Major Discussions

[ANNOUNCEMENT] couch-chakra, a CouchDB Query Server Runtime build with ChakraCore (see thread)

Daniel Munch rewrote the Query Server component of CouchDB in ChakraCore, Microsoft’s Open Source JavaScript engine.

ransom note – couchdb exploit / privilege escalation? (see thread)

A heads up on the recent exploits turns into a brief discussion on 3.0.

Releases in the CouchDB Universe

• blue-cot 3.4.1 – Bluebird promise-based CouchDB library with no surprises (in a good way)
• couch-chakra 1.0.0 – CouchDB Query Server Runtime build with ChakraCore
• couch-publication-manager 3.1.0 – CLI to publish to a CouchDB site
• got-couch 1.2.0  – A Got based CouchDB driver/interface
• hapi-couchdb-login 0.3.0 – CouchDB Login plugin for HapiJS.
• relaxo-model 0.5.1 (Ruby Gem) – Relaxo Model provides a framework for business logic on top of Relaxo/CouchDB.
• rest-on-couch 3.4.0 – Interface to CouchDB that allows the control of permissions on the documents

PouchDB

• express-pouchdb 2.2.0 – Express submodule with a CouchDB style REST interface to PouchDB.
• pouch-cli 0.0.1 – A Node.js CLI powered by PouchDB that let you do basic commands on your CouchDB,Cloudant and PouchDB databases.

Opinions and other News in the CouchDB Universe

• [ARTICLE] Attackers start wiping data from CouchDB and Hadoop databases, PCWorld
• [POST] Cloudant and Node.js Made Simple with the silverlining Library, Glynn Bird for IBM Watson Data Lab
• [AUDIO] Apache CouchDB 2.0 – Jan Lehnardt, ApacheCon Seville 2016
• [POST] The compendium of database ransomware, Binary Edge

… and in the PouchDB Universe

• [PULL REQUEST] This PR brings us one step closer to shipping pouchdb-find as a first-party plugin, Nolan Lawson

CouchDB Use Cases, Questions and Answers

Use Case:

• couchdb-otp – Experiment to OTPify CouchDB for embedded use in Erlang applications

Stack Overflow:

• How can I trigger an AWS Lambda in response to CouchDB change events using only AWS?
• CouchDB – requesting _config and _log gives 404
• How to add CouchDB server into Docker creation file
• Can’t access CouchDB on AWS instance using URL

no public answer yet:

• Simple Clojure and CouchDB example for web app
• CouchDB gen_server call timeout during purge
• MyCouch (CouchDB) Visual Studio Basics (Document Deletion and JSON Serialization)

PouchDB Use Cases, Questions and Answers

Stack Overflow:

• How do I query a complex key in PouchDB?
• High frequency updates to PouchDB (Document update conflict)
• Reduce Replication Calls PouchDB/Cloudant
• Angular 2 + OnPush: Change detection does not work on PouchDB callbacks
• How to sync CouchDB from multiple PouchDB in AngularJS?

no public answer yet:

• PouchDB not establishing connection with CouchDB on cloudno in Ember Android application. But works for Web application.
• Remember login data in PouchDB
• PouchDB query returns 401 unauthorized error
• PouchDB to CouchDB replication with authentication header

For more new questions and answers about CouchDB, see these search results and about PouchDB, see these.

Get involved!

If you want to get into working on CouchDB:

• We have an infinite number of open contributor positions on CouchDB. Submit a pull request and join the project!
• Do you want to help us with the work on the new CouchDB website? Get in touch on our new website mailing list and join the website team! – www@couchdb.apache.org
• The CouchDB advocate marketing programme is just getting started. Join us in CouchDB’s Advocate Hub!
• CouchDB has a new wiki. Help us move content from the old to the new one!
• Can you help with Web Design, Development or UX for our Admin Console? No Erlang skills required! – Get in touch with us.
• Do you want to help moving the CouchDB docs translation forward? We’d love to have you in our L10n team! See our current status and languages we’d like to provide CouchDB docs in on this page. If you’d like to help, don’t hesitate to contact the L10n mailing list on l10n@couchdb.apache.org or ping Andy Wenk (awenkhh on IRC).

