Ok. So you block all ports. How do you block them? Block them at the perimeter? Block them for each IP (ala each IP is a DMZ)?
If you only block them at the perimeter, all it takes is some num-num to open trojanworm.exe in their email attachment, or web download, or nextwizbang service 2.0, and now all the machines behind the firewall are available to be hacked.
If you make each IP a DMZ, or some sort of route trickery, you slow down things on the router/firewall side, which is also a sucky solution. Yeah, yeah, specialized hardware and all that might make this less of an issue, but it doesn't matter.......because all of this a moot point. Most viruses and worms aren't throwing themselves on the firewalls and commiting suicide. They are walking in the front door through http and smtp.
Everyone needs to freaking relax, focus, and fix their shit. For a _long_ time server side exploits where a _huge_ issue. Now the exploits are focusing on the client machines, and it's only a matter of time before that is hardened too. Viruses, worms, and all sorts of other stuff are scary enough and get media attention that most people are worried about it.
Sure there will be people that don't care, but that generation will adapt/learn or will be dead soon enough (of old age or what have you).
Firewalls will only give a false sense of security, as it is not a COMPLETE security solution. In fact it really doesn't even offer an interesting definition of protection considering the threats presented.
In Vietnam, Marines used to zero out their.50s to a mile. Two guys (one shoots the other one is a spotter) on top of hill, would wreck major havoc. Couldn't even hear the report of the weapon. Used to take take out VC as they were getting their hair cut. I imagine this could be employed for a spammer sitting at their computer... Anyway, can't beat the ballistics on a.50 cal.
Ha! Agreed. Let's just stick to the facts, and not some English major's, sorry, Associate Professor's, personal website. If you were to actually do the math with the right numbers, you would find out what an appauling number that is. However, using your math that is also an entire population of the United States that doesn't read.
Look at the age structure, actually, just look at the link I provided, use your brain, and then come back to me with how silly my argument is. The services industry is carrying that country, but only a small percentage of the population is actually working in that industry, and even smaller percentage of that is actually doing software.
As for Indian's actually really learning English in University. I actually have personal references I can site.
Well said. Corporations and greed, who'd have thunk it. It's quite possible that America will end up not being the far and away richest country in the world.
Everyone should look at California, they are often a prediction of what will happen in the rest of America. Outrageous housing costs and living expenses, and jobs that can't even come close to covering the bill.
Want to survive in the new new economy? Learn a second language, and I don't mean C#, or a Romance language. Try something like Hindi or Chinese. Now you can be your companies ambassador, and be once again on top of the food chain. If people want to code programs for $10,000/year. I say let them. I sure as hell won't, but I wouldn't mind telling them what to do, as a project management role.
Think how valuable it would be for someone who understands the culture, and language, of the country that people are outsourcing too, and also has a strong tech background. Imagine if you knew three languages?
There are too many grifters in IT anyway. Way too many people are in just for the money, and not because they love it.
In volatile times there is opportunity to be had. Carpe diem and all that. Also, there has to be a reason why people are leaping at the chance to work for $10k/year in India. I am betting the cost of living is ridiculously low. I bet they aren't screwed up on software patents either (althought I don't know). You're out of the reaches of companies like SCO.
If all the high tech talent moves to countries where it makes sense. Hell. Who wouldn't hire an American who only wanted $10k/year to write programs. In fact you might get a little extra, because you are one of our own.
I'll have to a look at this. I don't know enough about Sybase to speak intelligently about it.
However, my experience with online replication is the wierd things that bite you in the ass, like storage constraints, network problems, changed passwords, wierd locking issues, and other bug a boos that made it a big pain in the ass.
It was a far better idea to replicate the entire database offsite via redo/archive logs, than to try to run many online at the same time and keep the transactions in sync between them. This is just my experience your mileage may vary, and Sybase may have a for real solution to this problem, however, I am suspect when they mention store and forward queues as "the answer".
I know. I know. It's like I said. Embarassing. For a long time the MySQL culture didn't recognize the need or even understand ACID or anything transaction related. Was "a waste of time", I think they said, since an application developer could attempt to build their own implementation into their application if they needed it.
<sarcasm> No need to put cruft like transactions or SQL92 support into an RDBMS </sarcasm>
I think you may have misconstrued what I was saying. Read what I said, "...Postgres is one feature closer to what Oracle was several years ago." In other words Postgres today, isn't even close to what Oracle was several years ago.
You bring up another good point that only surprises me in that it is in support of Oracle. Oracle has backwards compatibility, and a migration option to get customers on the new version. The same feature sets are available across all newer versions of Oracle. You are right software doesn't get hacked up to use the latest features, but I'll be damned if I have to hack around incomplete SQL support, not good enough backup and recovery options, limiting/poor performance tuning variables and views, and virtually non-existant scalability.
Oracle is there for when organizations need to grow up, and take advantage of real features such as rock solid point in time backup and recovery, built in scalability (not something that is bolted on and an after thought). These are features that are absent from open source offerings, and demanded by companies that recognize a need for them.
In favor of Postgres, there's is the only open source contender I have ever seen that as a development culture kind of "gets it" as far as where a database engine needs to be. (i.e. Postgres seems like Oracle compared to MySQL.) However, they are still on the D- end of the bell curve.
Postgres is technically good enough to provide a SQL interface for manipulating data for most applications. However, this is only half the answer for professional organizations, but worse it's akin to saying "Look, I can brush my teeth and tie my own shoes." It's not impressive, it's expected.
