はじめに こんにちは、LegalOn TechnologiesでCTOをしている深川です。実は来週第一子が出産予定でドキドキワクワクがとまりません。 最近、社内向けに「AI時代の開発チームサイズ」に関するガイドラインを策定しました。AIによるコード生成・テスト・レビューの能力が急速に向上するなかで、開発チームの最適な人数は何名なのか——これは多くの開発組織が直面しているテーマだと思います。 本記事では、そのガイドラインの中から「チームサイズの検討」の部分を切り出し、対外的に共有できる形でお届けします。完璧な正解ではありませんが、同じような課題に向き合う方々の参考になれば幸いです。

<p><strong><a href="https://claude.com/blog/auto-mode">Auto mode for Claude Code</a></strong></p>Really interesting new development in Claude Code today as an alternative to <code>--dangerously-skip-permissions</code>:</p><blockquote><p>Today, we're introducing auto mode, a new permissions mode in Claude Code where Claude makes permission decisions on your behalf, with safeguards monitoring actions before they run.</p></...

You don't necessarily have to do focus handling yourself with shadow DOM web components. For simple wrapper components, there is an easier (and better) way.

<p><strong><a href="https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html">Package Managers Need to Cool Down</a></strong></p>Today's <a href="https://simonwillison.net/2026/Mar/24/malicious-litellm/">LiteLLM supply chain attack</a> inspired me to revisit the idea of <a href="https://simonwillison.net/2025/Nov/21/dependency-cooldowns/">dependency cooldowns</a>, the practice of only installing updated dependencies once t...

<blockquote cite="https://bsky.app/profile/mims.bsky.social/post/3mhsux67xpk2d"><p>I really think "give AI total control of my computer and therefore my entire life" is going to look so foolish in retrospect that everyone who went for this is going to look as dumb as Jimmy Fallon holding up a picture of his Bored Ape</p></blockquote><p class="cite">— <a href="https://bsky.app/profile/mims.bsky.social/post/3mhsux67xpk2d">Christopher Mims</a>, T...

Five malicious npm packages typosquatting crypto libraries steal private keys via Telegram, targeting Solana and Ethereum developers, with active C2 infrastructure.

March has a way of bringing a lot of new things to WebKit — and this year is no exception.

Learn how to integrate the Copilot SDK into a React Native app to generate AI-powered issue summaries, with production patterns for graceful degradation and caching.The post Building AI-powered GitHub issue triage with the Copilot SDK appeared first on The GitHub Blog.

TeamPCP is targeting security tools across the OSS ecosystem, turning scanners and CI pipelines into infostealers to access enterprise secrets.

<p><strong><a href="https://github.com/BerriAI/litellm/issues/24512">Malicious litellm_init.pth in litellm 1.82.8 — credential stealer</a></strong></p>The LiteLLM v1.82.8 package published to PyPI was compromised with a particularly nasty credential stealer hidden in base64 in a <code>litellm_init.pth</code> file, which means installing the package is enough to trigger it even without running <code>import litellm</code>.</p><p...

Before version 1.29.7, NGINX used HTTP/1.0 by default for connecting to HTTP upstream servers. This older version of the protocol does not have the capability of HTTP persistent connections, commonly known as “keep-alive.” Keep-alive reduces the number of handshakes, reduces latency, and reduces time to first byte for most regular web applications. In order to […]

We’re introducing Dynamic Workers, which allow you to execute AI-generated code in secure, lightweight isolates. This approach is 100 times faster than traditional containers, enabling millisecond startup times for AI agent sandboxing.

Accessibility works best when it blends into everyday design workflows. The goal isn’t a big transformation, but simple work processes that fit naturally into a team’s routine. With Figma variables, testing font size increases becomes part of the design flow itself, making accessibility feel almost inevitable rather than optional.

