On June 5, 2026, the Miasma worm campaign reached Microsoft's Azure GitHub organizations. GitHub disabled 73 repositories across four Microsoft GitHub organizations after a malicious commit was pushed to the Azure/durabletask repository using a previously compromised contributor account. The attack planted configuration files that execute a credential-harvesting payload when a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code.

Three malicious versions of Microsoft's official durabletask Python SDK were published to PyPI on May 19, 2026. The compromised package silently downloads and executes a 28 KB payload that steals credentials from AWS, Azure, GCP, Kubernetes, password managers, and over 90 developer tool configurations, then spreads laterally through cloud infrastructure. The payload skips systems with a Russian locale, a hallmark of Eastern European cybercrime operations. The attack has been linked to the TeamPC

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a2">micropython-wasm 0.1a2</a></p> <p>I added a CLI to <code>micropython-wasm</code> (<a href="https://github.com/simonw/micropython-wasm/issues/7">issue #7</a>), inspired by the first draft of <a href="https://simonwillison.net/2026/Jun/6/micropython-in-a-sandbox/">the blog entry</a> when I realized it would be a great wa...

<p>I've been experimenting with different approaches to running code in a sandbox for several years now, but my latest attempt feels like it might finally have all of the characteristics I've been looking for. I've released it as an alpha package called <a href="https://github.com/simonw/micropython-wasm">micropython-wasm</a>, and I'm using it for a code execution sandbox plugin for <a href="https://github.com/datasette/datasette-agent">Datasette Agent</a> called &...

Vitest の `isolate: false` オプションを有効にすることで、テストの実行時間を大幅に短縮できましたが、その際に大規模なコードの修正が必要でした。Claude Code の `/goal` コマンドを活用することで、最終的なゴールを達成するために必要なステップを自律的に判断して実行させることができます。この記事ではその経験について紹介します。

AI increases engineering speed, but it also increases the cost of poor context. The best teams will not be the ones that generate the most code; they will be the ones that preserve enough understanding to review, operate, and own what they ship. Context stewardship is what keeps AI-assisted work from accelerating away from human judgment.

Every time I bet on myself instead of taking a paycheck, and what each one taught me.

<p><strong><a href="https://help.openai.com/en/articles/20001061-lockdown-mode">OpenAI Help: Lockdown Mode</a></strong></p>OpenAI first teased this <a href="https://openai.com/index/introducing-lockdown-mode-and-elevated-risk-labels-in-chatgpt/">in February</a>, but now it's live and "rolling out to eligible personal accounts, including Free, Go, Plus, and Pro, and self-serve ChatGPT Business accounts":</p><blockquote><p>Lockdown...

Most programming languages follow a familiar trajectory: early experimental releases, rapid iteration, and then – at some point – a 1.0 version that signals stability and the potential for serious adoption. Zig hasn’t followed that well-trodden path. What could be the reason? Andrew Kelley quit his job in 2018 to build a programming language. Eight […]

Using @counter-style for tricky visual effects like word rotation and obfuscation.

eyeballIncredibly addictive game. Best to use a mouse/trackpad than a touch device to give yourself a chance too!Dollar Slice Surf Report, New York CityA cool project by Scott Jehl as, using pen, pencil, Procreate and Figma as a much needed antidote to the slop era.Speaker feedsFFconf have a huge library of previous talks and speakers. Now, you can discover their RSS feeds and follow them. Handy!Let's get creativeFolks love it when we share indexes of cool stuff, so here's another!Protecting Blu

<blockquote cite="https://ladybird.org/posts/changing-how-we-develop-ladybird/"><p>We will no longer accept public pull requests. [...]</p><p>A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds. [...]</p><p>Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users...

Zed は Rust で書かれたネイティブアプリケーションで、非常に高速な動作と軽量な設計が特徴の新しいエディタです。この記事では、Zed のインストール方法と、実際に使ってみて感じた主要な機能や特徴について紹介していきたいと思います。

RubyGems and Bundler 4.0.13 introduced an opt-in cooldown feature that delays newly published gems during dependency resolution.

