Eli White from Digg presented. It was an interesting talk… He covered:

You are going to get hacked…
- SQL injection
- XSS
- CSRF (cross site request forgery)
- Session Hijacking

Slides (PDF, ODP) have SQL injection/XSS example, with the hole, the attack, and the prevention.

Technorati Tags: mysqlconf, mysql, mysqluc08, mysqluc2008, eli white, …

Okay, so Markus and I did actually give the presentation yesterday  at the MySQL Users Conference and no, we weren’t booed off stage, and neither pro or anti-framework people came by to bludgeon us. Mind you, it could be that the hundred people or so were being extremely kind.

For those giving talks, remember, no matter how much you prepare, things still go wrong… In our case, when we plugged Markus’ laptop in we discovered that the projection produced an eye-watering flicker. Yay. And then, I forgot that Markus’ laptop has a German keyboard. Sigh. Despite that the presentation went well and we had some interesting post-discussion.

Couple of interesting notes though:  Only one person in the entire room had run xdebug …

MySQL Users Conference 2008 has number of Storage Engines presented which claim to Kick Ass. Walking in exhibition hall you could see KickFire, Infobright, Tokutek, ScaleDB. I have not seen NitroDB in the exhibition call this year but they are also worth to mention.
It is interesting to see all of them showing benchmarks with great numbers and glossy marketing materials explaining why they are better.

I've seen enough of marketing benchmarks at my life to really believe them. Marketing benchmarks typically show the cases when product excels but leaving limitations and cases when product does not work well and shows sub par results - and these cases always exist. Making decisions in software design you often have to made tradeoffs which makes it especially hard to get a product which performs best for ALL cases, and keep in mind performance is not the only thing you may be concerned about.

What makes it even complicated most …

For a company that wants to become the RedHat of Drupal, Kieran is pointing a lot to RedHat's competition :)

But indeed the Brainstorm idea is a good one... if Sun wants to keep up the "big user community, no contributor community" model for it's products this is the least they can do.

Kieran also calls for more crossposting between the mysql and drupal planets :)

I certainly hope all the keynotes from this year’s MySQL User Conference are posted somewhere (I suspect you probably want to have a look at the conference web site). Looking at the printed presentations will not come to the spoken presentations, especially the keynote delivered by Dick Hardt the CEO of Sxip Idenity in British Columbia on Identity 2.0

Very briefly and nowhere near as smoothly, the keynote focused on the movement of digital identity systems away from each site or “silo†controlling the identity management and closing access to your profile/role/persona data we need to move away into a much more user centric model where you control your identity. The model would focus on “issuers†which give you “the agent†your data which you then choose to relay to others. The idea being that you can …

Day two of the conference was a little disappointing, as far as sessions went. There were several time blocks where I simply wasn’t interested in any of the sessions. Instead, I went to the expo hall and tried to pry straight answers out of sly salespeople. Here’s what I attended.

Paying It Forward: Harnessing the MySQL Contributory Resources

This was a talk focused on how MySQL has made it possible for community members to contribute to MySQL. There was quite a bit of talk about IRC channels, mailing lists, and the like. However, the talk gave short shrift to how MySQL plans to become truly open source (in terms of its development model, not its license). I think there was basically nothing to talk about there. I had a good conversation about some of my concerns with the speaker and some others from MySQL right afterwards.

There was basically nobody there — I didn’t count, but I’d say maybe 10 or 12 people. I …

Here's some news: MySQL, Sun's still-shiny new open source database acquisition, will be adding new features to its Enterprise (that is, paid) version that won't be added to the Community (free and open) version.

Here's the story at ComputerWorld: MySQL reserves features for paying customers; open-source community up in arms.

Oddly enough, though, the story seems to have originated on Jeremy Cole?s blog:
Just announced: MySQL to launch new features only in MySQL Enterprise. No press releases, and the news articles I've seen so far seem to be pointing to this blog entry (and MySQL honcho Marten Mickos' response/confirmation to the entry) as their primary source. …

Jeff Rothschild of Facebook’s “A Match Made in Heaven? The Social Graph and the Database”

Taking a look at the social graph and what it means for the database.

The social graph:

• At it’s heart it’s about people and their connections.
  
• Learning about people who are in your world.
  
• Can be a powerful tool for accelerating the use of an application.
  

“The social graph has transformed a seemingly simple application such as photos into something tremendously more powerful.” We’re interested about what people are saying about us, and about our friends. Social applications are compelling.

Facebook users blew through the estimate for 6 months of storage in 6 weeks. It is serving 250,000 photos per second at peak time, not including profiles. Facebook serves more photos than even the photo sites out there, and serves more event invitations …

From Jeff Rothschild, VP of technology, Facebook

1. The power of connectedness
2. Impact on the database
3. Our challenge 

• The power of connectedness
  • photo tagging
  • getting an email that someone tagged a photo in Facebook
  • inter tagging between friends and it continues as a network
  • outstanding growth because of the photo tagging
  • 26B photos in archive now
  • Most trafficked photos applications than anybody else
  • events, invites impact on social graph
  • Opening up the social graph to outside and create a platform and API, so other developers can make use of it (28K applications so far)
  …

On Monday I had a chance to have a chat with Paul Vallee from Pythian. This was quite an enlightening talk, and I was very impressed by Paul openness and willing to share with me a lot of internal operations details. I wish there would be more people out where as open and helpful even when it comes to somewhat competing businesses. Though he is of course right - for small companies as we are there is much more business out where which is neither ours nor theirs and by being helpful to each other we can increase part of the pie to share.

Paul has significantly older (10 years) and larger (70 people) company so he has a lot to share. They have great internal systems and there is a lot we can learn from them in this area. We do fine with ours so far having just 7 active consultants but as we grow we need to get much better.

When I'm saying …