Weeknotes 2026.01

The first days of 2026 are here and I expected that it would be not that busy. Mongobleed is already under active exploitation and the 39C3 congress had some interesting talks. All in all, it wasn't as quiet as you would expect.

I played around with a new import model for osm2pgsql, but that is a whole different story.

Content:

• Story of the week
• Postgres and the world of data
• Security and Privacy
• AI
• Around the world

Story of the week

The story of the week is a very long and interesting read about the Nexperia situation: Nexperia in no-man’s-land: how a chip company became caught between two world powers

Postgres and the world of data

Improvements in OpenStreetMap imports

Ryan Lambert writes about Improved Quality in OpenStreetMap Road Network for pgRouting and how he compared it to the previous version.

Who is drinking beer together?

Taras Kloba has looked into how to use Postgres as a graph database. He compared pure SQL queries with Apache AGE and pgRouting.

PostgreSQL as a Graph Database: Who Grabbed a Beer Together?

Postgres Recovery Internals

Imran Zaheer has written about the internals of PostgreSQL recovery in his post PostgreSQL Recovery Internals and explains which role the Write-Ahead Logging plays.

Postgres Release Monitor

• pgBadger v13.2 released
• pgSCV 0.15.1 released!

Security and Privacy

mongobleed

I mentioned mongobleed already last week and it seems like it is now under active exploitation. The Austrian derStandard has an article about the chaos at Ubisoft: "Mongobleed": Massiver Cyberangriff stürzte Ubisoft ins Chaos.

The Hacker News article MongoDB Vulnerability CVE-2025-14847 Under Active Exploitation Worldwide mentions it is already under active exploitation.

And CISA added it to the Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Digital sovereignty

According to the article Europe's cloud challenge: Building an Airbus for the digital age Catherine Jestin is hoping that there will be a political decision to create a European cloud provider like they did it with Airbus in the aerospace.

In a blog post Max showed how he moved everything to an EU stack, and he claims he actually saved money: Bye Bye Big Tech: How I Migrated to an almost All-EU Stack (and saved 500€ per year)

Fun with old government domains

At the 39C3 talk Verlorene Domains, offene Türen Tim Philipp Schäfers showed what happens when you buy an old and unused government domain. It is a fantastic talk that shows one more time how difficult it is to keep track of who is talking to whom.

Data breach ticker

• Covenant Health says May data breach impacted nearly 478,000 patients
• European Space Agency confirms breach of "external servers"
• Hacker claims to leak WIRED database with 2.3 million records
• 700Credit data breach exposes SSNs of 5.8M consumers

AI

The year in LLMs

Simon Willison has an incredible writeup about the year in LLMs: 2025: The year in LLMs.

Disgusting Grok

This week showed that Grok and X have a huge Problem. According to Sean Goedecke Grok spams X-Timelines with a lot of deepfake images of women. And The Record had an article that Grok created sexually explicit images of a minor and that European regulators now might act.

Around the world

Windows Apps and openSUSE

There is a nice writeup about how to use Windows Apps on openSUSE: Seamless Windows Apps on openSUSE with WinBoat.

Gigantic solar park

China opens a gigantic solar park in the sea.

China bringt gigantischen Solarpark im Meer ans Netz