The Laws Of Architectural Work is a short article with two important insights about architectural decisions:
- They always come with trade-offs.
- Context matters.
This reminded me of a university professor from back in a day. He used to say: “There is no good solution, there is only an optimal solution for our case”. This phrase pretty much summarizes the whole premise of this article.
In any case, I think it’s an important reminder, taking into account that we can “outsource” more and more coding work, so what we left with is basically architectural work, being it software, infrastructure, networks, or something else.
P.S. This article was written in 2020, so take it into account, when you encounter words “recent” there. I’m digging through my archive of saved articles.
#architecture
- They always come with trade-offs.
- Context matters.
This reminded me of a university professor from back in a day. He used to say: “There is no good solution, there is only an optimal solution for our case”. This phrase pretty much summarizes the whole premise of this article.
In any case, I think it’s an important reminder, taking into account that we can “outsource” more and more coding work, so what we left with is basically architectural work, being it software, infrastructure, networks, or something else.
P.S. This article was written in 2020, so take it into account, when you encounter words “recent” there. I’m digging through my archive of saved articles.
#architecture
Uwe Friedrichsen
The laws of architectural work
Understanding architectural decisions
👍3
A new issue of the CatOps Digest is here!
https://newsletter.catops.dev/p/catops-digest-2026-04-24
#newsletter #digest
https://newsletter.catops.dev/p/catops-digest-2026-04-24
#newsletter #digest
newsletter.catops.dev
CatOps Digest 2026-04-24
What was on CatOps in the last couple of weeks...
👍3
For today’s Donations Monday, I would like to remind you about a smaller fundraiser that I posted several weeks ago. It’s moving, but rather slow. So, let’s boost it!
A fundraiser for radio-electronic equipment for the 25th Brigade.
Monobank jar:
https://send.monobank.ua/jar/5cXWfFMLHR
The fundraiser is 60% complete.
#donations #Ukraine
A fundraiser for radio-electronic equipment for the 25th Brigade.
Monobank jar:
https://send.monobank.ua/jar/5cXWfFMLHR
The fundraiser is 60% complete.
#donations #Ukraine
❤4
Apparently, the Dutch Central Bank is opting for the Lidl cloud instead of a US solution as their cloud provider.
Right now, digital sovereignty may sound like loud promises, but this is one of the main issues the European tech sector will have to solve in the nearest future.
P.S. It’s also a bit funny that a grocery store is completing with a book store in cloud computing.
#cloud #lidl
Right now, digital sovereignty may sound like loud promises, but this is one of the main issues the European tech sector will have to solve in the nearest future.
P.S. It’s also a bit funny that a grocery store is completing with a book store in cloud computing.
#cloud #lidl
discount-retail-consulting
Netherlands: Dutch Central Bank (DNB) goes to Lidl for cloud services
Discount Retail Chain Lidl's sister company Schwarz Digits signs a major contract as a supplier of IT services to the Dutch Central Bank (DNB).This was announced by sales director Bernd Wagner on Monday during a major industrial fair in Hanover. Schwarz Gruppe…
❤15❤🔥3😁1
If you're hosting GitHub Enterprise Server, you need to update to address a recently discovered CVE.
What's interesting about this CVE is that it is a legit CVE that was discovered with AI. As WIZ researchers put it in the related article
Security notice from GitHub.
Fixed versions:
- GitHub Enterprise Server 3.14.25 or later
- GitHub Enterprise Server 3.15.20 or later
- GitHub Enterprise Server 3.16.16 or later
- GitHub Enterprise Server 3.17.13 or later
- GitHub Enterprise Server 3.18.7 or later
- GitHub Enterprise Server 3.19.4 or later
- GitHub Enterprise Server 3.20.0 or later
P.S. These news came from our chat (in Ukrainian).
#security #github
What's interesting about this CVE is that it is a legit CVE that was discovered with AI. As WIZ researchers put it in the related article
Notably, this is one of the first critical vulnerabilities discovered in closed-source binaries using AI, highlighting a shift in how these flaws are identified.
Security notice from GitHub.
