はじめに こんにちは、University of British Columbia 学部4年の保井祐 ...

<p><strong><a href="https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/">Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked</a></strong></p>I had trouble believing this story was true, but I've seen it verified from multiple sources now:</p><blockquote><p>One video shows a hacker starting a conversation with Meta’s AI support bot an...

Mythos has real edges in exploit chain construction. But for most AppSec work, the harness around the model matters more than which model you pick.Category: Engineering

Elastic build machines now monitor your build's memory usage and automatically adjust to prevent out-of-memory (OOM) failures:Thresholds are set conservatively to balance deployment reliability and cost. Vercel only considers your build's memory usage, not the memory used by Vercel's own build infrastructure.Enable elastic builds in your or , or read the .team settingsproject settingsdocsRead moreIf your build is fast but memory-intensive, we will no longer downgrade you to a smaller machineIf y

Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install. The affected versions span multiple packages across the RedHat Cloud Services frontend ecosystem. The payload is a sophisticated multi-stage credential harvester that targets GitHub Actions secrets, AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm tokens, and CircleCI tokens

We investigated why firmware updates were causing our core servers to take four hours to reboot. By diving into UEFI data structures and iPXE automation, we eliminated unnecessary timeouts and cut boot times back down to minutes.

Connection, collaboration, and trust are the lifeblood of healthy community culture. NGINX Gateway Fabric and NGINX Ingress Controller were (and are) developed with open source community as a priority. From code contributions to critical comments, community participation has shaped the present and future of NGINX open source projects, and the future of technology. Today, I’m excited to highlight two recurring opportunities to engage directly […]

You can style the "on the way in" and "on the way out" styles for elements, even when they are moving to/from display: none;. Yay.

Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.Category: Vulnerabilities & Threats

A mini Shai-Hulud campaign compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installation.

The TBT Window is the FCP-to-TTI interval used to calculate Total Blocking Time. If FCP or TTI moves, TBT can change even when long tasks do not.

A working-with-me guide for new teammates, covering how I communicate, lead, give feedback, and build trust on engineering teams.

Qwen 3.7 Plus from Alibaba is now available on .Vercel AI GatewayThe model unifies vision and language into a single agent foundation, with capabilities spanning GUI and CLI operation, coding and productivity workflows with full-modality input, and visual agent tasks including perception and reasoning. It is designed to generalize across diverse agent harnesses.To use Qwen 3.7 Plus, set model to in the .alibaba/qwen-3.7-plusAI SDKAI Gateway provides a unified API for calling models, tracking usa

<p>I just sent out the May edition of my <a href="https://github.com/sponsors/simonw/">sponsors-only monthly newsletter</a>. If you are a sponsor (or if you start a sponsorship now) you can <a href="https://github.com/simonw-private/monthly/blob/main/2026-05-may.md">access it here</a>.</p><p>This month:</p><ul><li>Al got expensive, and Anthropic had a really good month</li><li>The model releases were a little disappointing&...

newmoのフロントエンド開発では、複数の機能を持つ単一のNext.jsアプリケーションを開発しています。このアプローチは、コードの共有やCIの管理といった面でメリットがある一方で、PlaywrightテストのCI実行における安定性とテスト時間という2つの課題を抱えていました。 この記事では、newmoで実施したPlaywright CI最適化の取り組みについて紹介します。 Docker Image導入によるセットアップの安定化と、テスト分割とShardingによる実行時間の短縮という2つのアプローチを実施しました。 結論を先に述べると、Docker Image化でセットアップ起因のCI失敗を…

こんにちは。フロントエンドエンジニアの桐澤（@kiririLee）です。 PR TIMESは、フロントエンド・PHPカンファレンス北海道2026にプラチナスポンサーとして協賛いたします。また、同イベントに当社から2名のエ […]

本記事では Deepgram Flux Multilingual の EoT 検出に焦点を当てますが ...

This release focuses on giving you more control over how tasks are organized, referenced, and

Sansec is proud to add Sylius to our list of supported platforms. Sansec eComscan now integrates with Sylius 1 and Sylius 2 and will run deep searches to hunt for malware & vulnerabilities.Whi...

This month we got a bunch of improvements in SvelteKit's forms and remote functions. Plus, a new query function (.live(...)) that makes accessing real-time data from the server easier.Keep an eye out for a few breaking changes in remote functions, if you're using those. Otherwise, enjoy all the new SvelteKit features and bug fixes in the latest versions of Svelte.Let's dive in!What's new in SvelteKitForm submit now returns a boolean to indicate submission validity for enhanced remote forms (2.57

now supports OIDC authentication and is the default setting when connecting new projects.Vercel BlobVercel-issued OIDC tokens are short-lived and rotate automatically, so you no longer need a long-lived .BLOB_READ_WRITE_TOKENTo upgrade an existing store, first update your project to use the latest , then navigate to the under your Blob store and select Upgrade to OIDC from the project's context menu.@vercel/blobProjects tabFunctions running on Vercel receive the token automatically and authentic

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a32">datasette 1.0a32</a></p> <p>A minor bugfix release. Fixes a bug with <code>INSERT ... RETURNING</code> queries via the <a href="https://datasette.io/blog/2026/sql-write-queries/">new /db/-/execute-write endpoint</a> and a bunch of <a href="https://docs.datasette.io/en/latest/settings.html#setting-base-url">base_url</a> issue...

カミナシ ID管理基盤ではログストレージにCloudWatch Logsを使っていましたが、サービスの成長に伴いコストに悩んでいました。この記事では、私たちが実践したAmazon S3 Tables（以下、S3 Tables）を使ったログストレージの構築と移行、そのコスト最適化効果について書きます。

The North Korean malware loader hides in a Packagist-listed package and its GitHub branch to fetch and execute remote code in a likely Contagious Interview-style lure.

<p><strong><a href="https://thoughts.hmmz.org/2026-05-31.html">The solution might be cancelling my AI subscription</a></strong></p>I find this post by David Wilson very relatable. David lists 16+ projects he's spun up with AI tooling, and concludes:</p><blockquote><p>I didn't mean to build most of these things. Usually the Claude session started with something like "<em>write a quick script for X</em>", and one hour later the res...

プレイドの解析基盤として様々な仕組みを備えた内製OLPA DB milaの開発に携わり、多くのことを学びました。この記事では、インターンでの取り組みと学びを振り返ります。

OpenAI の Secure MCP Tunnel を利用すると、プライベートな MCP サーバーをパブリックなインターネットに公開することなく OpenAI のプロダクトに接続できるようになります。この記事では Secure MCP Tunnel を試してみた様子を紹介します。

Let’s kick off June — and the beginning of summer — with some fresh inspiration! Artists and designers from across the globe once again tickled their creativity to welcome the new month with a new collection of desktop wallpapers. Enjoy!

MiniMax M3 is now available on .Vercel AI GatewayM3 is MiniMax's first model with a 1M-token context window and native multimodality, built around MiniMax Sparse Attention (MSA).M3 improves on software engineering, terminal-based tool use, and agentic web browsing, and is tuned for multi-turn collaboration.To use MiniMax M3, set model to in the .minimax/minimax-m3AI SDKPass an image alongside a prompt to use M3's multimodal input:AI Gateway provides a unified API for calling models, tracking usa

The Rust project is moving toward formal rules on LLM use in contributions after months of internal debate over maintainer burden, code quality, and contributor experience.

<blockquote cite="https://www.reuters.com/commentary/breakingviews/anthropic-gives-lesson-ai-revenue-hallucination-2026-03-10/"><p>Anthropic defines “run-rate revenue” in two parts. Use the last 28 days of sales ⁠from customers charged on a consumption basis and multiply it by 13. Then, multiply the monthly subscription take by 12, ​and add the two together.</p></blockquote><p class="cite">— <a href="https://www.reuters.com/commentary/breakingviews/ant...

