Skip to content


MySQL 8.0 for Database Administrators OCP 课程习题6

6. Skill Check Managing MySQL Users

 You must disable automatic password expiration on the ‘erika’@’localhost’ account. Which command will do this?

ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE NEVER;

ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE DEFAULT;

ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE INTERVAL 30 DAY;

ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE;

 You must grant SELECT privilege on the salaries table in the employees’ database to user jan@localhost? Which command will do this?

GRANT SELECT ON employees.salaries TO jan@localhost;

REVOKE GRANT OPTION ON employees.salaries FROM ‘jan’@’localhost’;

REVOKE GRANT OPTION ON salaries.employees FROM ‘jan’@’localhost’;

GRANT SELECT ON salaries.employees TO jan@localhost;

Which command activates roles at the session level?

SET ROLE ALL;

ALTER USER kari@localhost DEFAULT ROLE ALL;

SET DEFAULT ROLE ALL TO kari@localhost;

SET PERSIST activate_all_roles_on_login = ON;

 You plan to use the test authentication plug-in test_plugin_server. Which statements are true? (Choose two)

It authenticates against operating system users and groups.

It is intended for use during testing and development.

It only allows MySQL users to log in via a UNIX socket.

It sends a plain text password to the server.

It implements native and old password authentication.

Which command removes DDL privileges from a role?

REVOKE DELETE, INSERT, UPDATE ON world.* FROM r_dev;

REVOKE GRANT OPTION ON world.* FROM r_dev

REVOKE CREATE, DROP ON world.* FROM r_dev;

REVOKE r_updater FROM r_dev;

You are using the caching_sha2_password plug-in? Which statements are true (Choose two)

It prevents clients from hashing passwords.

It authenticates MySQL accounts against the operating system.

It sends plain text passwords to a server.

It is the default authentication plug-in in MySQL 8.0.

It implements SHA-256 authentication and uses server side caching for better performance.

===

6. Skill Check Managing MySQL Users

 You must disable automatic password expiration on the ‘erika’@’localhost’ account. Which command will do this?

ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE NEVER;

ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE DEFAULT;

ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE INTERVAL 30 DAY;

ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE;

答案:
ALTER USER ‘erika’@’localhost’ PASSWORD EXPIRE NEVER;

说明:
Configuring Password Expiration
• The default_password_lifetime global variable specifies the number of days after
which passwords must be changed.
– The default value is 0, which indicates that passwords do not expire.
• Set per-account password lifetime with the PASSWORD EXPIRE clause of CREATE
USER or ALTER USER:
• Apply the default password lifetime to an account:
• Disable automatic password expiration on an account:
CREATE USER ‘consultant’@’laptop3’ IDENTIFIED BY ‘change%me’
PASSWORD EXPIRE INTERVAL 30 DAY;
ALTER USER ‘consultant’@’laptop3’ PASSWORD EXPIRE NEVER;

 You must grant SELECT privilege on the salaries table in the employees’ database to user jan@localhost? Which command will do this?

GRANT SELECT ON employees.salaries TO jan@localhost;

REVOKE GRANT OPTION ON employees.salaries FROM ‘jan’@’localhost’;

REVOKE GRANT OPTION ON salaries.employees FROM ‘jan’@’localhost’;

GRANT SELECT ON salaries.employees TO jan@localhost;

答案:
GRANT SELECT ON employees.salaries TO jan@localhost;

说明:
GRANT Statement
• The GRANT statement assigns privileges or roles to MySQL user accounts and roles.
– Example GRANT syntax:
• Statement clauses:
– Privileges to be granted
— Example: SELECT, UPDATE, DELETE
– Privilege level:
— Global: .
— Database: db_name.*
— Table: db_name.table_name
— Stored routine: db_name.routine_name
– Account or role to which you are granting the privilege

Which command activates roles at the session level?

SET ROLE ALL;

ALTER USER kari@localhost DEFAULT ROLE ALL;

SET DEFAULT ROLE ALL TO kari@localhost;

SET PERSIST activate_all_roles_on_login = ON;

答案:
SET ROLE ALL;

说明:
Activating Roles at Session Level
• Use SET ROLE statement to modify the list of active roles in the current session. It
accepts a list of roles or one of the following role specifiers:
– DEFAULT: Activate the account default roles.
– NONE: Disable all roles.
– ALL: Activate all roles granted to the account.
– ALL EXCEPT: Activate all roles granted to the account except those named.
• Use CURRENT_ROLE() function to determine which roles are active in the current
session.
SET ROLE ALL;
SET ROLE r_viewer, r_updater;
SELECT CURENT_ROLE();

 You plan to use the test authentication plug-in test_plugin_server. Which statements are true? (Choose two)

It authenticates against operating system users and groups.

It is intended for use during testing and development.

It only allows MySQL users to log in via a UNIX socket.

It sends a plain text password to the server.

It implements native and old password authentication.

答案:

It implements native and old password authentication.
It is intended for use during testing and development.

说明:
Loadable Authentication Plugins
• Test Authentication plugin (test_plugin_server): Implements native and old
password authentication
– This plugin uses the auth_test_plugin.so file and is intended for testing and
development purposes.
• Socket Peer-Credential (auth_socket): Allows only MySQL users who are logged in
via a UNIX socket from a UNIX account with the same name
– This plugin uses the auth_socket.so file.

Which command removes DDL privileges from a role?

REVOKE DELETE, INSERT, UPDATE ON world.* FROM r_dev;

REVOKE GRANT OPTION ON world.* FROM r_dev

REVOKE CREATE, DROP ON world.* FROM r_dev;

REVOKE r_updater FROM r_dev;
答案:
REVOKE CREATE, DROP ON world.* FROM r_dev;

说明:

REVOKE: Examples
• Assume that Amon has SELECT, DELETE, INSERT, and UPDATE privileges on the
world database.
– You want to change the account so that he has SELECT access only.
• Revoke Jan’s ability to grant to other users any privileges that he holds for the world
database, by revoking the GRANT OPTION privilege from his account.
• Assume that the r_dev role has the CREATE, DROP, SELECT, DELETE, INSERT, and
UPDATE privileges on the world database.
– You want to remove all DDL privileges from the role.
• Revoke r_updater role from Kari user account.
REVOKE GRANT OPTION ON world. FROM ‘Jan’@’localhost’;
REVOKE DELETE, INSERT, UPDATE ON world.
FROM ‘Amon’@’localhost’;
REVOKE CREATE, DROP ON world.* FROM r_dev;
REVOKE r_updater FROM kari@localhost;

You are using the caching_sha2_password plug-in? Which statements are true (Choose two)

It prevents clients from hashing passwords.

It authenticates MySQL accounts against the operating system.

It sends plain text passwords to a server.

It is the default authentication plug-in in MySQL 8.0.

It implements SHA-256 authentication and uses server side caching for better performance.

答案:
It is the default authentication plug-in in MySQL 8.0.
It implements SHA-256 authentication and uses server side caching for better performance.

说明:

Pluggable Authentication
• In MySQL 8.0, caching_sha2_password is the default authentication plugin.
• During connection using the caching_sha2_password plugin, MySQL uses the
following to authenticate an account:
– Username
– Password
– Client host
• When specifying host names, remember the proper perspective:
– Specify the server’s host name when connecting using a client.
– Specify the client’s host name when adding a user to the server

Posted in Mysql.

Tagged with , , , .


MySQL 8.0 for Database Administrators OCP 课程习题5

5.Skill Check Monitoring MySQL

Examine this output: | HOST | USER | ROLE | ENABLED | HISTORY | | % | % | % | YES | YES | 1 row in set (#.## sec) Which command produces this?

SELECT * FROM setup_objects LIMIT 5\G;

SELECT * FROM setup_actors LIMIT 5\G;

SELECT * FROM setup_instruments LIMIT 5\G;

SELECT * FROM setup_consumers LIMIT 5\G;

What can be configured by modifying the Performance Schema setup_actors table?

foreground threads that are monitored

stored procedures that are monitored

server metrics that are collected

thread classes that are instrumented

How does a Performance Schema provide insight into database activity? (Choose three)

By analyzing I/O wait statistics

By analyzing historical performance data

By interpreting the Performance Schema to DBAs for diagnostic use cases

By analyzing errors that occur on the system

By analyzing which queries are running

By analyzing the audit record of server activity in log files

Which Performance Schema instruments have no subcomponents? (Choose three)

idle

memory

statement

error

transaction

stage

Which command configures and enables slow query logging?

SET GLOBAL slow_query_log_file=’slow-query.log’;

SET GLOBAL log_output=’TABLE’;

SET GLOBAL slow_query_log=ON;

SET SESSION long_query_time=0.5;

Why is the General Query Log used in MySQL? (Choose two)

To record statements where execution time exceeds a specified threshold

To include update operations stored as row-based binary logs on slave servers

To discover queries with excessive execution time.

To record the time and type of each connection and the process ID of all operations

To record all statements executed against all tables

Which command displays collected server metrics stored in the performance schema?

SELECT * FROM setup_objects LIMIT 5\G;

SELECT * FROM setup_actors LIMIT 5\G;

SELECT * FROM setup_consumers LIMIT 5\G;

SELECT * FROM setup_instruments LIMIT 5\G;

Which MySQL logs can be stored in tables? (Choose two)

Slow query log

Error log

Binary log

General query log

Audit log

====

5.Skill Check Monitoring MySQL

Examine this output: | HOST | USER | ROLE | ENABLED | HISTORY | | % | % | % | YES | YES | 1 row in set (#.## sec) Which command produces this?

SELECT * FROM setup_objects LIMIT 5\G;

SELECT * FROM setup_actors LIMIT 5\G;

SELECT * FROM setup_instruments LIMIT 5\G;

SELECT * FROM setup_consumers LIMIT 5\G;

答案:

SELECT * FROM setup_actors LIMIT 5\G;

What can be configured by modifying the Performance Schema setup_actors table?

foreground threads that are monitored

stored procedures that are monitored

server metrics that are collected

thread classes that are instrumented

答案:

foreground threads that are monitored

说明:
Performance Schema Setup Tables
You configure the Performance Schema by modifying the contents of the setup_% tables.
• setup_actors: Which foreground threads (client connections) are monitored
• setup_objects: Which database objects (tables, stored procedures, triggers, events)
are monitored
• setup_threads: Which thread classes are instrumented
• setup_instruments: Which server metrics the Performance Schema collects
• setup_consumers: Where the instrumented events are stored

How does a Performance Schema provide insight into database activity? (Choose three)

By analyzing I/O wait statistics

By analyzing historical performance data

By interpreting the Performance Schema to DBAs for diagnostic use cases

By analyzing errors that occur on the system

By analyzing which queries are running

By analyzing the audit record of server activity in log files

答案:
By analyzing I/O wait statistics

By analyzing historical performance data

By analyzing which queries are running

说明:
Performance Schema
• A set of in-memory tables that MySQL uses to track performance metrics
– Implemented as the PERFORMANCE_SCHEMA storage engine
— Operates on tables in the performance_schema database
• Helps provide insight into database activity. For example:
– Which queries are running
– I/O wait statistics
– Historical performance data
• Only available if support is configured during the build
– Always available in Oracle binary distributions
– If available, it is enabled by default.
— To enable or disable it explicitly, start the server with the
performance_schema variable set to an appropriate value.

Which Performance Schema instruments have no subcomponents? (Choose three)

idle

memory

statement

error

transaction

stage

答案:
idle
error
transaction

说明:
Top-Level Instrument Components
• idle: An instrumented idle event. This instrument has no subcomponents.
• error: An instrumented error event. This instrument has no subcomponents.
• memory: An instrumented memory event
• stage: An instrumented stage event
• statement: An instrumented statement event
• transaction: An instrumented transaction event. This instrument has no further
components.
• wait: An instrumented wait event

Which command configures and enables slow query logging?

SET GLOBAL slow_query_log_file=’slow-query.log’;

SET GLOBAL log_output=’TABLE’;

SET GLOBAL slow_query_log=ON;

SET SESSION long_query_time=0.5;

答案:
SET GLOBAL slow_query_log=ON;

Why is the General Query Log used in MySQL? (Choose two)

To record statements where execution time exceeds a specified threshold

To include update operations stored as row-based binary logs on slave servers

To discover queries with excessive execution time.

To record the time and type of each connection and the process ID of all operations

To record all statements executed against all tables

答案:
To record the time and type of each connection and the process ID of all operations

To record all statements executed against all tables

说明:
General Query Log
• Is enabled by using the general_log server option
• Records connection information and details about statements received
– Records the time and type of each connection and the process ID of all operations
– Records all statements that are executed against all tables
– Excludes update operations stored as row-based binary log on slave servers
• Grows very quickly
– Enable it for short periods to gather a full record of all activities during those periods
• Has a large overhead
– Not feasible to enable it for long periods on busy production systems

Which command displays collected server metrics stored in the performance schema?

SELECT * FROM setup_objects LIMIT 5\G;

SELECT * FROM setup_actors LIMIT 5\G;

SELECT * FROM setup_consumers LIMIT 5\G;

SELECT * FROM setup_instruments LIMIT 5\G;

答案:

SELECT * FROM setup_instruments LIMIT 5\G;

说明:
Performance Schema Setup Tables
You configure the Performance Schema by modifying the contents of the setup_% tables.
• setup_actors: Which foreground threads (client connections) are monitored
• setup_objects: Which database objects (tables, stored procedures, triggers, events)
are monitored
• setup_threads: Which thread classes are instrumented
• setup_instruments: Which server metrics the Performance Schema collects
• setup_consumers: Where the instrumented events are stored

Which MySQL logs can be stored in tables? (Choose two)

Slow query log

Error log

Binary log

General query log

Audit log

答案:

Slow query log

General query log

说明:
Log File Characteristics
• Can use large amounts of disk space
• Can be stored in files
• Can be stored in tables
– General and slow query logs only
• Can be encrypted
– Audit and binary logs only
• Are written in text format
– Except binary log

Posted in Mysql.

Tagged with , .


MySQL 8.0 for Database Administrators OCP 课程习题4

4 Skill Check: Configuring MySQL

Which are server-specific groups in the my.cnf option file? (Choose three)

[mysqld_safe]

[mysqld]

[mysql]

[mysqldump]

[server]

[client]

You changed the maximum number of connections in MySQL. In the variable_info table, the max_connections system variable displays a VARIABLE_SOURCE of DYNAMIC. What does it mean?

The max_connections system variable was set from a server-specific mysqld-auto.cnf option file.

The max_connections system variable has not been configured in any startup file.

The max_connections system variable was set from the my.cnf file.

The max_connections system variable was changed at runtime.

Examine this command and results: SET GLOBAL port = 3303; ERROR 1238 (HY000): Variable “port” is a read only variable. How would you resolve this error? (Choose two)

Change the port option to dynamic in the my.cnf file.

Change the port option to dynamic at the command line.

Change the port number in the mysql-auto.cnf file.

Change the modifier from GLOBAL to SESSION in the command.

Change the default port number in the my.cnf file.

Which command displays the configuration options for a running MySQL server? (Choose two)

# mysqld –verbose –help

mysql> SHOW GLOBAL VARIABLES;

# mysqladmin -uroot -p variables

# systemctl status mysqld

# mysql –print-defaults

Examine this command which executes successfully: SET PERSIST max_connections=99; Which command displays the content of the file that includes this parameter change?

# cat /labs/slap-test-updates.sh

mysql> \! cat /var/lib/mysql/slow-query.log

# cat /labs/multi.cnf

mysql> \! cat /var/lib/mysql/mysqld-auto.cnf | python -m json.tool

Which system variables have both global and session scope in MySQL? (Choose two)

error_count

max_connections

innodb_buffer_pool_size

max_join_size

sort_buffer_size

===

4 Skill Check: Configuring MySQL

Which are server-specific groups in the my.cnf option file? (Choose three)

[mysqld_safe]

[mysqld]

[mysql]

[mysqldump]

[server]

[client]

答案:
[mysqld_safe]
[mysqld]
[server]

You changed the maximum number of connections in MySQL. In the variable_info table, the max_connections system variable displays a VARIABLE_SOURCE of DYNAMIC. What does it mean?

The max_connections system variable was set from a server-specific mysqld-auto.cnf option file.

The max_connections system variable has not been configured in any startup file.

The max_connections system variable was set from the my.cnf file.

The max_connections system variable was changed at runtime.

答案:
The max_connections system variable was changed at runtime.

Examine this command and results: SET GLOBAL port = 3303; ERROR 1238 (HY000): Variable “port” is a read only variable. How would you resolve this error? (Choose two)

Change the port option to dynamic in the my.cnf file.

Change the port option to dynamic at the command line.

Change the port number in the mysql-auto.cnf file.

Change the modifier from GLOBAL to SESSION in the command.

Change the default port number in the my.cnf file.

答案:
Change the port option to dynamic in the my.cnf file.
Change the port option to dynamic at the command line.

Which command displays the configuration options for a running MySQL server? (Choose two)

# mysqld –verbose –help

mysql> SHOW GLOBAL VARIABLES;

# mysqladmin -uroot -p variables

# systemctl status mysqld

# mysql –print-defaults

答案:
mysql> SHOW GLOBAL VARIABLES;
# mysqladmin -uroot -p variables

Examine this command which executes successfully: SET PERSIST max_connections=99; Which command displays the content of the file that includes this parameter change?

# cat /labs/slap-test-updates.sh

mysql> \! cat /var/lib/mysql/slow-query.log

# cat /labs/multi.cnf

mysql> \! cat /var/lib/mysql/mysqld-auto.cnf | python -m json.tool

答案:
mysql> \! cat mysql> \! cat /var/lib/mysql/mysqld-auto.cnf | python -m json.tool

Which system variables have both global and session scope in MySQL? (Choose two)

error_count

max_connections

innodb_buffer_pool_size

max_join_size

sort_buffer_size

答案:
sort_buffer_size
max_join_size

Posted in Mysql.

Tagged with , .


MySQL 8.0 for Database Administrators OCP 课程习题3

3.Skill Check: Understanding MySQL Architecture

How do you set the number of InnoDB buffer pool instances to 12?

Execute SET GLOBAL innodb_buffer_pool_size=12000 1024 1024;

Execute SET GLOBAL innodb_buffer_pool_instances=12;

Add innodb_buffer_pool_instances=12 to /etc/my.cnf

Add innodb_buffer_pool_size=12G to /etc/my.cnf

Which are true about the MyISAM storage engine? (Choose three)

It supports table-level locking

It supports spatial data types and indexes

It supports storing row data and indexes in memory

It supports all data types except spatial data types

It supports FULLTEXT indexes

Which storage engine supports INSERT and SELECT but not DELETE, REPLACE, or UPDATE commands?

ARCHIVE

MyISAM

BLACKHOLE

MEMORY

You must create a table with these attributes: 1. Table name: sqltab1 2. Stored in the general tablespace Which command will do this?

CREATE TABLE sqltab1(a INT PRIMARY KEY, b CHAR(4));

CREATE TABLESPACE myts ADD DATAFILE ‘myts_data1.ibd’;

CREATE TABLE sqltab1(a INT PRIMARY KEY, b CHAR(4)) DATA DIRECTORY=’/datadir2′;

CREATE TABLE sqltab1(a INT PRIMARY KEY) TABLESPACE=myts;

You must create a table with these attributes: 1. Table name: sqltab1 2. A single integer column d 3. Stored in its own default tablespace in the /tablespaces directory Which command will do this?

mysql> CREATE TABLE sqltab1 (d int) TABLESPACE=general;

mysql> CREATE TABLE sqltab1 (d int) TABLESPACE=external;

mysql> CREATE TABLESPACE external ADD DATAFILE ‘/tablespaces/sqltab1.ibd’;

mysql> CREATE TABLE sqltab1 (d INT) DATA DIRECTORY=’/tablespaces’;

Which features are supported by InnoDB? (Choose two)

Hash indexes

Clustered indexes

B-tree indexes

Cluster database support

T-tree indexes

Which MySQL storage engines are transactional and support foreign keys? (Choose two)

BLACKHOLE

NDBCLUSTER

MERGE

InnoDB

MyISAM

====

3.Skill Check: Understanding MySQL Architecture

How do you set the number of InnoDB buffer pool instances to 12?

Execute SET GLOBAL innodb_buffer_pool_size=12000 1024 1024;

Execute SET GLOBAL innodb_buffer_pool_instances=12;

Add innodb_buffer_pool_instances=12 to /etc/my.cnf

Add innodb_buffer_pool_size=12G to /etc/my.cnf

答案:
Add innodb_buffer_pool_instances=12 to /etc/my.cnf

Which are true about the MyISAM storage engine? (Choose three)

It supports table-level locking

It supports spatial data types and indexes

It supports storing row data and indexes in memory

It supports all data types except spatial data types

It supports FULLTEXT indexes

答案:
It supports table-level locking
It supports spatial data types and indexes
It supports FULLTEXT indexes

说明:
MyISAM Storage Engine
• Is used in many legacy systems
– Was the default storage engine before MySQL 5.5
• Is fast and simple, but subject to table corruption if server crashes
– Use REPAIR TABLE to recover corrupted MyISAM tables.
• Supports FULLTEXT indexes
• Supports spatial data types and indexes
• Supports table-level locking
• Supports raw table-level backup and recovery because of the simple file format
• No transactional support
• No support for table partitioning in MySQL 8.0 as compared to MySQL 5.7.

