[Business Daily] ISOLS provides Anti-virus, Content Filtering, Firewalls, Integrated Security Appliance (UTMs), Network Management, Encryption, PKI, VPNs, Change and Configuration Audit, Backup and Data Recovery, Data Leakage Protection and Intrusion Detection & Prevention IDS/IPS. allafrica.com | 2/3/12 12:35 PM

At the World Economics Forum in Davos last week, no one was denying that we face serious economic, social and environmental crises. When even the Financial Times runs a series of articles on "Capitalism in crisis", it´s obvious that it’s not just the "Occupy WEF" protesters, who I joined in their igloos outside the meeting, that are asking fundamental questions about how we do business.

What Davos failed to do, however, is provide adequate answers. The talk was mainly about symptoms, not the core of the problem. No question, issues such as the size of the Euro firewall or bankers’ bonuses are important. But if we are to deliver an economy that brings prosperity for all - without destroying the planet, we need to achieve a much more fundamental change than putting together few hundred extra millions for a firewall, or a little less greed by the 1%. When I suggested fundamental changes, such as making corporations liable for their impacts on society and the environment, the reaction was often a nervous laugh. 

While I was freezing in snowy Davos, the Brazilian President Dilma was at the World Social Forum in Porto Alegre calling for the fostering of  "new model" of development that can be discussed at this June´s Rio Earth Summit. Greenpeace has some concrete proposals on how governments could use the Rio meeting to change course and not simply acknowledge the crises we face, as is happening in Davos. The Earth Summit should, for example, agree on strong regulation of financial markets, including a Financial Transaction Tax, agree the end of environmentally and socially harmful subsidies, and commit to sustainable energy for all and zero deforestation by 2020.

But if President Dilma wants to lead the world in a great transformation, she first has to put her own house in order. Unless she vetoes it, Brazil will soon adopt changes to its the Forest Code, the main law in Brazil that protects the forests, that would allow an amnesty for past forest crimes and lead to an increase in deforestation. This is unacceptable. If Brazil wants to credibly discuss “new models” of development at the Earth Summit in June, it must urgently commit to a new model of sustainable prosperity based on zero deforestation. It can be done. Deforestation in the Brazilian Amazon has declined year on year and in 2011 reached its lowest ever level. But unless Dilma acts, Brazil will be the nation that showed that deforestation could be halted, but failed to do so, in order to cater to short-term special interests. Unless she vetos the Forest Code changes, President Dilma will have as little credibility to talk of fundamental change as the “Davos Man” come June.

The warm climate of Rio will certainly suit me better than the mountains of snow in Davos. But will I leave Rio with more hope that the fundamental changes we need can finally be implemented?

Kumi Naidoo is the Executive Director of Greenpeace International

Photograph courtesy of Occupy WorldEconomicForum 

feedproxy.google.com | 2/2/12 7:17 PM

Logitech (Nasdaq: LOGI) subsidiary LifeSize this week launched its LifeSize UVC Platform, which the company says is the industry's first integrated and virtualized software solution for HD video conferencing infrastructure.

The UVC (universal visual collaboration) platform integrates the capabilities of multiple single-purpose infrastructure products and makes them instantly available from one interface with one login account.

The company said the UVC platform is scalable and customizable, and includes infrastructure applications like HD streaming and recording, firewall/NAT traversal and Gatekeepers (routing and control).

LifeSize contends that with a single integrated platform and a deployment model to fit every IT environment, administrators can buy what they need now and scale up as the organization's needs grow.

"LifeSize has consistently delivered industry firsts," said Colin Buechler, who was named LifeSize's CEO earlier this month, "We were first to HD, first with one button streaming and recording, and now we are redefining video conferencing infrastructure... LifeSize has fundamentally changed the way businesses deploy infrastructure, unlocking the door to real adoption and growth in the video conferencing industry."

LifeSize is offering a "try before you buy" feature that enables instant downloads of the platform, which is globally available now.

The platform with infrastructure applications lists at $3,999; it currently includes UVC Video Center for streaming and recording; UVC Transit Server, a firewall/NAT traversal server; the UVC Transit Client, which is a firewall/NAT traversal proxy; and UVC Access, a gatekeeper/IP communications routing and control.

