RSS 2.0Comment your MySQL schema
July 5th, 2010Many people may not now, but you can comment your MySQL schema:
Maatkit: Tools for MySQL
June 18th, 2010Maatkit is a suite of command-line tools for MySQL. It contains some rather nifty things for query analyses, replication, and other stuff. Some of the more interesting highlights:
- mk-deadlock-logger
Extract and log MySQL deadlock information. - mk-log-player
Split and play MySQL slow logs. - mk-error-log
Find new and different MySQL error log entries. - mk-index-usage
Read queries from a log and analyze how they use indexes. - And many more…
Found via databasejournal.com, which has two articles on Maatkit:
The Wonders of Maatkit for MySQL and
Even more Maatkit for MySQL.
Security Questions considered harmful
May 24th, 2010Many online services allow, or even worse, require, the so called "Security Question". It is a question/answer you can enter in case you ever forget your password or can't access your account for some reason. In my opinion, security questions are an incredibly bad idea, from a security perspective.
The usual security questions are things like "What was your mother's maiden name", "What's your pet's name", etcetera. People won't understand that actually supplying a truthful answer to these kind of questions exposes them to an incredible weakness in their account's security. These are all questions to which the answer can be found relatively easy by googling a person or applying a little social engineering. "Hey, I am John, and I think I might be related to you on your mother's side. What's her maiden name"?
The worst part is that every site has basically the same questions from which you can choose. This means that people either have to pick the same question and answer every time, or pick a different one for each account. The first will make them vulnerable to repeated attacks on all their online profiles once an attacker has found the answer. The second will make it very hard for people to remember that they must never let anybody know about their favorite pet's name "Buddy". A lose/lose scenario at best.
As is often the case with security protocols, they must be followed to the letter to be safe. One flaw in the procedure, and the security collapses. Security questions could be a good idea, provided that:
- The user makes up his own question. No predefined questions should be supplied, and most importantly, different sites shouldn't all use the same questions.
- The user should never be told what his security question was. If they need to reset their password, they should chose both the security question and the answer. This will make it much harder for a potential attacker to gain accees.
Of course, taking the above in consideration, security questions are just as hard to remember as a password, which makes them kind of pointless. Pointless or insecure, make your pick.
I'm ditching Chrome because of the http:// stripping.
April 16th, 2010New development builds, and apparently the Beta build of Chrome for the Mac, strip the 'http://' part from the URL input field. Since I run Chromium for Linux, which uses nightly builds of Chrome, I am already affected by this retarded decision.
For this reason I will no longer be using Chrome, nor will I recommend Chrome to anybody anymore. In fact, I will actively recommend using any browser other than Chrome, including Internet Explorer 6.
I could explain why such a 'trivial' change upsets me so much that I'd stop using an otherwise… promising.. product, but life is too short to argue with stupid people, so I'll just leave it at that.
SQuirreL SQL database browser
March 19th, 2010I finally found a decent replacement for the MySQLcc database browser:
SQuirreL SQL Client is a graphical Java program that will allow you to view the structure of a JDBC compliant database, browse the data in tables, issue SQL commands etc
It's Java, so it's slow, but it does everything I want, and more:
- Syntax highlighting
- Multiple query tabs
- Multiple queries in the same tab (select the query and press ctrl-enter to run it)
- Export results
It has tons of options you can tweak, and it's got plugins if you want to extend it. It supports just about every relational (and some non-relational) database out there.
Awesome.
Weighted Random Distribution
December 23rd, 2009Preface
Randomly selecting elements from a set of items is easy. Just generate a random number between 0 and the length of the set minus one, and use that as an index in the set (if it is an array) to get a random entry. The chance that an entry is picked is the same for each entry in the set. This is called even distribution or uniform distribution.
But what if we do not want each entry to appear as much as every other? Suppose we're creating a question-answer game, and we want the questions the user got wrong previously to appear more often than the question he or she got right? This is called a Weighted Random Distribution, or sometimes Weighted Random Choice, and there are multiple methods of implementing such as random picker.
This article explains these various methods of implementing Weighted Random Distribution along with their pros and cons. We use Python as our language of choice, because it has an easy to read syntax, and provides many useful tools which would take many more lines of code in most other languages. Along the way all Python "tricks" will be explained.
Excluding results of a 'find' command (inverting tests)
November 10th, 2009In kind of a follow up to my previous post on using find and sed to search and replace multiple files, I found out something else.
I needed to find and replace something in every file, except for any files which had ".svn" in them. After struggling for a few fruitless minutes with -regex, I stumbled upon this example in the manual page:
find /sbin /usr/sbin -executable \! -readable -print Search for files which are executable but not readable.
The \! allows us to invert the tests after it. Perfect! All we need to do is use -regex to do our excluding:
find . -type f \! -regex ".*\.svn.*"
And we can now search and replace in all files except those that have ".svn" in them:
find . -type f \! -regex ".*\.svn.*" -print0 | xargs -0 sed -i "s/foo/bar/"
Neat. Note that, again, -regex is a GNU find only construct.
Templum v0.4.0 released (Simple PHP templating)
November 10th, 2009I've released Templum v0.4.0
Templum is an extremely lightweight, simple yet powerful and fast templating engine for PHP. It re-uses the power of PHP itself for rendering templates, but provides additional features making it easier to write templating code. Rendering templates using Templum is very fast; it approximates native PHP rendering speed for include() statements.
This release features:
- Some small bug fixes
- Documentation updates
- The ability to include other templates in a template
Download instructions here.
Linux search and replace
November 9th, 2009I always kept a small Python script around for searching and replacing in Linux. Turns out that GNU sed has an inline edit mode which I didn't know about:
-i[SUFFIX], --in-place[=SUFFIX]
edit files in place (makes backup if extension supplied)
This makes searching and replacing in files as simple as:
find . -name "*.txt" -print0 | xargs -0 sed -i "s/foo/bar/"
This replaces all occurences of "foo" with "bar" in all the .txt files in or below the current directory.
Unfortunately, -i appears to be a GNU extension, so it won't work on *BSD or Solaris, probably.
Handling network mounts on a very mobile laptop?
November 6th, 2009I have a laptop that travels with me to work as well as being used at home. I have a number of network CIFS mounts that I like to have available when I am at home, so I have them set to "auto" in /etc/fstab. [...] The problem is that when I shift locations, I need proper handling of those network mounts.
