​​My friends started a helper jar for two pickup trucks for AFU.

More info: https://www.instagram.com/p/DXpgaaWgH00

Monobank jar: https://send.monobank.ua/jar/3U1hBa5WPp

#donations #Ukraine

Figma has replaced PGBouncer with their own implementation called PGKeeper written in Go as a connection pooler for Postgres.

I really enjoyed this article, because they go into the implementation depths and describe why certain decisions were taken. Unfortunately, it doesn't always happen in such articles. Also, this is a nice reminder that software engineering is not only about writing CRUDs.

Unfortunately, they do not plan to open source it for now, also because it's too tightly coupled with libraries and approaches Figma uses internally. To be honest, it makes sense for in-house software to aim to one's specific needs rather than being generic enough to be open sourced.

#databases #postgres

A book bundle on Linux, shells, and other OPS topics by O’Reilly on Humble Bundle.

Just beware that this is a reoccurring bundle. It was featured before, including on this channel. Double-check before you buy!

#books

You may have heard already that Mitchell Hashimoto plans to move Ghostty away from GitHub.

It could be that you plan such a move yourself for whatever reason, but you're not sure yet. Here's a guide on how to push changes to GitHub and Codeberg simultaneously, so you could still keep the door open.

Codeberg is a non-profit European Git hosting. Although, this guide should work for any provider as long as you can use SSH keys for auth.

#programming #github

​​Remember copy.fail which we all checking a week ago?
Here is a continuation - another Linux 0-day to root.
https://github.com/V4bel/dirtyfrag

Btw, I can recommend to checkout https://t.me/setenforce_1 - channel fully dedicated to security, or better say - to vulns that will have real effect on you. No bullshit about "10 common vulns" which you can check on OWASP etc. Love it.

#security #linux

A new issue of the CatOps Digest is here!

https://newsletter.catops.dev/p/catops-digest-2026-05-09

Happy Europe Day! 🇪🇺

#digest #newsletter

​​For today’s Donations Monday, I would like to remind you about one of the smaller fundraisers from the recent digest.

- Radio-electronic equipment for the 25th Brigade.

It’s more than 80% complete, and I’m sure that with your help, we can close it this week.

#donations #Ukraine

​​Enabling horizontal autoscaling with co-operative distributed rate limiting is an old article from Monzo that describes, how they built their internal distributed rate limiting solution.

The interesting part is the reasoning about whether a system works in an adversary environment (public facing) or not (internal system). The main question here: can you trust a client? The answer to this question influences the design a lot!

#system_design

Consistent Hashing in 1 diagram and 198 words is a nice primer on the consistent hashing technique. Obviously, it doesn't go deep on the implementation or examples.

That Substack has some other nice primers as well. Some are good, others are not so much, but all of them could be a good start for a new topic.

#programming #primer

A (now) regular Thursday security advisory rubric.

"Fragnesia" is a newly discovered local privilege escalation kernel CVE from the same family of CopyFail and DirtyFrag.

It looks like the Dirty Frag mitigation (disabling the kernel modules esp4, esp6, and rxrpc) should help here as well.

#security

Continuing with security advisory.

NGINX ngx_http_rewrite_module vulnerability CVE-2026-42945.

~
NGINX Plus and NGINX Open Source have a vulnerability in the *ngx_http_rewrite_module* module. This vulnerability exists when the *rewrite* directive is followed by a *rewrite*, *if*, or *set* directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. (CVE-2026-42945)

Don't confuse the F5's NGINX Ingress Controller with the community-led ingress-nginx, that is deprecated now.

In any case, though, if you're using the ngx_http_rewrite_module (and it's widely used!), you are likely vulnerable.


#security

An interesting point of view on reliability through the prism of everyday work and experience from other industries.

The normal work of creating reliability is an article by Lorin Hochstein, that asks: what instead of thinking of how an incident could have been prevented, we ask: what do we do daily to avoid having incidents constantly.

P.S. "Invert, always invert" - Carl Jacobi

#sre #reliability #culture

​​What’s the difference between picking up litter after yourself and donating to the AFU's pickup trucks?

You're right — donating is easier, as you don't need to spend energy producing waste beforehand!

So, here's the link: ​​https://send.monobank.ua/jar/3U1hBa5WPp

More info: https://www.instagram.com/p/DXpgaaWgH00

#donations #Ukraine