For more:
- see this release

Related artices:
LiveSize sales up 6% in otherwise dismal Logitech 3Q; firm again lowers 2012 guidance
Videoconferencing firm LifeSize names Buechler CEO
Logitech rolls out webcam for 1080p video calling
Logitech announces LifeSize ClearSea video conferencing will support iOS 5, iPhone 4S
LifeSize brings its videoconferencing technology to the cloud

www.fierceenterprisecommunications.com | 2/2/12 5:31 PM

Today the Atlanta-based company is offering a full-service solution that combines an Internet Gateway, Firewall, WAN Load-Balancing and Traffic Shaping into one appliance, compete with PMS interface and 24/7/365 in-room support - There's a new sheriff in town, and it's designed to protect a hotel's Internet Access Gateway like never before.

www.topix.net | 2/1/12 6:05 AM

NEW YORK - European Union leaders, grappling with a debt crisis, reaffirmed their commitment Monday to strengthen a financial firewall and 25 of the 27-nation bloc agreed to sign a new fiscal pact lim story.venezuelastar.com | 1/31/12 7:36 PM

The Virginia Senate, for years a firewall against efforts to restrict abortion, on Tuesday is poised to pass a bill to require that pregnant women undergo an ultrasound and get a chance to see the image before having an abortion.

www.topix.net | 1/31/12 4:26 PM

Over the past few years we’ve seen firewalls fail repeatedly. We’ve seen business disrupted, security thwarted, and reputations damaged by the failure of the very devices meant to prevent such catastrophes from happening. These failures have been caused by a change in tactics from invaders who seek no longer to find away through or over the walls, but who simply batter it down instead. A combination of traditional attacks – network-layer – and modern attacks – application-layer – have become a force to be reckoned with; one that traditional stateful firewalls are often not equipped to handle. Encrypted traffic flowing into and out of the data center often bypasses security solutions entirely, leaving another potential source of a breach unaddressed. And performance is being impeded by the increasing number of devices that must “crack the packet” as it were and examine it, often times duplicating functionality with varying degrees of success. This is problematic because the resolution to this issue can be as disconcerting as the problem itself: disable security. Seriously. Security functions have been disabled, intentionally, in the name of performance.

read more

soa.sys-con.com | 1/30/12 7:45 PM

International Monetary Fund chief Christine Lagarde led a global push on Saturday for the euro zone to boost its financial firewall, saying "if it is big enough it will not get used." Lagarde, supported by the British finance minister, George Osborne, said the IMF could boost its support for the euro zone but pressed its leaders to act first.

www.topix.net | 1/29/12 4:13 AM

Alpine Linux is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.

www.topix.net | 1/28/12 9:38 PM

Alpine Linux is a community-developed operating system designed for x86 Routers, Firewalls, VPNs, VoIP and servers.

www.topix.net | 1/28/12 9:23 PM

Managing access to confidential information and application resources via firewalls is the foundation of network security, and firewall audits are central to any mature network security process. However, relying on security and network experts to review rules across multiple firewall zones and different firewall products is proving to be costly and ineffective. Few will dispute that when it comes to network security, automating best practices to reduce operating costs, complexity, human error, and streamline processes is a good thing. However, in what we call the age of Continuous Compliance – brought on by the reality that point-in-time audits done hastily to meet reporting deadlines rarely – if ever – deliver any security or compliance benefits once that point in time has passed, automation becomes more than just good. It becomes essential. Case in point: a November 2011 survey from Tufin Technologies of 100 firewall managers revealed that only 1.3% of configuration changes that cause network downtime or pose a security breach are identified during the quarterly audit, yet almost a third of the respondents spent 3 to 7 days per quarter of valuable network security team time on firewall audits (Disclosure: I work for Tufin). Organizations receive precious few benefits for the level of resource spent on manual firewall audits – it is proving to be an inefficient approach to maintaining a secure network and if you do the math, an extremely inefficient use of skilled security personnel.

read more

xml.sys-con.com | 1/28/12 9:00 PM

International Monetary Fund chief Christine Lagarde led a global push for the eurozone to build up its financial firewall at the Davos Forum on Saturday, saying it is essential both as an act of trust and limiting contagion in the crisis-hit bloc. www.france24.com | 1/28/12 6:02 PM

The head of the International Monetary Fund Christine Lagarde attends a session at the World Economic Forum in Davos, January 28, 2012.

www.topix.net | 1/28/12 5:15 PM

Speaking at the World Economic Forum (WEF) annual meeting, she underscored the need for euro zone members to "develop a clear simple firewall that can limit the contagion". www.dnaindia.com | 1/28/12 3:27 PM

