TypeScript 1.0, IPython 2.0.0 and Rust 0.10 – Snippets

snippets03

TypeScript hits 1.0: Microsoft’s take on reworking JavaScript, TypeScript, has hit version 1.0 and is now accepting pull requests on the open source compiler (though it’s bug fixes only for now.). Meanwhile, Microsoft have embarked on an open source fest with the creation of the dotNet Foundation, now home to a .NET compiler, micro frameworks, Couchbase for .Net, various SDKs, ASP.NET modules and other stuff. And to top it all off there’s WinJS, a set of UI controls and scaffolding for making Windows applications. Microsoft may be changing, but how effective that change will be is the big question. In the meantime, TypeScript gets to fight it out in the crowded playground that is JavaScript complements/replacements with Dart, CoffeeScript and, lets not forget the next generation of JavaScript, ES6.

IPython 2.0.0: The interactive Python environment IPython, has been updated to version 2.0 and adds interactive widgets, directory naviagation, persistent URLs, a modal UI and security model to its idea of Notebooks as a container for projects. Under the hood, the codebase is now native for Python 2.7 and 3.3 which are also the minimum required versions. There’s lots more changes listed in the release notes or you can just go install it and get into the tutorial which gets you going with the rather clever world of Python powered notebooks.

Rust 0.10 oxidises: Away from the controversies at Mozilla, the Rust developers have rolled out a new Rust release, version 0.10, which continues the steady development of the systems programming language. Changes include the libextra package being broken down (‘misc’/’extras’ libraries are always a bad sign so good to see it go), cross package (crates in Rust terminology) syntax extensions, better smart pointers and I/O handling. As things kick up a notch towards a final version, there’s now a RFC process for changes and nightly releases of binary installers. It’s all still alpha but progress is good – it was recently reported that Servo, the web engine being built on Rust, has passed the Acid 2 test.

Enlightenment 0.18 lit, FreeNAS 9.2 released and Java 8 brews – Snippets

Snippets

  • Enlightenment Updated: The Enlightenment/EFL window manager/libraries/desktop has been updated to version 0.18.0, just a year after the long silence that led up to the release of Englightenment 0.17.0. A full list of bug fixes and improvements is in the NEWS file for the release – compositing has been merged into the core, ten crashing bugs have been fixed and modules for music control, bluetooth, DBus application menus and compositing control have been added. Downloads are available from the project’s site.

  • FreeNAS 9.2 goes final: The network storage platform FreeNAS has been updated too with over 260 fixes and a rebasing on FreeBSD 9.2. The developers say it should sport improved performance, especially with encryption if appropriate hardware is available, and be more able to cope with higher loads. The release notes offer further details – Items I like on the list are full registration of all services through multicast DNS using Avahi, which should make a server much easier to just drop into a network, and the addition of a REST API for FreeNAS for remote control.

  • Java 8’s final draft: The final draft for the Java 8 specification is now available and this is going to be the reference document to the changes being made in Java 8, due in March 2014. Lambda expressions, new date and time APIs and type annotations are referenced with pointers out to the various JSRs to where Java will be next year.

Fedora 20, Meteor 0.7.0 and hacked Linux servers examined – Snippets

snippets03

  • Fedora 20 arrives: The latest Fedora has arrived, making it into 2013 and looking pretty good. There’s oodles of changes too. Desktop users will find GNOME 3.10 is the default desktop but there’s also Cinnamon 2.0 and Enlightment available, along with the latest KDE 4.11, MATE and others. Under the hood, system administrators will find syslog gone, replaced by journald, and experimental SSD caches, while developers are getting a GUI on Fedora’s DevAssistant, updated Perl, boost, glibc and Ruby 2 with Rails 4. The full release notes will guide you around. We’ve been tracking 20 since alpha, running it on machines here and its been working well – the one thing we haven’t checked out is Fedora 20 on ARM given ARM is now a primary architecture for the distribution. Download Fedora 20 in all its forms from the project’s download page.

