Elsewhere: NewsBits – Redis 5 RC 5

I’ve been doing my usual Friday news gathering for the day job and that means here is todays NewsBits…. Here’s what’s in it:

• Redis 5.0 gets a new release candidate and controversy.
• Updates for older MongoDB versions.
• A guide to analyzing slow MongoDB queries.
• Making MySQL‘s shell shine.
• Google open up Dataset Search.
• Firefox 62 lands, as does the new ESR release.
• HTTP2 support no longer experimental in Node 10.10.
• VS Code gets a new Settings UI.
• Checkout pull requests with the latest Atom.
• Where to get Java support in the future?
• And whats it like migrating to Java 11?
• And finally an SQL puzzler…

Click here to read Compose’s NewsBits (be meeeee!) for this week

Developer Catchup – Redis 3.0.0, ES5to6, Atom Pairs, Rust and Coherent

Redis 3.0.0: Antirez (Salvatore Sanfillippo) brought us Redis 3.0.0 on April 1st (and I salute him for ignoring the worst day on the Internet by doing real things). The big thing with 3.0 is clustering, better smarter clustering that is, out of the box and good enough scalability and fault tolerance for many use cases. It’s a big jump, and it may take some iterations to nail it down but its worth it for the usefulness that Redis represents to a system architect.

ES5 to 6: There’s lots of transpilers which turn your ES6 JavaScript into ES5 JavaScript so it can be run anywhere, but a new project on Github, xto6 wants to turn that around and take your ES5 JavaScript code and turn it into shiny ES6 style code with all its shiny classes and accessors and more. No idea yet how this would work in the field, but it may help when you’re getting your head around ES6…. it’s the future you know.

Atomic Pairing: If you use the Atom editor (I do) and you like to pair, you may be interested in AtomPair which uses HipChat or Slack and Pusher to let developers pair (or more) inside the editor.

Rust 1.0 nears: Rust 1.0 hit beta – We’ll talk more about that at 1.0 time…

And Finally… Coherent: Long ago there was a Unix (cough) like OS for 286 and 386 PCs called Coherent. It worked in a wonderfully limited way (apparently using the CPU’s 64K paging tricks) and it disappeared into history. But now the Coherent source and other software from Mark Williams Company have been released under an open source license. Don’t expect to dash out and use them, but its a fine historical artifact to be able to now look inside.

Developer Catchup: FreeBSD at 21, Meteor at 1.0, tunnels, disklessness, neurons and 68008s

• FreeBSD hits 21:FreeBSD is 21 today and you can see the original announcement preserved on the FreeBSD site and the most recent status report shows where current development was at the end of the third quarter. Looking forward to tier 1 support for more ARM platforms in FreeBSD 11.

• Meteor hits 1.0: After a good long maturation with plenty of reworking and changes for the better – rather than those long betas which see no changes and never end – the rather splendid Meteor framework has hit version 1.0. It lets you build apps which are really smart about keeping all the users in sync with each other and builds on Node, JavaScript (on the server and browser) and other great open source foundations. And it’s open source itself. Having written apps in the past using it, I recommend it for the modern single screen web app. There’s a step by step tutorial on building an app too. If I had to pick a flaw its that it uses the curl/wget to shell anti-pattern – `curl https://install.meteor.com/ | sh – that has become rather cool but still boils down to running an unviewed, unfiltered script on your system. We need a fix for this, and we don’t need another package manager. A simple “download/scan/report&alert and offer to run” utility would do – want to be a popular person out there? Go write it!

• Tunnelling out: I have to admit I only just found out about this one but ngrok is a useful service which lets you create a tunnel from the net to a single port on a machine without fiddling with firewalls and other stuff. Download an executable, run it with a port number and it’ll do the rest. And you can inspect the traffic easily for simple debugging.

• Redis goes diskless: Replication usually involves disks and disks change performance and when you are all about the performance, thats critical. That’s why @antirez has been working on diskless replication for Redis. Read his introductory article to the motivation and implementation.

• Neural networks in JavaScript: To be honest, I’ve never though about doing neural networks in the browser but it seems Juan Cazala has and his Synaptic library lets you experiment with them too.

And a little making

• Different single board processors: Remember the 68000 series? The folks at Big Mess O Wires do and are working on building a single board computer around a 68008 (the un-power-house at the heart of the classic Sinclair QL). The aim is to get it running Linux.

Developer Catchup: POODLE, Tails, Docker, Redis and more

POODLE yips: In what was a glorious nail in the coffin of SSLv3, the POODLE vulnerability(PDF) made sure no one would trust SSLv3 again. The simple fix is to turn off SSLv3 where its used. The bug itself is bad in terms of cryptography, in that it gives an attacker a route to completely decode a stream that has been encrypted, but in practice its not as bad because the attacker has to be a man in the middle to get started. So, using SSLv3 from the open Wi-Fi at the fast food cafe, a bad thing. More worthwhile reading includes Imperial Violet’s explanation and Zmap.io’s guide to disabling SSLv3 in servers.

Chasing Tails: The Tails Live Linux distro, which tries its level best to be an bootable anonymous secure distro, has had an update to Tails 1.2. In the wake of the POODLE hole, it’s switched over to Tor Browser, dropping the IceWeasel, and that change also happens to close its POODLE vulnerability. There’s also Tor and kernel updates and various other minor changes. If you use it, just upgrade.

Docker tightens security: Docker 1.3 has landed, or more accurately Docker Engine 1.3. Highlight is digital signature verification of repositories of images, albeit as a tech preview of the feature. A production option also lets you set SELinux and AppArmor profiles from the command line. Other goodies include the ability to inject a process into a running Docker app so you can wake up a shell when you need to debug something, create and start commands for containers (on top of existing the all in one run command) and most usefully to me at least, shared directories on Mac OS X. The more interesting (as in get the popcorn) move from Docker is its partnering with Microsoft with a long term goal of making Docker run on Windows containers, not just on an a VM with Linux inside. Big challenge there as Microsoft have to basically get cgroups and more onto Windows Server.

Redis Clustered: The Redis key/value cache and store has pushed a release candidate for Redis 3.0.0 out. This is a rather important release as @antirez explains in his blog, it’s the first version with Cluster support, a long in-development feature, which has reached “minimum viable product” level and is stable enough for testing.

Quickies: 6to5 – turns JavaScript ES6 code into plain ES5 code which could be well useful. Asciicinema – lets you record and playback terminal sessions (and could be even better with audio – hint). On the to read list – Building Web Apps with Go – MIT licensed book based around Heroku use but lots of interesting content. And Whiteout Mail has gone open source – it’s all about accessible secure mail and has been in the works since 2013.