直近1週間の更新
7/9 (木)

Why we cannot wait for better post-quantum signature algorithms
The Cloudflare Blog
NIST is advancing nine new post-quantum signature algorithms as potential candidates for future standardization. We take a closer look at all of them, and argue that while they are in the works and show great potential, we should use ML-DSA for now — the best one currently available.
1時間前

Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
Socket
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.
2時間前

Proxy and Reflect
Piccalilli - Everything
FYIIn this specific instance, I'm here to teach you about using the Proxy constructor and Reflect object. These are features of the language worth having in your toolbox, naturally — but just as importantly they allow us to graze up against some of JavaScript's innermost workings, and in doing so, better learn the shape of the mechanisms that power the language. That's the kind of know-how that makes a senior developer.Now, the keen-eyed among you may notice that this article is shaped conspicuo
3時間前

AI Pentesting Buyer's Guide: How to evaluate AI pentesting vendors
Aikido Security's Blog
Learn how to evaluate AI pentesting vendors with practical buying criteria, research from 1,000+ AI pentests, and a downloadable evaluation checklist.Category: Guides & Best Practices
5時間前

Searchable field-level encryption on Supabase with CipherStash
Supabase Blog
Add field-level encryption to your Supabase project with CipherStash. Searchable ciphertext, zero-knowledge key management, and no schema changes required.
8時間前

大規模プロダクトの開発を、どう前に進めるか。Yahoo! JAPANアプリのDivision Leadが向き合う「責務最適化」と自律的な組織づくり LINEヤフー Tech Blog (LY Corporation Tech Blog
大規模なネイティブアプリ開発では、実装力だけでは解けない課題があります。iOSとAndroidが並走し、WebやBFF(Backend for Frontend)とも連携しながら機能を届ける。その一方...
13時間前

CA DATA NIGHT #10 〜データ基盤の「正解」は、Databricksにあります〜 開催レポート
CyberAgent Developers Blog | サイバーエージェント デベロッパーズブログ
こんにちは。メディア統括本部 Data Science Center(DSC)の山田(@___rya ...
15時間前

ABEMAの広告配信周りの高速化にチャレンジしてみた
CyberAgent Developers Blog | サイバーエージェント デベロッパーズブログ
はじめに はじめまして!慶應義塾大学環境情報学部3年の上野 大和です!2026年の4月の1ヶ月間、C ...
15時間前

スクラムよ! 私は帰ってきたぞ! スクラムをやめたけど戻したチームの経験談
26
カミナシ エンジニアブログ
スクラムよ! 私は帰ってきたぞ! スクラムをやめたけど戻したチームの経験談 こんにちは。アニメ『日本三国』を見終わって、横山光輝さんの『三国志』を読んだときの興奮を思い出した daipresents です。天命をまっとうするぞー。 少し前に、Slackを眺めていると、エンジニアリングマネージャ友達のなかしょーさんが「スクラムをぶっ壊す」とフンフンされていたのをみつけて、そう思った理由を伺ってみるとなかなか面白かったので、今日はその話を書いてみたいと思います。 スクラムじゃないかもと思った理由 なかしょーさんチームでは、スクラムが導入されていました。社内でも古株プロダクトでもあることから、比較的…
15時間前

Rewriting Bun in Rust Simon Willison's Weblog
<p><strong><a href="https://bun.com/blog/bun-in-rust">Rewriting Bun in Rust</a></strong></p>Jarred Sumner has been promising this blog post (<a href="https://x.com/jarredsumner/status/2053063524826620129">since May 9th</a>) about his Zig to Rust rewrite of Bun for significantly longer than it took him to finish the rewrite.</p><p>Honestly, it was worth the wait. This is a detailed description of an extremely sophisticated piece of agen...
15時間前

Introducing GPT‑Live Simon Willison's Weblog
<p><strong><a href="https://openai.com/index/introducing-gpt-live/">Introducing GPT‑Live</a></strong></p>OpenAI <em>finally</em> upgraded the model used by ChatGPT voice mode!</p><p>I've had preview access for a few weeks in the iPhone app, and the new model is very impressive. It also has the ability to spin off harder tasks to GPT-5.5:</p><blockquote><p>For questions that require web search, deeper reasoning, or mor...
16時間前

npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
Socket
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
18時間前

Automating cross-repo documentation with GitHub Agentic Workflows
The GitHub Blog
Explore how the Aspire team turns merged product changes into SME-reviewed docs pull requests, closing the gap between release and documentation.The post Automating cross-repo documentation with GitHub Agentic Workflows appeared first on The GitHub Blog.
18時間前

Malicious Go Module Exposes GitHub Malware Lure Network Spanning 222 Repositories
Socket
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.
19時間前

