5 Security Holes Almost Everyone’s Vulnerable To

By Thorin Klosowski, LifehackerJanuary 30, 2013 at 09:00AM

5 Security Holes Almost Everyone's Vulnerable ToProblems with security seem to pop up all the time—from an easy to hack router to apps that leak your data into the world. Thankfully, it’s pretty easy to protect yourself. Here’s how to do it.

Unless you keep up to date on all the security news, it’s easy to miss a bit here and there about what has been exploited and what hasn’t. We’re all vulnerable at some point, and if you haven’t touched the settings on your computer since you took it out of the box, it might be time to take another look.

Already know about these security holes and have them patched up? Good for you! Send this along to your friends who don’t to help keep them safe.

UPnP Allows Access to Your Gear from Outside Sources

5 Security Holes Almost Everyone's Vulnerable ToUPnP (Universal Plug and Play), a component meant to make devices like routers, printers, and media players easy to discover on a network, has been accused of having security holes for a long time, but this week the US Government suggested you disable it yet again. The most recent study suggests 40 million to 80 million network-enabled devices responded to discovery requests from the internet and are vulnerable to an attack that gives hackers access to webcams, printers, passwords, and more. This means routers and devices with the bug can be accessed from the internet to remotely screw with your system even if you don’t have malware installed.

The good news is that most of the affected hardware is old, and the problem likely isn’t as widespread as it seems. That said, in the case of most devices, you can turn UPnP off in the settings (look in your manual for directions). The UPnP setting on your router doesn’t have anything to do with the protocol that lets you stream media over a network, print from inside the network, or anything similar. Turning it off on the router level only blocks you from controlling these devices over the internet, which most people don’t need to do.

To turn it off on a router level, you pop into the admin page and disable UPnP. If you want to check your hardware, security site Rapid7 has made a tool to scan devices on your network.

As far as security risks go, this one’s easy to fix and it’s not going to affect a lot of people these days. The rest of these are much worse.

WEP/WPA Passwords on Your Router Are Easy to Crack

5 Security Holes Almost Everyone's Vulnerable ToChances are that your router is using either a WPA (Wi-Fi Protected Access) password or a WEP (Wired Equivalent Privacy) password. Unfortunetly, it’s pretty simple to crack a Wi-Fi network’s WPA password and a WEP password.

Both of these vulnerabilities exist for different reasons. In the case of WEP, it’s as simple as cracking the password with an automated encyrption program (and a lot of time), while in WPA, it’s more about a vulnerability in WPS (Wi-fi Protected Setup) on certain routers. This can be corrected by turning WPS off. If you can’t turn WPS off, you can install DD-WRT or Tomato so you can. DD-WRT should add a nice security layer to your home network.

Browsing Without HTTPS Leaves Your Vulnerable to Snoopers

5 Security Holes Almost Everyone's Vulnerable ToHTTP Secure is the protocol used to secure everything that you send online that’s important. This includes your bank information, social networks, and just about everything else that needs security. For your home network, you can simply install the HTTPS browser extension that ensures you’ll always use the secure version of a site so your data doesn’t fall into the wrong hands. Without HTTPS, your personal data is far more likely to fall through a security hole and into the hands of some nefarious person.

While it’s important to use HTTPS at home, it’s far more important to always use it on public Wi-Fi. At places like hotels, airports, or libraries, someone is probably snooping out your passwords. Your best solution for public Wi-Fi is to use a VPN (virtual private network) to route your traffic safely and securely.

All the Apps, Software, and Websites You Use Might Accidentally Leak Data

5 Security Holes Almost Everyone's Vulnerable ToIt happens time and time again. A hacker finds an exploit, and suddenly all your favorite software and web sites are vulnerable to people snagging your passwords. This might make your entire system insecure, it may give your passwords away, or they’re leaking your personal data like name and address. This happens with Java constantly, but it has happened to pretty much everyone at some point, including: Mega, Google Wallet, Apple, Skype, Path, Zappos, LinkedIn, and Facebook.

First off, you need to keep your software up to date. This means both your operating system and your mobile software. Generally, when your data is leaked, someone notices, and the software is patched up right away.

It’s not exactly the perfect solution, but since the security holes are on the service or software side, it’s all you can do. That said, make sure you have: two-factor authentication enabled where you can, you use a different password for every site, and use a a password system like LastPass to ensure your leaked data doesn’t reveal enough information to get your login information for another service.

Strong Passwords Aren’t Enough to Protect Against Everything

5 Security Holes Almost Everyone's Vulnerable ToWhen it boils down to it, a good password only gets you so far. Certain security holes, like social engineering hacks can happen when a skilled hacker bypasses technical protections (like a strong password) to get the information they want from talking to a person—no “real” hacking is required. It’s exactly what happened last year when the Apple and Amazon exploits were uncovered in Mat Honan’s hack.

In short, people are one of the biggest security holes in the larger chain. Hackers can use psychological tricks to get your information, they might pose as someone important, as a Facebook friend, or even as you when talking with customer support. With a little information, they can then gain access to your account. If that account uses the same password as everywhere else, they essentially get access to everything you do. Thankfully, you can protect yourself with a few simple tips.

The main goal is to make sure you don’t have all your eggs in one basket. That means if someone gets one password to one site, they can’t get in elsewhere. So, never use the same password more than once, use two-factor authentication, get creative with your security questions, and monitor your accounts.

Plugging up these security holes isn’t exactly a fun way to spend an afternoon, but it’s certainly more entertaining than waking up one morning to find someone has stolen your identity. It’s also a pretty easy process, and once you’re set up you don’t need to do much else.

PhoneClean Scans Your iOS Device to Reclaim Storage Space

By Thorin Klosowski, LifehackerJanuary 30, 2013 at 10:30AM

PhoneClean Scans Your iOS Device to Reclaim Storage SpaceWindows/Mac: Your iOS device has a limited amount of storage. It can store a lot of junk you don’t need over time like temp files, scripts, and failed sync files. PhoneClean is an app that deletes all that junk for you.

