Obs.js is a tiny inline script that helps you adapt your site to real-world network, battery, CPU, and memory conditions.

We look at a couple of ways to essentially draw a little square dot in a slightly larger area and let it repeat, giving us a nice dotted background effect.

Learn how one Hubber used GitHub Copilot CLI to build an extension that turns any codebase into a unique, roguelike dungeon. The post Dungeons & Desktops: Building a procedurally generated roguelike with GitHub Copilot CLI appeared first on The GitHub Blog.

The proposed ShadowRealm API introduces a new kind of realm specifically designed for isolation, and only that.Soon We Can Finally Banish JavaScript to the ShadowRealm originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. StepSecurity's OSS Package Security Feed first detected the attack in official @tanstack packages and is tracking its spread across the ecosystem in real time.

Socket was named to the Rising in Cyber 2026 list, recognizing 30 private cybersecurity startups selected by CISOs and security executives.

こんにちは、ima1zumiです。RubyKaigi 2026 お疲れさまでした！函館の海鮮が恋しい日々を送っています。 STORES はNursery Sponsorとして、託児所の企画・運営をしました。また、会期中にRubyKaigi 2026 STORES Quizを出題したり、STORES CAFE for WomenとSTORES CAFE at RubyKaigi 2026を開催したりと、盛りだくさんな3日間でした。エンジニア30名、PX4名、内定者1名の総勢35名で参加しました！ このブログではRubyKaigi 2026に参加したメンバーから印象に残ったセッション、出来事につい…

Chrome 148 introduces Immediate UI mode for passkeys and passwords to streamline user sign-in flows with a frictionless credential request experience.

こんにちは、フロントエンドエンジニアのやなぎ（@apple_yagi）です。 PR TIMESでは2023年9月から XO をリンター・フォーマッターとして使ってきましたが、先日 Oxlint に移行しました。本エントリ […]

This blog has been adapted from an excerpted section of 1Password’s ebook, Credential sprawl: How AI increases the risks. To read the complete ebook and learn more about how AI is accelerating credential sprawl, click here.In Ancient Rome, the military had a daily “watchword” that soldiers used to enter the camp. An official would inscribe the watchword on clay tablets, which were distributed throughout the various military units. If a tablet wasn’t returned, they swiftly tracked it down and pun

1Password has never been more popular in the workplace. Okta’s 2026 “Businesses at Work” report reveals that, of the 8,000+ apps that Okta analyzed, “The security tool 1Password showed the highest industry-level growth, notching a 370% YoY increase in the technology sector.” This statistic refers specifically to the number of individual 1Password users on the Okta platform, indicating a sharp increase in the rollout and adoption of 1Password across business users. This growth is no coincidence.

Claude Code is more than a chat interface. Discover the lesser-known commands, shortcuts, and workflows that will make you a power user.

How an AI operational finance startup went from founding to Vercel AI Accelerator winner without slowing down for enterprise auth.

Vercel Sandbox now supports Node.js version 26.To run a Sandbox with Node.js 26, upgrade to or later, or to or later if you're using v2 and set the property to :@vercel/sandbox1.10.22.0.0-beta.19runtimenode26Get started today and learn more in the .documentationRead more

<p><strong><a href="https://about.gitlab.com/blog/gitlab-act-2/">GitLab Act 2</a></strong></p>There's a lot going on in this announcement from GitLab about the "workforce reduction" and "structural and strategic decisions" they are making with respect to the agentic era.</p><ul><li>They're "planning to reduce the number of countries by up to 30% where we have small teams". One of the most interesting things about GitLab is that they have emp...

Nice 9-minute video from Matt Pocock (from about a year ago) introducing composites. The problem of not being able to compare objects definitely feels worth solving. Or, more accurately, fixing the issue where when compare two objects that look exactly the same, it’s still false. And that using them as keys doesn’t work. Sounds like […]

Socket detected 84 compromised TanStack npm package artifacts modified with suspected CI credential-stealing malware.