  • Meteor gets update smarts: The latest release of the https://www.meteor.com/ platform for web applications has moved to a smarter way of working out database changes. Meteor 0.7 changes how changes in the database are discovered, away from polling the db and creating a diff and to a technique called oplog tailing – consuming the underlying MongoDB operations log and using it to reduce the queries that have to go to the database. There are caveats, most notably, in production you’ll need a MongoDB server configured as a replica. More details on this and other changes in 0.7.0 are in the release notes.

  • Hacking Linux Servers: Ars Technica has an article on how a security researcher documented the exploitation of a Linux server with PHP holes and a perlbot. It’s a reminder that attack tools for taking on Linux servers are no longer obscure or complex things and even a script kiddie can do real damage. Old holes do persist in the wild and every old, fixed hole is ready for exploiting. Now, more than ever, keeping your servers up to date with security fixes is essential.

Mint 16, Oracle 6.5, CentOS 6.5, Tiny Core 5.1 – Linux Snippets – Update

linuxsnippets150

  • Linux Mint 16 Refreshes: Linux Mint 16 has landed in both Cinnamon and MATE flavours. Codenamed “Petra”, Mint 16’s lead Cinnamon variant comes with the new Cinnamon 2.0 (now with sound effects, improved user management and edge tiling, edge snapping and other enhancements), enhanced login screen, USB stick formatter, refined software manager and more, all built upon an Ubuntu 13.10 foundation. The MATE variant has all the non-Cinnamon related improvements, whilst sticking with the GNOME 2 desktop fork.

  • Oracle Linux 6.5: Red Hat released RHEL 6.5 a week ago and Oracle made the announcement of Oracle Linux 6.5, its Linux-based-on-RHEL offering, on Novemember 27 though it took a little longer for DVD ISOs to become available for download.

  • CentOS 6.5: CentOS, the community based RHEL clone, also has been building CentOS 6.5 since the Red Hat announcement, and was being rsynced to mirrors as of yesterday so expect the official release announcement soon – for example, the UK Mirror Service is already updated with the 6.5 release if you really really can’t wait. Update: CentOS 6.5 is now officially available from all mirrors to download along with release notes.

  • Tiny Core 5.1: At the other end of the scale, Tiny Core, the x86 Linux which takes only 10MB of space and miniscule amounts of RAM, has been updated to version 5.1. The update moves the kernel to 3.8.13, to fix a specific bug, from September’s 5.0 release which came with a 3.8.10 kernel glibc 2.16, gcc 4.7.2 and other more up to date libraries and apps.

Docker for all Linux distros, DPorts and more for DragonFlyBSD and advice for coders – Snippets

snippets03

  • Docker 0.7 unloading: With Docker 0.7, the Docker developers have made a big leap in Linux coverage. (If you are new to Docker, read the introduction to it I did for the Linux Foundation). Under the covers, Docker has used storage drivers to maintain images on disk, but up till now they’d needed a patched Linux kernel for that to work. A patch from Red Hat has changed that though and adds “DEVICEMAPPER”, a storage driver which used copy-on-write LVM snapshots and doesn’t need a patched kernel, to the list of storage drivers. The selection of the driver needed is done automagically and the resultant images are interchangable between different drivers so there’s no driver lock-in. That all means that Docker now runs on Fedora, RHEL, Ubuntu, Debian, SUSE, Arch, Gentoo and others. More drivers are coming too, for BtrFS, ZFS, Gluster and Ceph. Other additions, merged in the 0.6 cycle include offline image transfer, better port redirection, linkable containers and descriptive names for containers.

  • DragonFlyBSD updated: Version 3.6 of DragonFlyBSD – the now ten year old BSD project that sets out to give BSD native optimised clustering capabilities – has been released. The update standardises on Dports and pkg for installation tools, making around 20,000 packages available, and the process of building those 20,000 packages in parallel has allowed for the testing and near elimination of kernel contention with more cores scaling up the improvements made. There’s also i915 and KMS support, albeit experimental, and updated localisation. DragonFlyBSD is still using its HAMMER filesystem with work on HAMMER2 carrying on into DragonFlyBSD 3.7.

