From the “Well, that took a while” files, 10Gen have announced they are changing name to MongoDB Inc. This is heralded in a new era of confusion between open source software and the company that develops it. MongoDB Inc says the 10gen name belonged to a time in the past (2007) when the company was going to build a open-source cloud stack and MongoDB was the data storage layer… well the rest of the stack didn’t arrive, people like MongoDB and thats why they changed. So from now on we’ll have to use clumsy postfixes like “MongoDB the software” or “MongoDB the company“.
Of course, in a couple of years time when they have a whole new product emerging internally they will be kicking themselves that they made the product name the company name, but thats the joy of rebranding. At least they remembered to put in clean redirection to the renamed site; there’s nothing worse than a rebranding which leaves the old name behind as a feast of 404s. Pity though… 10gen… 10gen… it sounded like a corporation in BladeRunner or Syndicate – I’ll miss it as a name.
MongoDB gets Hive: 10Gen have announced that the MongoDB connector for Hadoop has been updated so it now can work with the SQL-like queries of Hive over MongoDB data sets. There’s also support for MongoDB’s BSON (Binary JSON…yes well…) on Hadoop’s Distributed File System and incremental MapReduce jobs. There’s an hour long video on the connector’s features which covers the new stuff what’s in the pipeline.
Andy’s Insides: If you liked the classic T-shirt Exploded Andy you may well contemplate its sequel Andy Inside though the shipping to the UK adds $13 and puts the entire thing into the customs charges zone (Curses! And if anyone asks, I’m a 3X kinda guy).
Martin Sústrik, one of the orignal developers of 0MQ, has been working on nanomsg since last year and has now announced that the project has reached its first alpha 0.1 release. Nanomsg offers a high performace implementation of a number of what are called “scalability protocols” such as one-to-one (PAIR), many-to-many (BUS), clustered stateless services (REQREP), publish and subscribe (PUBSUB), message aggregation (FANIN), balanced message distribution (FANOUT) and application state queries (SURVEY). These protocols are transported over, currently, three transport layers, within process (INPROC), within processes on a system (IPC) or over TCP networks.
Designed to look like BSD sockets C API to applications and written in C with no extra dependencies and licensed under a MIT/X11 licence, nanomsg has the potential to be an open standard within messaging. Sústrik has previously run into issues with making communication infrastructure code GPL and, in a January 2013 blog post, explains why those issues have sent him on the course of creating a permissively licensed messaging platform.
But its far from just about the licensing. The change from ZeroMQ’s C++ implementation to nanomsg’s C implementation should mean less memory allocation and fragmentation. Where ZeroMQ had no formal API for plugging in transports and protocols, which led to stagnation in adding either, nanomsg has APUs for both. Sústrik says he’s also reworked the threading model, built internal interactions as state machines for easier development, added support for IOCP on Windows, moved to level triggered polling and implemented outbound traffic priorities.
For more on these, check the release announcement which also links to various detailed blog postings on the features, explaining motivation and function. Those scalability protocols – the plan is to get them standardised at the IETF opening the way for big things. Put nanomsg on your projects to watch and check out list; something big, despite the name, could well be happening there.
Basho have announced that the freshly available Riak CS 1.4’s highlight feature is better OpenStack integration. If you’ve heard of Riak but not Riak CS, CS stands for cloud storage and it basically builds on top of Riak’s capabilities to offer a highly available storage system with an S3 compatible API. Great if you want to get into the storage business or replace AWS S3 with your own systems.
With the latest release, you can now point Riak CS at the OpenStack Keystone authentication service where it can validate users and roles. The support for OpenStack, tagged as preliminary in the release notes, also includes an support for the Swift API so Riak CS can take the place of OpenStack Swift storage.
There’s also some performance improvements that exploit changes made in Riak 1.4. Riak CS was open sourced earlier this year under an Apache 2 licence. Source code is available on Github, binaries and documentation on the Riak website.
Yes, but no. GoDaddy didn’t swap Apache Web Server out for IIS resulting in the 5% drop observed by Netcraft and reported as a blow for the Apache Web Server elsewhere. As Netcraft say, the switch was from Apache Traffic Server (ATS), acting as a proxy, over to proxying with Microsoft IIS 7.5. When GoDaddy turned the Apache Traffic Server proxy on in May, after apparently testing it with content delivery networks in the previous months, 28.3 million sites appeared to be using ATS, numbers that were added to the Apache total, despite it not being Apache Web Server. This also made GoDaddy the operator of 99% of the ATS served sites out there. GoDaddy have yet to comment on why they switched to IIS 7.5.
The Apache Web Server numbers do appear to be trending down, but in 2009 it was at the same 47% share in raw hostname counting before rocketing back up. The raw hostname count and share is an interesting figure, but it’s counting a lot of dead ended sites managed by registration companies like GoDaddy and other services which use a proxy server to help front-end millions of sites behind them. This is why the graph flip-flops around like it does; one change in configuration at a major user of their proxy and boom, there’s a couple of million hosts just changed server. So deriving a proxy market share while counting these proxies is going to have a margin of error of “oodles”.
Back over in the working would though, Apache still holds 54% of active sites in the survey (number 2 is Microsoft with 15%) and 57% share in the top million (number 2 there is nginx at 15%). These numbers are better indicators, as they exclude the dead zones of the web, but they still count proxies. When reading these number, keep that in mind.
Google has announced that it has past the $2 million mark in the total number of security rewards it has paid out. Thats a million for its Chrome/Chromium/Pwnium bug hunt and a million for its lower profile web application security programme. The former programme has been, predominantly, the headline grabber with headlines galore when the various cracking competitions kick off, but its the money paid out to the web application security programme which is more interesting as it demonstrates that a web surface is a rich seam of vulnerabilities waiting to be mined.
That should provide a wake up call for web application developers outside Google – if Google’s seams are that rich, how many vulnerabilities do you have in your own code. Don’t panic over it though, start engineering in better processes to check and test, and this about rewarding responsibly disclosed vulnerabilities yourself, if you can afford it. In the comments, Google’s Eric Grosse says that $2M is “very reasonable compared to the security value received” but does note that anyone planning reward programmes will need a well-staffed internal security team to triage and act. He also suggests that top reporters on such programmes would make top candidates for such a team.
But also remember, just because these programmes exist, like a gun amnesty only some of the guns get handed in. There are companies who will happily stockpile vulnerabilities for sale to government agencies, for example, and for the really good holes, they do pay well. That Google are upping their rewards again, by up to 5 times for Chrome/Chromium bugs, vividly indicates there is a market at work.
SDL 2.0: Version 2.0 of SDL (Simple DirectMedia Layer), the widely used zlib licensed library which offers a Windows, Mac OS X, Linux, iOS and Android library for driving graphics, audio and input has just been announced. New features, and there’s a lot, include 3D hardware acceleration, support for OpenGL 3.0 and ES, support for multiple windows, displays and audio devices. The Migration Guide has all the details. You can get the source and binaries from the download page and find all the other documentation on the wiki.
Perl update: Perl 5.18.1 has been released by the developers just two months after the release of 5.18 in May of this year. The developers have December pencilled in for 5.18.2 and are aiming for May 2014 as the arrival date for Perl 5.20.0.
PingFS: Described as “like holding up the clouds by swatting the rain back up”, PingFS is a strange project which uses Linux and Python to create a filesystem which is transmitted over the network in the form of ping packet payloads which are bounced back and forth, and so the data isn’t actually stored anywhere.
Greg Kroah-Hartman, master of kernel stable releases, has declared Linux 3.10 to be this years long term stable kernel. That means he’ll be keeping releasing patches for it for “at least two years”, so folks putting together Linux distributions or products based on Linux can count on 3.10 for two years without a need to hop up a version or two to get a fix. Kroah-Hartman also mentions that LTSI, the project which manages a stable patchset for Linux in consumer electronics, is rebasing on 3.10 too.
What’s in 3.10? Thats where we point you to Thorsten Leemhuis’s “What’s new in 3.10” to give you some background.