Hacker News new | past | comments | ask | show | jobs | submit login
Alibaba is leading a $27M investment in MariaDB (techcrunch.com)
399 points by doppp on Sept 29, 2017 | hide | past | web | favorite | 99 comments

Good move, will be good for the database for sure. I think of this article [0] every time someone says "why not just use <some hipster database written by 2 people over the course of a year>":

Rule 1: Developing a good DBMS requires 5-7 years and tens of millions of dollars.

That’s if things go extremely well.

Rule 2: You aren’t an exception to Rule 1.

0: http://www.dbms2.com/2013/03/18/dbms-development-marklogic-h...

The reason is that Alibaba is stuck with mysql and complex queries being put very very deep inside their architecture.

And yes, things like top level transaction databases are like hand maintained clusters of 20 servers for the whole Alibaba with query caching servers in front of them to prevent OOMs

They tried to get rid of it many times as written in their tech blogs, but this probably indicates that they finally gave up on such endeavour, choosing to own Mysql instead

Their most sisyphean issue is the transaction locking. Imagine, 20 people trying to buy 19 trinkets, and you try to resolve transactions in a distributed DB, and two guys manage to buy the same thing in the exactly same nanosecond. The task is hard to tackle.

If you time-atomize the transaction, you get increase in minimal latency.

If you simply use a single server with very fast DB, you get reliability concerns.

With token ring locking, you get both.

And so on, so on, and on

Has Postgres received tens of millions of dollars in funding?

Not sure about the funding, but it has been around for 20+ years. Maybe not tens of millions in VC funding, but it definitely has tens of millions of dollars worth of devs spending time on it.

Likely. Last year the foundation they're a part of received $25,000 in earmarked donations for Postgres which you can extrapolate over the 30 years it's been around to be a million-ish [1]. They've also received several million dollars in subsidies by starting as an academic project at Berkley in the 80s.


Likely through supporting organizations:

EnterpriseDB: $64.92M in 6 Rounds from 7 Investors https://www.crunchbase.com/organization/enterprisedb#/entity

Plus it is much more under development than 5-7 years.

If you assume an average 10 person years of development effort over the 20 year history of Postgres, absolutely.

20 years * LoadedLaborCost (USD$150k/personyr) * 10 people


Yes, I think different companies invested that over the years. But perhaps more importantly it’s been 20+ years of development.

I'd assume the amount of work contributed to PostgreSQL by people while being paid by companies to do so is substantial.

I think you could relate that to funding?

Not sure that much, but Ingres was a sponsored research project and many people who now work on Postgres are employed by a consultancy.

It's received tens of millions of dollars of value in contributions, yes. Probably in large excess of that.

I think using Postgres would be completely valid (could be wrong though), the issue would be converting their code base, rather than any stability issue in pg.

Stupid. Having too many millions makes one careleß in using ðem. Impoßible to fix a bad architecture by þrowing money on it.

Good for MariaDB - they're really pushing the MySQL ecosystem forward at an incredible pace.

RocksDB from Facebook, ColumnStore, MaxScale...really cool stuff.

For context, Alibaba uses their own fork of MySQL which is AliSQL:


I'm curious what would be their motivation for investing so much in MariaDB when they already have their own? Hedging bets? Encouraging competition?

Looking at their commit history, it's not a fork in the sense of "we're actively developing our own new features and diverging from upstream", it's a fork in the sense of "we've taken a stable release from upstream, applied some of our own patches, some backported patches, and some patches from other forks."

It's a fork as much as the stable packages that RedHat or Debian ships are "forks" since they have a few patches applied to customize for their environment and fix a few issues that hadn't made it upstream by the time they picked a stable release to base on.

MariaDB is an active, independently developed project. They are probably funding MariaDB because working with upstream developers of an actively developed fork can be more efficient than striking out on their own with another actual fork. I wouldn't be surprised if they eventually start using MariaDB, and either rebase their AliSQL patches on top of it or drop AliSQL altogether (much of it just looks like backports of bugs or features).

Their Github indicates there's cross-pollination:

> Moreover, it includes patches from Percona, WebScaleSQL, and MariaDB.

Getting out of the business of having their own?

With Alibaba cloud, infrastructure like databases is their business. Take AWS Aurora and GCP Spanner as examples.

But it's also easier to sell a standard DB people already know vs a custom

(see (google) Bigtable vs (amazon) Postgres)

Those aren't exactly comparable products - also, is it obvious which one sells better? Is it well known that amazon postgres sells like hotcakes?

Odd comparison, Google has supported MySQL for a long time, as has AWS.

Dynamo might be a slightly closer comparison

Google Cloud SQL supports postgres as well.

that's kind of my point

databases people know and use already (eg in fun projects) are easier to sell

Google Cloud SQL and AWS RDS now both support PostgreSQL.