Use the Reuters Breakingviews stress test calculator to calculate how the Target core Tier 1 capital ratio and sovereign haircut levels affect the amount of capital banks need to pass the stress ... story.venezuelastar.com | 1/28/12 1:06 PM

The euro zone needs a "clear, simple firewall" to restore international trust in it, International Monetary Fund Managing Director Christine Lagarde said. online.wsj.com | 1/28/12 1:00 PM

International Monetary Fund chief Christine Lagarde led a global push for the eurozone to build up its financial firewall at the Davos Forum on Saturday, saying it is essential both as... feedproxy.google.com | 1/28/12 10:00 AM

International Monetary Fund chief Christine Lagarde led a global push for the eurozone to build up its financial firewall at the Davos Forum on Saturday, saying it is essential both as... feedproxy.google.com | 1/28/12 10:00 AM

International Monetary Fund chief Christine Lagarde led a global push for the eurozone to build up its financial firewall at the Davos Forum on Saturday, saying it is essential both as... feedproxy.google.com | 1/28/12 10:00 AM

International Monetary Fund chief Christine Lagarde led a global push for the eurozone to build up its financial firewall at the Davos Forum on Saturday, saying it is essential both as... feedproxy.google.com | 1/28/12 10:00 AM

International Monetary Fund chief Christine Lagarde led a global push for the eurozone to build up its financial firewall at the Davos Forum on Saturday, saying it is essential both as... feedproxy.google.com | 1/28/12 10:00 AM

Europe needs to build a better firewall and work towards a stronger commitment of financial resources to curb the debt crisis, said US Treasury Secretary Timothy Geithner. story.venezuelastar.com | 1/28/12 9:50 AM

Lael Brainard, a Treasury under secretary who is America’s top financial diplomat, is trying to coax European leaders to contribute to a financial firewall. www.nytimes.com | 1/27/12 1:07 AM

The top U.S. intelligence official says it will take roughly five years to put in place new measures to stop another WikiLeaks-style exposure of classified information. www.ctv.ca | 1/26/12 6:36 PM

CallerIP monitors activity on open ports on your system, which are often not protected by firewalls, so you can identify hackers before your system or confidential information is compromised.

www.topix.net | 1/26/12 11:34 AM

reiterated this morning that combining the European Union's temporary EFSF rescue fund with the permanent ESM mechanism would help restore confidence and create a firewall to stop the Greek ... story.venezuelastar.com | 1/25/12 10:07 AM

Reuters - IMF Managing Director Christine Lagarde said on Wednesday that combining the European Union's temporary EFSF rescue fund with its permanent ESM mechanism would help restore confidence in the flagging region and provide a solid firewall to the Greek crisis. us.rd.yahoo.com | 1/25/12 9:51 AM

Reuters - Europe's debt crisis could tip the world economy into recession and a bigger firewall is urgently needed to keep the damage from spreading, the International Monetary Fund said on Tuesday. us.rd.yahoo.com | 1/24/12 9:42 PM

One common view of the Windows Vista/ 7 firewall is that it's a toy, almost entirely useless, and you should replace it with something more capable just as soon as you possibly can.

www.topix.net | 1/24/12 8:57 PM

Microsoft spent a good deal of time dismantling the Kelihos botnet last year, making it the first takedown where it was able to name actual defendants behind it. On Monday it made the suprising announcement that its latest defendant, Andrey N. Sabelnikov, had previously worked for an antivirus software vendor. According to information on the Web, Sabelnikov worked for two Russian security vendors: Agnitum, a firm that produces firewall and antvirus software for PCs from September 2005 to November 2008, and Retunil from November 2008 to December 2011. Sabelnikov is alleged to be the central figure behind the botnet. While… [Continue Reading] betanews.com | 1/24/12 8:17 PM

One common view of the Windows Vista/ 7 firewall is that it’s a toy, almost entirely useless, and you should replace it with something more capable just as soon as you possibly can. But this isn’t entirely fair. Sure, there’s no easy way to, say, restrict outgoing network connections to the applications you specify, but that’s more to do with the firewall’s awkward configuration options than the underlying technology. And these are easy to fix. Install TinyWall and this compact tool will immediately extend the standard Windows Firewall, giving you far easier control over who gets to go online, and who really… [Continue Reading] betanews.com | 1/24/12 5:18 PM

As euro zone finance ministers gathered in Brussels to discuss the Greek debt crisis, Christine Lagarde said a “larger firewall” was needed to safeguard global financial stability.

www.nytimes.com | 1/24/12 7:30 AM

The global economy faces a depression-era collapse if Europe doesn't quickly act to dramatically boost the size of its debt-crisis firewall, implement pro-growth policies and further integrate the euro zone, the head of the IMF warned. online.wsj.com | 1/24/12 1:13 AM

The global economy faces a depression-era collapse if Europe doesn't quickly act to dramatically boost the size of its debt-crisis firewall, implement pro-growth policies and further integrate the euro zone, the head of the IMF warned. online.wsj.com | 1/24/12 1:13 AM

Europe's stronger economies should do more to boost growth and beef up the defenses against the continent's debt crisis, the head of the International Monetary Fund said Monday.

www.topix.net | 1/23/12 6:06 PM

Businesses communicate in a lot of ways and, increasingly, are turning to an array of videoconferencing tools as the technology becomes easier to use and more ubiquitous. It provides an upfront, cost-effective opportunity for virtual face-to-face meetings.

The technology is blossoming; Nearly every week, a news release comes in about the latest service to launch, interoperability deal reached or about a new product rolling out targeting the SME and SMB markets, not to mention the near daily releases that pop up with the newest consumer offering.

The technology has, like a YouTube video, seemingly gone viral. Its mobility, its ease of use has begun to make it so commonplace that it's increasingly become just another app or program that users click to use and forget about.

In fact, ABI Research senior analyst Subha Rama said in a webcast last week that the technology, which has been gathering steam, was likely to explode once LTE becomes widely available, especially with so many more dual camera devices coming to market.

"When the technology integrates with a popular mobile device the issue resolves almost instantly," said Rama during a Webcast on Thursday.

But there's some new concerns about videoconferencing and security that are bound to rattle some cages in the coming week, and they're extreme enough that they could potentially cause adoption to stutter until they're resolved.

In a New York Times story today, a security officer for Rapid 7, told of how he created a computer program that, in two hours, discovered 5,000 open videoconference systems that were outside the firewall of their companies and that were configured to automatically answer calls.

The companies included law firms, venture capital companies, pharmaceutical firms, universities and medical centers.

Moore said he was able to call into systems made by Polycom (Nasdaq: PLCM), Cisco (Nasdaq: CSCO), Logitech (Nasdaq: LOGI)'s LifeSize, Sony and others. Polycom, the Times said, ships all of its platforms with the auto-answer feature enabled by default (which can easily be changed by users, Polycom told the Times).

"It boils down to whether organizations are aware of the risk, and our research indicates that many, even well-heeled venture capital firms, were not aware and do not implement even the most basic of security measures," he said.

Mike Tuchen, CEO of Rapid 7, warned that companies simply have dropped the ball on videoconferencing security, especially as videoconferencing's popularity has grown.

"The entry bar has fallen to the floor. These are literally some of the world's most important boardrooms--this is where their most critical meetings take place--and there could be silent attendees in all of them," he said, sounding an ominous tone.

"Any reasonably computer literate 6-year-old can try this at home."

How secure is videoconferencing? Is the rapid expansion of the technology putting sensitive business information at risk? And, does the surge of new, less expensive videoconferencing solutions open the door to hackers even wider?

Love to hear your thoughts.--Jim

www.fierceenterprisecommunications.com | 1/23/12 4:17 PM

As a result, EU officials expect Merkel to relent and agree to a bigger European financial firewall in March once euro zone leaders have signed two key treaties sought by Berlin on budget discipline ... story.venezuelastar.com | 1/23/12 9:44 AM

Newt Gingrich's decisive win in South Carolina ensures that the GOP primary season will remain competitive for weeks to come. He has all the momentum heading into Florida — but Mitt Romney's money and resources may yet turn that state into a firewall. www.npr.org | 1/22/12 6:58 AM

Newt Gingrich's decisive win in South Carolina ensures that the GOP primary season will remain competitive for weeks to come. He has all the momentum heading into Florida — but Mitt Romney's money and resources may yet turn that state into a firewall. www.npr.org | 1/22/12 6:58 AM

If you're using MySQL replication, then you're probably counting on it for some fairly important need. Monitoring via Nagios is generally considered a best practice. This article assumes you've already got your Nagios server setup and your intention is to add a Ubuntu 10.04 NRPE client. This article also assumes the Ubuntu 10.04 NRPE client is your MySQL replication master, not the slave. The OS of the slave does not matter.Getting the Nagios NRPE client setup on Ubuntu 10.04At first it wasn't clear what packages would be appropriate packages to install. I was initially mislead by the naming of the nrpe package, but I found the correct packages to be: sudo apt-get install nagios-nrpe-server nagios-pluginsThe NRPE configuration is stored in /etc/nagios/nrpe.cfg, while the plugins are installed in /usr/lib/nagios/plugins/ (or lib64). The installation of this package will also create a user nagios which does not have login permissions. After the packages are installed the first step is to make sure that /etc/nagios/nrpe.cfg has some basic configuration.Make sure you note the server port (defaults to 5666) and open it on any firewalls you have running. (I got hung up because I forgot I have both a software and hardware firewall running!) Also make sure the server_address directive is commented out; you wouldn't want to only listen locally in this situation. I recommend limiting incoming hosts by using your firewall of choice.Choosing what NRPE commands you want to supportFurther down in the configuration, you'll see lines like command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10. These are the commands you plan to offer the Nagios server to monitor. Review the contents of /usr/lib/nagios/plugins/ to see what's available and feel free to add what you feel is appropriate. Well designed plugins should give you a usage if you execute them from the command line. Otherwise, you may need to open your favoriate editor and dig in!After verifying you've got your NRPE configuration completed and made sure to open the appropriate ports on your firewall(s), let's restart the NRPE service: service nagios-nrpe-server restartThis would also be an appropriate time to confirm that the nagios-nrpe-server service is configured to start on boot. I prefer the chkconfig package to help with this task, so if you don't already have it installed: sudo apt-get install chkconfig chkconfig | grep nrpe # You should see... nagios-nrpe-server on # If you don't... chkconfig nagios-nrpe-server on Pre flight check - running check_nrpeBefore going any further, log into your Nagios server and run check_nrpe and make sure you can execute at least one of the commands you chose to support in nrpe.cfg. This way, if there are any issues, it is obvious now, while we've not started modifying your Nagios server configuration. The location of your check_nrpe binary may vary, but the syntax is the same: check_nrpe -H host_of_new_nrpe_client -c command_nameIf your command output something useful and expected, your on the right track. A common error you might see: Connection refused by host. Here's a quick checklist: Did you start the nagios-nrpe-server service? Run netstat -aunt on the NRPE client to make sure the service is listening on the right address and ports. Did you open the appropriate ports on all your firewall(s)? Is there NAT translation which needs configuration? Adding the check_mysql_replication pluginThere is a lot of noise out there on Google for Nagios plugins which offer MySQL replication monitoring. I wrote the following one using ideas pulled from several existing plugins. It is designed to run on the MySQL master server, check the master's log position and then compare it to the slave's log position. If there is a difference in position, the alert is considered Critical. Additionally, it checks the slave's reported status, and if it is not "Waiting for master to send event", the alert is also considered critical. You can find the source for the plugin at my Github account under the project check_mysql_replication. Pull that source down into your plugins directory (/usr/lib/nagios/plugins/ (or lib64)) and make sure the permissions match the other plugins.With the plugin now in place, add a command to your nrpe.cfg. command[check_mysql_replication]=sudo /usr/lib/nagios/plugins/check_mysql_replication.sh -H At this point you may be saying, WAIT! How will the user running this command (nagios) have login credentials to the MySQL server? Thankfully we can create a home directory for that nagios user, and add a .my.cnf configuration with the appropriate credentials. usermod -d /home/nagios nagios #set home directory mkdir /home/nagios chmod 755 /home/nagios chown nagios:nagios /home/nagios # create /home/nagios/.my.cnf with your preferred editor with the following: [client] user=example_replication_username password=replication_password chmod 600 /home/nagios/.my.cnf chown nagios:nagios /home/nagios/.my.cnf This would again be an appropriate place to run a pre flight check and run the check_nrpe from your Nagios server to make sure this configuration works as expected. But first we need to add this command to the sudoer's file. nagios ALL= NOPASSWD: /usr/lib/nagios/plugins/check_mysql_replication.sh Wrapping UpAt this point, you should run another check_nrpe command from your server and see the replication monitoring report. If not, go back and check these steps carefully. There are lots of gotchas and permissions and file ownership are easily overlooked. With this in place, just add the NRPE client using the existing templates you have for your Nagios servers and make sure the monitoring is reporting as expected. blog.endpoint.com | 1/21/12 6:36 PM

Patrick Hurley has been successfully delivering his presentation entitled “MySQL: The Least an Oracle Professional Needs to Know” at various conferences. Oracle DBAs may appreciate his blog post “MySQL: An Introduction for Oracle DBAs”: “You are an Oracle Database Administrator. You enjoy looking after Oracle databases and you are really good at it. In the corner of the machine room, on the edge of your peripheral vision, is a server running a database called MySQL…. …One day your manager calls you into his office, “Can you just have a quick look at that MySQL database server, the one with the website and the blog on it? You know, make sure it’s secure and stuff. Shouldn’t be too hard for an Oracle DBA like yourself.” You know absolutely nothing about MySQL. Where do you start?” Continues….Read the blog! Additional information Oracle DBAs may find useful: Webinar: Using MySQL with other Oracle Products White Paper: MySQL Enterprise Edition Product Guide Blog: Oracle Database Firewall Certified with MySQL Enterprise Edition blogs.oracle.com | 1/18/12 4:11 PM

Neil Holme is president of Impact Business Technology, a company that manages IT support, from virus and spam protection and firewalls to maintaining servers.

www.topix.net | 1/16/12 9:51 PM

B.C. Premier Christy Clark's new chief of staff is a man who claims that he "came out of the womb right wing" and has publicly supported of some of the more controversial moves made by Prime Minister Stephen Harper.

www.topix.net | 1/14/12 7:54 AM

Companies across all industries are fighting to secure their proprietary and confidential data behind firewalls and complex passwords; unfortunately, the reality is that this data is most likely still slipping through the cracks. The introduction of employee-owned devices and the consumerization of the modern workplace present a new data loss threat that organizations must now address and combat. The consumerization of corporate IT and the advent of powerful mobile devices has forced many organizations to adopt the “bring your own (mobile) device” (BYOD) approach as an alternative IT-provisioning option instead of corporate-issued computers. Consequently, the organization’s IT security department has much less operational control over the BYOD mobile devices used by their employees.

read more

soa.sys-con.com | 1/13/12 8:34 PM

In this post I want to show new possibilities which open with Percona XtraDB Cluster. We will create 3 nodes Cluster with nodes on different continents (Europe, USA, Japan) and each node will accept write queries. Well, you theoretically could create 3 node traditional MySQL ring replication, but this is not what you want to use day-to-day. To show how it works I will use Amazon m1.xlarge instances, by one in Tokio, Ireland and North California, running RedHat Entreprise 6.2 64bit. In fact to create instances is most time consuming task. After that using my script you will have cluster running in 5 min or less. There however some precautions needed if you run Amazon instances. First, you need to open ports in the firewall. For the communication the nodes need, by default, 4444, 4567, 4568 ports (see our FAQ why) Second, please take into account that the communication is done using open channels, and you may want to establish an encrypted connection, using it in real life. Now, as we have running instances, you can install Cluster packages from RPM repositories. You can follow steps from documentation. Or I prepared simple script which does all the work: http://percona.com/downloads/Percona-XtraDB-Cluster/scripts/intercont.tar.gz, you also can follow steps from the script to adjust it for your environment. You just need to change nodes host names and your keys in the file: install.nodes.sh When all nodes start, we have running 3 nodes EUUSAJAPAN, and each node is ready to execute both read and write queries. Of course you may wonder what is query response time in such environment. We can check it. Simple table: CREATE TABLE t (ID INT) and simple query: INSERT INTO t VALUES (1) Response time on single node in EU (no cluster setup): 0.005100 sec Response time on two-nodes (EUJAP) cluster: 0.275642 sec Response time on three-nodes (EUJAPUSA) cluster: 0.294754 sec Well, one may argue that 0.27 sec for single query is kind of big, but this is the physic law, you cannot go faster than speed of light, and the round trip between Europe and Japan takes time (or at least until scientists figure out how to attach transaction to Faster than light neutrino). Also note, that XtraDB Cluster can apply events in parallel and throughput should be less affected by big distance. Enjoy! www.mysqlperformanceblog.com | 1/12/12 1:46 AM

Ever since 1980, the state's voters have correctly chosen the eventual Republican nominee, who has invariably been the candidate the party's establishment types have chosen to rally around. It's not for nothing that it's called the South Carolina Firewall. www.npr.org | 1/11/12 2:34 PM

