I agree, especially some info on production installation on Linux would be really nice. For example, is it better to install the "postgres" ubuntu distro package, or is it better to install the Ubuntu package provided by postgres themselves at https://www.postgresql.org/download/linux/ubuntu/? Which one of these offer the best security / stability?
...whereas this course seems to use the public schema and just query for "SELECT * IN public.foobar" etc.
I remember being a bit confused about "schemas" when I switched from mysql to postgres. I think it would be good to have a special section that explains what schemas are typically used for, and in particular when/how to use the public schema correctly.
I think that's a reasonable recommendation if you're deploying Postgres in production. Not something I'd want to cover in any of my current chapters, where the focus is on teaching people SQL, but definitely something I'll mention down the road when adding a chapter around production deployment and security recommendations.
I actually do cover this in the course! I actively recommend and give examples of using autogenerated identity columns for the primary key, but still in many places in the course do expose people to using the serial types due to their popularity.
The content overview doesn't include anything about escaping data to prevent SQL injection (escaping of literals vs escaping of table/field names etc). This is important to get right and postgres has a slightly different approach compared to mysql and others.
For example, you can and should use parametric queries like:
client.query('INSERT INTO mytable(a) VALUES ($1)', ['hello'])
...but that doesn't work for all types of queries, for example you get an error for:
client.query('SET LOCAL SEED = $1', [someVal])
Another example, you might need to build a dynamic where-clause based on data from an "advanced search" UI query builder, and then you need to make a list of all the "foo = $N" parts (and increment $N as you go), plus another list of the actual variables. Maybe there are some nice tricks / techniques to simplify that?
Great blog post! First one I've seen with good comparisons to the other options. I would recommend adding Xapiand too: https://github.com/Kronuz/Xapiand
I understand what it is but I'm not sure why it wasn't included. They forked specifically because nothing was happening in sphinx and they've been releasing new features.
Would you be willing to expand on this a bit? We run multiple elasticsearch clusters and there are pain points everywhere, I wonder where vespa improves?
For us, Vespa It is in a different league. Some quick things I remember:
- Native Tensor/ XGBoost support
- Automatic data partitioning and auto balancing( no need to set shards before hand)
- Jdisk (https://docs.vespa.ai/documentation/jdisc/) - This is the major feature for us. It enables us to create Distributed Applications that manipulate the search results directly on the nodes.
I'm not associated with the team, but I take every opportunity to promote it, as I think it is a very underrated project.
Looks like they have been around a while (5+ years), and from their website https://www.authentic8.com, they are focused on the improved endpoint security aspect:
"The Browser for a Zero Trust Web"
> Traditional browsers run on blind trust. Silo assumes zero trust by running the browser in the cloud.
> Web code can’t be trusted. Organizations know that every page view means risk to the business. Silo restores your trust in the web through isolation, control and audit of the browser.
> Isolate: Silo executes all web code on our servers. Nothing touches your endpoint, and untrusted endpoints can’t corrupt your environment or your data.
> Mitigate risk: Shift your attack surface area off your network and devices to disposable, anonymous cloud infrastructure.
I am intrigued, wonder how well they are doing, and how well it works. Somewhat expensive, I've heard $10/month and $100/year for individuals. No online live free demo, but available on request.
With the Epitactic Cloud Browser, I'm only running the VPS temporarily as a demo, the way I envision it end-users can run their own instance either on a home server or virtual server, maintaining control and privacy.
