Just another WordPress site
https://theawesomer.com/photos/2023/12/knife_blade_types_t.jpg
Pocket knives come in all kinds of shapes and sizes. Beyond looks, how do you decide on the correct type of blade to buy? Everyday Carry put together this concise guide to blade shapes, and what kind of work they are best suited to. So, if you ever wondered what the difference was between a Wharncliffe and a Hawkbill, they’ve got you covered.
The Awesomer
https://percona.com/blog/wp-content/uploads/2023/11/Screenshot-2023-11-28-at-8.20.24-PM-300×220.png
During an interview or while having general discussions, I have found some funny responses that can be easily classified as “Wrong Answers,” but at times, they’re thought-provoking or involve a deep meaning within. This blog is regarding some of the usual MySQL database conversations and responses, which can appear “wrong” or “funny,” but there’s actually more to them. I will share a selection of such seemingly “wrong” or whimsical responses and take a closer look at the valuable lessons and perspectives they offer.
Let the “MySQL Interview” begin.
Q: How will you improve a slow query?
A: Let’s not execute it at all. A query avoided is a query improved.
While this is a fact, we should carefully consider whether a query is necessary before executing it. Avoiding unnecessary queries and fetching only the required data can significantly optimize the query’s performance.
An approach to improve a query which cannot be avoided will be:
Q: What is your disaster recovery (DR) strategy?
A: We have a replica under our primary database.
Hmm, a replica seems like a straightforward response, but it is not a comprehensive disaster recovery strategy. In reality, relying solely on a replica under the primary server is not sufficient for a robust disaster recovery plan.
In a disaster recovery (DR) strategy, it is essential to consider multiple aspects, naming a few
While having a replica is beneficial for load balancing and read scaling, it does not cover all disaster scenarios.
Q: What about delayed replica?
A: Well, it is our delayed disaster recovery.
“What about delayed replica?” you may ask. Well, it is a delayed disaster-in-waiting. ????
A lot depends on how strong your monitoring strategy is and how fast you can react to the DR call.
The delayed replica surely complements regular real-time replicas by providing an additional layer of DR protection as compared to the active primary. But when disaster strikes and, importantly, is detected within the configured replica-delay, it provides a bit of an easy recovery option. That said, if the delayed replica is hosted on the same infrastructure/data center, it is vulnerable to the same disaster affecting the primary.
It should surely help provide a good backup plan to guard against human error, logical error, data corruption, etc.
Q: What is one of your favourite (and common) security worst practices?
A: Usage of .my.cnf file
The .my.cnf file is typically used to store login credentials for MySQL, allowing users to connect to the database without providing credentials explicitly. We all know that saving plaintext passwords in this file is a significant security risk, as it could lead to unauthorized access if the file system is compromised. The same risk is present while using the password on the command prompt.
Q: What will you do to alter a table sized 10T?
A: Nothing. I will not.
Well, the natural response would be to suggest looking for ONLINE ALTER options using tools like pt-online-schema-change or gh-ost. While those answers seem correct, would you really be able to alter a 10T table? Think about the time and resources required for such an activity. Clearly, 10T is just a number to represent a gigantic table size to give a perspective.
The counter question would be, “Why do you have such a large table in the database?”. Since the size is “terrantic” (terabyte-sized), further growth is highly likely; there should either be an archiving strategy or some change in application logic to have a manageable table size.
Large tables in your production will cost your query performance, cause inefficient reading and writing, slow backup/restores, and introduce challenges in application changes and database upgrades. It is important to understand and monitor the table growth in your system and work on possible table archiving strategies.
The Percona Monitoring and Management dashboard does list the large tables by size, by rows, and even tables that are getting to table-full situations.
Finally, one trivia question, I request that you respond in the comments.
MySQL has a single database object, which is actually double. You can’t see either of them, yet you can query! What is that?
Before concluding, I invite you to share your own playful takes on MySQL-related questions. As we wrap up, let’s emphasize the importance of going beyond the obvious when tackling questions. Sometimes, the right answer requires a deeper dive, and that’s where the true understanding lies. Until next time, happy MySQL-ing!
Percona Database Performance Blog
"Researchers have identified a large number of bugs to do with the processing of images at boot time," writes longtime Slashdot reader jd. "This allows malicious code to be installed undetectably (since the image doesn’t have to pass any validation checks) by appending it to the image. None of the current secure boot mechanisms are capable of blocking the attack." Ars Technica reports: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year’s worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware. The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London.
