back to article Fedora project may expel MySQL

The developers of Fedora Linux are pondering a slap in the face for Oracle by picking MariaDB as the database for the forthcoming Fedora 19. MariaDB is a fork of MySQL, bills itself as a “drop-in replacement” for the database and is the result of efforts by Michael "Monty" Widenius, the founder of MySQL. Red Hatter Jaroslav …

COMMENTS

This topic is closed for new posts.
Gold badge

I am so glad ..

.. they do their best to keep the LAMP acronym alive :).

I mean, it could have become LAPP with Postgresql (etc for all the other DBs out there).

The two main reasons I like this move is security and control. An open product means I can have a security evaluation done that actually means something, and not having a company dictate what someone can do with it means you can't be roped into a scam scheme where a year later your costs skyrocket because you are now dependent on it (we all know who made that approach popular).

5
0
Anonymous Coward

Re: I am so glad ..

But if you wanted secure then you wouldnt be using LAMP in the first place...

Surprisingly enough, Microsoft SQL Server is by far the most secure commonly used database software on the market at the moment! (With an average of about 1 vulnerability a year)

0
15
Anonymous Coward

Re: I am so glad ..

Yet another Open Source split! As an IT Manager, this is another good reason to only buy commercial software....

1
9
Bronze badge
Mushroom

Re: I am so glad ..

Yep - old news - you get what you pay for! -

MySQL - 145 known vulnerabilities: http://secunia.com/advisories/product/8355/

SQL Server 2008 (similar age) - 4 known vulnerabilities: http://secunia.com/advisories/product/21744/

1
10
Linux

Re: I am so glad ..

@TheVogon : "Known", meaning that SQL Server is likely harbouring just as many security vulns but as yet are either a) not disclosed or b) haven't been found yet (security through obscurity) . GLWT

9
2
Anonymous Coward

Re: I am so glad ..

@TheVogon does that account for the underlying vulnerabilities of the OS too? You cant have a database server without sitting it on something and SQL server requires windows dont it?

Honest question.

1
0
Anonymous Coward

Re: I am so glad ..

MySQL is commerical software too and in fact for some functionality you only get it in the commercial version.

Real developers use Postgres.

5
0
Anonymous Coward

Re: I am so glad ..

I can answer that - No it doesnt include the OS. If you ran MySQL on Windows then it would be the same obviously, as SQL only runs on Windows server.

If you ran it on a commercial Linux distribution then the vulnerability count over time would likely be much higher. For instance SUSE 10 is now on over 3,800 known vulnerabilities now versus about 380 for Windows Server 2008....And Linux is still higher even on a 'reduced package' install that is equivalent to the contents of a Windows install!

1
4
Anonymous Coward

Re: I am so glad ..

Real developers with jobs use SQL Server, Oracle, DB2 and Sybase....

0
2
Anonymous Coward

Re: I am so glad ..

True (although large corporates / governments can audit the code) - but if there are fewer known vulnerabilities and no access to the source code - it makes it much tougher to attack either by a) using an existing vulnerability or b) to find new ones.

0
2
Anonymous Coward

Re: I am so glad ..

Sybase? - You could do better with Postgresql.

DB2 - Only big iron from IBM.

More economical to go with SQL server and Oracle.

Can scale higher with ease using Oracle.

0
0
WTF?

Re: I am so glad ..

@Miek : I'm all for promoting Open Source, but your argument is invalid. You are changing an apples to apples comparison to an apples to oranges comparison. Comparisons need to be fair and based on what we know, are you suggesting we should compare MySQL SQL Server's known vulnerabilities againt a hypothesised figure for SQL Server because you don't like the Microsoft way? Or perhaps we level the playing field and guess how many vulnerabilities we don't know about for both? It would be fantastical to suggest we already know all MySQL vulnerabilities, how are we to determine the figure of that which do not know? Either way, it is not going to produce an unbiased and skewed result. Just like anything else, we have to work with the knowns, not the unknowns.

0
2
Anonymous Coward

Re: I am so glad ..

The next fork should be moominDb.

Look, I use MS SQL, but an RDBMS from a fellow admirer of Tove Jansson - how cool is that?

