/color][/color]
might >> actually favour Windows and SQL Server from time to time, you
simply >> announced "well, that wouldn't suit my customers".[color=blue]
> Are you serious?[/color]

Your post is on the record. It started with the line "That may be true
of 'your' customers. But not one of mine would find
that acceptable." Even though now, apparently, one of them does, somehow.

So yes, I am serious.
[color=blue]
>I use Windows.[/color]

Of course you do. Most people do, you know.
[color=blue]
> I have customers that use Windows. But
> we go into it understanding that it is a limitation.[/color]

Case closed.
[color=blue]
>If you have a list
> of specifications under which you think SQL Server on Windows is a
> better choice than Sybase or Informix on Linux by all means put it
> forward. Just please address the points I originally raised ...
> security, stability, and scalability ... not extras.[/color]

I did address them. But apparently "not one of [your] customers would
find it acceptable" to do likewise, so they weren't worthy of further
discussion by you.

That is my point.
[color=blue][color=green]
>> My point was then: so effing what? Or put another way, your
>> experience, with your customers, doesn't (obviously) qualify you to
>> comment on the experience and needs of the vast majority of O/S and
>> RDBMS users on the face of this planet.[/color]
>
>
> Nor does yours. So why so much angst over this? You have an opinion. I
> have an opinion. So what? Why so much adrenaline over a matter of so
> little consequence?[/color]

Because, Daniel, this isn't a matter of my opinion versus yours, but of
a global reality versus your ego, apparently.

Not that, even so, this is a matter of adrenaline on my part at least.
Just an attempt to extract a modicum of moderation from you. A smidgen
of a realisation that your work history is not perhaps representative.
That others, lots of them, might find perfectly reasonable, scalable,
secure and stable solutions using technology you simply see as a limitation.

That the Book of Daniel is not necessarily a gospel for our times.
[color=blue][color=green]
>> No, not a single sentence. An attitude that speaks volumes.[/color]
>
>
> By all means tell me what my attitude is. I really want to know?[/color]

Please read my posts, then.
[color=blue][color=green]
>> Why? Do you dislike having to actually justify the sweeping statements
>> you are occasionally prone to making?[/color]
>
>
> If you don't like my sweeping statements ... contradict them with facts
> not emotions. Do you wish to dispute the cost to industry for dealing
> with Windows security issues? If so ... have at it.[/color]

Nice try. I haven't attempted to dispute anything but your dismissive
attitude to one of the most prevalent O/Ses and RDBMSs in use. And you
might factor that scale of usage into your calculations of why these
security issues cost so much to deal with whilst you're at it.
[color=blue]
> Start by going to Google and putting in the following search criterion:
> "Cost of" AND "Windows Security"
>[color=green]
>> Humility, Daniel, consists in part in understanding that your
>> particular experiences are not necessarily indicative of the
>> experiences of others. You could try it sometime.[/color]
>
>
> Have you considered looking into a mirror when making such statements?
> You are criticizing me for exactly, and I do mean EXACTLY, what you are
> doing yourself.[/color]

No, Daniel. I am not. Unlike you, I take an open-minded approach to
platforms, OSes and RDBMSs, and I wouldn't dismiss one of the most
prevalent with a 5-line pay-off, nor then attempt to justify it with a
one-line "My customers wouldn't find it acceptable".

I am on record here as 'hating' Linux, because I find it so damn obscure
at times. But I use it, regularly, and recommend it to many, because it
has clear advantages in certain circumstances. Would that you could be
likewise platform-agnostic.
[color=blue]
>Have a beer and relax. This is software not the possible
> end of civilization as we know it.[/color]

Nice try yet again. The issue is *you*, Daniel. Not software, which most
people recognise needs assessing on its case-by-case merits. Nor the end
of civilisation, which isn't actually at issue in this thread. Just you,
your attitude, and the way you have expressed it in this thread.

The people who write about "M$", "Micro$oft" and "Windoze" are similarly
encumbered. It's a silly attitude to have, frankly. More to the point,
perhaps, it's unprofessional.

But it is clearly brick-wall-and-head time again.

