Welcome to NewsBits where you'll find the database, cloud, and developer news from around the net for the end of 2017 to the week ending January 5th 2018:
- PostgreSQL is DB-Engines top DBMS.
- Meltdown and Spectre: a Security Bits Special.
- A Boxing Day update for MongoDB.
- RabbitMQ 3.7 gets tuned up.
- Bookmarking comes to pspg.
- Christmas brings Ruby 2.5.
- Rust 1.23 shrinks memory usage.
- Award for C++ creator.
And now, those NewsBits in full:
PostgreSQL: PostgreSQL has been declared DBMS of the year by DB-Engines. The site, which recently celebrated its fifth year running, tracks database popularity through analysis of mentions, searches, relevance and job posts. PostgreSQL saw the most growth of any database in the rankings, overtaking MongoDB, during 2017.
MongoDB 3.6.1: Talking about MongoDB, a MongoDB 3.6.1 was released on the day after Christmas, giving MongoDB admins something to unbox. It includes a fix for systemd startup which will also appear in an as yet unreleased 3.4.11.
RabbitMQ 3.7.2: RabbitMQ's messaging platform saw two updates just before the holiday in the form of 3.7.2 and 3.7.1. Both were bug fixing updates, with 3.7.1 improving macOS High Sierra compatibility, fixing proxy settings in discovery plugins and an oversight with the new config format and HTTP auth. It was a bug in the latter fix that was then the only thing fixed in 3.7.2.
etcd 3.2.13: etcd continues with its regular updates; 3.2.12 just before the holiday and a 3.2.13 release this week. Also appearing, the first etcd 3.3 release candidate, the most recent of which is 3.3.0-rc.1. Among the additions, from a developers perspective, there's support for the transaction API to do comparisons on ranges not just single keys and nested transactions.
pspg: The super-handy alternative pager for psql (and mysql and pgcli) command line tools has just been updated to pspg 0.9.0 and now has the ability to place bookmarks in the displayed results (useful for when you are browsing huge result sets) and search highlighting.
Meltdown and Spectre Bits
The news started with people noticing a pattern in various reports of security related things happening. The Meltdown and Spectre vulnerabilities were meant to be announced to the world on January 9th but these observations pre-empted the announcement catching many chip, cloud and operating system makers on the back foot. Here's NewsBit's essential links for whats happening.
What are Meltdown and Spectre?
It starts with Google. Its Project Zero found the problems way back in June last year and have been working with companies to prepare patches. They detailed what the attacks are and talked about mitigations.
The short version - you can trick CPUs into accessing privileged memory with speculative execution and leave the results sitting in the cache. For an accessible read, check out @pwnallthethings Time-Travelling Exploits with Meltdown.
The impact of Meltdown and Spectre is most felt where multiple processes from different users share the same hardware; specifically cloud multi-tenant systems. This is why all the big cloud vendors are setting up hardware maintenance windows in which hosts will be patched and rebooted. There's no applying the fixes to running systems.
Meltdown fixes have, in some cases, already been pushed out to operating system users. Apple confirmed that had pushed partial fixes in the newest macOS and iOS releases and had more on the way. Microsoft are already pushing out Windows 10 fixes. Ubuntu were in the process of integrating the upstream fixes and are sticking to the original schedule of releasing on Jan 9th. There'll also be fixes for the LTS versions at the same time. The simple rule is apply updates as they come down the pipeline.
Red Hat opened up their analysis on the performance issues surrounding the fixes. As expected, they vary by workload but as a general rule, the more an application calls on the operating system, the more it will be affected. The company has a resource page dedicated to Meltdown and Spectre information.
performance.now() and removes
SharedArrayBuffer. Chrome and Chromium developers are also doing the same and advising people to turn on other mitigation features like Site Isolation.
Ruby 2.5: As is now tradition, the latest version of Ruby, Ruby 2.5, arrived on Christmas Day. A 5-10% performance improvement thanks to removing trace instructions,
ensure working with
end blocks, better OS sourced random numbers, updated Unicode support and an experimental feature that prints backtraces out backwards (so the cause is the last thing you read) are among the changes.
Rust 1.23: Over with the Rustaceans, Rust 1.23 has arrived. The headline change is an optimization of copying in compiled Rust code which has seen, as an example, a 5-10% drop in memory usage of
rustc though. As always, memory savings with your own Rust applications will vary.
C++: The National Academy of Engineering's Charles Stark Draper Award for Engineering is being awarded to C++ creator Bjarne Stroustrup "for conceptualizing and developing the C++ programming language". Stroustrup, currently a managing director in the technology division of Morgan Stanley in New York, will be presented with the $500,000 award at an event in February.
NewsBits. News in bits, every Friday at Compose.
Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at firstname.lastname@example.org. We're happy to hear from you.