This document summarizes a presentation on MariaDB/MySQL security essentials. The presentation covered historically insecure default configurations, privilege escalation vulnerabilities, access control best practices like limiting privileges to only what users need and removing unnecessary accounts. It also discussed authentication methods like SSL, PAM, Kerberos and audit plugins. Encryption at the table, tablespace and binary log level was explained as well. Preventing SQL injections and available security assessment tools were also mentioned.
Meet MariaDB 10.1 at the Bulgaria Web SummitColin Charles
Meet MariaDB 10.1 at the Bulgaria Web Summit, held in Sofia in February 2016. Learn all about MariaDB Server, and the new features like encryption, audit plugins, and more.
This is my third iteration of the talk presented in Tokyo, Japan - first was at a keynote at rootconf.in in April 2016, then at the MySQL meetup in New York, and now for dbtechshowcase. The focus is on database failures of the past, and how modern MySQL / MariaDB Server technologies could have helped them avoid such failure. The focus is on backups and verification, replication and failover, and security and encryption.
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)Colin Charles
MariaDB is like the "new" MySQL, and its available everywhere. This talk was given at LinuxCon Europe in Dublin in October 2015. Learn about all the new features, considering the release was just around the corner. Changes in replication are also very interesting
MySQL is a unique adult (now 21 years old) in many ways. It supports plugins. It supports storage engines. It is also owned by Oracle, thus birthing two branches of the popular opensource database: Percona Server and MariaDB Server. It also once spawned a fork: Drizzle. Lately a consortium of web scale users (think a chunk of the top 10 sites out there) have spawned WebScaleSQL.
You're a busy DBA having to maintain a mix of this. Or you're a CIO planning to choose one branch. How do you go about picking? Supporting multiple databases? Find out more in this talk. Also covered is a deep-dive into what feature differences exist between MySQL/Percona Server/MariaDB/WebScaleSQL, how distributions package the various databases differently. Within the hour, you'll be informed about the past, the present, and hopefully be knowledgeable enough to know what to pick in the future.
Note, there will also be coverage of the various trees around WebScaleSQL, like the Facebook tree, the Alibaba tree as well as the Twitter tree.
Tuning Linux for your database FLOSSUK 2016Colin Charles
Some best practices about tuning Linux for your database workloads. The focus is not just on MySQL or MariaDB Server but also on understanding the OS from hardware/cloud, I/O, filesystems, memory, CPU, network, and resources.
Meet MariaDB Server 10.1 London MySQL meetup December 2015Colin Charles
Meet MariaDB Server 10.1, the server that got released recently. Presented at the London MySQL Meetup in December 2015. Learn about the new features in MariaDB Server, especially around the focus of what we did to improve security.
Securing your MySQL / MariaDB Server dataColin Charles
Co-presented alongside Ronald Bradford, this covers MySQL, Percona Server, and MariaDB Server (since the latter occasionally can be different enough). Go thru insecure practices, focus on communication security, connection security, data security, user accounts and server access security.
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupColin Charles
Presented at the Tokyo MariaDB Server meetup in July 2016, this is an overview of what you can see and use in MariaDB Server 10.1, but more importantly what is planned to arrive in 10.2
Meet MariaDB 10.1 at the Bulgaria Web SummitColin Charles
Meet MariaDB 10.1 at the Bulgaria Web Summit, held in Sofia in February 2016. Learn all about MariaDB Server, and the new features like encryption, audit plugins, and more.
This is my third iteration of the talk presented in Tokyo, Japan - first was at a keynote at rootconf.in in April 2016, then at the MySQL meetup in New York, and now for dbtechshowcase. The focus is on database failures of the past, and how modern MySQL / MariaDB Server technologies could have helped them avoid such failure. The focus is on backups and verification, replication and failover, and security and encryption.
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)Colin Charles
MariaDB is like the "new" MySQL, and its available everywhere. This talk was given at LinuxCon Europe in Dublin in October 2015. Learn about all the new features, considering the release was just around the corner. Changes in replication are also very interesting
MySQL is a unique adult (now 21 years old) in many ways. It supports plugins. It supports storage engines. It is also owned by Oracle, thus birthing two branches of the popular opensource database: Percona Server and MariaDB Server. It also once spawned a fork: Drizzle. Lately a consortium of web scale users (think a chunk of the top 10 sites out there) have spawned WebScaleSQL.
You're a busy DBA having to maintain a mix of this. Or you're a CIO planning to choose one branch. How do you go about picking? Supporting multiple databases? Find out more in this talk. Also covered is a deep-dive into what feature differences exist between MySQL/Percona Server/MariaDB/WebScaleSQL, how distributions package the various databases differently. Within the hour, you'll be informed about the past, the present, and hopefully be knowledgeable enough to know what to pick in the future.
Note, there will also be coverage of the various trees around WebScaleSQL, like the Facebook tree, the Alibaba tree as well as the Twitter tree.
