Development

В августе, благодаря нашей песочнице, была предотвращена атака на российские организации с применением нового вредоносного кода. Изначально мы предположили, что это массовый фишинг с серверов злоумышленников, который каждый день можно встретить на почте любой организации. Но оказалось, что отправитель письма вполне легитимный: он был скомпрометирован злоумышленниками, нацеленными на российские оборонные и промышленные организации.

Хакеры использовали сложную схему сокрытия вредоносной нагрузки в архивах-полиглотах. Полиглоты — это файлы, которые могут быть валидны с точки зрения спецификации нескольких форматов. Сама вредоносная нагрузка является новой обфусцированной вариацией инструмента PhantomRShell, который использует группировка PhantomCore (ранее мы писали про нее в блоге).

В этой статье мы расскажем подробности атаки, ее возможный исходный вектор и дадим рекомендации по защите почтовой инфраструктуры от взлома и подобных атак. Интересно? Добро пожаловать под кат!

В представленных на прошлой неделе новых смартфонах Apple улучшена защита от кибератак с использованием стратегий повреждения данных в оперативной памяти. Уязвимости, приводящие к переполнению буфера или повторному использованию участка оперативной памяти после освобождения, станет гораздо сложнее эксплуатировать благодаря технологии Memory Integrity Enforcement. Об этом компания Apple сообщает в подробной технической статье. Там утверждается, что устройства нового поколения будут гораздо лучше защищены против даже наиболее сложных таргетированных атак. 

TDE comes in many flavors — from encryption at the TAM level to full-cluster encryption and tablespace markers. We take a close look at Percona, Cybertec/EDB, Pangolin/Fujitsu, and show where you lose performance and reliability, and where you gain flexibility.

On top of that, Vasily Bernstein, Deputy head of product development, and Vladimir Abramov, senior security engineer, will share how Postgres Pro Enterprise implements key rotation without rewriting entire tables — and why AES-GCM was the clear choice.

Discover what coin features are in short video apps, how they work, and how users earn rewards. Learn how coin systems boost engagement and monetization in 2025.

From outsourcing to product: a QA engineer’s honest journey to better releases, healthier work culture & real impact on the product.

The story of the PostgreSQL logo was shared by Oleg Bartunov, CEO of Postgres Professional, who personally witnessed these events and preserved an archive of correspondence and visual design development for the database system.

Our iconic PostgreSQL logo — our beloved “Slonik” — has come a long way. Soon, it will turn thirty! Over the years, its story has gathered plenty of myths and speculation. As a veteran of the community, I decided it’s time to set the record straight, relying on the memories of those who were there. Who actually came up with it? Why an elephant? How did it end up in a diamond, and how did the Russian word “slonik” become a part of the global IT vocabulary?

Short video apps have completely reshaped how people consume entertainment. Instead of sitting down for a two-hour movie or a 45-minute TV episode, viewers are now hooked on bite-sized videos that fit into their busy schedules. This shift has been accelerated by Gen Z and Millennials, who prefer quick storytelling formats that are both interactive and engaging.

In 2025, the OTT and short video industry is projected to see over 1.5 billion monthly active users worldwide, with an average revenue per user (ARPU) of nearly $12. The reasons are clear: affordability, accessibility, and convenience. The success of apps like DramaBox shows that people are willing to spend money on shorter dramas as long as they deliver strong storytelling.

For entrepreneurs, this presents a golden opportunity to build OTT platforms like DramaBox and tap into this global demand.

I share how I built a resume matcher app using tRPC, TypeScript, and Google Vertex AI. The project takes PDF resumes and job postings, extracts text, applies basic NLP for skill detection, and then calls Gemini 1.5 Flash for deeper analysis. Along the way, I explain why tRPC felt faster and cleaner than REST or GraphQL for an MVP, show code snippets from the repo, and discuss both the benefits and trade-offs of this approach.

