Over the last few weeks, users of MongoDB all over the world have managed to employ what one of my co-workers calls a "Foot-Gun" - that's when you shoot yourself in the foot, needlessly and usually carelessly causing yourself very much pain.
I've worked with databases for more years than I care to think about - open source, closed source, big and well known, small and obscure, OLTP and OLAP. I've been on the vendor side, and I've been on the customer side, as a developer and as a DBA.
In each of them there were ways to employ the foot-gun and depending on when, how and how many times you shot yourself you might recover completely, or you might limp along for a long time painfully trying to recreate the data from backups, replay logs and anything else you could get your hands on.
In a perfect world, a database would have a solid trigger lock on the foot-gun that requires bio-recognition, two-factor authentication and some other magical incantation before allowing you to mess with its innards, but we live in the real world where 'sudo' allows an OS user run 'rm' on arbitrary set of files, and where rushed and overworked DBAs and developers sometimes try to fix things "ad hoc" in the heat of a fire drill (which is when the worst self-mutilations usually occur, IME).
The most I realistically hope for is that we (as database makers/vendors/champions) don't load the gun, take the safety off, and place it within easy reach of every database and OS user. When we do that, it's our fault even when the user picked up the gun and shot themselves in the foot. Twice.
I've debated whether or not it's a good idea to document exact failings that led to such painful outcomes. On one hand, schadenfreude may be an enjoyable pastime; on the other hand, I don't think it ever helped anyone in a constructive manner, except when it included the detailed explanation of either how to avoid such circumstances, or how to recover with least amount of long-term damage.
How about it readers? Have you shot yourself with the foot-gun? Do you think you would have been able to avoid it had you read about someone else doing the exact same thing you wished you hadn't done? Or was in caused in part by reading on the internet "how to fix" something and getting it wrong?
P.S. One of the best footgun metaphors I've ever seen is by Tom \"spot\" Calloway on Fedora developers mailing list where he described always logging in as root like this:
"What you're doing is analogous to using a loaded shotgun as a golf club, and what you're
suggesting is that we take the safety off, because it interferes with your golf game."
I've worked with databases for more years than I care to think about - open source, closed source, big and well known, small and obscure, OLTP and OLAP. I've been on the vendor side, and I've been on the customer side, as a developer and as a DBA.
In each of them there were ways to employ the foot-gun and depending on when, how and how many times you shot yourself you might recover completely, or you might limp along for a long time painfully trying to recreate the data from backups, replay logs and anything else you could get your hands on.
In a perfect world, a database would have a solid trigger lock on the foot-gun that requires bio-recognition, two-factor authentication and some other magical incantation before allowing you to mess with its innards, but we live in the real world where 'sudo' allows an OS user run 'rm' on arbitrary set of files, and where rushed and overworked DBAs and developers sometimes try to fix things "ad hoc" in the heat of a fire drill (which is when the worst self-mutilations usually occur, IME).
The most I realistically hope for is that we (as database makers/vendors/champions) don't load the gun, take the safety off, and place it within easy reach of every database and OS user. When we do that, it's our fault even when the user picked up the gun and shot themselves in the foot. Twice.
I've debated whether or not it's a good idea to document exact failings that led to such painful outcomes. On one hand, schadenfreude may be an enjoyable pastime; on the other hand, I don't think it ever helped anyone in a constructive manner, except when it included the detailed explanation of either how to avoid such circumstances, or how to recover with least amount of long-term damage.
How about it readers? Have you shot yourself with the foot-gun? Do you think you would have been able to avoid it had you read about someone else doing the exact same thing you wished you hadn't done? Or was in caused in part by reading on the internet "how to fix" something and getting it wrong?
P.S. One of the best footgun metaphors I've ever seen is by Tom \"spot\" Calloway on Fedora developers mailing list where he described always logging in as root like this:
"What you're doing is analogous to using a loaded shotgun as a golf club, and what you're
suggesting is that we take the safety off, because it interferes with your golf game."