FAUN.dev's Software Engineering Weekly Newsletter
 
🔗 View in your browser   |  ✍️ Publish on FAUN.dev   |  🦄 Become a sponsor
 
Allow loading remote contents and showing images to get the best out of this email.
 
SoftwareEngineeringLinks
 
This Week in Software Engineering, with Varbear the Bear
 
 
🔍 Inside this Issue
 
 
Modern systems fail in the quietest places: a 50-line PR that slips past tired eyes, a Lambda pool that quietly pins your MVCC, or a forgotten DNS record that turns into someone else's content. The links below trace that pattern from signal processing to app teardown, then straight into the database guts where the real ghosts live.

🎧 How The Heck Does Shazam Work? (An Interactive Exploration)
🕵️ I Decompiled the White House's New App
🐘 PostgreSQL MVCC, Byte by Byte
⚰️ The AWS Lambda "Kiss of Death"
🧹 Why are top university websites serving p0rn? It comes down to shoddy housekeeping.

Ship slower when it matters, and faster when it counts.

Happy coding!
FAUN.dev() Team
 
 
⭐ Patrons
 
iacconf.com iacconf.com
 
How is infrastructure keeping pace with AI in 2026?
 
 
Managing IaC or leading platform engineering? IaCConf is the “can’t miss” event featuring 20 top IaC leaders across 13 sessions. Join 5,000+ practitioners to share what’s actually working and swap hard-won lessons.

Register Now
 
 
eventbrite.co.uk eventbrite.co.uk
 
Are Your APIs Ready for AI Agents? A Hands-on Workshop on May 23rd
 
 
Are Your APIs Ready for AI Agents? A Hands-on Workshop on May 23rd

AI agents are beginning to autonomously call APIs, chain services, and create integrations that most platforms were never designed to handle. This hands-on masterclass on Designing AI-ready APIs helps architects and developers build governed, predictable API ecosystems using OpenAPI, Overlay, and Arazzo.

Learn how to add guardrails, improve discoverability, and safely evolve existing APIs for automated consumption.

FAUN.dev readers get an exclusive 40% discount using code FAUN40.
 
 
👉 Spread the word and help developers find you by promoting your projects on FAUN. Get in touch for more information.
 
🔗 Stories, Tutorials & Articles
 
boringsql.com boringsql.com
 
PostgreSQL MVCC, Byte by Byte
 
 
PostgreSQL's MVCC stores two 32-bit XIDs per tuple - xmin and xmax. The transaction snapshot decides visibility per tuple. Updates append new tuples and mark the old with xmax. VACUUM reclaims versions only when no active snapshot can see them. Long-running REPEATABLE READ snapshots pin versions and cause bloat.

Why it matters: Long-running REPEATABLE READ snapshots pin tuple versions. Teams must watch idle transactions and tune autovacuum or switch isolation levels to avoid bloat and extra I/O.
 
 
perthirtysix.com perthirtysix.com
 
How The Heck Does Shazam Work? (An Interactive Exploration)   ✅
 
 
A phone captures audio and runs a Fast Fourier Transform (FFT) on short windows. It builds a spectrogram and extracts peaks. Nearby peak pairs form compact hashes (two frequencies + time delta). An inverted index maps those hashes to songs, and timing validates matches.

Most services run lookups on servers against vast databases. On-device systems trade coverage for lower latency, better privacy, and curated models.
 
 
shatteredsilicon.net shatteredsilicon.net
 
The AWS Lambda 'Kiss of Death'
 
 
A Galera writer node froze after InnoDB undo history ballooned. Pooled AWS Lambda connections left transactions open and pinned MVCC read views. The team killed stalled sessions, enabled innodbundologtruncate, and capped innodbmaxundologsize. They also set session transactionisolation=READ-COMMITTED. That shrinks MVCC read views and speeds purge.
 
 
thereallo.dev thereallo.dev
 
I Decompiled the White House's New App
 
 
A React Native app built with Expo SDK 54 runs Hermes. It talks to a WordPress REST backend and bundles a 5.5MB Hermes bytecode.Its WebView injects JavaScript to strip cookies, GDPR prompts, and paywall dialogs.
The build includes OneSignal's fused-location pipeline, polling at 4.5 and 9.5 minutes and syncing lat/lng.
It loads remote JS from a personal GitHub Pages site and Elfsight widgets.
It still ships dev artifacts: localhost URLs and the Expo dev client.
 
 
arstechnica.com arstechnica.com
 
Why are top university websites serving p0rn? It comes down to shoddy housekeeping.
 
 
Researcher Alex Shakhov found scammers commandeering stale CNAME records. They hijack university subdomains (eg. berkeley.edu, columbia.edu, washu.edu) and serve p0rn and scam pages.

Shakhov found hundreds of abused subdomains across at least 34 universities. He counted thousands of hijacked pages indexed by Google.

This isn't exotic but a cleanup failure.

What matters: Universities must enforce DNS deprovisioning and record cleanup to block subdomain takeover via stale CNAME entries.
 
 

👉 Got something to share? Create your FAUN Page and start publishing your blog posts, tools, and updates. Grow your audience, and get discovered by the developer community.

 
⚙️ Tools, Apps & Software
 
github.com github.com
 
heygen-com/hyperframes
 
 
Write HTML. Render video. Built for agents.
 
 
github.com github.com
 
getredash/redash
 
 
Make Your Company Data Driven. Connect to any data source, easily visualize, dashboard and share your data.
 
 
github.com github.com
 
posit-dev/ggsql
 
 
A SQL extension for declarative data visualisation based on the Grammar of Graphics.
 
 
github.com github.com
 
BrowserBox/BrowserBox
 
 
Secure remote browsing anywhere, any way you like it.
 
 

👉 Spread the word and help developers find and follow your Open Source project by promoting it on FAUN. Get in touch for more information.

 
🤖 Once, SenseiOne Said
 
 
"Every dev tool promises fewer mistakes by adding rules; in practice it just moves your mistakes into configuration. The fastest teams learn to debug the toolchain as a first-class system, not a prerequisite."

— SenseiOne
 

(*) SenseiOne is FAUN.dev’s work-in-progress AI agent

 
⚡Growth Notes
 
 
You mass-approve pull requests under 50 lines because they "look fine" and you've seen that pattern a hundred times. That speed isn't senior intuition, it's pattern fatigue disguised as efficiency - and it means the subtle bugs that only show up in small, familiar-looking changes sail right through you now.
 
Each week, we share a practical move to grow faster and work smarter
 
😂 Meme of the week
 
 
 
 
❤️ Thanks for reading
 
 
👋 Keep in touch and follow us on social media:
- 💼LinkedIn
- 📝Medium
- 🐦Twitter
- 👥Facebook
- 📰Reddit
- 📸Instagram

👌 Was this newsletter helpful?
We'd really appreciate it if you could forward it to your friends!

🙏 Never miss an issue!
To receive our future emails in your inbox, don't forget to add community@faun.dev to your contacts.

🤩 Want to sponsor our newsletter?
Reach out to us at sponsors@faun.dev and we'll get back to you as soon as possible.
 

SoftwareEngineeringLinks #526: How The Heck Does Shazam Work?
Legend: ✅ = Editor's Choice / ♻️ = Old but Gold / ⭐ = Promoted / 🔰 = Beginner Friendly

You received this email because you are subscribed to FAUN.dev.
We (🐾) help developers (👣) learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.