FreeBSD 10.0 so close, Ruboto goes 1.0, ODroid U3 coming – Snippets

snippets03

  • FreeBSD 10.0 RC3 – so close: It’s so close, FreeBSD 10.0 that it, with the third release candidate for 10.0 being made available from the various FreeBSD mirrors. And while you are looking, remember that the FreeBSD Foundation is in the final part of 2013’s fund raising drive looking to get a million dollars (currently at $648,622 with 1499 donors) to power the group through 2014.

  • Ruboto – JRuby on Android 1.0.0: The developers of Ruboto have, with the release of 1.0, declared their port of JRuby on Android “ready for general consumption” with all the “important parts” of the Android API available and stabalised and performing reasonably and enough documentation to work with.

  • ODroid U3 powers up: LinuxGizmos.com notes the upcoming availablity of Hardkernel’s Odroid U3, a quad core Exynos 4412 ARM based board which looks to pack a lot of power into a $59 board. It’s already been added to Codepope’s shopping list, especially with the option to use 8-64GB of faster eMMC memory to host either Linux (Xubuntu) or Android. Stay tuned for when it arrives here for a close look… in the meantime, we have an Xmos StartKIT which is pining for attention.

  • Readables: About Obfuscator-LLVM, Dual-Use tools and Acdemic Ethics – one of the elements of the fall out of the evasi0n iOS7 jailbreak clown-car-crash…

Enlightenment 0.18 lit, FreeNAS 9.2 released and Java 8 brews – Snippets

Snippets

  • Enlightenment Updated: The Enlightenment/EFL window manager/libraries/desktop has been updated to version 0.18.0, just a year after the long silence that led up to the release of Englightenment 0.17.0. A full list of bug fixes and improvements is in the NEWS file for the release – compositing has been merged into the core, ten crashing bugs have been fixed and modules for music control, bluetooth, DBus application menus and compositing control have been added. Downloads are available from the project’s site.

  • FreeNAS 9.2 goes final: The network storage platform FreeNAS has been updated too with over 260 fixes and a rebasing on FreeBSD 9.2. The developers say it should sport improved performance, especially with encryption if appropriate hardware is available, and be more able to cope with higher loads. The release notes offer further details – Items I like on the list are full registration of all services through multicast DNS using Avahi, which should make a server much easier to just drop into a network, and the addition of a REST API for FreeNAS for remote control.

  • Java 8’s final draft: The final draft for the Java 8 specification is now available and this is going to be the reference document to the changes being made in Java 8, due in March 2014. Lambda expressions, new date and time APIs and type annotations are referenced with pointers out to the various JSRs to where Java will be next year.

Fedora 20, Meteor 0.7.0 and hacked Linux servers examined – Snippets

snippets03

  • Fedora 20 arrives: The latest Fedora has arrived, making it into 2013 and looking pretty good. There’s oodles of changes too. Desktop users will find GNOME 3.10 is the default desktop but there’s also Cinnamon 2.0 and Enlightment available, along with the latest KDE 4.11, MATE and others. Under the hood, system administrators will find syslog gone, replaced by journald, and experimental SSD caches, while developers are getting a GUI on Fedora’s DevAssistant, updated Perl, boost, glibc and Ruby 2 with Rails 4. The full release notes will guide you around. We’ve been tracking 20 since alpha, running it on machines here and its been working well – the one thing we haven’t checked out is Fedora 20 on ARM given ARM is now a primary architecture for the distribution. Download Fedora 20 in all its forms from the project’s download page.

  • Meteor gets update smarts: The latest release of the https://www.meteor.com/ platform for web applications has moved to a smarter way of working out database changes. Meteor 0.7 changes how changes in the database are discovered, away from polling the db and creating a diff and to a technique called oplog tailing – consuming the underlying MongoDB operations log and using it to reduce the queries that have to go to the database. There are caveats, most notably, in production you’ll need a MongoDB server configured as a replica. More details on this and other changes in 0.7.0 are in the release notes.

