---

At technology events, I often ask attendees if they’re storing sensitive data in MySQL. Only a few hands go up. Then, I rephrase and ask, “how many of you would be comfortable if your database tables were exposed on the Internet?” Imagine how it would be perceived by your customers, your manager, your employees or your board of directors. Once again, “how many of you are storing sensitive data in MySQL?” Everyone.

TWO MAXIMS:

1.) You are storing sensitive data.

Even if it’s truly meaningless data, you can’t afford for your company to be perceived as loose with data security. If you look closely at your data; however, you’ll likely realize that it could be exploited. Does it include any employee info, server IP addresses or internal routing information?

A recent article by Lisa Vaas from Naked Security highlights a spate of data leaks from poorly configured MongoDB instances.

Here we Mongo again! Millions of records exposed by insecure database
Yet another MongoDB database instance has been found belly-up, unprotected and exposing 11 million customer records…nakedsecurity.sophos.com

What’s striking is that these leaks didn’t include credit cards, social security numbers or so-called sensitive data. Nevertheless, companies are vulnerable to ransomware and diminished customer trust.

2). Your data will be misplaced, eventually.

Employees quit, servers get decommissioned; but database tables persist. Your tables are passed among developers, DBA’s and support engineers. They are moved between bare metal, VM’s and public cloud providers. Given enough time, your data will end up in a place it shouldn’t be.

Often people don’t realize that their binary data is easily exposed. Take any binary data, for example, and run the Linux strings function against it. On a Linux command line, just type “strings filename”. You’ll see your data scroll across the screen in readable text.

ENCRYPT MYSQL DATA

Two years ago, MySQL developers had to change their application to encrypt data. Now, transparent data encryption in MySQL 5.7 and 8.0 require no application changes. With Oracle’s version of MySQL, there’s little performance overhead after the data is encrypted.

Below are a few simple steps to encrypt your data in MySQL 8.0. This process relies on a keyring file. This won’t meet compliance requirements (see KEY MANAGEMENT SYSTEMS below), but it’s a good first step.

1. Check your version of MySQL. It should be MySQL 5.7 or 8.0.
2. Pre-load the plugin in your my.cnf: early-plugin-load = keyring_file.so
3. Execute the following queries:

• INSTALL PLUGIN keyring_udf SONAME ‘keyring_udf.so’;
• CREATE FUNCTION keyring_key_generate RETURNS INTEGER SONAME ‘keyring_udf.so’;
• SELECT keyring_key_generate(‘alongpassword’, ‘DSA’, 256);
• ALTER TABLE titles ENCRYPTION = ‘Y’;

Per documentation warning: The keyring_file and keyring_encrypted file plugins are not intended as regulatory compliance solutions. Security standards such as PCI, FIPS, and others require use of key management systems to secure, manage, and protect encryption keys in key vaults or hardware security modules (HSMs).

KEY MANAGEMENT SYSTEMS (KMS)

Credit card and data privacy regulations require that keys are restricted and rotated. If your company collects payment information, it’s likely that your organization already has one a key management system (KMS). These systems are usually software or hardware appliances used strictly for managing your corporate encryption keys. The MySQL Enterprise Edition includes a plugin for communicating directly with the KMS. MySQL is compatible with Oracle Key Vault, SafeNet KeySecure, Thales Vormetric Key Management and Fornetix Key Orchestration.

Introduction to Oracle Key Vault
Oracle Key Vault is optimized for managing Oracle Advanced Security Transparent Data Encryption (TDE) master keys. The…docs.oracle.com

In summary, reconsider if you believe that you’re not storing sensitive data. If using MySQL, capabilities in the latest releases make it possible to encrypt data without changing your application. At the very least, encrypt your data with the key file method (above). Ideally, however; investigate a key management system to also meet regulatory requirements.

via Planet MySQL
You’re not storing sensitive data in your database. Seriously?

by Scott Adams

via Dilbert Daily Strip
Comic for October 07, 2018

There’s a new handgun in the world, and it looks pretty cool. It’s the Laugo Arms Alien, and it’s been making a splash in certain circles of the firearms world. This semi-automatic 9x19mm pistol is apparently aimed at competition shooters, for reasons that will become clear.

