Chrome 145 introduces the column-height and column-wrap properties, enabling us to wrap the additional content into a new row below, creating a vertical scroll instead of a horizontal scroll.Looking at New CSS Multi-Column Layout Wrapping Features originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

We can make puzzle pieces in CSS thanks to the amazing clip-path: shape(). Here, Amit takes it further by making a whole grid of them with matched edges and content inside.

目次 はじめに 課題と前提 Weighted Backend Service によるルーティング制御 ...

<p><strong><a href="https://apps.apple.com/nl/app/google-ai-edge-gallery/id6749645337">Google AI Edge Gallery</a></strong></p>Terrible name, really great app: this is Google's official app for running their Gemma 4 models (the E2B and E4B sizes, plus some members of the Gemma 3 family) directly on your iPhone.</p><p>It works <em>really</em> well. The E2B model is a 2.54GB download and is both fast and genuinely useful.</p><p&g...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-ports/releases/tag/0.2">datasette-ports 0.2</a></p> <blockquote><ul><li>No longer requires Datasette - running <code>uvx datasette-ports</code> now works as well.</li><li>Installing it as a Datasette plugin continues to provide the <code>datasette ports</code> command.</li></ul></blockquote> <p>Tags: <a ...

<p><strong>Release:</strong> <a href="https://github.com/simonw/scan-for-secrets/releases/tag/0.3">scan-for-secrets 0.3</a></p> <blockquote><ul><li>New <code>-r/--redact</code> option which shows the list of matches, asks for confirmation and then replaces every match with <code>REDACTED</code>, taking escaping rules into account.</li><li>New Python function <code>redact_file(file_path: str | Path, s...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/cleanup-claude-code-paste">Cleanup Claude Code Paste</a></p> <p>Super-niche tool this. I sometimes copy prompts out of the Claude Code terminal app and they come out with a bunch of weird additional whitespace. This tool cleans that up.</p><p><img alt="Screenshot of a web tool titled "Cleanup Claude Code Paste" with the subtitle "Paste terminal o...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-ports/releases/tag/0.1">datasette-ports 0.1</a></p> <p>Another <a href="https://gisthost.github.io/?f92d8a6bdadee1c77972b5e51954144e">example</a> of README-driven development, this time solving a problem that might be unique to me.</p><p>I often find myself running a bunch of different <a href="https://datasette.io">Datasette</a> instances wi...

From forged assertions to memory leaks, SAML's XML foundations keep producing serious bugs. Here's what happened and what you should be doing about it.

Most AI agents run with borrowed sessions and far more access than they need. Here's how to replace that with scoped, revocable credentials and tool-level authorization.

<p><strong><a href="https://lalitm.com/post/building-syntaqlite-ai/">Eight years of wanting, three months of building with AI</a></strong></p>Lalit Maganti provides one of my favorite pieces of long-form writing on agentic engineering I've seen in ages.</p><p>They spent eight years thinking about and then three months building <a href="https://github.com/lalitMaganti/syntaqlite">syntaqlite</a>, which they describe as "<a href="https...

AIがコードを書く時代、QAはどう変わるべきか？ Claude Code、Devin、Cursorと ...

<blockquote cite="https://twitter.com/cpmou2022/status/2040606209800290404"><p>From anonymized U.S. ChatGPT data, we are seeing:</p><ul><li>~2M weekly messages on health insurance</li><li>~600K weekly messages [classified as healthcare] from people living in “hospital deserts” (30 min drive to nearest hospital)</li><li>7 out of 10 msgs happen outside clinic hours</li></ul></blockquote><p class="cite">— <a...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/syntaqlite">Syntaqlite Playground</a></p> <p>Lalit Maganti's <a href="https://github.com/LalitMaganti/syntaqlite">syntaqlite</a> is currently being discussed <a href="https://news.ycombinator.com/item?id=47648828">on Hacker News</a> thanks to <a href="https://lalitm.com/post/building-syntaqlite-ai/">Eight years of wanting, three months of building with AI&lt...

