Jump to content

Author Archive


Give Me My Own Cloud

Thursday, February 25th, 2010 by Jim Mlodgenski

I’ve recently attended several Cloud Computing forums and panels, and the general feeling throughout most of the audience has been that the promise of Cloud Computing sounds great, but many organizations are still apprehensive about moving to a public cloud such as Amazon’s EC2. This is understandable given security concerns and just the general feeling of a lack of control, so the concept of private clouds  becomes a great solution. It allows organizations to use the power of Cloud Computing without ever leaving the friendly confines of their own data center. There are many products that enable this such as VMWare’s vShere and the open source product Eucalyptus with many more on the way. When you look at this architecturally, this really is the next generation of virtualization giving administrators more power to efficiently use their physical resources.

The other interesting trend was the types of applications organizations are considering for use in the cloud. While there is much talk about replatforming existing application onto Cloud Computing infrastructures, many organizations seem to people getting their feet wet with new applications. They seem to be fairly traditional applications and not leveraging the elasticity of the cloud and they are just leveraging the financial benefits of not needed to procure new hardware. This trend show a lot of great promise for PostgreSQL given that Oracle does not have a favorable licensing model in virtualized environments. While Oracle is expensive in traditional environments, much of the cost benefits are eroded when Oracle is needed in a cloud environment. This is leading many people to open source solutions and PostgreSQL is a natural fit for many Oracle users.

Give Me My Own Cloud

Tags: , , , ,
Posted in Open Source Tools, postgresql | 12 Comments »



Automating Cloud Deployments

Monday, February 1st, 2010 by Jim Mlodgenski

One of the promises of Cloud Computing is the ease of spinning up new instances and adding them to an existing application allowing for elasticity, but actually doing that in practice is anything but simple. Increasing the complexity would be adding another dimension of wanting to accomplish this across multiple cloud vendors. This is important for some SAAS vendors that want redundancy or just for organizations wanting to avoid vendor lock-in. An open source project by Red Hat called DeltaCloud shows the promise of on day allowing this, but the functionality of actually configuring a running instance is not addressed. RightScale has a number of Ruby Gems that addresses the same problem as DeltaCloud, but again, it falls short on configuring a running instance. These two projects will probably progress together since DeltaCloud actually uses the RightScale Gems under the covers.  A project that handles configuring running instances well is Cloud Tools which powers Cloud Foundry for SpringSource. Cloud Tools provides a simple way to configure running instances in complex deployments which even includes setting up replication between 2 database servers. The downside is that it only works for Amazon’s EC2. Since all of the projects are open, jamming them together could be a powerful combination and may be necessary as cloud deployments become more complex across providers.

Automating Cloud Deployments

Tags: ,
Posted in Open Source Tools | 2 Comments »



Streaming PostgreSQL into the Cloud

Tuesday, January 19th, 2010 by Jim Mlodgenski

The recent Streaming Replication patch committed to the PostgreSQL source tree is the potential killer feature that can catapult PostgreSQL into a prominent position in the cloud computing landscape. This combined with Hot Standby fills a major void in PostgreSQL by providing a replication solution native to the core engine and allows for a horizontally scalable solution without any bolt ons. This is a key piece of functionality to leverage the elasticity promise of compute clouds. While it has always been possible to use replication with PostgreSQL, integrating this into the core will allow new PostgreSQL users to easily use replication without feeling overwhelmed by learning Slonik scripts. What is most exciting about this is the timing of when this is all happening. With the uncertainty of the future of MySQL, there are more people than ever looking at PostgreSQL and one of the biggest historical knocks on PostgreSQL is the lack of an integrated replication solution. This is huge as this new audience starts to look at PostgreSQL and realize that PostgreSQL can more than fit their needs as an open source database instead of MySQL.

Streaming PostgreSQL into the Cloud

Tags: , , , ,
Posted in mysql, postgresql | 35 Comments »



Does PostgreSQL Run in the Cloud?

