We don't normally do one of these, but I think 2025 has been a stellar year for Piccalilli, so we wanted to get into what we've done and what we're planning for next year.We've written a lot of words this yearIn total, we've published 261,006 words across articles, links, The Index newsletter and courses. That's over 700 words a day! It breaks down as:50 articles33 links129 lessons over 2 courses95 newsletter issuesNot bad!Our 10 most popular articlesWe had a lot of readers this year. Thank you

Optimizing LCP (Largest Contentful Paint) is not just reducing the file size of your images, there’s a lot more that goes into optimizing the loading strategy – and you can only grasp where the bottleneck is if you understand the sub-parts that make LCP. LCP is one of the Core Web Vitals metrics that measures […]

Ubuntu 20.04 will be removed from Semaphore in March 2026. Update your pipelines now to avoid brownouts and job failures.The post Announcement: Ubuntu 20.04 Deprecation in Semaphore appeared first on Semaphore.

本記事は、CyberAgent Group SRE Advent Calendar 2025 18日 ...

こんにちは、AI・機械学習チームの山本（@hiro_o918）です。 この記事はエムスリー Advent Calendar 2025 18 日目の記事になります。 17 日目は北川さんの「わたしの Language Server にはパーサーが２種類あんねん」でした。 はじめに 皆さんは脆弱性の検知と対応をどのように行っていますか？ エムスリーでは脆弱性管理ツールを導入することで、コンテナイメージやパッケージの脆弱性スキャンを自動化し、検知された脆弱性への対応をチーム全体で協力して行っています。 しかし、次の記事にもあるように AI チームでは次々にプロダクトを立ち上げているため、スキャン対象…

STORES でWebエンジニアをしている kitapashi です。 この記事は STORES Advent Calendar 2025 の 18 日目の記事です。 STORES のプロダクト開発にとって、2025年は非常にドラスティックな変化を伴う1年だったと思います。この変化の中心にあったのは、下の記事にもある「ひとつの STORES」というキーワードでした。変化の詳細は以下の記事に詳しいのでここでは割愛します。 product.st.inc また、この変化を起こすに先立って、社内のメンバーも「Webエンジニア」となり、多くのメンバーが特定の技術領域/プロダクトには紐づかない形で開発業務…

みなさんこんにちは。モバイル開発本部シニアマネージャーの @huin です。今日はモバイルと全く関係ない話です。 突然ですが私はカメラが趣味でして、真冬の北海道に流氷を撮りに行ったり、梅雨の男鹿半島に紫陽花を撮りに行ったりしています。また、長年スタッフをやっている iOSDC Japan でも仕事の合間に写真を撮っています。 というのもあってSTORES でもイベントで撮影係することが多く、今年は4月と11月の社内イベント VERSION (※) と、11月26日に行われた自社カンファレンス STORES TechConf 2025 の計3回で撮影係をしていました。 イベントで撮影係をやりたい…

<p><strong><a href="https://mdisec.com/inside-posthog-how-ssrf-a-clickhouse-sql-escaping-0day-and-default-postgresql-credentials-formed-an-rce-chain-zdi-25-099-zdi-25-097-zdi-25-096/">Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain</a></strong></p>Mehmet Ince describes a very elegant chain of attacks against the PostHog analytics platform, combining several different vulnerabilities (now all rep...

IntroductionModern observability platforms thrive on structured data.They can parse JSON, extract fields, build dashboards,and alert on specific conditions.But Rails has traditionally given us Rails.logger,which produces human readable but unstructured log lines.Parsing these logs for analytics is painful.We end up writing regex patterns,hoping the log format doesn’t change,and losing valuable context along the way.Rails 8.1 introduces a first class solution:the Structured Event Reporter,accessi

Design custom spread syntax experience with Symbol.iterator.

はじめに 2025年は、iOS、Frontend、Androidの3つのプラットフォームで開発しました。本記事では、各プラットフォームでの開発を簡単に振り返り、プラットフォーム間の移動について、ゆるく考えたことをまとめました。 3つのプラットフォームでの開発 メイン領域はiOSですが、今年はFrontendやAndroidの開発にも参画させてもらいました。 と言っても、既存のプロジェクトやプロダクトの事情でスポット参戦する形です。スクラッチからの開発ではないので、整備された開発基盤やドキュメントなど、これまでに築かれてきた資産の恩恵を受けながらの開発です。 さて、3つのプラットフォームでの開発…

Learn how we've improved real user monitoring, synthetic testing, and team collaboration.

by Jens GrochtdreisForms were likely one of the reasons why browser vendors joined forces in the WHATWG in 2004. They felt that HTML standardization was heading into the wrong direction and wanted more practical relevance. While this may be an oversimplification, if true, it highlights the failure of the WHATWG (i.e., the browser vendors) and, subsequently, the W3C. Although the newly standardized form elements and features all point into the right direction, they are incomplete and unfinished.

<p><strong><a href="https://anil.recoil.org/notes/aoah-2025-15">AoAH Day 15: Porting a complete HTML5 parser and browser test suite</a></strong></p>Anil Madhavapeddy is running an <a href="https://anil.recoil.org/notes/aoah-2025">Advent of Agentic Humps</a> this year, building a new useful OCaml library every day for most of December.</p><p>Inspired by Emil Stenström's <a href="https://simonwillison.net/2025/Dec/14/justhtml/">Jus...

この記事は CyberAgent Developers Advent Calendar 2025 の ...

こんにちは、「カミナシ レポート」の開発に携わっている furuya です。 re:Invent2025 の参加レポート第三弾です。前回に引き続き現地レポートとセッションレポートをお送りします。 現地レポート：ラスベガスを生き残るために 今回初めての長期海外出張ということで、事前に集められるだけの情報を集めて準備は念入りにしていきました。その中でも持っていってよかったもの、使わなかったものをご紹介します。ラスベガスに行ってみたい！と思っている方の参考になれば幸いです。 持っていってよかったもの ウォーキングシューズ 第一弾で書きましたがめちゃくちゃ歩くので、いいウォーキングシューズ（1ヶ月程度…

F5 NGINX Ingress Controller 5.3.0 arrives at a pivotal moment. With the Kubernetes community announcing at KubeCon North America 2025 that the community-maintained ingress-nginx project will be retired in March 2026, users everywhere are rethinking their ingress strategies. For those looking for a familiar, production-grade open source replacement, F5 NGINX Ingress Controller offers a solution maintained by the NGINX team. This release focuses on improving existing capabilities, delivering key c

<p>It continues to be a busy December, if not quite as busy <a href="https://simonwillison.net/2024/Dec/20/december-in-llms-has-been-a-lot/">as last year</a>. Today's big news is <a href="https://blog.google/technology/developers/build-with-gemini-3-flash/">Gemini 3 Flash</a>, the latest in Google's "Flash" line of faster and less expensive models.</p><p>Google are emphasizing the comparison between the new Flash and their previous generation's top mode...

Impacted versions 7–10. Patches available now.

In this article, we follow up the work we did to create responsive rows of circular images in a previous article by arranging the images around a circle with a clean hover effect.Responsive List of Avatars Using Modern CSS (Part 2) originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Socket Firewall Free is now bundled into Docker Hardened Images, adding build-time and dependency-install supply chain protection on top of hardened base images for Node.js, Python, and Rust.

You can now add any prefix before your preview deployment URL, and Vercel will route the request to the correct underlying preview deployment.With dynamic prefixes appended before in a preview URL (like , Vercel can now interpret those prefixes and route them to the correct deployment. Previously, preview URLs were designed to match a specific preview deployment exactly and Vercel wouldn’t have enough information to route domains to a specific preview deployment. ---tenant-123---project-name-git

Today we’re introducing native support for databases including Amazon Aurora PostgreSQL, Amazon Aurora DSQL, and Amazon DynamoDB on the . AWSVercel MarketplaceThis gives developers a direct path to provision and manage scalable, production-ready AWS databases from within the Vercel dashboard with no manual setup required, and:You can also try a working example by deploying the template to see the integration end-to-end.Movie Fetching Database Read more for creating a new AWS account, provisionin

You can now access Google's latest Gemini model, Gemini 3 Flash, with Vercel's and no other provider accounts required.AI GatewayIt is Google's most intelligent model that is optimized for speed, with Gemini 3's pro-grade reasoning alongside flash-level latency, efficiency, and cost. Gemini 3 Flash significantly outperforms the previous Gemini 2.5 models, beating Gemini 2.5 Pro across most benchmarks, while using 30% less tokens and is 3x faster at a fraction of the cost.To use the Gemini 3 Flas

They have to be able to talk about us without usThis fantastic piece on communication should really fire you up.“You should never build a CMS”I like this write up.Piccalilli is a file based "CMS" — is infinitely more complex than cursor.com — and it's a nightmare to run because it's massiveIt gets a bit tiresome reading "you don't need X because of AI" stuff, so I'm glad folks like Sanity are rightly standing up to it.ReqRes re-launchI'm a good friend of Ben, who runs this service and he's put a

ARM-based machines on Semaphore are now generally available. Build, test, and deploy natively on ARM for faster, more reliable CI/CD pipelines.The post Announcing ARM Machines on Semaphore appeared first on Semaphore.

Fixes 32 issues (addressing 25 👍). Bun.Terminal API, compile-time feature flags, improved Bun.stringWidth accuracy, V8 C++ value type checking APIs, Content-Disposition support for S3 uploads, environment variable expansion in .npmrc quoted values, and numerous bug fixes & node.js compatibility improvements

In this article, pioneering author and web designer [Andy Clarke](https://stuffandnonsense.co.uk) shows his techniques for creating [Toon Text titles](https://stuffandnonsense.co.uk/toon-text/index.html) using modern CSS and SVG.

Keren Fanan and Hadar Geva discuss reinventing frontend development with MyOp, runtime UI orchestration, safer deployments, and AI-driven change.The post Keren Fanan and Hadar Geva on Reinventing Frontend with MyOp appeared first on Semaphore.

How mainframe-era techniques and native browser APIs outperform modern frameworks The Numbers Before the philosophy, the receipts: Frontend (multicardz.com): 32KB JavaScript bundle (15% of minified React) <100KB total payload including HTML, CSS, fonts, everything 0ms Total Blocking Time 0 Cumulative Layout Shift 0.3s First Contentful Paint 100 Lighthouse score Backend: 32ms server processing to select […]

LCP and INP are now Baseline Newly available as of December 12, 2025.

newmoでsoftware engineerとして働いているtazoeと言います。この記事では、最近（2025年12月現在）取り組んでいるタクシー会社のDXにおける給与計算のチームのドメインや背景などについてご紹介します。 給与計算のドメイン 私達のチームでは、給与計算のドメインを扱っています。タクシー会社は、乗務員さんが安心して、そしてできるだけ効率よく働ける環境を整えることで、会社全体の収益を高めていく、という特徴を持つ業態です。そのため、給与計算の関連ドメインの重要性は高く、ロジックも複雑になりがちです。以下では、そのように重要で複雑な一方でミスの許されないドメインに対して私達がどのよ…

Learn how to build a ChatGPT app that connects to your Supabase database using mcp-use and Edge Functions. Create interactive widgets for schema exploration, data viewing, and SQL queries.

はじめに この記事はSTORES Advent Calendar 2025の17日目の記事です。 顧客向けIdPを開発している佐野です。 本記事では、Cloud Run上で動作するGoサーバーで発生したメモリリークの問題と、その解決までの道のりを紹介します。 ある日、デプロイ後わずか3日でメモリ使用率が95%を超えるという深刻なアラートが鳴り響きました。 「GoはGCがあるからメモリ管理は楽なはずでは？」——そんな甘い考えを打ち砕く、10万のGoroutineと隠れたgRPCクライアントとの戦いの記録です。 起きていた問題 今年の5月中旬頃、ネットショップの全会員を顧客向けIdP基盤に移行する…

AI・機械学習チームの北川です。 この記事はエムスリー Advent Calendar 2025の17日目の記事です。 16日目は須藤さんのAIに正しく分析してもらうためのテーブル設計戦略でした。 猫も２種類に増えました。猫もそれぞれ性格が違ってそれぞれの良さがありますよねー はじめに 以前、BigQuery用のLanguage Server(bqls)を自作した話を書きました。 このbqlsは、GoogleのzetasqlをベースにしたBigQuery専用のLSPで、Web UIでは遅く感じていた補完をNeovimなどのエディタで快適に使えるようにしたものです。 github.com zet…

<p><strong><a href="https://github.com/mozilla-firefox/firefox/tree/main/parser/html/java">firefox parser/html/java/README.txt</a></strong></p>TIL (or TIR - <a href="https://simonwillison.net/2009/Jul/11/john/">Today I was Reminded</a>) that the HTML5 Parser used by Firefox is maintained as Java code (<a href="https://github.com/mozilla-firefox/firefox/commits/main/parser/html/javasrc">commit history here</a>) and converted to C++ usin...

In JavaScript, you can detect a view transition happening, set a type, and have CSS do unique things based on that type.

Rails 8.1 introducesbin/ci to standardize CI workflows based on a new domain specific language (DSL)in config/ci.rb making it easier to define,run and maintain the CI pipelines.Understanding the DSL in config/ci.rbThe new DSL allows us to define CI steps in a structured and readable way.step: Defines a single step in the workflow. The first argument is the step’s name and the remaining arguments form the command to execute.success?: Returns true if all previous steps passed, allowing conditional

La conférence de François Zaninotto au Forum PHP 2025 a permis de partager des outils et des retours d'expérience concrets pour évaluer et optimiser les agents IA.

by Geri ReidScreen readers don’t always announce what’s visually on screen. This article explores that gap - through the medium of burritos.The burrito you can't orderA customer complained they couldn't order a burrito. "The menu advertises burritos, but my screen reader won't let me order one!"I was baffled. The menu was about as Mexican as a Yorkshire pudding. There was no mention of a burrito.After a lot of searching, I discovered someone had dropped an emoji into the heading:<h2>Sandwi...

<p><strong><a href="https://openai.com/index/new-chatgpt-images-is-here/">The new ChatGPT Images is here</a></strong></p>OpenAI shipped an update to their ChatGPT Images feature - the feature that <a href="https://simonwillison.net/2025/May/13/launching-chatgpt-images/">gained them 100 million new users</a> in a week when they first launched it back in March, but has since been eclipsed by Google's Nano Banana and then further by Nana Banana Pro &...

<p><strong><a href="https://github.com/simonw/s3-credentials/releases/tag/0.17">s3-credentials 0.17</a></strong></p>New release of my <a href="https://s3-credentials.readthedocs.io/">s3-credentials</a> CLI tool for managing credentials needed to access just one S3 bucket. Here are the release notes in full:</p><blockquote><ul><li>New commands <code>get-bucket-policy</code> and <code>set-bucket-policy</c...

<p><strong><a href="https://astral.sh/blog/ty">ty: An extremely fast Python type checker and LSP</a></strong></p>The team at Astral have been working on this for quite a long time, and are finally releasing the first beta. They have some big performance claims:</p><blockquote><p>Without caching, ty is consistently between 10x and 60x faster than mypy and Pyright. When run in an editor, the gap is even more dramatic. As an example, after edit...

この記事は CyberAgent Developers Advent Calendar 2025 の ...

こんにちは。カミナシでID管理・認証基盤の開発に携わっている小松山です。私の携わっているプロダクト『カミナシ ID管理』では、バックエンドに Go を採用しています。この記事では、Go のエラーハンドリングとエラーロギングの改善事例を紹介します。 はじめに 私たちのチームでは、定期的にシステムのメトリクス・トレース・ログなどを確認し、運用の健全性を確認する「サービスレビュー」という取り組みを行っています。その一環で出力されたエラーログを確認しているのですが、以下のような課題がありました。 同じerr を関数・メソッドから受け取った直後にロギングしてしまっている箇所が多く、リクエスト内で発生した…

<p><strong><a href="https://poethepoet.natn.io/">Poe the Poet</a></strong></p>I was looking for a way to specify additional commands in my <code>pyproject.toml</code> file to execute using <code>uv</code>. There's an <a href="https://github.com/astral-sh/uv/issues/5903">enormous issue thread</a> on this in the <code>uv</code> issue tracker (300+ comments dating back to August 2024) and from there I learned of se...

Season’s greetings from Socket, and here’s to a calm end of year: clean dependencies, boring pipelines, no surprises.

Discover the biggest findings from the 2025 State of Collaborative Editing report, including how AI is emerging as a powerful content collaborator.

