MongoDB 3.2.6-rc0 is out and is ready for testing. This is a release candidate containing only fixes since 3.2.5. The next stable release 3.2.6 will be a recommended upgrade for all 3.2 users.
MongoDB 3.2.6 includes the first production release of the In-Memory storage engine. For more details see https://docs.mongodb.org/manual/core/inmemory/
Fixed in this release:
- SERVER-22970 Background index contains mismatched index keys and documents
- SERVER-22043 count helper doesn’t apply read preference
- SERVER-23394 AuthorizationManager may deadlock while building role graph if profiling is enabled
- SERVER-23766 Remove beta startup warning for inMemory storage engine
As always, please let us know of any issues.
– The MongoDB Team
Security Best Practices Revisited
According to the just released 2016 Verizon Data Breach Investigations Report , 2015 saw 2,260 confirmed data breaches as well as over 100,000 reported security incidents. These are the highest numbers since the report began analyzing such incidents back in 2008. The report does a fantastic job of describing the types of attacks organizations should be prepared to face in the coming year. While the sophistication level of each threat varies, the report points out that 63% of confirmed data breaches were very simple - they used weak, default, or stolen passwords. This is a strong reminder that even basic defenses are still lacking in many organizations. At MongoDB, we take security very seriously. Our team is constantly working to deliver a world class database experience that addresses today’s ever-evolving security requirements. As a reminder, here are some resources MongoDB customers can use to help ensure the security of their systems: The most popular installer for MongoDB (RPM) limits network access to localhost by default. Security is addressed in detail in our Security Manual . The Security Checklist discusses limiting network exposure. Note that the method to do this will vary significantly depending on where the service is hosted (AWS, Azure, locally, etc). MongoDB Atlas security features include TLS/SSL encryption, authentication, and authorization via SCRAM-SHA1; IP whitelists enforced with AWS Security Groups; optionally encrypted storage volumes; and the MongoDB Atlas console to manage database users. Additionally, users of MongoDB Cloud Manager can enable alerts to detect if their deployment is internet exposed. A discussion on security is provided in two parts. Part 1 covers Design and Configuration. Part II covers 10 mistakes that can compromise your database. We encourage users who have experienced a security incident for MongoDB to create a vulnerability report . If you are interested in learning more about security best practices watch our on demand webinar. Securing your MongoDB deployment About the Author - Andrew Racine Andrew is Director, Demand Generation at MongoDB where he helps customers learn how to turn their giant ideas into reality. Prior to joining MongoDB, Andrew was the Director of Marketing at Conjur, an infrastructure security startup. Before Conjur, Andrew spent nearly 5 years at HubSpot in a variety of customer-focused roles.
The Rise of the Strategic Developer
The work of developers is sometimes seen as tactical in nature. In other words, developers are not often asked to produce strategy. Rather, they are expected to execute against strategy, manifesting digital experiences that are defined by the “business.” But that is changing. With the automation of many time-consuming tasks -- from database administration to coding itself -- developers are now able to spend more time on higher value work, like understanding market needs or identifying strategic problems to solve. And just as the value of their work increases, so too does the value of their opinions. As a result, many developers are evolving, from coders with their heads-down in the corporate trenches to highly strategic visionaries of the digital experiences that define brands. “I think the very definition of ‘developer’ is expanding,” says Stephen “Stennie” Steneker, an engineering manager on the Developer Relations team at MongoDB. “It’s not just programmers anymore. It’s anyone who builds something.” Stennie notes that the learning curve needed to build something is flattening. Fast. He points to an emerging category of low code tools like Zapier, which allows people to stitch web apps together without having to write scripts or set up APIs. “People with no formal software engineering experience can build complex automated workflows to solve business problems. That’s a strategic developer.” Many other traditional developer tasks are being automated as well. At MongoDB, for example, we pride ourselves on removing the most time-consuming, low-value work of database administration. And of course, services like GitHub Copilot are automating the act of coding itself. So what does this all mean for developers? A few things: First, move to higher ground. In describing one of the potential outcomes of GitHub Copilot, Microsoft CTO Kevin Scott said, ““It may very well be one of those things that makes programming itself more approachable.” When the barriers to entry for a particular line of work start falling, standing still is not an option. It’s time to up your strategic game by offering insight and suggestions on new digital experiences that advance the objectives of the business. Second, accept more responsibility. A strategic developer is someone who can conceive, articulate, and execute an idea. That also means you are accountable for the success or failure of that idea. And as Stennie reminded me, “There are more ways than ever before to measure the success of a developer’s work.” And third, never stop skilling. Developers with narrow or limited skill sets will never add strategic value, and they will always be vulnerable to replacement. Like software itself, developers need to constantly evolve and improve, expanding both hard and soft skills. How do you see the role of the developer evolving? Any advice for those that aspire to more strategic roles within their organizations? Reach out and let me know what you think at @MarkLovesTech .