Couchbase Blog

September 23, 2010

Membase Server Beta 4 is here, with memcached buckets!

We NorthScalers have been hard at work and are proud to release Membase Server Beta 4, our final Beta release ahead of our general availability release. Go and grab it here! In addition to support for 64-bit Windows, we think you'll be particularly excited by a major new feature in the release: memcached buckets! Introducing Memcached Buckets You now can create buckets in your Membase Server cluster that behave exactly like memcached, which means you can use Membase Server as a drop-in replacement for your existing memcached setup. In a single cluster you can now share the resources between memcached buckets and membase buckets. Let's look at the differences between memcached and membase bucket types:

Read more »

September 14, 2010

Membase and RightScale: Elastic Data Scaling in the Cloud

I am very excited that Membase ServerTemplates are now up and running on the RightScale Cloud Management Platform (see today’s announcement). RightScale customers now have easy access to a leading NoSQL database for the first time, and Membase customers can rest easy that when they’re ready to deploy their applications in the cloud they can take advantage of the leading cloud management platform in the industry. For those who may not be familiar with RightScale ServerTemplates, they’re really cool.

Read more »

September 3, 2010

Membase and Open Source 4.0

I read Matt Aslett's (The 451) post on the golden age of open source with interest. In it he describes that we've arrived at the fourth stage of open source, which is ”in short: a return to a focus on collaboration and community, as well as commercial interests."

What we're doing with membase.org definitely falls in line with this description although with a slightly different twist. NorthScale saw the need for a simple, fast, and elastic NoSQL database that we felt wasn’t being met by existing technologies. When it became clear that many prominent companies shared this view and were committed to an open source solution, NorthScale stepped in to shepherd the development of a broad community around the membase.org project. Consistent with Matt Aslett’s description of open source 4.0, the result is a project with an “emphasis on collaboration and community rather than control." While NorthScale has contributed the bulk of the code to the project, our customers Zynga and NHN are co-sponsors of the project who have a strong commitment to its success. This blurring of the line between vendor and customer – the collaboration between two seemingly opposite sides of a transaction – has long set open source apart from the large proprietary vendors who want nothing more than a lock on their customers.

Read more »

August 31, 2010

Implementing Membase Clients

Recently, Attila Kiskó, the author of the best .NET memcached client, the Enyim .NET memcached client, has been enhancing his client library to speak directly to membase data nodes.  Membase already supports all existing memcached client libraries and memcached protocols via a high-performance proxy, but there's a "direct path" that client libraries can use for ever-increased performance.  Along the way, we ended up with a quick guide on the membase.org wiki on how to create your own native or "smart" membase client lib

Read more »

August 30, 2010

NorthScale Membase Server Beta 3 is Here!

I am excited to announce that NorthScale Membase Server 1.6 Beta3 is now available and ready for download. This beta release adds a lot of new functionality and reflects most of what you’ll find in the final product. Highlights include:

  • Windows support
  • Multi-tenancy – allows multiple buckets on a single cluster including bucket quotas
  • “Cluster Overview” as a new monitoring dashboard
  • And lots of small improvements and bug fixes, of course!

Let’s take a look at these features in a bit more detail: Windows support is by far one of the most frequently requested features, and we are very pleased to offer it with this beta release. Beta3 provides 32-bit Windows support, with 64-bit support on the way (Note: The 32bit binary runs just fine on Windows 64-bit but is subject to the 32-bit memory limits). The Windows version provides the same feature set as our Linux version.

Read more »

August 13, 2010

Preview of Membase Beta 3

Hey everyone, Things are moving at the speed of light over here and I wanted to take a second to come up for air. We just had our 7th weekly beta webinar and this week I did a demo/preview (albeit quick) of some of the features and functionality coming in our soon-to-be-released beta 3. Check out the recorded webinar for a sneak-preview and then download the real thing when it's available. Thanks for all the feedback and please keep it coming. P.S.

Read more »

August 10, 2010

Memcached, go-derper, Black Hat and an Amazon Web Services (AWS) Security Bulletin

If you are a user of memcached and have deployed instances on Amazon EC2, you may have received a message from Amazon over the weekend (we received one on 8/7/2010) indicating you may have a “Possible Insecure Memcached Configuration.” Here’s the body of the message we received:

We've sent you this email to let you know that we have observed that you may be running memcached in an insecure configuration. Specifically, we have noticed that you have at least one security group that allows the whole internet to have access to the port most commonly used by memcached (11211).

There has been a lot of recent attention by the security community about the lack of access controls on memcached and recently some exploits have been published. This has highlighted the importance of running with strict access controls. While we are not aware of any unauthorized access to your Amazon EC2 instances, we do believe you should have your technical team look at this immediately.

We suggest that you audit your security group settings and restrict access to only the instances and IP addresses that need access. Most users only authorize other Amazon EC2 instances to access their memcached server. If you need to access your memcached server from outside of Amazon EC2, you can also authorize just trusted addresses to access your security group.

If you need additional assistance, you can reach our Premium Support team by sending email to aws-security-support@amazon.com.

Regards,
The Amazon Web Services Team

Great email and service from the AWS team, and the suggested fix is spot on.

This posting is meant to provide some background on the issue and the alluded to “recent attention” the issue has received. The issue is relevant to all users of memcached, not just those deploying on Amazon EC2.

The vulnerability
The genesis of this bulletin was almost certainly the result of the development of go-derper by the team at sensepost, highlighted at the blackhat USA 2010 conference on July 30, 2010.

The highlighted vulnerability can be summarized as: if you deploy memcached on a server, leave the TCP port on which memcached is configured to listen (11211, by default) exposed to the Internet, leave the memcached ASCII protocol enabled, AND you are not using SASL authentication with the memcached binary protocol, then there is a trivial way for Bad Guys to retrieve and replace most of the contents of your cache. go-derper.rb is a simple Ruby application, built by sensepost, that can be used to exploit the vulnerability.

Eliminating the vulnerability
Let’s examine the vulnerability, clause-by-clause, and highlight what can be done to eliminate it, starting at the top:

Read more »

August 7, 2010

Memcached security

Memcached security is a hot topic since the sensepost guys released go-derper at blackhat.

The presentation was pretty good and informative, but it seems like the hype around it has left a bunch of people confused. Although much of this was covered in the presentation, it needs to be restated as much as possible.

Read more »

August 2, 2010

Membase Server – We’re Making Great Progress

It seems like just yesterday we posted the bits for Beta 1 for Membase Server, but in fact it was over a month ago and since then we’ve demo’d Membase at a number of events and have had literally hundreds of conversations with users, customers, partners and anyone else interested in NoSQL solutions. It’s been a whirlwind (in a good way!) of activity and I wanted to personally thank everyone who’s been involved and provided feedback. Being the beta program manager, I wanted to touch specifically on the last month as it relates to the beta program at large:

Read more »

July 27, 2010

membase at OSCON 2010

Last week was very busy.  We at NorthScale had the release of beta 2 of membase followed by membase's presence at a second conference.  Though we'd already launched the project, OSCON was a great platform to get into further detail about membase itself, the project behind it, what's in the roadmap and how other folks can get involved.

Read more »