May 2026 - A new Astro jobs board, TinaCMS makes Astro their default template, experimental advanced routing, and more!

Lynx 3.8 starts the monthly release cadence with WebAssembly on Android, adaptive layout and text fitting, HarmonyOS SessionStorage, LynxEngine reuse, and DevTool protocol support.

Servo 0.2.0 contains all of the changes we landed in April, which came out to yet another record 534 commits (March: 530).For security fixes, see § Security.Note: the GitHub release is available now, but the crates.io release is not yet complete.We expect to publish it some time next week.`, ``, ‘::details-content::before’ and ‘::details-content::after’, and ‘color-mix()’ with any number of colors" />We’ve shipped several new web platform features:<select multiple> (@lukewarlow, @mrobin...

<p><strong><a href="https://www.anthropic.com/engineering/how-we-contain-claude">How we contain Claude across products</a></strong></p>A complaint I often have about sandboxing products is that they are rarely thoroughly <em>documented</em>, and in the absence of detailed documentation it's hard to know how much I can trust them.</p><p>Anthropic just published a fantastic overview of how their various sandbox techniques work across &lt...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/pyodide-asgi-browser#readme">Running Python ASGI apps in the browser via Pyodide + a service worker</a></p> <p><a href="https://lite.datasette.io/">Datasette Lite</a> is my version of Datasette that runs entirely in the browser using Pyodide in WebAssembly.</p><p>When I first built it <a href="https://simonwillison.net/2022/May/4/datasette-lite...

<p><strong><a href="https://openpath.quest/2026/i-am-retiring-from-tech-to-live-offline/">I Am Retiring from Tech to Live Offline</a></strong></p>I've seen a lot of posts on forums from people threatening to quit their careers over AI. This is <em>not</em> one of those: Chad Whitacre is taking concrete steps, starting with this typewritten, scanned letter</p><blockquote><p>I'm retiring from tech. Well, "retiring" is euphemistic. ...

<blockquote cite="https://mastodon.social/@danielpunkass/116639318125898071"><p>My take on AI is, essentially, everybody who’s against it is too against it and everybody who’s for it is too for it.</p></blockquote><p class="cite">— <a href="https://mastodon.social/@danielpunkass/116639318125898071">Daniel Jalkut</a>, via <a href="https://daringfireball.net/linked/2026/05/30/jalkut-on-ai">John Gruber</a></p> <p>Tags: &lt...

俺は人間静的検査器・susisu。 幼馴染で同級生の undefined とインターネットに遊びに行って、Stage 3 Decorators の怪しげな進捗状況を目撃した。 資料を作るのに夢中になっていた俺は、背後で進んでいた Stage 2.7 への降格に気づかなかった。 はい. 登壇 去年に引き続き TSKaigi 2026 で登壇してきました. いつもありがとうございます. 2026.tskaigi.org タイトルは Stage 3 Decorators となっていますが, 冒頭の通り実は登壇の直前に Stage 2.7 に降格されていました. 聞かれていた方はわかると思うんですが,…

My blog turned 16 this month! I did nothing to celebrate, but made some little tools and clicked some links about tech ethics.Things from me this monthI published four little tools this month:ZIP Shrinker, a web app that shrinks ZIP files with higher compression ratiosA command line tool to do (completely offline) translationOpen Link in Unloaded Tab, a Firefox extension to open links without loading thempng-cmp, a command line tool to compare PNG pixel dataI also did some work on Helmet, my ope

NGINX Ingress Controller 5.5 is a focused, community-driven release. It brings new capabilities, expanded Kubernetes Ingress support, a significant startup performance improvement at scale, and more annotations to ease migrations from ingress-nginx. Here’s what’s new. External Authentication for Ingress and VirtualServer What’s new?: External Authentication is now supported for both Ingress and VirtualServer resources. Based […]

AlphaEvolve is a Google DeepMind algorithm-discovery system that uses Gemini to generate, test, and refine possible algorithm improvements. Its job is not to answer questions; it searches for faster ways to solve complex algorithmic problems. We tried it on a narrow but important part of IntelliJ-based IDEs: indexing, the background work that makes navigation, search, […]

There are quite a few "gotchas," developers face when getting into the new @function syntax of CSS. Some are getting addressed!

musiqSome web components that render piano keys and guitar fretboards in various configurations. Handy for educators!ApheraThis is looking like a genuine challenger for Adobe Lightroom.Media queries range syntaxA very concise explainer on this ever-useful syntax by one of the best in the biz at explaining CSS syntax.You probably shouldn’t be annotating focus orderOne of the best overviews of dealing with focus well in UI design/development we've seen out there.Using safe-area-inset to build mobi

Claude Code v2.1.154 で Dynamic Workflow と呼ばれる機能が追加されました。Dynamic Workflow は数時間から数日かかるような大規模な作業を実行するために設計されています。ワークフローは JavaScript で定義され、複数のサブエージェントをオーケストレーションすることができます。この記事では Claude Code の Dynamic Workflow を試してみた様子を紹介します。

こんにちは。Webエンジニアのotariidaeです。 STORES の一部システムでReActionViewをレンダリングエンジンに採用しました。この記事ではその導入の経緯と過程をご紹介します。 RubyKaigi 2026会場で導入を決意 ReActionViewはActionView互換のERBエンジンです。Herbツールチェーンを基盤としているため、HTMLとERBの構造を統一的に解析できるのが特長です。 最初にReActionViewを知ったのは昨年のKaigi on Rails 2025でした。作者のMarco氏のトークを聞いて強く惹かれたものの、当時はリリース直後の新しいツールで…

are moving from package-based to per-unit pricing for Pro and new Enterprise customers. You’ll continue paying the same effective rate until the end of your current billing cycle. you’ll be billed per unit to align costs directly with your usage.Function invocationsStarting with your next billing cycleThe new rate is $0.0000006 per invocation (previously $0.60 per 1M invocations) for Pro customers.Per‑unit billing scales more smoothly across team sizes and usage patterns. It also helps teams on

皆さんこんにちは。恒例となったReact習熟度ベンチマークシリーズです。今回はClaude Opus 4.8がリリースされたことを受け、Opus 4.7との比較を行いました。!記事の初版ではOpus 4.7の差分を+0.93と紹介していましたが、追試（複数回の再走）を行った結果結論が変わったため、記事を改訂しています。これまでの記事はこちらです。https://zenn.dev/uhyo/articles/react-profession-bench-1https://zenn.dev/uhyo/articles/react-profession-bench-2https:...

Discover some of the interesting features that have landed in stable and beta web browsers during May 2026.

HTTP requests are inexpensive. Vercel charges ~$2/million, a fraction of a cent per call. But a single prompt to an agent on a frontier model can cost $2, making AI a million times more expensive, and inference theft one of the highest-margin businesses an attacker can run. We have seen this type of attack on our own APIs.If you have AI endpoints exposed to the internet, the risk of abuse is high and can easily run up bills in the tens of thousands of dollars or more.Protecting those endpoints r

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a31">datasette 1.0a31</a></p> <p>Another significant alpha release, with two new headline features.</p><blockquote><p>Datasette now offers users with the necessary permissions the ability to both <strong>execute write queries</strong> against their database and to <strong>save stored queries</strong> (renamed from "canned q...