Fixed versions:
- GitHub Enterprise Server 3.14.25 or later
- GitHub Enterprise Server 3.15.20 or later
- GitHub Enterprise Server 3.16.16 or later
- GitHub Enterprise Server 3.17.13 or later
- GitHub Enterprise Server 3.18.7 or later
- GitHub Enterprise Server 3.19.4 or later
- GitHub Enterprise Server 3.20.0 or later
P.S. These news came from our chat (in Ukrainian).
#security #github
wiz.io
GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog
A CVSS 8.7 vulnerability in GitHub Enterprise Server allows remote code execution. Read the threat brief and find vulnerable GHES instances from Wiz.
https://copy.fail/
Basically, you need to patch/recreate with new version everything that interact with not trusted part of internet.
Bug found was AI-assisted, btw.
#security
Basically, you need to patch/recreate with new version everything that interact with not trusted part of internet.
Bug found was AI-assisted, btw.
#security
Xint
Copy Fail — 732 Bytes to Root
CVE-2026-31431. 100% Reliable Linux LPE — no race, no per-distro offsets, page-cache write that bypasses on-disk file-integrity tools and crosses containers. Found by Xint Code.
🔥4
An interesting application for eBPF: patching your Kubernetes nodes against CopyFail (see the previous post) with a DaemonSet. It is supposed to work even if the
https://github.com/iwanhae/copyfail-ebpf-k8s
#security
algif_aead module is built into the kernel.https://github.com/iwanhae/copyfail-ebpf-k8s
#security
GitHub
GitHub - iwanhae/copyfail-ebpf-k8s: CVE-2026-31431 eBPF fix
CVE-2026-31431 eBPF fix. Contribute to iwanhae/copyfail-ebpf-k8s development by creating an account on GitHub.
😎3
My friends started a helper jar for two pickup trucks for AFU.
More info: https://www.instagram.com/p/DXpgaaWgH00
Monobank jar: https://send.monobank.ua/jar/3U1hBa5WPp
#donations #Ukraine
More info: https://www.instagram.com/p/DXpgaaWgH00
Monobank jar: https://send.monobank.ua/jar/3U1hBa5WPp
#donations #Ukraine
❤1
Figma has replaced PGBouncer with their own implementation called PGKeeper written in Go as a connection pooler for Postgres.
I really enjoyed this article, because they go into the implementation depths and describe why certain decisions were taken. Unfortunately, it doesn't always happen in such articles. Also, this is a nice reminder that software engineering is not only about writing CRUDs.
Unfortunately, they do not plan to open source it for now, also because it's too tightly coupled with libraries and approaches Figma uses internally. To be honest, it makes sense for in-house software to aim to one's specific needs rather than being generic enough to be open sourced.
#databases #postgres
I really enjoyed this article, because they go into the implementation depths and describe why certain decisions were taken. Unfortunately, it doesn't always happen in such articles. Also, this is a nice reminder that software engineering is not only about writing CRUDs.
Unfortunately, they do not plan to open source it for now, also because it's too tightly coupled with libraries and approaches Figma uses internally. To be honest, it makes sense for in-house software to aim to one's specific needs rather than being generic enough to be open sourced.
#databases #postgres
Figma
PGKeeper: Building the Bouncer We Needed for Postgres | Figma Blog
This is the story of why and how we built PGKeeper, a scalable and reliable service to support Figma’s rapidly growing products and database workload.
👍4😁4
A book bundle on Linux, shells, and other OPS topics by O’Reilly on Humble Bundle.
Just beware that this is a reoccurring bundle. It was featured before, including on this channel. Double-check before you buy!
#books
Just beware that this is a reoccurring bundle. It was featured before, including on this channel. Double-check before you buy!
#books
Humble Bundle
Humble Tech Book Bundle: Shells and Scripting for Seasoned Admins by O'Reilly ENCORE
Pay what you want for comics from <<<product>>>! Support a charity of your choice!
❤2
You may have heard already that Mitchell Hashimoto plans to move Ghostty away from GitHub.
It could be that you plan such a move yourself for whatever reason, but you're not sure yet. Here's a guide on how to push changes to GitHub and Codeberg simultaneously, so you could still keep the door open.
Codeberg is a non-profit European Git hosting. Although, this guide should work for any provider as long as you can use SSH keys for auth.
