Translation by Lenz Grimmer, German version here . A twitter thread by Christian Basl discussed the dissection of the “Learnu” app . Basl wrote: Learnu operators say they have no expertise in IT security and have relied on outside consultants. As a result, Learnu came to market insecurely, unbeknownst to them. In the discussion that developed, Andreas Dewes took the view that Most startups I know go through a phase where IT security and compliance tend to take a back seat.

Ein guter Freund sinnierte gestern mit anderen Freunden von mir über die Situation auf der Arbeit und schrieb mir heute: Wie man es auch dreht und wendet: Corona ist auch ein Lackmustest für Unternehmen in ihrer Rolle als Arbeitgeber. Anhand der vierten Welle lässt sich das hervorragend nachvollziehen. Denn Unternehmen und Organisationen, denen am Wohl ihrer Mitarbeiter/-innen etwas liegt, haben schon vor Wochen überall dort, wo es möglich ist, ihre Leute kategorisch wieder ins Homeoffice geschickt und Präsenzveranstaltungen untersagt.

Wir sprachen in Software Defined Silicon darüber, wie die CPU-Bedürfnisse von Hyperscalern und normalen Kunden divergieren. Hyperscaler haben Interesse an immer größeren CPUs mit immer mehr Kernen, und immer höherer Dichte in ihren Rechenzentren. […] Normale Kunden sehen das nicht so: man kann in einer 64C/128T-Core-Single-Socket-Konfiguration mit 2-4 TB RAM unter Umständen den gesamten Serverbedarf einer kleineren Firma in einer einzelnen physikalischen Maschine in VMs unterbringen. Das Problem dabei: Explosionsradius, wenn mal etwas ausfällt.

At work, replication is a central feature in our MySQL Standard Architecture. But until MySQL 5.6, replication was strictly sequential: Even if transactions happened in parallel on a primary, they would be downloaded to the replica by the IO_THREAD into the relay log. From there, a single SQL_THREAD would apply them, one after the other in strict binlog order. That can lead to Replication Delay. We had a monitor for that, courtesy of Dennis Kaarsemaker .

I started blogging almost 20 years ago, because a piece of software I was using to manage calendars and discussion boards to organize the “Dienstag” also offered blogging functionality. That software was very buggy and full of HTML injections. My patches to fix things touched almost all files, and were rejected, because they… touched too many files. So I was looking around for something better, and the good people on ircnet:#php.

What is “relational” and “algebra” about “Relational Algebra” and SQL? It is likely that you know all this. There is nothing new in this text, if you had Databases 101 in school or university, so you do not have to read any of this. In case you had not, or you forgot because it was a long time ago, here it is, again. *This is the english version of a much older german writeup .

As a developer using Python, I want to be able to hand a list to an SQL statement with a WHERE id IN (…) clause, and it should do the right thing. Well, that is not how it started, because it was asked on the internal no-work-channel, so it kind of escalated more. A question The original question was: Dev> Why is it 2021, and SQL prepared statements still can’t deal with IN?

I wrote on Twitter something about the term “Metaverse”. That led to a contact with Michael Carl , who wanted to make an episode for his Podcast with me. My german notes and talk prep are now also available here: Metaverse The term “Metaverse” was initially coined by Neal Stephenson in 1992, but in the context of the current discussion it was defined as in The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite by Matthew Ball.

Ich schrieb auf Twitter was zum aktuellen Begriff “Metaverse”. Das hat zu einem Kontakt mit Michael Carl geführt, der mich in seinem Podcast haben wollte. Meine Gesprächsnotizen und Vorbereitung habe ich nun auch hier: Metaverse Der Begriff “Metaverse” stammt ursprünglich von Neal Stephenson, aus dem Jahre 1992, aber er ist im aktuellen Kontext von Matthew Ball in The Metaverse: What It Is, Where to Find it, Who Will Build It, and Fortnite mit Sinn gefüllt worden.

It occurred to me that I do not know nearly enough how git works, internally. The contents of the .git directory seem to be accessible enough, so I am going on a Safari in the git repository of this blog. You can follow along if you check out the blog . Refs All things git live in .git. The thing we are working with seem to live in .git/refs: $ find .