<letmetellyouastory> I used to be a mysql fan boy. It was really cool. I felt cool, because I could do all of these things, and feel really clever because I could do them for free. Then I got a job as a webmaster (used to mean *nix/oss/web/network ninja) for a real company, and all they used was Oracle. They just wanted me to make those annoying web customers shut the hell up. It was about a months worth of work, and then it was boredom.
I started volunteering to do other work that popped up during the Monday meetings. Applying patches doing admin work to Unix OSes I hadn't touched (i.e. HPUX, AIX, OSF). I then started watching the Oracle guys, and figured out what they did. I told them, that looks like MySQL. They thought I was cute, when I explained to them what it was. They then explained that MySQL sounds like a SQL interface to flat files, which it mostly was, and still is.
Long story short, I started installing Oracle on our sandbox machines, and trying to do things with it. I thought it was incredibly complex, for what it was doing. The DBAs took notice that I was becoming midly interesting, and had the company pay for Oracle training.
When I went to training I was enlightened. Not because the training is stellar, but because I then realized all of the stuff I had given no thought to. Every day I was thoroughly impressed with what was going on. "This was how a database was suppose to be run" I thought. MySQL is light years behind. If you really think about what is going on and how they are doing things, you begin to marvel at the ingenuity and understand the reason someone is rightfully asking for money.
I had my classes, I took the certification tests (mandatory to be in the DBA department), got my pay raise bump, and I haven't looked back. </letmetellyouastory>
This is like shooting fish in a barrel. I often don't like to harp on the OSSDB fanboys, but Oracle's database solution is second to none, and continues to pull away from the pack.
First things first. Online replication is generally considered by professional DBAs a fools errand. You have to babysit and it fails at the drop off a hat for a variety of reasons. The are no good reasons to do replication in the manner they are talking about, unless that is your ONLY option.
There are however, reasons to replicate data. The reasons you want data replicated are usually for one of two reasons: availability or scalability.
To address availability Oracle provides several options that are just plain better than regular/triggered snapshot logging or materialized view refreshing over a network.
The best option is Oracle's Dataguard, which applies redo/archive logs to a duplicate remote databases. You can perform this option at the logical and at the physical level, and you can choose to maximize/guarantee the protection all the way down to best effort. This option provides the ability to have an absolutely current very warm site, a simple command and you're database is up and running.
As for scalability, again Postgres or mysql doesn't hold a candle. There are too many options to list, so I'll discuss the big ones.
Paritioning/sub-partitioning of data. The way Oracle lays out it's logical database block layer and physical OS block layer is absolutely perfect for being able to do anything you want with the database file layout. I can put my OLTP indexes and tables on fast raid10 devices, the historical and warehousing data on raid5 devices, but that's not all. I can increase parallelization of the hardware by putting a single table or index across N devices. The ability to sprinkle files and chop up data anywhere you want, is just one thing that makes Oracle configurable, scalable, and great.
Real Application Cluster (was Oracle Parallel Server). This is a for REAL clustering solution. Oracle allows several servers (can be dissimiliar in capabilities, i.e. some can have 64gig of memory and 12 processors, and then the others could be smaller dual processor machines.) to connect to the same storage (usually shared over a SAN or SCSI direct connect to EMC gear). Each of the servers is connected to a crossover/ipc LAN (we use gigabit) and now each of the servers has access to the same data. One node goes down or needs to go down for maintenance or reconfig, that's ok, the other nodes are online and traffic can be configured to automatically transfers over to the other nodes MID-TRANSACTION and picks up where it left off and the application is none the wiser (i.e. happens in seconds). The nodes share cached data over the fast network, so there is often little need to go to disk. This kind of scalability can not be found on any other database.
<rant> The real gain for OSS and Oracle, is Linux and Oracle running on Linux. OSS databases are too immature to be let anywhere near real money. I'm not talking about ecommerce money, I'm talking about the millions and bajillions of dollars that flow like water through companies. Linux has Oracle validation and certification, which goes a LONG way in getting Linux into the real datacenters. The price point for the hardware, and the OS and the special deals that Oracle cuts for it are the true win for OSS. The performance is more than there for Linux/Intel solutions, and the price point for Intel hardware is very attractive to companies looking to cut expenses. You still have to pay homage to the Oracle and EMC gods, but even they have felt the crunch, and they too are providing competitive price points. </rant>
So Postgres is one feature closer to what Oracle was several years ago. So what, this is embarassing. Mysql has had transactions for how long? a few days? Please people, Oracle is not resting on it's laurels waiting for anyone to catch up. They have real companies, with real money, that are real threats to them. IBM and Microsoft. Oracle, is pushing the edge on the database front, and doesn't show any signs of stopping.
An SCO story? An...as in you are pronouncing it as Esse See Oh? Please, refrain from doing this in the future, as it's impolite to the letters of the alphabet. It's pronounced skoe rhymes with hoe.
I was hoping so...it was just funny that someone else latched on to it, like you were serious.
I once went to a pre-meeting where we were going to send in the big guns (i.e. the President, Joe, who was interim President at the time) for one of our unruly customers to get them more inline with going through the proper channels in the company to request work. Unfortunately, we had our dumbass managers and sales managers there who were trying to express what we needed to change, in our pre-meeting meeting. The pre-meeting was scheduled the day before the real meeting which was to occur on a Thursday. So the President, asks "ok, what is it we want from the customer after this meeting." Our sales manager responds "Full compliance with all policies and proceedures." The President sighs and rephrases, "ok, I understand that, but specifically is there one thing that we can change, that would make things easier." Again, the sales manager states "Full compliance with all policies and proceedures." At that point people started to snicker. So one more time, the president rephrases, "ok, pretend we have had the meeting, it's now Friday, what do you want to be different." The sales manager then states "But, the meeting is on Thursday, Joe". At that point the room is bursting out in laughter, and not to be a slouch on the stupid train, our manager (our boss) feels the need to add in all seriousness "Yeah, Joe, there was an email." The room is roaring now, and people are falling of chairs. The President started looking around the room, like we were fucking with him.
Anyway, it reminded me of the two num-nums who latched on to the wrong thing. If it was intentional, it should definitely be (Score: +5 funny).
DRDOS is a Distributed Reflected Denial of Service where the zombies (compromised computers running a program) send a few syn packets to hundreds of hosts with the source address pointing at the victim (i.e. think smurf attack, but for tcp). The resultant syn/ack packets are directed at the victim host allowing the zombie hosts to remain relatively anonymous. Furthermore, no-one except the victim is likely to notice this is occurring since the reflecting host may only get small bursts of unanswered syn packets from the victim host. </karmawhore>
IANAL, but I have legal advice anyway that sounds close enough to what everyone watches on TV. modded +5 informative
Several faux SCO press releases where Darl McBride is claimed to have said "Our IP is also in DeCSS", announcing that SCO is preparing to sue the owners of DVD players for copyright infringmenet
I agree. You have to do something, if your copyrights are actually being infringed. However, from what I understand, SCO is walking a very thin line.
For example: 1) The only company actually served with a lawsuit has been IBM based on a contract dispute.
2) They are charging money, for a license that agrees to hold you harmless for use of any infringing code in the Linux operating system. As far as I can tell, they aren't actually breaking the law, if anything it sounds like they are selling SCO IP insurance.
3) They are absolutely right. There are matching lines of code in both SysV and Linux. Where they came from, why, and how, and all of that is an exersize for the courts to determine if it is a derivative work or not, and this is all back to their case against IBM. I think the real truth of the matter is SCO has publicly shown all of the infringing code in the Linux kernel. (for the slow and dim witted, I am making the point they haven't really shown any)
4) They are preparing lawsuits against Linux end users, especially the ones who use AIX, Dynix, and Linux. One company who I know they are preparing a suit against is IBM, who most certainly qualifies for operating all three. They aren't technically lying about doing this either.
5) The GPL is invalid under Federal Copyright law. This is a twist of words, but Copyright law doesn't exactly govern licenses for distribution, it defines the rights of the copyright holder. I think stuff like the UCITA would be more applicable, for the GPL.
6) SCO is still offering the source code for the Linux kernel, which means they are still in compliance with the GPL.
This is spin doctoring and FUD at it's legal best. They are pushing the edge of what is legal. Some would say that is shady and underhanded, others would say that is what having a good lawyer gets you.
Lawyers are masters at this. They are suppose to take the argument of my client helps out at the orphanage, and is finishing their PhD, while at the same time saying the opposition hasn't even finished their education and hangs out with little children in his spare time.
Enjoy the drama, until there is actually something to worry about. Redhat and IBM have probably actually lost money from actually being slandered, so the countersuit and pre-emptive suit makes sense. SCO has yet to actually issue a countersuit against Redhat AFAIK.
"When in danger or in doubt, run in circles, scream and shout." - Quote from the Caine Mutiny
You must be new here. You forgot to preface your comment with the obligatory IANAL (I Am Not A Lawyer). We here at slashdot sometimes wear this as a badge, but more often that not it's a revolver with which we use to shoot from the hip about all things legal.
Anyone who follows these instructions deserves what they get. A mountain of paperwork dealing with intricate and complex laws, that makes peer reviewing the source for Windows XP seem like a walk in the park.
Want to know how to really handle SCO? Get yourself several bags of money and an IP lawyer who will tell you how to wait things out for the IBM suit.
People, IBM is mobilized, althought it may not seem like it. If SCO is not taking the IBM countersuit seriously, the officers are going to be lucky to escape with their freedom when all is said and done. IBM is going to snatch out their eye balls and grind them to the deck. IBM probably has a room full of manuals labeled "HOWTO Sue SCO" parts 1-255. All they had to do was walk down the bastard Unix wing, find the SCO room and dust them off.
This is waiting gamepeople. I know some of us have ADHD, but SCO is digging the hole, and IBM is letting them. Until any of you actually have a lawsuit or an invoice in your hands from SCO. SCO is all talk. Also, if they are distributing GPL code, and they are providing a method for getting the source...seems like they are compliant to me for that piece of software.
All I see is memory management, memory management, and more memory management. If SCO is claiming these are "stolen", then fine. Everyone and there mother comes up with their own implementation of the same damn routines for their own little pet project or module in the kernel.
You'll find more than one occurance of some variation of the following (probably just with some prefix or suffix): strcmp, strcpy, bcopy, malloc, free, strstr, etc. (ad nauseum). Each one can probably be proven to be derivative works of public domain tech.
It's bad that some developer(s) were so lazy as to not change or use the standard kernel routines, and worse that they may have copied and pasted, but this is hardly revolutionary or secret code, or even critical code that couldn't be replaced by the most junior of slashdot's anonymous cowards.
