Note di Matteo

pg_repack. pg_repack is a PostgreSQL extension which lets you remove bloat from tables and indexes, and optionally restore the physical order of clustered indexes. Unlike CLUSTER and VACUUM FULL it works online, without holding an exclusive lock on the processed tables during processing. pg_repack is efficient to boot, with performance comparable to using CLUSTER directly.

Postmortem di Railway, la creazione di un indice PostgreSQL ha tirato giù tutto:

A routine change to this Postgres database introduced a new column with an index to a table containing approximately 1 billion records. This table is critical in our backend API’s infrastructure, used by nearly all API operations.

The index creation did not use Postgres’ CONCURRENTLY option, causing an exclusive lock on the entire table. During the lock period, all queries against the database were queued behind the index operation. [...] Manual intervention attempts to terminate the index creation failed.

Le misure:

We’re going to introduce several changes to prevent errors of this class from happening again:

• In CI, we will enforce CONCURRENTLY usage for all index creation operations, blocking non-compliant pull requests before merge.
• PgBouncer connection pool limits will be adjusted to prevent overwhelming the underlying Postgres instance's capacity.
• Database user connection limits will be configured to guarantee administrative access during incidents, ensuring maintenance operations remain possible under all conditions.

A conspicuous part of Let’s Encrypt’s history is how thoroughly our vision of scalability through automation has succeeded.

In March 2016, we issued our one millionth certificate. Just two years later, in September 2018, we were issuing a million certificates every day. In 2020 we reached a billion total certificates issued and as of late 2025 we’re frequently issuing ten million certificates per day. We’re now on track to reach a billion active sites, probably sometime in the coming year.

(LE)

TIL il font Inter ha delle varianti per risolvere le ambiguità, come la lettera elle che si confonde con la i:

font-feature-settings: "ss02";

AWS Bedrock (managed AI inference) perde clienti grossi per carenza di capacità hw e latenza peggiore:

Customers using Anthropic’s Claude models through Bedrock opted to switch to Anthropic’s own platform or Google Cloud because of “ongoing capacity, latency, and feature parity issues,” according to the July AWS document. Companies such as Figma, Intercom, and Wealthsimple were among those migrating their workloads “due to one or several of these challenges.

Thomson Reuters also chose Google Cloud over Bedrock for its CoCounsel AI product after finding AWS’s service was 15% to 30% slower and lacked key government compliance certifications, the document showed.

The Broken Promises of Substack. Substack promised independence, but has evolved into another platform playing the same game as everyone else.

Certificate Authorities Are Once Again Issuing Certificates That Don't Work. Un ritardo nel deployment dei nuovi log CT di Chrome ha portato alcune CA che non seguono le specifiche a emettere certificati non riconosciuti.

Sull'architettura di GitHub:

The current architecture is indeed suboptimal. We are in the process of decoupling the monolith and now about to accelerate an incremental migration to a modern frontend stack. This will allow us to have higher velocity and better DX. I’ll post more soon when we officially get started.

The current problem is that we are not fully migrated yet to azure + the rails app calls out to a react rendering service in a waterfall. Then there are then quite a few data and client side react paradigms (react router, a custom router, relay, and some react query more recently).

In new arch, we’ll have decoupled modern frontend with parallel data fetching and move from styled components to tailwind

(Jared Palmer)

Devo dire utile questa "comunicazione" dell'INPS:

"Ho letto" cosa?

Oui oui baguette 😂

Bel sito:

How we deploy the largest GitLab instance 12 times daily. La strategia di deployment di GitLab, interessante per la scala, per la progressività con canary e la strategia di migrazione del db.

In fondo anche la mia sorpresa di fronte a quanto fosse ben organizzato il mio ospedale era dovuta al fatto che anni di racconto in negativo del Servizio pubblico nazionale avevano avuto presa anche su di me. Ma, certo, io sono stata fortunata e a volte le cose deragliano dal percorso previsto. Rimane che il successo di un’operazione chirurgica, come quello di una serie, sta anche nella disponibilità del paziente e dello spettatore di fidarsi e affidarsi. Per questo chi mina la fiducia nella scienza e nella possibilità di una narrazione complessa dei fatti, mina le basi della società.

Stefania Carini in Siamo spettatori anche quando siamo pazienti

Vercel ha pagato 750mila dollari di bug bounty per 15 bypass WAF contro React2Shell durante il weekend.

Dati Black Friday di Shopify:

This Black Friday Cyber Monday, the scale of global commerce surged. At peak, we processed 11TB of logs per minute.

Shopify’s edge (post-CDN) averaged 312 million requests per minute across BFCM, peaking at 489 million requests per minute.

At peak, our global Kubernetes fleet ran over 3.18 million CPU cores.

Powered largely by MySQL 8, our database fleet sustained 53.8 million queries per second and 4.28 billion row operations per second at peak 🌐

Kafka + Flink powered real-time experiences for merchants and buyers.

Flink processed over 150 MB per second and streaming analytics latency improved 103x since BFCM 2024, supercharged by our migration to Flink SQL.

Our CDN [Cloudflare] served 183 million requests per minute, with 97.8% from cache for fast responses. At peak, we ran 23.2 million async jobs per minute.

(Shopify Engineering)

→ Merchants’ sales globally were $14.6 billion, up 27% from last year

→ 81 million shoppers bought from Shopify-powered brands

→ 15,800+ entrepreneurs made their first sale

→ 136+ million packages tracked in the Shop App

→ 2.2 trillion edge requests

→ Processed and served 90 PB of data from our infrastructure

→ Handled 14.8 trillion database queries and 1.75 trillion database writes

(Tobi Lutke)

Six months after its release, Claude Code has reached $1B in annual run-rate (ARR) revenue. It took ChatGPT 9 months to get to this milestone after its launch, and 2 years for Cursor. With Claude Code, Anthropic may have set the record for fastest-growing product revenue.

(The Pragmatic Engineer)

Lo Stato ci tiene alla tua vita, altrimenti come potresti soffrire?

Tenerci lontani dal mondo libero per evitare di continuare a fare male a qualcuno ha in sé una sua logica ed è un fatto dal quale non si può prescindere, ma accanirsi contro gli istinti essenziali e naturali di un reo con delle innaturali privazioni ha in sé qualcosa di virulento, qualche cosa che si scontra con il buon senso di tutti coloro che nutrono ancora fiducia in questa complessa e meravigliosa struttura biologica e chimica che è l’uomo e che, in virtù della sua originaria tendenza, è destinato a un continuo cambiamento e, si spera, miglioramento.

Prima o poi le carceri moriranno. Annientano la dignità. Si dovrebbero abolire, mettere i carcerati su un’isola: isolare ma non umiliare. Mi rendo conto che prima o poi dovrò essere scarcerato anch’io, ma purtroppo per me dalla galera non mi libererò mai. Quando tornerò nella società sarò un marziano. Gli effetti di una prolungata prigionia sono duri da cancellare.

Milan Mazic

Strana e rara frecciatina di Akamai a Cloudflare:

As I write this, another cloud provider is experiencing their third outage this quarter. While frequently lauded for innovation, today’s IT teams responsible for mission-critical applications for their customers are learning yet another painful lesson about the true cost of unreliability.

In un articolo sull'affidabilità, in cui effettivamente Akamai è essenzialmente leader (o forse la scarsa trasparenza rinforza quell'idea).

Il 30% dello streaming Netflix è in AV1. Prima Android (2020):

When we first set out to bring AV1 streaming to Netflix members, Android was the ideal starting point. Android’s flexibility allowed us to quickly integrate a software AV1 decoder using the efficient dav1d library, which was already optimized for ARM chipsets in mobile devices.

Poi TV e roba Apple:

Smart TVs depend on hardware decoders for efficient high-quality playback. We worked closely with device manufacturers and SoC vendors to certify these devices, ensuring they are both conformant and performant. This collaborative effort enabled our AV1 streaming to TV devices in late 2021. Shortly thereafter, we expanded AV1 streaming to web browsers (in 2022) and continued to broaden device support. In 2023, this included Apple devices with the introduction of AV1 hardware support in the new M3 and A17 Pro chips.

Nei browser il 40% degli stream sono con dav1d.

(Netflix)

Il postmortem del nuovo disservizio di Cloudflare, durato 25 minuti: la causa è di nuovo una configurazione distribuita globalmente senza rollout progressivo:

This second change of turning off our WAF testing tool was implemented using our global configuration system. This system does not perform gradual rollouts, but rather propagates changes within seconds to the entire fleet of servers in our network and is under review following the outage we experienced on November 18.

Unfortunately, in our FL1 version of our proxy, under certain circumstances, the second change of turning off our WAF rule testing tool caused an error state that resulted in 500 HTTP error codes to be served from our network.

Almeno stanno lavorando a una soluzione definitiva che non tiri giù tutto con un click:

Before the end of next week we will publish a detailed breakdown of all the resiliency projects underway, including the ones listed above. While that work is underway, we are locking down all changes to our network in order to ensure we have better mitigation and rollback systems before we begin again.