Looking at research and experiments that are designed to automatically generate user interfaces based on user preferences.Generative UI Notes originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Accessibility had never really played a significant role since I started working as a front-end developer in 2019. It didn’t have a significant role in my boot camp, or in YouTube tutorials I watched, and certainly not in my job.At some point I got very invested in accessibility, because it was the missing link for me in my profession. Suddenly, the things I built not only looked good, but they also worked as expected when using a keyboard and a screen reader. Slowly, practicing web development

AI is increasingly involved in deployment decisions—auto-rollbacks, approvals, test selection—but not all “AI-driven deployments” are the same. There’s a critical distinction engineering leaders need to understand: How does AI-driven deployment differ between traditional software and ML models (MLOps), and what does that mean for our CI/CD pipeline? If you don’t account for this difference, you […]The post How does AI-driven deployment differ between traditional software and ML models (MLOps)? a

Success in modern UX isn’t about having the most content. It’s about having the most findable content. Yet even with more data and better tools than ever, internal search often fails, leaving users to rely on global search engines to find a single page on a local site. Why does the “Big Box” still win, and how can we bring users back?

A look at recent ISP and government-directed blocks of Supabase domains in three regions—what triggered them, how we worked with authorities and customers to restore access, and what multi-tenant platforms can do to prepare.

Web バックエンドエンジニアの早坂です。本稿は、2025年11月に開催された JJUG CCC 2025 Fall における登壇「Virtual Thread Deep Dive」を記事としてまとめ...

はじめに こんにちは！株式会社LegalOn Technologies、SET（Software Engineer in Test）の引持(@rmochioo)です。普段は自動テストの推進やQA部門横断の施策に取り組んでいます。 2026年3月20日(金・祝)、東京ビッグサイト会議棟にて「ソフトウェアテストシンポジウムJaSST’26 Tokyo」が開催されました。私は「QAプロセスAI支援ツールキットの導入とその効果について」というタイトルで、登壇しました。 本記事では、当日お話しした内容についてと、印象に残った発表を幾つかピックアップしてご紹介したいと思います。

If 2025 was the year of AI adoption, 2026 is when AI evolves from a software story to a people story. Katya Laviolette, our Chief People Officer, explored this idea in a recent Forbes article about how 1Password’s internal network of AI Champions is shaping this evolution and helping us set the standard for how we use AI to drive impact across 1Password.AI tools help us move faster, but it takes curiosity and judgement to unlock their full value, build new ways of working, and to deliver meaning

Developers need to expand their skills because coding agents are taking an increasing part of their job. Let's start with usability!

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-files-s3/releases/tag/0.1a1">datasette-files-s3 0.1a1</a></p> <p>A backend for <a href="https://github.com/datasette/datasette-files">datasette-files</a> that adds the ability to store and retrieve files using an S3 bucket. This release added <a href="https://github.com/datasette/datasette-files-s3/blob/main/README.md#credentials-broker-response">a mechanism&l...

<p><strong><a href="https://news.ycombinator.com/item?id=47517539">Thoughts on slowing the fuck down</a></strong></p>Mario Zechner created the <a href="https://github.com/badlogic/pi-mono">Pi agent framework</a> used by OpenClaw, giving considerable credibility to his opinions on current trends in agentic engineering. He's not impressed:</p><blockquote><p>We have basically given up all discipline and agency for a sort of addictio...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm/releases/tag/0.1a1">datasette-llm 0.1a1</a></p> <p>New release of the base plugin that makes models from <a href="https://llm.datasette.io/">LLM</a> available for use by other Datasette plugins such as <a href="https://github.com/datasette/datasette-enrichments-llm">datasette-enrichments-llm</a>.</p><blockquote><ul><li>New &lt...

Widespread GitHub phishing campaign uses fake Visual Studio Code security alerts in Discussions to trick developers into visiting malicious website.

From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out.The post Updates to GitHub Copilot interaction data usage policy appeared first on The GitHub Blog.

<p><strong><a href="https://futuresearch.ai/blog/litellm-hack-were-you-one-of-the-47000/">LiteLLM Hack: Were You One of the 47,000?</a></strong></p>Daniel Hnyk used the <a href="https://console.cloud.google.com/bigquery?p=bigquery-public-data&d=pypi">BigQuery PyPI dataset</a> to determine how many downloads there were of <a href="https://simonwillison.net/2026/Mar/24/malicious-litellm/">the exploited LiteLLM packages</a> during...

