All streams

Alright. I pose the same question to an LLM in various forms. And this statistical answer generator, this archive of human knowledge, provides responses that sometimes seem surprisingly novel, and other times, derivative and banal.

On Habr, you'll find arguments that an LLM is incapable of novelty and creativity. And I'm inclined to agree.
You'll also find claims that it shows sparks of a new mind. And, paradoxically, I'm inclined to agree with that, too.

The problem is that we often try to analyze an LLM as a standalone object, without fully grasping what it is at its core. This article posits that the crucial question isn't what an LLM knows or can do, but what it fundamentally is.

Looking for cheap VPS hosting that’s fast, reliable, and fits both personal and business projects? We’ve reviewed more than 20 trusted VPS and VDS providers and compared them by pricing, uptime, features, and support

The Problem: Traditional phishing emails are relatively easy to spot. AI-generated ones are not.

python.

Traditional approaches to SQL query generation often rely on instruction-tuned language models, but these can be inefficient and inaccurate. In this article, we’ll explore a new method based on reinforcement learning for model fine-tuning, which can improve both the accuracy and efficiency of SQL generation.

Hello, Habr! We continue the series of articles on the innovations of the Tantor Postgres 17.5.0 DBMS, and today we will talk about authorization support via OAuth 2.0 Device Authorization Flow is a modern and secure access method that allows applications to request access to PostgreSQL on behalf of the user through an external identification and access control provider, such as Keycloak, which is especially convenient for cloud environments and microservice architectures (the feature will also be available in PostgreSQL 18). In this article, we'll take a step-by-step look at configuring OAuth authorization in PostgreSQL using Keycloak: configure Keycloak, prepare PostgreSQL, write an OAuth token validator in PostgreSQL, and verify successful authorization via psql using Device Flow.

Exposed is an SQL library for Kotlin with DSL and DAO APIs for database interactions. While it comes with support for standard SQL data types, you can extend its functionality by creating custom column types.

Custom column types are useful when Exposed lacks support for specific database types (like PostgreSQL's enum, inet or ltree) or when you want to map columns to domain-specific types that better align with your business logic. By implementing custom columns, you gain control over data storage and retrieval while maintaining type safety.

In this article, we'll explore how to create custom column types in Exposed by creating a simple column type for PostgreSQL's enum.

The “test everything” principle doesn’t improve data quality — it destroys it. Hundreds of useless alerts create noise that drowns out truly important signals, and the team stops responding to them. Google and Monzo have already moved away from this approach.

Here’s how to shift from blanket testing to targeted checks at nodes with the greatest impact radius — and why one well-placed test at the source is worth more than a hundred checks downstream.

People have always valued privacy. Developments of the past decades — the internet, social networks, targeted advertising — turned data into an asset. The AI wave multiplies what can be inferred from crumbs. Phones and apps are integral to people’s lives. Some users keep everything on their phones; others are more restrictive. It shouldn’t rely only on user awareness: developers should provide the first line of defence and the tools that protect a user’s right to privacy. Even if you already deal with most of these pieces daily, I want to share my mental model — how I frame decisions with checklists and a few concrete examples from practice.

At last, we arrive at qualia and emotions. Many of you will immediately think of Chalmers, the bat, redness, and zombies. Excellent. We can consider that ground covered.

Today, I will discuss a topic that seems distant from IT but, with each new breakthrough in AI, becomes ever more immediate: consciousness. It seems I speak of little else. So, to be precise, I will discuss its "hard problem": why do we experience at all? Why does the color red (and there’s the redness) feel red, and pain feel like pain?

This subjective, ineffable aspect of experience — the "what it is like" — is what philosophy calls qualia. For decades, it has been a dead end for scientists. But what if we're looking in the wrong direction? What if qualia are not an additional layer to computation, but an inherent property of the very architecture of computation?

We think of pricing as a simple logic of distance and quality. But after diving into a rare data-driven analysis of the €2 billion Alpine transfer market, I realized the real cost drivers are invisible forces: structural inefficiencies, information asymmetry, and the surprisingly high price of consumer trust.

I've always been fascinated by markets that defy simple logic. Why does a cup of artisanal coffee cost $7? Why is some enterprise software priced per seat, while another is priced per API call? These aren't just arbitrary numbers; they are the surface-level results of deep, often hidden, economic forces. Recently, I stumbled upon a perfect example of such a market in an unexpected place: the private ski transfer industry in the Alps.

The myth of the magical fast=true parameter is still alive and well, but in distributed databases, another contender appears: distributed=true. Neither one will save you if you don’t rethink your schema, sharding keys, sequences, queries, and migration process. We walk through every corner with a clear-eyed approach — from choosing sharding keys and colocated tables to CDC, topologies, and foreign key constraints — showing where performance really improves, where it gets more expensive, and how to deal with it.

While researching malware used by attacker groups, we came across a series of unusual attacks that used GitHub repositories to store malicious files and victim data. These campaigns appear targeted rather than large-scale, and it seems the attackers relied heavily on AI during development. The earliest activity we traced was in September 2024, and the most recent in April 2025.

Our Threat Intelligence team investigates complex attacks featuring novel persistence and data collection methods and unique infrastructures. Sometimes we find simple two-line scripts, and other times we run into "bombs" that trigger dozens of different payloads at once. But it's pretty rare for us to come across such long chains of really simple AI-written scripts that still work, tied together in a way that clearly wasn't random. Think of this as an APT-style attack implemented at the "script kiddie" level (a derogatory term in hacker culture for those who rely on scripts or programs written by others).

If you think this code is idiomatic, elegant and beautiful, read this article!

FindProcess(ByTitle(title))

FindProcess(ByPID(pid))

Migration from Oracle to vanilla PostgreSQL hits roadblocks with packages, autonomous transactions, and collections—they simply don’t exist there. We’ll break down why ora2pg stumbles, how native implementations of these mechanisms in Postgres Pro Enterprise make life easier, and how ora2pgpro translates PL/SQL semantically correctly, without hacks or crude regex.

Hey everyone! I’m excited to share something that’s a real game-changer for anyone who writes code for the web. I’m talking about the new Chrome DevTools Model Context Protocol (MCP) server. If you want to know more details, read the article until the end.

I visited dozens of Thai cities (Ranong, Hua Hin, Samut Songkhram, Bangkok, Chiang Mai, and more) during my motorbike trip, met people, immersed myself in the culture, and this experience changed me — my outlook on life and even my approach to work.

Adventure tourism is on the rise — traveling to places where regular tourists usually don’t go, for a richer, more unique cultural experience and adventure. In 2024, the adventure tourism market was valued at USD 406.12 billion. By 2030, it’s expected to reach USD 1,009.63 billion.

Here are my takeaways from my Thailand adventure tour:

(if you don't want to read watch the video)

From hype to strategy: how EXANTE redefined Cloud Native after painful Kubernetes mistakes, lessons learned, and building a more resilient infrastructure

UX research is an essential part of UX design. It implies a thorough study of a digital product's target audience by collecting and analyzing data about users, their needs and expectations, their ways of interaction with the product, and the ways the product can be improved and refined to provide the best user experience possible. All these tasks lay on the shoulders of UX researchers – professionals who systematically investigate user behavior and conduct data analysis. Let's discuss which skills are required to become a UX researcher and what responsibilities this job carries, as well as how to start a career as a researcher if you’ve just graduated and don’t have much experience.

Soft and hard skills a UX researcher should have

Since UX researchers' work includes dealing both with user emotions and numerical data, they are required to have a set of soft and hard skills to perform their job effectively. 

Soft skills for UX researchers include:

September 25th marks the release of PostgreSQL 18. This article covers the March CommitFest and concludes the series covering the new features of the upcoming update. This article turned out quite large, as the last March CommitFest is traditionally the biggest and richest in new features.

You can find previous reviews of PostgreSQL 18 CommitFests here: 2024-07, 2024-09, 2024-11, 2025-01.

Hello, Habr! Today I want to tell you about my project — “Game Engine 3”, a software shell for creating 2D games and applications...