As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment. "Once arbitrary code execution is achieved during the DXE phase, it’s game over for platform security," researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. "From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started." From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected device — a Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in June — runs standard firmware defenses, including Secure Boot and Intel Boot Guard. LogoFAIL vulnerabilities are tracked under the following designations: CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, and CVE-2023-40238. However, this list is currently incomplete.
"A non-exhaustive list of companies releasing advisories includes AMI (PDF), Insyde, Phoenix, and Lenovo," reports Ars. "People who want to know if a specific device is vulnerable should check with the manufacturer."
"The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday’s coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device. It’s also a good idea, when possible, to configure UEFIs to use multiple layers of defenses. Besides Secure Boot, this includes both Intel Boot Guard and, when available, Intel BIOS Guard. There are similar additional defenses available for devices running AMD or ARM CPUs."
Read more of this story at Slashdot.
Slashdot
https://cdn.arstechnica.net/wp-content/uploads/2023/12/meta_emu_hero_1-760×380.jpg
Enlarge / Three images generated by "Imagine with Meta AI" using the Emu AI model.
Meta | Benj Edwards
On Wednesday, Meta released a free standalone AI image generator website, "Imagine with Meta AI," based on its Emu image synthesis model. Meta used 1.1 billion publicly visible Facebook and Instagram images to train the AI model, which can render a novel image from a written prompt. Previously, Meta’s version of this technology—using the same data—was only available in messaging and social networking apps such as Instagram.
If you’re on Facebook or Instagram, it’s quite possible a picture of you (or that you took) helped train Emu. In a way, the old saying, "If you’re not paying for it, you are the product" has taken on a whole new meaning. Although, as of 2016, Instagram users uploaded over 95 million photos a day, so the dataset Meta used to train its AI model was a small subset of its overall photo library.
Since Meta says it only uses publicly available photos for training, setting your photos private on Instagram or Facebook should prevent their inclusion in the company’s future AI model training (unless it changes that policy, of course).
AI-generated images of "a muscular barbarian with weapons beside a CRT television set, cinematic, 8K, studio lighting" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "a cat in a car holding a can of beer" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "a flaming cheeseburger" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "a photorealistic Mickey Mouse on the moon in a spacesuit" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "a handsome man" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "the ultimate gaming PC with 1,000 RGB lights" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "a man holding a sign that says ‘Ars Technica’" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of a complex prompt involving Christmas stockings and a cave created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "photorealistic vintage computer collector nerd in a computer lab, bright psychedelic technicolor swirls" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "an embroidered Santa Claus" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "A teddy bear on a skateboard" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
AI-generated images of "a beautiful queen of the universe" created by Meta Emu on the "Imagine with Meta AI" website.
Meta | Benj Edwards
Similar to Stable Diffusion, DALL-E 3, and Midjourney, Imagine with Meta AI generates new images based on what the AI model "knows" about visual concepts learned from the training data. Creating images using the new website requires a Meta account, which can be imported from an existing Facebook or Instagram account. Each generation creates four 1280×1280 pixel images that can be saved in JPEG format. Images include a small "Imagined with AI" watermark logo in the lower left-hand corner.
"We’ve enjoyed hearing from people about how they’re using imagine, Meta AI’s text-to-image generation feature, to make fun and creative content in chats," Meta says in its news release. "Today, we’re expanding access to imagine outside of chats, making it available in the US to start at imagine.meta.com. This standalone experience for creative hobbyists lets you create images with technology from Emu, our image foundation model."
We put Meta’s new AI image generator through a battery of low-stakes informal tests using our "Barbarian with a CRT" and "Cat with a beer" image synthesis protocol and found aesthetically novel results, as you can see above. (As an aside, when generating images of people with Emu, we noticed many looked like typical Instagram fashion posts.)
We also tried our hand at adversarial testing. The generator appears to filter out most violence, curse words, sexual topics, and the names of celebrities and historical figures (no Abraham Lincoln, sadly), but it allows commercial characters like Elmo (yes, even "with a knife") and Mickey Mouse (though not with a machine gun).
Meta’s model generally creates photorealistic images well, but not as well as Midjourney. It can handle complex prompts better than Stable Diffusion XL, but perhaps not as well as DALL-E 3. It doesn’t seem to do text rendering well at all, and it handles different media outputs like watercolors, embroidery, and pen-and-ink with mixed results. Its images of people seem to include diversity in ethnic backgrounds. Overall, it seems about average these days in terms of AI image synthesis.
Ars Technica – All content
https://media.notthebee.com/articles/656f7d638aa28656f7d638aa29.jpg
I hate to tell you, but you guys aren’t doing your job.
Not the Bee
https://www.thefirearmblog.com/blog/wp-content/uploads/2023/11/intro02-180×180.png
Additive Manufacturing, more commonly known as 3D Printing, is becoming increasingly mainstream in the production of firearms components and accessories. We’ve already seen commercial attempts at manufacturing polymer 3D-printed suppressors and now, thanks to Forerunner 3D Printing, we can see how 3D-printed nylon survives a couple of hundreds of rimfire rounds. More 3D Printed Silencers […]
The post Destructive Testing of a 3D-Printed Nylon Suppressor appeared first on The Firearm Blog.
The Firearm Blog
https://theawesomer.com/photos/2023/12/weird_airplanes_peter_sripol_t.jpg
Peter Sripol is no stranger to making unusual aircraft. In this video, he builds and tests out three weird designs for airworthiness, including a plane with a fuselage made from springs, a propeller that works like a tank tread, and a ridiculous set of wings that resemble Venetian blinds.
The Awesomer
https://picperf.io/https://laravelnews.s3.amazonaws.com/featured-images/pulse.jpg
Laravel Pulse is a brand new free and open source performance monitoring and insights tool for Laravel applications. It was announced at Laracon AU 2023 by Jess Archer from the Laravel core team.
Laravel Pulse gives you an aggregate view of performance data for your Laravel app. It tracks metrics like:
Pulse was designed specifically for Laravel and knows about all the core components like queues, events, mail, notifications, caching, and more.
It collects the minimal amount of data needed to display helpful insights. The data is saved locally so you maintain full control.
Laravel Pulse is self-hosted and works anywhere Laravel runs – VPS, Laravel Forge, Vapor, etc. It has a responsive UI with light and dark modes.
And best of all, it’s completely free and open source! Big thanks to Taylor Otwell for making this possible.
Some may be wondering how Pulse compares to Laravel Telescope, another debugging tool for Laravel.
Telescope is great for local development as it records extensive request data like all queries and events. But this high level of detail makes it less ideal for production.
Laravel Pulse provides high level aggregate data so it’s lean and production-ready. It won’t replace error trackers, but augments them nicely.
At Laracon AU, Jess Archer did an interactive live demo of Laravel Pulse using the audience’s phones!
The audience acted as flight admins for a fictional Acme Airlines app. They could perform actions like:
Meanwhile, Jess showed how Laravel Pulse tracked these actions in real-time on a dashboard.
Here’s a recap of some highlights:
The Application Usage card shows:
This gives insight into who is using your app and any performance issues they face.
The Slow Routes card shows any application routes that exceed a configured threshold (1 second default).
It displays the route name and action method so you can pinpoint the slow code.
The Slow Jobs card is similar, displaying queued jobs exceeding a threshold. It shows the job class name and location.
Failed jobs that retry will increment the count each time so you can spot problem jobs.
The Slow Queries card reveals queries over a threshold. It only shows the SQL without bindings so it:
You can optionally disable locations to further aggregate results.
The Exceptions card tracks exceptions thrown including location, count, and last occurrence.
You can also sort by most recent exceptions.
The Cache card tracks cache key usage, along with hits and misses to the cache.
It will make no assumptions about your keys, but allows regrouping and rolling-up of collected data if you need a more generalised view of the data.
Laravel’s HTTP client usage is tracked in Outgoing Requests. You can see slow external requests your app makes.
The demo used a regex in the config file to condense unique URLs into a generalised domain name, similar toe cache data.
The Pulse blade file can be published and customized. For example, you can:
You can also create your own custom cards to display business-specific metrics. The demo included a "Flights" card showing tickets sold, revenue, delays, and top sellers.
Pulse collects minimal data and can handle heavy production workloads. Larave Forge runs it for 2 million requests/day with no sampling needed.
By default, Pulse saves request data to your database after the response is sent. Some options to scale:
Laravel Pulse is expected to launch in the next week or so. It will be a composer require away. Stay tuned for the official release!
Laravel Pulse provides easy insights into your Laravel app’s performance and usage. Its customizability and minimal overhead makes it a great open source addition for any Laravel project.
Big thanks to the entire Laravel team for another amazing free tool for the community!
The post Announcing Laravel Pulse – A New Performance Monitoring Tool for Laravel Apps appeared first on Laravel News.
Join the Laravel Newsletter to get all the latest Laravel articles like this directly in your inbox.
Laravel News
https://blog.meilisearch.com/content/images/size/w1200/2023/11/laravel_meili_test.jpg
In this guide, we will see how to use the search functionality in Laravel 10. We’ll start with by introducing the benefits of full-text search. Then, we’ll walk you through setting up full-text search in your Laravel application.
