I just read a good article at TechRepublic about MySQL vs. Microsoft SQL. Overall, the article is pretty well-rounded. Good reading. (And short!)

The author based the review on several features, including:

• Licensing Cost
• Performance
• Replication
• Security
• Recovery

The final winner:

If you were hoping to get an ironclad recommendation that one database is better than the other, I’m going to disappoint you. From my point of view, any database that helps you do your job is a good database; one that doesn’t is a bad database. I can tell you that to make a good decision about which of SQL Server and MySQL will help you most, you’ll need to look beyond politics and hype and instead look at function and mission. What do you want to accomplish?

No surprise there of course.

What I did find interesting is that Sanders took the time to explain that MySQL is not free unless you are developing an open source application, but otherwise you have to pay for it. Hmm, I have to admit I’m not 100% on the licensing terms for MySQL. Is this totally accurate? What if I’m developing a revenue generating website based on top of MySQL as the RDBMS? Does that mean I have to pay MySQL AB?

For years, many people have argued that one of PHP’s big successes is deployment. The language has little to recommend it for anything beyond simple database-backed HTML templating, but there’s little easier than dropping a couple of .php files in a directory through FTP.

While there are still millions of wonderful (and ultimately unproductive) flamewars about how mod_php is faster than vanilla CGI Perl and Ruby uses too much memory and FastCGI is unstable and shared-everything on a monster JVM is obviously more scalable, none of that will ever matter to most of the deployed PHP code in the world today.

A Perlbuzz commenter named Yudel made the deployment/colonization point very clearly:

I still think in Perl, but as an only occasional programmer, I seldom find it the best tool for the job. The Perl community failed to successfully colonize the new ecosystems of programmers who don’t have root access. Simply asserting that PHP is linguistically inferior won’t convince anyone who has had to argue with a web hosting company about the load MovableType was placing on their servers.

mod_perl is great for what it does, but it’s clear that mod_perl isn’t what hosting providers most wanted. A slim Perl distribution — including perhaps a new Apache httpd module which only embeds Perl — with a good templating module, the DBI, and perhaps an XML parsing module or two could have put Perl on more $4.95/month hosting plans. The corollary to that of course is an easily installable bundle of Pure Perl for an application.

Sure, that doesn’t cover everything. You probably can’t get RT orPlagger or Angerwhale in such a system, but it’s a start.

Ceding the very low end of a technology to an upstart is just one of the ways to let distruptive innovation eat your lunch.

One flaw in this argument is that approximately zero webhosts supported Ruby before the Rails lovefest. As well, the Rails deployment strategy went through several iterations. Here’s the interesting point which subverts my argument somewhat: Rails hosting suddenly became lucrative enough that several Ruby-friendly hosts appeared.

I haven’t yet figured that out.

Miguel de Icaza announced the first public release of the Mono based Moonlight for Linux. This supports the Microsoft Silverlight 1.0 video playback, not the 2.0 version that includes a .Net Framework.

You can find the Moonlight website at:

http://www.mono-project.com/Moonlight

Other reference: Port 25 Moonlight blog entries

I recently communicated 3 security issues in the Safari browser to Apple.

Apple let me know that they will fix 1 of the issues I reported. I will not discuss the vulnerability Apple has promised to fix until they release the fix because it is a high risk issue affecting Safari on OSX and Windows.

I let Apple know that I’d like to discuss the 2 issues they won’t be fixing with the security community and they let me know they are fine with it.

I happened to come across this article in Redmond Developer News recently…

Redmond Among Contributors to Open Source PHP Framework

…about contributers to the Zend Framework. Among the many (400) contributers to the project are Google and Microsoft. It’s probably just me, but I found it amusing (in a good way) that the two arch-rivals contributed pieces to the same Open Source project.

The article goes on to describe how Microsoft sponsored work to enable InfoCard (now called CardSpace) support in a number of Open Source products including Zend and Ruby on Rails.

Yesterday Google celebrated the opening of a larger Cambridge, Massachusetts office, which takes up a substantial part of a building right next to the Kendall/MIT subway stop in the higher-than-high tech area of East Cambridge. I got a look at their new Friend Connect service (covered in a related Radar blog) and heard some fascinating comments that the staff kindly let me reproduce here.

Google staff certainly know how to say the right things and react in ways I approve to the situations Google finds itself in. More and more people I know (including authors) are Google employees, which is statistically predictable because more and more people in general are Google employees. The Cambridge office has been growing wildly since it began with the purchase of the company that created Android. And this office is one of 45 Google offices around the world.

This raises the question of whether the empire can be supported through continued sales of advertising, and whether Google’s stated openness carries through to employee behavior on the ground. I explored these questions with managers and staff at

On a recent consulting gig, a client had the requirement that a JavaScript deliverable needed to run in a self-enclosed script tag that would be arbitrarily placed within the body of a page. In other words, I needed to deliver a JavaScript file such that the following code snippet would work:

<!-- somewhere in the page... -->
<div id="specialContainer">
    <script type="text/javascript" src="foo.js"></script>
</div>
<!-- ... -->

So, in the end, it’s a pretty routine chore. A special container needs to exist at an arbitrary place in the page, the self-enclosed script tag will do some DOM building within it, and all of the magic happens therein. Well, hopefully, it goes without saying that I wanted to streamline the time it took me to complete this task with the help of Dojo.

