Earlier today, we ran an article detailing that Oracle released 270 critical security updates for many of its products, including MySQL cluster which we use here to provide high uptime and reliability for SoylentNews. Needless to say, it was time to upgrade both NDB backends, and the four MySQLd frontends. While the upgrade did not go completely smoothly due to the fact that MySQL strict mode got enabled, and broke the site briefly, our total downtime was less than five minutes or so. Right now, we had to do a full flush and purge of all caches, which means the site is running a bit larky until they can repopulate but I'm pleased to announce we're up to date and secure!
ndb_mgm> show Cluster Configuration --------------------- [ndbd(NDB)] 2 node(s) id=2 @redacted (mysql-5.7.17 ndb-7.5.5, Nodegroup: 0) id=3 @redacted (mysql-5.7.17 ndb-7.5.5, Nodegroup: 0, *) [ndb_mgmd(MGM)] 2 node(s) id=101 @redacted (mysql-5.7.17 ndb-7.5.5) id=102 @redacted (mysql-5.7.17 ndb-7.5.5) [mysqld(API)] 4 node(s) id=11 @redacted (mysql-5.7.17 ndb-7.5.5) id=12 @redacted (mysql-5.7.17 ndb-7.5.5) id=13 @redacted (mysql-5.7.17 ndb-7.5.5) id=14 @redacted (mysql-5.7.17 ndb-7.5.5)
If you notice any unusual breakages or slowdowns, please let me know in the comments. Otherwise, keep calm and carry on!
~ NCommander
(Score: 2) by ikanreed on Friday January 20 2017, @04:55PM
Who wants to waste time hacking a site an active userbase with a few hundred?
Given(hopefully) that the database servers are adequately firewalled such that only apache can reach them, anyone wanting to use MySQL exploits would nominally have to specifically target slashcode to e'SELECT * FROM PERMISSIONS;--
(Score: 2) by NCommander on Friday January 20 2017, @04:59PM
In terms of posters, a few hundred is probably correct, but we get a lot more of view traffic. I haven't checked the statistics recently, but we get a lot of read traffic to the point the site starts lagging when we have web frontend down. Plus I can't be on the high ground on keeping up on security patches if I'm a hypocrite about it.
Still always moving
(Score: 2) by ikanreed on Friday January 20 2017, @05:10PM
I think you're right, I just wanted a particularly hypocritical post to add my fake sql injection joke to.
(Score: 2) by Webweasel on Friday January 20 2017, @11:38PM
Hey! I like, post every couple of months and shit. sometimes.
I moderate too... when I get time.
STOP JUDGING ME!
Priyom.org Number stations, Russian Military radio. "You are a bad, bad man. Do you have any other virtues?"-Runaway1956
(Score: 2) by shipofgold on Friday January 20 2017, @05:05PM
Someone who wants to take over the site and use it for more nefarious reasons?
(Score: 2) by AthanasiusKircher on Friday January 20 2017, @06:42PM
"Nefarious reasons"? What could be more nefarious than making news out of... PEOPLE?
Puppies, maybe? Yeah -- that's usually worse. Today if they remade Soylent Green and really wanted a shocker, it would turn out that it was made from puppies.
One of the most insightful scenes in film from the last year or two was in Look Who's Back [wikipedia.org], which involves the mysterious return of Adolf Hitler to modern Berlin. Shockingly, he seems to get away with saying just about anything from his old rhetoric -- ranting about immigrants and the glory of the German race, endorsing "labor camps" for undesirables, etc. It all just seems to make him more popular. But [SPOILER] -- the one thing the public cannot stand from him is violence to a small dog. I won't say more... you just have to see it.
(Score: 0) by Anonymous Coward on Saturday January 21 2017, @05:56AM
* TVTropes Warning! *
http://tvtropes.org/pmwiki/pmwiki.php/Main/KickTheDog [tvtropes.org]
* TVTropes Warning! *
(Score: 2) by Phoenix666 on Saturday January 21 2017, @11:58AM
Most people familiar with the history know this, but it was a good reminder when the guy going nuts trying to stop him confronted him on the roof and Hitler pointed out, "All those people voted for me. They voted for me."
Washington DC delenda est.
(Score: 1) by nitehawk214 on Friday January 20 2017, @05:38PM
I think you underestimate the motivations of script kiddies.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 2) by bob_super on Friday January 20 2017, @06:01PM
I'm strangely okay with the idea of script kiddies taking pride for pwning Soylentnews.
(Score: 0) by Anonymous Coward on Friday January 20 2017, @07:24PM
Who wants to waste time hacking a site an active userbase with a few hundred?
No one is researching sites like SN. They just point their automated attack servers at domains, IPs + ports, etc. It's nothing personal ... it's just your number was called today.
(Score: 2) by ikanreed on Friday January 20 2017, @07:35PM
Yeah, but the MySQL servers, if properly setup, aren't on any public IP.
(Score: 2) by NCommander on Friday January 20 2017, @10:39PM
Ours aren't, but if someone manages to get a non-root shell on one of our machines, I don't want them to be able to break into the database. For logistical reasons, there are several machines on our network that can access the mysqld endpoints for backup and maintenance reasons. If someone scored access to the right box, they'd be in a position that they could talk to 3306 on one of the DB servers.
Still always moving
(Score: 2) by ikanreed on Friday January 20 2017, @11:01PM
Can't believe I didn't think of that kinda obvious case.