I previously reported about my joy with MySQL-Proxy and a simple SQL-Injection detection based on a simple heuristic.

Today I present the more interesting approach that I promised to publish after my webinar yesterday. This approach is based on the idea that SQL queries issued by an application always have a certain structure. This structure can be learned and remembered by MySQL-Proxy. Any SQL query that has a different structure can then be considered an attack.

Training Mode

The first Lua script learn_sql_queries.lua uses MySQL-Proxy’s read_query hook to catch COM_INIT_DB and COM_QUERY packets. COM_INIT_DB packets are issued when the database is …

I was surprised to read today that Sun just released SocialSite, an open-source social network server similar to Ringside Networks. Per Patrick Chanezon's blog: "Socialsite is an open source (CDDL/GPL) social network server based on Apache Shindig (Java) that implements the database and User Interface for a full ...

I have gotten a few questions around my 7/29 blog posting on agent vs client-side products and wanted to make it clear that our decision to go with a distributed agent architecture was a strategic decision that has paved the way for us to deliver on our overall "pain point" addressing roadmap. True, building a client-side app would have meant a faster go-to-market delivery, but that path would have imposed serious limitations on our ability to address and alleviate common pain points around the use and scaling of apps on MySQL.

So what does an agent really do for us from a strategic standpoint? Without revealing too many details (well, these things have already been openly discussed with customers and presented in our MySQL UC 2008 Product roadmap session), our agent-based architecture allows us to provide:
…

Continuing our earlier advice to take backups frequently, and secure them offsite - thought we’d highlight a few recent administrator related things added to ZCS that you might not have noticed.


 Network Edition Backup Enhancements

 

Speaking of backups, there are some new ways to take them in ZCS 5.0.x. With ever larger quota usage, full backups can often take a while to run, and even incrementals which process the redologs may still be one heck of a job when you’re talking thousands or millions of accounts. Having trouble completing that entire full backup during off-hours? Enter the hybrid …

Could the ruling open the door to open source companies joining the anti-piracy Business Software Alliance? READ MORE

I started playing around with protobuf when doing some stuff in Drizzle (more about that later), and since the examples where using IOStream, the table reader and writer that Brian wrote is using IOStreams. Now, IOStreams is pretty powerful, but it can be a pain to use, so of course I start tossing together some utilities to make it easier to work with.

Being a serious Perl addict since 20 years, I of course start missing a lot of nice functions for manipulating strings, and the most immediate one is join, so I wrote a C++ IOStream manipulator to join the elements of an arbitrary sequence and output them to an std::ostream.

In this case, since the I/O Manipulator takes arguments, it has to be written as a class. Recall that …

According to Wikipedia, in April 2008, the number of videos on Youtube was 83.4 million (ref: http://en.wikipedia.org/wiki/YouTube#cite_note-5). However, the link in the cite note now displays “*†video results 1 – 20 of millions, without showing the real count.

Here's one way I found to get an estimated, but relatively accurate, number of videos on the popular video sharing site Youtube. The idea is simple. Get this feed: http://gdata.youtube.com/feeds/api/videos/-/* and parse out the number inside the <opensearch:totalresults> tag.

…

I picked up what some claim is the fastest of the current SSD drives this week, the Memoright GT.  From articles around the net I have seen performance speeds substantially faster then the mtron drive I tested earlier…. so I took the plunge.  The first results?  luke warm.  The random performance ( databases like mysql are all about random performance )  of the drive is better in mixed read/write tests over the mtron, but the mtron blew it away in random read performance.  This are are my first pass tests, so I may have something wrong …  so take them with a grain of salt:

At NetCAT

During NetCAT, I got a chance to review PHP support, although I had opted for it before-hand, still I just got started last week.

You can read my 4th edition of personal NetCAT Weekly Report. So, Tony and Yudi, reviewed it in early days of NetCAT 6.5, while I was reviewing VW JSF tutorials.

Kickstarter- WordPress Tutorial

Now, some of them are working, though I gave my personal opinions, what I felt after reviewing. By the way, it was Jan Chalupa’s WordPress Project Tutorial, that got me started finally to review PHP docs and editor support, etc.

Patrick, the maintainer of DBD::mysql and one of our original slash crew, is doing a webinar on Grazr:
http://www.mysql.com/news-and-events/web-seminars/

Why is this of interest?

Grazr does write through caching, unlike the 90% percent of Memcached sites which are read through caches.

He also will be talking about Sphinx and I believe he has a slide or two talking about our work with Gearman.