Secure SaaS: Cloud services and systems , Operating System Security , Enterprise Vulnerability Management , Virtualization Security Issues and Threats , Securing Productivity Applications , Software Development Methodology , Web Security Tools and Best Practices , Application Firewall Security , Application Attacks , Database Security Management , ... (more)

www.topix.net | 1/11/12 12:17 PM

Documentation is an important part of any project. On the projects I maintain I put a lot of effort on documentation, and, frankly, the majority of time spent on my projects is on documentation. The matter of keeping the documentation faithful is a topic of interest. I'd like to outline a few documentation bundling possibilities, and the present the coming new documentation method for common_schema. I'll talk about any bundling that is NOT man pages. High level: web docs This is the initial method of documentation I used for openark kit and mycheckpoint. It's still valid for mycheckpoint. Documentation is web-based. You need Internet access to read it. It's in HTML format. Well, not exactly HTML format: I wrote it in WordPress. Yes, it's HTML, but there's a lot of noise around (theme, menus, etc.) which is not strictly part of the documentation. While this is perhaps the easiest way to go, here's a few drawbacks: You're bound to some framework (WordPress in this case) Docs are split between MySQL database (my underlying WordPRess storage) & WordPress files (themes, style, header, footer etc.) Documentation is separate from your code - they're just not in the same place There is no version control over the documentation. The result is a single source of documentation, which applies to whatever version is latest. It's impossible to maintain docs for multiple versions. You must manually synchronize your WordPress updates with code commits (or rather - code release!). Mid level: version controlled HTML docs I first saw this approach on Baron's Aspersa gets a user manual post. I loved it: the documentation is HTML, but stored as part of your project's code, in same version control. This means one can browse the documentation (openark kit in this example) exactly as it appears in the baseline. Depending on your project hosting, one may be able to do so per version. The approach has the great benefit of having the docs tightly coupled with the code in terms of development. Before committing code, one updates documentation for that code, then commits/releases both together. You're also not bound to any development framework. You may edit with vim, emacs, gedit, bluefish, eclipse, ... any tool of your choice. It's all down to plain old text files. Mid level #2: documentation bundling One thing I started doing with common_schema is to release a doc bundle with the code. So one can download a compressed bundle of all HTML files. That way one is absolutely certain what's the right documentation for revision 178. There's no effort about it: the docs are already tightly coupled with code versions. Just compress and distribute. Low level: documentation coupled with your code Perl scripts can be written as Perl modules, in which case they are eligible for using the perldoc convention. You code your documentation within your script itself, as comment. Perldoc can extract the documentation and present in man-like format. Same happens with Python's pydoc. Baron's When documentation is code illustrates that approach. Maatkit (now Percona Toolkit) has been using it for years. This method has the advantage of having the documentation ready right within your shell. You don't need a browser, nor firewall access. The docs are just there for you in the same environment where you're executing the code. SQL Low level: CALL for help() common_schema is a different type of project. It is merely a schema. There's no Perl nor Python. One imports the schema into one's MySQL server. What's the low-level approach for this type of code? For common_schema I use three levels of documentation: the mid-level, where one can browse through the versioned docs, the 2nd mid-level, where one can download bundled documentation, and then a low-level approach: documentation embedded within the code. MySQL's documentation is also built into the server: see the help_* tables within the mysql schema. The mysql command line client allows one to access help by supporting the help command, e.g. mysql> help create table; The client intercepts this command (this is not server side command) and searches through the mysql.help_* docs. With common_schema, I don't have control over the client; it's all on server side. But the code being a schema, what with stored routines and tables, it's easy enough to set up documentation. As of the next version of common_schema, and following MySQL's method, common_schema provides a help table: DESC help; +--------------+-------------+------+-----+---------+-------+ | Field        | Type        | Null | Key | Default | Extra | +--------------+-------------+------+-----+---------+-------+ | topic        | varchar(32) | NO   | PRI | NULL    |       | | help_message | text        | NO   |     | NULL    |       | +--------------+-------------+------+-----+---------+-------+ And a help() procedure, so that you can call for help(). The procedure will look for the best matching document based on your search expression: root@mysql-5.1.51> CALL help('match'); +-------------------------------------------------------------------------------+ | help                                                                          | +-------------------------------------------------------------------------------+ |                                                                               | | NAME                                                                          | |                                                                               | | match_grantee(): Match an existing account based on user+host.                | |                                                                               | | TYPE                                                                          | |                                                                               | | Function                                                                      | |                                                                               | | DESCRIPTION                                                                   | |                                                                               | | MySQL does not provide with identification of logged in accounts. It only     | | provides with user + host:port combination within processlist. Alas, these do | | not directly map to accounts, as MySQL lists the host:port from which the     | | connection is made, but not the (possibly wildcard) user or host.             | | This function matches a user+host combination against the known accounts,     | | using the same matching method as the MySQL server, to detect the account     | | which MySQL identifies as the one matching. It is similar in essence to       | | CURRENT_USER(), only it works for all sessions, not just for the current      | | session.                                                                      | |                                                                               | | SYNOPSIS                                                                      | |                                                                               | |                                                                               | |                                                                               | |        match_grantee(connection_user char(16) CHARSET utf8,                   | |        connection_host char(70) CHARSET utf8)                                 | |          RETURNS VARCHAR(100) CHARSET utf8                                    | |                                                                               | |                                                                               | | Input:                                                                        | |                                                                               | | * connection_user: user login (e.g. as specified by PROCESSLIST)              | | * connection_host: login host. May optionally specify port number (e.g.       | |   webhost:12345), which is discarded by the function. This is to support      | |   immediate input from as specified by PROCESSLIST.                           | |                                                                               | |                                                                               | | EXAMPLES                                                                      | |                                                                               | | Find an account matching the given use+host combination:                      | |                                                                               | |                                                                               | |        mysql> SELECT match_grantee('apps', '192.128.0.1:12345') AS            | |        grantee;                                                               | |        +------------+                                                         | |        | grantee    |                                                         | |        +------------+                                                         | |        | 'apps'@'%' |                                                         | |        +------------+                                                         | |                                                                               | |                                                                               | |                                                                               | | ENVIRONMENT                                                                   | |                                                                               | | MySQL 5.1 or newer                                                            | |                                                                               | | SEE ALSO                                                                      | |                                                                               | | processlist_grantees                                                          | |                                                                               | | AUTHOR                                                                        | |                                                                               | | Shlomi Noach                                                                  | |                                                                               | +-------------------------------------------------------------------------------+ I like HTML for documentation. I think it's a good format, provided you don't start doing funny things. Perhaps TROFF is more suitable; certainly more popular on Unix machines. But I already have everything in HTML. So, what do I do? My decision was to keep documentation in HTML, and use the handy html2text tool to do the job. And it does it pretty well! The sample you see above is an automated translation of HTML to plain text. I add a few touches of my own: SELECTing long texts is ugly, whether you do it via ";" or "\G". The help() routine breaks the text by '\n', returning a multi row result set. The above sample makes for some 60+ rows, nicely formatted, broken from the original single text appearing in the help table. So now you have an internal help method for common_schema, right where the code is. You don't have to leave the command line client in order to get help. Giuseppe offered me the idea for this, even while my own thinking about it was in early stages. The next version of common_schema will be available in a few weeks. The code is pretty much ready. I just need to work on, ahem..., the documentation. code.openark.org | 1/11/12 9:01 AM