  • Coding Advice: Whether your learning or experienced, this article offers sage advice on how to approach coding. While we’re on the subject of advice, here’s some false things that programmers believe are true about geography, addresses, names and time.

Python 3.4 beta, Neo4J 2.0 RC1 and Redis 2.8.0 released – Snippets

Snippets

  • Python 3.4’s beta days: The first beta of Python 3.4 has arrived and it has got the good stuff. Pathlib lets coders work with pure paths or filesystem dependent paths with the selection of the latter taken care of for them. There’s a standardised enum module along with new statistics, asyncio and tracemalloc modules. Throw in a new pickling protocol, new string and binary hashing algorithms, a C API for custom memory allocators and standardise on pip as a packaging format and you are talking a tasty new Python due to land at the end of February 2014.

  • Neo4J 2.0 goes RC: The Neo4J graph database is heading into the home straight with a 2.0.0 release candidate and a warning that if you’ve been tracking their version 2.0 milestones you will need to perform a manual update on your database before using 2.0.0RC1. Now tagged as feature complete, the new RC will be bringing matching with properties, optional matches, relationship merges and more simplified syntax to Neo4J’s Cypher query language. That’s in addition to the Neo4J browser and other changes made over the five other milestones (5, 4,3, 2, 1).

  • Redis 2.8.0: Salvatore Sanfilippo has announced that, after almost a year of development, Redis 2.8.0 is done. If you don’t know it, Redis is a key/value store which can also handle hashes, lists and sets. The new version include a partial resync for slaves option, iterable collections, a rewritten config system, IPv6 suppport, pub/sub keyspace notifications and better consistency support and key expiration. Actually 2.8.1 is out for download too – see the release notes for more on the BSD licensed key/value store.

OpenSUSE 13.1, Gitorious 3.0 and a Raspberry Pi UPS – Snippets

Snippets.png

  • OpenSUSE 13.1 lands: The openSUSE folks have been busy and the result of their work is now available in the form of openSUSE 13.1. We shall have to see how the stabilisation work, including getting btrfs up to “everyday” (but not default) quality, pays off in practice. The other highlights of the release include OpenStack Havana, latest Apache, MySQL, MariaDB, Ruby 2 on Rails 4 and PHP 5.4.2. On the ARM front, there’s the start of AArch64 (64bit ARM) support and a new Raspberry Pi build. One of openSUSE’s foundations, YaST, has been ported to Ruby too, so more developers can work on it. Throw in GCC 4.8, C11, SDL2, Qt5.1 and stir in with a Linux 3.11 kernel, sprinkle some experimental goodness including Wayland with GNOME shell and KDE for the pioneers and what we have is what looks like openSUSE pushing forward. Downloads and release notes are available.

  • Gitorious glorious 3.0: If you prefer not to keep your code in Git repositories run by benevolent but commercial types, then Gitorious is probably on your radar as the open source hostable alternative. The team behind it have just announced Gitorious 3.0, with a new merge request UI, new dashboards, new public profile pages, new settings pages, new service integrations and lots of updates under the hood which get the RoR web app ready to make the jump, but not yet, to Ruby 2 and Rails 4. Future plans also include an integrated issue tracker.

  • Pi UPS: Say hi to the UPiS Advanced – It’s £45 but it may solve some people’s problems with getting power to their Raspberry Pi as it’s a battery backed, smart UPS board for the Pi which intelligently handles charging, recharging and going on line. There’s also a real time clock built in, along with various other interfacing options. If only I had a project to justify it…

