Developer Catchup: New Node, Profanity, Oh-My-Git, Knightmares, Bad Docs and Go Tracing

developercatchupNode.js 0.12 has arrived with many long gestating changes now available. Io.js has a lot of these in already and a more up to date V8 engine for JavaScript, but if you’re sticking with Node.js releases, this is the biggy. Better more sensible streams, more HTTP sockets and keepalive, a new round robin clustering system and initial support for ECMAScript internationalisation. No, don’t go flipping your production system over to this right now, but do give it a go on your test/staging systems… it’s the future y’know.

Profanity is a console-based take on XMPP messaging, bridging the gap between IRC and desktop clients. Check it out if you live in terminal windows.

Oh-my-git implements one feature of Oh-my-zsh which people really like without needing to switch to Oh-my-zsh or even zsh. It’s a prompt engine which makes your zsh or bash prompt you with details of your current directory in terms of its git status. If it isn’t a git directory, it gives you a normal prompt. Nice work.

Want to hear a horror story? Read Knightmare: A DevOps Cautionary Tale and wince at the pain that took a company down in 45 minutes. Yeah, dodgy dossier timing.

Embedded code run in documentation? Sounds like nothing could go wrong with that… much… well a lot. Well, this is awkward…

687474703a2f2f692e696d6775722e636f6d2f62755346376d352e706e67First time using Go? Fogleman knocks it out of the park with his pt project, a path tracer in Go which comes complete with examples. He’s got lots of plans for it too so if rendering 3D things is your thing, you may want to check it out.

Developer Catchup: Go libraries, easy Charts, Tumblr frameworks, Zsh secrets and secret Android compilers

developercatchupFacebook Go: When you develop a lot in Go, you make a lot of libraries and tools in Go. Facebook must be doing plenty because their new Facebook Go repository is full of code, much of it useful utilities for managing HTTP connections, mocking for tests, apps to test libraries like MySQL and MongoDB drivers and so on. Add to your resource list.

HTTP2 Go: While we’re talking Go, there’s a HTTP2 library in development by Google’s Brad Fitzpatrick. While you probably will never touch this directly – it’s designed to be hidden behind net/http – it’s good to know it’s being worked on and it tracking the drafts of the next generation HTTP.

Simpler Charts: When you pick up a powerful charting library does your head spin with the number of virtual buttons, knobs, sliders and dials youo can adjust? And do you get disheartened when no matter how much you twiddle, things just don’t look good enough? Metricsgraphics.js might be what you need. Underneath it uses the D3.js library, but to the user it presents a simple, opinionated API which is designed to need the least twiddling for a good chart. An examples page shows what you can do and an interactive demo lets you play.

Tumblr Services: Seems the folks at Tumblr have been wrestling with microservices, performance and reusability. To take that on they have built Colossus and blogged about it – it’s a Scala/NIO/Akka based framework designed to rapidly and concurrently to process many small client requests. It’s still a work in progress and the release is “pre-1.0” but the code is up on Github. The most interesting part is probably that its coming out of Tumblr.

Zsh features: Zsh is a neat shell, but at first look not overly compelling. This article on Zsh features shows why Zsh is neat. It talks about smart directory completion on ‘cd’ commands, shorthand pathing, partial command searching, tab completion for the kill command, expanding environment variables, git and general help and more. I’ve switched over to zsh but there’s still so much to find and so much familiar from bash.

Covert Compilers for Android: Interesting article about Jack and Jill, two compilers for Android and a new intermediate byte code called Jayce. It appears Google are pushing out a new build chain which does away with dex and has Jack generating Dalvik bytecode directly. For libraries, they are compiled into Jayce bytecode by Jill and are consumed by Jack. These aren’t announced yet but it will represent a major change to the Android build system, sufficient to allow Google to start moving away from standard Java.

Developer Catchup: POODLE, Tails, Docker, Redis and more

developercatchupPOODLE yips: In what was a glorious nail in the coffin of SSLv3, the POODLE vulnerability(PDF) made sure no one would trust SSLv3 again. The simple fix is to turn off SSLv3 where its used. The bug itself is bad in terms of cryptography, in that it gives an attacker a route to completely decode a stream that has been encrypted, but in practice its not as bad because the attacker has to be a man in the middle to get started. So, using SSLv3 from the open Wi-Fi at the fast food cafe, a bad thing. More worthwhile reading includes Imperial Violet’s explanation and Zmap.io’s guide to disabling SSLv3 in servers.

Chasing Tails: The Tails Live Linux distro, which tries its level best to be an bootable anonymous secure distro, has had an update to Tails 1.2. In the wake of the POODLE hole, it’s switched over to Tor Browser, dropping the IceWeasel, and that change also happens to close its POODLE vulnerability. There’s also Tor and kernel updates and various other minor changes. If you use it, just upgrade.

Docker tightens security: Docker 1.3 has landed, or more accurately Docker Engine 1.3. Highlight is digital signature verification of repositories of images, albeit as a tech preview of the feature. A production option also lets you set SELinux and AppArmor profiles from the command line. Other goodies include the ability to inject a process into a running Docker app so you can wake up a shell when you need to debug something, create and start commands for containers (on top of existing the all in one run command) and most usefully to me at least, shared directories on Mac OS X. The more interesting (as in get the popcorn) move from Docker is its partnering with Microsoft with a long term goal of making Docker run on Windows containers, not just on an a VM with Linux inside. Big challenge there as Microsoft have to basically get cgroups and more onto Windows Server.

Redis Clustered: The Redis key/value cache and store has pushed a release candidate for Redis 3.0.0 out. This is a rather important release as @antirez explains in his blog, it’s the first version with Cluster support, a long in-development feature, which has reached “minimum viable product” level and is stable enough for testing.

Quickies: 6to5 – turns JavaScript ES6 code into plain ES5 code which could be well useful. Asciicinema – lets you record and playback terminal sessions (and could be even better with audio – hint). On the to read list – Building Web Apps with Go – MIT licensed book based around Heroku use but lots of interesting content. And Whiteout Mail has gone open source – it’s all about accessible secure mail and has been in the works since 2013.

Developer Catchup: Docker 1.1.0, Rust 0.11.0, Python 2.7.8 and Dropbox Go Libraries

developercatchupDocker 1.1.0: The first post 1.0 update for Docker is in and Docker 1.1.0 now has a .dockerignore mechanism for ignoring file changes, containers that now pause when a commit it happening (rather than messing them up), container log tailing, the ability to feed tar archives to docker build and other changes which should make life a bit easier and more predictable.

Rust 0.11.0: The latest Rust announcement for version 0.11.0 is about smoothing out the type system to allow for dynamically sized types and refactoring the standard libraries to allow for that. It means that language embedded elements like ~ and @ have become library types called Box and Gc that should make the language easier to understand. It all brings Rust 1.0 closer – by the end of the year is the current hope.

Python Updates: The start of July saw a Python update for various security issues – Python 2.7.8 updated the OpenSSL library, fixed mimetypes and UNC paths regressions and blocked an arbitrary code execution hole in CGIHTTPServer. There were also a number of core and library fixes detailed in the release notes. There was no corresponding update for Python 3.x though the CGIHTTPServer issue is scheduled to be fixed in Python 3.4.2 according to the in progress changelog.

Dropbox Go: Dropbox, a big Python user, has also been working with Go and has been moving its infrastructure to Go based code. In the process, they’ve written a lot of libraries to support that work and now they are open sourcing those Go libraries with a 3 clause BSD license. There’s code for caching, an improved error interface, a programmatic SQL statement builder, a memcahce client library, connection management and a space efficient hash library. And they will be doing it the right way – they’ve committed to using the public versions of the libraries inhouse (rather than maintain their own branch). You’ll find the documentation for all the libraries over at Godoc.org.

Codescaling Catchup

CodescalingCatchupRegular readers may have noticed a bit of a slow down in postings as I’ve been rearranging the scheduling of things here at Codescaling to allow for other commitments. Hopefully, I’ll be doing a regular Sunday catchup of what would have been snippets and during the week I should, all going well, be looking at a particular thing, be it software or hardware, thats in scope that week. As some may know, I’m curating HackWimbledon and may cover some of the hands on stuff there. But enough of plans… What’s on the catchup this week…

I’ve been doing some work with Eclipse Orion, a web-centric IDE with some interesting attributes, so I was interested to see news of forthcoming language support enhancements coming in Orion 6.0. Lots of interesting bits like syntax highlighting that brings in Arduino files, new documentation generators, the ability to use all the tooling while the JavaScript is embedded in HTML, better tunable JavaScript validation with new rules and so on… worth checking out.

Google landed Go 1.3 this week and it does seem to feel quicker and slicker (I’m getting on with Go code myself and noticed the difference). The experimental support for DragonFly BSD, Plan 9 and Solaris is intriguing… Go on Plan 9 feels like a giant philosophical loop being closed. Also interesting is discussion of Go for Android from one of the Go team… it seems to be on course to start emerging in Go 1.4.

Big news in Python land where the PyPy team landed the first stable release of PyPy3. PyPy is a very compliant Python interpreter with a tracing JIT compiler built in. It had been stable only on Python 2.x but now there’s PyPy3 (libraries are at Python 3.2.5 level, unicode support from Python 3.3). At some point the Python 2.x->3.x transition logjam will be broken and this will be a big help.

Coin cells didn’t immediately strike one as a space for useful research but I was proved wrong on reading How much energy can you really get from a coin cell?, where different makes and models of cell were compared using an ARM controller which systematically loaded each battery. I’m more curious about this now as I just took delivery of PunchThrough’s Light Blue Beans, Arduino style controllers with Bluetooth and powered by a coin cell, but more about those in a future Codescaling post – till then check out the Surf Report Notifier.

The OpenSSL/Heartbleed fallout continues with Google’s latest move, BoringSSL, a bidirectional fork (the codebase’s separate but patches continue to flow in both directions – it needs a term, so bidifork) of the OpenSSL code. Google seem to be using bididforks to allow them to stay plugged into communities but retain control of their destiny; Webkit and Blink seems to be the first bidifork. Whether they work, we don’t know, but I suspect that its an area ripe for research and even formally recognising as an middle course for open source projects between fighting and forking.

On the Todo list – have a look at the Maynard/Wayland desktop on the Raspberry Pi, check out the OEM BeagleBoard Blacks, browse through the undocumented Swift standard library and now it’s a 1.0, checkout the WordPress REST API.

Go Beta, Gogs, GCC Release and TinyCore Linux – Snippets

snippets07
Go 1.3 goes Beta: The first beta of Go 1.3 has been announced. This update will have no language changes, and instead sees improvements to the Go ecosystem like experimental support for Solaris, Plan 9 and, probably most significantly, the return of support for Google’s Native Client (on Intel only for now). The release notes pick out the major goodies – faster builds and binaries thanks to a refactored toolchain and precise garbage collection and a fix to TLS skipping verification – along with the less major changes such as updated Unicode support and tweaks to net/http.

Gogs: Talking about Go, Gogs is an interesting project in its early days, creating a pure Go self-hosted Git service with social account logins, public/private repositories, various database backends and all wrapped up in a single binary which can be built for wherever Go builds. One to keep an eye on.

GCC 4.9.0: Thirteen months since the last major release of the GNU Compiler Collection and version 4.9.0 arrives. Lots of optimiser improvements or existing features being spread to new platforms; for example AddressSanitizer, the memory error detector, is now available on ARM. OpenMP 4.0 is now supported, you can get your C diagnostics in glorious colour, various C11 elements, such as atomics, are now available, improved C++11 support and experimental C++14 support and there’s now Go 1.2.1 support. For all the details, check the changes file.

TinyCore Linux 5.3: Like your Linux tiny? The TinyCore 5.3 has been released with a number of tweaks on the compact Linux which can squeeze into as little as 12MB. Read more at the home page.

IDEA 13, Java crypto, FreeBSD 10 beta 4, Rails update, Go 1.2 – Snippets

snippets03

  • IntelliJ IDEA 13: Jetbrains has rolled out the latest version of its IntelliJ IDEA Java IDE. Version 13 gets a big refresh on the user interface with new light look and feel on Windows and Linux and toolbars hidden by default, better visualisation of errors and warnings with “lens mode”, comment/string only searching, built in SSH terminal, Java 8 support and a presentation mode for talking about coding. All those features, along with enhancements to Android, Gradle, Groovy, Scala and version control support are in the community version. The commercial Ultimate edition includes JSF 2.2 support, batch job code assistance, JAX-RS 2.0 annotation handling, more app server support, Spring context configuration and MVC view, improved JavaScript debugger, CSS extract refactorings, DART support and many enhancements to the database viewing and support. Full details are in the What’s New page for the new release. The open source Community version and a 30 day trial of the commercial version are both available to download.

  • Bouncy Castle Crypto update: Adding support for client side TLS 1.2 and DTLS 1.2, along with ECDH and ECDSA for the OpenPGP library and many other cryptography options, the splendidly named Legion of the Bouncy Castle have updated their Java Crypto libraries to version 1.5.0 – further details in the release notes.

  • FreeBSD 10 beta 4: The announcement of FreeBSD 10 Beta 4 has also seen the gentle push of the scheduled release date to 2 January 2014 with a December full of release candidates. The in-development release notes give an idea of what to expect as will this article from September.

  • Rails updates for security: There’s updated Rails with the release of 3.2.16 and 4.0.2 which address four or five CVE-numbered vulnerabilities. The problems fixed include various XSS vulnerabilities, a denial of service hole and fixes for a previous incomplete security fix.

  • Go 1.2 is go: Go 1.2 is now official with the announcement that, after 7 months, the latest modifications to the language, library and toolchain are now available. Full details in the release notes. Updates are expected to come on something closer to the 7 month cycle in future.