MySQL Table Fragmentation

The following SQL will give you an understanding on how fragmented tables are on a MySQL server

SELECT CONCAT(TABLE_SCHEMA,'.',TABLE_NAME) AS tableName,Round( DATA_LENGTH/1024/1024) + round(INDEX_LENGTH/1024/1024) as dataSize, round(DATA_FREE/ 1024/1024) as wastedSpace,round(DATA_FREE/ 1024/1024)/(Round( DATA_LENGTH/1024/1024) + round(INDEX_LENGTH/1024/1024)) AS fragmentationRatio from information_schema.tables  where  DATA_FREE > 0 HAVING fragmentationRatio >0.01 OR fragmentationRatio IS NULL;

Why You Should Use SSH Keys Instead of Username and Password

In the ever-evolving world of cybersecurity, it’s essential to stay ahead of potential threats to protect your data and systems. One common and efficient method of securing access to remote servers is Secure Shell (SSH). When it comes to SSH authentication, there are two popular methods: username/password and SSH keys. This blog post delves into the benefits of using SSH keys over the traditional username/password method and why it’s high time you make the switch.

  1. Enhanced Security

SSH keys are significantly more secure than the username/password method. The latter can be easily compromised through brute force attacks, dictionary attacks, and other forms of hacking. SSH keys, on the other hand, are cryptographic keys that are nearly impossible to crack, as they come in pairs—a private key and a public key.

The private key is kept on the user’s local machine and should never be shared, while the public key is stored on the server. As long as the private key remains confidential, the security of the SSH connection is remarkably robust.

  1. Time-saving and Convenient

Using SSH keys eliminates the need to remember complex passwords or frequently change them to maintain security. Once you have set up your SSH keys, accessing remote servers becomes a seamless process, saving time and effort. Additionally, using an SSH key agent, you can manage multiple keys without the hassle of remembering passwords for different servers.

  1. Improved Access Control

SSH keys can be used to restrict access to specific users and limit the commands they can execute. This granular control enables you to provide the right level of access to different team members or applications, ensuring that your data and systems remain secure. Furthermore, you can easily revoke or modify access to a server by simply updating the authorized_keys file on the server.

  1. Easy Integration with Automation

In the modern IT landscape, automation is crucial for streamlining processes and improving efficiency. Using SSH keys simplifies the automation of tasks that involve connecting to remote servers. Since there’s no need to manually enter a password, SSH keys facilitate seamless and secure interactions between servers, scripts, and other automated systems.

  1. Reduced Risk of Human Error

When using username/password authentication, it’s not uncommon for users to accidentally type their passwords into the wrong field or fall victim to phishing scams. With SSH keys, the authentication process is automated, minimizing the risk of human error and ensuring that sensitive data is not inadvertently exposed.

SMPP Glossary

The Short Message Peer-to-Peer (SMPP) protocol is a telecommunications industry protocol for exchanging SMS messages between Short Message Service Centers (SMSCs) and/or External Short Messaging Entities (ESMEs). It is a level-7 TCP/IP protocol that allows fast and efficient delivery of SMS messages. Here’s a glossary of some common SMPP commands:

  1. bind_transmitter (0x00000002): Initiate a bind operation with an SMSC as a transmitter.
  2. bind_transmitter_resp (0x80000002): Response to the bind_transmitter command.
  3. bind_receiver (0x00000001): Initiate a bind operation with an SMSC as a receiver.
  4. bind_receiver_resp (0x80000001): Response to the bind_receiver command.
  5. bind_transceiver (0x00000009): Initiate a bind operation with an SMSC as both a transmitter and receiver.
  6. bind_transceiver_resp (0x80000009): Response to the bind_transceiver command.
  7. unbind (0x00000006): Close an active SMPP session.
  8. unbind_resp (0x80000006): Response to the unbind command.
  9. submit_sm (0x00000004): Submit a short message to an SMSC for onward delivery.
  10. submit_sm_resp (0x80000004): Response to the submit_sm command.
  11. deliver_sm (0x00000005): Deliver a short message to an ESME for onward delivery.
  12. deliver_sm_resp (0x80000005): Response to the deliver_sm command.
  13. data_sm (0x00000103): Exchange data between an ESME and an SMSC.
  14. data_sm_resp (0x80000103): Response to the data_sm command.
  15. query_sm (0x00000003): Query the status of a previously submitted short message.
  16. query_sm_resp (0x80000003): Response to the query_sm command.
  17. cancel_sm (0x00000007): Cancel a previously submitted short message.
  18. cancel_sm_resp (0x80000007): Response to the cancel_sm command.
  19. replace_sm (0x00000008): Replace the contents of a previously submitted short message.
  20. replace_sm_resp (0x80000008): Response to the replace_sm command.
  21. enquire_link (0x00000015): Check the status of an active SMPP session.
  22. enquire_link_resp (0x80000015): Response to the enquire_link command.
  23. alert_notification (0x00000102): Notify an ESME of an event.
  24. generic_nack (0x80000000): Indicate an error or an inability to process an unrecognized or unsupported SMPP command.

Note that the command IDs are provided in hexadecimal format – which can be used with wireshark – eg smpp.command_id=0x002 for filtering down to only bind_transmitter PDUs.

  1. bind_transmitter:
    • system_id: Identifies the ESME system requesting to bind.
    • password: The password used to authenticate the ESME system.
    • system_type: Indicates the ESME’s type or role.
    • interface_version: The SMPP version supported by the ESME.
    • addr_ton: The Type of Number of the ESME’s address range.
    • addr_npi: The Numbering Plan Indicator of the ESME’s address range.
    • address_range: The ESME’s address range.
  2. bind_receiver:
    • (Same parameters as bind_transmitter)
  3. bind_transceiver:
    • (Same parameters as bind_transmitter)
  4. unbind:
    • No additional parameters required.
  5. submit_sm:
    • service_type: Indicates the SMS service type.
    • source_addr_ton: The Type of Number of the sender’s address.
    • source_addr_npi: The Numbering Plan Indicator of the sender’s address.
    • source_addr: The sender’s address.
    • dest_addr_ton: The Type of Number of the recipient’s address.
    • dest_addr_npi: The Numbering Plan Indicator of the recipient’s address.
    • destination_addr: The recipient’s address.
    • esm_class: Indicates the message mode and type.
    • protocol_id: Protocol identifier.
    • priority_flag: Sets the priority of the message.
    • schedule_delivery_time: Scheduled time for message delivery.
    • validity_period: Validity period of the message.
    • registered_delivery: Indicates if a delivery receipt is required.
    • replace_if_present_flag: Replace an existing message with the same ID.
    • data_coding: Defines the encoding scheme of the message.
    • sm_default_msg_id: Indicates a pre-defined message.
    • sm_length: The length of the short message.
    • short_message: The short message text.
  6. deliver_sm:
    • (Same parameters as submit_sm, except for replace_if_present_flag and sm_default_msg_id)
  7. data_sm:
    • (Same parameters as submit_sm, except for protocol_id, priority_flag, schedule_delivery_time, validity_period, and sm_default_msg_id)
  8. query_sm:
    • message_id: The message identifier assigned by the SMSC.
    • source_addr_ton: The Type of Number of the sender’s address.
    • source_addr_npi: The Numbering Plan Indicator of the sender’s address.
    • source_addr: The sender’s address.
  9. cancel_sm:
    • service_type: Indicates the SMS service type.
    • message_id: The message identifier assigned by the SMSC.
    • source_addr_ton: The Type of Number of the sender’s address.
    • source_addr_npi: The Numbering Plan Indicator of the sender’s address.
    • source_addr: The sender’s address.
    • dest_addr_ton: The Type of Number of the recipient’s address.
    • dest_addr_npi: The Numbering Plan Indicator of the recipient’s address.
    • destination_addr: The recipient’s address.
  10. replace_sm:
    • message_id: The message identifier assigned by the SMSC.
    • source_addr_ton: The Type of Number of the sender’s address.
    • source_addr_npi: The Numbering Plan Indicator of the sender’s address.
    • source_addr: The sender’s address.
    • schedule_delivery_time: Scheduled time for message delivery.
    • validity_period: Validity period of the message.
    • registered_delivery: Indicates if a delivery receipt is required.
    • sm_default_msg_id: Indicates a pre-defined message.
    • sm_length: The length of the short message.
    • short_message: The short message text.
  1. enquire_link:
  • No additional parameters required.
  1. alert_notification:
  • source_addr_ton: The Type of Number of the sender’s address.
  • source_addr_npi: The Numbering Plan Indicator of the sender’s address.
  • source_addr: The sender’s address.
  • esme_addr_ton: The Type of Number of the ESME’s address.
  • esme_addr_npi: The Numbering Plan Indicator of the ESME’s address.
  • esme_addr: The ESME’s address.

Please note that for each command, there is a corresponding response PDU. The response PDUs typically contain a command_status field indicating the result of the original command (0 for success, or an error code for failure), and in some cases, additional information related to the request.

For example, bind_transmitter_resp, bind_receiver_resp, and bind_transceiver_resp PDUs include an additional system_id parameter, which is a copy of the system_id value provided in the original bind command.

The submit_sm_resp and data_sm_resp PDUs include a message_id parameter, which is the message identifier assigned by the SMSC for the submitted short message.

Other response PDUs, like deliver_sm_resp, query_sm_resp, cancel_sm_resp, and replace_sm_resp, do not require additional parameters beyond the command_status field.

POP!_OS: The Power User’s Linux Distro

POP!_OS is a free and open-source Linux distribution developed by System76, a hardware manufacturer and software developer that specializes in creating Linux-based laptops and desktops. Launched in 2017, POP!_OS has rapidly gained a reputation as a highly optimized, user-friendly, and customizable operating system, making it an ideal choice for both beginners and power users. In this in-depth look at POP!_OS, we will explore its origins, features, performance, and how it compares to other popular Linux distributions.

I. Origins and Development

The inception of POP!_OS can be traced back to System76’s desire to create a Linux distribution tailored to their hardware products. This vision was realized through a close partnership with Canonical, the company behind the widely popular Ubuntu Linux distribution. POP!_OS is built upon the foundation of Ubuntu, and as such, it shares many of its core components and benefits from the extensive software repositories available to the Ubuntu ecosystem.

The primary goal of POP!_OS is to provide a seamless and powerful computing experience for users, focusing on performance, ease of use, and customization. Over the years, the development team has introduced numerous updates and features to achieve this vision, making POP!_OS a popular choice among Linux enthusiasts and professionals alike.

II. Features and Functionality

  1. User Interface:

POP!_OS utilizes the GNOME desktop environment, which provides a modern, polished, and user-friendly interface. The development team has made several customizations to the GNOME environment to optimize the overall user experience. This includes features like the Pop Shell, which adds advanced window management capabilities and a powerful tiling system, enabling users to arrange multiple windows efficiently.

  1. Performance and Optimization:

One of the key selling points of POP!_OS is its focus on performance. System76 optimizes the distribution to ensure that it runs smoothly on a wide variety of hardware, including their own product lineup. This optimization also extends to power management, ensuring that laptops running POP!_OS benefit from extended battery life and efficient resource usage.

  1. Hardware Support:

As a product of a hardware manufacturer, it’s no surprise that POP!_OS excels in hardware support. The operating system is optimized to work seamlessly with System76’s computers, providing an out-of-the-box experience that rivals that of Windows and macOS. Additionally, POP!_OS has excellent support for Nvidia GPUs, making it an ideal choice for gamers and professionals who rely on graphics-intensive applications.

  1. Software Management:

POP!_OS inherits the extensive software repositories from Ubuntu, ensuring that users have access to a vast array of applications. The Pop!_Shop, POP!_OS’s native software center, offers an intuitive way to discover, install, and manage software on the system. The operating system also supports Flatpak and Snap packages, enabling users to install applications from alternative sources with ease.

III. Performance Comparison

POP!_OS consistently performs well when compared to other popular Linux distributions. Due to its optimizations and hardware support, users can expect a smooth experience, whether they are running the operating system on a System76 machine or another manufacturer’s hardware. While some other distributions may offer slightly better performance in certain use cases, the overall experience on POP!_OS remains competitive and reliable.

IV. Conclusion

POP!_OS has quickly become a beloved choice among Linux enthusiasts and professionals alike, thanks to its focus on performance, ease of use, and customization. With its strong foundation built upon Ubuntu, impressive hardware support, and an extensive selection of software, POP!_OS offers a powerful and user-friendly computing experience that rivals that of other major operating systems.

