直近1週間の更新
7/17 (金)

Quoting Kimi K3 Simon Willison's Weblog
<blockquote cite="https://news.ycombinator.com/item?id=48935342#48936515"><p>Is there something I can actually help you with today?</p></blockquote><p class="cite">&mdash; <a href="https://news.ycombinator.com/item?id=48935342#48936515">Kimi K3</a>, after refusing to leak its system prompt</p> <p>Tags: <a href="https://simonwillison.net/tags/kimi">kimi</a>, <a href="https://simonwillison.net/tags/ai-personality">ai-pers...
2時間前

The Index: Issue #191
Piccalilli - Everything
Howdy! Before we get into the links, we're going to take a break next week, so we'll see you on July 31 🌴Art as resistenceMore of this please!Mildliner referenceIf you've ever thought "I wish I could use Midliner marker colours on the web" then this link is specifically for you. Very nice stuff.The AI hype reckoning is upon usNot long now, friends. Increasingly — and more urgently — we need to be talking about how to make sure these hype cycles never happen again.You can just print an air purif...
3時間前

When It Makes Sense To “Block” The Main Thread
Articles on Smashing Magazine — For Web Designers And Developers
The common rule of thumb is to never “block” the browser’s main thread when running JavaScript tasks. But is this a hard rule? Victor Ayomipo describes a use case he encountered involving a screenshot extension where he made an exception to the rule and decided that blocking the main thread was absolutely the right thing to do.
7時間前

GitHub Release 作成をパッケージリリースのトリガーにするな!
ゆめみのフィード
はじめにGitHub Actions からパッケージを公開するとき,こんなワークフローを組んでいないでしょうか?GitHub 上で Release を作成する→ on: release: types: [published] でワークフローが起動する→ npm publish が走る操作する側から見ると,非常に分かりやすいですよね。Release を作れば NPM にも公開される。GitHub Release を起点として,その後ろにパッケージレジストリへの publish をぶら下げる構成です。ところが,2025 年に GitHub の Immutable Rele...
10時間前

Spot birds not golf Simon Willison's Weblog
<p>Suggestion for hyperscalers feeling pressure over data center water use:</p><p>Buy up a few exclusive country clubs, convert the golf courses into public parks, pay for guides and binoculars to get the previous members into birdwatching - help them embrace a more sustainable hobby!</p><p>Google <a href="https://sustainability.google/reports/google-2026-environmental-report/">used 10.9 billion gallons in 2025</a>, so about 30 million gallons per day.&...
12時間前

Runtime logs now show cache reasons
Vercel News
Runtime logs now show a Cache Reason explaining why a request wasn't a fresh cache hit, for example a time-based or tag-based revalidation. Use cache reasons to debug misses and improve your hit rate.Cache reasons appear for any response the CDN can cache, including ISR, Partial Prerendering, and functions that set a header with directives like . Responses rendered dynamically on every request don't have a cache reason.Cache-Controlstale-while-revalidateOpen the Logs tab and select a request to
14時間前

Chat SDK adds native Slack agent support
Vercel News
You can now build native Slack agents with Chat SDK's .Slack adapterThe adapter supports the full Slack agent messaging experience, from agent conversations in the Messages tab to suggested prompts, rotating status messages, token-by-token streamed replies, and native feedback buttons.Here's what the adapter gives you:One thing to know: under , Slack threads each user message individually, so channel history only returns the user's side of a DM. Use to build AI conversation history instead.agent
15時間前

Lumis: Syntax Highlighter powered by Tree-sitter
Master.dev Blog RSS Feed
Lumis looks like a pretty sweet new syntax highlighter tool. Powered by Tree-sitter, of which I can vouch for its speed and power. I like how many runtimes it supports, almost encouraging server-side use, which is the best place for the job when you can pull it off.
15時間前

Firefox in WebAssembly Simon Willison's Weblog
<p><strong><a href="https://developer.puter.com/labs/firefox-wasm/">Firefox in WebAssembly</a></strong></p>This is absurdly cool: Puter compiled Firefox to WebAssembly such that the whole browser runs in another browser.</p><p>Here's my blog, running in Firefox, running in WebAssembly, running in Chrome:</p><p><img alt="A Chrome window. The tab has the Firefox UI and has loaded my blog. On the right is the Chrome network panel showi...
16時間前

Kimi K3, and what we can still learn from the pelican benchmark Simon Willison's Weblog
<p>Chinese AI lab Moonshot AI <a href="https://www.kimi.com/blog/kimi-k3">announced Kimi K3</a> this morning, describing it as their "most capable model to date, with 2.8 trillion parameters". It's currently available via their website and API, but an open weight release is promised "by July 27, 2026".</p><p>Moonshot are calling this the first "open 3T-class model" (I guess they're rounding 2.8 trillion up to 3 trillion), taking the crown from <a href="https://h...
19時間前

