Weeknotes 2026.11

It was a quite successful week. We finally managed to migrate a legacy project to a dbt-based approach. The tests are looking very promising.

Instead of one giant SQL file containing a lot of inserts, updates and deletes, we now have a model for every step. We also included the first automatic tests.

Next week we will start testing the output of the dbt-based approach a little bit deeper. Hopefully, the results will be as promising as the first tests.

Besides that, I had my first lesson in building ballon animals. I honestly thought it would be easier, but at least I created the first simple dogs.

Content:

• Story of the week
• Postgres and the world of data
• Security and Privacy
• AI
• Around the world

Story of the week

Bruce Momjian published a nice blog post about why he thinks MySQL is on the decline. And I can agree with him. The project was never really an open source project. There was always a single company behind it.

He thinks that is the main reason why MySQL never developed a strong development community. That is the big difference compared to Postgres. Postgres has a strong community, and I've the feeling the people care more about the project than about their own employers.

The MySQL Shadow

Postgres and the world of data

Just use Postgres?

Sometimes it is impressive what people are able to do with Postgres. I am not sure that it is always a good idea. But it seems like you can store git repositories in Postgres. There is an extension called Gitgres.

Just Use Postgres

Work Mem

Lætitia Avrot published an interesting article about the work_mem setting how a query could eat up an insane amount of memory.

work_mem: it's a trap!

DuckDB

DuckDB announced this week the release of version 1.5.0. And they tested the new Apple MacBook Neo and wanted to see how it performs with DuckDB. The answer is quite good.

• Announcing DuckDB 1.5.0
• Big Data on the Cheapest MacBook

Postgres Release Monitor

• DB9 - Postgres but for agents
• Introducing pg_duckpipe: Real-Time CDC for Your Lakehouse

Security and Privacy

CrackArmor

Qualys published a blog post about their discovery of nine vulnerabilities in AppArmor. The vulnerabilities allow privilege escalation and breaking the container isolation.

CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root

SQL injection discovered by AI

Codewalls AI agent discovered a SQL injection vulnerability in the AI platform of McKinsey. A SQL injection is 2026 is really bad. But I guess the SQL injections will be around for some more time.

How We Hacked McKinsey's AI Platform

Coruna exploit

I mentioned the Coruna exploit last week. This week I have to recommend an incredible deep dive into the Coruna exploit.

A ridiculously deep dive into the Coruna Exploits

Containers

Luca Cavallin has a fantastic writeup about containers and their security. I recently had a discussion where a younger colleague explained to me that it is all easy these days because you just put your app in a container and everything is fine. All I answered was nope. But I guess he is not the only one who thinks that. Therefore, it is good to have writups like this.

Containers Are Not Automatically Secure

Data breach ticker

• Medical device giant Stryker confirms cyberattack as employees say devices were wiped
• Iran-linked hackers claim cyberattack on Albania’s parliament email systems
• 235,000 affected by cyberattack on largest ambulance provider in Wisconsin
• Canadian retail giant Loblaw notifies customers of data breach
• Telus Digital confirms breach after hacker claims 1 petabyte data theft
• Starbucks discloses data breach affecting hundreds of employees
• Poland's nuclear research centre targeted by cyberattack
• Ericsson US discloses data breach after service provider hack

AI

Google Maps

An update for Google Maps was announced. Of course with a lot of AI.

Google Maps gets its biggest navigation redesign in a decade, plus more AI

AMI Labs

Former Meta employee and Turing Award winner Yann LeCun raised $1.03 billion to build world models.

Yann LeCun’s AMI Labs raises $1.03B to build world models

Amazon and AI

There are two reports about AI at Amazon this week.

After a couple of incidents, new AI-assisted code needs a review by senior engineers.

After outages, Amazon to make senior engineers sign off on AI-assisted changes

Some Amazon employees told The Guardian that AI is just increasing their workload. Some of the tools were described as "half-baked".

The claims are backed by a workforce analytics company named ActivTrak.

“The data is unambiguous: AI does not reduce workloads,” the researchers wrote in a report.

Amazon Employees Say AI Is Just Increasing Workload. A New Study Confirms Their Suspicions

Around the world

Glaciers in Austria

The newest data about glaciers in Austria shows that more or less all of them are getting smaller. The researchers expect around 150 to 200 additional lakes to form from the meltwater.

Gletscher schwinden nicht mehr, sie zerfallen