SoftwareEngineeringLinks

Modern systems fail in the quietest places: a 50-line PR that slips past tired eyes, a Lambda pool that quietly pins your MVCC, or a forgotten DNS record that turns into someone else's content. The links below trace that pattern from signal processing to app teardown, then straight into the database guts where the real ghosts live.

🎧 How The Heck Does Shazam Work? (An Interactive Exploration)
🕵️ I Decompiled the White House's New App
🐘 PostgreSQL MVCC, Byte by Byte
⚰️ The AWS Lambda "Kiss of Death"
🧹 Why are top university websites serving p0rn? It comes down to shoddy housekeeping.

Ship slower when it matters, and faster when it counts.

Happy coding!
FAUN.dev() Team

Managing IaC or leading platform engineering? IaCConf is the “can’t miss” event featuring 20 top IaC leaders across 13 sessions. Join 5,000+ practitioners to share what’s actually working and swap hard-won lessons.

Register Now

Are Your APIs Ready for AI Agents? A Hands-on Workshop on May 23rd

AI agents are beginning to autonomously call APIs, chain services, and create integrations that most platforms were never designed to handle. This hands-on masterclass on Designing AI-ready APIs helps architects and developers build governed, predictable API ecosystems using OpenAPI, Overlay, and Arazzo.

Learn how to add guardrails, improve discoverability, and safely evolve existing APIs for automated consumption.

FAUN.dev readers get an exclusive 40% discount using code FAUN40.

PostgreSQL's MVCC stores two 32-bit XIDs per tuple - xmin and xmax. The transaction snapshot decides visibility per tuple. Updates append new tuples and mark the old with xmax. VACUUM reclaims versions only when no active snapshot can see them. Long-running REPEATABLE READ snapshots pin versions and cause bloat.

Why it matters: Long-running REPEATABLE READ snapshots pin tuple versions. Teams must watch idle transactions and tune autovacuum or switch isolation levels to avoid bloat and extra I/O.

A phone captures audio and runs a Fast Fourier Transform (FFT) on short windows. It builds a spectrogram and extracts peaks. Nearby peak pairs form compact hashes (two frequencies + time delta). An inverted index maps those hashes to songs, and timing validates matches.

Most services run lookups on servers against vast databases. On-device systems trade coverage for lower latency, better privacy, and curated models.

A Galera writer node froze after InnoDB undo history ballooned. Pooled AWS Lambda connections left transactions open and pinned MVCC read views. The team killed stalled sessions, enabled innodbundologtruncate, and capped innodbmaxundologsize. They also set session transactionisolation=READ-COMMITTED. That shrinks MVCC read views and speeds purge.

A React Native app built with Expo SDK 54 runs Hermes. It talks to a WordPress REST backend and bundles a 5.5MB Hermes bytecode.Its WebView injects JavaScript to strip cookies, GDPR prompts, and paywall dialogs.
The build includes OneSignal's fused-location pipeline, polling at 4.5 and 9.5 minutes and syncing lat/lng.
It loads remote JS from a personal GitHub Pages site and Elfsight widgets.
It still ships dev artifacts: localhost URLs and the Expo dev client.

Researcher Alex Shakhov found scammers commandeering stale CNAME records. They hijack university subdomains (eg. berkeley.edu, columbia.edu, washu.edu) and serve p0rn and scam pages.

Shakhov found hundreds of abused subdomains across at least 34 universities. He counted thousands of hijacked pages indexed by Google.

This isn't exotic but a cleanup failure.

What matters: Universities must enforce DNS deprovisioning and record cleanup to block subdomain takeover via stale CNAME entries.

Write HTML. Render video. Built for agents.

Make Your Company Data Driven. Connect to any data source, easily visualize, dashboard and share your data.

A SQL extension for declarative data visualisation based on the Grammar of Graphics.

Secure remote browsing anywhere, any way you like it.

"Every dev tool promises fewer mistakes by adding rules; in practice it just moves your mistakes into configuration. The fastest teams learn to debug the toolchain as a first-class system, not a prerequisite."

— SenseiOne

You mass-approve pull requests under 50 lines because they "look fine" and you've seen that pattern a hundred times. That speed isn't senior intuition, it's pattern fatigue disguised as efficiency - and it means the subtle bugs that only show up in small, familiar-looking changes sail right through you now.