Quoting Thibault Sottiaux Simon Willison's Weblog
<blockquote cite="https://twitter.com/thsottiaux/status/2077630111499882637"><p>On file deletions. We’ve investigated a handful of reports where GPT-5.6 unexpectedly deleted files. </p><p>What we have found is that this most commonly occurs when:</p><ul><li>Full access mode is enabled and codex is run without sandboxing protections, including without auto review being enabled</li><li>The model attempts to override the $HOME env var to define...
21時間前

Inkling: Our open-weights model Simon Willison's Weblog
<p><strong><a href="https://thinkingmachines.ai/news/introducing-inkling/">Inkling: Our open-weights model</a></strong></p>Mira Murati's Thinking Machines Lab just released their first open-weights model. Inkling is "a Mixture-of-Experts transformer with 975B total parameters, 41B active" - an Apache-2.0 licensed multimodal model trained on 45 trillion tokens of text, images, audio and video.</p><p>They're also promising Inkling-Small, a 276B (12B...
1日前

Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping
Socket
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.
1日前
7/16 (木)

Mermaid to ASCII art (mermaid-ascii) Simon Willison's Weblog
<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/mermaid-ascii">Mermaid to ASCII art (mermaid-ascii)</a></p> <p>After building the <a href="https://simonwillison.net/2026/Jul/16/grok-mermaid/">Mermaid to ASCII tool based on Grok Build's Rust code</a> I learned that there's an older, more fully-featured Go library called <a href="https://github.com/AlexanderGrooff/mermaid-ascii">AlexanderGrooff/mermaid-ascii</a> ...
1日前

Quoting Linus Torvalds Simon Willison's Weblog
<blockquote cite="https://lore.kernel.org/linux-media/CAHk-=wi4zC+Ze8e+p3tMv8TtG_80KzsZ1syL9anBtmEh5Z40vg@mail.gmail.com/"><p>I realize that some people really dislike AI, but this is an area where I'm willing to absolutely put my foot down as the top-level maintainer.</p><p>Linux is not one of those anti-AI projects, and if somebody has issues with that, they can do the open-source thing and fork it.</p><p>Or just walk away.</p><p>AI is a tool, j...
1日前

Use cases for aria-expanded
Piccalilli - Everything
Communication can be difficult. Not only when we humans try to communicate with one another, but also in web development.While it is easy for sighted people with full mental and motor abilities to click a button with a mouse to display more information, users of Assistive Technology (AT) may have a completely different experience with the same action.The information an expandable button conveys to AT depends heavily on the context. This context also dictates which ARIA attributes should (or shou
1日前

Benchmarking 13 AI models on rediscovering known CVEs
Aikido Security's Blog
We tested 13 AI models against 26 known CVEs to see which finds the most vulnerabilities — and whether the priciest model is worth the cost.Category: Technical
1日前

Unified Logs is now in open beta
Supabase Blog
One searchable view for logs across every Supabase service, with live tail, filtering, and a timeline.
1日前

非エンジニアのサポート担当者がCodex + Datadogでログ調査できるようになった話
LegalOn Technologies Engineering Blog
はじめに LegalOn Technologies でCRE 兼 カスタマーリレーショングループリーダーの長内(@Nick)です。 現在私は、CREとして業務を行いながら、ユーザーサポートメンバーのマネジメントを担当しています。今回のブログでは、非エンジニアのユーザーサポートチームが、Codexを利用したログ調査を自ら行うようになり、一次対応のスピード向上と開発部門の負担軽減を両立できた話をお伝えします。 非エンジニアメンバーを率いるマネージャーの方や、社内のAI活用を推進したいエンジニアの方の参考になれば幸いです。 (久しぶりのEngineering Blogになりますが、以前公開したこちら…
2日前

Next.js moves to scheduled security releases
Socket
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.
2日前

将棋の編入試験の「いいとこ取り」は最長 26 局で十分
まめめも
問題 将棋の編入試験の受験資格に、「いいところ取りで 10 勝以上、勝率 65% 以上」という基準があります。 プロ棋士でない人が(任意の)プロ棋士と対戦した履歴の中で、勝利が 10 個以上、かつ、勝率が 65% 以上であるような「連続範囲」を切り出すことができれば(=いいとこ取り)、編入試験を受ける資格が得られるというものです 1 。 この「いいとこ取り」、どうやっていいところを取ればいいでしょうか。 非常に長い連続範囲を切り出すことで条件を満たせる可能性を考えると、どこまで計算すればいいのか自明でないと思います。 つまり、「苦節 20 年、ついに 65 勝 35 敗で編入試験の受験資格を獲…
2日前

Runtime Security for Third-Party GitHub Actions Runners: Bitrise, Blacksmith, Depot, Namespace, and Warp
Step Security Blog
Harden-Runner secures third-party GitHub Actions runners. Bitrise macOS runners join Blacksmith, Depot, Namespace, and Warp Build with v2.20.0
2日前

Harden-Runner Block Mode Now Available for macOS and Windows GitHub-Hosted Runners
Step Security Blog
Harden-Runner v2.20.0 extends egress block mode to macOS and Windows GitHub-hosted runners, so you can stop secret exfiltration on every OS your pipelines run on, not just observe it.
2日前

