Weeknotes 2026.13

The supply chain attacks evolved this week. More and more projects are breached. It seems like Trivy was just the beginning.

Google published the M-Trends 2026 Report. As usual, it is an interesting read.

At work, we had a premiere. The first time two coworkers gave a little concert for us. The singer had an incredibly wonderful voice. I guess all of us enjoyed the time.

Next week will be a short one. In Austria, we have Easter holidays and therefore the week will end for our company on Thursday.

Content:

• Story of the week
• Postgres and the world of data
• Security and Privacy
• AI
• Around the world

Story of the week

Vignesh Ravichandran wrote about why he thinks Apache Iceberg shifted the world towards Postgres.

When storage lives in open formats on object storage and Postgres can write to it directly, the warehouse becomes one query engine among many.

Postgres Is the Gateway Drug

Postgres and the world of data

pg_plan_advice

A couple of weeks ago I mentioned the pg_plan_advice contrib module. Depesz wrote about the module and how it can be used. And how you could shoot yourself in the foot.

Waiting for PostgreSQL 19 – Add pg_plan_advice contrib module.

Query optimization

Maxim Boguk and Nikolay Samokhvalov wrote a blog post about how moving one word can speed up a Postgres query.

How moving one word can speed up a query 10–50x

Database Traffic Control

Planetscale introduced database traffic control for Postgres databases.

Introducing Database Traffic Control

Postgres Release Monitor

• Greenmask 0.2.9 - 0.2.17 Releases

Security and Privacy

Supply chain attacks

I mentioned the trivy breach last week. It seems like the same people, TeamPCP, breached this week some other projects:

• KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack
• Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign
• Telnyx Python SDK: Supply Chain Security Notice

In her writeup 1K+ cloud environments infected following Trivy supply chain attack, Jessica Lyons took a look at the impact of the supply chain attack. And it is as bad as you would expect. According to the Mandiant CTO Charles Carmakal cited in the article, already over 1.000 SaaS companies were affected.

Catalin Cimpanu wrote about problems on GitHub: Risky Bulletin: GitHub is starting to have a real malware problem

Digital sovereignty

According to The Reg article Digital euro goes full sovereignty mode, US cloud giants not on guest list, the ECB only European cloud providers got a contract for parts of the digital euro components: OVH and Scaleway. It may be a first step in the right direction.

Gartner VP analyst Nader Henein told us the ECB and other European institutions are going to have to lead by example if the EU wants digital sovereignty.

The European Commission is dealing with a breach: European Commission investigating breach after Amazon cloud account hack

Email Hack

It was a bad week for the director of the FBI, Kash Patel. Iran-linked hackers broke into his personal email account and published photos and documents.

• DOJ confirms FBI Director Kash Patel’s personal email was hacked
• Iran-linked hackers breach FBI director's personal email, publish photos and documents

Data breach ticker

• Hacker walks away with $24.5 million after breaching Resolv DeFi platform
• Education company Kaplan reports data breach impacting more than 230,000
• California-based semiconductor testing company reports ransomware attack to SEC
• Dutch Finance Ministry probing cyber breach affecting internal systems
• Dutch Police discloses security breach after phishing attack
• Ajax football club hack exposed fan data, enabled ticket hijack

AI

CERN

An impressive article about how the CERN handles the data coming out of the Large Hadron Collider (LHC): CERN Uses Tiny AI Models Burned into Silicon for Real-Time LHC Data Filtering

Anthropic

In a previous edition, I mentioned that Anthropic has some issues with the Department of War and Pete Hegseth. AJ Dellinger reported that Emil Michael, the Pentagon’s Chief Technology Officer, owns a couple of million in Perplexity stock and served as an advisor for Tools for Humanity, a company run by Sam Altman. I guess it is all just a coincidence ;-)

Pentagon’s Biggest Champion of Blacklisting Anthropic Has a Few Million Reasons for His Stance

Around the world

People get promoted for simplicity

Some time ago I mentioned an article about complexity Nobody get promoted for Simplicity. Sean Goedcke sees the situation a little bit different. He makes the argument that people are measured by their output because it is the only measure managers have. Therefore, if you build a simpler solution, it is usually faster, and a developer can complete more tasks and be more productive.

Engineers do get promoted for writing simple code

Play Doom in the browser

Niels Leenheer did something completely crazy and wrote about it. He used CSS to render Doom in the browser. That is really cool. And crazy.

CSS is DOOMed

Quantum computing

According to the Guardian, Google sees quite a lot of progress in quantum computing. Therefore, post-quantum cryptography migration is necessary and should be prioritized.

Google warns quantum computers could hack encrypted systems by 2029