NewsBits - A week of updates for PostgreSQL, Elasticsearch, Redis and MongoDB
PublishedWelcome to NewsBits where you'll find the database, cloud, and developer news from around the net for the week ending February 9th:
- PostgreSQL 10.2 brings a healthy set of fixes.
- Java 9 and ranking evaluation in Elasticsearch 6.2.
- Redis 4.0.8 is all about one fix.
- A refreshing update for MongoDB 3.4.
- Chrome has a "Not Secure" surprise for July.
- All about the security fixes in Linux 4.15.
- Go closes a toolchain security hole.
- January's enhancements for VSCode are in.
- What do you know about SQL Window Functions?
- Remembering John Perry Barlow.
- And Finally... mechanical repairs for 60s card punch/reader.
Database Update Bits
PostgreSQL 10.2 - The PostgreSQL developers have released PostgreSQL 10.2, 9.6.7, 9.5.11, 9.4.16 and 9.3.21 in their usual wide-ranged updates. The announcement headlines two security fixes (neither of which affect Compose users), and around sixty bugs fixed in 10.2. Many bugs also affected older versions and the release notes for 9.6.7, 9.5.11, 9.4.16 and 9.3.21 cover which applies to which version.
Elasticsearch 6.2 - The Elasticsearch developers pushed Elasticsearch 6.2 out, followed quickly by Elasticsearch 6.2.1 to fix a plugin upgrade bug in 6.2. There's a new ranking evaluation API to rate the quality of search results and new safety rails for user queries to reduce the danger of bad queries breaking the system. There's also the ability to index WKT geometry alongside GeoJSON. Finally, there's Java 9; Elasticsearch has been compatible with it for a while, now its supported, but with Java 9 and 10's short lifespans, there's some caveats outlined in Java 9 and Beyond, an Elastic blog posting.
Redis 4.0.8 - Yes, another Redis release. 4.0.8 is "a single commit fixing a radix tree bug fixed 10 months ago, but escaped to 4.0 branch merge… Critical if you are a Redis Cluster user, otherwise do not upgrade at all" as @antirez tweeted.
MongoDB 3.4.12 - There's also a minor update for MongoDB 3.4 in the shape of MongoDB 3.4.12. This fixes, among other things, a bug in the shell which mis-parsed connection strings and stops a resource contention between foreground indexing and large numbers of threads.
Security Bits
Chrome - In July, expect to see a lot more reports of websites being "not secure". Google has confirmed that with Chrome 68's July release, HTTP websites will automatically be categorized as "Not Secure" and that'll be displayed alongside the URL. With Let's Encrypt making it easy to get certificates for sites for free, now may be a good time to start that HTTPS upgrade you've been promising yourself.
Linux - With Spectre and Meltdown fixes grabbing the headlines, there's not been much attention paid to the other security changes in Linux 4.15. Kees Cook has summarized the 4.15 changes and talks about changes to timer_lists and formatting commands which had offered fertile ground for attackers to exploit.
Go - There's been a release of Go 1.8.7, 1.9.4 and an updated 1.10 release candidate to close a flaw which allowed an attacker to trick go get
into running arbitrary code. So, update your Go.
Developer Bits
VSCode - The latest update for Visual Studio Code, version 1.20, brings the ability to perform edit actions on multiple files at once, natural language search for settings, Git submodule support, and global snippets. Read more in the release notes and check that it hasn't been silently asking to be restarted to upgrade. Oh, there's also a video about some of the changes.
Window Functions - Want to get up to speed on Window Functions in SQL? Try www.windowfunctions.com and it's rather nifty interactive tutorial/quiz.
Remembering
John Perry Barlow, co-founder of the Electronic Frontier Foundation, died on Wednesday at the age of 70. Barlow was an advocate for free and open digital spaces and in 1990, founded the EFF with Mitch Kapor and John Gilmore. The EFF has been at the forefront of legal challenges to restrict the freedom of the digital landscape. Barlow's A Declaration of the Independence of Cyberspace set out his vision of a digital space unfettered by nation-state regulation and censorship. His life is recalled in his New York Times obituary.
And Finally... if you think working with old electronics is tricky, spare a thought for Ken Shriff who's been among those restoring an IBM 1402 card punch/reader. Debugging a problem with this historic beast involved timing and angle corrections on clutches and wheels and cogs with precise positioning.
NewsBits. News in bits, every Friday at Compose.
Read more articles about Compose databases - use our Curated Collections Guide for articles on each database type. If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at articles@compose.com. We're happy to hear from you.
attribution Alex Wong