Michael: Hello and welcome to Postgres.FM,
a weekly show about

all things PostgreSQL.

I am Michael, founder of pgMustard,
and this is my co-host Nikolay,

founder of Postgres.AI.

Hey Nikolay, what are we talking
about today?

Nikolay: Hi Michael, we are talking
about some article which

attracted my attention.

Michael: And I hope not just the
article, because it was the article

was about best practices, and I'm
I'm hoping to discuss that.

Nikolay: Yeah I always like like
15 mistakes, 25 recipes, this

kind of titles.

Michael: Clickbait.

Nikolay: Yeah and honestly I chose
it like let's just choose

this article, and it attracted my
attention just by title.

7 crucial Postgres best practices.

Good title, right?

Michael: Yeah, and we haven't had
an episode called best practices.

So it's an interesting, it's a interesting
omission on our part.

Nikolay: Really? Yeah. Yeah, okay,
best practices.

We have something like mistakes
to avoid maybe, right?

Michael: Oh, maybe, yeah.

Nikolay: From my experience being
program committee of various

conferences and just general conference
experience, people love

to hear about mistakes.

They also love to hear pieces of
advice, but mistakes we somehow

love more because it's like things
to avoid.

And yeah, and best practices.

What does it mean best practices?

Do this, not that, right?

Michael: Yeah, I've been thinking
about this.

What's the difference between best
practices and good practices?

Like, I think it's like shorthand
for if I'm new to this and

I don't really know what I'm doing,
what are some things I can

do to not look stupid?

Or to, you know, to at least cover
what people generally say

is a good idea because in anything
complex, especially databases,

we know often it depends, like it's
going to depend on exactly

what you're doing as to whether
you should do X or Y.

So I think these lists and these
suggestions are almost fraught

with danger from the beginning,
but I think they can be useful

educationally.

Like, they can be useful for people
to say, in general, this

is a good idea.

In general, this is a bad idea.

Nikolay: You could be a great consultant,
you know.

Because you sound like one.

Michael: Yeah.

Well, what do you think best practices
mean?

Nikolay: For me, it's not about
avoiding to be, to look stupid.

It's about, I like the word shortcut,
like to quickly find what

other people already experienced
and choose maybe not best, but

something better than you would
choose on your own, right?

So.

Michael: That's a good point, actually.

Not so much about looking cheaper,
but maybe to avoid things

going wrong.

Like to avoid the most common traps.

Right.

The goal

Nikolay: is not about how we look.

The goal is not to look bad when
making decisions, engineering

decisions around polygons, but
the goal is to make database work

better, more reliably, more like
better performance, avoid data

loss, avoid downtime, these kind
of things.

Actually 3, well, correctness is
1 of the goals, but naturally

Postgres has very good, in most
cases, if we don't touch the

null topic, right?

Null topic.

In this case, if we don't touch
the null topic, most of the time

Postgres works in a very correct
way and predictable.

I expect this, I got what expected.

And so in general, 3 areas, big
areas are good performance, reliability,

and well, avoidance of data losses,
big fear of database guys,

right?

And also no downtime or very short
downtime.

Michael: Yeah, perfect.

Nikolay: Big 3 areas.

Let's dive into this article.

I know we both are not thinking
it's super great material.

Michael: Yeah, sadly.

Nikolay: Let's be honest.

Well, it's an attempt.

Michael: It looks to me like somebody
has asked their favorite

LLM for a list of Postgres best
practices and almost copy and

pasted it verbatim into an article.

That's what it looks like to me
without much review.

Nikolay: Well maybe it's written
by LLM, yeah I'm not sure.

The author name is Zak and I think
it's good that the good attempt

is made to bring this again.

And actually it was on Hacker News
Top, I guess.

That's how it caught my attention.

It's a good attempt, but I agree
with you some parts.

Maybe it's written purely manually.

It's possible.

But I would like to just reflect
on the fields covered, 7 fields.

From the beginning, I don't agree
that we have 7 practices here.

We have 7 fields covered and inside
each field we have some practices

mentioned.

And you also mentioned that you
think there should be more fields

covered if we try to come to have
this like kind of digest of

tips, right?

But let's touch, my idea, let's
touch every one of these seven, bring

up to three our own tips we should,
like, should be noticed, like,

involved into consideration.