Monday, January 11th, 2010 by Jim Mlodgenski

Cloud Computing is the new big wave in the Information technology industry, but it is an amorphous term that is commonly misunderstood. I talk to people everyday who are confused by the Cloud, but Cloud Computing is simply a shared computing resource and has actually been part of the IT landscape for many years. The Cloud Computing ecosystem can be split into three categories, Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). SaaS can be considered the first major breakthrough in what is considered Cloud Computing today with services such as Salesforce.com and email hosting like Gmail and Hotmail. PaaS evolved out of the success of successful SaaS offering and spawned platforms allowing users to enhance SaaS offerings with platforms like the Google App Engine and Force.com. The latest category of Cloud Computing of IaaS is driving the  excitement. This includes Storage Clouds and most importantly Compute Clouds. Compute Clouds are shared environments providing virtualized Operating Systems allowing users a platform to deploy applications with greater control over the resources and the ability to deploy the applications of their choice.  These Compute Clouds are where PostgreSQL can be used to back any sort of application you would run inside a traditional data center. These different types of Clouds and the use of the common Cloud Computing terminology among them leads to the confusion of what Cloud Computing really is and ultimately leads to the common question I hear “Does PostgreSQL run in the Cloud?”…Of course it does…

Does PostgreSQL Run in the Cloud?

Tags: , ,
Posted in Uncategorized, postgresql | 49 Comments »



More SQL Injection Attacks

Friday, December 4th, 2009 by Jim Mlodgenski

This summer had some high profile hacks using SQL Injection attacks, but apparently this has not spurred a focus on locking down those holes in other websites. Last month, hackers where able to cause power outages in Brazil by using a SQL Injection attack. And just this week, the Wall St Journal was hacked.

These attacks will lead to more technological innovation in the ever growing security arms race. Just yesterday, GreenSQL released a new version of their database firewall that supports PostgreSQL. While database firewall technology is an effective tool in preventing SQL Injection attacks, it may not be a viable option in many situations. Many application rely heavily on the performance and scalability of the database engine and adding a layer of complex processing between the application and database has its drawbacks. The innovation still needs to progress before SQL Injection attacks become a lot less common place in the wild world of the internet.

More SQL Injection Attacks

Posted in Open Source Tools, Security, postgresql | 12 Comments »



Monitoring the Monitoring Tools

Friday, October 23rd, 2009 by Jim Mlodgenski

Last weekend, I presented “Monitoring Your PostgreSQL Database with Hyperic” at PG Con West and while creating my slides, I looked at many other options of how to monitor production databases. I was impressed by the sheer number of options available for monitoring PostgreSQL with 19 project listed on PgFoundry, but I was also disheartened by those same number of options. Many of the projects have overlapping capabilities each written in the developer’s language of choice. Also, none of the projects provided an overarching solution that would allow administrators to monitor complex PostgreSQL deployments. This is where Hyperic fits. Hyperic allows administrators to create monitoring across complex PostgreSQL architectures such as show below.

JBoss Slony PostgreSQL

Without an integrated solution that will monitor the different pieces infrastructure, tracking down potential bottlenecks becomes a nightmare. Hyperic can be overkill in some small environments, but its model is something the PostgreSQL community should consider instead of writing yet another monitoring tool.

Monitoring the Monitoring Tools

Tags: , , , , , ,
Posted in PostgreSQL Community, postgresql | 13 Comments »



SQL Injection

Thursday, August 20th, 2009 by Jim Mlodgenski

Over the last week, the big news in the IT world that crosses over to the mainstream media is the recent ID theft case. It does not surprise me that the group was able to steal so many credit card numbers, but it does surprise me how they accomplished it. They used a SQL injection attack to plant sniffers inside corporate networks. The surprising part is that these types of attacks are preventable with good defensive programming. Simply validating the input fields passed to the backend database is a good start. Or, how about using prepared statements or stored procedures on the database that force some validation. This will not be the last time that we hear of such an attack as long as developers are not thinking like a hacker when creating their web apps.