All you need to do is launch PhoneClean, attach your iOS device to your computer, and click the “Start Scan” button. PhoneClean will dig through your device for a few minutes, and will give you a report on what it can safely delete. Check the boxes for the junk you want to delete, and PhoneClean does it. I didn’t reclaim much space myself, but your mileage may vary.

PhoneClean (free) | iMobie via CNET

Man Detained By TSA For Writing 4th Amendment On His Chest Wins 1st Amendment Argument In Court

By Mike Masnick, Techdirt.January 28, 2013 at 12:34PM

Nearly two years ago, we wrote about how Aaron Tobey was suing the US government after he was detained by the TSA for trying to go through airport security without his shirt on, but with a paraphrased version of the 4th Amendment on his chest:




At the time, I figured his case had little chance of succeeding. For reasons that don’t make much sense, the courts have given the TSA an amazing amount of deference as long as they keep claiming something along the lines of “but we’re all going to die!!!!!!” before defending any and every action to violate our basic privacy rights. However, it turns out I was wrong. Because, you see, the 4th Amendment might not matter any more, but the First Amendment is still important. And the court saw this as a clear attack on his attempt to speak freely:


Here, Mr. Tobey engaged in a silent, peaceful protest using the text of our Constitution—he was well within the ambit of First Amendment protections. And while it is tempting to hold that First Amendment rights should acquiesce to national security in this instance, our Forefather Benjamin Franklin warned against such a temptation by opining that those ‘who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.’ We take heed of his warning and are therefore unwilling to relinquish our First Amendment protections—even in an airport.

The ruling hit back on the claims by the TSA that the detention made sense because Tobbey’s actions were “bizarre.”


Appellants contend that Mr. Tobey has not pled a cognizable First Amendment claim because their actions were “reasonable” given Mr. Tobey’s “bizarre” and “disruptive”
conduct….

Even conceding that Mr. Tobey’s behavior was “bizarre,”
bizarre behavior alone cannot be enough to effectuate an
arrest. If Appellants caused Mr. Tobey’s arrest solely due to
his “bizarre” behavior, Appellants’ cannot be said to have
acted reasonably. This is especially the case given that the
First Amendment protects bizarre behavior

The court also pushes back on the claims of “disruption,” noting that the TSA seems to say that removing clothes itself is disruptive, but the court points out that there’s an awful lot of clothing removal that happens at TSA checkpoints, so it is not obviously disruptive (though it leaves open the possibility of more evidence of disruptive behavior by Tobey).

This was an appeals court panel, overturning a lower court decision against him. It’s worth noting that the panel (a standard 3 judge panel) included one dissenter, who bizarrely and ridiculously argued that, not only do you give up your First Amendment rights at the airport, you do so because the TSA needs you to shut up so it can find the real terrorists. I’m not joking:


Had this protest been launched somewhere other than in the security-screening area, we would have a much different case. But Tobey’s antics diverted defendants from their passenger-screening duties for a period, a diversion that nefarious actors could have exploited to dangerous effect. Defendants responded as any passenger would hope they would, summoning local law enforcement to remove Tobey—and the distraction he was creating — from the scene.

How does one become a judge at the appellate level when arguing that you have different free speech rights during airport passenger screening because you shouldn’t distract the TSA agents? That’s quite an incredible statement.

Either way, the case still has a long way to go. This part just sends it back to the lower court to permit the case to move forward on First Amendment grounds.

Permalink | Comments | Email This Story



1.5x … 9x faster queries with PHP and MySQL 5.6, really?

By Ulf Wendel, Planet MySQLJanuary 28, 2013 at 11:18AM

I am telling no secret saying MySQL 5.6 GA can be expected to be released soon, very soon. Time to test one of the improvements: MySQL 5.6 speaks SQL and Memcache protocol. In your PHP MySQL apps, try using the Memcache protocol to query MySQL. A key-value SELECT ... FROM ... WHERE pk = <key> can become 1.5x-2x faster, an INSERT INTO table(pk, ...) VALUES (<key> ...) can become 4.5x-9x faster, says the InnoDB team! Read on: background, benchmark, usage, PECL/mysqlnd_memcache, PHP Summit

Background

Since at least 2009, power users have tried to access MySQL bypassing the SQL layer. SQL is a very rich and powerful query language. But parsing and optimizing SQL takes time. So does a wire protocol that supports all SQL features. A less featured query language and protocol can significantly improve performance. See Key Value stores such as Memcache or Redis: simple queries, simple but fast protocol.

Application
MySQL SQL Client Memcache Client
| |
  • rich SQL queries
  • strong persistence, safe data store
  • no stale data
  • simple and fast key lookup
  • weak persistence, data loss in case of crash
  • memcached: often stale data copies from DBMS
| |
MySQL Server Memcached

Thus, for simple MySQL queries there should be a simple and fast protocol. But which? Many MySQL web deployments use Memcache, I would not be surprised to learn that its the case for 30% of the MySQL web users. The MySQL manual has a chapter dedicated to using Memcached with MySQL. Given the popularity, the choice of a fast protocol for simple key value style queries was easy: MySQL had to learn Memcache protocol.

MySQL SQL Client Memcache Client
| |
  • rich SQL queries and/or simple and fast key lookup
  • persistence: configurable from strong to weak
  • no caching, no data copy to sychronize
|
MySQL 5.6 with InnoDB Memcache Plugin
InnoDB table

In an ideal world one can run an existing Memcached application against MySQL 5.6 without any code modifications. Future user experience will tell whether the MySQL 5.6 InnoDB Memcache plugin is good enough to replace Memcached installations. There are reasons for considering MySQL as a Memcached replacement (related: Couchbase 2.0) . However, it is the enormous popularity and developer familarity (clients, APIs, usage, …) with Memcached that counts. From an application developer perspective there is little new to learn: change server IP from Memcached to MySQL, done. No more hassles with cold or stale caches…

Benchmarks… never trust them

Really, can MySQL 5.6 replace a Memcached installation? I do not know. As a poP (plain old PHP developer), I focussed on the question whether replacing key value style SQL queries with Memcache access to MySQL could improve PHP application performance. This may be the first step in an evaluation of the new feature.