Tuning Linux for your database FLOSSUK 2016Colin Charles
Some best practices about tuning Linux for your database workloads. The focus is not just on MySQL or MariaDB Server but also on understanding the OS from hardware/cloud, I/O, filesystems, memory, CPU, network, and resources.
Meet MariaDB Server 10.1 London MySQL meetup December 2015Colin Charles
Meet MariaDB Server 10.1, the server that got released recently. Presented at the London MySQL Meetup in December 2015. Learn about the new features in MariaDB Server, especially around the focus of what we did to improve security.
Securing your MySQL / MariaDB Server dataColin Charles
Co-presented alongside Ronald Bradford, this covers MySQL, Percona Server, and MariaDB Server (since the latter occasionally can be different enough). Go thru insecure practices, focus on communication security, connection security, data security, user accounts and server access security.
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupColin Charles
Presented at the Tokyo MariaDB Server meetup in July 2016, this is an overview of what you can see and use in MariaDB Server 10.1, but more importantly what is planned to arrive in 10.2
Better encryption & security with MariaDB 10.1 & MySQL 5.7Colin Charles
Talking about the improvements in MariaDB on MySQL security and encryption features that are so important in today's data landscape. Presented http://www.meetup.com/EffectiveMySQL/events/224828891/
Having spent more than the last decade being the main point of contact for distributions shipping MySQL, then MariaDB Server, it's clear that working with distributions have many challenges. Licensing changes (when MySQL moved the client libraries from LGPL to GPL with a FOSS Exception), ABI changes, speed (or lack thereof) of distribution releases/freezes, supporting the software throughout the lifespan of the distribution, specific bugs due to platforms, and a lot more will be discussed in this talk. Let's not forget the politics. How do we decide "tiers" of importance for distributions? As a bonus, there will be a focus on how much effort it took to "replace" MySQL with MariaDB.
Benefits: if you're making a distribution, this is the point of view of the upstream package makers. Why are distribution statistics important to us? Do we monitor your bugs system or do you have a better escalation to us? How do we test to make sure things are going well before release. This and more will be spoken about.
As an upstream project (package), we love nothing more than being available everywhere. But time and energy goes into making this is so as there are quirks in every distribution.
Today you can use hosted MySQL/MariaDB/Percona Server in several "cloud providers" in what is considered using it as a service, a database as a service (DBaaS). You can also use hosted PostgreSQL and MongoDB thru various service providers. Learn the differences, the access methods, and the level of control you have for the various public cloud offerings:
- Amazon RDS for MySQL and PostgreSQL
- Google Cloud SQL
- Rackspace OpenStack DBaaS
- The likes of compose.io, MongoLab and Rackspace's offerings around MongoDB
The administration tools and ideologies behind it are completely different, and you are in a "locked-down" environment. Some considerations include:
* Different backup strategies
* Planning for multiple data centres for availability
* Where do you host your application?
* How do you get the most performance out of the solution?
* What does this all cost?
Growth topics include:
* How do you move from one DBaaS to another?
* How do you move all this from DBaaS to your own hosted platform?
Questions like this will be demystified in the talk. This talk will benefit experienced database administrators (DBAs) who now also have to deal with cloud deployments as well as application developers in startups that have to rely on "managed services" without the ability of a DBA.
Presented at the MySQL Chicago Meetup in August 2016. The focus of the talk is on backups and verification, replication and failover, as well as security and encryption.
Best practices for MySQL/MariaDB Server/Percona Server High AvailabilityColin Charles
Best practices for MySQL/MariaDB Server/Percona Server High Availability - presented at Percona Live Amsterdam 2016. The focus is on picking the right High Availability solution, discussing replication, handling failure (yes, you can achieve a quick automatic failover), proxies (there are plenty), HA in the cloud/geographical redundancy, sharding solutions, how newer versions of MySQL help you, and what to watch for next.
Presented at Percona Live Amsterdam 2016, this is an in-depth look at MariaDB Server right up to MariaDB Server 10.1. Learn the differences. See what's already in MySQL. And so on.
Do you wonder how to contribute to MariaDB? Have you considered writing a plugin? MariaDB ships many plugins (over a hundred) and you could also be one of them. Find out what they do, how to use them, and so forth. A lightning talk given for the MySQL NL User Group meetup in Amsterdam.
An introduction to MongoDB from an experienced MySQL user and developer. There are differences and we go thru the What/Why/Who/Where of MongoDB, the "similarities" to the MySQL world like storage engines, how replication is a little more interesting with built-in sharding and automatic failover, backups, monitoring, DBaaS, going to production and finding out more resources.
MySQL features missing in MariaDB ServerColin Charles
MySQL features missing in MariaDB Server. Here's an overview from the New York developer's Unconference in February 2018. This is primarily aimed at the developers, to decide what goes into MariaDB 10.4, as opposed to users.
High level comparisons are made between MySQL 5.6/5.7 with of course MySQL 8.0 as well. Here's to ensuring MariaDB Server 10/310.4 has more "Drop-in" compatibility.
