István Pató

🤖 developer.chrome.com/docs/modern-we…

⚠️ On May 16, 2026, we confirmed a targeted attack by a cybercrime group that gained unauthorized access to our GitHub repositories and downloaded our codebase. Here is the latest update about our investigations. grafana.com/blog/grafana-l…

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

That's a simple reminder to use `structuredClone` instead of the `JSON.parse/stringify` solution. Widely available since March 2022.

Behind every stack with too many databases is a team that didn’t check what Postgres can already do. I've seen this a dozen times. MongoDB for JSON. Redis for sessions. Elasticsearch for search. Pinecone for vectors. InfluxDB for metrics. Each one added to solve a real problem. Each one that Postgres already had an answer for. 1. Running MongoDB for JSON storage? Postgres has JSONB with GIN indexes on nested fields. Full query planner support. Joins included. ACID transactions included. Engineers who migrate from MongoDB usually say the same thing: They missed joins more than they expected. 2. Running Pinecone or Chroma for vector search? pgvector supports HNSW and IVFFlat indexing on float vectors. Cosine similarity. L2 distance. Inner product search. If your RAG pipeline already hits Postgres, this is one fewer network hop and one fewer service to operate. 3. Running Elasticsearch for full-text search? pg_trgm + tsvector + GIN indexes handle autocomplete, ranked document search, and fuzzy matching without leaving Postgres. Fuzzy matching. Ranked results. Language dictionaries. Elasticsearch is absolutely worth it for the hard 20%. But know you are actually in that 20% before you add it. 4. Running InfluxDB for time series? TimescaleDB is a Postgres extension. Automatic partitioning. Native compression. Continuous aggregates. SQL interface. Most teams don't know TimescaleDB exists until after they've already set up InfluxDB. That's the only reason InfluxDB is in this list. 5. Running Redis for pub/sub or lightweight queuing? Postgres has LISTEN/NOTIFY for event broadcasting. For durable queues, there's pg_boss, a full job queue built on Postgres, used in production at real scale. This is not a Redis replacement for sub-millisecond caching at scale. But most teams reach for Redis before they even benchmark Postgres. Check first. Every database you add is: - A new connection pool. - A new backup strategy. - A new monitoring dashboard. - A new failure mode. - A new thing to wake you up at 3 AM. Postgres in 2026 covers 80–90% of your data needs with extensions. Before you spin up a specialty store, ask: can Postgres do this? The bill for polyglot persistence isn't paid in infrastructure costs. It's paid in operational complexity, compounded over time.

A new report claims Apple has submitted a new high blood pressure feature for Apple Watch to the FDA for review. It would build on the hypertension alerts in watchOS 26, and may launch alongside Apple Watch Ultra 4 this fall. Full story 9to5mac.com/apple-watch-co…

We made fetch in @nodejs v26 default to http2 if the server prefers… there are bugs.

Hungarian Prime Minister Péter Magyar [@magyarpeterMP] is live-streaming tours inside government ministries to expose the legacy of Viktor Orbán. The broadcasts reveal lavish state halls and reignite public fury over massive renovation costs. Karolina Sztolcman has more on the developing story.

... and only one successful browser entry in #Pwn2Own Berlin 2026: @orange_8361 demonstrated a full compromise of Microsoft Edge using 4 logic bugs with no memory corruption involved.

Big s/o to @gergely_kalman and @theevilbit for the amazing collaboration work... ... and @patch1t for the initial inspiration!

My first CVE! 🎉🎉🎉 This is my non-write-up blog post about it: blog.reversesociety.co/blog/2026/my-f…

@avstorm It could be better…

I genuinely don’t understand the outrage over Spotify’s temporary app icon. A 20-year anniversary is exactly when a company should be allowed to do something playful and different. The default will be back soon.

@farzyness This is so bad that I suspect viral marketing. 🍭

Whoever designed this needs to be fired immediately:

@wonderofscience Teamwork is like this, especially in software development. At first glance, it seems chaotic, yet there’s a system to it. And the opposite is also true: we think it’s orderly and structured, but in reality, it’s chaotic.

Fifteen uncoupled simple pendulums of monotonically increasing lengths dance together to produce visual traveling waves, standing waves, beating, and seemingly random motion. 📽: Harvard Natural Sciences Lecture Demonstrations

After a very thorough 3 day full security sweep and hardening process, we'd like to issue an official all clear ✅ on TanStack repo and package security. Full details have been updated in our post-mortem and security followup blog (linked below). TL;DR: - Only the Router/Start repo was affected. 42 monorepo packages, 2 versions per package. These were promptly deprecated within the hour and removed by NPM shortly after - All other repos and packages were unaffected and remain secure including: Query, DB, Store, AI, Table, Form, HotKeys, Virtual, Pacer, Config, Devtools, CLI, Intent, etc. - All available and published versions of every TanStack package are safe to download, including TanStack Router/Start. tanstack.com/blog/npm-suppl… tanstack.com/blog/incident-…

Shake up your leadership style with this simple practice 👇 Stop giving answers. Start asking: “What do you propose?” Watch your team thrive as they step up and take ownership. Want more practices to improve your way of working? 📩 Get our guide ➡️ buff.ly/JnBnnQo

🚀#Estonia is making history again! 30 years after Tiger Leap, we’re launching AI Leap—the world’s first national AI program for schools, in partnership with @OpenAI & @AnthropicAI, bringing AI tools & skills to students and teachers! #AIinEducation 👉aileap.ee

Introducing Daybreak: frontier AI for cyber defenders. Daybreak brings together the most capable OpenAI models, Codex, and our security partners to accelerate cyber defense and continuously secure software. A step toward a future where security teams can move at the speed defense demands.

Swift 6.3.2 is available! 🛠️ This maintenance release includes updates to Swift Package Manager and Swift Build, making it easier to load package resources on background threads. More here: forums.swift.org/t/announcing-s…