HJR

Re: What so special about PostgreSQL and other RDBMS?


"Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
news:AuEpc.1904 0$6f5.1748445@a ttbi_s54...[color=blue][color=green]
>>[/color]
> You are probably in a small shop then.[/color]

Huh? So what you're basically saying is that large shops can ignore basic
security steps and then complain when they get bit?

It doesn't matter if I have 1 or 1000 SQL Servers, the basic security steps
(such as blocking port 1433 to the outside world) are the same. If
corporations had simply blocked 1433 and 1434 at the firewall, Slammer would
have been a non-event, patches or no patches.

[color=blue]
>We have tens of thousands of
> computers on our global network. Bank of America got hit, Siebel's site[/color]
was[color=blue]
> down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be a
> pattern here.... I guess we could do what the CIA and NSA do and make[/color]
sure[color=blue]
> there isn't a connection to the outside world, the ultimate firewall.[/color]

Funny though. I can get to servers of the CIA and the NSA. But I can't get
to critical systems. So if you "guess" you could do that, I'd suggest
that's exactly what you do. Partitioning systems that are required to be
secure from non-secure systems is basic security 101.

The biggest pattern I've seen is that most Windows administrators don't know
the basics about administering in a high security and high availability
environment.

Take a Unix administrator w/o a snobbish attitude (and yes, I've found quite
a few that are snobs and a number that are open-minded) and you'll find that
many of the same techniques that can be used to secure Unix systems and make
them highly available can be applied to Windows systems with similar degrees
of success.

The problem in my experience is not so much the OS as the operators.

[color=blue]
> Jim
>
>[/color]

Re: What so special about PostgreSQL and other RDBMS?


"Daniel Morgan" <damorgan@x.was hington.edu> wrote in message
news:1084719755 .450820@yasure. ..[color=blue]
> Jim Kennedy wrote:
>
> Thanks Jim because I think you are absolutely correct.[/color]

No he isn't.
[color=blue]
> Small shops don't
> need a lot of things required by larger shops.[/color]

Wrong. SOME small shops don't need a lot of the things required by larger
shops. And some do. And some larger shops don't need them.

[color=blue]
>My customers tend to be
> in telecommunicati ons, aerospace, government, and many with 7x24x365 web
> sites. Being off-line is something for which they have a dollar figure
> calculated and in some cases that dollar figure is very very large.
> When servers come down, and/or an SLA is not met ... people lose their
> jobs.[/color]

That can be just as true for smaller shop.

You build your system based on your requirements. If you need 24x7x365,
you'll pay what's require, large shop or small.
[color=blue]
>
> If that is not true in a smaller shop, or in another country, on that
> I can not comment.[/color]

And yet you just did above.
[color=blue]
> But those persons need to at least appreciate the
> nature of their environment and the fact that their decisions is a good
> one within their specific context only. There is no context in which
> having a server that doesn't need to be off-lined is a bad thing.[/color]

I'll tell that to my CFO next time I'm budgetting an upgrade. "Sir, we only
use this system 9-5 and even then only 2-3 people use it. If it's down, they
can work on other stuff w/o any loss in effeciency. But we need to build a
clustered HA environment, since there's no context where having a server
that doesn't need to be off-lined is a bad thing."

I'll let you know how he takes that.

(btw, I do have a database that basically meets the above requirement and
it's doing just fine on Access.)

[color=blue]
>
> --
> Daniel Morgan
> http://www.outreach.washington.edu/e...ad/oad_crs.asp
> http://www.outreach.washington.edu/e...oa/aoa_crs.asp
> damorgan@x.wash ington.edu
> (replace 'x' with a 'u' to reply)
>[/color]

Re: What so special about PostgreSQL and other RDBMS?