FYI: Alibaba is also developing its own Aurora like DB.


A more detailed intro (in Chinese) can be found at http://www.infoq.com/cn/news/2017/08/ali-polardb.

Alibaba has developed another DB called OceanBase (open source). https://news.ycombinator.com/item?id=12925679

Any time I hear that a Chinese company is investing in a product I use, it's as if the Chinese government is now part owner of it as well. This may be general paranoia, but given the latest crackdown on VPNs and privacy, I don't know that I want a foreign government with a significant stake in Alibaba have access to direct the future of MariaDB. Is anyone else feeling this?

If you look at Alibaba's investment portfolio [1], you will see Alibaba has invested in a number of popular US-based startups like Snapchat and Lyft, so are they owning part of Snapchat as much as other VCs (depending on the % of course).

One can say about Google / Facebook / Amazon investing in startups and non-profits inevitably influence these organizations' directions; that's just the nature of any investments. When you donate money to a cause you support, you indirectly influence how the cause is headed, because you can pull the pledge, and when enough people pull the pledge, then the people running the cause/non-profits will have to do something to the demand of the donators.

China is the biggest creditor of the US national debt, and even before that US was careful with its relationship with China anyway. So we can't say there is a cause and effect, the best is a weak correlation, and even that is a stretch.

[1]: https://www.crunchbase.com/organization/alibaba/investments

  China is the biggest creditor to the US national debt
Uh, no it ain't. Not even close. Domestic funds are the lions share, with Social Security Trust holding 2.5x what China does (2.8t vs 1.1t).

Uh, excuse me, can you check this?


Do you want me to be more precise? Foreign creditor?

"The Treasury Department has ranked China as the biggest foreign creditor to the U.S. for the overwhelming majority of the past nine years. "

"Biggest foreign creditor" and "biggest creditor" are worlds apart; it's not just about being more precise. More than two thirds of US debt is held domestically.

I think the OP wanted to make clear that domestic creditors far outweigh any foreign one so saying "biggest creditor" was a deceptive statement.

>>Do you want me to be more precise? Foreign creditor?

That's not being more precise. That's something entirely different.

foreign. That sense said just creditor without the 'foreign' bit.

Yeah, would be better if a US company like Oracle were in charge of it ;)

(Not agreeing or disagreeing with you, just kind of funny/ironic that we're talking about a fork of an open source project that exists because of disagreement with the steward of MySQL... if Alibaba negatively impacts MariaDB, couldn't we just then move on to another fork. MylantaDB anyone?)

I don't know if Monty has anymore kids to name databases after.

Monty is the one who first created MySQL, and later foked MySQL to create MariaDB. There is also MaxDB, but it looks to be a SAP product.

Maybe some grandkids will come into the picture by the time the PRC betrays MariaDB.

Not everything has to be about politics. Sometimes a big company investing in an open source database it already uses is just trying to improve its own infrastructure, not trying to hack your country.

That's besides the point. Even if every single employee at Alibaba is well-intentioned (which is close enough to reality to be considered the case), in the end the government of the PRC has the capability to coerce the company to exert influence in a direction we almost certainly wouldn't like. The only question is whether the PRC would consider the trade offs worth it.

> in the end the government of the PRC has the capability to coerce the company to exert influence in a direction we almost certainly wouldn't like.

It's open source- when that happens, you can fork it and influence it in the direction that you like. I mean if the GCHQ has an active github account[1] - I think the PRC gets a pass to publish open source, let alone Alibaba.

1. https://github.com/gchq

Everything involving huge amounts of money in China is at least tangentially political.

> Is anyone else feeling this?

Yes, but the Western governments are moving in a similar direction. I'd rather Alibaba sponsor MariaDB than not.

How so?

I hear you. We should keep these companies in the hands of US tech companies that would never dream of violating our privacy or collaborating with a government entity against our wishes.

What would the concrete concern be in this case? Any backdoor would destroy the company brand and be excised immediately in a fork.

I suspect they’ll treat it like a piece of critical infrastructure; their political concerns would be at the gfw level, and I just don’t see the likelihood of weaponized attacks. Databases are usually locked down for egress and any outgoing attempts would be rapidly detected.

> excised immediately

Only if the backdoor is obvious. I doubt they would introduce a backdoor that reads

`if ($PWD = "supersecretbackdoorpwd") loginAs("root");`

But a subtle buffer overrun resulting in a 0day that's only obvious to the writers - that's much more likely.

Check out the Underhanded C contest for examples of ways exploits can hide in plain sight.

