Introducing Crunchy Data Warehouse: A next-generation Postgres-native data warehouse. Crunchy Data Warehouse Learn more
Joe Conway
Joe Conway
Co-authored by Brian Pace I was excited to hear that Kubernetes 1.22 was recently released with better support for cgroup-v2 and has support for Linux swap . These changes potentially resolve two of my chief complaints about running Postgres under Kubernetes. Obviously it will take some time before we see uptake in the wild on these features, but I wanted to become familiar with them. For what it's worth, I also want to eventually play with the new alpha seccomp support in Kubernetes v1....
Read MoreJoe Conway
Joe Conway
Welcome to Episode 2 of the "Musings of a PostgreSQL Data Pontiff" series! In this installment I’m aiming to achieve three objectives. First, you should see how the SQL language, as implemented by PostgreSQL , can perform interesting data analysis through the built-in aggregates and other capabilities such as Common Table Expressions (CTEs) and Window Functions . Second, you will get to see how native SQL combines with R code in PL/R in useful ways. And finally, I’ll show how to use PL/R to...
Read MoreJoe Conway
Joe Conway
This is the first in a series of blogs on the topic of using PostgreSQL for "data science". I put that in quotes because I would not consider myself to be a practicing data scientist, per se. Of course I'm not sure there is a universally accepted definition of data scientist. This article provides a nice illustration of my point. I do believe my credentials are such that no one can accuse me of term appropriation. Toward establishment of that end, this first installment is a walk down memory l...
Read MoreJoe Conway
Joe Conway
Recently I ran across grand sweeping statements that suggest containers are not ready for prime time as a vehicle for deploying your databases. The definition of "futile" is something like "serving no useful purpose; completely ineffective". See why I say this below, but in short, you probably are already, for all intents and purposes, running your database in a "container". Therefore, your resistance is futile. And I'm here to tell you that, at least in so far as PostgreSQL is concerned, those...
Read MoreJoe Conway
Joe Conway
If you run Linux in production for any significant amount of time, you have likely run into the "Linux Assassin" that is, the OOM ( out-of-memory ) killer. When Linux detects that the system is using too much memory, it will identify processes for termination and, well, assassinate them. The OOM killer has a noble role in ensuring a system does not run out of memory, but this can lead to unintended consequences. For years the PostgreSQL community has made recommendations on how to set up Lin...
Read MoreJoe Conway
Joe Conway
Question: How do I get PostgreSQL to use FIPS 140-2 crypto ? The answer, to some extent, depends on how rigorously you need to be able to prove your answer. If the proof required is more than a casual check, the process is not well documented as far as I can tell. Therefore I will attempt to address that deficiency here. To be sure the crypto being used by PostgreSQL on a particular system is FIPS validated, you need to trace the chain of custody of the crypto software from the PostgreSQL backe...
Read MoreJoe Conway
Joe Conway
I was sent a link to a tweet regarding election night forecasting using R, and of course the default question was ... could it be run under PL/R inside Postgres? Like almost everything at Crunchy Data , we believe all things are better with Postgres. So I decided to give it a shot, and a bit of a database spin as it were. Since I had to get this blog done quickly, it is going to be mostly code -- sorry about that! The code in this blog (please see a small but important correction at the end)...
Read MoreJoe Conway
Joe Conway
tl;dr -- If you are not actively monitoring your PostgreSQL clusters, and alerting on anomalous conditions, you are "flying blind" . Don't do that! At Crunchy Data , we distribute and support PostgreSQL as a product, in multiple forms, to many enterprise customers. We also make our products available via GitHub , our developer portal , and other places. In particular, our team is well known for our Container Suite and Kubernetes Postgres Operator . Also pertinent to this blog, if less we...
Read MoreJoe Conway
Joe Conway
For anyone following my previous blog posts, this is a bit of a departure for me. Typically, I get down in the weeds and show lots of code. This post, on the other hand, is more of a philosophical rant. At least you can't say I didn't warn you! Yesterday I was made aware of this bulletin from HPE , which alerts that certain models of HPE SSDs have a firmware bug that will cause the drives to deterministically fail very suddenly at precisely 32,768 hours of operation. You may recognize this as a...
Read MoreJoe Conway
Joe Conway
In Part 1 of this blog, we covered quite a bit of information with respect to how a PostgreSQL database is initially configured by default from the perspective of discretionary access control. We also saw how to inspect those default behaviors using the crunchy_check_access extension. In Part 2, we will explore the situation identified in CVE-2018-1058 and discuss how to protect yourself. Finally we have come to the Pièce De Résistance! CVE-2018-1058 describes how a user can create object...
Read More