This is how you can make an empty commit: $ git commit --allow-empty -m "Kick it" This has the disadvantage of also generating a commit message. Another way to achieve this seems to be $ git commit --amend --no-edit && git push -f but that will make people hate you in other ways. So lets stop and ask: Why would you want to make an empty commit? Most people want this because they attached a server-side action to a commit, a CI/CD activity.

Linus Neumann zitiert Prof. Norbert Pohlmann : Ich glaube, das ist so. Diese 100%ige Sicherheit wird es nicht geben, und wenn der Chaos Computer Bild was findet, dann findet er das, und dann sagen wir, das ist gut. Und dann überlegen wir uns, wie wir das wieder schließen können und dann ist es wieder besser. Und dann können sie auch weiter suchen. Also, ich glaube, wir brauchen auch eine andere Grundhaltung und es geht nicht immer um 100 %, sondern die 99 %, die reichen und wir müssen mit den Restrisiken umgehen.

Es beginnt mit einem Tweet von Manuel Atug : “Wegen Überlastung der Server: #Notruf-App vorerst nicht mehr in App-Stores” und der Tweet verlinkte einen (inzwischen nicht mehr existierenden) Artikel beim Deutschlandfunk. Christoph Petrausch erklärt, wie solche Projekte falsch laufen können: Sowas erfordert eine Fehlerkultur. Du musst als Organisation in der Lage sein, nach so einem Incident einen Schritt zurückzutreten. Alle Fakten auf den Tisch zu legen und zu fragen: Warum kam es dazu?

Golem titelt Intel will Xeon-Funktionen als Lizenz-Update verkaufen : Intel will Xeon-Funktionen als Lizenz-Update verkaufen. Mit dem Software Defined Silicon will Intel in Xeon-Hardware zunächst abgeschaltete Funktionen künftig als Lizenz-Upgrade bereitstellen. Manuel Atug ranted darüber auf Twitter: Wenn dir die eigene Hardware nicht mehr gehört… Intel will Xeon-Funktionen als Lizenz-Update verkaufen “Mit dem Software Defined Silicon will Intel in Xeon-Hardware zunächst abgeschaltete Funktionen künftig als Lizenz-Upgrade bereitstellen.” Ich antwortete :

I ranted about hiring interviews, and the canned questions that people have to answer. One of the interviews we do is a systems design interview, where we want to see how (senior) people use components and patterns to design a system for reliability and scale-out. A sample question (based on a Twitter thread in German): It is 2010, and the company has a database structure where a fixed number front end machines form a cell.

My task is to collect performance data about a single query, using PERFORMANCE_SCHEMA (P_S for short) in MySQL, to ship it elsewhere for integration with other data. In a grander scheme of things, I will need to define what performance data from a query I am actually interested in. I will also need to find a way to attribute the query (as seen on the server) to a point in the codebase of the client, which is not always easy when an ORM or other SQL generator is being used.

My task is to collect performance data about a single query, using PERFORMANCE_SCHEMA (P_S for short) in MySQL, to ship it elsewhere for integration with other data. In a grander scheme of things, I will need to define what performance data from a query I am actually interested in. I will also need to find a way to attribute the query (as seen on the server) to a point in the codebase of the client, which is not always easy when an ORM or other SQL generator is being used.

Like I said, I never had much reason to use table compression, and only recently looked into the topic. MySQL Page Compression looks a lot easier at the database end of things, but relies on hole punching support in the file system. Let’s have a look at what that means. Files, Inodes and Arrays of Blocks The original Unix filesystem saw the disk as a sea of blocks, which were represented in a free map as an array of bits.

For the MySQL Million Challenge, I was going through the server syntax in order to understand what things can be created in the server. And now my OCD triggered. DDL is a mess. Creation As a database developer, I want to be able to create server objects using the CREATE thing syntax. The server gives you that for the following things: DATABASE EVENT FUNCTION (and FUNCTION SONAME) INDEX LOGFILE GROUP (NDB only, not going to look at this) PROCEDURE RESOURCE GROUP ROLE SERVER SPATIAL REFERENCE SYSTEM TABLE TABLESPACE TRIGGER USER VIEW Safe creation As a database developer I want to be able to script things safely, so I need IF NOT EXISTS clauses in my CREATE syntax.

A long-standing idea that I have is to test the servers limits: How does it fail and break if there are very many of a thing? Previously that was too easy, because many structures were constructed in a way that it was obvious they would not scale. But with MySQL 8 many things were overhauled, so let’s see what we can make many of and see how the server fares.