Renovateのクラウド版はメモリや実行時間の制限があるため、GitHub Actionsを使ったSelf Host版に切り替える方法やコストについて

now supports drives in private beta. Drives are persistent, attachable storage with a lifecycle independent from any sandbox.Vercel SandboxCreate a drive once, then mount it at a configurable path when starting a sandbox. When the sandbox stops, the drive remains available to attach to a later sandbox.Install the beta () or beta (), then create and mount a drive:SDKCLI@vercel/sandbox@betasandbox@betaSandbox Drives are useful for:During the private beta, a drive can be mounted read-write by one s

100ms deploys from Claude Code, Codex & Cursor

The API is now available. Authenticate with your project's and start querying more than 600,000 skills from across the open-source ecosystem.skills.shVercel OIDC tokenSearch for skills, pull detailed info on any one, check its security audit, and more.Vercel issues a short-lived token scoped to your team and project, rotated automatically, so there's no long-lived secret to leak or rotate. On each request, skills.sh verifies the token and applies a rate limit of 600 requests per minute per team

<p><strong><a href="https://charitydotwtf.substack.com/p/ai-enthusiasts-are-in-a-race-against">AI enthusiasts are in a race against time, AI skeptics are in a race against entropy</a></strong></p>Charity Majors neatly captures the dynamic between AI enthusiasts and AI skeptics, both of whom are trying to build great software, often in the same teams:</p><blockquote><p>The enthusiasts are <em>not wrong</em>. We are starting to see...

こんにちは。カミナシで「カミナシ 設備保全」の開発を行っている澤木です。今回はフロントエンドのコンポーネントディレクトリの構成、特に「ネストを深くしないために何をやっているか」という話をご紹介したいと思います。 feature-basedなディレクトリ構成 まず前提として私たちのチームでは機能（feature）単位でディレクトリを切り、各featureの中をさらにcomponents / hooks / contexts / model / repositoryといった責務ごとのディレクトリに分けるスタイルを採用しています。現在のフロントエンドの実装では一般的な構成かと思います。 featur…

See how CKEditor AI uses adaptive context to send the LLM only what each request needs - cutting token cost and latency on large documents.

The proliferation of agentic workflows means developers now regularly grant AI tools direct access to their infrastructure, use services that act autonomously, and build on platforms that themselves use AI to operate. We’ve updated our Terms of Service and Marketplace terms to clarify shared responsibility when actions on your account may be taken by AI, whether Vercel's own or a third-party tool you've connected, as well as other important updates detailed below.Vercel's platform increasingly i

self-replicating worm is spreading across the npm registry using binding.gyp, a file that triggers code execution during npm install without touching package.json scripts. The attack bypasses conventional security tools and has already compromised dozens of packages across multiple maintainer accounts.

<blockquote cite="https://www.404media.co/google-employees-internally-share-memes-about-how-its-ai-sucks/"><p>After this story was published Google's spokesperson reached out and asked us to publish a slightly different version of that statement. The new statement no longer stated that "it's critical that we maintain humans in the loop."</p></blockquote><p class="cite">— <a href="https://www.404media.co/google-employees-internally-share-memes-about-how...

If you’ve ever built your own client-side navigation that properly respects updating URLs, you’ve probably used history.pushState() a bunch, and it’s a bunch of work getting it robust and right. I think Jay Rungta does a good job of showcasing the newly-baseline Navigation API and why it’s better. Sorry for the huge blockquote, but it’s […]

GitHub Universe is back: returning to the historic Fort Mason Center in San Francisco on October 28–29, 2026.The post GitHub Universe is back: All together now, in the agentic era appeared first on The GitHub Blog.

VoidZero, the team behind Vite, Vitest, Rolldown, Oxc, and Vite+, is joining Cloudflare. Vite stays open source, vendor-agnostic, and built for everyone.

Just as with every aspect of my life, I find it hard to identify my software development skills. At my heart, I am a developer, though I spent way too much time as a high school senior fretting about whether or not I’d become an engineer. On paper, my job title has been product owner for almost the same amount of time as engineer/developer, but I was still writing code and reviewing PRs. Then comes the question of what kind of developer am I? Web developer? Mobile developer? Front-end? Full-stac

Today we're releasing Multigres v0.1 alpha to the open source community, bringing Vitess-grade horizontal scaling, high availability, and operational simplicity to Postgres.

