Best Practices to Secure Your MySQL Databases

Author: Robert Agar

MySQL is one of the most popular database platforms in the world. It is widely used to power eCommerce sites and web applications that are essential components of many companies’ business strategies. MySQL databases are often the repository for sensitive customer data gathered while conducting business as well as information regarding internal processes and personnel.

An organization’s databases are responsible for storing and manipulating the information required to keep it operating and competing effectively in their market. They are critically important to a company’s success and need to be guarded and kept secure. The database team comprises an enterprise’s first line of defense and is responsible for implementing security policies and standards that minimize the chances for the systems to be accessed by unauthorized users or exposed to malicious malware.

One of the challenges facing DBAs is the proliferation of multiple-platform environments that they are expected to successfully manage. While some security measures are transferable between competing databases, there are variations that can make securing their systems challenging when bouncing from platform to platform. Let’s take a look at some of the steps a MySQL DBA should be taking to ensure the security of their databases.

Hardening the Database

Hardening a computer system is a means of protecting it from risks and threats with a multi-layered approach. Each layer, such as the host, application, user, and physical requires different methods to ensure security. Here are some specific steps to take that will harden your MySQL server. When modifying the my.cnf file, you will need to restart MySQL for the changes to be implemented.

Encrypting connections – MySQL network connections are not encrypted by default. This needlessly exposes your data and should be addressed by enforcing network connection encryption.

Setting a connection error limit – Multiple unsuccessful authentications may indicate an attack by unauthorized users. Allowing for a reasonable number of incorrect attempts can be done with the max_connect_errors parameter in the my.cnf file.

Disable the SHOW DATABASES command – This command can be used by attackers to identify the available databases in preparation for an attack. You can disable the command by inserting the skip-show-database line to the mysqld section of the configuration file.

Run the MySQL hardening script – Running the hardening script included with MySQL will lead you through a series of questions that help you set the level of hardening for your system. Execute the script with the mysql_secure_installation command.

Additional Security Measures

While the steps outlined above to harden your MySQL systems are an important start, there are many other ways to strengthen the security of your databases. Here are some of them.

Change the default port and account – By default, MySQL runs on port 3306 using the superuser “root” account. The default port should be changed in the configuration file to make your database less susceptible to random cyberattacks. The recommended method of dealing with the root account is to create a new superuser account and to eliminate all root@ accounts.

Tightly control database access – Fewer is better when it comes to users permitted to access a database. Permissions should be managed using groups or roles and the minimum privileges required to do a job should be granted to any individual.

Auditing and monitoring database activity – This is an essential task that can alert you to a number of security violations or flaws. Monitoring can help identify compromised accounts or those conducting suspicious activities. Periodically auditing your systems will show if accounts have been created outside of the normal workflow, perhaps by a hacker.

Maintaining Secure MySQL Instances

SQL Diagnostic Manager for MySQL offers a platform from which you can monitor and audit your database instances to ensure they remain secure. It provides over 600 pre-built monitors with the ability to give you real-time insight into your system’s performance. Monitored data can be displayed in customizable dashboards making it easy to identify and address problems promptly.

Managing user access and finding problematic trends can be accomplished by focusing the information available through the tool’s audit log. It lets you quickly see failed logins and events as well as changes made to the database. The data gained from studying these logs can help you discover potential security flaws and better protect your systems and the critical data they contain. It’s a powerful tool that should be part of all MySQL DBAs software repertoire.

The post Best Practices to Secure Your MySQL Databases appeared first on Monyog Blog.

via Planet MySQL
Best Practices to Secure Your MySQL Databases

University of Washington once again named world’s most innovative public university

Cherry blossoms in full bloom at the University of Washington. (GeekWire Photo / Taylor Soper)

For the third year in a row, the University of Washington has won the title of the world’s most innovative public university, according to an annual ranking by Reuters and Clarivate Analytics. The institution also ranked No. 5 among all universities, public and private, with Stanford taking the top spot.

The list considered factors including patent filings and research paper citations to determine which educational institutions did the most to “advance science, invent new technologies and power new markets and industries.” The U.S. dominated the list overall, with 46 of the top 100 institutions.

Here are the top 10 most innovative public and private universities:

  1. Stanford University (USA)
  2. Massachusetts Institute of Technology (USA)
  3. Harvard University (USA)
  4. University of Pennsylvania (USA)
  5. University of Washington (USA)
  6. University of North Carolina Chapel Hill (USA)
  7. KU Leuven (Belgium)
  8. University of Southern California (USA)
  9. Cornell University (USA)
  10. Imperial College London (UK)

UW filed a total of 561 patents between 2012 and 2017, a third of which were granted. It also received a high score for commercial research and development, which is measured by academic papers cited in patent filings. The institution is home to nearly 58,000 students and 7,000 staff, with campuses in Seattle, Tacoma and Bothell.

Over the past decade, UW has consistently brought in more than 2 percent of federal research funding, more than any other public university. In 2017, the university’s grant and contract award funding reached a peak of $1.6 billion.

In its ranking, Reuters noted a recent project in which UW and UCLA researchers created an artificial intelligence system that can diagnose breast cancer, in some cases better than trained physicians.

The success of Redmond, Wash.-based Microsoft — and co-founders Bill Gates and Paul Allen — has had a huge impact on the university’s success through philanthropic donations that helped to establish the Paul G. Allen School of Computer Science and the Bill and Melinda Gates Center, which opened earlier this year thanks to contributions from individuals and local tech companies such as Microsoft, Amazon, Zillow, and Google, which has a large engineering presence in the region.

Other regional business magnates have been influential as well. Earlier this month, the school announced plans for a center focused on brain disorders, made possible thanks to a $50 million gift from Lynn and Mike Garvey, owners of transportation and distribution company Saltchuk.

The Bill & Melinda Gates Center opened this year, helping increase capacity for the UW’s top computer science school. (GeekWire Photo / Taylor Soper)

The university, which ranked No. 10 on a separate list for best global universities, is also a primary reason why researchers from the Allen Institute for Artificial Intelligence (AI2) think Seattle will see “unprecedented acceleration in high-tech startup creation” in the coming years.

“More than 20 companies have been founded by Allen School faculty in recent years in areas as diverse as machine learning, m-health, backscatter communication, wireless power, computer security, educational technology, and surgical imaging — and many more companies have been founded by alums,” wrote AI2 researchers Jacob Colker and Oren Etzioni.

The most recent example of this trend is OctoML, a UW spinout that recently raised $3.9 million for a platform that acts as an operating system for machine learning models.

The UW is also home to CoMotion, the university’s startup incubator and collaborative innovation hub, and in 2016 debuted GIX, a U.S.-China joint technology institute that launched in partnership with China’s Tsinghua University and Microsoft.

Read the study’s full methodology here.

via GeekWire
University of Washington once again named world’s most innovative public university

Here Are 2019’s Most Awful Halloween Costumes

Spooky times are back, and you know what that means: ‘Tis the season for bad Halloween costumes! Cosplay and nerd culture have become more mainstream and while that means some awesome costumes, so too do we see an increase in badly made knockoffs. Some of them are supposed to be “sexy,” others funny, but they usually end up just being plain bad. We’re looking at the worst of the worst of 2019.

I said this last year, but it bears repeating: This is not about defining what constitutes a good or bad “sexy” costume. Halloween is a great time to celebrate your sexuality and have fun with fashion—as is any time of year, for that matter. Rather, we’re here to look at the ridiculous, the laughable, and the offensive. In other words, the best of the worst borderline copyright infringement that the folks at Yandy, ForPlay, and beyond have bestowed on us for this year’s All Hallow’s Eve.


Nicest Neighbor.
Image: Yandy

The ‘Winner’

Nicest Neighbor

Much in the vein of that Bob Ross aka “Happy Tree Painter” costume, Yandy has decided to sexify Mister Rogers’ Neighborhood with “Nicest Neighbor” (Yandy), complete with a red belly sweater, shorts, and a stiff necktie that isn’t even attached to a shirt (puppets not included). Excuse me, but Fred Rogers was already sexy enough on his own.


Miss Impeachment, Beyond Burger, Sold Out Chicken Sandwich, Tater Thot
Image: Yandy

Ooh, That’s Topical

Miss Impeachment | Beyond Burger | Sold Out Chicken Sandwich | Tater Thot

That’s right, we’re back with another round of oh-so-topical Halloween costumes! After all, “Sexy Op-Ed Anonymous” is soooo 2018. This year, it was mostly food-related costumes—I’m guessing because we all stuffed our faces to try and survive this horrible year. We’ve got “Beyond Burger” (Yandy) and “Sold Out Chicken Sandwich” (Yandy), along with a delightful pun stuck on a disappointing costume with “Tater Thot” (Yandy). But if you still want to get political, we’ve got “Miss Impeachment” (Yandy) a tribute to…nice butts and systemic justice?


Galaxy Trooper, Human Space Scavenger, Universe Warrior, Dark Star Lady
Image: Yandy

Nothing But…Space Battles

Galaxy Trooper | Human Space Scavenger | Universe Warrior | Dark Star Lady

The Skywalker saga is finally coming to an end this year with Star Wars: The Rise of Skywalker. Why not celebrate with the finest pieces of borderline copyright infringement with these totally-not-Star Wars Halloween costumes? The “Galaxy Trooper” (Yandy) outfit looks all right enough, were it not for it having the solar system’s worst fake helmet. Then there’s “Human Space Scavenger”(Yandy)—not to be confused with all those non-human ones—as well as the absolutely ridiculous “Universe Warrior” (Yandy).

All of that said, I’m kinda digging the fake Darth Vader costume… except for the fact that it looks cheap as hell and it’s called “Dark Star Lady” (Yandy). Like, come on, that’s just silly.


Future Is Female, I’m Blue Alien, Blast Off
Image: Yandy, ForPlay

Space, the Weirdest Frontier

Future Is Female | I’m Blue Alien | Blast Off

There were enough fake Star Wars costumes to warrant their own category, but I still had a few extra spacey outfits that simply had to be mentioned. You can be a possibly radioactive weirdo with “I’m Blue Alien” (Yandy). Then there’s “Blast Off” (ForPlay), an astronaut costume that says it’s based on a “movie character” but for the life in me I can’t figure out which one. The one on the left is called “Future Is Female” (Yandy) and it made me want to die.


Defiant Doll, It’s a Wrap, Bone Daddy, Dream Killer, Got The Juice
Image: Yandy, ForPlay, Leg Avenue

Scary (But Not Really)

Defiant Doll | It’s a Wrap | Bone Daddy | Dream Killer | Got The Juice

It’s time to get spoooooooky! Except no, not really. “It’s a Wrap” (ForPlay) handled the mummy game while “Got the Juice” (ForPlay) channeled not-Beetlejuice…except both of them are wearing these weird half-pants that can’t look or feel good after walking around all right. “Dream Killer” (ForPlay) is overall bad but gets a pass for having a creepy meat skin hoodie. Then, for those wanting to be creepy in completely uncomfortable ways, there’s the sexified Annabelle of “Defiant Doll” (Yandy).

Finally, there’s the bone guy. A big trend in costumes this year is folks dressing up like skeletons. No surprise, it’s a universally flattering look and really brings out the inner self (get it?). That doesn’t mean all the costumes are good, though. There are plenty of bad skeleton looks. But I’ve gotta be honest: The main reason I picked this one is because it’s called “Bone Daddy” (Leg Avenue) and I just couldn’t help myself.


Hear Me Roar, Anime School Girl, Heartless Tin, Despicable Human, Scary Scoops
Image: Yandy, Starline

Cute (But Not Really)

Hear Me Roar | Anime School Girl | Heartless Tin | Despicable Human | Scary Scoops

This one is a bit of a hodge-podge, but it’s mostly things that are normally designed to look cute but in this case, are anything but. The Wizard of Oz hath returned (following ForPlay’s 2018 costume set) with “Hear Me Roar” (Yandy) and “Heartless Tin” (Yandy)—although I couldn’t find a sexy male Dorothy anywhere! Otherwise, there’s the childhood-ruining “Despicable Human” (Yandy) or “Anime School Girl” (Starline) which is making choices with the Sailor Moon-inspired getup. Finally, the cosplay of the year with Stranger Things’ sailor suit, this time going by “Scary Scoops” (Yandy). After all, nothing is scarier than minimum wage.


Ghost Hunter, Super Suit, Vile Villain, Space Soldier, Femme Fatale Warrior
Image: Yandy, ForPlay

Superher-Oh No

Ghost Hunter | Super Suit | Vile Villain | Space Soldier | Femme Fatale Warrior

Most of these costumes are to be expected. The Ghostbusters “Ghost Hunter” (Yandy), the Captain Marvel “Space Soldier” (ForPlay), and Black Panther’s “Femme Fatal Warrior” (Yandy)… complete with a truly terrible name. Even the weird mesh “Super Suit” (Yandy) that turns The Incredibles into some seriously kinky shit. But I just wanted to point out one thing: “Vile Villain” (Yandy), the newest incarnation of the Joker ensemble, costs $72. How? And why? Just go to Goodwill, folks. You can find like 40 leisure suits there.


Cuddle Dream Gamer, Ken, Ryu, Mushroom Damsel
Image: Starline, ForPlay

Greetings Fellow Gamers

Cuddle Dream Gamer | Ken | Ryu | Mushroom Damsel

Shout-out to my gamer squad!!! We’ve got the “Cuddle Dream Gamer” (Starline) and our favorite “Mushroom Damsel” (Starline). And then, the Street Fighter duo themselves, Ryu (ForPlay) and Ken (ForPlay). Hint hint: Best couples costume ever, maybe?


