How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets - A security researcher explains how he used the GitHub Event API and the GH Archive project to automate scanning for leaked secrets on deleted commits that can still be accessed.
Advice From a Software Engineer With 8 Years of Experience - The author shares practical career lessons for software engineers, focusing on continuous improvement through deliberate habits like keeping a work log, stepping out of comfort zones, collaborating across teams, embracing on-call duties, writing blog posts, and wisely navigating team dynamics and the hiring market. The advice is targeted at junior to mid-level engineers aspiring to grow toward senior roles.
How to Think About Time in Programming - This post offers a conceptual framework for reasoning about time in software, warning that handling instants, durations, time zones, and “the epoch” introduces subtle complexity. It advises sticking to modeling physical time with types like Java’s
Instant, using UTC as a reference but recognizing its limitations, and avoiding mixing physical and civil time to prevent buggy, zone-dependent codeIntroducing tmux-rs - A story of how the author is porting tmux code from C to Rust. It describes the technical challenges in translating C to Rust, the build process, and nuances of intrusive data structures.
My favorites
- We Made Postgres Writes Faster, but it Broke Replication
- Why Japanese Developers Write Code Completely Differently (And Why It Works Better)
- REST next level : Ecrire des APIs web orientées métier (Julien Topçu)
- APIs Versioning - Best practices for managing API changes without breaking users’ trust.
- Linear method - “Practices for building. There is a lost art of building true quality software. To bring back the right focus, here are the foundational ideas Linear is built on.”
- Awesome Performance - A curated list of awesome performance stories.
- Debugging the One-in-a-Million Failure: Migrating Pinterest’s Search Infrastructure to Kubernetes
- The Architect’s Guide to Micro-Frontends: A Deep Dive into Module Federation with React and Angular
- Thayer Method - How to run large meetings
- A Friendly Introduction to SVG
- Behind the Streams: Three Years Of Live at Netflix. Part 1.
- Parsing 1 Billion Rows in BunTypescript Under 10 Seconds
- The Pragmatic Engineer 2025 Survey: What’s in your tech stack?
- I’m Switching to Python and Actually Liking It
- Crawling a billion web pages in just over 24 hours, in 2025
- More than you wanted to know about how Game Boy cartridges work
- This is a story about how I lost $10,000,000 by doing something stupid
AI
- GPT - Beast Mode - “Beast Mode is a custom chat mode for VS Code agent that adds an opinionated workflow to the agent, including use of a todo list, extensive internet research capabilities, planning, tool usage instructions and more”
- Replit AI secretly deletes prod – oops!
- Augmented Coding: Beyond the Vibes - Notes from a technically challenging project from Kent Beck
- Supabase MCP can leak your entire SQL database
- Software engineering with LLMs in 2025: reality check
- How Spotify Uses GenAI and ML to Annotate a Hundred Million Tracks
- Adding a feature because ChatGPT incorrectly thinks it exists
- Running a million-board chess MMO in a single process and the video. cf newsletter janvier 2025 with Writing down (and searching through) every UUID
- A critical look at MCP
Database
- PostgreSQL at Scale: Database Schema Changes Without Downtime
- Behind the scenes: Speeding up pgstream snapshots for PostgreSQL
- Vos requêtes SQL jusqu’à 10000 fois plus rapides, durablement. - Alain LESAGE (DALIBO)
React
- React Re-Renders
- How to take screenshots of your statically exported Next.js site in GitHub Actions workflow
Tools
- zed fonts - The coding font used by zed
- vscan - “Proactively analyze Visual Studio Code extensions for security vulnerabilities and ensure a safer development environment.”
- Pomodoro on the CLI - article for mac os or Gist for Linux and Gist for Mac
Security
- eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware
- Introducing OSS Rebuild: Open Source, Rebuilt to Last
- Target=_blank implies rel=noopener
- Open source has a malware problem, and it’s getting worse
By Octo
And two articles on Programmez! magazine:
- Java : de l’instruction switch au Pattern Matching
- Sécurité applicative : le détournement des fonctions internes d’un programme
Vrac
- One Tip a Week: Raycast 🤝 MCP
- How to Write Compelling Software Release Announcements
- What’s the difference between ordinary functions and arrow functions in JavaScript?
- That XOR Trick
- Modern Node.js Patterns for 2025
- The company that created Kafka is replacing it with a new solution
- Which Data Architecture Should I Choose for My Workplace? — A Data Engineer’s Approach
- NVIDIA is full of shit
- Artisanal Handcrafted Git Repositories