Two recent articles tackle JSON querying performance from opposite ends: one applies automata theory to eliminate interpretation overhead at query time, the other kills a $500K/year language-boundary tax by rewriting a JavaScript reference implementation in Go. The methodologies are different; the lesson is the same.
Piotr Minkowski's new article on Spring Kafka offset behavior ("Deep Dive into Kafka Offset Commit with Spring Boot") goes into how Spring's Kafka reader commits read offsets: it treats the read operation as a committable transaction, which means your code needs to be aware of the offset write semantics to make sure you don't lose messages. Kafka is powerful precisely because it's not a simple queue - messages can be replayed via offset manipulation - but that same model means offset commit semantics matter in ways they never would with a fire-and-forget message broker.
Andros Fenollosa had never built a RAG system before he was handed a 1TB corpus of proprietary engineering documents and told to make it queryable in natural language - locally, with no external APIs, a problem many users of AI would like to solve for themselves. His writeup is an honest record of what broke and why. No complete recipe for RAG exists yet, but practitioner records like this one are how the field is actually being built.
Evan Todd wrote "Magic Link Pitfalls," an article going over some of the errors he's seen in sites that mail a passthrough link to log in to users. The idea is simple: to "log in" you say "send me a link," a link gets generated and sent, the user clicks a link, and they're logged in. But there're problems with this approach: they can be avoided, but not without taking care.
diffnav gives git a syntax-highlighted display of changes in a navigable filetree, as a natural extension of git-delta. Very nicely done and potentially very useful if you're using git from the command line.
Mirko Caserta has released Bruce 2.0, a library that wraps JCA with a clean API. Bruce takes the agony of all the nuts and bolts of security and, well, fixes it. Security libraries earn trust slowly and should - this is not the domain where "looks good to me" is sufficient due diligence, but the reduced API surface might be a good thing for the normative case.
EclipseLink 5.0.0 has been released. EclipseLink is the reference implementation for Jakarta Persistence, and is the standard implementation for many application servers; this release updates some really useful features, like JPQL updates and outdating some APIs that need to be sunset.
The software industry has a short memory. Every generation of tooling has made the same promise: let the machine handle implementation so humans can focus on the problem, in mostly disappointing ways. Now LLMs are making the same pitch, and the instinct is to either panic or sneer. Both responses miss the point. What changed isn't the promise - it's how much of it is actually being kept. The question worth asking isn't whether to adopt, but how to do it without hollowing out the understanding that makes the tools useful in the first place.
The OpenJDK team has released Java 26 - a non-LTS release, but one that supports some important language and API updates, along with some potentially useful ahead-of-time updates for garbage collection and runtime caching. Language updates include progress towards making final mean final - at last - and adding HTTP3 and QUIC support.