Hacker News new | past | comments | ask | show | jobs | submit login
RethinkDB 2.3: user accounts, network encryption, Windows support (rethinkdb.com)
208 points by coffeemug on Apr 6, 2016 | hide | past | web | favorite | 37 comments

This is great!

However, "In conventional RethinkDB deployments, users typically run their application server within the same closed network as their database servers. In that specific kind of environment, where the database isn’t exposed to the public internet, there’s typically little need for encryption."

I would push for more companies to actually encourage encryption locally too. Perimeter security is no longer sufficient.

EDIT: Adding Google BeyondCorp reference: http://www.theregister.co.uk/2016/04/06/googles_beyondcorp_s...

That's delivery. User accounts, network encryption and Windows support.

I did a couple of interviews with this people; and I can ensure this features have a few thoughts behind them.

Happy to see RethinkDB going on, and very sad I didn't make 100% my best at the interviews by personal issues at the time.

It's a pity that many people here in my country do not know still about RethinkDB. Other mainstream databases are more common knowledge.

I wish the best for you, and I keep a very good impression of each and every one of the people with whom I could talk at the process.

Very curious about the windows port. Has been hard? do you use any kind of framework that did ease the porting of the RethinkDB code?

Network encryption is undervalued in this times. A funny and serious feature. I would like to see the dashboards, thoughts and meetings around this one.

Keep up the good job!

* It's a pity that many people here in my country do not know still about RethinkDB. Other mainstream databases are more common knowledge. *

I guess is because this guys have been jumping around to see what sticks, their focus nows seems to be the "the database for the realtime web".

Why should companies bother if rethinkdb doesn't show to have clear goals yet? tomorrow they can be the "database for the (whatever)".

If I remember my RethinkDB history correctly, they picked the realtime web as their focus a while back.

Also, RethinkDB has kept their focus on real-time use cases since picking this focus.

I've heard about RethinkDB for the first time in 2013[1] and at the time it was described as "MongoDB with joins and auto-sharding".

I also heard that one of the initial "killer-features" of RethinkDB was supposed to be a stored history, just like a big persistent data structure (in my understanding, similar to Datomic). In the video[2] a lot of time was spent describing the benefits of an append-only structure.

[1]: https://www.youtube.com/watch?v=H9G1dCMTWps [2]: https://www.youtube.com/watch?v=uDHc3lkr3Ns

> "MongoDB with joins and auto-sharding"

It still is that. And (now) more.

I don't think it was ever supposed to be a history-saving data structure -- that log-structured stuff is (I haven't watched the video, I'm assuming) about talking nice to SSD's. It was at one point, after that video, a single-machine memcache-compatible persistent key/value store, before the pivot to being clustered and having its own query API.

What exactly what their previous goal? I thought they've always been for real-time search, at least that was the moniker when I looked at it 1 year previous.

So I was trying out the new TLS support starting RethinkDB with a command like so:

rethinkdb --http-tls-key key.pem --http-tls-cert cert.pem --driver-tls-key key.pem --driver-tls-cert cert.pem

and the web ui goes to https successfully, but it looks like I need to change something for the Python driver:

In [1]: import rethinkdb as r

In [2]: r.connect("localhost", 28015).repl() --------------------------------------------------------------------------- ReqlDriverError Traceback (most recent call last) <ipython-input-2-655078830678> in <module>() ----> 1 r.connect("localhost", 28015).repl()

.../site-packages/rethinkdb/net.pyc in __init__(self, parent, timeout) 313 .replace('receiving from', 'during handshake with')\ 314 .replace('sending to', 'during handshake with') --> 315 raise ReqlDriverError(error) 316 except socket.timeout as ex: 317 self.close()

ReqlDriverError: Connection is closed.

You need to pass the ssl certification to `connect` for the driver to successfully connect to an encrypted port. Check out the docs here: http://rethinkdb.com/api/python/connect/

EDIT: also, we'll modify the docs to make that more clear (see https://github.com/rethinkdb/docs/issues/1076)

Thanks. That fixed me up:

In [6]: r.connect(host="localhost", port=28015, password="", ssl={"ca_certs": "./cert.pem"}).repl() Out[6]: <rethinkdb.net.DefaultConnection at 0x7f92ea759fd0>

You'll need to pass the a certificate to `connect` through the `ssl` option, see http://www.rethinkdb.com/api/python/connect/

Rethink is amazing and sadly underrated. This release looks awesome! Great work.