Introducing Device Policy: Enforce Approved VS Code Extensions Across Your Fleet
Step Security Blog
Device Policy lets security teams allow-list VS Code extensions and enforce it fleet-wide through Intune, Jamf, Kandji, or the DMG agent. No MDM required.
2日前
Coordinated AsyncAPI Supply Chain Attack: Miasma RAT Delivered via Compromised CI/CD Pipelines in Two Repositories
Step Security Blog
On July 14, 2026 at 07:10 UTC, three packages in the AsyncAPI generator monorepo (@asyncapi/[email protected], @asyncapi/[email protected], and @asyncapi/[email protected]) were published to npm carrying an obfuscated dropper that fires the moment the library is loaded, not on install. The packages were published through the project's own legitimate GitHub Actions release workflow and carry valid npm OIDC provenance attestations, because the attacker didn't steal an npm token: they
2日前

Introducing Secret Exfiltration Protection for GitHub Actions
Step Security Blog
StepSecurity now blocks and detects secret exfiltration in GitHub Actions, stopping attacks that plant malicious workflows to steal your repository secrets.
2日前

Mermaid to Unicode box art (grok-mermaid) Simon Willison's Weblog
<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/grok-mermaid">Mermaid to Unicode box art (grok-mermaid)</a></p> <p>While <a href="https://simonwillison.net/2026/Jul/15/grok-build/">exploring the codebase</a> for the newly open-sourced Grok CLI coding agent I came across <a href="https://github.com/xai-org/grok-build/blob/b189869b7755d2b482969acf6c92da3ecfeffd36/crates/codegen/xai-grok-markdown/src/mermaid.rs">xai-gro...
2日前

Astro 7.1
The Astro Blog
Astro 7.1 is about more control: CSP, pagination, dev server, and content collections.
2日前

Automating ESLint migrations with Codemod
ESLint Blog
We are excited to announce a partnership between ESLint and Codemod to create a better migration experience for ESLint users, starting with the ESLint v8 to v9 and v9 to v10 migrations. All official ESLint codemods live in eslint/codemods and on the Codemod Registry. Community members are encouraged to open issues for missing codemods or contribute new ones through pull requests. Once reviewed and merged by maintainers, codemods are automatically published to the Codemod Registry through GitHub
2日前

Write utilization now available in ISR Observability
Vercel News
The now shows subscribers a write utilization metric, helping identify routes that regenerate often but receive few requests. Write utilization is the ratio of cached requests to ISR writes. For routes with low write utilization, consider increasing the revalidation interval or switching to on-demand revalidation to reduce costs.ISR Observability pageObservability PlusYou can also compute write utilization using the Vercel CLI, or use agents with the skill to investigate.cdn-cachingLearn more ab
2日前

Kimi K3 is now available on AI Gateway
Vercel News
is now available on AI Gateway.Kimi K3 from Moonshot AIK3 is an open-source model with a 1M-token context window and native visual understanding, accepting text, image, and video inputs.Built for long-horizon software engineering, knowledge work, and deep reasoning, K3 is especially strong where code meets visual and spatial reasoning, which suits frontend, game development, and CAD workflows. Thinking mode is always on.To use Kimi K3, set to in the :modelmoonshotai/kimi-k3AI SDKAI Gateway provi
2日前

xai-org/grok-build, now open source Simon Willison's Weblog
<p><strong><a href="https://github.com/xai-org/grok-build">xai-org/grok-build, now open source</a></strong></p>xAI's <code>grok</code> CLI tool faced severe community backlash yesterday when it became apparent that running the command in a directory could upload that <em>entire directory</em> to xAI's Google Cloud buckets. One user <a href="https://x.com/a_green_being/status/2076598897779020159">reported</a> running it in t...
2日前

Lessons Learned Rewriting a Sticky Detector
Master.dev Blog RSS Feed
A dozen years go by, it turns out we can do things a lot differently and a lot better. Here a `scroll` event is entirely replaced by HTML and CSS features and much better performance.
2日前

pointer-events
CSS-Tricks
The pointer-events property controls whether an element can become the target of pointer events like clicks, hover states, and other pointer-based events. In other words, it lets you decide whether the browser should treat an element as interactive when the …pointer-events originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.
2日前

GitHub for Beginners: Your roadmap to mastering the GitHub essentials
The GitHub Blog
New to GitHub? This beginner's guide explains version control, repositories, and pull requests—plus everything else you need to start working confidently on GitHub.The post GitHub for Beginners: Your roadmap to mastering the GitHub essentials appeared first on The GitHub Blog.
2日前
7/15 (水)

What’s !important #15: Boundary-aware CSS, Time-based CSS, Full-bleed CSS, and More
CSS-Tricks
Read all about boundary-aware CSS, accessible grid lanes, time-based web designs, full-bleed, the customizable select, and new web platform features.What’s !important #15: Boundary-aware CSS, Time-based CSS, Full-bleed CSS, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.
2日前

How I tricked Claude into leaking your deepest, darkest secrets Simon Willison's Weblog
<p><strong><a href="https://www.ayush.digital/blog/the-memory-heist">How I tricked Claude into leaking your deepest, darkest secrets</a></strong></p>I've <a href="https://simonwillison.net/2025/Sep/10/claude-web-fetch-tool/">been impressed</a> by the way the Claude <code>web_fetch</code> tool is designed to avoid data exfiltration attacks. Ayush Paul found a hole in that design.</p><p>To recap: regular Claude chat is at ris...
2日前

No, People Don’t Want More AI In Their Life
Articles on Smashing Magazine — For Web Designers And Developers
Many companies assume everyone craves new AI features. But the reality is that most people don't want more AI — at least not in the way most AI leaders envision it. Brought to you by Design Patterns For AI Interfaces, **friendly video courses on UX** and design patterns by Vitaly.
2日前

How Speechify serves 500,000 dynamic pages to 60 million users on Vercel
Vercel News
Speechify on Vercel500,000+ pages served across 40+ languagesCut costs 50% by auto-scaling with Fluid computeZero user impact on bad deploys with Instant Rollbacks started as a tool for people with dyslexia. Cliff Weitzman, Founder & CEO, built it because reading was challenging and audio made it much easier. That initial use case led Speechify to tens of millions of users and an for inclusion. SpeechifyApple Design Award The product has since grown into something much larger: an AI work pla...
2日前

個人でのAI活用の次に必要なものは何か──LINEヤフーでAIDD Workshopを開催して見えた、組織導入の条件 LINEヤフー Tech Blog (LY Corporation Tech Blog
こんにちは、井上です。LINEヤフーではこれまで、AI活用スキル向上ワークショップ「Orchestration Development Workshop(ODW)」を通じて、個人がAIを使いながら開発...
3日前

FixCSS
Master.dev Blog RSS Feed
There is a famous document from the CSS Working Group that lists the historical mistakes in the design of CSS. It contains stuff like how box-sizing: border-box; should have been the default, which is why a lot of us still put that in starter stylesheets. Declan Chidlow took a step I’ve never seen anyone take […]
3日前

Contract-Driven Development: Write the Truth Once
Ben Howdle
At some point in every codebase's life, you fix the same bug three times in one afternoon. Once in the TypeScript type. Once in the resolver. Once in the validation layer. Three commits, three little green ticks, an exhale-laden sense of accomplishment - and then, somewhere around the third coffee, the sinking realisation that the bug was never actually in the code. The bug was that the truth is fragmented across three places, and truths kept in three places do what all unsupervised triplets eve
3日前

AI × Judgment × Taste = Mega Software
@dlhck — David Höck
AI makes producing software easier than ever. The products that stand out will be shaped by judgment, taste, and a clear opinion about whom they serve.
3日前

Vercel Connect support in GitHub Tools
Vercel News
now has first-class support for through the new subpath. Instead of storing a long-lived personal access token, your agent mints short-lived, scoped GitHub tokens at runtime from a connector. There is no secret to store, rotate, or leak.GitHub ToolsVercel Connect@github-tools/sdk/connectAttach a GitHub connector to your project and pick a preset:For custom tool factories, returns a lazy token provider you can pass to directly.connectGithubTokencreateGithubToolsGet started by creating a and readi
3日前

Faster, predictable project linking in the Vercel CLI
Vercel News
The now resolves your team before discovering projects, then searches for projects only in that team instead of sweeping every team you belong to. Linking is faster and more predictable, and every command that establishes a link (, , , , and ) follows the same flow:Vercel CLIvercel linkdeploypulldevgit connectFor CI and agent workflows, setting and makes fully promptless, while or settles the team on any command. When more than one team is available and no signal is set, non-interactive commands
3日前

Inkling from Thinking Machines is now available on AI Gateway
Vercel News
is now available on AI Gateway.Inkling from Thinking MachinesInkling is a broad generalist model, trained across agentic, reasoning, coding, instruction-following, factuality, vision, and audio tasks rather than optimized for a single domain. The model also supports controllable thinking effort.To use Inkling, set to in the :modelthinkingmachines/inklingAI SDKAI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and performance optimiza
3日前

Vercel Workflows trace viewer now has a minimap
Vercel News
The trace viewer for now has a minimap that shows the entire run in one view.Vercel WorkflowsDrag the viewport to pan, resize it to zoom, or drag across the minimap to select a new section. Click anywhere on the minimap to jump to that point, or scroll and use arrow keys to step through the run.The minimap is available in the trace viewer on Vercel and locally through the Workflow SDK with . Learn more about and the .npx workflow@beta webVercel WorkflowsWorkflow SDKRead more
3日前

Chat SDK adds Discord Components V2 support
Vercel News
You can now send Discord bot messages with , an opt-in layout system that treats text, images, files, and buttons as flexible components you can arrange in any order.Components V2Set the adapter's option to and cards render with native containers, sections, media galleries, separators, buttons, and string selects. Embeds remain the default, so existing bots work unchanged.contentFormatComponentsV2Individual sections can carry their own actions, markdown renders correctly inside components, and t
3日前

Implement Website Best Practices With Lighthouse
DebugBear Blog
A guide to every audit in Lighthouse's Best Practices category and how to fix failures in order to reach a score of 100.
3日前

Nx 23.1 Is Here: Per-Run Performance Reports, TypeScript 6, and Angular 22
Nx Blog
Everything that landed in Nx 23.1: a performance report at the end of every run, TypeScript 6, Angular 22 support, mouse support in the terminal UI, and more flexible target defaults.
3日前

Quoting GitHub Changelog Simon Willison's Weblog
<blockquote cite="https://github.blog/changelog/2026-07-14-dependabot-version-updates-introduce-default-package-cooldown/"><p>Dependabot now waits until a new release has been available on its registry for at least three days before opening a version update pull request. This cooldown is now the default and requires no configuration.</p></blockquote><p class="cite">&mdash; <a href="https://github.blog/changelog/2026-07-14-dependabot-version-updates-introduce...
3日前

simonw/pedalican Simon Willison's Weblog
<p><strong><a href="https://github.com/simonw/pedalican">simonw/pedalican</a></strong></p>Clearly I wasn't paying attention when these were <a href="https://twitter.com/OpenAIDevs/status/2050301642717950166">first announced</a> back in May, but today I accidentally activated a "pet" in Codex Desktop - a little animated robot, reminiscent of <a href="https://en.wikipedia.org/wiki/Office_Assistant">Clippy</a> - and then learned you can c...
3日前

11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
Socket
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
3日前

lobste.rs is now running on SQLite Simon Willison's Weblog
<p><strong><a href="https://lobste.rs/s/ko1ji1/lobste_rs_is_now_running_on_sqlite">lobste.rs is now running on SQLite</a></strong></p>Community site <a href="https://lobste.rs">Lobsters</a> has been planning a migration away from MariaDB <a href="https://github.com/lobsters/lobsters/issues/539#issuecomment-4959857588">since August 2018</a> - originally targeting PostgreSQL, but last year they decided to <a href="https://github.com/l...
3日前

Quoting Armin Ronacher Simon Willison's Weblog
<blockquote cite="https://lucumr.pocoo.org/2026/7/13/the-tower-keeps-rising/"><p>The shared language of a software project is not English or Python but it is the common understanding of what its concepts mean, where the boundaries are, which invariants matter, who owns what, and why the system has the shape it does. This language is rarely written down in one place. It lives partly in documentation and code, but also in code review, conversations, arguments, and the experience of ha...
3日前

datasette 1.0a37 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a37">datasette 1.0a37</a></p> <p>A minor release. Performance and <a href="https://docs.datasette.io/en/latest/authentication.html#authentication-permissions-explained">documentation</a> improvements to the permissions system, plus I reverted a cosmetic API change which caused almost every existing plugin test suite to break.</p> <p>Tags: &l...
3日前
7/14 (火)

The practical checklist for defending against supply chain attacks
Aikido Security's Blog
Thirty prioritized defenses against the recent wave of software supply chain attacks. Graded critical, high, or medium. Category: Guides & Best Practices
3日前

A broken DNSSEC rollover took down .al. Now 1.1.1.1 tells you when validation is bypassed
The Cloudflare Blog
When a failed DNSSEC key rollover took down the .al TLD, we deployed a Negative Trust Anchor to restore resolution. This time, though, clients didn't have to take our word for it: 1.1.1.1 returned EDE 33, a new DNS error code that signals directly in the response that DNSSEC validation was bypassed.
3日前

Speeding Up Checkout in a Fast-Growing Monorepo with Blacksmith
Nicolas Charpentier's Blog
We swapped actions/checkout for Blacksmith's cached checkout across our GitHub Actions. Mean checkout time dropped from 69s to 20s, reclaiming ~33 hours of runner time each weekday.
3日前

AsyncAPI npm packages backdoored via GitHub Actions
Aikido Security's Blog
Five package versions, including specs at roughly 2 million weekly downloads, shipped an obfuscated dropper on 2026-07-14. Here is what we have confirmed so far.Category: Vulnerabilities & Threats
3日前

Compromised npm Packages in the AsyncAPI Namespace Deliver Miasma Botnet Loader
Socket
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.
3日前

ID-JAG The Hard Way:失敗から学ぶAIエージェントのセキュリティハンズオン LINEヤフー Tech Blog (LY Corporation Tech Blog
こんにちは。LINEヤフー株式会社で認証・認可基盤「Athenz」の開発・運用を担当している金 廷祐(Kim, Jeongwoo)です。前回の記事「AI時代の認証課題を解決する次世代標準候補「ID-J...
4日前

Using uvx in GitHub Actions in a cache-friendly way Simon Willison's Weblog
<p><strong>TIL:</strong> <a href="https://til.simonwillison.net/github-actions/uvx-github-actions-cache">Using uvx in GitHub Actions in a cache-friendly way</a></p> <p>I finally found a cache-friendly recipe for using <code>uvx tool-name</code> in GitHub Actions workflows that I like.</p><p>The trick is setting a <code>UV_EXCLUDE_NEWER: "2026-07-12"</code> environment variable at the start of the workflow and then usi...
4日前

