Wednesday, January 23, 2008

A Chat with Ben and Pete episode 13

Pete's ham radio holiday. This episode we chat about:Subscribe in:

1 comment:

Alan Yates said...

The Sun purchase of MySQL is quite extraordinary, especially the price tag! That's an obscene amount of money for a company with only 400 employees, no physical office and only an open-source database as its one true asset. MySQL is by far the most popular open DB out there, and is no longer a toy, but one has to wonder what the hell Sun is thinking? Or MySQL for that matter, they have long resisted such a merger.

Honestly, as long as they don't ruin the product I don't care that much. MySQL has long been seen as a dirty hack that only geeks use, at least this move may legitimise it as the Industrial Strength DB it truly is.

I for one love MySQL's easy administration, good function library, and documentation. As a counter example, Oracle's tool chain offering is a long standing joke (SQL*Plus totally sucks, most people need Toad to be productive, etc), but we just aren't laughing any more... we are voting with the feet, to MS SQLServer in particular which is quite a nice DB if you need to pay for yours. Oracle totally missed the boat with Xe which was meant to compete with MySQL, but it ships with crappy tools that just pay lip service to being usable. While MySQL might not be as technically good as Postgres or SQLServer, it has a huge install base, its the M in LAMP after all. I think this is where Sun has seen the light, you just can't stop that kind of momentum. Sun seems to want a finger in everything that is likely to run in a Datacentre in the future (and the Datacentre as well, Sun is basically a hardware company just like Apple), so I can see some value in buying up MySQL.

The DTrace saga is pretty silly I think. I suspect it was something Apple was required to do to satisfy some contractual agreements with the record industry. They appear to have needed to make some token effort at hampering attacks on the DRM inside iTunes.

Of course technical people know that anything that simply sets a flag, especially via a system call (basically just asking the kernel to play nice and agree to refuse ptrace() attaches from other processes) is trivial to remove. Just a simple shim library to swallow the ptrace() call before it enters the kernel will do, no need to even hack the binary to not place the call.

The nasty side-effect that it breaks DTrace metrics is really the issue. They could have made a better attempt without breaking DTrace.

I see lots of people ready to crucify Apple for this. Comparisons to Sony have been made! I just don't see it in the same league. Its a documented argument to the syscall, granted a buggy one that we now all know about which defeats the purpose. I only hope they won't do something completely draconian in response. I guess they could move the DRM into a closed-source library that is encrypted and loaded into the kernel, have to phone-home to source and/or decrypt its object, etc. That would make it slightly more non-trivial to attack and would let Apple leave ptrace() alone while still appearing to give a damn about DRM code security.