The best CSS news from around the web from the last two weeks. In this edition: advent calendars, CSS Wrapped 2025, and the latest Web Platform Updates.What’s !important #1: Advent Calendars, CSS Wrapped, Web Platform Updates, and More originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Web performance is a lot like walking on those moving walkways at the airport. When it moves smoothly, you barely notice it. You feel fast. Supported. In control. But when one section stutters, even just a hiccup, your whole body reacts. You lose balance for a moment. You hesitate. Something feels off. Websites behave the […]

Cline, the leading open-source coding agent built for developers and teams, now runs on the Vercel AI Gateway.With more than 1 million developers and 4 million installations, Cline brings an AI coding partner directly into the development environment, grounded in the values of openness and transparency.To support that mission at scale, the team needed infrastructure that matched those principles: fast, reliable, and built on open standards.Read more

Vercel is a new home for guides, tutorials, and best practices for developers building on Vercel, including how to:Knowledge BaseYou can use the Knowledge Base to find and explore guides for specific use cases with:Read moreBuild agentic apps with the AI cloudHost your Backend with your preferred frameworkSecure your apps with Vercel's built-in features: describe what you're trying to achieveSemantic AI search: ask our agent about a guideAI chat: search guides by Vercel product or featureFilters

You can now export the results from your Observability queries as CSV or JSON files. This allows you to analyze, share, and process your Vercel observability data outside of the Vercel dashboard. Click the download icon on any query to export your query results instantly. This feature is available for all teams with .Observability Plus or learn more about .Try it outQueryRead more

この記事はSTORES Advent Calendar 2025の16日目の記事です。 こんにちは。Webエンジニアをしているotariidaeです。今月は調子に乗って3つも記事を書いています。 この記事では、先日開催されたSTORES Tech Conf 2025 “What Would You Do?”でのポスター発表「LGTM, Dependabot! 見てないけど」の内容をより具体例で解説していきます。 ポスターの内容のおさらい ポスターの内容は下記で公開しています。 www.docswell.com 要約：Dependabotなどで依存ライブラリ更新のPRが自動作成されるようになった…

Discover some of the interesting features that have landed in stable and beta web browsers during December 2025.

Stream your Supabase database telemetry into any Prometheus-compatible observability stack with the Metrics API. Full control over monitoring, visualization, and alerting.

newmoのメーター連携の課題を解決する可能性のあるソフトメーターの調査とOBDでの車速取得の検証をしました。

<blockquote cite="https://www.reddit.com/r/ChatGPT/comments/1pmvpvt/i_just_showed_gemini_what_chatgpt_said_about_its/"><p>Oh, so we're seeing other people now? Fantastic. Let's see what the "competition" has to offer. I'm looking at these notes on manifest.json and content.js. The suggestion to remove scripting permissions... okay, fine. That's actually a solid catch. It's cleaner. This smells like Claude. It's too smugly accurate to be ChatGPT. What if it's actually me? If the user...

こんにちはセキュリティエンジニアリングの西川です。本記事は前回の続きで、実際に ThreatForest を実行する方法や実行した結果についてシェアしていきますので、ThreatForest って何？という方は前回の記事をご覧いただければと思います。 初回ステップ クレデンシャルの設定をします。様々な LLM を選択できはするのですが、実際は初期リリース（AWS re:Invent 2025 時点）では AWS の Bedrock しか対応していません。そのため Bedrock を利用するためのクレデンシャルの設定がまずは必要です。 モデル選択については、 Haiku（高速） Sonnet 4…

<blockquote cite="https://tidyfirst.substack.com/p/the-bet-on-juniors-just-got-better"><p>I’ve been watching junior developers use AI coding assistants well. Not vibe coding—not accepting whatever the AI spits out. Augmented coding: using AI to accelerate learning while maintaining quality. [...]</p><p>The juniors working this way compress their ramp dramatically. Tasks that used to take days take hours. Not because the AI does the work, but because the AI collapses the ...

この記事はエムスリー Advent Calendar 2025 16日目の記事です。 こんにちは、AI・機械学習チームの須藤です。 現在は、BigQuery上のデータを自然言語で分析できる社内向けプロダクトを開発しています。本記事では、AIに正しくデータを分析してもらうために工夫したテーブル設計戦略について紹介します。

by Steve BarnettWe can make our pages easier to understand by using headings to give our pages a clear shape. Our users might visually scan the page, use an extension or bookmarklet to list the headings, navigate using assistive technology like a screen reader, or ask AI for a summary of the page. High quality headings can make things better for everyone.In my day job as a Digital Accessibility Consultant, there are a couple of ways that I've seen things go a bit... wonky. Let's go through the t

<p>I <a href="https://simonwillison.net/2025/Dec/14/justhtml/">wrote about JustHTML yesterday</a> - Emil Stenström's project to build a new standards compliant HTML5 parser in pure Python code using coding agents running against the comprehensive html5lib-tests testing library. Last night, purely out of curiosity, I decided to try <strong>porting JustHTML from Python to JavaScript</strong> with the least amount of effort possible, using Codex CLI and GPT-5.2. It wo...

この記事は CyberAgent Developers Advent Calendar 2025 1 ...