  • Hacking Linux Servers: Ars Technica has an article on how a security researcher documented the exploitation of a Linux server with PHP holes and a perlbot. It’s a reminder that attack tools for taking on Linux servers are no longer obscure or complex things and even a script kiddie can do real damage. Old holes do persist in the wild and every old, fixed hole is ready for exploiting. Now, more than ever, keeping your servers up to date with security fixes is essential.

Firefox 26, Netflix’s Suro, Vagrants and Dockers and Websockets for all – Snippets

snippets03

  • Firefox 26 digs in: Today we’ll see the release of Firefox 26, latest in the overly regular Firefox release cycle. From the (currently beta) release notes, we can see the big changes. All but the Flash plug-in are now click-to-play by default, Windows users can update their Firefox without having to write into the Firefox folders, the password manager can handle password fields generated by scripts and on Linux, if the installed gstreamer can handle h264, so can Firefox. A couple of fixes, some developer enhancements and thats about it. There’s also a Firefox for Android update due today. The release notes note some performance improvements, the same password manager enhancement and some fixes. The developer page for Firefox 26 covers changes of interest to developers in more detail. Firefox 26 will be turning up in updates and for download later today.

  • Netfix’s Suro goes open: From the people who brought you a cloud full of monkeys… Netflix’s latest open source release is Suro, an application monitoring system used by the video stream vendor to track the behaviour of their Amazon AWS deployed applications. Originally based on Apache Chukwa and adapted to fit Netflix’s demands, Suro pulls the company’s monitoring data from the various app clusters and pushes it to S3 (for Hadoop based analytics), to Apache Kafka (and on to Storm, Amazon ElasticSearch and Druid and to other event processors. There’s a lot more detail in the announcement including in production stats and how the pipeline is used to analyse errors.

  • Vagrant meets Docker: The latest update to Vagrant, version 1.4 has been announced and the big improvement in system that has traditionally been used to create automatically reproducible development environment is the addition of Docker support. The Docker provisioner can install Docker and then lets Vagrant cirtual machine pull and configure Docker containers within it. There’s also some enhancements to the scriptability of Vagrant itself, the ability to require a particular version of Vagrant and support for standalone file sync plugins.

  • websocketd: And finally, have you wanted to make a shell script or other app into a WebSocket server but lacked a library or access to the code to do it? Websocketd might be the answer as it turns anything with console I/O into a WebSocket server in a style rather reminiscent of CGI. Remember, most command line applications are not suitable for being exposed to the raw web, but the app could get you out of a hole when prototyping.

And, for reference, everything mentioned today is open source software.

RHEL 6.5 and Docker, Ruby Fixes and Epic Node.js Bugfixing – Snippets

Snippets.png

  • RHEL 6.5 docks?: Red Hat Enterprise Linux 6.5 has been released and as is usual for the point releases of RHEL, has a number of enhancements like Precision Time Protocol support (for microsecond synchronisation accuracy), better network data for admins, GlusterFS integration for KVM and NVMe (PCI SSD) support. Mentioned in the announcement is Docker, the container deployment platform, but oddly there appears to be no mention of it in the technical notes or release notes. LXC (Linux Containers) is also still on the Technology Preview list. Still, it’s a Red Hat update and the timer is now running for the equivalent CentOS, Scientific Linux and Oracle Linux updates to appear.

  • Ruby security update: There’s updates for Ruby 1.9.3 and Ruby 2.0.0 which both address a security problem, namely a heap overflow when parsing floating point numbers. The same issue is also fixed in the new preview2 of Ruby 2.1.0, just released.

  • Epic Node.js Bugfixing: There’s nothing like a good detailed walkthrough of the debugging hell someone’s been through to offer a chance to say (a) good work, (b) glad I didn’t have to do that and (c) you found what where? In the spirit of this, Joyent have documented the Walmart Node.js Memory Leak from identification to final elimination, in text and three video talks. The leak itself (in file closing) was subtle and the hunt hard – The fix is in the latest Node.js releases.

