By the way Chris, you’re completely right about Arrested Development. That show is pure genius. When it first aired I had a bad fealing it wouldn’t last long though. Hopefully Fox decides to pick up Season 3. Alternatively maybe another network will recognize this amazing show for what it is and pick it up when Fox drops the ball.
Archive for April, 2005
I’ve been getting e-mails the last few days asking when my MySQL UC podcasts will be up… Unfortunately my iBook’s LCD is busted, which has delayed my ability to get things up and running. I hope to figure something out today (Tuesday).
Any laptop recomendations? Preferably something Linux compatible?
The folks over at SugarCRM released their first beta of Sugar 3.0. Check it out. It adds e-mail campaigns, a new soap interface and forecasting. They also have it running here at the MySQL Users Conferene so if you have a minute drop by their booth.
John offers a broad overview of MySQL security. He does not cover everything, but provides a good intro for someone new to MySQL. Here are some notes from his talk:
– Data not stolen or tampered with.
– only access data that you’re authorized to access
– secure passwords
– host level security
– obviously dont run MySQL as a privledged user.
– patch system regularly
– net security
– bind to localhost or skipnetworking unless you have remote clients
– use ssl
– what kind of load does ths add
– authentication in mysql
– 4.1 includes a new auth scheme with more secure password hashes.
– 4.1 supports old protocols, but new protocol is highly recomended.
– SSL support from slaves to marster, clieent to server, etc.
– grant can now allow you to require certs, issuers, specific ciphers, etc.
– limit connections, qeuries, reads, writes, etc per hour.
– you can create views so that a specific user only sees rows that meet his privs / restrictions.
– Groups / Roles, are recognized as necessary by MySQL developers. They hope to include them in 5.1, but make no guarantees.
– ideas for web app users:
– give each script/object/method a user name so that for security and logging reasons which scripts did what, see who is connected,
– interactive help now included in MySQL!
– ex: help grant types
– MySQL “worm” of Jan ’05
The MySQL work would scan tcp port 3306 on the public net and then attept to brute force root. It had a very small list of common passwords and managed to sucessfully connect to an alarming number of servers. The worm would then create a table with a blob column where it would insert the words code. It would then dump itself to a DLL file and drop the table. Then by creating a function it can run itself via mysql.
The worm did not last long as the connecting zombies caused a DOS attack on the IRC servers where the zombied nodes were managed,
– MySQL 4.1 now includesfeatures to make this more difficult:
– User defined functions must define and meet certain criteria or they will be considered “suspicious” and not run.
– root@ accounts were reomved from windows, no other distros ever had them.
– wont let you use .. or other pathname info in the name of a shared object
I arrived at the MySQL show this morning and found that the place was jam packed with people. In addition to the 1300 MySQL users here for the conference, the TriCounty Apartments Association (?) was here too. The combination of the two shows has maxed out parking and made the hotel a lot busier. Anyways, off to to some talks now.