Forgot your password?
typodupeerror
Databases Bug

A Tale of Two MySQL Bugs 191

Posted by Unknown Lamer
from the just-buy-our-more-expensive-widget-instead dept.
New submitter Archie Cobbs writes "Last May I encountered a relatively obscure performance bug present in both MySQL 5.5.x and MariaDB 5.5.x (not surprising since they share the same codebase). This turned out to be a great opportunity to see whether Oracle or the MariaDB project is more responsive to bug reports. On May 31 Oracle got their bug report; within 24 hours they had confirmed the bug — pretty impressive. But since then, it's been radio silence for 3 months and counting. On July 25, MariaDB got their own copy. Within a week, a MariaDB developer had analyzed the bug and committed a patch. The resulting fix will be included in the next release, MariaDB 5.5.33."
This discussion has been archived. No new comments can be posted.

A Tale of Two MySQL Bugs

Comments Filter:
  • Why fix it? (Score:3, Interesting)

    by Anonymous Coward on Monday September 09, 2013 @08:17PM (#44804011)

    Why would Oracle fix a bug in something they're trying to kill off?

  • We need more data (Score:5, Interesting)

    by WWJohnBrowningDo (2792397) on Monday September 09, 2013 @08:20PM (#44804025)

    A sample size of one is insufficient to make any meaningful conclusions.

    Anyone up for scraping the two bug trackers and finding more identical bug reports?

    • by Darinbob (1142669) on Monday September 09, 2013 @09:13PM (#44804335)

      A sample size of one is insufficient to make any meaningful conclusions.

      That sort of thinking won't get you very far in politics.

    • by icebike (68054)

      You also have to wonder about the two month delay in sending the bug to mariaDB. Did that allow them to take advantage of some over the beer mug discussion with Oracle employees about who was going to release it first?

      • by Ash Vince (602485) *

        You also have to wonder about the two month delay in sending the bug to mariaDB. Did that allow them to take advantage of some over the beer mug discussion with Oracle employees about who was going to release it first?

        Doh. Because if you submitted to both teams at the same time then as soon as one fixed it then the other can just migrate the fix into their code. Of course this could have backfired on him if Oracle had fixed it super quick he would have no way to accurately test the responsiveness of the MariaDB team without finding a similar bug and next time submitting it to MariaDb first.

        As it is though the problem is that as I read the bug report filed with MariaDB it would not surprise me if they fixed this super qui

  • by PhrostyMcByte (589271) <phrosty@gmail.com> on Monday September 09, 2013 @08:21PM (#44804037) Homepage

    Small projects can be about purity. Making the best possible code base you can. Especially ones where people work on it for free -- they wouldn't be working on it if they didn't deeply believe in it.

    Large corporations have different goals. The success of a changeset is not measured in how many bugs you fix or even how many features you add, but how much positive impact your paying customers and shareholders perceive.

    • by brit74 (831798)

      Small projects can be about purity. Making the best possible code base you can. Especially ones where people work on it for free -- they wouldn't be working on it if they didn't deeply believe in it.

      That may be true, but if people are working for free, the project can suffer from an inadequate amount of labor and the existing workers might have trouble getting stuff done in addition to their day job.

      • by znrt (2424692)

        That may be true, but if people are working for free, the project can suffer from an inadequate amount of labor and the existing workers might have trouble getting stuff done in addition to their day job.

        this does happen in medium-big software companies too. not because of lack of resources, but because of poor management or just because "existing workers might have trouble getting stuff done *right* because of 'other priorities' ".

      • by Ash Vince (602485) *

        Small projects can be about purity. Making the best possible code base you can. Especially ones where people work on it for free -- they wouldn't be working on it if they didn't deeply believe in it.

        That may be true, but if people are working for free, the project can suffer from an inadequate amount of labor and the existing workers might have trouble getting stuff done in addition to their day job.

        The bigger problem with when people are working for free is that they generally want to avoid the horrible can of worms bugs that need to be fixed by a shitload of horrible refactoring and concentrate on fixing silly little things instead. The other problem is where they have to do things that seem utterly wrong in principle to the developer like implement a broken and entirely wrong standard but that needs to be done for the sake of the project as a whole. (Disclaimer - I work with SCORM, the defacto broke

    • by sjames (1099)

      That doesn't change the equation one iota. Do you want the one that promptly fixes bugs or the one that holds off until the stockholders vote?