OpenSUSE 13.1, Gitorious 3.0 and a Raspberry Pi UPS – Snippets

Snippets.png

  • OpenSUSE 13.1 lands: The openSUSE folks have been busy and the result of their work is now available in the form of openSUSE 13.1. We shall have to see how the stabilisation work, including getting btrfs up to “everyday” (but not default) quality, pays off in practice. The other highlights of the release include OpenStack Havana, latest Apache, MySQL, MariaDB, Ruby 2 on Rails 4 and PHP 5.4.2. On the ARM front, there’s the start of AArch64 (64bit ARM) support and a new Raspberry Pi build. One of openSUSE’s foundations, YaST, has been ported to Ruby too, so more developers can work on it. Throw in GCC 4.8, C11, SDL2, Qt5.1 and stir in with a Linux 3.11 kernel, sprinkle some experimental goodness including Wayland with GNOME shell and KDE for the pioneers and what we have is what looks like openSUSE pushing forward. Downloads and release notes are available.

  • Gitorious glorious 3.0: If you prefer not to keep your code in Git repositories run by benevolent but commercial types, then Gitorious is probably on your radar as the open source hostable alternative. The team behind it have just announced Gitorious 3.0, with a new merge request UI, new dashboards, new public profile pages, new settings pages, new service integrations and lots of updates under the hood which get the RoR web app ready to make the jump, but not yet, to Ruby 2 and Rails 4. Future plans also include an integrated issue tracker.

  • Pi UPS: Say hi to the UPiS Advanced – It’s £45 but it may solve some people’s problems with getting power to their Raspberry Pi as it’s a battery backed, smart UPS board for the Pi which intelligently handles charging, recharging and going on line. There’s also a real time clock built in, along with various other interfacing options. If only I had a project to justify it…

Beta for Fedora 20, Scientific Linux 5.1 and is Tizen nearing? – Linux Snippets

Snippets

  • Fedora 20 enters Beta: Fedora 20 has entered beta so its time to step up that testing as there’s lots of goodies in “Heisenbug”. Top items include ARM as a primary architecture, the end of sendmail and syslog as defaults, fresh tools and more. Thats all in the announcement along with pointers on where to go for your downloads and further information on the GNOME 3.10 powered Fedora 20 beta.
  • Scientific Linux 5.10: Tracking the updates of Red Hat’s Enterprise Linux, as it is built from the sources of that distribution, the Scientific Linux developers have released SL 5.10. This follows Red Hat’s release at the start of October of RHEL 5.10. Similar provisos apply to the update regarding MySQL 5.0/5.1, namely that you’ll need to update to MySQL 5.5 which is also included as the support clock has run out on the older versions. For a more up to date release, remember SL are also following Red Hat’s RHEL 6 with their SL 6.4 released earlier this year.
  • Tizen Nearing?: It seems that Samsung have already released a Tizen powered device to consumers, the NX300M camera, which runs “Tizen Camera Platform”. Sammyhub had the details. Samsung are pitching Q1 2014 for Tizen 2.2.1-based smart phones and a multi-user, 64-bit, 3D UI Tizen 3.0 for Q3. But will the Linux based Tizen past muster outside the gates of Samsung Towers – 2014 looks like the year we find out.

Slackware 14.1, MariaDB 10.0.5, Glassfish and Android Crypto – Snippets

Snippets.png

  • Slackware updated: The venerable Slackware Linux has had its annual update for 2013 announced by Patrick Volkerding and a fine update it appears to be. A 3.10.17 Linux kernel, X11R7.7 X Windows, 64-bit UEFI installation support and updates across the board for dev tools, applications, desktops (Xfce 4.10.1 and KDE 4.10.5) and more. And Slackware ARM 14.1 is also available.
  • MariaDB 10.0 goes Beta: As MariaDB, the community-supported and developed MySQL fork, branches away from MySQL with version 10.0, the first 10.0 Beta has been released with enhanced replication, more storage engines supported, engine independent query statistics, regexps with PCRE, admin improvements with roles and more. Google sponsored one enhancement (parallel replication) and blogged about the release noting it is already deploying 10.0 into non-production MySQL instances to aid the MariaDB debugging and development process. In beta, the focus should be on stabilising the 10.x feature set, so if you are considering MariaDB 10.x for future use, now is a good time to check it out.
  • Glassfish goes open only: Oracle have pulled commercial support from the Glassfish server for future releases and are pointing users over at their commercial WebLogic Server. They are carrying on development of the server as the reference implementation of future Java EE platforms, but the fear is the quality of the RI will suffer with no commercial imperative to keep quality and performance high. Oracle may well have backed the wrong Java EE web server from a community point of view – I know no one who goes “Hey, lets do that on Weblogic” – but now the competitive field is wide open. The X-EE Factor auditions for series… One other takeaway comes from Tomitribe – Open source isn’t free and if we want it to be industrially healthy, then the industry needs to make sure some money ends up in the open source communities.
  • Android Crypto Misuse: Develop for Android (or Java in general)? Write code that uses cryptography? Then read this paper – An Empirical Study of Cryptographic Misuse in Android Applications(pdf). From the abstract, “We develop program analysis techniques to automatically check programs on the Google Play marketplace, and find that 10,327 out of 11,748 applications that use cryptographic APIs – 88% overall – make at least one mistake”. Scary eh. Very worth a read though.

DoS security fix in Node 0.10.21 and Node 0.8.26

nodelogoThe Node developers have pushed out Node 0.10.21 and saying it “contains a security fix for the http server implementation” but gave no further details in the announcement, only asking people to upgrade as soon as possible.

Elsewhere though, the problem was identified as a trivial-to-trigger denial of service vulnerability. It was explained by “meritt” in a Hacker News posting that a memory leak in the HTTP Pipelining code could make systems run out of memory if flooded with requests which were never read. The Node code was also updated with a test that exercised the flaw while others have posted shorter exploits of the problem. Despite some reports saying the problem only affecting 0.10 and later, there has also been an updated Node 0.8 release, in the form of Node 0.8.26,  which comes with the same security fix note and has the same fix and test added.

The take-away is, if you run Node as a HTTP server, update now to avoid denials of service.

Cassandra’s Europe Summit – The Keynote – Extra Scaling

cassandraeyeAt the opening of the conference day at Cassandra Summit Europe 2013, Johnathan Ellis, Datastax CTO, made a point of positioning Apache Cassandra as an enterprise scalable database and one that scales in a linear fashion to massive scales. Datastax is the leading developer of, and commercial vendor of Apache Cassandra in the form of DataStax enterprise.

MongoDB was very much in the company’s sights as it showed benchmarks with Cassandra running 20 times faster than MongoDB – the reason was simple though the dataset for the benchmark was bigger than the available memory on the nodes. While MongoDB performs well with the dataset in memory, Ellis says most customers want their hot-data in memory and their cold-data on disk and thats where Cassandra has the advantage with a balanced approach to memory and disk.

Away from the benchmarking, Ellis described this years focus for Cassandra as having been on was of use. That meant enhanced CQL, the Cassandra Query Language, a new CQL protocol for language drivers, more emphasis on features like tracing, lightweight transactions for the 1% of cases that need it and cursors to reduce query complexity.

Internal enhancements were equally important though. For example, 2.0 took back control of a lot of memory management in Cassandra, from the JVM and over to a more traditionally manually handled memory manager tuned for Cassandra’s needs. This has allowed lots of data structures to reside more efficiently in memory improving performance.

Next week will see the release of Cassandra 2.0.2 which will add what the DataStax people call “rapid read protection”. This means that when a query goes out to a cluster, rather than waiting until a node times out to return an error, the system will look for return times that are out of the ordinary (in the 99th percentile) and return an error on them early. This should make the ability to respond to nodes over-paused in GC or suffering some other performance hit.

Ellis also talked about Cassandra 2.1 which is pencilled in for January 2014. This will see nesting and collection indexing added to the database. The filtering inside the Cassandra software should also be improved with a new combination of pessimistic allocation and smarter estimates of required space using HyperLogLog to work out what data overlaps between sets. Ellis described his slides in this though as “hand wavy” as there was no code written yet and asked “Don’t send me hate mail…” if it didn’t make 2.1.

DataStax’s own certified DataStax Enterprise is set to move to a Cassandra 2.0 base by the end of the year.