Supabase has raised a $500M Series F at a $10B pre-money valuation, led by GIC.

Nemotron 3 Ultra from Nvidia is now available on .Vercel AI GatewayNemotron 3 Ultra is an open Mixture-of-Experts reasoning model built for orchestrating long-running agent workflows, with a 1M token context window. The model targets multi-turn agent workflows: planning, tool use, sub-agent delegation, and error recovery. Throughput reaches up to 350 tokens per second, with up to 30% lower cost on agentic tasks.To use Nemotron 3 Ultra, set model to in the .nvidia/nemotron-3-ultra-550b-a55bAI SDK

pnpm 11.5 now recognizes npm staged publish approvals in release metadata, preventing those releases from being mistaken for lower-trust package publishes.

検索やレコメンドは、ユーザーに必要な情報を届けるための仕組みです。しかし、その裏側を支える基盤開発は、単なるAPI実装でも、モデルを載せるだけの仕事でもありません。サービスごとに異なる要件、急増するト...

Get ready for a summer of sport with our new personalizable merch.

Nx Cloud recently shipped optimized resource classes and Continuous Assignment for Nx Agents. Benchmarked against GitHub Actions on a large monorepo, wall-clock time dropped 74% and cost per run fell 30%.

The skimmer never loads from a domain the attacker controls. The loader, the payload, and the stolen cards all flow through two domains every store already trusts: Google Tag Manager and Stripe.Bo...

Why OAuth works the way it does: authorization codes, token expiry, and PKCE explained from first principles.

TL;DR: We are excited to announce that VoidZero is joining Cloudflare. Vite, Vitest, Rolldown, Oxc, and Vite+ will remain open-source and MIT-licensed. Evan and the rest of the VoidZero team will continue to lead these projects, with Cloudflare fully committed to supporting our mission.

You can now create a start building a production-ready storefront in minutes.Shopify store directly from Vercel and to automatically configure your Shopify credentials in Vercel. Create a free test store, build with and deploy without leaving your workflow. When you're ready to launch, you can claim the store and take ownership of it.Install the Shopify integrationv0Coming soon: Connect an existing Shopify store to Vercel.Get started by installing , , or to start building your next .Shopify from

こんにちは、ソフトウェアエンジニアの渡邉（匠）です。「カミナシ 設備保全」の開発に携わっています。ゴールデンウィークが明けて1ヶ月ほどが経過し、休暇モードからやっと仕事モードに戻ってきました。 このプロダクトは開発開始から約2年が経ちました。バックエンドは長いあいだ presentation / domain / repository の3層で書いてきましたが、最近これにユースケース層を加えた4層へと再構成しました。 この記事では、なぜ最初から4層にしなかったのか、そしてなぜ今になって構成を取り直したのか、を書きます。 シンプルに始めた 当初のバックエンドは presentation / do…

BGP is vulnerable to routing hijacks and path leaks that negatively impact traffic on the Internet. RPKI helps solve some of these problems, but for some forged paths, we need to rely on a simpler mechanism: First AS enforcement in BGP.

@counter-style is useful for replacing the ::marker of lists easily, but it controls any markers-of-counters, so we can use it for more.

Practical guide on how to reduce drifts, minimize mistakes, maintain context, and improve the quality of AI-generated prototypes. Brought to you by Design Patterns For AI Interfaces, **friendly video course on UX** and design patterns by Vitaly.

<p><strong><a href="https://www.bloomberg.com/news/articles/2026-06-02/uber-caps-usage-of-ai-tools-like-claude-code-to-cut-costs">Uber Caps Usage of AI Tools Like Claude Code to Manage Costs</a></strong></p>I wrote <a href="https://simonwillison.net/2026/May/27/product-market-fit/#the-ai-failure-stories-around-this-are-pretty-thin">the other day</a> about Uber blowing its 2026 AI budget in four months, and how that wasn't particularly surprising g...

Tenable Nessus is a powerful scanner, but powerful tools that nobody uses don't make software more secure. Compare five alternatives built for how engineering teams actually work.Category: DevSec Tools & Comparisons

From Chrome 150 you can seamlessly transition a PWA to a new same-site origin.

Get a preview of the next Chrome release with this post detailing the features in the current beta.

Federal audit finds NIST lacked a plan to clear the NVD backlog, wasted funds on duplicate work, and delayed use of CISA data.

As I write this, we’re about 7 sixteenths through 2026, and it’s about 14 sixteenths through the day.For the sixteenth issue of the Taper online magazine, I split time into sixteenths to think about its passage in a different way.The code, which had to be under 2048 bytes, isn’t terribly complex. It does some date math and uses a Go server for minification. If you want, here’s the unminified source code.Go check out all the other entries from this issue! My favorites include "[SIC]", “Desperate

Why we chose Astro for teaching Content APIs and Web APIs in the CMD Amsterdam Web Design & Development minor.

PostgreSQL can query any data source directly: CSV files, other databases, REST APIs, and more.

A four-phase playbook for moving off Auth0, Cognito, Clerk, or Firebase without a 2 AM incident.

Set up roles and permissions, verify session JWTs, and protect your FastAPI routes with dependency injection.

Your existing logging infrastructure is necessary but not sufficient. Here's what's missing and why it matters.

You can now generate through the Vercel CLI.Session TracesUse the new command to generate an OpenTelemetry trace to the specified endpoint from the terminal. vercel curl --traceUse the new command to fetch the generated trace by request ID.vercel traces getAvailable on all plans.Update the Vercel CLI to the latest version and run to get started. Learn more about the vercel curl --trace CLI command.vercel curlRead more

Grok Imagine Video 1.5 from xAI is now available on AI Gateway. The model generates video from an input image with synchronized audio in a single pass.This release improves audio quality, prompt following, and photorealism. Face accuracy and character consistency are stronger across longer sequences, with better lighting and physical realism in the output. Reference image support has been expanded to give more control over visual style and subject.To use this model, set model to in the AI SDK. C

はじめに カミナシでエンジニアリングマネージャーをしてます、すずけん（@szk3）です。 唐突ですが、皆さん AWSのエミュレーター使ってますか？ 自チームのプロダクトはS3、DynamoDB、STS、IAM あたりの AWS サービスに依存していて、ローカル開発やテストではこれらのエミュレーターを使っています。ただ、歴史的な背景からリポジトリには LocalStack、RustFS、Moto の 3 種が混在していて、用途ごとに考えることが地味に増えてしまった状態でした。 この記事では、その 3 種を Moto に統一した経緯と、検討した他の候補、そして移行から少し経った今でも次の選択肢を検…

<p>Microsoft <a href="https://microsoft.ai/news/building-a-hillclimbing-machine-launching-seven-new-mai-models/">announced two new text LLMs</a> this morning - <strong><a href="https://microsoft.ai/news/introducing-mai-thinking-1/">MAI-Thinking-1</a></strong> (reasoning, 1T parameters, 35B active, available to "select early partners") and <strong><a href="https://microsoft.ai/news/introducingmai-code-1-flash/">MAI-Code-1-Flash</a></...

EDR and proxies weren't built for supply chain malware. When malicious code arrives through npm install, it looks like normal behavior. Here's why that matters.Category: News

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent-micropython/releases/tag/0.1a0">datasette-agent-micropython 0.1a0</a></p> <p>I want <a href="https://agent.datasette.io">Datasette Agent</a> to be able to generate and execute Python code safely. This alpha is looking promising so far. GPT-5.5 has so far failed to break out of the sandbox!</p> <p>Tags: <a href="https://simonwillison.net/tags/pyt...

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a1">micropython-wasm 0.1a1</a></p> <p>Fixes for some limitations that emerged while I was trying to use this to build <code>datasette-agent-micropython</code>.</p> <p>Tags: <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/sandboxing">sandboxing</a>, <a href=...

<p><img src="https://static.inaturalist.org/photos/671786719/large.jpg" alt="California Brown Pelican"></p><p>California Brown Pelican, in Fort Mason, CA, US</p><p>I'm at the <a href="https://build.microsoft.com/">Microsoft Build</a> conference today, held at <a href="https://en.wikipedia.org/wiki/Fort_Mason">Fort Mason</a> in San Francisco. There are California Brown Pelicans diving into the water directly behind venue!</p> <...

Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install. The affected versions span multiple packages across the RedHat Cloud Services frontend ecosystem. The payload is a sophisticated multi-stage credential harvester that targets GitHub Actions secrets, AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm tokens, and CircleCI tokens

On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote every git tag across multiple popular Composer packages within a single 15 minute window. Anyone running composer update or installing fresh against laravel-lang/http-statuses, laravel-lang/actions, or laravel-lang/attributes now pulls a payload that exfiltrates CI secrets to a typosquatted attacker domain. StepSecurity confirmed end to end exploitation in an isolated runner and has filed security issue

Dev Machine Guard now scans IDE extensions across VS Code, Cursor, Windsurf, JetBrains IDEs, Android Studio, Eclipse, and Xcode on macOS, Windows, and Linux. Get a unified inventory, extension risk scoring, typosquat detection, and compromised extension visibility across your entire developer fleet.

Nx Console VS Code Extension Compromised

CKEditor is now HIPAA-aligned, adding healthcare-grade controls on top of SOC 2 Type II. See what's in scope, who benefits, and how it cuts vendor risk.

At Microsoft Build 2026, GitHub introduced new tools, updates, and surfaces so agents can work the way you already work.The post GitHub Copilot app: The agent-native desktop experience appeared first on The GitHub Blog.

記事は ics.media へアクセスしてご覧ください。

Toolbox App 3.5 focuses on making daily work smoother and managed development environments easier to monitor. The app now supports interface zooming with familiar shortcuts, provides OpenTelemetry metrics for enterprise remote development connections, and handles several long-standing reliability issues more gracefully. Remote development observability The Toolbox App now emits OpenTelemetry metrics for remote development connection […]

Personally, I wouldn’t blame you if you were asked what CSS needs these days and you were like uhm, I think it’s good, actually. These days CSS probably has more in it than you even know about or have tried, making it feel not particularly lacking. But if you really dig into the specifics, you’ll […]

NGINX Ingress Controller 5.5 introduces some significant performance improvements in startup times! A few months ago, a community member noticed that NGINX Ingress Controller deployments with a large number of Ingress resources were experiencing longer-than-expected startup times. In clusters with hundreds or thousands of resources spread across many namespaces, the controller could take several minutes […]

DevTools for agents is stable, AI assistance gets major upgrade with Lighthouse and widgets, new WebMCP debugging tools.

CSS gap decorations, disconnecting WebSockets for bfcache, and Intl.Locale variants.

Monorepos that deploy many projects can now configure all of their project's Git settings more conveniently. Previously, if you wanted to consistently configure each project's settings for commit status, , etc., you had to click through to every project's settings and consistently apply the same setting. Now, you can do it all in one place. eventsrepository_dispatchTry it out in or visit to learn more!project settingsthe docsRead more

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/pasted-file-editor">Pasted File Editor</a></p> <p>I really like how you can paste a large volume of text into <a href="https://claude.ail">claude.ai</a> (or the Claude desktop/mobile apps) and it will detect it as a large paste and turn it into a file attachment instead.</p><p>I decided to have Codex desktop <a href="https://gist.github.com/simonw/74c79119b487a...

株式会社 AbemaTV で SRE / Platform Engineer をしている 後藤（@r ...

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a0">micropython-wasm 0.1a0</a></p> <p>My latest sandboxing experiment: This alpha package bundles a lightly customized WASM build of <a href="https://micropython.org/">MicroPython</a> with a wrapper to execute code in it via <a href="https://wasmtime.dev/">wasmtime</a>.</p> <p>Tags: <a href="https://simonwillison.net/ta...

A skimming operation tracked as GorgonAgora is running over 4,800 fake storefronts that impersonate real brands and steal payment data from anyone who checks out. An independent researcher has been...

MCP servers have a different attack surface than traditional APIs. Here are the five risks that matter most, grounded in OWASP's agentic AI guidelines, with concrete mitigations for each.

Your route guard does not protect your server functions. A complete guide to authorization in TanStack Start, from roles and permissions to enterprise RBAC and fine-grained access control.