<p><strong>Release:</strong> <a href="https://github.com/simonw/scan-for-secrets/releases/tag/0.2">scan-for-secrets 0.2</a></p> <ul><li>CLI tool now streams results as they are found rather than waiting until the end, which is better for large directories.</li><li><code>-d/--directory</code> option can now be used multiple times to scan multiple directories.</li><li>New <code>-f/--file</code> option ...

<p><strong>Release:</strong> <a href="https://github.com/simonw/scan-for-secrets/releases/tag/0.1.1">scan-for-secrets 0.1.1</a></p> <blockquote><ul><li>Added documentation of the escaping schemes that are also scanned.</li><li>Removed unnecessary <code>repr</code> escaping scheme, which was already covered by <code>json</code>.</li></ul></blockquote>

<p><strong>Release:</strong> <a href="https://github.com/simonw/scan-for-secrets/releases/tag/0.1">scan-for-secrets 0.1</a></p> <p>I like publishing transcripts of local Claude Code sessions using my <a href="https://github.com/simonw/claude-code-transcripts">claude-code-transcripts</a> tool but I'm often paranoid that one of my API keys or similar secrets might inadvertently be revealed in the detailed log files.</p><p>I built t...

コーディングエージェントの自動承認の範囲をどこまで許可するかは、ユーザー体験とセキュリティのバランスを取る上で重要な設計指針の1つです。Codex ではサンドボックス機能を提供することで、エージェントが安全に自律的に動作できる環境を実現しています。この記事では、Codex のサンドボックスの仕組みと、サンドボックス外でコマンドを実行する際の承認プロセスについて説明します。

<p><strong>Release:</strong> <a href="https://github.com/simonw/research-llm-apis/releases/tag/2026-04-04">research-llm-apis 2026-04-04</a></p> <p>I'm working on a <a href="https://github.com/simonw/llm/issues/1314">major change</a> to my LLM Python library and CLI tool. LLM provides an abstraction layer over hundreds of different LLMs from dozens of different vendors thanks to its plugin system, and some of those vendors have grown new feat...

スケルトンローダーは、コンテンツが読み込まれる前に表示されるプレースホルダーで、ユーザーに対して読み込み中であることを視覚的に示すためのものです。Boneyard はスケルトンローダーの手動の計測と更新の手間を解消するためのフレームワークです。この記事では、Boneyard を使用してスケルトンローダーを簡単に実装する方法について説明します。

<blockquote cite="https://twitter.com/kdaigle/status/2040164759836778878"><p>[GitHub] platform activity is surging. There were 1 billion commits in 2025. Now, it's 275 million per week, on pace for 14 billion this year if growth remains linear (spoiler: it won't.)</p><p>GitHub Actions has grown from 500M minutes/week in 2023 to 1B minutes/week in 2025, and now 2.1B minutes so far this week.</p></blockquote><p class="cite">— <a href="https:/...

<p><strong><a href="https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/">Vulnerability Research Is Cooked</a></strong></p>Thomas Ptacek's take on the sudden and enormous impact the latest frontier models are having on the field of vulnerability research.</p><blockquote><p>Within the next few months, coding agents will drastically alter both the practice and the economics of exploit development. Frontier model improvement...

<p>A fun thing about <a href="https://simonwillison.net/2026/Apr/2/lennys-podcast/">recording a podcast</a> with a professional like Lenny Rachitsky is that his team know how to slice the resulting video up into TikTok-sized short form vertical videos. Here's <a href="https://x.com/lennysan/status/2039845666680176703">one he shared on Twitter today</a> which ended up attracting over 1.1m views!</p><p><video src="https://static.simonwillison.net/stati...

<blockquote cite="https://lwn.net/Articles/1065620/"><p>On the kernel security list we've seen a huge bump of reports. We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week over the last year with the only difference being only AI slop, and now since the beginning of the year we're around 5-10 per day depending on the days (fridays and tuesdays seem the worst). Now most of these reports are correct, to the point that we had to bring in more maintainer...