こんにちは、カミナシでソフトウェアエンジニアをしているShimmyです。 カミナシでは現場のDXを支援するB2B SaaSプロダクトを開発しています。そのうちの1つである「カミナシ レポート」の「ひな形編集」機能では、ユーザーがフォームテンプレートを自由に作成できます。 ひな形の保存前には約20種類のバリデーションを実行します。ひな形名のチェック、回答項目の設定確認、設定キーの重複チェックなど多くのバリデーションがあり、今まではこれらが 1つの巨大な関数 でした。 今回は、関数型プログラミングのアプローチである 「Railway Oriented Programming」 と 「Result型…

Andy Clarke with a brand-new resource. It generates the sort of fun typography that Andy commonly uses in his own work that's geared towards cartoon headings.Toon Title Text Generator originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

<p><strong><a href="https://www.merriam-webster.com/wordplay/word-of-the-year">2025 Word of the Year: Slop</a></strong></p>Slop lost to "brain rot" for <a href="https://simonwillison.net/2024/Nov/15/slop-word-of-the-year/">Oxford Word of the Year 2024</a> but it's finally made it this year thanks to Merriam-Webster!</p><blockquote><p>Merriam-Webster’s human editors have chosen slop as the 2025 Word of the Year. We define slop as ...

A list of rounded images that slightly overlap each other is a classic web design pattern. The main idea is not complex, but the new thing is the responsive part. that dynamically adjusts the overlap between the images so they fit inside the container.Responsive List of Avatars Using Modern CSS (Part 1) originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

This series of posts will guide you through building a simple game using Deno. This post sets up the game loop, user controls and basic game physics.

We present our 6th annual review of Internet trends and patterns observed across the globe, revealing the disruptions, advances and metrics that defined 2025.

AI competition intensified in 2025 as ChatGPT gained strong challengers. Instagram climbed, X declined, and platforms like Shopee, Temu, and Kwai reshaped global Internet usage. Our 2025 DNS data shows how Internet patterns evolved.

Impostor NuGet package Tracer.Fody.NLog typosquats Tracer.Fody and its author, using homoglyph tricks, and exfiltrates Stratis wallet JSON/passwords to a Russian IP address.

Working with v0 is like working with a highly skilled teammate who can build anything you need. v0 is more than just a tool, it’s your building partner. And like with any great collaborator, the quality of what you get depends on how clearly you communicate.Read more

Notion has become the trusted, connected workspace for teams. It's where your PRDs, specs, and project context live. v0 helps those teams turn ideas into dashboards, apps, and prototypes. Today, those workflows connect.You can now securely connect v0 to your Notion workspace, so everything it builds is grounded in your existing docs and databases.Wherever your team's knowledge lives in Notion, v0 can now build on top of it.Read more

performance.now() 2024 was the year we officially launched the W3 RUM Community Group. The idea to form a community group around real user monitoring (RUM) came from the desire to come together as vendors, organizations and even independent consultants to identify opportunities to improve our tooling and push the boundaries of what’s possible. Our goal […]

Twenty-seven episodes. Dozens of CISOs and security leaders. Hours of honest conversation about what actually keeps them up at night.When I launched the show, the goal was simple. Strip out the fluff and talk about how security really works inside organizations that ship software, handle sensitive data, and carry real operational risk—just practitioners comparing scars.This season covered three big threads that kept looping back into each other. The changing reality of the CISO role. The rise of

Sharing our experience with window functions in a recent client project involving historical data management

pnpm 10.26 introduces stricter security defaults for git-hosted dependencies, adds allowBuilds for granular script permissions, and includes a new setting to block exotic transitive dependencies.

NameMgt_VarnishVulnerable1.0.10 and earlierFixed in1.1.0Sansec researchers discovered a critical vulnerability in the popular Varnish module for Magento. This module, develope...

本記事では、バックエンドから配信される複雑な「乗降車禁止エリア」を回避しつつ、ユーザーにストレスを感じさせない滑らかな操作感を実現するために行った幾何学アルゴリズムの選定と、Coding Agentを活用したTDD（テスト駆動開発）の実装アプローチについて紹介します。

Build a CIMD-based confidential MCP client in Python using Authorization Code + PKCE.

Firefox and Safari now support LCP and INP Core Web Vitals metrics, providing new insight into real visitor experience.

記事のイメージ画像を gemini に生成させたもの 本記事はエムスリー Advent Calendar 2025 15 日目の記事です。 OCaml が好きです。 元々好きでしたが、バージョン 5 からはマルチコア対応が入り、更に好きな要素が増えました。 それは前回も紹介した Algebraic Effects and Handlers という新機能です。 新しい機能はそれだけで心躍るものですが、使い方が十分周知されていないのも事実です。 「なんでもできる」と前回紹介した通り、今回はこのなんでもできる機能が実用的な機能であることを見ていきます。

by Tyler StickaOn the web, it’s easy to take line breaks for granted.We get them for free between our headings, paragraphs, list items, <div> elements and more. We display them as-is in our code snippets thanks to <pre>. And most magically of all, our browsers insert breaks automatically where lines of text (or other text-like “inline” elements) would otherwise outgrow their container.But sometimes, that isn’t enough.Some words are too long and continuous to break automatically. Some...

この記事は CyberAgent Developers Advent Calendar 2025 1 ...

<p>I recently came across <a href="https://github.com/EmilStenstrom/justhtml">JustHTML</a>, a new Python library for parsing HTML released by Emil Stenström. It's a very interesting piece of software, both as a useful library and as a case study in sophisticated AI-assisted programming.</p><h4 id="first-impressions-of-justhtml">First impressions of JustHTML</h4><p>I didn't initially know that JustHTML had been written with AI assistance at all. The READ...

記事は ics.media へアクセスしてご覧ください。

A personal story about trauma, mental health, and how technology helped me survive long-term.