Of course, I could not resist to run a benchmark MySQL vs. Memcached. As always, never trust benchmarks, run your own tests! All tests have been run on a plain i3-2120T CPU (2 cores, 4 cores counting hyper-threading), 8GB RAM, OpenSuSE 12.1 desktop. Disk configuration is as worse as it can get: soft RAID-1. Due to the poor disk setup I tried to avoid disk access whenever possible, and keep tests running entirely in main memory. Albeit iostat -x has not hinted significant bottlenecks I will not say more on write performance than this. Writes using memcache protocol have been 2x faster than writes using SQL (single INSERT) at the average of some 20 test runs.

Rest of the stack: MySQL 5.6.9-rc (not GA!), memcached 1.4.15, libmemcached 1.0.15, PHP 5.4.11 all compiled using their default settings. Test runs are short, sample variation had to be considered, load generator and server are running on the same machine. This setup is far, far from an ideal one but still something a poP may use.

[mysqld]
innodb_buffer_pool_size = 3072M
daemon_memcached_w_batch_size=1000
daemon_memcached_r_batch_size=1
innodb_flush_log_at_trx_commit=2
innodb_doublewrite=0

Please note, the daemon_memcached_w_batch_size setting is not relevant for the following read performance result. The chart shows the reads per second observed with bin/memslap --servers=127.0.0.1 --concurrency=4 --execute-number=20 --test=get --binary --debug --flush –initial-load=100000. memslap does not report reads per second but you can compute them with the formula: reported_runtime * 10000 / concurrency. Key lenght is 100 bytes, value lenght is 400 bytes, set size is 10,000 rows – memslap defaults…

MySQL 5.6.9-rc InnoDB Plugin, memslap, read

MySQL to replace Memcached?

Memcached performed best if using socket connections. Setting daemon_memcached_option="-s/tmp/mmemcached" made the MySQL 5.6.9-rc1 (non GA) release bind to the socket set but no client was able to perform any queries. Thus, for the question whether MySQL can replace Memcached, we have to look at TCP/IP connection figures.

MySQL 5.6
Memcached running as a MySQL plugin
(as part of the MySQL process)
Memcached cache_policy=cache_only main memory storage
|  
cache_policy=innodb_only
|
InnoDB

The chart shows two TCP/IP figures for MySQL. One shows the results for the MySQL InnoDB Memcached cache policy cache_only, the other one shows results for cache_policy=innodb_only. The MySQL InnoDB Memcached plugin is basically a Memcached running as part of the MySQL process. Memcached supports custom storage backends. The cache_policy sets whether InnoDB or main memory shall be used. In the latter case, the plugin is no different from a standalone Memcached.

Armed with this knowledge you can start comparing MySQL InnoDB Memcached plugin with standalone Memcached. To compare apples and apples you have to compare cache_policy=cache_only with standalone Memcached. Result: little difference. If you compare cache_policy=innodb_only with standalone Memcached you compare apples and oranges! Result for my particular setup: InnoDB turned out slower than Memcached. But recall that you compare apples and oranges: different system architecture, different persistence, possibly no more caching layer…

SQL SELECT versus Memcache get

Sometimes, comparing apples and oranges is perfectly valid. For example, when asking whether to refactor a key value style SQL access (SELECT ... FROM table WHERE pk = <key>) into a Memcached access to MySQL. These kinds of queries are quite typical for applications that use frameworks.
MySQL 5.6.9-rc InnoDB Plugin, SQL vs. Memcached access using PHP

My own benchmark and the InnoDB team benchmark show similar results: try replacing simple SELECT with Memcached accesses, it can give 1,5x … 2x faster queries. The PHP script used is given at the end of the blog post. It is using defaults similar to memslap defaults: key length 100 bytes, value length 400 bytes, 10,000 rows. To minimize impact of the slow disk system on the test computer, the script sleeps for 30 seconds after populating the test table. The SQL access is done using mysqli (w. mysqlnd).

[...]
$res = $mysqli->query($sql = "SELECT c2 FROM demo_test WHERE c1='" . $pairs[$idx][0] . "'");
if (!$res) {
  printf("[%d] %s\n", $mysqli->errno, $mysqli->error);
  break;
}
$row = $res->fetch_row();
$res->free();
assert($pairs[$idx][1] == $row[0]);
[...]

The equivalent Memcached access is done using PECL/Memcached.

[...]
if (false == ($value = $memc->get($pairs[$idx][0]))) {
  printf("[%d] Memc error\n", $memc->getResultCode());
  break;
}
assert($pairs[$idx][1] == $value);
[...]

Please note, the benchmark does not take connect times into account. If you replace only few SQL SELECT queries with a Memcache access to MySQL, the connect overhead for the additional Memcache connection to MySQL may outweight performance gains. As always: run your own tests.

PECL/mysqlnd_memcached

Last year Johannes has published PECL/mysqlnd_memcached. PECL/mysqlnd_memcached monitors all queries run by mysqlnd using any PHP MySQL API compiled to use the mysqlnd library. If a query matches a regular expression for a key value style SELECT, then the plugin transparently performs a Memcached access instead of a SQL access to MySQL. Back then, we found cases in which this gave a slight performance increase of some 20…30%. With my recent benchmark I got some performance loss using PECL/mysqlnd_memcache compared to a plain SQL access with mysqli. As always: run your own tests. However, this hints that an automatic and transparent runtime replacement may not be fast enough.