In January, we introduced our Nightly package for RPM-based Linux distributions. Today, we are thrilled to announce it is now available for Firefox Beta! Firefox Beta is great for testing your sites in a version of Firefox that will reach regular users in the coming weeks. If you find any issues, please file them on […]The post Firefox Developer Edition and Beta: Try out Mozilla’s .rpm package! appeared first on Mozilla Hacks - the Web developer blog.

記事は ics.media へアクセスしてご覧ください。

Compare WYSIWYG and Markdown editors across collaboration, storage, and UX. Learn which fits your team and how to pick the right embeddable editor.

Storybook MCP は Storybook と AI エージェントを接続し、エージェントがコンポーネントドキュメントを参照しつつコードを生成したり、ストーリーを作成して UI コンポーネントをテストしたりできるようにする機能です。この記事では、Storybook MCP を実際に試してみた内容を紹介します。

はじめに こんにちは、LegalOn TechnologiesでCTOをしている深川です。実は来週第一子が出産予定でドキドキワクワクがとまりません。 最近、社内向けに「AI時代の開発チームサイズ」に関するガイドラインを策定しました。AIによるコード生成・テスト・レビューの能力が急速に向上するなかで、開発チームの最適な人数は何名なのか——これは多くの開発組織が直面しているテーマだと思います。 本記事では、そのガイドラインの中から「チームサイズの検討」の部分を切り出し、対外的に共有できる形でお届けします。完璧な正解ではありませんが、同じような課題に向き合う方々の参考になれば幸いです。

How I implemented real-time updates in less than 100 lines of code using Mercure in a React application with Symfony.

Traditional approaches to linting TypeScript-based languages have had significant drawbacks for many years. They're often difficult to configure and come with limitations that prevent rules from fully understanding the types of code. Flint introduces a comprehensive Volar.js-based architecture that enables fully type-aware lint rules for languages like Astro, Svelte, and Vue. Learn how Flint's architecture solves this once and for all!

<p><strong><a href="https://claude.com/blog/auto-mode">Auto mode for Claude Code</a></strong></p>Really interesting new development in Claude Code today as an alternative to <code>--dangerously-skip-permissions</code>:</p><blockquote><p>Today, we're introducing auto mode, a new permissions mode in Claude Code where Claude makes permission decisions on your behalf, with safeguards monitoring actions before they run.</p></...

You don't necessarily have to do focus handling yourself with shadow DOM web components. For simple wrapper components, there is an easier (and better) way.

<p><strong><a href="https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html">Package Managers Need to Cool Down</a></strong></p>Today's <a href="https://simonwillison.net/2026/Mar/24/malicious-litellm/">LiteLLM supply chain attack</a> inspired me to revisit the idea of <a href="https://simonwillison.net/2025/Nov/21/dependency-cooldowns/">dependency cooldowns</a>, the practice of only installing updated dependencies once t...

<blockquote cite="https://bsky.app/profile/mims.bsky.social/post/3mhsux67xpk2d"><p>I really think "give AI total control of my computer and therefore my entire life" is going to look so foolish in retrospect that everyone who went for this is going to look as dumb as Jimmy Fallon holding up a picture of his Bored Ape</p></blockquote><p class="cite">— <a href="https://bsky.app/profile/mims.bsky.social/post/3mhsux67xpk2d">Christopher Mims</a>, T...

Five malicious npm packages typosquatting crypto libraries steal private keys via Telegram, targeting Solana and Ethereum developers, with active C2 infrastructure.

March has a way of bringing a lot of new things to WebKit — and this year is no exception.

Learn how to integrate the Copilot SDK into a React Native app to generate AI-powered issue summaries, with production patterns for graceful degradation and caching.The post Building AI-powered GitHub issue triage with the Copilot SDK appeared first on The GitHub Blog.

TeamPCP is targeting security tools across the OSS ecosystem, turning scanners and CI pipelines into infostealers to access enterprise secrets.

