Posted on 19/1/2010, 9:00 am, by Colin Charles, under MySQL.
It’s worth noting that if you’re using MySQL 5.0/5.1, with SSL enabled, and you’re using yaSSL as opposed to OpenSSL, you’re vulnerable to CVE-2009-4484. Its a buffer overflow, that works over TCP, via the MySQL port, 3306. Lenz furnished us with some information, and the patch is available. You’ll see this rocking when MySQL 5.1.43 gets released.
It affects Debian (presumably, it will also affect Ubuntu). Red Hat/CentOS is spared, because instead of using yaSSL, OpenSSL is used.
MariaDB 5.1.41-rc (based on MySQL 5.1.41) which was just released a few days ago, naturally is also affected. The next release candidate might potentially be rebased against 5.1.42 (the builds are already ready, from what I understand), and will include this patch.
Some yaSSL trivia: did you know that one of the two co-founders of the project, is actually Larry Stefonic? Larry was an early MySQL Ab employee, holding quite a few positions at MySQL Ab; he was the President of MySQL KK (the Japanese branch), and was also SVP for worldwide OEM sales!
Posted on 12/1/2010, 11:10 pm, by Colin Charles, under MySQL.
Check out how Linden Labs, creators of the popular game Second Life, upgraded their MySQL database. The MySQL they use? Straight out of Debian! Of course, now, they’re running with the Percona patchset, against MySQL 5.0.84. Definitely a good read.
Its good to see Lars post about contributing to the MySQL replication & backup codebase. It sounds like the replication & backup team have decided that mentoring is the way to go – you get a “coach developer” if the idea is accepted. I like this very much, and sincerely hope it spreads to the rest of the server; it will help decentralise development of MySQL, and the endgame is a larger community.
It is of course, not something I embark on alone. I have a program committee, comprising of some amazing folk: Brian Aker, Kaj Arno, Roland Bouman, Sheeri K. Cabral, Robin Schumacher, Baron Schwartz, and Jeff Wiss.
I can highly encourage you to submit a proposal. You have till January 27, 2010, which basically means, less than a month, so get cracking! I also can highly recommend you to register as an attendee.
I’ll talk more about the processes, et al, in a later blog post, but I want to ensure that in 2010, we are going to be completely open and transparent in our decision making process. And I want you, the MySQL community, to participate. Watch this space for more details.
And again, its a great honour, being your Program Chair for the conference in 2010. I expect it to be a blast.
Posted on 29/12/2009, 3:27 pm, by Colin Charles, under MySQL.
The latest in the whole Save MySQL campaign: HelpMySQL.org. Monty has a really long blog post on how to help keep the Internet free. When you read that, scroll down towards “Q: How do the proposed remedies benefit your company, Monty Program Ab?” Understand that Monty is doing this for the love of the codebase and the project that is MySQL…
For me? Never again, will I recommend software for commercial use that doesn’t have a lively developer community. Sun reductions hitting open source efforts proves why – commercial (only/mostly) backed open source, just seems troublesome, when companies get merged/sold/et al.
OK, back to your regular scheduled programming. I shall enjoy my visit to a rather cold and wet London. Happy New Year!
Posted on 25/10/2009, 9:41 pm, by Colin Charles, under MySQL.
The attendees were not satisfied with the first answer RMS gave to Brian, that Harish Pillay (Chief Technical Architect, Red Hat Singapore), chose to ask RMS what more he had to say, with regards to the letter he’d written. He answered quite candidly in this video, which Brian chimed in for as well.
The back channel for all this was Twitter… Don’t hesitate to follow @harishpillay, @brianaker, @piawaugh or even @webmink (Simon Phipps, while not at the event, was available on Twitter). Some interesting reading, naturally.
Posted on 25/10/2009, 3:41 am, by Colin Charles, under MySQL.
At foss.my 2009, Brian Aker asked Richard Stallman at his keynote, about the Oracle/Sun acquisition (with a focus on MySQL), with regards to the parallel licensing approach used by MySQL. Brian was referring to:
As only the original rights holder can sell commercial licenses, no new forked version of the code will have the ability to practice the parallel licensing approach, and will not easily generate the resources to support continued development of the MySQL platform.
Colin Charles is a businessperson who's big on opensource software. Follow @bytebot on Twitter.
I was previously on the founding team of MariaDB. In previous lives, I worked on MySQL, The Fedora Project, and OpenOffice.org.
This is a personal web log, and the opinions here in no way reflect the opinions of my past, present, or future: clients, employers, or associates. Standard disclaimers apply.
Contacting me? Have a private comment? You can send email to ccharles@gmail.com.
