Where database blog posts get flame-broiled to perfection
Alright, let's take a look at this... another performance benchmark. Deep, theatrical sigh. "Good news - there are no large regressions after MySQL 8.0." That's your takeaway? That's like saying the good news is we only have a moderate number of gaping holes in the hull after hitting the iceberg. The bleeding has slowed, but the ship is still sinking, my friend.
You've built this entire house of cards on the most laughably insecure foundation I've seen all week, and it's only Tuesday. Let's start with your "lab." You compiled MySQL from source. Oh, fantastic. So you're not just benchmarking the known CVEs, you're benchmarking the ones you personally introduced with a misconfigured compiler flag. Did you even run a static analysis scan on your custom-rolled binaries? Of course you didn't. You were too busy chasing QPS numbers.
And the hardware... an ASUS ExpertCenter PN53. Is that your gaming rig? Did you pause a round of Cyberpunk to run these tests? No ECC memory, I assume? So we're just going to pretend that cosmic rays flipping bits in memory and causing silent data corruption isn't a thing. Perfect for financial transactions. Your AMD Ryzen has more speculative execution vulnerabilities than this blog post has charts, but sure, let's just turn off SMT and call it "hardened."
Storage is one NVMe device for the database using ext-4 with discard enabled.
You enabled discard? Are you trying to make forensic analysis impossible after the inevitable breach? You're essentially shouting to the void which blocks of data are no longer in use, making it trivial for an attacker to know where to look for deleted-but-not-overwritten sensitive PII. It’s not a performance feature; it's an anti-forensics feature you’ve enabled for the bad guys. And don't even get me started on linking your config files publicly. You've just given away the architectural blueprint. I'm sure there are no commented-out old passwords or revealing path structures in there. None at all.
Now, this "benchmark." You call it a benchmark; I call it a beautifully documented simulation of a denial-of-service attack.
And the results! Oh, the glorious results. You use yellow and blue to highlight regressions and improvements. How quaint. I see a sea of yellow, which I'll just reinterpret as your "Known Vulnerability Score."
You say there are "large regressions from new CPU overheads." You say "CPU overheads," I say "hastily bolted-on mitigations for Spectre, Meltdown, and the other fifty side-channel disclosures they didn't want to fix properly." That performance drop is the price of insecure architecture. It's the technical debt of a decade of prioritizing speed over safety, and you're charting it like it's a weather report.
And your one shining beacon of hope: "the create index step (l.x) is more than 2X faster." Congratulations. You've optimized the exact tool an attacker will use after a successful SQL injection. They can now create their own covering indexes on the PII-laden users table to exfiltrate all your data twice as fast without triggering any performance alerts. You haven't benchmarked a feature; you've benchmarked an accelerant for a data breach. This isn't an improvement; it's a CVE with a pretty blue highlight.
This will never, ever pass a SOC 2 audit. The lack of a controlled, repeatable, secure environment, the public disclosure of configurations, the utter disregard for what these "workloads" actually represent in an adversarial context... it's a compliance nightmare from start to finish.
Honestly, looking at these numbers... the regressions, the trade-offs, the sheer complexity. It just makes you wonder if the entire concept of a relational database has become a bug that we just can't quit. Now if you'll excuse me, I need to go rotate all my keys and re-image my laptop. I feel dirty just having read this.