Quoting Kenton Varda Simon Willison's Weblog
<blockquote cite="https://twitter.com/kentonvarda/status/2074924213983740233"><p>I just declared a moratorium against AI-written change descriptions (e.g. PR and commit messages, also issues/tickets) from my team.</p><p>AI was writing change descriptions that were worse than useless to me as I tried to review PRs: outlining details of the code that could easily be seen by looking at the code, but omitting the higher-level framing needed to understand broadly what the cod...
19時間前

Introducing Secret Exfiltration Protection for GitHub Actions
Step Security Blog
StepSecurity now blocks and detects secret exfiltration in GitHub Actions, stopping attacks that plant malicious workflows to steal your repository secrets.
20時間前

GitHub availability report: June 2026
The GitHub Blog
In June, we experienced six incidents that resulted in degraded performance across GitHub services.The post GitHub availability report: June 2026 appeared first on The GitHub Blog.
20時間前

How GitHub Copilot enables zero DNS configuration for GitHub Pages
The GitHub Blog
Go from an empty repository to a live custom domain with HTTPS in about 14 minutes, without manually editing a single DNS record.The post How GitHub Copilot enables zero DNS configuration for GitHub Pages appeared first on The GitHub Blog.
1日前

Announcing TypeScript 7.0
Daniel Rosenwasser, Author at TypeScript
Today we are proud to announce the availability of TypeScript 7, a 10x faster native port of TypeScript! Since its early days, TypeScript has promised to deliver on JavaScript that scales. By bringing strong type-checking and rich tooling to the world of JavaScript, TypeScript made it possible to build non-trivial high-quality apps across platforms. Last […]The post Announcing TypeScript 7.0 appeared first on TypeScript.
1日前

流れを自由自在に操りアジリティを高める「かんばん」方法論
カミナシ エンジニアブログ
流れを自由自在に操りアジリティを高める「かんばん」方法論 こんにちは。健康診断の肺活量診断で看護師さんに「もっといける!もっといけるぞ!そうだ、どんどんだせ!いけー!」と応援されたけど、前回の記録を更新できなかった daipresents です。次も同じとこで受けよう。 カミナシの開発プロセスは、プロダクトごとのチーム(サービスチームと呼んでいます)ごとに自分たちで考えて定義しています。そして、技術スタックもプロダクトごとにだいたい揃っていて、開発するプロダクトも「ノンデスクワーカー向けSaaS」ですので、それほど大きく違いが生まれてない現状があります。 この数年、社内のプロセスをなんとなく遠…
1日前
7/8 (水)

How to Make an Interactive Element Invisible but Accessible
Master.dev Blog RSS Feed
The attribute `hidden="until-found" can be quite useful in HTML, but we'll need another unexpected bit of CSS to ensure space is reserved.
1日前

Introducing Meerkat: an experiment in global consensus
The Cloudflare Blog
Cloudflare Research is building a global consensus service called Meerkat that uses a new consensus algorithm called QuePaxa. We plan to use Meerkat to build a strongly consistent, fault-tolerant key-value store, and other applications.
1日前

Vercel Agent: An agent you can let near production
Vercel News
Today we're expanding . It started by triaging alerts and reviewing your pull requests. Now it has a home in your dashboard, where it can investigate production, answer questions about your projects, and take action once you approve it.Vercel AgentBecause Vercel Agent is built into the platform that deploys and runs your app, when something changes in production, it's your first responder. It autonomously investigates your logs, metrics, and deployments, finds the root cause, and proposes a fix,
1日前

pnpm 11.10 Hardens Registry Authentication to Block Token Redirection
Socket
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.
1日前

Storybook Workbench: audit vibe-coded UIs and find hidden bugs in hours
Evil Martians
Storybook Workbench is a bundle of Agent Skills that turn Storybook into an audit layer for AI-generated UIs: find dead components, design-system drift, and hidden accessibility bugs.
2日前

Grok 4.5 now available on AI Gateway
Vercel News
Grok 4.5 from SpaceXAI is now available on .AI GatewayBuilt for coding, knowledge work, and STEM, the model accepts text and image inputs.Grok 4.5 supports low, medium, and high reasoning levels and defaults to high. Set the level with to balance speed against depth.reasoningTo use Grok 4.5, set to in the :modelxai/grok-4.5AI SDKAI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and performance optimizations for higher-than-provider
2日前

Update Project Settings from the Vercel CLI
Vercel News
You can now update a project's framework preset and build settings directly from the CLI, without opening the dashboard.Run from a linked project, or pass a project name directly:vercel project updateSettings can also be returned to automatic detection instead of an explicit override:For automation or further inspection, return the result as JSON:JSON output includes whether anything changed, the list of changed settings, the project ID and name, and the requested settings. Output is written to
2日前

Vercel Microfrontends checks for missing configuration
Vercel News
The Microfrontends Config Present prevents broken production routing by blocking any default app deployment that is missing its . This appears alongside other , such as lint and typecheck.deployment checkNative Deployment Checksmicrofrontends.jsonThe check is blocking by default for eligible apps, with no opt-in required. Eligible apps are projects enrolled in and designated as the default app in a Microfrontends group. If is missing from the deployment's build outputs, the check fails and preve
2日前

Flags SDK now evaluates flags 10x faster
Vercel News
and now evaluate multiple feature flags in bulk around 10x faster. Flags SDKVercel FlagsFlag evaluation time improved by reducing microtask queue overhead and creating fewer promises. The improvement scales with the number of flags.Use instead of to benefit from these optimizations:await evaluate([flagA, flagB])Promise.all([flagA(), flagB()])You can also pass an object to evaluate flags with named keys automatically benefits from these improvements as well.precompute()Upgrade and to the latest v
2日前

Use any Chat SDK adapter with eve
Vercel News
now supports Chat SDK adapters with the new .eveChat SDK channelOne channel connects your eve agent to Facebook Messenger, WhatsApp, Resend, Liveblocks, and any other surface with an . You write normal Chat SDK handler code, and calling inside a handler hands the message to your agent.adaptersendRegister handlers on exactly as you would in a standalone Chat SDK app.botOut of the box, the channel:Supply your own handlers to override any of these defaults.eventsRead the documentation to get starte
2日前

Chat SDK now supports Vercel Connect
Vercel News
You can now use to manage credentials for your bots, with no tokens or signing secrets to store or rotate yourself.Vercel ConnectChat SDKThe new subpath provides adapter helpers for Slack, GitHub, and Linear. Each helper takes a connector UID and returns a config you spread into the matching adapter factory.@vercel/connect/chatOutbound bot calls use a function-form token field backed by , so each API request gets a fresh, short-lived token that Vercel Connect rotates for you.getTokenInbound use
2日前

Chat SDK adds Dial support
Vercel News
Chat SDK now supports Dial with the new .vendor-official adapterBuild bots that send and receive SMS, MMS, and iMessage on a real phone number, with bidirectional media and inbound voice-call transcripts. Replies use the standard Chat SDK thread and message APIs, with HMAC-verified webhooks and stable per-conversation threading.Each phone conversation becomes a Chat SDK . Texts and media arrive as messages on that thread, and when a voice call ends, its transcript appears there too. Subscription
2日前

Chat SDK adds Photon support
Vercel News
Chat SDK now supports Photon with the new .vendor-official adapterBuild bots that send and receive iMessages directly and in group chats, share media, and react with native tapbacks. Run the adapter against Spectrum Cloud, your own server, or directly on a Mac.Each Photon conversation becomes a Chat SDK thread, and tapbacks come through as reactions. Handlers, posts, and subscriptions work the same as with any other adapter. Webhooks are HMAC-verified, and your bot can reply to a DM straight fro
2日前

The Prototype Trap: Shipping AI-written Code Before It’s Ready
CKEditor Ecosystem Blog
Fast AI prototypes are slipping into production. Learn why vibe coding creates risk—and how leaders can stop the prototype trap.
2日前

GitHub Secret Scanning Public Monitoring for Enterprises: Coverage and Gaps
Step Security Blog
GitHub's new public monitoring finds your enterprise's leaked secrets anywhere on github.com. Here is what it covers, what it cannot see, and how to close the exfiltration gap
2日前

sqlite-utils 4.0, now with database schema migrations Simon Willison's Weblog
<p>This morning I released <a href="https://sqlite-utils.datasette.io/en/stable/changelog.html#v4-0">sqlite-utils 4.0</a>, the 124th release of that project and the first major version bump since <a href="https://sqlite-utils.datasette.io/en/stable/changelog.html#v3-0">3.0</a> in November 2020. In addition to some small but significant breaking changes (described in <a href="https://sqlite-utils.datasette.io/en/stable/upgrading.html">this upgrade guide</a&...
2日前

LLM Model Fallback Is a Product Strategy
CKEditor Ecosystem Blog
When Anthropic's Fable 5 went offline with no warning, products on a single LLM broke. Why model fallback and provider abstraction is product strategy.
2日前

Top Burp Suite alternatives for web application security testing
Aikido Security's Blog
Compare the top Burp Suite alternatives for DAST and AI pentesting, including Aikido, Caido, ZAP, and Invicti.Category: DevSec Tools & Comparisons
2日前

Coordinated npm and PyPI Campaign Typosquats Popular Secure Payment Apps
Socket
Socket uncovered 17 malicious npm and PyPI packages typosquatting Paysafe, Skrill, and Neteller SDKs to steal developer secrets.
2日前

sqlite-migrate 0.2 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-migrate/releases/tag/0.2">sqlite-migrate 0.2</a></p> <p>The version that retires the library, instead implementing a compatibility shim against the new sqlite-utils 4.0 dependency.</p> <p>Tags: <a href="https://simonwillison.net/tags/sqlite-utils">sqlite-utils</a></p>
2日前

github-code Web Component Simon Willison's Weblog
<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/github-code-component">github-code Web Component</a></p> <p>An experimental Web Component built using GPT-5.5 and <a href="https://gist.github.com/simonw/0e3db21947b5ae7e29e8a4f69a0b0617">the following prompt</a>:</p><blockquote><p><code>let's build a Web Component for embedding code from GitHub</code></p><p><code>&lt;github...
2日前

Q1 2026 Innovation Graph update: Open source collaboration is accelerating worldwide
The GitHub Blog
New Innovation Graph data shows global developer communities growing faster than ever, with collaboration reaching new highs across many economies.The post Q1 2026 Innovation Graph update: Open source collaboration is accelerating worldwide appeared first on The GitHub Blog.
2日前

sqlite-utils 4.0 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.0">sqlite-utils 4.0</a></p> <p>See <a href="https://simonwillison.net/2026/Jul/7/sqlite-utils-4/">sqlite-utils 4.0, now with database schema migrations</a> for details.</p> <p>Tags: <a href="https://simonwillison.net/tags/sqlite-utils">sqlite-utils</a></p>
2日前

Get Ready For the Powerful CSS border-shape Property!
CSS-Tricks
We recently got the shape() function and corner-shape property. What else could we possibly need as far as making shapes in CSS? Let me tell you: the border-shape property!Get Ready For the Powerful CSS border-shape Property! originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.
2日前

Boundary-Aware Styling in CSS
Master.dev Blog RSS Feed
You might think of the view() function as used in scroll-driven animations, but really it just pairs @keyframes animation with the current position of an element.
2日前
7/7 (火)

Cloudflare proudly joins the UK government's Cyber Resilience Pledge
The Cloudflare Blog
The pledge is a voluntary framework inviting organizations to commit to foundational cyber security governance, board-level accountability, and supply chain rigor. For over a decade, Cloudflare has pioneered the core pillars of this framework: democratizing security, leadership accountability, and radical transparency.
2日前

Top Chainguard alternatives 2026
Aikido Security's Blog
Comparing the best Chainguard alternatives in 2026, from Aikido Security to Docker Hardened Images, Minimus, RapidFort, and Echo.Category: DevSec Tools & Comparisons
2日前

JetBrains AI for Teams and Organizations: From Fragmented AI Usage to Coordinated Software Development
Company | The JetBrains Blog
We’re about to start rolling out a new set of AI capabilities that provide shared context, reusable agentic workflows, organization-level governance, and cost control for software production. Developers use different AI tools depending on the task – from JetBrains IDEs to terminal-based agents such as Claude Code, Codex, and other emerging solutions. That freedom is […]
2日前

Meet Kirki: WordPress’s First Visual Builder With An Infinite Canvas
Articles on Smashing Magazine — For Web Designers And Developers
We have been building websites inside boxes for years on WordPress. Let’s take a closer look at [Kirki](https://kirki.com/), the first freeform visual builder with an infinite canvas, and explore how it redefines the experience with cleaner performance, full design freedom, and zero plugin dependency.
2日前

You can now view the Activity Log at a project-level
Vercel News
Project Settings now includes its own project-specific A. This view pulls the relevant user events from the Activity Log in Team Settings. Review project-level activity without leaving your project settings. ctivity LogVisit to try it out.your project settingsRead more
2日前

Vercel acquires Better Auth to accelerate open source auth
2
Vercel News
Vercel is acquiring , the company behind the open source , which has 4.7M+ weekly npm downloads and more than 850 contributors. Founder Bereket Engida and the core team are joining Vercel to continue their work on Better Auth and agent identity.Better AuthTypeScript authentication libraryLast year, we behind Next.js, AI SDK, and Nuxt: software that's open by default, loosely coupled, and portable to any platform.published our approachBetter Auth applies it to authentication: framework-agnostic,
2日前

sqlite-utils 4.0rc4
Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.0rc4">sqlite-utils 4.0rc4</a></p> <p>The last RC before the 4.0 stable release. Mainly <a href="https://github.com/simonw/sqlite-utils/issues/769#issuecomment-4900034150">implements feedback</a> from a detailed review by Claude Fable 5.</p> <p>Tags: <a href="https://simonwillison.net/tags/sqlite-utils">sqlite-utils</a>, <a h...
2日前