"Greg D. Moore (Strider)" <mooregr_delete th1s@greenms.co m> wrote in message
news:PPRpc.1998 24$M3.111450@tw ister.nyroc.rr. com...[color=blue]
>
> "Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
> news:AuEpc.1904 0$6f5.1748445@a ttbi_s54...[color=green][color=darkred]
> >>[/color]
> > You are probably in a small shop then.[/color]
>
> Huh? So what you're basically saying is that large shops can ignore basic
> security steps and then complain when they get bit?
>
> It doesn't matter if I have 1 or 1000 SQL Servers, the basic security[/color]
steps[color=blue]
> (such as blocking port 1433 to the outside world) are the same. If
> corporations had simply blocked 1433 and 1434 at the firewall, Slammer[/color]
would[color=blue]
> have been a non-event, patches or no patches.
>
>[/color]
Fire wall is blocked on those ports and many more, has been for a many
years. That's not the problem. The problem is when one of these things
gets inside the firewall then the firwall doesn't help much does it? Gee,
don't have this problem on port 1521 with Oracle. If it were as shoddily
written as MS SQLServer's security you know people would be attacking it
and it would be in the news. It isn't because the products come from 2
different mind sets. When someone's mainframe goes down or suffers an
undexpected service interuption then the CEO is on the phone with the CEO of
the mainframe company demanding to know why and when the fix is going to be
installed. I remember encountering a problem with Oracle's SQLNet product
to DB2 running on a mainframe, where if the client rebooted it locked up a
CPU on the mainframe. American Transtech called Oracle and Oracle had
someone out there to fix it the next morning. (from California to
Jacksonville) When someone's PC goes down people don't call MS (because
that is useless); they just reboot and hope it goes away. Same project.
Tried a sophisticated mail merge with Word and the OS would crash after 50
documents (Windows 3.11 which was the latest version at the time) due to a
memory leak in Word and Excel. Sent MS a test case and they admitted it was
a defect. No solution, it might get fixed some day. Never mind we had to
do a mail merge of 150,000 letters and documents. We had paid about
$350,000 for super special support from MS and that was the best they could
do, tell us to wait for some future release and it might be fixed then, 50
at a time wasn't going to cut the mustard. We switched to WordPerfect.

But clearly the company attitudes are very different with regards to
stability, security, and performance. I agree that one should use the right
tool for the right job. However, one should also look at all the costs one
is going to occur in using the tool. (unexpected downtime, loss of data,
performance etc.) If the trade offs are okay, go for it; just don't be
niave they don't exist.

[color=blue][color=green]
> >We have tens of thousands of
> > computers on our global network. Bank of America got hit, Siebel's site[/color]
> was[color=green]
> > down for days. Yet look at Sun or Oracle, nary a hiccup. Gee, might be[/color][/color]
a[color=blue][color=green]
> > pattern here.... I guess we could do what the CIA and NSA do and make[/color]
> sure[color=green]
> > there isn't a connection to the outside world, the ultimate firewall.[/color]
>
> Funny though. I can get to servers of the CIA and the NSA. But I can't[/color]
get[color=blue]
> to critical systems. So if you "guess" you could do that, I'd suggest
> that's exactly what you do. Partitioning systems that are required to be
> secure from non-secure systems is basic security 101.[/color]

You can get to their public web servers. Big woop. That's as far as you
can get.
[color=blue]
>
> The biggest pattern I've seen is that most Windows administrators don't[/color]
know[color=blue]
> the basics about administering in a high security and high availability
> environment.[/color]

The big problem is that Bill declared the shortest month of the year
security month. Says a lot doesn't it. It isn't important to MS. They
give lip service to it. When programming security is like performance and
scalability; they are aspects of the job, not things to be bolted on
afterwards. You have to do them all the time, not "at the end of the
project" if we have time. That attitude means it isn't important.
MS is mainly a marketing organization,
[color=blue]
>
> Take a Unix administrator w/o a snobbish attitude (and yes, I've found[/color]
quite[color=blue]
> a few that are snobs and a number that are open-minded) and you'll find[/color]
that[color=blue]
> many of the same techniques that can be used to secure Unix systems and[/color]
make[color=blue]
> them highly available can be applied to Windows systems with similar[/color]
degrees[color=blue]
> of success.
>
> The problem in my experience is not so much the OS as the operators.[/color]
You can't fix something broken by design. How many Security certifications
does SQL Server or Windows 2000 have? (none)
Jim

[color=blue]
>
>[color=green]
> > Jim
> >
> >[/color]
>
>[/color]

Re: What so special about PostgreSQL and other RDBMS?


"Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
news:5lSpc.6294 4$xw3.3682312@a ttbi_s04...[color=blue][color=green]
> >[/color]
> Fire wall is blocked on those ports and many more, has been for a many
> years. That's not the problem. The problem is when one of these things
> gets inside the firewall then the firwall doesn't help much does it?[/color]

In other words, you have a jelly donut of a network. Again, why are you
blaming a poor security design on the OS?
[color=blue]
>Gee,
> don't have this problem on port 1521 with Oracle.[/color]

"So Far". That's the problem with approaches such as patching to security.
It assumes you know about the threat. What happens if someone tomorrow
comes out with the Oracle version of slammer? You're in just as much
trouble.

[color=blue]
> If it were as shoddily
> written as MS SQLServer's security you know people would be attacking it
> and it would be in the news. It isn't because the products come from 2
> different mind sets. When someone's mainframe goes down or suffers an
> undexpected service interuption then the CEO is on the phone with the CEO[/color]
of[color=blue]
> the mainframe company demanding to know why and when the fix is going to[/color]
be[color=blue]
> installed. I remember encountering a problem with Oracle's SQLNet product
> to DB2 running on a mainframe, where if the client rebooted it locked up a
> CPU on the mainframe. American Transtech called Oracle and Oracle had
> someone out there to fix it the next morning. (from California to
> Jacksonville) When someone's PC goes down people don't call MS (because
> that is useless);[/color]

It is? Gee, I guess those times where they've fixed my problems is just a
myth.

Re: What so special about PostgreSQL and other RDBMS?


"Greg D. Moore (Strider)" <mooregr_delete th1s@greenms.co m> wrote in message
news:bNSpc.2004 62$M3.149289@tw ister.nyroc.rr. com...[color=blue]
>
> "Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
> news:5lSpc.6294 4$xw3.3682312@a ttbi_s04...[color=green][color=darkred]
> > >[/color]
> > Fire wall is blocked on those ports and many more, has been for a many
> > years. That's not the problem. The problem is when one of these things
> > gets inside the firewall then the firwall doesn't help much does it?[/color]
>
> In other words, you have a jelly donut of a network. Again, why are you
> blaming a poor security design on the OS?[/color]

Should read:
" In other words, you have a jelly donut of a network. Again, why are you
blaming a poor security design on the poorly designed OS?"

Security is not locking everything up so no one can get to anything. Sure
you won't have any "breaches", but you won't have any access either. If the
problem was only Slammer I wouldn't worry about it, but it happens about
aevery 3 or 4 months despite staying up with patches. (and all the attendant
testing before putting a patch into production. Don't have all that problem
on my UNIX boxes and they get some patches, just not as many and not as
urgent. Why? Because the OS is a heck of a lot more secure. The
manufacture is more careful. I go by pragmatic experience and not some
nebulose claim that the company's security is at fault.
(eg companys are not hit as hard with attacks on non-windows production
systems, and they do happen, because the supplier is a better more careful
producer of software and hardware.)[color=blue]
>[color=green]
> >Gee,
> > don't have this problem on port 1521 with Oracle.[/color]
>
> "So Far". That's the problem with approaches such as patching to[/color]
security.[color=blue]
> It assumes you know about the threat. What happens if someone tomorrow
> comes out with the Oracle version of slammer? You're in just as much
> trouble.
>[/color]

