My feed

The Problem: Traditional phishing emails are relatively easy to spot. AI-generated ones are not.

python

Traditional approaches to SQL query generation often rely on instruction-tuned language models, but these can be inefficient and inaccurate. In this article, we’ll explore a new method based on reinforcement learning for model fine-tuning, which can improve both the accuracy and efficiency of SQL generation.

Hello, Habr! We continue the series of articles on the innovations of the Tantor Postgres 17.5.0 DBMS, and today we will talk about authorization support via OAuth 2.0 Device Authorization Flow is a modern and secure access method that allows applications to request access to PostgreSQL on behalf of the user through an external identification and access control provider, such as Keycloak, which is especially convenient for cloud environments and microservice architectures (the feature will also be available in PostgreSQL 18). In this article, we'll take a step-by-step look at configuring OAuth authorization in PostgreSQL using Keycloak: configure Keycloak, prepare PostgreSQL, write an OAuth token validator in PostgreSQL, and verify successful authorization via psql using Device Flow.

Exposed is an SQL library for Kotlin with DSL and DAO APIs for database interactions. While it comes with support for standard SQL data types, you can extend its functionality by creating custom column types.

Custom column types are useful when Exposed lacks support for specific database types (like PostgreSQL's enum, inet or ltree) or when you want to map columns to domain-specific types that better align with your business logic. By implementing custom columns, you gain control over data storage and retrieval while maintaining type safety.

In this article, we'll explore how to create custom column types in Exposed by creating a simple column type for PostgreSQL's enum.

The “test everything” principle doesn’t improve data quality — it destroys it. Hundreds of useless alerts create noise that drowns out truly important signals, and the team stops responding to them. Google and Monzo have already moved away from this approach.

Here’s how to shift from blanket testing to targeted checks at nodes with the greatest impact radius — and why one well-placed test at the source is worth more than a hundred checks downstream.

People have always valued privacy. Developments of the past decades — the internet, social networks, targeted advertising — turned data into an asset. The AI wave multiplies what can be inferred from crumbs. Phones and apps are integral to people’s lives. Some users keep everything on their phones; others are more restrictive. It shouldn’t rely only on user awareness: developers should provide the first line of defence and the tools that protect a user’s right to privacy. Even if you already deal with most of these pieces daily, I want to share my mental model — how I frame decisions with checklists and a few concrete examples from practice.

At last, we arrive at qualia and emotions. Many of you will immediately think of Chalmers, the bat, redness, and zombies. Excellent. We can consider that ground covered.

Today, I will discuss a topic that seems distant from IT but, with each new breakthrough in AI, becomes ever more immediate: consciousness. It seems I speak of little else. So, to be precise, I will discuss its "hard problem": why do we experience at all? Why does the color red (and there’s the redness) feel red, and pain feel like pain?

This subjective, ineffable aspect of experience — the "what it is like" — is what philosophy calls qualia. For decades, it has been a dead end for scientists. But what if we're looking in the wrong direction? What if qualia are not an additional layer to computation, but an inherent property of the very architecture of computation?

We think of pricing as a simple logic of distance and quality. But after diving into a rare data-driven analysis of the €2 billion Alpine transfer market, I realized the real cost drivers are invisible forces: structural inefficiencies, information asymmetry, and the surprisingly high price of consumer trust.

I've always been fascinated by markets that defy simple logic. Why does a cup of artisanal coffee cost $7? Why is some enterprise software priced per seat, while another is priced per API call? These aren't just arbitrary numbers; they are the surface-level results of deep, often hidden, economic forces. Recently, I stumbled upon a perfect example of such a market in an unexpected place: the private ski transfer industry in the Alps.

The myth of the magical fast=true parameter is still alive and well, but in distributed databases, another contender appears: distributed=true. Neither one will save you if you don’t rethink your schema, sharding keys, sequences, queries, and migration process. We walk through every corner with a clear-eyed approach — from choosing sharding keys and colocated tables to CDC, topologies, and foreign key constraints — showing where performance really improves, where it gets more expensive, and how to deal with it.

While researching malware used by attacker groups, we came across a series of unusual attacks that used GitHub repositories to store malicious files and victim data. These campaigns appear targeted rather than large-scale, and it seems the attackers relied heavily on AI during development. The earliest activity we traced was in September 2024, and the most recent in April 2025.

