
RethinkDB 2.3: user accounts, network encryption, Windows support - coffeemug
http://rethinkdb.com/blog/2.3-release/
======
newman314
This is great!

However, "In conventional RethinkDB deployments, users typically run their
application server within the same closed network as their database servers.
In that specific kind of environment, where the database isn’t exposed to the
public internet, there’s typically little need for encryption."

I would push for more companies to actually encourage encryption locally too.
Perimeter security is no longer sufficient.

EDIT: Adding Google BeyondCorp reference:
[http://www.theregister.co.uk/2016/04/06/googles_beyondcorp_s...](http://www.theregister.co.uk/2016/04/06/googles_beyondcorp_security_policy/)

------
txutxu
That's delivery. User accounts, network encryption and Windows support.

I did a couple of interviews with this people; and I can ensure this features
have a few thoughts behind them.

Happy to see RethinkDB going on, and very sad I didn't make 100% my best at
the interviews by personal issues at the time.

It's a pity that many people here in my country do not know still about
RethinkDB. Other mainstream databases are more common knowledge.

I wish the best for you, and I keep a very good impression of each and every
one of the people with whom I could talk at the process.

Very curious about the windows port. Has been hard? do you use any kind of
framework that did ease the porting of the RethinkDB code?

Network encryption is undervalued in this times. A funny and serious feature.
I would like to see the dashboards, thoughts and meetings around this one.

Keep up the good job!

~~~
Scarbutt
* It's a pity that many people here in my country do not know still about RethinkDB. Other mainstream databases are more common knowledge. *

I guess is because this guys have been jumping around to see what sticks,
their focus nows seems to be the "the database for the realtime web".

Why should companies bother if rethinkdb doesn't show to have clear goals yet?
tomorrow they can be the "database for the (whatever)".

~~~
akbar501
If I remember my RethinkDB history correctly, they picked the realtime web as
their focus a while back.

Also, RethinkDB has kept their focus on real-time use cases since picking this
focus.

~~~
imslavko
I've heard about RethinkDB for the first time in 2013[1] and at the time it
was described as "MongoDB with joins and auto-sharding".

I also heard that one of the initial "killer-features" of RethinkDB was
supposed to be a stored history, just like a big persistent data structure (in
my understanding, similar to Datomic). In the video[2] a lot of time was spent
describing the benefits of an append-only structure.

[1]:
[https://www.youtube.com/watch?v=H9G1dCMTWps](https://www.youtube.com/watch?v=H9G1dCMTWps)
[2]:
[https://www.youtube.com/watch?v=uDHc3lkr3Ns](https://www.youtube.com/watch?v=uDHc3lkr3Ns)

~~~
SamReidHughes
> "MongoDB with joins and auto-sharding"

It still is that. And (now) more.

I don't think it was ever supposed to be a history-saving data structure --
that log-structured stuff is (I haven't watched the video, I'm assuming) about
talking nice to SSD's. It was at one point, after that video, a single-machine
memcache-compatible persistent key/value store, before the pivot to being
clustered and having its own query API.

------
mmcclellan
So I was trying out the new TLS support starting RethinkDB with a command like
so:

rethinkdb --http-tls-key key.pem --http-tls-cert cert.pem --driver-tls-key
key.pem --driver-tls-cert cert.pem

and the web ui goes to https successfully, but it looks like I need to change
something for the Python driver:

In [1]: import rethinkdb as r

In [2]: r.connect("localhost", 28015).repl()
\---------------------------------------------------------------------------
ReqlDriverError Traceback (most recent call last) <ipython-
input-2-655078830678> in <module>() \----> 1 r.connect("localhost",
28015).repl()

.../site-packages/rethinkdb/net.pyc in __init__(self, parent, timeout) 313
.replace('receiving from', 'during handshake with')\ 314 .replace('sending
to', 'during handshake with') \--> 315 raise ReqlDriverError(error) 316 except
socket.timeout as ex: 317 self.close()

ReqlDriverError: Connection is closed.

~~~
coffeemug
You need to pass the ssl certification to `connect` for the driver to
successfully connect to an encrypted port. Check out the docs here:
[http://rethinkdb.com/api/python/connect/](http://rethinkdb.com/api/python/connect/)

EDIT: also, we'll modify the docs to make that more clear (see
[https://github.com/rethinkdb/docs/issues/1076](https://github.com/rethinkdb/docs/issues/1076))

~~~
mmcclellan
Thanks. That fixed me up:

In [6]: r.connect(host="localhost", port=28015, password=" __ __ __ __" ,
ssl={"ca_certs": "./cert.pem"}).repl() Out[6]:
<rethinkdb.net.DefaultConnection at 0x7f92ea759fd0>

------
sotojuan
Rethink is amazing and sadly underrated. This release looks awesome! Great
work.

