If you dump the database to text with mysqldump you can upgrade to the latest version without issue. The 3-4-5 upgrade path is for those who want to move live tables, in which case you want to make sure all table formatting gets properly upgraded.
There are about 10 blogs aggregated and an average of 10 posts a day from the conference. Not much, but it lets your get the coles notes version of a bunch of sessions.
Actually, a business plan based on support for competent users sucks. In my last job I worked for a company that made a POS system for auto parts resellers. These guys knew cars, carbs, trannies, and anything you ever needed to fix your Honda Civic, they did NOT know computers.
Now while it helped that the POS in our software's designation did not just stand for Point Of Sale, most of our customers would have support contracts even if our software was bug free, because they do not want to learn anything, and do not want anything else to do when something goes wrong but call us, even if their mouse is dead.
Ok folks. This is a bot, and it uses weak root passwords to gain entry to MySQL. From there, it loads a BLOB in a table with a payload DLL, which it then writes to disk and loads as a MySQL UDF. The UDF is called, which creates the bot and the system is compromised.
Damage appears to be low as it is more spyware than anything, and you are only at risk if you A) Have not firewalled the MySQL Port, B) Have a root account that is allowed to login from anywhere, not just localhost, and C) Have a weak root password.
So, the fix is this:
A) Firewall port 3306 B) Remove the root@% account, only allow root@localhost C) Set a strong password
I have more info at http://www.openwin.org/mike/index.php/archives/200 5/01/batten-the-hatches-mysql-targeting-bot-on-the -loose/
So the guys at Nvidia were sitting around when in walk the PHB and says "Guys, we need to make more money". And flunkie one says "Hey, let's release a new card, all the fanboys will rush out and buy it!"
PHB says "Well that's ok, but we do that enough already". Flunkie two says "I know, let's convince the users that the one overkill video card they buy is not enough, let's convince them that the need to buy TWO!"
And the rest my friends, is history! Stay tuned for the new quad-card cash-vacuum, coming soon.
My accusation of outdatedness has to do with the delay in recognising fixes until a version is declared production, and has less to do with your list than with the fanboys who point to it then take pride in the native Windows Postgres build that is not in production.
You may want to take a look at the TRADITIONAL mode, as seen in http://dev.mysql.com/doc/mysql/en/Server_SQL_mode. html
When MySQL 5 goes production, this will knock a few items from your list, as it causes errors instead of warnings on bad data. It looks like you are pretty up-to-date with your list now with 4.1 actually, and I will give it a once-over for your later just to be sure.
If you want to email me your email address, I can provide feedback more directly. I will note that the administration link is broken, and takes me to the PostGres administration gotchas.
The problem with that logic is it assumes MySQL depends on PHP for it's usage. If this were true, then when SQLite was intorduced nobody would have been complaining of having to link MySQL manually when installing PHP.
And of course, PHP-MySQL is not the only combination under the sun, MySQL is used with many apps.
Women have freedom of choice, but should not have freedom to nullify the consequences of their choices. Thus if you CHOOSE to have sex, you face the CONSEQUENCE of a potential unwanted pregnancy. I do not believe that a woman should be able to get an abortion just to dodge the consequences of having sex.
Now, in the case of rape/incest, the pregnancy is NOT the result of CHOICE on the part of the mother, thus I can't see her having to face the consequences of someone else's choice.
I don't believe this should automatically mean an abortion, just that if, after counseling, the mother chooses to have an abortion, that abortion should be allowable.
Aah, let me clarify: get a standard in place and THEN proceed. All effective Internet communications are based on at least some form of standards, and I don't see why this should be any different. Now I realize that in some cases those standards need to evolve, but I would want to see a fairly good number of backers before I install something on my system. And bouncing emails not using Sendmail's latest idea just means my users will lose a lot of valuable emails.
Aah, you should have called me a Nazi and Godwin's law could have ended this already.
HTTP, FTP, TCP/IP, these are all communications standards, developed by commitees. If having communications adhere to standards is for Communists then I suggest you get off the Internet.
but it will need widespread acceptance to really work
And therein lies the problem. No vendor, no matter how well placed, should just run off and try to implement a solution. Why? Because odds are good it will not take off. Everyone involved needs to agree on a solution THEN implement it.
Sadly, all we are doing is giving this guy free advertising. Even bas publicity is good publicity.
On a different note, a lot of these guys are not ashamed of what they do. I met one once at an Open Source conference and when you ask him what he does he very plainly states "I'm a spammer". The guy was a total pariah.
Aah, but is it profit they are after? Seems to me that when Microsoft gives software away these days it is not so much to hook people, but to keep them from going to Linux.
Compatibility with Microsoft is no longer a necessity.
I'm sorry, what? Do you seriously believe that OpenOffice would get anywhere without good MS document support? I really like OpenOffice, but the reason more people don't switch is a lack of good rendering of Office documents or exporting to Office formats.
My father in law still uses Wordperfect and drives everyone insane because he mails documents in WP format, requiring everyone to break out their Office CDs and install WP import support. This sucks on Microsoft's part, but it hinders accpetance of documents originating from my father in law.
Just to sum up, Office rules the roost. The Open-Source alternatives are maturing, but they cannot drop support for Office documents. Not supporting the document format of an app with 95% market share spells doom for a competing project.
Slashdot Mirror
If you're wondering about time machines, and other science facts, then repeat to yourself "it's just a show, I should really just relax!"
As long as it's him working manually and the spam bots working automatically he won't even make a dent in the flow of forum spam.
And where exactly did you read that?
If you dump the database to text with mysqldump you can upgrade to the latest version without issue. The 3-4-5 upgrade path is for those who want to move live tables, in which case you want to make sure all table formatting gets properly upgraded.
Readers may be interested in the MySQL User Conference 2005 Blog aggregation.
It is found at http://www.openwin.org/mike/uc2005
There are about 10 blogs aggregated and an average of 10 posts a day from the conference. Not much, but it lets your get the coles notes version of a bunch of sessions.
Now while it helped that the POS in our software's designation did not just stand for Point Of Sale, most of our customers would have support contracts even if our software was bug free, because they do not want to learn anything, and do not want anything else to do when something goes wrong but call us, even if their mouse is dead.
Non-Windows installations are not vulnerible.
Now with href goodness: http://www.openwin.org/mike/index.php/archives/200 5/01/batten-the-hatches-mysql-targeting-bot-on-the -loose/
And if they have a blank password and no firewall are they any more secure than a MySQL user?
Ok folks. This is a bot, and it uses weak root passwords to gain entry to MySQL. From there, it loads a BLOB in a table with a payload DLL, which it then writes to disk and loads as a MySQL UDF. The UDF is called, which creates the bot and the system is compromised.
0 5/01/batten-the-hatches-mysql-targeting-bot-on-the -loose/
Damage appears to be low as it is more spyware than anything, and you are only at risk if you A) Have not firewalled the MySQL Port, B) Have a root account that is allowed to login from anywhere, not just localhost, and C) Have a weak root password.
So, the fix is this:
A) Firewall port 3306
B) Remove the root@% account, only allow root@localhost
C) Set a strong password
I have more info at http://www.openwin.org/mike/index.php/archives/20
MySQL will always ignite slashdot flamewars because there is always a Postgres troll standing by to start one.
So the guys at Nvidia were sitting around when in walk the PHB and says "Guys, we need to make more money". And flunkie one says "Hey, let's release a new card, all the fanboys will rush out and buy it!" PHB says "Well that's ok, but we do that enough already". Flunkie two says "I know, let's convince the users that the one overkill video card they buy is not enough, let's convince them that the need to buy TWO!" And the rest my friends, is history! Stay tuned for the new quad-card cash-vacuum, coming soon.
Double Your Pleasure, Double Your Fun!
My accusation of outdatedness has to do with the delay in recognising fixes until a version is declared production, and has less to do with your list than with the fanboys who point to it then take pride in the native Windows Postgres build that is not in production. You may want to take a look at the TRADITIONAL mode, as seen in http://dev.mysql.com/doc/mysql/en/Server_SQL_mode. html
When MySQL 5 goes production, this will knock a few items from your list, as it causes errors instead of warnings on bad data. It looks like you are pretty up-to-date with your list now with 4.1 actually, and I will give it a once-over for your later just to be sure.
If you want to email me your email address, I can provide feedback more directly. I will note that the administration link is broken, and takes me to the PostGres administration gotchas.
This is the Definitive Complete Ultimate comment - SECOND EDITION - on this story. Moderators: you can now mark the previous comment Redundant.
The problem with that logic is it assumes MySQL depends on PHP for it's usage. If this were true, then when SQLite was intorduced nobody would have been complaining of having to link MySQL manually when installing PHP. And of course, PHP-MySQL is not the only combination under the sun, MySQL is used with many apps.
Actually, the MySQL team uses that (outdated) list as one source for ideas on things to work on for future versions, it's much appreciated!
Ok I'll even defend this.
Women have freedom of choice, but should not have freedom to nullify the consequences of their choices. Thus if you CHOOSE to have sex, you face the CONSEQUENCE of a potential unwanted pregnancy. I do not believe that a woman should be able to get an abortion just to dodge the consequences of having sex.
Now, in the case of rape/incest, the pregnancy is NOT the result of CHOICE on the part of the mother, thus I can't see her having to face the consequences of someone else's choice.
I don't believe this should automatically mean an abortion, just that if, after counseling, the mother chooses to have an abortion, that abortion should be allowable.
Aah, let me clarify: get a standard in place and THEN proceed. All effective Internet communications are based on at least some form of standards, and I don't see why this should be any different. Now I realize that in some cases those standards need to evolve, but I would want to see a fairly good number of backers before I install something on my system. And bouncing emails not using Sendmail's latest idea just means my users will lose a lot of valuable emails.
Aah, you should have called me a Nazi and Godwin's law could have ended this already. HTTP, FTP, TCP/IP, these are all communications standards, developed by commitees. If having communications adhere to standards is for Communists then I suggest you get off the Internet.
but it will need widespread acceptance to really work
And therein lies the problem. No vendor, no matter how well placed, should just run off and try to implement a solution. Why? Because odds are good it will not take off. Everyone involved needs to agree on a solution THEN implement it.
Sadly, all we are doing is giving this guy free advertising. Even bas publicity is good publicity. On a different note, a lot of these guys are not ashamed of what they do. I met one once at an Open Source conference and when you ask him what he does he very plainly states "I'm a spammer". The guy was a total pariah.
Nice law, but it does not excuse you from showing the requested proof.
Aah, but is it profit they are after? Seems to me that when Microsoft gives software away these days it is not so much to hook people, but to keep them from going to Linux.
I'm sorry, what? Do you seriously believe that OpenOffice would get anywhere without good MS document support? I really like OpenOffice, but the reason more people don't switch is a lack of good rendering of Office documents or exporting to Office formats.
My father in law still uses Wordperfect and drives everyone insane because he mails documents in WP format, requiring everyone to break out their Office CDs and install WP import support. This sucks on Microsoft's part, but it hinders accpetance of documents originating from my father in law.
Just to sum up, Office rules the roost. The Open-Source alternatives are maturing, but they cannot drop support for Office documents. Not supporting the document format of an app with 95% market share spells doom for a competing project.