A Tale of Two MySQL Bugs

New submitter Archie Cobbs writes "Last May I encountered a relatively obscure performance bug present in both MySQL 5.5.x and MariaDB 5.5.x (not surprising since they share the same codebase). This turned out to be a great opportunity to see whether Oracle or the MariaDB project is more responsive to bug reports. On May 31 Oracle got their bug report; within 24 hours they had confirmed the bug — pretty impressive. But since then, it's been radio silence for 3 months and counting. On July 25, MariaDB got their own copy. Within a week, a MariaDB developer had analyzed the bug and committed a patch. The resulting fix will be included in the next release, MariaDB 5.5.33."

who cares?

mysql is of historical curiosity. At best.

Re:who cares?

[Daniel+Dvorkin]

mysql is of historical curiosity. At best.

I'd be willing to bet there are more deployments of MySQL than of all other standalone RDBMSs combined.

Re:who cares?

Because we all know that's how you tell that something's better.

Re:who cares?

[MightyMartian]

Because we all know that's how you tell that something's better.

I'm taking my Betamax tapes and going home! And get off my lawn!

Re:who cares?

[Score+Whore]

I bet there are more sqlite and berkeleydb's out there than mysql.

Re:who cares?

Read the post quoted above you fucklord. It had nothing to do with how good MySQL was and everything to do with how "irrelevant" it is even though it's used on every single fucking shared hosting box ever.

And yes, it sucks.

Re:who cares?

[cold+fjord]

Some people never learn until you throw a laser disc at them. It smarts enough that they normally don't want a repeat.

Re:who cares?

[Blaskowicz]

That's why he said "standalone" databases, to exclude sqlite. I never knew about Berkeley DB though, lol. It has been seized by Oracle in 2006.

Re:who cares?

[Literaphile]

No, but it is how you tell whether something is "of historical curiosity", which obviously MySQL is not, since it's the most popular RDBMS by far.

Re:who cares?

[greg1104]

[Citation Needed]. Among industry watchers the two most popular RDBMS systems are considered to be Oracle and Microsoft's SQL Server. MySQL is in the same ballpark, but it certainly doesn't have a large lead. Here's one survey showing that via a few metrics they combine. You'll get the same sort of ranking if you dig into most market surveys.

Re:who cares?

[bill_mcgonigle]

I never knew about Berkeley DB though, lol. It has been seized by Oracle in 2006.

If you work on a FLOSS project that uses BDB, seriously consider if LMDB can work for you as well (or often better).

Re:who cares?

[Literaphile]

1. MSSQL is ahead by a whopping 8 points in that scale, 1313 to 1305. Next month, the scores could be reversed.
2. All that "survey" really measures is how much people are talking about the systems, not their actual usage. I'll bet you'll find MySQL installed on more active servers than Oracle or MSSQL, especially since it's the go-to choice for shared hosting.

Re:who cares?

Berkeley DB isn't an RDBMS; it's a key-value store. Whether it's a "database" depends upon the definition of that word, but it's definitely not a *relational* database.

Re:who cares?

[nedlohs]

Being better is irrelevant to whether something is "of historical curiosity" or is actually in widespread current use.

Maybe you should learn to read?

Re:who cares?

[greg1104]

You might not agree with their methodology, but I did provide a reference for my claim. You should try it some time. Betting on a hunch is not a path to successful argument.

Re:who cares?

[Literaphile]

"The DB-Engines Ranking does not measure the number of installations of the systems, or their use within IT systems." ( http://db-engines.com/en/ranking_definition )

Re:who cares?

[znrt]

[Citation Needed]. Among industry watchers the two most popular RDBMS systems are considered to be Oracle and Microsoft's SQL Server. MySQL is in the same ballpark, but it certainly doesn't have a large lead.

well, in terms of price/performance ratio mysql/mariaDB simply cannot be beaten :D

bytheway, as someone who grew up in engineering using db2, I can tell you oracle and sqlserver are two steaming piles of expensive crap. if you use them, you are doing it wrong, you should look for more value for your money.

Re:who cares?

mysql is of historical curiosity. At best.

I'd be willing to bet there are more deployments of MySQL than of all other standalone RDBMSs combined.

Which you will loose, as that spot is taken by SQLite.

Re:who cares?

[flimflammer]

Who said anything about better? We're talking about irrelevance.

Re:who cares?

[smittyoneeach]

Correct. Also correct: "lose".

Re:who cares?

[marcello_dl]

The confusion arising from the fact that oracle mysql shares the same name with the former mysql, while mariadb which is philosophically the natural heir of the latter had to choose a different name.

Apparently Oracle did the right thing by buying up the name, many fall for it and many others mod them up. Depressing, huh.
And now you all proper slashdotters are thanking God that something named "postgresql" has basically no marketing value, aren't you.

Re:who cares?

[Citation Needed]. Among industry watchers the two most popular RDBMS systems are considered to be Oracle and Microsoft's SQL Server. MySQL is in the same ballpark, but it certainly doesn't have a large lead.

well, in terms of price mysql/mariaDB simply cannot be beaten :D

bytheway, as someone who grew up in engineering using db2, I can tell you oracle and sqlserver are two steaming piles of expensive crap. if you use them, you are doing it wrong, you should look for more value for your money.

Fixed that for you. Not everyone uses one database instance with a single user/password for each application. (Not to mention that some weirdos think that's the right way to handle it and require full db access for their software.) If you need to have more than a 1 to 1 mysql to php setup you need a database with a workable user management.

Re:who cares?

[hairyfeet]

Incorrect as SQLlite isn't a stand alone which was clearly a qualifier. A word of advice, best not to correct other's for spelling as you will often make a mistake as bad or worse.

Re:who cares?

[hairyfeet]

Or maybe, just maybe, nobody trusts old "three card Monty" not to sell their work out from under them again? last I checked old Monty still made you sign rights over to him, how much you wanna bet if some corp comes flashing a big check that you'll be saying the same bullshit about mariadb?

Fool you once, shame on me. Fool you twice? You are a moron and deserve what you get.

Re:who cares?

Why would you throw a Laserdisc? They're, like, 60 bucks!

Re: who cares?

[JPeMu]

Let me guess: Your advice here to "other's" (sic) was just your attempt at irony?

Re:who cares?

Why?

Re:who cares?

Because nobody said anything about how good it was. Just whether it is of current interest.

Re:who cares?

Amazingly, that doesn't say much. IIRC in at least one linux distribution it ended up as a dependency for open office, or something similarly widely installed, in such a way that there's a large chance it'll never really be used, just is required to be present. What you'll end up with after correcting for that... a lot of "web" deployments where it's essentially used as a glorified filesystem. Yes, that makes it widely used. No, not really in ways that let an RDBMS come into its own.

Also: Reading both bug reports, the second description contains a bias making the comparison unfair. Of course, the sample size is too small, but even so it is also a reasonably clear case of trying to influence the "study" to the desired outcome.

Re:who cares?

[viperidaenz]

I don't know any rdbms that requires a single user/password for each application.

Re:who cares?

Clearly you never worked in corporation that meant business. MSSQL and Oracle make strong cases and unlike MySQL they don't have anything to be ashamed of.

Re: who cares?

[Dr_Barnowl]

He's using the possessive sense. Spelling is something that the other possesses. Seems correct to me.

Re:who cares?

[WaffleMonster]

I'd be willing to bet there are more deployments of MySQL than of all other standalone RDBMSs combined.

I'd be willing to bet there are more deployments of SQLite than all other standalone RDBMSs combined.

Re:who cares?

[KiloByte]

Especially as BDB got relicensed to a non-free license.

Re:who cares?

[WaffleMonster]

Incorrect as SQLlite isn't a stand alone which was clearly a qualifier. A word of advice, best not to correct other's for spelling as you will often make a mistake as bad or worse.

What specifically makes SQLlite not a "standalone" database?

Re:who cares?

[skegg]

Fool you once, shame on me. Fool you twice? You are a moron and deserve what you get.

You stuffed-up a famous saying.

This is the correct form.

Re:who cares?

[marcello_dl]

when a behemoth like Oracle signs a contract, they know exactly what they buy. Monty can sell whatever he owns to whoever he likes, IMHO. It's nothing compared to violation of GPL terms, for example. It's a good idea to keep the source and license of every important piece of software you use, for exactly those reasons, and consider work signed over to someone else as LOST.

Re:who cares?

mysql is of historical curiosity. At best.

Troll or ignorant, post this with your id, AC.

Re:who cares?

[RaceProUK]

What specifically makes SQLlite not a "standalone" database?

The 'server' is embedded in the application, which means one instance per app instance. A true standalone RDBMS runs (a minimum of) one instance that multiple (instances of) apps query.

Re: who cares?

[tao]

Nope. If he was intending to use possessive sense then that "for" shouldn't be there.

Either he meant "others' spelling" ("other people's spelling") or "someone else's spelling" or "others about spelling" (ok, I admit, "for" might possible correct too -- English is not my native tongue, nor am I a language scholar). "other's for spelling" doesn't make sense.

Re:who cares?

[Jaime2]

There are plenty of benchmarks that show MSSQL and Oracle with better price/performance ration than MySQL. Here is an example of a benchmark and here is a random person who did the math and found out that the licensing cost of MSSQL is more than balanced by the lower support cost in a large installation.

I'm not saying that MySQL isn't a good choice, just that the licensing cost is only a small part of the cost of a DBMS installation, so MySQL being open source really isn't that big of a price advantage unless the installation is very small. And for small customers, both Microsoft and Oracle have a free option.

Re:who cares?

Funny, you fell into the same trap, converting his SQLite into SQLlite.

Re:who cares?

I don't believe "a true RDBMS" is required to be a server.

Re:who cares?

[RaceProUK]

I can understand you missing the word 'standalone' - it's not like it's a long word at all.

Re:who cares?

[nabsltd]

If you need to have more than a 1 to 1 mysql to php setup you need a database with a workable user management.

I don't see how the MySQL user rights configuration is any more difficult to use than any other database. Admittedly, it's easy to get bitten if you forget that the login permissions are based on a combination of username and connection source (IP or hostname), which allows a "user" to have different passwords depending on where they are connecting from.

After that, it's pretty much the same "GRANT" command used by every SQL-based database to give fine-grained access to objects.

Re:who cares?

[smittyoneeach]

I have no idea what you mean by "stand alone". Is there another term which might be helpful?
One could argue that SQLite doesn't run in a multi-user mode on its own. You'd have to put another process in front of it to serialize requests, if you wanted to serve web site data from it. Is that your point?

Re:who cares?

[nabsltd]

here is a random person who did the math and found out that the licensing cost of MSSQL is more than balanced by the lower support cost in a large installation.

Part of the assumptions in the listed prices are that only Microsoft SQL Server won't have a support contract.

Re:who cares?

[lsllll]

Obligatory Link for RDBMS deniers: mySQL vs. MongoDB

Re:who cares?

[ixs]

MySQL only for small places?

That makes no sense. Software licensing costs are always prohibitive at scale.
For a single machine it doesn't matter if you're adding 1k for the software or not. If you're doing that for 25 machines, it suddenly becomes a lot more important.

There's a bunch of larger websites around which have somewhere between tens and thousands of database servers around. Usually in a replicated setting which is very heavy on reads and has basically no writes which means they shard their databases in such a way that they fit into available memory and reads never go to disk.

In such a setting, your software being free is a very important point. Per server or per core licensing kills you there.

The usual option then is to go with MySQL or PostgreSQL. The latter has only relatively recently gotten acceptable replication so if you've been around a while you nearly always default to MySQL.

If you're at such a size, you either negotiate a very decent support contract or you forgo that anyway and hire the knowledge in house. I do have worked for a company which did both, I do know that at least Facebook has gone for the latter by hiring Domas. No clue what support contracts they do have. Same for Google.
If you're at that size, Monty will gladly listen to your needs and Percona will make you a very good deal for support.

Suddenly MySQL or MariaDB looks like a pretty great database with much better support options and costs than Pg or Oracle. Forget about MSSQL, you're not running anything on Windows at scale.

Re: who cares?

Short for "Stand Alone Complex", a phenomenon where a common environmental configuration gives rise to a wave of replicant database servers without an original canonical source.

Re:who cares?

Oracle were already the owners of InnoDB, which was the only thing that made MySQL even remotely usable.

I guess by your logic MariaDB is "philosophically the natural heir" of MyISAM. Good luck with that.

Re:who cares?