Finding SQL SELECT key value style queries

Refactoring existing applications may be a better solution. There are two mysqlnd plugins that can help to identify queries that qualify for refactoring: PECL/mysqlnd_uh (PHP 5.3 only), PECL/mysqlnd_qc (PHP 5.3 and above). PECL/mysqlnd_uh enables you to rebuild PECL/mysqlnd_memcached using PHP instead of C. The blog post
Uh, uh… extending mysqlnd: monitoring and statement redirection gets you started. A PHP 5.4+ compatible alternatives are the mysqlnd_qc_get_normalized_query_trace_log() and mysqlnd_qc_get_query_trace_log() functions provided by PECL/mysqlnd_qc. The functions help you to find the origin of SQL SELECT key value style queries by providing traces of all queries executed. Please note, it is not necessary to turn on the actual caching functionality of the client-side cache plugin PECL/mysqlnd_qc to access the query traces.

Apples, oranges and other peoples benchmarks…

Albeit artificial benchmarks hint a significant performance benefit, real life gains have to be evaluated on a case by case basis. For example, you may decide not to commit after each read/get and run InnoDB in read-only mode on a slave server. Thus, you set daemon_memcached_r_batch_size=64 and/or innodb_read_only in your MySQL configuration. Setting either one can double reads per second, peaking around 21,000 reads/s from MySQL 5.6 on an Intel-i3 based desktop. Still slower than Memcached but the features are different…

MySQL 5.6.9-rc InnoDB Memcache Plugin, PHP script, read

Really, there is something here…

A look at the performance shows that there is something here. Next, one will have to take a look at the feature difference and compare with other approaches in MySQL land. That’s the story to tell in my talk at the PHP Summit.

Finally, stability: good enough to start testing. MySQL 5.6.9-rc was reasonable stable to run benchmarks against it but not perfectly stable. PECL/mysqlnd_memcached beta needs to be brushed over to reflect the latest changes. We will do that once MySQL 5.6 GA has been published.

Happy hacking!

@Ulf_Wendel Follow me on Twitter

PHP benchmark script used

<?php
define("MYSQL_HOST", "127.0.0.1");
define("MYSQL_USER", "root");
define("MYSQL_PWD", "");
define("MYSQL_DB", "test");
define("MYSQL_PORT", 3307);
define("MYSQL_MEMC_PORT", 11211);

define("NUM_VALUES", 10000);
define("REPEAT_READS", 10);

/* Wait time e.g. for background commit */
define("REST_TIME_AFTER_LOAD", 30);

/* Make sure the schema matches! */
define("KEY_LEN", 10);
define("VALUE_LEN", 100);

/* match MySQL config to be fair... */
define("WRITE_COMMIT_BATCH_SIZE", 1000);

/* number of parallel fetch worker (processes) */
define("FETCH_WORKER", 2);




function store_fetch_results_in_mysql($run_id, $pid, $results, $num_values = NUM_VALUES, $repeat = REPEAT_READS) {
  $mysqli = new mysqli(MYSQL_HOST, MYSQL_USER, MYSQL_PWD, MYSQL_DB, MYSQL_PORT);
  if ($mysqli->errno) {
    printf("[%d] %s\n", $mysqli->errno, $mysqli->error);
    return false;
  }
  if (!$mysqli->query("CREATE TABLE IF NOT EXISTS php_bench(
       run_id INT, pid INT UNSIGNED,
       label VARCHAR(60),
       runtime DECIMAL(10, 6) UNSIGNED, ops INT UNSIGNED)")) {

     printf("[%d] %s\n", $mysqli->errno, $mysqli->error);
     return false;
  }
  foreach ($results as $label => $time) {

     $sql = sprintf("INSERT INTO php_bench(run_id, pid, label, runtime, ops)
              VALUES (%d, %d, '%s', %10.6f, %d)",
             $run_id,
             $pid,
             $mysqli->real_escape_string($label),
             $time,
             ($time > 0) ? ($num_values * $repeat / $time) : 0);
     if (!$mysqli->query($sql)) {
       printf("[%d] %s\n", $mysqli->errno, $mysqli->error);
       return false;
     }
  }
  return true;
}

function generate_pairs($num = NUM_VALUES, $key_len = KEY_LEN, $value_len = VALUE_LEN) {
  $pairs = array();
  $anum = "0123456789ABCDEFGHIJKLMNOPQRSTWXYZabcdefghijklmnopqrstuvwxyz";
  $anum_len = strlen($anum) - 1;

  for ($i = 0; $i < $num; $i++) {
    $key = "";
    for ($j = 0; $j < $key_len; $j++) {
      $key .= substr($anum, mt_rand(0, $anum_len), 1);
    }
    $value = $key . strrev($key) . $key . strrev($key);
    $pairs[] = array($key, $value);
  }

  return $pairs;
}

function load_pairs_memc($memc, $pairs) {
  $inserted = 0;
  foreach ($pairs as $k => $pair) {
    if (false == $memc->add($pair[0], $pair[1])) {
      printf("[%d] Memc error\n", $memc->getResultCode());
      break;
    }
    $inserted++;
  }
  return $inserted;
}

function load_pairs_sql($mysqli, $pairs) {
  $inserted = 0;
  $mysqli->autocommit = false;
  foreach ($pairs as $k => $pair) {
    if (!$mysqli->query(sprintf("INSERT INTO demo_test(c1, c2) VALUES ('%s', '%s')", $pair[0], $pair[1]))) {
      printf("[%d] %s\n", $mysqli->errno, $mysqli->error);
      break;
    }
    $inserted++;
    if ($inserted % WRITE_COMMIT_BATCH_SIZE == 0) {
      $mysqli->commit();
    }
  }
  $mysqli->commit();
  $mysqli->autocommit = true;
  return $inserted;
}

function timer($label = '') {
  static $times = array();
  if (!$label)
    return $times;

  my_timer($label, $times);
  return $times;
}

function my_timer($label, &$times) {
  if (!$label)
    return;

  if (!isset($times[$label])) {
    $times[$label] = microtime(true);
  } else {
    $times[$label] = microtime(true) - $times[$label];
  }
}


function fetch_sql($mysqli, $pairs, $repeat = REPEAT_READS) {
  $fetched = 0;
  for ($i = 0; $i < $repeat; $i++) {
    $fetched += _fetch_sql($mysqli, $pairs);
  }
  return $fetched;
}
function _fetch_sql($mysqli, $pairs) {
  $fetched = 0;
  $num = count($pairs);
  while (count($pairs)) {
    do {
     $idx = mt_rand(0, $num);
    } while (!isset($pairs[$idx]));

