JSer.infoの情報源となるサイトをまとめたサイトです。
全てのサイトを一つにまとめたRSSを配信しています

Slackに貼り付けると更新を受け取ることができます

直近1週間の更新

7/18 (土)

記事のアイキャッチ画像
Claude make Fable 5 permanent Simon Willison's Weblog
<p><strong><a href="https://twitter.com/claudeai/status/2078302415804379218">Claude make Fable 5 permanent</a></strong></p>An update from the <code>@claudeai</code> account on Twitter:</p><blockquote><p>Beginning July 20, Claude Fable 5 will be included in all Max and Team Premium plans, at 50% of limits.</p><p>Pro and Team Standard users will continue to have access to Fable via usage credits, and will receive a one-...
4時間前
記事のアイキャッチ画像
nascheme/quixote Simon Willison's Weblog
<p><strong><a href="https://github.com/nascheme/quixote">nascheme/quixote</a></strong></p>A certain vintage if Python web nerd might be delighted to learn that the most recent commit to the Quixote web framework was <a href="(https://github.com/nascheme/quixote/commit/7f775cf9d1e7e80fcbb2706b4a1d971e55ca74a3)">six hours ago</a>.</p><p>The <a href="https://github.com/nascheme/quixote/commit/d6b73c5768c2d041b68b54cc71863604249abc18"&g...
5時間前
記事のアイキャッチ画像
最近の AI コーディングで実践している、設計を中心とした開発の進め方 ブログのファビコン azukiazusa のテックブログ2
AI コーディングエージェントの自律性が向上し、複数のエージェントを並行して動かすことが日常になったことで、開発の中で最も時間を使う工程が実装から設計へ移りつつあります。この記事では、設計セッション、Git worktree を使った並列実行、自律的な検証、AI によるコードレビューなど、最近の私が実践している開発の進め方を紹介します。
7時間前
記事のアイキャッチ画像
Cloudflare WAF protects WordPress applications from two high-severity vulnerabilities ブログのファビコン The Cloudflare Blog
Cloudflare has deployed two WAF rules in response to high-severity vulnerabilities disclosed to us by the WordPress security team. The new rules protect all Cloudflare customers using affected WordPress versions, but customers should still update immediately to a patched release
13時間前
記事のアイキャッチ画像
Unauthenticated RCE in WordPress core (wp2shell), via SQL injection ブログのファビコン Aikido Security's Blog
WordPress core has an unauthenticated RCE (wp2shell), confirmed as SQL injection. Update to 7.0.2 or 6.9.5 now, with mitigations if you can't patch yet. Block the attack class at runtime with Aikido Zen.Category: Vulnerabilities & Threats
13時間前
記事のアイキャッチ画像
Masonry (with Animation) in CSS ブログのファビコン Master.dev Blog RSS Feed
Masonry.js was famous for creating, uh, Masonry layouts. But it did something else, too: animate fluid grids. Here's a way to get that in native CSS as well as the layout.
14時間前
記事のアイキャッチ画像
The cost of saying yes has changed ブログのファビコン The GitHub Blog
The cost of writing code dropped; the cost of owning it didn't. A framework for deciding which changes are actually cheap in the AI era.The post The cost of saying yes has changed appeared first on The GitHub Blog.
18時間前
記事のアイキャッチ画像
Top Pentera alternatives for automated penetration testing ブログのファビコン Aikido Security's Blog
Compare the top Pentera alternatives for automated pentesting in 2026. See where Aikido Security, XBOW, Horizon3, Hadrian, RunSybil, Terra, and Astra fit best.Category: DevSec Tools & Comparisons
18時間前

7/17 (金)

記事のアイキャッチ画像
Quoting Kimi K3 Simon Willison's Weblog
<blockquote cite="https://news.ycombinator.com/item?id=48935342#48936515"><p>Is there something I can actually help you with today?</p></blockquote><p class="cite">— <a href="https://news.ycombinator.com/item?id=48935342#48936515">Kimi K3</a>, after refusing to leak its system prompt</p> <p>Tags: <a href="https://simonwillison.net/tags/kimi">kimi</a>, <a href="https://simonwillison.net/tags/ai-personality">ai-pers...
21時間前
記事のアイキャッチ画像
LLM cliché highlighter Simon Willison's Weblog
<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/llm-cliche-highlighter">LLM cliché highlighter</a></p> <p>I got frustrated reading <em>yet another</em> article that was crammed with the clichés of LLM-generated writing - "no fluff, no filler, no jargon" type stuff - so I had Fable 5 vibe code up this app for highlighting ten common patterns that show up in that sort of writing.</p><p><img alt="Screenshot of ...
1日前
記事のアイキャッチ画像
The Index: Issue #191 ブログのファビコン Piccalilli - Everything
Howdy! Before we get into the links, we're going to take a break next week, so we'll see you on July 31 🌴Art as resistenceMore of this please!Mildliner referenceIf you've ever thought "I wish I could use Midliner marker colours on the web" then this link is specifically for you. Very nice stuff.The AI hype reckoning is upon usNot long now, friends. Increasingly — and more urgently — we need to be talking about how to make sure these hype cycles never happen again.You can just print an air purif...
1日前
記事のアイキャッチ画像
When It Makes Sense To “Block” The Main Thread ブログのファビコン Articles on Smashing Magazine — For Web Designers And Developers
The common rule of thumb is to never “block” the browser’s main thread when running JavaScript tasks. But is this a hard rule? Victor Ayomipo describes a use case he encountered involving a screenshot extension where he made an exception to the rule and decided that blocking the main thread was absolutely the right thing to do.
1日前
記事のアイキャッチ画像
Data downloaded by Vercel Sandbox is now free ブログのファビコン Vercel News
no longer bills for data it downloads from the internet. Installing packages, cloning a Git repository, or pulling artifacts and datasets from an external source does not count toward Sandbox Data Transfer usage.Vercel SandboxTraffic received on a Sandbox's exposed ports is still billable, as is outbound traffic the Sandbox sends to the internet. Pricing for Active CPU, Provisioned Memory, Snapshot Storage, and Sandbox Creations is unchanged.See the for the full breakdown.pricing documentationRe
1日前
記事のアイキャッチ画像
White House Launches Gold Eagle Initiative to Manage Surge in AI-Discovered Vulnerabilities ブログのファビコン Socket
The White House’s Gold Eagle Initiative aims to coordinate AI-discovered vulnerabilities, validate findings, and accelerate patching across critical software.
1日前
記事のアイキャッチ画像
GitHub Release 作成をパッケージリリースのトリガーにするな! ブログのファビコン ゆめみのフィード
はじめにGitHub Actions からパッケージを公開するとき,こんなワークフローを組んでいないでしょうか?GitHub 上で Release を作成する→ on: release: types: [published] でワークフローが起動する→ npm publish が走る操作する側から見ると,非常に分かりやすいですよね。Release を作れば NPM にも公開される。GitHub Release を起点として,その後ろにパッケージレジストリへの publish をぶら下げる構成です。ところが,2025 年に GitHub の Immutable Rele...
1日前
記事のアイキャッチ画像
Spot birds not golf Simon Willison's Weblog
<p>Suggestion for hyperscalers feeling pressure over data center water use:</p><p>Buy up a few exclusive country clubs, convert the golf courses into public parks, pay for guides and binoculars to get the previous members into birdwatching - help them embrace a more sustainable hobby!</p><p>Google <a href="https://sustainability.google/reports/google-2026-environmental-report/">used 10.9 billion gallons in 2025</a>, so about 30 million gallons per day.&...
1日前
記事のアイキャッチ画像
Runtime logs now show cache reasons ブログのファビコン Vercel News
Runtime logs now show a Cache Reason explaining why a request wasn't a fresh cache hit, for example a time-based or tag-based revalidation. Use cache reasons to debug misses and improve your hit rate.Cache reasons appear for any response the CDN can cache, including ISR, Partial Prerendering, and functions that set a header with directives like . Responses rendered dynamically on every request don't have a cache reason.Cache-Controlstale-while-revalidateOpen the Logs tab and select a request to
1日前
記事のアイキャッチ画像
GLM 5.2 is 35% off via Novita on AI Gateway ブログのファビコン Vercel News
is 35% off on AI Gateway through July 24 when routed through Novita.GLM 5.2To get the discounted rate, set the model to in the and route requests through Novita:zai/glm-5.2AI SDKAfter July 24, the model stays available at standard provider rates with no markup.Try GLM 5.2 in the .model playgroundRead more
1日前
記事のアイキャッチ画像
Optimized CDN caching and deploying of immutable static assets ブログのファビコン Vercel News
Vercel now reuses static files across deployments for frameworks that output content-addressed assets. It's zero-config: Vercel uses to manage these immutable files alongside your code changes, handling the hard parts like hash collisions, file lifecycles, and efficient routing.Framework-defined infrastructureThis brings several benefits:Vercel's supported frameworks will automatically take advantage of this optimization, even for projects without enabled. Next.js 16.3 preview and later already
1日前
記事のアイキャッチ画像
Vercel Plugin now available in Kimi Code CLI ブログのファビコン Vercel News
The is now available in the .Vercel PluginKimi Code CLIKimi Code can now draw on Vercel platform knowledge on demand, with skills for Next.js, AI SDK, Vercel Functions, and more. The Vercel Plugin also helps Kimi Code stay up to date with the latest Vercel APIs and recommended patterns.To install it, upgrade to the latest Kimi Code CLI and select the Vercel Plugin from the Third-party section of the menu./pluginLearn more in the .Vercel Plugin documentationRead more
1日前
記事のアイキャッチ画像
Chat SDK adds native Slack agent support ブログのファビコン Vercel News
Chat SDK's now supports the agent messaging experience . Agents built with Chat SDK could already talk in channels and DMs and stream replies token-by-token. This update adds the Agent badge, agent conversations in the Messages tab, suggested prompts, rotating status messages, and native feedback buttons.Slack adapterSlack introduced on June 30Here's what the adapter gives you:One thing to know: under , Slack threads each user message individually, so channel history only returns the user's side
1日前
記事のアイキャッチ画像
Lumis: Syntax Highlighter powered by Tree-sitter ブログのファビコン Master.dev Blog RSS Feed
Lumis looks like a pretty sweet new syntax highlighter tool. Powered by Tree-sitter, of which I can vouch for its speed and power. I like how many runtimes it supports, almost encouraging server-side use, which is the best place for the job when you can pull it off.
1日前
記事のアイキャッチ画像
Firefox in WebAssembly Simon Willison's Weblog
<p><strong><a href="https://developer.puter.com/labs/firefox-wasm/">Firefox in WebAssembly</a></strong></p>This is absurdly cool: Puter compiled Firefox to WebAssembly such that the whole browser runs in another browser.</p><p>Here's my blog, running in Firefox, running in WebAssembly, running in Chrome:</p><p><img alt="A Chrome window. The tab has the Firefox UI and has loaded my blog. On the right is the Chrome network panel showi...
1日前
記事のアイキャッチ画像
Kimi K3, and what we can still learn from the pelican benchmark Simon Willison's Weblog
<p>Chinese AI lab Moonshot AI <a href="https://www.kimi.com/blog/kimi-k3">announced Kimi K3</a> this morning, describing it as their "most capable model to date, with 2.8 trillion parameters". It's currently available via their website and API, but an open weight release is promised "by July 27, 2026".</p><p>Moonshot are calling this the first "open 3T-class model" (I guess they're rounding 2.8 trillion up to 3 trillion), taking the crown from <a href="https://h...
2日前
記事のアイキャッチ画像
Quoting Thibault Sottiaux Simon Willison's Weblog
<blockquote cite="https://twitter.com/thsottiaux/status/2077630111499882637"><p>On file deletions. We’ve investigated a handful of reports where GPT-5.6 unexpectedly deleted files. </p><p>What we have found is that this most commonly occurs when:</p><ul><li>Full access mode is enabled and codex is run without sandboxing protections, including without auto review being enabled</li><li>The model attempts to override the $HOME env var to define...
2日前
記事のアイキャッチ画像
Inkling: Our open-weights model Simon Willison's Weblog
<p><strong><a href="https://thinkingmachines.ai/news/introducing-inkling/">Inkling: Our open-weights model</a></strong></p>Mira Murati's Thinking Machines Lab just released their first open-weights model. Inkling is "a Mixture-of-Experts transformer with 975B total parameters, 41B active" - an Apache-2.0 licensed multimodal model trained on 45 trillion tokens of text, images, audio and video.</p><p>They're also promising Inkling-Small, a 276B (12B...
2日前
記事のアイキャッチ画像
Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping ブログのファビコン Socket
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.
2日前

7/16 (木)

記事のアイキャッチ画像
Mermaid to ASCII art (mermaid-ascii) Simon Willison's Weblog
<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/mermaid-ascii">Mermaid to ASCII art (mermaid-ascii)</a></p> <p>After building the <a href="https://simonwillison.net/2026/Jul/16/grok-mermaid/">Mermaid to ASCII tool based on Grok Build's Rust code</a> I learned that there's an older, more fully-featured Go library called <a href="https://github.com/AlexanderGrooff/mermaid-ascii">AlexanderGrooff/mermaid-ascii</a> ...
2日前
記事のアイキャッチ画像
Quoting Linus Torvalds Simon Willison's Weblog
<blockquote cite="https://lore.kernel.org/linux-media/CAHk-=wi4zC+Ze8e+p3tMv8TtG_80KzsZ1syL9anBtmEh5Z40vg@mail.gmail.com/"><p>I realize that some people really dislike AI, but this is an area where I'm willing to absolutely put my foot down as the top-level maintainer.</p><p>Linux is not one of those anti-AI projects, and if somebody has issues with that, they can do the open-source thing and fork it.</p><p>Or just walk away.</p><p>AI is a tool, j...
2日前
記事のアイキャッチ画像
Use cases for aria-expanded ブログのファビコン Piccalilli - Everything
Communication can be difficult. Not only when we humans try to communicate with one another, but also in web development.While it is easy for sighted people with full mental and motor abilities to click a button with a mouse to display more information, users of Assistive Technology (AT) may have a completely different experience with the same action.The information an expandable button conveys to AT depends heavily on the context. This context also dictates which ARIA attributes should (or shou
2日前
記事のアイキャッチ画像
Benchmarking 13 AI models on rediscovering known CVEs ブログのファビコン Aikido Security's Blog
We tested 13 AI models against 26 known CVEs to see which finds the most vulnerabilities — and whether the priciest model is worth the cost.Category: Technical
2日前
記事のアイキャッチ画像
Unified Logs is now in open beta ブログのファビコン Supabase Blog
One searchable view for logs across every Supabase service, with live tail, filtering, and a timeline.
2日前
記事のアイキャッチ画像
非エンジニアのサポート担当者がCodex + Datadogでログ調査できるようになった話 ブログのファビコン LegalOn Technologies Engineering Blog
はじめに LegalOn Technologies でCRE 兼 カスタマーリレーショングループリーダーの長内(@Nick)です。 現在私は、CREとして業務を行いながら、ユーザーサポートメンバーのマネジメントを担当しています。今回のブログでは、非エンジニアのユーザーサポートチームが、Codexを利用したログ調査を自ら行うようになり、一次対応のスピード向上と開発部門の負担軽減を両立できた話をお伝えします。 非エンジニアメンバーを率いるマネージャーの方や、社内のAI活用を推進したいエンジニアの方の参考になれば幸いです。 (久しぶりのEngineering Blogになりますが、以前公開したこちら…
2日前
記事のアイキャッチ画像
Next.js moves to scheduled security releases ブログのファビコン Socket
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.
2日前
記事のアイキャッチ画像
将棋の編入試験の「いいとこ取り」は最長 26 局で十分 ブログのファビコン まめめも
問題 将棋の編入試験の受験資格に、「いいところ取りで 10 勝以上、勝率 65% 以上」という基準があります。 プロ棋士でない人が(任意の)プロ棋士と対戦した履歴の中で、勝利が 10 個以上、かつ、勝率が 65% 以上であるような「連続範囲」を切り出すことができれば(=いいとこ取り)、編入試験を受ける資格が得られるというものです 1 。 この「いいとこ取り」、どうやっていいところを取ればいいでしょうか。 非常に長い連続範囲を切り出すことで条件を満たせる可能性を考えると、どこまで計算すればいいのか自明でないと思います。 つまり、「苦節 20 年、ついに 65 勝 35 敗で編入試験の受験資格を獲…
2日前
記事のアイキャッチ画像
Runtime Security for Third-Party GitHub Actions Runners: Bitrise, Blacksmith, Depot, Namespace, and Warp ブログのファビコン Step Security Blog
Harden-Runner secures third-party GitHub Actions runners. Bitrise macOS runners join Blacksmith, Depot, Namespace, and Warp Build with v2.20.0
2日前
記事のアイキャッチ画像
Harden-Runner Block Mode Now Available for macOS and Windows GitHub-Hosted Runners ブログのファビコン Step Security Blog
Harden-Runner v2.20.0 extends egress block mode to macOS and Windows GitHub-hosted runners, so you can stop secret exfiltration on every OS your pipelines run on, not just observe it.
2日前
記事のアイキャッチ画像
Introducing Device Policy: Enforce Approved VS Code Extensions Across Your Fleet ブログのファビコン Step Security Blog
Device Policy lets security teams allow-list VS Code extensions and enforce it fleet-wide through Intune, Jamf, Kandji, or the DMG agent. No MDM required.
2日前
記事のアイキャッチ画像
Coordinated AsyncAPI Supply Chain Attack: Miasma RAT Delivered via Compromised CI/CD Pipelines in Two Repositories ブログのファビコン Step Security Blog
On July 14, 2026 at 07:10 UTC, three packages in the AsyncAPI generator monorepo (@asyncapi/[email protected], @asyncapi/[email protected], and @asyncapi/[email protected]) were published to npm carrying an obfuscated dropper that fires the moment the library is loaded, not on install. The packages were published through the project's own legitimate GitHub Actions release workflow and carry valid npm OIDC provenance attestations, because the attacker didn't steal an npm token: they
2日前
記事のアイキャッチ画像
Introducing Secret Exfiltration Protection for GitHub Actions ブログのファビコン Step Security Blog
StepSecurity now blocks and detects secret exfiltration in GitHub Actions, stopping attacks that plant malicious workflows to steal your repository secrets.
2日前
記事のアイキャッチ画像
Mermaid to Unicode box art (grok-mermaid) Simon Willison's Weblog
<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/grok-mermaid">Mermaid to Unicode box art (grok-mermaid)</a></p> <p>While <a href="https://simonwillison.net/2026/Jul/15/grok-build/">exploring the codebase</a> for the newly open-sourced Grok CLI coding agent I came across <a href="https://github.com/xai-org/grok-build/blob/b189869b7755d2b482969acf6c92da3ecfeffd36/crates/codegen/xai-grok-markdown/src/mermaid.rs">xai-gro...
2日前
記事のアイキャッチ画像
Astro 7.1 ブログのファビコン The Astro Blog
Astro 7.1 is about more control: CSP, pagination, dev server, and content collections.
2日前
記事のアイキャッチ画像
Automating ESLint migrations with Codemod ブログのファビコン ESLint Blog
We are excited to announce a partnership between ESLint and Codemod to create a better migration experience for ESLint users, starting with the ESLint v8 to v9 and v9 to v10 migrations. All official ESLint codemods live in eslint/codemods and on the Codemod Registry. Community members are encouraged to open issues for missing codemods or contribute new ones through pull requests. Once reviewed and merged by maintainers, codemods are automatically published to the Codemod Registry through GitHub
2日前
記事のアイキャッチ画像
Write utilization now available in ISR Observability ブログのファビコン Vercel News
The now shows subscribers a write utilization metric, helping identify routes that regenerate often but receive few requests. Write utilization is the ratio of cached requests to ISR writes. For routes with low write utilization, consider increasing the revalidation interval or switching to on-demand revalidation to reduce costs.ISR Observability pageObservability PlusYou can also compute write utilization using the Vercel CLI, or use agents with the skill to investigate.cdn-cachingLearn more ab
2日前
記事のアイキャッチ画像
Kimi K3 is now available on AI Gateway ブログのファビコン Vercel News
is now available on AI Gateway.Kimi K3 from Moonshot AIK3 is an open-source model with a 1M-token context window and native visual understanding, accepting text, image, and video inputs.Built for long-horizon software engineering, knowledge work, and deep reasoning, K3 is especially strong where code meets visual and spatial reasoning, which suits frontend, game development, and CAD workflows. Thinking mode is always on.To use Kimi K3, set to in the :modelmoonshotai/kimi-k3AI SDKAI Gateway provi
2日前
記事のアイキャッチ画像
xai-org/grok-build, now open source Simon Willison's Weblog
<p><strong><a href="https://github.com/xai-org/grok-build">xai-org/grok-build, now open source</a></strong></p>xAI's <code>grok</code> CLI tool faced severe community backlash yesterday when it became apparent that running the command in a directory could upload that <em>entire directory</em> to xAI's Google Cloud buckets. One user <a href="https://x.com/a_green_being/status/2076598897779020159">reported</a> running it in t...
2日前
記事のアイキャッチ画像
Lessons Learned Rewriting a Sticky Detector ブログのファビコン Master.dev Blog RSS Feed
A dozen years go by, it turns out we can do things a lot differently and a lot better. Here a `scroll` event is entirely replaced by HTML and CSS features and much better performance.
2日前
記事のアイキャッチ画像
pointer-events
はてなブックマークアイコン 3
ブログのファビコン CSS-Tricks
The pointer-events property controls whether an element can become the target of pointer events like clicks, hover states, and other pointer-based events. In other words, it lets you decide whether the browser should treat an element as interactive when the …pointer-events originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.
3日前
記事のアイキャッチ画像
GitHub for Beginners: Your roadmap to mastering the GitHub essentials ブログのファビコン The GitHub Blog
New to GitHub? This beginner's guide explains version control, repositories, and pull requests—plus everything else you need to start working confidently on GitHub.The post GitHub for Beginners: Your roadmap to mastering the GitHub essentials appeared first on The GitHub Blog.
3日前
記事のアイキャッチ画像
JavaScriptの日付処理が変わる! DateからTemporalへ
はてなブックマークアイコン 174
ブログのファビコン ICS MEDIA
記事は ics.media へアクセスしてご覧ください。
3日前

