STORES エンジニアの morihirok です。 先日サポーターズさん主催の勉強会「技育CAMPアカデミア」にて、学生の皆様に向けてSTORES社が講義をさせていただきました。 テーマは「『なぜ今 Rails を学ぶべきなのか』Ruby on Rails から学ぶ Web アプリケーション開発実践」ということで Ruby と Ruby on Rails についていろいろな切り口からお話をさせていただきまして、私も「Ruby on Rails の楽しみ方」と題して Ruby on Rails がWebアプリケーション開発の歴史においてどのような意味を持ち、どのように学び、楽しむとよいかとい…

Background If you’re new to scroll-driven animations, welcome!

Background If you’re new to scroll-driven animations, welcome!

Safari Technology Preview Release 223 is now available for download for macOS Tahoe and macOS Sequoia.

Safari Technology Preview Release 223 is now available for download for macOS Tahoe and macOS Sequoia.

CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.

Ensuring quality code suggestions from Copilot goes beyond the perfect prompt. Context is key to success when working with your AI pair programmer.The post Beyond prompt crafting: How to be a better partner for your AI pair programmer appeared first on The GitHub Blog.

You can now install directly from the Vercel Marketplace to quickly build reliable background jobs and AI workflows for your Next.js app.InngestInngest is a great fit to add AI features or emerging agentic patterns to your Vercel projects:Start building workflows with on the Vercel Marketplace . InngesttodayRead moreWrite background jobs directly in your `app/` directoryFull support for preview environments and branchingOne-click install and integrated billing with a generous free tier (100K exe

The v0 Platform API is now available in public beta. The v0 Platform API is a text-to-app API — it provides programmatic access to v0’s app generation pipeline:This API also supports programmatic control of v0.dev, including creating and managing both chats and projects. We'll be bringing more of v0.dev's functionality into the Platform API soon. The v0 Platform API is designed for integration into development workflows, automation scripts, and third-party tools.Check out our and to get started.

You can now control Vercel’s Web Application Firewall (WAF) actions directly in , alongside existing support in the dashboard, API, and terraform.vercel.jsonThe and matchers have also to support more expressive conditions across headers, rewrites, redirects, and routes. Matching options include:hasmissingbeen enhancedThe following example shows how to deny a request that is prefixed by a specific header:Read more about and .Vercel's WAFconfiguring WAF rules in vercel.jsonRead moreString equality

Josh Comeau does a great job with beginner-friendly explanations of important concepts, and Promises From The Ground Up is no exception. In a nutshell, we have Promises because we need callbacks. We need callbacks because JavaScript is single-threaded and can’t wait around for things. And so we dance. These days, you’ll see more async and […]

A year after predicting GenAI's sustainability crisis, the 2024/25 financial data tells a concerning story. OpenAI's $10 billion revenue comes with $5 billion losses, whilst Anthropic burns $3-4 billion annually. With the sector consuming over $100 billion in venture funding and Big Tech spending $250 billion on AI infrastructure, we're witnessing what some critics are now calling a "subprime AI crisis" – an entire industry built on services sold at massive losses. The transparency initiatives f

A roundup of themes we're seeing in Private Equity technology, and some recommended resources.

In this episode of Beyond the Hype, Oliver Cronk is joined by Ani Allen from OutSystems and Ryan Grey from Marra to explore the spectrum from No-Code, through Low-Code, to High- (or Pro-?) Code, and consider how AI is reshaping the development experience.

Last year, I received a combined autism and ADHD (AuDHD) diagnosis. It was a pivotal moment that helped me reframe my life, and I decided early on to be open about my diagnosis, both to advocate for myself and to let others know they’re not alone.

