Jonathan Reimer shares insights on open source startups, developer go-to-market, ecosystem trends, and how AI is reshaping software.The post Jonathan Reimer on Open Source, Startups, and AI appeared first on Semaphore.

Butterick’s Practical TypographyThis book (available to read online) is absolutely packed full of gold.Staggered animation with CSS sibling-* functionsA great, practical article teaching you about the newer sibling-index() and sibling-count() functions in CSS.EchoFeedEverything you read outside of the Piccalilli site (including this email) is powered by tooling like this under the hood. Automation without the hassle is always a good thing too in our experience.Why do you need big tech for your S

こんにちは、技術広報のえんじぇるです。 STORES Tech Conf 2025 “What Would You Do?” の開催が近づいてきました！準備に邁進している今日この頃です。 storesinc.tech STORES Tech Conf 2024からコンテンツを大幅に増やしているので、この記事では STORES Tech Conf 2025 “What Would You Do?”のセッション以外のお楽しみポイントを紹介します。 ポスターセッション 前回好評だったポスターセッションがパワーアップし、15の発表があります！ 先日ポスターセッションのレビューをしたのですが、会議室がポ…

If you’ve built anything with AI tools lately…You’ve probably seen a file like this sitting in your project root:{ "tools": { "github": { "endpoint": "https://api.github.com", "auth": { "token": "ghp_your-secret-token" } } } }That’s a typical mcp.json, the file many agentic development environments (like Cursor or Claude Code) use to tell an MCP server what APIs it can call and what credentials to use.It’s handy. It works. It’s also a plaintext secret waiting to leak.Push that repo to GitHub, sy

There is quite a bit of interesting design possibility with `random()` coming to CSS. It pairs nicely with animation, particularly animation-composition for agumenting those generated values.

A safer, faster way to eliminate vulnerabilities without updating dependencies

Prevent accessibility issues before they reach production. The Annotation Toolkit brings clarity, compliance, and collaboration directly into your Figma workflow.The post Level up design-to-code collaboration with GitHub’s open source Annotation Toolkit appeared first on The GitHub Blog.

The Gemini 3 Pro Preview model, released today, is now available through the and on . Thanks to Google, Vercel has been testing Gemini 3 Pro Preview across v0, Next.js, AI SDK, and Vercel Sandbox over the past several weeks.Vercel AI Gatewayv0.appWe've noticed the model has an increased focus on coding, multimodal reasoning, and tool use, though it's seen improvements across the board.From our testing, Gemini 3 Pro Preview delivers substantial improvements in instruction following and response c

You can now access Google's latest model, Gemini 3 Pro, via Vercel's with no other provider accounts required.AI GatewayGemini 3 Pro excels at challenging tasks involving reasoning or agentic workflows. In particular, the model improves on Gemini 2.5 Pro's performance in multi-step function calling, planning, reasoning over complex images/long documents, and instruction following.To use Gemini 3 Pro in AI Gateway with the , set to . Gemini 3 Pro is a reasoning model, and you can specify the leve

At JetBrains, we love seeing the developer community grow and thrive. That’s why we support open-source projects that make a real difference — the ones that help developers learn, build, and create better software together. We’re proud to back open-source maintainers with free licenses and to contribute to initiatives that strengthen the ecosystem and the […]

Server chaos doesn’t have to be the norm. AI-ready infrastructure and automation can bring clarity, performance, and focus back to your web work.

Two-step location permissions in Chrome on Windows for enhanced user privacy and control.

こんにちは、原田伶央です。DX内製エンジニア専門組織「INTECH」でFlutterエンジニアをして ...

Cloudflare suffered a service outage on November 18, 2025. The outage was triggered by a bug in generation logic for a Bot Management feature file causing many Cloudflare services to be affected.

Introduction — The Accidental Era of "AI First" Over the last two years, you've probably noticed a strange vibe in the software world: everyone is moving at impossible speed while simultaneously questioning if any of this will matter in five years. We've crossed into a world where individuals can do what once required teams. A world where "engineering" sometimes means "describe the system you want and let an agent scaffold 70% of it." A world where the differentiator is no longer what you can bu

I like programming languages where variables are immutable by default. For example, in Rust, let declares an immutable variable and let mut declares a mutable one. I’ve long wanted this in other languages, like TypeScript, which is mutable by default—the opposite of what I want!I wondered: is it possible to make TypeScript values immutable by default?My goal was to do this purely with TypeScript, without changing TypeScript itself. That meant no lint rules or other tools. I chose this because I

IT and security leaders share a common goal: to empower teams to move fast without compromising security.Over the past year, we partnered closely with customers across industries to understand what helps them scale and where they need more flexibility and control.Their feedback shaped our latest updates to 1Password Enterprise Password Manager (EPM). Each enhancement is designed to make enterprise deployment and governance faster, simpler, and more intuitive so security teams can focus on strate

Everything you need to know to implement and validate JWTs securely in Go: from signing to verifying with JWKS, with code examples and best practices throughout.

こんにちは、先日開催された社内イベント「ごーとんカップ 2025」にてセキュリティチャンピオンになりました、ソフトウェアエンジニアの渡邉(匠)です。「カミナシ 設備保全」の開発に携わっています。 最近、AIエージェントの技術トレンドに乗り遅れないよう、Amazon Bedrock を使ったプロトタイピングに取り組んでいます。その中で、Amazon Bedrock Agents で提供されている「Return of Control」という機能をStrands AgentsとAmazon Bedrock AgentCoreを使って作ってみたので、その実装方法と学びを共有します。 Return of…

By using two sequential View Transitions when intercepting links with the Navigation API – one in the precommitHandler and one in the regular handler – you can fake a Two-Phase View Transition today!

How taking on a short-term leadership contract can pave the way to long-term opportunities.

Alex MacArthur shows us there are a lot of ways to break up long tasks in JavaScript. Seven ways, in this post. That’s a senior developer thing: knowing there are lots of different ways to do things all with different trade-offs. Depending on what you need to do, you can hone in on a solution.

The Kubernetes community announced that Ingress NGINX will be retired in March 2026. After that, there won’t be any more updates, bugfixes, or security patches. This decision came after years of the project being maintained by just 1-2 developers working nights and weekends, plus some serious security issues earlier this year (IngressNightmare CVE-2025-1974) that made […]

Generate code with your components faster using fewer tokens

The open source Git project just released Git 2.52. Here is GitHub’s look at some of the most interesting features and changes introduced since last time.The post Highlights from Git 2.52 appeared first on The GitHub Blog.

Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.

If we have a ratio that represents the sine, cosine or tangent of an angle, how can we get the original angle? This is where inverse trigonometric functions come in!The “Most Hated” CSS Feature: asin(), acos(), atan() and atan2() originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Bringing Replicate’s tools into Cloudflare will continue to make our Workers Platform the best place on the Internet to build and deploy any AI or agentic workflow.

Malicious npm packages use Adspect cloaking and fake CAPTCHAs to fingerprint visitors and redirect victims to crypto-themed scam sites.

You can now can easily deploy FastAPI and Flask with custom Build Commands, expanding support for Python projects on Vercel.In addition to defining a in the project Settings dashboard, you can also define a script ininside your . Build Commandbuild[tool.vercel.scripts]pyproject.tomlThis script will run after dependencies are installed, but before your application is deployed.Learn more about the for Python projects.Build CommandRead more

, a popular ergonomic TypeScript framework with end-to-end type safety, can now be deployed instantly on Vercel.ElysiaWhen deployed, Vercel will now automatically identify your app is running Elysia and provision the optimal resources to run it efficiently.By default, Elysia will use Node. You can opt-in to the Bun runtime by adding the below to your .bunVersion linevercel.jsonBackends on Vercel use with by default, so you only pay for time where your code is actively using CPU.Fluid computeActi

Test new Content Security Policy (CSP) features in origin trial.

エムスリーUnit9でプロダクトマネージャーをしている北島です。 この記事はデータ基盤チーム & Unit9（エビデンス創出プロダクトチーム） ブログリレー6日目の記事です。 私が所属するUnit9では、データプロダクトの提供やデータの社内活用を行い、データを通じた価値創出をすることをミッションとしています。そのため、日々多くの分析依頼を受けています。 アドホックな分析依頼は、その場限りの対応になりがちではないでしょうか。急ぎの案件が多かったり、依頼ごとに要望される分析ロジックが違うことなどが理由として挙げられます。ただ、単発での対応を続けると、依頼の増加とともにに担当者が対応に追われてしまう…

はじめに こんにちは！東京都市大学大学院 総合理工学研究科 修士1年の平井佑樹です。大学ではリアルタ ...

Learn how to measure the performance of your Python code by writing and running benchmarks locally and continuously in CI to catch regressions.

A look at why tooltip components are often the wrong abstraction in design systems, leading to accessibility issues, misuse, and inconsistent user experiences.

A developer-focused walkthrough of SAML SSO for developers who want to understand all the moving parts without needing a PhD in XML sorcery.

HTML parsing speed speed depends on the processing power of the visitor's device. I collected two quick datapoints.

どうもセキュリティエンジニアの西川です。私は最近ポケモンカードの奥深さと難しさを痛感する日々を過ごしていますが、みなさんいかがお過ごしでしょうか。 カミナシでは社内セキュリティ競技会を実施しました。1年に1度開催しておりまして、気付けば今年で3回目です。初回は私一人で運営していましたが、2回目は二人、3回目は三人と徐々にセキュリティエンジニアリングに人が増え、問題の幅が増えたように感じています。 「こいつ競技会やる度にブログ書いてるな」と思われるかもしれないのですが、新しい発見というか自分なりに改めて社内セキュリティ競技会を実施する目的などを言語化したので、それについても共有できればと思ってい…

YAPC::Fukuoka 2025で「読む技術・書く技術・伝える技術 - 15年続けて分かった持続可能なオープンソース開発」というタイトルで発表をしました。スライドは次のページで公開しています。スライド: 読む技術・書く技術・伝える技術 - 15年続けて分かった持続可能なオープンソース開発Proposal: https://fortee.jp/yapc-fukuoka-2025/proposal/64dbeabc-a630-4564-97ff-812106e7be81発表内容この発表では、15年間のオープンソース活動から学んだ持続可能な開発のための3つのプロジェクトについて話しています。読む技術 - JSer.infoJSer.infoは2011年から続けている週刊のJavaScript情報ブログで、これまでに750記事以上を公開しています。「整理されたデータである『情報』を伝えること」をテーマに、14年間続けてきた情報収集システムやワークフローについて紹介しています。関連記事:JSer.info 10周年: JavaScript情報の集め方、書き方、まとめ方 - JSer.info

Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.

Explore the most common misconceptions about monorepos and learn the truth behind the myths. From performance concerns to scaling limitations, we tackle the biggest obstacles to monorepo adoption.

Discover practical tips, examples, and best practices for writing effective instructions files. Whether you’re new or experienced, you’ll find something to level up your code reviews.The post Unlocking the full power of Copilot code review: Master your instructions files appeared first on The GitHub Blog.

Probably worth keeping an eye on Vite+ (still in “early access”). They say it’s “everything you’ve been duct-taping together” which feels actually kinda fair when you consider this has “dev, build, test, lint, format, monorepo caching & more in a single dependency.” So even if you’re using Vite anyway, perhaps you’d get to ditch Jest […]

The extremely new framework that caught lots of attention will continue as a personal project.Quiet UI Came and Went, Quiet as a Mouse originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Debugging controllers can be a real pain. Here’s a deep dive into how CSS helps clean it up and how to build a reusable visual debugger for your own projects.

public.monsterThis is fantastic. Free hosting for people that want a place on the internet that is their own as a throwback to the 90s.Little Character fontA free and open source font that has an incredible back-story. I saw Astrid (the creator) talk about it at beyond tellerrand last week and I'm still thinking about it.HandyA handy, free, open source speech-to-text tool designed to bring accessibility to as many people as possible.Stonking newsThis is cool: news ranked by engagement on Bluesky

PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads

こんにちは。2025年の9月に中途で入社しましたフロントエンドエンジニアの白濱（@shiraha_maru）です。社内デザインシステムのMCP化、Figma MCPを活用して入社1ヶ月目からスムーズに開発を進められる体制 […]

Bring Val Town to your favorite LLM

HighlightsThis version of ESLint is not ready for production use and is provided to gather feedback from the community before releasing the final version. Please let us know if you having any problems or feedback by creating issues on our GitHub repo.Most of the highlights of this release are breaking changes, and are discussed further in the migration guide. There are summaries of the significant changes below. (Less significant changes are included in the migration guide.)This prerelease versi

At 1Password, we know that a culture of belonging is essential to achieving our company’s goals. Since launching our first Employee Resource Groups (ERGs) in 2021 and expanding to Employee Community Groups (ECGs) in 2023, these communities have become so much more than spaces for connection – they’re shaping how we lead, grow, and perform together. Today, our ERGs and ECGs collectively represent more than 1,300 Slack channel members, reflecting strong engagement across communities at 1Password.O

Mix client and server code seamlessly with React Server Components (RSC), now available outside of the Next.js ecosystem.

A practical guide to choosing the right machine authentication model for your SaaS product.

I saw Tony Conway & Jeremy Wagner’s post on web.dev, Use Baseline with Browserslist, and I had a little play with it myself (saved live stream). Allow me to write down what I know and what I learned. So here’s Browserslist. Browserslist is the developer community at it’s best. There are a bunch of tools […]

In October, we experienced four incidents that resulted in degraded performance across GitHub services. The post GitHub Availability Report: October 2025 appeared first on The GitHub Blog.

An interview with the leader of GitHub Next, Idan Gazit, on TypeScript, Python, and what comes next. The post TypeScript, Python, and the AI feedback loop changing software development appeared first on The GitHub Blog.

Find out how deeply integrated AI writing features deliver superior business value compared to third-party tools.

Being able to use the range syntax with container style queries — which we can do starting with Chrome 142 — means that we can compare literal numeric values as well as numeric values tokenized by custom properties or the attr() function.The Range Syntax Has Come to Container Style Queries and if() originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

We explore the fundamentals of Saltstack and how we use it at Cloudflare. We also explain how we built the infrastructure to reduce release delays due to Salt failures on the edge by over 5%.

Vercel now supports , allowing up to one million static URL redirects per project.bulk redirectsThis feature adds import options for formats like CSV and JSON, so teams can more easily manage large-scale migrations, fix broken links, handle expired pages, and more.To use bulk redirects, set the field in your to a file or folder containing your redirects. These will be automatically imported at build time.bulkRedirectsPathvercel.jsonThis feature is available for Pro and Enterprise customers, and

You can now access OpenAI's latest Codex models, GPT-5.1 Codex and GPT-5.1 Codex mini with Vercel's and no other provider accounts required. These Codex models are optimized for long-running, agentic coding tasks and are able to maintain context and reasoning over longer sessions without degradation.AI GatewayTo use these models with the , set the model to or :AI SDKopenai/gpt-5.1-codexopenai/gpt-5.1-codex-miniAI Gateway provides a unified API for calling models, tracking usage and cost, and con

You can now access OpenAI's latest models, GPT-5.1 Instant and GPT-5.1 Thinking, using Vercel's with no other provider accounts required.AI GatewayTo use these models with the , set the model to or :AI SDKopenai/gpt-5.1-instantopenai/gpt-5.1-thinkingAI Gateway provides a unified API for calling models, tracking usage and cost, and configuring retries, failover, and performance optimizations for higher-than-provider uptime. It includes built-in , , and intelligent with automatic retries.observabi

Web アプリケーションにおけるルーティングは重要な要素です。URL Pattern API は URL のパターンマッチングを標準化するための Web API であり、ブラウザやサーバーサイド環境で一貫した方法で URL パターンを処理できます。この記事では、URLPattern API の基本的な使い方とパターン構文について解説します。

A recap of the improvements, new features, and upcoming changes in AdonisJS v7 over the last month — from starter kit updates to type-safe Inertia integration and multi-limiter support.

FYII’m the co-chair of the W3C WebDX Community Group, which maintains the data and the definition that powers Baseline. Today, I want to take a step back and talk about what Baseline is starting to mean to web developers, what it is, and what it isn’t.Baseline has become hard to miss these days. There are banners at the top of most MDN reference pages and on caniuse.com. It also shows up in various coding editors and developer tools as tooltips, and people have started to mention it in blogs, so

When their values don't change throughout the animation, CSS width / height animations can run on the Compositor, instead of being forced to run on the Main Thread.

How we built the Nuxt MCP server to enable AI assistants to access our documentation through structured data and composable tools.

There are many existing web features and technologies in the wild that you may never touch directly in your day-to-day work. Perhaps you’re fairly new to web development and are simply unaware of them because you’re steeped in the abstraction of a specific framework that doesn’t require you to know it deeply, or even at all. Bryan Rasmussen looks specifically at XPath and demonstrates how it can be used alongside CSS to query elements.

こんにちは、フロントエンドエンジニアのやなぎ（@apple_yagi）です。 先日 PR TIMES のフロントエンド環境に typescript-go を導入し、 tsgo（ typescript-go の実行コマンド […]

Poorly managed credentials are among the most stubborn problems for security and IT teams, and authentication is one of the areas where the Access-Trust Gap is widest. But even as credential-based attacks remain a major threat to security, there are positive signs that companies are moving toward a passwordless future.This blog is part three in our series analyzing the 1Password Annual Report 2025: The Access-Trust Gap. To read part one, which addresses AI governance, click here.To read part two

The best leaders I've worked with were introverts. They listened more than they talked and built stronger teams because of it.

こんにちは、「カミナシ レポート」の開発に携わっている furuya です。先日は Observability Conference Tokyo 2025 が開催され、盛況だったようですね。カミナシメンバーも登壇・参加しました！発表資料はこちらです。 speakerdeck.com この記事では、先日登壇したID管理・認証認可チームとは別で、「カミナシ レポート」の開発チームにおいてもここ数ヶ月間オブザーバビリティと向き合っていた、というお話ができればと思います。 課題 オブザーバビリティとはなんぞや？というところをそろそろちゃんと理解したいなと思い、書籍「オブザーバビリティ・エンジニアリング…

Safari Technology Preview Release 232 is now available for download for macOS Tahoe and macOS Sequoia.

A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.

What is the difference between Vitest Browser Mode and Playwright? And when to use each in your tests?

A breakdown of how Copilot coding agent has contributed to a better, more powerful GitHub.The post How Copilot helps build the GitHub platform appeared first on The GitHub Blog.