PS: Can you start selling plush dolls of the mascot? So cute.

Hey hey, I work on the community team at Rethink and I'm happy to send you a mini version which is a little stress doll Thinker.. The plushies were an Etsy order and we only have a few left. I think we'll do more down the line :) christina [at] rethinkdb [dot] com. Also, thank you for the kind words!

Some RethinkDB merch like that would be awesome!

Currently migrating from a users-as-a-service startup to rethinkdb. So far query language has been intuitive (need to query via the length of a nested array? Got it) and rethink community on StackOverflow etc has been solid. Another thumbs up.

> Network encryption: built-in TLS support encrypts database connections

> RethinkDB 2.3 includes TLS support, contributed by Josh Hawn. Josh integrated OpenSSL, enabling encryption on the wire for both the client driver protocol and communication between database servers in a cluster. This update also brings encryption to RethinkDB’s web-based administrative user interface, which you can now access with an HTTPS URL.

Yay! WAN Replication over TLS is built in now.

I'm not sure how I feel about the web interface, might be better to stick with SSH tunneling for that.

If you like, you can also turn off the web UI completely with `rethinkdb --no-http-admin`.

Good to know, thanks. :)

On the HN front page simultaneously is RethinkDB with Windows support, and Windows with RethinkDB support. What strange times we live in.

Congrats for the new release. I love the new user/permission mechanism!

YES! Thank you so much for this great packed update. Loving RDB.

This is a great release. Awesome job guys!

The inclusion of the fold command has had me thinking about RethinkDB for an event sourced system. Is anyone using it for this purpose at the moment?

Additionally, are folds usable with change feeds? That could be really powerful for event sourced systems.

Asher , yes . this is our prototype : http://phwa.be , a real time multimedia chatroom , with full markdown support but with radically different approach. It uses eventsource + rethinkdb change feeds and now i am looking at fold command. We are also building a realtime mobile marketplace which is going to be our main startup product.

Keep killing it guys! Love the work you guys do.

My go-to-DB for everything I need stored. Keep up the good work!

Does Rethink have TTLs yet?

Slava @ Rethink here.

Not yet :( Document-level TTL is a surprisingly challenging feature to implement correctly in a distributed system. We'll try to get it in as soon as we can; sorry we haven't been able to do this sooner.

Slava, thanks for the response and I completely understand your predicament!

I would love to see it and it's a feature I have a lot of uses for :)

Is there encryption at rest?

No, RethinkDB doesn't have disk encryption. The new encryption features in this release all relate to data on the wire.

AGPL is real show-stopper for serious adoption, IMO.

AGPL is used by a number of DBs such as MongoDB and Neo4j. I'm sure there are others, but these two are top of mind.

RethinkDB's drivers are Apache or MIT (I can't remember which).

Licensing the server as GPL/AGPL while making drivers Apache/MIT is an accepted practice in the database world as it provides the DB vendor with opportunities to protect revenue while the driver licenses protect developers from the GPL/AGPL.

In spite of drivers being non AGPL, companies with 'absolutely no AGPL' policy cannot try the open source version of these DBs which puts these products behind others. I don't think AGPL provides any real benefit for the vendor. Most small organizations will want their patches (if any) to be upstreamed so they don't have the maintenance burden. Most big organizations will want commercial support anyway. All AGPL does is discourage adoption.

There are plenty of non-AGPL DBs out there doing pretty well. Here are some examples of GPL/MIT/BSD style licensed DBs: Riak, Cassandra, Redis, MySQL, PostgreSQL, ArangoDB, CouchDB.

> companies with 'absolutely no AGPL' policy cannot try the open source version of these DBs which puts these products behind others.

Many companies have dumb policies. They are the ones that need to change.

Why is it a dumb policy?

But it acutally is. On the mailing list , a google employee wants to use RethinkDB but he is restricted due to AGPL. There was a good thread about it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact