Explore our update on GitHub’s accessibility strategy, and learn how you can join us in building a culture of accessibility.The post Building GitHub’s next chapter in accessibility appeared first on The GitHub Blog.

Why we needed an agent firewall that speaks more than HTTP.

Learn how to write effective alternative text for images — and let CKEditor AI generate it for you. Covers WCAG guidelines, context-based best practices, and how to handle decorative, complex, and linked images.

Dev Machine Guard now scans IDE extensions across VS Code, Cursor, Windsurf, JetBrains IDEs, Android Studio, Eclipse, and Xcode on macOS, Windows, and Linux. Get a unified inventory, extension risk scoring, typosquat detection, and compromised extension visibility across your entire developer fleet.

Yarn Berry, pnpm, and npm all support surgical CVE remediation. Bun, today, doesn't. Here's what I found when I tried to apply my own workflow to a Bun project.

A quick note before we get into things: this is a practical guide that covers managing, building and packaging design system components. It’s impossible to go into thorough detail at every step of the way without this becoming a full course. Some basic knowledge is assumed:A basic working knowledge of HTML and CSSA basic grasp of web componentsA working installation of Node.js and npmAbility to navigate a terminal well enough to install some packagesBasic knowledge of config files and JSONGraspi

You can now access anomaly alerts and their details directly through the .Vercel CLIWith the command, you can list all alerts for a team or given project. For each alert, you can view the start time, the type of alert, and whether or not the alert is still active.vercel alertsWith the option, the AI investigation results appear alongside each alert. You and your agent can act on alerts without leaving the terminal.--aiAvailable on .Observability PlusLearn more about in the .vercel alertsCLI docu

Meet `sibling-index()` and `sibling-count()`. Staggered cascade effect in one line of CSS without `:nth-child()` rules or JS workarounds. Works for 5 items or 5,000.

A poisoned VS Code extension breached GitHub. A trojanized PyPI package hit Microsoft. Compromised GitHub Actions and a self-spreading npm worm targeted thousands more. In just 48 hours, attackers hit every layer of the software development pipeline. Traditional security tools did not stop any of it.

Qwen 3.7 Max from Alibaba is now available on . The model is designed as an agent foundation, with capabilities spanning coding, office workflow automation, and long-horizon autonomous execution.Vercel AI GatewayQwen 3.7 Max shows improvements in frontend prototyping and complex multi-file engineering. The model supports office and productivity tasks through multi-agent orchestration and sustains coherent reasoning across long-horizon tool-calling sessions.To use Qwen 3.7 Max, set model to in th

Orchestration Guildメンバーの福山です。普段はLINEレストランプラスというサービスで、フロントエンド開発を担当しています。この記事は、Orchestration Developme...

LINEヤフー株式会社では、技術に関するイベントや勉強会の主催・協賛などを行っています。最新情報は各リンク先でご確認ください。タイミングによっては、申し込み開始前や既に満席となっていることがあります。...

Un logiciel sur mesure. 5 000 € en 4 semaines, livré ou remboursé.

A step-by-step guide to migrating homegrown SAML and OAuth/OIDC connections to WorkOS with zero customer downtime

What engineers and founders need to know about designing APIs, tools, and interfaces for agent-driven workflows

Google enforces exact-match redirect URIs with no wildcards and no exceptions. Here's how to handle that cleanly when every customer has their own domain.

<blockquote cite="https://www.sec.gov/Archives/edgar/data/1181412/000162828026036936/spaceexplorationtechnologi.htm"><p>We have the ability to use compute resources to support our proprietary AI applications (such as Grok 5, which is currently being trained at COLOSSUS II), while also providing access to select compute capacity to third-party customers. For example, in May 2026, we entered into <strong>Cloud Services Agreements with Anthropic PBC</strong> (“Anthropic”), ...

Compromised npm package art-template delivered a Coruna-like iOS Safari exploit framework through a watering-hole attack.

If any impact is discovered, customers will be notified via established incident response and notification channels.The post Investigating unauthorized access to GitHub-owned repositories appeared first on The GitHub Blog.

