« September 2008 | Main | February 2009 »

December 31, 2008

Reducing Randomness on a Winter's Eve

Well, it's New Year's Eve, and we've already passed the leap second (it happened about 4 hours ago as I write this). The kids are watching the centennial edition of Dick Clark's Rockin' New Year's Eve Whatever. At least some of them are. Half of them are asleep. Or maybe all of them are half asleep. I'm actually working now, closing down one client's services at his request--he is shutting down some parts of his web service as of 2359 EST--and taking backups. And playing a little bit of Bejeweled. I'd right now be uploading a few pictures: one of a thoughtful Hanukkah gift from my wife to the family (a sign that reads "Beer, It's What's For Dinner",
Beer, the source of, and solution to, most of life's problems
hanging now in the kitchen), and some nonlinear shopping at the local Key Food,
$2.06/doz for 18, $1.79/doz for 12
(the price on the left is for 18 eggs, the price on the right for a dozen; neither of these are sale prices) but I'm finishing up a year of serious mechanical malfunctions:
  • Wetware breakage, as son #3 broke his leg in school in a freak accident jumping off a chair. That was early on in the year...everything else happened since October.
  • My laptop died unceremoniously a few weeks ago, prompting me to hurriedly purchase a replacement
  • The replacement, of course, came with Windows Vista Home Premium. I tried, really honestly tried to upgrade to Ultimate "seamlessly" and "live", only to find out that it repeatedly broke installed programs over and over (one of which appears to be the Palm Desktop software that I'd use to synchronize my Treo with my laptop. Guess where all my pictures are?) There goes 3 weeks of productivity down the drain.
  • We had more sewer backups--twice--nothing as bad as last year's dump, although there was still enough icky stuff to ruin a Saturday afternoon. Perhaps the line was clogged with all my lost productivity from the item above.
  • Tonight, when I went to rent some movies to watch this evening, I found that the magnetic stripe on my credit card couldn't be read--FAIL--which was just icing on the cake following....
  • The pièce de résistance: finishing it all off, our car decided to up and die on us twice in the last few weeks, this last time prompting us to realize that it's a sign from above to get a new car.
Phew!

"Would you like some cheese with that whine?"

Of course, we did have our high points: son #1's wonderful Bar Mitzvah on Purim was wonderfully planned by my loving wife and executed by Son #1 himself. My sister gave birth to my second niece, Kaia. And we actually did have a wonderful family trip to Québec, Montréal and Ottawa this summer; partly business and partly pleasure (our first family vacation since 2003), and the high point of the end of the year was our annual fire-hazard known as Hanukkah:

Eat Flaming Death, Assyrian Pigs!

Posted by Jerry B. Altzman at 11:24 PM | | Comments (0) | TrackBacks (1)

December 16, 2008

The Great Joys of MySQL permissioning

(I was going to talk about God's sick sense of humor, but that's a Random Rant for another day.) I just had some great...fun...with MySQL permissions and I thought I'd record it here for posterity, because sure as shootin' I'm going to be bitten by this problem again. I have a small script that gets called by a web page that tries to create new databases and assign permissions to yet other users from the original site...that is to say: 
+-------------+       +---------------+
| web server  |       | database srvr |
| user 'user1'| ----> |               |
+-------------+       +---------------+
Now when the web page runs, it calls a script that connects as user 'root' from the webserver host. 

+-------------+       +---------------+
| web server  |       | database srvr |
| user 'root' | ----> |               |
+-------------+       +---------------+

Presumably, if user 'root' can log in, it can create and grant privileges? Ah, not so! It turns out, you can, but if you're not careful when you first set up the permissions for root@'webserver', you end up with some permissions to do things and some NOT.

The light went on when I logged in interactively from the web server and saw what I thought "remote root" could do:


mysql> show grants;
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@webserverhost                                                                                                                                      |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'webserver' IDENTIFIED BY PASSWORD '*you think i will put this here??!!' WITH GRANT OPTION                                   |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON `mysql`.* TO 'root'@'webserverhost'          |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------+

When the light went on, it nearly blinded me.
Notice that in the second line, the "remote root"'s privileges on the mysql database (where all of the user privileges are kept) has no 'IDENTIFIED BY' (meaning, a password is required, and has a cryptographic has value equivalent to what I've deleted).
In fact, you won't ever see the 'IDENTIFIED BY' in the second line, but what tickled me about this is that there's no indication that the "remote root" user wouldn't be able to grant permissions.
There's a paradox there. In order to change privileges on the database server (to allow 'user1' to log in, for example), you need to provide no password (that is, you must not provide a password), but in order to log in, you must provide a password! (It is only because I've seen this behavior before that I recognized this; there is otherwise little other indication about it.)
MySQL, to their credit, does document most of this, in their typical fashion, but without any mention of what workarounds might be necessary, or that the regular 'GRANT' facility might not work the way you think, or where the command will succeed--it will do what you tell it to--but not what you want it to... Once I rectified this by granting privileges on the mysql table to the "remote root" user, all the problems went away: 
mysql> grant all on *.* to root@'webserver' identified by 'xxxxxyyyy' with grant option
    -> ;
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

and then... 
[jbaltz@webhost] >mysql -u clover -pxxxxxyyyy -e 'show tables from newDataBase' -hDatabaseServer
+-----------------------+
| Tables_in_newDataBase |
+-----------------------+
| User                  |
+-----------------------+
...which gives me what I need.
Once again: MySQL acts like you tell it to, but not how you might want it to, and there's no indication of how you might shoot yourself in the foot here; it simply silently sets things up in an impossible fashion.

Posted by Jerry B. Altzman at 11:02 PM | | Comments (0) | TrackBacks (0)

December 4, 2008

Planned Obsolesence Gone Mad

Sorry -- this is truly just a random rant. In the past seven days, we've had failures of
  • Our sewer main--it was cleaned out just a year ago, and it backed up again last Thursday
  • My laptop died a horrible death on Monday, leading me to purchase a new one. This Toshiba was just over two years old -- I have two others that are 7 and 10 years, respectively, and another one that is so old it is running Windows 95 on it
  • Today we found out that our 2001-model car with fewer than 100 kilomiles on it probably needs a new engine (!)
I don't even want to start on Son #4's coming down with strep throat, that's going just a bit too far. Luckily, at least a few things are going towards the better:
  • The sewer cleaner came twice, on Friday and on Saturday night (after an encore perfomance of "sludge on the basement floor" Saturday afternoon), quickly, and the problem seems to have abated some.
  • Migrating to a new laptop -- I finally just turned on the thing today -- was easy thanks to a daily backup that occurred only hours before my crash. However, fighting with Vista permissions (moving application data over, etc.) is no great joy. However, I'm finding that I am more or less able to move things over with a minimum of pain, and I should be able to get back on my feet with the new machine as soon as I can get Quickbooks installed on it...

Posted by Jerry B. Altzman at 10:30 PM | | Comments (0) | TrackBacks (0)