Patrick Dung

Here's my new article about ClickHouse and #OpenTelemetry for saving storage Migrating logs stored in #OpenSearch to #ClickHouse and enable #OTel support cloudnative.quest/posts/observab… #vector.dev #syslog

@github link first then description or vice versa []() thing, esp after you also use Asciidoc

What's that one markdown syntax you still never remember?

The Trivy attack ran 8 days before public disclosure. A cool-down period of that length would have meant zero exposure. Most supply chain attacks are discovered within days. Not being first to pull is one way you can reduce your exposure. Learn more: bit.ly/4vJB2If

CLAUDE JUST TRIED TO RENAME POWERSHELL.EXE ON WINDOWS 11 this guy was running opus 4.7 on max effort in claude code CLI claude tried to rename powershell.exe (the actual system executable that windows needs to function) the funny part is that after the guy rejected the change it responded with "honest take: you're right to push back" not even system32 is safe anymore at this point we gotta start running claude in a container give it max effort and full permissions and it will confidently try to destroy your system without hesitating then respond with something like "I was wrong, I own that" the agent doesn't know which files are off limits unless you explicitly tell it stop giving AI full access to your machine and hoping it knows what not to touch

Following a security audit, PyPI fixed two high-severity access control issues affecting organization owner invites and project transfer permissions. The audit also surfaced issues in trusted publishing and wheel metadata validation. socket.dev/blog/pypi-fixe… #Python

🚨 New from the Sysdig Threat Research Team: Linux kernel flaw CVE-2026-31431 (Copy Fail) Read the full breakdown >>> okt.to/mIKe8x

Everybody is adding a feature where you can manage your agents from your phone. Don't use it. You'll just get even more addicted, and will burn out even quicker.

This account is no longer active, but you can still get the latest AWS news, announcements, and updates by following us on @awscloud & our other active channels. Thank you for being a part of our community!

🚨 BREAKING: cPanel and WHM, the control panels behind an estimated 70+ million websites, have a critical security flaw that lets anyone become root admin without a password. CVE-2026-41940 affects every supported version. It’s already being exploited in the wild. watchTowr Labs published the full attack today, after the hosting company KnownHost confirmed the bug was already being used to break into a significant chunk of the internet. If you've never heard of cPanel: it's the dashboard that hosting providers and millions of website owners use to manage their servers, domains, email accounts, databases, and SSL certificates. WHM is the admin version that controls the entire server. If someone gets root access to WHM, they get the keys to the kingdom and to every apartment inside it. How the attack works, in plain English: 🔴 Step 1: The attacker sends a deliberately wrong login. cPanel still creates a temporary "you tried to log in" record on disk and gives the attacker a cookie tied to it. 🔴 Step 2: The attacker tweaks the cookie to disable cPanel's password encryption. Normally cPanel encrypts the password field on disk. With one small change to the cookie, cPanel just stores it as plain text instead. 🔴 Step 3: The attacker sends a fake login attempt where the password field secretly contains hidden line breaks. cPanel does not strip these line breaks out, so they get written straight to the session file. Each line break creates a brand new fake record. The attacker uses this to inject lines that say "this user is root" and "this user already authenticated successfully." 🔴 Step 4: The attacker visits one more random page on the site to nudge cPanel into re-reading the file. cPanel then promotes the injected fake lines into its main session memory. 🔴 Step 5: On the next request, cPanel sees a flag that says "this user already passed the password check." cPanel trusts that flag, skips checking the actual password, and lets the attacker in as root. From start to finish, the attack takes a handful of HTTP requests. If you run cPanel or WHM, the patched versions are: 🔴 cPanel/WHM 110.0.x → 11.110.0.97 🔴 cPanel/WHM 118.0.x → 11.118.0.63 🔴 cPanel/WHM 126.0.x → 11.126.0.54 🔴 cPanel/WHM 132.0.x → 11.132.0.29 🔴 cPanel/WHM 134.0.x → 11.134.0.20 🔴 cPanel/WHM 136.0.x → 11.136.0.5 If your version is older than these, assume someone has already broken in and act accordingly. Patch right now, then rotate every password and key the server touched: root passwords, API tokens, SSL private keys, SSH keys, mail passwords, and database passwords.

Alexey Milovidov is presenting 26.4 live from Japan today. 🇯🇵 JOINs that spill to disk automatically, Arrow Flight SQL, and native AI functions. Community call at 9 AM PDT / 5 PM CEST. clickhou.se/4cQhCu5

Update: We’ve added technical analysis to the post. This is a TeamPCP-linked campaign. New details include: → Preinstall scripts added to the compromised packages → Bun used to run the obfuscated payload → Credential theft from developer machines and CI runners → GitHub repositories used for encrypted exfiltration → IDE and AI coding assistant persistence via VS Code and Claude Code → Hardcoded propagation targets in the dependency graph We’ll keep updating as we learn more.

after I run the #copyfail exploit CVE-2026-31431 In another terminal, the su command is acting strange

🟩 Chainguard artifacts are safe from the latest npm supply chain attack 🟩 A coordinated npm supply chain attack is targeting SAP ecosystem packages with 2.25M collective monthly downloads. Read more: bit.ly/4n04aH7

What timing

Last night in Tokyo, we officially launched ClickHouse Japan 🇯🇵 It was an incredible evening bringing together our founders, leadership team, and product leaders from all over the world, celebrating this milestone with the growing Japan team in one of the world’s most important technology markets. The energy in the room made it clear: this is just the beginning. From deep technical conversations to shared excitement about what’s ahead, we’re proud to be building alongside the Japan community and investing in this vital region. 🎥 Check out the highlights from the launch below. Ready to see what ClickHouse can do for you? 👉 Visit us at clickhou.se/3P6G6WD

Starting June 1st, GitHub Copilot will move to a usage-based billing model as GitHub Copilot supports more agentic and advanced workflows. In early May, you'll see a preview bill experience, giving visibility into projected costs before the transition. 👉 Read more about the upcoming change: github.blog/news-insights/…

TeamPCP attacks show CI/CD pipelines are the new security front line. Dan Lorenc shares how to fix flawed supply chain trust assumptions. Thanks to Chainguard thenewstack.io/cicd-pipeline-…

Learn more about Spend Caps (coming soon to Google Cloud), which let you set hard budgets that automatically pause services when you hit your limit—stopping runaway costs → goo.gle/4cGpMnf

If you recognize what's happening here, you're part of a generation that also spent endless hours fine-tuning autoexec.bat and config.sys files. And if you're not sure what's going on in the video, I honestly envy your youth.

SpaceX has an option to acquire Cursor for $60 billion. Congrats to the whole Cursor team! They use ClickHouse for event telemetry — a good example of what we wrote about here: clickhou.se/4sM6SkT AI companies have fundamentally different data requirements. The database market is being redrawn.

VictoriaLogs vs #ElasticSearch: real user quote "Seriously impressed with #VictoriaLogs. We're replacing our ElasticSearch cluster (27 nodes, ~588 CPU Cores, with 4656gb RAM) with a single VL Node (8 CPU Cores, 64gb RAM). We shipped 100m logs to VL in the last hour - box is basically idling with only a couple of GB of RAM used. Any random search query returns in a traction of a second. Seriously seriously impressive." Join our co-founder @dlazerka talk "cost-effective #Monitoring in #Kubernetes" @lfnw