Vengeful Creature, A Whole New World, Island Princess, Desert Prince, Beautiful Belle
Image: Yandy, ForPlay, Leg Avenue

Legally Not Disney

Vengeful Creature | A Whole New World | Island Princess | Desert Prince | Beautiful Belle

Why is it that fake Disney costumes are always the worst? “Vengeful Creature” (Yandy) looks like she has a bag of poop on her head, while “Desert Prince” (Leg Avenue) might as well be carrying a load around in those pants. You’ve got “A Whole New World” (Yandy) donning a shower curtain on her legs and “Beautiful Belle” (Yandy) in a weird crimp skirt that I can’t imagine looks good on anyone. But I’m especially weirded out by “Island Princess” (ForPlay) Moana was, like, definitively underage. I don’t want to see Moana’s underboobs.


Frozen Queen, Alice In Chains, Sleeping Beauty, Naughty Red Riding Hood
Image: Harmonia Costumes

Still Not Disney

Frozen Queen | Alice In Chains | Sleeping Beauty | Naughty Red Riding Hood

These costumes come from Harmonia, a site that normally specializes in outfits to wear to Burning Man or Coachella. So it’s no surprise that these costumes, which tend to go for hundreds of dollars, feel like they’d be more at home in a fancy rave than at your friend’s Halloween party. On one hand, they’re clearly well made. On the other, they’re making some weird choices.


The Chosen One, To Infinity Space Ranger, Playtime Sheriff, Bo Peep This
Image: ForPlay

Totally Not Disney Trust Us You Guys (Also WTF)

The Chosen One | To Infinity Space Ranger | Playtime Sheriff | Bo Peep This

So, these exist now. All ForPlay.


For more, make sure you’re following us on our Instagram @io9dotcom.

via Gizmodo
Here Are 2019’s Most Awful Halloween Costumes

GIF Reveals how Charlie Chaplin Performed a “Dangerous” Stunt with Camera Trickery

In the 1936 movie Modern Times, a blindfolded Charlie Chaplin rollerskates around on the fourth floor of an under-construction department store. As he skates backwards and hits the staircase trim, he nearly topples to his death.

By reconstructing the entire scene in CG, this GIF reveals the camera trick–called a "glass shot," as that’s what the painting substrate is–the filmmakers used to pull the shot off and keep Charlie safe:

How’s that for clever?


via Core77
GIF Reveals how Charlie Chaplin Performed a “Dangerous” Stunt with Camera Trickery

Databricks announces $400M round on $6.2B valuation as analytics platform continues to grow

Databricks is a SaaS business built on top of a bunch of open-source tools, and apparently it’s been going pretty well on the business side of things. In fact, the company claims to be one of the fastest growing enterprise cloud companies ever. Today the company announced a massive $400 million Series F funding round on a hefty $6.2 billion valuation. Today’s funding brings the total raised to almost a $900 million.

Andreessen Horowitz’s Late Stage Venture Fund led the round with new investors BlackRock, Inc., T. Rowe Price Associates, Inc. and Tiger Global Management also participating. The institutional investors are particularly interesting here because as a late-stage startup, Databricks likely has its eye on a future IPO, and having those investors on board already could give them a head start.

CEO Ali Ghodsi was coy when it came to the IPO, but it sure sounded like that’s a direction he wants to go. “We are one of the fastest growing cloud enterprise software companies on record, which means we have a lot of access to capital as this fundraise shows. The revenue is growing gangbusters, and the brand is also really well known. So an IPO is not something that we’re optimizing for, but it’s something that’s definitely going to happen down the line in the not-too-distant future,” Ghodsi told TechCrunch.

The company announced as of Q3 it’s on a $200 million run rate, and it has a platform that consists of four products, all built on foundational open source: Delta Lake, an open-source data lake product; MLflow, an open-source project that helps data teams operationalize machine learning; Koalas, which creates a single machine framework for Spark and Pandos, greatly simplifying working with the two tools; and, finally, Spark, the open-source analytics engine.

You can download the open-source version of all of these tools for free, but they are not easy to use or manage. The way that Databricks makes money is by offering each of these tools in the form of Software as a Service. They handle all of the management headaches associated with using these tools and they charge you a subscription price.

It’s a model that seems to be working, as the company is growing like crazy. It raised $250 million just last February on a $2.75 billion valuation. Apparently the investors saw room for a lot more growth in the intervening six months, as today’s $6.2 billion valuation shows.


via TechCrunch
Databricks announces $400M round on $6.2B valuation as analytics platform continues to grow

A Laravel package to retrieve visitors’ information

Laravel Visitor

this is a laravel package to extract and access visitors’ information such as browser, ip, device and etc.

in this package, you can recognize online users and determine if a user is online or not

Install

via composer

composer require shetabit/visitor

Configure

If you are using Laravel 5.5 or higher then you don’t need to add the provider and alias.

