Here is a basic MySQL tip regarding application users:

When building applications that use MySQL, it is a best practice to create a MySQL application user that is dedicated to your app and has privileges to access only the database it is assigned.

With the latest version of phpMyAdmin, you can do this all in one step in the Add New User screen. Look for this fieldset and check the “Create database with same name and grant all privileges” box:

You can then retract privileges from the given database, i.e. like if the app is only going to need SELECT and you are uploading tables manually, then you can uncheck everything except the SELECT box. Or maybe the user needs only standard CRUD operations, in which you can assign it SELECT, INSERT, UPDATE, and DELETE. As a best practice, you want your user to only have the minimum amount of privileges it needs for the app to function.

Today I had my toothpaste confiscated from the airline security people as I went through. They said my toothpaste tube was too big. I pointed out that it was 90% empty, and only a few CCs of product remained in this flattened tube, but they were convinced that this dangerous piece of contraband was too risky.

We live in a very strange world where toothpaste and shampoo are not allowed on airplanes. I already had to take off my jacket, my coat, my belt, and my damn shoes. Now they deny me the ability to conduct basic personal hygiene. Flying is now an exercise in abject humiliation. Being rushed through the line while you fumble for your flight pass and try to get your laptop computer out while throngs of stressed out and impatient travelers and DHS employees watch you practically strip to your underwear. Imagine how much money is spent on placebo airport security. In some sense here, the terrorists have won, because I’m sure they are laughing their asses off at us every time we disrobe at the airport.

An interesting byproduct of a workaround I recently did to temporarily patch a buggy issue with downloading my email has resulted in a dramatic decrease in volume for spam coming in to my email account, and I like it.

I’ve been a big fan of SpamSieve to filter out 99% of the crap that gets thrown at my inbox, and it works beautifully. However, as time has marched on, a recent trend in spam headers has caused my default email reader Microsoft Entourage 2004 to get stuck on occasion. Those occasions have increased from sporadic to daily to now hourly in the past couple of days. Aggrivating. I have to go into the server and unstick it by finding potential spam messages with the bad headers and deleting them.

I’m not really sure what the header in question is, or why Entourage throws up it’s hands every time it encounters this thing, but as of today I officially don’t care. Because to get around the problem for a few hours and to save my sanity, I decided to activate POP3 access for my Gmail account, and to just have my sanbeiji.com email get forwarded to there.

Since I hadn’t really used my Gmail account much since setting it up, I wasn’t really familiar with how well it worked or how much I’d like the features. Truth is now, I love it for one thing: The spam filtration rocks.

Finally, some server-side relief that I can depend on. I was wondering why I was getting so little email all of a sudden. It seemed to work if I sent test messages, but where was all the spam going?

Aye, to the heap it went.

Goodbye, you whores of the spam netherworld! No longer do I have to waste my bandwidth on downloading another “Warmest Greeetings and Salutations!!!” letter from His Royal Highness the Captain Cornholio of Lagos, Nigeria. Gone are the ridiculous and misspelled offers for mortgages, Viagra, and pr0n.

Privacy Concerns

If you don’t like the idea of all your email getting passed through Google’s servers and getting sniffed because Google might one day arbitrarily hand over records about you to the authorities, you could always encrypt using PGP or S/MIME. Granted they have a marginally better track record going than other ISPs and Yahoo, but better to be safe than sorry.

Update: There’s even an S/MIME extension for Gmail. Also, my PGP key is listed in the PGP Global Directory.

There is a new scam going around that targets music teachers. The assholes trawl Craigslist and other sites looking for independent private music teachers to rip off. Basically they pretend to be sending a child from another country to the your location to study, vacation or whatever, and they want to set them up with music lessons while they’re in town. They then send you a supposed check which invariably turns out to be way too much money, they mention they sent too much, and just ask you to deposit the check and send them a refund. Of course the check is fraudulent, and you wind up sending them free money and getting in trouble at the same time.