Microsoft’s Patch Tuesday will be upon us soon patching 3 critical and 1 moderate security problems. Security issues aren’t just a problem for Microsoft software of course. And, I recently learned about…

oCERT: Open Source Computer Emergency Response Team

…which describes itself like this…

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

There doesn’t seem to be a lot there yet (only 4 advisories posted so far, the last on April 17). But, I hope oCERT will become a good resource for those of us who deploy a lot of Open Source applications.

Port 25 Security Related Blog items

Okay, actually, there are a number of virtualization options not listed in the title, but the one nobody seems to be talking much about Sun’s xVM VirtualBox. But, wait! you say, Sun begs to differ: “Sun xVM VirtualBox software is the world’s most popular open source virtualization platform because of its fast performance, ease of use, rich functionality, and modular design.”

Some cool features of VirtualBox include:

• Seamless windows - rather than a whole desktop environment, just the guest application windows can co-exist alongside native host applications.
• Shared Folders - easily move documents and files between the host and guest systems.
• Mouse pointer integration - it just works how you’d expect it to.
• Dynamically adjustable screen resolution in the guest.
• Time Synchronization.
• Shared clipboard.

A lot of that is available elsewhere (e.g., time sync and shared folders), but seamless windows is a nice touch.
AND, VirtualBox is open source!

Do check it out.

The heapq implements a min-heap sort algorithm suitable for use with Python’s lists.

There’s an interesting four page PDF file that appeared recently on the Microsoft downloads site titled…

Open Source at Microsoft CodeBox: Bringing the Open Source Approach In-House

It answers the question: Could the community and collaborative concepts that
underlie open source projects be applied internally to Microsoft product engineering?

CodeBox is an software development environment that was developed as an internal tool to help Microsoft apply the Open Source software development model internally. It gives Microsoft’s programmers and internal tool to manage shared code.

If anyone was interested in a great Google App Engine project, I would love to see a community blog/speaker registration tool. Jeff Rush mentioned something like this a couple of PyCons ago, but now there is the technology available for free with Google App Engine. Basically, it would be cool to have a google app engine app that allowed organizers to book meetings and plan them, then post about the meetings, and finally “book” speakers that happen to be traveling to that city.

Currently there is this blog, but I find it difficult to post the data there, plus our meetup site, plus by email…etc. Making this process easier would be awesome.

On a side note, is there a chart somewhere that graphs what open source web application components are working and what isn’t on google app engine. For example:

Templates:

Genshi
Django
Mako

URL:

blah

Frameworks:

blah

I like numbers. They can mean a lot of things.

Rather than continuing silly arguments over obfuscated and flawed measurements of “language popularity”, perhaps a better way of measuring the viability of a language or platform is to measure the freshness of its ecosystem.

LaPerla’s How Fresh is the CPAN? measures the upload dates of one of the world’s largest and most active repositories of free software. Of the 12,000 (or is it 14,000 now?) distributions on the CPAN, 25% have a most recent upload date of February 2008 or newer. Half have an upload date of 2007 or newer.

You don’t get those kinds of statistics by putting “Ruby Programming” into Google and pretending the results are meaningful.

If you are at all familiar with the UNIX or Linux world, you will know about the Pluggable Authentication Module (PAM) functionality. Essentially, PAM is a highly extensible login framework for authenticating and authorizing a user for access to a server. Prior to PAM, most logins worked directly against the local /etc/passwd database, but with PAM, users are authenticated against the PAM library, which in turns relies on a series of “modules” (surprise!) that return a Yes/No response. On many UNIX and Linux boxes, PAM still relies on /etc/passwd, but it doesn’t have to—and often doesn’t. For example, LDAP is quite often supported for authentication, and this is done by simply adding the right LDAP module to your PAM configuration.

Yawn.

Well, it is all very cool of actually, but it is old news in the UNIX world.

Now, Windows has supported this, kind of, a little bit, with GINA and GINA chaining and what-have-you, but it is really JUST NOT DONE. In addition, the GINA chaining concept is rarely if ever used. (I have heard because of reliability issues.)

However, Vista now supports a new model known as Credential Provider, which is deceptively like… PAM! Well, cool. (And they say Microsoft doesn’t learn!)

Anyway, I suggest you take a look at this as it’s all very nifty stuff:

Windows Vista Sample Credential Providers Overview

Credential Provider Samples

New Authentication Functionality in Windows Vista

OK, I know this is NOT the Inside MySQL blog area. But, MySQL is the “M” in both LAMP and WAMP. And, as one of the people who wasn’t very happy by MySQL’s decision to close source parts of the upcoming MySQL 6.0, I thought I should help spread the good news announced by MySQL’s VP for Community Relations - Kaj Arnö:

MySQL Server is Open Source, even Backup extensions

His six main points are:

- MySQL Server is and will always remain fully functional and open source
- MySQL Connectors will be open source
- The main storage engines will be open source
- MySQL 6.0’s pending backup functionality will be open source
- The MyISAM driver for MySQL Backup will be open source, and
- The encryption and compression backup features will be open source

FYI: MySQL related blog posts on Port 25