PS: Can you start selling plush dolls of the mascot? So cute.

~~~
TheMissingPiece
Hey hey, I work on the community team at Rethink and I'm happy to send you a
mini version which is a little stress doll Thinker.. The plushies were an Etsy
order and we only have a few left. I think we'll do more down the line :)
christina [at] rethinkdb [dot] com. Also, thank you for the kind words!

~~~
abjorn
Some RethinkDB merch like that would be awesome!

------
nailer
Currently migrating from a users-as-a-service startup to rethinkdb. So far
query language has been intuitive (need to query via the length of a nested
array? Got it) and rethink community on StackOverflow etc has been solid.
Another thumbs up.

------
fweespee_ch
> Network encryption: built-in TLS support encrypts database connections

> RethinkDB 2.3 includes TLS support, contributed by Josh Hawn. Josh
> integrated OpenSSL, enabling encryption on the wire for both the client
> driver protocol and communication between database servers in a cluster.
> This update also brings encryption to RethinkDB’s web-based administrative
> user interface, which you can now access with an HTTPS URL.

Yay! WAN Replication over TLS is built in now.

I'm not sure how I feel about the web interface, might be better to stick with
SSH tunneling for that.

~~~
mglukhovsky
If you like, you can also turn off the web UI completely with `rethinkdb --no-
http-admin`.

~~~
fweespee_ch
Good to know, thanks. :)

------
reitzensteinm
On the HN front page simultaneously is RethinkDB with Windows support, and
Windows with RethinkDB support. What strange times we live in.

------
AraK
Congrats for the new release. I love the new user/permission mechanism!

------
diegorbaquero
YES! Thank you so much for this great packed update. Loving RDB.

------
asher_
This is a great release. Awesome job guys!

The inclusion of the fold command has had me thinking about RethinkDB for an
event sourced system. Is anyone using it for this purpose at the moment?

Additionally, are folds usable with change feeds? That could be really
powerful for event sourced systems.

~~~
v3ss0n
Asher , yes . this is our prototype : [http://phwa.be](http://phwa.be) , a
real time multimedia chatroom , with full markdown support but with radically
different approach. It uses eventsource + rethinkdb change feeds and now i am
looking at fold command. We are also building a realtime mobile marketplace
which is going to be our main startup product.

------
chriscates
Keep killing it guys! Love the work you guys do.

------
bioinformatics
My go-to-DB for everything I need stored. Keep up the good work!

------
meddlepal
Does Rethink have TTLs yet?

~~~
coffeemug
Slava @ Rethink here.

Not yet :( Document-level TTL is a surprisingly challenging feature to
implement correctly in a distributed system. We'll try to get it in as soon as
we can; sorry we haven't been able to do this sooner.

~~~
meddlepal
Slava, thanks for the response and I completely understand your predicament!

I would love to see it and it's a feature I have a lot of uses for :)

------
shockzzz
Is there encryption at rest?

~~~
segphault
No, RethinkDB doesn't have disk encryption. The new encryption features in
this release all relate to data on the wire.

------
vbit
AGPL is real show-stopper for serious adoption, IMO.

~~~
akbar501
AGPL is used by a number of DBs such as MongoDB and Neo4j. I'm sure there are
others, but these two are top of mind.

RethinkDB's drivers are Apache or MIT (I can't remember which).

Licensing the server as GPL/AGPL while making drivers Apache/MIT is an
accepted practice in the database world as it provides the DB vendor with
opportunities to protect revenue while the driver licenses protect developers
from the GPL/AGPL.

~~~
vbit
In spite of drivers being non AGPL, companies with 'absolutely no AGPL' policy
cannot try the open source version of these DBs which puts these products
behind others. I don't think AGPL provides any real benefit for the vendor.
Most small organizations will want their patches (if any) to be upstreamed so
they don't have the maintenance burden. Most big organizations will want
commercial support anyway. All AGPL does is discourage adoption.

There are plenty of non-AGPL DBs out there doing pretty well. Here are some
examples of GPL/MIT/BSD style licensed DBs: Riak, Cassandra, Redis, MySQL,
PostgreSQL, ArangoDB, CouchDB.

~~~
vpkaihla
> companies with 'absolutely no AGPL' policy cannot try the open source
> version of these DBs which puts these products behind others.

Many companies have dumb policies. They are the ones that need to change.

~~~
vbit
Why is it a dumb policy?

