Weeknotes 2026.09 and 2026.10
Posted on So 08 März 2026 in Blog
I guess it is the first ever double header of the weeknotes. Last week, I already prepared some parts of the weeknotes edition for 2026.09 and went on Saturday to the skiing trip of our company. Every year we have the same bar for dinner after a day of fun in the snow. This year, it was an extremely terrible experience.
The location booked a DJ who played all those terrible apres ski songs. I don't get why anyone enjoys such music. My coworkers made fun of me because it was quite obvious that I was stressed by the music.
Long story short, on Sunday I was quite exhausted and wasn't able to finish the weeknotes edition.
From Monday on I had to prepare a presentation at work, and this preparation forced quite long days at work. And on Wednesday a coworker, at least for us, surprisingly had to go to the hospital. That was shocking news.
She will be on sick-leave for some time, so we had to rearrange some projects. Regarding the circumstances, thankfully, to my knowledge, she is doing fine. Hope she will be back soon.
Last but not least, the father of another coworker died.
Besides the sad events at work, a lot of things happened in the last two weeks. It is an edition packed with great content and it is obviously a pretty long read.
QGIS 4.0 was released. Hugh shoutout to the whole QGIS team for this release.
Content:
Story of the week
2026.10 - People love complexity
At least for promotion. Some time ago I wrote a German posting about complexity in IT and it is obviously still the same. Matheus Lima wrote in his blog, that nobody gets promoted for simplicity. And that is probably true. Although simplicity pays off in the long run.
Nobody Gets Promoted for Simplicity
2026.09 - Joins and Locks
Haki Benita wrote Row Locks With Joins Can Produce Surprising Results in PostgreSQL and shows how row locks and joins can produce surprising results.
Postgres and the world of data
Random I/O
Tomas Vondra wrote about The real cost of random I/O.
Postgres has a parameter random_page_cost and this parameter is set to 4.0 by default.
He made some experiments how and shows it is not that easy.
As usual.
pg_plan_advice
Robert Haas wrote a patch for three new contrib modules: pg_plan_advice, pg_collect_advice, and pg_stash_advice. It allows generating advice for query plans. Let's see if these new modules will make it into Postgres 19.
pg_plan_advice: Plan Stability and User Planner Control for PostgreSQL?
Rust and Postgres
Sylvain Kerkour wrote Using Rust and Postgres for everything: patterns learned over the years and explains why he thinks Rust and Postgres are an incredible combo.
Choosing Rust and Postgres is above all choosing simplicity and sustainability which directly translates to costs saving and operational agility.
TOAST and JSONB
Paul Ramsey wrote about the performance implications of JSONB and TOAST.
Postgres JSONB Columns and TOAST: A Performance Guide
Partition really huge tables
Tines wrote about partitioned their 17 TB table. They had to choose between different partitioning strategies and wrote that it wasn't easy to find the right strategy without regression in perfomance.
Futureproofing Tines: Partitioning a 17TB table in PostgreSQL
Postgres release
As mentioned in Weeknotes 2026.08 there was an out-of-cycle release: PostgreSQL 18.3, 17.9, 16.13, 15.17, and 14.22 Released!
Prevent a distributed system nightmare?
Lucas Andrade made the website youjustneedpostgres.com where he claims that Postgres can prevent you from a distributed system nightmare. As mentioned in Weeknotes 2026.06 I don't think it is that simple.
Postgres Release Monitor
- credcheck v4.6 has been released
- pgvector 0.8.2 Released
- PostgresCompare 1.1.104 Released
- Pgpool-II 4.7.1, 4.6.6, 4.5.11, 4.4.16 and 4.3.19 are now officially released.
- pgAdmin 4 v9.13 Released
- Autobase 2.6.0 released
- Pg_QoS v1.0.0 stable release is out!
- pgdsat version 2.0 has been released
Security and Privacy
Smart glasses are the privacy nightmare that you would expect
The Svenska Dagbladet published a story about smart glasses, and they show what the workers behind the Meta glasses see. The workers are based in Nairobi, Kenya, and they are telling a story of a privacy nightmare.
She Came Out of the Bathroom Naked, Employee Says
GrapheneOS partners with Motorola
Motorola and GrapheneOS are working together.
Leaving Google behind
The blog post shows that living outside the Google ecosystem is possible. At least somehow. In my experience, it's almost impossible to totally avoid Google, but I guess it is from a competition perspective a good thing to use alternatives from time to time.
Leaving Google has actively improved my life
iOS Exploit Kit
Google Threat Intelligence published an article about an iOS Exploit Kit named Coruna. It was probably developed by a state actor, because the the exploit chain is higly sophisticated and probably took millions to develop.
- Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
- Kaspersky dismisses claims Coruna iPhone exploit kit is connected to NSA-linked operation
Google API Keys
According to a blog post by Truffle Security, public Google API keys can be used to access private Gemini endpoints.
Google API Keys Weren't Secrets. But then Gemini Changed the Rules.
Keepass
Mohammed Ketab wrote about why he thinks that it would be better if Keepass uses SQLite: Why the KeePass format should be based on SQLite
Data breach ticker
- Cognizant TriZetto breach exposes health data of 3.4 million patients
- LexisNexis says hackers accessed legacy data in contained breach
- University of Hawaiʻi Cancer Center confirms data leak following ransomware attack
- Air Côte d'Ivoire confirms cyberattack following ransomware claims
- brillen.de: Customer data surfaced on the darknet after renewed attack
- Health insurance tech provider TriZetto says more than 3 million impacted by 2024 breach
- Olympique Marseille confirms 'attempted' cyberattack after data leak
- Chinese cyberspies breached dozens of telecom firms, govt agencies
- European DYI chain ManoMano data breach impacts 38 million customers
AI
LLMs can unmask pseudonymity
Dan Goodin wrote about a published research paper that deanonymizes user with the use of LLMs.
LLMs can unmask pseudonymous users at scale with surprising accuracy
Insane
OpenAI raised $110B: OpenAI raises $110B in one of the largest private funding rounds in history.
Shortly after that, they signed an agreement with the Department of War: Our agreement with the Department of War.
OpenAI signed after Pete Hegseth had some issues with Anthropic: Statement on the comments from Secretary of War Pete Hegseth.
And Benedict Evans asked himself: How will OpenAI compete?
Hardening Firefox
The Anthropic Red Team used Claude to find bugs in the Firefox code base. They found more than a dozen bugs.
- Hardening Firefox with Anthropic’s Red Team
- Firefox taps Anthropic AI bug hunter, but rancid RAM still flipping bits
The Firefox team also published a blog post about a new feature: Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148
The future of software engineering
Sean Goedecke isn't sure that his job will still exist in 10 years. The reason is the evolving capabilities of AI agents.
I don't know if my job will still exist in ten years
Around the world
QGIS 4 released
The QGIS project announced the release of QGIS 4.0.
Infrastructure
Mikael Lirbank published a post about infrastructure planning. He tested what matters more: proximity or provider boundaries.
Liberate yourself from infrastructure over-planning
Stable gigabit connection to satellites
The ESA announced that they archived a gigabit connection between an aircraf and a satellite 36 000 km above the earth. Shortly after that, the Institute of Optoelectronics in China claimed, they achieved a connection to a satellite 40 000 km above the earth.
European Space Agency and China both achieve gigabit links to geostationary satellites
Croatia is free of landmines
Good news is coming from Croatia. It was officially announced that Croatia is free of landmines after 31 years.