Our Threat Intelligence team investigates complex attacks featuring novel persistence and data collection methods and unique infrastructures. Sometimes we find simple two-line scripts, and other times we run into "bombs" that trigger dozens of different payloads at once. But it's pretty rare for us to come across such long chains of really simple AI-written scripts that still work, tied together in a way that clearly wasn't random. Think of this as an APT-style attack implemented at the "script kiddie" level (a derogatory term in hacker culture for those who rely on scripts or programs written by others).

If you think this code is idiomatic, elegant and beautiful, read this article!

FindProcess(ByTitle(title))

FindProcess(ByPID(pid))

Migration from Oracle to vanilla PostgreSQL hits roadblocks with packages, autonomous transactions, and collections—they simply don’t exist there. We’ll break down why ora2pg stumbles, how native implementations of these mechanisms in Postgres Pro Enterprise make life easier, and how ora2pgpro translates PL/SQL semantically correctly, without hacks or crude regex.

Hey everyone! I’m excited to share something that’s a real game-changer for anyone who writes code for the web. I’m talking about the new Chrome DevTools Model Context Protocol (MCP) server. If you want to know more details, read the article until the end.

I visited dozens of Thai cities (Ranong, Hua Hin, Samut Songkhram, Bangkok, Chiang Mai, and more) during my motorbike trip, met people, immersed myself in the culture, and this experience changed me — my outlook on life and even my approach to work.

Adventure tourism is on the rise — traveling to places where regular tourists usually don’t go, for a richer, more unique cultural experience and adventure. In 2024, the adventure tourism market was valued at USD 406.12 billion. By 2030, it’s expected to reach USD 1,009.63 billion.

Here are my takeaways from my Thailand adventure tour:

(if you don't want to read watch the video)

From hype to strategy: how EXANTE redefined Cloud Native after painful Kubernetes mistakes, lessons learned, and building a more resilient infrastructure

UX research is an essential part of UX design. It implies a thorough study of a digital product's target audience by collecting and analyzing data about users, their needs and expectations, their ways of interaction with the product, and the ways the product can be improved and refined to provide the best user experience possible. All these tasks lay on the shoulders of UX researchers ��� professionals who systematically investigate user behavior and conduct data analysis. Let's discuss which skills are required to become a UX researcher and what responsibilities this job carries, as well as how to start a career as a researcher if you’ve just graduated and don’t have much experience.

Soft and hard skills a UX researcher should have

Since UX researchers' work includes dealing both with user emotions and numerical data, they are required to have a set of soft and hard skills to perform their job effectively. 

Soft skills for UX researchers include:

For the global PostgreSQL community, mastering database administration is a critical step towards building robust and efficient systems. Recognizing this, Postgres Professional is excited to announce the release of the English version of our popular course, DBA1: Basic PostgreSQL 16 Administration. This course serves as a bridge from foundational knowledge to confident, professional-level PostgreSQL administration, providing deep insights into server management, architecture, and essential daily tasks.

September 25th marks the release of PostgreSQL 18. This article covers the March CommitFest and concludes the series covering the new features of the upcoming update. This article turned out quite large, as the last March CommitFest is traditionally the biggest and richest in new features.

You can find previous reviews of PostgreSQL 18 CommitFests here: 2024-07, 2024-09, 2024-11, 2025-01.

In late September 2025, PostgreSQL 18 was released. It received the long-awaited built-in function uuidv7(). The uuidv7() function generates UUID version 7 (UUIDv7) identifiers of the binary data type uuid in accordance with the international standard RFC 9562. These identifiers are recommended for use as primary keys. If necessary, the timestamp with the time zone can be extracted from them using the uuid_extract_timestamp() function.

UUIDv7 combines the global uniqueness of primary keys, a negligibly low probability of collisions (unacceptable random matches), and ordering by the generation timestamp. This is achieved without using centralized coordination or MAC addresses. The risk of collisions is no higher than with the previously most popular (random) UUID version 4 type.

Due to ordering by generation timestamp, UUIDv7 results in significantly higher performance and smaller index sizes compared to UUIDv4. The most significant bits of UUIDv7 identifiers can be used as a partition key.

UUIDv7 provides the same performance for CRUD database operations as when using auto-increment (the serial type and its modern equivalent GENERATED ... AS IDENTITY). The time to generate a UUIDv7 identifier is approximately a thousand times less than the record insertion time, so the UUIDv7 generation rate does not affect database performance.

Using UUIDv7 eliminates the fundamental drawbacks of auto-increment: