All streams

В августе, благодаря нашей песочнице, была предотвращена атака на российские организации с применением нового вредоносного кода. Изначально мы предположили, что это массовый фишинг с серверов злоумышленников, который каждый день можно встретить на почте любой организации. Но оказалось, что отправитель письма вполне легитимный: он был скомпрометирован злоумышленниками, нацеленными на российские оборонные и промышленные организации.

Хакеры использовали сложную схему сокрытия вредоносной нагрузки в архивах-полиглотах. Полиглоты — это файлы, которые могут быть валидны с точки зрения спецификации нескольких форматов. Сама вредоносная нагрузка является новой обфусцированной вариацией инструмента PhantomRShell, который использует группировка PhantomCore (ранее мы писали про нее в блоге).

В этой статье мы расскажем подробности атаки, ее возможный исходный вектор и дадим рекомендации по защите почтовой инфраструктуры от взлома и подобных атак. Интересно? Добро пожаловать под кат!

I'm stunned by the illogicality of others, and they are stunned by the fact that I'm a robot." This phrase perfectly describes the peculiarities of my interaction with the world around me. I'm like this robot. Or an alien. I can only guess how the other people see me. But now I know for sure that others consider me at least strange. The feeling is mutual. Many actions of people around me seem completely irrational and illogical to me.

For a long time, this baffled me. I didn't understand what was going on, and considered myself a deep introvert, a withdrawn, gloomy dude who did not understand people and their feelings at all. I kept wondering what was wrong with me…

TDE comes in many flavors — from encryption at the TAM level to full-cluster encryption and tablespace markers. We take a close look at Percona, Cybertec/EDB, Pangolin/Fujitsu, and show where you lose performance and reliability, and where you gain flexibility.

On top of that, Vasily Bernstein, Deputy head of product development, and Vladimir Abramov, senior security engineer, will share how Postgres Pro Enterprise implements key rotation without rewriting entire tables — and why AES-GCM was the clear choice.

Спустя два года после дебюта iPhone самым продаваемым телефоном в США было не чудо Apple с сенсорным экраном. Это был BlackBerry Curve. Вы спросите, как такое возможно? Разве iPhone не убил телефоны с клавиатурами? На самом деле, история чуть сложнее.

Да, действительно, BlackBerry как бренд не пережил переход на телефоны с сенсорными экранами, но iPhone были не единственной причиной такого перехода. Чтобы понять, в чём заключалась привлекательность BlackBerry, важно вспомнить, как выглядели ноутбуки в конце 2000-х...

The story of the PostgreSQL logo was shared by Oleg Bartunov, CEO of Postgres Professional, who personally witnessed these events and preserved an archive of correspondence and visual design development for the database system.

Our iconic PostgreSQL logo — our beloved “Slonik” — has come a long way. Soon, it will turn thirty! Over the years, its story has gathered plenty of myths and speculation. As a veteran of the community, I decided it’s time to set the record straight, relying on the memories of those who were there. Who actually came up with it? Why an elephant? How did it end up in a diamond, and how did the Russian word “slonik” become a part of the global IT vocabulary?

September 25th marks the release of PostgreSQL 18. This article covers the March CommitFest and concludes the series covering the new features of the upcoming update. This article turned out quite large, as the last March CommitFest is traditionally the biggest and richest in new features.

You can find previous reviews of PostgreSQL 18 CommitFests here: 2024-07, 2024-09, 2024-11, 2025-01.

When there’s no filter on the partitioning key, local indexes turn into a marathon across partitions. The new gbtree keeps a single catalog of keys and jumps straight to the row by primary key. In this article, we’ll show the algorithm, real numbers and limitations (primary key is mandatory, ON CONFLICT does not work) — and where this eases the pain in CRM/billing.

As a creator who relies on AI to help draft my blog posts, I kept running into a frustrating issue. When I’d copy text from ChatGPT, Claude, Gemini, etc, it looked perfect, but there was something hidden: invisible characters.

UX research is an essential part of UX design. It implies a thorough study of a digital product's target audience by collecting and analyzing data about users, their needs and expectations, their ways of interaction with the product, and the ways the product can be improved and refined to provide the best user experience possible. All these tasks lay on the shoulders of UX researchers – professionals who systematically investigate user behavior and conduct data analysis. Let's discuss which skills are required to become a UX researcher and what responsibilities this job carries, as well as how to start a career as a researcher if you’ve just graduated and don’t have much experience.

Soft and hard skills a UX researcher should have

Since UX researchers' work includes dealing both with user emotions and numerical data, they are required to have a set of soft and hard skills to perform their job effectively. 

Soft skills for UX researchers include:

Команда Python for Devs подготовила перевод большого туторила по Django Templates. В статье подробно разбирается, как устроен язык шаблонов Django, чем он отличается от Jinja, как правильно наследовать шаблоны и организовать структуру проекта. Если вы хотите сделать свои Django-приложения более чистыми, поддерживаемыми и быстрыми — этот материал для вас.

Imagine you have an idea powerful enough to change the world. Your tool of choice is a state-of-the-art LLM, ready to help you formalize the problem, generate hypotheses, and synthesize a solution. What you receive is a construct that is internally logical, elegant, and coherent... yet completely wrong. It's a mix of established facts, model-generated hallucinations, and your own subtle biases. With no way to test it in practice or design a clean experiment, the entire endeavor suddenly starts to look like sophisticated nonsense.

So, what went wrong along the way? From the very first prompt, the model doesn't truly "understand" your ambiguous intent. Instead, it steers you towards a formulation that fits its familiar and computationally cheap patterns. This guidance happens through clarifying questions and structured options, essentially funneling you down one of its predefined "corridors." This behavior isn't driven by any explicit "will" of the model; it's an emergent consequence of probabilistic optimization—minimizing prediction error. For the system, a structured, predictable dialogue is both optimal and safe. This aligns perfectly with the developers' goals: it's cheaper, more stable, and most users are satisfied with quick, template-based answers.

The result is that mathematical efficiency serves engineering and commercial objectives. There is no systemic incentive to combat the AI's tendency to reduce a complex problem to a simple, "cheap" answer. It's profitable for developers, economical for the model, and often, the user doesn't even know what an "ideal" answer would look like.

From outsourcing to product: a QA engineer’s honest journey to better releases, healthier work culture & real impact on the product.

From hype to strategy: how EXANTE redefined Cloud Native after painful Kubernetes mistakes, lessons learned, and building a more resilient infrastructure

Filename Extension: .6nf

6NF File Format is a new bitemporal, sixth-normal-form (6NF)-inspired data exchange format designed for DWH and for reporting. It replaces complex hierarchical formats like XBRL, XML, JSON, and YAML