こんにちは。デジカルチームでソフトウェアエンジニアをしている武井です。 デジカルチームでは、クラウド型電子カルテ「エムスリーデジカル」を開発しており、メインのAPIサーバーとしてRuby on Railsを採用しています。 digikar.m3.com 今回、長年放置されてきたRuboCopの設定の見直し、運用の改善をチームで協力して行いました。この記事では改善の過程の一部始終をご紹介できればと思います。 この記事でも触れる「リファクタリングデー」の後に打ち上げで行った焼肉を楽しむ様子

On March 21, 2025, multiple Cloudflare services, including R2 object storage experienced an elevated rate of error responses. Here’s what caused the incident, the impact, and how we are making sure it

はじめに ゲーム開発において、技術革新のスピードは日々加速しています。最前線で活躍する技術者にとって ...

This article explores what happens when fingerprinting goes beyond the basics—how companies use it, how to stay privacy-compliant, and what’s next.

どうもセキュリティエンジニアリングの西川です。JAWS DAYS 2025 の帰路でこのブログを書いています。私は空港でブログを書く確率が非常に高いです。なぜか捗るんですよね。 さて、カミナシでは昨年からセキュリティエンジニアを二人追加で採用することができ、業務委託含め5人体制になりました。それを機にセキュリティエンジニアを開発チームに派遣する仕組みを導入したのでそれについて話をしていきたいと思います。 セキュリティエンジニアを開発チームに派遣するとは 派遣するセキュリティエンジニアの目指すところを一言で表すならば「特定のサービス・プロダクト・チームを深く理解したセキュリティエンジニア」です。…

<p>Managing media is a really difficult task if you try to do all of it yourself, especially if the media comes from other sources. The file can be submitted in any state and size, but what if you need something really specific? You can code it all yourself or you can use an awesome service [&#8230;]</p><p>The post <a rel="nofollow" href="https://davidwalsh.name/easy-way-to-upload-transform-and-deliver-files-and-images">Easy way to upload, transform and deliver files and images (Sponsored)</a> a

A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared first on The GitHub Blog.

Convert Figma designs to Flutter code automatically with AI using Builder's Visual Copilot plugin. Save time and maintain pixel-perfect designs across screens.

Being able to control the `paint-order` in CSS means you can push the stroke behind the fill, fixing awkward issues with ruining letterform readability.

There’s a bit of a blind spot when working with CSS logical properties concerning shorthands.Support Logical Shorthands in CSS originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Security Week 2025 has officially come to a close. Our updates for the week included a deep dive on our AI offering, a unified navigation experience, and an introduction to our AI Agent Cloudy.

Today we're announcing our latest contribution to Node.js, now available in v23.8.0: URLPattern.

React-admin v5.5 and v5.6 introduce broader compatibility, a modern black and white theme, and enhanced features for forms and list views. The Enterprise Edition packages also receive new components and improvements.

Carousels are a design pattern that will probably outlive civilisation I'm afraid. As much as the fact that you probably don't need a carousel is true, that overflow pattern is useful where there's not much screen real estate available.We're getting a heap of new stuff here to make carousels less bad such as ::scroll-button() and ::scroll-marker() pseudo-elements. It seems like that's the first iteration though — at least I hope so because I have no interest in using an icon font or HTML entitie

<p>Imagine you work on an end-to-end web test. The test works locally, you commit the code, open a pull request and ... wait for 10-30 minut

Next.js has patched a critical vulnerability (CVE-2025-29927) that allowed attackers to bypass middleware-based authorization checks in self-hosted apps.

こんにちは PR TIMES開発本部のインターンの Chanoknan です。 PR TIMESエディターのフロントエンドテスト戦略開発の一環として、エディターのPlaywright統合テストをPage Object M […]

この記事では、Next.jsのプロジェクトにおける国際化対応（i18n）の設定方法について説明します。Next.jsが直接サポートしていない部分の課題を克服しながら、Pages Routerを使用し…

Babel 7.27.0 is out!

React 19 makes ref easier – just pass it!React 19 brings many exciting updates, and one of the simplest yet powerful change is how ref works. We no longer need forwardRef when passing ref to built-in elements like inputs. Cool, right?This small update makes working with ref much simpler, especially in forms where smooth user interactions matter.The problem with forwardRefBefore React 19, if a parent component wanted to interact with a child component using a ref, we had to wrap the child in forw

ActionCable integrates websockets with our app which allows two-way communication between the server and client without the need for continuous page refreshes, making real-time updates possible.Channels are similar to controllers in that we define methods for broadcasting or streaming data to connected clients.BeforeBy default, Rails would create a channels folder in the app/ directory to store these channel definitions, allowing developers to easily set up real-time features.# Before Rails 8 wh

As a self-hostable, open-source automation platform, n8n lets you orchestrate logic, connect services, and scale pipelines with minimal boilerplate.

