|
ratbert90 posted:I’ve maintained a “PostgreSQL and SQLite are good for 99% of all projects, and for very different reasons” for quite a while, and haven’t found a situation yet where this hasn’t held up as true. for large enterprises the savings in productivity are worth the cash.
|
#
?
Jul 18, 2018 14:48
|
|
|
|
| # ? May 20, 2024 07:18 |
|
|
Fiedler posted:for large enterprises the savings in productivity are worth the cash. where in azure sql server are these productivity savings kept?
|
|
#
?
Jul 18, 2018 15:09
|
|
|
Vanadium posted:How do people verify the signatures of npm packages? Do you keep a local database of which author/public key you trust to publish each of your dependencies?
|
|
#
?
Jul 18, 2018 15:09
|
|
|
Fiedler posted:for large enterprises the savings in productivity are worth the cash. postgres is good, mssql has better tools. both are fine choices.
|
|
#
?
Jul 18, 2018 15:25
|
|
|
just never oracle.
|
|
#
?
Jul 18, 2018 15:26
|
|
|
was there ever an effort post about why oracle sucks?
|
|
#
?
Jul 18, 2018 15:28
|
|
|
besides costing a billion dollars
|
|
#
?
Jul 18, 2018 15:29
|
|
|
I'm serious, I have no idea how security-conscious people consume packages other than pinning known-good hashes for individual deps or w/e. 
|
|
#
?
Jul 18, 2018 15:47
|
|
|
Shy posted:besides costing a billion dollars that’s the key problem though. theoretically you can do anything with oracle, and well - you just need to make theoretical amounts of money to afford that
|
|
#
?
Jul 18, 2018 15:48
|
|
|
Shy posted:besides costing a billion dollars someone with deeper knowledge will have to do the effortpost but imo it’s mostly this. it costs a fortune and doesn’t do much to justify it.
|
|
#
?
Jul 18, 2018 15:49
|
|
|
also everything is just a terrible unnecessary ordeal with Oracle, like you don't just connect to a (hostname, database, username, password) you've got all this TNS poo poo to deal with. i think the actual sql parser and compiler lives in the client as well, maybe? so that makes language bindings "fun" first party tools are some 1970s command line SQL client thing so you have to use some enterprise shitware like TOAD for interactive queries
|
|
#
?
Jul 18, 2018 16:37
|
|
|
Boiled Water posted:where in azure sql server are these productivity savings kept? tools. breadth of features. query optimizer.
|
|
#
?
Jul 18, 2018 16:40
|
|
|
Vanadium posted:I'm serious, I have no idea how security-conscious people consume packages other than pinning known-good hashes for individual deps or w/e. This is what you should do. What's the problem with this?
|
|
#
?
Jul 18, 2018 17:01
|
|
|
Vanadium posted:I'm serious, I have no idea how security-conscious people consume packages other than pinning known-good hashes for individual deps or w/e. why would you perform a security audit on a proof of concept? you're not deploying node to production are you?
|
|
#
?
Jul 18, 2018 17:12
|
|
|
Vanadium posted:I'm serious, I have no idea how security-conscious people consume packages other than pinning known-good hashes for individual deps or w/e. host known-good versions on an on-prem artifactory instance and have builds consume those
|
|
#
?
Jul 18, 2018 17:13
|
|
|
i feel like hash pinning is probably the right solution but with the number of deps npm libraries pull in it seems untenable to me. but i could be wrong.
|
|
#
?
Jul 18, 2018 17:15
|
|
|
abigserve posted:what's with every Java application ever written feeling like absolute hot trash to use it's a gigantic tower of plugins written by 300 authors around an api meant for a single user
|
|
#
?
Jul 18, 2018 17:23
|
|
|
Fiedler posted:tools. breadth of features. query optimizer. i think you would be surprised at how good postgres is these days
|
|
#
?
Jul 18, 2018 17:29
|
|
|
ms sql is good i just don't see why i would want to pay for it in the year 2018 when postgres isn't terrible anymore
|
|
#
?
Jul 18, 2018 17:29
|
|
|
Are there Postgres equivalents for MemSQL and TokuDB? They are amazing when you fit the requirements.
|
|
#
?
Jul 18, 2018 17:35
|
|
|
MrMoo posted:Are there Postgres equivalents for MemSQL and TokuDB? They are amazing when you fit the requirements. postgres is primarily built out of plugins so someone will sell you a plugin for literally anything dude (that said i am pretty sure the base postgres is faster AND higher conformance to standards than tokudb anyway)
|
|
#
?