Tools, MCP servers, skills, orchestrators, and why auth runs through all of them.

Key insights from Boris Cherny's Acquired Unplugged interview on building Claude Code, the death of traditional roles, and why the golden age of the generalist is here.

Ben Gilbert and David Rosenthal shared what makes companies endure for generations at Acquired Unplugged, hosted by WorkOS CEO Michael Grinich.

You can now generate time-bound signed URLs for . A signed URL is a scoped URL with an expiry that allows you to upload, download, inspect, or delete a specific object without giving access to your entire Blob store.Vercel BlobEach URL is scoped to a single operation (, , , or ), a single pathname, and an expiry you choose, up to 7 days. The signature covers the operation and constraints, so a URL signed for a can't be reused as a .putgetheaddeleteGETPUTUpload URLs () support multipart, so the b

はじめに こんにちは、University of British Columbia 学部4年の保井祐 ...

<p><strong><a href="https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/">Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked</a></strong></p>I had trouble believing this story was true, but I've seen it verified from multiple sources now:</p><blockquote><p>One video shows a hacker starting a conversation with Meta’s AI support bot an...

Mythos has real edges in exploit chain construction. But for most AppSec work, the harness around the model matters more than which model you pick.Category: News

Elastic build machines now monitor your build's memory usage and automatically adjust to prevent out-of-memory (OOM) failures:Thresholds are set conservatively to balance deployment reliability and cost. Vercel only considers your build's memory usage, not the memory used by Vercel's own build infrastructure.Enable elastic builds in your or , or read the .team settingsproject settingsdocsRead moreIf your build is fast but memory-intensive, we will no longer downgrade you to a smaller machineIf y

We investigated why firmware updates were causing our core servers to take four hours to reboot. By diving into UEFI data structures and iPXE automation, we eliminated unnecessary timeouts and cut boot times back down to minutes.

Connection, collaboration, and trust are the lifeblood of healthy community culture. NGINX Gateway Fabric and NGINX Ingress Controller were (and are) developed with open source community as a priority. From code contributions to critical comments, community participation has shaped the present and future of NGINX open source projects, and the future of technology. Today, I’m excited to highlight two recurring opportunities to engage directly […]

You can style the "on the way in" and "on the way out" styles for elements, even when they are moving to/from display: none;. Yay.

Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.Category: Vulnerabilities & Threats

A mini Shai-Hulud campaign compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installation.

The TBT Window is the FCP-to-TTI interval used to calculate Total Blocking Time. If FCP or TTI moves, TBT can change even when long tasks do not.

A working-with-me guide for new teammates, covering how I communicate, lead, give feedback, and build trust on engineering teams.

Qwen 3.7 Plus from Alibaba is now available on . Both Qwen 3.7 Plus and 3.7 Max are free for paid AI Gateway users till 6/4/26 12:00pm PT.Vercel AI GatewayThe model unifies vision and language into a single agent foundation, with capabilities spanning GUI and CLI operation, coding and productivity workflows with full-modality input, and visual agent tasks including perception and reasoning. It is designed to generalize across diverse agent harnesses.To use Qwen 3.7 Plus, set model to in the .ali

<p>I just sent out the May edition of my <a href="https://github.com/sponsors/simonw/">sponsors-only monthly newsletter</a>. If you are a sponsor (or if you start a sponsorship now) you can <a href="https://github.com/simonw-private/monthly/blob/main/2026-05-may.md">access it here</a>.</p><p>This month:</p><ul><li>Al got expensive, and Anthropic had a really good month</li><li>The model releases were a little disappointing&...

newmoのフロントエンド開発では、複数の機能を持つ単一のNext.jsアプリケーションを開発しています。このアプローチは、コードの共有やCIの管理といった面でメリットがある一方で、PlaywrightテストのCI実行における安定性とテスト時間という2つの課題を抱えていました。 この記事では、newmoで実施したPlaywright CI最適化の取り組みについて紹介します。 Docker Image導入によるセットアップの安定化と、テスト分割とShardingによる実行時間の短縮という2つのアプローチを実施しました。 結論を先に述べると、Docker Image化でセットアップ起因のCI失敗を…

こんにちは。フロントエンドエンジニアの桐澤（@kiririLee）です。 PR TIMESは、フロントエンド・PHPカンファレンス北海道2026にプラチナスポンサーとして協賛いたします。また、同イベントに当社から2名のエ […]

本記事では Deepgram Flux Multilingual の EoT 検出に焦点を当てますが ...

