Compose's NewsBits for the week:
- CockroachDB reaches version 1.0,
- PostgreSQL gets security updates,
- Elasticsearch 6 goes into alpha,
- Git gets SHA1 collision protection,
- Some truths about Git use,
- Sinatra 2.0 arrives in a style,
- Go Delve 1.0 approaching,
- Busting Rust's Cargo package manager.
This is NewsBits: news selected by Compose's technical content curator from the world of open source databases and development, delivered as delicious chunks of information.
A big week for the CockroachDB as the company released CockroachDB 1.0, the "open source, cloud-native SQL database". We've been watching the database develop its aggressively horizontal, geographically distributed vision of an SQL database from before it even had an SQL layer and was a solid distributed key/value store. The company also announced a commercial distributed backup feature as the proprietary part of its CockroachDB Enterprise and a $27M series B funding round.
PostgreSQL security updates
A security update release of PostgreSQL sees new versions of PostgreSQL 9.2 to 9.6 released - 9.2.21, 9.3.17, 9.4.12, 9.5.7 and 9.6.3. The security issues include two server side moderate severity issues and one client side issue with libpq and SSL. If you use libpq in your application and use the
PGREQUIRESSL environment to turn on SSL, stop doing that and use the
sslmode=required connection string option to enable SSL - it's what Compose has recommended in the web console's connection strings since launching PostgreSQL.
Elasticsearch 6 goes alpha
Over at Elastic, home of Elasticsearch, the first alpha of Elasticsearch 6.0 has been rolled out for early testing. In Elasticsearch terms, this update sees a smoother upgrade path supported, index sorting at search or insert time, sparse doc values via Lucene 7 and most visibly for established Elasticsearch users, the end of multiple-type indexes. The alpha is part of the Elastic Stack 6.0 alpha
Git 2.13 or...
An update to the Git - now at Git version 2.13 - sees the techniques developed and tested by Github to prevent the SHA-1 collision problem applied to the code of the distributed revision control system. There's also new pathspecs which play better with shells and let you filter on attributes.
Git is a powerful tool and there's been anecdotal data that some users are working with a minimal subset of that capability with no solid grasp of the underlying concepts. Now there is another data point for that concern; a recent report on how people use Git – A Case of Computational Thinking: The Subtle Effect of Hidden Dependencies on the User Experience of Version Control(pdf) – suggests that in practice developers have narrow usage of the system and leave the tasks outside their own workflow to others in the team with more experience. 'Even one of the more experienced Git users [at Autodesk] requested that someone else perform an operation because “it scares the [elided] out of me"' notes the report.
The Sinatra DSL for elegantly simple Ruby web applications has emerged with a final version 2.0 - the last minor release, 1.4.0 was back in 2013 but that's more a tribute to a simple idea done well as Sinatra has inspired similar projects in other languages. The CHANGELOG has the details of what has changed - but a more useful summary comes from this 2016 post from when the pre-release arrived. And if you're wondering why there's no official, official announcement and the Sinatra site hasn't updated - this tweet may explain.
Sadly the biggest blocker to announcing it at the moment is... jekyll haaha— zzak (@_zzak) May 8, 2017
The Delve debugger for Go is approaching version 1.0 status with the arrival of Delve 1.0RC1. The version 1.0 now has swappable backends so you can use different debugging environments such as Mozilla's RR project which lets you record a failure then replay it in the debugger multiple times.
A tale of accidental Rust breakage reminds us of how making assumptions such as "file naming works the same everywhere" can bite. In this case, naming a Rust Crate
nul interrupted a weekend for Rust's cargo package management managers as
nul is a reserved file name on Windows.
If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at firstname.lastname@example.org. We're happy to hear from you.