EDIT: I'm not saying that's what going to happen with Alibaba & MariaDb. I'm just saying that "open source" != "free of exploits and backdoors". One of the biggest untruths about open source is that, with enough eyeballs, all bugs are shallow.

The backdoor would either be obvious (ie make outgoing connections) or it would have debatable value (maybe a killswitch?)

Lenovo seems to get caught with a backdoor every 6 months or so lately. Although I do think that has tainted its brand, I think it's still pretty far off from "destroying the brand".


This kind of stories doesn't seems to hurt the US HDD maker 's brand, neither.

Most of the world just don't care or don't have a choice.

Lenovo doesn’t make databases.

Interesting, If Google or another tech giant in the U.S. are investing it, would you worry about that? I remember Project PRISM did happen, didn't it ? Alibaba invested it to its own advantage by contributing back to opensource and try to get more Startups in China to use it, that's simple as that. And MariaDB is opensource and community-driven, I don't think it will be controlled.

I'd be concerned if they got a sizable chunk of legislative/executive power... until that happens, I wouldn't worry.

I assumed they were doing this precisely not to be under the US yoke of Oracle, Google, AWS

I don't really understand the MariaDB love around here. If you look at actual production usage, MySQL gets the lion's share, looking at the customers each lists at their website. Oracle has been surprisingly benevolent as stewards of MySQL. That Business Source License that MariaDB put forward for new code at one point[1] looked like something I think would have cost an awful lot of goodwill if anyone else had used it.

1) https://mariadb.com/bsl-faq-mariadb


- MariaDB MaxScale 2.0 will be under the BSL.

- MariaDB Server will continue to be licensed under GPL in perpetuity, while its connectors will continue to be under the LGPL.

To be honest I cannot blame Monty. Google and Facebook were built on MySQL and probably didn't give back as much as he thought would be a fair shar. I guess he doesn't want to see this happening again.

He’s free to do what he wants with his company.

The problem is all these people going into headless chicken mode about how Oracle could discontinue the open source licence of the “original” MySQL, so they’re embracing MariaDB (the company) because it’s run by Monty so it must be open source friendly.

You can use/support MariaDB all you want but let’s not pretend they’re great bastions of open source compared to Oracle in the MySQL realm.

The grand parent made it sound as if they changed the MariaDB server license, so I wanted to make a clarification that this is not the case.

Not really. S/he referenced the BSL, which MariaDB (the company) absolutely uses for it's MaxScale product.

> That Business Source License that MariaDB put forward for new code at one point

As I said, I just made a clarification on that “new code” means other products and not MariaDB server.

Just for the record I am not a MySQL-based DB user, so I don’t really care at all about MariaDB or BSL. My license of choice for releasing my code is AGPL.

"surprisingly benevolent" eh? I'm guessing you've not been a paying customer with outstanding bug reports?

Given what I expected Oracle to do to MySQL, if being late on fixing bug reports under a support contract is the worst of their sins, then I stand by my statement.

Really very happy about this. I would love for MariaDB to outpace MySQL in terms of features, as I'm never quite sure which direction Oracle will take with MySQL (especially in terms of licensing)!

It’s ironic in a tragic way that people fear monger about Oracle changing the MySQL license (which has not changed from before Monty sold it to Sun) and advocate for a fork operated by a company that shits on the very concept of open source.

If the MariaDB MaxScale licensing bullshittery didn’t make you think twice about relying on MariaDB, why do you worry about Oracle?

Wow. Monty made a cool billion from Sun. Why does he need external investors now? How can MariaDB possibly have blown through that epic fortune?

He only made 300m. Us other MySQL employees (about 250) shared crumbs for that purchase (VPs excepted). He screwed us, but he never had respect for us - "people are lazy and greedy" (https://www.pythian.com/blog/mysql-ceo-marten-mickos-intervi...) . Then he promised he would fix the mistake he made with Maria by being more generous. Ha.

Funny use of the word 'only'.

Here's the actual interview less the blogspam http://archive.fortune.com/2006/05/31/magazines/fortune/mysq...

Sad to hear that. Being an employee mostly sucks in Sweden.

(If you put some (throwaway?) contact email in your profile I'd be interested to trade stories/old gossip via phone over the weekend; it seems like we worked in similar markets over similar times.)

Same reason plenty of rich people take investment for their own companies?

If you make a fortune and then turn around and invest that fortune into a new project, you no longer have your fortune.

Meaning, he's probably limited his investments into the new company.

Just looked through the Crunchbase profiles of a few Western SQL/NoSQL database companies, and I did not see any Chinese investors. This investment will certainly give MariaDB a significant competitive advantage in China. It will be interesting to see if other startups follow their strategy.

