Welcome to the second weekly edition of Log Buffer, a series of “Carnival of the Vanities” blogs for DBAs. (I get to call it a series now that there’s more than one.)
Let’s begin with some security-related news. Tonight on Fox — When SQL Attacks! There was quite a lot of chatter this week about an apparent increase of SQL injection attacks. SEO Expert Blog features video showing how simply this kind of crack can compromise databases with insecure web front-ends. Although this is not new, it’s unsettling to see the tools you use turned to mischief. Of course, laypersons will be frightened by any story that involves “injection” and “attacks” — let alone “SQL”, which is kind of scary in its own right.
Also Eddie Awad‘s Blog points to this real-time demonstration of an SQL injection exploit. Watch this and know thine enemy. If you work with developers, show it to them so that they know too — after all, your enemy’s enemy is your friend, right? (Of course, don’t forget that social engineering remains an equally dangerous vulnerability for your company’s production data.)
Oracle released its quarterly Critical Patch Update on Tuesday, fixing 65 vulnerabilities, and on Wednesday, Pete Finnigan’s Oracle security weblog had Pete’s critical but optimistic view of it, with a link to an interview with John Heimann, Oracle’s director of security program management and Darius Wiles, their senior manager of security alerts. I wonder if it’s even possible for an entity as large as Oracle to move as nimbly as their success demands?
Elsewhere in the Oracle blogosphere, Chris Foot of dbazine writes about the Bigfile functionality in Oracle 10G. In this context, “Big” means terabyte. That big. 10G can do it. Nonetheless, Tim Procter tells me that he knows someone who is disappointed that he can’t put more than one bigfile in the same tablespace. No pleasing some people.
The Pythian Group’s Christo Kutrovsky, just back from vacation, got straight to work and wrote this article on moving tables across schemas in Oracle without recreating their data segments or indexes, a task heretofore thought impossible. Bravo, Christo!
When Eddie Awad says that Oracle Trace Analyzer is TKPROF on Steroids, he does not mean that it has an unnaturally high-pitched voice. His thorough review covers what Trace Analyzer is, where you can get it, how to install it, and more.
Oracle has opened the gates to its official documentation, and Eddie covers that too.
Inexperienced DBAs too often omit indexes when they create tables, in the opinion of Coding Horror’s Jeff Atwood. He wonders Why Can’t Database Tables Index Themselves? I can hear you scoff (I have a Firefox plug-in for that), but he suggests some theoretical guidelines along which that could work. He gets some answers from his readers, too.
eWeek recently published the results of tests comparing the Open Source and .Net dynamic web stacks. Peter Zaitsev of the MySQL Performance Blog finds fault with eWeek’s methodology, and even with what they thought they were testing. He asks why the results of their comparison of LAMP versus WAMP are so lop-sided. Nice thinking, Peter — that is useful scepticism.
Peter also gives notice of a patch that enables stack traces in MySQL on the x86_64 platform.
Giuseppe Maxia, The Data Charmer implies that for MySQL, greater capability brings more complexity, and his post asks for a de-baffling of a section of the manual’s entry on clusters.
On gilfster, Andrew Gilfrin mentions a really snazzy-looking new monitoring tool for MySQL called Spotlight, which is produced by Quest Software. Real macho DBAs don’t need this kind of thing, of course.
Nor do they need dolphin knits. Undaunted, My-ess-queue-ell vs. My-see-quell‘s Sheeri Kritzer proudly shows off her knit pattern of Sakila, the MySQL dolphin, and includes the source code, naturally. “Sakila” is a Polynesian word for “swift little porpoise who catches up to big whales and nips their flukes on the way by”. Or so I imagine.
MySQL is on the agenda at next week’s O’Reilly Open Source Conference 2006 in Portland. Jay Pipes‘s Design, Develop, Discover, Define provides a summary of the conference’s MySQL-related activity.
On the other side of the OSS DB fence, PostgreSQL is also on the roster, and Josh Berkus has published a table of all the conference’s Postgres-specific events. Josh also points out this wrap-up of the PostgreSQL Anniversary Conference.
And Robert Treat’s zillablog has a helpful pointer to a tutorial on using PostgreSQL on Windows.
A couple DB2 items now. Willie Favero of ITtoolbox Blogs gives the first of a two-part overview of DB2 V8’s data compression capabilities. He points out that it can have a positive effect not only on storage demands but also on performance and logging. He also offers some info on IBM’s DB2 Tech Conference.
VMware began offering its VMware Server for free this week, and Howard Rogers of the Dizwell Blog believes it’s a DBA’s best friend, as it (and other virtualization software) allows you to dicker with Oracle under different host operating systems, and with new configurations, without getting your working systems in trouble. Howard says also that the performance of the Server edition is comparable to that of the VMware’s lighter products.
There are only two answers to a first question, according to Tom Kyte. He’s talking about how we deal, and how we should deal, with clients. They might know the TLA (ten-letter acronym) yet still not know what they want.
Positive Sharing provides another example of turning a truism — “the customer is always right” — on its ear, this time from the DBA Manager’s perspective. The word is, you may be right, and what’s more, your manager might believe so too.
Today I was shown three excellent items looking into larger questions about the work and responsibilities of the DBA. James F. Koopmann on ITtoolbox writes, DBA, You make an impact, encouraging DBAs to look up from their consoles and take a broader view of their role, for both their own good and that of their organizations.
In a related item on Computerworld Blogs, David Foote answers a reader’s question about the relative merits of database administration and IT auditing as career paths. David believes the latter of the two can be a productive and rewarding career in IT maintenance, perhaps without the never-ending learning curve that the DBA must climb.
In the third, Doug Burns asks What’s A Development DBA? His answer is, something less than it used to be. Read his thoughtful item to hear why he thinks that is.
Even the CBC has a blog now, and their Blake Crosby reveals that the whole cbc.ca site is thick with Open Source Software. Here’s a preview: they run PostgreSQL. I knew you were wondering.
That’s a – 30 – as they say in journalism. Bill Thater of gruntdba will be editing and publishing the next edition of Log Buffer on Friday 28, and I’ll post a link to it here. We’re always looking for others to present their retrospective on DBA blogs too. Have a look at About Log Buffer to find out how it’s all done.
‘Til next time!