All I can think every time I hear about MariaDB is that they missed a golden opportunity to call it OurSQL.

Re:who cares?

[hobarrera]

And that's why Window XP is the best OS around, right?

Re:who cares?

[WaffleMonster]

The 'server' is embedded in the application, which means one instance per app instance. A true standalone RDBMS runs (a minimum of) one instance that multiple (instances of) apps query.

If my application accesses SQLlite database via odbc is it "embedded" in my application? How is the database not logically a standalone component in this case?

If my application accesses SQLite database via a socket API does that count?

SQLite also facilitiates concurrent access via shared memory. The only limit I'm aware of is concurrency model where you basically get one open transaction (excluding temp table) per database but lots of concurrent readers are possible. I'm not so sure I buy what is being implicated that process isolation of data tier itself is the deciding factor. "Standalone database" needs to be evaluated in my view based on logical separation rather than strictly physical process boundaries.

Re:who cares?

[RaceProUK]

ODBC can also load text files and Excel workbooks, neither of which are RDBMSs. A true standalone RDBMS runs as a service or daemon.

Re:who cares?

The usual option then is to go with MySQL or PostgreSQL. The latter has only relatively recently gotten acceptable replication

If you think MySQL's replication is "acceptable", you're either an idiot or you have extremely low standards.

Re:who cares?

[znrt]

i'd argue that the sample is too specific. you don't really need extra commited support at the database implementation level unless you have very strong mission critical requirements, and that's the exception, not the norm.

oss enterprise solutions are that much mature already, most business routinely run oss databases, appservers, reporting and developement tools and even operating systems without incurring in extra support cost. if you really need id, it's there, and of course it will be expensive, because it implies commitment. (just with oss you don't have an agent calling you every other month to tell you how desperately you need it).

Re:who cares?

[suutar]

the rdbms may not, but the dba ought to.

Re:who cares?

That's funny, because one of my jobs is reimplementing MSSQL servers with either Postgres or Mysql for extremely large companies trying to get out from underneath the Microsoft yoke. The performance always improves vastly, though I would attribute that more to the developers working with it then anything inherent to the system. MS-centric developers have always been known to be amateurish jokes.

The cost savings are astronomical.

Re:who cares?

[Score+Whore]

sqlite3 not standalone enough? j/k. kinda.

Re:who cares?

Honestly if you don't know that MySQL is the most widely used database for public hosting it doesn't fucking matter how many references someone gives you, you're still a fucking idiot who will never be convinced.

Re:who cares?

[hairyfeet]

So you agree that MariaDB is a lost cause, as Monty makes you sign over ALL rights to him?

If you trust me in good faith and I rip you off? Then I'm an asshole. If I rip you off and then say "no really,I promise that this time I won't screw you...BTW sign over all your rights to me" and you fall for it AGAIN? Then YOU are the idiot and you deserve what you get.

Re:who cares?

[marcello_dl]

Those who signed over their work to monty do have the open source mariaDB in return, no? That one is as controllable as mysql code (which Oracle can't close down).

If you don't want to feel cheated do not contribute anything under any license. As I said, GPL violations are way worse, so anything you put under GPL and gets stolen by the chinese manufacturer or the korean big corporation should make you way angrier.

Re:who cares?

[Jaime2]

Sure, at Facebook and Google scales, license costs are prohibitive. But at the scale of big companies (hundreds of servers), it's not. Another difference is that Facebook and Google mostly run one massively scaled application. That reduces support costs to almost nothing. Medium and large companies run tens or hundreds of applications and every server is a new adventure.

Re:who cares?

[ebvwfbw]

And now you all proper slashdotters are thanking God that something named "postgresql" has basically no marketing value, aren't you.

I used postgre and learned to love it, then they were bought out by CA I think. Lost them for years and picked them up when RedHat offered it. Then put some big data into it. Then they lost me when I upgraded and lost access to all my data. All of my fucking data! Live system. No idea that would happen. I had a bunch of names that went through my mind from grade school to describe them. I had to move the data to another big machine that hadn't been upgraded, run it and dump the data. Load it into the new system. I think that took me about 18 hours or so. Then I upgraded it to mysql where it still runs today. Hasn't missed a beat I bet in 10 years.

Sadly some stuff still runs under postgress as it has the geospatial extensions that I need. If it weren't for that, I'd kick it to the side so fast. I feel almost as if it's time for them to screw me again. I know they'll wait until it is a really bad time.

Re:who cares?

Plus BDB is an ugly nightmare to use. Just don't, believe me.
At one job, we found out only a few years into the project (blame lack of due diligence on management's part in negotiating the contract) that we'd bought a license for BDB, but _not_ a license for the option to compile it with integrity checking. That's right, Oracle was fully willing to sell a DB to us, with _no_ routines to check the integrity. That cost extra!

Use SQLite instead if you need an embedded DB. Or consider if you really need a DB at all, maybe you just need a nice hash table. :p

Re:who cares?

[fisted]

>don't have anything to be ashamed of.
hah.

Why fix it?

Why would Oracle fix a bug in something they're trying to kill off?

Re:Why fix it?

I think the correct question is, Why would Oracle spend resources on fixing a bug if it's going to be fixed for free in the fork anyway? Run a diff and *presto*, problem solved.

Re:Why fix it?

[Pieroxy]

Apart from the copyright issues, pretty much. They'd better not do it though since they currently have all the copyright to MySQL code and incorporating a patch this way would kill all the advantages to this (namely, the option to close-source MySQL)

Re:Why fix it?

Why would Oracle kill a product that they make money off?

Re:Why fix it?

[X0563511]

Examining the patch would make it stupid-easy for them to go and fix it, without actually applying the patch.

We need more data

[WWJohnBrowningDo]

A sample size of one is insufficient to make any meaningful conclusions.

Anyone up for scraping the two bug trackers and finding more identical bug reports?

Re:We need more data

Except in 3D printing and private space stories. Then one single event charts the course for human history for the next millennium.

Re:We need more data

[Darinbob]

A sample size of one is insufficient to make any meaningful conclusions.

That sort of thinking won't get you very far in politics.

Re:We need more data

right u r; idiotic to make a deal of one bug
aside from sample size, maybe oracle said, we have more important bug then a minor performance issue....

Re:We need more data

[icebike]

You also have to wonder about the two month delay in sending the bug to mariaDB. Did that allow them to take advantage of some over the beer mug discussion with Oracle employees about who was going to release it first?

Re:We need more data

I found a bug where they have a btree index counter for a memory table as a uint (32 bits) instead of something like ssize_t. Ran out of "space" in the table way, way before the memory ran out. mysql still has the bug. MariaDB found and fixed the bug. Unfortunately, can't get a modern enough version of MariaDB installed at work (admins will only install what's available in yum, and this fix hasn't made it to redhat yet). I was able to find a workaround by switching index type from btree to hash. Not as fast but adequate for my purposes...and it doesn't lock the table up.

Re: We need more data

We (Avature) contacted MySQL, Percona and MariaDB about indexes not being chosen correctly when there's a so-so index and a ln excellent order by + limit index in another table.

Oracle simply didn't answer. Percona arranged a call with a non technical person which misunderstood the issue and later on after clarification said that it was too complicated for them to develop the implementation. At MariaDB Monty answered right away with a reasonable suggestion and after a few exchanges someone on their side quickly did a very good spec (https://mariadb.atlassian.net/plugins/servlet/mobile#issue/MDEV-4205). We switched to MariaDB for this (but still didn't contact them back to do the development: my own fault due to lack of time).

Re:We need more data

[zeptic]

Why don't they do that themeselves?

Re: We need more data

If you are waiting for it to get to Red Hat, have you submitted a bug with Red Hat so that they can prioritise and back port the fix to the version of MySQL in RHEL?

Re:We need more data

[Ash+Vince]

You also have to wonder about the two month delay in sending the bug to mariaDB. Did that allow them to take advantage of some over the beer mug discussion with Oracle employees about who was going to release it first?

Doh. Because if you submitted to both teams at the same time then as soon as one fixed it then the other can just migrate the fix into their code. Of course this could have backfired on him if Oracle had fixed it super quick he would have no way to accurately test the responsiveness of the MariaDB team without finding a similar bug and next time submitting it to MariaDb first.

As it is though the problem is that as I read the bug report filed with MariaDB it would not surprise me if they fixed this super quick just because they knew Oracle had been a little tardy so this would win them some brownie points and may even get posted to news sites like slashdot.

Re:A Post with an Agenda

[NoNonAlphaCharsHere]

Well, DONTGIVEAFUCK is one of the statuses on their Bugzilla. Just sayin'.

This is surprising why?

[PhrostyMcByte]

Small projects can be about purity. Making the best possible code base you can. Especially ones where people work on it for free -- they wouldn't be working on it if they didn't deeply believe in it.

Large corporations have different goals. The success of a changeset is not measured in how many bugs you fix or even how many features you add, but how much positive impact your paying customers and shareholders perceive.

Re:This is surprising why?

[brit74]

Small projects can be about purity. Making the best possible code base you can. Especially ones where people work on it for free -- they wouldn't be working on it if they didn't deeply believe in it.

That may be true, but if people are working for free, the project can suffer from an inadequate amount of labor and the existing workers might have trouble getting stuff done in addition to their day job.

Re:This is surprising why?

Small projects can be about purity. Making the best possible code base you can....

The purest bugs are untainted by fixes or code patches.

Re:This is surprising why?

[sjames]

That doesn't change the equation one iota. Do you want the one that promptly fixes bugs or the one that holds off until the stockholders vote?

Re:This is surprising why?

[znrt]

That may be true, but if people are working for free, the project can suffer from an inadequate amount of labor and the existing workers might have trouble getting stuff done in addition to their day job.

this does happen in medium-big software companies too. not because of lack of resources, but because of poor management or just because "existing workers might have trouble getting stuff done *right* because of 'other priorities' ".

Re:This is surprising why?

[Ash+Vince]

Small projects can be about purity. Making the best possible code base you can. Especially ones where people work on it for free -- they wouldn't be working on it if they didn't deeply believe in it.

That may be true, but if people are working for free, the project can suffer from an inadequate amount of labor and the existing workers might have trouble getting stuff done in addition to their day job.

The bigger problem with when people are working for free is that they generally want to avoid the horrible can of worms bugs that need to be fixed by a shitload of horrible refactoring and concentrate on fixing silly little things instead. The other problem is where they have to do things that seem utterly wrong in principle to the developer like implement a broken and entirely wrong standard but that needs to be done for the sake of the project as a whole. (Disclaimer - I work with SCORM, the defacto broken standard for eLearning)

3+ months to fix?

[gmuslera]

The NSA took its own time to plant backdoors in the vulnerable systems, or forgot to reply back to Oracle that they finally can roll the fix.

Well...

[Ramirozz]

If he would have the right intention to measure response time both bug reports should have been filed at the same time... filing a seocnd one with the text saying "hoping it gets more attention than the competition" is pretty biased and provocative to the actions.

Re:Well...

Meh its Oracle, with their history I think anything short of shanking them with a rusty spoon is pretty fair.

Re:Well...

[greg1104]

Shanking with a rusty spoon? No, now the correct way to describe unfairness on Oracle's side is that you're adding weight to a kingpost.

Not really a fair test

[greenreaper]

The poster made a comment in the second bug saying that they hoped to get a faster response than on the MySQL bug.

Re:A Post with an Agenda

The bug report link's in the summary, moron.

fast, but wrong

Ok, they fixed it. But did they actually fix it? MySQL is full of places where the developers didn't think about they were doing or cut corners.

Example: Let's say you want a column that auto-populates with the current time. In most databases, you would write a before insert trigger or have a column default of getdate(). A little extra work, but more flexibility and control. In MYSQL, you just use a timestamp column. What if you want two of them (say, inserted and updated)? Well, fuck you, MySQL can't do that.

Re:fast, but wrong

Well, fuck you, MySQL can't do that.

Then why don't you just write a fucking before insert trigger, just like most other databases? You expect MySQL to act like it's fucking magic and then complain when it's not the magic you want. Fucker.

Re:fast, but wrong

[ichthius]

Well, fuck you, MySQL can't do that.

Yes you can - since version 5.6.6 (2012-08-07)

http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-6.html

Re:fast, but wrong

[NeverWorker1]

Let's not forget how it "enforces" constraints. For example, consider:

CREATE TABLE emps (id INT(10) AUTO_INCREMENT,
fname VARCHAR(50) NOT NULL,
sname VARCHAR(50) NOT NULL);
INSERT INTO emps (fname) VALUES ('John');

In a proper RDBMS, that would fail for violating a constraint. MySQL/MariaDB just massage the missing sname into an empty string, which is about as valid as just sticking 'sldfjpsdj;ksdj;fsdljkfsd.'

Worst part

[aitikin]

is it appears the person assigned the bug only has one to work on (or I don't understand how the bug-zilla handles that).

Re:Worst part

Aw man, what if we're all going lynch mob crazy over something that seemed trivial so they gave it to a highschool intern, and the intern is trying to be extra careful in submitting his first bugfix.

Re:Worst part

[NatasRevol]

More likely, the intern found a more interesting project to work on and is hoping that his/her boss doesn't notice they didn't fix that bug before they go back to school.

Re:Worst part

The "intern" to whom the Oracle's version of the bug is assigned is Sinisa Milivojevic, who has been the head manager for MySQL Support for 10+ years. He was originally hired by Monty to start up MySQL AB's Support operation.

And it is very possible that he himself will write a fix for it, when he has some spare time to play with something that is basically an edge case brought on by some incredibly shitty SQL.

Re:Worst part

It's also interesting that he verified the bug himself, and then quite possibly assigned it to himself.

Re:A Post with an Agenda

[ShanghaiBill]

Has anyone checked with Oracle on the status of this?

I checked. They said they are waiting for the NSA to approve the code change.

Oracle probably did testing....

[Proudrooster]

Oracle, love'em or hate'em makes some rock solid databases. The reason for the delay in the patch release was most likely testing and validation of the patch. I am assuming Oracle does this for MySQL but, what do I know?

Re:Oracle probably did testing....

[OhANameWhatName]

but, what do I know?

Clearly not a lot, yet still you infer to know a great deal.
Ever considered getting into politics?

Re:Oracle probably did testing....

[greg1104]

Not sure which is funnier; the idea that MySQL is a "rock solid databases" or that Oracle cares about validating its optimizer. I'll just point you at Top 10 Optimizer Regression Bugs in MySQL 5.6 and wander off now.

Re:Oracle probably did testing....

Oracle, love'em or hate'em makes some rock solid databases.

Which I guess is why more than once I've had to insert index hints because the EXPLAIN PLAN revealed that Oracle couldn't figure out it had an index on a primary key.

Re:Oracle probably did testing....

[WaffleMonster]

Oracle, love'em or hate'em makes some rock solid databases.

I suppose if you ignore annoying database bugs and endless parade of critical security vulnerabilities I could see this being true.

Re:Oracle probably did testing....

[mybecq]

Oracle, love'em or hate'em makes some rock solid databases.

Yes, their databases are so rock-solid it is like getting blood from a stone if you need anything less than a business-critical patch (including fixes that have already been made on another platform) . This has been my experience on at least two separate occasions. I gave up waiting for a fix for a TCP-connect issue because they don't know how to handle EINTR during a 'connect'.

So what

So what OP, want a cookie?

Re:Translation

[Score+Whore]

Indeed. This "bug" seems pretty stupid. I mean on the submitter's part. Why would any vendor spend much time solving this problem when it should be simple enough not to write such stupid SQL to begin with. Anyone who spent time working on this probably had nothing much better to do.

I mean really, I get it, but what is the use case for 'if a constant is equal to a different constant'?

What about 10 year old mysql bugs?

[the_B0fh]

For example, #1341. 10 fucking years old.

#68892 - best comment on the bug: 'Not quite sure how the severity scales are generally used, but shouldn't a trivial command that breaks the one feature that is being splatted all over the homepage as having significant improvements be a little higher than "non-critical" ?'

What about stupid shit like this: http://www.darkreading.com/database/expect-a-surge-in-breaches-following-mys/240001958?cid=nl_DR_daily_2012-06-14_html&elq=7e0510c44883432fa8e79c2ebde2ecb8 "The vulnerability itself is in the way MySQL accepts passwords -- the bug makes it such that there's a one in 256 chance that the wrong password will still grant the user access to an account. So an endless loop of attempts will eventually grant an attacker access. It was a bug so unique that Moore says some MySQL developers ran into it, couldn't reproduce it ,and eventually chalked it up as a fluke."

Is MySQL even ACID compliant yet, without addons?

http://nosql.mypopescu.com/post/1085685966/mysql-is-not-acid-compliant

Re:What about 10 year old mysql bugs?

[OhANameWhatName]

#1341. 10 fucking years old

Pffft, give Oracle time .. they can best it.

Re:What about 10 year old mysql bugs?

With particular respect to #68892, I'm not surprised that MySQL has these huge replication problems with the terrible replication architecture they're chosen. This article explains it better than I can.

Re:What about 10 year old mysql bugs?

[greg1104]

I don't think it's possible for MySQL to get the "C" part in ACID right without a total rewrite, which seems unlikely under Oracle's watch. There used to be all sorts of trivial ways you could insert garbage data into MySQL, things like February 31 being a valid date or numbers going into boolean fields. They added this strict mode as a way to add validation for most of that. But strict is a client setting. All it takes is one client that ignores this, and the engine will still let you put garbage into there--values that are not going to be valid if you later work on them using a strict setting client. If you can put data in one end of that's not correct when read by another client, that's the exact opposite of a "consistent" database. It boggles my mind that anyone finds this acceptable. I guess people who do all their validation on the client are fine with it maybe? I can't explain how people who don't understand databases at all make their decisions.

I don't follow MySQL closely enough to know if they're still silently truncating data sometimes too, but that's been a nagging problem over the years too. Strong validation of data is like security: you don't just bolt it on later. It's something that needs to be enforced in as many places as possible in the code, if you want any hope of getting it right and bug free. If you actually want data to be validated in all situations, you need to use something like PostgreSQL instead. There even new types you add to the database can execute any check constraint function you want before that data is allowed in, period. That overhead contributes to why MySQL is faster on trivial things, but sometimes you get what you pay for.

Re:What about 10 year old mysql bugs?

My favorite bug to watch is #6773 - native Kerberos auth for users.

It's astounded me how a DB with no proper external authentication had ever gotten any traction. PAM support is 'commercial' now, absolutely pathetic.

Re:What about 10 year old mysql bugs?