Strange, why not go for postgres

Probably because they don't use it: http://techstacks.io/alibaba

What's the reason nowadays to use MySQL/MariaDB instead of PostgreSQL?

In-memory capability, hiring pool of MySQL/MariaDB developers tends to be larger/wider, Galera cluster (M-M functionality), if the queries trend towards simplicity then MySQL/MariaDB tends to be more performant, Postgres can have issues with write amplification, etc.

Uber (I know, I know) switched to MySQL, here are some reasons why:


Why Uber Engineering Switched from Postgres to MySQL | https://news.ycombinator.com/item?id=12166585

Re: Why Uber Engineering Switched from Postgres to MySQL | https://news.ycombinator.com/item?id=12179222

Why we lost Uber as a user | https://news.ycombinator.com/item?id=12201353

> naming / pronunciation diversion: https://news.ycombinator.com/item?id=12201672

I never understood which table caused these issues at Uber. They use an example with birthday changes for users. That's no real world example. Apparently issues were caused by a small table updated 500+ times a second and used in a lot of joins. That could be the driver table but why would they update it so much? Personal information rarely changes and live information about the driver (trip status, position, online/offline) should be stored separate from that? And you wouldn't need transactions around those updates?

Did they ever clarify what data actually caused the issues?

please don't use uber as an example. they made just so many mistakes with postgresql (mistakes that would probably blow up a ton of databases including mysql)

The fact is there are decision makers - often non-technical ones - who do look at Uber as an example.

It's something we should at least consider an issue, even if it doesn't feel like a valid technical issue.

> Galera cluster (M-M functionality)

not sure if galera cluster is a good thing.. we've started out with galera and it was a pain. we now run on postgres, but even if we would've stayed with mysql we wouldn't use galera anymore. network split was a pita, even if you had major quorum.

can you elaborate on the in-memory capabilities you mention? My google searches aren't yielding anything.

I'm aware of the memory capabilities of mysql in general, but the insinuation was that mysql had more capabilities of in-memory processing than postgres - I dont see anything in those links that are things that postgres cant do - although they may be implemented differently.

The honest answer is that you can get the desired result with Postgres, even if it might require a custom foreign data wrapper implementation. Carpenters pick their favorite saws, and they like MySQL.

To be fair, uber did get burned by a Postgres replication failure- but they also had a NOC team promote 3 bad replicas to primary before stepping back to reconsider their approach. Carpenters do hate losing their fingers in circular saws.

It is simple, MySql has in-memory storage, and PSQL doesn't: all updates for your table are forced to be synced to the disk, which kills performance.

MySQL is faster. There are people that will argue against it but they probably don't understand how the vacuum works. Also if you only read HN yeah you're bias on Postgres vs MySQL. On the end Postgres is "better" but MySQL is already pretty good, it's not like you're comparing a good product to a bad one, both of them are good.

InnoDB is MVCC too

That question could be asked in a reversed fashion too. PostgreSQL is the favorite database here on HN (I prefer it too) but for a generic company out there MySQL/PostgreSQL are interchangeable. Won't really matter which one you choose and I think it's easier to hire people with MySQL experience.


MySQL/MariaDB is pretty much the "standard" database that most programmer started with. At least in university.

So there is no point on using PosgreSQL if MariaDB fits the bill for them. Less learning curve, easy to hire for etc

I actually had databases class which used MySQL for exercises and essentially it was like this:

* you can configure triggers for a table, but you can't use them in MySQL unless you make sure the table is InnoDB (this was a while ago before defaults changed)

* MySQL doesn't support aborting INSERT/UPDATE/DELETE from trigger, but you can emulate it by throwing an exception

* a table can have a CHECK constraint, but you can't use it because it is not available in MySQL

Makes one wonder MySQL was picked for that class. I get that it was because it was very popular at the time, but it felt like a toy compared to a functionality that any other database had.

Also the default database on most shared hosting, so anybody who got a start in web dev likely cut their teeth on MySQL.

Yeah, LAMP stacks are to blame for it's popularity.


I'm interested in what people's experiences here are. I spent the entire of my degree deep in Oracle, persistently being warned a database without object-relational queries were absolutely never used in the real world (how ironic).

Postgres has toxic fanboys. Instead of going for closed source competition like Oracle, DB2, MSSQL where Postgres is a valuable competitor, these really stupid fanboys go for friendly open source databases. Unfortunately toxic Postgres fanboys do this for 15+ years. How about try to convert the "hard part" (enterprise), not the friendly minded ones.

happy to see MariaDB getting some investment, hoping it will continue growing.

Chinese government is leading a $27M infiltration, code injection, and backdoor scheme in MariaDB in order to steal and hack account information for millions of sites around the world.

Proofs? or you are just another troll.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact