Bouncy Castle Crypto update: Adding support for client side TLS 1.2 and DTLS 1.2, along with ECDH and ECDSA for the OpenPGP library and many other cryptography options, the splendidly named Legion of the Bouncy Castle have updated their Java Crypto libraries to version 1.5.0 – further details in the release notes.
FreeBSD 10 beta 4: The announcement of FreeBSD 10 Beta 4 has also seen the gentle push of the scheduled release date to 2 January 2014 with a December full of release candidates. The in-development release notes give an idea of what to expect as will this article from September.
Rails updates for security: There’s updated Rails with the release of 3.2.16 and 4.0.2 which address four or five CVE-numbered vulnerabilities. The problems fixed include various XSS vulnerabilities, a denial of service hole and fixes for a previous incomplete security fix.
Go 1.2 is go: Go 1.2 is now official with the announcement that, after 7 months, the latest modifications to the language, library and toolchain are now available. Full details in the release notes. Updates are expected to come on something closer to the 7 month cycle in future.
Catching up on Codescaling with some of the less mentioned things worth noting…
- FreeBSD 10.0’s latest beta: It’s into the home/RC straight for FreeBSD 10 with the release of the third and hopefully last beta of the development cycle. The original schedule would have seen RC2 available around now, but with a focus on a quality release, there’s been a bit of slippage. Check out this FreeBSD News item from September for a feel of what’s going in. I’m looking forward to the switch to LLVM/Clang and seeing how the tickless kernel works out.
- SQL injection attacks by Google?: Sucuri have come across an odd thing, Google doing SQL Injection attacks. Basically, Google’s bots crawl a site with links which would carry out an SQLi attack if followed… and then follow them like the bots they are which carries out the attack. Google may want to add at least some filtering to their bots in future, but its something to remind any application that ingests URLs from the web to follow them that URLs are not necessarily passive.
- Rust reworks stack plan: For those interested in the implementation of languages, the Rust developers have decided to drop segmented stacks. Segmented stacks were stacks that were allocated small and expanded as needed. This would have allowed threads to have a much smaller footprint, but it didn’t quite work out that way. Followups on the thread discuss the cost of memory, both having it and accessing it, and alternative strategies.
- InfluxDB: Databases for time series data are in and the latest open source addition to the game is InfluxDB which prides itself in no external dependencies. The Go-based MIT-licensed code has a JSONic HTTP API, an SQLish query language and a playground server to get running with. Its early days for InfluxDB, but its off to a good start.
- Mozilla’s Circus Renewed: Mozilla’s Services project has announced a new version of its process/socket manager called Circus. Built using Python and ZeroMQ and recently redeveloped to be Python 3 compatible and fully asynchronous, the software lets an administrator manage processes and sockets on servers through a command line, Python API or web console. You can find the code on mozilla-services github.
- RethinkDB gets multi-indexing: The developers of the open source, NoSQL database RethinkDB have announced version 1.10 which comes with the ability to index rows with fields of multiple values, like say an list of tags for a blog entry. Looking for all records with a particular tag previously required slow iteration, but now with the multi-index it is possible to index the set of values within the field and then to “get_all” for a particular tag value using that index. RethinkDB server is written in C++ and AGPL licensed with Apache licensed client drivers.
- FreeBSD 9.2 released: In the latest FreeBSD release ZFS gets added TRIM support for solid state drives and lz4 compression and there’s updates for OpenSSL (to 0.9.8y), DTrace (to 1.9.0), Sendmail (to 8.14.7) and OpenSSH (to 6.2p2). There’s also virtio drivers and enabled Dtrace in the “GENERIC” kernel. Read more in the FreeBSD 9.2 release announcement.
- RyuJIT for .NET: Over in the world of .NET, interesting things are afoot with a new 64-bit just-in-time compiler, RyuJIT, making its debut as a CTP (Community Technical Preview). .NET’s had a 64-bit JIT for some time, though the JIT has apparently been quite slow. RyuJIT runs twice as fast and overall gives a 30% speed up to start up. One benchmark with regular expressions went off the scale, going from a 1.4GB working set and 60 seconds run time to 199MB and 1.8 seconds run time – yes the older compiler is particularly bad at regular expressions.