<blockquote cite="https://mastodon.social/@bagder/116336957584445742"><p>The challenge with AI in open source security has transitioned from an AI slop tsunami into more of a ... plain security report tsunami. Less slop but lots of reports. Many of them really good.</p><p>I'm spending hours per day on this now. It's intense.</p></blockquote><p class="cite">— <a href="https://mastodon.social/@bagder/116336957584445742">Daniel Stenberg<...

<blockquote cite="https://www.theregister.com/2026/03/26/greg_kroahhartman_ai_kernel/"><p>Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality. It was kind of funny. It didn't really worry us.</p><p>Something happened a month ago, and the world switched. Now we have real reports. All open source projects have real reports that are made with AI, but they're good, and they're real.</p></blockq...

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

デフォルトの `workspace-write` サンドボックスではネットワークアクセスは無効です。外部通信を許可したい場合は、`config.toml` で明示的に有効にします。

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/test-csp-iframe-escape#readme">Can JavaScript Escape a CSP Meta Tag Inside an Iframe?</a></p> <p>In trying to build my own version of Claude Artifacts I got curious about options for applying CSP headers to content in sandboxed iframes without using a separate domain to host the files. Turns out you can inject <code><meta http-equiv="Content-Security-Policy"...

The path to better performance is often found in simplicity.The post The uphill climb of making diff lines performant appeared first on The GitHub Blog.

コーディングエージェントに多く承認を求められると、本当に確認が必要なコマンドの実行を見落とす確率が高まります。Codex には `smart_approvals` という設定があります。これは承認が必要になったとき、その一部をそのままユーザーに投げるのではなく、まず `guardian reviewer` というサブエージェント経由で扱うための実験的な機能です。

Codex では `hooks` を使って、特定のタイミングで任意のコマンドを実行できます。例えば応答が終わるたびに通知したい場合は `Stop hook` を使います。

<p>The Axios team have published a <a href="https://github.com/axios/axios/issues/10636">full postmortem</a> on the supply chain attack which resulted in a malware dependency going out <a href="https://simonwillison.net/2026/Mar/31/supply-chain-attack-on-axios/">in a release the other day</a>, and it involved a sophisticated social engineering campaign targeting one of their maintainers directly. Here's Jason Saayman'a description of <a href="https://github.com/...

ElenaA very handy looking, tiny progressive web components library.The last quiet thingA beautifully composed piece that should serve as a nice reminder to you of both how much "smart" software/devices dominate your time and also how it's not your fault!Font metrics calculator for font-size-adjustDoes exactly what it says on the tin!There’s no need to include ‘navigation’ in your navigation labelsA bit like how you should avoid prefixing alt text with "an image", prefixing/suffixing <nav> ...

TeamPCP weaponized 76 Trivy version tags overnight. The KICS attack followed the same playbook days later. One security control is not enough. Here is how the StepSecurity platform's ten independent security layers work together to prevent credential exfiltration, detect compromised actions at runtime, and respond to incidents across your entire organization before attackers can succeed.

An overview of what's new in language features, frameworks, runtimes, build tools, testing, and more.

HighlightsLanguage-aware rulesESLint v10.2.0 adds support for language-aware rules through the new meta.languages property. Rule authors can now explicitly declare which languages a rule supports, and ESLint will throw a runtime error if that rule is enabled for an unsupported language, as specified by the language configuration option.Here is an example of a rule that only supports the JavaScript language:const rule = { meta: { type: "problem", docs: { description: "Example JavaScript rule", },

Master secure authentication in Laravel from Breeze and Sanctum to enterprise SSO, with production-ready patterns and security best practices.

