NewsBits - Redis Security, PostgreSQL Installation and SQLite's UPSERT

Published

Welcome to NewsBits from Compose where you can catch up on the database and developer news from around the net for the week ending June 7th:

And now those Bits in full...

Database Bits

Redis Security - A report on Redis security, which got re-reported as "75% of Redis Servers infected by malware" saw Redis creator Antirez, Salvatore Sanfilippo, take to his blog to clarify what it actually said. Specifically, the report dealt only with open servers with no authentication on a public IP address so attackers had literally been pushing on open doors.

More interestingly, Antirez reviewed protected mode from Redis 4.0 which attempted to mitigate against accidentally open Redis servers by not allowing network connections and explaining that the configuration would need to be changed to enable network connections.

Unfortunately, and despite this change "there are still tons of Redis 4.0 instances exposed" due to users just turning off protected mode. More worryingly VM images which disable the protected mode at installation time are then being shared. Antirez also talks about plans to introduce ACLs, alongside TLS/SSL support in Redis 6.

PGInstaller - There have been various system-specific PostgreSQL installers over the years, but PGInstaller from 2ndQuadrant is looking to change that. It offers an installer that can run with GUI, command line, or unattended. The installer supports Windows, macOS, and Linux with PostgreSQL 9.5, 9.6, 10, and 11(beta). Each installer can configure automated service launching as appropriate for the OS, has Python 3 support, and zlib compression while being consistent across the various platforms. You can find it on the PGInstaller page on 2ndQuadrant's site.

SQLite - The latest release of SQLite, 3.24.0, includes the PostgreSQL-styled UPSERT clause, better UPDATE performance when values don't change on disk, better output from EXPLAIN QUERY PLAN and various bug fixes.

Elasticsearch - Elastic's Beats team have introduced the Elastic Common Schema which aims to normalize the various formats of data that logging and monitoring systems produce into one common format for Elasticsearch ingest. The hope is that a common scheme will make it easier to analyze various sources of data together. The work-in-progress can be found at github.com/elastic/ecs.

etcd - There's an update for etcd: etcd 3.3.7 and etcd 3.2.22 add in TLS cipher whitelisting. This allows connections using weak ciphers to be blocked and gives more control over what encryption is in use.

Developer Bits

Ruby - It's due to land at Christmas, but because of the big new feature in it, the next Ruby 2.6 has begin previewing already. That feature? An initial implementation of a JIT compiler, and a rather different one at that as it generates C code which it then gets the C compiler to turn into native code. This preview has the infrastructure in place and a few optimizations so it should be at least interesting to work with. Beyond the JIT, there's the addition of endless ranges -range(1..), some other speedups and a merge of the beta of RubyGems 3.0.0.

PHP - Also hitting the development trail, PHP 7.3 alpha 1, due to go GA around November/December. Initial changes include improved garbage collection, reference list assignment and many bug fixes.

TypeScript - At the other end of the development chain, TypeScript 2.9 has been released. Microsoft's optionally-static-typed JavaScript has developed a following with some high profile projects leaning on it's type checking to improve code quality without losing dynamic types. The new release adds import() types for more flexible referencing for modules, default --pretty printing, import support for well-typed JSON files, and more. Next up on the roadmap is TypeScript 3.0 in July.

Java - If you've been finding your Java code is misbehaving in Java 9 and later around string concatenation with +=, then you'll want to check out JDK-8204322. A mysterious side-effect bug appeared in Java 9 and that no one noticed it with Java 9 begs some interesting questions. Meanwhile, if you rely on the Nashorn JavaScript engine, it's time may be up if the proposal to remove it goes through.

And Finally... a GameBoy Color, a Canon 70-200mm lens, and a 3D printed EF lens mount leads to a ridiculous pairing that takes remarkably good pictures given the limitations.

NewsBits. News in bits, every Friday at Compose.


Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at articles@compose.com. We're happy to hear from you.

Dj Walker-Morgan
Dj Walker-Morgan is Compose's resident Content Curator, and has been both a developer and writer since Apples came in II flavors and Commodores had Pets. Love this article? Head over to Dj Walker-Morgan’s author page to keep reading.

Conquer the Data Layer

Spend your time developing apps, not managing databases.