Yingwen got one of these today and luckily she saw some earlier reports posted on Craigslist that resembled the pattern. Some of the obvious signs are:

• Email is from another country sending a child to your town.
• Spelling, punctuation, grammar is crap.
• Name of sender is totally improbable

More info:

Scam Alert at PianoTeachers.com
Violin Teacher Scam at joewein.de
Teachers.net Classifieds Fraud Alert

I’ve been here the past couple of days at the Zend PHP conference in Burlingame. Quite a good show all around so far. This is the first event of a planned annual series, and from what I hear the attendance has greatly exceeded expectations. Looking forward to many more of these.

Yesterday I attended an all-day refresher session given by Marco Tabini. This was actually a really helpful session – reviewing all the basic nuts and bolts of PHP to provide myself with a more well-rounded understanding of all that hacking I’ve been doing over the past few years.

Did get to briefly talk with Chris Shiflett to discuss some security-related issues as well as get his take on PHP books. His own book Essential PHP Security is due out any day. Looking forward to his presentation this coming Friday morning.

The nice thing about this event has been it’s relatively small size, and the openness of the people that are attending. I have met a bunch of really cool, really intelligent PHP developers, and was able to discuss some real meaningful issues at a high level.

Today was a full day of breakout sessions and keynotes. I think my brain is reaching capacity for now. Thankfully it’s about time to wind down to open the exhibit booths and get some free snacks and libations.

I just noticed this instruction at Marc Liyanage’s MySQL install page, and it’s really good advice:

In recent distributions of MySQL, you can also run the script mysql_secure_installation instead of just changing the root password. That script allows you to change the root password, delete the test database, remove the anonymous user, remove remote access (allowing access from the local machine only) and reset the privileges table.

A nice handy script to tidy up your MySQL installation. I’ve installed it so many times lately on so many machines, and I foresee many more in my not-so-distant future. This will come in handy.

Zone Labs in San Francisco needs a web design contractor and quick! Interested folks can send their resumes to khalperin AT zonelabs.com.

Position Title:  Web Design Contractor

General position responsibilities:

The Web Design contractor is responsible for supporting all production efforts for Zone Labs online campaigns.

Proactively manage and produce all of E-commerce-oriented, technology partner and SMB initiatives including web promotion activity such as email campaigns, landing pages, ad banners, etc.

Required skill set and experience:

• High-level proficiency with HTML, CSS, and Javascript
• Demonstrated expert understanding and implementation with popular email clients
• Detailed understanding of cross-browser compatibility and proven experience creating highly-compatible web deliverables
• Hands-on experience with Dreamweaver HTML editor/design tools a must
• Excellent sense of web design to ensure optimal response from online campaigns
• Detailed-oriented with ability to track, organize and prioritize multiple, simultaneous projects and request

Desired skill set:

• Demonstrated ability to positively affect visitor/user behavior
• Demonstrated ability to engage in cross-department planning and the ability to manage your own work schedules and commitments
• B2C and B2B background desired

Education:

BS/BA degree required or equivalent industry experience, with a minimum of 3-5 years of web design/ production experience.

Send your resume to khalperin AT zonelabs.com.

Well I had no idea this was coming ��� stumbled across the feature when I was checking out the new Keychain Access app. In the Keychain Access menu, look for the Certificate Assistant menu item. As Apple states:

Apple – Mac OS X – 200+ New Features

Certificate Assistant
Easily request, issue and manage certificates for small workgroups with this utility that blends many functions of a commercial Certificate Authority at none of the cost.

Well, well, well. What have we here? This is a pleasant suprise – create my own little self-signed certificates and a CA using a Mac-based assistant? How easy!

Self-signed certs don’t do much good for public use of things like SSL or S/MIME, but can be very nice for testing or for securing private communications. An administrator could go and create their own CA, install the cert as valid on the machines in the local network, and issue people certificates for S/MIME on the LAN.

I’d been hoping for better X.509 tools for Mac since I started working at Xcert back in 1998. With the improved Keychain Access, Certificate Manager, client certificate authentication in Safari, and S/MIME built in to Mail and Entourage, it seems that things have finally arrived.