Whether you’re a seasoned Linux user or a newcomer to the world of open-source computing, POP!_OS is a worthy contender for your next operating system. Its commitment to providing an optimized and seamless experience on a wide range of hardware, including System76’s own products, ensures that users can expect a consistent and enjoyable computing environment.

Moreover, the active development and support from the System76 team mean that POP!_OS will continue to evolve and improve over time, addressing the needs of its growing user base. As it stands, POP!_OS is an excellent choice for those looking for a powerful, user-friendly, and customizable Linux distribution that can handle both everyday tasks and more demanding professional workloads.

In summary, POP!_OS’s core strengths lie in its:

  1. User-friendly interface and customizations: With its customized GNOME desktop environment and features like the Pop Shell, users can enjoy a modern, polished, and efficient computing experience.
  2. Performance and optimization: The operating system’s focus on performance ensures that it runs smoothly on a variety of hardware, providing a reliable computing environment.
  3. Hardware support: POP!_OS is optimized for System76’s own computers and offers excellent support for other hardware, including Nvidia GPUs.
  4. Extensive software availability: Users have access to the vast Ubuntu software repositories, as well as Flatpak and Snap packages, ensuring that they can find and install the applications they need with ease.

As the Linux ecosystem continues to grow and mature, POP!_OS stands out as a shining example of what can be achieved through a dedicated focus on user experience, performance, and customization. Whether you’re a developer, creative professional, or simply someone looking to explore the world of Linux, POP!_OS is a compelling choice for your next operating system.

Defending Your Digital Fortress: The Benefits of Encrypting Files with GPG and VeraCrypt for the Paranoid

In today’s digital age, personal information is a valuable commodity. From governments to hackers, countless entities are vying for access to our most sensitive data. To the paranoid, this seemingly unending assault on privacy can be unsettling. That’s where encryption comes in, providing an essential line of defense against these invasive forces. This article will delve into the benefits of encrypting files from a paranoid security perspective, advocating the use of GPG (GNU Privacy Guard) and VeraCrypt as ideal tools to protect your digital fortress.

What is Encryption?

Encryption is the process of encoding information in a way that makes it unreadable to anyone without the necessary decryption key. Simply put, it’s a way to protect your files from unauthorized access. The stronger the encryption algorithm, the harder it is for an attacker to crack the code and gain access to the data. Modern encryption tools like GPG and VeraCrypt utilize powerful algorithms that make it virtually impossible for even the most sophisticated adversaries to compromise your data.

The Benefits of Encrypting Files from a Paranoid Security Perspective

  1. Safeguarding sensitive data

The primary benefit of encrypting files is the protection of your sensitive data. Whether it’s financial records, personal correspondence, or intellectual property, encryption ensures that only authorized individuals can access the information. This is particularly important in a world where data breaches and identity theft are rampant.

  1. Protecting privacy and anonymity

Encryption can help maintain your privacy and anonymity online. By securing your data, you limit the ability of ISPs, government agencies, and hackers to monitor your digital activities. This is particularly relevant for whistleblowers, activists, or individuals living under repressive regimes, who may be at risk for simply exercising their right to free speech.

  1. Bolstering communication security

End-to-end encryption is a critical component of secure communication. Tools like GPG enable users to encrypt emails and other messages, ensuring that only the intended recipient can read the contents. In an era of mass surveillance and data interception, encryption is essential to protect the privacy of both personal and professional correspondence.

  1. Enhancing cloud storage security

While cloud storage providers often tout their security measures, the fact remains that your data is stored on a third-party server, which may be vulnerable to hacks or government subpoenas. Encrypting files before uploading them to the cloud ensures that even if the provider’s security is compromised, your data remains safe.

  1. Supporting compliance with regulations

Various industries are subject to data protection regulations, such as the General Data Protection Regulation (GDPR) in the EU or the Health Insurance Portability and Accountability Act (HIPAA) in the US. Encrypting sensitive data is often a requirement for compliance, ensuring that your organization does not face hefty fines or penalties.