说明:
MySQL RPM Installation Process
• The RPM installation performs the following tasks:
– Extracts RPM files to their default locations
– Registers SysV init or systemd startup scripts
– Sets up the mysql user and group in the operating system
— The MySQL server process runs as the mysql user.
• When you start the service for the first time using service mysqld
start or systemctl start mysqld, MySQL:
– Creates the data directory and the default my.cnf file
— These files are owned by the mysql user and group.
– Creates the default root@localhost account
– Sets up a random temporary password for the root account and
writes that password to the error log file (/var/log/mysqld.log)
— You must change the password before you can use MySQL.

Which storage engine supports INSERT and SELECT but not DELETE, REPLACE, or UPDATE commands?

ARCHIVE

MyISAM

BLACKHOLE

MEMORY

答案:
ARCHIVE

说明:
ARCHIVE Storage Engine
The ARCHIVE storage engine is used for storing large volumes of data in a compressed
format, allowing for a very small footprint. It has these primary characteristics:
• Does not support indexes
• Supports INSERT and SELECT, but not DELETE, REPLACE, or UPDATE
• Supports ORDER BY operations and BLOB columns
• Accepts all data types except spatial data types
• Uses row-level locking
• Supports AUTO_INCREMENT columns
• Disabled by default, need to be enabled to use

You must create a table with these attributes: 1. Table name: sqltab1 2. Stored in the general tablespace Which command will do this?

CREATE TABLE sqltab1(a INT PRIMARY KEY, b CHAR(4));

CREATE TABLESPACE myts ADD DATAFILE ‘myts_data1.ibd’;

CREATE TABLE sqltab1(a INT PRIMARY KEY, b CHAR(4)) DATA DIRECTORY=’/datadir2′;

CREATE TABLE sqltab1(a INT PRIMARY KEY) TABLESPACE=myts;

答案:
CREATE TABLE sqltab1(a INT PRIMARY KEY, b CHAR(4)) TABLESPACE=myts;

You must create a table with these attributes: 1. Table name: sqltab1 2. A single integer column d 3. Stored in its own default tablespace in the /tablespaces directory Which command will do this?

mysql> CREATE TABLE sqltab1 (d int) TABLESPACE=general;

mysql> CREATE TABLE sqltab1 (d int) TABLESPACE=external;

mysql> CREATE TABLESPACE external ADD DATAFILE ‘/tablespaces/sqltab1.ibd’;

mysql> CREATE TABLE sqltab1 (d INT) DATA DIRECTORY=’/tablespaces’;
答案:
mysql> CREATE TABLE sqltab1 (d INT) DATA DIRECTORY=’/tablespaces’;

Which features are supported by InnoDB? (Choose two)

Hash indexes

Clustered indexes

B-tree indexes

Cluster database support

T-tree indexes

答案:

Clustered indexes
B-tree indexes

Which MySQL storage engines are transactional and support foreign keys? (Choose two)

BLACKHOLE

NDBCLUSTER

MERGE

InnoDB

MyISAM
答案:
InnoDB
NDBCLUSTER

说明:
The two MySQL storage engines that are transactional and support foreign keys are:
InnoDB
Transactional: Supports ACID-compliant transactions (COMMIT, ROLLBACK).
Foreign Keys: Enforces referential integrity with foreign key constraints.

NDBCLUSTER (MySQL Cluster)
Transactional: Provides distributed transactions across nodes.
Foreign Keys: Fully supports foreign keys in a clustered environment.

BLACKHOLE: Discards writes (non-transactional), no foreign keys.
MERGE: Combines MyISAM tables (non-transactional), no foreign keys.
MyISAM: Non-transactional, no foreign key support (only table-level locking).

Posted in Mysql.

Tagged with , .


MySQL 8.0 for Database Administrators OCP 课程习题2

2.Skill Check: Installing and Upgrading MySQL

Which command makes mysqld start automatically when the host reboots?

# systemctl enable mysqld.service

# systemctl daemon-reload

# systemctl restart mysqld

# systemctl start mysqld

What does the RPM installation process for MySQL do? (Choose two)

It creates the default my.cnf file

It sets up the mysql user and group in the operating system

It provides a temporary password for the root account

It registers system startup scripts for MySQL services

It creates the default root@localhost account

Which Linux MySQL server installation directories are the base directories? (Choose two)

/var/log

/etc

/var/lib/mysql

/usr/bin

/usr/sbin

What is the purpose of the mysql_config_editor utility? (Choose two)

It reads and summarizes the contents of MySQL slow query log files.

It manages login paths to connect command-line clients to the MySQL server.

It reads and replays the contents of binary log files.

It enables users to store authentication credentials in the .mylogin.cnf file.

It creates TLS keys and certificates.

When installing MySQL from a binary archive distribution, you must add ‘/usr/local/mysql/bin’ to the user’s executable search path. Which line must you add to the ~/.bashrc file?

export PATH=$PATH:/usr/local/mysql/bin

pid-file=/var/run/mysqld/mysqld.pid

datadir=/var/lib/mysql/bin

ExecStart=/usr/local/mysql/bin/mysqld –defaultsfile=/etc/my.cnf –daemonize

Which command creates a symbolic link during the installation phase to the extracted directory of MySQL?

# ln -s /opt/mysql* /usr/local/mysql

# cp /labs/my.cnf /etc/my.cnf

# mv opt/mysql /usr/local/mysql

# ls -l /usr/local/mysql

Which command is used to stop MySQL server?

mysqladmin –login-path=admin shutdown

mysqladmin -uroot -p flush-hosts

mysqladmin -uroot -p stop-slave

mysqladmin -uroot -p shutdown

答案:

Which command makes mysqld start automatically when the host reboots?

# systemctl enable mysqld.service

What does the RPM installation process for MySQL do? (Choose two)

It sets up the mysql user and group in the operating system
It registers system startup scripts for MySQL services

说明:
MySQL RPM Installation Process
• The RPM installation performs the following tasks:
– Extracts RPM files to their default locations
– Registers SysV init or systemd startup scripts
– Sets up the mysql user and group in the operating system
— The MySQL server process runs as the mysql user.
• When you start the service for the first time using service mysqld
start or systemctl start mysqld, MySQL:
– Creates the data directory and the default my.cnf file
— These files are owned by the mysql user and group.
– Creates the default root@localhost account
– Sets up a random temporary password for the root account and
writes that password to the error log file (/var/log/mysqld.log)
— You must change the password before you can use MySQL.

Which Linux MySQL server installation directories are the base directories? (Choose two)

/usr/bin
/usr/sbin

说明:
Data Directory
• /var/lib/mysql is where the server stores databases. This directory is configured when
you (or the installation process) run mysqld –initialize. The InnoDB log files, undo
tablespaces, and system tablespace are in this directory. It also includes a subdirectory for
each database. This includes the mysql directory, which contains system tables including
the grant tables. MySQL 8.0 stores the data dictionary in mysql.ibd tablespace using
InnoDB storage engine.
Base Directory
• /usr/sbin contains the main server executable, mysqld.
• /usr/bin contains client programs and scripts such as mysql, my_print_defaults,
mysqladmin, mysqlcheck, and mysqlimport.
Other Directories
• /var/lib/mysql-files is configured in the secure_file_priv variable for storing
import and export data files.
• /var/lib/mysql-keyring is allocated for storing keyring files.
• /etc and /var/log are standard Linux directories for configuration files and log files. The
/etc/my.cnf file is read by the MySQL server process (mysqld).
• The systemd startup script is stored in the default systemd directory.