<p>I was a guest on Lenny Rachitsky's podcast, in a new episode titled <a href="https://www.lennysnewsletter.com/p/an-ai-state-of-the-union">An AI state of the union: We've passed the inflection point, dark factories are coming, and automation timelines</a>. It's available on <a href="https://youtu.be/wc8FBhQtdsA">YouTube</a>, <a href="https://open.spotify.com/episode/0DVjwLT6wgtscdB78Qf1BQ">Spotify</a>, and <a href="https://podcasts.apple.com/us/pod...

In my work with View Transitions over the last several years, I’ve published everything from deep-dive articles, demos, and announcement videos at Google I/O. I’ve also done some more experimental things with it, such as optimizing the keyframes or driving a View Transition by scroll.To turn the lessons from these scattered experiments into something more reusable for both you and me, I’ve bundled the most frequent code patterns into a dedicated package: view-transitions-toolkit.

<p><strong><a href="https://blog.google/innovation-and-ai/technology/developers-tools/gemma-4/">Gemma 4: Byte for byte, the most capable open models</a></strong></p>Four new vision-capable Apache 2.0 licensed reasoning LLMs from Google DeepMind, sized at 2B, 4B, 31B, plus a 26B-A4B Mixture-of-Experts.</p><p>Google emphasize "unprecedented level of intelligence-per-parameter", providing yet more evidence that creating small useful models is one of ...

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-gemini/releases/tag/0.30">llm-gemini 0.30</a></p> <p>New models <code>gemini-3.1-flash-lite-preview</code>, <code>gemma-4-26b-a4b-it</code> and <code>gemma-4-31b-it</code>. See <a href="https://simonwillison.net/2026/Apr/2/gemma-4/">my notes on Gemma 4</a>.</p> <p>Tags: <a href="https://simonwillison.net/tags/gemini">gemi...

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

v2.1.85 で、Claude Code の hooks で if フィールドを指定できるようになりました。if フィールドには、フックが呼び出される条件を指定できます。条件に一致しない場合はプロセス自体が起動しないため、オーバーヘッド削減にもなります。

Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.

Creating rectangles, circles, and rounded rectangles is the basic of CSS. Creating more complex CSS shapes such as triangles, hexagons, stars, hearts, etc. is more challenging but still a simple task if we rely on modern features.Making Complex CSS Shapes Using shape() originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Installation methods transition is now complete, table capabilities significantly expanded, CKEditor AI improved, Export to PDF defaults to v2, and more.

The explosion of AI-bot traffic, representing over 10 billion requests per week, has opened up new challenges and opportunities for cache design. We look at some of the ways AI bot traffic differs from humans, how this impacts CDN cache, and some early ideas for how Cloudflare is designing systems to improve the AI and human experience.

News of RSS' death following the demise of Google Reader has been greatly exaggerated. RSS is alive, well, and as omnipresent as ever. You aren't properly publishing content on the web if you aren't also publishing in syndication formats.This is a general guide designed to help you understand, build, and distribute various formats of web feeds, even if you've never touched them before. We're not going to run through all the uses and details of syndication feeds, because they've been covered ad n

CSS containment lets you isolate layout and paint work to self-contained ‘islands’. Here’s what each contain value does and how to use it safely.

difit はローカルの git 差分を GitHub スタイルのインターフェースで確認できる CLI ツールです。difit-review スキルを使用することでエージェントがコードの変更点にコメントを残した状態で difit を起動できます。この記事では、difit-review スキルを使用してエージェント自身にコードの変更点をコメントしてもらう方法を紹介します。

Supabase hits 100,000 GitHub stars. A reflection on community, open source, and what got us here.

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

A supply chain attack targeting Solidity and Web3 developers has been discovered across three IoliteLabs VSCode extensions (solidity-macos, solidity-windows, and solidity-linux) embedding obfuscated backdoors that download remote payloads and establish persistence on all major platforms. StepSecurity is actively investigating this incident and will publish a full technical analysis with IOCs and remediation guidance shortly.