AI is beginning to change how software is produced. Instead of just assisting developers inside the editor, AI agents now investigate issues, generate code, run tests, and execute multi-step workflows. As this work scales, software development extends beyond individual tools or sessions. It becomes a distributed system of agents, environments, and workflows that operate across […]

AI is quickly moving into the critical path of software delivery from test automation to deployment decisions like auto-rollbacks, approvals, and release gating. For engineering leaders, this raises a practical and urgent question: What guardrails do we need to safely use AI in our CI/CD pipeline without increasing risk? If your continuous integration and continuous […]The post What guardrails or policies should be in place when AI is part of deployment decisions (e.g., auto-rollback, approvals)

Starting with NGINX Ingress Controller (NIC) v5.4.0, you can define CORS behavior once in a Policy resource and apply it consistently across both VirtualServer and Ingress traffic paths. Across this blog, we’re focused on: Why Use a Policy For CORS? Many teams start with per-resource tuning and quickly end up with drift. Using a dedicated […]

こんにちは。LINEヤフー研究所でHuman-Computer Interaction（HCI）の分野の研究をしている池松です。皆さんはスマートフォン（以下、スマホ）でレシピを見ながら調理しているとき...

<p>I wrote about Dan Woods' experiments with <strong>streaming experts</strong> <a href="https://simonwillison.net/2026/Mar/18/llm-in-a-flash/">the other day</a>, the trick where you run larger Mixture-of-Experts models on hardware that doesn't have enough RAM to fit the entire model by instead streaming the necessary expert weights from SSD for each token that you process.</p><p>Five days ago Dan was running Qwen3.5-397B-A17B in 48GB of RAM. Today <...

The final report for Ruby Association Grant on TutorialKit.rb—a toolkit for building interactive Ruby and Rails tutorials that run entirely in the browser using WebAssembly and WebContainers. Featuring a full-featured installer, agent-friendly development workflow, deployment pipelines, HTTP support, and real-world examples.

What sets this attack apart is the skimmer itself. Instead of the usual HTTP requests or image beacons, this malware uses WebRTC DataChannels to load its payload and exfiltrate stolen payment data....

Add a "Sign in with Slack" button to your app in minutes using WorkOS AuthKit.

Decode, verify, and inspect JWTs; built by the team that does auth for a living.

Common threats from sign-up to sign-in: what can go wrong, how attackers exploit it, and how to stop them.

Traditional approaches to linting TypeScript-based languages have had significant drawbacks for many years. They're often difficult to configure and come with limitations that prevent rules from fully understanding the types of code. Flint introduces a comprehensive Volar.js-based architecture that enables fully type-aware lint rules for languages like Astro, Svelte, and Vue. Learn how Flint's architecture solves this once and for all!

<blockquote cite="https://bsky.app/profile/schwarzgerat.bsky.social/post/3mhqu5dogos2v"><p>slop is something that takes more human effort to consume than it took to produce. When my coworker sends me raw Gemini output he’s not expressing his freedom to create, he’s disrespecting the value of my time</p></blockquote><p class="cite">— <a href="https://bsky.app/profile/schwarzgerat.bsky.social/post/3mhqu5dogos2v">Neurotica</a>, @schwarzgerat.bsky...

TypeScript 6.0 introduces new standard APIs, modern default settings, and deprecations as it prepares projects for the upcoming TypeScript 7.0 release.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-files/releases/tag/0.1a2">datasette-files 0.1a2</a></p> <p>The most interesting alpha of <a href="https://github.com/datasette/datasette-files">datasette-files</a> yet, a new plugin which adds the ability to upload files directly into a Datasette instance. Here are the release notes in full:</p><blockquote><ul><li>Columns are now configured u...

はじめに こんにちは、株式会社LegalOn Technologies ソフトウェアエンジニアのわたりょーです。デザインシステムチームに所属し、社内デザインシステム「Aegis」を開発・運用しています。 「Aegis」は、LegalOn Technologiesのプロダクト群で一貫した UI を実現するための社内デザインシステムです。UI コンポーネントライブラリ、デザイントークン、ガイドラインなどを提供し、複数プロダクトの開発効率と品質を支えています。 本記事では、AI コーディングエージェント（Claude Code / Codex など）向けに Agent Skills（以下、Skill…

Drawing an line with arrows pointing to the center of two arbitrary elements measuring and displaying the distance between them doesn't seem like it would be possible in CSS alone... but...

<blockquote cite="https://www.davidabram.dev/musings/the-machine-didnt-take-your-craft/"><p>I have been doing this for years, and the hardest parts of the job were never about typing out code. I have always struggled most with understanding systems, debugging things that made no sense, designing architectures that wouldn't collapse under heavy load, and making decisions that would save months of pain later.</p><p>None of these problems can be solved LLMs. They can sugges...

