15:42
Transaction-Level Advisory Locks in PostgreSQL 9.1
Advisory locks are one of the cool unsung features of PostgreSQL. In 9.1, they are getting even cooler with transaction level locks. Many details here.
15:42
Advisory locks are one of the cool unsung features of PostgreSQL. In 9.1, they are getting even cooler with transaction level locks. Many details here.
23:25
Suppose a major manufacturer of computer keyboards announced a very serious security problem with a specific competitor’s keyboard: Someone could plug this keyboard into a computer running a malicious app, and cause a user to enter sensitive information. Thus, the manufacturer demands that their competitor recall all of these “insecure” keyboards.
Anyone with the technical sense of a rock would pause for a moment, and then burst out in laughter at the utter absurdity of this proclamation. No one would ever attempt to make such a ludicrous and obviously self-serving claim, would they?
Verifone would. Verifone is very very concerned about Square’s iPhone card scanner, because someone could run a malicious app on the iPhone and collect card data using it. The fact that Square just announced new pricing undercutting Verifone’s is, of course, completely coincidental.
Where to begin?
It is true that Square’s attachment does not encrypt the card track information between the iPhone and the card reader. This is true of pretty much every single card reader in the entire world. It is not the job of the card reader to encrypt data, any more than it is the job of the keyboard to encrypt your password. Verifone seems unconcerned at all of the other card readers you can buy from, say, Amazon (just for example).
For Verifone’s apocalyptic scenario to occur, the iPhone into which the card reader is plugged must be running a malicious app. This pretty much requires the iPhone user to be in on the scam, which means that they could be using any hardware they wish to collect this card data. If the merchant is crooked, then they’ll find a way to collect the card data, since they have possession of the card (on which is printed essentially all of the relevant data that is on the mag tracks, plus the CVV printed on the back).
Verifone’s competing solution, if the brochure is to be believed, encrypts the data at swipe-time. That’s nice, but the chance of card data being compromised between the reader and the iPhone, or during that extremely limited time that it is sitting unencrypted in the iPhone’s memory, is essentially zero. Again, Verifone seems unconcerned that Square’s app works exactly like every other PC-based credit card processing application in the entire world; indeed, Square’s is considerably more secure than most, since the merchant doesn’t have access to the card information. (For example, on my completely certified, authorized, and every-spec-compliant Nurit wireless card processing terminal, I can retrieve credit card numbers from a batch with no hassle whatsoever.)
In short, Verifone is bashing a competitor because the competitor’s pricing is more consumer-friendly than Verifone’s. Their technical arguments are nonsense, and they should be ashamed of launching a FUD campaign that plays on credit card security paranoia.
23:03
I’ll be giving a full day tutorial about developing Django applications using PostgreSQL. If you are just getting started with Django, this is a great introduction; it is intended for developers who are just getting into serious Django/PG development.
It’ll cover general development in Django, with a lot of PostgreSQL-specific details.
And, of course, the whole conference will be a fount of great PostgreSQL geekery.
18:52
A fun and interesting article about a sudden burst in traffic at Pinboard when Yahoo! announced they were shutting down Delicious. Relevant to app and DB designers everywhere.
17:17
The slides from my talk, “10 Easy Ways to Destroy Performance” from PgDay at SCALE 9X are available.
22:22
I’ll be presenting a talk on “10 Easy Ways to Destroy Performance” at pgDay at SCALE-9X, on February 25th in Los Angeles.
22:19
I’ll be presenting a full-day tutorial on Django Development with PostgreSQL at PostgreSQL Conference East, March 22-25 in New York!
01:59
The slides from my presentation on PostgreSQL for Servoy Developers, presented at ServoyWorld 2011, are available here.
13:50
tl;dr: If you make a tradeoff, be honest about it. Don’t lie to yourself that you are making a positive architectural decision when you make a negative tradeoff.
15:54
tl;dr: If you are doing a .distinct()
query and limiting the results using .values()
or .values_list()
, you may be in for a surprise if your model has a default ordering using the Meta value ordering
. You probably want to clear the ordering using .order_by()
with no parameters.