Laugo Arms Alien Pistol

The Laugo Arms Czechoslovakia Facebook page has been teasing fans with photos for a while now, and some videos have come to light as well. Some of the more notable features:

• Fixed barrel, which remains in the lower (frame) to significantly reduce muzzle flip (low bore axis).
• The slide doesn’t include the sights — which means the sights remain fixed to the pistol frame.
• Removable top rail can be swapped out quickly to change sights with reliable return to zero.
• Top rail also contains sear and hammer.
• Operates on gas-delayed blowback principle.

This video is only 13 seconds long, and shows how quickly the top rail — which actually contains the sear and hammer, as well as the sights — can be swapped out to quickly change from open to optical sights.

The most thorough video I’ve seen yet is from Polenar Tactical. In it, we see the gun being fired — but more importantly, we see it stripped and reassembled, with an explanation of what makes it so unique.

Laugo Arms Alien Pistol

It begins with a lovely lady shooting the Alien — and the lack of muzzle flip is evident. From there we go to a teardown and explanation of its features, including the low bore axis, gas-delayed blowback action, and the sear & hammer which work from the top instead of the bottom.

This video ends with something I never thought I’d see: Competition pistol shooting while wearing stretchy skinny jeans.

It’s a really neat-looking pistol, and I’d love to put one through its paces. But as of now, they don’t even have an importer lined up as far as we know.

Laugo Arms Alien Pistol

No word yet on what the retail price might be, but they are hoping to release the Alien(!) in 2019.

The post Laugo Arms’ Alien Pistol is Completely Different appeared first on AllOutdoor.com.

via All Outdoor
Laugo Arms’ Alien Pistol is Completely Different

via Laravel News
Akaunting – Free Accounting Software Powered by Laravel

Industrial Design 101: From a UX perspective, you want useful things to be around when you need them, and to disappear when you don’t need them. Occasional-use items that are bulky ought be designed to fold up or break down. The plastic folding sawhorses in my shop are among the most useful items in there.

I wouldn’t have paid for them, however; they were given to me as a gift. Sawhorses are basic enough that you should always DIY rather than buy. You can make a simple pair of folding sawhorses with butt hinges, but if you don’t have any handy, J.G. Dean’s breakdown design is the way to go. His sawhorses are cheap, useful, quick to build and take up a minimum of space.

J.G. Dean

"I can’t claim to have originated this design for sawhorses," Dean writes in his Instructable. "I’ve seen similar ones in workshops and on construction sites for many years, but I believe I’ve made some improvements in their construction and an modification/addition that makes them more useful."

J.G. Dean

These sawhorses are made of inexpensive 2×4 construction grade lumber except for some scrap plywood, and some screws. They set up and knock down quickly and easily to take up a minimum of space, and provide almost as much support for sheet goods as a large work table. 

J.G. Dean

The entire system can easily be built with a table saw in under an hour for about $30 once the cutting jig is made out of some scrap wood. I based all the dimensions here on sawhorses that are 30" tall and 48" wide, which are both taller and wider than most commercial sawhorses. 

J.G. Dean

Since the top edges of the cross pieces are often cut into during use, I’ve found that it’s better to make them easily replaceable.With these, the top surfaces of both sawhorses can be replaced in minutes for generally about $5-6.

J.G. Dean

Check out Dean’s full Instructable here.

via Core77
A Smart Design for Sturdy Space-Saving Sawhorses

There are multiple way to setup replication with MySQL 8.0 and our replication offer as never been so rich: asynchronous, semi-synchronous, group replication, multi-source, … and much more options !

But if you want to setup a very quick Master-Slave environment from scratch for a quick test (you can always use dbdeployer), here are some commands to make it right the first time

Requirements

You need to have MySQL 8.0 installed and running on both servers and with the same initial data (a fresh install for example). Here we use mysql1 and mysql2. We will also use GTID as it’s much more convenient.