    $res = $mysqli->query($sql = "SELECT c2 FROM demo_test WHERE c1='" . $pairs[$idx][0] . "'");
    if (!$res) {
      printf("[%d] %s\n", $mysqli->errno, $mysqli->error);
      break;
    }
    $row = $res->fetch_row();
    $res->free();
    assert($pairs[$idx][1] == $row[0]);
    $fetched++;
    unset($pairs[$idx]);
  }
  return $fetched;
}

function fetch_memc($memc, $pairs, $repeat = REPEAT_READS) {
  $fetched = 0;
  for ($i = 0; $i < $repeat; $i++) {
    $fetched += _fetch_memc($memc, $pairs);
  }
  return $fetched;
}
function _fetch_memc($memc, $pairs, $repeat = 1) {
  $fetched = 0;
  $num = count($pairs);
  while (count($pairs)) {
    do {
      $idx = mt_rand(0, $num);
    } while (!isset($pairs[$idx]));

    if (false == ($value = $memc->get($pairs[$idx][0]))) {
      printf("[%d] Memc error\n", $memc->getResultCode());
      break;
    }
    assert($pairs[$idx][1] == $value);
    $fetched++;
    unset($pairs[$idx]);
  }
  return $fetched;
}


function generate_and_load_pairs($num = NUM_VALUES, $key_len = KEY_LEN, $value_len = VALUE_LEN) {

  $mysqli = new mysqli(MYSQL_HOST, MYSQL_USER, MYSQL_PWD, MYSQL_DB, MYSQL_PORT);
  if ($mysqli->errno) {
    printf("[%d] %s\n", $mysqli->errno, $mysqli->error);
    return array();
  }
  $memc = new Memcached();
  if (!$memc->addServer(MYSQL_HOST, MYSQL_MEMC_PORT)) {
    printf("[%d] Memc connect error\n",  $memc->getResultCode());
    return array();
  }

  timer("generate pairs");
  printf("\tGenerating pairs...\n");
  $pairs = generate_pairs($num, $key_len, $value_len);
  timer("generate pairs");


  timer("load pairs using SQL");
  printf("\tLoading %d pairs using SQL...\n", load_pairs_sql($mysqli, $pairs));
  timer("load pairs using SQL");

  $mysqli->query("DELETE from demo_test");

  /* server think and commit time */
  sleep(REST_TIME_AFTER_LOAD);

  timer("load pairs using Memcache");
  printf("\tLoading %d pairs using Memcache...\n", load_pairs_memc($memc, $pairs));
  timer("load pairs using Memcache");

  sleep(REST_TIME_AFTER_LOAD);

  return $pairs;
}


function fetch_and_bench($pairs, $pid, $indent = 1, $repeat = REPEAT_READS) {
 $times = array();

 $mysqli = new mysqli(MYSQL_HOST, MYSQL_USER, MYSQL_PWD, MYSQL_DB, MYSQL_PORT);
  if ($mysqli->errno) {
    printf("[%d] %s\n", $mysqli->errno, $mysqli->error);
    return $times;
  }
  $memc = new Memcached();
  if (!$memc->addServer(MYSQL_HOST, MYSQL_MEMC_PORT)) {
    printf("[%d] Memc connect error\n",  $memc->getResultCode());
    return $times;
  }
  $prefix = str_repeat("\t", $indent);

  my_timer("fetch using plain SQL", $times);
  printf("%s[pid = %d] Fetched %d pairs using plain SQL...\n", $prefix, $pid, fetch_sql($mysqli, $pairs, $repeat));
  my_timer("fetch using plain SQL", $times);

  mysqlnd_memcache_set($mysqli, $memc);
  my_timer("fetch using Memcache mapped SQL", $times);
  printf("%s[pid = %d] Fetched %d pairs using Memcache mapped SQL...\n", $prefix, $pid, fetch_sql($mysqli, $pairs, $repeat));
  my_timer("fetch using Memcache mapped SQL", $times);

  my_timer("fetch using Memcache", $times);
  printf("%s[pid = %d] Fetched %d pairs using Memcache...\n", $prefix, $pid, fetch_memc($memc, $pairs, $repeat));
  my_timer("fetch using Memcache", $times);

  return $times;;
}


$run_id = mt_rand(0, 1000);

$pairs = generate_and_load_pairs(NUM_VALUES, KEY_LEN, VALUE_LEN);
$load_times = timer();