Arena memory management is covered in great detail by a number of sources, in fact the ANSI C standard describes exactly what these type of routines must do, not to mention the wealth of books out there that have half a dozen ways to skin the same cat.
Kernel programming is not as simple as calling #include <stdio> and getting a whole bunch of standard stuff. If you want a special (or even not so special) routine you have to bring it with you (i.e. code it yourself without dependencies), can't just link to the good ole' C library and compile up a kernel.
That's why it does not suprise me that there are similiar variations of MM routines out to ying yang in the Linux kernel. It also does not suprise me (now) that SCO would make an attempt to point to it as their IP. If SCO is not careful they may end up proving all by themselves they don't have any trade secrets or protection.
Once they claim past a certain number of lines of code stolen, it wouldn't be hard to function by function find similiar code within in the linux kernel group those together, and then find unique parts, that historically aren't derivatives. At that point all that has to be done is prove the grouped lines of code are public domain.
Anyone remember the reports (regardless of how accurate) of an increase in births 9 months after the 1965 NYC power outage? I call dibs on this outlandish prediction. Someone in NY better be "getting some" out of all of this.
Well, luckily for me I am running Kernel v2.6 so I am free from the chains of SCO! What I plan to do instead is start charging everyone the fee of $6.99/license so that you can all run Linux v2.6 (binary only so that you can be in compliance with the GPL!)
You bring up an interesting point that isn't being well addressed. SCO has stated in the conference call that their intentions are to release a binary only run time license. Since the code is covered under the GPL, they are then required to provide you the source code free of charge except for reasonable media expenses. If they fail to do so, they are in violation and their license can be revoked, and if I remember correctly, this would mean they are infringing on all of the linux kernel developers copyright.
Once they cross the threshold of denying you the source and your ability to freely modify and distribute the source normal developers can turn on the hot water. I think what is needed is a Linux Legal "Offense" fund, to help developers go after companies that violate the GPL.
SCO needs to be reminded of which end is up. Distributing binaries, without releasing the code under the GPL is in direct violation of the GPL. Apparently they are going to directly test the very thing that needs to be tested in the courts with regards to the GPL.
Stallman wasn't awarded the title of Genius for creating the GPL for nothing. Stallman designed it so that if the GPL ends up not holding water, then basic Copyright laws take effect (which includes the often feared DMCA). Red Hat and others are not actually selling you a license, they are just charging you for the cost of putting the source code onto the media, documentation, and a nice pretty box if you would like.
SCO intends to take the work of others (which is currently protected by copyright) and sell it. At that point, at the very least they are infringing on copyright of linux developers, and they will have to reap the whirlwind of _all_ of the IP they are violating.
I believe there is more than enough kernel developers over the course of linux, to warrant a class action lawsuit against SCO for copyright infringement.
If SCO collects one penny for any binary distribution sans offering GPL'd source code, they are in direct violation and damages and other remedies can be sought under copyright law and the DMCA.
We use Oracle on Linux in production at the place I work at. Let me give you the run down...
We are using Redhat 7.3 (no AS bullshit), Oracle 9iR2 (3 node RAC) latest patches, all on top of 3 Dell 2650 2.4ghz, linked to a Brocade San using Clariion 4500 storage. The cluster network is on some silly Dell gigabit switch.
We insert 3 million rows of data daily to one node. Another node bares the brunt of 10 custom piggy java-based end user applications (across the country 30 field offices), the third node is there as a standby failover in case any of them fail.
sar reports between 15-20% cpu utilization on the active nodes. When a node fails (gets evicted by the cluster group) the applications seemless cross over to the failover node and pickup where they left off, and nary a ring on the phone. We have had applications with connections spread out across two nodes, and because of cache fusion and the fast gigabit network...pinging wasn't even really noticable.
0 problems? Well, there have been a few... You have to keep current on the oracle patches ('specially those relating to cluster management), the STOM(N)ITH or watchdog drivers have been in a period of change, and you need a seasoned DBA and SA who work well together and understand the issues. It helps if they are a cross between the two.
However, if you are looking for the 5 nines at a price that can't be beat...I heartily recommend Oracle RAC on Linux.
Win2K3 is too new to even be a sane choice. Tell mgmt. you would have to test and patch for 6 to 9 months, before it would be ready for the field. Linux 2.4 has been out for years, and is ready to do work now.
As for SCO... attacking Linux may have put them on the map, but now everyone knows where to send the nukes. IBM is going to blast them into oblivion. IBM no doubt has a pile of paperwork that they are going over with a fine tooth comb that will end up being the most solid and unbreakable defense the industry has ever seen. SCO is embarrassing themselves, and they are going to end up owing everyone an apology when they crawl out from their smoking crater of a company.
If you lose, you pay their legal fees and expenses. Not only that (if things go there way) they would get a few precedents under their belts and hand that over to competent attorneys in your local jurisdiction. Flights/hotels/car would no longer be an expense, the local lawyers would provide their own Mercedez to get back and forth to the courts.
It doesn't matter anyway, IBM is going to starve them of their cash. Only people losing money is SCO and the only people getting money is their lawyers.
Slashdot Mirror
Ok. So you block all ports. How do you block them? Block them at the perimeter? Block them for each IP (ala each IP is a DMZ)?
...because all of this a moot point. Most viruses and worms aren't throwing themselves on the firewalls and commiting suicide. They are walking in the front door through http and smtp.
If you only block them at the perimeter, all it takes is some num-num to open trojanworm.exe in their email attachment, or web download, or nextwizbang service 2.0, and now all the machines behind the firewall are available to be hacked.
If you make each IP a DMZ, or some sort of route trickery, you slow down things on the router/firewall side, which is also a sucky solution. Yeah, yeah, specialized hardware and all that might make this less of an issue, but it doesn't matter....
Everyone needs to freaking relax, focus, and fix their shit. For a _long_ time server side exploits where a _huge_ issue. Now the exploits are focusing on the client machines, and it's only a matter of time before that is hardened too. Viruses, worms, and all sorts of other stuff are scary enough and get media attention that most people are worried about it.
Sure there will be people that don't care, but that generation will adapt/learn or will be dead soon enough (of old age or what have you).
Firewalls will only give a false sense of security, as it is not a COMPLETE security solution. In fact it really doesn't even offer an interesting definition of protection considering the threats presented.
pfft. that was quick.
I for one, welcome our new hacker overlords.
.50 caliber BMG
.50s to a mile. Two guys (one shoots the other one is a spotter) on top of hill, would wreck major havoc. Couldn't even hear the report of the weapon. Used to take take out VC as they were getting their hair cut. I imagine this could be employed for a spammer sitting at their computer... Anyway, can't beat the ballistics on a .50 cal.
In Vietnam, Marines used to zero out their
Ha! Agreed. Let's just stick to the facts, and not some English major's, sorry, Associate Professor's, personal website. If you were to actually do the math with the right numbers, you would find out what an appauling number that is. However, using your math that is also an entire population of the United States that doesn't read.
Look at the age structure, actually, just look at the link I provided, use your brain, and then come back to me with how silly my argument is. The services industry is carrying that country, but only a small percentage of the population is actually working in that industry, and even smaller percentage of that is actually doing software.
As for Indian's actually really learning English in University. I actually have personal references I can site.
Wrong again, Anonymous Coward. Most Indians don't learn English, until University.
CIA Factbook
Only 59.5% are literate. I like those odds, my friend.
Well said. Corporations and greed, who'd have thunk it. It's quite possible that America will end up not being the far and away richest country in the world.
Everyone should look at California, they are often a prediction of what will happen in the rest of America. Outrageous housing costs and living expenses, and jobs that can't even come close to covering the bill.
Want to survive in the new new economy? Learn a second language, and I don't mean C#, or a Romance language. Try something like Hindi or Chinese. Now you can be your companies ambassador, and be once again on top of the food chain. If people want to code programs for $10,000/year. I say let them. I sure as hell won't, but I wouldn't mind telling them what to do, as a project management role.
Think how valuable it would be for someone who understands the culture, and language, of the country that people are outsourcing too, and also has a strong tech background. Imagine if you knew three languages?
There are too many grifters in IT anyway. Way too many people are in just for the money, and not because they love it.
In volatile times there is opportunity to be had. Carpe diem and all that. Also, there has to be a reason why people are leaping at the chance to work for $10k/year in India. I am betting the cost of living is ridiculously low. I bet they aren't screwed up on software patents either (althought I don't know). You're out of the reaches of companies like SCO.
If all the high tech talent moves to countries where it makes sense. Hell. Who wouldn't hire an American who only wanted $10k/year to write programs. In fact you might get a little extra, because you are one of our own.
if(life == lemons) {
if(you == makelemonade) {
exit(SUCCESS);
}
sourpuss();
exit(LOSER);
}
I'll have to a look at this. I don't know enough about Sybase to speak intelligently about it.
However, my experience with online replication is the wierd things that bite you in the ass, like storage constraints, network problems, changed passwords, wierd locking issues, and other bug a boos that made it a big pain in the ass.
It was a far better idea to replicate the entire database offsite via redo/archive logs, than to try to run many online at the same time and keep the transactions in sync between them. This is just my experience your mileage may vary, and Sybase may have a for real solution to this problem, however, I am suspect when they mention store and forward queues as "the answer".
I know. I know. It's like I said. Embarassing. For a long time the MySQL culture didn't recognize the need or even understand ACID or anything transaction related. Was "a waste of time", I think they said, since an application developer could attempt to build their own implementation into their application if they needed it.
<sarcasm>
No need to put cruft like transactions or SQL92 support into an RDBMS
</sarcasm>
I think you may have misconstrued what I was saying. Read what I said, "...Postgres is one feature closer to what Oracle was several years ago." In other words Postgres today, isn't even close to what Oracle was several years ago.
You bring up another good point that only surprises me in that it is in support of Oracle. Oracle has backwards compatibility, and a migration option to get customers on the new version. The same feature sets are available across all newer versions of Oracle. You are right software doesn't get hacked up to use the latest features, but I'll be damned if I have to hack around incomplete SQL support, not good enough backup and recovery options, limiting/poor performance tuning variables and views, and virtually non-existant scalability.
Oracle is there for when organizations need to grow up, and take advantage of real features such as rock solid point in time backup and recovery, built in scalability (not something that is bolted on and an after thought). These are features that are absent from open source offerings, and demanded by companies that recognize a need for them.
In favor of Postgres, there's is the only open source contender I have ever seen that as a development culture kind of "gets it" as far as where a database engine needs to be. (i.e. Postgres seems like Oracle compared to MySQL.) However, they are still on the D- end of the bell curve.
Postgres is technically good enough to provide a SQL interface for manipulating data for most applications. However, this is only half the answer for professional organizations, but worse it's akin to saying "Look, I can brush my teeth and tie my own shoes." It's not impressive, it's expected.
<letmetellyouastory>
I used to be a mysql fan boy. It was really cool. I felt cool, because I could do all of these things, and feel really clever because I could do them for free. Then I got a job as a webmaster (used to mean *nix/oss/web/network ninja) for a real company, and all they used was Oracle. They just wanted me to make those annoying web customers shut the hell up. It was about a months worth of work, and then it was boredom.
I started volunteering to do other work that popped up during the Monday meetings. Applying patches doing admin work to Unix OSes I hadn't touched (i.e. HPUX, AIX, OSF). I then started watching the Oracle guys, and figured out what they did. I told them, that looks like MySQL. They thought I was cute, when I explained to them what it was. They then explained that MySQL sounds like a SQL interface to flat files, which it mostly was, and still is.
Long story short, I started installing Oracle on our sandbox machines, and trying to do things with it. I thought it was incredibly complex, for what it was doing. The DBAs took notice that I was becoming midly interesting, and had the company pay for Oracle training.
When I went to training I was enlightened. Not because the training is stellar, but because I then realized all of the stuff I had given no thought to. Every day I was thoroughly impressed with what was going on. "This was how a database was suppose to be run" I thought. MySQL is light years behind. If you really think about what is going on and how they are doing things, you begin to marvel at the ingenuity and understand the reason someone is rightfully asking for money.
I had my classes, I took the certification tests (mandatory to be in the DBA department), got my pay raise bump, and I haven't looked back.
</letmetellyouastory>
This is like shooting fish in a barrel. I often don't like to harp on the OSSDB fanboys, but Oracle's database solution is second to none, and continues to pull away from the pack.
First things first. Online replication is generally considered by professional DBAs a fools errand. You have to babysit and it fails at the drop off a hat for a variety of reasons. The are no good reasons to do replication in the manner they are talking about, unless that is your ONLY option.
There are however, reasons to replicate data. The reasons you want data replicated are usually for one of two reasons: availability or scalability.
To address availability Oracle provides several options that are just plain better than regular/triggered snapshot logging or materialized view refreshing over a network.
The best option is Oracle's Dataguard, which applies redo/archive logs to a duplicate remote databases. You can perform this option at the logical and at the physical level, and you can choose to maximize/guarantee the protection all the way down to best effort. This option provides the ability to have an absolutely current very warm site, a simple command and you're database is up and running.
As for scalability, again Postgres or mysql doesn't hold a candle. There are too many options to list, so I'll discuss the big ones.
Paritioning/sub-partitioning of data. The way Oracle lays out it's logical database block layer and physical OS block layer is absolutely perfect for being able to do anything you want with the database file layout. I can put my OLTP indexes and tables on fast raid10 devices, the historical and warehousing data on raid5 devices, but that's not all. I can increase parallelization of the hardware by putting a single table or index across N devices. The ability to sprinkle files and chop up data anywhere you want, is just one thing that makes Oracle configurable, scalable, and great.
Real Application Cluster (was Oracle Parallel Server). This is a for REAL clustering solution. Oracle allows several servers (can be dissimiliar in capabilities, i.e. some can have 64gig of memory and 12 processors, and then the others could be smaller dual processor machines.) to connect to the same storage (usually shared over a SAN or SCSI direct connect to EMC gear). Each of the servers is connected to a crossover/ipc LAN (we use gigabit) and now each of the servers has access to the same data. One node goes down or needs to go down for maintenance or reconfig, that's ok, the other nodes are online and traffic can be configured to automatically transfers over to the other nodes MID-TRANSACTION and picks up where it left off and the application is none the wiser (i.e. happens in seconds). The nodes share cached data over the fast network, so there is often little need to go to disk. This kind of scalability can not be found on any other database.
<rant>
The real gain for OSS and Oracle, is Linux and Oracle running on Linux. OSS databases are too immature to be let anywhere near real money. I'm not talking about ecommerce money, I'm talking about the millions and bajillions of dollars that flow like water through companies. Linux has Oracle validation and certification, which goes a LONG way in getting Linux into the real datacenters. The price point for the hardware, and the OS and the special deals that Oracle cuts for it are the true win for OSS. The performance is more than there for Linux/Intel solutions, and the price point for Intel hardware is very attractive to companies looking to cut expenses. You still have to pay homage to the Oracle and EMC gods, but even they have felt the crunch, and they too are providing competitive price points.
</rant>
So Postgres is one feature closer to what Oracle was several years ago. So what, this is embarassing. Mysql has had transactions for how long? a few days? Please people, Oracle is not resting on it's laurels waiting for anyone to catch up. They have real companies, with real money, that are real threats to them. IBM and Microsoft. Oracle, is pushing the edge on the database front, and doesn't show any signs of stopping.
An SCO story? An...as in you are pronouncing it as Esse See Oh? Please, refrain from doing this in the future, as it's impolite to the letters of the alphabet. It's pronounced skoe rhymes with hoe.
I was hoping so...it was just funny that someone else latched on to it, like you were serious.
I once went to a pre-meeting where we were going to send in the big guns (i.e. the President, Joe, who was interim President at the time) for one of our unruly customers to get them more inline with going through the proper channels in the company to request work. Unfortunately, we had our dumbass managers and sales managers there who were trying to express what we needed to change, in our pre-meeting meeting. The pre-meeting was scheduled the day before the real meeting which was to occur on a Thursday. So the President, asks "ok, what is it we want from the customer after this meeting." Our sales manager responds "Full compliance with all policies and proceedures." The President sighs and rephrases, "ok, I understand that, but specifically is there one thing that we can change, that would make things easier." Again, the sales manager states "Full compliance with all policies and proceedures." At that point people started to snicker. So one more time, the president rephrases, "ok, pretend we have had the meeting, it's now Friday, what do you want to be different." The sales manager then states "But, the meeting is on Thursday, Joe". At that point the room is bursting out in laughter, and not to be a slouch on the stupid train, our manager (our boss) feels the need to add in all seriousness "Yeah, Joe, there was an email." The room is roaring now, and people are falling of chairs. The President started looking around the room, like we were fucking with him.
Anyway, it reminded me of the two num-nums who latched on to the wrong thing. If it was intentional, it should definitely be (Score: +5 funny).
After Linus's comment, SCO has been officially designated:
SCO = Smoking Crack Organisation
As referenced here
DRDOS is a Distributed Reflected Denial of Service where the zombies (compromised computers running a program) send a few syn packets to hundreds of hosts with the source address pointing at the victim (i.e. think smurf attack, but for tcp). The resultant syn/ack packets are directed at the victim host allowing the zombie hosts to remain relatively anonymous. Furthermore, no-one except the victim is likely to notice this is occurring since the reflecting host may only get small bursts of unanswered syn packets from the victim host.
</karmawhore>
Why is this modded +interesting, and not +funny, or even more appropriate +offtopic?
I don't know why the original poster didn't just lump all of them under the catch all blanket phrase "DOS attack".
IANAL, but I have legal advice anyway that sounds close enough to what everyone watches on TV. modded +5 informative
Several faux SCO press releases where Darl McBride is claimed to have said "Our IP is also in DeCSS", announcing that SCO is preparing to sue the owners of DVD players for copyright infringmenet
One off the wall profit list
I agree. You have to do something, if your copyrights are actually being infringed. However, from what I understand, SCO is walking a very thin line.
For example:
1) The only company actually served with a lawsuit has been IBM based on a contract dispute.
2) They are charging money, for a license that agrees to hold you harmless for use of any infringing code in the Linux operating system. As far as I can tell, they aren't actually breaking the law, if anything it sounds like they are selling SCO IP insurance.
3) They are absolutely right. There are matching lines of code in both SysV and Linux. Where they came from, why, and how, and all of that is an exersize for the courts to determine if it is a derivative work or not, and this is all back to their case against IBM. I think the real truth of the matter is SCO has publicly shown all of the infringing code in the Linux kernel. (for the slow and dim witted, I am making the point they haven't really shown any)
4) They are preparing lawsuits against Linux end users, especially the ones who use AIX, Dynix, and Linux. One company who I know they are preparing a suit against is IBM, who most certainly qualifies for operating all three. They aren't technically lying about doing this either.
5) The GPL is invalid under Federal Copyright law. This is a twist of words, but Copyright law doesn't exactly govern licenses for distribution, it defines the rights of the copyright holder. I think stuff like the UCITA would be more applicable, for the GPL.
6) SCO is still offering the source code for the Linux kernel, which means they are still in compliance with the GPL.
This is spin doctoring and FUD at it's legal best. They are pushing the edge of what is legal. Some would say that is shady and underhanded, others would say that is what having a good lawyer gets you.
Lawyers are masters at this. They are suppose to take the argument of my client helps out at the orphanage, and is finishing their PhD, while at the same time saying the opposition hasn't even finished their education and hangs out with little children in his spare time.
Enjoy the drama, until there is actually something to worry about. Redhat and IBM have probably actually lost money from actually being slandered, so the countersuit and pre-emptive suit makes sense. SCO has yet to actually issue a countersuit against Redhat AFAIK.
"When in danger or in doubt, run in circles, scream and shout." - Quote from the Caine Mutiny
You must be new here. You forgot to preface your comment with the obligatory IANAL (I Am Not A Lawyer). We here at slashdot sometimes wear this as a badge, but more often that not it's a revolver with which we use to shoot from the hip about all things legal.
Anyone who follows these instructions deserves what they get. A mountain of paperwork dealing with intricate and complex laws, that makes peer reviewing the source for Windows XP seem like a walk in the park.
Want to know how to really handle SCO? Get yourself several bags of money and an IP lawyer who will tell you how to wait things out for the IBM suit.
People, IBM is mobilized, althought it may not seem like it. If SCO is not taking the IBM countersuit seriously, the officers are going to be lucky to escape with their freedom when all is said and done. IBM is going to snatch out their eye balls and grind them to the deck. IBM probably has a room full of manuals labeled "HOWTO Sue SCO" parts 1-255. All they had to do was walk down the bastard Unix wing, find the SCO room and dust them off.
This is waiting gamepeople. I know some of us have ADHD, but SCO is digging the hole, and IBM is letting them. Until any of you actually have a lawsuit or an invoice in your hands from SCO. SCO is all talk. Also, if they are distributing GPL code, and they are providing a method for getting the source...seems like they are compliant to me for that piece of software.
"yeah, I didn't even know what a nuclear planner plant was." - Homer
All I see is memory management, memory management, and more memory management. If SCO is claiming these are "stolen", then fine. Everyone and there mother comes up with their own implementation of the same damn routines for their own little pet project or module in the kernel.