And then in the end, I'm very curious
what you think is missing

in terms of the fields, the areas.

Right?

So, deal.

Okay.

First, the first field is database
design and discussion is about

naming conventions and so on. What
what you think?

What's your number one take when
we think about how to make database

design good?

What what makes you good?

Michael: Yes, I mean I'm surprised
it starts with this.

I actually saw some of the Hacker
News comments and it's an odd

choice of where to start but I
do see a lot of people making

the mistake of using spaces in
their names for objects or using

mixed case and things and technically
if they followed this advice

they wouldn't do that so I do see
people making the opposite

mistake so yeah I don't think it's
bad advice and generally people

do have conventions.

I actually follow a lot of the
ones that are listed here.

So yeah, not bad.

How about you?

Nikolay: Well, first of all, I
think it's not a mistake if you...

My previous startup had camel case
table names.

It was inherited and I understand
it very well that it's not

super convenient.

I left it as is because it was
intentional.

I also think one step back, database
design being the first topic,

and then performance will be the
next topic and leaving reliability

like backups and HA later.

It just shows a tendency that probably
this article and this

set of tips are targeting more
backend engineers, developers,

programmers, or those who create
some systems rather than purely

database folks.

And it's totally fine.

And also, like, if we take managed
service, managed Postgres,

like RDS or something, The important
areas like backups HA are

presumably solved already.

So we have opportunity to focus
on things we deal with every

day, like database design, performance.

These things are closer to us.

I can understand this choice of
order.

If we talk about database design,
I think the main idea is to

have some convention.

It can be even camel case with
spaces, but you understand you

will be forced to use double quotes
all the time, everywhere.

But if it's choice, well, it's
inconvenient.

I know I was there.

And I was there after a couple
of other startups where I was,

how to say, like, very, very, like,
polishing every symbol, you

know.

I think this is what matters here.

Like, convention is important for
yourself, for people who work

with you also, right?

And for LLMs who work with you
as well.

Michael: But it's a good point.

It doesn't really matter why is
it number 1 in this list.

Like, yeah.

And there's also no mention in
database design and schema design,

there's no mention of normalization,
which is a bit odd.

Nikolay: Well, let's shift to what
we think matters.

So you say convention and also
we need to normalize the tables.

I tend to agree.

And also, if you think about convention,
I love also to think

not only about how we name database
objects, but also how we

write SQL.

I'm a big fan of Mozilla SQL Style
Guide, which is closer to

normal programming languages and
moving away from this central

space colon, right?

How to say like central space thing
like in...

We all...

Michael: You mean like an underscore?

Nikolay: No, not only, so SELECT
space blah, blah, then you're

from and you need to move from.

So you maintain the central space
vertical line.

Michael: Oh, alignment.

Nikolay: Alignment of spaces.

Alignment, yes.

I honestly, I hate it so much.

I know it's old-fashioned approach
and many books follow this

rule, but it's so inconvenient,
guys.

Just take Mozilla SQL Style Guide,
publish it inside your company

wiki or documents, like any confluence
or something, what you

have.

Adjust it for your flavor a little
bit and that's it.

And agree, okay, we are following
this convention.

As for normalization, I guess let's
mention the episode we had

a couple of weeks ago, 3 weeks
ago maybe, with Franck Pachot, about

NoSQL versus SQL.

And we talked about normalization,
denormalization quite a lot

there.

I agree this is a very important
topic to agree on and follow

this.

Well, also, for me, I think constraints
are super important.

Like, I would say, I would put
this as a big, like, it's a best

practice to use database constraints,
all kinds of constraints,

understanding the power of them,
and also understanding overhead

as well.

Michael: Yeah, I think it's good
default, like if in doubt, add

the constraint, and you might want
to remove it in future if

you get to a certain scale, but
I like the idea of having it

by default.

Nikolay: For example, we discussed
in the same episode with Franck,

we discussed maybe we should have
not NULL constraint by default.

Not that, unfortunately, it's not
so usually in all systems.

But we can agree, let's put it
by default and lift it only if

we know NULLs are going to be useful.

So yeah, that's it, I guess 3 tips,
enough, right?