Has there in fact been a huge increase in breakins in the 15 months since that blog entry was posted? No? Then STFU.

Re:What about 10 year old mysql bugs?

[olau]

The popular web frameworks these days have a little bit of wrapper code which maps DB values to native values. So for instance it's impossible to insert an incorrect date as it would not be possible to construct it with the API you have to go through. So in practice, it's not really an issue for new systems.

Also, while it's lame if MySQL doesn't catch those and I've certainly seen enough legacy DB systems to appreciate the RDBMS-consistency-rules-as-last-iine-of-defence idea, I do think that these days, if you actually encounter such a date in a new system, you've got bigger issues than just data consistency.

Re:What about 10 year old mysql bugs?

You know what ? 99% of IT developers are whores, only concerned about $$$. They will use the $hit that makes most $$$, regardless of whether it is the "right technology". Oracle 8/9 could be trivially hacked subverted by ANYONE having a network connection to the listener port. MySQL can be crashed almost equally trivial. But only the 1% who have some love for their job care.

I read reports that MSSQL was as bad as oracle a few years ago. This is an industry of whores.

Re:What about 10 year old mysql bugs?

So your nice MySQL PILE OF SHIT, requires an additional system to protect it's integrity ? Yeah, that sounds all quite consistent.

Non-Whores neither use Oracle nor MySQL. Probably also not DB/2 nor MSSQL. Security-wise these are all horribly bad and must be hidden behind strict firewalls.

I am not sure Postresql is better, but I have little evidence on that product's shittiness.

Re:What about 10 year old mysql bugs?

[the_B0fh]

Definitely a new way to look at security - yeah, our stuff's shitty, but has there been a huge increase in breakins huh? HUH?! HUH?!! Yeah! So shut the fuck up!

Re:What about 10 year old mysql bugs?

How do native types prevent you from having clamping issues? MySQL by default has an obscure size for INT that i believe ends at something like 879000, not at 2^32-1 or any other typical value. Plus, the clamping is silent. The best you can get is a duplicate value error if you're inserting the second implicitely clamped value into the same column...

Re:What about 10 year old mysql bugs?

It's got nothing to do with "addons". MySQL has a choice of engines. InnoDB is the default, it is ACID compliant. Historically MyISAM was the default, but that's going back several versions and you might as well claim Windows in a UI over DOS by claiming past code is relevant to what you get with a clean install today.

Re:What about 10 year old mysql bugs?

You might find that every SQL database requires an 'additional system' for handling constraints more advanced than foreign keys (e.g. this 1-to-n relation should have at least 1 row in the second table). You can't check that sort of constraint unless you're doing all your inserts in stored procedures, which is, from a source-control standpoint, just a plain bad idea.

The model part of MVC at least can enforce these things in code. (Too bad the ActiveRecord-type frameworks are so bad efficiency-wise.)

Re:What about 10 year old mysql bugs?

[NeverWorker1]

Don't forget MySQL's translation of NULLs in NOT NULL constrained fields to 0 or empty strings instead of rejecting the update as a proper RDBMS should. Somebody needs to explain to them that missing data is missing, not 0. I can't tell you how many problems I've seen this cause (ofc, whether and how NULLs should be used is another discussion entirely...).

Re:What about 10 year old mysql bugs?

[midom]

if there'd be really a push for it, all you would need is server-side strict mode enforcement. any software engineering intern can add that feature :) but I guess not too many users really push their vendor for it, do they?

Re:What about 10 year old mysql bugs?

[the_B0fh]

The other AC posted a very interesting article. You should read: http://grimoire.ca/mysql/choose-something-else

Re:Translation

[rudy_wayne]

Indeed. This "bug" seems pretty stupid. I mean on the submitter's part. Why would any vendor spend much time solving this problem when it should be simple enough not to write such stupid SQL to begin with. Anyone who spent time working on this probably had nothing much better to do.

I mean really, I get it, but what is the use case for 'if a constant is equal to a different constant'?

That's what I thought when the submitter said:

But when I comment out the 'M002649397' IS NULL OR clause (which has no effect on the result),

Yes, I guess technically this is a bug, but the obvious answer seems to be "Don't write stupid code in the first place". If you can take it out with no effect on the result, then why is it in there in the first place?

Re:Translation

There is no such thing as a stupid bug. As for stupid posts that one is still up in the air.

The "Classic" = 2038 MySQL Bug... apk

"MySQL database's inbuilt functions like UNIX_TIMESTAMP() will return 0 after 03:14:07 UTC on 19 January 2038.[7]" from -> http://en.wikipedia.org/wiki/Year_2038_problem

* Just like 32-bit UNIX is - same 1970 UTC Clock "bug"...

(OR, it was one on UNIX variants @ least: Admittedly, not sure if those're fixed or not, or on what models/versions/vendors etc. - Like this one SHOULD or OUGHT to be for MySQL... afaik, it even happens in the 64-bit builds).

APK

P.S.=> That's one that definitely needs fixing... even if ONLY for the 64-bit (or better/larger memory addressing future builds)... apk

Re:The "Classic" = 2038 MySQL Bug... apk

The Year 2038 problem is well known, with various Unix implementations already solving it. Judging by the reports in the relevant Wikipedia article, it looks like there are 64 bit time_t implementations on the major open source Unices. The commercial Unices that actually matter (Solaris and AIX, maybe HP-UX?) probably have similar fixes in place but I’m too lazy to check. And nearly everyone doing database stuff is on a 64 bit CPU now, so it’s not much of an issue at this point. If you want to worry about time_t and Year 2038, I’d recommend concerning yourself with embedded systems, whatever ancient COBOL cruft refuses to still die, and all those interesting special-purpose systems running nuclear reactors and refineries and the like.

Re:The "Classic" = 2038 MySQL Bug... apk

Holy shit you're alive and people still haven't killed you!

Oracle "support"

[Neo-Rio-101]

This is no surprise to anyone who makes Oracle support calls for a living.

Unless you bump up the severity to the highest level, you can expect months of wait and all-around handsitting.

Re:Translation

[Blaskowicz]

Yea, I trust you on accurately reporting this.

Interesting...

Some may see this as a reason to use MariaDB instead of MySQL. Me, I see it as a reason to keep using DB2. Especially since Oracle can't tell the difference between an empty string and a NULL.