0
0
Anonymous Coward

Re: I am so glad ..

Evening RICHTO/Vogon/

0
0
Silver badge
Boffin

Re: I am so glad ..

MSSQL is awesomely secure! Last time a filesystem filled up in a former job, the whole DB was impossible to recover! Maximum security: NOBODY will ever be able to read your data! HAHAHAHAHA

Honestly, I switched back to PostgreSQL a long time ago because Monty hated transactions, and that attitude was very visible in the MySQL 3.x documentation. Other gems in that documentation was raging against Foreign Keys, and basically saying you don't need subqueries, or stored procs ... whatever. I now use PostgreSQL for FOSS stuff, and DB2/Sybase/Oracle for more commercial stuff. I try to avoid MSSQL, but given that it's basically ripoff Sybase, I can do that too...

0
1
Silver badge
Happy

Re: Daniel B. Re: I am so glad ..

"......Last time a filesystem filled up in a former job......" So, you want us to accept your advice as "experienced", but admit to falling victim of a noob says admin error?

1
4
Anonymous Coward

Re: I am so glad ..

So presumably you just restored your backup and replayed your log files?

1
0
Anonymous Coward

Re: I am so glad ..

That might have used to have been the case. Now it is easier (and much much cheaper) to scale on SQL server:

http://www.tpc.org/tpce/results/tpce_perf_results.asp

http://download.microsoft.com/download/3/D/D/3DDCC479-E303-401F-9093-942549FF8A33/Redknee_Solution_Brief_with_XIO_NEC_Intel_Mar2012.pdf

http://blogs.msdn.com/b/nikosan/archive/2012/05/25/sql-server-2012-licensing-value-vs-oracle-database.aspx

0
0

Re: I am so glad ..

Of course, unlike SQL Server, MySQL/MariaDB doesn't let you exploit impersonation to compromise the OS. Just like IIS had fewer vulns than Apache but a compromised IIS usually leads to a compromised system due to impersonation privileges, while Apache on Fedora/RHEL with SELinux leads to a frustrated attacker.

I suppose if you wanted the best of both worlds you could run IIS and SQL Server on Linux... oh... wait..

0
1

Re: I am so glad ..

Except with Windows, most service compromises cause an entire OS compromise, regardless of how well you configure it. Impersonation lets even Network Service and Local Service accounts escalate to SYSTEM.

On Linux, services can be isolated to the point where a compromise leads to absolute nothing (especially if you syscall-filter and deploy AA/SELinux).

1
0
Anonymous Coward

Re: I am so glad ..

With an average of about 1 vulnerability a year

I rather like it that I can now use Microsoft's argument against them: that doesn't prove security, it's more related to the fact that nobody in their right mind uses it on a public facing server..

1
1
Bronze badge
Mushroom

Re: I am so glad ..

Thanks for making it clear that you don't understand what you are talking about. By 'impersonation' I assume you mean 'constrained delegation' - Which allows the administrator to selectively allow an account to request Kerberos tickets limited to specific services on specific servers. It does not allow you to escalate anything, and is far more powerful than anything available for services on Linux....

0
2
Anonymous Coward

so like many many other Linux distros did some time ago. Good of Fedora to keep up with the times :-)

0
0
Linux

Which ones?

Just out of interest what distro's dumped mySQL?

Im not to hot on my DB skills maybe should brush up, with this mariaDB. Whats the syntax like in comparison to mySQL queries? I read an article in Linux Format about maria couple of months ago. But have never used it.

1
0
Anonymous Coward

Re: Which ones?

Whats the syntax like in comparison to mySQL queries?

MariaDB is a drop-in replacement for MySQL. That means you should see no difference at all: just remove MySQL (keeping your data and configuration files), install MariaDB and you're done.

4
0
Thumb Up

Re: Which ones?

Sounds like a win win to me :)

0
0
Anonymous Coward

Re: Which ones?

See https://kb.askmonty.org/en/distributions-which-include-mariadb/

Note that MariaDB JDBC driver is definitely not a drop-in replacement for MySQL JDBC driver (yet); it has many bugs where methods aren't implemented. Just use the MySQL JDBC driver with MariaDB server

0
0

Re: Which ones?

I wouldn't call that "many other Linux distros". The only major one I can see is openSUSE, and they have both MySQL and MariaDB available. This is hardly the mass exodus seen from OpenOffice.org to LibreOffice.

It looks like, rather than being behind, Fedora is in the forefront here. If Fedora makes the jump then that will filter through to RHEL, which would be much more significant.

1
1
g e
Silver badge
Meh

This from Ubuntu

p maria - reachability analyzer for Algebraic System Nets

p maria-doc - documentation of Maria

nothing to see here, either.

0
0
Linux

Re: Which ones?

"This is hardly the mass exodus seen from OpenOffice.org to LibreOffice." -- It will be, I already intend to replace my MySQL instances with Maria when the next good opportunity arises and I'm sure many other Linux Admins out there are looking at the Asshole company Oracle and thinking さようなら

3
0
Linux

Re: This from Ubuntu

@ g e

https://downloads.mariadb.org/mariadb/repositories/

There are instructions for adding the repo to Ubuntu and others

1
0
Anonymous Coward

Re: Which ones?

Did both users change over then?

0
3

Re: Which ones?

It's the same thing. Nothing to brush up on.

It's like OpenOffice.org vs LibreOffice

0
0
Silver badge

Good

TIA

0
0
Silver badge
Paris Hilton

"a very large fraction of the mysql bug database is now not public"

That's pretty Nazi, why would anyone do that?

0
0
g e
Silver badge
Holmes

'Cos...

Oracle seem so preoccupied with shooting themselves in the foot lately, they obviously still have a toe left with MySQL written on it. The Java one's hanging on by a thread, too.

6
0
Anonymous Coward

Good

I hope all the others follow. Oracle are bunch of self-serving cunts that ruin every OSS project they touch.

Fuck oracle.

12
1
Linux

Re: Good

we should call 'em Forkacle

2
0

This post has been deleted by its author

Silver badge
Holmes

> if Fedora isn't even letting them do that

You sure will be able to, from an RPM or directly from source.

After all you can install the Oracle JDK too, and get patent-encumbered codecs, even libdvdcss from the "nonfree" repositories at will.

This isn't Applosoft control freak territory.

6
0

I recently deployed some mysql/mariadb servers, and did some testing.

Mysql5.5.29 outperformed Mariadb10.0 by about 20%. I would be disappointed if forced to change. Why not offer them both since they are 'dropin' replacements?

0
0
Silver badge

http://dev.mysql.com/doc/refman/5.6/en/linux-installation-rpm.html

0
0
Anonymous Coward

Top database tip.

Here's 0p. Get yourself a proper database.

http://www.postgresql.org/

10
2
Anonymous Coward

Re: Top database tip.

Well it's not quite the sieve of MySQL, but still much less secure than SQL server:

http://secunia.com/advisories/product/4587/

0
4
Silver badge
FAIL

Re: Top database tip.

I found another MS Shill! Do I win anything?

0
2

Re: Top database tip.

you mean...

'3 Secunia Advisories in 2012

Secunia has issued a total of 3 Secunia advisories in 2012 for PostgreSQL 8.x. Currently, 0% (0 out of 3) are marked as unpatched."

(and 0 in 2013 so far)

I see the same 3 advisories apply to 9.x (currently 9.0, 9.1 and now 9.2. Looking at the most significant one, SA50218, 9.1.5 with the fix to 9.1 was released THE SAME DAY AS THE ADVISORY. and, the bulk of the security exposures was with an obscure 'contrib' plugin/addon module for libxslt

1
0
Vic
Silver badge

Re: Top database tip.

> I found another MS Shill

No you didn't. It's still RICHTO.

Vic.

0
1
Silver badge
Pirate

Ahem.

Whilst I'm generally supportive of Fedora replacing MySQL with MariaDB I have to suggest that the decision may have been slightly swung by Oracle's attempts to steal RHEL customers with their substandard RHEL-clone. What I'm waiting for is RedHat to kick MySQL out of RHEL and CentOS, then I'll be quietly pouring a celebratory drink or three.

1
1
This topic is closed for new posts.

Forums