Jul 18, 2018 17:37
|
|
|
Notorious b.s.d. posted:ms sql is good i just don't see why i would want to pay for it in the year 2018 when postgres isn't terrible anymore i'm not saying that postgres is terrible. I'm saying that enterprises get value from the productivity gains of using better tools, having features they need built in, and having a very forgiving query optimizer. it turns out that developers are very expensive and paying them to waste time can be even more expensive than a sql server license. but i'm curious - have you used mssql and its tools? sql server database projects?
|
|
#
?
Jul 18, 2018 18:35
|
|
|
SQL Server comes with a lot of really good add ons too like SSIS and SSRS that are part of the base license.
|
|
#
?
Jul 18, 2018 18:39
|
|
|
cto at my company is ex-microsoft two of the top devs used to work directly on sql server itself, also ex-microsofties we just did a mass hire of 4 dudes direct from a failing startup, all ex-microsoft except one we use postgres, lol
|
|
#
?
Jul 18, 2018 18:42
|
|
|
Shaggar posted:you still don't understand. he didn't get his key pwned he got his npm creds pwned because npm is an untrustworthy host that doesn't enforce mfa. package signing would have protected everyone from this attack since his key was never stolen. I understand package signing just fine, but people seem to call for it to exist when it would solve very few problems. Debian package signing is a joke. There are multiple authors that can publish the estest package. How should they manage this? 1. Each maintainer has their own privkey, and the user is supposed to add all of the authors to their system. If so, how are new keys communicated officially if a new maintainer joins? 2. There's a single privkey, and it's shared between all the maintainers on their local hard drives. 3. Set up a shared build infrastructure with a private key stored on the server, and build a system so that only maintainers can publish a release? If so, how do users authenticate with a server? Username/password? What happens when a key is compromised? Key revocation?
|
|
#
?
Jul 18, 2018 18:42
|
|
|
Vanadium posted:I'm serious, I have no idea how security-conscious people consume packages other than pinning known-good hashes for individual deps or w/e. People are laughing because key management is the unsolved problem and what happens in practice is that everyone presses "yes" to the prompt and installs the malware anyway. Debian solves this problem by having shared infrastructure that anybody can use to sign the malware with its key.
|
|
#
?
Jul 18, 2018 18:43
|
|
|
bob dobbs is dead posted:cto at my company is ex-microsoft oh they worked on sql server? then odds are very good that they have zero experience using an rdbms in the real world and probably couldn't tell you how to run visual studio.
|
|
#
?
Jul 18, 2018 18:51
|
|
|
Suspicious Dish posted:People are laughing because key management is the unsolved problem and what happens in practice is that everyone presses "yes" to the prompt and installs the malware anyway. Debian solves this problem by having shared infrastructure that anybody can use to sign the malware with its key. gatekeeper works pretty well i mean, unsigned apps are rare enough that the prompt makes me go "hmmm" before clicking "yes run it idgaf"
|
|
#
?
Jul 18, 2018 19:05
|
|
|
abigserve posted:what's with every Java application ever written feeling like absolute hot trash to use idk what you’re talking about tbqh. I’ve not used the Jenkins gui but there are plenty of java apps that run perfectly well, like jetbrains ides (or eclipse, if you’re a shaggarite)
|
|
#
?
Jul 18, 2018 19:10
|
|
|
re: java-looking stuff and apprehensions of badness, hm, I think good-looking applications tend to be like the opposite of brutalist architecture: if at first glance you can tell what it is made out of, that's a negative quality signal. I literally have poo poo-talked jenkins' gui for basically this reason, though it's less because it looks java-y and more because several views look like random HTML fragments thrown together
|
|
#
?
Jul 18, 2018 19:22
|
|
|
from a ways back, but i'm the constant stream of people leaving
|
|
#
?
Jul 18, 2018 19:23
|
|
|
MALE SHOEGAZE posted:i feel like hash pinning is probably the right solution but with the number of deps npm libraries pull in it seems untenable to me. but i could be wrong. If your tools make it impractical to do a reasonable thing, then it is not the reasonable thing that is wrong.
|
|
#
?