Michael: And what about schema
namespacing do you ever do you

use it oh

Nikolay: it's interesting I I'm
I'm shifting back and forth and

in my career use namespaces schemas
or not use them depends on

the project here I am like with
you it depends if it's

Michael: Also it doesn't matter
that much, right?

Nikolay: Well, it does, because
it's about convenience as well.

If you think about others, they
can be spending a lot of time

trying to find your table.

Again, consistency here is the
key, because if you chose to start

using namespaces, schemas, suddenly
after a few years of development,

and the majority of your tables
are in the main...

And it happens all the time.

Like, I see it all the time.

Yeah, sure.

The majority of the tables are
in public schema, but suddenly

you start using some additional
schemas and hide tables there

basically.

It's maintainability as well, for
example you can control permissions

better and it also sometimes namespaces
are serving some trick

like you can have multiple tables
with the same name sitting

in different schemas and but this
can go this can lead to some

messy state and problems yeah so
but I would say this is part

of conventional agreements you
how we use schemas so yeah sometimes

people choose you know like choose
this is good topic by the

way for maybe 1 day we should discuss
it.

Multi-tenant applications and architectures
and how to create

multi-tenancy with good properties
in database.

I just recently learned that if
you go to Timescale cloud, you

cannot run create database and
you cannot have multiple logical

databases in a single server.

So in single Postgres, usually
we are allowed to have multiple

logical databases.

And their recipe for multi-tenancy,
they have an article about

this, like, let's use schemas and
just that's it.

But for me, schema is a very weak
wall between data.

Logical database is a big wall
between data because you cannot

read from another database being
connected to 1 database.

You cannot read from another database
not using something like

postgres_fdw or dblink.

Because this is how Postgres works.

Database name is a part of connection
properties, the core connection

properties.

Unlike schema, schema is kind of...

It's something...

Michael: Namespace.

Nikolay: Well, yeah.

It's namespace, and you can revoke
rights to use some schema,

it's good, but still it's inside
the same database.

So if you messed up with permissions,
you can end up having security

issues.

If you want strict segregation
of data, separation of data for

your tenants.

Okay, This is a different topic.

I think quite good, like we have
at least let's move on to the

performance topic, the second topic,
right?

Michael: So, they talk about indexing
and they talk about query

optimization.

I think, right, we've in the past
talked about a couple of things,

like micro optimizations and macro
optimizations.

And I think we could maybe, like,
think in those terms instead.

I do think it's obviously performance
is a lot about indexing.

And about individual query optimization.

But I do think there's some best
practices around macro optimization.

Like in Postgres, by default, we
don't have pg_stat_statements

turned on.

That feels to me like a pretty
much a best practice that we should

probably have pg_stat_statements
on or some or an extension for

doing that analysis that's on the
on the wider system level.

Maybe some logging like I think
there's some performance logging

of slow queries.

Nikolay: Just choose just 1 tip
right now.

It's already too many.

Michael: Oh, A, best practice.

All right.

Yeah, best practice.

I would say, well, I like their
first 1, I guess.

Use indexes.

Nikolay: Yeah, use indexes is obviously,
but yeah, I think my

take would be don't leave autovacuum
untuned and don't postpone

bloat control.

This is how Postgres works right
now, right?

So we must be aware of what bloat
is, what dead tuples are, and

distinguish them actually.

And...

Michael: They cover that in maintenance.

Yeah.

Nikolay: Yeah.

And this is what nobody do it well
among managed Postgres platforms

right now.

Nobody.

I mean, they don't give you good
tools.

Some of them have basic autovacuum
tuning, right?

And that's it.

Basic autovacuum tuning.

And that's it.

Some of them provide pg_repack,
and also have it indexed concurrently,

but that's it.

Obviously, I see future where more
platforms will provide more,

better tools to help you in this
area.

But so, knowing that right now
it's on your shoulders when you

build some system, this should
be not postponed, right?

Index is obvious, like everyone
knows index.

Let's create indexes.

Michael: But 2 important things
that aren't mentioned here are

do it with concurrently and don't
index everything.

We've done a whole episode on over-indexing,
but I feel like

a whole beginner category of issues
are caused by folks creating

indexes everywhere

Nikolay: yeah I agree and well
there's There are dozens of tips

we can put there around indexing.

Michael: Yeah, you said only a
couple, right?

Nikolay: Yeah, only a couple, but
you already named more than

5.