<p><strong><a href="https://mikeveerman.github.io/tokenspeed/">How fast is 10 tokens per second really?</a></strong></p>Neat little HTML app by Mike Veerman (<a href="https://github.com/MikeVeerman/tokenspeed/blob/master/index.html">source code here</a>) which simulates LLM token output speeds from 5/second to 800/second.</p><p>Useful if you see a model advertised as "30 tokens/second" and want to get a feel for what that actually look...

Nx Console VS Code Extension Compromised

Dev Machine Guard now supports Linux, giving security teams full visibility into Linux, macOS, and Windows developer machines. Detect AI coding agents, IDE extensions, MCP servers, npm and system packages, and compromised dependencies across your entire developer fleet from one dashboard.

Dev Machine Guard now supports Windows, giving security teams full visibility into Windows and macOS developer machines. Detect AI coding agents, IDE extensions, MCP servers, npm packages, and compromised dependencies across your developer fleet from a single dashboard.

Three malicious versions of Microsoft's official durabletask Python SDK were published to PyPI on May 19, 2026. The compromised package silently downloads and executes a 28 KB payload that steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations, then spreads laterally through cloud infrastructure. The payload skips systems with a Russian locale, a hallmark of Eastern European cybercrime operations. The attack has been linked to the TeamPC

Disabling asm.js optimizations in SpiderMonkey

A recap of the WorkOS Applied AI showcase: the team, the tools (WOW, Horizon, Case, Wallaby), and what we've learned shipping AI internally.

<p>It's hard to find much to write about Google I/O this year because I have a policy of not writing about anything that I can't try out myself, and a lot of the big announcements are "coming soon".</p><p>I actually prefer to write about things that are in general availability, because I've had instances in the past where the previews didn't match what was released to the general public later on.</p><p>Aside from <a href="https://simonwillison.net/2026/May/19/ge...

As AI accelerates how code is written and shipped, Socket is scaling to protect the software supply chain from the growing wave of attacks targeting open source dependencies.

記事は ics.media へアクセスしてご覧ください。

Socket is scaling to defend open source against supply chain attacks as AI accelerates software development.

It still hits like a ton of bricks to see the steep decline in Stack Overflow questions. What does that mean about learning in our industry?Stack Overflow: When We Stop Asking originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Good luck on non-Apple devices! You may want to try remote hardware or an online service. Or go refurbished and try to keep the cost down.

The release brings AI Chat improvements and experimental AI support for multi-root and multiple editor setups, along with several fixes and improvements.

NGINX is at the heart of a significant portion of the modern internet. Trusted at scale for more than two decades, it helps deliver the traffic for over one third of the internet today. NGINX is the quiet workhorse behind a huge slice of the traffic you served, fetched, and clicked through today. A project […]

Grok Build 0.1 is now available on .Vercel AI GatewayThis is a beta coding model trained for agentic coding, currently in early access, and powers the Grok Build CLI app. Reasoning effort is not configurable, and there is no non-reasoning mode.To use Grok Build 0.1, set model to in the .xai/grok-build-0.1AI SDKAI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and performance optimizations for higher-than-provider uptime. It includes

こんにちは！PR TIMESの田中 湧大（@Romira915）です。普段はエンジニアとして、プレスリリース配信サービス PR TIMES の開発を行っています。 PR TIMES は Laravel […]

Coding agents like Codex are helping developers write, execute, and prepare code for production. Every action that AI coding agents take against a database, an API, or a deployment pipeline requires access to credentials. Today, these credentials typically live in .env files, scripts, or hardcoded in repositories, where they can be easily exfiltrated and are difficult to govern and audit. The shift from AI assistance to AI execution has outpaced how teams manage the secrets needed for execution.

There’s a question we get asked constantly, and it’s the right one to ask: “Can 1Password see the contents of my vault?”The answer is no, and it’s because of how we built the product, not just a promise we’re making. That’s an important distinction, because “we promise” has never been an acceptable answer in this industry. After all, promises get broken, and companies get compromised, acquired, and are under constant attack from threat actors. 1Password’s commitment to our security principles is

Keycloak SCIM vs. WorkOS Directory Sync: A deep dive into features, gaps, and production readiness.

Humans, scripts, and AI agents are all calling your API. Here's how to give each of them secure, scoped credentials without building key management from scratch.

Stolen tokens should be worthless. Here's how to make them so.

Chat SDK now ships a built-in toolset through the new subpath. One call wires Chat SDK's read and write actions into your agent.AI SDKchat/aicreateChatTools(chat) and its supporting types have moved to . The previous re-exports are flagged .toAiMessageschat/aichat@deprecatedRead the to get started, or try one of our .documentationtemplatesRead morewrite tools are gated by a option.Approval by default: requireApproval, , and scope the toolset.Presets: readermessengermoderatoronly the tools your p

You can now read the parent issue or pull request when your bot is mentioned in a Linear or GitHub comment. resolves to that parent with title, status, URL, and the full typed payload.message.subject is cached per message, so repeated access only hits the API once. It resolves to on Slack and other chat platforms, where there's no parent resource.message.subjectnullThe GitHub, Linear, and Slack adapters now expose their underlying platform SDKs. Use them to extend your bot by calling provider AP

You can now pause a run on a Chat SDK card and resume it when someone clicks a button. The same flow works for form submissions. Buttons and modals accept a new prop, and the event payload is sent to that endpoint.WorkflowcallbackUrlTo build a card like this, create a and pass its URL to each button's prop inside your component:workflow webhookcallbackUrl<Card>For the component, the form data is in the payload. works for buttons on most platforms with an , and for modals on Slack and Teams...

The gives any WordPress site access to hundreds of models from 40+ providers through a single API key. Providers include Anthropic, Google, OpenAI, xAI, DeepSeek, MiniMax, Moonshot AI, and more.Vercel AI Gateway pluginThe plugin is implemented as a connector for the new , which requires WordPress 7.0, released today.WordPress AI ClientTo call AI Gateway directly from your own code:See the for more details, including examples for text, structured JSON output, image generation, and video.plugin do

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-gemini/releases/tag/0.32">llm-gemini 0.32</a></p> <blockquote><ul><li>New model <code>gemini-3.5-flash</code> for <a href="https://blog.google/innovation-and-ai/models-and-research/gemini-models/gemini-3-5/">Gemini 3.5 Flash</a>.</li></ul></blockquote><p>See also my <a href="https://simonwillison.net/2026/May/19/gemini-35-fl...

はじめに こんにちは。CyberAgent Dev PlatformでBucketeerのオーナーを ...

<p>Today at Google I/O, Google <a href="https://blog.google/innovation-and-ai/models-and-research/gemini-models/gemini-3-5/">released Gemini 3.5 Flash</a>. This one skipped the <code>-preview</code> modifier and went straight to general availability, and Google appear to be using it for a whole lot of their key products:</p><blockquote><p>3.5 Flash is available today to billions of people globally:</p><ul><li>For everyone via the...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm-accountant/releases/tag/0.1a4">datasette-llm-accountant 0.1a4</a></p> <blockquote><ul><li>Fixed bug tracking chains of responses. Refs <a href="https://github.com/datasette/datasette-llm/issues/7">datasette-llm#7</a></li></ul></blockquote> <p>Tags: <a href="https://simonwillison.net/tags/datasette">datasette</a>, &...

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-gemini/releases/tag/0.32a0">llm-gemini 0.32a0</a></p> <blockquote><ul><li>Compatible with <code>llm>=0.32a0</code> alpha - adds the ability to stream reasoning tokens.</li></ul></blockquote> <p>Tags: <a href="https://simonwillison.net/tags/llm">llm</a>, <a href="https://simonwillison.net/tags/gemini">gemini</a&g...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm/releases/tag/0.1a8">datasette-llm 0.1a8</a></p> <blockquote><ul><li>Fix for bug where <code>llm_prompt_context()</code> hook did not fully collect chains of responses. #7</li></ul></blockquote>

A long-running Go typosquat impersonated the popular shopspring/decimal library and used DNS TXT records to execute commands.

The now supports . Your agent tools can return interactive HTML responses that MCP clients like Claude and ChatGPT render inline, rather than plain-text responses.Nuxt MCP ToolkitMCP appsDeclare a tool with the macro, then read pre-hydrated data, trigger follow-up prompts, or call other tools from inside the UI with the composable. The toolkit bundles each Vue SFC into a self-contained HTML file at build time and serves it from your MCP endpoint.defineMcpAppuseMcpAppRead the to get started.Nuxt

Una Kravets: Creating non-standard shapes on the web, like a speech bubble or a heart have typically required you to cut off your actual borders with clip-path. […] This is where border-shape comes in. It’s a powerful upcoming CSS primitive that defines a custom shape for an element’s border. Welp, clip-path() had a good run. I’ll always be fond […]

Cloudflare has integrated with Anthropic's Claude Managed Agents to provide a fast, isolated execution environment for autonomous code delivery. This means builders can scale agent workflows globally while strictly controlling access to private backends and easily customizing their agent’s tools and runtimes.

Learn about the key announcements from Google I/O 2026.

Chrome DevTools for agents provides your coding agent with the visibility it needs to verify, debug, and optimize code in real time.

Learn about new out-of-order streaming capabilities and the renewed HTML insertion and streaming methods available for testing from Chrome 148

Learn about the HTML-in-Canvas origin trial in Chrome, and how it can help bring the DOM to your Canvas-driven applications.

Gemini 3.5 Flash is now available on .Vercel AI GatewayThis model has improved coding proficiency and parallel agentic execution loops versus previous Flash versions. It also brings improvements to core reasoning, instruction following, and multi-turn coherence, with stronger performance on complex tasks and higher-quality reasoning traces in thinking mode.3.5 Flash defaults to the thinking level, balancing response quality with faster, more cost-efficient generation.mediumTo use Gemini 3.5 Flas

A new wave of the Mini Shai-Hulud worm has compromised packages across Alibaba's AntV data visualization ecosystem, echarts-for-react, timeago.js, and dozens more. Stolen CI/CD secrets are being dumped to thousands of public GitHub repositories as the attack continues to spread.

The popular GitHub Action actions-cool/issues-helper has been compromised. Every existing tag in the repository has been moved to point to a single imposter commit that does not appear in the action's normal commit history. That commit contains malicious code that exfiltrates credentials from CI/CD pipelines that run the action.

Introducing Secure Registry by StepSecurity: install-time defense for the npm supply chain. Block malicious packages, enforce package cooldowns, and protect CI/CD pipelines, developer machines, and artifact managers from modern software supply chain attacks.

Active Supply Chain Attack: Malicious node-ipc Versions Published to npm StepSecurity has detected multiple malicious releases of the popular node-ipc npm package. Three versions are currently known to be compromised, containing an obfuscated payload designed to steal cloud credentials, SSH keys, and CI/CD secrets. Our team is actively analyzing the attack, and this post will be updated as our investigation progresses

Active npm supply chain attack compromises @antv packages in a fast-moving malicious publish wave tied to Mini Shai-Hulud.

こんにちは、iOSエンジニアのyamakenです。2026年4月12日（日）から14日（火）の3日間にわたり開催された、try! Swift Tokyo 2026に、LINEヤフー株式会社はGOLDス...

<p>I put together these annotated slides from my five minute lightning talk at PyCon US 2026, using the <a href="https://tools.simonwillison.net/annotated-presentations">latest iteration</a> of my <a href="https://simonwillison.net/2023/Aug/6/annotated-presentations/">annotated presentation tool</a>.</p><div class="slide" id="5-minutes-llms.001.jpeg"> <img loading="lazy" src="https://static.simonwillison.net/static/2026/5-minutes-llms/5-minutes-llms....

Val Town is the Salt Fat Acid Heat of vibe coding platforms

AI-assisted code generation is not free. It comes with a hidden cost: burnout. Are we dangerously ignorant to this problem? And how can we cope with it? In this post, we discuss this question.

Design system work follows a well-defined loop: read the ticket, check the Figma spec, find the right component primitives, apply the right tokens, write the Storybook stories, run the tests, open the PR. The steps are consistent enough that when we looked at our design system backlog, we didn't just see a list of tasks; we saw a set of instructions waiting to be executed.So we set an agent loose on the loop. At first, it was a semi-hot mess. But then we gave it the right context, and boom, it h

Zero-Shot Learning is a podcast for AI builders, hosted by Nancy Wang, Chief Technology Officer at 1Password, and Dev Tagare, Senior Director and Head of Engineering for Gemini Enterprise & Business at Google. Together, they’ve built and scaled AI systems at the infrastructure and product layers and bring a builder's perspective to every conversation.The name, zero-shot learning, is an AI concept about applying existing knowledge to new tasks without specific training. For this show, it’s al...

Webpack 5.107

How SSO eliminates the manual work of enterprise user onboarding.

What happens to a user's session when they switch organizations, how to scope tokens to prevent cross-tenant leaks, and where most implementations still go wrong.

I tried to reverse-engineer how SSO works from three angles: as the employee logging in, the IT admin managing access, and the developer who needs to support it. Here is what I learned.

Flat Rate CDN is now available in Limited Beta for Pro teams. It replaces usage-based CDN pricing with a fixed monthly fee.Viral posts, unfiltered bots, or misconfigured routes can turn a normal month into a surprise bill. Flat Rate CDN makes your cost predictable.Flat Rate CDN is a good fit for teams with unpredictable CDN bills, individual builders who don't want a usage spike to break the bank, and growing businesses that need to know their CDN costs before the month starts.Pro teams can join

You can now run with .Claude Managed AgentsVercel SandboxClaude Managed Agents handles the model, harness, tools, and session state. Self-hosting lets you bring the execution environment, so an agent's tool calls run on your existing Vercel infrastructure with your private APIs, internal services, and customer data.Each agent session runs in its own isolated Firecracker microVM, using the same infrastructure that powers 1B+ Vercel deployments with enterprise-grade security, availability, and per

Monorepos can now opt in to a single, consolidated commit status on pull requests instead of one commit status per project. For repos with many projects, teams can configure GitHub branch protection once, then manage which Vercel projects are required for merge in each project’s settings. Read more about and and enable Consolidated Commit Status from your .Github Commit statusesproject settingsRead more

Automatic setup with agents, review filters, TanStack React, and more

Vercel Firewall now waives CDN Requests and Fast Data Transfer for any traffic denied, challenged, or rate‑limited by Web Application Firewall (WAF). Vercel has always provided unlimited DDoS mitigation at no cost. Vercel WAF, included in CDN cost, gives you custom rules, managed rules, and rate limiting for bad traffic that isn't DDoS. With this change, you don't pay for requests or bandwidth that WAF denies, challenges, or rate‑limits. That means no surprise bill when a scraper hammers your pr

Kick off work in VS Code or the CLI, finish it from your phone. Remote control for GitHub Copilot sessions is now generally available on github.com and GitHub Mobile. The post Take your local GitHub sessions anywhere appeared first on The GitHub Blog.

<p><img src="https://static.inaturalist.org/photos/662161673/large.jpg" alt="Glaucous-winged Gull"></p><p><img src="https://static.inaturalist.org/photos/662161721/large.jpg" alt="Glaucous-winged Gull"></p><p><img src="https://static.inaturalist.org/photos/662161937/large.jpg" alt="Brown Pelican"></p><p><img src="https://static.inaturalist.org/photos/662161148/large.jpg" alt="Snowy Egret"></p><p><img src="https://s...

RSCs in TanStack Start are server-only executed code — perhaps a significant improvement over the Next.js implementation.

This is Part 1 of a two-part series about cross-document view transitions, going over all the gotchas, from ditching the deprecated way to opt into them to a little-known 4-second timeout.Cross-Document View Transitions: The Gotchas Nobody Mentions originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Inside Claude Day at WorkOS: 39 teams, a one-day hackathon, and one rule — the non-engineer drives. Here's what we built and what we learned.

Hermes Agent は v0.14.0 で xAI の Grok モデルとの統合できるようになりました。Grok モデルは X（旧 Twitter）の投稿を検索できる `x_search` ツールを使えることが特徴で、リアルタイムでトレンドを把握したり、最新の情報を取得できることが強みとなっています。この記事では Hermes Agent と Grok の統合を試してみた様子を紹介します。

In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and weaknesses, and what the work around them needs to look like before any of it can scale.

こんにちは、フルタイムで Ruby の開発をしている遠藤（@mametter）です。 Spinel で Optcarrot を走らせることができた！？ので、その結果をご報告します。 Spinel とは 先日の RubyKaigi 2026 では、Ruby の AOT コンパイラである Spinel が発表されました。 Spinel は抽象解釈に基づいて Ruby コードの型を推定し、それに最適化した表現で Ruby コードを C 言語コードに変換します。 Matz 自ら作っていること、全面的に AI に作らせていることなどが話題です。 Spinel は TypeProf に着想を得て作られてい…

Coding Agentと業務ツールを連携した業務改善は、開発現場では当たり前になりつつあります。しかし、その恩恵は本当に組織全体に広がっているでしょうか。「一度触ればすごさはすぐ伝わる。ただ、その一...

