CouchDB: All content tagged as CouchDB in NoSQL databases and polyglot persistence
The security alert:
- Your password wasn’t leaked, but the hash was. Still not great.
- It’s fixed now.
The root problem?
To do login, npm uses the /_users database in couchdb. By default, CouchDB prior to version 1.2.0 makes this database world-readable.
Yet another problem
Latest stable CouchDB release is 1.1.1. And you’ll probably find some more nasty comments in the Hacker News thread.
Captured by Klint Finley from Jan Lehnardt:
For those not ready to upgrade to 1.2.0 CouchDB developer Jan Lehnardt suggests restricting access to /_users with a proxy.
The good news of course is that the CouchDB is changing this default behavior. The bad news is that it took this long for the problem with NPM to be noticed and fixed.
Me: the very bad news is that security is still an after-thought for many NoSQL databases.
Original title and link: CouchDB in Node Package Manager Exposed Password Hashes ( ©myNoSQL)
It’s impossible to always have the right answers to all the questions. So this time I’ll have to ask you all: why only some NoSQL databases are present in managed hosting offers?
The first wave of NoSQL managed hosting services brought MongoDB, CouchDB, and some Redis. The second wave brought some more MongoDB, CouchDB, and just a bit more of Redis. It was only the third wave that brought some managed services for graph databases: Neo4j and OrientDB. Plus the first proposal for Cassandra managed hosting.
The first answer that comes to mind when thinking about NoSQL managed services is adoption. If a product is not in wide use then the chances for a company to run a profitable hosting business are very low. But I have the feeling that this is not the only or the complete answer.
Please chime in and share your thoughts.
Original title and link: A Question About NoSQL Managed Hosting ( ©myNoSQL)
Just in case you thought someone made up the whole thing about the status of CouchDB being confusing:
On the other hand I’m still trying to figure out if things in CouchDB land were more confusing than the various Hadoop versions out there. If you compare the two genealogy trees you’ll notice a reversed pattern.
Original title and link: History of Couch Projects ( ©myNoSQL)
Here are the 5 bullet points that would helped Couchbase clarify all the confusion about Couchbase, Membase, CouchDB:
- We are working on Couchbase server 2.0. This is our next major release and the only product we will be focusing next. It represents the continuation of our current Membase server product.
- Until Couchbase server 2.0 is out, we might release one or two updates to our Membase server that are addressing the most important issues.
- We will provide a migration path to users of Membase server to Couchbase server 2.0
- We will not support anymore our distribution of CouchDB known as Couchbase Single Server. Damien Katz, creator of CouchDB, has decided to step away from the Apache CouchDB project and focus on Couchbase development.
- Due to the major changes in Couchbase server 2.0, we will not offer a migration path for the users of Couchbase Single Server to Couchbase server 2.0.
Original title and link: Couchbase: Clarifying Confusions in 5 Bullet Points ( ©myNoSQL)
There was a story earlier this year that I, as someone that has spent an enormous amount of time contributing to open source projects, thought it was no story. Considering how much was published about it, chances were you already read something about Damien Katz’s The future of CouchDB.
At the time of that post, my draft looked like this:
And now I, and the Couchbase team, are mostly moving on. It’s not that we think CouchDB isn’t awesome. It’s that we are creating the successor to it: Couchbase Server. A product and project with similar capabilities and goals, but more faster, more scalable, more customer and developer focused. And definitely not part of Apache.
Elvis has left the building. Please welcome The Beatles!
I always thought that some sort of a message from the its creator was needed to completely clear the waters about CouchDB. Damien’s post together with the earlier post from Couchbase announcing the discontinuation of the Couchbase Single Server (Couchbase’s CouchDB distribution) were bringing closure to the CouchDB saga. And that was good.
I knew that the Apache CouchDB project and community are doing fine. Noah Slater’s email just confirmed that:
As some of you may have already read, Damien Katz, Apache CouchDB’s original developer, has publicly announced that he intends to focus his time exclusively on developing other products for his company. Damien has had very little involvement in the CouchDB project for a year or more now, so, for many people, this is confirmation of what they already knew. […]
Our biggest strength has always been the breadth and depth of our community of developers and users. In the very near future, we’ll be voting in a new committer, appointing a new PMC member, sprucing up the website, and making a major new release
Late last year, I also suggested that Cloudant would become the go to company for CouchDB. Adam Kocoloski’s post confirmed this too:
We, along with a host of other companies, strongly support the open source community in building CouchDB and we do not plan on stopping. We have been fortunate in our ability to attract outstanding engineers, investors, and customers. We intend to continue devoting resources to Apache CouchDB and offer our help in any way the community desires.
Going forward, you’ll have two choices, either Apache CouchDB or Couchbase Server. The road map for Apache CouchDB will continue to be determined by community consensus. The road map for Couchbase Server will be determined by Couchbase, the company.
But I was left with a nagging feeling that I missed something. I kept on circling around a small part of the original post:
What’s the future of CouchDB? It’s Couchbase.
How could a product that is removing defining features (e.g. the HTTP RESTful API or the peer-to-peer replication), that is already different (Volker Mische’s post provides details), and that offers no clear migration path be the future of CouchDB?
The answer is actually simpler than I thought:
Couchbase is the future of CouchDB as CouchDB was the future of Lotus Notes. A new product that takes inspiration from the experience and lessons learned while building the previous one.
And that was a CouchDB season finale. I’m already looking forward to the next season’s plots.
Original title and link: CouchDB: A Season Finale ( ©myNoSQL)