7/15 (水)

記事のアイキャッチ画像
What’s !important #15: Boundary-aware CSS, Time-based CSS, Full-bleed CSS, and More ブログのファビコン CSS-Tricks
Read all about boundary-aware CSS, accessible grid lanes, time-based web designs, full-bleed, the customizable select, and new web platform features.What’s !important #15: Boundary-aware CSS, Time-based CSS, Full-bleed CSS, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.
3日前
記事のアイキャッチ画像
How I tricked Claude into leaking your deepest, darkest secrets Simon Willison's Weblog
<p><strong><a href="https://www.ayush.digital/blog/the-memory-heist">How I tricked Claude into leaking your deepest, darkest secrets</a></strong></p>I've <a href="https://simonwillison.net/2025/Sep/10/claude-web-fetch-tool/">been impressed</a> by the way the Claude <code>web_fetch</code> tool is designed to avoid data exfiltration attacks. Ayush Paul found a hole in that design.</p><p>To recap: regular Claude chat is at ris...
3日前
記事のアイキャッチ画像
No, People Don’t Want More AI In Their Life ブログのファビコン Articles on Smashing Magazine — For Web Designers And Developers
Many companies assume everyone craves new AI features. But the reality is that most people don't want more AI — at least not in the way most AI leaders envision it. Brought to you by Design Patterns For AI Interfaces, **friendly video courses on UX** and design patterns by Vitaly.
3日前
記事のアイキャッチ画像
How Speechify serves 500,000 dynamic pages to 60 million users on Vercel ブログのファビコン Vercel News
Speechify on Vercel500,000+ pages served across 40+ languagesCut costs 50% by auto-scaling with Fluid computeZero user impact on bad deploys with Instant Rollbacks started as a tool for people with dyslexia. Cliff Weitzman, Founder & CEO, built it because reading was challenging and audio made it much easier. That initial use case led Speechify to tens of millions of users and an for inclusion. SpeechifyApple Design Award The product has since grown into something much larger: an AI work pla...
3日前
記事のアイキャッチ画像
個人でのAI活用の次に必要なものは何か──LINEヤフーでAIDD Workshopを開催して見えた、組織導入の条件 LINEヤフー Tech Blog (LY Corporation Tech Blog
こんにちは、井上です。LINEヤフーではこれまで、AI活用スキル向上ワークショップ「Orchestration Development Workshop(ODW)」を通じて、個人がAIを使いながら開発...
3日前
記事のアイキャッチ画像
FixCSS ブログのファビコン Master.dev Blog RSS Feed
There is a famous document from the CSS Working Group that lists the historical mistakes in the design of CSS. It contains stuff like how box-sizing: border-box; should have been the default, which is why a lot of us still put that in starter stylesheets. Declan Chidlow took a step I’ve never seen anyone take […]
3日前
記事のアイキャッチ画像
Contract-Driven Development: Write the Truth Once ブログのファビコン Ben Howdle
At some point in every codebase's life, you fix the same bug three times in one afternoon. Once in the TypeScript type. Once in the resolver. Once in the validation layer. Three commits, three little green ticks, an exhale-laden sense of accomplishment - and then, somewhere around the third coffee, the sinking realisation that the bug was never actually in the code. The bug was that the truth is fragmented across three places, and truths kept in three places do what all unsupervised triplets eve
3日前
記事のアイキャッチ画像
Nx 23.1 Is Here: Per-Run Performance Reports, TypeScript 6, and Angular 22 ブログのファビコン Nx Blog
Everything that landed in Nx 23.1: a performance report at the end of every run, TypeScript 6, Angular 22 support, mouse support in the terminal UI, and more flexible target defaults.
3日前
記事のアイキャッチ画像
AI × Judgment × Taste = Mega Software ブログのファビコン @dlhck — David Höck
AI makes producing software easier than ever. The products that stand out will be shaped by judgment, taste, and a clear opinion about whom they serve.
3日前
記事のアイキャッチ画像
Implement Website Best Practices With Lighthouse ブログのファビコン DebugBear Blog
A guide to every audit in Lighthouse's Best Practices category and how to fix failures in order to reach a score of 100.
3日前
記事のアイキャッチ画像
Vercel Connect support in GitHub Tools ブログのファビコン Vercel News
now has first-class support for through the new subpath. Instead of storing a long-lived personal access token, your agent mints short-lived, scoped GitHub tokens at runtime from a connector. There is no secret to store, rotate, or leak.GitHub ToolsVercel Connect@github-tools/sdk/connectAttach a GitHub connector to your project and pick a preset:For custom tool factories, returns a lazy token provider you can pass to directly.connectGithubTokencreateGithubToolsGet started by creating a and readi
3日前
記事のアイキャッチ画像
Faster, predictable project linking in the Vercel CLI ブログのファビコン Vercel News
