Proof-of-concept for CVE-2025-48593: No, this Android Bluetooth issue does NOT affect your phone or tablet
https://www.reddit.com/r/programming/comments/1pcjqo5/proofofconcept_for_cve202548593_no_this_android/
<!-- SC_OFF -->An issue patched in Android's November Security Bulletin that only affected devices which act as Bluetooth headphones, such as smartwatches, smart glasses, and cars. <!-- SC_ON --> submitted by /u/NXGZ (https://www.reddit.com/user/NXGZ)
[link] (https://worthdoingbadly.com/bluetooth/) [comments] (https://www.reddit.com/r/programming/comments/1pcjqo5/proofofconcept_for_cve202548593_no_this_android/)
https://www.reddit.com/r/programming/comments/1pcjqo5/proofofconcept_for_cve202548593_no_this_android/
<!-- SC_OFF -->An issue patched in Android's November Security Bulletin that only affected devices which act as Bluetooth headphones, such as smartwatches, smart glasses, and cars. <!-- SC_ON --> submitted by /u/NXGZ (https://www.reddit.com/user/NXGZ)
[link] (https://worthdoingbadly.com/bluetooth/) [comments] (https://www.reddit.com/r/programming/comments/1pcjqo5/proofofconcept_for_cve202548593_no_this_android/)
100000 TPS over a billion rows: the unreasonable effectiveness of SQLite
https://www.reddit.com/r/programming/comments/1pckdwu/100000_tps_over_a_billion_rows_the_unreasonable/
submitted by /u/andersmurphy (https://www.reddit.com/user/andersmurphy)
[link] (https://andersmurphy.com/2025/12/02/100000-tps-over-a-billion-rows-the-unreasonable-effectiveness-of-sqlite.html) [comments] (https://www.reddit.com/r/programming/comments/1pckdwu/100000_tps_over_a_billion_rows_the_unreasonable/)
https://www.reddit.com/r/programming/comments/1pckdwu/100000_tps_over_a_billion_rows_the_unreasonable/
submitted by /u/andersmurphy (https://www.reddit.com/user/andersmurphy)
[link] (https://andersmurphy.com/2025/12/02/100000-tps-over-a-billion-rows-the-unreasonable-effectiveness-of-sqlite.html) [comments] (https://www.reddit.com/r/programming/comments/1pckdwu/100000_tps_over_a_billion_rows_the_unreasonable/)
The development process of my new Python book Computer Science from Scratch
https://www.reddit.com/r/programming/comments/1pcwb9a/the_development_process_of_my_new_python_book/
submitted by /u/davidkopec (https://www.reddit.com/user/davidkopec)
[link] (https://www.observationalhazard.com/2025/12/writing-computer-science-from-scratch.html) [comments] (https://www.reddit.com/r/programming/comments/1pcwb9a/the_development_process_of_my_new_python_book/)
https://www.reddit.com/r/programming/comments/1pcwb9a/the_development_process_of_my_new_python_book/
submitted by /u/davidkopec (https://www.reddit.com/user/davidkopec)
[link] (https://www.observationalhazard.com/2025/12/writing-computer-science-from-scratch.html) [comments] (https://www.reddit.com/r/programming/comments/1pcwb9a/the_development_process_of_my_new_python_book/)
Amber the programming language compiled to Bash, 0.5.1 release
https://www.reddit.com/r/programming/comments/1pd128h/amber_the_programming_language_compiled_to_bash/
<!-- SC_OFF -->The new 0.5.1 release includes a lot of new stuff to the compiler, from new syntax, stdlib functions, features and so on. PS: I am one of the co-maintainer, so for any question I am here :-) <!-- SC_ON --> submitted by /u/Mte90 (https://www.reddit.com/user/Mte90)
[link] (https://docs.amber-lang.com/getting_started/whats_new) [comments] (https://www.reddit.com/r/programming/comments/1pd128h/amber_the_programming_language_compiled_to_bash/)
https://www.reddit.com/r/programming/comments/1pd128h/amber_the_programming_language_compiled_to_bash/
<!-- SC_OFF -->The new 0.5.1 release includes a lot of new stuff to the compiler, from new syntax, stdlib functions, features and so on. PS: I am one of the co-maintainer, so for any question I am here :-) <!-- SC_ON --> submitted by /u/Mte90 (https://www.reddit.com/user/Mte90)
[link] (https://docs.amber-lang.com/getting_started/whats_new) [comments] (https://www.reddit.com/r/programming/comments/1pd128h/amber_the_programming_language_compiled_to_bash/)
The 50MB Markdown Files That Broke Our Server
https://www.reddit.com/r/programming/comments/1pd1heu/the_50mb_markdown_files_that_broke_our_server/
submitted by /u/Weary-Database-8713 (https://www.reddit.com/user/Weary-Database-8713)
[link] (https://glama.ai/blog/2025-12-03-the-50mb-markdown-files-that-broke-our-server) [comments] (https://www.reddit.com/r/programming/comments/1pd1heu/the_50mb_markdown_files_that_broke_our_server/)
https://www.reddit.com/r/programming/comments/1pd1heu/the_50mb_markdown_files_that_broke_our_server/
