Friday, February 28, 2014

Keep Calm with the PostgreSQL Zazzle Store

The Keep Calm Just Use PostgreSQL shirt is now up at the PostgreSQL Zazzle store.  Didn't know we had a Zazzle store?  Most people don't, we don't advertise it much.

I've put a number of things up there, including:
I've left the customization buttons on, so that you can change style, size, and items you want your PostgreSQL propaganda on.  20% of all purchases is a donation to PostgreSQL; most of that goes towards buying gear for PostgreSQL trade show booth volunteers.  And yes, I've provided a few examples of swag on women's sizes.

Since this is Zazzle, it's really only good for PostgreSQL users in the USA, though.  I understand that the Europeans have their own swag store; hopefully one will post a link in the comments.

Saturday, February 22, 2014

Why HStore2/jsonb is the most important patch of 9.4

There are a bunch of features which are pending for 9.4, still, and a bunch of features which are already committed.  Given how interesting some of those are: SET PERSISTENT, Logical Changeset Extraction, Materialized Views, etc., I think a lot of people will be surprised that I think Hstore2/jsonb is the single most important patch -- important enough that I think we shouldn't release 9.4 unless it goes in.  Why would I make this wild assertion?  Let me explain.

Open source databases rise and fall on the popularity of the programming languages which use those databases.  MySQL largely rose on the success of PHP, and it fell as PHP became marginalized.  Our current PostgreSQL salad days are based largely on the current hegemony of Python, Ruby, and Rails.  While other events have fed into changes in adoption, where the numbers of developers come from is really "what is the default database for popular language X".

While the future is unpredictable, the current momentum in programming languages is behind two platforms: Node.js and Go.  PostgreSQL already enjoys good support and adoption among Go users.  However, our adoption in the Node.js community is less encouraging.

I was given a set of statistics I'm not allowed to publish, but I can summarize them.  Two of them are fairly alarming:
  • PostgreSQL is the database for fewer than 1 out of 8 Node.js deployments which use a database.
  • The rise in popularity of MongoDB almost exactly parallels the rise in usage of Node.js.
If you've watched database adoption trends for the last 20 years like I have, this is alarming.  We are in danger of being sidelined.  If we want PostgreSQL 10.5 to enjoy the same level of adoption that version 9.3 does, then we need to appeal to Node.js users and whatever comes after them.

What do Node.js users want that we don't have?  There's three main things that I've been able to identify:
  1. A better, faster, driver which fully supports asynchronous querying.
  2. Relatively painless multi-node scaling
  3. Full, indexed support for jsonish hierarchical data and queries.
The first two points need to happen outside the core PostgreSQL project, at least for 9.4.  However, the last point is very much on the table; we have the HStore2/jsonb patch pending.  If that goes in, the PostgreSQL project will be seen as still making progress and still relevant to Node.js users and to other people who like document databases.  If it gets booted to 9.5, and there is no discernable progress on JSON features in 9.4, I believe that we will have permanently conceded the bulk of database market to the new databases for the forseeable future.

Oh, and if anyone wants to work on our Node driver ... please pitch in!

Sunday, February 16, 2014

Cult of the NDA 2014

The dot-com boom is in full force again, and with it the Cult of the NDA.  Seems that every time you bump into someone, they want you to sign their confidentiality agreement before they split a bar tab.  If you are a software consultant or contractor, you will have to sign many NDAs between now and the next crash of the NASDAQ, so here's a handy little guide for what to look for -- and what to look out for -- before signing.


Must Have

If these things are not in the NDA, you should walk away from the contract.  Without these provisions you've voluntarily accepted a time bomb which could destroy your company.

A Clear Definition of what constitutes confidential materials.  This definition will often be quite broad, but should prevent someone from retroactively redefining something as confidential after disclosure.

Exemptions for three things: stuff you already knew before signing, stuff made public without your involvement, and stuff you are required by law to disclose to a court or law officer.  NDA-writers often forget the last, but in these Patriot Act days, you can't afford to.

A Time Limit.  These will often be quite long, like five or seven years, but you don't want to sign an NDA you'll pass on to your grandchildren.

Would Like

There are a couple things which you'd like to get into an NDA if you can, but aren't essential.

You'd like the NDA to be Mutual; that is, it should protect your secrets as well as the client's.

If you're going to be doing open source work, the NDA should contain an Exemption for Open Source Code release.  Often you can put this in the Statement of Work if it's missing in the NDA, though.

A defined Procedure for Granting Exceptions from the NDA.

Can Tolerate

There's a bunch of stuff which often appears in NDAs, and you're not really keen on, but it's standard and you shouldn't balk over it.

Right to a Preliminary Injunction for the client.  This is normal; it just means that they can slap you with a gag order if they thing you're disclosing secrets, until it goes to court.

Jurisdiction in the Client's Home State: just like you want the jurisdiction to be local to you, the client wants the same.

A "Reasonable Care" requirement for handling confidential data.  This is, after all, only reasonable.  Although at some point you should talk to your lawyer about what this specifically means in your state.

A Remediation Procedure if data is disclosed: this is normal for contracts tied to vendors under HIPAA, SOX, or PCI.

Warning Signs

Any of the below appearing in an NDA is a reason to send it to your attorney for specific review.  Several of them appearing together is a reason to run, not walk, away from the negotiating table.
  • Indemnification for third-party suits resulting from a violation of the NDA.  This requires you to have D&O insurance, among other things.
  • Weird Legal Jurisdictions, such as another country, or a state which isn't yours or theirs.
  • Right to Examine Your Files: they can't do this without violating your confidentiality agreements with other clients.
  • "Utmost Care" or other weakly defined standards of secrecy.
  • A "No Reverse Engineering" clause without an "unless required for performance of Services" clause. 
  • Limitations on Work for other companies, "competitors", or "companies in the same industry".  If you sign these, eventually you won't be able to work at all.
  • Excessive Length is a warning sign on its own; if the NDA is more than 2 pages and doesn't contain a full HIPAA or PCI agreement, then it's probably hiding something.
Hopefully that helps fight the cult.  Happy contracting!

NOTE: Josh Berkus is not an attorney, and the above does not constitute legal advice.  You should always consult your own attorney on specific contracts and agreements.  Further, the above advice is heavily slanted towards California law (but then, so are dot-com NDAs).