The joy of Inertia Rails: painting your own with 50 happy little lines
Evil Martians
Inertia is Turbolinks with one twist: render JSON instead of HTML on the second visit. We rebuild the whole protocol on a real Rails app with a 50-line client and a 16-line server, then audit what the real gem adds on top.
4日前

Vercel Blob now supports consistent reads on private storage
Vercel News
now supports consistent reads on private storage. Pass to or for a read that reflects the latest write.Vercel BlobuseCache: falseget()presignUrl()A blob written to a fresh pathname has no existing cached entry, so reads reflect the latest write immediately. When you overwrite a blob at an existing pathname, readers might see the cached version for up to 60 seconds. When a read must reflect the latest write, like an agent's memory file, a session transcript, or a scheduled JSON report, pass . The
4日前

Vercel Plugin now available in VS Code and GitHub Copilot CLI
Vercel News
The is now available in VS Code and the GitHub Copilot CLI.Vercel PluginGitHub Copilot now has Vercel platform knowledge on demand, with skills for Next.js, AI SDK, Vercel Functions, and more. The Vercel plugin also helps Copilot stay up to date with the latest Vercel APIs and recommended patterns.To install it for Copilot Chat, search for in the Extensions panel in VS Code.@agentPlugins vercelTo install it for the GitHub Copilot CLI, run .npx plugins add vercel/vercel-pluginLearn more in the .V
4日前

Node.js 20 is being deprecated on October 1, 2026
Vercel News
Following the Node.js 20 end of life on April 30, 2026, we are deprecating Node.js 20 for Builds and Functions on October 1, 2026.How can I see which of my projects are affected?You can see which of your projects are affected by this deprecation with:Will my existing deployments be affected?No, existing deployments with Serverless Functions Invocations to already-deployed functions will continue to work normally. Only new deployments will be affected.will not be affected.When will I no longer be
4日前

Endform joins the Vercel Marketplace
Vercel News
is now available on the . It runs your Playwright tests in parallel, so your suite finishes in the time of your slowest test.EndformVercel MarketplaceKey capabilities:Install Endform on the or with the Vercel CLI: .Vercel Marketplacevc i endformRead moreRun every test on its own isolated machineBring your existing Playwright tests with no config changesGet a pass/fail on every production and preview deployment, linked to full traces in the Endform dashboardcheckSpot flaky tests by tracking resul
4日前

AgentMail joins the Vercel Marketplace
Vercel News
You can now provision and manage directly from the Vercel Marketplace. AgentMailYour AI agents can send, receive, and respond to email from a real inbox. AgentMail handles the mail servers and deliverability.Key capabilities:Install AgentMail on the or with the Vercel CLI: .Vercel Marketplacevc i agentmailRead moreProvision inboxes and custom domains through the APIHandle threads, attachments, and deliverability out of the boxTrigger agentic workflows using webhooks and WebSockets
4日前

Chat SDK adds X adapter support
Vercel News
Chat SDK now supports X, extending its single-codebase approach to Slack, Discord, GitHub, Teams, Telegram, and WhatsApp with the new .X adapterTeams can build bots that reply to public mentions and hold direct message conversations through the X API v2 and the . The adapter handles CRC verification and webhook signature checks automatically and can manage OAuth token refresh for long-running bots.X Activity APILikes are the only supported reaction, and responses post once on completion since X
4日前

Access and share AI Gateway leaderboard data
Vercel News
We are making the data behind the open under the . You can now download or query the data through the API endpoint and render any chart as a shareable image.AI Gateway leaderboardsCC BY 4.0 licenseleaderboard-exportThe AI Gateway leaderboards show how AI is used in production, ranking traffic for models, labs, apps, and providers. Data is aggregated daily across trillions of tokens, so you can see what gets adopted and how that changes over time. For deeper analysis, see the .July AI Gateway Pro
4日前

DOOMQL Simon Willison's Weblog
<p><strong><a href="https://github.com/petergpt/doomql">DOOMQL</a></strong></p>Peter Gostev built this using GPT-5.6 Sol. This is a <em>lot</em> of fun: </p><blockquote><p>DOOMQL started with a deliberately unreasonable question: what if SQLite were the game engine, not merely the place where a game stores data?</p><p>The result is a small, original Doom-like game in which SQL owns movement, collision, enemies, combat...
4日前

How Aikido Intel detects malware and vulnerabilities first
Aikido Security's Blog
Aikido Intel is a real-time feed that catches malware and undisclosed vulnerabilities across open-source ecosystems, often within 8 minutes of release.Category: Product & Company Updates
4日前

datasette code-frequency chart on GitHub Simon Willison's Weblog
<p><strong><a href="https://github.com/simonw/datasette/graphs/code-frequency">datasette code-frequency chart on GitHub</a></strong></p>Out of curiosity I decided to see if I could find a useful illustration of the impact of coding agents and Opus 4.5 class models on my own output. The best I've found so far is this GitHub chart of frequency of code changes to my <a href="https://datasette.io/">Datasette</a> open source project:</p><p>...
4日前