submitted by /u/Weary-Database-8713 (https://www.reddit.com/user/Weary-Database-8713)
[link] (https://glama.ai/blog/2025-12-03-the-50mb-markdown-files-that-broke-our-server) [comments] (https://www.reddit.com/r/programming/comments/1pd1heu/the_50mb_markdown_files_that_broke_our_server/)
Modular Monolith and Microservices: Modularity is what truly matters
https://www.reddit.com/r/programming/comments/1pd4daj/modular_monolith_and_microservices_modularity_is/
<!-- SC_OFF -->Modularity is a quality that should be treated mostly independent of how many deployable units of software we choose to have. We should aim at splitting our systems into logical, functional modules as independent of each other as possible - in the ideal world, every module should not know anything about any other module and have everything that is needed to serve its functionality. In the real world that is usually not fully possible, but we should have these ideals as our guiding principles and strive for high cohesion and low/loose coupling. Let's work on the example and say that we have a system - "Curious Notes to the Interesting Quotes" - where users can add notes to famous quotes and sayings. One possible design is to split it into the following modules:
- users: responsible for the creation of new users, managing accounts and authorizing/authenticating them
- quotes: responsible for the management of quotes by the special, privileged users
- notes: responsible for adding notes to quotes by the users, also allowing them to edit, delete and like them Modules dependencies:
- users - no dependencies
- quotes - depends on users for asking whether a certain user is allowed to add/edit/delete quotes
- notes - depends on users for asking whether a certain user is allowed to add/edit/delete a note, depends on quotes to know whether a particular quote exists These are our modules and their dependencies. We should treat this logical division mostly independently of our physical architecture choice. We might have a Modular Monolith with these three modules as just separate folders or fully isolated and independently versioned packages. We can also go for three (Micro)services that communicate over the wire, synchronously or asynchronously. This physical division of a system into one or multiple units of deployment should be a secondary, not primary, factor when it comes to system design. The driving factor should be the understanding of our domain and functional requirements, concepts that we have there and the dependencies that occur between them. Only having sorted this out, we should think about non-functional, performance and resource utilization related factors that might, or might not, change the implementation details of our initial design. <!-- SC_ON --> submitted by /u/BinaryIgor (https://www.reddit.com/user/BinaryIgor)
[link] (https://binaryigor.com/modular-monolith-and-microservices-modularity-is-what-truly-matters.html) [comments] (https://www.reddit.com/r/programming/comments/1pd4daj/modular_monolith_and_microservices_modularity_is/)
https://www.reddit.com/r/programming/comments/1pd4daj/modular_monolith_and_microservices_modularity_is/
<!-- SC_OFF -->Modularity is a quality that should be treated mostly independent of how many deployable units of software we choose to have. We should aim at splitting our systems into logical, functional modules as independent of each other as possible - in the ideal world, every module should not know anything about any other module and have everything that is needed to serve its functionality. In the real world that is usually not fully possible, but we should have these ideals as our guiding principles and strive for high cohesion and low/loose coupling. Let's work on the example and say that we have a system - "Curious Notes to the Interesting Quotes" - where users can add notes to famous quotes and sayings. One possible design is to split it into the following modules:
- users: responsible for the creation of new users, managing accounts and authorizing/authenticating them
- quotes: responsible for the management of quotes by the special, privileged users
- notes: responsible for adding notes to quotes by the users, also allowing them to edit, delete and like them Modules dependencies:
- users - no dependencies
- quotes - depends on users for asking whether a certain user is allowed to add/edit/delete quotes