This release focuses on giving you more control over how tasks are organized, referenced, and

Sansec is proud to add Sylius to our list of supported platforms. Sansec eComscan now integrates with Sylius 1 and Sylius 2 and will run deep searches to hunt for malware & vulnerabilities.Whi...

This month we got a bunch of improvements in SvelteKit's forms and remote functions. Plus, a new query function (.live(...)) that makes accessing real-time data from the server easier.Keep an eye out for a few breaking changes in remote functions, if you're using those. Otherwise, enjoy all the new SvelteKit features and bug fixes in the latest versions of Svelte.Let's dive in!What's new in SvelteKitForm submit now returns a boolean to indicate submission validity for enhanced remote forms (2.57

now supports OIDC authentication and is the default setting when connecting new projects.Vercel BlobVercel-issued OIDC tokens are short-lived and rotate automatically, so you no longer need a long-lived .BLOB_READ_WRITE_TOKENTo upgrade an existing store, first update your project to use the latest , then navigate to the under your Blob store and select Upgrade to OIDC from the project's context menu.@vercel/blobProjects tabFunctions running on Vercel receive the token automatically and authentic

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a32">datasette 1.0a32</a></p> <p>A minor bugfix release. Fixes a bug with <code>INSERT ... RETURNING</code> queries via the <a href="https://datasette.io/blog/2026/sql-write-queries/">new /db/-/execute-write endpoint</a> and a bunch of <a href="https://docs.datasette.io/en/latest/settings.html#setting-base-url">base_url</a> issue...

カミナシ ID管理基盤ではログストレージにCloudWatch Logsを使っていましたが、サービスの成長に伴いコストに悩んでいました。この記事では、私たちが実践したAmazon S3 Tables（以下、S3 Tables）を使ったログストレージの構築と移行、そのコスト最適化効果について書きます。

The North Korean malware loader hides in a Packagist-listed package and its GitHub branch to fetch and execute remote code in a likely Contagious Interview-style lure.

<p><strong><a href="https://thoughts.hmmz.org/2026-05-31.html">The solution might be cancelling my AI subscription</a></strong></p>I find this post by David Wilson very relatable. David lists 16+ projects he's spun up with AI tooling, and concludes:</p><blockquote><p>I didn't mean to build most of these things. Usually the Claude session started with something like "<em>write a quick script for X</em>", and one hour later the res...

プレイドの解析基盤として様々な仕組みを備えた内製OLPA DB milaの開発に携わり、多くのことを学びました。この記事では、インターンでの取り組みと学びを振り返ります。

Chat SDK now supports Lark and Feishu via a new .vendor-official adapterBuild bots that post, edit, and delete messages, stream replies via Lark's native cardkit typewriter API, send interactive cards, and react with emojis across both Lark and Feishu conversations.The adapter connects over Lark's WebSocket transport, so bots run from any long-running Node process without exposing an HTTP webhook endpoint.To get started, read the or documentation.LarkFeishuRead more

OpenAI の Secure MCP Tunnel を利用すると、プライベートな MCP サーバーをパブリックなインターネットに公開することなく OpenAI のプロダクトに接続できるようになります。この記事では Secure MCP Tunnel を試してみた様子を紹介します。

Let’s kick off June — and the beginning of summer — with some fresh inspiration! Artists and designers from across the globe once again tickled their creativity to welcome the new month with a new collection of desktop wallpapers. Enjoy!

MiniMax M3 is now available on .Vercel AI GatewayM3 is MiniMax's first model with a 1M-token context window and native multimodality, built around MiniMax Sparse Attention (MSA).M3 improves on software engineering, terminal-based tool use, and agentic web browsing, and is tuned for multi-turn collaboration.To use MiniMax M3, set model to in the .minimax/minimax-m3AI SDKPass an image alongside a prompt to use M3's multimodal input:AI Gateway provides a unified API for calling models, tracking usa