こんにちは、Webエンジニアのima1zumiです。2025年6月28日に開催された関西Ruby会議08に参加しました。この記事では参加レポートと、参加したメンバーからの感想をお届けします。 関西Ruby会議は、関西で定期的に開催されているプログラミング言語Rubyに関する技術カンファレンスです。今年で8回目で、京都府京都市の先斗町歌舞練場という会場で開催されました。風情ある素敵な会場でした！ 会場前にずらりと並べられたスポンサーののぼり 普段は鴨川をどりの会場ですが、今日は関西Ruby会議の会場。 2階には桟敷席もありました 以下は参加したメンバーの感想です。 感想 ima1zumi 印象に…

1Password is continually finding ways to protect millions of users and over 165K businesses, delivering a secure, seamless experience across our products. 1Password Extended Access Management builds on that focus by helping teams ensure that every identity is authentic, every application sign-on is secure, and every device is healthy.We are excited to take another step forward in delivering on that. Following the recent acquisitions of Kolide (now 1Password Device Trust) and Trelica (now Trelica

Active Record allows developers to mark associations as deprecated, providing robust reporting mechanisms to identify and eliminate their usage across all environments.It supports multiple reporting modes and configurable backtraces, making the process of cleaning up or removing associations much safer and more efficient.BeforeWe had no built-in way to deprecate associations. Removing an association like this:has_many :projectsmeant deleting projects and hoping CI or manual testing would catch a

We'll see what N+1 queries are, why they can be an issue for your application, and how to mitigate them using Django’s best practices.

We'll look at smart, scalable debugging strategies for your JavaScript application.

SMS-based multi-factor authentication (MFA) is still common, but it's fundamentally insecure. This article explains why developers should avoid SMS MFA and adopt stronger, phishing-resistant alternatives like TOTP and WebAuthn.

突然ですが、あなたの.netrcや環境変数に、ghp_...から始まる”あの文字列“、そっと忍ばせていませんか？ そう、GitHubのPersonal Access Token (PAT) です。 「自分しか使わないから」「有効期限なしが一番ラクだから」しかしその”魔法の文字列”は、開発効率を上げる便利な鍵であると同時に、ひとたび漏洩すれば全てを危険に晒す諸刃の剣。 果たして、この便利で危険な”魔法”を、私たちは本当に封印できるのでしょうか……？ local環境でセキュアにプライベートGoモジュールをダウンロードしたい こんにちは。カミナシ認証認可ユニットで共通ID基盤を開発しているminaで…

Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.

Create persistent, multi-metric dashboard views in Mux Data that remember your filters and configurations. Build once, return anytime to the exact video analytics setup you need.

Today we are excited to announce the availability of TypeScript 5.9 Beta. To get started using the beta, you can get it through npm with the following command: npm install -D typescript@beta Let’s take a look at what’s new in TypeScript 5.9! Minimal and Updated tsc --init Support for import defer Support for --module node20 […]The post Announcing TypeScript 5.9 Beta appeared first on TypeScript.

Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security TeamAndroid recently announced Advanced Protection, which extends Google’s Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google’s strongest security for mobile devices, providing greater peace of mind that you’re better protected against the most sop

Today, the Git project released new versions to address seven security vulnerabilities that affect all prior versions of Git.The post Git security vulnerabilities announced appeared first on The GitHub Blog.

It's pretty straightforward to animate list items into new positions, but there is a few tricks when the specific one you've chosen to move needs a *different* transition.

Cloudflare chose TimescaleDB to power its Digital Experience Monitoring and Zero Trust Analytics products.

, creators and stewards of Nitro and Nuxt, are joining Vercel.NuxtLabsRead more

Traditional page builders have shaped how we build WordPress sites for years. Let’s take a closer look at [Droip](https://droip.com/), a modern, no-code visual builder, and explore how it redefines the experience with cleaner performance, full design freedom, and zero plugin dependency.

やや煽り気味のタイトルで失礼しました、Repro Booster のプロダクトマネージャーの Edward Fox です。暑いですね。 Repro Booster開発チームでは、昨今の盛り上がりに漏れることなく、生成AIやコーディングエージェントを積極的に開発に取り入れています。その活用範囲は開発業務に留まらず、ドキュメンテーションやお客様からのお問い合わせ対応といった周辺領域にも及んでおり、プロダクト開発の効率を大きく向上させていると実感しています。しばらく取り組みを続けてきて、ある程度体系化できてきたと感じられるフェーズに入ってきたので、Boosterチームにて実践している具体的な手法を紹…

こんにちは、PR TIMESでインターンをしている勝間田（@Sho_26_ts）です。 今回は、「メディアリレーション」プロジェクトの一員として担当した「自動選択リスト」機能のリニューアルについてご紹介します。2025年 […]

