NewsBits: PostgreSQL is top of the databases and all about Meltdown and Spectre

Published

Welcome to NewsBits where you'll find the database, cloud, and developer news from around the net for the end of 2017 to the week ending January 5th 2018:

And now, those NewsBits in full:

Database Bits

PostgreSQL: PostgreSQL has been declared DBMS of the year by DB-Engines. The site, which recently celebrated its fifth year running, tracks database popularity through analysis of mentions, searches, relevance and job posts. PostgreSQL saw the most growth of any database in the rankings, overtaking MongoDB, during 2017.

MongoDB 3.6.1: Talking about MongoDB, a MongoDB 3.6.1 was released on the day after Christmas, giving MongoDB admins something to unbox. It includes a fix for systemd startup which will also appear in an as yet unreleased 3.4.11.

RabbitMQ 3.7.2: RabbitMQ's messaging platform saw two updates just before the holiday in the form of 3.7.2 and 3.7.1. Both were bug fixing updates, with 3.7.1 improving macOS High Sierra compatibility, fixing proxy settings in discovery plugins and an oversight with the new config format and HTTP auth. It was a bug in the latter fix that was then the only thing fixed in 3.7.2.

etcd 3.2.13: etcd continues with its regular updates; 3.2.12 just before the holiday and a 3.2.13 release this week. Also appearing, the first etcd 3.3 release candidate, the most recent of which is 3.3.0-rc.1. Among the additions, from a developers perspective, there's support for the transaction API to do comparisons on ranges not just single keys and nested transactions.

pspg: The super-handy alternative pager for psql (and mysql and pgcli) command line tools has just been updated to pspg 0.9.0 and now has the ability to place bookmarks in the displayed results (useful for when you are browsing huge result sets) and search highlighting.

Meltdown and Spectre Bits

The news started with people noticing a pattern in various reports of security related things happening. The Meltdown and Spectre vulnerabilities were meant to be announced to the world on January 9th but these observations pre-empted the announcement catching many chip, cloud and operating system makers on the back foot. Here's NewsBit's essential links for whats happening.

What are Meltdown and Spectre?

It starts with Google. Its Project Zero found the problems way back in June last year and have been working with companies to prepare patches. They detailed what the attacks are and talked about mitigations.

The short version - you can trick CPUs into accessing privileged memory with speculative execution and leave the results sitting in the cache. For an accessible read, check out @pwnallthethings Time-Travelling Exploits with Meltdown.

The impact of Meltdown and Spectre is most felt where multiple processes from different users share the same hardware; specifically cloud multi-tenant systems. This is why all the big cloud vendors are setting up hardware maintenance windows in which hosts will be patched and rebooted. There's no applying the fixes to running systems.

Operating Systems

Meltdown fixes have, in some cases, already been pushed out to operating system users. Apple confirmed that had pushed partial fixes in the newest macOS and iOS releases and had more on the way. Microsoft are already pushing out Windows 10 fixes. Ubuntu were in the process of integrating the upstream fixes and are sticking to the original schedule of releasing on Jan 9th. There'll also be fixes for the LTS versions at the same time. The simple rule is apply updates as they come down the pipeline.

Red Hat opened up their analysis on the performance issues surrounding the fixes. As expected, they vary by workload but as a general rule, the more an application calls on the operating system, the more it will be affected. The company has a resource page dedicated to Meltdown and Spectre information.

Browsers

Finally, there's the issue of browsers. Modern browsers have been found to let attackers use JavaScript to exploit the new flaws. With that in mind, browser makers are shutting the door on overly precise timing. Firefox 57.0.4 has been released which fuzzes up the resolution of timers like performance.now() and removes SharedArrayBuffer. Chrome and Chromium developers are also doing the same and advising people to turn on other mitigation features like Site Isolation.

Developer Bits

Ruby 2.5: As is now tradition, the latest version of Ruby, Ruby 2.5, arrived on Christmas Day. A 5-10% performance improvement thanks to removing trace instructions, rescue/ensure working with do/end blocks, better OS sourced random numbers, updated Unicode support and an experimental feature that prints backtraces out backwards (so the cause is the last thing you read) are among the changes.

Rust 1.23: Over with the Rustaceans, Rust 1.23 has arrived. The headline change is an optimization of copying in compiled Rust code which has seen, as an example, a 5-10% drop in memory usage of rustc though. As always, memory savings with your own Rust applications will vary.

C++: The National Academy of Engineering's Charles Stark Draper Award for Engineering is being awarded to C++ creator Bjarne Stroustrup "for conceptualizing and developing the C++ programming language". Stroustrup, currently a managing director in the technology division of Morgan Stanley in New York, will be presented with the $500,000 award at an event in February.

And Finally... Now Twitter does 280 characters where can you go to show what you can do in 140 characters? If that's JavaScript you are thinking of then check out Dwitter where you can see demonstrations of graphically wonderful 140 character programs.

NewsBits. News in bits, every Friday at Compose.


Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at articles@compose.com. We're happy to hear from you.

attributionAmador Loureiro

Dj Walker-Morgan
Dj Walker-Morgan was Compose's resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Love this article? Head over to Dj Walker-Morgan’s author page to keep reading.

Conquer the Data Layer

Spend your time developing apps, not managing databases.