Home
I was reading the Linux/Open Source news at Yahoo, and ran across an article about MySQL being criticized for the MySpooler “worm.” If you haven’t heard, there’s a new worm out there that’s spreading via MySQL server installations on Windows machines. I have a problem with this article: it’s NOT MySQL’s fault! I had a small jabber conversation with a friend about this:
<wafwot> MySQL is being criticized for not locking down a new installation by default.
<vmann> dumbasses
<wafwot> People are bitching at MySQL for the users’ mistake of not setting a root password.
<vmann> wish i had a windows box to install it on, to show the big bold letters “Change the root password!”
<vmann> i know it’s gotta be like a standard linux install
<vmann> they don’t change it for you, but they always tell you to do so
<vmann> deb installs say it in the post-installation script
<wafwot> Yeah… and who DOESN’T know to change a password?
<vmann> i’m sure rpm probably has something similar
<vmann> i know when i installed it on this mac
<vmann> i had to change it myself
<vmann> it only warned me about it
<wafwot> If it’s a standard install of MySQL, there probably ISN’T a password.
<wafwot> It’s just the root user, no password.
<vmann> i still did it
<vmann> cuz i’m not a dumbass
*wafwot ain’t a dumbass, either!
<wafwot> So because MySQL AB didn’t make MySQL “stupid” for Windows users, they get to take the blame.
<vmann> hehe, well, they do make their money on selling support for mysql
<wafwot> haha…
<wafwot> Fuck, from reading the article, it looks like the Windows version has an installer that sets a default root password…
<wafwot> The default Linux install doesn’t even HAVE a password, and when was there ever a “MySpooler” bot attack on Linux database servers?
<vmann> we did have slammer
<wafwot> Not MySQL, though.
<vmann> true
<wafwot> Wasn’t Slammer an SSL exploit?
<vmann> … Oh yeah, it was, openssl overrun
Here’s my take on the whole thing. If you can’t read documentation, and if you don’t have the brains to change or set a password, then you DESERVE to have your server/machine exploited! Don’t look to place blame! You installed it, you failed to change the default root password… YOU must take the blame for your lack of skills!