What is the purpose of the mysql_config_editor utility? (Choose two)

It manages login paths to connect command-line clients to the MySQL server.
It enables users to store authentication credentials in the .mylogin.cnf file.

说明:
mysql_config_editor
Use mysql_config_editor to create encrypted option files.
• Store user, password, and host options in a dedicated option file:
– .mylogin.cnf in the current user’s home directory
– To specify an alternative file name, set the MYSQL_TEST_LOGIN_FILE environment
variable.
• The .mylogin.cnf file contains login paths.
– They are similar to option groups.
– Each login path contains authentication information for a single identity.
– Clients refer to a login path with the –login-path (or -L) command-line option:
– Protect the file from being read by other users. Anyone who can read the file can use
the credentials and is able to obtain the plain text passwords.

When installing MySQL from a binary archive distribution, you must add ‘/usr/local/mysql/bin’ to the user’s executable search path. Which line must you add to the ~/.bashrc file?

export PATH=$PATH:/usr/local/mysql/bin

Which command creates a symbolic link during the installation phase to the extracted directory of MySQL?

# ln -s /opt/mysql* /usr/local/mysql

Which command is used to stop MySQL server?

mysqladmin -uroot -p shutdown

Posted in Mysql.

Tagged with .


Vite 任意文件访问漏洞(CVE-2025-32395)的安全预警

一、基本情况

Vite是一个现代化的前端构建工具,旨在提供更快的开发体验。它通过基于原生ES模块的开发服务器,在开发过程中实现极速热更新(HMR)。Vite在构建时使用了高度优化的打包工具,如esbuild,极大提高了构建速度。它支持多种前端框架(如React、Vue)并可以通过插件扩展功能。Vite的目标是简化前端开发工作流,并提升开发效率。

二、 漏洞描述

Vite发布的安全公告,Vite存在一个任意文件访问漏洞。该漏洞影响Node和Bun环境下的开发服务器,攻击者可通过发送包含#字符的HTTP请求,绕过服务器的文件访问限制,返回任意文件内容。根据HTTP 1.1和HTTP 2规范,#不应出现在请求目标中,但Node和Bun并未内部拒绝这类无效请求,而是将其传递至用户端。Vite在处理请求时,未正确验证req.url中是否包含#,从而允许请求绕过server.fs.deny设置。此漏洞仅影响在非Deno环境中运行并显式暴露开发服务器(通过–host或server.host配置选项)的应用,漏洞评分6.0分,漏洞级别为中危。

三、 影响范围

6.2.0 <= Vite <= 6.2.5

6.1.0 <= Vite <= 6.1.4

6.0.0 <= Vite <= 6.0.14

5.0.0 <= Vite <= 5.4.17

Vite <= 4.5.12

四、 修复建议

官方已发布修复版本,建议受影响用户尽快更新。

Vite >= 6.2.6

6.1.5 <= Vite < 6.2.0

6.0.15 <= Vite < 6.1.0

5.4.18 <= Vite < 6.0.0

4.5.13 <= Vite < 5.0.0

解决建议
升级至最新版本。

参考链接
https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70
https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4

Posted in 安全通告.


Dify v1.0本地部署+deepseek

Dify 一词源自 Define + Modify,意指定义并且持续的改进你的 AI 应用,它是为你而做的(Do it for you)

生成式 AI 应用创新引擎

开源的 LLM 应用开发平台。内置了构建 LLM 应用所需的关键技术栈,包括对数百个模型的支持,提供从 Agent 构建到 AI workflow 编排、RAG 检索、模型管理等能力,轻松构建和运营生成式 AI 原生应用。比 LangChain 更易用。

在线体验:https://dify.ai/zh
开源地址:https://github.com/langgenius/dify
官方文档:https://docs.dify.ai/v/zh-hans

Dify云服务,可以在线使用.

  • Sandbox(免费版) 每天可调用200次GPT
  • 专业版 $59/month
  • 团队版 $159/month
  • 企业版 面议

开源社区版
安装 Dify 之前, 请确保你的机器已满足最低安装要求:

CPU >= 2 Core

RAM >= 4 GiB

克隆 Dify 代码仓库

安装git

yum install -y git

克隆 Dify 源代码至本地环境

# 假设当前最新版本为 0.15.3
git clone https://github.com/langgenius/dify --branch 0.15.3

Cloning into 'dify'...
remote: Enumerating objects: 143184, done.
remote: Counting objects: 100% (530/530), done.
remote: Compressing objects: 100% (279/279), done.
remote: Total 143184 (delta 440), reused 252 (delta 251), pack-reused 142654 (from 4)
Receiving objects: 100% (143184/143184), 75.24 MiB | 6.51 MiB/s, done.
Resolving deltas: 100% (105740/105740), done.
Note: switching to 'ca19bd31d42fb87c83b91541c473ebae85e9d14e'.

安装docker

docker,docker-ce,podman 安装其中之一就可
rocky8 以上默认为podman

A.安装docker

yum install docker

B.安装docker-ce

删除podman (如需要)
podman数据不会转移到docker
迁移 Docker 镜像,可以先导出再导入,容器用docker export和import
docker save -o image.tar image_name:tag
docker load image.tar

先停止所有容器的应用和删除容器,再删除安装包
podman container prune

清理所有未使用的镜像
podman image prune -a

清理所有未使用的卷
podman volume prune

清理所有未使用的网络
podman network prune

检查存储状态
podman system df

删除 Podman 存储目录
rm -rf /var/lib/containers/storage
systemctl restart podman

检查存储状态
podman system df

删除podman
dnf remove podman

删除podman残余文件
rm -rf /etc/containers /etc/registries.conf /etc/containers/policy.json /etc/containers/storage.conf ~/.config/containers ~/.local/share/containers

安装docker-ce

安装docker所需依赖

dnf install -y yum-utils device-mapper-persistent-data lvm2
dnf install -y dnf-plugins-core

添加docker官方和阿里的YUM仓库

dnf config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo
dnf config-manager –add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

安装 Docker Engine

dnf install -y docker-ce docker-ce-cli containerd.io

systemctl start docker
systemctl enable docker

docker –version
Docker version 28.0.1, build 068a01e

docker加速

tee > /etc/docker/daemon.json <<EOF
{
  "builder": {
    "gc": {
      "defaultKeepStorage": "20GB",
      "enabled": true
    }
  },
  "experimental": false,
  "registry-mirrors": [
    "https://hub.rat.dev",
    "https://dockerhub.icu",
    "https://docker.wanpeng.top",
    "https://register.librax.org"
  ]
}
EOF

验证有无出错

docker info

C.安装podman

Podman 是一个与 Docker 兼容的容器工具

dnf install podman
docker –version
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
podman version 5.2.2

设置镜像网站

Podman 默认注册表配置文件在 /etc/containers/registries.conf
vi /etc/containers/registries.conf
[[registry]]
prefix = "docker.io"
location = "docker.io"
mirror = [
{ location = "docker.nju.edu.cn" },
{ location = "docker.m.daocloud.io" }
]
docker info

docker-compose 安装

docker-compose 和 podman-compose安装其中之一就可

docker-compose 安装

如果安装的是docker则安装docker-compose
https://github.com/docker/compose/releases/
curl -L "https://github.com/docker/compose/releases/download/v2.33.0/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose

使用国内加速

wget -o /usr/local/bin/docker-compose https://ghproxy.cn/https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-linux-x86_64

chmod +x /usr/local/bin/docker-compose

查看 docker-compose

docker-compose –version 版本
Docker Compose version v2.29.1

安装podman-compose

#yum install podman-compose

系统自带podman-compose version: 1.0.6版本过老
podman-compose –version

podman-compose version: 1.0.6
['podman', '--version', '']
using podman version: 5.2.2
podman-compose version 1.0.6
podman --version
podman version 5.2.2
exit code: 0

会出错以下报错
Cannot connect to the Docker daemon at unix:///run/podman/podman.sock. Is the docker daemon running?

