Docker Archives

Tech Optimizer

November 27, 2025

How Letta builds production-ready AI agents with Amazon Aurora PostgreSQL

AI agents benefit from persistent memory, enabling them to recall past interactions and maintain context, which enhances customer experience in scenarios like customer service. The Letta Developer Platform allows developers to create stateful agents with advanced context management features. It supports self-hosting within a virtual private cloud and uses Amazon Aurora PostgreSQL for long-term memory storage. Aurora PostgreSQL offers capabilities such as efficient similarity searches with the pgvector extension, sub-second query latency, and dynamic storage scaling. Letta operates as a persistent service, allowing agents to function independently and scale horizontally using Kubernetes. The platform supports multi-tenancy and includes enterprise features for security and monitoring. To set up an Aurora Serverless cluster for Letta, users must create a database on Amazon RDS, configure security group access, and install the pgvector extension. Letta connects to Aurora using a PostgreSQL connection string. After establishing the connection, users can create agents, send messages, and view agent states and conversation histories stored in Aurora. Letta organizes data in 42 tables, including those for agents, messages, and memory blocks. Users can explore the database schema and examine the structure of stored messages and embeddings. Finally, it is recommended to delete the Aurora cluster and associated resources after completing the integration to avoid charges.

Winsage

November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.

Winsage

November 11, 2025

The 7 apps I always install first on a Windows 11 PC — and they’re all FREE

PowerToys is an open-source collection of utilities that enhances productivity for Windows 11 users, featuring tools like FancyZones for window management and Image Resizer. Google Chrome is a popular web browser known for its synchronization across devices. Steam is a primary gaming platform with a robust library and the ability to stream games to a Steam Deck. The Heroic Games Launcher is a third-party alternative to the Epic Games Launcher, offering customizable features and support for GOG and Amazon Games libraries. GIMP is a powerful open-source photo editing tool that provides advanced features without the cost of commercial software. The Windows Subsystem for Linux (WSL) allows seamless integration between Windows and Linux, supporting applications like Docker Desktop and Visual Studio Code. Spotify is used for audio entertainment, helping users maintain focus during work. Tools like Ninite, the Microsoft Store, and winget streamline the installation of applications on Windows 11, with winstall.app providing a user-friendly interface for generating installation scripts.

Tech Optimizer

November 7, 2025

Reinventing PostgreSQL for the Next Generation of Apps

Enterprises are modernizing their databases due to latency issues, the need for global uptime, and licensing pressures. PostgreSQL is emerging as a preferred alternative to traditional database solutions like Oracle and SAP, focusing on reliability, control, and efficient management of modern workloads, including AI and edge applications. pgEdge, an open-source Postgres vendor, emphasizes that migration to PostgreSQL is about ensuring flexibility and avoiding vendor lock-in. PostgreSQL's governance model, independent of any single company, is a significant advantage, particularly in light of licensing audits and forced upgrades. PostgreSQL has a large developer community and is a mainstream enterprise technology, with tools like pgAdmin widely used. Concerns about operational burdens with open source are addressed by extensions like pgEdge, which enhance PostgreSQL's capabilities for high availability and seamless multi-cloud deployment. pgEdge operationalizes PostgreSQL for distributed use, automating upgrades, backups, and point-in-time recovery, leading to a lower total cost of ownership compared to proprietary models. Modern applications require edge-native databases to operate close to users, reducing latency. pgEdge supports multimaster PostgreSQL across geographically distributed clusters, allowing local read and write capabilities while maintaining data consistency. It builds on PostgreSQL’s logical replication without forking it, ensuring compatibility and consistency. pgEdge facilitates database automation on Kubernetes, managing backups, recovery, and upgrades, making it easier for platform teams. Organizations can start with a simple setup and scale to a multiregion architecture as needed, using the same PostgreSQL stack throughout. pgEdge offers container builds that cater to enterprise needs for geospatial intelligence and AI workflows. As AI applications increasingly run at the edge, pgEdge provides the necessary performance and coherence for edge-native AI. PostgreSQL's SQL compatibility and ACID compliance ease the migration process from systems like Oracle and SAP. The extensive user base across various sectors simplifies hiring PostgreSQL expertise. Combining PostgreSQL with pgEdge offers a strategic modernization pathway for enterprises needing reliable, Kubernetes-native operations and AI-ready extensions, freeing them from vendor lock-in and high licensing costs. This integration transforms PostgreSQL into a globally distributed, cloud-native control plane for data, benefiting architects, CFOs, and developers alike.

Tech Optimizer

October 24, 2025

OAuth 2.0 authorization in PostgreSQL using Keycloak as an example

The Tantor Postgres 17.5.0 DBMS introduces OAuth 2.0 Device Authorization Flow for secure access to PostgreSQL via external identification providers like Keycloak. This feature will also be available in PostgreSQL 18. The setup involves configuring Keycloak, preparing PostgreSQL, writing an OAuth token validator, and verifying authorization through psql. Keycloak is an open-source access control system that simplifies user management and provides a single sign-on experience. To launch Keycloak, a Docker image is used, and an admin user is created with the username and password set to "admin." The process includes creating a realm named "postgres-realm," adding users (e.g., a user named "alice"), establishing client scopes, and creating a client named "postgres-client" with OAuth 2.0 Device Authorization Grant enabled. PostgreSQL requires specific configurations for OAuth operations, including creating a user, adjusting parameters in the postgresql.conf file, and setting up user mapping in pg_ident.conf and pg_hba.conf files. A role named "alice" is created with login rights. The postgresql.conf file specifies the OAuth validator library, and user mapping can be done via pg_ident.conf or a custom validator. The pg_hba.conf file is configured to allow client login to the database using OAuth, specifying the issuer parameter pointing to the Keycloak discovery service URL. A custom validator is implemented to handle token validation, ensuring that the required scopes are present in the received token. The validator includes functions for startup, shutdown, and token validation, which processes the token content and checks permissions against the HBA configuration.