FreeBSD 10.0beta3, SQL Injections, Rust stacks, InfluxDB and Circus renewal – Snippets

snippets03

Catching up on Codescaling with some of the less mentioned things worth noting…

  • FreeBSD 10.0’s latest beta: It’s into the home/RC straight for FreeBSD 10 with the release of the third and hopefully last beta of the development cycle. The original schedule would have seen RC2 available around now, but with a focus on a quality release, there’s been a bit of slippage. Check out this FreeBSD News item from September for a feel of what’s going in. I’m looking forward to the switch to LLVM/Clang and seeing how the tickless kernel works out.
  • SQL injection attacks by Google?: Sucuri have come across an odd thing, Google doing SQL Injection attacks. Basically, Google’s bots crawl a site with links which would carry out an SQLi attack if followed… and then follow them like the bots they are which carries out the attack. Google may want to add at least some filtering to their bots in future, but its something to remind any application that ingests URLs from the web to follow them that URLs are not necessarily passive.
  • Rust reworks stack plan: For those interested in the implementation of languages, the Rust developers have decided to drop segmented stacks. Segmented stacks were stacks that were allocated small and expanded as needed. This would have allowed threads to have a much smaller footprint, but it didn’t quite work out that way. Followups on the thread discuss the cost of memory, both having it and accessing it, and alternative strategies.
  • InfluxDB: Databases for time series data are in and the latest open source addition to the game is InfluxDB which prides itself in no external dependencies. The Go-based MIT-licensed code has a JSONic HTTP API, an SQLish query language and a playground server to get running with. Its early days for InfluxDB, but its off to a good start.
  • Mozilla’s Circus Renewed: Mozilla’s Services project has announced a new version of its process/socket manager called Circus. Built using Python and ZeroMQ and recently redeveloped to be Python 3 compatible and fully asynchronous, the software lets an administrator manage processes and sockets on servers through a command line, Python API or web console. You can find the code on mozilla-services github.

EOL for Python 2.6, Docker Inc and more iconic fonts – Snippets

Snippets

  • Python 2.6 signs out: Python 2.6.9 is the last source-only security fix release for the Python 2.6 family. The 2.6.9 release sees 2.6 officially retired after five years in the field. If you are still running 2.6, UPDATE! At the other end of the scale, Python 3.3.3 got its first release candidate with full support for Mac OS X 10.9 Mavericks.
  • dotCloud becomes Docker Inc: Acknowledging how important its Docker container software has become, dotCloud has announced it is becoming Docker Inc. The platform-as-a-service business of dotCloud will be maintained, but the company’s resources are going into Docker, Docker services and building out the Docker ecosystem.
  • More icon fontage: Bootstrap is not alone in having a fine icon font for its graphical imagery. Say hi to Ionicons, created for the Ionic front-end framework. Very stylish, and MIT licensed open source.

X.org vintage bugs, Google FOSS fixings and a dropzone – Snippets

Snippets

  • Vintage bugs: Back in 1993, a use after free bug when handling ImageText wriggled its way into the X.org server and settled into what is believed to be every X.org server release that came after. Just over 20 years later, a security advisory and patch have been published for the bug. So look out for updates to your Linux distribution’s (or other Unix’s) X.org server in the near future. To many eyes, all bugs are eventually shallow. But, who really wants to look inside an X server.
  • Google’s FOSS-fixins: If you are looking for more than just bugs to fix, you can also check out Google’s latest bounty program which is offering rewards for proactively fixing up the security in well known open source applications. First up for rewards are OpenSSH, BIND, ISC DHCP, libjpeg, libjpeg-turbo, libpng, giflib, Chromium, Blink, OpenSSL, zlib and “Security-critical, commonly used components of the Linux kernel”. Help harden them up and you could be in line for up to $3133.7. The second phase will see that set of code joined by Apache httpd, lighttpd, nginx, Sendmail, Postfix, Exim, the toolchain security for GCC, binutils and LLVM and OpenVPN. I applaud Google for this as it goes beyond Google Summer of Code manpower and mentoring and should let a whole new set of contributors help harden the open source ecosystem.
  • DropzoneJS: Do you love sites which make it easy to upload images with a drag and a drop into the browser? The open source (MIT license) DropzoneJS library helps you do it with style, letting you drag files into the drop zone and showing uploads with thumbnails – its reported to have some trouble with hundreds of images, but also is easy to implement – if thats what you want to work with its there to be fixed.