TL;DR PMのチケット作成～整理業務をNotion MCP x Claudeで約30分→5分程度に短縮できた チケットが自動生成されることで、一次情報収集にリソースを再投下し意思決定の質が上がり、実装時のコミュニケーションコストも低くなる Notion MCPの仕様で、API callが長大になるためチケットを作るまでの時間が1~2分かかり、rate limitにも達しやすいなど一部欠点もある アウトカムを出すために重要なのは、「何を作るか」ではなく「何を作らないか」を見極めることなので、人間はそこに注力すべき 自己紹介 カミナシ StatHack カンパニーCEOの松葉です。 6月にカミ…

In part two of this series, we dive into more advanced methods to deploy Phoenix applications using Kamal.

While designing a landing page template for dev tool startups, we reviewed 100+ real product sites. Along the way, we uncovered practical insights—here’s what’s worth knowing if you’re building one yourself.

Software is built under time and quality constraints. We want to write good code and have it done quickly.If you go too fast, your work is buggy and hard to maintain. If you go too slowly, nothing gets shipped. I have not mastered this tension, but I’ll share a few lessons I’ve learned.This post focuses on being a developer on a small team, maintaining software over multiple years. It doesn’t focus on creating quick prototypes. And this is only based on my own experience!“How good should this be

Learn how Single Sign-On (SSO) works, the differences between SAML and OIDC, and how to add enterprise-grade authentication to your app in minutes with WorkOS.

When Checkly launched, it was the first of its kind, enabling developers to monitor complex workflows easier than ever using the automation tooling (Playwright, Terraform, etc) they already knew and loved. We’ve helped detect and resolve issues for 1000s of companies—ranging from monitoring crucial log-ins, to purchasing products, to setting up client instances for millions of monthly users But what about the simpler stuff? How about an affordable, reliable way for developers to answer, “Is my s

For a long time, server-side performance mattered was the biggest factor in end user experience. But today, what happens in the browser also plays a big role. What does this change mean for engineering teams? And what can organizations do to best serve their customers?

In the last blog of this series, we will focus back on FortiClient and learn how the inner workings of this application work, and what crucial mistake happened that led to us uncovering a local privilege escalation vulnerability.

I know that you can “chain” the CSS property filter, like: All three of those filters will apply. But somehow I never thought about applying the same filter more than once. That also works, and they don’t override each other, they “stack” (or whatever you want to call it). So here’s some useless bar trivia […]

CVEForecast.org uses machine learning to project a record-breaking surge in vulnerability disclosures in 2025.

Data enables faster and more accurate due diligence, informs operational transformation post-acquisition, and supports more effective positioning when it comes time to exit. This post outlines the role of data across each of these key stages.

Cloudflare's SASE platform now offers egress policies by hostname, domain, content category, and application in open beta.

As always in design, timing matters, and so do timely notifications. Let’s explore how we might improve the notifications UX. More design patterns in our Smart Interface Design Patterns, a friendly video course on UX and design patterns by Vitaly — from complex data tables and nested filters to FAQs and error messages.

The shape() function's close and move commands may not be ones you reach for often, but are incredibly useful for certain shapes.Better CSS Shapes Using shape() — Part 4: Close and Move originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Learn React's history using pragmatic code samples and deep dives. This journey reveals the consistent design in React's APIs stemming from the very beginning.

プロローグ 河野「このTODOアプリ便利やなぁ」 河野「でも、なんかシンプルすぎて退屈やねんなぁ。たまにTODO忘れるし...」 河野「もっとド派手なハリウッド映画みたいなデザインで緊迫感だしてくれや！」 アプリ「わかりました。もっと激しくてインパクトのあるデザインで訴求します。」 アプリ「ウィーン。ガシャコン。キュイーン⤴︎（デザインが変わる音）」 アプリ「はい。河野さん好みのデザインにしておきました。（ハリウッドの爆弾バーン！！）」 河野「そうそう。素直でええねん。これでわかりやすくなった！」 河野「あ〜あ！。あらゆるアプリがユーザーごとにカスタマイズされたデザインになる世界に生まれて良か…