<p><strong><a href="https://github.com/BerriAI/litellm/issues/24512">Malicious litellm_init.pth in litellm 1.82.8 — credential stealer</a></strong></p>The LiteLLM v1.82.8 package published to PyPI was compromised with a particularly nasty credential stealer hidden in base64 in a <code>litellm_init.pth</code> file, which means installing the package is enough to trigger it even without running <code>import litellm</code>.</p><p...

Before version 1.29.7, NGINX used HTTP/1.0 by default for connecting to HTTP upstream servers. This older version of the protocol does not have the capability of HTTP persistent connections, commonly known as “keep-alive.” Keep-alive reduces the number of handshakes, reduces latency, and reduces time to first byte for most regular web applications. In order to […]

We’re introducing Dynamic Workers, which allow you to execute AI-generated code in secure, lightweight isolates. This approach is 100 times faster than traditional containers, enabling millisecond startup times for AI agent sandboxing.

Accessibility works best when it blends into everyday design workflows. The goal isn’t a big transformation, but simple work processes that fit naturally into a team’s routine. With Figma variables, testing font size increases becomes part of the design flow itself, making accessibility feel almost inevitable rather than optional.

AI is beginning to change how software is produced. Instead of just assisting developers inside the editor, AI agents now investigate issues, generate code, run tests, and execute multi-step workflows. As this work scales, software development extends beyond individual tools or sessions. It becomes a distributed system of agents, environments, and workflows that operate across […]

AI is quickly moving into the critical path of software delivery from test automation to deployment decisions like auto-rollbacks, approvals, and release gating. For engineering leaders, this raises a practical and urgent question: What guardrails do we need to safely use AI in our CI/CD pipeline without increasing risk? If your continuous integration and continuous […]The post What guardrails or policies should be in place when AI is part of deployment decisions (e.g., auto-rollback, approvals)

Starting with NGINX Ingress Controller (NIC) v5.4.0, you can define CORS behavior once in a Policy resource and apply it consistently across both VirtualServer and Ingress traffic paths. Across this blog, we’re focused on: Why Use a Policy For CORS? Many teams start with per-resource tuning and quickly end up with drift. Using a dedicated […]

こんにちは。LINEヤフー研究所でHuman-Computer Interaction（HCI）の分野の研究をしている池松です。皆さんはスマートフォン（以下、スマホ）でレシピを見ながら調理しているとき...

<p>I wrote about Dan Woods' experiments with <strong>streaming experts</strong> <a href="https://simonwillison.net/2026/Mar/18/llm-in-a-flash/">the other day</a>, the trick where you run larger Mixture-of-Experts models on hardware that doesn't have enough RAM to fit the entire model by instead streaming the necessary expert weights from SSD for each token that you process.</p><p>Five days ago Dan was running Qwen3.5-397B-A17B in 48GB of RAM. Today <...

The final report for Ruby Association Grant on TutorialKit.rb—a toolkit for building interactive Ruby and Rails tutorials that run entirely in the browser using WebAssembly and WebContainers. Featuring a full-featured installer, agent-friendly development workflow, deployment pipelines, HTTP support, and real-world examples.

What sets this attack apart is the skimmer itself. Instead of the usual HTTP requests or image beacons, this malware uses WebRTC DataChannels to load its payload and exfiltrate stolen payment data....

Add a "Sign in with Slack" button to your app in minutes using WorkOS AuthKit.

Decode, verify, and inspect JWTs; built by the team that does auth for a living.

Common threats from sign-up to sign-in: what can go wrong, how attackers exploit it, and how to stop them.

<blockquote cite="https://bsky.app/profile/schwarzgerat.bsky.social/post/3mhqu5dogos2v"><p>slop is something that takes more human effort to consume than it took to produce. When my coworker sends me raw Gemini output he’s not expressing his freedom to create, he’s disrespecting the value of my time</p></blockquote><p class="cite">— <a href="https://bsky.app/profile/schwarzgerat.bsky.social/post/3mhqu5dogos2v">Neurotica</a>, @schwarzgerat.bsky...

TypeScript 6.0 introduces new standard APIs, modern default settings, and deprecations as it prepares projects for the upcoming TypeScript 7.0 release.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-files/releases/tag/0.1a2">datasette-files 0.1a2</a></p> <p>The most interesting alpha of <a href="https://github.com/datasette/datasette-files">datasette-files</a> yet, a new plugin which adds the ability to upload files directly into a Datasette instance. Here are the release notes in full:</p><blockquote><ul><li>Columns are now configured u...

はじめに こんにちは、株式会社LegalOn Technologies ソフトウェアエンジニアのわたりょーです。デザインシステムチームに所属し、社内デザインシステム「Aegis」を開発・運用しています。 「Aegis」は、LegalOn Technologiesのプロダクト群で一貫した UI を実現するための社内デザインシステムです。UI コンポーネントライブラリ、デザイントークン、ガイドラインなどを提供し、複数プロダクトの開発効率と品質を支えています。 本記事では、AI コーディングエージェント（Claude Code / Codex など）向けに Agent Skills（以下、Skill…

Drawing an line with arrows pointing to the center of two arbitrary elements measuring and displaying the distance between them doesn't seem like it would be possible in CSS alone... but...

<blockquote cite="https://www.davidabram.dev/musings/the-machine-didnt-take-your-craft/"><p>I have been doing this for years, and the hardest parts of the job were never about typing out code. I have always struggled most with understanding systems, debugging things that made no sense, designing architectures that wouldn't collapse under heavy load, and making decisions that would save months of pain later.</p><p>None of these problems can be solved LLMs. They can sugges...

Storybook-powered agentic UI development

Today, we’re excited to announce kubernetes.nginx.org, a new community hub for everything NGINX networking on Kubernetes, along with a brand-new Kubernetes community Ingress-NGINX Migration Tool designed to make moving from the Kubernetes community Ingress-NGINX controller to the NGINX Ingress Controller as smooth as possible. Why a Community Hub? Whether you’re running NGINX Ingress Controller, exploring […]

The latest update to the CKEditor contributed modules brings AI writing and editing directly into Drupal. Premium Features module 1.8.0 introduces CKEditor AI, adding AI Chat, AI Review, AI Translate, and AI Quick Actions inside the rich text editor. Authors can write, review, and translate content without the back and forth of third-party tools.

Today we are excited to announce the availability of TypeScript 6.0! If you are not familiar with TypeScript, it’s a language that builds on JavaScript by adding syntax for types, which enables type-checking to catch errors, and provide rich editor tooling. You can learn more about TypeScript and how to get started on the TypeScript […]The post Announcing TypeScript 6.0 appeared first on TypeScript.

CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.The post GitHub expands application security coverage with AI‑powered detections appeared first on The GitHub Blog.

The new CSS corner-shape() property is mathematical, so it’s easily animated. Author Daniel Schwarz pokes at animating the property for interesting UI effects.Experimenting With Scroll-Driven corner-shape Animations originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Cloudflare's Gen 13 servers introduce AMD EPYC™ Turin 9965 processors and a transition to 100 GbE networking to meet growing traffic demands. In this technical deep dive, we explain the engineering rationale behind each major component selection.

Cloudflare’s Gen 13 servers double our compute throughput by rethinking the balance between cache and cores. Moving to high-core-count AMD EPYC ™ Turin CPUs, we traded large L3 cache for raw compute density. By running our new Rust-based FL2 stack, we completely mitigated the latency penalty to unlock twice the performance.

There is a lil’ UI detail on this blog. Most people don’t even notice it, but the ones who do often reach out, asking how on earth it works. It feels like it defies the rules of CSS! In this blog post, I’ll break down the surprisingly-straightforward implementation so you can start using this trick yourself.

1月に AAAI-2026（The 40th Annual AAAI Conference on A ...

本記事は、Datadog agent-skillsとpupをGithub Actionsで実行し、自 ...

<p>Last month I <a href="https://simonwillison.net/2026/Feb/20/beats/">added a feature I call beats</a> to this blog, pulling in some of my other content from <a href="https://simonwillison.net/elsewhere/">external sources</a> and including it on the homepage, search and various archive pages on the site.</p><p>On any given day these frequently outnumber my regular posts. They were looking a little bit thin and were lacking any form of explanation beyon...

こんにちは、LINEヤフー株式会社の井上 秀一です。私は2024年4月に新入社員としてLINEヤフー株式会社に入社し、現在は社内向け Kubernetes as a Service である FKE チ...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/starlette-1-skill#readme">Starlette 1.0 skill</a></p> <p>See <a href="https://simonwillison.net/2026/Mar/22/starlette/">Experimenting with Starlette 1.0 with Claude skills</a>.</p> <p>Tags: <a href="https://simonwillison.net/tags/starlette">starlette</a></p>

How do you measure product-market fit for a developer tool? A PMF scoring model from Evil Martians—a product development consultancy for developer tools startups—built on data from 37 devtools companies across AI, infrastructure, and cybersecurity. Five metrics, real benchmarks, and a dual score that tells you whether to invest in product or go-to-market.

Users don't use data-testid, so why do your tests?

A practical comparison of the two protocols reshaping how agents pay for services in 2026.

A practical comparison of modern auth providers, trade-offs, and best practices for React Router apps.

The Model Context Protocol's 2026 roadmap acknowledges what enterprises deploying MCP at scale already know: the protocol has real gaps in auth, observability, gateway patterns, and configuration portability. Here's what's on the table and why it matters.

The big AI chat apps ship heavy rendering libraries to every device. Cheddy Chat renders markdown server-side and streams finished HTML, eliminating 160-440KB of client JavaScript while keeping the main thread free.

Why AI-Assisted Development Is More Exhausting Than It Should BeThe promise of AI-assisted development is that it should make developers' lives easier. In some ways it does. Yet I see many developers suffering from post-LLM burnout and exhaustion.In part, it is because of the unrealistic expectations of the organizations they work for, caught up in AI hype and FOMO.However, I am seeing another issue. And it's one rooted in the psychology of human-computer interaction (HCI).Cognitive ModesWhen yo

<p><a href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">Starlette 1.0 is out</a>! This is a really big deal. I think Starlette may be the Python framework with the most usage compared to its relatively low brand recognition because Starlette is the foundation of <a href="https://fastapi.tiangolo.com/">FastAPI</a>, which has attracted a huge amount of buzz that seems to have overshadowed Starlette itself.</p><p>Kim Christie started wo...

Newly published Trivy Docker images (0.69.4, 0.69.5, and 0.69.6) were found to contain infostealer IOCs and were pushed to Docker Hub without corresponding GitHub releases.

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/pcgamer-audit#readme">PCGamer Article Performance Audit</a></p> <p>Stuart Breckenridge pointed out that <a href="https://stuartbreckenridge.net/2026-03-19-pc-gamer-recommends-rss-readers-in-a-37mb-article/">PC Gamer Recommends RSS Readers in a 37MB Article That Just Keeps Downloading</a>, highlighting a truly horrifying example of web bloat that added up to 1...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/javascript-sandboxing-research#readme">JavaScript Sandboxing Research</a></p> <p>Aaron Harper <a href="https://www.inngest.com/blog/node-worker-threads">wrote about Node.js worker threads</a>, which inspired me to run a research task to see if they might help with running JavaScript in a sandbox. Claude Code went way beyond my initial question and produced a ...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/dns">DNS Lookup</a></p> <p>TIL that Cloudflare's 1.1.1.1 DNS service (and 1.1.1.2 and 1.1.1.3, which block malware and malware + adult content respectively) has a CORS-enabled JSON API, so I <a href="https://github.com/simonw/tools/pull/258#issue-4116864108">had Claude Code build me</a> a UI for running DNS queries against all three of those resolvers.</p> <p>Tags...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/manyana">Merge State Visualizer</a></p> <p>Bram Cohen wrote about his <a href="https://bramcohen.com/p/manyana">coherent vision for the future of version control</a> using CRDTs, illustrated by <a href="https://github.com/bramcohen/manyana/blob/main/manyana.py">470 lines of Python</a>.</p><p>I fed that Python (minus comments) into Claude and asked for ...

Claude Code v2.1.80 から Research Preview 版として Claude Code channels（以下、チャンネル）が利用できるようになりました。チャンネルとは実行中の Claude Code のセッションに対して、外部からイベントを送ることができる MCP サーバーのことです。この記事では、Claude Code と Discord 連携がどのように動作しているのか、その仕組みを解説します。

One night, I wrote a simple tool to pick a random programming language. After shuffling a few times, I landed on Arturo. I decided to try it for fun.What’s Arturo?Best I understand, Arturo is a stack-based programming language. It’s primarily maintained by Yanis Zafirópulos. They published a vision of the language in 2020. Here’s the stated goal from that post:to make something that I myself will use as an easier do-it-all scripting language, you know… automation scripts, templating, latex gener

I wrote a web app to choose a random programming language.It’s very simple; I hestitate to even call it an “app”! The interesting part was scraping all the languages on Rosetta Code, and even that wasn’t very interesting. But I hope you like it!I learned about a language called Arturo this way, and wrote a short story about that experience.