PR TIMES は PHP Conference Japan 2026 に協賛・登壇します!
PR TIMES 開発者ブログ
こんにちは。バックエンドエンジニアの筒井 (@tsuttsun_wind)です。PR TIMESは、PHP Conference Japan 2026 にゴールドスポンサーとして協賛します。 PHP Conference […]
3日前

「Tech-Verse 2026」Keynote LINEヤフー Tech Blog (LY Corporation Tech Blog
2026年6月29日、LINEヤフーグループ最大の技術カンファレンス「Tech-Verse 2026」が開催されました。ここではKeynoteをアーカイブ動画と書き起こしテキストでご紹介します。アーカ...
3日前

AWS DevOps Agentの新機能カスタムエージェントで週次SREレポートをつくる
CyberAgent Developers Blog | サイバーエージェント デベロッパーズブログ
本記事は、DevOps Agentの新機能のカスタムエージェントをつかって週次のSREレポートをつく ...
3日前

Gemini Embedding 2で作るネイティブマルチモーダルRAG
CyberAgent Developers Blog | サイバーエージェント デベロッパーズブログ
本記事では、この「ネイティブ」なマルチモーダル埋め込みを活用したRAGの構築方法を解説します。
3日前

More granular observability for Vercel Sandbox
Vercel News
observability now includes detailed resource metrics, giving you deeper visibility into how your sandboxes consume compute and networking.Vercel SandboxFrom the in your dashboard, you can now monitor:Observability tabEach metric can be grouped by Sandbox Name and Sandbox Session ID, so you can drill down from aggregate usage to the individual sandbox responsible.You can also query and visualize metrics via the Vercel CLI:Metrics are available at both the team and project level and align directly
3日前

Better Auth is joining Vercel
Better Auth Blog
Better Auth is joining Vercel. We're joining to accelerate our work on open-source auth and securing agent workflows.
3日前
Give your eve agent GitHub tools
Vercel News
now ships an toolset through the new subpath. One file in can register every GitHub tool, or use a preset such as , so you can build a complete GitHub agent in nine lines of code.GitHub Toolseve@github-tools/sdk/eveagent/tools/maintainerGet started by following the .knowledge base guideRead more Every write tool, such as , requires approval unless you opt out. Gate individual tools with , , or an input-dependent predicate; pauses survive restarts and deploys.Safe by default:mergePullRequestalway
3日前

tencent/Hy3
Simon Willison's Weblog
<p><strong><a href="https://huggingface.co/tencent/Hy3">tencent/Hy3</a></strong></p>New Apache 2.0 licensed model from Tencent in China:</p><blockquote><p>Hy3 is a 295B-parameter Mixture-of-Experts (MoE) model with 21B active parameters and 3.8B MTP layer parameters, developed by the Tencent Hy Team. Following the Hy3 Preview launch in late April, we gathered feedback from 50+ products and scaled up post-training with higher quality data. To...
3日前

Git 感覚で AWS / Google Cloud / Azure のシークレットを管理できる CLI/GUI ツール「suve」を作った
ゆめみのフィード
はじめにAgentic AI 全盛期の昨今,コードを書くのも,テストを書くのも,リファクタリングするのも,かなりの部分を AI に任せられるようになりました。ところが,そんな時代においても シークレットや設定値の管理だけは,いまだに手作業でクラウドコンソールをぽちぽちするのが普通 ではないでしょうか?AWS マネジメントコンソールにログインして,SSM Parameter Store の画面を開いて,該当のパラメータを探して,「編集」ボタンを押して,テキストエリアに値を貼り付けて,保存する「あれ,この値いつ誰が変えたんだっけ?前の値なんだったっけ?」となっても,履歴画面は貧弱...
3日前

Predicting MongoDB ObjectId() continuously in Rocket.Chat
Aikido Security's Blog
Aikido's AI pentester found this file-access flaw in Rocket.Chat. A closer look at MongoDB's ObjectId() showed the weak randomness that makes it exploitable.Category: Vulnerabilities & Threats
3日前
7/6 (月)

Getting Started with Anchor Positioning
Josh Comeau's blog
For decades, one of the most notoriously-challenging problems on the web has been sticking one element to another element, for things like tooltips and nested menus. The CSSWG has decided to provide a first-class solution to this problem, and it’s pretty friggin’ cool! In this tutorial, I’ll share the most useful parts I’ve found from this modern CSS feature.
3日前