The now resolves your team before discovering projects, then searches for projects only in that team instead of sweeping every team you belong to. Linking is faster and more predictable, and every command that establishes a link (, , , , and ) follows the same flow:Vercel CLIvercel linkdeploypulldevgit connectFor CI and agent workflows, setting and makes fully promptless, while or settles the team on any command. When more than one team is available and no signal is set, non-interactive commands
3日前
記事のアイキャッチ画像
Inkling from Thinking Machines is now available on AI Gateway ブログのファビコン Vercel News
is now available on AI Gateway.Inkling from Thinking MachinesInkling is a broad generalist model, trained across agentic, reasoning, coding, instruction-following, factuality, vision, and audio tasks rather than optimized for a single domain. The model also supports controllable thinking effort.To use Inkling, set to in the :modelthinkingmachines/inklingAI SDKAI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and performance optimiza
3日前
記事のアイキャッチ画像
Vercel Workflows trace viewer now has a minimap ブログのファビコン Vercel News
The trace viewer for now has a minimap that shows the entire run in one view.Vercel WorkflowsDrag the viewport to pan, resize it to zoom, or drag across the minimap to select a new section. Click anywhere on the minimap to jump to that point, or scroll and use arrow keys to step through the run.The minimap is available in the trace viewer on Vercel and locally through the Workflow SDK with . Learn more about and the .npx workflow@beta webVercel WorkflowsWorkflow SDKRead more
3日前
記事のアイキャッチ画像
Chat SDK adds Discord Components V2 support ブログのファビコン Vercel News
You can now send Discord bot messages with , an opt-in layout system that treats text, images, files, and buttons as flexible components you can arrange in any order.Components V2Set the adapter's option to and cards render with native containers, sections, media galleries, separators, buttons, and string selects. Embeds remain the default, so existing bots work unchanged.contentFormatComponentsV2Individual sections can carry their own actions, markdown renders correctly inside components, and t
3日前
記事のアイキャッチ画像
Quoting GitHub Changelog Simon Willison's Weblog
<blockquote cite="https://github.blog/changelog/2026-07-14-dependabot-version-updates-introduce-default-package-cooldown/"><p>Dependabot now waits until a new release has been available on its registry for at least three days before opening a version update pull request. This cooldown is now the default and requires no configuration.</p></blockquote><p class="cite">— <a href="https://github.blog/changelog/2026-07-14-dependabot-version-updates-introduce...
3日前
記事のアイキャッチ画像
simonw/pedalican Simon Willison's Weblog
<p><strong><a href="https://github.com/simonw/pedalican">simonw/pedalican</a></strong></p>Clearly I wasn't paying attention when these were <a href="https://twitter.com/OpenAIDevs/status/2050301642717950166">first announced</a> back in May, but today I accidentally activated a "pet" in Codex Desktop - a little animated robot, reminiscent of <a href="https://en.wikipedia.org/wiki/Office_Assistant">Clippy</a> - and then learned you can c...
3日前
記事のアイキャッチ画像
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload ブログのファビコン Socket
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
4日前
記事のアイキャッチ画像
lobste.rs is now running on SQLite Simon Willison's Weblog
<p><strong><a href="https://lobste.rs/s/ko1ji1/lobste_rs_is_now_running_on_sqlite">lobste.rs is now running on SQLite</a></strong></p>Community site <a href="https://lobste.rs">Lobsters</a> has been planning a migration away from MariaDB <a href="https://github.com/lobsters/lobsters/issues/539#issuecomment-4959857588">since August 2018</a> - originally targeting PostgreSQL, but last year they decided to <a href="https://github.com/l...
4日前
記事のアイキャッチ画像
Quoting Armin Ronacher Simon Willison's Weblog
<blockquote cite="https://lucumr.pocoo.org/2026/7/13/the-tower-keeps-rising/"><p>The shared language of a software project is not English or Python but it is the common understanding of what its concepts mean, where the boundaries are, which invariants matter, who owns what, and why the system has the shape it does. This language is rarely written down in one place. It lives partly in documentation and code, but also in code review, conversations, arguments, and the experience of ha...
4日前
記事のアイキャッチ画像
datasette 1.0a37 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a37">datasette 1.0a37</a></p> <p>A minor release. Performance and <a href="https://docs.datasette.io/en/latest/authentication.html#authentication-permissions-explained">documentation</a> improvements to the permissions system, plus I reverted a cosmetic API change which caused almost every existing plugin test suite to break.</p> <p>Tags: &l...
4日前

