Welcome to NewsBits where you'll find the developer and database news from around the net for the week ending March 23rd.
- Java 10 is here for the summer.
- gRPC native routing is in NGINX's latest.
- Node 9.9.0 and security updates for all.
- Visualization engine D3.js goes to 5.0.
- oclif makes creating CLIs easy.
- Deja Vu's Elasticsearch web API updated.
- Elasticsearch updates for 6.1 and 6.2.
- Fixes land in minor MongoDB 3.4 update.
- New C++ driver for Scylla/Cassandra.
Unsecured etcds make the news.
And finally, learn some graph theory.
And now, here are those bits...
Java 10 - Java 10 is here and it's the start of the fast track for Java. The next few releases are short-term releases with incremental enhancements in each. Java 9 is at the end of its public update life with Java 10 now available and Java 10 will reach the same point this September. Beyond there is still to be decided. What's new in Java 10? For developers, there's a whole new "var" which does type inference on local variable definitions. It's a small change which makes code more readable and you can learn about it in this blog article. There's also a parallel full GC mode and an experimental Java-based JIT, Graal, for the Linux/x64 platform. Learn more on the OpenJDK site.
NGINX - The popular web server and reverse proxy NGINX has gained another string to its bow, native support for gRPC traffic. In NGINX 1.13.10, a new module builds on existing TCP/gRPC proxying and HTTP/2 support with the ability to terminate, inspect and then route gRPC requests within the NGINX server.
Node.js - Node.js's "Current" version, 9.x moves on with the release of Node.js 9.9.0. Lots of bug fixes, improved docs and features refined. If you're running Node 9.x or one of the LTS versions (4.x, 6.x or 8.x), get ready to update with the March 2018 Security releases incoming on March 27th. 4.x users are vulnerable to a high severity denial of service issue. Given that Node.js 4.x support ends on 30th of April, this is probably the final update for 4.x and it's a good time to start thinking of migrating to 6.x or 8.x.
D3.js - Chances are, if you see a delightful visualization on the web, someone's using D3.js. D3 takes care of the tricky bit, binding data to document models and lets people create their own renderings. Now, version 5.0 of D3.js is available and the changes include switching to a Promise based system for acquiring data, catagorical color schemes and computing polygon contours.
Deja Vu - The "missing Web UI for Elasticsearch", Deja Vu has a new 1.5.0 release which simplifies moving between indicies in a cluster, support for update by query and delete by query in the queries view and adds custom headers for alternative authentication schemes. Deja Vu is a super-lightweight application which can be deployed as a Chrome extension or served from static web pages.
Elasticsearch - Talking Elasticsearch, there are updates for Elasticsearch, specifically 6.2.3 which, among the various bug fixes address a security vulnerability in the proprietary X-Pack Security extension. There's also a 6.1.4 update with a smaller set of fixes.
MongoDB - There's also a MongoDB update out there this week for MongoDB 3.4. The 3.4.14 update sees a large number of fixes and the Changelog breaks them out by category. Short version, nothing major by definition, but do check in case one of the fixes touches you.
Scylla/Cassandra - The cpv-project has released a 0.1 version of a C++ CQL driver for Scylla and Cassandra. This driver is written using the seastar framework, the same framework that powers Scylla. On first look, it seems to have good coverage with a futures-based API and support for connection pooling and multiplexing, automatic retries and load balancing, authentication and SSL, and batch operations.
etcd - A report in The Register tells of how a security researcher used the Shodan service to track down unprotected etcd instances on the internet. Apparently, some of these instances had been used to store passwords and other credentials. At Compose we've always deployed etcd with authentication proxies controlling access. This does serve as a good reminder that when provisioning databases on the internet yourself, just because it runs doesn't mean you are ready for production.
And finally, want to learn some graph theory? Why not try the delightfully interactive D3 Graph Theory.
NewsBits. News in bits, every Friday at Compose.
Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at firstname.lastname@example.org. We're happy to hear from you.