That's probably Larry's next step, to port that bit of brain-deadery to MySQL :-)

No they didn't

They said they are waiting for the NSA to approve the code change.

If anyone says they are acting under orders from the NSA, they are lying.

On the other hand, if they aren't saying that they are acting under orders from the NSA....

Let's wait and see

[stevez67]

how many additional performance bugs the rapidly deployed Maria patch opens before we pass judgement. Speed without adequate QA is useless and self-defeating.

Just the facts...

It's well known that the "Earth Momas" that regularly flock to RMS events and throw themselves at him, exchange flea communities with him, his "bush" is a variable "wild life park".

In fact, RMS makes his women sign a non-disclosure agreement prior to coitus.

 

Re:Just the facts...

It's "veritable", you goose, not "variable". If you're going to delve into the fine art of rhetoric, at least educate yourself first :-)

Re:Just the facts...

Always good to hear from the minions of THE BALLMER.

Re:Translation

[squiggleslash]

I'm guessing if the SQL is generated programatically, you might get a constant = constant clause, although I'm having difficultly thinking of any sane situation where that would occur.

'foo' is null is a user problem

[Ice+Station+Zebra]

The optimizer is correct in making it run poorly, it is poor sql to begin with. If anything it should throw an error instead of accepting garbage.
If I saw you putting that in a project I would quickly fire you arse. Heck, I'd probably fire you for using mysql to begin with.

Re:'foo' is null is a user problem

I have a sneaking suspicious that the query is the result of a prepared statement, dealing with NULL and NON-NULL strings:

WHERE ? IS NULL
      OR ? = column_name

Re:'foo' is null is a user problem

If anything it should throw an error instead of accepting garbage.

Well, accepting garbage seems to sort of be the whole design philosophy of MySQL...

Re:'foo' is null is a user problem

[KiloByte]

The documentation explicitly says cases like this are optimized away. This also makes writing parametrized queries easier: you don't need to care about optional arguments, as the server will do this for you.

I agree with you about using mysql, though.

Re:'foo' is null is a user problem

The SQL I see looks like massive idiocy. It is not the job of the SQL optimizer to optimize crap.

Re:'foo' is null is a user problem

[Tridus]

If the documentation says it does, then yes, it is in fact the optimizers job.

If it's not actually going to do it, then they shouldn't say it will.

I think it's because

[kilodelta]

Oracle is trying to kill MySQL. It's sad - I loved it back in the day. Now not so much.

Oracle will have the patch when they buy MariaDB

[Macchendra]

Do all the dedicated volunteers think their work won't be sold to Oracle? Also, they wouldn't want to break compatibility with this: http://www.oracle.com/technetwork/database/migration/mysql-093223.html

Re:Translation

[ultranova]

If you can take it out with no effect on the result, then why is it in there in the first place?

Dynamic query generation? The literal might actually be a variable on the client side - say, the contents of some optional string.

Re:Translation

[Derek+Pomery]

Yep.
select 1 from
table where
(? IS NULL OR foo = ?) and
(? IS NULL OR bar = ?) and
(? IS NULL OR baz = ?)

where foo, bar and baz are all optional.

Re:Oracle will have the patch when they buy MariaD

[greg1104]

Yup, MariaDB is playing the same copyright assignment tricks that Monty used before, so that he could leverage community work yet still sell MySQL as a business. No reason to believe he's doing anything different this time. When the FSF asks for copyright assignment, that's acceptable because they have never breached the trust of their contributors. But when Monty does it, you have to assume he's setting things up so he can cash out again.

coalesce

[tepples]

-- coalesce returns the first argument that is not null
select 1 from
table where
(coalesce(?, foo) = foo) and
(coalesce(?, bar) = bar) and
(coalesce(?, baz) = baz)

Re:coalesce

[Derek+Pomery]

That doesn't seem to be a big improvement on readability to me, but sure, why not :)

Re:coalesce

[tepples]

The big advantage of COALESCE is that you don't have to specify each optional element twice.

Re:coalesce

[Derek+Pomery]

Ah. Good point. Avoids a bit of spam in the binds. Fair 'nuff.

Re:coalesce

[Derek+Pomery]

But, eh... Only works for the simple case I guess...
(? IS NULL OR foo LIKE '%'||?||'%') AND
(? IS NULL OR bar = ?) AND
(? IS NULL OR (A = ? OR B = ? OR C = ?)) AND
(? IS NULL OR baz = to_date(?||'-'||?,'YYYY-MM'))

Re: Translation

Clearly you haven't worked with many Indian developers before.

Its not really a bug

[Chrisq]

Its just failure to optimise a statement that nobody in their right mind would write. Like saying a compiler has a bug if it can't optimise away "if (1 != 2)".

Re:Its not really a bug

[viperidaenz]

Not really. It's a failure to calculate an optimal execution plan.
When the "'foo' IS NULL OR" clause is added, that has no effect on the result is added, the execution plan changes to a sub-optimal one.

Re:Its not really a bug

[dotancohen]

Actually, since many queries are the result of parsing a user's input in some scripting language, such a query is actually feasible.

Re:Its not really a bug

[Ottibus]

Like saying a compiler has a bug if it can't optimise away "if (1 != 2)".

A compiler does have a bug if it can't optimise away "if (1 != 2)". The following code contains exactly that expression and any decent compiler will optimise away the test and the code in the conditional block.

#define DEBUG_SUMMARY 1
#define DEBUG_VERBOSE 2
.
.
#define DEBUG_MODE DEBUG_SUMMARY
.
.
if (DEBUG_MODE != DEBUG_VERBOSE) {
}

Time to RTFBugReport

[viperidaenz]

MySQL bug is lodged with a priority of "S5" - pretty low.
MariaDB bug is "Major".
No shit one was fixed before the other.

Re:Oracle will have the patch when they buy MariaD

This isn't a problem. Community will fork it again if something will go wrong. This matters.

Small project?

[dutchwhizzman]

How is MariaDB a small project and MySQL not? They both share roughly the same codebase and history. MariaDB has paid developers working on it, maybe even more than Oracle has on MySQL. For MariaDB, paying customers are probably more important than for Oracle, since Oracle can afford to lose money on this for a much longer time before they go bankrupt than MariaDB. If anything, the argument about "spending money on something only if it gives an immediate profit" applies way more to MariaDB than to Oracle.