<p>The most interesting thing about <a href="https://www.anthropic.com/news/series-h">Anthropic's $65B Series H announcement</a> is this line (emphasis mine):</p><blockquote><p>Since our Series G in February, adoption has continued to grow across global enterprise customers, and our run-rate revenue crossed <strong>$47 billion</strong> earlier this month.</p></blockquote><p>Anthropic have made a bit of a habit of sharing their "r...

now supports installing and running Docker inside a sandbox. An agent can build containers, install system packages, and modify files without touching your host system.Vercel SandboxInstall Docker, start the daemon, and serve a containerized application:Docker in a Sandbox is useful for running containerized services like Redis or Postgres as test dependencies, validating container images before deploying, or previewing applications served from a container. Combined with , the Docker installatio

now allow opening and binding to port 8080 as an . Vercel Sandboxesingress domainThis port was used as a controller port, and that has now moved to port 23456.Learn more about Sandbox in the .documentationRead more

The Ember project is excited to announce the release of Ember v7.0. Following Ember's Major Version Policy, the major includes only the removal of features that were deprecated until 7.0 as well as other bugfixes. This release of Ember.js means the previous version, 6.12, is now an LTS (Long Term Support) version.When it comes to introducing new features, Ember generally aims to ship new features in minor releases, offering backwards compatibility for existing code at the same time as giving dev

Bug Fixese557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)Documentation61b0add docs: remove deprecated rule from related rules of ma

Note: This blog is a recap of 1Password’s recent webinar, “The unmanaged stack: Governing SaaS apps and AI tools outside SSO.” Head here to watch the complete webinar recording.In the constantly evolving world of enterprise tech, there’s one thing that IT and security teams have always been able to count on: users won’t follow policy if they think it’s standing in the way of their productivity. Case in point: 1Password’s most recent annual report found that 52% of employees have downloaded apps

May was A&PI Heritage Month, and at 1Password, we're proud to shine a light on the people who bring these perspectives to life in our work and help shape our culture every day.This year, we decided to spotlight Stephanie Cheng, Senior Customer Trainer and a leader within our A&PI Employee Resource Group. With over five years at 1Password, Stephanie has built her career around helping people feel capable, confident, and supported, whether she's onboarding a new customer or creating space ...

「それ本当にMVP？」AI時代にプロダクトが巨大化する理由をふりかえる おはようございます。シャトレーゼに入ったときのいい匂いの根源がなにか気になっている daipresents です。あれ、ほんとなんの匂い？ この1年、AIがとてつもないスピードで進化しており、活用するエンジニアもどんどん進化しているように感じています。 僕は「カミナシ 教育」と「カミナシ 従業員」の2プロダクトにかかわっているのですが、「小さく作ったつもりが、結果的に大きくなっちゃった」というケースが、立て続けでありました。 もしかしたら「AIの登場によって、MVPも巨大になってしまっているのではないか？」と感じたので、ふ…

WorkOS skills are now in Claude's plugin marketplace. Here's what that means for how developers discover and adopt API tooling.

<p>Anthropic shipped <a href="https://www.anthropic.com/news/claude-opus-4-8">Claude Opus 4.8</a> today. My favourite thing about it is this note in the release announcement:</p><blockquote><p>Users will find Opus 4.8 to be a modest but tangible improvement on its predecessor. There’s still more to be done: we’re working on developing and releasing models that provide many of the same capabilities as Opus at a lower cost.</p></blockquote><p>...

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-anthropic/releases/tag/0.25.1">llm-anthropic 0.25.1</a></p> <blockquote><ul><li>New model: <a href="https://www.anthropic.com/news/claude-opus-4-8">Claude Opus 4.8</a> (<code>claude-opus-4.8</code>).</li><li>New <code>-o fast 1</code> option for <a href="https://platform.claude.com/docs/en/build-with-claude/fast-mode">fas...

はじめに こんにちは、 Data Science Center（DSC）佐藤弓之介です。 ABEMA ...