Pre-registered statements.

I agree.

While we are all sitting here and
waiting until hackers decide

to move this extension to core,
we need to keep this tip active.

And register statements must be
installed in any database.

Understanding some very edge case
or maybe corner case overhead

we also talked about in the past.

Yeah.

Good.

Yeah, okay, good.

And that's it maybe, right?

Well, performance is a huge topic.

We love it.

Yeah, we had many episodes about
performance.

But again, autovacuum tuning,
learn indexes, many best practices.

And the predecessor sentence must
be installed.

Agree on these 3 maybe, right?

Good.

Good.

Good.

So next field, again, the list
is far from being complete.

It's just like the tip of the iceberg.

So next security, suddenly.

I would say make sure you don't
have Postgres open

Michael: to the world.

That's the main mistake I see people
making.

Yeah

Nikolay: What else

Michael: but but obviously if you
if you're using certain like

managed services, that's on My
default in a lot of cases so then

it becomes well of having good

Nikolay: Right, they open it to
public, but protected, maybe,

right?

Michael: Yes, but...

Nikolay: But protected how?

Michael: Then it becomes about
good password policies and things.

Nikolay: Right, right, right.

But this started with Heroku, I
think.

They also have Postgres open to
public and security by obscurity

when hostname is a very large hash.

Yeah.

And username also.

Everything is like large hash,
but it's weak security.

But the password is strong, and
if it's not MD5, but Scram, it's

something better already.

But I agree, if you're a serious
project, this should not be

the case.

A port should not be available
to public.

I think it should be only like
local IP address and available

only internally in networks VP
Yeah, so Good.

Michael: I'm saying Are you saying
it depends?

Nikolay: I'm saying that I'm not
against like I can understand

people who have well platforms
who have it open to public for

because sometimes we want to start
very quickly.

And at the same time, I would not
allow this in a serious project

with data of customers, PII, and
so on.

I would not allow this at all,
to let this port to be open, even

if the password is absolutely difficult
to find.

For example, we have 2 factors
of authentication everywhere,

but here we have just 1 password
well what about if it's leaked

right

Michael: yeah this is this is honestly
the difficult thing about

security best practices is because
Best practices with security

means do everything you possibly
can to secure everything.

And that's just often not practical.

Like at what cost?

At what, you know, what are you
trading off?

Often you do trade off things for
better security, like as you

were saying, like quickness of
getting started or developer experience,

like ease of use.

So there's like a, I do think it's
a tricky topic to give best

practices on because you don't
ever want to say do something

that's slightly less secure because
it has these other benefits

because it's it's not a it's not
a best practice anymore.

Nikolay: Yeah it also makes me
think we could we could have bad

pieces of advice episode you know
we could have it.

Yeah we did like we

Michael: did go through there's
a wiki.

Nikolay: Don't do this.

My next advice, next tip for security
is divide and conquer.

So and unfortunately, many teams
don't follow this.

So use different users for different
parts of workload.

And for example, humans should
have different usernames in database.

So we can distinguish them quickly
and probably limit differently

and so on and parts of application
also it's it's wise to to

avoid using the single user name
for everything yeah

Michael: I really like

Nikolay: yeah I

Michael: really like that about
humans as well.

I mean, we don't like to think
about it, but if you were to need

to remove somebody from a project,
it's much easier to do that

at the user level if they've got
their own user than it is to

roll out and, you know, to think
about what did they have access

to, which passwords did they know
that were team-wide or something

like that.

So yeah.

I think I've heard of a similar
view, in fact I think this article

mentions it, but there's a general
concept of principle of least

privilege.

Nikolay: Yeah, yeah, yeah.

Well, this is super important principle,
of course.

And it just, it should be a habit.

It's hard to enforce it.

It should be a habit of all the
team members to follow this principle.

Michael: But it is also painful,
right?

Like, it is painful because it
means anytime you add anything,

you then need to add permissions
to it, like from all of the

things.

I get that it's good for security.

Nikolay: Default privileges and
Postgres, the concept of default

privileges, sometimes you can define
them as well.

Michael: Is that the least?

Nikolay: Yeah.

Yeah, well, yeah.

Another, maybe, let's do the last
tip.

I'm grabbing the ideas from article,
but we're trying to unwrap

them here.

Password rotation.

Michael: Oh, I hate it.

I've written yuck about that.

Nikolay: Well nobody does it actually.

Well, some people do it but honestly,
honestly, it's first of

all it's a pain.

Michael: For me it's a relic of
when people used to use the same

passwords across multiple services.

So I think the risk, when I say
used to, obviously a lot of people

still do.

You think

Nikolay: it's a bad advice?

Michael: My advice would be make
sure all your users are using

Some password generator or password
manager so that they have

a unique password per service because
then the risk of their

password getting leaked by a different
service that then they

can use as an attack vector on
your service is 0.

So it's only if you leak the password
that it becomes an attack

vector.

Which, you know, do you see where
I'm coming from?

Nikolay: Yeah, yeah, yeah, I understand
that.

Also, like, yeah, I agree.

I think actually Postgres could
have improvements in this area.

For example, you could say, if
it would be possible to define

password policies and so on, like,
for example, to forbid short

passwords, simple passwords, and
Postgres would ensure it's not

happening.

Or also PgBouncer, I don't know,
like Postgres first of all.

And maybe password retention could
be 1 of the policies if people

choose to use it.

Right, I don't know.

Like, I don't believe in the rules
here established and followed

at all.

It's like I just see companies
have this principle and nobody

follows this principle and attempts
are like hard.

It should be Postgres who enforces
this rule.

To like avoid weak passwords, for
example.

Michael: Yeah, right.

Nikolay: Yeah.

Okay.

Let's...

Well, the article also mentions
RLS, but I think it should be

very connected to performance and
to be used with big caution.

So it's a controversial topic to
just put it, oh, just let's

use RLS.

Well, yeah, let's check performance
additionally.

OK, next, backup and recovery.

If you're on a managed service, well,
supposedly it should work

good.

But it depends on the service,
on the provider.

Not everyone has good capabilities.

Michael: I would say also a best
practice would be to have a

version like to take I know we've
talked about the difference

between a backup and a logical
backup or a dump, but if you're

on a managed service I would still
recommend having a copy on

a period that you're comfortable
with off the service.

Yes,

Nikolay: Automatically created.

So diversification of backup locations
and some platform can

go down or your account can be
stolen.

And you, you must have the backups,
maybe not super frequently,

but some backups additionally in
secondary provider or location,

like isolated.

It's similar to having backups
on the same Server where you work,

but just a different layer.

Same principle, different layer.

If all backups are in the hands
of RDS, well, and single account,

well, it's not good.

Yeah.

And unfortunately, if you want,
if you are on RDS and you want

to follow this principle, you need
to deal with dumps.

Logical backups.

Michael: And it's not unique to
them, there are quite a lot of

service providers that that's the
only option.

Yeah, yeah.

Nikolay: I agree.

What else about backup and recovery?

Testing sometimes, right?

Michael: Yeah, I guess that is
the other big 1, isn't it?

It's not a backup unless you know
it could be restored.

Nikolay: Yeah, shorting the backup.

Michael: So some amount of testing
that restores.

Nikolay: And I don't think platforms
test all your backups.

They test only some of them and
who knows, right?

So I think it's a good idea to
test even if you trust them and

don't hear bad stories, still have
some testing.

Michael: Yeah, what's the age-old
saying, like, Trust but verify,

right?

Trust them to do it, but verify
it.

Nikolay: Final responsibility is
yours.

If you lose everything, well...

Yeah, so what else?

Anything else in this area?

Backup and recovery?

Understand RPO, RTO?

Michael: Yeah, I think discuss
that.

RPO, RTO, I think it's about discussions
internally.

Like have those discussions.

I think RPO and RTO are really
good tools and good things to

define, but more importantly, they're
good to enforce.

You've even had the conversation
with, you know, senior management

or whoever it is, maybe co-founders.

What are our trade-offs here?

Like, are we willing to pay this
much more for, like, a reduced

amount?

Or are we willing to lose a tiny
bit of data to bring our costs

right down?

I think those are difficult discussions
to have, and not everybody

has the same...

Not everybody would make the same
trade-offs there in different

situations.

Nikolay: Let's move on and next,
it was number 4, field number

4.

I would jump to field number 7
here, high availability, because

in my opinion backups and like
DR, basically, that disaster recovery

and HA, they should consider together
as a foundation of good

database system platform or something.

