Amazon has announced the Amazon Relational Database Service:
Amazon RDS gives you access to the full capabilities of a familiar MySQL database. This means the code, applications, and tools you already use today with your existing MySQL databases work seamlessly with Amazon RDS. Amazon RDS automatically patches the database software and backs up your database, storing the backups for a user-defined retention period. You also benefit from the flexibility of being able to scale the compute resources or storage capacity associated with your relational database instance via a single API call. As with all Amazon Web Services, there are no up-front investments required, and you pay only for the resources you use.
The cost starts at $0.11 per hour for a small database instance (1.7GB RAM, 1 virtual core, 64-bit), increasing in stages as more power is required. The engagingly-titled “Quadruple Extra Large DB Instance” offers 68GB RMA and 8 virtual cores, at $3.10 per hour.
In addition, you pay for database storage at $0.10 per GB-month, $0.10 per 1 million I/O requests, $.10 per GB transferred in, and $0.17 per GB transferred out.
That’s a worrying collection of charges, but the usual logic applies: if you need a hefty database server for a defined period, say to cover a special event, this will work out more cost-effective than installing your own servers.
You can also install MySQL or other database servers on general-purpose Amazon EC2 instances, but this pre-built solution looks attractive.
Microsoft started its cloud database initiative with a preview of SQL Server Data Services, offering a limited database API more like Amazon SimpleDB. Then Microsoft decided to offer full SQL Server on its Azure cloud. However, Azure is still a Community Tech Preview, and during the interim period Amazon has come up with its own fully relational solution.
The London Stock Exchange has agreed to acquire MillenniumIT, and will be replacing its TradElect and Infolect systems with the MillenniumIT trading system. TradElect is based on Windows Server and .NET, and was created by Microsoft and Accenture. Microsoft used to use the LSE’s system as a showcase for .NET scalability, but while it proved that .NET can work for large systems, the LSE suffered an outage in September 2008 that was rumoured to be the fault of TradElect.
I don’t know much about MillenniumIT but note that the company is a partner with Sun and Oracle and that the MillenniumIT Exchange brochure [pdf] states:
Operating System: UNIX or Linux
As Brian Bryson of IBM/Rational observes, it is short-sighted to lay the blame on the platform. Nevertheless, considering the high profile of this system and Microsoft’s active involvement it is at least an embarrassment.
The mitigation for Microsoft is that .NET has less to prove these days. Even if running a system as large and performance-critical as the London Stock Exchange was a step too far, particularly for Server 2003 and (apparently) SQL Server 2000, that doesn’t rule out Microsoft’s technology for more usual workloads; and there are improvements in Server 2008 and SQL Server 2008.
Still, I’d love to know more about why the LSE is abandoning TradElect and what the lessons are for those designing and implementing systems at this level.
The problems with TradElect are thoroughly debated in the comments here.
Update: Microsoft’s LSE Case Study from 2006 is here.
I have also received the following statement from a Microsoft spokesperson:
Microsoft continues to support some of the most demanding, mission-critical environments in the world and is constantly raising the performance bar with new solutions. Most recently, Microsoft completed three different proof-of-concept projects for a major international stock exchange that demonstrate Windows Server 2008 and Microsoft .NET can successfully support very low latency trading activities, in the 100 microsecond range using standard 1 Gigabit Ethernet. With the addition of Microsoft Network Direct, that latency is further reduced by 50%, which is industry leading performance.
Noah Hart has ported SQLite to C#. I was intrigued to see whether the code could be adapted to run in Silverlight, which has a cut-down .NET Framework and prohibits platform invoke to native code.
I hacked away at his code until it ran in Silverlight:
Note that the sole purpose of the exercise was to see if SQLite could be made to run, not to prepare a port that is production-ready or even code that is fit to check-in. In essence, I defined SQLITE_SILVERLIGHT, removed all the locking, adapted the file I/O to use isolated storage, and generally took as many shortcuts as I could think of to get it to compile and run. Unfortunately transactions do not work, though that can probably be fixed.
As far as I can tell, Silverlight’s Isolated Storage does not support locking at all. If the same application were opened twice, for example in different browsers, that could cause problems, but in normal use it would likely be OK.
One other point of interest: the XAP file in release mode is 257KB.
Update: The sample app is here. The hacked code is here [zip].
It’s a great feature, and strengthens Safari on the iPhone as an application runtime that avoids the hassles of the App Store. Does it have wider value? A problem is inconsistent support across other browses. Microsoft’s IE8 supports DOM Storage (key-value pairs), which is also part of the HTML 5 standard, but not SQL. FireFox also supports DOM Storage, but its SQLite support is restricted to components and extensions only.
A possible reason for the lack of wider SQL support is that Google has its own implementation in Gears, which works in Safari and FireFox on the Mac, in IE and Firefox on Windows, and in Firefox on Linux. One place you cannot install Gears though is on the iPhone. A possible solution is to create a wrapper API that uses HTML 5 on Safari and Gears elsewhere; Malte Ubl has done some work on this, for example.
Personally I’d like to see the HTML 5.0 specification more widely supported, since along with the iPhone issue, not everyone wants to install Gears. I would have thought it could be added to both Chrome and FireFox relatively easily; but would be interested to know what is planned.
I’ve been amusing myself creating a simple online database application using Silverlight. I had this mostly working a while back, but needed to finish off some pieces in order to get it fully functional.
This is created using Silverlight 2.0 and demonstrates the following:
- A bound DataGrid (as you can see, work is still needed to get the dates formatted sensibly).
- Integration with ASP.NET authentication. You have to log in to see the data, and you have to log in with admin rights to be able to update it.
- Create,Retrieve,Update,Delete using ASP.NET web services.
- Image upload using Silverlight and an ASP.NET handler.
- Filter a DataGrid (idea taken from here).
- Written in Visual Studio 2008, and hosted on this site, which runs Debian Linux, hence Mono and MySQL. Would you have known if I had not told you?
You can try it here. I’ll post the code eventually, but it will be a couple of months as it links in with another article.
MVP Ken Cox notes in a comment to Jesse Liberty’s blog:
Hundreds of us are scouring the Internet for a realistic (but manageable and not over-engineered) sample of manipulating data (CRUD operations) in a Silverlight 2 application. There are promising pieces of the puzzle scattered all over the place. Unfortunately, after investing time in a sample, we discover it lacks a key element – like actually saving changed data back to the database.
I can safely say that mine is not over-engineered, and that yes, it does write data.
There are millions of sites out there vulnerable to SQL injection; apparently one of them (at least until yesterday) was that of the security software vendor kaspersky.com. A hacker codenamed unu posted details – not all the details, but enough to show that the vulnerability was real. The hack exposed username tables and possibly personal details. Reddit has a discussion of the programming issues. According to the Reg, Kaspersky had been warned but took no action:
I have sent emails to email@example.com, firstname.lastname@example.org, and email@example.com warning Kasperky [sic] about the problem but I didn’t get any response," Unu, the hacker, said in an email. "After some time, still having no response from Kaspersky, I have published the article on hackersblog.org regarding the vulnerability.
The trouble with those kinds of email addresses is that they are unlikely to get to the right people. It’s still disappointing; and also disappointing that there is currently no mention of the issue (that I can see) on Kaspersky’s site. The company’s response to the security hole is equally as important as the vulnerability itself. When WordPress was hacked, founder Matt Mullenweg was everywhere responding to comments – on this blog, for example. I liked that a lot.