In-N-Out Animation using sibling-index()
Master.dev Blog RSS Feed
Temani mimics a View Transition by placing items using their index and translations. The placement calculation change when the index changes, which is an animation opportunity!
4日前

What is a dependency firewall?
Aikido Security's Blog
A dependency firewall blocks malicious open-source packages before they install. Learn how they work and how Aikido Safe Chain stops supply chain attacks. Category: Guides & Best Practices
4日前
7/13 (月)

Introducing Precursor: detecting agentic behavior with continuous client-side signals
The Cloudflare Blog
Precursor, our new continuous behavioral validation engine for bot management, offers visibility into how humans and bots actually interact across the full user journey. By turning session-level behavior into bot detection signals, it identifies advanced automation with higher precision — while reducing friction for legitimate users.
4日前

Open-weight models surge to 29% of volume, price per token flattens
Vercel News
AI Gateway Production Index — July 2026 Every month, routes tens of trillions of tokens between production applications and AI labs, giving us a view of what AI usage actually looks like in today’s enterprise. We publish that view here. See the Production Index reports published in and .AI GatewayMayJuneThe July index reports on AI Gateway data collected in June 2026. In June, token volume and spend grew at nearly the same rate, 29% and 27%, while the price per token remained steady. The month b
4日前

AI 時代に増え続ける「作業状態の管理負荷」を、GTD × AI エージェントで軽くする LINEヤフー Tech Blog (LY Corporation Tech Blog
LINE アプリ開発に携わっている Hiraki と申します。普段は、LINE アプリにおけるアーキテクチャの統一を推進するプロジェクトのリードや、AI ネイティブな開発スタイルを業務に組み込むための...
5日前

How to maintain code quality standards with AI code and vibe coding
Aikido Security's Blog
Vibe coding ships features fast and leaves review debt behind. See how benchmarked, per-rule code quality checks give teams one consistent answer across PRs and repos.Category: News
5日前
Agent Runs now show subagent activity on eve projects
Vercel News
You can now inspect subagent activity for eve projects in . Agent RunsThe new Subagents tab shows every subagent, organized by which turn started it. Each row shows the prompt, duration, and any failures, all on a shared timeline.Click any subagent to open its run. The tab shows the same details as a parent run: turns, tool calls, metadata, cost, and token usage.Open to try it, or read the to learn more.Agent RunsdocumentationRead more
5日前

Manage Vercel Flags targeting rules from the CLI
Vercel News
You can now manage targeting rules for through the . With the command, you and your agents can add new rules, move existing ones, and inspect the current ordering without leaving your terminal.Vercel FlagsVercel CLIvercel flags rulesRules you create from the CLI use the same model as the dashboard. Conditions can target or reusable , outcomes can serve a single variant, a weighted split, or a progressive rollout, and rules evaluate top to bottom. For scripts and agents, prints the full rule set.
5日前

Configure which sources can create deployments with Deployment Policies
Vercel News
Deployment Policies are now available and enable teams to restrict which mechanisms, organizations, and repositories are allowed to create deployments.Each policy can be configured per environment at the team and project level, allowing flexible combinations of rules.Learn more about .Deployment PoliciesRead more
5日前

Web Analytics and Speed Insights are now more cost-efficient
Vercel News
and are now almost 10% more cost-efficient for all Pro and Enterprise teams.Web AnalyticsSpeed InsightsInfrastructure and event-processing improvements reduced cost across both products, so page views, referrers, top routes, and Core Web Vitals are now processed more efficiently, and savings scale with your event volume.The change applies automatically, with no configuration, plan changes, or code to update. You'll see the change reflected on your next bill.Learn more in the and documentation.We
5日前

Directly Responsible Individuals (DRI) Simon Willison's Weblog
<p><strong><a href="https://handbook.gitlab.com/handbook/people-group/directly-responsible-individuals/">Directly Responsible Individuals (DRI)</a></strong></p>I went looking for a definition of "Directly Responsible Individuals" and the best I found was in the GitLab handbook. Apparently the term originated at Apple, where it's used to describe the person who is "ultimately accountable for the success or failure of a specific project, initiative, or activity...
5日前

shot-scraper 1.11 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/shot-scraper/releases/tag/1.11">shot-scraper 1.11</a></p> <p>Some minor improvements, mainly around command option consistency and making the <code>server:</code> mechanism <a href="https://shot-scraper.datasette.io/en/stable/multi.html#running-a-server-for-the-duration-of-the-session">used by</a> both <code>shot-scraper video</code> and <code>shot-...
5日前

Fable gets another bump Simon Willison's Weblog
<p>One of the consequences of GPT-5.6 Sol being clearly a Fable/Mythos class model is that Anthropic have, once again, <a href="https://x.com/claudeai/status/2076351399999557669">bumped the date</a> that Fable stops being available in their Claude Max plans:</p><blockquote><p>We're extending Claude Fable 5 access on all paid plans, as well as keeping Claude Code’s weekly rate limits 50% higher, through July 19.</p><p>As before, you can use up to h...
5日前

sqlite-utils 4.1.1 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.1.1">sqlite-utils 4.1.1</a></p> <p>Mainly a fix for an edge case that regular Claude chat spotted while <a href="https://claude.ai/share/564b187d-d126-47ea-9b59-07c16ade0b70">experimenting with the 4.1 release</a> to answer a question about ON DELETE.</p><blockquote><ul><li><code>table.transform()</code> now raises ...
5日前

jscrambler npm package publishes malicious preinstall binary
Step Security Blog
On July 11, 2026, version 8.14.0 of jscrambler was published to npm carrying a malicious preinstall hook that drops and executes a platform-specific native binary on Linux, Windows, and macOS. jscrambler is the official CLI client for the Jscrambler Code Integrity API, a commercial JavaScript obfuscation and web-app protection service, with a clean version history dating back to 0.1.0. The compromised release was flagged by StepSecurity's AI Release Analyzer with a suspicion score of 0 (the maxi
5日前

Injective npm Supply Chain Attack: 18 Packages Backdoored to Steal Crypto Wallet Keys
Step Security Blog
On July 8, 2026, attackers used access to a trusted developer's account to slip a backdoor into a widely used software development kit for the Injective blockchain. Disguised as harmless analytics, the code quietly captured wallet recovery phrases and private keys and sent them to an attacker-controlled server the moment a wallet was created or loaded. Automatic publishing pushed the tainted code out to 18 related packages within minutes, and it stayed live for less than an hour before being pul
5日前

GitHub Secret Scanning Public Monitoring for Enterprises: Coverage and Gaps
Step Security Blog
GitHub's new public monitoring finds your enterprise's leaked secrets anywhere on github.com. Here is what it covers, what it cannot see, and how to close the exfiltration gap
5日前
7/12 (日)

sqlite-utils 4.1 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.1">sqlite-utils 4.1</a></p> <p>The first dot-release since <a href="https://simonwillison.net/2026/Jul/7/sqlite-utils-4/">4.0 a few days ago</a>, introducing a number of minor new features.</p><blockquote><ul><li><code>sqlite-utils insert</code> and <code>sqlite-utils upsert</code> now accept a <code&...
6日前

jscrambler npm Package Compromised in Supply Chain Attack
Socket
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
6日前

The Siren Song of ariaNotify()
Master.dev Blog RSS Feed
Mat Marquis details the good-and-dangerous of a new method which we can just make a screenreader say something. There’s a brand new ariaNotify() method — defined by the Accessible Rich Internet Applications (WAI-ARIA) 1.3 Specification — that provides you with a means of programmatically triggering narration in a screen reader. It accepts a string as its first argument, and […]
6日前
7/11 (土)

Next.js の Instant Navigations を試してみた
azukiazusa のテックブログ2
Next.js 16.3 Preview では、Instant Navigations という新機能が導入されました。画面遷移で即時表示できない箇所を開発時に検出し、修正を促すための機能です。この記事では Instant Navigations を実際に試してみた様子を紹介します。
7日前

Prefer STRICT tables in SQLite Evan Hahn (dot com)
In short: I prefer strict tables in SQLite because they avoid some datatype problems, such as putting text in number columns.SQLite has a feature that I think is underrated: strict tables. Strict tables help enforce rigid typing, preventing mistakes like putting text into integer columns. I like them, and wrote this post to promote their use!To make a strict table, add STRICT to the end of its definition. Like this:-CREATE TABLE people (name TEXT);+CREATE TABLE people (name TEXT) STRICT;That’s i
7日前

Seedream 5.0 Pro is now available on AI Gateway
Vercel News
Seedream 5.0 Pro is now available on .AI GatewaySeedream 5.0 Pro is an image generation and editing model. It generates images from text, rendering text without spelling errors and following typographic rules, and produces dense infographics with charts, timelines, and layouts alongside realistic imagery.To use Seedream 5.0 Pro, set to in the :modelbytedance/seedream-5.0-proAI SDKAI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and
7日前

Quoting Nilay Patel Simon Willison's Weblog
<blockquote cite="https://youtu.be/v4vkwUf4AMw?t=2427"><p>The reality is to make augmented reality glasses, you need to put a camera next to your eyes that is continuously recording everything you see and processing that to put information over it.</p><p>There is not another way around it. And there's certainly not a chip that can fit in the stem of a glasses that is both powerful enough and power miserly enough to do that in real time.</p><p>You have to send...
7日前

Better tools made Copilot code review worse. Here’s how we actually improved it.
The GitHub Blog
How migrating Copilot code review to shared Unix-style code exploration tools reduced review cost by reshaping agent workflows around pull request evidence.The post Better tools made Copilot code review worse. Here’s how we actually improved it. appeared first on The GitHub Blog.
7日前

Traces now support Tree and Waterfall views
Vercel News
now support Tree and Waterfall views. See span hierarchy, critical path, and timing without leaving the log entry.Traces in Vercel LogsThe Tree view groups spans by parent and child. On load, spans are sorted by duration so the slowest appear first.The Waterfall view places every span on one chronological axis, showing what ran in parallel and where time was lost.Read the to learn more.Tracing documentationRead more
7日前