安装pip 后安装podman-compose

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py
pip –version
升级 pip
pip install -U pip

pip 国内加速

pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple

pip 安装podman-compose

pip3 install podman-compose
更新 podman-compose
运行以下命令更新 podman-compose:
pip install –upgrade podman-compose

运行以下命令检查 podman-compose 是否已安装:
pip show podman-compose

#没找到
-bash: /usr/bin/podman-compose: No such file or directory

find / -name podman-compose 2>/dev/null

/usr/share/licenses/podman-compose
/usr/share/doc/podman-compose
/usr/local/bin/podman-compose

将路径加入到环境变量

#临时
export PATH=/usr/local/bin:$PATH
#永久添加
echo 'export PATH=/usr/local/bin:$PATH' >> ~/.bashrc
source ~/.bashrc 

查看版本

podman-compose –version

podman-compose version 1.3.0
podman version 5.2.2

使用podman-compose 拉起会报错
podman-compose up -d

RuntimeError: missing networks: 

改用docker-compose兼容方式

 检查 Podman 套接字文件

ls -l /run/podman/podman.sock
Podman 的套接字文件通常位于 /run/podman/podman.sock。如果该文件不存在,可能是系统未启用 Podman 的套接字功能。

 启用 Podman 套接字

运行以下命令启用 Podman 套接字:
systemctl –user enable –now podman.socket
验证套接字文件
ls -l /run/podman/podman.sock

如果 Podman 套接字仍未生成,可以尝试手动启动 Podman 套接字服务。

 手动创建套接字文件

podman system service –time=0 unix:///run/podman/podman.sock &
chmod 666 /run/podman/podman.sock
export DOCKER_HOST=unix:///run/podman/podman.sock

docker-compose ps

注册开机自动启动podman socket

cat >/etc/systemd/system/podman.socket.service<<EOF 
[Unit]
Description=Podman API Socket
Documentation=man:podman-system-service(1)
After=network.target

[Service]
ExecStart=/usr/bin/podman system service --time=0 unix:///run/podman/podman.sock
Restart=always
User=root
Group=root

[Install]
WantedBy=multi-user.target
EOF 

systemctl daemon-reload
systemctl enable podman.socket.service
systemctl start podman.socket.service
systemctl status podman.socket.service
ls -l /run/podman/podman.sock

Dify 安装

进入 Dify 源代码的 Docker 目录

cd dify/docker
复制环境配置文件

cp .env.example .env
启动 Docker 容器

根据你系统上的 Docker Compose 版本,选择合适的命令来启动容器。你可以通过 $ docker compose version 命令检查版本,详细说明请参考 Docker 官方文档:

如果版本是 Docker Compose V2,使用以下命令:
docker compose up -d

如果版本是 Docker Compose V1,使用以下命令:
docker-compose up -d

使用docker-compose拉起

docker compose pull

Trying to pull docker.io/library/redis:6-alpine…
Trying to pull docker.io/langgenius/dify-api:0.15.3…
Trying to pull docker.io/library/postgres:15-alpine…
Trying to pull docker.io/langgenius/dify-web:0.15.3…
Trying to pull docker.io/ubuntu/squid:latest…
Trying to pull docker.io/langgenius/dify-api:0.15.3…
Trying to pull docker.io/semitechnologies/weaviate:1.19.0…
Trying to pull docker.io/library/nginx:latest…
Trying to pull docker.io/langgenius/dify-sandbox:0.2.10…

此时会遇到超时问题
pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp 208.43.237.140:443: i/o timeout

测试拉取

docker pull docker.io/library/redis:6-alpine
docker pull docker.io/langgenius/dify-web:0.15.3
docker pull docker.io/library/postgres:15-alpine

ocker pull register.librax.org/langgenius/dify-api:0.15.3
docker pull register.librax.org/semitechnologies/weaviate:1.19.0
docker pull register.librax.org/library/nginx:latest
docker pull register.librax.org/langgenius/dify-sandbox:0.2.10

docker tag register.librax.org/langgenius/dify-api:0.15.3 docker.io/langgenius/dify-api:0.15.3

docker-compose up -d

[+] Running 11/11
 ✔ Network docker_default             Created                                        0.0s
 ✔ Network docker_ssrf_proxy_network  Created                                        0.0s
 ✔ Container docker-ssrf_proxy-1      Started                                        0.9s
 ✔ Container docker-db-1              Started                                        1.0s
 ✔ Container docker-weaviate-1        Started                                        1.2s
 ✔ Container docker-sandbox-1         Started                                        1.0s
 ✔ Container docker-redis-1           Started                                        0.9s
 ✔ Container docker-web-1             Started                                        0.9s
 ✔ Container docker-worker-1          Started                                        1.4s
 ✔ Container docker-api-1             Started                                        1.2s
 ✔ Container docker-nginx-1           Started                                        1.4s

你应该可以看到包括3个业务服务 api / worker / web,以及6个基础组件 weaviate / db / redis / nginx / ssrf_proxy / sandbox 。
通过这些步骤,你应该可以成功在本地安装Dify。

更新Dify

当Dify版本更新后,你可以克隆或拉取最新的Dify源代码,并通过命令行更新已经部署的Dify环境。‍‍‍‍‍‍‍‍‍‍‍‍
刚好Dify在2月28日发布了1.0.0版本,那么我们也就直接升级一波!

dify v1.0.0更新内容介绍
我们先来看一下这次dify v1.0.0都有哪些重磅更新

1. 插件机制 (Plugin System)

核心变化:将原有的模型和工具都改造成插件形式

应用场景:想用新的 AI 模型时,直接安装对应插件即可

需要连接 Slack 时,安装 Slack 插件就能实现集成

2. 智能工作流 (Intelligent Workflow)

新增 Agent 节点:作为工作流和聊天流的决策中心

通俗解释:相当于一个智能管家,可以根据需求自动调用合适的流程、工具

应用场景:客服机器人可以自动判断用户意图,选择合适的回复方式

数据分析任务可以自动选择合适的分析工具和展示方式

3. 开放生态系统 (Open Ecosystem)

Dify Marketplace:官方插件市场

已有 120+ 插件,包括:模型:OpenAI 、Gemini 2.0 、DeepSeek-R1 等

工具:Perplexity 、Discord 、Slack 等

应用场景:企业可以在市场中找到所需的专业工具

开发者可以发布自己的插件获得收益

4. 多模态交互 (Multimodal I/O)