Storybook-powered agentic UI development

Today, we’re excited to announce kubernetes.nginx.org, a new community hub for everything NGINX networking on Kubernetes, along with a brand-new Kubernetes community Ingress-NGINX Migration Tool designed to make moving from the Kubernetes community Ingress-NGINX controller to the NGINX Ingress Controller as smooth as possible. Why a Community Hub? Whether you’re running NGINX Ingress Controller, exploring […]

The latest update to the CKEditor contributed modules brings AI writing and editing directly into Drupal. Premium Features module 1.8.0 introduces CKEditor AI, adding AI Chat, AI Review, AI Translate, and AI Quick Actions inside the rich text editor. Authors can write, review, and translate content without the back and forth of third-party tools.

Today we are excited to announce the availability of TypeScript 6.0! If you are not familiar with TypeScript, it’s a language that builds on JavaScript by adding syntax for types, which enables type-checking to catch errors, and provide rich editor tooling. You can learn more about TypeScript and how to get started on the TypeScript […]The post Announcing TypeScript 6.0 appeared first on TypeScript.

CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.The post GitHub expands application security coverage with AI‑powered detections appeared first on The GitHub Blog.

The new CSS corner-shape() property is mathematical, so it’s easily animated. Author Daniel Schwarz pokes at animating the property for interesting UI effects.Experimenting With Scroll-Driven corner-shape Animations originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Cloudflare's Gen 13 servers introduce AMD EPYC™ Turin 9965 processors and a transition to 100 GbE networking to meet growing traffic demands. In this technical deep dive, we explain the engineering rationale behind each major component selection.

Cloudflare’s Gen 13 servers double our compute throughput by rethinking the balance between cache and cores. Moving to high-core-count AMD EPYC ™ Turin CPUs, we traded large L3 cache for raw compute density. By running our new Rust-based FL2 stack, we completely mitigated the latency penalty to unlock twice the performance.

There is a lil’ UI detail on this blog. Most people don’t even notice it, but the ones who do often reach out, asking how on earth it works. It feels like it defies the rules of CSS! In this blog post, I’ll break down the surprisingly-straightforward implementation so you can start using this trick yourself.

1月に AAAI-2026（The 40th Annual AAAI Conference on A ...

本記事は、Datadog agent-skillsとpupをGithub Actionsで実行し、自 ...

<p>Last month I <a href="https://simonwillison.net/2026/Feb/20/beats/">added a feature I call beats</a> to this blog, pulling in some of my other content from <a href="https://simonwillison.net/elsewhere/">external sources</a> and including it on the homepage, search and various archive pages on the site.</p><p>On any given day these frequently outnumber my regular posts. They were looking a little bit thin and were lacking any form of explanation beyon...

こんにちは、LINEヤフー株式会社の井上 秀一です。私は2024年4月に新入社員としてLINEヤフー株式会社に入社し、現在は社内向け Kubernetes as a Service である FKE チ...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/starlette-1-skill#readme">Starlette 1.0 skill</a></p> <p>See <a href="https://simonwillison.net/2026/Mar/22/starlette/">Experimenting with Starlette 1.0 with Claude skills</a>.</p> <p>Tags: <a href="https://simonwillison.net/tags/starlette">starlette</a></p>

How do you measure product-market fit for a developer tool? A PMF scoring model from Evil Martians—a product development consultancy for developer tools startups—built on data from 37 devtools companies across AI, infrastructure, and cybersecurity. Five metrics, real benchmarks, and a dual score that tells you whether to invest in product or go-to-market.

Users don't use data-testid, so why do your tests?

Why AI-Assisted Development Is More Exhausting Than It Should BeThe promise of AI-assisted development is that it should make developers' lives easier. In some ways it does. Yet I see many developers suffering from post-LLM burnout and exhaustion.In part, it is because of the unrealistic expectations of the organizations they work for, caught up in AI hype and FOMO.However, I am seeing another issue. And it's one rooted in the psychology of human-computer interaction (HCI).Cognitive ModesWhen yo

A practical comparison of the two protocols reshaping how agents pay for services in 2026.

A practical comparison of modern auth providers, trade-offs, and best practices for React Router apps.

The Model Context Protocol's 2026 roadmap acknowledges what enterprises deploying MCP at scale already know: the protocol has real gaps in auth, observability, gateway patterns, and configuration portability. Here's what's on the table and why it matters.

The big AI chat apps ship heavy rendering libraries to every device. Cheddy Chat renders markdown server-side and streams finished HTML, eliminating 160-440KB of client JavaScript while keeping the main thread free.

<p><a href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">Starlette 1.0 is out</a>! This is a really big deal. I think Starlette may be the Python framework with the most usage compared to its relatively low brand recognition because Starlette is the foundation of <a href="https://fastapi.tiangolo.com/">FastAPI</a>, which has attracted a huge amount of buzz that seems to have overshadowed Starlette itself.</p><p>Kim Christie started wo...

Newly published Trivy Docker images (0.69.4, 0.69.5, and 0.69.6) were found to contain infostealer IOCs and were pushed to Docker Hub without corresponding GitHub releases.

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/pcgamer-audit#readme">PCGamer Article Performance Audit</a></p> <p>Stuart Breckenridge pointed out that <a href="https://stuartbreckenridge.net/2026-03-19-pc-gamer-recommends-rss-readers-in-a-37mb-article/">PC Gamer Recommends RSS Readers in a 37MB Article That Just Keeps Downloading</a>, highlighting a truly horrifying example of web bloat that added up to 1...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/javascript-sandboxing-research#readme">JavaScript Sandboxing Research</a></p> <p>Aaron Harper <a href="https://www.inngest.com/blog/node-worker-threads">wrote about Node.js worker threads</a>, which inspired me to run a research task to see if they might help with running JavaScript in a sandbox. Claude Code went way beyond my initial question and produced a ...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/dns">DNS Lookup</a></p> <p>TIL that Cloudflare's 1.1.1.1 DNS service (and 1.1.1.2 and 1.1.1.3, which block malware and malware + adult content respectively) has a CORS-enabled JSON API, so I <a href="https://github.com/simonw/tools/pull/258#issue-4116864108">had Claude Code build me</a> a UI for running DNS queries against all three of those resolvers.</p> <p>Tags...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/manyana">Merge State Visualizer</a></p> <p>Bram Cohen wrote about his <a href="https://bramcohen.com/p/manyana">coherent vision for the future of version control</a> using CRDTs, illustrated by <a href="https://github.com/bramcohen/manyana/blob/main/manyana.py">470 lines of Python</a>.</p><p>I fed that Python (minus comments) into Claude and asked for ...

Claude Code v2.1.80 から Research Preview 版として Claude Code channels（以下、チャンネル）が利用できるようになりました。チャンネルとは実行中の Claude Code のセッションに対して、外部からイベントを送ることができる MCP サーバーのことです。この記事では、Claude Code と Discord 連携がどのように動作しているのか、その仕組みを解説します。

One night, I wrote a simple tool to pick a random programming language. After shuffling a few times, I landed on Arturo. I decided to try it for fun.What’s Arturo?Best I understand, Arturo is a stack-based programming language. It’s primarily maintained by Yanis Zafirópulos. They published a vision of the language in 2020. Here’s the stated goal from that post:to make something that I myself will use as an easier do-it-all scripting language, you know… automation scripts, templating, latex gener

I wrote a web app to choose a random programming language.It’s very simple; I hestitate to even call it an “app”! The interesting part was scraping all the languages on Rosetta Code, and even that wasn’t very interesting. But I hope you like it!I learned about a language called Arturo this way, and wrote a short story about that experience.

I created a new visualisation for my homepage rotation.Here’s a demo:It’s just a basic flow field simulation with particles tracing their paths along the space. I used the p5.js framework. It reacts to mouse movements!I did a few optimisations to make it smoother, but in the end I had to lower the framerate and tried to make the low frame rate look intentional. Optimisation was important especially for mobile devices.Some of the optimisations include:Using sprites / textures instead of the vecto

<p>Here's a mildly dystopian prompt I've been experimenting with recently: "Profile this user", accompanied by a copy of their last 1,000 comments on Hacker News.</p><p>Obtaining those comments is easy. The <a href="https://hn.algolia.com/api">Algolia Hacker News API</a> supports listing comments sorted by date that have a specific tag, and the author of a comment is tagged there as <code>author_username</code>. Here's a JSON feed of my (<code>sim...

We released NGINX Ingress Controller v5.4.0 ahead of KubeCon Europe, and this one is worth the noise. This release is laser-focused on making it easier for teams running ingress-nginx to migrate to NGINX Ingress Controller, without sacrificing the features and workflows they depend on. Here’s what’s new! Configuration Resilience and Validation What’s new: Ingress and […]

<p><em><a href="https://simonwillison.net/guides/agentic-engineering-patterns/">Agentic Engineering Patterns</a> ></em></p> <p>Git is a key tool for working with coding agents. Keeping code in version control lets us record how that code changes over time and investigate and reverse any mistakes. All of the coding agents are fluent in using Git's features, both basic and advanced.</p><p>This fluency means we can be more ambitious abou...