So HA, right?

HA, it's interesting.

If My number 1 advice is avoid
systems which are not HA systems

but split-brain systems, like replication
manager, avoid it.

Just avoid it.

And I don't know...

Michael: Well, if you're going
to say a best practice, maybe

we'll just say Patroni?

Or what would you say?

Nikolay: Yeah, just Patroni.

But you know, right now, CloudNativePG
is gaining popularity,

and it's not using Patroni.

So I wrote on Twitter, anyone experienced
already split brains

with CloudNativePG?

I'm just wondering, I don't know.

So Patroni is definitely passed
a huge path to achieve very good

quality in terms of avoidance of
split brains and maintaining

very low downtime in case of primary
disappears and so on.

Yeah, this is number 1.

Like I would just if possible choose
Patroni.

This is my advice.

What else?

Michael: Or managed service provider.

I think that this is where the
big, well all the cloud providers

that offer this.

I'm so glad they handle this for
me.

Nikolay: In this case, like I can
speak about this openly.

Crunchy Bridge, please don't do
backups from primary, physical

backups.

They still do.

You need to fix this.

If you follow us, like right now,
full backup, if it's not snapshot,

even if it's not snapshot.

So it should be on from some replica,
some physical Standby,

because it's very I/O intensive.

Even cloud snapshots can be I/O
intensive.

And of course, wall archiving should
be on the primary to minimize

the lag and minimize the RPO.

Improve RPO, right?

But full backup, if you do it from
primary, it's huge stress

for the primary, and if it's heavily
loaded project, it suffers.

What we recently observed, it was
not good.

So advice to backup, if it's under
your control, organize backups.

So full backup or Delta backup
or snapshot is not done, not on

the primary.

It's possible.

pgBackRest backups, pg_basebackup,
they support non-exclusive

backups, right?

So we can do it on replicas.

On the...

Michael: Makes sense.

And if we've got HA in place, the
replica's not doing anything,

right?

It's not a read replica.

Nikolay: Well, yeah, it depends
here, but I agree.

It's good to do backup from replica,
which won't be primary.

So if we talk in terminology of
Patroni, it should have no failover

tag.

Probably also no load balance tag,
but definitely no failover

tag.

It's Patroni terminology.

You can put the tag on the replica
to say no failover, so if

failover needs to happen, Patroni
won't choose this replica.

Michael: Got it.

Okay.

I was actually thinking you did
want it to be that 1, but yeah,

sure.

Nikolay: And then you do backup
from it.

Well, there's another topic.

If you do backups, only full backups,
only from single node,

what happens if it has some local
corruption and other nodes

are fine?

So all your backups are corrupted,
but it's an interesting, already

deeper topic.

Let's talk about HA, we talked
about Patroni, what else?

Lag control, right?

Michael: Lag control.

Monitor lag, yeah.

Nikolay: Well, also not monitor,
monitor, but also it can be

tuned.

Oh, sure, yeah.

To have a very low lag, and also
when you do load balancing it

can be very smart logic.

Many people already implemented
it or else implemented it in

core already.

So it can be like if some write
happened, this session deals

with primary for some time.

It can be even smarter, right,
comparing other sense and so on.

So you have some, it's not strictly
about HA, but it's about

load balancing mostly and how we
use our replicas.

It's like a dressing topic.

What else about HA?

We don't have a lot of time.

Unfortunately,

Michael: we haven't.

We have a whole episode on it.

Let's link to that.

Nikolay: Yeah, yeah, yeah, yeah.

What else in this area?

Any other tips?

Test failovers, right?

Or switchovers?

Michael: Yeah, true.

Nikolay: Yeah.

I remember I chased RDS guys asking,
you have this checkbox HA,

which makes me pay double price
for primary, but how can I trust

you?

I mean, I trust you in words, but
in action, how can I test it?

And they implemented it, you can
test failover, which is great.

So simulate primary failure and
see how failover happens, how

your application experiences it,
for example.

Important, another tip of advice
here is to write applications

so it has retry logic, not to lose
writes.

Okay, let's move on, because this
is like huge areas.

Each of them are huge areas.

What's left?

Maintenance and monitoring.

Wow, huge area.

Development practices.