You'll find more than one occurance of some variation of the following (probably just with some prefix or suffix): strcmp, strcpy, bcopy, malloc, free, strstr, etc. (ad nauseum). Each one can probably be proven to be derivative works of public domain tech.
It's bad that some developer(s) were so lazy as to not change or use the standard kernel routines, and worse that they may have copied and pasted, but this is hardly revolutionary or secret code, or even critical code that couldn't be replaced by the most junior of slashdot's anonymous cowards.
Arena memory management is covered in great detail by a number of sources, in fact the ANSI C standard describes exactly what these type of routines must do, not to mention the wealth of books out there that have half a dozen ways to skin the same cat.
Kernel programming is not as simple as calling #include <stdio> and getting a whole bunch of standard stuff. If you want a special (or even not so special) routine you have to bring it with you (i.e. code it yourself without dependencies), can't just link to the good ole' C library and compile up a kernel.
That's why it does not suprise me that there are similiar variations of MM routines out to ying yang in the Linux kernel. It also does not suprise me (now) that SCO would make an attempt to point to it as their IP. If SCO is not careful they may end up proving all by themselves they don't have any trade secrets or protection.
Once they claim past a certain number of lines of code stolen, it wouldn't be hard to function by function find similiar code within in the linux kernel group those together, and then find unique parts, that historically aren't derivatives. At that point all that has to be done is prove the grouped lines of code are public domain.
Anyone remember the reports (regardless of how accurate) of an increase in births 9 months after the 1965 NYC power outage? I call dibs on this outlandish prediction. Someone in NY better be "getting some" out of all of this.
You bring up an interesting point that isn't being well addressed. SCO has stated in the conference call that their intentions are to release a binary only run time license. Since the code is covered under the GPL, they are then required to provide you the source code free of charge except for reasonable media expenses. If they fail to do so, they are in violation and their license can be revoked, and if I remember correctly, this would mean they are infringing on all of the linux kernel developers copyright.
Once they cross the threshold of denying you the source and your ability to freely modify and distribute the source normal developers can turn on the hot water. I think what is needed is a Linux Legal "Offense" fund, to help developers go after companies that violate the GPL.
SCO needs to be reminded of which end is up. Distributing binaries, without releasing the code under the GPL is in direct violation of the GPL. Apparently they are going to directly test the very thing that needs to be tested in the courts with regards to the GPL.
Stallman wasn't awarded the title of Genius for creating the GPL for nothing. Stallman designed it so that if the GPL ends up not holding water, then basic Copyright laws take effect (which includes the often feared DMCA). Red Hat and others are not actually selling you a license, they are just charging you for the cost of putting the source code onto the media, documentation, and a nice pretty box if you would like.
SCO intends to take the work of others (which is currently protected by copyright) and sell it. At that point, at the very least they are infringing on copyright of linux developers, and they will have to reap the whirlwind of _all_ of the IP they are violating.
I believe there is more than enough kernel developers over the course of linux, to warrant a class action lawsuit against SCO for copyright infringement.
If SCO collects one penny for any binary distribution sans offering GPL'd source code, they are in direct violation and damages and other remedies can be sought under copyright law and the DMCA.
We use Oracle on Linux in production at the place I work at. Let me give you the run down...
We are using Redhat 7.3 (no AS bullshit), Oracle 9iR2 (3 node RAC) latest patches, all on top of 3 Dell 2650 2.4ghz, linked to a Brocade San using Clariion 4500 storage. The cluster network is on some silly Dell gigabit switch.
We insert 3 million rows of data daily to one node. Another node bares the brunt of 10 custom piggy java-based end user applications (across the country 30 field offices), the third node is there as a standby failover in case any of them fail.
sar reports between 15-20% cpu utilization on the active nodes. When a node fails (gets evicted by the cluster group) the applications seemless cross over to the failover node and pickup where they left off, and nary a ring on the phone. We have had applications with connections spread out across two nodes, and because of cache fusion and the fast gigabit network...pinging wasn't even really noticable.
0 problems? Well, there have been a few... You have to keep current on the oracle patches ('specially those relating to cluster management), the STOM(N)ITH or watchdog drivers have been in a period of change, and you need a seasoned DBA and SA who work well together and understand the issues. It helps if they are a cross between the two.
However, if you are looking for the 5 nines at a price that can't be beat...I heartily recommend Oracle RAC on Linux.
Win2K3 is too new to even be a sane choice. Tell mgmt. you would have to test and patch for 6 to 9 months, before it would be ready for the field. Linux 2.4 has been out for years, and is ready to do work now.
As for SCO... attacking Linux may have put them on the map, but now everyone knows where to send the nukes. IBM is going to blast them into oblivion. IBM no doubt has a pile of paperwork that they are going over with a fine tooth comb that will end up being the most solid and unbreakable defense the industry has ever seen. SCO is embarrassing themselves, and they are going to end up owing everyone an apology when they crawl out from their smoking crater of a company.
If you lose, you pay their legal fees and expenses. Not only that (if things go there way) they would get a few precedents under their belts and hand that over to competent attorneys in your local jurisdiction. Flights/hotels/car would no longer be an expense, the local lawyers would provide their own Mercedez to get back and forth to the courts.
It doesn't matter anyway, IBM is going to starve them of their cash. Only people losing money is SCO and the only people getting money is their lawyers.