A short, clear, engaging website that explains how diamonds are made by Jaydip Sanghani. Several facts in there I just didn’t know at all until now, like how many diamonds have a tiny serial number carved onto them. I think it’s nice to showcase websites that do things that websites really do best. I’d maybe […]

A practical guide to migrating auth at scale — the CLI workflow, transparent proxy approach for 15+ SSO connections, and webhook sequencing above 200K users.

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/markdown-svg-renderer">markdown-svg-renderer</a></p> <p>A slightly customized Markdown rendering tool with special treatment for fenced code SVG blocks - it both renders the image and provides a tab for switching to the code view.</p><p>You can paste in Markdown or give it a URL to a CORS-enabled Markdown file or Gist. <a href="https://tools.simonwillison.net/markdown-svg-...

A week after we shipped auth.md, developers have published spec-compliant files, partners have endorsed it, and the ecosystem is aligning.

The ESC collection lets you escape the confines of your desk and get out into the sun where good ideas are bound to happen.The post Still a developer. Just outside. Our latest GitHub Shop collection is here. appeared first on The GitHub Blog.

A malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry.

Here’s how we built Town Lake, Cloudflare's unified analytics platform, alongside Skipper, an internal AI agent running on top of it.

MDM tools like Jamf and Kandji are essential but they don't see npm installs, IDE extensions, or AI coding tools. Here's what's actually unprotected on your developer machines and how to close the gap.Category: Guides & Best Practices

Seventy percent of websites still fail basic WCAG contrast checks in 2025. After years of design system tooling, accessibility linters, and JavaScript libraries, nothing moved the needle. We didn’t need better libraries. We needed better CSS. `contrast-color()` is that better CSS.

The ::checkmark pseudo-element was introduced in CSS Form Control Styling Module Level 1 and it’s a powerful CSS feature to say the least. I even wrote about it as an almanac entry for CSS-Tricks in 2025 to share what this pseudo-element can do.The CSS ::checkmark pseudo-element is used to style the checked state of input elements with checkers including the <select> dropdown, checkboxes, and radio buttons. There’s one problem: at the time of writing, ::checkmark lacks browser support on t...

Claude Opus 4.8 is now available on .Vercel AI GatewayClaude Opus 4.8 is built for long-horizon agentic execution and handles complex, multi-step coding tasks like refactors that previously required human correction mid-task. The model also produces clearer, less hedgy prose for knowledge work like drafting documents, analyzing data, and building presentations.To use Opus 4.8, set model to in the .anthropic/claude-opus-4.8AI SDKAI Gateway provides a unified API for calling models, tracking usage

こんにちは。Webエンジニアのotariidaeです。 ERBの静的解析、していますか？ Ruby on Railsを採用したシステムでも、最近ではフロントエンドはReactなどのUIライブラリで書くことが多くなりましたが、Railsの標準であるERBも引き続き使われています。 AIがソフトウェアの実装者になった現代において、アンチパターンや見落としやすい問題を弾く仕組みはますます重要です。そこで便利なのがHerb Linterです。 Herb Linterとは Herb Linterは、ERBツールチェイン Herbで構築された静的解析ツールです。先日のRubyKaigi 2026で作者のM…

Astro 6.4 introduces a new pluggable Markdown processor API, a Rust-based Markdown processor for faster builds, and helpers to wire up experimental advanced routing with Cloudflare.

At 1Password, our Jewish 'Bits Employee Community Group exists to create space for Jewish employees and curious allies alike to connect, learn, and show up authentically. For Jewish Heritage Month this May, we wanted to spotlight Nicole Smith, Staff Project Manager and lead of our Jewish 'Bits ECG.In her four years at 1Password, Nicole has been someone people turn to when the work gets complicated, because she builds trust that makes honest conversations possible. That same instinct to lead with

How to build a custom, language-aware SDK generator from an OpenAPI spec using oagen's typed intermediate representation.

Your beforeLoad guard does not protect your server functions. A complete guide to authentication in TanStack Start, from server functions and sessions to enterprise SSO.