A security vulnerability in Next.js was , which allows malicious actors to bypass authorization in Middleware when targeting the header.responsibly disclosedx-middleware-subrequest. We still recommend updating to the patched versions. Learn more about .Vercel customers are not affectedCVE-2025-29927Read more

カルーセルは Web アプリケーションでよく使われる UI コンポーネントの一つであるものの、標準化された実装方法が存在しないため、各ライブラリやフレームワークで独自の実装が行われています。この問題を解決するため、CSS だけを使用してカルーセルを実装するための新しい仕様が提案されています。:この仕様では ::scroll-button と ::scroll-marker 擬似要素を使用してカルーセルを実装します。

Just saw and played with Cursorful, a browser plugin for recording nice looking videos of using websites. The trend of videos that zoom and pan based on what you’re interacting with is pretty neat I think. As web builders, I feel like we’re constantly showing short videos of the sites, whether it’s to clients, customers, […]

A survey of 500 cybersecurity pros reveals high pay isn't enough—lack of growth and flexibility is driving attrition and risking organizational security.

I’ve used border-image regularly. Yet, it remains one of the most underused CSS tools, and I can’t, for the life of me, figure out why. Is it possible that people steer clear of border-image because its syntax is awkward and unintuitive? Perhaps it’s because most explanations don’t solve the type of creative implementation problems that most people need to solve. Most likely, it’s both.Revisiting CSS border-image originally published on CSS-Tricks, which is part of the DigitalOcean family. You s

Using Cloudflare’s CASB, integrate, scan, and detect sensitive data and misconfigurations in your cloud storage accounts.

Socket, the leader in open source security, is now available on Google Cloud Marketplace for simplified procurement and enhanced protection against supply chain attacks.

Cloudflare now provides clientless, browser-based support for the Remote Desktop Protocol (RDP). It enables secure, remote Windows server access without VPNs or RDP clients.

Customers can now easily safeguard sensitive data in Microsoft Outlook with our new DLP Assist feature.

This post is a beginner's guide to lattices, the math at the heart of the transition to post-quantum (PQ) cryptography. It explains how to do lattice-based encryption and authentication from scratch.

Cloudflare’s Data Loss Prevention is reducing false positives by using a self-improving AI-powered algorithm, built on Cloudflare’s Developer Platform.

Cloudflare is now assessed at the IRAP PROTECTED level, bringing our products and services to the Australian Public Sector.

The is an open-source toolkit for building AI applications with JavaScript and TypeScript. Its unified provider API allows you to use any language model and enables powerful UI integrations into leading web frameworks such as and .AI SDKNext.jsSvelteRead more

The allows using any Node.js OpenFeature provider with the Flags SDK. Pick from a wide range of flag providers, while benefiting from the Flag SDK's tight integration into Next.js and SvelteKit. Flags SDK adapter for OpenFeature is an open specification that provides a vendor-agnostic, community-driven API for feature flagging that works with your favorite feature flag management tool or in-house solution. OpenFeature exposes various providers through a unified API.OpenFeatureThe sits between yo

You probably already know that you can use developer tools in your browser to make on-the-spot changes to a webpage — simply click the node in the Inspector and make your edits. But have you tried `document.designMode`? Victor Ayomipo explains how it can be used to preview content changes and demonstrates several use cases where it comes in handy for everything from basic content editing to improving team collaboration.

A guide to migrating from Fauna to Supabase.

STORES でソフトウェアエンジニアをしている morihirok です。 このたび STORES のエンジニア採用ポジションを大きく刷新し、これまで多数あった採用ポジションを「Web エンジニア」のひとつに統合しました。 このブログでは意思決定に至るまでの背景とその意図についてご紹介し、私たちが作っていきたい組織や挑戦する課題について知っていただければと思っております。 これまでどうなっていたか 前提として、STORES は複数のスタートアップが合併してできた会社です。 しばらくもともとの会社の単位で事業部制組織を取っていたため、エンジニアの採用ポジションも組織ごとに存在し、採用フローもエ…

Broken pipelines are unavoidable. Catch problems as soon as they happen with the improved alerting suite in Dagster+.

HighlightsTypeScript Syntax Support in Core RulesESLint v9.23.0 introduces full TypeScript syntax support for three core rules. These rules are:class-methods-use-thisdefault-param-lastno-useless-constructorThese rules can now be used to lint TypeScript files as well as regular JavaScript.To lint TypeScript code, be sure to use @typescript-eslint/parser, or another compatible parser.You can define the parser and the rules in your config file like this:import { defineConfig } from "eslint/config";

We just released four new widgets to make your life easier: user profile, user sessions, user security, and organization switcher. They are now available for free to all AuthKit customers.

Before settling on the project to implement a full accessibility cache in Firefox, I investigated several other alternatives. In my last post, I discussed asynchronous accessibility APIs. Another alternative I considered is switching to UI Automation and having the UIA tree accessed directly in web content processes, rather than communicating via the main UI process. While this is not possible with IAccessible2 because of browser sandboxes, it could theoretically be possible with UIA because it

カミナシ ソフトウェアエンジニアの mina（@yoiyoicho）です。このブログでは、私が所属する「カミナシ ID」開発チームにおいて実施した、インフラコストの最適化施策について紹介します！ 「カミナシ レポート」の認証機能移行によりインフラコストが増加 「カミナシ ID」は OIDC / OAuth 2.0 などの標準仕様に準拠した、カミナシの ID 管理・認証基盤プロダクトです。インフラは AWS の各種サービスを活用して構築されています。 「カミナシ ID」は認証基盤という性質上、高いセキュリティや監査能力が求められます。そのため、API サーバーのアプリケーションログに加えて、デー…

From simplifying the workflow of a developer to having an impact on the global water crisis, technology and AI are reshaping the way charity: water works.The post World Water Day: how GitHub Copilot is helping bring clean water to communities appeared first on The GitHub Blog.

There is an already-classic @scope demo about theme colors. Let’s recap that and then I’ll show how it relates to any situation with modifier classes. (The @scope rule is a newish feature in CSS that is everywhere-but-Firefox, but is in Interop 2025, so shouldn’t be too long to be decently usable.) There are lots of […]

Forrester Research has recognized Cloudflare as a Leader in its The Forrester Wave™: Web Application Firewall Solutions, Q1 2025 report.

I’ve seen a handful of recent posts talking about the utility of the :is() relational pseudo-selector. No need to delve into the details other than to say it can help make compound selectors a lot more readable.:is(section, article, aside, …Quick Reminder That :is() and :where() Are Basically the Same With One Key Difference originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

I love the idea of being able to take a color you already have in CSS, like currentColor, a custom property, or a color pulled from an attr(), and manipulate it. The big examples being darken, lighten, or apply opacity to it for different adjacent elements or states. We have a ton of “newly available” […]

Cloudflare’s first AI agent, Cloudy, helps make complicated configurations easy to understand for Cloudflare administrators.

We are closing the cleartext HTTP ports entirely for Cloudflare API traffic. This prevents the risk of clients unintentionally leaking their secret API keys in cleartext during the initial request.

Cloudflare Aegis provides dedicated egress IPs for Zero Trust origin access strategies, now supporting BYOIP and customer-facing configurability, with observability of Aegis IP utilization soon.

We’re introducing a new Application Security experience in the Cloudflare dashboard, with a reworked UI organized by use cases, making it easier for customers to navigate and secure their accounts.

Vercel provides the tools and infrastructure to build AI-native web applications. We're partnering with to bring their powerful Grok models directly to Vercel projects through the —and soon —with no additional signup required. xAIVercel Marketplacev0To help you get started, xAI is introducing a new free tier through Vercel to enable quick prototyping and experimentation. These Grok models now power our official with the . Next.js AI chatbot templateAI SDKThis is a part of our ongoing effort to m

xAI's Grok models are now available in the , making it easy to integrate conversational AI into your Vercel projects.Vercel MarketplaceTo get started, you can use the in your project:AI SDK xAI providerThen, with Vercel CLI (or ):install the xAI Marketplace Integrationfrom the dashboardOnce you've accepted the terms, you'll be able to use Grok models from within your project, with no additional steps necessary. To help you get started, we've also made a . To learn more about xAI on Vercel, read

Vercel now maps dependencies in your package manager’s lockfile to applications in your monorepo. Deployments only occur for applications using updated dependencies.This feature is based on Turborepo's lockfile analysis, supporting the package managers listed as stable in .Turborepo's Support PolicyPreviously, any change to the lockfile would redeploy all applications in the monorepo since it was treated as a shared input. Now, Vercel inspects the lockfile’s contents to determine which applicati

Hi! I’m Sam, and I write interactive blog posts about computer science. Because that doesn’t quite pay the bills, during the day I’m a senior software engineer for Budibase, an open source, low-code, self-hostable app building platform. We make heavy use of TypeScript, both on the front-end and the back-end, and in this post I’d like to walk you through some real-world use-cases we have for TypeScript’s “utility types.”What is a utility type?Utility types are types that modify other types. You c

A guide to migrating from the MongoDB Data API to Supabase.

The contenteditable "plaintext-only" attribute value combination is now Baseline Newly available. Making an element contenteditable but plaintext-only has advantages over using a textarea in some cases highlighted in this post.

We are excited to introduce support for private hostname and IP address-defined applications as well as reusable access policies.

This blog has been adapted from a section of 1Password’s ebook: “Why MDM isn’t enough for device security”. To read the complete ebook, click here.For years, global regulations and compliance standards have been a primary driver of Mobile Device Management’s (MDM) adoption in the workplace. This is thanks to its ability to force managed devices, en-masse, into meeting basic levels of compliance.However, MDMs have never been a complete solution for endpoint security or compliance. They’ve only fa

In response to the FinTech Scotland innovation challenge we developed InferESG; augmenting ESG analysis and identifying potential greenwashing.

Learn how AppSignal's improved issue management feature helps your team collaborate effectively. Assign, track, and resolve incidents seamlessly to streamline your workflow and boost productivity.

With AuthKit enterprise logins are now easier than ever. We are announcing the addition of key B2B login providers, like LinkedIn, Slack, Xero, and more, giving your users seamless access to your platform with the credentials they already use.

Cookie banners can impact the Core Web Vitals of your website in different ways. Learn how and what you can do about it.

Accessibility API queries are generally synchronous: each query blocks both the client and the server until the query completes and returns its result. This causes significant challenges for modern, multi-process web browsers, requiring them to cache the accessibility trees from all other processes in the main UI process. This raises the question: why not make accessibility APIs asynchronous? As usual, there is a theoretical/principle answer and a pragmatic answer. Let’s start with theory. For a

Using AI Code assistants powered by LLMs are a great productivity boost, but are they also free from vulnerabilities? Not really. Not even the GPT 4o model. Let me show you GPT 4o failure in practice.

Research reveals the ideal ratio of positive to negative feedback within high performing teams

Corepack will be phased out from future Node.js releases following a TSC vote.

We’ve long had a YouTube channel for ShopTalk, but now we’re posting regular ol’ episodes to it, which we’ve never done before. Like this: And “shorts” here and there that we’ll clip out of the shows when it’s fun.

Read the article to learn more.

Ever wondered how to create checklists in your GitHub repositories, Issues, and PRs? Make task lists more manageable in your GitHub repositories, issues, and pull requests.The post Video: How to create checklists in Markdown for easier task tracking appeared first on The GitHub Blog.

Research uncovers Black Basta's plans to exploit package registries for ransomware delivery alongside evidence of similar attacks already targeting open source ecosystems.

A look into building IssueOps workflows on GitHub to do everything from CI/CD to handling approvals and more.The post IssueOps: Automate CI/CD (and more!) with GitHub Issues and Actions appeared first on The GitHub Blog.

With Cloudflare for AI, developers, security teams and content creators can leverage Cloudflare’s network and portfolio of tools to secure, observe and make AI applications resilient and safe to use.

By building and integrating a new heuristics framework into the Cloudflare Ruleset Engine, we now have a more flexible system to write rules and deploy new releases rapidly.

Firewall for AI discovers and protects your public LLM-powered applications, and is seamlessly integrated with Cloudflare WAF. Join the beta now and take control of your generative AI security.

How Cloudflare uses generative AI to slow down, confuse, and waste the resources of AI Crawlers and other bots that don’t respect “no crawl” directives.

It's hard to tell the difference between web content produced by humans and web content produced by AI. We're taking new approach to making AI content distinguishable without impacting performance.

Various studies highlight the significant environmental footprint of Large Language Models (LLMs). Those concerned about climate change might consider avoiding AI for this reason. But is that the right choice? Let's examine the facts.

Welcome to my hot takes on DevRel where I share all my spicy opinions that are likely to get me lambasted on a certain social media site I don't use anymore.

DevTools Performance panel updates make it easier to navigate within and filter traces.

Learn how and why the Chrome team has replaced FreeType with Skrifa.

画像の背景を削除する GrabCutter を作りました。名前の通り GrabCut アルゴリズムを使っています (安直)。前景と後景をアノテーションできるようにしておいたので、削除と復元の微調整しやすいのが利点です。GrabCutterこんな感じの背景透過画像がサクッと作れます。 割と大きめの画像でも 初回実行は 1秒以内、微調整は一瞬という感じです。とはいえ巨大な画像はさすがに重いので、ROI を作って部分適用したほうが良いかも知れません。他にも共有メモリで分散処理はどんなアルゴリズムでも検討したいところですが、今回はそこまで作ってないです。AI を使わない時にどれくらい精度が出るのかの勉強用で作りましたが、AI なしでも割と良い精度です。せいぜい 2-3回の微調整で十分な結果が得られるので、これはこれでアリじゃないかなあ。

Let's dive into some easy and quick ways to collect and generate data and create schemas in Node.

Rink is a unit-aware calculator for the command line and your browser. I’ve been wanting something like it for years!Here’s a Rink cheatsheet I made for myself. I hope it’s useful to others!Basic conversionsRink can do a bunch of basic conversions, such as converting Fahrenheit to Celsius or kilometers to miles.Basic unit conversions:> 10 pounds to kilogramsapprox. 4.535923 kilogram (mass)> 32 degF to degC0 °C (temperature)Byte conversions:> 1 KB to B1000 byte (information)> 1 KiB to B1024 byte

Expand your WorkOS integration by customizing attributes on users, orgs, and session tokens.

Learn how image encoding can improve your website’s performance by reducing load times. This article explores different types of image compression and their impact on page speed, helping you deliver high-quality content more efficiently to your visitors.

A chance conversation led me to the realization that the world of unique identifiers is larger and more wondrous than I ever could have imagined. In this post we discuss five types of UUIDs and their upstart cousin, the ULID. We explore what makes each of them special and when they may be particularly useful.

UI Automation (UIA) is Microsoft’s recommended accessibility framework for Windows, replacing the earlier Microsoft Active Accessibility (MSAA) framework. Despite this, to access web content, screen readers such as NVDA and JAWS continue to use IAccessible2, an open source API based on MSAA. This is not just because of the significant effort involved in switching to a different API, although that is certainly a factor. More importantly, it is because UIA is currently insufficient as an accessibi

デジカルを構成するサービスの DB（基本的に読み取りのみ）を Aurora MySQL から Fargate 上の SQLite に移行し、性能も向上しつつ当該サービス全体のインフラコストを約 1/8 まで大幅に削減できた話をご紹介します。

Bastion host offers a centralized point of access and control to an internal network, but what happens when this gateway itself is compromised? In this blog series, we will dive into vulnerabilities we found in JumpServer.

When you open Visual Studio Code without doing something like opening a .workspace file or dragging a folder onto it, you get a fairly blank screen like this: RECORD SCRATCH. I’m an idiot. It was just like that because I had my “Work Bench” set to “none” instead of the default. Putting the value back […]

Oliver's reflections on the Sustainable AI and Data Centres type content at Data Centre World London March 2025.

`box-decoration-break: clone;` in CSS can help us make for interesting backgrounds across lines of text that break, but when opacity gets involved, things can get complicated.

Read the article to learn more.

Ken Kocienda shares how Infactory is making AI transparent, reliable, and enterprise-ready—solving AI’s biggest trust issues.The post Ken Kocienda on Building AI You Can Trust appeared first on Semaphore.

now has an for tools to integrate AI models and services directly into Vercel projects.The Vercel MarketplaceAI categoryGroq, fal, and DeepInfra are available as first-party integrations, allowing users to:With prepaid plan options, users can now manage AI costs more predictably by purchasing credits upfront from a model provider. These credits can be used across any model offered by that provider.Explore the new , , and get started with , , and on the Vercel Marketplace, available to users on a

We have deployed a proactive security update to the , protecting against a recently disclosed vulnerability in the package, dubbed SAMLStorm ( and ). This vulnerability, which affects various SAML implementations, could allow attackers to bypass authentication mechanisms.Vercel Firewallxml-cryptoCVE-2025-29774CVE-2025-29775See the for more details on the vulnerability, and reach out to if you have questions.SAMLStorm reportVercel SupportRead moreWhat This Means for Vercel Customers: Vercel Firew

AI and LLMs are certainly useful assistive tools. But what if we need to train LLMs on confidential documents and materials? Here's how you can build your own custom RAG AI agent.

Find out how you can participate in Google Summer of Code with Chromium.

Knowing when to reach for a polyfill can be a hard decision, but using Baseline features can help you answer this question. Learn more in this guide!

React Trends in 2025 which should be on your watchlist. A walkthrough of the state of React ...