Secure your MySQL setup

This was going to go into a Lazy Reading post, but then I realized it shouldn’t.  Here’s the source: “A Tragically Comedic Security Flaw in MySQL” (via)

The short version: MySQL, compiled a certain way, will allow 1 out of 256 root login attempts to work no matter what.  I was going to link to this for the startlingly large number of MySQL installations found allowing connections from the public Internet, which means breaking into any affected servers would be easy.  Then I thought about it…  I don’t see a my.cnf installed by pkgsrc for at least MySQL 5.1 by default.

To fix this for your own installation, put

[mysqld]
bind-address=127.0.0.1

in /usr/pkg/etc/my.cnf to disallow remote connections.  I don’t know if MySQL on DragonFly from pkgsrc is vulnerable to the issue, but it’s a good idea to not allow remote connections to the database, and ought to be on by default.

Or just use Postgres, if possible.

 

Lazy Reading for 2012/06/10

I got to use the ‘roguelike’ tag again this week, which always makes me happy.  Surprisingly, it’s not about… that roguelike.

Your unrelated link of the week: I happen to work at a salt mining operation, which leads to some unique problems (more).  Mining in the US is regulated by MSHA, which has been cracking down since the Upper Big Branch incident. MSHA issues  ‘fatalgrams‘ every time a miner dies.  MSHA also shows up on site as soon as possible, which means they are there taking pictures within a few minutes, with equipment still running.  It’s essentially crime scene photos, and a little worrying; many of the deaths are of people around my age with similar experience.

GNU utilities, correctly named

There’s a number of packages out there that assume you are using the GNU versions of ls, wc, and so on.  However, you aren’t when using a BSD system.  Pkgsrc has historically dealt with this when GNU tools are needed for a package by prefixing them with a ‘g’.  ‘ls’ becomes ‘gls’, and so on.  Aleksey Cheusov proposed a fix to keep these utilities under their original names, which I think will go into the next quarterly pkgsrc release.

Pkgsrc removal policy set out

Pkgsrc packages that have source files that can’t be redistributed, and go missing for the length of an entire quarterly release, will get removed.  They are effectively broken at that point anyway.

That policy is now formally in place; I don’t think there was a clear prescription before.

Lazy Reading for 2012/05/06

Drowning in links this week.  Is that so bad?  No.

Your unrelated links of the week: Turntablism.  I was talking about assembled music last week, and this is a whole area to itself.  Watch Kid Koala turn a few seconds of trumpet playing into an entire blues progression.