7/14 (火)

記事のアイキャッチ画像
The practical checklist for defending against supply chain attacks ブログのファビコン Aikido Security's Blog
Thirty prioritized defenses against the recent wave of software supply chain attacks. Graded critical, high, or medium. Category: Guides & Best Practices
4日前
記事のアイキャッチ画像
A broken DNSSEC rollover took down .al. Now 1.1.1.1 tells you when validation is bypassed ブログのファビコン The Cloudflare Blog
When a failed DNSSEC key rollover took down the .al TLD, we deployed a Negative Trust Anchor to restore resolution. This time, though, clients didn't have to take our word for it: 1.1.1.1 returned EDE 33, a new DNS error code that signals directly in the response that DNSSEC validation was bypassed.
4日前
記事のアイキャッチ画像
Speeding Up Checkout in a Fast-Growing Monorepo with Blacksmith ブログのファビコン Nicolas Charpentier's Blog
We swapped actions/checkout for Blacksmith's cached checkout across our GitHub Actions. Mean checkout time dropped from 69s to 20s, reclaiming ~33 hours of runner time each weekday.
4日前
記事のアイキャッチ画像
AsyncAPI npm packages backdoored via GitHub Actions ブログのファビコン Aikido Security's Blog
Five package versions, including specs at roughly 2 million weekly downloads, shipped an obfuscated dropper on 2026-07-14. Here is what we have confirmed so far.Category: Vulnerabilities & Threats
4日前
記事のアイキャッチ画像
Compromised npm Packages in the AsyncAPI Namespace Deliver Miasma Botnet Loader ブログのファビコン Socket
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.
4日前
記事のアイキャッチ画像
ID-JAG The Hard Way:失敗から学ぶAIエージェントのセキュリティハンズオン LINEヤフー Tech Blog (LY Corporation Tech Blog
こんにちは。LINEヤフー株式会社で認証・認可基盤「Athenz」の開発・運用を担当している金 廷祐(Kim, Jeongwoo)です。前回の記事「AI時代の認証課題を解決する次世代標準候補「ID-J...
4日前
記事のアイキャッチ画像
Using uvx in GitHub Actions in a cache-friendly way Simon Willison's Weblog
<p><strong>TIL:</strong> <a href="https://til.simonwillison.net/github-actions/uvx-github-actions-cache">Using uvx in GitHub Actions in a cache-friendly way</a></p> <p>I finally found a cache-friendly recipe for using <code>uvx tool-name</code> in GitHub Actions workflows that I like.</p><p>The trick is setting a <code>UV_EXCLUDE_NEWER: "2026-07-12"</code> environment variable at the start of the workflow and then usi...
4日前
記事のアイキャッチ画像
The joy of Inertia Rails: painting your own with 50 happy little lines ブログのファビコン Evil Martians
Inertia is Turbolinks with one twist: render JSON instead of HTML on the second visit. We rebuild the whole protocol on a real Rails app with a 50-line client and a 16-line server, then audit what the real gem adds on top.
4日前
記事のアイキャッチ画像
Vercel Blob now supports consistent reads on private storage ブログのファビコン Vercel News
now supports consistent reads on private storage. Pass to or for a read that reflects the latest write.Vercel BlobuseCache: falseget()presignUrl()A blob written to a fresh pathname has no existing cached entry, so reads reflect the latest write immediately. When you overwrite a blob at an existing pathname, readers might see the cached version for up to 60 seconds. When a read must reflect the latest write, like an agent's memory file, a session transcript, or a scheduled JSON report, pass . The
4日前
記事のアイキャッチ画像
Vercel Plugin now available in VS Code and GitHub Copilot CLI ブログのファビコン Vercel News
The is now available in VS Code and the GitHub Copilot CLI.Vercel PluginGitHub Copilot now has Vercel platform knowledge on demand, with skills for Next.js, AI SDK, Vercel Functions, and more. The Vercel plugin also helps Copilot stay up to date with the latest Vercel APIs and recommended patterns.To install it for Copilot Chat, search for in the Extensions panel in VS Code.@agentPlugins vercelTo install it for the GitHub Copilot CLI, run .npx plugins add vercel/vercel-pluginLearn more in the .V
4日前
記事のアイキャッチ画像
Node.js 20 is being deprecated on October 1, 2026 ブログのファビコン Vercel News
Following the Node.js 20 end of life on April 30, 2026, we are deprecating Node.js 20 for Builds and Functions on October 1, 2026.How can I see which of my projects are affected?You can see which of your projects are affected by this deprecation with:Will my existing deployments be affected?No, existing deployments with Serverless Functions Invocations to already-deployed functions will continue to work normally. Only new deployments will be affected.will not be affected.When will I no longer be
4日前
記事のアイキャッチ画像
Endform joins the Vercel Marketplace ブログのファビコン Vercel News
is now available on the . It runs your Playwright tests in parallel, so your suite finishes in the time of your slowest test.EndformVercel MarketplaceKey capabilities:Install Endform on the or with the Vercel CLI: .Vercel Marketplacevc i endformRead moreRun every test on its own isolated machineBring your existing Playwright tests with no config changesGet a pass/fail on every production and preview deployment, linked to full traces in the Endform dashboardcheckSpot flaky tests by tracking resul
4日前
記事のアイキャッチ画像
AgentMail joins the Vercel Marketplace ブログのファビコン Vercel News
You can now provision and manage directly from the Vercel Marketplace. AgentMailYour AI agents can send, receive, and respond to email from a real inbox. AgentMail handles the mail servers and deliverability.Key capabilities:Install AgentMail on the or with the Vercel CLI: .Vercel Marketplacevc i agentmailRead moreProvision inboxes and custom domains through the APIHandle threads, attachments, and deliverability out of the boxTrigger agentic workflows using webhooks and WebSockets
4日前
記事のアイキャッチ画像
Chat SDK adds X adapter support ブログのファビコン Vercel News
Chat SDK now supports X, extending its single-codebase approach to Slack, Discord, GitHub, Teams, Telegram, and WhatsApp with the new .X adapterTeams can build bots that reply to public mentions and hold direct message conversations through the X API v2 and the . The adapter handles CRC verification and webhook signature checks automatically and can manage OAuth token refresh for long-running bots.X Activity APILikes are the only supported reaction, and responses post once on completion since X
4日前
記事のアイキャッチ画像
Access and share AI Gateway leaderboard data ブログのファビコン Vercel News
We are making the data behind the open under the . You can now download or query the data through the API endpoint and render any chart as a shareable image.AI Gateway leaderboardsCC BY 4.0 licenseleaderboard-exportThe AI Gateway leaderboards show how AI is used in production, ranking traffic for models, labs, apps, and providers. Data is aggregated daily across trillions of tokens, so you can see what gets adopted and how that changes over time. For deeper analysis, see the .July AI Gateway Pro
4日前
記事のアイキャッチ画像
DOOMQL Simon Willison's Weblog
<p><strong><a href="https://github.com/petergpt/doomql">DOOMQL</a></strong></p>Peter Gostev built this using GPT-5.6 Sol. This is a <em>lot</em> of fun: </p><blockquote><p>DOOMQL started with a deliberately unreasonable question: what if SQLite were the game engine, not merely the place where a game stores data?</p><p>The result is a small, original Doom-like game in which SQL owns movement, collision, enemies, combat...
4日前
記事のアイキャッチ画像
How Aikido Intel detects malware and vulnerabilities first ブログのファビコン Aikido Security's Blog
Aikido Intel is a real-time feed that catches malware and undisclosed vulnerabilities across open-source ecosystems, often within 8 minutes of release.Category: Product & Company Updates
5日前
記事のアイキャッチ画像
datasette code-frequency chart on GitHub Simon Willison's Weblog
<p><strong><a href="https://github.com/simonw/datasette/graphs/code-frequency">datasette code-frequency chart on GitHub</a></strong></p>Out of curiosity I decided to see if I could find a useful illustration of the impact of coding agents and Opus 4.5 class models on my own output. The best I've found so far is this GitHub chart of frequency of code changes to my <a href="https://datasette.io/">Datasette</a> open source project:</p><p>...
5日前
記事のアイキャッチ画像
In-N-Out Animation using sibling-index() ブログのファビコン Master.dev Blog RSS Feed
Temani mimics a View Transition by placing items using their index and translations. The placement calculation change when the index changes, which is an animation opportunity!
5日前
記事のアイキャッチ画像
What is a dependency firewall? ブログのファビコン Aikido Security's Blog
A dependency firewall blocks malicious open-source packages before they install. Learn how they work and how Aikido Safe Chain stops supply chain attacks. Category: Guides & Best Practices
5日前