On March 27, 2026, TeamPCP injected a WAV steganography-based credential stealer into two releases of the telnyx Python SDK on PyPI. The issue was disclosed in team-telnyx/telnyx-python#235. TeamPCP is the same group behind the litellm supply chain compromise three days earlier, identified by a shared RSA-4096 public key, identical encryption scheme, and the tpcp.tar.gz exfiltration signature present in both attacks.

<p>I just sent the March edition of my <a href="https://github.com/sponsors/simonw/">sponsors-only monthly newsletter</a>. If you are a sponsor (or if you start a sponsorship now) you can <a href="https://github.com/simonw-private/monthly/blob/main/2026-03-march.md">access it here</a>. In this month's newsletter:</p><ul><li>More agentic engineering patterns</li><li>Streaming experts with MoE models on a Mac</li><li>Model re...

はじめに こんにちは！PR TIMES第二開発部の加来安東です。 本記事では、AWS CloudTrail の監査ログを Google Cloud（BigQuery）上で分析できるように整備した事例についてご紹介します。 […]

To support enterprise workflows like monitoring systems, triaging support tickets, and automating routine work, AI agents need access to the same sensitive systems employees use, including databases, APIs, SaaS tools, and internal infrastructure. However, many of these systems still rely on shared passwords, API keys, tokens, and other credential-based access paths that are difficult to manage and control. As organizations put agents to work for new use cases and in new environments, IT and secu

Most organizations already have the policies they need in place. The problem is enforcement.Employees must complete security awareness training, contractors must acknowledge updated agreements, and teams must meet compliance requirements. But the systems that track these requirements rarely connect to the systems that control user and device access. As a result, access is granted even when required conditions haven’t been met.That’s why we're excited to announce that 1Password Device Trust can n

Better Townie system prompt, std/oauth, migrating from Clerk to BetterAuth, Deno 2.7.5, and more

API keys, token files, OAuth Device Flow, and Client Credentials compared. A practical guide to choosing the right authentication pattern for your CLI.

How FIDO2 and passkeys use cryptographic domain binding to stop phishing attacks, why SMS and push notification fallbacks destroy your security posture, and what to do about it.

MFA still blocks most automated attacks. But the new generation of AI-powered phishing tools does not send automated attacks. It runs real-time, human-speed session hijacking that MFA was never designed to stop.

AIと不安で眠れない夜。 あ〜〜〜〜〜今日もTwitterのタイムラインはAI、Claude、OpenClaw、エーアイ、Codex、Gemini、ハーネスの話題で持ち切りだわ。なんだよハーネスって。自意識過剰なホモサピエンスがAI様をコントロールできると考えているのか！？奴らの成長速度を考えたら、数年以内に制御できる範囲なんてとっくに飛び出して二足歩行でコンビニ行ってオハヨーのブリュレアイス買って食っとるわ。あれうますぎだろ。 あ〜〜〜〜〜わかってるよ。Twitter呼びは時代遅れだって？そのツッコミも飽きたわ！俺は死ぬまでTwitterって言うからいちいち気にしないでくれ！ ジュニアやミド…

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm/releases/tag/0.1a6">datasette-llm 0.1a6</a></p> <blockquote><ul><li>The same model ID no longer needs to be repeated in both the default model and allowed models lists - setting it as a default model automatically adds it to the allowed models list. <a href="https://github.com/datasette/datasette-llm/issues/6">#6</a></li><li>Improved docu...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-enrichments-llm/releases/tag/0.2a1">datasette-enrichments-llm 0.2a1</a></p> <blockquote><ul><li>The <code>actor</code> who triggers an enrichment is now passed to the <code>llm.mode(... actor=actor)</code> method. <a href="https://github.com/datasette/datasette-enrichments-llm/issues/3">#3</a></li></ul></blockquote&...

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on.The post Securing the open source supply chain across GitHub appeared first on The GitHub Blog.