I assure you that if it was vulerable it would have happened. Larry put out
the Unbeakable challange in 8i (years ago) and of course attracted a lot of
hackers. Nothing came of it and it has been years. As I said before, it is
a matter of what the vendor thinks is important. MS doesn't think its
important.[color=blue]
>[color=green]
> > If it were as shoddily
> > written as MS SQLServer's security you know people would be attacking[/color][/color]
it[color=blue][color=green]
> > and it would be in the news. It isn't because the products come from 2
> > different mind sets. When someone's mainframe goes down or suffers an
> > undexpected service interuption then the CEO is on the phone with the[/color][/color]
CEO[color=blue]
> of[color=green]
> > the mainframe company demanding to know why and when the fix is going to[/color]
> be[color=green]
> > installed. I remember encountering a problem with Oracle's SQLNet[/color][/color]
product[color=blue][color=green]
> > to DB2 running on a mainframe, where if the client rebooted it locked up[/color][/color]
a[color=blue][color=green]
> > CPU on the mainframe. American Transtech called Oracle and Oracle had
> > someone out there to fix it the next morning. (from California to
> > Jacksonville) When someone's PC goes down people don't call MS (because
> > that is useless);[/color]
>
> It is? Gee, I guess those times where they've fixed my problems is just a
> myth.[/color]
Logic problems are not the same as finding a major problem with a vendor's
product. I love it that you haven't given one example where you found a new
(new to the vendor - MS) critical (to you) flaw in their software and they
produced a patch for you. You can't because MS won't do that. Had problems
with them for over a decade and not once did they issue a patch to fix my
problem. Yet, I have with other major software vendor's repeatedly.

[color=blue]
>
>
>[/color]

Re: What so special about PostgreSQL and other RDBMS?


"Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
news:AwTpc.6204 1$536.10434195@ attbi_s03...[color=blue]
> Logic problems are not the same as finding a major problem with a vendor's
> product. I love it that you haven't given one example where you found a[/color]
new[color=blue]
> (new to the vendor - MS) critical (to you) flaw in their software and[/color]
they[color=blue]
> produced a patch for you. You can't because MS won't do that. Had[/color]
problems[color=blue]
> with them for over a decade and not once did they issue a patch to fix my
> problem. Yet, I have with other major software vendor's repeatedly.[/color]

I can't because that would violate confidentiality agreements. But they
have in fact done so.

But, I can't give details. Sorry.

Re: What so special about PostgreSQL and other RDBMS?


"Greg D. Moore (Strider)" <mooregr_delete th1s@greenms.co m> wrote in message
news:APTpc.2012 01$M3.20343@twi ster.nyroc.rr.c om...[color=blue]
>
> "Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
> news:AwTpc.6204 1$536.10434195@ attbi_s03...[color=green]
> > Logic problems are not the same as finding a major problem with a[/color][/color]
vendor's[color=blue][color=green]
> > product. I love it that you haven't given one example where you found a[/color]
> new[color=green]
> > (new to the vendor - MS) critical (to you) flaw in their software and[/color]
> they[color=green]
> > produced a patch for you. You can't because MS won't do that. Had[/color]
> problems[color=green]
> > with them for over a decade and not once did they issue a patch to fix[/color][/color]
my[color=blue][color=green]
> > problem. Yet, I have with other major software vendor's repeatedly.[/color]
>
> I can't because that would violate confidentiality agreements. But they
> have in fact done so.
>
> But, I can't give details. Sorry.
>
>
>
>
>[/color]
Of course, I'll believe that. I'm also looking to buy a bridge over the
East River in NY.
Jim

Re: What so special about PostgreSQL and other RDBMS?


"Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
news:7kUpc.6353 6$iF6.5587443@a ttbi_s02...[color=blue][color=green]
> >[/color]
> Of course, I'll believe that. I'm also looking to buy a bridge over the
> East River in NY.[/color]

Jim, believe what you want.

However, I'm not in any market for bridges. Even with tolls, the upkeep is
often to costly.

[color=blue]
> Jim
>
>[/color]

Re: What so special about PostgreSQL and other RDBMS?

Howard J. Rogers wrote:
[color=blue]
> Daniel Morgan wrote:
>
> [snip]
>[color=green]
>> I hardly "rubbished" an operating system. I stated that it had a
>> weakness. Would you claim otherwise? If you can find an operating system
>> that doesn't contain a weakness please inform us all.[/color]
>
>
> Quote:
> If it isn't secure who cares how fast it is?[/color]

And you would say that this statement is untrue?
[color=blue]
> If it isn't stable who cares how many features it has?[/color]

And you would say that this statement is untrue?
[color=blue]
> If it won't scale to the number of users who gives a rip about extras?[/color]

And you would say that this statement is untrue?
[color=blue]
> And, to be quite blunt, if the only operating system it will run on
> is Windows that becomes a limitation affecting all of the above.[/color]

And you would say that this statement is untrue?
[color=blue]
> In 5 lines, you've said Windows isn't secure, stable or scalable. I call
> that "rubbishing ".[/color]

Then by all means establish under what conditions you think it
appropriate to build line-of-business systems on a platform that is
not secure, not stable, and not scalable?