SQL Injection

Tags: , , ,
Posted in Security | 1 Comment »



Reverse Engineering

Thursday, July 23rd, 2009 by Jim Mlodgenski

Recently, I have been digging into JPA to get a better understanding of how Hibernate and Toplink implement the API. Instead of hand coding all of the entities and the controllers, I tried using the reverse engineering facility in Netbeans 6.7 to get started. This was fantastic when working with a single table, but as soon as I tried a more complex schema it was not magic any more. I used an existing schema that was essentially a star schema with a single fact table and about 10 dimension tables. The issue was not the number of tables but rather the foreign key constraints relating all of the tables. The result was that the resulting code had multiple mappings for the key columns in each dimension table. This was easy to fix by simply deleting some lines of code, which took only a few minutes.  Overall, it was pretty impressive that one could generate a web based, AJAX enabled CRUD application in less than 10 minutes. This is an appealing aspect of layering a JPA implementation over a database, but the resulting application is far from a scalable use of database resources. In many cases, that is irrelevant and the time saving outweighs the extra database overhead, but when writing an application that needs to scale going old school and writing the SQL directly will give better results.

Reverse Engineering

Tags: , ,
Posted in Open Source Tools | 7 Comments »



PostgreSQL 8.4 Released

Monday, July 6th, 2009 by Jim Mlodgenski

Last week, the PostgreSQL community announced the general availability of PostgreSQL 8.4. This is another great release from the community with a number of great new features such as analytical functions and even deeper security. All worthy features to be highlighted as the headline of the release, but the true headline feature is not even part of the core engine. In conjunction with the 8.4 release, Bruce Momjian is in the process of releasing pg_migrator as an external project that allows users to upgrade their database in place. While most databases has had this functionality for years, it is something that PostgreSQL has lacked and in my opinion has held PostgreSQL back from deeper enterprise adoption. Previously, to move to a new major release, users would need to export their data from the old version and then import it into the new version. This works well when the database is small, but if the database is large, it could mean hours or days of downtime to upgrade the database along with at least double the storage to hold the two copies. This is completely unacceptable to  enterprises that need to maintain a 24×7 environment. I believe that pg_migrator has cleared on the the few major technical hurdles preventing PostgreSQL from widespread commercial adoption.

PostgreSQL 8.4 Released

Tags: , ,
Posted in Technical Alerts, postgresql | 5 Comments »



Features We Do Want

Monday, June 29th, 2009 by Jim Mlodgenski

One of the cool new features in the recent Postgres Plus Advanced Server release is the EDB*Wrap functionality. This fills a need in the ISV community coming from both the PostgreSQL world as well as Oracle by allowing developers to obfuscate their stored procedure code. Interestingly, this marks the second feature along with Optimizer Hints part of Postgres Plus that is “officially” designated as features the PostgreSQL community does not want.

http://wiki.postgresql.org/wiki/Todo#Features_We_Do_Not_Want

The open source dweeb in me agrees with the community’s philosophies that PostgreSQL’s optimizer should be made smarter and the obfuscation is not 100% effective, but both features fill a business need. For EDB*Wrap, the business need is to make it difficult for people to see the source code of a stored procedure when it is sent as a plain text file.

So while it is not 100% effective, when an ISV shipping their stored procedure code encounters a malicious user who has the ability to turn:

$__EDBwrapped__$
UTF8
d86XAumhB/6bQTdJStisuVDG2FE3+vUz2Bjq2neAax7iG8Vg2++x1stc0gN3pCDO1+jnOc7orT9X
4sepJrX8Vn2nEf58u+V6f5UWLj43i2hDCO9iPyEa08jA8CuTFq0dL+B0DK5ymSL2MIrRMOz/eGn0
XEaU9TgaraXbIJhlNtCf
$__EDBwrapped__$

Into:
CREATE FUNCTION foo() RETURNS integer AS $$
BEGIN
RETURN 1;
END;
$$ LANGUAGE plpgsql;

That same user can also decompile their main application and their whole application becomes “open source” to the bad guy. In the commercial world, it is hard to hold back features customers are requesting because of a corner case you can manage through other means.

Features We Do Want

Tags: , ,
Posted in Product Features | 1,015 Comments »



Connect
About the Bloggers
  • Ed Boyajian
    Ed Boyajian
    President and Chief Executive Officer
  • Jim Mlodgenski
    Jim Mlodgenski
    Chief Architect

  • Larry Alston
    Larry Alston
    VP, Marketing and Product Management
  • Bruce Momjian
    Bruce Momjian
    Senior Database Architect
  • Scott Mead
    Scott Mead
    Principal Systems Engineer
  • Ingrid Catlin
    Ingrid Catlin
    Online Marketing Manager
Most Recent Posts
Archives
Search