Que leverages PostgreSQL’s advisory locks to deliver a fast, reliable job queue #

Que is the new kid on Ruby’s job-backgrounding block.

It takes advantage of PostgreSQL’s advisory locks to provide concurrency, efficiency, and safety. Chris Hanks – Que’s author – in an email to us, says:

…in a benchmark on EC2′s biggest compute-optimized instance it’s capable of queuing and dequeuing almost 10,000 jobs per second, while DelayedJob and QueueClassic max out at around 500

Between that and its built-in support for transactions (for ActiveRecord and Sequel), Que looks pretty tantalizing to this long-time Resque user (and admitted Postgres fanboy).

Enjoy sane database change management with Sqitch #

Most schema migration tools are tightly coupled with the ORM or the framework in use. They usually have a limited DSL to interact with the database and are hard to maintain on a complex system.

Sqitch lets you write the upgrade scripts in the native language
of your database and provides automatic dependency resolution.
The currently supported database engines are PostgreSQL, SQLite, MySQL, and Oracle.

Sqitch’s source is written in Perl, but it is a command line tool and can be used in any project written in any programming language.

David E. Wheeler (not to be confused with other David Wheelers in the computing field),
provides extensive tutorials including talks, slides, and videos. He also blogs about the
development of Sqitch.

#98: AFNetworking, Helios, and mobile & iOS development with Mattt Thompson

Adam Stacoviak, Andrew Thorp and Kenneth Reitz talk with Mattt Thompson, Mobile Lead at Heroku, about his many contributions to open source. You can tune-in LIVE on Tuesday’s at 5pm CST. AFNetworking/AFNetworking AFNetworking – a delightful networking framework for iOS and OSX mattt (Mattt Thompson) Mattt Thompson (mattt) on Twitter Helios helios-framework/helios Postgres.app, an easier […]

Postgres.app, an easier way to use PostgreSQL on Mac #

A week or so back, I was chatting with Craig Kerstiens, a product guy at Heroku, about an issue I was having with my Postgres install (through Homebrew) — he suggested that I use Postgres.app.

There’s an easier way

Just download, install and run the app when you want to run Postgres locally for development. I always found myself fumbling with commands like pg_ctl -D /usr/local/var/postgres start or pg_ctl -D /usr/local/var/postgres stop -s -m fast to start and stop my Postgres server. Running Postgres.app is a much simpler and easier user experience now. Just run the app when you’re hacking, and quit the app when you’re done. Simple.

The classic Postgres elephant icon will hang out in your system tray for easy access.

Heroku and Rails specifics

If you’re hacking on a project and deploying to Heroku with a Postgres database, you’ll need to run heroku addons:add heroku-postgresql:dev to setup Postgres for your app before running something like heroku run rake db:migrate.

For more details on using Postgres on Heroku check out postgres.heroku.com. You should also subscribe to Postgres Weekly – a free, once–weekly e-mail round-up of PostgreSQL news and articles curated by Craig Kerstiens.

#85: We’re back and we’re LIVE!

Adam Stacoviak, Andrew Thorp, Steve Klabnik, Kenneth Reitz and Jerod Santo take the show live for the first time since August 8th, 2012. Tune in LIVE every Tuesday at 3pm PT / 6pm ET. We’re live every Tuesday! thechangelog.com/live Hack in style with your very own Changelog tee! We are now member supported! Groovy on […]

Reminder: Upgrade your Postgres today! #

Last week, I told you all about an incoming security patch for Postgres. Well, today, it’s here. Please check out this page and upgrade your Postgres. As the Postgres team says, ‘This is the first security issue of this magnitude since 2006.’

What’s the issue?

As always, you can find the latest information about security patches via the CVE system. Here’s the one for this vulnerability, CVE-2013-1899.

There are three things that can happen with this vulnerability:

  • Denial of Service. Error messages can be appended to files in Postgres’ data directory. This can fill up disks, or cause Postgres to crash.
  • Configuration Setting Privilege Escalation. If they have a legitimate login, and the username and database name are identical, then that user can set a config variable as the superuser.
  • Arbitrary Code Execution. The ‘boss level’ of vulnerabilities. If they can do both of the above things, and can save files outside of the data directory, then they can execute arbitrary C code.

Damn.

What versions are affected?

Versions 9.0, 9.1 and 9.2.

Where can I find more?

The Postgres team has a FAQ for this release, and here are the release announcements.

You can also see the commit that fixed the issue, with all the gory details.

Or, discuss on Hacker News.

Postgres preps for a big security release #

UPDATE: Reminder: Upgrade your Postgres today!

Yesterday, I became aware of this email to the PostgresSQL-hackers email list. The email states that there is a very serious security release coming up next week — so bad that they’re taking extra precautions.

Here’s my summary of the email:

The core committee has decided that one of the security issues due to be
fixed next week is sufficiently bad that we need to take extra measures
to prevent it from becoming public before packages containing the fix
are available.

What we intend to do is shut off updates from the master git repo to
the anonymous-git mirror, and to github, from Monday afternoon until
Thursday morning.

We do not intend to start doing this
as a routine thing, and apologize in advance for any disruption.

Every project has security flaws, and it’s great to see the Postgres team take this so seriously. If your team relies heavily on Postgres, consider scheduling a maintenance window sometime shortly after the patch is due to be released, so that you can get your servers fixed up. This one looks to be anomalously big.

Share your thoughts and vote this up on Hacker News.

Postgres.app: Postgres for the Mac #

The ever-awesome @mattt has released Postgres.app. From the README:

Postgres.app is the easiest way to get started with PostgreSQL on the Mac. Open the app, and you have a PostgreSQL server ready and awaiting new connections. Close the app, and the server shuts down.

Even with homebrew, installing postgres can kind of be a pain sometimes. I’m always for any project that makes software installation even easier.

You can get Postgres.app from its website or check it out on GitHub.