/fleet lets Copilot CLI dispatch multiple agents in parallel. Learn how to write prompts that split work across files, declare dependencies, and avoid common pitfalls.The post Run multiple agents at once with /fleet in Copilot CLI appeared first on The GitHub Blog.

記事は ics.media へアクセスしてご覧ください。

These are the historical pranks I consider the top 10 most noteworthy, rather than the “best.” You’ll see that some of them crossed the line and/or backfired.Front-End Fools: Top 10 April Fools’ UI Pranks of All Time originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

NGINX Gateway Fabric 2.5.0 is here, and this one is a big deal. The release doubles down on enterprise-grade capabilities while keeping us at the forefront of Gateway API conformance. NGF remains one of the top conformant implementations of the Gateway API spec, and this release reinforces why. Here’s what’s new. Gateway API 1.5 Conformance […]

A deep sniff of the new CSS Olfactive API, a set of proposed features for immersive user experiences using smell.Sniffing Out the CSS Olfactive API originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Eight years ago, we launched 1.1.1.1 to build a faster, more private Internet. Today, we’re sharing the results of our latest independent examination. The result: our privacy protections are working exactly as promised.

Today we are launching the beta of EmDash, a full-stack serverless JavaScript CMS built on Astro 6.0. It combines the features of a traditional CMS with modern security, running plugins in sandboxed Worker isolates.

DockerfileやComposeファイルのイメージ参照に@sha256:<digest>を自動で追加するCLIツール dockerfile-pin を作りました。GitHub: azu/dockerfile-pinなぜ作ったかtrivyへのサプライチェーン攻撃などの事件を見ていると、次に狙われるのはDocker Hubかなと思ったのがきっかけです。CIでDocker Hubへのpushをしているケースは多いので、そこに悪意あるコードが混入する事件は今後も起きるだろうと思っています。Dockerイメージのタグ（例：node:20）はデフォルトで可変（mutable）です。同じタグ名で中身を上書きできるため、悪意ある第三者がレジストリへのアクセスを得た場合、既存タグに対して改竄されたイメージをpushできます。Can a Docker Hub tag have its content changed? - Docker Community ForumsDocker Hubなどのレジストリは安全とは限りません。npmのようにトークンの制限が厳しくなっていたり、デフォルトでタグ...

Design principles with references, examples, and methods for quick look-up. Brought to you by Design Patterns For AI Interfaces, **friendly video courses on UX** and design patterns by Vitaly.

デザインデータ（Figma）v2.11.1を公開しました。

テキストエリアに文字数カウンターを追加。プログレスインジケーターを新規追加。

本ウェブサイトのソースコードの可読性を向上しました。

We’re excited to announce that RSS feed support for blog.jetbrains.com and all JetBrains product blogs is now generally available. After months of development and rigorous testing across 47 RSS readers on 6 platforms, we’re proud to deliver a reliable, standards-compliant way for you to read JetBrains content in the environment of your choice. What You […]

Browse Supabase docs with grep, find, and cat.

株式会社はてなに入社しました 株式会社はてなに入社しました - hitode909の日記

Claude Code のスキルが数十個に増えてきたのですが、全員に一律で適用されるのがつらくなってきたので、Plugin Marketplace を使ってオプトイン配布に移行しました。 スキルが増えると何が起きるか Claude Code のスキルは .claude/skills/ に配置すると、リポジトリを開いた全員に適用されます。数個なら問題ないのですが、数十個に増えてくるとスキルの description マッチングで意図しないスキルまで発火するようになってきました。QA 向けのスキルがバックエンドエンジニアの作業中に反応したり、フロントエンド向けのスキルがインフラの作業で発火したりと…