MariaDB Server Compatibility with MySQLColin Charles
At the MariaDB Server Developer's meeting in Amsterdam, Oct 8 2016. This was the deck to talk about what MariaDB Server 10.1/10.2 might be missing from MySQL versions up to 5.7. The focus is on compatibility of MariaDB Server with MySQL.
Failure happens, and we can learn from it. We need to think about backups, but also verification of them. We should definitely make use of replication and think about automatic failover. And security is key, but don't forget that encryption is now available in MySQL, Percona Server and MariaDB Server.
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleColin Charles
As proxies (and database routers) go, the first one I ever used was the now deprecated MySQL Proxy. Since then, I've managed to use MariaDB MaxScale quite a bit (including its fork AirBnB MaxScale), played around with ProxySQL in recent time, and also started taking a look at MySQL Router. In this quick 20-minute overview, we'll discuss why these three exist, a feature comparison, and reasons when to use the right tool for the job.
MariaDB started life as a database to host the Maria storage engine in 2009. Not long after its inception, the MySQL community went through yet another change in ownership, and it was deemed that MariaDB will be a complete database branch developed to extend MySQL, but with constant merging of upstream changes.
The goal of the MariaDB project is to ensure that everyone is part of the community, including employees of the major steering companies. MariaDB also features enhanced features, some of which are common with the Percona Performance Server. Most importantly, MariaDB is a drop-in replacement and is completely backward compatible with MySQL. In 2010, MariaDB released 5.1 in February, and 5.2 in November – two major releases in a span of one calendar year is a feat that was achieved!
DBAs and developers alike will gain an introduction to MariaDB, what is different with MySQL, how to make use of the feature enhancements, and more.
Differences between MariaDB 10.3 & MySQL 8.0Colin Charles
MySQL and MariaDB are becoming more divergent. Learn what is different from a high level. It is also a good idea to ensure that you use the correct database for the correct job.
The MySQL ecosystem - understanding it, not running away from it! Colin Charles
You're a busy DBA thinking about having to maintain a mix of this. Or you're a CIO planning to choose one branch over another. How do you go about picking? Supporting multiple databases? Find out more in this talk. Also covered is a deep-dive into what feature differences exist between MySQL/Percona Server/MariaDB Server. Within 20 minutes, you'll leave informed and knowledgable on what to pick.
A base blog post to get started: https://www.percona.com/blog/2017/11/02/mysql-vs-mariadb-reality-check/
MariaDB: in-depth (hands on training in Seoul)Colin Charles
MariaDB: in-depth is training that was conducted for partners selling/deploying MariaDB in Seoul. Its a practical hands-on introduction that can be completed in 1-day.
Forking Successfully - or is a branch better?Colin Charles
Forking Successfully or do you think a branch will work better? Learn from history, see what's current, etc. Presented at OSCON London 2016. This is forking beyond the github generation. And if you're going to do it, some tips on how you could be successful.
Better encryption & security with MariaDB 10.1 & MySQL 5.7Colin Charles
Talking about the improvements in MariaDB on MySQL security and encryption features that are so important in today's data landscape. Presented http://www.meetup.com/EffectiveMySQL/events/224828891/
Having spent more than the last decade being the main point of contact for distributions shipping MySQL, then MariaDB Server, it's clear that working with distributions have many challenges. Licensing changes (when MySQL moved the client libraries from LGPL to GPL with a FOSS Exception), ABI changes, speed (or lack thereof) of distribution releases/freezes, supporting the software throughout the lifespan of the distribution, specific bugs due to platforms, and a lot more will be discussed in this talk. Let's not forget the politics. How do we decide "tiers" of importance for distributions? As a bonus, there will be a focus on how much effort it took to "replace" MySQL with MariaDB.
Benefits: if you're making a distribution, this is the point of view of the upstream package makers. Why are distribution statistics important to us? Do we monitor your bugs system or do you have a better escalation to us? How do we test to make sure things are going well before release. This and more will be spoken about.
As an upstream project (package), we love nothing more than being available everywhere. But time and energy goes into making this is so as there are quirks in every distribution.
Today you can use hosted MySQL/MariaDB/Percona Server in several "cloud providers" in what is considered using it as a service, a database as a service (DBaaS). You can also use hosted PostgreSQL and MongoDB thru various service providers. Learn the differences, the access methods, and the level of control you have for the various public cloud offerings:
- Amazon RDS for MySQL and PostgreSQL
- Google Cloud SQL
- Rackspace OpenStack DBaaS
- The likes of compose.io, MongoLab and Rackspace's offerings around MongoDB
The administration tools and ideologies behind it are completely different, and you are in a "locked-down" environment. Some considerations include:
* Different backup strategies
* Planning for multiple data centres for availability
* Where do you host your application?
* How do you get the most performance out of the solution?
* What does this all cost?
Growth topics include:
* How do you move from one DBaaS to another?
* How do you move all this from DBaaS to your own hosted platform?
Questions like this will be demystified in the talk. This talk will benefit experienced database administrators (DBAs) who now also have to deal with cloud deployments as well as application developers in startups that have to rely on "managed services" without the ability of a DBA.
Presented at the MySQL Chicago Meetup in August 2016. The focus of the talk is on backups and verification, replication and failover, as well as security and encryption.
Best practices for MySQL/MariaDB Server/Percona Server High AvailabilityColin Charles
Best practices for MySQL/MariaDB Server/Percona Server High Availability - presented at Percona Live Amsterdam 2016. The focus is on picking the right High Availability solution, discussing replication, handling failure (yes, you can achieve a quick automatic failover), proxies (there are plenty), HA in the cloud/geographical redundancy, sharding solutions, how newer versions of MySQL help you, and what to watch for next.
Presented at Percona Live Amsterdam 2016, this is an in-depth look at MariaDB Server right up to MariaDB Server 10.1. Learn the differences. See what's already in MySQL. And so on.
Do you wonder how to contribute to MariaDB? Have you considered writing a plugin? MariaDB ships many plugins (over a hundred) and you could also be one of them. Find out what they do, how to use them, and so forth. A lightning talk given for the MySQL NL User Group meetup in Amsterdam.
An introduction to MongoDB from an experienced MySQL user and developer. There are differences and we go thru the What/Why/Who/Where of MongoDB, the "similarities" to the MySQL world like storage engines, how replication is a little more interesting with built-in sharding and automatic failover, backups, monitoring, DBaaS, going to production and finding out more resources.
MySQL features missing in MariaDB ServerColin Charles
MySQL features missing in MariaDB Server. Here's an overview from the New York developer's Unconference in February 2018. This is primarily aimed at the developers, to decide what goes into MariaDB 10.4, as opposed to users.
High level comparisons are made between MySQL 5.6/5.7 with of course MySQL 8.0 as well. Here's to ensuring MariaDB Server 10/310.4 has more "Drop-in" compatibility.
MariaDB Server Compatibility with MySQLColin Charles
At the MariaDB Server Developer's meeting in Amsterdam, Oct 8 2016. This was the deck to talk about what MariaDB Server 10.1/10.2 might be missing from MySQL versions up to 5.7. The focus is on compatibility of MariaDB Server with MySQL.
Failure happens, and we can learn from it. We need to think about backups, but also verification of them. We should definitely make use of replication and think about automatic failover. And security is key, but don't forget that encryption is now available in MySQL, Percona Server and MariaDB Server.
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleColin Charles
As proxies (and database routers) go, the first one I ever used was the now deprecated MySQL Proxy. Since then, I've managed to use MariaDB MaxScale quite a bit (including its fork AirBnB MaxScale), played around with ProxySQL in recent time, and also started taking a look at MySQL Router. In this quick 20-minute overview, we'll discuss why these three exist, a feature comparison, and reasons when to use the right tool for the job.
MariaDB started life as a database to host the Maria storage engine in 2009. Not long after its inception, the MySQL community went through yet another change in ownership, and it was deemed that MariaDB will be a complete database branch developed to extend MySQL, but with constant merging of upstream changes.
The goal of the MariaDB project is to ensure that everyone is part of the community, including employees of the major steering companies. MariaDB also features enhanced features, some of which are common with the Percona Performance Server. Most importantly, MariaDB is a drop-in replacement and is completely backward compatible with MySQL. In 2010, MariaDB released 5.1 in February, and 5.2 in November – two major releases in a span of one calendar year is a feat that was achieved!
DBAs and developers alike will gain an introduction to MariaDB, what is different with MySQL, how to make use of the feature enhancements, and more.
Differences between MariaDB 10.3 & MySQL 8.0Colin Charles
MySQL and MariaDB are becoming more divergent. Learn what is different from a high level. It is also a good idea to ensure that you use the correct database for the correct job.
The MySQL ecosystem - understanding it, not running away from it! Colin Charles
You're a busy DBA thinking about having to maintain a mix of this. Or you're a CIO planning to choose one branch over another. How do you go about picking? Supporting multiple databases? Find out more in this talk. Also covered is a deep-dive into what feature differences exist between MySQL/Percona Server/MariaDB Server. Within 20 minutes, you'll leave informed and knowledgable on what to pick.
A base blog post to get started: https://www.percona.com/blog/2017/11/02/mysql-vs-mariadb-reality-check/
MariaDB: in-depth (hands on training in Seoul)Colin Charles
MariaDB: in-depth is training that was conducted for partners selling/deploying MariaDB in Seoul. Its a practical hands-on introduction that can be completed in 1-day.
Forking Successfully - or is a branch better?Colin Charles
Forking Successfully or do you think a branch will work better? Learn from history, see what's current, etc. Presented at OSCON London 2016. This is forking beyond the github generation. And if you're going to do it, some tips on how you could be successful.
Lessons from {distributed,remote,virtual} communities and companiesColin Charles
A last minute talk for the people at DevOps Amsterdam, happening around the same time as O'Reilly Velocity Amsterdam 2016. Here are lessons one can learn from distributed/remote/virtual communities and companies from someone that has spent a long time being remote and distributed.
This was a short 25 minute talk, but we go into a bit of a history of MySQL, how the branches and forks appeared, what's sticking around today (branch? Percona Server. Fork? MariaDB Server). What should you use? Think about what you need today and what the roadmap holds.
Simple tips to improve Server SecurityResellerClub
Simple tips to improve Server Security
In these times, it’s very essential to secure your servers from the outside as well as from customers using the server. This session will show some basic methods on how to protect your server(s).
Pulkit Gupta
CEO & Chief Architect
Softaculous
(Stephane Maarek, DataCumulus) Kafka Summit SF 2018
Security in Kafka is a cornerstone of true enterprise production-ready deployment: It enables companies to control access to the cluster and limit risks in data corruption and unwanted operations. Understanding how to use security in Kafka and exploiting its capabilities can be complex, especially as the documentation that is available is aimed at people with substantial existing knowledge on the matter.
This talk will be delivered in a “hero journey” fashion, tracing the experience of an engineer with basic understanding of Kafka who is tasked with securing a Kafka cluster. Along the way, I will illustrate the benefits and implications of various mechanisms and provide some real-world tips on how users can simplify security management.
Attendees of this talk will learn about aspects of security in Kafka, including:
-Encryption: What is SSL, what problems it solves and how Kafka leverages it. We’ll discuss encryption in flight vs. encryption at rest.
-Authentication: Without authentication, anyone would be able to write to any topic in a Kafka cluster, do anything and remain anonymous. We’ll explore the available authentication mechanisms and their suitability for different types of deployment, including mutual SSL authentication, SASL/GSSAPI, SASL/SCRAM and SASL/PLAIN.
-Authorization: How ACLs work in Kafka, ZooKeeper security (risks and mitigations) and how to manage ACLs at scale
MySQL is the most popular database on the web but how do you keep your data safe as it is virtualized, contained, put into the cloud, replicated, and sharded out to servers where DBAs have minimal actual control.
The importance of security in 2013, with more websites getting hacked daily and penetration testers being one of the most the requested IT jobs.
Develops need to be sure how secure their applications against threads like SQL injection, cross site scripting, weak passwords, brute force or dictionary attacks.
Hi! Ho! Hi! Ho! SQL Server on Linux We Go!SolarWinds
SQL Server has been running on Windows for years. Now Microsoft is making it available on Linux in order to provide a consistent database platform across Window and Linux servers, as well as on-premises and in the cloud. In this presentation, Janis Griffin, database performance evangelist at SolarWinds, discusses the advantages of using SQL Server on Linux, comparing architecture, cost and performance.
The Spy Who Loathed Me - An Intro to SQL Server SecurityChris Bell
You have lots of data you have painstakingly collected over the years. How do you ensure that data is protected from hackers, spies and other ne’er-do-wells? Understanding the vast array of security features available in SQL Server is the first step in helping you determine what actions you need to take now to protect your data.
Fonts used: SkyFall Done
Calibri
Hi! Ho! Hi! Ho! SQL Server on Linux We Go!SolarWinds
SQL Server has been running on Windows for years. Now Microsoft is making it available on Linux in order to provide a consistent database platform across Window and Linux servers, as well as on-premises and in the cloud. In this presentation, Janis Griffin, database performance evangelist at SolarWinds, discusses the advantages of using SQL Server on Linux, comparing architecture, cost and performance.
A step-by-step deep dive into Kafka Security world. This presentation covers few most sought-after questions in Streaming / Kafka; like what happens internally when SASL / Kerberos / SSL security is configured, how does various Kafka components interacts with each other. This could be valuable resource for administrators, users & Application developers alike. Having internal Kafka knowledge would help them to configure, manage and use the Kafka systems in a more optimal way with least possible errors / mistakes.
Agenda is to discuss:
- Various Kafka Security model available: PLAINTEXT, SASL_PLAINTEXT, SASL_SSL, PLAINTEXT_SSL and when to use which model
- Anatomy of each Security model: in-depth examination of these models and what happens internally when they are used; with real life examples
- Do's and Don'ts of Kafka Security
- Common Errors & Troubleshooting
This talk will be all about looking under-the-hood with respect to Kafka Security. Suitable for all levels from beginners to expert.
Speaker
Vipin Rathor, Sr. Product Specialist (security), Hortonworks
Buckle up, join Christoph and get ready to learn 50 tips and tricks you can implement right away to improve your IBM Connections environment. Your users will thank you as they too benefit from this best practice list gathered from real-world projects while deploying and administering IBM Connections On-premises. Walk away with knowledge covering anything from Cognos integration, docs, CCM and Forms Experience Builder to the back end and DB2, TDI and SSO.
At the moment MySQL 8 and MariaDB 10.4 are the latest versions of the corresponding database management systems. Each of these DBMSs has a unique set of features, unavailable in its analogue (MariaDB features might be unavailable in MySQL, and vice versa). In this presentation, we’ll cover these new features and provide recommendations re: which application will work best on which DBMS.
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
We will go over the layout of the MySQL code base, roughly following the query execution path. We will also cover how to extend MySQL with both built-in and pluggable add-ons.
MariaDB Server 10.3 is a culmination of features from MariaDB Server 10.2+10.1+10.0+5.5+5.3+5.2+5.1 as well as a base branch from MySQL 5.5 and backports from MySQL 5.6/5.7. It has many new features, like a GA-ready sharding engine (SPIDER), MyRocks, as well as some Oracle compatibility, system versioned tables and a whole lot more.
Presented at OSCON 2018. A review of what is available from MySQL, MariaDB Server, MongoDB, PostgreSQL, and more. Covering your choices, considerations, versions, access methods, cost, a deeper look at RDS and if you should run your own instances or not.
With a focus on Amazon AWS RDS MySQL and PostgreSQL, Rackspace cloud, Google Cloud SQL, Microsoft Azure for MySQL and PostgreSQL as well as a hint of the other clouds
Percona ServerをMySQL 5.6と5.7用に作るエンジニアリング(そしてMongoDBのヒント)Colin Charles
Engineering that goes into making Percona Server for MySQL 5.6 & 5.7 different (and a hint of MongoDB) for dbtechshowcase 2017 - the slides also have some Japanese in it. This should help a Japanese audience to read it. If there are questions due to poor translation, do not hesitate to drop me an email (byte@bytebot.net) or tweet: @bytebot
Databases require capacity planning (and to those coming from traditional RDBMS solutions, this can be thought of as a sizing guide). Capacity planning prevents resource exhaustion. Capacity planning can be hard. This talk has a heavier leaning on MySQL, but the concepts and addendum will help with any other data store.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
1. MariaDB/MySQL
Security Essentials
Colin Charles, Team MariaDB, MariaDB Corporation
colin@mariadb.com / byte@bytebot.net
http://bytebot.net/blog/ | @bytebot on Twitter
FLOSSUK 2016, London
17 March 2016
2. whoami
• Work on MariaDB at MariaDB Corporation (SkySQL
Ab)
• Merged with Monty Program Ab, makers of MariaDB
• Formerly MySQL AB (exit: Sun Microsystems)
• Past lives include Fedora Project (FESCO),
OpenOffice.org
• MySQL Community Contributor of the Year Award
winner 2014
3. Historically…
• No password for the ‘root’ user
• There is a default ‘test’ database
• Find a password from application config files (wp-
config.php, drupal’s settings.php, etc.)
• Are your datadir permissions secure (/var/lib/
mysql)?
• can you run strings mysql/user.MYD ?
4. Can you view privileges to
find a user with more access?
MariaDB [(none)]> SELECT host,user,password from mysql.user;
+--------------+-------------------+----------+
| host | user | password |
+--------------+-------------------+----------+
| localhost | root | |
| sirius | root | |
| 127.0.0.1 | root | |
| ::1 | root | |
| localhost | | |
| sirius | | |
+--------------+-------------------+----------+
5. More things to think about
• Does replication connection have global
permissions?
• If you can start/stop mysqld process, you can
reset passwords
• Can you edit my.cnf? You can run a SQL file
when mysqld starts with init-file
6. sql_mode
• 5.6 default = NO_ENGINE_SUBSTITUTION
• SQL_MODE = STRICT_ALL_TABLES,
NO_ENGINE_SUBSTITUTION
• Keeps on improving, like deprecating
NO_ZERO_DATE, NO_ZERO_IN_DATE (5.6.17)
and making it part of strict mode
7. mysql_secure_installation
• Pretty basic to run, but many don’t
• Remove anonymous users
• Remove test database
• Remove non-localhost root users
• Set a root password
8. Creating users
• The lazy way
• CREATE USER ‘foo’@‘%’;
• GRANT ALL ON *.* TO ‘foo’@‘%’;
• The above gives you access to all tables in all
databases + access from any external location
• ALL gives you a lot of privileges, including
SHUTDOWN, SUPER, CHANGE MASTER, KILL,
USAGE, etc.
9. SUPER privileges
• Can bypass a read_only
server
• Can bypass init_connect
• Can disable binary
logging
• Can dynamically change
configuration
• Reached
max_connections? Can
still make one connection
• https://dev.mysql.com/
doc/refman/5.6/en/
privileges-
provided.html#priv_super
• SUPER Read Only:
prohibit client updates for
everyone
10. So… only give users what
they need
• CREATE USER ‘foo’@‘localhost’ IDENTIFIED by
‘password’;
• GRANT CREATE, SELECT, INSERT, UPDATE,
DELETE on db.* to ‘foo’@‘localhost’;
11. And when it comes to
applications…
• Viewer? (read only access only)
• SELECT
• User? (read/write access)
• SELECT, INSERT, UPDATE, DELETE
• DBA? (provide access to the database)
• CREATE, DROP, etc.
12. Installation
• Using your Linux distribution… mostly gets you MariaDB when you
ask for mysql-server
• Except on Debian/Ubuntu
• However, when you get mariadb-server, you get an
authentication plugin — auth_socket for “automatic logins”
• You are asked by debhelper to enter a password
• You can use the APT/YUM repositories from Oracle MySQL,
Percona or MariaDB
• Don’t disable SELinux: system_u:system_r:mysqld_t:s0
13. Enable log-warnings
• Enable —log_warnings=2
• Can keep track of access denied messages
• Worth noting there are differences here in MySQL &
MariaDB
• https://dev.mysql.com/doc/refman/5.6/en/server-
options.html#option_mysqld_log-warnings
• https://mariadb.com/kb/en/mariadb/server-system-
variables/#log_warnings
14. MySQL 5.6 improvements
• Password expiry
• ALTER USER 'foo'@'localhost' PASSWORD
EXPIRE;
• https://dev.mysql.com/doc/refman/5.6/en/
password-expiration-sandbox-mode.html
• Password validation plugin
• VALIDATE_PASSWORD_STRENGTH()
15. MySQL 5.6 II
• mysql_config_editor - store authentication
credentials in an encrypted login path file
named .mylogin.cnf
• http://dev.mysql.com/doc/refman/5.6/en/mysql-
config-editor.html
• Random ‘root’ password on install
• mysql_install_db —random-passwords stored in
$HOME/.mysql_secret
16. MySQL 5.7
• Improved password expiry — automatic password
expiration available, so set
default_password_lifetime in my.cnf
• You can also require password to be changed every n-
days
• ALTER USER ‘foo'@'localhost' PASSWORD EXPIRE
INTERVAL n DAY;
• There is also account locking/unlocking now
• ACCOUNT LOCK/ACCOUNT UNLOCK
17. SSL
• You’re using the cloud and you’re using
replication… you don’t want this in cleartext
• Setup SSL (note: yaSSL vs OpenSSL can cause
issues)
• https://dev.mysql.com/doc/refman/5.6/en/ssl-
connections.html
• Worth noting 5.7 has a new tool:
mysql_ssl_rsa_setup
18. Initialise data directory using
mysqld now
• mysql_install_db is deprecated in 5.7
• mysqld itself handles instance initialisation
• mysqld —initialize
• mysqld —initialize-insecure
19. MariaDB passwords
• Password validation plugin (finally) exists now
• https://mariadb.com/kb/en/mariadb/development/mariadb-
internals-documentation/password-validation/
• simple_password_check password validation plugin
• can enforce a minimum password length and guarantee that a
password contains at least a specified number of uppercase
and lowercase letters, digits, and punctuation characters.
• cracklib_password_check password validation plugin
• Allows passwords that are strong enough to pass CrackLib test.
This is the same test that pam_cracklib.so does
21. What you do today
• MySQL stores accounts in the user table of the
my mysql database
• CREATE USER ‘foo’@‘localhost’
IDENTIFIED BY ‘password’;
22. select plugin_name, plugin_status from
information_schema.plugins where
plugin_type='authentication';
+-----------------------+---------------+
| plugin_name | plugin_status |
+-----------------------+---------------+
| mysql_native_password | ACTIVE |
| mysql_old_password | ACTIVE |
+-----------------------+---------------+
2 rows in set (0.00 sec)
23. Subtle difference w/MariaDB
& MySQL usernames
• Usernames in MariaDB > 5.5.31? 80 character limit (which you
have to reload manually)
create user
'long12345678901234567890'@'localhost'
identified by 'pass';
Query OK, 0 rows affected (0.01 sec)
vs
ERROR 1470 (HY000): String
'long12345678901234567890' is too long for user
name (should be no longer than 16)
25. auth_socket
• Authenticates against the Unix socket file
• Uses so_peercred socket option to obtain
information about user running client
• CREATE USER ‘foo’@‘localhost’
IDENTIFIED with auth_socket;
• Refuses connection of any other user but foo
from connecting
26. sha256_password
• Default in 5.6, needs SSL-built MySQL (if using it, best to set it
in my.cnf)
• default-authentication-plugin=sha256_password
• Default SSL is yaSSL, but with OpenSSL you get RSA
encryption
• client can transmit passwords to RSA server during
connection
• There exists key paths for private/public keys
• Passwords never exposed as cleartext when connecting
28. Let’s get somethings out of
the way
• PAM = Pluggable Authentication Module
• Use pam_ldap to to authenticate credentials
against LDAP server — configure /etc/
pam_ldap.conf (you also obviously need /etc/
ldap.conf)
• Simplest way is of course /etc/shadow auth
29. Percona Server
INSTALL PLUGIN auth_pam SONAME ‘auth_pam.so';
CREATE USER byte IDENTIFIED WITH auth_pam;
In /etc/pam.d/mysqld:
auth required pam_warn.so
auth required pam_unix.so audit
account required pam_unix.so audit
30. MariaDB
INSTALL SONAME ‘auth_pam’;
CREATE USER byte IDENTIFIED via pam USING
‘mariadb’;
Edit /etc/pam.d/mariadb:
auth required
pam_unix.so
account required
pam_unix.so
31. For MySQL compatibility
• Just use —pam-use-cleartext-plugin for
MySQL to use mysql_cleartext_password
instead of dialog plugin
32. Possible errors
• Connectors don’t support it:
• Client does not support authentication
protocol requested by server; consider
upgrading MySQL client.
• You may have to re-compile connector using
libmysqlclient to have said support
33. Kerberos
• Every participant in authenticated communication is
known as a ‘principal’ (w/unique name)
• Principals belong to administrative groups called
realms. Kerberos Distribution Centre maintains a
database of principal in realm + associated secret keys
• Client requests a ticket from KDC for access to a
specific asset. KDC uses the client’s secret and the
server’s secret to construct the ticket which allows the
client and server to mutually authenticate each other,
while keeping the secrets hidden.
34. MariaDB Kerberos plugin
• User principals: <username>@<KERBEROS
REALM>
• CREATE USER 'byte' IDENTIFIED VIA
kerberos AS ‘byte/mariadb@lp';
• so that is <username>/
<instance>@<KERBEROS REALM>
• Store Service Principal Name (SPN) is an option in
a config file
35. Works where?
• GSSAPI-based Kerberos widely used &
supported on Linux
• Windows supports SSPI authentication and the
plugin supports it
• Comes with MariaDB Server 10.1
36. 5.7 mysql_no_login
• mysql_no_login - prevents all client connections
to an account that uses it
• https://dev.mysql.com/doc/refman/5.7/en/mysql-
no-login-plugin.html
38. SQL Error Logging Plugin
• Log errors sent to clients in a log file that can be
analysed later. Log file can be rotated
(recommended)
• a MYSQL_AUDIT_PLUGIN
install plugin SQL_ERROR_LOG soname
'sql_errlog.so';
39. Audit Plugin
• Log server activity - who connects to the server,
what queries run, what tables touched - rotating
log file or syslogd
• MariaDB has extended the audit API, so user
filtering is possible
• a MYSQL_AUDIT_PLUGIN
INSTALL PLUGIN server_audit SONAME
‘server_audit.so’;
40. Roles
• Bundles users together, with similar privileges -
follows the SQL standard
CREATE ROLE audit_bean_counters;
GRANT SELECT ON accounts.* to
audit_bean_counters;
GRANT audit_bean_counters to ceo;
41. Encryption
• Encryption: tablespace and table level encryption with support
for rolling keys using the AES algorithm
• table encryption — PAGE_ENCRYPTION=1
• tablespace encryption — encrypts everything including log
files
• New file_key_management_filename,
file_key_management_filekey,
file_key_management_encryption_algorithm
• Well documented — https://mariadb.com/kb/en/mariadb/data-at-
rest-encryption/
42. Encryption II
• The key file contains encryption keys identifiers
(32-bit numbers) and hex-encoded encryption
keys (128-256 bit keys), separated by a
semicolon.
• don’t forget to create keys!
• eg. openssl enc -aes-256-cbc -md
sha1 -k secret -in keys.txt -out
keys.enc
44. Encryption III
CREATE TABLE customer (
customer_id bigint not null primary key,
customer_name varchar(80),
customer_creditcard varchar(20))
ENGINE=InnoDB
page_encryption=1
page_encryption_key=1;
45. Encryption IV
• Tablespace encryption (Google)
• again, you need to pick an encryption algorithm
• specify what to encrypt: innodb-encrypt-tables,
aria, aria-encrypt-tables, encrypt-tmp-
disk-tables, innodb-encrypt-log
• don’t forget key rotation:
• innodb-encryption-threads=4
• innodb-encryption-rotate-key-age=1800
46. Encryption V
• we also have tablespace scrubbing
• background process that regularly scans
through the tables and upgrades the
encryption keys
• scrubbing works for tablespaces and logs
• —encrypt-tmp-files
• —encrypt-binlog
47. Encryption VI
• /etc/my.cnf.d/enable_encryption.preset
• Consider using Eperi Gateway for Databases
• MariaDB Enterprise will have a plugin for Amazon Key
Management Server (KMS)
• mysqlbinlog has no way to read (i.e. decrypt) an
encrypted binlog
• This does not work with MariaDB Galera Cluster yet
(gcache is not encrypted yet), and also xtrabackup needs
additional work (i.e. if you encrypt the redo log)
48. Preventing SQL Injections
• MySQL Enterprise Firewall ($$$)
• http://mysqlserverteam.com/new-mysql-enterprise-
firewall-prevent-sql-injection-attacks/
• MaxScale Database Firewall filter (write your own
regex)
• https://mariadb.com/kb/en/mariadb-enterprise/
maxscale/maxscale-database-firewall-filter/
• https://mariadb.com/blog/maxscale-firewall-filter