Wochennotiz 2025.32
Posted on So 10 August 2025 in Blog
Manchmal hat man Knoten im Gehirn. Dann grübelt man über mögliche Lösungswege. Wie kann man X machen? Oder Y optimieren?
Diese Woche gab es wieder so einen Fall.
Es ging einerseits, wie man in einem dbt-Projekt foreign tables gut dokumentieren kann und auch wie man die data lineage-Diagramme miteinander kombinieren kann.
Andrerseits ging es auch darum, wie man seeds in dbt dynamisch einlesen kann.
Gegen Ende der Woche hatten wir, nach einigen Diskussionen, eine zufriedenstellende Lösung. Und da merkt man dann das Hochgefühl, wenn sich die Knoten im Gehirn wieder auflösen.
Inhalt:
Postgres und die Datenwelt
Postgres und der StackOverflow Developer Survey
Sarah Conway reflektiert, warum Postgres das dritte Mal in Serie die most desired database im StackOverflow Developer Survey geworden ist.
Zuerst einmal die Zahlen:
The survey results show that PostgreSQL is ranked the highest among all database technologies for developers that want to use it in the next year (47%) or have used it this year and want to continue using it next year (66%) for the third year in a row.
Sarah nennt unter anderem folgende Gründe:
The PostgreSQL project represents the best of what community-driven development can achieve. With over 400 code contributors across more than 140 supporting companies, the project boasts over 55,000 commits and more than 1.6 million lines of carefully crafted code. This diverse, globally distributed approach to development results in more thorough testing, faster bug fixes, and more innovative features than traditional commercial development models typically achieve.
Most Desired Database Three Years Running: PostgreSQL's Developer Appeal
Vertical Clustered Index
Aya Iwata schreibt in ihrem Beitrag A journey toward the Columnar Data Store sowohl über ihre Erfahrungen bei der pgconf.dev, als auch über Vertical Clustered Index (VCI).
Specifically, I explained implementation ideas for achieving columnar search capabilities while maintaining update speeds, presented performance measurement results, and outlined features that require future development and consideration within the community.
Aber was ist VCI:
VCI achieves high-speed data retrieval using a columnar store while maintaining update performance by combining two storage structures: Write Optimized Storage (WOS) specialized for writing and Read Optimized Storage (ROS) for the columnar store part.
Postgres Community
Xata hat Elly Phneah interviewt, die das erste Treffen der Malmö Postgres User Group (mit)organisiert hat. Wie breit die Talks bei Postgres-Konferenzen mittlerweile sind, sieht man auch an ihrem Hinweis für den pgDay Napoli 2025:
The science behind why people stick around is fascinating—something I'm exploring deeper in my upcoming talk "Postgres People: The Neuroscience of Why We Stick Around" at pgDay Napoli 2025. Research shows that sustained community engagement comes from three key factors: psychological safety, meaningful connections, and consistent value delivery. When people feel safe to be vulnerable, make genuine connections, and consistently gain value, they become long-term community members.
Postgres in Malmö: Powered by Elly Phneah
Postgres Release Monitor
- pgNow v1.0.0 Released – Free Fast PostgreSQL monitoring and diagnostics
- pg_exporter v1.0.0 Released – Next-Level PG Observability
- Pigsty 3.6, the meta-distribution for PostgreSQL
Security und Privacy
Saleforce-Accounts kompromittiert
Diese Woche sind mehrere Accounts von Salesforce-Kunden kompromittiert worden. Getroffen hat es dabei auch Google. Siehe Google says hackers stole its customers’ data by breaching its Salesforce database
In a blog post late on Tuesday, Google Threat Intelligence Group said one of its Salesforce database systems, used to store contact information and related notes for small and medium-sized businesses, was breached by a hacking group popularly known as ShinyHunters, formally designated as UNC6040.
Aber es hat auch einige andere Firmen diese Woche getroffen:
- Fashion giant Chanel hit in wave of Salesforce data theft attacks
- Pandora confirms data breach amid ongoing Salesforce data theft attacks
Microsoft Active Directory
Mit dem Active Directory gibt es wieder einmal Herausforderungen.
Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange to the cloud.
While this latest security flaw, tracked as CVE-2025-53786, isn't under attack (yet), Microsoft deems "exploitation more likely," and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that the CVE can lead to "hybrid cloud and on-premises total domain compromise."
Microsoft, CISA warn yet another Exchange server bug can lead to 'total domain compromise'
Data breach ticker
- Columbia University data breach impacts nearly 870,000 individuals
- PBS confirms data breach after employee info leaked on Discord servers
- Cisco discloses data breach impacting Cisco.com user accounts
- Cyberattack hits France’s third-largest mobile operator, millions of customers affected
- KLM, Air France latest major organizations looted for customer data
- Dialysis company DaVita says more than 900,000 people affected by April ransomware attack
AI
GPT-5
GPT-5 wurde diese Woche veröffentlicht. Simon Willison hatte die Möglichkeit GPT-5 schon vorab zu testen:
I’ve mainly explored full GPT-5. My verdict: it’s just good at stuff. It doesn’t feel like a dramatic leap ahead from other LLMs but it exudes competence—it rarely messes up, and frequently impresses me. I’ve found it to be a very sensible default for everything that I want to do. At no point have I found myself wanting to re-run a prompt against a different model to try and get a better result.
Auch mit seinem Standard-Test, einem Pelikan auf einem Fahrrad, ist er zufrieden:
It’s pretty great! Definitely recognizable as a pelican, and one of the best bicycles I’ve seen yet.
GPT-5: Key characteristics, pricing and model card
Aber auch bei Google hat sich diese Woche etwas getan. Einerseits wurde Genie 3 veröffentlicht. Dabei handelt es sich um ein durchaus beeindruckendes Welt-Modell:
Given a text prompt, Genie 3 can generate dynamic worlds that you can navigate in real time at 24 frames per second, retaining consistency for a few minutes at a resolution of 720p.
Aber auch hinsichtlich der AI-Summaries bei Sucherergebnissen hat man sich zu Wort gemeldet (Google search boss says AI isn’t killing search clicks):
Google has often bristled at the implication that its obsession with AI search is harming web traffic, and now search head Liz Reid has penned a blog post on the topic. According to Reid, clicks aren't declining, AI is driving more searches, and everything is fine on the Internet. But despite the optimistic tone, the post stops short of providing any actual data to back up those claims.
Und vom Project Zero in Zusammenarbeit mit DeepMind wurde verlautbart mit hilfe von LLMs wurden 20 Securityprobleme in Open-Source-Projekten entdeckt:
Heather Adkins, Google’s vice president of security, announced Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software.
Und es soll auch alles automatisiert gefunden worden sein:
“To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention,” Google’s spokesperson Kimberly Samra told TechCrunch.
Google says its AI-based bug hunter found 20 security vulnerabilities
Apple
Im Bericht Will Apple buy Mistral? wird spekuliert, ob Apple Mistral kaufen könnte.
“Mistral's efficient, open-weight models align with Apple's on-device privacy focus, potentially accelerating Apple Intelligence upgrades,” Andreas Riegler, founding general partner at Apex Ventures. “It would secure top European talent and help counter rivals like Microsoft and OpenAI.”
Diverses
Staan wurde von Ecosia und Qwant veröffentlicht
Ecosia und Qwant haben letztes Jahr (siehe Wochennotiz 49) einen gemeinsamen Suchindex angekündigt. Der wurde diese Woche der Öffentlichkeit vorgestellt: Staan
Bei Techcrunch wurde erwähnt, dass die Kosten gegenüber Bing auch wesentlich geringer sein sollen:
“If you’re using ChatGPT or any other AI chatbot, they all do knowledge grounding with web search … our index can power deep research and AI summary features. Google and Bing’s solutions are also pricey, and our index can offer power search features at a tenth of the cost,” Christian Kroll, CEO of Ecosia, told TechCrunch.
Qwant and Ecosia debut Staan, a European search index that aims to take on Big Tech
Debian 13 veröffentlicht
Debian 13 ("trixie") wurde veröffentlicht.
The Debian Project has released its latest stable version, Debian 13 ("trixie"), which will be supported through 2030. This release includes GNOME 48, KDE Plasma 6.3, Xfce 4.20, Linux 6.12, GCC 14.2, Python 3.13, and systemd 257.
OpenSUSE Leap 16.0 hat Release Candidate-Status erreicht
Auch bei OpenSUSE ist man kurz davor eine neue Version zu veröffentlichen. Man hat sich wohl auch zu einem radikaleren Ansatz als andere Distributionen entschieden:
it eliminates a lot of old and established components that most distros share. It's not entirely legacy-free, but it's getting close. It does still look and feel like a SUSE distro, although many familiar elements are gone.