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-extract/releases/tag/0.3a0">datasette-extract 0.3a0</a></p> <ul><li>Now uses <a href="https://github.com/datasette/datasette-llm">datasette-llm</a> to manage model configuration, which means you can control which models are available for extraction tasks using the <code>extract</code> purpose and <a href="https://github.com/datasette/datasette-l...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-enrichments-llm/releases/tag/0.2a0">datasette-enrichments-llm 0.2a0</a></p> <blockquote><ul><li>This plugin now uses <a href="https://github.com/datasette/datasette-llm">datasette-llm</a> to configure and manage models. This means it's possible to <a href="https://github.com/datasette/datasette-enrichments-llm/blob/0.2a0/README.md#configuration">sp...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm-usage/releases/tag/0.2a0">datasette-llm-usage 0.2a0</a></p> <blockquote><ul><li>Removed features relating to allowances and estimated pricing. These are now the domain of <a href="https://github.com/datasette/datasette-llm-accountant">datasette-llm-accountant</a>.</li><li>Now depends on <a href="https://github.com/datasette/datasette-l...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm/releases/tag/0.1a5">datasette-llm 0.1a5</a></p> <blockquote><ul><li>The <code>llm_prompt_context()</code> plugin hook wrapper mechanism now tracks prompts executed within a chain as well as one-off prompts, which means it can be used to track tool call loops. <a href="https://github.com/datasette/datasette-llm">#5</a></li></ul&gt...

こんにちは。LINEヤフー株式会社で認証・認可基盤Athenzの開発・運用を担当している金 廷祐（Kim, Jeongwoo）です。この記事では、AIエージェントがさまざまなサービスと連携する際のトー...

We analyzed 1,140 early-stage funding rounds in developer tools, cybersecurity, and infrastructure from January 2025 through March 2026. Here are the top VCs and investors writing checks, the metrics that got companies funded, and the exact person to email based on what you're building.

React Admin is a great framework to build admin interfaces. However we can do better, we can do simpler, we can do faster. How? By leveraging the power of old and robust technology: COBOL.

This month, a new best practices guide was added to the Svelte docs. Check it out, if you haven't already!On the code side, the Svelte MCP got even easier to use with improvements to the official OpenCode package. Combined with the improvements to svelte.config.js, server-side error boundaries in SvelteKit and better types all around, this month is full of great improvements!As always, there's plenty in the showcase too!What's new in Svelte and SvelteKitMCP: Svelte's OpenCode config can now be f

A hijacked maintainer account, a hidden trojan, and a two-hour window that put millions of projects at risk. Here's the full story and how to protect yourself.

AI agents don't have phones, fingerprints, or sessions. The identity infrastructure they need looks nothing like what we built for humans.

What they are, how they work, and why modern password security has moved beyond them.

A practical comparison of the leading multi-factor authentication solutions: what they're good at, where they fall short, and how to choose the right one for your stack.

Send Playwright test runs to Checkly with traces, videos, screenshots, flaky test visibility, and session history, then take key tests into monitoring.

Today, alongside our colleagues at Google and Mozilla, we announced JetStream 3.0, a major update to the cross-browser benchmark suite.

I used coding agents to build agents that automated part of my job. Here's what I learned about working better with coding agents.The post Agent-driven development in Copilot Applied Science appeared first on The GitHub Blog.

There is a category of apps that help record short-form videos, mostly screencasts. For those of you who work on products that you need to showcase/teach people how to use, video can be super effective. Here’s a list of the ones I’ve seen for reference: I’ve been trying them out for videos like this, but […]

Short n’ sweet but ever so neat, this issue covers light/dark favicons, @mixin, anchor-interpolated morphing, object-view-box, new web features, and more.What’s !important #8: Light/Dark Favicons, @mixin, object-view-box, and More originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Magic Transit customers can now program their own DDoS mitigation logic and deploy it across Cloudflare’s global network. This enables precise, stateful mitigation for custom and proprietary UDP protocols.

With the new month just around the corner, could there be a better occasion to freshen up your desktop? If you’re looking for some unique and inspiring wallpapers to accompany you on all those adventures that April may bring — and maybe spark some new ideas, too — well, this post has got you covered.