7/13 (月)

記事のアイキャッチ画像
Introducing Precursor: detecting agentic behavior with continuous client-side signals
はてなブックマークアイコン 1
ブログのファビコン The Cloudflare Blog
Precursor, our new continuous behavioral validation engine for bot management, offers visibility into how humans and bots actually interact across the full user journey. By turning session-level behavior into bot detection signals, it identifies advanced automation with higher precision — while reducing friction for legitimate users.
5日前
記事のアイキャッチ画像
Open-weight models surge to 29% of volume, price per token flattens ブログのファビコン Vercel News
AI Gateway Production Index — July 2026 Every month, routes tens of trillions of tokens between production applications and AI labs, giving us a view of what AI usage actually looks like in today’s enterprise. We publish that view here. See the Production Index reports published in and .AI GatewayMayJuneThe July index reports on AI Gateway data collected in June 2026. In June, token volume and spend grew at nearly the same rate, 29% and 27%, while the price per token remained steady. The month b
5日前
記事のアイキャッチ画像
AI 時代に増え続ける「作業状態の管理負荷」を、GTD × AI エージェントで軽くする
はてなブックマークアイコン 1
LINEヤフー Tech Blog (LY Corporation Tech Blog
LINE アプリ開発に携わっている Hiraki と申します。普段は、LINE アプリにおけるアーキテクチャの統一を推進するプロジェクトのリードや、AI ネイティブな開発スタイルを業務に組み込むための...
5日前
記事のアイキャッチ画像
How to maintain code quality standards with AI code and vibe coding ブログのファビコン Aikido Security's Blog
Vibe coding ships features fast and leaves review debt behind. See how benchmarked, per-rule code quality checks give teams one consistent answer across PRs and repos.Category: News
5日前
記事のアイキャッチ画像
Agent Runs now show subagent activity on eve projects ブログのファビコン Vercel News
You can now inspect subagent activity for eve projects in . Agent RunsThe new Subagents tab shows every subagent, organized by which turn started it. Each row shows the prompt, duration, and any failures, all on a shared timeline.Click any subagent to open its run. The tab shows the same details as a parent run: turns, tool calls, metadata, cost, and token usage.Open to try it, or read the to learn more.Agent RunsdocumentationRead more
5日前
記事のアイキャッチ画像
Manage Vercel Flags targeting rules from the CLI ブログのファビコン Vercel News
You can now manage targeting rules for through the . With the command, you and your agents can add new rules, move existing ones, and inspect the current ordering without leaving your terminal.Vercel FlagsVercel CLIvercel flags rulesRules you create from the CLI use the same model as the dashboard. Conditions can target or reusable , outcomes can serve a single variant, a weighted split, or a progressive rollout, and rules evaluate top to bottom. For scripts and agents, prints the full rule set.
5日前
記事のアイキャッチ画像
Configure which sources can create deployments with Deployment Policies ブログのファビコン Vercel News
Deployment Policies are now available and enable teams to restrict which mechanisms, organizations, and repositories are allowed to create deployments.Each policy can be configured per environment at the team and project level, allowing flexible combinations of rules.Learn more about .Deployment PoliciesRead more
5日前
記事のアイキャッチ画像
Web Analytics and Speed Insights are now more cost-efficient ブログのファビコン Vercel News
and are now almost 10% more cost-efficient for all Pro and Enterprise teams.Web AnalyticsSpeed InsightsInfrastructure and event-processing improvements reduced cost across both products, so page views, referrers, top routes, and Core Web Vitals are now processed more efficiently, and savings scale with your event volume.The change applies automatically, with no configuration, plan changes, or code to update. You'll see the change reflected on your next bill.Learn more in the and documentation.We
5日前
記事のアイキャッチ画像
Directly Responsible Individuals (DRI) Simon Willison's Weblog
<p><strong><a href="https://handbook.gitlab.com/handbook/people-group/directly-responsible-individuals/">Directly Responsible Individuals (DRI)</a></strong></p>I went looking for a definition of "Directly Responsible Individuals" and the best I found was in the GitLab handbook. Apparently the term originated at Apple, where it's used to describe the person who is "ultimately accountable for the success or failure of a specific project, initiative, or activity...
5日前
記事のアイキャッチ画像
shot-scraper 1.11 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/shot-scraper/releases/tag/1.11">shot-scraper 1.11</a></p> <p>Some minor improvements, mainly around command option consistency and making the <code>server:</code> mechanism <a href="https://shot-scraper.datasette.io/en/stable/multi.html#running-a-server-for-the-duration-of-the-session">used by</a> both <code>shot-scraper video</code> and <code>shot-...
5日前
記事のアイキャッチ画像
Fable gets another bump Simon Willison's Weblog
<p>One of the consequences of GPT-5.6 Sol being clearly a Fable/Mythos class model is that Anthropic have, once again, <a href="https://x.com/claudeai/status/2076351399999557669">bumped the date</a> that Fable stops being available in their Claude Max plans:</p><blockquote><p>We're extending Claude Fable 5 access on all paid plans, as well as keeping Claude Code’s weekly rate limits 50% higher, through July 19.</p><p>As before, you can use up to h...
6日前
記事のアイキャッチ画像
sqlite-utils 4.1.1 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.1.1">sqlite-utils 4.1.1</a></p> <p>Mainly a fix for an edge case that regular Claude chat spotted while <a href="https://claude.ai/share/564b187d-d126-47ea-9b59-07c16ade0b70">experimenting with the 4.1 release</a> to answer a question about ON DELETE.</p><blockquote><ul><li><code>table.transform()</code> now raises ...
6日前
記事のアイキャッチ画像
jscrambler npm package publishes malicious preinstall binary ブログのファビコン Step Security Blog
On July 11, 2026, version 8.14.0 of jscrambler was published to npm carrying a malicious preinstall hook that drops and executes a platform-specific native binary on Linux, Windows, and macOS. jscrambler is the official CLI client for the Jscrambler Code Integrity API, a commercial JavaScript obfuscation and web-app protection service, with a clean version history dating back to 0.1.0. The compromised release was flagged by StepSecurity's AI Release Analyzer with a suspicion score of 0 (the maxi
6日前
記事のアイキャッチ画像
Injective npm Supply Chain Attack: 18 Packages Backdoored to Steal Crypto Wallet Keys ブログのファビコン Step Security Blog
On July 8, 2026, attackers used access to a trusted developer's account to slip a backdoor into a widely used software development kit for the Injective blockchain. Disguised as harmless analytics, the code quietly captured wallet recovery phrases and private keys and sent them to an attacker-controlled server the moment a wallet was created or loaded. Automatic publishing pushed the tainted code out to 18 related packages within minutes, and it stayed live for less than an hour before being pul
6日前
記事のアイキャッチ画像
GitHub Secret Scanning Public Monitoring for Enterprises: Coverage and Gaps ブログのファビコン Step Security Blog
GitHub's new public monitoring finds your enterprise's leaked secrets anywhere on github.com. Here is what it covers, what it cannot see, and how to close the exfiltration gap
6日前

7/12 (日)

記事のアイキャッチ画像
sqlite-utils 4.1 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.1">sqlite-utils 4.1</a></p> <p>The first dot-release since <a href="https://simonwillison.net/2026/Jul/7/sqlite-utils-4/">4.0 a few days ago</a>, introducing a number of minor new features.</p><blockquote><ul><li><code>sqlite-utils insert</code> and <code>sqlite-utils upsert</code> now accept a <code&...
6日前
記事のアイキャッチ画像
jscrambler npm Package Compromised in Supply Chain Attack ブログのファビコン Socket
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
7日前
記事のアイキャッチ画像
The Siren Song of ariaNotify() ブログのファビコン Master.dev Blog RSS Feed
Mat Marquis details the good-and-dangerous of a new method which we can just make a screenreader say something. There’s a brand new ariaNotify() method — defined by the Accessible Rich Internet Applications (WAI-ARIA) 1.3 Specification — that provides you with a means of programmatically triggering narration in a screen reader. It accepts a string as its first argument, and […]
7日前