<blockquote cite="https://www.jamesshore.com/v2/blog/2026/you-need-ai-that-reduces-your-maintenance-costs"><p>Your AI coding agent, the one you use to write code, needs to reduce your maintenance costs. Not by a little bit, either. You write code twice as quick now? Better hope you’ve halved your maintenance costs. Three times as productive? One third the maintenance costs. Otherwise, you’re screwed. You’re trading a temporary speed boost for permanent indenture. [...]</p><...

<p><strong><a href="https://www.404media.co/your-ai-use-is-breaking-my-brain/">Your AI Use Is Breaking My Brain</a></strong></p>Excellent, angry piece by Jason Koebler on how AI writing online is becoming impossible to avoid, filtering it is mentally exhausting and it's even starting to distort regular human writing styles.</p><p>I particularly liked his use of the term "Zombie Internet" to define a different, more insidious alternative to the "De...

<p><strong>TIL:</strong> <a href="https://til.simonwillison.net/llms/llm-shebang">Using LLM in the shebang line of a script</a></p> <p>Kim_Bruning <a href="https://news.ycombinator.com/item?id=48073246#48090590">on Hacker News</a>:</p><blockquote><p>But seriously, you can put a shebang on an english text file now (if you're sufficiently brave) [...]</p></blockquote><p>This inspired me to look at patterns f...

Enterprise AI pilots fail not because of the model, but because AI never fits real workflows. See the patterns behind implementations that scale.

Safari 26.5 is here, delivering the :open pseudo-class, the element-scoped keyword for random(), color-interpolation for SVG gradients, the ToggleEvent.source property for popovers, and the Origin API.

Learn how to find opportunities to contribute to the open source community.The post GitHub for Beginners: Getting started with OSS contributions appeared first on The GitHub Blog.

<p><strong><a href="https://twitter.com/tobi/status/2053121182044451016">Learning on the Shop floor</a></strong></p>Tobias Lütke describes Shopify's internal coding agent tool, River, which operates entirely in public on their Slack:</p><blockquote><p>River does not respond to direct messages. She politely declines and suggests to create a public channel for you and her to start working in. I myself work with river in <code>#tobi_river...

You can now use to roll out a feature to a growing percentage of users on a schedule, with progressive rollouts.Vercel FlagsUnlike weighted splits, which hold a fixed distribution (for example, 50/50) for experiments, a progressive rollout follows a predefined schedule that gradually shifts the traffic percentage to the new variant. Each stage has a target percentage and a duration.Exposing a change in stages lets you catch a regression on a small slice of users before it hits everyone.Progressi

はじめにLINEアプリ開発SBU・モバイルエクスペリエンス開発ディビジョンのikesyoです。普段はLINE iOSアプリのビルドシステムや開発基盤の改善を担当しています。LINE iOSは250万行...

はじめまして。LINEヤフー株式会社の石井です。ヤフーのAndroidアプリにログイン機能を提供する社内向けのSDKの開発を担当しています。近年、ログインの簡単さやセキュリティなどの観点でパスキーが注...

こんにちは。遠藤 (@mametter) です。 STORES は Nursery and Scholarship Sponsor として RubyKaigi 2026 に協賛していましたが、さらに "Ruby One-Liner Challenge" というゲームを公開しました。 会場で QR コード付きのカードを配布する形でこのゲームを配っていました。 受け取っていただいた方、遊んでいただいた方、ありがとうございました。 フレーズをドラッグ＆ドロップで並べ替え、指定された出力を出す Ruby ワンライナーを組み立てるパズルです。 ブラウザ上で ruby.wasm が動いていて、実際に ev…

The now supports forwarding specific HTTP requests to a proxy you control. You can also use matchers to filter forwarding and credentials brokering to only the requests that need it.Vercel Sandbox firewallYou can now route outbound sandbox traffic through your own proxy for logging, debugging, or transforming requests and responses. Set a on any allowed domain, and the firewall will forward matching HTTPS requests to your server.forwardURLThe proxy receives the original request along with additi

経度 0° の本初子午線はイギリスのグリニッジ天文台を基準に決められたもので、世界標準時 (UTC+0) の起点となっています。 ここから東西 15° ごとの合計 24 本が「標準時子午線」と呼ばれます。ほとんどの国・地域はいずれかの標準時子午線を自国の標準時の基準にしています。 日本の標準時 (UTC+9) は東経 135° の標準時子午線に基づいていて、これが兵庫県明石市を通ることはよく知られています。「なんで明石？」と思ったこともありますが、たまたまグリニッジ天文台から 135° 東の位置にあったからです。 ところで、自国の領土に標準時子午線がまったく通っていない国もしばしばあります。有…

pnpm 11.1 adds a few new commands — pnpm audit signatures, pnpm bugs, and pnpm owner — alongside support for installing from arbitrary named registries (including a built-in alias for the GitHub Packages npm registry), the ability to skip runtime installation in CI, and several fixes.

Everything you need to know to implement and validate JWTs securely in PHP: from signing to verifying with JWKS, with code examples and best practices for both vanilla PHP and Laravel.

Seven errors that break Entra ID SAML SSO, and how to resolve them.

WorkOS designers use AI to prototype in production, explore wider solution spaces, and design for agents. Here's how our craft is changing.

Tan's fat-skills/thin-harness architecture maps almost one-to-one onto an AI coworker for non-developers. The catch: when users don't have a repo, skills can't be files. Skills have to be the product.

<blockquote cite="https://www.nytimes.com/2026/04/14/world/canada/election-carney-liberal-party.html"><p><em>This article was updated after The Times learned that a remark attributed to Pierre Poilievre, the Conservative leader, was in fact an A.I.-generated summary of his views about Canadian politics that A.I. rendered as a quotation. The reporter should have checked the accuracy of what the A.I. tool returned. The article now accurately quotes from a speech delivered by Mr....

<blockquote cite="https://til.andrew-quinn.me/posts/replacing-a-3-gb-sqlite-database-with-a-7-mb-fst-finite-state-trandsucer-binary/#fn:5"><p>One could say in the first quarter-century of my life, that while I was always fascinated by programming, I could never overcome the guilt of not really knowing whether the tool I am building right now isn’t already superceded by some much better implementation someone else has already written 30 or 40 years ago; I could write a TSV-aware sear...

Superset on VercelSoftware development with AI started as a single engineer chatting with a single agent about a local repo. Today, developers direct fleets of agents in the cloud, but traditional tools were built for the old shape of the job: IDEs, terminals, and review systems designed for one developer moving one ticket at a time.Co-founders Kiet Ho, Satya Patel, and Avi Peltz, all former CTOs at YC-backed companies, built as the IDE for multi-agent development. It runs up to 10 coding agents

グリッドレイアウトで「列の間に線を引く」といった装飾は多くの場面で必要になります。しかし、flexbox や grid で列の間に線を引くためのプロパティは存在せず、ボーダーや背景色を利用して線のように見せるといったワークアラウンドが必要でした。CSS Grid Layout の gap を装飾する `column-rule` と `row-rule` を使用することにより、flexbox や grid で簡単に列や行の間に線を引くことができるようになります。

Lighthouse 13.3 introduces a new Agentic Browsing category that audits how well your website works with AI agents.

<blockquote cite="https://moq.dev/blog/webrtc-is-the-problem/"><p>WebRTC is designed to <strong>degrade and drop my prompt</strong> during poor network conditions.</p><p>wtf my dude</p><p>WebRTC aggressively drops audio packets to keep latency low. If you’ve ever heard distorted audio on a conference call, that’s WebRTC baybee. The idea is that conference calls depend on rapid back-and-forth, so pausing to wait for audio is unacceptable.</p>...

A dispute over fsnotify maintainer access set off supply chain alarms around one of Go’s most widely used filesystem libraries.

Something like manipulating the speed of an animation isn't a big deal, but it's harder when the animation is *already running*. We got tricks.

<p><strong><a href="https://twitter.com/trq212/status/2052809885763747935">Using Claude Code: The Unreasonable Effectiveness of HTML</a></strong></p>Thought-provoking piece by Thariq Shihipar (on the Claude Code team at Anthropic) advocating for HTML over Markdown as an output format to request from Claude.</p><p>The article is crammed with interesting examples (collected on <a href="https://thariqs.github.io/html-effectiveness/">this site&l...

Tailwind CSS v4.3 is here with first-party scrollbar styling, even more logical property utilities, new zoom and tab-size utilities, better @variant support, and all the v4.2 stuff we shipped while forgetting blogs existed.

Youth safety requirements are moving down the tech stack to operating systems and app stores—raising new questions for open source developers. The post Why age assurance laws matter for developers appeared first on The GitHub Blog.

Researchers share in an interview how they used GitHub data to predict GDP, inequality, and emissions in ways that traditional economic data misses, along with our Q4 2025 data release.The post How researchers are using GitHub Innovation Graph data to reveal the “digital complexity” of nations appeared first on The GitHub Blog.

I came across Kitty Giraudel’s folded corners technique. I’ve been on a bit of a corner-shape kick lately, so I figured that corner-shape could be used to create folded corners as well.Using CSS corner-shape For Folded Corners originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Before we get into this issue, I thought I'd just let you know that Scott has launched a free Mindful Design Toolkit, packed with good stuff for you.Polypane snippets storePolypane is already the best development browser in the business and these new snippets make it even better.Artemis 2 photo timelineA really impressive page which assigns photos from NASA's Flickr to points in the Artemis 2 mission's timeline.Anil also answers why the photos are on Flickr here.RYBittenThis is really stunning w

Connect your Supabase projects to ChatGPT and manage your database infrastructure by telling ChatGPT what you need.

A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.

Chat SDK now supports as a chat adapter.MessengerBuild agents that support messages, reactions, multimedia downloads, postback buttons, and direct conversations, with display names fetched automatically from user profiles.Read the to get started, , or .Chat SDK documentationbrowse the supported adapterslearn how to build your ownSpecial thanks to , whose community contribution in laid the groundwork for this adapter.@mitkodknPR #461Read more

本記事は、AWS DevOps AgentからAurora MySQLの調査を安全におこなえるように ...

以下では Lean 4 を前提に説明を行います。

I just blogged about a niche idea for View Transitions. Here are a couple more posts that specifically use the same-page style View Transitions and have a bit more practical demos:

A practical, security-first comparison of the two browser-delegated OAuth flows that CLIs use, with recommendations for laptops, headless servers, containers, and CI runners.

Implement OAuth 2.0 Device Code and PKCE flows in TypeScript, route users through Okta SSO, and pick the right pattern for headless and local environments, with WorkOS AuthKit.

How WorkOS uses AI-powered code generation to build and maintain SDKs across multiple languages from a single OpenAPI spec.

You can now build chat UIs that connect to Chat SDK with the new . Build in-product assistants, support agents, or any other browser-based chat experience.web adapterDefine the bot on your server:Then stream replies live to the browser with a preconfigured hook:@ai-sdk/reactuseChatRead the to get started, , or .Chat SDK documentationbrowse the supported adapterslearn how to build your ownRead more

Chat SDK now supports cross-platform conversation history through the new and options. User transcripts persist across every , allowing the same user to keep their message history wherever they message your bot.transcriptsidentityplatform adapter exposes four methods, backed by your existing state adapter:bot.transcriptsRead the to get started, or try one of the .Chat SDK documentationtemplatesRead more: persist an inbound message or a bot replyappend: return entries chronologically with filters

Agentic workflows that run on every pull request can quietly accumulate large API bills. Here's how we instrumented our own production workflows, found the inefficiencies, and built agents to fix them.The post Improving token efficiency in GitHub Agentic Workflows appeared first on The GitHub Blog.

Safari Technology Preview Release 243 is now available for download for macOS Tahoe and macOS Sequoia.

No-Vary-Search lets HTTP caches ignore irrelevant query parameters such as UTM tags, while still keeping meaningful ones like product variants in the cache key.

