So found some recently discovered buffer overflow and security bypass vulnerabilities when running MySQL on Solaris 10. According to FrSIRT, these vulnerabilities "could be exploited by attackers or malicious users to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service, or execute arbitrary code." A final resolution for these vulnerabilities is pending completion according to their website.

Unfortunately, I do not have a FrSIRT account currently (need to get one ASAP) so I couldn't dig this vulnerability further. However, I am dying to learn more about this.

After having to the UC and seen some of the talks with people using MySQL Cluster it seems that it is time to hand out a good configuration template.

Unfortunately, configuring cluster is too difficult and a lot of things could be done to ease the pain. One of the problematic things customers and users always forget is to dimension the redo log properly.

However, the template below allows you to:

• Load any mysqldump i have seen to date (if you have enough DataMemory/IndexMemory to support the data set).
• ndb_restore on any data (I strongly recommend you run ndb_restore with a less degree of parallelism than what is defaut). This is regulated with the -p option. Run ndb_restore with ndb_restore -p 32 .... You may in some rare cases need to lower the degree of parallelism somewhat.
• Recover in case of node failure/cluster failure. Often the things preventing you from …

JFYI, I now placed a PDF of my MySQL Conference talk slides about "Performing MySQL backups using Linux LVM Snapshots" on my MySQL talks page. Enjoy!

A few weeks ago I was asked to isolate some functionalities from Mark Callaghan?s MySQL patch bundle. They were extensions adding per-user and per-table accounting to the database, accessible with a new set of commands such as SHOW TABLE_STATISTICS, SHOW INDEX_STATISTICS and SHOW USER_STATISTICS. The first two can interest anyone to periodically check what data or which index are the most active or which are not being used at all and could be candidates for dropping. All the patch features will surely be a great help for hosting providers to produce detailed reports on how each customer utillizes the database.

Having many different users running their queries on a single database instance means they will be constantly "battling" for the resources, each one caring only for his own application, completely ignoring the fact they chose shared …

The MySQL User Guide is worth looking at. Its not the reference manual (which is excellent - kudos to our Documentation Team). Its target audience are users that are new to databases or users that are new to MySQL in general.

What’s really interesting about the MySQL User Guide is that you can help shape it. You, the community, can participate in writing it!

I for one, know that this is the easiest way you can start contributing to any open source project. Documenting it. Soon, you will realise that you’ve become an expert (writing documentation, or giving training, will always keep you sharp). Some move on to then delving in coding, some go on being consultants, and some end up being hired by the company that sponsors …

I?ve already taken a look at MySQL?s changing business model and the potential business drivers behind the company considering introducing new functionality under to Enterprise customers only. One area that I didn?t dive into was the impact on the company?s development model.

This, in fact, was the focus of Jeremy Cole?s initial take on the news as well as a significant response from Marten Mickos. ?MySQL will start offering some features (specifically ones related to online backups) only in MySQL Enterprise,? explained Jeremy.

?As I?ve discussed before, the …

Looks like MySQL build team should add a test scenario to cover this in the automation. Even if you specify –without-server with the latest 5.1.24; it still builds all most all plugins. This is really bad deal. Forget about mandatory plugins like MyISAM, Heap and Merge; it also builds rest of the plugins unless you skip them using –without-<name> or –without-plugin-<name>. The mandatory check should also be relaxed when one uses –without-server. The configure currently throws an error with you try to skip any mandatory plugins with –without-server too.

When one need clients (directory client) and its libraries (directories like libmysql, libmysql_r and mysys, mystrings, dbug) we do not need to build the whole ‘SQL‘ dir and no need to enter the ‘storage‘ directory at all. I patched the configure script to escape all these cases now including skipping of …

Now I figured out the reason for MySQL Server 5.1.24 crash when used with InnoDB plugin 1.0. As I had a older my.cnf in the path and it had innodb_flush_method=fdatasync as the default flush method. But from 5.1.24 onwards, fdatasync is not supported as the flush method (not sure why we have such a change in the final stage of RC code, but  …)

Even though I get an error in the mysqld.err log that InnoDB failed to register; but server starts and loads rest of InnoDB information schema plugins without the main InnoDB plugin.

InnoDB: Unrecognized value fdatasync for innodb_flush_method
080423 22:36:04 [ERROR] Plugin 'InnoDB' init function returned error.
080423 22:36:04 [ERROR] Plugin 'InnoDB' …

I’m still looking for new entries. I get quite a few suggestions, but not all of them make it into quiz questions. Do send in your suggestions!

Today’s quiz question, which subsequently became three, comes courtesy of Janek Bogucki.

Since questions 2 and 3 contain hints on the other questions, they are embedded within the answers to previous questions.

Question 1: What happens if you throw the following statement at your MySQL server?

CREATE TABLE log(
name CHAR(20) NOT NULL,
count INT UNSIGNED NOT NULL
)

(more…)

Hello my dear readers.

Today I have a question for all of you. What platforms (32bit or 64 bit) do you use for your servers with more than 4Gb RAM? I’m asking because recently we‘ve hit few really weird bugs in Linux kernels 2.6.18 to 2.6.22 and all those bugs were PAE-related. Now I’d really love to move all machines to 64-bit, but I’m in doubt because we don’t know too much about Rails stack (ruby, mongrel, haproxy) on 64-bit platforms (all our DB boxes are 64-bit of course).

So, please drop me a line if you have any experience (negative or positive) with Rails platform on 64-bit machines. I’d really appreciate your help.