<p><strong><a href="https://tools.simonwillison.net/turbo-pascal-deconstructed">Turbo Pascal 3.02A, deconstructed</a></strong></p>In <a href="https://prog21.dadgum.com/116.html">Things That Turbo Pascal is Smaller Than</a> James Hague lists things (from 2011) that are larger in size than Borland's 1985 Turbo Pascal 3.02 executable - a 39,731 byte file that somehow included a full text editor IDE and Pascal compiler.</p><p>This inspired...

The worm-enabled campaign hit @emilgroup and @teale.io, then used an ICP canister to deliver follow-on payloads.

<blockquote cite="https://twitter.com/Kimi_Moonshot/status/2035074972943831491"><p>Congrats to the <a href="https://x.com/cursor_ai">@cursor_ai</a> team on the launch of Composer 2!</p><p>We are proud to see Kimi-k2.5 provide the foundation. Seeing our model integrated effectively through Cursor's continued pretraining & high-compute RL training is the open model ecosystem we love to support.</p><p>Note: Cursor accesses Kimi-k2.5 via <a...

On February 25, 2026, HubSpot experienced a service disruption affecting user access to specific types of workflows within our user interface. All backend workflow automations continued to execute normally without interruption - no automations were delayed, missed, or lost. We have completed a thorough analysis of this incident and are implementing targeted safeguards to prevent this class of failure from recurring.

Josh Tumath: Have you ever noticed that when you increase the system text size in your iOS or Android phone’s accessibility settings, the text gets bigger everywhere except on the web? On Safari and Chrome, it makes absolutely no difference. New thing: <meta name=text-scale> This isn’t page zoom, which scales everything, it’s just respects the […]

Azure Entra ID doesn't support deep nested group expansion over SCIM, which catches a lot of teams off guard when setting up Directory Sync. This post explains exactly why that limitation exists, three practical patterns to work around it, and how the situation compares to Google Workspace.

Dropdowns often work perfectly until they’re placed inside a scrollable panel, where they can get clipped, and half the menu disappears behind the container’s edge. Godstime Aburu explains why this happens and offers practical solutions to fix it.

Just a quick note before we get into this issue. We're moving back to a once per week cadence on Fridays after this issue.We've got a lot on in the studio right now, so making time to curate two issues a week is getting tougher. I'd rather make sure the quality of one issue is top notch.The next issue will be be Friday March 27!What's My ΔE(OK) JND?A fun colour recognition game that gets really quite hard as you go through it!Glasses Cleaning SimulatorDoes exactly what it says on the tin!Links s

AI-based test selection promises faster CI builds by running only the tests most likely to be impacted by a code change. In large repositories with thousands of tests, this can significantly reduce build times. But there’s a trade-off. If implemented poorly, AI test selection can reduce reliability, increase escaped defects, and erode trust in CI […]The post How to Add AI Test Selection Without Breaking CI Reliability appeared first on Semaphore.

Claude Code v2.1.80 から Research Preview 版として Claude Code channels（以下、チャンネル）が利用できるようになりました。チャンネルとは実行中の Claude Code のセッションに対して、外部からイベントを送ることができる MCP サーバーのことです。この記事では、Discord からチャンネルを通じて Claude Code とやり取りする方法を紹介します。

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/sqlite-tags-benchmark#readme">SQLite Tags Benchmark: Comparing 5 Tagging Strategies</a></p> <p>I had Claude Code run a micro-benchmark comparing different approaches to implementing tagging in SQLite. Traditional many-to-many tables won, but FTS5 came a close second. Full table scans with LIKE queries performed better than I expected, but full table scans with JSON array...

The iron triangle of software development is dead. AI has changed the math.