- notes - depends on users for asking whether a certain user is allowed to add/edit/delete a note, depends on quotes to know whether a particular quote exists These are our modules and their dependencies. We should treat this logical division mostly independently of our physical architecture choice. We might have a Modular Monolith with these three modules as just separate folders or fully isolated and independently versioned packages. We can also go for three (Micro)services that communicate over the wire, synchronously or asynchronously. This physical division of a system into one or multiple units of deployment should be a secondary, not primary, factor when it comes to system design. The driving factor should be the understanding of our domain and functional requirements, concepts that we have there and the dependencies that occur between them. Only having sorted this out, we should think about non-functional, performance and resource utilization related factors that might, or might not, change the implementation details of our initial design. <!-- SC_ON --> submitted by /u/BinaryIgor (https://www.reddit.com/user/BinaryIgor)
[link] (https://binaryigor.com/modular-monolith-and-microservices-modularity-is-what-truly-matters.html) [comments] (https://www.reddit.com/r/programming/comments/1pd4daj/modular_monolith_and_microservices_modularity_is/)
Generalizing the Shunting Yard Algorithm Part 4
https://www.reddit.com/r/programming/comments/1pd5tdp/generalizing_the_shunting_yard_algorithm_part_4/
submitted by /u/error-errorfruituser (https://www.reddit.com/user/error-errorfruituser)
[link] (https://syntax-slander.hashnode.dev/generalizing-the-shunting-yard-algorithm-part-4) [comments] (https://www.reddit.com/r/programming/comments/1pd5tdp/generalizing_the_shunting_yard_algorithm_part_4/)
https://www.reddit.com/r/programming/comments/1pd5tdp/generalizing_the_shunting_yard_algorithm_part_4/
submitted by /u/error-errorfruituser (https://www.reddit.com/user/error-errorfruituser)
[link] (https://syntax-slander.hashnode.dev/generalizing-the-shunting-yard-algorithm-part-4) [comments] (https://www.reddit.com/r/programming/comments/1pd5tdp/generalizing_the_shunting_yard_algorithm_part_4/)
Event Sourcing: What, Why, and How — Explained on a Real Project
https://www.reddit.com/r/programming/comments/1pd6ect/event_sourcing_what_why_and_how_explained_on_a/
<!-- SC_OFF -->The idea of event sourcing is completely different from what we usually build.
Today I’ll show you the fundamentals of an event-sourced system using a poker platform as an example, but first, why would you choose this over plain CRUD? <!-- SC_ON --> submitted by /u/NoBarber9673 (https://www.reddit.com/user/NoBarber9673)
[link] (https://volodymyrpotiichuk.com/blog/articles/event-sourcing) [comments] (https://www.reddit.com/r/programming/comments/1pd6ect/event_sourcing_what_why_and_how_explained_on_a/)
https://www.reddit.com/r/programming/comments/1pd6ect/event_sourcing_what_why_and_how_explained_on_a/
<!-- SC_OFF -->The idea of event sourcing is completely different from what we usually build.
Today I’ll show you the fundamentals of an event-sourced system using a poker platform as an example, but first, why would you choose this over plain CRUD? <!-- SC_ON --> submitted by /u/NoBarber9673 (https://www.reddit.com/user/NoBarber9673)
[link] (https://volodymyrpotiichuk.com/blog/articles/event-sourcing) [comments] (https://www.reddit.com/r/programming/comments/1pd6ect/event_sourcing_what_why_and_how_explained_on_a/)
Durable Executions, defined
https://www.reddit.com/r/programming/comments/1pd79w1/durable_executions_defined/
<!-- SC_OFF -->Every durable execution framework tells a similar story: write normal code, get fault tolerance. Yet none of them define what “normal code” or “fault tolerance” means. <!-- SC_ON --> submitted by /u/dtornow (https://www.reddit.com/user/dtornow)
[link] (https://journal.resonatehq.io/p/durable-executions-defined) [comments] (https://www.reddit.com/r/programming/comments/1pd79w1/durable_executions_defined/)
https://www.reddit.com/r/programming/comments/1pd79w1/durable_executions_defined/
<!-- SC_OFF -->Every durable execution framework tells a similar story: write normal code, get fault tolerance. Yet none of them define what “normal code” or “fault tolerance” means. <!-- SC_ON --> submitted by /u/dtornow (https://www.reddit.com/user/dtornow)
[link] (https://journal.resonatehq.io/p/durable-executions-defined) [comments] (https://www.reddit.com/r/programming/comments/1pd79w1/durable_executions_defined/)
Booting a Linux kernel in qemu and writing PID 1 in Go (to show the kernel is "just a program")
https://www.reddit.com/r/programming/comments/1pd8dh1/booting_a_linux_kernel_in_qemu_and_writing_pid_1/