NGINX Gateway Fabric 2.6 marks our initial foray into implementing enterprise grade security capabilities into the Gateway API standard. This release brings F5 WAF for NGINX support to a Gateway API implementation, making NGINX Gateway Fabric one of the first Gateway API implementations to offer enterprise-grade WAF capabilities natively. Here’s what else is new: F5 […]

This afternoon, we sent the following email to our global team. One of our core values at Cloudflare is transparency, and we believe it's important that you hear this directly from us because it’s a major moment at Cloudflare.

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-gemini/releases/tag/0.31">llm-gemini 0.31</a></p> <blockquote><ul><li><code>gemini-3.1-flash-lite</code> is <a href="https://cloud.google.com/blog/products/ai-machine-learning/gemini-3-1-flash-lite-is-now-generally-available">no longer a preview</a>. </li></ul></blockquote><p>Here's my write-up of the <a href="https://simonw...

A practical guide to reviewing agent-generated pull requests: what to look for, where issues hide, and how to catch technical debt before it ships.The post Agent pull requests are everywhere. Here’s how to review them. appeared first on The GitHub Blog.

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/big-words">Big Words</a></p> <p>I'm using my <a href="https://simonwillison.net/2026/Feb/25/present/">vibe coded macOS presentations tool</a> to put together a talk, and I wanted to add a slide with some text on it. The tool only accepts URLs, so I <a href="https://github.com/simonw/tools/pull/279">put together</a> a quick page that accepts query string arguments ...

<p><strong><a href="https://hacks.mozilla.org/2026/05/behind-the-scenes-hardening-firefox/">Behind the Scenes Hardening Firefox with Claude Mythos Preview</a></strong></p>Fascinating, in-depth details on how Mozilla used their access to the Claude Mythos preview to locate and then fix hundreds of vulnerabilities in Firefox:</p><blockquote><p><strong>Suddenly, the bugs are very good</strong></p><p>Just a few months ago...

<p>There weren't a lot of big new announcements from Anthropic at yesterday's Code w/ Claude event, but the biggest by far was the deal they've struck with SpaceX/xAI to use "all of the capacity of their Colossus data center".</p><p>As I mentioned in my <a href="https://simonwillison.net/2026/May/6/code-w-claude-2026/">live blog of the keynote</a>, that's the one with the <a href="https://www.politico.com/news/2025/05/06/elon-musk-xai-memphis-gas-turbines-air-po...

Two weeks ago we announced that we had identified and fixed an unprecedented number of latent security bugs in Firefox with the help of Claude Mythos Preview and other AI models. In this post, we’ll go into more detail about how we approached this work, what we found, and advice for other projects on making […]The post Behind the Scenes Hardening Firefox with Claude Mythos Preview appeared first on Mozilla Hacks - the Web developer blog.

I will explain how my mum inspired this 2026 Mother’s Day scrollytelling experiment — but also, how she inspired my approach to dev and life.A Scrollytelling Gift for Mum on Mother’s Day 2026 originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation.

SummaryWe have shipped a coordinated security release for Next.js addressing 13 advisories across denial of service, middleware and proxy bypass, server-side request forgery, cache poisoning, and cross-site scripting. One advisory addresses an upstream React Server Components vulnerability tracked as . CVE-2026-23870Patched versions are available for both React and Next.js, and all should upgrade immediately.affected usersThe release addresses the following advisories:Affects applications that r

Yarn Classic is frozen, and its lack of recursive transitive updates is becoming a real liability in an era where CVEs land weekly. It's time to move on.

You can now store JSON values in , extending the existing support for boolean, string, and number values. This allows you to collapse what used to take several related flags into a single feature flag.Vercel FlagsFor example, to A/B test how a different model performs, you can now define a single flag. This allows you to manage one flag that serves the full object rather than managing , , and separately:modelai_modelai_temperatureai_max_tokensUse Vercel Flags to progressively route traffic to a

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/github-repo-stats">GitHub Repo Stats</a></p> <p>One of the things I always look for when evaluating a new GitHub repository is the number of commits it has... but that number isn't visible on GitHub's mobile site layout. I built this tool to fix that, using this prompt:</p><blockquote><p><code>Given a GitHub repo URL or foo/bar repo ID show information about that ...

Let's try a fresh take on animating focus rings around a page. Flying focus, as it were. Only instead of measuring where elements are ourselves, we'll let View Transitions figure it out.

Astro 6.3 introduces experimental advanced routing with Hono support, image redirect handling, resilient island hydration, and more.

Get more flexible autogenerated sidebars, improved styling, and stronger multilingual docs support with the latest Starlight release.

The HTML Sanitizer API is a new browser feature that helps developers prevent XSS vulnerabilities by safely sanitizing HTML content.

This blog has been adapted from an excerpted section of 1Password’s ebook: Credential sprawl: How AI increases the risks. To read the complete ebook and learn more about the evolving challenges of credential sprawl, click here.The proliferation of credentials outside centralized visibility and control is known as “credential sprawl,” and attackers are eager to take advantage of it. Unfortunately, credential management is a broad problem that only grows in complexity as organizations add new tool

Introducing new features in 1Password Enterprise Password Manager – MSP Edition to reduce client onboarding effort and give MSPs greater control over policies, access, and usage.Setting up and managing client environments often involves repetitive, manual work. Each new managed company requires policy setup, access configuration, and ongoing oversight. Repeating this across environments slows onboarding, introduces inconsistencies, and makes it harder to maintain control.To address this, 1Passwo

This article is about how a developer can make the most of AI tools, by making good architectural decisions and reviewing the code the AI generates.

Most teams shift left by adding scanners and gates after code exists. The real shift is encoding security, quality, and compliance as inputs to planning.

Bump minimum Fumadocs version.

What to validate, what to avoid, and how to keep your tokens out of trouble.

In a chatbot, prompt injection produces a wrong answer. In an agentic system, it produces a wrong action.

Electron 42 has been released! It includes upgrades to Chromium 148.0.7778.96, V8 14.8, and Node v24.15.0.

はじめに こんにちは。MIU AI戦略本部でAIエンジニアをしている田中宏樹です。 LLMを活用した ...

How to build the “Trust Layer” for Github Copilot Coding Agents without brittle scripts or black-box judgements by using dominatory analysis.The post Validating agentic behavior when “correct” isn’t deterministic appeared first on The GitHub Blog.

Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.

Mat Marquis on Google pulling the web standards equivalent of U2 album marketing:As a Chrome user, you’ll have received Gemini Nano in the form of a 4GB transfer recently; no permission asked or required. If you remove it, …Google’s Prompt API originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

On May 5, 2026, DENIC published broken DNSSEC signatures for the .de TLD, making millions of domains unreachable. Here's what 1.1.1.1 saw, how serve stale cushioned the impact, and how we restored resolution.

<p>I'm at Anthropic's Code w/ Claude event today. Here's my live blog of the morning keynote sessions.</p> <p>Tags: <a href="https://simonwillison.net/tags/ai">ai</a>, <a href="https://simonwillison.net/tags/generative-ai">generative-ai</a>, <a href="https://simonwillison.net/tags/llms">llms</a>, <a href="https://simonwillison.net/tags/anthropic">anthropic</a>, <a href="https://simonwillison.net/tags/claude">claude</a&gt...

<p>I recently talked with Joseph Ruscio about AI coding tools for Heavybit's High Leverage podcast: <a href="https://www.heavybit.com/library/podcasts/high-leverage/ep-9-the-ai-coding-paradigm-shift-with-simon-willison">Ep. #9, The AI Coding Paradigm Shift with Simon Willison</a>. Here are some of my highlights, including my disturbing realization that vibe coding and agentic engineering have started to converge in my own work.</p><p>One thing I really enjoy about ...