We’d be happy to welcome you on board!

Events

• February 9, New York (NY), US: Apache CouchDB Developer Day
• February 28 – March 4, San Francisco (CA), US: Forward Swift Web Technology Summit Spring
• March 21, Munich, Germany: React Days 2017
• May 6-7, Berlin, Germany: JSConf Europe
• May 16-18, Miami, Florida: ApacheCon and Apache Big Data

Job opportunities for people with CouchDB skills

• Full Stack Developer, Berlin, London or New York (NY) US
• Integration Developer – Innovation Center, Los Angeles (CA), US
• Python Backend Engineer for Next-Gen Agriculture Data Platform startup, Salt Lake City (UT), US
• Senior PHP Developer (high traffic and real time analysis), Berlin, Germany
• Cloud Software Developer – Innovation Center, Los Angeles (CA), US
• Senior DevOps Engineer, Los Angeles (CA), US
• Software Design Engineer III, Washington, D.C. (US)
• New Platform Architect, Sydney, Australia
• Senior PHP Developer, Berlin, Germany
• SaaS Cloud Engineer, Denver (CO), US/Remote
• Principal Researcher/Software Developer – Sandhu Faculty, Cambridge, UK

Time to relax with some quick videos

• Cute Bunny Jumping Competition!
• The sloths are the best part (but aren’t they always?)
• Jumping baby goats!
• Dog Grooming Expo, The Cute Show.
• Seriously cute alpacas! (Editor’s Note: All of The Cute Show episodes are great. You’ll smile, laugh, and your heart rate will go way down after five minutes.)

… and also in the news

• NASA just made all the scientific research it funds available for free
• How to be a good friend to someone with depression
• Autocracy: Rules for Survival
• Here’s How Google Tracks You – and What You Can Do About It
• The Babysitters Club, or how apps like Seamless and Yelp listen in on our adult lives, then speak to us like children

Dear CouchDB Community,

You may have seen a news item[1] about CouchDB in the past few days. There is a trend of finding unsecured public databases, deleting all the data in them, and asking for a ransom to restore the data. This has been going on with MongoDB for a while, now Hadoop and CouchDB joined the list of affected database products.

One of CouchDB’s design goals is ease-of-use. That lead us to decide on easy to access security defaults for CouchDB. Namely the famous Admin Party (every request is considered coming from an administrator). To make sure this isn’t a security issue, CouchDB by default also only binds to the local loopback network interface 127.0.0.1 and we recommend creating an admin account before making CouchDB accessible from the public.

As far as we can tell for now, the affected CouchDB instances have been in Admin Party mode and publicly accessible. As a result we are reiterating the documented best practice: Do not run CouchDB without an admin account on a public network interface. Make sure to choose a strong password for the admin account.

For CouchDB 2.0 and onwards, we already make the creation of the admin account part of the cluster setup, but users can still choose to ignore this step. For future CouchDB versions (3.x and onwards), we are currently taking steps to make things even more secure by default and make it even harder (if not impossible) to run an insecure CouchDB instance in production.

We are also working with the security researches that are doing widespread investigations into this issue to see if there are any other issues that we can address on the CouchDB side.

If you have any questions, please contact the user’s list user@couchdb.apache.org.

If you want to report an intrusion into a CouchDB instance that you can prove has been secured with an admin account and associated security measures (like TLS), or if you have any other useful information pertaining to this issue, please contact security@couchdb.apache.org, our private security reporting mailing list.

[1]: https://www.bleepingcomputer.com/news/security/database-ransom-attacks-hit-couchdb-and-hadoop-servers/

Jan Lehnardt, Vice President of Apache CouchDB