AppWizard

October 2, 2025

These are the 7 open-source apps I recommend to everyone starting with self-hosting

Self-hosting is gaining popularity, prompting individuals to consider what services they want to self-host. Key applications for beginners include: - Portainer: A web dashboard that simplifies Docker management, allowing users to pull images, set up containers, and manage networks through a graphical interface. - Nextcloud: A self-hosted file synchronization solution that offers a productivity suite with features like calendars and collaborative document editing. - Home Assistant: A platform that consolidates smart devices for automation and control, enabling users to create customized smart home experiences. - Jellyfin: An open-source media server that allows users to organize and stream their own media libraries without subscription fees or ads. - Navidrome: A music server for streaming personal music collections with features like playlists and album art support. - Paperless-NGX: An application that digitizes and organizes documents using optical character recognition for easy management of paperwork. - Immich: A photo management tool that helps users organize and search their photo libraries based on metadata. - Dockpeek: A dashboard that lists all running Docker containers, simplifying access to services and enhancing user experience. A gradual approach is recommended for newcomers, focusing on specific needs to avoid decision fatigue while exploring various self-hosting options.

Winsage

September 26, 2025

I turned Windows into a “mostly immutable” OS, and my PC feels unbreakable

The concept of "mostly immutable" in operating systems refers to efforts to protect user data from system functionalities, particularly in Windows, which is dynamic and constantly updated. To achieve a predominantly immutable state, users can separate system files from user data by designating the C: drive for Windows and using a secondary drive for applications and personal data. Utilizing virtual machines or Windows Subsystem for Linux (WSL2) allows experimentation without risking the main system. NTFS permissions help restrict unwanted changes, and creating restore points can aid in maintaining system integrity. Operating from a standard user account and adjusting Group Policy can enhance predictability. However, the effort to make Windows "mostly immutable" may not be practical for typical consumers due to challenges with application compatibility and the impact of Windows Update on system stability. For professionals requiring high stability, full immutability is essential, while average users may benefit from selectively applying these strategies.

Tech Optimizer

September 25, 2025

Building Video Game Recommender Systems with FastAPI, PostgreSQL, and Render: Part 1

The project involves creating a dynamic video game recommender system using PostgreSQL, FastAPI, and Render, which recommends games based on user interactions. It utilizes data from Steam's API, with a dataset of approximately 2000 games. The system architecture includes a PostgreSQL database and a FastAPI layer for data processing. Key components include a Game Table, User Table, User_Game Table, Game_Tags Table, and User_Recommendation Table. FastAPI is used to create APIs for data access and updates, while a recommendation pipeline generates suggestions based on user preferences using content-based filtering techniques. The project is divided into two parts: setup and theoretical foundations, and deployment. The system is deployed on Render for accessibility.

Tech Optimizer

September 25, 2025

Building a Video Game Recommender System with FastAPI, PostgreSQL, and Render: Part 2

The project involves deploying a board game recommendation system using FastAPI and PostgreSQL on Render. Key tasks include configuring a PostgreSQL database on Render, populating it with data, Dockerizing the FastAPI application, and deploying it as a Render Web Application. The PostgreSQL database is created on Render with the name “fastapi-database” using the free tier. The database connection is tested using the External Database URL, and tables are populated using a script. The FastAPI application is containerized with Docker, which involves creating a Dockerfile that specifies the base image, working directory, dependencies, and commands to run the application. The Docker image is built, tagged, and pushed to DockerHub. The image is then pulled into Render, where a personal access token is created for secure access. Environmental variables are configured for the FastAPI application, and upon successful deployment, the application can be accessed via a provided link, with Swagger documentation available for testing database connections. The project repository is available on GitHub, along with additional resources for FastAPI and Docker.

Tech Optimizer

September 25, 2025

LastPass: GitHub hosts atomic stealer malware campaign

Cybersecurity researchers have identified a malware campaign targeting Mac users, with attackers creating fraudulent GitHub pages to distribute an infostealer known as Atomic Stealer (AMOS). The campaign was first detected on September 16, 2025, involving pages that falsely claimed to offer LastPass software. Users are misled into clicking links that redirect them to malicious sites, where they are prompted to execute a command that installs malware on their systems. The attackers impersonate reputable companies and use multiple GitHub usernames to avoid detection, employing SEO techniques to rank their malicious links higher in search results. LastPass is actively monitoring the situation and working on takedowns. Users are advised to download software only from official sources, avoid executing commands from unknown sites, keep software updated, use antivirus protection, enable regular backups, and be cautious of unexpected links and emails.