I created a new visualisation for my homepage rotation.Here’s a demo:It’s just a basic flow field simulation with particles tracing their paths along the space. I used the p5.js framework. It reacts to mouse movements!I did a few optimisations to make it smoother, but in the end I had to lower the framerate and tried to make the low frame rate look intentional. Optimisation was important especially for mobile devices.Some of the optimisations include:Using sprites / textures instead of the vecto

<p>Here's a mildly dystopian prompt I've been experimenting with recently: "Profile this user", accompanied by a copy of their last 1,000 comments on Hacker News.</p><p>Obtaining those comments is easy. The <a href="https://hn.algolia.com/api">Algolia Hacker News API</a> supports listing comments sorted by date that have a specific tag, and the author of a comment is tagged there as <code>author_username</code>. Here's a JSON feed of my (<code>sim...

We released NGINX Ingress Controller v5.4.0 ahead of KubeCon Europe, and this one is worth the noise. This release is laser-focused on making it easier for teams running ingress-nginx to migrate to NGINX Ingress Controller, without sacrificing the features and workflows they depend on. Here’s what’s new! Configuration Resilience and Validation What’s new: Ingress and […]

<p><em><a href="https://simonwillison.net/guides/agentic-engineering-patterns/">Agentic Engineering Patterns</a> ></em></p> <p>Git is a key tool for working with coding agents. Keeping code in version control lets us record how that code changes over time and investigate and reverse any mistakes. All of the coding agents are fluent in using Git's features, both basic and advanced.</p><p>This fluency means we can be more ambitious abou...

<p><strong><a href="https://tools.simonwillison.net/turbo-pascal-deconstructed">Turbo Pascal 3.02A, deconstructed</a></strong></p>In <a href="https://prog21.dadgum.com/116.html">Things That Turbo Pascal is Smaller Than</a> James Hague lists things (from 2011) that are larger in size than Borland's 1985 Turbo Pascal 3.02 executable - a 39,731 byte file that somehow included a full text editor IDE and Pascal compiler.</p><p>This inspired...

The worm-enabled campaign hit @emilgroup and @teale.io, then used an ICP canister to deliver follow-on payloads.

<blockquote cite="https://twitter.com/Kimi_Moonshot/status/2035074972943831491"><p>Congrats to the <a href="https://x.com/cursor_ai">@cursor_ai</a> team on the launch of Composer 2!</p><p>We are proud to see Kimi-k2.5 provide the foundation. Seeing our model integrated effectively through Cursor's continued pretraining & high-compute RL training is the open model ecosystem we love to support.</p><p>Note: Cursor accesses Kimi-k2.5 via <a...

On February 25, 2026, HubSpot experienced a service disruption affecting user access to specific types of workflows within our user interface. All backend workflow automations continued to execute normally without interruption - no automations were delayed, missed, or lost. We have completed a thorough analysis of this incident and are implementing targeted safeguards to prevent this class of failure from recurring.

Josh Tumath: Have you ever noticed that when you increase the system text size in your iOS or Android phone’s accessibility settings, the text gets bigger everywhere except on the web? On Safari and Chrome, it makes absolutely no difference. New thing: <meta name=text-scale> This isn’t page zoom, which scales everything, it’s just respects the […]

Azure Entra ID doesn't support deep nested group expansion over SCIM, which catches a lot of teams off guard when setting up Directory Sync. This post explains exactly why that limitation exists, three practical patterns to work around it, and how the situation compares to Google Workspace.

Dropdowns often work perfectly until they’re placed inside a scrollable panel, where they can get clipped, and half the menu disappears behind the container’s edge. Godstime Aburu explains why this happens and offers practical solutions to fix it.