$pids = array();
for ($fetch_worker = 1; $fetch_worker <= FETCH_WORKER; $fetch_worker++) {
   switch ($pid = pcntl_fork()) {
      case -1:
         printf("Fork failed!\n");
         break;

      case 0:
         printf("\t\tFetch worker %d (pid = %d) begins...\n", $fetch_worker, getmypid());
         $times = fetch_and_bench($pairs, getmypid(), 2);
         store_fetch_results_in_mysql($run_id, getmypid(), $times, NUM_VALUES, REPEAT_READS);
         printf("\t\tWorker %d (pid = %d) has recorded its results...\n", $fetch_worker, getmypid());
         exit(0);
         break;

      default:
         printf("\t\tParent has created worker [%d] (pid = %d)\n", $fetch_worker, $pid);
         $pids[] = $pid;
         pcntl_waitpid($pid, $status, WNOHANG);
         break;
   }
}

foreach ($pids as $pid) {
  pcntl_waitpid($pid, $status);
}



printf("\n\n");
printf("Key settings\n");
printf("\t%60s: %d\n", "Number of values", NUM_VALUES);
printf("\t%60s: %d\n", "Key length", KEY_LEN);
printf("\t%60s: %d\n", "Value length", VALUE_LEN);
printf("\t%60s: %d\n", "SQL write commit batch size", WRITE_COMMIT_BATCH_SIZE);
printf("\t%60s: %d\n", "Parallel clients (fetch)", FETCH_WORKER);
printf("\t%60s: %d\n", "Run ID used to record fetch times in MySQL", $run_id);

printf("\n\n");
printf("Load times\n");
foreach ($load_times as $label => $time) {
  printf("\t%60s: %.3fs (%d ops)\n", $label, $time, NUM_VALUES / $time);
}

printf("\n");
printf("Fetch times\n");

$mysqli = new mysqli(MYSQL_HOST, MYSQL_USER, MYSQL_PWD, MYSQL_DB, MYSQL_PORT);
if ($mysqli->errno) {
 die(sprintf("[%d] %s\n", $mysqli->errno, $mysqli->error));
}
$res = $mysqli->query("SELECT DISTINCT label FROM php_bench WHERE run_id = " . $run_id);
if (!$res)
  die(sprintf("[%d] %s\n", $mysqli->errno, $mysqli->error));

while ($row = $res->fetch_assoc()) {
  $sql = sprintf("SELECT AVG(runtime) as _time, AVG(ops) AS _ops FROM php_bench WHERE label = '%s' GROUP BY run_id HAVING run_id = %d",
    $mysqli->real_escape_string($row['label']),
    $run_id);
  if (!($res2 = $mysqli->query($sql)))
    die(sprintf("[%d] %s\n", $mysqli->errno, $mysqli->error));

  $row2 = $res2->fetch_assoc();
  printf("\t%60s: %.3fs (%d ops)\n", $row['label'], $row2['_time'], $row2['_ops']);
}
$mysqli->query("DELETE FROM php_bench");
printf("\n\n");
printf("\t\tTHE END\n");

The post 1.5x … 9x faster queries with PHP and MySQL 5.6, really? appeared first on Ulf Wendel.

PlanetMySQL Voting:
Vote UP /
Vote DOWN

What Is Fair Use? A Basic Explanation For Aspiring Creatives [MakeUseOf Explains]

By Joshua Lockhart, MakeUseOfJanuary 23, 2013 at 09:31PM

fair useHalf of the videos I find on YouTube always have some note in the description about how it’s totally legal for the creator to use songs from their favorite band as background music. Their reasoning tends to always be in the form of two words: fair use.

Unfortunately, this is often because of complete ignorance. Other times its just a total disregard for the law. Either way, most people don’t understand what fair use actually is, and in an effort to educate the general public, I’ve decided to pen a delightful article detailing what fair use actually is.

Gather around, children, for Papa Lockhart is going to tell you the story of the Four Determining Factors And The Big Bad Copyright Infringer.

The Four Determining Factors

According to USC Title 17, Section 107, there are four traits to consider when deciding if something is actually under fair use law:

  • Purpose And Character Of The Derivative Work.
  • Nature Of The Copyrighted Work.
  • Amount Of The Copyrighted Work Used.
  • Effect On The Potential Market Of The Copyrighted Work.

Some people like to skirt around the four determining factors, totally bending the rules to justify their own means. For instance, you’ll see people who say they don’t make any money from the derivative work. Sometimes they will say it’s “educational” without it having any academic value at all. This really doesn’t matter.

Bear in mind that the law doesn’t change according to your interpretation. It also doesn’t change for ignorance.

Disclaimer: this article isn’t legitimate legal advice. I’m not an attorney, nor would I even be a good one. Just make sure to contact a lawyer for professional legal consultation. Regardless, I feel as though I know fair use pretty well, and I’d like to break down the four determining factors for you.

Purpose & Character Of The Derivative Work

fair use

This is the factor that most people claim to have some knowledge about. However, the purpose and character of your work goes a bit deeper than “I don’t make money off this” or “this is for educational purposes”. Courts tend to decide if the derivative is meant to stimulate creativity of the public or solely bring personal profit to the author. Ultimately, you must decide if your new derivative work advances progress of the arts by adding something new.

This means you can’t just steal the work, and I’d even go as far to say that it extends into putting a popular song on a video. Unfortunately, even education is suffering in this area because profit can be made in this sector, but on the other hand, parody is protected. Do bear in mind that the next three factors apply even if you got by this one scott-free.

Nature Of The Copyrighted Work

what is fair use

While artistic value doesn’t matter to copyrighted work, fair use takes it into consideration (along with other items such as its fiction or nonfiction status). To keep it simple, you should ask yourself whether the resulting derivative work is creative or informative.

A work that can be considered creative (generally fiction) will likely fall out of favor with fair use. However, if it is something that is factual (generally nonfiction), you will be more likely to stay under the glorious umbrella that is fair use. Furthermore, this applies to work that hasn’t been published. Take secret letters from your Perlupian lover, for instance – it’s all protected.

Amount Of The Copyrighted Work Used

what is fair use

Admittedly, this is a bit of an unclear factor. The general rule is this – the less of the derivative work that is included, the better chance at qualifying for fair use it has. The key is to focus on how substantial it is.

For instance, if you publish an entire book that supposedly critiques another one, yet in the process you add the entirety of the critiqued work in your own, this is definitely copyright infringement. However, a simple attributed quote should be completely fine (just make sure you reference it).

Likewise for music, it seems as though everything is in the favor of record labels these days. For a video, I would apply for something called a sync license by writing to the label and explaining how you plan to use the music. If you are just making a fun video, they may let you use it without cost, but more often than not, you will have to pay.

