I’ve been doing my usual Friday news gathering for the day job and that means here is todays NewsBits…. Here’s what’s in it:
- Redis 5.0 gets a new release candidate and controversy.
- Updates for older MongoDB versions.
- A guide to analyzing slow MongoDB queries.
- Making MySQL‘s shell shine.
- Google open up Dataset Search.
- Firefox 62 lands, as does the new ESR release.
- HTTP2 support no longer experimental in Node 10.10.
- VS Code gets a new Settings UI.
- Checkout pull requests with the latest Atom.
- Where to get Java support in the future?
- And whats it like migrating to Java 11?
- And finally an SQL puzzler…
Click here to read Compose’s NewsBits (be meeeee!) for this week
Redis 3.0.0: Antirez (Salvatore Sanfillippo) brought us Redis 3.0.0 on April 1st (and I salute him for ignoring the worst day on the Internet by doing real things). The big thing with 3.0 is clustering, better smarter clustering that is, out of the box and good enough scalability and fault tolerance for many use cases. It’s a big jump, and it may take some iterations to nail it down but its worth it for the usefulness that Redis represents to a system architect.
Atomic Pairing: If you use the Atom editor (I do) and you like to pair, you may be interested in AtomPair which uses HipChat or Slack and Pusher to let developers pair (or more) inside the editor.
Rust 1.0 nears: Rust 1.0 hit beta – We’ll talk more about that at 1.0 time…
And Finally… Coherent: Long ago there was a Unix (cough) like OS for 286 and 386 PCs called Coherent. It worked in a wonderfully limited way (apparently using the CPU’s 64K paging tricks) and it disappeared into history. But now the Coherent source and other software from Mark Williams Company have been released under an open source license. Don’t expect to dash out and use them, but its a fine historical artifact to be able to now look inside.
POODLE yips: In what was a glorious nail in the coffin of SSLv3, the POODLE vulnerability(PDF) made sure no one would trust SSLv3 again. The simple fix is to turn off SSLv3 where its used. The bug itself is bad in terms of cryptography, in that it gives an attacker a route to completely decode a stream that has been encrypted, but in practice its not as bad because the attacker has to be a man in the middle to get started. So, using SSLv3 from the open Wi-Fi at the fast food cafe, a bad thing. More worthwhile reading includes Imperial Violet’s explanation and Zmap.io’s guide to disabling SSLv3 in servers.
Chasing Tails: The Tails Live Linux distro, which tries its level best to be an bootable anonymous secure distro, has had an update to Tails 1.2. In the wake of the POODLE hole, it’s switched over to Tor Browser, dropping the IceWeasel, and that change also happens to close its POODLE vulnerability. There’s also Tor and kernel updates and various other minor changes. If you use it, just upgrade.
Docker tightens security: Docker 1.3 has landed, or more accurately Docker Engine 1.3. Highlight is digital signature verification of repositories of images, albeit as a tech preview of the feature. A production option also lets you set SELinux and AppArmor profiles from the command line. Other goodies include the ability to inject a process into a running Docker app so you can wake up a shell when you need to debug something, create and start commands for containers (on top of existing the all in one run command) and most usefully to me at least, shared directories on Mac OS X. The more interesting (as in get the popcorn) move from Docker is its partnering with Microsoft with a long term goal of making Docker run on Windows containers, not just on an a VM with Linux inside. Big challenge there as Microsoft have to basically get cgroups and more onto Windows Server.
Redis Clustered: The Redis key/value cache and store has pushed a release candidate for Redis 3.0.0 out. This is a rather important release as @antirez explains in his blog, it’s the first version with Cluster support, a long in-development feature, which has reached “minimum viable product” level and is stable enough for testing.