What I wrote during my day job - Here’s my Friday Newsbits (below and in the archive) where you can find out about Redis getting native TLS, the other MySQL update, the latest Node.js 10 and Flask 1.0 and more. Do let us know if you enjoy it.
Welcome to NewsBits where you’ll find the database, security, and developer news from around the net for the week ending April 27th 2018:
- TLS/SSL is coming to Redis
- MySQL 5.7.22 gets some MySQL 8.0 tricks
- Life as an extension in the pipeline for PipelineDB
- pspg gets a search memory
- Learn more about SQL Injections
- Node.js 10 arrives
- Python’s Flask reaches 1.0
- Flog will fake logs for you
- And finally… a wonderful, terrible thing to do on Slack with code.
And now those bits in full. Thanks Wayback Machine for saving this
Database Bits
Redis and TLS/SSL - Redis has no support for TLS encryption built in. To get TLS/SSL has meant using proxies and tunnels with an impact on performance in exchange for secure connections. But in the past week, two things have happened to make it look like that’s all going to change.
First, Josiah Carlson, author of Redis in Action, has announced he will be releasing a fork of Redis which incorporates native TLS/SSL support, various performance improvements and transactions for Redis Lua scripts.
Secondly, a pull request has been submitted that brings TLS/SSL support to the Redis tree. @Antirez is looking to merge the code into unstable Redis after review and the release of 5.0 RC1.
MySQL 5.7.22 - In the excitement around MySQL 8 going GA, we forgot to mention MySQL 5.7.22 was also released. The MySQL 5.7.22 release notes cover the changes which include fixes to InnoDB, replication and more. It also sees backports of MySQL 8 JSON features. This includes the renaming the JSON_MERGE() function to JSON_MERGE_PRESERVE() and adding a JSON_MERGE_PATCH() function, JSON_STORAGE_SIZE() for calculating the binary size of a JSON document and adding JSON_PRETTY() to pretty print JSON values.
PipelineDB - The PostgreSQL fork for streaming SQL queries, PipelineDB has been updated to version 0.9.9. This is set to be the last version that is a fork because version 1.0.0 is set to be a PostgreSQL extension. The developers have been busy working on Stride, their realtime analytics as a service product, though and this has put the extension-isation of PipelineDB a bit behind schedule. That said, the 0.9.9 changes prepare the way for the extension, turning streams into foreign tables and continuous views and transforms into regular PostgreSQL views. There’s also performance improvements derived from the experience of running PipelineDB in big Stride instances. 1.0.0 as an extension is expected to arrive before July.
pspg 1.1 - Pspg, the handy results viewer for PostgreSQL and MySQL, has had a small but useful update adding in search history.
Security Bits
SQL Injection Wiki - One of the things database developers need to be aware of is the danger of SQL injection; the subtle corruption of SQL commands to make them do malicious things. The new NetSPI SQL Injection Wiki can be a help with that. It covers how to detect injection points in applications, how commands can be injected and the kinds of commands an attacker may perform. Examples for MySQL, Oracle and SQL Server are included. The site is an editable Wiki stored on Github for those who wish to contribute.
Developer Bits
Node.js 10.0 - Node.js has reached version 10.0 and it is a big release for the server-side JavaScript platform even though most of the changes are incremental improvements. Big ticket items include: the stabilization of the new interface for native modules (N-API), upgraded cryptographic support which should include TLS 1.3 support by October, better error management over versions, a new V8 engine with boosts to performance, better diagnostics/tracing, and promisified fs functions.
Over the months running up to October, Node.js 10 will be shaken down and, around October, declared a long term support (LTS) version. And as a final reminder, Node.js 4.0 is end-of-life on April 30th (next Monday as of writing), and Node 6 will follow it next April.
Flask 1.0 - After 8 years in the wild, Flask, the lightweight Python web framework has reached Flask version 1.0. Although stable for some time, this release marks a year of extensive work on the software and its documentation. There’s also a security fix to tighten up the handling of incoming JSON.
Flog - When testing applications that analyze log files, getting your hands on log data can be tricky. Flog can help there by creating fake logs in apache (common, combined or error) and RFC3164 format.
And finally… Will Leinweber is a terrible person in the best possible way. In this tweet he reveals he’s written a program which makes it appear he’s typing on Slack when anyone else starts typing. And it stops when they stop. His “VGP” is also a great “hello world” for writing a Slackbot in Ruby though.
This article was imported from the original CodeScaling blog