NewsBits – S3, CloudPets and MongoDB, Google’s Rosehub, MySQL’s Optimizer and a universal S…

NewsBits for the week ending March 3rd – Amazon’s S3 post-mortem, another unsecured MongoDB bites CloudPets, Google uses big data to fix open source code, all about MySQL 8’s query optimizer, a universal SQL command-line, take a voyage through GraphQL APIs with voyager, check out Kotlin 1.1’s JavaScript generation and is there really a 10x programmer out there?

Compose’s NewsBits are the bits of news which we think you should know about. From the cloud to databases to developer tools and always something extra, these are the NewsBits:

Cloud Bits

Amazon’s S3 Outage

When Amazon’s S3 went down, the world became very aware of how many systems relied on Amazon’s Simple Storage Service. After some hours, those systems came back online and everyone wondered what had happened. The post mortem explains it was, despite excellent procedures and playbooks, simple human error in entering a command that triggered off the chain of failures. There are lots of lessons to learn from this, especially for Amazon. Like not having the gif images representing system failures on one of the failing systems.

CloudPets and MongoDB

Database breaches, data held to ransom or not, we’ve seen it all. But CloudPets, makers of fuzzy BluetoothLE enabled talking toys, took it one step further and did it all in one go. According to a report by Troy Hunt , they stored the records of adult and children in one, unsecured and open to the internet, MongoDB database.

That came to around 820,000 users. It had been indexed as open on the network scanner and the original discoverer of this had no joy trying to contact the company. There was also unsecured S3 content, user profiles and pictures, a password system which accepted a single letter as a password, and then to top it off, it appears that the same database got visits from the ransomware attackers.

The report, and its updates, provide good reference points for things you shouldn’t do when putting an app in the cloud. Just because users only access your database through a phone app doesn’t make all the other ways you can get to your data go away.

Google’s Operation Rosehub

Apache’s Commons Collections had a vulnerability back in 2015 which was widespread and pernicious. Although many commercial applications were updated, open source software was not being systematically fixed. One Google employee started notifying and patching projects in March 2016, but the problem was everywhere. Thats when Google used Big Query and the Github data (we mentioned it herelast July) and created a query that found 2,600 affected projects. They then set about fixing those projects in an initiative called Operation Rosehub. Check out the query that they used and the rest of the story here .

Database Bits

MySQL’s Optimizer

A database’s query optimizer is an intriguing beast for database developers and users. It’s all about working out how much different ways to fulfill a query could cost and picking the right one. In The Unofficial MySQL 8.0 Optimizer Guide , Morgan Tocker, a MySQL Product Manager, takes a technical dive through the MySQL Optimizer, looking at the currently-in-preview MySQL 8.0. Worth reading for the optimizer content and the details on what’s coming in MySQL 8’s internals.

usql “universal SQL command-line”

usql is a very fresh (days old) project which is trying to create a common command line environment for SQL and other databases. It’s doing it through the use of Go’s database/sql environment. That means it can already open up MySQL, PostgreSQL, SQL Server, Oracle and SQLite databases by just giving it an appropriate URL. The author hopes to add command completion, clone the PostgreSQL psql \d* commands and more. Lots of potential.

GraphQL Voyager

GraphQL is getting people to create some interesting tools to support its schema-is-a-query-is-an-API model. Latest one we’ve see is GraphQL Voyager which lets you visualize your GraphQL API in all its glory – here’s Github’s GraphQL API mapped…

… and yes, you can zoom in. It promises to be a very useful tool for discussing how a GraphQL API is actually modelling data as it discovers its mapping data through an introspection query run against the API.

Developer Bits

Kotlin 1.1

The developers at JetBrains have released Kotlin 1.1 , the latest release of their open source, statically typed and pragmatically engineered language. Kotlin is able to generate code that runs on the JVM, Android and now, with 1.1, official JavaScript support. The JavaScript code will run in the browser or in Node.js and JetBrains plan on using that support to write some future web applications entirely in Kotlin. Also added to the language is coroutine support for simpler asynchronous code.

Antirez on the mythical 10x programmer

The debate over whether the 10x programmer exists is still ongoing; thats the idea that there are programmers ten times more productive than others. Antirez, aka Salvatore Sanfilippo, creator of Redis, has entered the discussion with a posting The Mythical 10X programmer . It’s a good read which disputes the existence of the 10x programmer whilst positing the idea that there are behaviors and skills that can have a 10x impact on the team.

Final Bits

Apollo Guidance

If you’ve wanted to immerse yourself in the technology that took man to the Moon, why not check out The Virtual AGC . It’s the home of an emulation for the Apollo Guidance Computer and the site is densly packed with information, original documents and lots more. There’s a For Dummies page which offers a “gentle introduction” and where you’ll learn how the user interface for the AGC was created as a demo which ended up going into production.

If you have any feedback about this or any other Compose article, drop the Compose Articles team a line We’re happy to hear from you.