And that's it.

Only 2 areas.

And I think it's not possible to
pack it into a few minutes.

Let's only maybe use 1 or 2 tips
everywhere.

For maintenance and monitoring,
we already had a tip to always

install pg_stat_statements.

What else?

Your choice.

Michael: Well, a big mistake I
see people doing sometimes is

turning off autovacuum.

And this, the author of this doesn't
seem aware of autovacuum

so that that would be my main tip
is keep autovacuum on and

tune it I know you

Nikolay: mentioned my tips are
2 of them like bloat control and

index maintenance and we had we
had several episodes on these

topics And just these must be implemented
in any project which

aims to grow even not to huge numbers,
but some moderate numbers.

Okay, and finally, development
practices, and then your secret

area as well.

Development practices, what do
you think?

Version control, code organization,
well?

Michael: Yeah, I mean, version
control has been a best practice

for years, but I still think it's harder than it should be.

I know we did a whole episode on this.

But some basic, however you choose to do it, some way of tracking

what changes have you made to your database, some form of version

control is so much better than not having anything.

Nikolay: Yeah, well, my advice is straightforward.

Based on what we do last 5 years, use proper testing during development

and before deployment.

And this testing should involve a lot of data.

So thin clones or database branching are great.

Michael: Or a staging server that has like just some not has

some reasonable amount of data.

Nikolay: Well, if you're alone, yes.

And also, even if you're alone, if you work on 2 tasks separately,

it's still like single staging is not enough.

You need to have, And what if you started doing something and

made everything wrong and data is changed?

How to restart?

So database branching is the key.

Michael: Or best practice.

Nikolay: Yeah, so I recommend in development practices, grow

your level of development methodologies, so database branching

starts to be involved into all development and testing activities.

It will be level up, huge level up.

So this is what we do at Postgres AI.

And okay, what's your secret topic, secret area?

Michael: Not secret, we've discussed it a bunch while we're talking,

but I couldn't believe that config tuning wasn't in, Like, no

mention of changing shared buffers even.

Like, I don't understand how you can talk about best practices

for running Postgres and not talk about changing settings.

Nikolay: Again, if you are a RDS user, I can imagine, like, we

talked about HA, but we talked about backups, and it's very...

In this article, it's very development-focused point of view,

like, developers point of view.

Like, things already solved, and configuration partially also

solved, but we...

We all remember, like, Crunchy Bridge tuned a random page cost

after our complaint.

Michael: They did, but I don't think RDS have yet or most of

the others.

So random page cost is still the default on most major providers.

Nikolay: So many things are still default.

I'm happy I have work doing consulting.

Michael: We help many people still.

I know that could be covered, but it really just wasn't mentioned.

And then the other big 1, I'm sure there are others that have

it's hard to spot like the absence of things right when you go

through something but I couldn't believe I didn't see a single

mention until the conclusion of upgrades of staying even in security

we didn't mention staying up-to-date
with the latest minor versions

and in performance we didn't talk
about like upgrading to major

versions.

That feels to me like a best practice
should be to stay up to

date.

Nikolay: Yeah, yeah I agree.

It's part of our healthy Postgres
vision.

Definitely minor upgrades, major
upgrades for sure.

It's part of our health check we
do.

Michael: Everything that's in your
health check in my opinion

should be your best bet.

Yeah.

If that makes sense.

Nikolay: And so also still I always
have a feeling that it's

not enough, we need to extend all
the time.

Some things go away, like upgrades,
we will have, in 2018 they

will have statistics, so this will,
this tip will go away, but

so many tips are still coming.

Okay I think it's great like maybe
you're not very well structured

but I hope some some people heard
some good pieces of advice

today.

Let us know in the comments please
or on Twitter or LinkedIn

somewhere.

Good.

And we have document actually,
maybe it's a good time to remind

that we have a document with ideas
and also if something is missing

and we could dive into some topic.

Michael: Yeah, you mean, so we've
got a document that lets people

request or suggest episode ideas.

Nikolay: Right.

Michael: Yeah, topic suggestions.

Nikolay: Yeah.

Good.

Michael: Nice.

Nikolay: Good.

Michael: Thanks, Nikolay.

Catch you next week.

Nikolay: Thank you.

Bye bye.

Some kind things our listeners have said