<!-- SC_OFF -->I’ve been working on a "Linux Inside Out" series and wrote a post that might interest folks here who like low-level / OS internals. The idea is to dissect the components of a Linux OS, layer by layer, and build a mental model of how everything fits together through experiments. The first part is about the kernel, in the post I: take the same kernel image my distro boots from /boot boot it directly with QEMU (no distro, no init system) watch it panic write a tiny Go program and use it as PID 1 build a minimal initramfs around it so the kernel can actually start our process The goal isn’t to build a real distro, just to give a concrete mental model of: that the Linux kernel is just a compressed file, you can boot it without anything else what the kernel actually does at boot how it hands control to userspace what PID 1 / init is in practice what is kernel space vs user space Link: https://serversfor.dev/linux-inside-out/the-linux-kernel-is-just-a-program/ I’m the author, would be happy to hear from other devs whether this way of explaining things makes sense, and what you’d add or change for future posts in the series. <!-- SC_ON --> submitted by /u/indieHungary (https://www.reddit.com/user/indieHungary)
[link] (https://serversfor.dev/linux-inside-out/the-linux-kernel-is-just-a-program/) [comments] (https://www.reddit.com/r/programming/comments/1pd8dh1/booting_a_linux_kernel_in_qemu_and_writing_pid_1/)
https://www.reddit.com/r/programming/comments/1pd8dh1/booting_a_linux_kernel_in_qemu_and_writing_pid_1/
<!-- SC_OFF -->I’ve been working on a "Linux Inside Out" series and wrote a post that might interest folks here who like low-level / OS internals. The idea is to dissect the components of a Linux OS, layer by layer, and build a mental model of how everything fits together through experiments. The first part is about the kernel, in the post I: take the same kernel image my distro boots from /boot boot it directly with QEMU (no distro, no init system) watch it panic write a tiny Go program and use it as PID 1 build a minimal initramfs around it so the kernel can actually start our process The goal isn’t to build a real distro, just to give a concrete mental model of: that the Linux kernel is just a compressed file, you can boot it without anything else what the kernel actually does at boot how it hands control to userspace what PID 1 / init is in practice what is kernel space vs user space Link: https://serversfor.dev/linux-inside-out/the-linux-kernel-is-just-a-program/ I’m the author, would be happy to hear from other devs whether this way of explaining things makes sense, and what you’d add or change for future posts in the series. <!-- SC_ON --> submitted by /u/indieHungary (https://www.reddit.com/user/indieHungary)
[link] (https://serversfor.dev/linux-inside-out/the-linux-kernel-is-just-a-program/) [comments] (https://www.reddit.com/r/programming/comments/1pd8dh1/booting_a_linux_kernel_in_qemu_and_writing_pid_1/)
Addressing the 'gray area' between High-Level and Low-Level Design - a Software Design tutorial
https://www.reddit.com/r/programming/comments/1pdbob0/addressing_the_gray_area_between_highlevel_and/
<!-- SC_OFF -->Hi everyone. I’ve written a deep dive into Software Design focusing on the "gray area" between High-Level Design (system architecture) and Low-Level Design (classes/functions). What's inside: A step-by-step tutorial refactoring a legacy big-ball-of-mud into self-contained modules. A bit of a challenge to Clean/Hexagonal Architectures with a pattern I've seen in the wild (which I named MIM in the text). A solid appendix on the fundamentals of Modular Design. (Warning: It’s a long read. I’ve seen shorter ebooks on Leanpub). BTW, AI wasn't used in the writing of this text until proofreading. <!-- SC_ON --> submitted by /u/codingfox7 (https://www.reddit.com/user/codingfox7)
[link] (https://codingfox.net.pl/posts/mim/) [comments] (https://www.reddit.com/r/programming/comments/1pdbob0/addressing_the_gray_area_between_highlevel_and/)
https://www.reddit.com/r/programming/comments/1pdbob0/addressing_the_gray_area_between_highlevel_and/
<!-- SC_OFF -->Hi everyone. I’ve written a deep dive into Software Design focusing on the "gray area" between High-Level Design (system architecture) and Low-Level Design (classes/functions). What's inside: A step-by-step tutorial refactoring a legacy big-ball-of-mud into self-contained modules. A bit of a challenge to Clean/Hexagonal Architectures with a pattern I've seen in the wild (which I named MIM in the text). A solid appendix on the fundamentals of Modular Design. (Warning: It’s a long read. I’ve seen shorter ebooks on Leanpub). BTW, AI wasn't used in the writing of this text until proofreading. <!-- SC_ON --> submitted by /u/codingfox7 (https://www.reddit.com/user/codingfox7)