Re:Small project?

[Ash+Vince]

I was promised a flying car. Where is my flying car?

Since religious nutjobs started crashing planes into buildings flying cars have been put on the back burner for a while. Sorry.

Oracle's testing suite is secret.

[dutchwhizzman]

Oracle has kept their testing suite and results closed source and secret. This is one of the reasons why MariaDB decided to do a cold hard fork and not look back. They can't possibly promise compatibility with Oracle since the specs are closed, effectively making the project closed. Assuming that Oracle tests things at all is purely speculation. If anything, regressions mentioned in other comments here suggest they don't do a very thorough job at all and their test suites only include new features and "old" tests, no regressions of bugs that got solved since they closed the testing specs.

Then what are computers for?

[dutchwhizzman]

The reason we have computers is to help us do complicated stuff. If you want the user to solve all the hard work, you're going to be searching hard to find the users that have the skills to use something. I believe it's the task of the computer (programmer) to make the most stupid users still get their results without breaking anything. It takes away "natural selection", sure, but that's what we humans have been doing since we exist as a species.

Re:Then what are computers for?

Yeah, the Merkin approach to technology and science: dumb it down.

You know what: that yields absolutely nothing interesting. That's why you need Germans to get a satellite into space. Because we know you need a solid education before you can achieve anything in a certain field. It doesn't matter whether it is mechanical engineering or computer science/informatics. Drive away the idiots (==people who don't care to learn their trade) !

Monty probably won't

[dutchwhizzman]

Why would Monty do it again? He's spending years of his life and a lot of his money to get MariaDB up and going. The risk he will be out of more money, not even counting his time than he'll ever get back is pretty high. For Oracle, MariaDB wouldn't be much of a purchase. They will have to painfully merge the difference in codebase, the developers and customers will all run away instantly and all they'll have left is the diffs. Any other company that wants an RDBMS will gain more from purchasing MariaDB than Oracle. So even if MariaDB gets sold, the most unlikely new owner would be Oracle.

Users are stupid

[dutchwhizzman]

Users are stupid, automated generators even more. You can't expect people to optimize queries themselves, which is why there is an optimizer in the code. If it brutally fails on something it is supposed to optimize, it's a bug.

MySQL or MariaDB

[sproketboy]

If you're using MySQL or MariaDB then you're an idiot anyway.

And nobody is surprised

And nobody is surprised that Maria is the same stinking pile the MySQL is.

The fix, as many said when Maria was released, is Postgres. It has been for years.

In fact the use of MySQL has become a litmus test for employment; if the company uses MySQL, I look elsewhere.

Obscure + Performance - Low Priority

[drstevep]

This demonstrates the difference between commercial/professionally run products and what can be a very ad hoc management style for open products.

A commercial organization receives a DR and reviews it. The DR is assigned a priority and a severity. Being obscure and performance related, I'd guess that it scored low on both. It doesn't impact security, it doesn't rear its ugly head often. So it won't impact many users, and presumably, the impact won't be that great. As such, and assuming that you have limited resources devoted to a product, it doesn't exactly float to the top of the heap.

But from the standpoint of code, the defect *might* be interesting! And in a looser environment, interesting trumps utility. Also, the impacted source might be more isolated... meaning to the volunteer "dive right in" developer, it is a more attractive problem to handle.

I'm not trying to defend Oracle or condemn the MariaDB team. I'm using this as an example of how different development processes and practices (highly managed/cathedral vs. open-uncommitted/bazaar) might yield different results. And how different group goals (further integration of MySQL into the Oracle family vs. ??? for MariaDB) might impact where efforts are place.

Let's be fair to Oracle...

[Assmasher]

...it takes time to derive a method of generating revenue from a bug...

one bug, why flame?

[midom]

Well, look at it properly, the bug is about optimization of a query that does not make much sense. Sure, it could be done better, but why would you issue such query at all.

If you look at problems that Oracle/MySQL engineering tackled, they are somewhat different - data compression, online DDL, parallel replication, GTIDs, InnoDB scalability, etc - these were huge efforts and get reasonable focus. Think of all the bugs that were not filed against MariaDB... :)

Count InnoDB engineers working for Oracle and for Maria, unfortunately that will not be balanced. Even Percona's InnoDB expert Yasufumi Kinoshita ended up working for Oracle lately.

Sure, Maria can do all sorts of tricks in SQL-land, but it is not the full picture. Oracle has much more engineering power dedicated to supporting MySQL, and they also have customers who are doing bug escalations as well.

Disclaimer: I used to work at MySQL AB and currently am working on a deployment that builds upon Oracle's MySQL tree, see https://www.facebook.com/MySQLatFacebook

This is a complete troll!

[FlyingGuy]

Calling out a bug for comparing a quoted string to null, eg: '1234mhgt' = null tripping up the optimizer?

No wonder Oracle is ignoring their asses. I would too!

Here is a similar story about Sybase...

I too found an obscure bug (but in Sybase). Spent 2 months explaining it to their support. Repeatedly asked for a phone conversation (they simply ignored these requests). At the end gave up... It felt like talking to an idiot -- they just kept repeating some stupid phrases, and when I pointed out at problems in their logic -- never defend their position, just come up with another stupid argument.
So, folks, there are worse things that Oracle ;-)

Re:Translation

[Score+Whore]

I'm not even sure this is a bug. It's kind of like complaining that my C compiler didn't optimize out my infinite loop:

int main(int argc, char **argv) {

    printf ("Die bastards\n");
    while (1) ;
    printf("Please die bastards\n");
    exit (-1);
}

Whose problem is it?

Why am I not surprised?

[whitroth]

A couple of years ago, I had a tech support call into Oracle for a Sun server. It took them almost a *month* to send out an FE, and that time included two weeks of emailing an engineer on another continent (S. America), and an "in country" engineer... who only worked third shift.

Oh, and after escalating it, three managers in three days "taking ownership".

I expect *everything* that Larry buys to be supported that way.

                mark "wouldn't want to waste money that could be spent on his fighter jet or Hawaian Island...."

February 31st?

It took them several years to stop recognizing February 31st as a valid date. Don't expect quick bug fixes for something more than slightly harder.

"The Object's Hull is..."

"Solid Neutronium: There is no known way of blasting thru it..."

APK