Why do we release MariaDB again only a week after the 10.5.7, 10.4.16, etc? What’s the emergency?
The previous, scheduled, set of releases (10.2 and up) included a security related change — MariaDB server became more strict about accepting network packets from the client. It never was particularly trusting, but still there was a loophole in the handling of prepared statements where the server just assumed that the client sends the correct data. …
MariaDB Server 10.4 came with a whole lot of Security related changes. Some of them are merely optimizations (like MDEV-15649), some improve existing features to be more robust (MDEV-15473, MDEV-7598) or convenient (MDEV-12835, MDEV-16266). Some are MySQL compatibility features, requested by our users (MDEV-7597, MDEV-13095).
But the first thing any MariaDB Server user, whether an experienced veteran or a newbie, does — before even issuing the first SQL statement — is logging in. Authenticating to the database server. …
My first encounter with the gdb command duel was on some old IRIX about 15 years ago. I immediately loved how convenient it was for displaying various data structures during MySQL debugging, and I wished Linux had something similar. Later I found out that Duel was not something IRIX specific, but a public domain patch for gdb 4.6 written in ’93 by Michael Golan. Unfortunately, it never got into gdb (for licensing reasons, so I’ve heard). Now the gdb 8 is out, and the patch, obviously doesn’t apply. Instead of fixing the patch, I’ve re-implemented Duel in Python, using gdb Python API and the Arpeggio parser. …
Anyone who has peeked inside a gdb manual knows that gdb has some kind of Python API. And anyone who has skimmed through has seen something called “Pretty Printing” that supposedly tells gdb how to print complex data structures in a nice and readable way. Well, at least I have seen that, but I’ve never given it much thought. Still, one day, when I was typing:
(gdb) p/t table->read_set->bitmap @ (table->read_set->n_bits+7)/8
for the umpteenth time I asked myself, “why the heck not?”, and so it begun…
MySQL 3.20 to 4.0
In the good old days, when 32MB of RAM justified the name my-huge.cnf, when nobody knew Google and Facebook didn’t even exist, security was… how do I put it… kind of cute. Computer viruses didn’t steal millions and didn’t disrupt elections — they played Yankee Doodle or told you not to play with the PC. People used telnet and ftp, although some security conscious admins already knew ssh.
Somewhere around this time, give or take a few years, MySQL was born. And it had users, who had to be kept away from seeing others’ data, but allowed to use their own. …
And for the fourth year in a row, MariaDB Foundation participates in the Google Summer of Code! The MariaDB Organization in GSoC is an umbrella organization for all projects that belongs to the MariaDB ecosystem, be it MariaDB Server, MariaDB Connectors, or MariaDB MaxScale. The complete list of our suggested project ideas is in MariaDB Jira. This year we were granted 10 student slots (as compared to 8 last year, 5 in 2014, and 3 in 2013). And it was good, as applicants this year were exceptionally strong. Our students have chosen these projects:
For the server:
- MDEV-7773 Aggregate Stored Functions
- MDEV-8947 Cassandra connector support for 2.x
- MDEV-4989 Support for GTID in mysqlbinlog
- MDEV-9711 NO PAD collations
- MDEV-9197 Pushdown conditions into non-mergeable views/derived tables
- MDEV-371 Unique indexes for blobs (server-side implementation) and adaptive hashing for generated hash
- MDEV-371 Unique indexes for blobs (in MyISAM, Aria, InnoDB, and XtraDB)
student: Varun Raiko, mentors: Sanja Byelkin and Vicențiu Ciorbaru
student: Charles Muurmu, mentor: Sergey Petrunia
student: Becca Tucker, mentors: Lixun Peng and Colin Charles
student: Daniil Medvedev, mentor: Alexander Barkov
student: Galina Shalygina, mentors: Igor Babaev and Sergey Petrunia
student: Sachin Setiya, mentor: Sergei Golubchik
student: Shubham Barai, mentors: Jan Lindström and Sergei Golubchik
For the MariaDB Connector/C:
- CONC-125 Import and export popular data formats from and to dynamic columns
student: Kris Massey, mentors: Georg Richter and Sanja Byelkin
For the MariaDB MaxScale:
- MXS-1 MaxScale filter to real Microsoft SQL Server syntax
student: Lisa Reilly Brinson, mentor: Markus Mäkelä
- Provide GTID support for MariaDB MHA
student: Charles Dirk, mentor: Colin Charles
Many projects have two mentors to ensure that the student always gets a quick answer to his questions and someone is always available to help even if one of the mentors is, for example, on vacations. …
Usually when one says “SSL” or “TLS” it means not a specific protocol but a family of protocols. Wikipedia article has the details, but in short — SSL 2.0 and SSL 3.0 are deprecated and should not be used anymore (the well-known POODLE vulnerability exploits the flaw in SSL 3.0). TLS 1.0 is sixteen years old and while it’s still being used, new security standards (for example PCI DSS v3.1) require TLS 1.1 or, preferably, TLS 1.2.
MySQL used to support TLS 1.0 since 2001. Which means MariaDB supported it from the day one, and never supported weaker SSL 2.0 or SSL 3.0. …
Sometimes users ask for something that doesn’t really make sense. On the first glance. But then you start asking and realize that the user was right, you were wrong, and it is, actually, a perfectly logical and valid use case.
I’ve had one of these moments when I’ve heard about a request of making triggers to work on the slave in the row-based replication. Like, really? In RBR all changes made by triggers are replicated from the master to slaves as row events. If triggers would be fired on the slave they would do their changes twice. And anyway, assuming that one only has triggers one the slave (why?) in statement-based replication triggers would run on the slave normally, wouldn’t they? …