A few weeks ago, I blogged about an adaptive firewall on my NetSec blog.

While casually checking through the access logs, I noticed that someone had tried to get admin passwords of my wiki site using SQL injection.

Here is the actual hacking attempt:

41.250.10.3 - - [28/Jun/2006:04:42:14 -0700] "GET /tiki-usermenu.php?find=&offset=[SELECT%20uid%20FROM%20admins%20WHERE%20login=''%20OR%20'a'='a'%20AND%20password=''%20OR%20'a'='a'] HTTP/1.1" 200 123 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"

Someone from Africa (looking at the IP number), trying to get the list of admin accounts without passwords.

So, it occurred to me, that you could easily add a few more regexp triggers to an adaptive firewall, to catch SQL injection attacks, and thus either block …

A few weeks ago, I blogged about an adaptive firewall on my NetSec blog.

While casually checking through the access logs, I noticed that someone had tried to get admin passwords of my wiki site using SQL injection.

Here is the actual hacking attempt:

41.250.10.3 - - [28/Jun/2006:04:42:14 -0700] "GET /tiki-usermenu.php?find=&offset=[SELECT%20uid%20FROM%20admins%20WHERE%20login=''%20OR%20'a'='a'%20AND%20password=''%20OR%20'a'='a'] HTTP/1.1" 200 123 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"

Someone from Africa (looking at the IP number), trying to get the list of admin accounts without passwords.

So, it occurred to me, that you could easily add a few more regexp triggers to an adaptive firewall, to catch SQL injection attacks, and thus either block …

In this first little lesson we will learn how to connect an NDBAPI program to connect to MySQL Cluster. Start a X node cluster with atleast two or three [API] or [MYSQLD] slots so that you can connect a mysql server and the example program.

Before running these examples, please read the documentation on the NDBAPI classes and methods that are used!

The first example program (listed below), ndbapi_connect.cpp illustrates how to connect to MySQL Cluster.

> cat ndbapi_connect.cpp

#include
#include

#include

using namespace std;

int main()
{
ndb_init();
/**
* define a connect string to the management server
*/
char * connectstring = "localhost";

/**
* Create a Ndb_cluster_connection object using the connectstring
*/
Ndb_cluster_connection * conn = new …

The first thing we have to do, before starting with any examples, is to setup our environment.

The linux kernel I am using is ( I am using Ubunto 6.06):
Linux stingray 2.6.15-25-386 #1 PREEMPT Wed Jun 14 11:25:49 UTC 2006 i686 GNU/Linux

The compiler I am using is ( g++ -v):
...
gcc version 4.0.3 (Ubuntu 4.0.3-1ubuntu5)

Another good thing to have is e.g. the NDBAPI documentation.
For this I will use MySQL 5.0.22, but the steps are the same for 5.1.X

1. Download the source distribution of MySQL 5.0.22
2. tar xvfz mysql-5.0.22.tar.gz
3. cd mysql-5.0.22
4. ./configure --with-ndbcluster --with-ndb-docs
5. cd ndb/docs (in 5.1.X it is 'storage/ndb/docs')
   
6. make

Now you have html documentation of the ndbapi, if you have got all the necessary things (like doxygen) installed to generate the …

One of our clients is working on a cool astrophysics project and wants to import large quantities of observations. Fortunately, the data is in a simple percent delimited format:

SEE%5%8
XYZ%6%8
ZZZ%7

The fields represent the time, the instrument, the type of observation (solar flare, brightness measurement), the co-ordinates and the result. There are two types of problem with this format. Firstly, data is not normalized - its just a flatfile. Secondly, many of the fields have a context which depends on other fields. Formats with these properties are quite common in the wild but how to handle them?

The following proof of concept code allows percent delimited data to be read directly by MySQL Server and splits one type of data to a separate table. This is achieved with a case statement in a MySQL Server 5.0 stored procedure, called from a trigger:

DELIMITER //

CREATE TABLE observation (
  id INT PRIMARY KEY …

It is often the case that web applications display a paginated resultset. The most familiar example is search engine results. However, the usefulness of the results is in providing both detail and distinctness. SELECT DISTINCT isn't sufficient in this case because collapsed rows cannot be distinguished. Furthermore, it would be advantageous to have a summarizing threshold.

For this reason, I've created an example query which summarizes strictly more than 30 rows. This query uses the world database to display continents and countries. The query summarizes continents with more than 30 countries. A flag is provided so that an application can identify and display the summarized rows differently:

(SELECT continent, NULL AS country, 1 AS more FROM country GROUP BY continent HAVING COUNT(continent)>30) UNION (SELECT c0.continent, c0.name, 0 AS more FROM country AS c0, (SELECT continent FROM country GROUP BY continent HAVING …

Hyperic Inc has raised $3.8 million in a Series A funding through Benchmark Capital.  Benchmark has previously funded open source companies including Red Hat and MySQL. 

Hyperic provides an open source monitoring solution for the LAMP stack (Linux / Apache / MySQL / PHP) known as Hyperic HQ. Hyperic was founded as a spinoff from Covalent software in 2004 led by Javier Soltero. 

• SF BusinessTimes: Hyperic Raises $3.8M in First Round
• ZDNet Blogs: Covalent Veterans Put Hyperic Under GPL
• ZDNet Blogs: Hyperic Seeks to Build …

This post is not exactly about MySQL Performance or about Performance at all, but I guess it should be interested to many MySQL DBAs and other people involved running MySQL In production.

Recently I've been involved in troubleshooting Dell Poweredge 2850 system running RAID5 using 6GB internal hard drives, which give about 1.4TB of usable space.

The problem started than one of hard drive was set to "Predicted Failure" state by "Patrol Read" which is automatically done by PERC4 (LSI Logic megaraid) controller. Dell was prompt to ship replacement hard drive and drive was replaced. This should be happy end of the story but in reality troubles only began.

After hard drive is replaced RAID has to be rebuilt but the problem in this case was.... rebuild failed bringing all logical drive down because yet another hard drive got bad block. Replaced hard drive was "failed" because it could not be rebuilt and other one because of read …

Did you realise that... having fewer slides for a presentation actually is more difficult than having lots of slides?

Difficult in the sense of more work also... and I notice that most speakers are lazy; hence you get to see slideshows where people read from their own slides slower than you do. So I always wonder what such speakers are actually doing there... if I get those slides anyway, they're not adding anything, are they? Perhaps someone could record it and make a podcast, but no need for the audience, really.

I have a few talks that are less than 10 slides, including first and last pages. I always use the first page to introduce the topic, my name and such, and possibly the event - and no, I don't even need to look back at my own slide when I say "hi, I'm Arjen..." ;-) The last page wraps things up asking for questions and such, possibly some more contact info and resource links.

Such a small deck …

Followers of MySQL AB know that we strongly oppose software patents. We have concluded that software patents are harmful to the software industry at large. This is why we support those who work for an abolishment of software patents. We also work with other companies and groups to build a joint defense against software patents.

MySQL AB as a company, and I myself as VP Community, were heavily involved in Florian Müller’s NoSoftwarePatents.com campaign 2004-05 in Europe. We were involved both as sponsors and advisors.

The story of this David against Goliath campaign is now available for all as a book. Florian Müller’s memoir-style book

has been released under the Creative Commons license this month.

On 377 pages, Mueller tells the story of the …