The Silicon Underground

Home » Page 237

Resources for learning SQL

Dave Farquhar Servers and Networking September 30, 2015November 26, 2016Microsoft Access, mysql, oracle, SQL

Whether you’re a sysadmin, an analyst, or use a computer for something else professionally–even if you’re not a database administrator or developer–SQL is a useful skill to know. I’ve gotten by for 20 years without knowing much more SQL other than simple SELECT statements, but those days are rapidly winding down–if I want to be good at my current job, I’m going to have to take some time to learn SQL. If you’re in the same boat, here are some resources for learning SQL.

Here are two resources:

http://pgexercises.com/

https://sqlschool.modeanalytics.com/the-basics/introduction/

SQL is the underlying language behind Oracle, Microsoft SQL, MySQL, PostgresSQL, and probably a few other databases I’m forgetting. If you’re doing something beyond Microsoft Access, it’s probably using some kind of SQL. Each implementation has its own quirks but the basics remain the same between all of them.

Microsoft looks back at MS08-067

Dave Farquhar security September 29, 2015September 27, 2015certification test, code execution, Information Assurance, vulnerability, windows 2000, Windows XP

The most infamous Microsoft patch of all time, in security circles at least, is MS08-067. As the name suggests, it was the 67th security update that Microsoft released in 2008. Less obviously, it fixed a huge problem in a file called netapi32.dll. Of course, 2008 was a long time ago in computing circles, but not far enough. I still hear stories about production servers that are missing MS08-067.

Last week, Microsoft took a look back at MS08-067, sharing some of its own war stories, including how they uncovered the vulnerability, developed a fix, and deployed it quickly. It’s unclear who besides Microsoft knew about the problem at the time, but one must assume others were aware of it and using it. They certainly were after the fall of 2008.

Disrupting online crime by attacking profit margins

Dave Farquhar security September 28, 2015September 27, 2015Exploitation

The question of why people hack is a common one, but increasingly, it’s to fuel a vast, immensely profitable underground economy. Google researchers suggest the best way to slow or stop it is to undermine that economy, rather than the conventional methods which try to make hacking harder.

How long it takes to paint a room with a Graco 360DS paint sprayer

Dave Farquhar Landlording September 25, 2015April 23, 2017

It takes about an hour to paint a room with a Graco 360DS paint sprayer. Here’s why I know that. I had to paint a house this month for the first time in about five years. I don’t particularly enjoy painting and I’m not particularly good at it.

An old high school friend helped me out with the exterior, and after seeing his paint sprayer, I had to get one myself. Mine’s less expensive and less fancy than his: I bought a handheld Graco 360DS. While it has some limitations, I’m very glad I bought it.

Cleaning a PC when fdisk-format-reinstall isn’t an option

Dave Farquhar Uncategorized September 24, 2015September 19, 2015antivirus, chrome, defragmenter, malware, malwarebytes, psi, ublock

There are any number of pie-in-the-sky pundits who will tell you when a computer starts to get slow, to format the hard drive, reinstall Windows, and go on your merry way.

Unfortunately it’s not always realistic. I don’t clean up PCs all that often anymore, but here’s what I do when I need to.

The difference between a vulnerability scanner and a SIEM

Dave Farquhar security September 23, 2015November 21, 2018excel, nessus, retina, splunk, vulnerability

I heard an interesting question the other day: What’s the difference between a vulnerability scanner and a SIEM? Qualys and Nessus are examples of vulnerability scanners. Arcsight and Splunk are examples of SIEMs.

To a security practitioner, the tools couldn’t be much more different, but not everyone is a security practitioner.

On a basic, fundamental level, a vulnerability scanner deals in what’s missing in the environment and what could happen as a result of those things that are missing. A SIEM deals in what actually has happened and is happening.

Dual screen Citrix, or dual monitor Citrix

Dave Farquhar Software September 22, 2015October 17, 2018citrix, excel, windows 7

At my current and immediately previous job, we made heavy use of Citrix. Citrix makes remote access and administration really convenient. But you don’t get dual screen Citrix by default, and that’s a shame.

A few more WordPress security tips

Dave Farquhar security September 21, 2015November 3, 2025malware, PHP, vulnerability

There’s some nasty WordPress malware (Link removed in retaliation for Conde Nast’s 11/3/2025 layoffs. Sorry not sorry.) circulating right now. I haven’t fallen victim to that one, but I caught the very early stages of infection myself all too recently. WordPress itself was just updated to close some vulnerabilities, but the biggest problem is the plugins. Unfortunately, the plugins are the main reason to run WordPress.

At my day job, I’ve had the pleasure of working with a very security-conscious webmaster for the last couple of months, and he and I talk about WordPress security frequently and look into what we, or anyone for that matter, can do to make the best of the situation. Here’s what he and I have found in the last week or so.

Easy model corrugated or wooden fences for train layouts

Dave Farquhar Toy trains September 18, 2015November 26, 2016HO, ho scale, home improvement, o scale, s scale, Tacky Wax, train layout

If you want model fence for your train layout, there’s an affordable solution sitting in your hardware or home improvement store for providing easy model corrugated or wooden fences for train layouts.

New password advice from GCHQ

Dave Farquhar security September 17, 2015April 24, 2017breach, NSA, password database, passwords

The GCHQ is the British equivalent of the NSA. They recently published a new document containing the GCHQ’s new password advice in light of the things we’ve learned in the last few years. It’s worthwhile reading, whether you’re a sysadmin or a web developer or just an end user who wants to stay secure online.

Some of the advice may be surprising.