Effect On The Potential Market Of The Copyrighted Work

fair use

Here’s the kicker: how does your derivative work affect the original creator’s income? There’s a lot of wiggle room here, and it’s typically not in the favor of the derivative work.

For example, consider how your creation affects search rankings online. Could it be possible that more people are watching your homemade lyric video instead of the official one? Let’s say that your video only got a thousand views in a month. Based on standard CPM prices, that’s $3-5 (minimum) that the artist’s company missed out on in advert income. Albeit small, this is lost revenue for the artist’s company. Even if it’s a small amount, your derivative work likely affects the product’s market in some way, and only the copyright holder can decide how much is too much.

Rationalization Often Results In Failure

All four of the above factors are taken into consideration when it comes to fair use, and I’m aware most of them are arbitrary. For the first three, use your gut, and I mean really use your gut. Don’t play the rationalization game. Usually, when you start rationalizing, you end up being wrong. The last one is pretty black and white when you get right down to it.

Some creatives may talk about how dirty it is that big media companies prevent consumers from using their work in derivative creations. I’ve done my share of using copyrighted music in the past (who hasn’t?), but to this argument I still say, “So what? They created it. They decide how it can be used.” 

What is your opinion on fair use? Have you ever received a DMCA takedown notice?

Image Credits: Phil RoedorDiego3336theeruditefrogzigazou76artist in doing nothing

The post What Is Fair Use? A Basic Explanation For Aspiring Creatives [MakeUseOf Explains] appeared first on MakeUseOf.

Build Your Own Adobe Creative Suite with Free and Cheap Software

By Thorin Klosowski, LifehackerJanuary 17, 2013 at 11:00AM

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareAdobe’s Creative Suite is one of the best software packs out there for professionals, but the suite is prohibitively expensive for most people. If you can’t drop the cash, you can still get a similar experience with free or cheap software. Here’s how to build your own Creative Suite.

Adobe Creative Suite is more than just Photoshop: it contains other software that helps you build web sites, design logos, edit video, layout books, and more. Recently, Adobe accidentally gave free access to the 2005 version of Creative Suite for free, and it’s clear demand for even outdated versions of the software is high. You can’t get as great of an experience with free software as you can with Adobe’s offerings, but you can at least get close. Whether you’re a student looking to test the waters of design before diving into the Creative Suite, or you’re just an amateur who doesn’t need all the bells and whistles, these free replacements to Adobe’s lineup offer enough for most of us.

Note: Mac users on OS X Mountain Lion may need to download X Quartz to get some of this software running since Apple dropped X11 support in Mountain Lion.

Best Replacement for Photoshop: GIMP

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareWhen it comes to replacing Photoshop, nothing is better than GIMP. GIMP has always been a little rough around the edges, but the recent update to version 2.8 really cleans up the interface and makes it a lot more usable. Alongside a huge list of updates, GIMP added a new single-window mode that mimics Photoshop’s tabbed view, and makes it considerably easier to use. The fact of the matter is, GIMP has come a long way since it was first released, and it’s now a serious replacement for the overpriced Photoshop.

If the slightly different interface in GIMP is throwing you off, it has a Photoshop-based port that looks and operates exactly like Photoshop. Once you’re up and running, take a look at our guide to getting started with Photoshop (which also applies to GIMP) to learn how to do all types of great things ranging from color correction to basic drawing.

Also try: Pixlr Editor (Windows), Paint.NET (Windows), or Pixelmator (Mac, $14.99)

Best Replacement for InDesign: Scribus

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareAdobe’s desktop publishing software InDesign has been a standard for magazine and newspaper layout for a long time, but the decrease in paper publishing has made it less of a necessary tool. That said, Scribus is free and open source software that can do just about everything InDesign can. Scribus isn’t nearly as intuitive (or pretty) as InDesign, but it gets the job done.

Scribus does things a little differently than InDesign, so it’s necessary to run through the quick-start guide to get started if you’re familiar with how InDesign (or Quark) work. As a program for laying out a few simple pages, a small pamphlet, or even a short book, Scribus works surprisingly well. That said, it doesn’t do a great job at handling a lot of images, and it doesn’t offer that many options for really tweaking the layout. Still, as a free alternative to Indesign, Scribus should work for most people who aren’t pushing out a daily newspaper.

Of course, if you just want to lay out an ebook (which InDesign also does), you have a few other options, including Sigil, and Calibre. Neither is particularly feature-rich, but if you’re just looking to lay out and publish a simple ebook (or PDF), both are free options that handle text and simple layout fine.

Also try: Serif PagePlus Starter Edition (Windows), iStudio Publisher (Mac, $17.99), Swiftpublisher (Mac, $19.99)

Best Replacement for Illustrator: Inkscape

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareIllustrator’s main claim to fame is vector-based art—the clean, simple art often seen in clipart, web graphics, and a lot of print art. The main appeal with vector graphics is that it’s based on mathematical equations instead of an actual image, so it can scale up (or down) to nearly size which makes it perfect for printing. It doesn’t seem that complicated, but few programs have been able to really replicate what makes Illustrator great. The closest is Inkscape, an open-source program that does just about everything Illustrator can do without the extra bells and whistles (like live trace).

Inkscape can do standard vector graphics really well, and a quick glance at the Inkscape Tutorials Blog showcases a lot of the power people have pulled out of it. If your main goal is to make clipart style graphics, icons, logos, or even do basic single-page layout, Inkscape handles just about everything Illustrator does.

