Weeknotes 2026.08

What a week. It went by quite fast.

A colleague of mine had her birthday this week. She claims she always turns 25 on her birthday. So we decided to give her a special birthday card that she can now use every year. And if she decides that she is getting older, she can turn the wheel on the side to change her age.

On Friday the winter came back and caused chaos. At least for the kids it was positive. They had some snow to play with on the last day of the holidays.

Content:

• Story of the week
• Postgres and the world of data
• Security and Privacy
• AI
• Around the world

Story of the week

The story of the week shows how not to handle a security vulnerability as a company. Yannick Dixken found a vulnerability in a portal of a major diving insurer. Instead of acknowledgement, the insurer responded with a legal threat.

I found a Vulnerability. They found a Lawyer.

Postgres and the world of data

Postgres 8KB page explained

Radim Marek has written a fantastic in-depth article about the Postgres pages.

Inside PostgreSQL's 8KB Page

Out-of-cycle Postgres release

I mentioned in the last weeknotes the release of the minor Postgres versions. Due to a regression, this week was an out-of-cycle release announced.

• Out-of-cycle release scheduled for February 26, 2026
• PostgreSQL minor release postponed in Q1’ 2026

Redis vs Valkey

Andrew Baker has written about the differences between Redis and Valkey. Although Valkey is a fork of Redis, of the past 18 months, the technical foundation diverged.

Redis vs Valkey: A Deep Dive for Enterprise Architects

New era for MySQL

Oracle presented a clear vision for the future of MySQL and promised a new era. I guess a lot of people will be sceptical about this, but we will see what the future will bring for MySQL.

Oracle vows 'new era' for MySQL as users sharpen their forks

Postgres Release Monitor

• PostgreSQL Anonymizer 3.0 : Parallel Static Masking + JSON import / export
• postgres_dba 7.0 — 34 diagnostic reports for psql
• pgdsat version 1.2 has been released
• pg_clickhouse v0.1.4

Security and Privacy

Digital Sovereignty

Coinerella shared how they ditched AWS and switched to some EU providers. But it was not as easy as they thought it would be. After all, they use more providers, but it is cheaper than the AWS-Stack.

"Made in EU" - it was harder than I thought.

According to the POLITICO article, the European Parliament has disabled AI features on the work devices. There are concerns about data protection and cybersecurity.

EU Parliament blocks AI tools over cyber, privacy fears

Privacy nightmare Ring and Nest

Glenn Greenwald has a writeup about the privacy nightmare of the Ring and Nest cameras. As a result of the public backslash, Amazon's Ring terminated the partnership with Flock. Flock provided the Ring images to law enforcement agencies.

And Google's Nest saved the images, even when the customer didn't have a subscription. Therefore, the customer wasn't able to access the images, but Google could.

Amazon's Ring and Google's Nest Unwittingly Reveal the Severity of the U.S. Surveillance State

Password manager

Researchers from the ETH Zürich showed that the zero-knowledge promis is not necessarily true. They analyzed three password managers and found flaws in their design. Most of the vulnerabilities are related to features that need to be activated, for example, when sharing vaults.

Password managers’ promise that they can’t see your vaults isn’t always true

Smart home security nightmare

Another security nightmare appeared this week. The new DJI Romo vacuum was remotely accessible, allowing unauthorized access to thousands of devices.

The DJI Romo robovac had security so poor, this man remotely accessed thousands of them

Data breach ticker

• Attackers breach France’s national bank account database
• Data breach at fintech firm Figure affects nearly 1 million accounts
• Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant
• Over 500,000 VKontakte accounts hijacked through malicious Chrome extensions
• Leading Japanese semiconductor supplier responding to ransomware attack
• PayPal discloses data breach that exposed user info for 6 months

AI

Anthropic C compiler

Steven J. Vaughan-Nichols is not impressed by the C compiler Anthropic's AI built. He claims that it is not that impressive because there are gold-standard reference compilers that Anthropic's Claude was trained on. And after all, the compiler was only able to build certain programs. Some "Hello World"-programs failed to compile.

Apparently compiling hello world exactly as the README says to is an unfair expectation of the software.

OK, so Anthropic's AI built a C compiler. That don't impress me much

xAI and Grok

A couple of weeks ago, I wrote about the disgusting Grok behavior (see: Weeknotes 2026.02). Finally, the EU started a large-scale investigation over AI-generated non-consensual sexual imagery.

EU launches probe into xAI over sexualized images

AI found OpenSSL bugs

Stanislav Fort has written about the process regarding the discovery of OpenSSL vulnerabilities.

AI found 12 of 12 OpenSSL zero-days (while curl cancelled its bug bounty)

Around the world

Gold bars to fix water system

The BBC has a writeup about a mysterious donation. An anonymous donor gave the City of Osaka $3.6 million in gold bars to fix the aging water system.

Mystery donor gives Japanese city $3.6m in gold bars to fix water system