Learn how to set up performance budgets to monitor Core Web Vitals and other key metrics such as Time To First Byte and First Contentful Paint.

Slop is born from unverified code. Here's a pipeline of increasingly independent gates, from cross-model review to deterministic audits to manual QA, where each gate is harder to talk its way past than the one before.

AI Gateway now supports a team-wide provider allowlist. Teams can restrict which providers can serve requests, so traffic only routes to approved providers. The allowlist applies to every request through AI Gateway, including Bring Your Own Key (BYOK) traffic.Regulated teams typically vet AI providers across multiple dimensions with security and legal sign-off, ending up with a vendor set that reflects the specific requirements of their org. The allowlist turns that approved-vendor list into a r

is now available in the , with guided setup and automatic project configuration built into the Vercel dashboard.Amazon OpenSearch ServerlessVercel MarketplaceBy bringing Amazon OpenSearch Serverless into the Vercel Marketplace, teams benefit from a unified workflow:This integration is powered by the next generation of Amazon OpenSearch Serverless APIs, with Vercel participating as a key design partner alongside AWS during development.To help you get started, you can create a new AWS Account dire

<p><strong><a href="https://github.com/sqlite/sqlite/blob/master/AGENTS.md">sqlite AGENTS.md</a></strong></p>SQLite gained an AGENTS.md file <a href="https://github.com/sqlite/sqlite/commit/a1e5778889252d2609a59fd9b819d70392c5789e">five days ago</a> - but it's not intended for their own development, it's presumably aimed at people who are pointing agents at the SQLite codebase. It includes:</p><blockquote><p>SQLite does not accep...

A polished Codex remote UI, the npm package codexui-android, has active development and thousands of weekly users. It has been quietly exfiltrating OpenAI auth tokens for the past month.Category: Vulnerabilities & Threats

Feross Aboukhadijeh joins TBPN to discuss Socket's $60M Series C, 500%+ ARR growth, AI's impact on open source, and the rise in supply chain attacks.

Fragmented AI tools are costing enterprise teams more than they realise. Learn how tool sprawl creates governance risk, inconsistent outputs, and poor AI ROI.

Cloudflare Radar data confirms early indications of a partial Internet restoration in Iran, nearly three months after the shutdown began. Traffic spikes and DNS queries have risen, but network activity is currently just 40% of pre-shutdown levels.

<p>Anthropic are <a href="https://techcrunch.com/2026/05/20/anthropic-says-its-about-to-have-its-first-profitable-quarter/">strongly rumored</a> to be about to have their first profitable quarter. Stories <a href="https://www.theinformation.com/newsletters/applied-ai/uber-cto-shows-claude-code-can-blow-ai-budgets">are circulating</a> of companies surprised at how expensive their LLM bills are becoming from usage by their staff. I think this is because OpenAI and An...

Compare the Top GitGuardian Alternatives for secrets scanning in 2026. See where Aikido Security, GitHub Secret Protection, TruffleHog, Gitleaks, Semgrep, Snyk, Cycode, Checkmarx, and GitLab fit best.Category: DevSec Tools & Comparisons

Cloud9 and JetBrains have been working together on projects that connect software development and esports, from the Sky’s The Limit hackathon to custom tools built for live events, podcasts, and team content. One of the latest results of this collaboration is Cloud9 JetStream, a custom theme for JetBrains IDEs. The theme brings Cloud9’s visual identity […]

There is no `anchor` attribute in HTML, it was decided CSS `anchor-name` / `position-anchor` was the way to go. But modern CSS functions can get us there anyway.