Servers Configuration

Let’s setup mysql1 first:

mysql1> SET PERSIST server_id=1; 
mysql1> SET PERSIST_ONLY gtid_mode=ON; 
mysql1> SET PERSIST_ONLY enforce_gtid_consistency=true; 
mysql1> RESTART;

And now mysql2:

mysql2> SET PERSIST server_id=2; 
mysql2> SET PERSIST_ONLY gtid_mode=ON; 
mysql2> SET PERSIST_ONLY enforce_gtid_consistency=true; 
mysql2> RESTART;

Replication User

On mysql1 that will act as master we do:

mysql1> CREATE USER 'repl'@'%' IDENTIFIED BY 'password' REQUIRE SSL; 
mysql1> GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%';

Starting the Slave

And on mysql2, we just configure and start replication:

mysql2> CHANGE MASTER TO MASTER_HOST='mysql1', 
        MASTER_PORT=3306, MASTER_USER='repl', 
        MASTER_PASSWORD='password', MASTER_AUTO_POSITION=1, MASTER_SSL=1;
mysql2> START SLAVE;

Done !

Very easy, and of course don’t forget to check the manual for much more options !

via Planet MySQL
Master-Slave Replication with MySQL 8.0 in 2 mins

The patent system is broken — there are too many ways to list here, really. The problems surrounding prior art are certainly among them, and a team of high profile companies and organizations are joining forces to address some of the these with the Prior Art Archive.

The database is a collaboration between MIT’s Media Lab, Google, Cisco and the United States Patent and Trademark Office, which certainly has the most to gain here. Using the MIT-hosted archive, patent applicants can find easily accessible examples of prior art and other technical information for reference.

“The patent examination process should stop patents from being issued on old or obvious technology,” MIT writes. “Unfortunately, just because technology is old doesn’t mean it is easy for a patent examiner to find. Particularly in the computer field, much prior art is in the form of old manuals, documentation, web sites, etc. that have, until now, not been readily searchable.”

Google also has a blog post detailing its own work with the archive, which mostly revolves around search. The company is also implementing AI and ML technologies to help bolster searches. “To this end,” the company writes, “we’ve recently created an open ecosystem, the Google Patents Public Datasets, to make large datasets available for empirical public policy, economics, and machine learning research.”

via TechCrunch
MIT, Google, Cisco and USPTO create Prior Art Archive for better patents

composer require maatwebsite/laravel-nova-excel

<?php

namespace App\Nova;

use Illuminate\Http\Request;
use Maatwebsite\LaravelNovaExcel\Actions\DownloadExcel;

class User extends Resource
{
    /**
     * The model the resource corresponds to.
     *
     * @var string
     */
    public static $model = 'App\\User';

    // Other default resource methods

    /**
     * Get the actions available for the resource.
     *
     * @param  \Illuminate\Http\Request $request
     *
     * @return array
     */
    public function actions(Request $request)
    {
        return [
            new DownloadExcel(),
        ];
    }
}

via Laravel News
Excel Export for Laravel Nova

Let’s move on to the fun part: connecting to our database. This lesson will introduce a number of new concepts, so pay close attention. We’ll first review environment files. This is where we can store important keys, passwords, and configuration settings. Next, we’ll discuss Laravel migrations: what they are, and why you should use them.

via Laracasts
Databases and Migrations

Opinion by Alex Kincaid

USA – -(AmmoLand.com)- There’s only one thing better than buying a new gun:  Making your own custom firearm at home.

Stick to Alex Kincaid’s “Three Rules for Staying Out of Prison” below, and you stand a good chance of not violating one of the many gun-control laws that can affect well-intentioned, law-abiding Americans.

What are the three rules?

1. Be Selfish:  Build firearms for your personal use
2. Know what you’re buying
3. Know what you’re making

Build for Your Personal Use

The ATF has published an opinion that “Firearms may be lawfully made by persons who do not hold a manufacturer’s license under the Gun Control Act provided they are not for sale or distribution and the maker is not prohibited from receiving or possessing firearms.”

If you start helping other people finish their firearms and, especially, if you take money from them for doing so, you can wind up accused, prosecuted, and convicted of violating the federal Gun Control Act.

On top of it, if you purchase an 80% lower, and pay someone to finish it, the ATF has now said that the person finishing the lower into a firearm must have a federal firearms license to do so.

