Category: Tech Insight

Migrating to MariaDB from MySQL

Migrating to MariaBD from MySQL

As of 4th July 2021, all our cloud-hosted customer’s MIDAS databases have been migrated across from MySQL to MariaDB.

MariaDB What is MariaDB?

MariaDB is a community-developed “fork” of the popular MySQL database engine.

It was created by one of the original founders of MySQL, who forked it over concerns surrounding MySQL’s acquisition by Oracle Corporation in 2009. These concerns centered around rumors that Oracle were considering killing off MySQL to prevent competition with their own “Oracle” database. In the end, that didn’t actually happen and MySQL continues to remain available. But MariaDB continues to gain in popularity year on year, and has a number of advantages over MySQL.

Why migrate from MySQL to MariaDB?

  • MariaDB offers improved performance over MySQL in many scenarios.
  • MariaDB is community-driven, whereas MySQL is owned and developed by Oracle Corporation.
  • MariaDB has 268 contributors vs 83 contributors to MySQL *
  • MariaDB is arguably in more active development. (MariaDB has 193,318 code commits – the latest was today, MySQL has 163,534 – the latest was 3 months ago *)
  • MariaDB continues to gain in popularity.

* correct at time of writing

Now, we’ve been thoroughly testing MariaDB in our MIDAS development environment for well over a year now. In fact, it’s now become our “preferred” database engine over MySQL. We now only use MySQL for testing purposes. Because we now develop primarily using MariaDB, it made sense to move cloud-hosted customers over to this database engine too.

Will I notice any difference?

Our cloud-hosted customers may notice small performance improvements when performing certain operations in their online booking system. Other than that customers shouldn’t notice any other obvious changes.

That doesn’t mean that there aren’t any additional benefits to MariaDB though! One of the things we’ve now been able to do in to MariaDB is implement “data-at-rest” encryption.

Data-at-rest encryption

When it comes to encrypting data send over the internet, there are broadly two different types of encryption; encryption in transit, and encryption at rest.

Encryption in transit deals with the secure transmission of data between your browser and a server. For example, if you submit a form on a web page, the data you entered needs to be transmitted (or “sent”) to a server. If the form was on a web page severed from a URL beginning “http://”, the data is transmitted unencrypted to the sever. This means that they data you’re submitting could potentially be intercepted and read during transit.

A form submitted on a website accessed over httpS, with correctly configured security certificates, will mean than the data will be encrypted in transit to the server.

All of our cloud-hosted MIDAS systems are accessible over secure https only. We support the latest standards and protocols (including TLS 1.3), and disallow older/obsolete/insecure protocols (like SSL 2/3, and TLS 1.0/1.1). If you’re interested, you can view our A+ rating on SSL Labs.

Encryption at rest on the other hand deals with how data is actually stored on a server (i.e. on a physical disk). Data may be encrypted in transit, yet not encrypted at rest, or vice versa.

The most secure systems are those which encrypt data both in transit AND at rest.

As of 4th July 2021, we’re pleased to announce that all our cloud hosted customer’s databases are also now encrypted at rest too!

What about self-hosted customers?

This month’s migration from MySQL to MariaDB affects cloud-hosted customers only.

Self-hosted customers have a choice between either using MySQL or MariaDB for their MIDAS database.

We have no plans to discontinue support for MySQL in the foreseeable future, and will continue to provide support to customers who are using MySQL for their MIDAS booking systems.


We’re greener than most!

MIDAS uses 86% less carbon than the average website

The environment, and our combined impact upon it, is an important global issue. Every day there are new headlines highlighting the environment challenges facing our world, and ways that we can all help combat climate change and reduce our carbon footprint.

Earth Hour

Here at MIDAS you may be aware that we have previously taken part in Earth Hour and we will be taking part again this year on Saturday 27 March 2021. The aim of the campaign is to raise awareness of environmental issues and asks for both individuals and businesses alike to switch off their lights for an hour between 8.30pm – 9.30pm in their local time zone.

How MIDAS is responding

Whilst thinking about this year’s Earth Hour we have been reviewing our current environmental strategies and looking at ways in which we could further reduce our carbon footprint.

As MIDAS is an online room booking system, we’re conscious of our environmental impact. We’re also pro-active in researching ways we can reduce our impact on CO2 emissions.

As part of our research, we recently discovered the Website Carbon Calculator. The website carbon calculator uses five key metrics to estimate the carbon emissions of a website. These factors include the volume of data being transferred when a web page is viewed, the type and amount of energy used at the data center serving the web page, as well as the volume of traffic to the site.

The carbon calculator remarks that:

The average web page tested produces 1.76 grams CO2 per page view. For a website with 10,000 monthly page views, that’s 211 kg CO2 per year.

websitecarbon.com

For our own website homepage, the Carbon Calculator estimates that MIDAS is 86% cleaner than all other websites tested. It estimates that just 0.19g of CO2 is produced every time someone views our home page (1).

Only 0.19g of CO2 are produced by visiting our website

We also compared our website’s carbon footprint against those of other similar businesses in our sector, to see how we fare in comparison (1).

CompanyComparison against all websites tested through the carbon calculatorCO2(g) produced per view of home page
MIDAS86% Cleaner0.19
Roomtime82% Cleaner0.26
Supersaas82% Cleaner0.26
Skedda75% Cleaner0.40
Acuityscheduling70% Cleaner0.49
Teem59% Cleaner0.73
Bookinglive52% Dirtier1.00
Roomzilla52% Dirtier1.00
Getjoan56% Dirtier1.10
Myrendezvous63% Dirtier1.35
Cloudbooking66% Dirtier1.47
Bookitwise68% Dirtier1.54
Deskflex92% Dirtier4.45
Meetio98% Dirtier12.01

(1) Data correct at time of testing, and purely relates to the amount of CO2 produced per view of the homepage of each website.

As can be seen from the information produced by the website carbon calculator, there are some significant differences between some of these businesses. In some cases, viewing the home page of one of these other websites produces more than 60 times the amount of CO2 than visiting MIDAS!

Now, when choosing a room booking system, resource scheduling software, or appointment scheduler, the amount of carbon it produces probably isn’t top of your list of criteria. In fact, it may not factor in your decision making process at all!

Choosing greener online businesses

MIDAS produces 60 times less carbon than some of our competitors

Most businesses, when focusing on reducing their carbon emissions, look to do so in “visible” ways. For instance, by reducing heating costs through better insulation, or reducing electricity costs by switching to LED light bulbs.

Reducing the amount of carbon produced by the various software products they choose is a less obvious and less “visible” action.

But when you consider the vast differences that do exist today between software vendor’s carbon production, choosing a software vendor with a low carbon footprint makes sense! Not only does it help with your own business’ green credentials, but it also – more importantly – it helps our planet.

Why choose a business that would require the equivalent of 60 trees a year to absorb the carbon it produces, when you could choose a business requiring just 2?

For a room booking and resource scheduling system committed to being green, be sure to consider MIDAS.

2025 UPDATE: We’re now even greener! – See our Green Credentials.


The Importance Of Keeping Software Up-To-Date

Software Update

In October 2020, it came to light that Public Health England (PHE) had “lost” nearly 16,000 COVID-19 Test Results.

The issue arose by the way the health agency compiled results from the various commercial firms paid by the UK government to analyze Coronavirus swab tests of the public, to discover who has the virus.

These private firms provided their data in the form of CSV (Comma Separated Values) files – essentially text files.

PHE had set up an automatic process to pull this data together into Microsoft Excel templates so that it could then be uploaded to a central system. From there it could be made available to the NHS Test and Trace team, as well as other government agencies.

The problem was that PHE’s own developers picked an old Excel file format to do this – XLS.

Excel’s XLS file format dates back to 1987, and was superseded by XLSX in 2007.

In the original XLS format, each file could only handle around 65,000 rows of data. The more modern XLSX format can handle well over a million rows!

As a consequence of using the outdated XLS format, nearly 16,000 positive Covid-19 test results were “truncated” and not correctly recorded.

Whilst the 15,841 individuals who tested positive were themselves notified of their result and told to self-isolate, the people they’d been in recent contact with weren’t.

It’s estimated that in the region of 40,000+ contacts were not traced by the NHS’s Test & Trace team simply as a result of PHE using obsolete software.

Why were Public Health England using 13+ year old software?

There are many reasons why organizations may continue to use outdated software in their operations, including:

Cost

One of the most common reasons for not updating software is the cost. For large organizations which may have thousands of workstations and devices, the cost to keep software up-to-date can be prohibitive. Good businesses will plan and budget for these large expenditures and take advantage of bulk discounts and site-wide software licenses.

Compatibility

Most businesses use multiple software products from different vendors. Often compatibility between these products is required. Not all software titles used by a business are regularly updated by their developers. Some may not have been updated for several years! Often a factor preventing organizations from updating software to more recent versions is when there’s a risk that doing so would break compatibility with other software they use that’s not been updated for years.

This is actually one of the reasons that Internet Explorer 6 and then 8 stayed around for so long. These were aging browsers, but many 3rd party web applications which hadn’t been updated in years wouldn’t run in more modern browsers. This effectively forced Microsoft to continue providing support for their fledgling browser for years.

Human Resources

Some organizations lack the in-house personnel or expertise to roll out company-wide software updates. Again, cost can be a key factor here.

Other organizations “outsource” their IT, and rely on a 3rd party provider to keep all their software up-to-date. Most IT providers will routinely do this. However, some take the attitude that if the customer doesn’t know – or isn’t asking – about updating software on their systems, then why do it?

Business Interruption

Some organizations are concerned that a large scale roll-out of a software update company wide could cause or “down-time” or other unintended issues. This may intern affect staffs ability to do their work.

A “phased” upgrade approach – rather than updating every device at the same time – may be more sensible. However, this approach could result in compatibility issues if some staff are using a newer version of certain software, at the same time that other staff are still using the older version.


We suspect in the PHE case, the key factor inhibiting upgrading from 13+ year old software was cost.

When it comes to publicly-funded health services, the general public would rather their taxes be spent on front-line services that they can ‘see’, rather than on back-end computer systems and software.

As this case has highlighted though, running obsolete software can potentially put peoples lives at risk!

Why keep your MIDAS system up-to-date?

We know that some of our self-hosted customers continue to run obsolete and out-dated versions of our MIDAS room booking software.

We’ve been developing our software for close to 20 years now, and regularly release software updates. Yet, we’re aware that there some very old MIDAS systems still in operation.

We strongly encourage all customers to keep their MIDAS systems up-to-date.

For our cloud-hosted customers, we do this for you! You’ll always be running the most recent version of our software, as we seamlessly keep your system updated.

For self-hosted customers, you can quickly check for updates with just a couple of clicks. Simply login to your system and go to MIDAS Admin Options → Manage MIDAS → Update.

You’ll need an active Support Subscription in order to obtain updates. If you don’t have a subscription, or your subscription has elapsed, you can quickly purchase/renew at mid.as/renew.

Updating means that you’ll have access to all the very latest new and improved features. More importantly, ensuring you’re running the most recent version means you’re not missing out on any important security patches and updates to keep your MIDAS system safe & secure.

We’d therefore like to encourage all self-hosted customers to take a few moments to check your MIDAS system is up-to-date.


Introducing our new Security Center

Password Storage Best Practice

We take a transparent and pro-active approach to the security of our infrastructure and software. In fact, earlier this month we published details of how user passwords are stored within MIDAS following a data breach at one of our competitors. We also implement regular security enhancements to our software.

No technology is perfect, but here at MIDAS we believe that working with skilled security researchers across the globe is crucial in helping identify potential weaknesses in our software and infrastructure.

That’s why this week, we’re pleased to launch our new dedicated Security Center at security.midas.network

From this dedicated portal, you can …

Report a Security Concern or Vulnerability

We work alongside researchers who responsibly disclose security issues, to address such concerns and vulnerabilities in a timely manner. Our Reporting Guidelines page offers guidance for security researchers wishing to raise a concern with us.

Contact our Security Team

Our security contact page provides methods of getting in direct contact with our security team to raise a security concern in our software or infrastructure.

Read the latest Security Advisories

If a serious concern within our software or infrastructure is identified, we may issue a “Security Advisory” containing advice for customers and end-users. We will publish Active Security Advisories here: security.midas.network/advisories.

View our latest Security Audits

As part of our transparent approach to security, we’ve included a “Security Audits” section in our Security Center. Here you’ll find reports and results from both internal and external security audits on our software and infrastructure.

View our Security Changelog

Until now, we’ve been publishing two “change logs” (or “Release Notes”). One for significant major updates to our software, at mid.as/changelog. The other details interim “bug fix” updates, and may be found at mid.as/updates.

Avid readers of these change logs may notice on occasion the entry “Security Enhancements“. These are improvements we make to the security of our software, but which we typically don’t publish details of.

However, more information on these “Security Enhancements” will now be published in the Security Changelog in our Security Center. The log will also include details of security updates and improvements to our network and server infrastructure too.

View our Security “Hall of Fame”

We appreciate the time and effort that security researchers contribute. So we’ve set up a “Credits” page where we gratefully acknowledge and thank those who help keep MIDAS and our users safe.