Arabic, Hebrew, and other right-to-left script users often can't type properly in apps that never considered them. The fix is usually two HTML attributes. Here's exactly what to add, and when.

AI coding tools have changed who builds software. The barrier to entry has dropped to the point where a designer, an analyst, or a first-time founder can turn an idea into a working app in an afternoon. That shift is real, and it's accelerating.But every app needs to talk to something. Every API call, database connection, and automated workflow runs on secrets: API keys, tokens, SSH keys, service account credentials. And those secrets have to live somewhere.For most people building with AI tools

Build an authorization model your B2B app won't outgrow: how to go from flat roles to fine-grained, resource-scoped access control without a rewrite.

A developer's guide to Client-Initiated Backchannel Authentication (CIBA) for agentic systems.

こんにちは。AIドリブン推進室の神谷 @_yukamiya です。 サイバーエージェン ...

<p><strong><a href="https://shkspr.mobi/blog/2026/05/gds-weighs-in-on-the-nhss-decision-to-retreat-from-open-source/">GDS weighs in on the NHS's decision to retreat from Open Source</a></strong></p>Terence Eden continues his coverage of the NHS' <a href="https://shkspr.mobi/blog/2026/05/nhs-goes-to-war-against-open-source/">poorly considered decision</a> to close down access to their open source repositories in response to vulnerabilities...

What Answer Engine Optimization and Generative Engine Optimization mean, and how to get your site cited by AI Overviews, ChatGPT, Claude, Perplexity, and Gemini.

<p>In preparation for a lightning talk I'm giving at PyCon US <a href="https://us.pycon.org/2026/schedule/presentation/175/">this afternoon</a> I decided to figure out how many names OpenClaw has <em>actually</em> had since that <a href="https://github.com/openclaw/openclaw/commit/f6dd362d39b8e30bd79ef7560aab9575712ccc11">first commit</a> back in November.</p><p>Thanks to this <a href="https://tools.simonwillison.net/python/#first_line_hi...

<blockquote cite="https://jvns.ca/blog/2026/05/15/moving-away-from-tailwind--and-learning-to-structure-my-css-/"><p>[...] in the last 10 years I’ve learned to really love and respect CSS as a technology.</p><p>So I decided years ago that I wanted to react to “CSS is hard” by getting better at CSS and taking it seriously as a technology, instead of devaluing it. Doing that changed everything for me: I learned that so many of my frustrations (“centering is impossible”) had...

OpenUI は Generative UI を構築するためのフレームワークです。OpenUI 言語と呼ばれる独自の宣言型言語を使用して、AI が UI を構築するための指示を与えるという新しいアプローチを提供します。この記事では OpenUI を使用して Generative UI を実装する方法について解説します。

I built ZIP Shrinker, a little browser tool to shrink ZIP files. It also works with formats that are secretly ZIPs underneath, like APK, EPUB, JAR, and many more.Try it out!How does it work?At a high level, this tool (1) re-compresses every file in the ZIP archive with higher compression (2) removes all metadata (3) removes entries for directories.Re-compressingZIP files are typically compressed with an algorithm called Deflate.There are a few tools that can re-compress Deflate data and make it

<p><strong>Release:</strong> <a href="https://github.com/simonw/inaturalist-clumper/releases/tag/0.1">inaturalist-clumper 0.1</a></p> <p>Part of the infrastructure I use for <a href="https://simonwillison.net/2026/May/1/inat-sightings/">publishing my iNaturalist sightings on my blog</a>. I've been running this in production for a few weeks now, inspiring some iterations on how it works, so I decided to ship a 0.1 release.</p><p>Y...

Learn about the experimental general-purpose accessibility agent that GitHub is piloting.The post Building a general-purpose accessibility agent—and what we learned in the process appeared first on The GitHub Blog.

<p><img src="https://static.inaturalist.org/photos/660343826/large.jpg" alt="Western Gull"></p><p><img src="https://static.inaturalist.org/photos/660344126/large.jpg" alt="Rock Pigeon"></p><p>Western Gull, Rock Pigeon, in Los Angeles Area (custom), CA, US</p><p>I went for a bird walk in the morning before PyCon, and we spotted a local seagull enjoying a Starbucks.</p>

We're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings.The post Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program appeared first on The GitHub Blog.

This time we get into very smooth starts and stops for infinite animations using CSS. One of the tricks is layering on a transition on top of an animation.

If 3D voxel scenes (that you can style), flying focus animations, or new CSS syntaxes sound like your kinda thing, then this issue of What’s !important is definitely for you.What’s !important #11: 3D Voxel Scenes, Flying Focus, CSS Syntaxes, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

YorickLLM chatbots are out and dead chatbots are in.How diamonds are madeThis is just absolutely stunning work.TakenThis does an excellent job of highlighting how easy it is for companies to be creepy and build a fingerprint on you, using information the browser happily hands over.Making an original Jubilee line door button into a Hue light switchA very cool idea and reading about the how was an absolute joy.How we’re approaching theming with modern CSSHere's one from the Piccalilli archives tha

Every extra second of friction has a measurable business cost. Carrie Webster shares ten data-backed UX facts that link user experience directly to revenue, retention, and long-term growth.

A new way to style gaps in CSS from Chrome and Edge 149.

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/qr-code-generator">QR code generator</a></p> <p>Claude helped me build this tool for creating QR codes, for both text/URLs and for connecting to WiFi networks.</p><p><img alt="Screenshot of a QR code generator web form. Heading "QR code generator" with subtitle "Create a scannable code for a URL, text, or WiFi network." A segmented toggl...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm-limits/releases/tag/0.1a0">datasette-llm-limits 0.1a0</a></p> <p>This plugin works in conjunction with <a href="https://github.com/datasette/datasette-llm">datasette-llm</a> and <a href="https://github.com/datasette/datasette-llm-accountant">datasette-llm-accountant</a> to let you configure a per-user (or global) spending limit for LLM usage inside o...

HighlightsNew includeIgnoreFile() helperThis release introduces the includeIgnoreFile() helper for configuration files that allows for including patterns from .gitignore files or any other files with gitignore-style patterns.Previously available in the external package @eslint/compat, the new includeIgnoreFile helper function is exported from the eslint/config entrypoint and provides an extended API that allows multiple files to be included and patterns to be interpreted relative to the location

User-scoped keys, org-scoped keys, and M2M applications cover most agent scenarios in B2B products, but the right choice depends on who the agent acts for, and how it runs.

You can now use native syntax with the Vercel CLI. The command accepts full URLs, bare hostnames, and the flag, and uses your Vercel auth to bypass .curl--urlvercel curlDeployment ProtectionIf you've linked a project, you can also pass just a path:Update to the latest Vercel CLI version and run to get started. Learn more in the .vercel curlVercel CLI documentationRead more

You can now sort the providers behind a model by cost, time to first token (TTFT), or throughput (TPS) in .AI GatewayThe default provider order blends provider reliability, quality of model output, cost, and speed of response. You can now use for explicit control over ranking criteria.sortFor models with many providers and noticeable cost or speed variation, you can use to optimize on your dimension of choice. Ranking is computed at request time, so newly added providers, price changes, and shif

<p>This <a href="https://simonwillison.net/2026/May/14/mitchell-hashimoto/">Mitchell Hashimoto quote</a> about Bun migrating from Zig to Rust reminded me of a similar conversation I had at a conference last week.</p><p>I was talking to someone who worked for a medium sized technology company with a pair of legacy/<a href="https://simonwillison.net/2018/Jul/17/mark-norman-francis/">legendary</a> iPhone and Android apps.</p><p>They told me the...

<blockquote cite="https://twitter.com/mitchellh/status/2055039647924007222"><p>[...] On the interesting side is how fungible programming languages are nowadays. Programming languages used to be LOCK IN, and they're increasingly not so. You think the Bun rewrite in Rust is good for Rust? Bun has shown they can be in probably any language they want in roughly a week or two. Rust is expendable. Its useful until its not then it can be thrown out. That's interesting!</p></blockq...

In April, we experienced 10 incidents that resulted in degraded performance across GitHub services.The post GitHub availability report: April 2026 appeared first on The GitHub Blog.

The job is creating dependable applications in production. Not just "a developer who uses LLMs", but an engineer in a constant evaluation and improvement loop.