Just a quick note before we get into this issue. We're moving back to a once per week cadence on Fridays after this issue.We've got a lot on in the studio right now, so making time to curate two issues a week is getting tougher. I'd rather make sure the quality of one issue is top notch.The next issue will be be Friday March 27!What's My ΔE(OK) JND?A fun colour recognition game that gets really quite hard as you go through it!Glasses Cleaning SimulatorDoes exactly what it says on the tin!Links s

AI-based test selection promises faster CI builds by running only the tests most likely to be impacted by a code change. In large repositories with thousands of tests, this can significantly reduce build times. But there’s a trade-off. If implemented poorly, AI test selection can reduce reliability, increase escaped defects, and erode trust in CI […]The post How to Add AI Test Selection Without Breaking CI Reliability appeared first on Semaphore.

Claude Code v2.1.80 から Research Preview 版として Claude Code channels（以下、チャンネル）が利用できるようになりました。チャンネルとは実行中の Claude Code のセッションに対して、外部からイベントを送ることができる MCP サーバーのことです。この記事では、Discord からチャンネルを通じて Claude Code とやり取りする方法を紹介します。

Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/sqlite-tags-benchmark#readme">SQLite Tags Benchmark: Comparing 5 Tagging Strategies</a></p> <p>I had Claude Code run a micro-benchmark comparing different approaches to implementing tagging in SQLite. Traditional many-to-many tables won, but FTS5 came a close second. Full table scans with LIKE queries performed better than I expected, but full table scans with JSON array...

The iron triangle of software development is dead. AI has changed the math.

HighlightsAPI Support for Bulk SuppressionsESLint v10.1.0 introduces API support for the bulk suppressions feature that was previously only available in the CLI.ESLint API consumers, such as IDEs, can now pass the applySuppressions: true option to the ESLint constructor. With this option, suppressions from the suppressions file are automatically applied to results from ESLint#lintFiles() and ESLint#lintText() methods.const eslint = new ESLint({ applySuppressions: true, // optional, defaults to `

We built 1Password® Unified Access to extend identity security beyond humans to the agents and machine workloads operating across your business. In practice, that means securing not just who gets access, but how agentic systems connect to tools, services, and data.That makes the MCP gateway a critical control point. It sits between AI agents and the systems they need to reach, making it the natural place to enforce policy, visibility, and governance. But in many deployments, it also becomes the

AI agents can now rewrite an app in hours. But software value lies in judgment, trust, and specification — not code. Here's why the craft of software engineering is evolving, not dying.

Welcome to a special edition of Tales from the Void! Last weeks VoidZero Launch Week brought changes to how you build, test, lint, and deploy JavaScript.Here's what shipped and why it matters.Oxlint: JS Plugins Alpha ​Oxlint's JS Plugins Alpha brings near-100% compatibility with the ESLint plugin ecosystem. Your existing ESLint plugins run inside Oxlint unmodified, alongside 650+ native Rust rules, while linting up to 100x faster than ESLint.Why it matters: For around 80% of ESLint users Oxlint

Add production-ready authentication to your FastAPI server in under an hour.

Use AI coding agents and WorkOS Skills to generate production-ready flows in your framework, language, and design system.

Kimi K2.5 is now on Workers AI, helping you power agents entirely on Cloudflare’s Developer Platform. Learn how we optimized our inference stack and reduced inference costs for internal agent use cases.

As contribution volume grows, mentorship signals are harder to read. The 3 Cs framework helps maintainers mentor more strategically... without burning out.The post Rethinking open source mentorship in the AI era appeared first on The GitHub Blog.

ENISA’s new package manager advisory outlines the dependency security practices companies will need to demonstrate as the EU’s Cyber Resilience Act begins enforcing software supply chain requirements.

<p>The big news this morning: <a href="https://astral.sh/blog/openai">Astral to join OpenAI</a> (on the Astral blog) and <a href="https://openai.com/index/openai-to-acquire-astral/">OpenAI to acquire Astral</a> (the OpenAI announcement). Astral are the company behind <a href="https://simonwillison.net/tags/uv/">uv</a>, <a href="https://simonwillison.net/tags/ruff/">ruff</a>, and <a href="https://simonwillison.net/tags/ty/">ty</a>...

An inside look at repository-native orchestration with GitHub Copilot and the design patterns behind multi-agent workflows that stay inspectable, predictable, and collaborative. The post How Squad runs coordinated AI agents inside your repository appeared first on The GitHub Blog.

An image gallery is a nice example of AIM, where the larger version of an image can "morph" out from the smaller one when opened, and back in when closed.