Your Worker can now have its own cache in front of it
The Cloudflare Blog
We are launching Workers Cache, a regionally tiered cache that sits directly in front of your Worker entrypoints. Infinitely composable, configured via standard HTTP headers
3日前

sqlite-utils 4.0rc3 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.0rc3">sqlite-utils 4.0rc3</a></p> <p>I hoped to release <code>sqlite-utils 4.0</code> stable this weekend, but as I worked through the backlog of issues and PRs with a combination of Claude Fable 5 and GPT-5.5 the changelog since rc2 <a href="https://sqlite-utils.datasette.io/en/latest/changelog.html#rc3-2026-07-05">kept getting bigger</a>...
3日前

Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Socket
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.
3日前

レガシープロジェクトからAI主導型プロジェクトへの転換、AXロードマップ LINEヤフー Tech Blog (LY Corporation Tech Blog
はじめに「AIを導入すれば生産性が上がるらしいが、私たちのチームはどこから手をつければいいのだろう?」と悩んだことはありませんか?既存のレガシープロジェクトをAI主導型プロジェクト(AI-driven...
4日前

ヤフーのiOSアプリにおけるローカル認証を活用した独自のデバイス認証からパスキー認証への移行対応 LINEヤフー Tech Blog (LY Corporation Tech Blog
こんにちは。Yahoo! ID連携のiOS SDKの開発・運用を担当している矢倉です。現在、多くのヤフーのiOSアプリでは、ローカル認証を活用した独自のデバイス認証による再認証機能を搭載しています。こ...
4日前

Keep Shipping Through Docker Hub Outages and Rate Limits
Nx Blog
Docker Hub outages and 429 Too Many Requests rate limits break CI pipelines. A read-through cache is the fix the infrastructure vendors recommend, and Nx Cloud offers it for your agents.
4日前
7/5 (日)

sqlite-utils 4.0rc2, mostly written by Claude Fable (for about $149.25) Simon Willison's Weblog
<p>I wrote about the <a href="https://simonwillison.net/2026/Jun/21/sqlite-utils-40rc1/">sqlite-utils 4.0rc1</a> release a couple of weeks ago. Since we only have Claude Fable on our Max subscriptions for a few more days, I decided to see if it could help me get to a 4.0 stable release that I felt truly comfortable about, since I try to keep to <a href="https://semver.org">SemVer</a> and like my incompatible major versions to be as rare as possible.</p><p&...
5日前

sqlite-utils 4.0rc2 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/sqlite-utils/releases/tag/4.0rc2">sqlite-utils 4.0rc2</a></p> <p>See <a href="https://simonwillison.net/2026/Jul/5/sqlite-utils-fable/">sqlite-utils 4.0rc2, mostly written by Claude Fable (for about $149.25)</a>.</p>
5日前

moon v2.4 - Task checks, Ruby toolchain, storage APIs, and much more
moonrepo Blog
This release is all about control and trust. We're giving tasks a way to gate, skip, and
5日前

pnpm 11.10
pnpm Blog
pnpm 11.10 adds the _auth setting for CI-friendly registry authentication, new pnpm prefix and pnpm issues commands, and the ability for pnpm self-update to install pnpm v12 (the Rust port). It also improves pnpm up accuracy, speeds up resolution against registries that ignore abbreviated metadata, and hardens global package management, pnpm deploy, and pnpm pack-app.
5日前

Building a World Map with only 500 bytes Simon Willison's Weblog
<p><strong><a href="https://www.experimentlog.com/blog/building-a-world-map-with-only-500-bytes">Building a World Map with only 500 bytes</a></strong></p>Iwo Kadziela (assisted by Codex) figured out a way to generate a credible ASCII world map using 445 bytes of data:</p><p><img alt="A map of the world rendered as black asterisk ASCII characters, it looks very good" src="https://static.simonwillison.net/static/2026/world-map-ascii.png" /><...
5日前

Better Models: Worse Tools Simon Willison's Weblog
<p><strong><a href="https://lucumr.pocoo.org/2026/7/4/better-models-worse-tools/">Better Models: Worse Tools</a></strong></p>Armin reports on a weird problem he ran into while hacking on Pi:</p><blockquote><p>The short version is that newer Claude models sometimes call Pi’s edit tool with extra, invented fields in the nested <code>edits[]</code> array. And not Haiku or some small model: Opus 4.8. The edit itself is usually correc...
5日前
7/4 (土)