[link] (https://codingfox.net.pl/posts/mim/) [comments] (https://www.reddit.com/r/programming/comments/1pdbob0/addressing_the_gray_area_between_highlevel_and/)
Implementing a Framework for Closed-Loop Control Algorithms in Modern C++
https://www.reddit.com/r/programming/comments/1pdbw9c/implementing_a_framework_for_closedloop_control/
<!-- SC_OFF -->This article explores how modern C++ features can be used to create abstractions appropriate for embedded and high-performance applications. The framework utilizes features such as: template concepts NTTP lambdas monadic types such as std::expected In the article, I start with a basic "vanilla" C-style bang-bang control algorithm, and work up to a safer, more performant framework. The flexibility and safety of the interface is demonstrated via examples and even a few fully simulated control laws. The final code is also distributed as a freely available single-header library. There's a few recommended exercises in the article to test your knowledge and get more comfortable with the presented material! <!-- SC_ON --> submitted by /u/volatile-int (https://www.reddit.com/user/volatile-int)
[link] (https://www.volatileint.dev/posts/feedback-controller) [comments] (https://www.reddit.com/r/programming/comments/1pdbw9c/implementing_a_framework_for_closedloop_control/)
https://www.reddit.com/r/programming/comments/1pdbw9c/implementing_a_framework_for_closedloop_control/
<!-- SC_OFF -->This article explores how modern C++ features can be used to create abstractions appropriate for embedded and high-performance applications. The framework utilizes features such as: template concepts NTTP lambdas monadic types such as std::expected In the article, I start with a basic "vanilla" C-style bang-bang control algorithm, and work up to a safer, more performant framework. The flexibility and safety of the interface is demonstrated via examples and even a few fully simulated control laws. The final code is also distributed as a freely available single-header library. There's a few recommended exercises in the article to test your knowledge and get more comfortable with the presented material! <!-- SC_ON --> submitted by /u/volatile-int (https://www.reddit.com/user/volatile-int)
[link] (https://www.volatileint.dev/posts/feedback-controller) [comments] (https://www.reddit.com/r/programming/comments/1pdbw9c/implementing_a_framework_for_closedloop_control/)
Postgres CDC in ClickHouse, A year in review
https://www.reddit.com/r/programming/comments/1pdd3hu/postgres_cdc_in_clickhouse_a_year_in_review/
<!-- SC_OFF -->From the outside, Change Data Capture (CDC) appears straightforward - 'just read the WAL' - but real-world workloads reveal a very different reality. I spent sometime to write a honest technical retrospective on a year of Postgres CDC in production. 100x customer growth, 400+ companies, 200TB of monthly data. However, the real story lies in solving replication slot backpressure, long-running transactions, and the edge cases that only become apparent at midnight. https://clickhouse.com/blog/postgres-cdc-year-in-review-2025 Full breakdown of what shipped, what broke, and what's next. Would love to get your feedback! :) <!-- SC_ON --> submitted by /u/saipeerdb (https://www.reddit.com/user/saipeerdb)
[link] (https://clickhouse.com/blog/postgres-cdc-year-in-review-2025) [comments] (https://www.reddit.com/r/programming/comments/1pdd3hu/postgres_cdc_in_clickhouse_a_year_in_review/)
https://www.reddit.com/r/programming/comments/1pdd3hu/postgres_cdc_in_clickhouse_a_year_in_review/
<!-- SC_OFF -->From the outside, Change Data Capture (CDC) appears straightforward - 'just read the WAL' - but real-world workloads reveal a very different reality. I spent sometime to write a honest technical retrospective on a year of Postgres CDC in production. 100x customer growth, 400+ companies, 200TB of monthly data. However, the real story lies in solving replication slot backpressure, long-running transactions, and the edge cases that only become apparent at midnight. https://clickhouse.com/blog/postgres-cdc-year-in-review-2025 Full breakdown of what shipped, what broke, and what's next. Would love to get your feedback! :) <!-- SC_ON --> submitted by /u/saipeerdb (https://www.reddit.com/user/saipeerdb)
[link] (https://clickhouse.com/blog/postgres-cdc-year-in-review-2025) [comments] (https://www.reddit.com/r/programming/comments/1pdd3hu/postgres_cdc_in_clickhouse_a_year_in_review/)
Anthropic Internal Study Shows AI Is Taking Over Boring Code. But Is Software Engineering Losing Its Soul?
