Developer Catchup: Synchronous Node, Serviced Polyfills, Sparks Sparked, Tangrams Mapped and SHAaaaaaa!

developercatchupNode.js synchronously: Node.js is sweet if you can adapt to the asynchronous model of start thing, say what you want to do when its done, do everything else anyway. Good for web request handling but bleh for trying to emulate a shellscript. Turns out that in Node.js 0.12 (coming soon? anyone? Bueller?) we get synchronous child processes to now you can run that curl or find or whatever and just wait till its returned with its results. The folks at Strongloop have written about these synchronous child process methods and how they make writing command line utilities in Node easier. Check it out Noders.

Serviced Polyfills: Polyfills fill gaps in browser functionality and standards compliance. The older the browser, the more Polyfill you need to fill the gaps and the newer, the less. But it gets hard working out how much Polyfill you are going to need. Fear not, as Samuel Giles at FT Labs has an answer, “Polyfills as a Service“. Add a simple script tag pointing at a source from the polyfill.io content delivery network to your pages and whatever browser views your page, it gets the polyfill it needs. This is because the system sniffs the browser agent and works out the best set of polyfill based on that. Neat idea, potentially very handy – and you can run your own private version if you need to.

Spark sparks: Apache Spark just got a 1.1 release. Spark is Hadoop data processing engine which can run on YARN-based Hadoop clusters or in standalone mode. Spark 1.1 improves the performance (and they already say they are up to 100 times faster than Hadoop MapReduce) and has SQL layer enhancements. 1.1 also adds more statistical functions, can take steaming data fromAmazon Kinesis and pull data from Apache Flume and more. If your into clusters and data crunching and haven’t looked at Spark, you might want to look into it.

Tangram Mapping: Do you want to render cool 2D and 3D maps? Check out Tangram, a Mapping Library then as it is building out from a WebGL implementation to other OpenGL platforms to make oodly cool dynamic map renders. Very slick.

SHAaaaaaa!: We mention the Google sunsetting of SHA-1 the other week. If you were unsure why this was important, can we send you off to Why Google is Hurrying the Web to Kill SHA-1 which explains why it all and includes a brief history of collision attacks in the wild.

Just released: Socket.IO 1.0, Git 2.0 and OrientDB 1.7 – Snippets

Snippets.png
Socket.IO 1.0: Socket.IO has hit version 1.0 – the Node.js and browser library which started life as an implementation of the WebSockets interface and has gone on to “become the EventEmitter of the web”. The 1.0 release and changes are broken down in a blog posting, the first on a newly redesigned, and much more useful, Socket.IO website. In brief, modularisation, tighter code, binary support (so you can emit blobs and buffers), automated testing, better scalability using redis, more integration (including PHP support), better debugging support (and silence by default), sleeker APIs and CDN delivery. And the future plans include handling Node.js streams, Socket.IO support in Web Inspector and Firefox Dev Tools and more language and framework support. A splendid tool to have in your arsenal.

Git 2.0: The distributed version control system which made distributed version control systems cool before even version control could be cool, Git, has reached version 2.0. In the announcement of the new release, there’s a long list of all the changes and notes on backward compatibility. The 2.0 release has been anticipated by the developers for a while so a lot of ground work had already been done in previous 1.x versions making the 2.0 release look more like a minor release than a major version bump but there’s still plenty of changes and a foundation prepared for future changes. On that subject, there’s a promise of a shorter release cycle for the next release as delays have meant a number of features ‘cooking’ for longer in the ‘next’ branch.

OrientDB 1.7: Version 1.7 of the Document/Graph/Sql/NoSQL database OrientDB is available. The announcement for 1.7 notes better perforamnce, new clustering options, support for SSL and sharding, simplified configuration, new SQL commands including parallel queries, plugins for Lucene-based full text searching and more. There’s an Apache 2 licensed community edition of the database and commercially sold and supported professional and enterprise editions.

Scientific Linux, Bootstrap and all your base methods belong to Base – Snippets

linuxsnippets150

Scientific Linux 6.5: Scientific Linux has announced an update to version 6.5. SL, as it is also known, is a Linux distro based on the sources distributed by Red Hat for their Red Hat Enterprise Linux produced at Fermilab and CERN. With CentOS being brought closer into Red Hat’s ecosystem, SL may be the new barometer for the health of the Red Hat code outside the company. Anyway, the release notes mostly point you to a copy of the “Upstream Vendors” version 6.5 notes, though they aren’t on the SL servers yet. (The original notes are here).