# In your providers array. 'providers' => [  ...  Shetabit\Visitor\Provider\VisitorServiceProvider::class, ],  # In your aliases array. 'aliases' => [  ...  'Visitor' => Shetabit\Visitor\Facade\Visitor::class, ],

then, run the below commands to publish migrations and create tables

php artisan vendor:publish php artisan migrate

How to use

you can access to visitor's information using $request->visitor() in your controllers , and you can access to the visitor’s information using visitor() helper function any where.

we have the below methods to retrieve a visitor’s information:

  • device : device’s name
  • platform : platform’s name
  • browser : browser’s name
  • languages : langauge’s name
  • ip : client’s ip
  • request : the whole request inputs
  • useragent : the whole useragent
  • isOnline : determines if current (or given) user is online
$request->visitor()->browser(); // firefox $request->visitor()->visit($post); // create log for post $request->visitor()->setVisitor($user)->visit($post); // create a log wich says $user has visited $post

Store Logs

you can create logs using the visit method like the below

visitor()->visit(); // create a visit log

use Shetabit\Visitor\Traits\Visitable trait in your models, then you can save visit’s log for your models like the below

// or you can save log like the below visitor()->visit($model); // or like the below $model->createVisitLog();  // you can say which user has visited the given $model $model->createVisitLog($user); // or like the below visitor()->setVisitor($user)->visit($model); 

model views can be loaded using visits relation. you can count model visits like the below

$model->visitLogs()->count();

use Shetabit\Visitor\Traits\Visitor in your User class, then you can run below codes

$user->visit(); // create a visit log $user->visit($model); // create a log which says, $user has visited $model

Retrieve and Determine Online users

use Shetabit\Visitor\Traits\Visitor in your User class at first.

then you can retrieve online users which are instance of User class and determine if a user is online.

visitor()->onlineVisitors(User::class); // returns collection of online users User::online()->get(); // another way  visitor()->isOnline($user); // determines if the given user is online $user->isOnline(); // another way

Automatic logging

your application can store visitor’s log automatically using LogVisits middleware.

add the Shetabit\Visitor\Middlewares\LogVisits middleware if you want to save logs automatically.

the middleware will store logs for models which has binded in router (router model binding) and has used Shetabit\Visitor\Traits\Visitable trait.

via Laravel News Links
A Laravel package to retrieve visitors’ information

There are 3 types of arrogance

A man with a beard and glasses crosses his arms and looks over his shoulder while standing against a blue wall

Researchers have created a new way to classify arrogance on different levels across a spectrum.

“We were surprised at the limited amount of modern research we found on arrogance,” says Nelson Cowan, professor of psychological sciences at the University of Missour, says of the findings. “Furthermore, we found it didn’t all come from one specific area. So we created a one-stop resource to inspire further research, including, but not limited to, possible medical diagnoses of personality disorders.”

The team acknowledges everyone seems to have some degree of arrogance, so in addition to the literature review, the researchers suggest a way to classify the different levels of arrogance a person could exhibit.

A pyramid shows the three types of arrogance as parts of a pyramid containing different behaviors. Individual arrogance consists of distorted information and limitations in abilities, overestimation of one's information and abilities, and resistance to new information about one's limits. Comparative arrogance consists of a failure to consider the perspectives of others, and belief or assumption of superiority. Antagonistic arrogance consists of the denigration of others.
The research team devised a system that identifies three types of arrogance. (Credit: U. Missouri)

The team devised a system that identifies three types of arrogance:

  • Individual arrogance—an inflated opinion of one’s own abilities, traits, or accomplishments compared to the truth.
  • Comparative arrogance—an inflated ranking of one’s own abilities, traits, or accomplishments compared to other people.
  • Antagonistic arrogance—the denigration of others based on an assumption of superiority.

The three levels provide a foundation for future descriptions of arrogance.

“Our system cannot offer a complete scientific understanding, rather it is intended to provide an analytical perspective on arrogance to help guide future psychological research,” Cowan says. “It could be applied to all types of relationships, such as interpersonal relationships, or even dialogues between nations and political groups.”

The review appears in the Review of General Psychology. Funding for the work came from a NIAAA grant. The content is solely the responsibility of the authors and does not necessarily represent the official views of the funding agencies.

Source: University of Missouri

The post There are 3 types of arrogance appeared first on Futurity.

via Futurity.org
There are 3 types of arrogance