支持多种数据类型:文本、图像、视频、语音

应用场景:智能客服可以处理图片问题

教育应用可以结合视频和语音进行互动

5. 核心能力增强

推理能力 (Reasoning):提升问题解决能力

执行能力 (Action):可以操作软件和物联网设备

动态记忆 (Dynamic Memory):优化上下文理解

进入dify源代码的docker目录,按顺序执行以下命令:

cd dify/docker
关闭服务
docker-compose down
git pull origin main

remote: Enumerating objects: 535, done.
remote: Counting objects: 100% (290/290), done.
remote: Total 535 (delta 290), reused 290 (delta 290), pack-reused 245 (from 1)
Receiving objects: 100% (535/535), 472.65 KiB | 1.10 MiB/s, done.
Resolving deltas: 100% (387/387), completed with 209 local objects.
From https://github.com/langgenius/dify
 * branch                main       -> FETCH_HEAD
   bafa46393..330dc2fd4  main       -> origin/main

docker-compose pull
docker-compose up -d

执行上述命令更新完成后,需按以下操作同步环境变量配置 (重要!)。‍‍‍‍

如果.env.example文件有更新,请务必同步修改您本地的.env文件。
检查.env文件中的所有配置项,确保它们与您的实际运行环境相匹配。
您可能需要将.env.example中的新变量添加到.env文件中,
并更新已更改的任何值。

查看当前ollama的模型

ollama linux部署可参考之前文章

ollama list
NAME          ID              SIZE      MODIFIED
qwen2:1.5b    f6daf2b25194    934 MB    2 months ago

ollama run qwen2:1.5b

ollama ps
NAME          ID              SIZE      PROCESSOR    UNTIL
qwen2:1.5b    f6daf2b25194    1.5 GB    100% CPU     4 minutes from now

拉取deepseek-r1:1.5b模型

ollama pull deepseek-r1:1.5b
pulling manifest
pulling aabd4debf0c8... 100% ▕██████████████████████████▏ 1.1 GB
pulling 369ca498f347... 100% ▕██████████████████████████▏  387 B
pulling 6e4c38e1172f... 100% ▕██████████████████████████▏ 1.1 KB
pulling f4d24e9138dd... 100% ▕██████████████████████████▏  148 B
pulling a85fe2a2e58e... 100% ▕██████████████████████████▏  487 B
verifying sha256 digest
writing manifest
success

ollama run deepseek-r1:1.5b

 ollama ps
NAME                ID              SIZE      PROCESSOR    UNTIL
deepseek-r1:1.5b    a42b25d8c10a    1.6 GB    100% CPU     4 minutes from now
qwen2:1.5b          f6daf2b25194    1.5 GB    100% CPU     5 seconds from now

创建宿主机到虚拟机的nat

#我使用980,正常使用80端口
#http://localhost:980/install

在virtualbox创建nat转发127.0.0.1:80端口到192.168.244.9:80

使用Dify

按照以上步骤部署好Dify后,首先前往管理员初始化页面设置设置管理员账户:

# 本地环境
http://localhost/install

# 服务器环境
http://your_server_ip/install

通过私有化本地部署Dify,结合Ollama等大模型运行环境,可以打造自己的私有大模型工具链,实现大模型的本地可视化运行。在涉密或敏感数据场合具有极大的应用价值。‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

创建管理员

第一次访问需要先设置最高管理权限账号、密码

添加本地Ollama

登录进去后,右上角用户里设置
在 Dify 中接入 Ollama 在 设置 > 模型供应商 > Ollama 中填入
模型名称:qwen2:1.5b

基础 URL:http://127.0.0.1:11434,此处需填写可访问到的 Ollama 服务地址。
若 Dify 为 docker 部署,建议填写局域网 IP 地址,如:http://192.168.244.9:11434 或 docker 宿主机 IP 地址,如: http://host.docker.internal:11434http://10.89.1.1:11434

Docker版本是18.03或更高可以使用 host.docker.internal。
若为本地源码部署,可填写 http://localhost:11434

模型类型:对话

模型上下文长度:4096

模型的最大上下文长度,若不清楚可填写默认值 4096。

最大 token 上限:4096:模型返回内容的最大 token 数量,若模型无特别说明,则可与模型上下文长度保持一致。

是否支持 Vision:是(当模型支持图片理解(多模态)勾选此项,如 llava。)

点击 “保存” 校验无误后即可在应用中使用该模型。

如出现错误可以检查一下ip和端口是否正确,网络是否通畅。

An error occurred during credentials validation: HTTPConnectionPool(host='10.89.1.1', port=80): Max retries exceeded with url: /api/chat (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x7f6ea7769040>, 'Connection to 10.89.1.1 timed out. (connect timeout=10)'))

如果不想使用本地Ollama,我们也可以使用deepseek 官方API,或硅基流动的。
DeepSeek是目前最好的开源大模型

Dify v1.0.0是目前最好的开源大模型应用平台

DeepSeek + Dify v1.0.0可谓强强联手!

创建聊天助手

创建空白应用->聊天助手
发布后你就有了一个自已的聊天助手。


创建工作流

回到主页,点击创建空白应用,这里的聊天助手和文本生成应用,是功能最为单一的 LLM 应用,都不支持工具和知识库的接入。
Agent 和 工作流的区别:

Agent:智能体,基于大语言模型的推理能力,可以自主选择工具来完成任务,相对简单。
工作流:以工作流的形式编排 LLM 应用,提供更多的定制化能力,适合有经验的用户。

Posted in AI.

Tagged with , , .


火山方舟引擎限时免费注册送3000万DeepSeek R1满血版tokens

火山引擎介绍

‌火山引擎是字节跳动旗下的云服务平台‌。
豆包大模型-字节跳动自研大模型
火山方舟-一站式大模型服务平台
扣子-专业版AI应用开发平台

火山方舟免登录体验满血版671B

打开火山引擎官网的火山方舟,不用注册、不用填手机号,直接就能使用DeepSeek-R1 满血版 671B参数和豆包-1.5-pro
免登录体验3/3次,登录后后免费赠送每个模型50万tokens推理额度。
https://www.volcengine.com/experience/ark


邀请注册送代金券

每成功邀请1位新用户,最高双方可得145元代金券,可抵扣3625万tokens(相当于免费问 15 万次问题)。

具体玩法:

  • 1、登录活动页面,生成你的专属邀请码:DXRHABFP
  • 2、分享邀请链接给好友,对方注册时填写你的邀请码。
    不限邀请次数,成功邀请后均可依据规则获得奖励。
    邀请链接: https://www.volcengine.com/experience/ark?utm_term=202502dsinvite&ac=DSASUQY5&rc=DXRHABFP
  • 3、实名认证后,双方立即到账代金券:你拿 30 元(750 万 Tokens),好友拿 15 元(375 万Tokens)。如果好友后续付费,你还能再得 100 元代金券(2000 万 Tokens)!
    如账号已实名认证,代金券将在邀请成功后1小时内到账。如账号未实名认证,已邀请成功的奖励将在账号成功认证且满足邀请成功1小时后立即到账。

活动时间: 2025年2月20日0:00 – 2025年3月15日23:59

注意:
100元火山方舟无门槛代金券资需要好友付费后才能获取。
代金券自发放之日起有效期90天,不支持提现、转赠、叠加使用等操作。已过期的代金券不支持延长时效。
活动发放的代金券适用商品范围仅限字节跳动大模型服务(豆包大模型)、开源LLM模型(DeepSeek)、火山方舟大模型服务平台-知识库的全部配置,部分计费项要求现金余额或代金券余额大于100元才可开通使用,以实际使用的要求为准。
1)字节跳动大模型服务(豆包大模型)产品包含Doubao-1.5-pro-32k、Doubao-1.5-pro-256k、Doubao-1.5-lite-32k、Doubao-1.5-vision-pro-32k等模型的用量服务。
2)开源LLM模型产品包含DeepSeek-V3、DeepSeek-R1、DeepSeek-R1-Distill-Qwen-32B、DeepSeek-R1-Distill-Qwen-7B等模型的用量服务。
3)火山方舟大模型服务平台-知识库产品包含知识库中的向量模型、存储等服务。

API

火山方舟也提供兼容Openai的API接口,点击右上角的API接入,如下图:
第一步创建key,第二部选择模型-开通选择的模型,然后会给出实例代码。
这里开通DeepSeek-R1满血和千问32B

curl https://ark.cn-beijing.volces.com/api/v3/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $ARK_API_KEY" \
  -d '{
    "model": "deepseek-r1-250120",
    "messages": [
      {"role": "system","content": "你是人工智能助手."},
      {"role": "user","content": "常见的十字花科植物有哪些?"}
    ]
  }'

api url :
https://ark.cn-beijing.volces.com/api/v3/chat/completions
model后面是模型名称:
"model": "deepseek-r1",

==========

在浏览器插件 ChatHub 中使用

使用浏览器插件是最方便的,也省去了登录的麻烦。

关于 ChatHub

ChatHub 是一个流行的大语言模型聚合插件,特点是可以同时和多个模型聊天,方便对比回答。ChatHub 在全球拥有数十万活跃用户。

安装 ChatHub

浏览器打开 ChatHub 官网,点击“新增至Chrome”按钮安装 ChatHub 浏览器插件:

安装后,将自动打开 ChatHub 设置页面.

在ChatHub中使用火山平台的deepseek满血模型

1、在 ChatHub 设置中找到“自定义机器人”模块,点击“添加”按钮

2、在弹窗中,依次:

输入机器人名称:volcengine.com
选择 Custom 作为提供方:
API Host:https://ark.cn-beijing.volces.com/api/v3/chat/completions

输入API KEY :
填写模型 : deepseek-r1-250120

3、点击“确认”后模型即配置成功
4、开始聊天

注册扣子coze专业版

专业版,现价1元套餐,1000点数1年有效期(原先是50W 资源包),专业版用户每日赠送500资源点(仅限当日有效),可抵扣智能体调用费用和模型调用费用。
语音识别 API、语音合成 API、实时音视频 SDK 全面开放,无需申请即可使用


注意:
专业版的账号和基础版账号数据目前没有打通,也就是需要重新注册账号

隔壁硅基流动是送14 元平台配额

我的邀请链接:https://cloud.siliconflow.cn/i/LNzlifKw
我的邀请码:LNzlifKw
也可以扫描下面二维码:

Posted in AI.

Tagged with , , , , .


字节跳动于3月3日发布AI 集成开发环境工具Trae CN

字节跳动于3月3日发布国内首款 AI 原生集成开发环境工具(AI IDE)——Trae 国内版,搭载 doubao-1.5-pro 模型(目前还不能用),并支持切换 DeepSeek R1&V3。帮助开发者高效协作 AI,提升编程效率和质量。
国际版 Trae, 国内版为 Trae CN

国际版 Trae支持 Claude 3.7 Sonnet
国际版官网:https://www.trae.ai/

国内版官网地址:
https://www.trae.com.cn/home
安装包大概150M左右。

国内版集成了DeepSeek R1&V3,提供AI问答、智能代码生成、智能代码补全,多模态输入等功能。支持界面全中文化,为中文开发者提供了高效的开发体验,关键现在限时免费。

使用手机号注册登录后就可以使用。
魔改vscode,可以导入VS Code或Cursor的插件和设置。

Posted in 编辑器.

Tagged with , , .


Ollama 未授权访问漏洞,攻击者可以下载或删除私有模型文件

Ollama 是一个开源的大语言模型(LLM)运行环境和工具集,旨在帮助开发者轻松部署、管理和使用模型(如 DeepSeek 等)。

Ollama 存在未授权访问漏洞,攻击者可以直接访问敏感接口进行读取、下载或删除私有模型文件,或滥用模型推理资源等高危操作。

攻击者只需访问服务端口(默认 11434)即可调用敏感功能接口,进而读取、下载或删除私有模型文件,或滥用模型推理资源等。

直接请求api路径即可,这里查看都有哪些模型

curl http://127.0.0.1:11434/api/tags
这个接口列出 Ollama 提供的 LLM 模型。

该接口对应的处理函数是ListHandler,可以看到,未进行任何权限,直接返回模型。

func (s \*Server) ListHandler(c \*gin.Context) {  
ms, err :\\= Manifests(true)  
if err != nil {  
c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})  
return  
}  
​  
models :\\= \[\]api.ListModelResponse{}  
for n, m :\\= range ms {  
var cf ConfigV2  
​  
if m.Config.Digest != "" {  
f, err :\\= m.Config.Open()  
if err != nil {  
slog.Warn("bad manifest filepath", "name", n, "error", err)  
continue  
}  
defer f.Close()  
​  
if err :\\= json.NewDecoder(f).Decode(&cf); err != nil {  
slog.Warn("bad manifest config", "name", n, "error", err)  
continue  
}  
}  
​  
// tag should never be masked  
models \\= append(models, api.ListModelResponse{  
Model: n.DisplayShortest(),  
Name: n.DisplayShortest(),  
Size: m.Size(),  
Digest: m.digest,  
ModifiedAt: m.fi.ModTime(),  
Details: api.ModelDetails{  
Format: cf.ModelFormat,  
Family: cf.ModelFamily,  
Families: cf.ModelFamilies,  
ParameterSize: cf.ModelType,  
QuantizationLevel: cf.FileType,  
},  
})  
}  
​  
slices.SortStableFunc(models, func(i, j api.ListModelResponse) int {  
// most recently modified first  
return cmp.Compare(j.ModifiedAt.Unix(), i.ModifiedAt.Unix())  
})  
​  
c.JSON(http.StatusOK, api.ListResponse{Models: models})  
}  

大模型拉取函数,没有进行任何权限验证。
也可以删除指定模型。

修复建议

方法一

最好的修复方法肯定是修改代码逻辑,给 Ollama API 添加认证的需求。当然这需要原作者的配合。

方法二

对web服务器配置进行修改,这里拿nginx进行举例:

对访问接口的请求,添加一个简单的密码验证。

server {
listen 11434;
​
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
​
proxy_pass http://192.168.1.100:11434;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

漏洞分析

https://forum.butian.net/index.php/article/670

Posted in AI, 安全通告.

Tagged with , .