🧠 Hours of Research in Minutes

Hey everybody,

In today’s newsletter, we’re diving into OpenAI’s powerful new research agent, a massive geolocation data leak, and how one team built a high-performance API with boring code.

Quick Links

🔍️ Introducing deep research
OpenAI just released Deep Research, a powerful new agentic capability that tackles complex, multi-step research tasks in minutes, something that they state would take humans hours. It’s designed to independently browse, analyze, and synthesize information from hundreds of sources, delivering research analyst-level reports with ease. Powered by an optimized O3 model, it can parse text, images, and PDFs, adapting as it finds new data. Early Reddit users are impressed, though occasional hallucinations still pop up.

☕️ Say Goodbye to Boring Coffee
Each week, I settled for whatever coffee was on sale, missing out on true flavor. Then I discovered Trade, a specialty coffee marketplace featuring over 450 handpicked roasts from passionate small-batch roasters worldwide. My perfect cup was just a quiz away! Freshly roasted and delivered within 48 hours, Trade has completely transformed my mornings, and I’m so excited to share it with you. As a Travis Media Newsletter reader, enjoy an exclusive 30% off your first month when you subscribe today. [sponsored]

📌 Everyone knows your location
A recent massive geolocation data leak from Gravy Analytics exposed over 2,000 apps, on both the App Store and Google Play, secretly collecting location data, often without user consent or even developer knowledge. After checking the list, Tim found at least three apps on his iPhone doing just that. This led him to experiment: could he track himself using leaked data? After hours of digging, he discovered several requests from his phone exposing his location, plus five more leaking his IP address, which can be reverse-engineered to reveal his whereabouts. This blog post is fascinating and well worth a read.

💤 Serving a billion web requests with boring code
Bill Mill worked on Medicare Plan Compare, a US government site handling 5 million API requests daily with lightning-fast speeds, under 10ms average latency and 95th percentile below 100ms. Despite vulnerability scrapers causing occasional errors, emergency pages were so rare he could count them on one hand. His biggest takeaway? Leaning on PostgreSQL, Golang, and simplicity can take you far. In his latest blog, he breaks down how they built this high-performance system with Postgres, Golang, and React.

🔒️ The State of Authentication
Auth is both easy and complicated, with so many options like Clerk, Better Auth, Open Auth, and more, choosing the right one can be overwhelming. Each has its own strengths and trade-offs, making the decision tricky. In his latest video, Theo breaks down and compares all the major authentication solutions, helping you understand which one fits your needs best.

The Ultimate Homelab Setup for Crushing Kubernetes Certifications

To help knock out some Kubernetes certifications this year, I've started building out a homelab.

In this video, I walk through how I set this up from PiHole to a Cloudflare domain to TLS to app deployments.

More Reading

• Chatbot Software Begins to Face Fundamental Limitations, struggling with compositional tasks, suggesting a hard limit to their abilities.

• Spaced repetition can allow for infinite recall.

• How Are Images REALLY Stored?

• If you include any expletives in your search query, Google will not return an AI Overview, at the top of the results page.

• New Book-Sorting Algorithm Almost Reaches Perfection.

• The modern way to write JavaScript servers.

Favorite Tweets

Until next week,

Travis.