Compose's Little Bits #19 - Sleepy SQL injections, MySQL JSON, PostGIS and more


Using SLEEP() in SQL Injections, using JSON in MySQL, sprinting for PostGIS features, the biggest SSDs yet, Rust's latest flakings, jQuery 3 previewed, OSX installer woes, an ECG in a business card and this year's Turing Award – all the links that caught the eye of Compose's technical content curator this week, in one place for you. These are Compose's Little Bits.


Sleepy Injections - We're used to SQL Injections as a way of getting data out or deleting data, but Janos Ruszo writes about how they can be used for a denial of performance attach in SQL Injection with MySQL SLEEP(). By exploiting the read lock of a query, injecting OR SLEEP() into it can cause quite a slump in database responsiveness.

MySQL 5.7's JSON - MySQL has a new native JSON datatype and functions. Morgan Tocker, a MySQL product manager, takes a quick tour of the features. It took a while but it seems JSON support in SQL databases is becoming a must have feature.

PostGIS Sprinting - Giuseppe Broccolo at 2nd Quadrant writes about sprinting in Paris for PostGIS. He's been working on adding BRIN index support to the PostGIS geospatial types for a few months and the sprint let him finish it up. One test of the code shows slower execution times, but much much smaller indexes which were faster to create. He hopes to get the patch into PostGIS 2.3.

Big SSDs – SSD capacity has been steadily rising so it should be no surprise when Samsung says it is shipping a 15TB SSD 2.5" hard disk. Don't rush; it's a SAS drive, it's 15mm high, and its been estimated in reports to cost around $8000. It is a milestone moment as it looks like SSDs are now outpacing spinning disks in capacity; the differentiator now is price.


Rust 1.7 - Six weeks pass and a new Rust 1.7 release lands. In those six weeks, 1300 patches landed and more of the library was stabilised. It's a remarkably steady productive heartbeat for the project. The comments at HackerNews are worth a read too.

jQuery 3 soon - The JavaScript library that people love or hate is due to see a new release soon, jQuery 3. In What's New in jQuery 3 Aurelio De Rosa takes a tour of whats changed like support for ES2015's For...Of loop and use of the browser's requestAnimationFrame for smoother animation.


OSX Installers - Are you the kind of person who has a bootable version of OS X on a USB Stick? If you are you may want to remake that. A certificate expiring means, according to a TidBITS report that OS X installers downloaded before 14th February this year won't work. Not the kind of thing you want to find when you're rebuilding a machine, so update your sticks.

ECG Card - This is impressive. It's an ECG in a business card and no it's not a fake. The creators detail the device on their blog and, although its not a medical device, it is fully functional and the hardware design is open sourced.

Turing Award - Cryptography pioneers Whitfield Diffie and Martin E. Hellman have been awarded this year's Turing Award.Their research gave birth to the entire field of public-key cryptography that we, knowingly or unknowingly, rely on everyday to secure our communications. Diffie plans to use his share of the $1M prize on spending time documenting "cryptographic history, which is urgent because the people are quickly dying off" while Hellman plans to continue his work on the threat of nuclear weapons to humanity.

Dj Walker-Morgan
Dj Walker-Morgan was Compose's resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Love this article? Head over to Dj Walker-Morgan’s author page to keep reading.

Conquer the Data Layer

Spend your time developing apps, not managing databases.