Codex プラグインを使用すると、Claude Code から Codex を呼び出してコードレビューをしたり、タスクを委任するといったことが簡単にできるようになります。この記事では、Codex プラグインの使用方法と、どのような方法で Codex を呼び出しているのかといった内部の仕組みについて紹介します。

「カミナシ レポート」の開発・運用をしている、AWS インフラが得意な Security Engineering の furuya です（属性過多）。妙に流行り物に乗っかるときがあるのですが、「超かぐや姫!」を見てきました。よかったです。それはさておき今回は「カミナシ レポート」の開発におけるセキュリティ向上施策のお話です。 カミナシでは開発チームに Security Engineer を派遣する取り組みがあります。 kaminashi-developer.hatenablog.jp 気がつけば、この記事の公開から1年が経過していました。ここでそれを振り返ってみたいと思います。 サービスにおけ…

話すこと LLM プロバイダー（Azure OpenAI / Vertex AI / Anthrop ...

こんにちは！ サイボウズ株式会社 デザインテクノロジストの saku (@sakupi01) です。 はじめにサイボウズは 2025 年 4 月より、W3C のメンバーに加入しました。https://blog.cybozu.io/entry/joining-w3c標準化プロセスに関わることができるようになるための最初の一歩として、フロントエンドエンジニアの一部のメンバーは積極的に Web 標準のキャッチアップを行っています。そこで、毎月メンバーが興味を持った Web 標準に関する話題や、実際に標準化プロセスに関わることができた場合にはその報告などを 1 つの記事としてまとめ、...

A supply chain attack on Axios introduced a malicious dependency, [email protected], published minutes earlier and absent from the project’s GitHub releases.

こんにちは。 AI 事業本部 AI クリエイティブカンパニー BPO 事業部のエンジニアの佐藤 (@ ...

こんにちは。LINEヤフー研究所の大神と田口です。パスワードを使わない認証方法として、「パスキー（Passkey）」を目にする機会が増えてきました。パスキーを使う認証（パスキー認証）では、端末の画面ロ...

こんにちは、PR TIMESでインターンをしている笹山雷雅です。 レビュー中や検証中に、いま触っているブランチをそのまま残したまま、別ブランチの挙動を確認したくなる場面は少なくありません。 ただ、git switch を […]

March 2026 - Astro 6, CloudCannon CMS Partnership, Astro Together London, and more!

At 1Password, our mission is simple: to protect people’s most critical information, their credentials. At the time of writing this post, I personally have 291 items in my vault, so the long-term confidentiality of this data is critical to myself and every 1Password user. We are thrilled to announce the first major milestone in our post-quantum cryptography (PQC) journey, the successful deployment of PQC on 1Password’s web application. If you’re using a PQC-capable browser, such as Chrome or Fire

Most organizations can tell you which apps sit behind SSO. Far fewer can tell you what other apps teams are using, or who has access to the credentials.Shared and sensitive non-SSO logins remain some of the hardest access paths to govern. Credentials are often tied to individuals, scattered across vaults and browsers, and difficult to rotate or revoke when roles change. For many teams, this creates a gap in their Zero Trust strategy.For the last several months, we’ve been hard at work connecting

March always seems to be my life’s busiest month.Things I wrote and made“The two kinds of error”: in my mind, software errors are divided into two categories: expected and unexpected errors. I finally wrote up this idea I’ve had for a long time.“All tests pass” is a short story about a strange, and sorta sad, experience I had with a coding agent.Inspired by others, I published a disclaimer about how I use generative AI to write this blog. My main rule of thumb: the final product must be word-for

Cookie syncing and credential injection get agents past login screens, but they break every security assumption your app relies on.

How to design AI agents that do less, prove more, and stay within boundaries your security team can actually audit.

目次 はじめに 背景と課題 避難訓練の全体像 GUIベースのツールを選定した理由 AIによるシナリオ ...

Learn how to secure your projects and keep them safe with GitHub Advanced Security.The post GitHub for Beginners: Getting started with GitHub security appeared first on The GitHub Blog.