Most grid layouts sit in neat rows, perfectly aligned, like soldiers in formation. But sometimes you want something with more rhythm like, say, a zigzag pattern. Here's how to do it with CSS Grid.Making Zigzag CSS Layouts With a Grid + Transform Trick originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The Mindful Design Toolkit is a collection of free, open source templates, workshops, and resources, built to empower your design journey. To coincide with the launch, we’ve also opened up over two hours of free lessons from the Mindful Design course.The toolkitFor a long time, open source projects and packages have given developers a wealth of resources to learn, improve, or simply make our lives easier. While there are some fantastic open source design tools out there, when it comes to the act

An honest perspective on building local-first web apps in 2026, written for developers who’ve been doing this long enough to be skeptical of silver bullets.

Get a preview of the next Chrome release with this post detailing the features in the current beta.

Stateless auth, RLS-scoped clients, and CORS on the server, without the boilerplate.

`sibling-index()` は要素の兄弟要素の中でのインデックスを返します。`sibling-index()` 関数により取得したインデックスを使用することにより、スタッガー（時間差）アニメーションや、色相を段階的に変えるといった、兄弟要素の位置に基づいたスタイリングが可能になります。これまでは JavaScript を使用して実装する必要があったような効果も、純粋な CSS で実現できるようになります。

Most marketing sites ship a SPA framework just to toggle a sidebar. Here's how we migrated an Astro site from React and Ark UI to native Web Components: 100 KB less JavaScript, no functionality lost, and a tiny library called nanotags that makes Custom Elements enjoyable to write.

Listen to this episode on Apple PodcastsnullListen nowListen to this episode on SpotifynullListen nowSecurity is tied to business operations in many (often unappreciated) ways, but the connection is rarely more visible or consequential than during an acquisition or partnership. In those deals, a company stakes its reputation and finances on another company, and a lapse in security can throw the whole thing into chaos.That’s the subject of this episode of Chasing Entropy, in which Dave Lewis talk

The perils of logging in

The thinking and intentionality behind our latest brand evolution, website, and what it says about the future of Remix.

The 2026 guide to SSO, SCIM, MCP, audit logs, RBAC, and the rest of the B2B SaaS enterprise readiness checklist.

A practical comparison of the leading MCP authentication providers across OAuth 2.1 support, enterprise identity, and integration paths.

A detailed glimpse at Project Horizon: an internal code factory at WorkOS.

Modern phones are not simple rectangles. They have rounded corners, camera cutouts, dynamic islands, and home indicators that double as…

Pro teams can now choose how Git committers to private repositories are added to their Vercel team. Choose your approval preference in .team settingsLearn more about and .collaboration settingstroubleshooting project collaborationRead more: non-team committers with Vercel accounts are automatically added to your team and their deployments proceed immediately. Added members count toward your team seats at standard Pro pricing.Auto Approval: deployments are blocked until an owner approves the new

You can now secure native integration resources by restricting where they can be used. Setting a resource to removes non-production access and protects credentials as . This makes it so secret values or no longer readable from the dashboard or CLI Production onlysensitive environment variablesFrom the integration resource , select and save. We recommend that you rotate the secrets of the integration resource after saving.SettingsAllowed Environments → Production onlyOnce applied:Reverting this s

Matt Smith makes a lot of good points in his article about no longer chaining things in JavaScript. Just those first two code samples in the post say a lot, but stick around for all the samples and learn a little somethin’. To me, it’s the inevitability that I’m going to need to log something between the […]

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-referrer-policy/releases/tag/0.1">datasette-referrer-policy 0.1</a></p> <p>The OpenStreetMap tiles on the Datasette <a href="https://datasette.io/global-power-plants/global-power-plants">global-power-plants demo</a> weren't displaying correctly. This turned out to be caused by two bugs.</p><p>The first is that the CAPTCHA <a href="https://github.com/s...

<p><strong><a href="https://andonlabs.com/blog/ai-cafe-stockholm">Our AI started a cafe in Stockholm</a></strong></p>Andon Labs previously <a href="https://andonlabs.com/blog/andon-market-launch">started an AI-run retail store</a> in San Francisco. Now they're running a similar experiment in Stockholm, Sweden, only this time it's a cafe.</p><p>These experiments are interesting, and often throw out amusing anecdotes:</p><blockq...