Weeknotes 2026.23

Posted on So 07 Juni 2026 in Blog

Another short week here in Austria. That usually means a couple of intense days.

We were evaluating a new Software. So I downloaded the latest container image and started it. We wanted to authenticate against our Keycloak server, but it didn't work.

I was already starting to feel a little desperate, because no matter what I changed in the config, it didn't work. But luckily, I found an open GitHub issue, and it seems the current version ignores changes to the config. Afterward, I used a previous version of the container image, and everything worked.

Not a good solution for production, but for evaluating the software, it is a good start.

Besides that, the first beta version of Postgres 19 was released. Happy testing.

Content:

Story of the week

Lætitia Avrot wrote about the Postgres review process and the lack of reviewers. There are way more patches than people are able to review them. So there is always a patch waiting for a reviewer.

A Reviewer Was Born

Postgres and the world of data

Postgres 19 Beta 1 released

This week it was announced that Postgres 19 Beta 1 has been released. Any tests are welcome. That is the reason Andrew Atkinson published a blog post about testing Postgres with containers.

Graph queries in Postgres 19

Postgres 19 will introduce SQL/PGQ, a feature that allows graph queries to run directly in Postgres. This week, two articles focusing on this feature were published.

Supabase

Supabase announced a Series F funding round with an insane (?) $10B pre-money valuation. They also announced Multigres Alpha. It is framed by Supabase as an operating system for Postgres.

Postgres Release Monitor

Security and Privacy

Red Hat Packages got compromised

Another week, another successful supply chain attack. This week official Red Hat NPM accounts got compromised and their packages were backdoored.

Mullvad

Last week I mentioned the audit report of Proton. This week Mullvad published a report about their Android App. According to the report, there have only been minor issues.

And Mullvad also published an article about their opinion on age verification. I am on their side that it is a little bit problematic, how age verification works. Zero-Knowledge Proof could be the answer.

HTTP/2 Bomb

A new HTTP/2 attack was published this week. A single machine can take down a web server within seconds.

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute

Container images

Kate Holterhoff wrote about the rising of hardened container images. Containers were created to simplify the deployment of applications. That is probably the reason why the security aspect of containers was not so important for many years, but the recent supply chain attacks have changed that.

Why Hardened Images are Suddenly Everywhere

Data breach ticker

AI

Google Gemma 4 12B

This week Google released a new AI model called Gemma 4 12B. The model is efficient enough to run on Laptops with 16 GB of RAM.

Google’s new Gemma 4 12B model is designed to run on any laptop with 16GB of RAM

Junior hiring is down 40%

Filipe Brito Ferreira wrote about the dangerous trend of not hiring juniors. There will be no seniors in 2031. Managers have the argument of AI for not hiring juniors and cutting the costs, but it is probably a dangerous trajectory for the years to come.

No Juniors Today, No Seniors in 2031

Meta and the helpful AI bot

With the help of the Meta AI support assistant, it was possible to take over Instagram accounts. Even when MFA was enabled.

Around the world

Dutch children are the happiest in the world

According to the Unicef child wellbeing index the Dutch children are the happiest in the world. Congratulations! :-)

Dutch kids declared the world’s happiest (again). Here’s why

Postgres Security AI 2026