HighlightsAPI Support for Bulk SuppressionsESLint v10.1.0 introduces API support for the bulk suppressions feature that was previously only available in the CLI.ESLint API consumers, such as IDEs, can now pass the applySuppressions: true option to the ESLint constructor. With this option, suppressions from the suppressions file are automatically applied to results from ESLint#lintFiles() and ESLint#lintText() methods.const eslint = new ESLint({ applySuppressions: true, // optional, defaults to `

We built 1Password® Unified Access to extend identity security beyond humans to the agents and machine workloads operating across your business. In practice, that means securing not just who gets access, but how agentic systems connect to tools, services, and data.That makes the MCP gateway a critical control point. It sits between AI agents and the systems they need to reach, making it the natural place to enforce policy, visibility, and governance. But in many deployments, it also becomes the

AI agents can now rewrite an app in hours. But software value lies in judgment, trust, and specification — not code. Here's why the craft of software engineering is evolving, not dying.

Add production-ready authentication to your FastAPI server in under an hour.

Use AI coding agents and WorkOS Skills to generate production-ready flows in your framework, language, and design system.

Welcome to a special edition of Tales from the Void! Last weeks VoidZero Launch Week brought changes to how you build, test, lint, and deploy JavaScript.Here's what shipped and why it matters.Oxlint: JS Plugins Alpha ​Oxlint's JS Plugins Alpha brings near-100% compatibility with the ESLint plugin ecosystem. Your existing ESLint plugins run inside Oxlint unmodified, alongside 650+ native Rust rules, while linting up to 100x faster than ESLint.Why it matters: For around 80% of ESLint users Oxlint

Kimi K2.5 is now on Workers AI, helping you power agents entirely on Cloudflare’s Developer Platform. Learn how we optimized our inference stack and reduced inference costs for internal agent use cases.

As contribution volume grows, mentorship signals are harder to read. The 3 Cs framework helps maintainers mentor more strategically... without burning out.The post Rethinking open source mentorship in the AI era appeared first on The GitHub Blog.

ENISA’s new package manager advisory outlines the dependency security practices companies will need to demonstrate as the EU’s Cyber Resilience Act begins enforcing software supply chain requirements.

<p>The big news this morning: <a href="https://astral.sh/blog/openai">Astral to join OpenAI</a> (on the Astral blog) and <a href="https://openai.com/index/openai-to-acquire-astral/">OpenAI to acquire Astral</a> (the OpenAI announcement). Astral are the company behind <a href="https://simonwillison.net/tags/uv/">uv</a>, <a href="https://simonwillison.net/tags/ruff/">ruff</a>, and <a href="https://simonwillison.net/tags/ty/">ty</a>...

An inside look at repository-native orchestration with GitHub Copilot and the design patterns behind multi-agent workflows that stay inspectable, predictable, and collaborative. The post How Squad runs coordinated AI agents inside your repository appeared first on The GitHub Blog.

An image gallery is a nice example of AIM, where the larger version of an image can "morph" out from the smaller one when opened, and back in when closed.

How to choose between modals and pages, when to avoid modals, and how to determine the right level of interruption or navigation. Brought to you by Smart Interface Design Patterns, a **friendly video course on UX** and design patterns by Vitaly.

Most enterprises claim to govern their AI use. They have policy documents, review boards, approval flows, and sandbox environments. On paper, control exists. Then agents enter real software delivery workflows. They generate code, refactor systems, open pull requests, query internal data, trigger automations, and coordinate across tools. They move from experiment to execution. At that […]

Mat Marquis and Andy Bell have released JavaScript for Everyone, an online course offered exclusively at Piccalilli. This post is an excerpt from the course taken specifically from a chapter all about JavaScript destructuring. JavaScript for Everyone: Destructuring originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

CSS light-dark() is being extended to support images.

As AI agents become a core part of modern development workflows, the need for secure, flexible authentication is quickly becoming essential. In our latest product news episode, our engineering team takes a deep dive into how we implemented OAuth for Semaphore’s MCP server—and what we learned along the way. This work is part of a […]The post MCP OAuth in Practice: Lessons from Building Authentication for AI Agents appeared first on Semaphore.

はじめに LegalOn Technologiesでは、以前CTOの深川がブログで宣言したように、2027年卒からソフトウェアエンジニア（SWE）の新卒採用を本格的にスタートします。 今回は、その取り組みの一環として実施した、新卒SWE向け長期インターンシップについて、設計から選考、受入れまでの裏側をプロジェクトメンバーで振り返ってもらいました。 今回話を聞いたのは以下のメンバーです。 深川：執行役員・CTO 本プロジェクトの総監督。最終面接を担当。 荒崎：CXOn, Senior Engineering Manager 技術課題の作成と技術面接を担当。 森山：LegalOn, Senior …

Identity establishes trust. The next problem is how that trust is used.In June 2025, Microsoft patched EchoLeak (CVE-2025-32711), a zero-click vulnerability in Microsoft 365 Copilot that allowed an attacker to exfiltrate sensitive enterprise data, including API keys, confidential documents, and internal conversation snippets, without human intervention.The attack was deceptively simple. An attacker sent a normal-looking email with hidden instructions embedded in it. A human would not notice them

Today, we’re announcing that Firebase is now integrated with Google AI Studio, accelerating your path from prompt to production so you can turn your vibe-coded ideas into fully functional apps with robust backends. Read on to learn how this works and what this means for Firebase Studio.

A practical guide for developers working with cross-origin requests. Every frustrating console message, and the headers that fix them.

Grant agents time-limited access to OAuth connections using Pipes and MCP.

In 2025, Checkly received 12,479 applications, of which we hired 24 people. Here's an honest look at our hiring funnel, speed, and data.

<p><strong><a href="https://twitter.com/danveloper/status/2034353876753592372">Autoresearching Apple's "LLM in a Flash" to run Qwen 397B locally</a></strong></p>Here's a fascinating piece of research by Dan Woods, who managed to get a custom version of <a href="https://huggingface.co/Qwen/Qwen3.5-397B-A17B/tree/main">Qwen3.5-397B-A17B</a> running at 5.5+ tokens/second on a 48GB MacBook Pro M3 Max despite that model takin...

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a26">datasette 1.0a26</a></p> <p>Datasette now has a mechanism for assigning semantic column types. Built-in column types include <code>url</code>, <code>email</code>, and <code>json</code>, and plugins can register additional types using the new <a href="https://docs.datasette.io/en/latest/plugin_hooks.html#plugin-register-co...

We identified over 20 additional malicious extensions, along with over 20 related sleeper extensions, some of which have already been weaponized.

<p><strong><a href="https://www.promptarmor.com/resources/snowflake-ai-escapes-sandbox-and-executes-malware">Snowflake Cortex AI Escapes Sandbox and Executes Malware</a></strong></p>PromptArmor report on a prompt injection attack chain in Snowflake's <a href="https://docs.snowflake.com/en/user-guide/snowflake-cortex/cortex-agents">Cortex Agent</a>, now fixed.</p><p>The attack started when a Cortex user asked the agent to review a GitHu...

There is so much new web technology happening all the time, it is definitely not your fault if you feel like you can’t keep up with it. Big thumbs up to the new service BaseWatch, which will let you know when web technologies you care about become widely available, and thus potentially close enough to […]

Everyone thinks AI routing means swapping models. The bigger game is tool routing — giving your agent image gen, video, voice, and search via MCP and skills.

Learn how CKEditor ensures text editor compliance across healthcare, finance, and education by meeting key industry regulations with secure features.

We are expanding Regional Services with new pre-defined regions and the launch of Custom Regions. Customers can now define precise geographical boundaries for data processing, tailored to meet their compliance and performance needs.

AI tools are increasingly integrated into development workflows. They can review pull requests, generate code, analyze test failures, suggest CI optimizations, and even modify configuration files. To do this effectively, many AI systems require access to private repositories. That access introduces real security, compliance, and governance concerns. This article explains how to manage permissions safely […]The post How to Manage Permissions When AI Tools Access Private Repositories appeared firs

SVG favicons that respect theme preferenceA handy approach here! It'd be useful if browsers had a queryable value for the colour of the UI too so developers could serve an appropriate favicon.Designing for people with anxietyThis is absolutely packed with great knowledge.Try not to get scammed while looking for workSorry to add more horror to our already horrifying industry at the moment, but this is important to make people aware of!European tech alternativesWe've already shared EU alternative

GUI ベースの BI ツールの限界、データエンジニアリングにおけるソフトウェアエンジニアリングの原則、AI 時代に求められる「確かな数字」。newmo が Lightdash で BI as Code を始めた背景にある思いを語ります。

詳細はウェブサイトにアクセスしてご確認ください。

Chrome automatically opens a video PiP window for sites that have not registered a media session action handler.

LINEヤフーでは、2024年に引き続き、2025年も社内の開発者を対象としたアンケート「State of LY 2025」を実施しました（昨年度の実施レポート）。昨年はWebフロントエンド開発者のみ...