高度なインタラクションを持つ UI には、画面上のオブジェクトをつまんで移動するような、ドラッグアンドドロップの実装があります。リスト項目の並べ替えや、ホワイトボードアプリでの自由な要素配置などがその代表例です。Pointer Events API（pointerdown、pointermove など）を使用することで、マウス、タッチ、ペンといった多様な入力デバイスに対応したドラッグアンドドロップ機能を実現できます。スマートフォンのようなタッチデバイスでは画面のスクロールと競合してドラッグの処理がキャンセルされることがあります。ユーザーが要素をドラッグしようと画面に触れた際、ブラウザーがそのジェスチャーをスクロール操作と解釈すると、pointercancel イベントが発生してドラッグ処理が中断されます。この問題は、スクロール可能な領域内にドラッグ可能な要素を配置した場合に現れます。以下のデモは、タッチデバイスでスクロールとドラッグが競合して pointercancel イベントが発生する様子を示しています。点線で囲まれた領域はスクロール可能な要素で、画面上部には最後に発生したポインタ

はじめに サイバーエージェントでは、これまでに数多くの Web サービス・プロダクトの 立ち上げ・開 ...

こんにちは、ABEMAのプロダクトマネージャーの松田です。 先日、合同会社DMM. com、株式会社 ...

Sonar's new report series analyzes 7.9B lines of code to reveal the most common issues and how to fix them.

CSS の `progress` 関数は、2 つの長さの値の間の進捗を計算するための数学関数です。流体タイポグラフィやレスポンシブなレイアウト調整に利用できます。流体タイポグラフィは `clamp` 関数を使用して実装することもできますが、`progress` 関数を使用することでより意図を明確に記述できます。この記事では、CSS の `progress` 関数の構文と使用例について解説します。

CSS Modules は、CSS をローカルスコープ化する仕組み。*.module.css に CSS を記述すると、bundler がクラスセレクターなどをユニークなものへと変換してくれる。クラスセレクターなどが *.module.css ファイルごとに異なる名前に変換され、擬似的にローカルスコープ化が実現される。 developer.hatenastaff.com CSS Modules では、基本的には CSS の標準の構文をそのまま利用する。しかし、一部 CSS Modules 独自の構文がある。実際どのようなものがあるのかというのを、紹介する。 CSS Modules の公式ドキュ…

macOS で Touch ID を使った「人間の確認」ができるシンプルな CLI ツール confirm-pam を作りました。azu/confirm-pam: CLI tool for biometric authentication confirmation promptsこのツールを使うことで、AI Agent が任意のコマンドやスクリプトの実行する前に、Touch ID による生体認証を要求できます。コマンドラインから実行される処理に対して、人間による明示的な確認ステップを追加する仕組みを提供します。confirm-pam とはconfirm-pam は、macOS の Touch ID を使った生体認証による確認プロンプトを提供する CLI ツールです。主な特徴Touch ID 認証をサポート認証ダイアログに任意のメッセージを表示0（成功）、1（失敗）、2（エラー）の 3 つの終了コードで結果を判定Rust で書かれていて、現時点だと macOS のみ対応基本的な使い方は次のようになります。# 基本的な認証プロンプトconfirm-pam "この操作を実行しますか？"# 認

Hot off the presses! Firefox Nightly adds the new :heading pseudo! Easily style all headings, or use nth-child-like AnB syntax to select a range of headings! Needs layout.css.heading-selector.enabled flag enabled. Keith Cirkel Demo.

You can now run commands with inside , giving you full control over runtime environment setup, just like on a traditional Linux system.sudoVercel SandboxThis makes it possible to install system dependencies at runtime, like Go, Python packages, or custom binaries, before executing your code. is available via the method:sudorunCommandThe sandbox configuration is designed to be easy to use:sudoWith on Sandbox it's easier to run untrusted code in isolated environments with the right permissions, wi

Vercel now automatically correlates logs with distributed traces for customers using OpenTelemetry to instrument their applications. Traces are a way to collect data about the performance and behavior of your application and help identify the cause of performance issues, errors, and other problems. is an open source project that allows you to instrument your application to collect traces.OpenTelemetry (OTel)When a request is traced using OTel, Vercel will enrich the relevant logs with trace and

Compare Semaphore and Travis across licensing, pipeline setup, Git support, monorepo handling, test reporting, and installation.The post Semaphore vs Travis CI appeared first on Semaphore.

Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.

Eight new malicious Firefox extensions impersonate games, steal OAuth tokens, hijack sessions, and exploit browser permissions to spy on users.

はじめに StatHackカンパニーの渡邉です。 私の普段の取り組みをこちらで紹介しているのでこちらもどうぞ。 note.kaminashi.jp 私たちKaminashiでは、さまざまなプロダクトにNext.jsを採用し始めています。 今回のブログではNext.jsの最も特徴的な機能の一つであるServer Actionsに関してフォーカスし、それがどういう仕組みで動いているのかコンパイラのソースコードを確認しながら解説し、 最後に実装上の注意点について述べます。 特にServer Actionsの具体的な中身の解説に関してはヘビーなので、実装上の注意点だけ見てもらうだけでも良いかもしれない…

はじめに こんにちは、FANTECH本部の古谷です。 前回に引き続きCLの、多言語対応についてご紹介 ...

DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub Blog.

Mux now has an MCP! With Mux's MCP, Mux API capability becomes available to AI chats and agents without custom integration work.

What does a Support Engineer do and how could it ever be interesting? In our first "Day in the Life" series, Support Engineer Joe Tingsanchali shares what it's like in this role and what he's learned.

The `satisfies` keyword allows you to assert that a certain value "satisfies" a given type, while preventing a wider type from being inferred.

Pro teams can now access a (recently ) with improved filtering, detailed breakdowns, and export options to better understand usage and costs by product and project.new usage dashboardintroduced to Enterprise customersYou can now break down usage by:Explore the today.new dashboardRead moreto quickly identify usage, drill down into spikes, and track costs of a single or set of productsProduct to understand your costs and monitor team activity across all or specific appsTeam and project for externa

Vercel now supports applications, a backend toolkit for building web servers, with zero-configuration.NitroNitro powers frameworks like Nuxt.js, TanStack Start, and SolidStart. or .Deploy Nitro on Vercelvisit Nitro's Vercel documentationRead more

SummaryImpactResolutionWorkaroundsCreditReferencesA cache poisoning vulnerability affecting has been resolved. The issue allowed page requests for HTML content to return a React Server Component (RSC) payload instead under certain conditions. When deployed to Vercel, this would only impact the browser cache, and would not lead to the CDN being poisoned. When self-hosted and deployed externally, this could lead to cache poisoning if the CDN does not properly distinguish between RSC / HTML in the

SummaryImpactResolutionCreditReferencesA vulnerability affecting Next.js has been addressed. It impacted versions and involved a cache poisoning bug leading to a Denial of Service (DoS) condition.>=15.1.0 <15.1.8This issue does not impact customers hosted on Vercel.Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page.This issue required the below conditions to be explo

Explore new features in CKEditor 5 Word converters, including headers and footers, table of contents, and improved handling of suggestions and layout.

If you’re working on an entirely new product with no dependencies on any existing system, you’re free to decide how best to build, test and deploy the product. However, if you’re modernising a legacy system, the approach to development and testing is less straightforward. In this blog post, I look at some of the key considerations that should inform the test strategy for a modernisation project. I also explain why it’s important to go beyond the hype and use the right tool for the right job at t

Fixes 52 issues (addressing 112 👍). ReadableStream text(), json(), bytes(), blob(), WebSocket client compression with `permessage-deflate`, `bun pm version`, reduced memory usage for large `fetch()` and `S3` uploads, faster `napi_create_buffer`, faster sliced string handling in native addons, `fs.glob` now matches directories by default, `net.createConnection()` now validates `options.host`, `http.ClientRequest#flushHeaders` now correctly sends the request body, `net.connect` `keepAlive` and `k...

はじめに こんにちは。 STORES でエンジニアをやっている asibi3Q です。 週末は山に登って下界から離れる生活を送っています。 今回は去年1年を通して、STORES 予約の契約管理をサブスクリプション管理 SaaS である Zuora に移行した話について書きます。 移行の背景 STORES には多くのプロダクトが存在しますが、元々は別々の会社で作られたプロダクトで契約管理方法も異なります。 そのため、 プロダクト毎に請求方法やオペレーションが異なることで、オペレーションコストや開発コストが大きい 請求業務の属人化と手作業の多さによる人的リソースの負担増加 といった運用上の課題が多…