The safest route to ensure that you are not violating federal (and sometimes, state) law is to only build firearms for your own, personal use. If a friend or family member would like your guidance as they build their own rifle, instruct and assist them as they complete the task, rather than do it for them.

Know What You’re Buying

Just because something is for sale, doesn’t mean it’s legal. Think about drugs or child porn. These items are easily found and bought, but they are not legal. The same goes for firearms parts that you might find on the internet. Some parts, by themselves, may be legal, but depending on how you install them, they may make a firearm illegal.

If you buy a foregrip, is it angled, vertical, or unknown? Our laws distinguish between these different parts, and you can easily violate the federal law known as the National Firearms Act by installing certain parts on an AR-style pistol and turning it into an “any other weapon” or “AOW.”

To make matters worse, if you lawfully purchase parts for your AR rifle and install them in certain states, you may have turned a legal rifle into an illegal “assault weapon” under your state’s laws[read New Jersey], just by adding cosmetic parts. Gun control laws don’t usually make much sense, and these “cosmetic feature” laws are an excellent example of how little sense gun control laws can make. Gun owners know that a flash suppressor, a foregrip, a collapsible stock, and other parts of a rifle don’t make the rifle more deadly, but more states continue to pass “assault weapon” bans, which make adding these parts to a rifle illegal.

So, know what you’re buying and whether the parts are legal in your state.

Know What You’re Making

Do you know if the gun parts and pieces you will be assembling will create a pistol, a rifle, or short-barreled rifle (SBR)?

You need to know the rules before you start your build. Buying a lower receiver is like buying a blank slate. Technically, your lower receiver is your firearm, but before you add parts to it, it is a generic firearm. If you create an SBR by registering your rifle in the NFRTR, you cannot go backwards and turn that same lower receiver into a pistol without processing additional paperwork.

If you create a firearm designed to shoot from your shoulder, you have usually created a rifle. If you create a firearm designed to shoot with one hand, you have usually built a pistol. You can easily turn a pistol into an AOW by adding a vertical foregrip, as stated above.  In some states, if you add certain cosmetic features, you may turn a legal rifle into an illegal “assault weapon.”

If you add a shoulder stock and a barrel that is under 16” in length, you are building an SBR, and you had better pay the $200 tax, put your name on the registry, notify your chief law enforcement officer, send in photographs and fingerprints, and wait 6-9 months to get your approved tax stamp before building this firearm.  If you don’t, you are violating federal law.

If you’re building an NFA firearm – make sure you download a free copy of Alex Kincaids Form 1 Guide.  This guide will walk you through filling out Form 1 with your gun trust name.

Please watch our YouTube channel to hear more about how to build a rifle and stay out of prison. We also recommend a few detailed videos showing you how to insert small part into small part during your build. We like to shop at Brownell’s, where you can watch more how-to build videos on Brownell’s website.

To help you get started on your build journey, click here to check out Brownell’s build list for free. This build list will help you make sure you purchase the essential parts to a non-sporting rifle. It’s essentially a shopping list for your non-sporting rifle build. If you intend to build a firearm that will be subject to the National Firearms Act, be sure to contact us for a gun trust and also, download Alex Kincaids Form 1 Guide for free, which will walk you through the steps of using your gun trust to get your tax stamp for your new NFA firearm.

Assembling An AR-15 Rifle Parts Checklist

Feel free to post pictures of your build in the comments below! We would love to see what other good Americans are up to!  If you have questions, please call us for a free consultation.

---

About Alexandria Kincaid:

Alexandria Kincaid is a former elected District Attorney and the founder of Alex Kincaid Law, a full-service, boutique law firm emphasizing constitutional, criminal, and asset protection (estate and business) law, and boasting the unique specialty of firearms law. Alex Kincaid is hailed the Second Amendment Guru by the American Shooting Journal. Her expertise of the gun laws is relied upon by gun owners, gun businesses, and gun rights organizations across America, and her clients also include well-known firearms and firearms accessories manufacturers. Alex is also the author of “Infringed” the ultimate gun law book, available on Amazon . Or visit www.alexkincaid.com

via AmmoLand.com
How to Stay Out of Prison When Building a Rifle at Home ~ VIDEO & Check Lists