https://www.reddit.com/r/programming/comments/1pdqgtj/anthropic_internal_study_shows_ai_is_taking_over/
submitted by /u/warmeggnog (https://www.reddit.com/user/warmeggnog)
[link] (https://www.interviewquery.com/p/anthropic-ai-skill-erosion-report) [comments] (https://www.reddit.com/r/programming/comments/1pdqgtj/anthropic_internal_study_shows_ai_is_taking_over/)
https://www.reddit.com/r/programming/comments/1pdqgtj/anthropic_internal_study_shows_ai_is_taking_over/
submitted by /u/warmeggnog (https://www.reddit.com/user/warmeggnog)
[link] (https://www.interviewquery.com/p/anthropic-ai-skill-erosion-report) [comments] (https://www.reddit.com/r/programming/comments/1pdqgtj/anthropic_internal_study_shows_ai_is_taking_over/)
GitHub Wrapped 2025 | GitHub Unwrapp | Git Wrap
https://www.reddit.com/r/programming/comments/1pdt1qn/github_wrapped_2025_github_unwrapp_git_wrap/
<!-- SC_OFF -->Built Spotify wrap for GitHub users, already got 200+ users within an hr, go and check yours right now and get on the leaderboard asap! on: https://trygitwrap.com (https://trygitwrap.com/) <!-- SC_ON --> submitted by /u/Klausmikhaelson (https://www.reddit.com/user/Klausmikhaelson)
[link] (https://trygitwrap.com/) [comments] (https://www.reddit.com/r/programming/comments/1pdt1qn/github_wrapped_2025_github_unwrapp_git_wrap/)
https://www.reddit.com/r/programming/comments/1pdt1qn/github_wrapped_2025_github_unwrapp_git_wrap/
<!-- SC_OFF -->Built Spotify wrap for GitHub users, already got 200+ users within an hr, go and check yours right now and get on the leaderboard asap! on: https://trygitwrap.com (https://trygitwrap.com/) <!-- SC_ON --> submitted by /u/Klausmikhaelson (https://www.reddit.com/user/Klausmikhaelson)
[link] (https://trygitwrap.com/) [comments] (https://www.reddit.com/r/programming/comments/1pdt1qn/github_wrapped_2025_github_unwrapp_git_wrap/)
Django 6 New Features (2025): Full Breakdown with Examples
https://www.reddit.com/r/programming/comments/1pdtbw9/django_6_new_features_2025_full_breakdown_with/
<!-- SC_OFF -->What’s new in Django 6.0 (2025), from built-in CSP support and template partials to background tasks, modern email APIs, and more. Whether you’re a seasoned Django dev or just curious about the update, this post has something for everyone. <!-- SC_ON --> submitted by /u/Funny-Ad-5060 (https://www.reddit.com/user/Funny-Ad-5060)
[link] (https://pythonjournals.com/django-6-new-features-2025/) [comments] (https://www.reddit.com/r/programming/comments/1pdtbw9/django_6_new_features_2025_full_breakdown_with/)
https://www.reddit.com/r/programming/comments/1pdtbw9/django_6_new_features_2025_full_breakdown_with/
<!-- SC_OFF -->What’s new in Django 6.0 (2025), from built-in CSP support and template partials to background tasks, modern email APIs, and more. Whether you’re a seasoned Django dev or just curious about the update, this post has something for everyone. <!-- SC_ON --> submitted by /u/Funny-Ad-5060 (https://www.reddit.com/user/Funny-Ad-5060)
[link] (https://pythonjournals.com/django-6-new-features-2025/) [comments] (https://www.reddit.com/r/programming/comments/1pdtbw9/django_6_new_features_2025_full_breakdown_with/)
Patterns for Deploying OTel Collector at Scale
https://www.reddit.com/r/programming/comments/1pdzrcg/patterns_for_deploying_otel_collector_at_scale/
<!-- SC_OFF -->Hi! I write for a newsletter, and this week's edition, I covered the three main deployment patterns for OTel Collector at Scale. - Load balancer pattern - Multi-cluster pattern - Per-signal pattern I've also added tips on choosing your deployment pattern based on your architecture, as well as some first-hand advice from an OpenTelemetry contributor! Let me know if you enjoyed this! <!-- SC_ON --> submitted by /u/elizObserves (https://www.reddit.com/user/elizObserves)
[link] (https://newsletter.signoz.io/p/patterns-for-deploying-otel-collector) [comments] (https://www.reddit.com/r/programming/comments/1pdzrcg/patterns_for_deploying_otel_collector_at_scale/)
https://www.reddit.com/r/programming/comments/1pdzrcg/patterns_for_deploying_otel_collector_at_scale/
<!-- SC_OFF -->Hi! I write for a newsletter, and this week's edition, I covered the three main deployment patterns for OTel Collector at Scale. - Load balancer pattern - Multi-cluster pattern - Per-signal pattern I've also added tips on choosing your deployment pattern based on your architecture, as well as some first-hand advice from an OpenTelemetry contributor! Let me know if you enjoyed this! <!-- SC_ON --> submitted by /u/elizObserves (https://www.reddit.com/user/elizObserves)
[link] (https://newsletter.signoz.io/p/patterns-for-deploying-otel-collector) [comments] (https://www.reddit.com/r/programming/comments/1pdzrcg/patterns_for_deploying_otel_collector_at_scale/)
Petition: Oracle, it’s time to free JavaScript.
https://www.reddit.com/r/programming/comments/1pe2ohc/petition_oracle_its_time_to_free_javanoscript/
submitted by /u/TheTwelveYearOld (https://www.reddit.com/user/TheTwelveYearOld)
[link] (https://javanoscript.tm/letter) [comments] (https://www.reddit.com/r/programming/comments/1pe2ohc/petition_oracle_its_time_to_free_javanoscript/)
https://www.reddit.com/r/programming/comments/1pe2ohc/petition_oracle_its_time_to_free_javanoscript/
submitted by /u/TheTwelveYearOld (https://www.reddit.com/user/TheTwelveYearOld)
[link] (https://javanoscript.tm/letter) [comments] (https://www.reddit.com/r/programming/comments/1pe2ohc/petition_oracle_its_time_to_free_javanoscript/)
Remember XKCD’s legendary dependency comic? I finally built the thing we all joked about.
https://www.reddit.com/r/programming/comments/1pe2quy/remember_xkcds_legendary_dependency_comic_i/
<!-- SC_OFF -->Meet Stacktower: Turn your dependency graph into a real, wobbly, XKCD-style tower. <!-- SC_ON --> submitted by /u/schnitzeljogger (https://www.reddit.com/user/schnitzeljogger)
[link] (https://stacktower.io/) [comments] (https://www.reddit.com/r/programming/comments/1pe2quy/remember_xkcds_legendary_dependency_comic_i/)
https://www.reddit.com/r/programming/comments/1pe2quy/remember_xkcds_legendary_dependency_comic_i/
<!-- SC_OFF -->Meet Stacktower: Turn your dependency graph into a real, wobbly, XKCD-style tower. <!-- SC_ON --> submitted by /u/schnitzeljogger (https://www.reddit.com/user/schnitzeljogger)
[link] (https://stacktower.io/) [comments] (https://www.reddit.com/r/programming/comments/1pe2quy/remember_xkcds_legendary_dependency_comic_i/)
Prompt injection within GitHub Actions: Google Gemini and multiple other fortunate 500 companies vulnerable
https://www.reddit.com/r/programming/comments/1pe3cew/prompt_injection_within_github_actions_google/
<!-- SC_OFF -->So this is pretty crazy. Back in August we reported to Google a new class of vulnerability which is using prompt injection on GitHub Action workflows. Because all good vulnerabilities have a cute name we are calling it PromptPwnd This occus when you are using GitHub Actions and GitLab pipelines that integrate AI agents like Gemini CLI, Claude Code Actions, OpenAI Codex Actions, and GitHub AI Inference. What we found (high level): Untrusted user input (issue text, PR denoscriptions, commit messages) is being passed directly into AI prompts AI agents often have access to privileged tools (e.g., gh issue edit, shell commands) Combining the two allows prompt injection → unintended privileged actions This pattern appeared in at least 6 Fortune 500 companies, including Google Google’s Gemini CLI repo was affected and patched within 4 days of disclosure We confirmed real, exploitable proof-of-concept scenarios The underlying pattern:
Untrusted user input → injected into AI prompt → AI executes privileged tools → secrets leaked or workflows modified Example of a vulnerable workflow snippet: prompt: | Review the issue: "${{ github.event.issue.body }}" How to check if you're affected: Run Opengrep (we published open-source rules targeting this pattern) ttps://github.com/AikidoSec/opengrep-rules (https://github.com/AikidoSec/opengrep-rules) Or use Aikido’s CI/CD scanning Recommended mitigations: Restrict what tools AI agents can call Don’t inject untrusted text into prompts (sanitize if unavoidable) Treat all AI output as untrusted Use GitHub token IP restrictions to reduce blast radius If you’re experimenting with AI in CI/CD, this is a new attack surface worth auditing.
Link to full research: https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents <!-- SC_ON --> submitted by /u/Advocatemack (https://www.reddit.com/user/Advocatemack)
[link] (https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents) [comments] (https://www.reddit.com/r/programming/comments/1pe3cew/prompt_injection_within_github_actions_google/)
https://www.reddit.com/r/programming/comments/1pe3cew/prompt_injection_within_github_actions_google/
<!-- SC_OFF -->So this is pretty crazy. Back in August we reported to Google a new class of vulnerability which is using prompt injection on GitHub Action workflows. Because all good vulnerabilities have a cute name we are calling it PromptPwnd This occus when you are using GitHub Actions and GitLab pipelines that integrate AI agents like Gemini CLI, Claude Code Actions, OpenAI Codex Actions, and GitHub AI Inference. What we found (high level): Untrusted user input (issue text, PR denoscriptions, commit messages) is being passed directly into AI prompts AI agents often have access to privileged tools (e.g., gh issue edit, shell commands) Combining the two allows prompt injection → unintended privileged actions This pattern appeared in at least 6 Fortune 500 companies, including Google Google’s Gemini CLI repo was affected and patched within 4 days of disclosure We confirmed real, exploitable proof-of-concept scenarios The underlying pattern:
Untrusted user input → injected into AI prompt → AI executes privileged tools → secrets leaked or workflows modified Example of a vulnerable workflow snippet: prompt: | Review the issue: "${{ github.event.issue.body }}" How to check if you're affected: Run Opengrep (we published open-source rules targeting this pattern) ttps://github.com/AikidoSec/opengrep-rules (https://github.com/AikidoSec/opengrep-rules) Or use Aikido’s CI/CD scanning Recommended mitigations: Restrict what tools AI agents can call Don’t inject untrusted text into prompts (sanitize if unavoidable) Treat all AI output as untrusted Use GitHub token IP restrictions to reduce blast radius If you’re experimenting with AI in CI/CD, this is a new attack surface worth auditing.
Link to full research: https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents <!-- SC_ON --> submitted by /u/Advocatemack (https://www.reddit.com/user/Advocatemack)
[link] (https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents) [comments] (https://www.reddit.com/r/programming/comments/1pe3cew/prompt_injection_within_github_actions_google/)
A critical vulnerability has been identified in the React Server Components protocol
https://www.reddit.com/r/programming/comments/1pe3yv9/a_critical_vulnerability_has_been_identified_in/
submitted by /u/Ordinary_Leader_2971 (https://www.reddit.com/user/Ordinary_Leader_2971)
[link] (https://nextjs.org/blog/CVE-2025-66478) [comments] (https://www.reddit.com/r/programming/comments/1pe3yv9/a_critical_vulnerability_has_been_identified_in/)
https://www.reddit.com/r/programming/comments/1pe3yv9/a_critical_vulnerability_has_been_identified_in/
submitted by /u/Ordinary_Leader_2971 (https://www.reddit.com/user/Ordinary_Leader_2971)
[link] (https://nextjs.org/blog/CVE-2025-66478) [comments] (https://www.reddit.com/r/programming/comments/1pe3yv9/a_critical_vulnerability_has_been_identified_in/)