#684 – July 05, 2026
we continue to take security seriously, now at scale
Incident report: CVE-2026-LGTM
10 minutes by Andrew Nesbitt
A security incident occurred. Our AI-augmented defence-in-depth strategy, deployed in direct response to CVE-2024-YIKES, performed exactly as configured. We continue to take security seriously, now at scale.
CORS: What is it protecting?
7 minutes by Sanyam Jain
CORS is a browser rule, not a server rule. The server always receives and processes requests, but the browser decides whether to let JavaScript read the response based on the Access-Control-Allow-Origin header. For certain requests, the browser first sends a preflight check before allowing the real request through. CORS also does nothing to stop CSRF attacks, since those exploit authenticated requests without ever needing to read the response.
Data access patterns that makes your CPU really angry
16 minutes by Weineng
Random access seems like the obvious worst case for summing integers, but it is actually possible to do 33% worse. By carefully choosing the access pattern, you can break every hardware optimization at once: defeating cache reuse, blocking the prefetcher, forcing repeated page table lookups, and causing DRAM row conflicts. The key insight is that understanding why random access is slow gives you the tools to do even worse.
My favorite keyboards
3 minutes by Fabien Sanglard
Keyboards matter. Starting with terrible early home computers, the author found favorites over the years, from the satisfying click of the IBM Model M to the quirky but speaker equipped NMB RT-9100W. Wrist pain led to a decade with the Ergodox EZ, though its wobble was a constant frustration. The ZSA Moonlander, stable even at steep tilt angles, now stands as the top pick.
Fintech engineering handbook
about 1 hour by Voytek Pitula
A handbook for people building or joining financial software. It covers how to represent, record, and move money correctly, with a focus on three core rules: never create money from nothing, never lose track of it, and never trust any system blindly. The guide walks through practical patterns like double-entry bookkeeping, idempotency, reconciliation, and event sourcing, then ties each one back to those three rules with concrete examples.
And the most popular article from the last issue was: