Security updates for PostgreSQL and a new 9.6 beta, what next for the database market, job queues for RethinkDB, how they made Fast.com fast, Open vSwitch's new home, PyPy gets Mozilla money, Linux's TCP Stack problem, are your secrets safe in a secure enclave and why not make a smart yoyo - These are Compose's Little Bits, the links that have caught the eye of Compose's Technical Content Curator. Fresh every Friday.
PostgreSQL updates- Two important security fixes have landed in an update to all PostgreSQL versions . The two issues, one involving nested CASE expressions causing a server crash and the other involving the possibility of code injection by embedding special characters in database and role names, both require a bad actor to already have access to the database. There are also numerous non-security bug fixes in the update listed in the announcement. As a tiny aside, the libpq library now has support for two part PostgreSQL version numbers coming in the future... like 10.0.
PostgreSQL 9.6 beta 4- Also getting those security fixes was PostgreSQL 9.6 with a beta 4 of the database landing this week. It addition, it has it's own range of fixes to the beta as the process rolls towards the planned late 2016 release.
Database Markets- Redmonk's Stephen O'Grady looks at the database market and asks "Where next?" . He's suggesting a return of the general purpose datastore, moving back away from specialized databases, and a rise in the use of Database-as-a-Service. The former proposition is probably more debatable than the latter.
RethinkDB Job Queue- One common use for Redis is running as a job queue to distribute work. Well, RethinkDB can do that too and here's Node-RethinkDB-Job-Queue to show how. It's quite a fresh project but does have "over 1100 integration tests and it is fully functional" according to the developers.
Fast.com- Have you tried Netflix's Fast.com network speed estimater? It's a very slick bit of work and completely hides how it does its magic in the cloud. The developers at Netflix have pulled the curtain back now to show how they have been building Fast.com , how they manage grabbing files from their servers and how they analyse the performance data.
Open vSwitch- The multilayer virtual switch software hasn't updated but it has moved to the Linux Foundation which is now home to many many projects . Open vSwitch has had contributions from across the industry so it's only natural that it finds its new home at an industry consortium rather than a foundation.
PyPy for 3.5- PyPy is a JIT-powered, memory smart, stackless Python runtime which can make it ideal for Python in production. There's only one problem; it has been stuck on the 2.7 side of the Python 2.x 3.x schism. Thanks to $200,000 funding from Mozilla the PyPy developers will now be able to spend time getting a PyPy3 to catch up with Python 3.5 (and the soon to go beta Python 3.6).
Linux TCP Stack- An interesting issue of counting seems to have pervaded the Linux TCP stack as detailed in this paper (PDF). Predictability in acknowledging TCP packets means that an patient attacker could potentially glean enough information to hijack other TCP sessions. As reported in this Akami report , there's a mitigation for the Linux kernels from 3.6 to 4.6 and it is fixed in Linux 4.7.
Secure Enclaves- A digital dungeon for your secret bits and bytes, the secure enclave is an intriguing development in the arms race between security technology and attackers. These presentation slides look at Intel's SGX and how it manages to keep a secret and how others can leak that secret.
Smart Yoyo- Want to relax with a Yoyo but it's not hi-tech enough for you? Try 3D printing this project which wraps a Adafruit Circuit Playground with a Yoyo case and lets you program it to react to it whizzing through the air.