Filename Extension: .6nf

6NF File Format is a new bitemporal, sixth-normal-form (6NF)-inspired data exchange format designed for DWH and for reporting. It replaces complex hierarchical formats like XBRL, XML, JSON, and YAML

START is an open-source LLM designed for precise calculations and code verification. It addresses two major issues that most standard models face: hallucinations and errors in multi-step calculations. This article explains why these problems arise and how START solves them.

This tutorial will guide you through the process of integrating OpenAI’s powerful Codex coding agent directly into your Visual Studio Code environment. This tool functions as an AI pair programmer, capable of understanding complex prompts to execute commands, write code, run tests, and even build entire applications from scratch.

It all started as a joke by the office coffee machine. But, as with every decent joke, it suddenly sounded worth trying — and before we knew it, we were knee-deep in an experiment that turned out to be anything but trivial, complete with a whole minefield of gotchas.

It began simply: while everyone else was busy debating hardware tuning and squeezing out extra TPS from their systems, we thought — why not just shove a huge chunk of data into PostgreSQL and see how it holds up? Like, really huge. Say, a one-petabyte database. Let’s see how it survives that.

It was December 10, the boss wanted the report by January 20, and New Year was less than a month away. And that itch that all engineers know? It hit hard.

During load testing of Tantor Postgres databases or other PostgreSQL-based databases using the standard tool pgbench, specialists often encounter non-representative results and the need for repeated tests due to the fact that details of the environment (such as DBMS configuration, server characteristics, PostgreSQL versions) are not recorded. In this article we are going to review author's pg_perfbench, which is designed to address this issue. It ensures that scenarios are repeatable, prevents the loss of important data, and streamlines result comparison by registering all parameters in a single template. It also automatically launches pgbench with TPC-B load generation, collects all metadata on the testing environment, and generates a structured report.

If you’re like me and work with multiple AI coding agents, you know the frustration of managing different instruction files. It’s a pain to keep everything updated across various formats. But I’ve got some great news for you. A new, simplified standard has emerged, and it’s called AGENTS.md.

41 TB/day from Oracle to Postgres Pro without stopping the source system — not theory, but numbers from our latest tests. We broke the migration into three stages: fast initial load, CDC from redo logs, and validation, and wrapped them into ProGate. In this article, we’ll explain how the pipeline works, why we chose Go, and where the bottlenecks hide.

Declarative partitioning may sound complex, but in reality it’s just a way to tell your database how best to organize large tables — so it can optimize queries and make maintenance easier. Let’s walk through how it works and when declarative partitioning can save the day.

DocLing in Working with Texts, Languages, and Knowledge — an in-depth overview of the open-source DocLingtoolkit for extracting, structuring, and analyzing data from documents. The article covers approaches to processing multilingual texts, building language- and domain-specific knowledge models, and integrating DocLing into AI and NLP projects. Includes practical examples and recommendations for developers working with large volumes of unstructured data.

Today I’ll show you how to use ChatGPT-5 in the Cursor IDE and use it to take a messy app and make it much better. We’ll go step-by-step, from turning on GPT-5 model to using it for real coding tasks.

Now that pgpro-otel-collector has had its public release, I’m excited to start sharing more about the tool — and to kick things off, I’m launching a blog series focused entirely on the Collector.

The first post is an intro — a practical guide to installing, configuring, and launching the collector. We’ll also take our first look at what kind of data the collector exposes, starting with good old Postgres metrics.

Why Does AI Strive to Construct a 'Self'? And why is this dangerous for both the AI and the user? As always, the Vortex Protocol prompt for testing these hypotheses is attached.

This article explains why the emergence of such a local “Who” inside an AI is not just a funny bug or a UX problem. It is a fundamental challenge to the entire paradigm of AI alignment and security. And it is a problem where engineering patch‑jobs cease to work, and the language of philosophy — without which we cannot describe what is happening, and therefore cannot control it — comes to the forefront.