Safari MCP サーバーでエージェントが Safari ブラウザを操作できるようにする
azukiazusa のテックブログ2
Web アプリケーションの開発には実ブラウザでの動作確認が必要不可欠です。Playwright CLI や chrome-devtools-mcp などエージェント向けのブラウザ操作ツールは多くが Chromium に依存しています。Safari Technology Preview 247 の MCP サーバーは、エージェントを Safari に接続し操作できるようにします。
5日前

AI SDK の MCP Apps 対応でインタラクティブな UI を返す
azukiazusa のテックブログ2
AI SDK の v7 では MCP Apps 対応が追加されました。AI モデルはツールを呼び出す際に `ui://` リソースが紐付けられていれば、アプリケーション側でその UI をサンドボックス化された環境でレンダリングすることができます。この記事では AI SDK の MCP Apps 対応を試してみた内容を紹介します。
5日前

Authentication Bypass in the default configuration phpBB
Aikido Security's Blog
Our AI pentest agents found a critical phpBB auth bypass (CVE-2026-48611): one unauthenticated request logs you into any account. See the exploit and the fix.Category: Vulnerabilities & Threats
6日前

Open Source AI Gap Map Simon Willison's Weblog
<p><strong><a href="https://map.currentai.org">Open Source AI Gap Map</a></strong></p><a href="https://www.currentai.org">Current AI</a> is "a global partnership building a public option for AI", founded as a non-profit at the AI Action Summit in Paris in February 2025 and backed by serious capital ($400m already committed).</p><p>They <a href="https://www.currentai.org/blogs/introducing-the-gap-map-v0-1">launched their Gap Map&l...
6日前

Quoting Josh W. Comeau Simon Willison's Weblog
<blockquote cite="https://bsky.app/profile/joshwcomeau.com/post/3mkxyqgrp2d2t"><p>I just launched my third course, Whimsical Animations, and so far, it’s on track to sell roughly ⅓ as many copies as a typical course launch.</p><p>It’s a similar story with my two existing courses. Sales are down significantly from last year.</p><p>There are likely a lot of reasons for this, but I think the biggest is AI. There’s sort of a double whammy with AI:</p><ol...
6日前

Fable's judgement Simon Willison's Weblog
<p>One of the most interesting tips I got from <a href="https://www.ai.engineer/worldsfair/schedule?session=asn_slot_2026_06_30_main_stage_1230_2026_06_08t09_35_43_039z">the Fireside Chat</a> I hosted with Cat Wu and Thariq Shihipar from the Claude Code team at AIE on Wednesday was to let Fable (and to a certain extent Opus) use their own judgement rather than dictating how they should work.</p><p>The example they gave was testing. You can tell Fable "only use auto...
6日前
7/3 (金)

June 2026 newsletter Simon Willison's Weblog
<p>The June edition of my <a href="https://github.com/sponsors/simonw/">sponsors-only monthly newsletter</a> is out. If you are a sponsor (or if you start a sponsorship now) you can <a href="https://github.com/simonw-private/monthly/blob/main/2026-06-june.md">access it here</a>.</p><p>This month:</p><ul><li>Claude Fable 5, GPT-5.6, and US export restrictions</li><li>GLM-5.2 is the new best open weights model</li><l...
6日前

The Field Guide to Grid Lanes
Master.dev Blog RSS Feed
The WebKit gang did a good job with The Field Guide to Grid Lanes showcasing what kind of layouts are now achievable with display: grid-lanes;. Basically: Masonry layout, with arbitrary column widths, and proper tabbing order, is now progressive-enhanceable and HTML/CSS only.
6日前

Users Don’t Need More Tools: They Need Seamless Integrations
Articles on Smashing Magazine — For Web Designers And Developers
A closer look at why users don’t need more tools in their daily lives. What they need are seamless integrations of useful features to match already existing, established mental models. Brought to you by Design Patterns For AI Interfaces, **friendly video course on UX** and design patterns by Vitaly.
6日前

The Index: Issue #189
Piccalilli - Everything
Fixing full-bleed CSSA rather deep dive into how some of the newer CSS can make this age old pattern even better.Where’s the holistic AI productivity data?It’s hard to find anything other than anecdata from individuals telling us how AI has made them individually more productive. If AI really was creating measurable improvements in productivity across entire organisations, wouldn’t we be seeing that data?[nods]The Goldilocks customizable select heightEven the new custom <select> capabiliti...
6日前

Vercel Sandbox now supports FUSE-based filesystems
Vercel News
now supports FUSE, letting you mount remote storage and custom filesystems inside a running Sandbox. Use it to attach S3 buckets, network filesystems, or any other FUSE-compatible driver as a regular path.Vercel SandboxThis makes it possible to stream large datasets directly from object storage, share state across Sandboxes through a common filesystem, or run tools that expect POSIX paths against remote sources without copying data into the Sandbox first.Learn more about in the documentation.rem
7日前