Jul 18, 2018 19:28
|
|
|
a lot of java software has some trash ui thrown together in swing since it's one of the easiest ways to throw up a quick cross platform ui if you don't care about look and feel like all software, quality takes effort
|
|
#
?
Jul 18, 2018 19:30
|
|
|
Fiedler posted:i'm not saying that postgres is terrible. I'm saying that enterprises get value from the productivity gains of using better tools, having features they need built in, and having a very forgiving query optimizer. it turns out that developers are very expensive and paying them to waste time can be even more expensive than a sql server license. yeah and like ten years ago that would have actually mattered, and paid for sql server. today postgres actually has a great query optimizer, and a huge ecosystem of tools microsoft isn't porting sql server to linux and cutting prices out of the goodness of their hearts Fiedler posted:but i'm curious - have you used mssql and its tools? sql server database projects? i haven't worked with ms sql in five years -- two jobs ago it was p. dang nice maybe not hundreds of thousands of dollars per year nice, but i have nothing bad to say about it
|
|
#
?
Jul 18, 2018 19:30
|
|
|
prisoner of waffles posted:I literally have poo poo-talked jenkins' gui for basically this reason, though it's less because it looks java-y and more because several views look like random HTML fragments thrown together of course, it is exactly this
|
|
#
?
Jul 18, 2018 19:31
|
|
|
Fiedler posted:i'm not saying that postgres is terrible. I'm saying that enterprises get value from the productivity gains of using better tools, having features they need built in, and having a very forgiving query optimizer. it turns out that developers are very expensive and paying them to waste time can be even more expensive than a sql server license. so this is interesting. the number of developers who as part of their jobs write queries against a database roughly scales with its importance which in turn roughly scales with its size and query volume and thus the number of cores that need to be devoted to it. the exact ratios are going to vary wildly but let's be really conservative and assume that it's as low as two cores per developer. so at standard ms sql licensing rates that's about $30k, per developer per year, that has to be saved in developer productivity solely by using ms sql over postgres. so somewhere around 10% of a programmer's total work time for the year, when most of those programmers probably spend no more than 20% of their total work time writing database code at all. (a full-time database specialist is definitely contributing way more than two cores of workload to this database) like, your phrasing here is illuminating, because it's very much the same line of thought that leads rich people to spend hundreds of thousands of dollars in wealth-management fees in order to get marginally better returns than a vanguard index fund. "i'm important enough to justify spending more money on this, so let's spend more money"
|
|
#
?
Jul 18, 2018 20:18
|
|
|
Fiedler posted:tools. breadth of features. query optimizer. postgres 10 is almost as good as sqlserver was in uh 2004, if not better in some places, but like since then mssql has gone on to do a lot more performance work, amongst other things like if you're using an ORM, or you're using it as a fancy object store, then it doesn't much make much of a difference but if you're doing DBA poo poo with a team of DBAs then it'll make a difference
|
|
#
?
Jul 18, 2018 20:28
|
|
|
jenkins has an rpc mechanism where it just serializes a function to be run on the target machine need to recursively delete a directory? just serialize a recursiveDelete() function and send that to the machine to be executed! this is also why jvm versions must exactly match across a jenkins install
|
|
#
?
Jul 18, 2018 20:29
|
|
|
Suspicious Dish posted:I understand package signing just fine, but people seem to call for it to exist when it would solve very few problems. Debian package signing is a joke.
|
|
#
?
Jul 18, 2018 20:40
|
|
|
|
| # ? May 20, 2024 07:18 |
|
|
rjmccall posted:so this is interesting. the number of developers who as part of their jobs write queries against a database roughly scales with its importance which in turn roughly scales with its size and query volume and thus the number of cores that need to be devoted to it. the exact ratios are going to vary wildly but let's be really conservative and assume that it's as low as two cores per developer. so at standard ms sql licensing rates that's about $30k, per developer per year, that has to be saved in developer productivity solely by using ms sql over postgres. so somewhere around 10% of a programmer's total work time for the year, when most of those programmers probably spend no more than 20% of their total work time writing database code at all. (a full-time database specialist is definitely contributing way more than two cores of workload to this database) 1) nobody pays retail for anything and the standard sku in ms sql 2017 has nearly all of the previously enterprise-only features 2) you're excluding the cost of third party functionality to replace missing features 3) you're excluding the cost of avoidable oopsies due to increased complexity
|
|
#
?
Jul 18, 2018 20:54
|
|