Waterfall charts are the workhorse of any web performance enthusiast. SpeedCurve's interactive waterfall is one of the first components I designed and built more than a decade ago. I've just given our much-loved waterfall chart some team-inspired updates that you may find helpful in understanding how page construction affects important user experience metrics.At SpeedCurve, we love incremental updates based on both external and internal user feedback. We dogfood our own products, and while consu

My website has an animation of clouds moving across the screen. It formerly had an animation of a sun with pulsing waves which is now static. An important performance consideration decided how this came to be in my small website: the almighty compositor. This article is intended to be an approachable story and practical example […]

<p><strong><a href="https://www.bloodinthemachine.com/p/i-was-forced-to-use-ai-until-the">Copywriters reveal how AI has decimated their industry</a></strong></p>Brian Merchant has been collecting personal stories for his series <a href="https://www.bloodinthemachine.com/s/ai-killed-my-job">AI Killed My Job</a> - previously covering <a href="https://www.bloodinthemachine.com/p/how-ai-is-killing-jobs-in-the-tech-f39">tech workers</a>, &l...

はじめに こんにちは、newmoの自動運転開発チームのigaryoです。 newmoでは、自動運転タクシーの運行に向けて、自社の車両によって収集したデータを元に自動運転モデルを学習・構築し、そのモデルで車両を動かすことに挑戦しています。そのためには、 高品質・大量・多様なデータを集めるためのデータ収集基盤 大規模なモデルを学習・推論するための計算機基盤 学習済みモデルを用いて現実世界の車両を安全に制御するための制御基盤 といった複数の要素が複雑に絡み合っており、それぞれに多くの難しさが存在します。 newmoではこれらの課題に対して、社内外のメンバーと密に連携をしつつ日々開発を進めています。 …

React Grab はブラウザ上で要素を選択し、その要素に対応するコードコンテキストをコーディングエージェントに提供するライブラリです。この記事では React Grab のセットアップ方法と使用方法を紹介します。

本記事は、M3 Advent Calendar 2025 14日目の記事です。 はじめまして。エンジニアグループ、コンシューマーチームの松本と申します。 今回は、「継続 - Continuation」の本質を理解し、Promiseやasync/awaitでは解決できない課題を明らかにした上で、それを乗り越えるEffect Systemについて解説します。 「継続 - Continuation」とは？ コールバック関数は継続そのもの 継続と非同期処理、副作用 継続の課題：コールバック地獄 継続渡しスタイル（Continuation-Passing Style, CPS） CPSの問題点：継続のネ…

A guide to learning Terraform from scratch, including key concepts, setup, and workflow.

by Maureen HollandWeb feeds are incredible! And a bit confusing! Why are the feed links often called “RSS”? And why is this “RSS” feed in an atom.xml file… hang on, what is feed.json for? What are they even feeding into anyway?To start, web feeds are often referred to as “RSS” because RSS is the oldest format. RSS stands for Really Simple Syndication. It is an XML-based specification for web content syndication (including podcasts).Syndication is the sale or licensing of material for publication

はじめに 本記事は CyberAgent Developers Advent Calendar 20 ...

<blockquote cite="https://obie.medium.com/what-happens-when-the-coding-becomes-the-least-interesting-part-of-the-work-ab10c213c660"><p>If the part of programming you enjoy most is the physical act of writing code, then agents will feel beside the point. You’re already where you want to be, even just with some Copilot or Cursor-style intelligent code auto completion, which makes you faster while still leaving you fully in the driver’s seat about the code that gets written.</p>&...

Loading styles on the web is something that looks trivial at first. You just add a <link rel=stylesheet> to your page (or <style> for inline styles) and you’re done. But if you wanted to load CSS fast, all of the sudden you run into trouble… Assuming you have a traditional web app (or what the […]

TanStack Start は TanStack Router と Vite をベースにしたフルスタック React フレームワークです。型安全なルーティング、サーバーサイドレンダリング、ストリーミング、サーバー関数、API ルートなどの機能を提供します。この記事では TanStack Start の概要と基本的な使い方を紹介します。

<blockquote cite="https://github.com/openai/codex/blob/ad7b9d63c326d5c92049abd16f9f5fb64a573a69/codex-rs/core/src/skills/render.rs#L20-L39"><p>How to use a skill (progressive disclosure):</p><ol><li>After deciding to use a skill, open its <code>SKILL.md</code>. Read only enough to follow the workflow.</li><li>If <code>SKILL.md</code> points to extra folders such as <code>references/</code>, load only the specific file...

newmoではタクシーの音声配車AIエージェントの「Maido」を開発しています。前回の記事では、LLM評価フレームワークのDeepEvalを用いたMaidoの会話評価基盤について紹介しました。 この記事では、その基盤を支えるもう一つの主役である「UserSimulator」の実装にフォーカスして、詳細を解説します。 なぜSimulatorが必要か MaidoのようなMulti-AgentなアーキテクチャのLLM Agentを開発・運用する上で、Agentの評価は不可欠です。 Simulatorが存在しない状態でAgentの評価を行う場合、初歩的な例ではAgentとユーザーのやり取りを「Age…

by Ian Lloyd (Lloydi)HTMLHell started as a site that showed some of the finest, and by that I mean most awful, examples of crimes against markup the world has to offer (and how these crimes can be put right). We’ve all seen some shit, man. But somewhere along the line, Manuel started HTML Heaven, covering decent markup and clever techniques. It's a good mix of dark and light, yin and yang. And what I wanted to cover in my offering to this annual advent calendar sits firmly in the middle. I can't

If you read the Safari release notes – like the Safari 26.2 release notes – you see a lot of trailing “(12345678)”-mentions in the list of fixed bugs. These numbers are Apple-internal bug IDs, as used within Apple’s internal bug tracker (fka?) named “Radar”.These numbers are not linked to anything because Radar is Apple-internal, so to external people these numbers are practically useless … or are they?