In traditional SQL or NoSQL databases, queries find results exactly matching given criteria. Conversely, full-text search queries can match some or all of a text query with the database’s content. So essentially, full-text search can provide results even in case of partial matches.
When building user-facing search interfaces, full-text search is empowering for users. Tolerance to typos, prefix search, and synonyms help them get results more quickly. It improves discoverability when users do not know what they’re looking for.
Laravel comes with out-of-the-box full-text search capabilities via Laravel Scout.
To enable it, navigate to your Laravel application directory and install Scout via the Composer package manager:
composer require laravel/scoutAfter installing Scout, you should publish the Scout configuration file. You can do this by running the following artisan command:
php artisan vendor:publish --provider="Laravel\Scout\ScoutServiceProvider"This command should create a new configuration file in your application directory: config/scout.php.
Let’s configure Laravel Scout to use the Meilisearch driver. Meilisearch is an open-source search engine built in Rust. This will allow to get the best full-text search performance. Indeed, the database driver comes with limitations inherent to SQL databases.
First, install the dependencies required to use Scout with Meilisearch via Composer:
composer require meilisearch/meilisearch-php http-interop/http-factory-guzzleThen, update the environment variables in your .env file:
SCOUT_DRIVER=meilisearch
# Use the host below if you're running Meilisearch via Laravel Sail
MEILISEARCH_HOST=http://meilisearch:7700
MEILISEARCH_KEY=masterKeyLaravel’s official Docker development environment, Laravel Sail, comes with a Meilisearch service out-of-the-box. Please note that when running Meilisearch via Sail, Meilisearch’s host is http://meilisearch:7700.
For production use cases, we recommend using a managed Meilisearch via Meilisearch Cloud. On Meilisearch Cloud, you can find your host URL in your project settings.
With Scout installed and configured, just add the Laravel\Scout\Searchable trait to your Eloquent models to make them searchable. This trait will use Laravel’s model observers to keep the data in your model in sync with Meilisearch.
Here’s an example model:
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
use Laravel\Scout\Searchable;
class Contact extends Model
{
use Searchable;
}You can use the toSearchableArray method to configure which fields to store in Meilisearch. This notably enables storing a model and its relationships’ data in the same document.
The example below shows how to store a model’s relationships data in Meilisearch:
<?php
namespace App\Models;
use App\Models\Company;
use Laravel\Scout\Searchable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
class Contact extends Model
{
use Searchable;
public function company(): BelongsTo
{
return $this->belongsTo(Company::class);
}
public function toSearchableArray(): array
{
// All model attributes are made searchable
$array = $this->toArray();
// Then we add some additional fields
$array['organization_id'] = $this->company->organization->id;
$array['company_name'] = $this->company->name;
$array['company_url'] = $this->company->url;
return $array;
}
}
Meilisearch allows you to perform advanced filtering and sorting on your search results. Choose which attributes are filterable and sortable via your Meilisearch index settings.
Configure your Meilisearch index settings via the config/scout.php file:
<?php
use App\Models\Contact;
return [
// additional configuration...
'meilisearch' => [
'host' => env('MEILISEARCH_HOST', 'http://localhost:7700'),
'key' => env('MEILISEARCH_KEY'),
'index-settings' => [
Contact::class => [
'filterableAttributes' => ['organization_id'],
'sortableAttributes' => ['name', 'company_name']
],
],
],The example above updates Meilisearch index settings for the Contact model:
organization_id field filterablename and company_name fields sortableUpdate your Meilisearch index settings by running the following Artisan command:
php artisan scout:sync-index-settingsWe built a demo application to give you a feel of what full-text search looks like in a Laravel application. This demo showcases an app-wide search in a CRM (Customer Relationship Management) application.
This demo application uses the following search features:
The code is open-sourced on Github. ????
???? Check out the repository: https://github.com/meilisearch/saas-demo
We hope this guide helped to understand the importance of full-text search and how to implement it with Laravel. For more information, read the Laravel Scout and Meilisearch docs.
Meilisearch is an open-source search engine with intuitive developer experience to build user-facing search. You can self-host it or get a premium experience with Meilisearch Cloud.
For more things Meilisearch, you can join the community on Discord or subscribe to the newsletter. You can learn more about the product by checking out the roadmap and participating in product discussions.
Laravel News Links
https://media.notthebee.com/articles/6568ab08cfa946568ab08cfa95.jpg
Why didn’t the fathers of these stunning and brave citizens teach them how to drive a manual?
Not the Bee