    • How is MariaDB a small project and MySQL not? They both share roughly the same codebase and history. MariaDB has paid developers working on it, maybe even more than Oracle has on MySQL. For MariaDB, paying customers are probably more important than for Oracle, since Oracle can afford to lose money on this for a much longer time before they go bankrupt than MariaDB. If anything, the argument about "spending money on something only if it gives an immediate profit" applies way more to MariaDB than to Oracle.
      • by Ash Vince (602485) *

        I was promised a flying car. Where is my flying car?

        Since religious nutjobs started crashing planes into buildings flying cars have been put on the back burner for a while. Sorry.

  • Well... (Score:5, Insightful)

    by Ramirozz (758009) on Monday September 09, 2013 @08:22PM (#44804047) Homepage
    If he would have the right intention to measure response time both bug reports should have been filed at the same time... filing a seocnd one with the text saying "hoping it gets more attention than the competition" is pretty biased and provocative to the actions.
  • by greenreaper (205818) on Monday September 09, 2013 @08:25PM (#44804069) Homepage Journal
    The poster made a comment in the second bug saying that they hoped to get a faster response than on the MySQL bug.
  • is it appears the person assigned the bug only has one to work on (or I don't understand how the bug-zilla handles that).
  • by Proudrooster (580120) on Monday September 09, 2013 @08:38PM (#44804167) Homepage

    Oracle, love'em or hate'em makes some rock solid databases. The reason for the delay in the patch release was most likely testing and validation of the patch. I am assuming Oracle does this for MySQL but, what do I know?

    • but, what do I know?

      Clearly not a lot, yet still you infer to know a great deal.
      Ever considered getting into politics?

    • by greg1104 (461138)

      Not sure which is funnier; the idea that MySQL is a "rock solid databases" or that Oracle cares about validating its optimizer. I'll just point you at Top 10 Optimizer Regression Bugs in MySQL 5.6 [blogspot.com] and wander off now.

    • Oracle has kept their testing suite and results closed source and secret. This is one of the reasons why MariaDB decided to do a cold hard fork and not look back. They can't possibly promise compatibility with Oracle since the specs are closed, effectively making the project closed. Assuming that Oracle tests things at all is purely speculation. If anything, regressions mentioned in other comments here suggest they don't do a very thorough job at all and their test suites only include new features and "old"
    • Oracle, love'em or hate'em makes some rock solid databases.

      I suppose if you ignore annoying database bugs and endless parade of critical security vulnerabilities I could see this being true.

    • by mybecq (131456)

      Oracle, love'em or hate'em makes some rock solid databases.

      Yes, their databases are so rock-solid it is like getting blood from a stone if you need anything less than a business-critical patch (including fixes that have already been made on another platform) . This has been my experience on at least two separate occasions. I gave up waiting for a fix for a TCP-connect issue because they don't know how to handle EINTR during a 'connect'.

  • by the_B0fh (208483) on Monday September 09, 2013 @09:02PM (#44804293) Homepage

    For example, #1341. 10 fucking years old.

    #68892 - best comment on the bug: 'Not quite sure how the severity scales are generally used, but shouldn't a trivial command that breaks the one feature that is being splatted all over the homepage as having significant improvements be a little higher than "non-critical" ?'

    What about stupid shit like this: http://www.darkreading.com/database/expect-a-surge-in-breaches-following-mys/240001958?cid=nl_DR_daily_2012-06-14_html&elq=7e0510c44883432fa8e79c2ebde2ecb8 [darkreading.com] "The vulnerability itself is in the way MySQL accepts passwords -- the bug makes it such that there's a one in 256 chance that the wrong password will still grant the user access to an account. So an endless loop of attempts will eventually grant an attacker access. It was a bug so unique that Moore says some MySQL developers ran into it, couldn't reproduce it ,and eventually chalked it up as a fluke."

    Is MySQL even ACID compliant yet, without addons?

    http://nosql.mypopescu.com/post/1085685966/mysql-is-not-acid-compliant [mypopescu.com]

    • #1341. 10 fucking years old

      Pffft, give Oracle time .. they can best it.

    • by greg1104 (461138) <gsmith@gregsmith.com> on Monday September 09, 2013 @10:40PM (#44804697) Homepage

      I don't think it's possible for MySQL to get the "C" part in ACID right without a total rewrite, which seems unlikely under Oracle's watch. There used to be all sorts of trivial ways you could insert garbage data into MySQL, things like February 31 being a valid date or numbers going into boolean fields. They added this strict mode [mysql.com] as a way to add validation for most of that. But strict is a client setting. All it takes is one client that ignores this, and the engine will still let you put garbage into there--values that are not going to be valid if you later work on them using a strict setting client. If you can put data in one end of that's not correct when read by another client, that's the exact opposite of a "consistent" database. It boggles my mind that anyone finds this acceptable. I guess people who do all their validation on the client are fine with it maybe? I can't explain how people who don't understand databases at all make their decisions.

      I don't follow MySQL closely enough to know if they're still silently truncating data sometimes too, but that's been a nagging problem over the years too. Strong validation of data is like security: you don't just bolt it on later. It's something that needs to be enforced in as many places as possible in the code, if you want any hope of getting it right and bug free. If you actually want data to be validated in all situations, you need to use something like PostgreSQL instead. There even new types you add to the database can execute any check constraint function you want before that data is allowed in, period. That overhead contributes to why MySQL is faster on trivial things, but sometimes you get what you pay for.

      • by olau (314197)

        The popular web frameworks these days have a little bit of wrapper code which maps DB values to native values. So for instance it's impossible to insert an incorrect date as it would not be possible to construct it with the API you have to go through. So in practice, it's not really an issue for new systems.

        Also, while it's lame if MySQL doesn't catch those and I've certainly seen enough legacy DB systems to appreciate the RDBMS-consistency-rules-as-last-iine-of-defence idea, I do think that these days, if

  • This is no surprise to anyone who makes Oracle support calls for a living.

    Unless you bump up the severity to the highest level, you can expect months of wait and all-around handsitting.

  • The optimizer is correct in making it run poorly, it is poor sql to begin with. If anything it should throw an error instead of accepting garbage.
    If I saw you putting that in a project I would quickly fire you arse. Heck, I'd probably fire you for using mysql to begin with.

    • The reason we have computers is to help us do complicated stuff. If you want the user to solve all the hard work, you're going to be searching hard to find the users that have the skills to use something. I believe it's the task of the computer (programmer) to make the most stupid users still get their results without breaking anything. It takes away "natural selection", sure, but that's what we humans have been doing since we exist as a species.
    • by KiloByte (825081)

      The documentation explicitly says cases like this are optimized away. This also makes writing parametrized queries easier: you don't need to care about optional arguments, as the server will do this for you.

      I agree with you about using mysql, though.

  • Do all the dedicated volunteers think their work won't be sold to Oracle? Also, they wouldn't want to break compatibility with this: http://www.oracle.com/technetwork/database/migration/mysql-093223.html [oracle.com]
    • by greg1104 (461138) <gsmith@gregsmith.com> on Monday September 09, 2013 @11:08PM (#44804799) Homepage

      Yup, MariaDB is playing the same copyright assignment [mariadb.com] tricks that Monty used before, so that he could leverage community work yet still sell MySQL as a business. No reason to believe he's doing anything different this time. When the FSF asks for copyright assignment, that's acceptable because they have never breached the trust of their contributors. But when Monty does it, you have to assume he's setting things up so he can cash out again.

      • Why would Monty do it again? He's spending years of his life and a lot of his money to get MariaDB up and going. The risk he will be out of more money, not even counting his time than he'll ever get back is pretty high. For Oracle, MariaDB wouldn't be much of a purchase. They will have to painfully merge the difference in codebase, the developers and customers will all run away instantly and all they'll have left is the diffs. Any other company that wants an RDBMS will gain more from purchasing MariaDB than
  • by viperidaenz (2515578) on Tuesday September 10, 2013 @04:24AM (#44805827)

    MySQL bug is lodged with a priority of "S5" - pretty low.
    MariaDB bug is "Major".
    No shit one was fixed before the other.

  • ...it takes time to derive a method of generating revenue from a bug...

  • Calling out a bug for comparing a quoted string to null, eg: '1234mhgt' = null tripping up the optimizer?

    No wonder Oracle is ignoring their asses. I would too!

  • A couple of years ago, I had a tech support call into Oracle for a Sun server. It took them almost a *month* to send out an FE, and that time included two weeks of emailing an engineer on another continent (S. America), and an "in country" engineer... who only worked third shift.

    Oh, and after escalating it, three managers in three days "taking ownership".

    I expect *everything* that Larry buys to be supported that way.

    mark "wouldn't want to waste money

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...