Now if you wish to debate whether a particular O/S is or is not those
things that is not the point. First establish that they are not
important criteria. If you can I'll be surprised.

If you can't then we can get into the vaugaries of whether a particular
operating system is or is not more secure, more stable, or more
scalable, than any other. At which point my preference might well be
OS/390.
[color=blue]
> HJR[/color]

I've known you a long time Howard and I'm not buying the amount of
adrenaline you've pumped into this thread. I've seen a lot of work
you've done on your website in Linux and not a lot relating to
Windows. A lot relating to Oracle and not a lot relating to SQL Server.
So I'm a bit intrigued ... why this sudden interest in riding like a
White Knight to defend an O/S and product you seem to have little or no
other interest in?

There was a time, way back in the history of this thread, it was
about PostgreSQL. And that is a product I did savage with malice
and aforethought.

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?

Greg D. Moore (Strider) wrote:
[color=blue]
> "So Far". That's the problem with approaches such as patching to security.
> It assumes you know about the threat. What happens if someone tomorrow
> comes out with the Oracle version of slammer? You're in just as much
> trouble.[/color]

If they could ... they would ... they haven't. Draw your own conclusion.

Is Oracle impregnable? Of course not. But there is a magnitude or more
of difference between the two environments. And lets be honest and also
acknowledge that there aren't a lot of 16 year olds with HP/UX 11i,
Solaris 2.9, or AIX 5L on their home machines. Sometimes security is
implicit in the cost of the ante.

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?

Greg D. Moore (Strider) wrote:
[color=blue]
> "Jim Kennedy" <kennedy-downwithspammer sfamily@attbi.n et> wrote in message
> news:AwTpc.6204 1$536.10434195@ attbi_s03...
>[color=green]
>>Logic problems are not the same as finding a major problem with a vendor's
>>product. I love it that you haven't given one example where you found a[/color]
>
> new
>[color=green]
>>(new to the vendor - MS) critical (to you) flaw in their software and[/color]
>
> they
>[color=green]
>>produced a patch for you. You can't because MS won't do that. Had[/color]
>
> problems
>[color=green]
>>with them for over a decade and not once did they issue a patch to fix my
>>problem. Yet, I have with other major software vendor's repeatedly.[/color]
>
>
> I can't because that would violate confidentiality agreements. But they
> have in fact done so.
>
> But, I can't give details. Sorry.[/color]

Sorry but what you've written is, to use Howard's word, rubbish.

When I discovered a flaw in Microsoft's ODBC 3.0 implementation
Microsoft immediately wrote a custom patch for the Boeing company.
And no one was asked to sign any confidentiality agreement. In fact
that patch was released simultaneously by Microsoft on their web site.

So Microsoft will write custom patches ... if they are required for
general distribution ... and Microsoft does not, from my experience,
ever ask for a confidentiality agreement to cover that which they
would then release to their user base (something I have confirmed
with friends at Microsoft before writing this).

--
Daniel Morgan


damorgan@x.wash ington.edu
(replace 'x' with a 'u' to reply)

Re: What so special about PostgreSQL and other RDBMS?


"Daniel Morgan" <damorgan@x.was hington.edu> wrote in message
news:1084760811 .431715@yasure. ..[color=blue]
> Solaris 2.9, or AIX 5L on their home machines. Sometimes security is
> implicit in the cost of the ante.
>[/color]

Wow, there's one I haven't heard before.

You really think the legal cost of acquiring a product would stop a
malicious hacker?

[color=blue]
> --
> Daniel Morgan
> http://www.outreach.washington.edu/e...ad/oad_crs.asp
> http://www.outreach.washington.edu/e...oa/aoa_crs.asp
> damorgan@x.wash ington.edu
> (replace 'x' with a 'u' to reply)
>[/color]