GPG: A Robust Encryption Solution

GPG is an open-source encryption tool based on the OpenPGP standard. It’s designed for encrypting and signing data, as well as verifying the authenticity of digital signatures. GPG is a widely adopted solution, trusted by governments, corporations, and individuals alike. Its key features include:

  1. Asymmetric encryption: GPG uses a public key for encryption and a private key for decryption, ensuring that only the intended recipient can access the data.
  2. Digital signatures: GPG allows users to sign files or messages, verifying the authenticity and integrity of the data.
  3. Key management: GPG provides an intuitive interface for managing your encryption keys, making it easy to create, revoke, and share keys as needed.
  4. Cross-platform compatibility: GPG is available for various operating systems, including Windows, macOS, and Linux.

VeraCrypt: Disk Encryption for the Paranoid

In an increasingly interconnected world, the privacy and security of personal data have become paramount concerns. For the paranoid, leaving sensitive information unprotected is simply not an option. VeraCrypt, a powerful open-source disk encryption software, offers a solution to those seeking a robust defense against unauthorized access to their data. This article will explore the benefits and features of VeraCrypt, highlighting why it is an ideal tool for the security-conscious.

What is VeraCrypt?

VeraCrypt is an open-source disk encryption software that builds upon the discontinued TrueCrypt project. It is designed to encrypt entire storage devices, including hard drives, USB sticks, and even cloud storage, providing an added layer of security for the data stored within. VeraCrypt uses advanced encryption algorithms and features, making it a popular choice for those seeking a high level of data protection.

Key Features of VeraCrypt

  1. Strong Encryption Algorithms

VeraCrypt employs a range of powerful encryption algorithms, including AES (Advanced Encryption Standard), Twofish, and Serpent. Users have the option to choose their preferred algorithm or even use a combination for increased security. These algorithms provide robust protection against brute-force attacks, ensuring that even the most determined adversaries will have difficulty cracking the encryption.

  1. On-the-Fly Encryption

One of the main advantages of VeraCrypt is its ability to perform on-the-fly encryption and decryption. This means that data is encrypted and decrypted automatically as it is read from or written to the disk, without any user intervention. This feature is particularly useful for the paranoid, as it ensures that data remains encrypted at all times, even when in use.

  1. Hidden Volumes

VeraCrypt’s hidden volume feature allows users to create a secret, encrypted volume within another encrypted volume. This clever implementation of plausible deniability enables users to maintain two separate sets of data, one for everyday use and another for sensitive information. In the event of coercion, users can reveal the password for the outer volume, while the hidden volume remains concealed and secure.

  1. Cross-Platform Compatibility

VeraCrypt is available for various operating systems, including Windows, macOS, and Linux. This cross-platform compatibility ensures that users can access and protect their encrypted data across different devices and environments.

  1. Open-Source Software

As an open-source project, VeraCrypt benefits from the scrutiny and contributions of a global community of developers and security experts. This means that the software is continually reviewed, improved, and updated, ensuring that it remains a reliable and secure option for encrypting sensitive data.

Why VeraCrypt is Ideal for the Paranoid

  1. Protection Against Physical Attacks

Encrypting your disks with VeraCrypt safeguards your data from physical theft. In the event that your device is stolen, the encrypted data remains unreadable without the correct password, preventing unauthorized access to sensitive information.

  1. Defense Against Data Leaks

VeraCrypt’s encryption mitigates the risk of data leaks resulting from malware, hacking, or other cyberattacks. By ensuring that your data remains encrypted, you limit the potential damage that can result from a security breach.

  1. Safe Storage of Backups

Creating encrypted backups of your data with VeraCrypt ensures that even if your primary storage is compromised, your backups remain secure. This is particularly important for those with highly sensitive information that must be protected at all costs.

  1. Enhanced Privacy

By using VeraCrypt, you can maintain a higher level of privacy for your personal and professional data. This is especially valuable for those living under oppressive regimes, activists, journalists, and others who face surveillance or censorship.

Secure Development Practices: Enhancing Software Security from the Ground Up

Secure development practices are essential for organizations to protect their software from vulnerabilities and potential security breaches. As cyber threats become increasingly sophisticated, developers must be proactive in ensuring that their software is as secure as possible. This article will explore various secure development practices, including adopting a secure development lifecycle, ensuring proper authentication, and implementing secure coding guidelines.

