It’s Friday and here’s the new NewsBits with database updates galore, malware in dependencies, a new DB based on MySQL, the latest Rust and Sublime Text and mmm… CloudEvents (not a conference (not yet at least)).
- Updates for PostgreSQL, RabbitMQ, etcd and Scylla.
- “Cloud native” MySQL-based RadonDB appears.
- CloudEvents to bring serverless systems together.
- Looking to be big in enterprises - Firefox 60.
- Python and Node malware in dependencies.
- Ligatures and HiDPI support in Sublime Text.
- Rust 1.26 update is packed with changes.
- And Finally… pinball in Lego is awesome.
And now, here are those bits in full…
Database Bits
It’s all about the updates this week:
PostgreSQL - PostgreSQL 10.4 leads the PostgreSQL update release this week with 9.6.9, 9.5.13, 9.4.18, and 9.3.23 following. A security fix for too-permissive access control is the headline change, but there’s also fifty other bugs reported and fixed in this release including better function marking for query planning with parallel optimizations and eliminating some potential crashes from partitioning operations. Note that there are post-installation steps needed after upgrading PostgreSQL 9.6 and 10.
RabbitMQ - Version 3.7.5 of RabbitMQ is, as the patch version bump reflects, a bug fix release but there are enhancements in there too for queue handling in HA situations. One potentially breaking change is the lowering of the default number of channels allowed on a connection, down from 65535 to 2047, to stop connections accidentally eating up too many resources on the server.
etcd - The 3.3.x edition of etcd gets an update to 3.3.5 but apart from moving compilation to Go 1.9.6, the only major fix is to stop etcdctl
from crashing when parsing a watch command that tries to execute a command.
Scylla - Updates for Syclla 2.1 and 2.0 this week. The Scylla 2.1.3 release fixes errors when dropping keyspaces with user-defined types. The Scylla 2.0.4 release fixes that same issue, a number of streaming issues, unexpected shutdowns, and TLS closure problems.
There is a new arrival too:
RadonDB - A new “cloud-native database” has appeared in the form of RadonDB. Using MySQL as a storage engine and MySQL protocol for connectivity, RadonDB seems to parse and shard SQL operations over multiple nodes which are also MySQL servers.
Cloud Bits
CloudEvents - Post KubeCon, there’s been more visibility for an up and coming standard, CloudEvents. CloudEvents is a specification for serverless systems to interoperate, defining the metadata that describes events with version 0.1 of the CloudEvents spec already available. CloudEvents formats events in JSON and then sends those messages over HTTP, MQTT, AMQP or over webhooks to deliver them to interested services.
The work is being organized by the Cloud Native Computing Foundation’s Serverless Working Group and the plan is to get the project into the CNCF sandbox by June. IBM, Microsoft, Amazon, Google and others are contributing to the project and the first libraries. Microsoft has gone as far as announcing first-class support for CloudEvents on Azure already.
Developer Bits
Firefox 60 - The latest Firefox 60 has the usual range of web-forward features: TLS 1.3 on by default, web authentication API support for USB tokens and new cookie storage options. But most important of them is likely to be the Firefox for Enterprise support. This allows for policies to be used to deploy Firefox on Windows, Mac, and Linux and offers quicker lifecycle for Firefox updates than the now traditional Firefox ESR releases. ESR releases operate on an around 14-16 month release cycle while in the interim, up to 10 releases of Firefox may have happened. Firefox for Enterprise lets organizations choose between the fast release cycle and the slower ESR cycle. “SaaS has made the browser mission-critical” say Mozilla and this is part of their response.
Mal-aware - As a reminder to always be aware of what software your applications are depending on, two stories. First, an attack on mailparser on npm which appeared to work through a chain of dependencies to install a backdoor in the library. The backdoor would then get its payload of code to execute delivered in HTTP headers. The NPM team took only two hours from report to un-publishing the packages involved.
The second is one for Python users. No backdoor here, just an SSH credentials logger installed in the ssh-decorate package. That’s a library designed to handle SSH connections in Python and, as of writing, it’s no longer available - a sanitized version was released and subsequently withdrawn. If you use it, the last safe version was 0.27, versions 0.28 to 0.31 are compromised.
Sublime Text - With Atom and VS Code livening up the editor business, it’s now the turn of proprietary but powerful Sublime Text to enhance its offering with version 3.1. This update includes better HiDPI handling for Windows and for 8K monitors, Ligature support inside the editor (it’s pretty and useful), new color schemes, git file format and markdown code block highlighting and improved memory usage.
Rust - Rust 1.26 has landed and is billed as “possibly the most feature-packed release since Rust 1.0”. It includes the second edition of the Rust Programming Language, existential types, cleaner matching options, the ability to return a result from main
, inclusive ranges, slice patterns and 128-bit integers.
And Finally… 15,000 Lego bricks, a lot of Lego NXT and mechanics and some dedication by Bre Burns saw this working Lego Pinball Machine brought to life. Bre is a contributor to The Brothers Brick who’ve covered this mechanical marvel in detail. The Lego bar has been raised.
This article was imported from the original CodeScaling blog