Mysql install help

[Billy Verreynne (JW)]

Peter Lieverdink wrote:

> Ubuntu is a suite of over 18,000 packages. Oracle has
> somewhat less, I believe.

So the complexity of software is measured in the number of packages? I
mean, something like Oracle CRS (Cluster Ready Services) that is
bundled into an Oracle RAC (Real Application Cluster) is just a single
trivial embedded package that happens to create the backbone of a
database "share everything" cluster?

Peter, default Oracle databse product has a truck load of "add-on
products" in the database. Including an e-mailer, a web browser
(without a rendering engine obviously), pipes, queues, replication
engine, different types of security and auditing engines (for creating
row-based security and private virtual databases), etc. etc.

An Oracle database if -far- beyond a mere SQL engine and bunch of data
files. It is an application platform with most of the features that
you will find at o/s level.

> I just pulled it up because it happened to catch my eye the other
day. I have
> yet to find a CERT email that mentions anywhere *near* 80
vulnerabilities.

You are grouping all of Oracle products under one umbrella. There are
literally 1000's of CERT advisories on Linux if you put all the
various distib's under one umbrella.

> And if they are, can you patch them?

You are under the misconception that all advisories need binary code
fixes. They do not. A lot of Oracle ones are simply because the
default security model is too trusting. Allowing for example public
access to certain packages. As all packages execute on the server
platform, you do not want all db clients to be able to use the TCP
package and create TCP clients (in the database) on the server
platform (e.g. creating a SPAM relay).

These issues are fixed by simply changing the default security model.
The same type of hardening exercise one would do on any platform that
needs to be secured. Revoke that priv. Drop that role. Add a password
to that service which by default has none. Etc.

> Do you need to register for that?

For the Oracle security advisories? You need an Oracle Support
Identifier (which comes with your Oracle purchase and is perpetual) to
register yourself at Oracle Metalink - Oracle's support site. Once
registered you will receive critical notifications from Oracle as and
when necessary.

> I don't know much about it, the last time I tried Oracle 8i, a
> few years ago, its (Java-only) setup didn't work unless you ran
> a local X server.

It is called OUI aka Oracle's Universal Installer. Yes, it uses Java
and the Java GUI - which in turns needs X or similar on the o/s for
installation.

> With respect to "... should reside on a secure ...", I decided I
> didn't need a DBM that required me to install X.

So you did not bother to read the automated installation instructions
where you can create a configuration file of installation answers,
which means no user interaction (and thus GUI) is needed?

Well, neither have I. ;-)

It can be done though.. but I always have X (with VNC) on all my
servers (from HP-UX to Solaris and Linux).

>> Open Source and GNU/GPL are not Quality Seals Of Approval. It does
not
>> mean that the product is truly free. Nor does not mean that the
>> product is better.
>
> Actually yes, the GPL does mean the product is free.

I was implying getting that product to work correctly and as desired
in your environment.. and getting support for when it runs into a
brick wall (like a pesky bug).

I do not agree with Microsoft that TCO (Total Cost of Ownership) is
higher for Linux systems than for Windows.. but nor do I agree that
GPL is truly free as TCO -is- a factor in the business. No clear
thinking manager will ever put a system in place simply because the
initial purchasing cost is free. He is more concerned about what the
bottomline will be after a few years ito cost and that system
delivering what it should. GPL simply means the code is free.. nothing
more.

> The Quality Seal of Approval is handed out by who? Why should I
> care about their opinion on anything whatsoever? I can print really
> pretty Seals Of Approval on my own colour printer.

Not sure what you're trying to say Peter. My point simply was that
Open Source (GPL) does not imply that the software is quality - thus
Open Source itself is not a Quality Seal of Approval as some Open
Source proponents imply when comparing it against the traditional
commercial products.

As for me informing the OP about Oracle XE.. the fact is that it will
likely be a lot easier for him to install XE, and then immediately
have a full blown web interface for designing web systems and for
interacting and administrating his database. No CLI needed. No
additional software needed. No Perl-DBI. No PHP JPGraph. No db
drivers. No additional configurations and software and hacking and
frustration. No dealing with CERT advisories for a range of products.

That advice freely offered from one that has experience dealing with
LAMP and Oracle XE. Whether he decide to wipe his arse with it or not,
I honestly do not care.

--
Billy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This e-mail and its contents are subject to the Telkom SA Limited
e-mail legal notice available at
http://www.telkom.co.za/TelkomEMailLegalNotice.PDF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~