Manage Vercel Flags segments with Vercel CLI
Vercel News
segments can now be managed from the with the new command.Vercel FlagsVercel CLIvercel flags segmentsA segment is the targeting primitive a flag uses to decide who sees what. Membership composes from three repeatable tokens: , , and . Pass them to or for incremental edits. For full replacement, takes the entire segment definition as raw JSON.include:exclude:rule:--add--remove--dataAll segment commands support output, making them scriptable from CI, local workflows, and agent-driven pipelines tha
7日前

Agent Runs now available in the Vercel MCP and CLI
Vercel News
Your agent can now inspect via the Vercel MCP and CLI for , the open-source agent framework.Agent Runseveeve traces are automatically ingested when deployed to Vercel and available as Agent Runs. The new and let you find projects with runs, list recent runs, and retrieve full traces, including reasoning, tool calls, and token usage.Vercel MCP toolsVercel CLI commandsVercel MCP tools:Vercel CLI commands:Every CLI subcommand supports for machine-readable output, and traces render as markdown when
7日前

You have been invited to the 0xInsider.com Discord server!
Trevor I. Lasn, Building 0xinsider
Join the 0xInsider.com Discord community — talk markets, odds, and predictions with fellow prediction market traders in real time.
7日前

BigQuery未使用テーブルをData Lineage APIで検出する監視システム
CyberAgent Developers Blog | サイバーエージェント デベロッパーズブログ
はじめに ABEMA の Data Platform チームに所属している河野です。 ...
7日前

StepSecurity Maintained Actions Are Now Free for Public Repos
Step Security Blog
StepSecurity Maintained Actions are now free for public repos. Secure, drop-in replacements for risky third-party GitHub Actions, reviewed and actively maintained.
7日前

10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions
Step Security Blog
TeamPCP weaponized 76 Trivy version tags overnight. The KICS attack followed the same playbook days later. One security control is not enough. Here is how the StepSecurity platform's ten independent security layers work together to prevent credential exfiltration, detect compromised actions at runtime, and respond to incidents across your entire organization before attackers can succeed.
7日前

llm-coding-agent 0.1a0 Simon Willison's Weblog
<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-coding-agent/releases/tag/0.1a0">llm-coding-agent 0.1a0</a></p> <p>Another Fable 5 experiment. Now that my <a href="https://llm.datasette.io/">LLM library</a> has evolved into more of an agent framework it's time to see what a simple coding agent would look like built on it.</p><p>I started a <a href="https://github.com/simonw/llm-coding-agent/tree/2466fa03ba8...
7日前

Using DSPy to evaluate and improve Datasette Agent's SQL system prompts Simon Willison's Weblog
<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/dspy-datasette-agent-prompts#readme">Using DSPy to evaluate and improve Datasette Agent&#x27;s SQL system prompts</a></p> <p>One of this morning's AIE keynotes covered <a href="https://github.com/stanfordnlp/dspy">dspy</a>, which reminded me I've been meaning to see if it could help me improve the system prompt used by <a href="https://agent.datasette....
7日前

Cloudflare Workers and Hyperdrive with TanStack Start
Master.dev Blog RSS Feed
In Part 2 of the series on using Cloudflare with Web Apps, the focus is on setting up a database and addressing key issues like performance and connection management.
7日前

Understand to participate Simon Willison's Weblog
<p>I saw Geoffrey Litt speak at <a href="https://www.ai.engineer/worldsfair/2026">AIE</a> yesterday, and one framing he used particularly resonated with me:</p><p><strong>Understand to participate</strong></p><p>Geoffrey was talking about the challenge of collaborating with coding agents as they construct increasingly large and sophisticated changes, and the need to avoid taking on <a href="https://simonwillison.net/tags/cognitive-debt/"&...
7日前

Toolbox App 3.6: Smarter Storage Cleanup, Windows installation diagnostics, and More
Company | The JetBrains Blog
Toolbox App 3.6 gives you better control over local storage and makes Windows installation failures easier to diagnose. Clean up removable Toolbox App data from Settings The Toolbox App now shows how much removable data it can safely clean up, providing a breakdown for the download cache, previous versions, temporary leftovers, and leftover tool directories. […]
7日前

How GitHub used secret scanning to reach inbox zero
The GitHub Blog
GitHub had 20,000+ secret scanning alerts across 15,000 repositories. Here's how we separated signal from noise, built remediation workflows, and reached inbox zero in nine months.The post How GitHub used secret scanning to reach inbox zero appeared first on The GitHub Blog.
7日前






