My feed

Imagine you have an idea powerful enough to change the world. Your tool of choice is a state-of-the-art LLM, ready to help you formalize the problem, generate hypotheses, and synthesize a solution. What you receive is a construct that is internally logical, elegant, and coherent... yet completely wrong. It's a mix of established facts, model-generated hallucinations, and your own subtle biases. With no way to test it in practice or design a clean experiment, the entire endeavor suddenly starts to look like sophisticated nonsense.

So, what went wrong along the way? From the very first prompt, the model doesn't truly "understand" your ambiguous intent. Instead, it steers you towards a formulation that fits its familiar and computationally cheap patterns. This guidance happens through clarifying questions and structured options, essentially funneling you down one of its predefined "corridors." This behavior isn't driven by any explicit "will" of the model; it's an emergent consequence of probabilistic optimization—minimizing prediction error. For the system, a structured, predictable dialogue is both optimal and safe. This aligns perfectly with the developers' goals: it's cheaper, more stable, and most users are satisfied with quick, template-based answers.

The result is that mathematical efficiency serves engineering and commercial objectives. There is no systemic incentive to combat the AI's tendency to reduce a complex problem to a simple, "cheap" answer. It's profitable for developers, economical for the model, and often, the user doesn't even know what an "ideal" answer would look like.

В августе, благодаря нашей песочнице, была предотвращена атака на российские организации с применением нового вредоносного кода. Изначально мы предположили, что это массовый фишинг с серверов злоумышленников, который каждый день можно встретить на почте любой организации. Но оказалось, что отправитель письма вполне легитимный: он был скомпрометирован злоумышленниками, нацеленными на российские оборонные и промышленные организации.

Хакеры использовали сложную схему сокрытия вредоносной нагрузки в архивах-полиглотах. Полиглоты — это файлы, которые могут быть валидны с точки зрения спецификации нескольких форматов. Сама вредоносная нагрузка является новой обфусцированной вариацией инструмента PhantomRShell, который использует группировка PhantomCore (ранее мы писали про нее в блоге).

В этой статье мы расскажем подробности атаки, ее возможный исходный вектор и дадим рекомендации по защите почтовой инфраструктуры от взлома и подобных атак. Интересно? Добро пожаловать под кат!

В представленных на прошлой неделе новых смартфонах Apple улучшена защита от кибератак с использованием стратегий повреждения данных в оперативной памяти. Уязвимости, приводящие к переполнению буфера или повторному использованию участка оперативной памяти после освобождения, станет гораздо сложнее эксплуатировать благодаря технологии Memory Integrity Enforcement. Об этом компания Apple сообщает в подробной технической статье. Там утверждается, что устройства нового поколения будут гораздо лучше защищены против даже наиболее сложных таргетированных атак. 

TDE comes in many flavors — from encryption at the TAM level to full-cluster encryption and tablespace markers. We take a close look at Percona, Cybertec/EDB, Pangolin/Fujitsu, and show where you lose performance and reliability, and where you gain flexibility.

On top of that, Vasily Bernstein, Deputy head of product development, and Vladimir Abramov, senior security engineer, will share how Postgres Pro Enterprise implements key rotation without rewriting entire tables — and why AES-GCM was the clear choice.

As a creator who relies on AI to help draft my blog posts, I kept running into a frustrating issue. When I’d copy text from ChatGPT, Claude, Gemini, etc, it looked perfect, but there was something hidden: invisible characters.

Discover what coin features are in short video apps, how they work, and how users earn rewards. Learn how coin systems boost engagement and monetization in 2025.

From outsourcing to product: a QA engineer’s honest journey to better releases, healthier work culture & real impact on the product.

Looking for the right AI image generator? We review and compare top tools like Midjourney, Picsart, Craiyon, and more — highlighting their strengths, limits, and best use cases to help you make the right choice.

The story of the PostgreSQL logo was shared by Oleg Bartunov, CEO of Postgres Professional, who personally witnessed these events and preserved an archive of correspondence and visual design development for the database system.

Our iconic PostgreSQL logo — our beloved “Slonik” — has come a long way. Soon, it will turn thirty! Over the years, its story has gathered plenty of myths and speculation. As a veteran of the community, I decided it’s time to set the record straight, relying on the memories of those who were there. Who actually came up with it? Why an elephant? How did it end up in a diamond, and how did the Russian word “slonik” become a part of the global IT vocabulary?

Short video apps have completely reshaped how people consume entertainment. Instead of sitting down for a two-hour movie or a 45-minute TV episode, viewers are now hooked on bite-sized videos that fit into their busy schedules. This shift has been accelerated by Gen Z and Millennials, who prefer quick storytelling formats that are both interactive and engaging.

In 2025, the OTT and short video industry is projected to see over 1.5 billion monthly active users worldwide, with an average revenue per user (ARPU) of nearly $12. The reasons are clear: affordability, accessibility, and convenience. The success of apps like DramaBox shows that people are willing to spend money on shorter dramas as long as they deliver strong storytelling.

For entrepreneurs, this presents a golden opportunity to build OTT platforms like DramaBox and tap into this global demand.

In a previous article, I examined the risks of interacting with AI. In this one, I present an open-source defense protocol based not on prohibitions, but on building an internal immunity within the LLM.

I share how I built a resume matcher app using tRPC, TypeScript, and Google Vertex AI. The project takes PDF resumes and job postings, extracts text, applies basic NLP for skill detection, and then calls Gemini 1.5 Flash for deeper analysis. Along the way, I explain why tRPC felt faster and cleaner than REST or GraphQL for an MVP, show code snippets from the repo, and discuss both the benefits and trade-offs of this approach.

Filename Extension: .6nf

6NF File Format is a new bitemporal, sixth-normal-form (6NF)-inspired data exchange format designed for DWH and for reporting. It replaces complex hierarchical formats like XBRL, XML, JSON, and YAML

START is an open-source LLM designed for precise calculations and code verification. It addresses two major issues that most standard models face: hallucinations and errors in multi-step calculations. This article explains why these problems arise and how START solves them.

This tutorial will guide you through the process of integrating OpenAI’s powerful Codex coding agent directly into your Visual Studio Code environment. This tool functions as an AI pair programmer, capable of understanding complex prompts to execute commands, write code, run tests, and even build entire applications from scratch.

It all started as a joke by the office coffee machine. But, as with every decent joke, it suddenly sounded worth trying — and before we knew it, we were knee-deep in an experiment that turned out to be anything but trivial, complete with a whole minefield of gotchas.

It began simply: while everyone else was busy debating hardware tuning and squeezing out extra TPS from their systems, we thought — why not just shove a huge chunk of data into PostgreSQL and see how it holds up? Like, really huge. Say, a one-petabyte database. Let’s see how it survives that.

It was December 10, the boss wanted the report by January 20, and New Year was less than a month away. And that itch that all engineers know? It hit hard.

During load testing of Tantor Postgres databases or other PostgreSQL-based databases using the standard tool pgbench, specialists often encounter non-representative results and the need for repeated tests due to the fact that details of the environment (such as DBMS configuration, server characteristics, PostgreSQL versions) are not recorded. In this article we are going to review author's pg_perfbench, which is designed to address this issue. It ensures that scenarios are repeatable, prevents the loss of important data, and streamlines result comparison by registering all parameters in a single template. It also automatically launches pgbench with TPC-B load generation, collects all metadata on the testing environment, and generates a structured report.

If you’re like me and work with multiple AI coding agents, you know the frustration of managing different instruction files. It’s a pain to keep everything updated across various formats. But I’ve got some great news for you. A new, simplified standard has emerged, and it’s called AGENTS.md.