Bootstrap 3.1: Bootstrap, the responsive mobile-first framework which also makes it easier to get a site or web application up and running, has celebrated the release of version 3.1. It comes with new documentation, an official SASS port (in a separate package), new examples and everything now under an MIT licence.

All your base methods belong to Base: It’s a sick and twisted world out there and Base is my kind of sick and twisted: there’s lots of great Ruby base classes so Base.rb includes all their methods. The best part is the license – “Distributed under the union of the terms specified by all current OSI-approved licenses. In the event of a conflict, a die is to be rolled.”

Node-RED’s cool GUI for the Internet of Things

Node-RED and a quick IRC bot flow
Node-RED and a quick IRC bot flow
The latest version, 0.5.0 of IBM’s Apache licensed, incredibly useful and very cool Node-RED has landed but before going further, I suspect a lot of readers will want to know what Node-RED is.

There’s usually a lot of connecting of things involved with making the Internet of Things do something useful. Whether it be detecting messages on Twitter, listening to IRC, watching a Websocket or grabbing a web page, each source then needs to be processed and if required make something happen. Now, you can write a lot of code to do that or you can check out Node-RED. Billing itself as a “Visual tool for connecting the Internet of Things”, Node-RED is built atop of Node.js and offers a graphical world of IoT building blocks in the browser for you to wire up as needed and test.

Those building blocks, nodes in Node-RED, start with the simple, inject to send something, function to process it using JavaScript and debug to see what is being sent. They then build up to more powerful capabilities such as Http requests, MQTT subscription and publication, WebSocket listening and writing, tcp and udp comms and sentiment analysis. To connect up to social networks, nodes for Twitter and IRC listening and publishing are included. There’s also file storage, logical switches, data manipulation and delay nodes and, for the brave, even a node which will exec a process on the system.

Each node can be placed, configured and its outputs connected to other nodes inputs in the Node-RED GUI, and with the click of the Deploy button, put into action. New nodes can be created and plugged into the system too and there’s a repository of user created extra nodes available.

But, you say, where’s the Internet of Things in this? Well, Node-RED is able to work with Arduinos (connected via USB to host computers over serial or Firmata protocols) or run directly on Raspberry Pi (with GPIO and wiring-Pi modules) and the BeagleBone Black (with BoneScript access). And, obviously, you can write your own plugin nodes to connect up whatever hardware or devices you need to access.

Node-RED is a very capable tool and worth adding to your toolkit. For example, while writing this I was also prototyping an IRC bot which did basic sentiment analysis and commented in the channel. Why not give it a go over the coming holidays? You can download Node-RED from the website or you can find it on GitHub. Documentation including a quick tutorial on creating flows, along with instructions on writing function nodes, creating new nodes, embedding Node-RED into existing applications and running it with Arduino, Raspberry Pi and BeagleBone Black.

The latest version, which we mentioned at the start, has new visuals for showing the deployment state of nodes and handles the idea of “unknown nodes” visually when importing a flow from someone who’s used nodes you haven’t got yet. There’s also new user and direct message tracking in the Twitter node, session aware TCP and WebSocket nodes, enhancements to the MQTT node for authentication and client ID, an “otherwise” option in the Switch node, selectable data delimiters for the serial node and a HTTP Request node that follows 301s. The contributed nodes now include a Snapchat node and a Phillips Hue mode.

The Node-RED developers are now looking at making new nodes installable with npm, Node.js’s package manager, and tackling the separation of the administration UI from the runtime so it’s more easily deployed into future production scenarios.

Fedora 20, Meteor 0.7.0 and hacked Linux servers examined – Snippets

snippets03

  • Fedora 20 arrives: The latest Fedora has arrived, making it into 2013 and looking pretty good. There’s oodles of changes too. Desktop users will find GNOME 3.10 is the default desktop but there’s also Cinnamon 2.0 and Enlightment available, along with the latest KDE 4.11, MATE and others. Under the hood, system administrators will find syslog gone, replaced by journald, and experimental SSD caches, while developers are getting a GUI on Fedora’s DevAssistant, updated Perl, boost, glibc and Ruby 2 with Rails 4. The full release notes will guide you around. We’ve been tracking 20 since alpha, running it on machines here and its been working well – the one thing we haven’t checked out is Fedora 20 on ARM given ARM is now a primary architecture for the distribution. Download Fedora 20 in all its forms from the project’s download page.

  • Meteor gets update smarts: The latest release of the https://www.meteor.com/ platform for web applications has moved to a smarter way of working out database changes. Meteor 0.7 changes how changes in the database are discovered, away from polling the db and creating a diff and to a technique called oplog tailing – consuming the underlying MongoDB operations log and using it to reduce the queries that have to go to the database. There are caveats, most notably, in production you’ll need a MongoDB server configured as a replica. More details on this and other changes in 0.7.0 are in the release notes.

  • Hacking Linux Servers: Ars Technica has an article on how a security researcher documented the exploitation of a Linux server with PHP holes and a perlbot. It’s a reminder that attack tools for taking on Linux servers are no longer obscure or complex things and even a script kiddie can do real damage. Old holes do persist in the wild and every old, fixed hole is ready for exploiting. Now, more than ever, keeping your servers up to date with security fixes is essential.

H.264 is heading to Firefox… is it an EME dry run?

header-logoCisco and Mozilla have made an announcement – Cisco will open source an H.264 implementation and Mozilla will incorporate support for a binary version of that open source code in Firefox in 2014. But what’s behind this move…

Firefox has wrestled with the H.264 video bear for some time now. Initially Mozilla took the position that there’d be no patented royalty-bearing standards implemented in Firefox and eschewed H.264 support in HTML5’s <video> tag for Google’s VP8-based WebM. This idealised position didn’t really get traction though and slowly the resistance to H.264 dropped, first on Android and then on Windows, with the removal of blocks which stopped system-level H.264 codecs that were already installed on the host operating system being used to play H.264 content. But on Linux, for example, where there was no system-level codec for playing H.264 by default and design, there was still no way to play H.264…

So that left Mozilla in an odd position of having a browser that may or may not be able to decode H.264 depending on platform. What would work is if Mozilla could lay its hands on an open source implementation of H.264 and then incorporate that into Mozilla. But that would trigger MPEG LA’s royalty gathering. And so Mozilla was at an impasse.

Until today, when in the synchronised “dance of the contribution”, Cisco first announced that it was releasing an open source (BSD licence) implementation of H.264 called OpenH264. Cisco’s motivation here is to get H.264 as the standard for interoperable web video in WebRTC for conferencing, which is dear to Cisco’s heart and business. Open source gets you so far, but Cisco needs H.264 in browsers like Firefox without passing on the costs. Cisco has said it will do that work by releasing binary modules of the OpenH264 codec and it will take the royalty cost on.

Ah, but how will it know how much distributing those modules will cost it when the MPEG LA chaps turn up for an audit? Brendan Eich, Mozilla CTO, explained that Mozilla won’t be bundling this binary module with the code. When Firefox needs the module, it will download it from Cisco and save it. Other apps will also apparently be able to make use of this downloadable module too. Eich does note that Firefox will still need AAC codecs on similar terms to the H.264 codec to complete the “industry de facto” stack for video and audio.

But here’s an interesting point. The debate about EME, the Encrypted Media Extensions for HTML5, has centred around the idea that the open web, and open web browsers, would be harmed by the presence of possible patent bearing, definitely closed source modules to perform encrypted video decoding. Now, here’s Mozilla, albeit with a different area of technology, working on how to include a platform-appropriate binary module into Firefox at runtime, as needed. It’s almost like a dry run for how EME decoders could be transparently downloaded and run. And that would be one less road-block for EME. Of course, this could also be the last thing on Mozilla’s collective mind, but the incorporation of an automatically downloaded binary module into Firefox will be a landmark in the history of the staunchly open source browser.

EOL for Python 2.6, Docker Inc and more iconic fonts – Snippets

Snippets

  • Python 2.6 signs out: Python 2.6.9 is the last source-only security fix release for the Python 2.6 family. The 2.6.9 release sees 2.6 officially retired after five years in the field. If you are still running 2.6, UPDATE! At the other end of the scale, Python 3.3.3 got its first release candidate with full support for Mac OS X 10.9 Mavericks.
  • dotCloud becomes Docker Inc: Acknowledging how important its Docker container software has become, dotCloud has announced it is becoming Docker Inc. The platform-as-a-service business of dotCloud will be maintained, but the company’s resources are going into Docker, Docker services and building out the Docker ecosystem.
  • More icon fontage: Bootstrap is not alone in having a fine icon font for its graphical imagery. Say hi to Ionicons, created for the Ionic front-end framework. Very stylish, and MIT licensed open source.