Yesterday Oracle announced that the latest release of Oracle Database Firewall introduced support for MySQL Enterprise Edition. To address threats like SQL injections, Oracle Database Firewall establishes a defensive perimeter around databases, while monitoring and enforcing normal application behavior in real-time to help prevent SQL injection attacks as well as unauthorized attempts to access sensitive information. Oracle Database Firewall represents a new addition to the growing list of MySQL Enterprise Oracle Certifications. Numerous organizations are using both the Oracle database and MySQL, typically relying on MySQL for their web-based and departmental applications. Oracle MySQL Enterprise Certifications make it easier, faster and safer for them to deploy and manage both databases within their existing environment, using the same set of tools. According to the most recent IOUG Data Security Survey, only 36 percent of respondents have taken steps to ensure their applications are not subject to SQL injection attacks (1). Oracle Database Firewall now protects MySQL databases against data breaches without requiring any changes to existing applications, the database infrastructure or the existing operating system of the target database. Read the press release to learn more. For more information about MySQL Enterprise Edition, get our “MySQL Enterprise Edition Product Guide”. (1) “Databases Are More at Risk Than Ever: 2011 IOUG Data Security Survey,” October 2011 blogs.oracle.com | 1/10/12 10:07 AM

As companies move their data out from behind firewalls into the cloud and employees use self-provisioned mobile devices, infosecurity must change. That's why cybercrime prevention provider ThreatMetrix will announce tomorrow its acquisition of TrustDefender , which detects malware-based attacks. ThreatMetrix can now offer an integrated fraud protection solution that verifies the identity and integrity of any device trying to access secure data. If an endpoint has been compromised through malware or identity theft: access denied. techcrunch.com | 1/10/12 3:34 AM