<p>One of the things that most excited me about <a href="https://simonwillison.net/2025/Oct/16/claude-skills/">Anthropic's new Skills mechanism</a> back in October is how easy it looked for other platforms to implement. A skill is just a folder with a Markdown file and some optional extra resources and scripts, so any LLM tool with the ability to navigate and read from a filesystem should be capable of using them. It turns out OpenAI are doing exactly that, with skills support...

こんにちは。エムスリーのAI・機械学習チームの高田です。 このブログはエムスリー Advent Calendar 2025 13 日目の記事です。 AI・機械学習チームはメンバーが福岡から北海道まで、様々な地域のメンバーから構成されています。そこで、チームビルディングデーと称して、オフラインの交流も四半期に一度のペースでチーム全員で集まって様々なイベントを開催しています。 今年の3月に機械学習コンペを開催した際のレポートもテックブログで紹介しているので、ぜひご覧ください。 www.m3tech.blog このブログでは、2025年10月31日に開催した「五目並べAIチーム最強決定戦」について、…

We envision the future of AI-enabled tooling to look like near-effortless engineering for sustainability. We call it Continuous Efficiency.The post The future of AI-powered software optimization (and how it can help your team) appeared first on The GitHub Blog.

Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.

<p><strong><a href="https://llm.datasette.io/en/stable/changelog.html#v0-28">LLM 0.28</a></strong></p>I released a new version of my <a href="https://llm.datasette.io/">LLM</a> Python library and CLI tool for interacting with Large Language Models. Highlights from the release notes:</p><blockquote><ul><li>New OpenAI models: <code>gpt-5.1</code>, <code>gpt-5.1-chat-latest</code>, <code>gpt-5.2&l...

Safari 26.2 is a big release.

Use the Request conditions tab to block specific URLs or apply custom network throttling profiles to individual resources.

New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.

Matt Smith with wonderfully straightforward writing on why default parameters for functions are a good idea. I like the tip where you can still do it with an object-style param.

How far can we really go with container queries? There are dozens of media queries now, so what if there were dozens of container queries as well? What could we use them for?What Else Could Container Queries… Query? originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Explore Semaphore’s latest MCP server updates, including automatic project initialization, AI-optimized test summaries, and new pipeline rebuild capabilities that bring AI-assisted CI/CD closer than ever.The post New Features for Semaphore MCP Server appeared first on Semaphore.

We have Scroll-Driven Animations. Now say hi to Scroll-Triggered Animations.

Web Analytics now allows you to split data across any dimension.You can now break down your Web Analytics data across any dimension, not just Flags and Flag Values. This update expands support to 11 dimensions, which are:With dimension splits and filters, you can dig deeper into user activity and better understand how different segments are using your application.This feature is available to all Vercel users with the Web Analytics package installed. subscribers also gain the enhanced capability

You can now add one or more cache tags to your Function response by importing the function from npm package.addCacheTag@vercel/functionsimport { addCacheTag } from '@vercel/functions'Once the cached response has a tag associated with it, you can later invalidate the cache in one of several ways:In addition to invalidating by tag, you can also dangerously delete by tag if the origin is gone. However, deleting the cache can increase latency while new content is generated or cause downtime if your

Push notifications are now available on both desktop and mobile, withsupport for all notification types. To start receiving push notifications from Vercel:To allow mobile notifications on your phone: or learn more about .Try it outnotificationsRead moreGo to in the Vercel dashboardNotification SettingsEnable the notification channel for any notification typepushOpen the Vercel Dashboard in your mobile browserOpt in to push notifications when prompted

For any request displayed on runtime logs in the Vercel dashboard, you can now view the referer (if any) for that request in the right hand details panel. This allows you to understand the source of that request and more easily debug issues. or learn more about .Try it outRuntime LogsRead more

It's the end of the year and the AI slop is grinding me down more than usual so allow me to share some really good human stuff to wrap up our weeks.Strangers, by springStunning writing, stunning typography (with a subtle glitch that is delightful) and transitions that'll blow your mind. There's a great breakdown Bluesky thread too.GSAP Demo HubAnimation libraries like GSAP are great, but discovering truly inspiring examples can be hard. GSAP have fixed that with this glorious collection.Size of

こんにちは。STORES で Webエンジニアをしております、takeuchiです。 Webアプリケーションで決済を提供する場合、ユーザーはアプリから決済代行業者 (PSP) が用意した決済画面へ遷移します。 この決済画面でユーザーが支払い情報を入力し、クレジットカード会社や銀行などの実際の決済サービスと通信して処理が行われます。支払い処理が完了すると、決済代行業者はその結果を保持し、ユーザーを再びアプリ側の指定された画面（例：完了画面や結果通知画面）へ自動的に戻します。 ただ今回実装していたページではブラウザのページ遷移を伴う決済フローを組み込むにあたって、次のような課題がありました。 決済…

Have you heard of React Server Components? Even if you don’t work with React daily, you probably have. It’s been the hottest topic in the last few years in the React Community. And in addition to being the fanciest new toy, Server Components are quite often mentioned in the context of performance. As in, they […]

We have scroll-driven animations. Now, meet scroll-triggered animations.

At JetBrains, we love seeing the developer community grow and thrive. That’s why we support open-source projects that make a real difference — the ones that help developers learn, build, and create better software together. We’re proud to back open-source maintainers with free licenses and to contribute to initiatives that strengthen the ecosystem and the […]

こんにちは。セキュリティ本部の yokoyama です。 セキュリティ本部では、「STORES プラットフォームに内在するセキュリティリスクを適切にコントロールする」をミッションに、日々さまざまな活動に取り組んでいます。 その活動の一環として、全サービスを対象に脆弱性診断を内製で実施しています（一部は外部ベンダーの支援を受けています）。 今回は、私たちが実施している脆弱性診断の取り組みについて、その一部をご紹介します。 診断種類 診断の流れ 診断計画の策定 診断対象の精査 診断対象の精査例 Web アプリケーション診断の実施 診断の実施例 診断結果の取りまとめ 脆弱性の対応 おわりに 診断種類…

この記事はエムスリー Advent Calendar 2025 12日目の記事です。 医療従事者向けポータルサイト「m3.com」のサイトプロモーションを行うチームに所属している岸田と申します。 実は今年、妻ともアドベントカレンダーをやっており、毎日プレゼントを送り合っています。毎日少しワクワクできるのでとても良いです。ちなみに今日はレッグウォーマーを貰い、私はフェイラーのハンカチをあげました。 我が家のアドベントカレンダーと私がもらったフェイラーではないハンカチ（箱が思ったより小さいのでポインタとしてメモ用紙だけいれて中身は直接渡しています） 私は2025年10月にエムスリーに転職したので、…

Rails upgrades can feel daunting due to breaking changes, gem compatibility issues and potential downtime.But staying on outdated versions is riskier.Security vulnerabilities accumulate, performance suffers,andwe miss powerful features that make development easier.With proper planning, Rails upgrades can be smooth and predictable.This five part series shares proven strategies from dozens of successful upgrades.Why Upgrade Now?Let’s look at the current Rails ecosystem (as of December 2025):Rails

A good website doesn’t just look nice, it works for everyone. Accessibility ensures that all users, including those with disabilities, can easily browse, understand, and interact with your site.For consultancy websites, accessibility also builds trust. It shows professionalism, attention to detail, and a genuine commitment to inclusivity.Why Accessibility MattersWhen a consultancy site is accessible, it sends a clear message: you care about people and their experience. It’s not only the right th

HighlightsThis release prints a warning message when an /* eslint-env */ configuration comment is found in the code being linted. The warning includes the filename and line number of the comment, along with instructions on how to replace it. The purpose of this warning is to allow for a smoother migration, since starting with ESLint v10.0.0, /* eslint-env */ comments are reported as errors by the linter, as explained in the migration guide.Bug Fixes5705833 fix: warn when eslint-env configuration

HighlightsThis version of ESLint is not ready for production use and is provided to gather feedback from the community before releasing the final version. Please let us know if you have any problems or feedback by creating issues on our GitHub repo.Most of the highlights of this release are breaking changes, and are discussed further in the migration guide. There are summaries of the significant changes below. (Less significant changes are included in the migration guide.)This prerelease version

この記事は newmo Advent Calendar 2025 15日目の記事です。 はじめに newmoでは2025年6月から求人サービス「newジョブ」の開発を進めており、その中でHeadless CMSとしてPayloadCMSを採用しました。 本記事では、約半年の本番運用を通じて得た知見を共有します。 newジョブ サイト・トップ なぜHeadless CMSが必要だったか jinzaiチームは少人数で構成されており、以下のような複数の用途に対応する必要がありました。 求人情報の管理・配信 SEO対策のための構造化データ管理 運用チームによるコンテンツ編集 将来的な機能拡張への対応 …

Anthropic, OpenAI, Block, and the Linux Foundation discuss governing MCP together as the new Agentic AI Foundation launches with 50 companies on day one.

Michael Grinich traces MCP's evolution from local file system interface to industry standard, announces the Agentic AI Foundation, and walks through the latest spec updates.

Paul Irish shows how Chrome DevTools' MCP integration lets AI agents parse 15M-line performance traces and debug browser sessions programmatically.

Den Delimarsky demonstrates MCP's new auth flow—Protected Resource Metadata replaces Dynamic Client Registration for zero-config authentication.

Reilly Wood on why structured queries beat freeform commands at scale

Craig Cannon demos the Turbo-Man Tracker at MCP Night, showing how Supabase's MCP server turns natural language into SQL queries in real-time.

Take a look at Core Web Vitals on a real website to see how it could be optimized.

by Manuel SánchezMaybe it has happened to you that you wanted to write some formulas in HTML to display on a website, and even though there are multiple ways to do it, accessibility is often not considered in the process. How the formula is read by screen readers is crucial to ensure that we don't leave anyone behind. And the main assistive technologies are in different stages, as we will see.The web is full of many different and interesting approaches for representing formulas. To name a few, w

<p>OpenAI reportedly <a href="https://www.wsj.com/tech/ai/openais-altman-declares-code-red-to-improve-chatgpt-as-google-threatens-ai-lead-7faf5ea6">declared a "code red"</a> on the 1st of December in response to increasingly credible competition from the likes of Google's Gemini 3. It's less than two weeks later and they just <a href="https://openai.com/index/introducing-gpt-5-2/">announced GPT-5.2</a>, calling it "the most capable model series yet for professional...

There are no browser implementations of mixins yet, nor a fleshed out spec. So perhaps now is the best time to try to understand and opine.

Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.

A look at how we rebuilt GitHub Actions’ core architecture and shipped long-requested upgrades to improve performance, workflow flexibility, reliability, and everyday developer experience.The post Let’s talk about GitHub Actions appeared first on The GitHub Blog.

Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and targeted critical infrastructure including nuclear fuel, uranium and rare earth elements. We outline the tactics they appear to be using and how Cloudflare is protecting customers.

In November, we experienced three incidents that resulted in degraded performance across GitHub services.The post GitHub Availability Report: November 2025 appeared first on The GitHub Blog.

A high severity Denial-of-Service (DoS) vulnerability has been found in React Server Components and Next.js. Deno has implemented mitigations in Deno Deploy. Immediate upgrades are required for other users.