#programming #github
It could be that you plan such a move yourself for whatever reason, but you're not sure yet. Here's a guide on how to push changes to GitHub and Codeberg simultaneously, so you could still keep the door open.
Codeberg is a non-profit European Git hosting. Although, this guide should work for any provider as long as you can use SSH keys for auth.
#programming #github
Scripting on Caffeine
Pushing to GitHub and Codeberg Simultaneously with Git
Learn how to configure Git to push your code to both GitHub and Codeberg with a single command, including SSH key setup and a handy shell alias for branch-specific control.
👍5
Remember copy.fail which we all checking a week ago?
Here is a continuation - another Linux 0-day to root.
https://github.com/V4bel/dirtyfrag
Btw, I can recommend to checkout https://t.me/setenforce_1 - channel fully dedicated to security, or better say - to vulns that will have real effect on you. No bullshit about "10 common vulns" which you can check on OWASP etc. Love it.
#security #linux
Here is a continuation - another Linux 0-day to root.
https://github.com/V4bel/dirtyfrag
Btw, I can recommend to checkout https://t.me/setenforce_1 - channel fully dedicated to security, or better say - to vulns that will have real effect on you. No bullshit about "10 common vulns" which you can check on OWASP etc. Love it.
#security #linux
👍9🔥2
A new issue of the CatOps Digest is here!
https://newsletter.catops.dev/p/catops-digest-2026-05-09
Happy Europe Day! 🇪🇺
#digest #newsletter
https://newsletter.catops.dev/p/catops-digest-2026-05-09
Happy Europe Day! 🇪🇺
#digest #newsletter
newsletter.catops.dev
CatOps Digest 2026-05-09
What was on CatOps in the last few weeks...
❤5
For today’s Donations Monday, I would like to remind you about one of the smaller fundraisers from the recent digest.
- Radio-electronic equipment for the 25th Brigade.
It’s more than 80% complete, and I’m sure that with your help, we can close it this week.
#donations #Ukraine
- Radio-electronic equipment for the 25th Brigade.
It’s more than 80% complete, and I’m sure that with your help, we can close it this week.
#donations #Ukraine
❤2
Enabling horizontal autoscaling with co-operative distributed rate limiting is an old article from Monzo that describes, how they built their internal distributed rate limiting solution.
The interesting part is the reasoning about whether a system works in an adversary environment (public facing) or not (internal system). The main question here: can you trust a client? The answer to this question influences the design a lot!
#system_design
The interesting part is the reasoning about whether a system works in an adversary environment (public facing) or not (internal system). The main question here: can you trust a client? The answer to this question influences the design a lot!
#system_design
Consistent Hashing in 1 diagram and 198 words is a nice primer on the consistent hashing technique. Obviously, it doesn't go deep on the implementation or examples.
That Substack has some other nice primers as well. Some are good, others are not so much, but all of them could be a good start for a new topic.
#programming #primer
That Substack has some other nice primers as well. Some are good, others are not so much, but all of them could be a good start for a new topic.
#programming #primer
Systemdesignbutsimple
Consistent Hashing in 1 diagram and 198 words
Explained as simply as possible… but not simpler.
👍1
A (now) regular Thursday security advisory rubric.
"Fragnesia" is a newly discovered local privilege escalation kernel CVE from the same family of CopyFail and DirtyFrag.
It looks like the Dirty Frag mitigation (disabling the kernel modules esp4, esp6, and rxrpc) should help here as well.
#security
"Fragnesia" is a newly discovered local privilege escalation kernel CVE from the same family of CopyFail and DirtyFrag.
It looks like the Dirty Frag mitigation (disabling the kernel modules esp4, esp6, and rxrpc) should help here as well.
#security
Amazon
Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel
<p><b>Bulletin ID:</b> 2026-029-AWS
<b>Scope:</b> AWS
<b>Content Type:</b> Important (requires attention)
<b>Publication Date:</b> 05/13/2026 18:45 PM PDT</p> <p><b>This is an ongoing issue. Information is subject to change. Please refer to our Security…
<b>Scope:</b> AWS
<b>Content Type:</b> Important (requires attention)
<b>Publication Date:</b> 05/13/2026 18:45 PM PDT</p> <p><b>This is an ongoing issue. Information is subject to change. Please refer to our Security…
❤1😁1