NewsBits - Native TLS/SSL could be coming to RedisPublished
Welcome to NewsBits where you'll find the database, security, and developer news from around the net for the week ending April 27th 2018:
- TLS/SSL is coming to Redis
- MySQL 5.7.22 gets some MySQL 8.0 tricks
- Life as an extension in the pipeline for PipelineDB
- pspg gets a search memory
- Learn more about SQL Injections
- Node.js 10 arrives
- Python's Flask reaches 1.0
- Flog will fake logs for you
- And finally... a wonderful, terrible thing to do on Slack with code.
Now here's all those bits in full...
Redis and TLS/SSL - Redis has no support for TLS encryption built in. To get TLS/SSL has meant using proxies and tunnels with an impact on performance in exchange for secure connections. But in the past week, two things have happened to make it look like that's all going to change.
First, Josiah Carlson, author of Redis in Action, has announced he will be releasing a fork of Redis which incorporates native TLS/SSL support, various performance improvements and transactions for Redis Lua scripts.
Secondly, a pull request has been submitted that brings TLS/SSL support to the Redis tree. @Antirez is looking to merge the code into unstable Redis after review and the release of 5.0 RC1.
MySQL 5.7.22 - In the excitement around MySQL 8 going GA, we forgot to mention MySQL 5.7.22 was also released. The MySQL 5.7.22 release notes cover the changes which include fixes to InnoDB, replication and more. It also sees backports of MySQL 8 JSON features. This includes the renaming the
JSON_MERGE() function to
JSON_MERGE_PRESERVE() and adding a
JSON_STORAGE_SIZE() for calculating the binary size of a JSON document and adding
JSON_PRETTY() to pretty print JSON values.
PipelineDB - The PostgreSQL fork for streaming SQL queries, PipelineDB has been updated to version 0.9.9. This is set to be the last version that is a fork because version 1.0.0 is set to be a PostgreSQL extension. The developers have been busy working on Stride, their realtime analytics as a service product, though and this has put the extension-isation of PipelineDB a bit behind schedule. That said, the 0.9.9 changes prepare the way for the extension, turning streams into foreign tables and continuous views and transforms into regular PostgreSQL views. There's also performance improvements derived from the experience of running PipelineDB in big Stride instances. 1.0.0 as an extension is expected to arrive before July.
pspg 1.1 - Pspg, the handy results viewer for PostgreSQL and MySQL, has had a small but useful update adding in search history.
SQL Injection Wiki - One of the things database developers need to be aware of is the danger of SQL injection; the subtle corruption of SQL commands to make them do malicious things. The new NetSPI SQL Injection Wiki can be a help with that. It covers how to detect injection points in applications, how commands can be injected and the kinds of commands an attacker may perform. Examples for MySQL, Oracle and SQL Server are included. The site is an editable Wiki stored on Github for those who wish to contribute.
Over the months running up to October, Node.js 10 will be shaken down and, around October, declared a long term support (LTS) version. And as a final reminder, Node.js 4.0 is end-of-life on April 30th (next Monday as of writing), and Node 6 will follow it next April.
Flask 1.0 - After 8 years in the wild, Flask, the lightweight Python web framework has reached Flask version 1.0. Although stable for some time, this release marks a year of extensive work on the software and its documentation. There's also a security fix to tighten up the handling of incoming JSON.
Flog - When testing applications that analyze log files, getting your hands on log data can be tricky. Flog can help there by creating fake logs in apache (common, combined or error) and RFC3164 format.
And finally... Will Leinweber is a terrible person in the best possible way. In this tweet he reveals he's written a program which makes it appear he's typing on Slack when anyone else starts typing. And it stops when they stop. His "VGP" is also a great "hello world" for writing a Slackbot in Ruby though.
NewsBits. News in bits, every Friday at Compose.
Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at firstname.lastname@example.org. We're happy to hear from you.