  1. Adopting a Secure Development Lifecycle (SDLC)

A Secure Development Lifecycle (SDLC) is a framework that integrates security best practices and activities throughout the development process. This approach involves several key steps:

  • Requirements analysis: Identify the security requirements of your software early in the development process.
  • Design: Ensure that security is incorporated into the software design, including architecture and data flow diagrams.
  • Implementation: Develop secure code based on established coding standards and guidelines.
  • Testing: Perform comprehensive security testing, including penetration testing and vulnerability assessments.
  • Deployment: Implement security measures during deployment, such as secure configurations and continuous monitoring.
  • Maintenance: Regularly update and patch software to address any discovered vulnerabilities.
  1. Ensuring Proper Authentication and Authorization

Authentication and authorization are critical components of secure software. They help prevent unauthorized access to sensitive data and functionality. To implement robust authentication and authorization:

  • Use strong, multi-factor authentication (MFA) methods that combine something the user knows (e.g., a password), something the user has (e.g., a token or mobile device), and/or something the user is (e.g., biometrics).
  • Implement role-based access control (RBAC) to limit user privileges based on their specific job functions.
  • Avoid using hardcoded credentials or storing sensitive information in plaintext.
  • Regularly review and update access controls to minimize the risk of unauthorized access.
  1. Implementing Secure Coding Guidelines

Secure coding guidelines provide developers with best practices for writing code that is resistant to common security vulnerabilities. Key principles include:

  • Input validation: Validate and sanitize all user-supplied input to prevent injection attacks, such as SQL injection or cross-site scripting (XSS).
  • Output encoding: Encode output to prevent the execution of malicious code on the client side.
  • Error handling: Implement proper error handling to prevent information leakage and ensure a consistent user experience.
  • Least privilege: Limit the permissions of software components to the minimum required for proper functionality.
  • Secure data storage: Encrypt sensitive data both in transit and at rest using industry-standard encryption algorithms.
  1. Conducting Regular Security Training and Awareness

Developers must be educated on the latest security threats and best practices. Organizations should conduct regular security training sessions and provide resources to help developers stay informed. Topics should include:

  • Secure coding practices
  • Common security vulnerabilities and their mitigations
  • Security-related regulatory requirements and standards, such as GDPR and HIPAA
  • Incident response and reporting procedures
  1. Integrating Security Testing and Automation

Incorporating security testing into the development process is crucial for identifying and addressing vulnerabilities before software is deployed. Techniques include:

  • Static application security testing (SAST): Analyze source code for security vulnerabilities without executing the application.
  • Dynamic application security testing (DAST): Test running applications for security vulnerabilities by simulating attacks.
  • Interactive application security testing (IAST): Combine SAST and DAST approaches for more comprehensive testing.
  • Fuzz testing: Submit malformed or unexpected input to an application to uncover potential vulnerabilities.

Automating these tests and integrating them into the development pipeline can help identify security issues early and reduce the risk of deploying vulnerable software.

Adopting secure development practices is vital for protecting software from cyber threats. By incorporating a Secure Development Lifecycle, ensuring proper authentication and authorization, implementing secure coding guidelines, conducting regular security training, and integrating security testing and automation, organizations can significantly enhance security and reduce the risks of data theft.

Configure Lightburn for Neje Master 2S Plus

I have a Neje Master 2S Plus laser engraver, and I use Linux, so I have got myself a license of Lightburn, and proceeded to set the device up. Note: The majority of the instructions also work for Windows too. As for a Mac? I really don’t care.

First important thing is to install the GRBL firmware on the device – for this download and follow the instructions here (Neje Wiki)

Next, download the following two files:

When starting Lightburn, if you get the Devices box popup, click Import and import the Neje Master 2S Plus.lbdev file. If you don’t, click the Devices button near the bottom right of Lightburn and click Import

Once this is done, to improve performance, Select the Edit menu, and select Machine Settings. On the new window, click Load and select the Neje Master 2S Plus Device Settings.lbset and then click Write.

This will configure the Neje Master 2S Plus for use with Lightburn!

If using Linux, then make sure the user is allowed to use serial – depending on the distro, you will need to make your user a member of either dialout or uucp – you can do this simply enough with the following command: sudo usermod -a -G [groupname] [username]