Also try: OpenOffice Draw (Windows, Mac, and Linux), DrawPlus (Windows), XaraExtreme (Linux), or Torapp (Chrome), iDraw (Mac, $24.99)

Best Replacement for Premiere: Lightworks or VideoLAN Movie Creator

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareUnfortunately, Adobe’s video editing software, Premiere is one of the hardest programs to replace in the Creative Suite. That said, if you simply need to edit a few home videos, the cross-platform VideoLAN Movie Creator is a very early alpha, but can handle a number of video formats, basic editing, a small collection of effects, and more. It doesn’t come close to the powerhouse that is Premier, but if you just need to do some simple editing, or add a soundtrack to your home movie, VideoLAN Movie Creator does the trick.

Windows users can also check out the previously mentioned Lightworks. The free version allows you to do a lot of basic editing, and if you decide to upgrade to the full version, it’s only $60.

However, if you’re on Linux, you have a couple really solid options. Kdenlive, PiTiVi, and OpenShot are about as close as you’ll get to commercial editing software for free. They’re both a little closer to iMovie than they are to Premier in terms of features, but they work really well.

The fact of the matter is that you’re not going to find a perfect substitute for Premiere, but if you’re just looking to make simple video edits, it’s possible to do it without spending a dime. Once you get going, our guide to video editing will teach you all the basics.

Also try: Avidemux (Windows, Mac, Linux), Magistro (web), iMovie (Mac, $14.99), or Screenflow (Mac, $100)

Best Replacement for Dreamweaver: KompoZer or Learn to Code

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareWhat You See Is What You Get (WYSIWYG) editors for making web sites are easy to come by, but few match the toolset included in Dreamweaver. Since Dreamweaver works both as a WYSIWYG editor and a site manager, you’re not going to find a free alternative that does both.

However, KompoZer gets as close as possible while still being simple to use. As a web authoring tool that doesn’t require you to learn HTML, it’s easy to get used to, and you can design a basic web site in a few minutes. The addition of add-ons can also extend its use a little bit. KompoZer is a bit outdated (the last update was way back in 2010), but it can still handle basic CSS and HTML.

All that said, Dreamweaver, along with any WYSIWYG editor, are often criticized for outputting bad code and doing a poor job of teaching the basics of web site design. If your real goal is to get into web design, you’re better off learning to make one from scratch. We’ve got a huge guide for doing just that. The best part? You can learn all the coding you need with free tools, and moving forward you’ll know how to make a web site without relying on Adobe’s expensive software.

Also try: SeaMonkey (Mac), Aptana Studio 3 (Windows, Mac, Linux), BlueGriffon (Windows, Mac, Linux), or Amaya (Windows, Mac, Linux), Flux (Mac, $75), Espresso (Mac, $75)

Best Replacement for After Effects: Blender or Wax

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareAfter Effects is a relatively niche piece of software for special effects, and post-production video editing. It’s also one of the cheaper retail options out there. Subsequently, you have a pretty small selection of free software to choose from to replace it.

The closest analog is Wax for Windows. It’s a bit old, but it’s one of the few free choices that can handle video compositing, special effects, and a wide selection of plugins.

Alternately, Blender is a cross-platform tool meant for 3D design that can also handle a suprising amount of composting options. It’s not designed for the same special effects as After Effects, but if you just want to toss some light sabers into that home video you filmed at the Grand Canyon, Blender can do it. It’s also worth checking out BlenderGuru for a huge list of tutorials.

Also try: Jahshaka (was out of date for a while, but has recently relaunched to push a new 3.0 build), Motion 5 (Mac, $49.99),

Best Replacement for Flash: Various Tools

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareFlash is one of the hardest Adobe tools to replace with free software because Adobe invented the entire system it’s based on. However, depending on what you’re looking to make with Flash, you have a few different options.

If you want to use Flash to create 2D animation, Synfig Studio is your best option. Synfig Studio can do about as much as Flash can do with animation, and once you run through the tutorials it’s a snap to make to make 2D animations. Unfortunately, you can’t export your animations to the Flash standard SWF format, but as a learning tool it works great.

If ActionScript programming is what you’re interested in, Flash Develop is a great coding program built specifically for ActionScript. It’s a little tough to get started with, but once you get the hang of it, Flash Develop can handle all the code that Flash can.

Finally, if making Flash games is more in your interest, Stencyl is an absolutely fantastic free tool for budding game developers. Its tutorials walk you though every aspect you need to know, and the visual design mimics a lot of what you’ll also find in Flash, but works considerably better. The best part? It’s entirely visual, so you don’t need to code, and when you’re done making something, you can instantly export it as an iOS game (Android support is also on the way).

Also try: Hyper (Mac-based HTML5 Editor, $49.99), Microsoft Silverlight (Windows, Mac), Vectorian (Windows), Awesome Animator (Windows), Ajax Animator (browser)

Best Replacement to Acrobat: Preview or PDF-XChange Viewer

Build Your Own Adobe Creative Suite with Free and Cheap SoftwareReplacing the gigantic, all-encompassing Adobe Acrobat is no easy task. On Windows, we like PDF-XChange Viewer. While its set of free options are limited to reading, annotation, and signatures, that’s enough for most lightweight users. That said, the $40 Pro version does everything Acrobat does and more. So, if you do need to make the upgrade it’s still considerably cheaper than the $300 Acrobat.

Mac users should be able to get by with the built-in functions of Preview for most of their PDF editing and creation needs. Preview can handle annotation, highlighting, editing, signatures, and more. It’s not nearly as robust as Acrobat, but for the bulk of people out there who need simple editing tools Preview works great.

Also try: Formulate Pro, Foxit Reader (Windows, $29 for the Express version, $95 for the Standard), or Nitro Reader (Windows, $119.99 for Pro version)


As we mentioned, most of the above options won’t replace Creative Suite for professionals, but they’re usually enough for amateurs. They might take a little more work to learn how to use them because they’re rarely as well-designed as Adobe’s offerings, but they’re often nearly as functional. If you do decide to make the upgrade to Creative Suite, remember that the new subscription model makes very little sense when you can snag the student editions even when you’re not a student.

Title image remixed from Africa Studio (Shutterstock).