Compose's Little Bits 40 - PostgreSQL, BuntDB, Prometheus, CGI Vulnerability, Ruby 2.4, Kilua

A fresh beta for PostgreSQL, a new small embeddable Go database, Prometheus monitoring hits 1.0, a CGI vulnerability triggers lots of updates, what's in Ruby 2.4 (now in preview) and Kilua is now a thing - All the links that Compose's technical content curator's eye in the past week.

Database-y

PostgreSQL 9.6 beta 3 - Keeping up a steady drumbeat of betas, the PostgreSQL developers have released the third beta of PostgreSQL 9.6. As would be expected, there's lots of fixes to the parallel query functionality with parallel TABLESAMPLE being added and tuning of explain, query cost and planning. Expect more betas as we head toward the "Late 2016" release window.

BuntDB - It's small, it's in-memory, it's a key/value store and it's in Go - It's BuntDB, a persistant, ACID compliant, multiple reader/single writer, geospatial data supporting database inspired in part by BoltDB and designed to embed in Tile38. It's designed to be embedded in Go projects but the developers are working to expand the 1000 lines of code with support for a command line and network support.

Cloud-y

Prometheus 1.0: The open source monitoring and alerting toolkit Prometheus has hit a major milestone with the release of Version 1.0. The system, which began it's life at Soundcloud, has evolved its multi-dimensional data model, functional query language, GUI-based dashboard builder and command line querying tools over the past four years and is now ready to declare the core APIs as stable. It's still got a huge roadmap to fulfill which it will be doing at CNCF (Cloud Native Computing Foundation), alongside CNCF's other incubating project, Kubernetes.

CGI vulnerability: If you use CGI as part of your web environment, look out as you may be vulnerable to VU#797896. We only noticed it when Go 1.6.3 and 1.7rc2 updates arrived. The vulnerability means that in unpatched setups, a bad actor can mess with the HTTP_PROXY environment as part of a man in the middle attack. Apache, HAProxy, HHVM, lighttpd, nginx, Python and PHP and others have already been updated.

Developer-y

Ruby 2.4 previewed - A preview of Ruby 2.4 was released last month and it promises a lot of enhancements. The preview announcement has lots of links but this blog post from Blockscore does a great job of pulling all the 2.4 features and examples together in one place. Ruby 2.4 is currently scheduled to land on Christmas Day.

Kilua - In the last Little Bits we mentioned Antirez's Kilo editor and an extension which added Lua to the mix. That's now become Kilua, with the Lua support and other features already baked in.