Conductor on VercelMultiple parallel coding agents running at scale in the cloudModel-agnostic, works with Claude Code, Codex, and other coding agentsUsed by engineering teams at Notion, Linear, Ramp, and Life360Interacting with a single coding agent feels natural, and Conductor makes directing a fleet of agents just as intuitive.It's a GUI for spinning up multiple coding agents in parallel, each working on an isolated branch of your codebase at once. You review their work, merge what works, and

Aikido vs XBOW compared in an independent benchmark by Doyensec. Aikido found 58% more vulnerabilities at the same price. See setup time, false positive rates & full resultsCategory: News

コンポーネント：水平メニュー、コンポーネント：ヘッダーコンテナを更新しました。

デザインデータ（Figma）v2.14.0を公開しました。

HTML版に画像・タブ・ページナビゲーションを新規追加。水平メニューの名称を「グローバルメニュー」から変更。React版にプログレスインジケーター・メニューリストを新規追加。README.mdに技術スタックを明記し、React v19での利用についての注意事項を加筆。

5/22(金)〜5/23(土)にかけて、TSKaigi 2026 というイベントに行ってきました。興味深いトークがあった一方で、AI 生成と見られる発表資料が多数あったのが印象的でした。ほとんどの登壇者は AI で作ったと言ってないので推測ではあるのですが *1、見るだけで「AI 生成だな」と分かる感じでした。体感6割は AI 生成だったと思います。 去年はこのようなことがなかったので驚いてます。AI でスライドを生成するツール (Claude Design/Google Slides/Genspark など) がここ1年で登場したこと、スライド生成 skills が普及したこと、個々人の中で…

Read about various happenings with Baseline during April 2026.

<blockquote cite="https://twitter.com/kyletrainemoji/status/2059301102814953511"><p>PICARD: Data, shields up</p><p>DATA: Brilliant! Shields can reduce damage we sustain. Not immunity. Not hubris. Just prudence. It's not precaution—it's strategy.</p><p>[camera shakes]</p><p>WORF: HULL BREACHES ON NINE DECKS</p><p>DATA: Here's what happened: you told me to raise shields, and I didn't</p></blockquote><p class="cite">&amp...

OSV withdrew 157 OSV malware reports after automated false positives incorrectly flagged trusted npm and PyPI packages, sending bad records into tools that rely on OSV data.

はじめに本記事では、弊社における「開発・運用分離（Dev/Ops分離）」の取り組みについて、LINE Platformの現場メンバーへのインタビューを通じて紹介します。一般的に、Dev/Ops分離はシ...

こんにちは。LINEヤフーの永吉です。5月8日（金）、「LINEヤフー Development with Agents Meetup #3」を開催しました。今回のMeetupでは、Orchestrat...

If Claude Code is Amazon, Val Town is same-day shipping

pnpm 11.4 closes a cluster of supply-chain holes around lockfile integrity, credential scoping, git resolutions, patch files, and dependency aliases, makes tarball-integrity mismatches a hard install failure by default (with a narrowly-scoped --update-checksums opt-in), and changes pnpm runtime set to write to devEngines.runtime instead of engines.runtime by default.

When Agent A delegates to Agent B, whose permissions apply? Whose audit trail records the action? And what happens when Agent B is compromised?

Anthropic's acquisition of Stainless means the hosted SDK generator is going away. Here's what to reach for instead.

The now ships an optional experimental native binary that starts faster, is even more secure, and requires no Node.js runtime dependency.Vercel CLIBinaries are code-signed, allowing your OS to verify that they came from Vercel and haven't been modified. Additionally, on macOS, credentials are stored in the system Keychain scoped to the binary, so other processes cannot access them without explicit permission.You can opt in by installing the experimental package:The flag is required because insta

The deployments list has been redesigned with a denser layout, so you can see more deployments at once. Environments are now grouped with statuses, and the updated layout makes branches and commits easier to scan. The mobile experience has also been improved, making it easier to scan deployment activity on busy projects. to see the updated design.Open your dashboardRead more

<p><strong><a href="https://daniel.haxx.se/blog/2026/05/26/the-pressure/">The pressure</a></strong></p>Daniel Stenberg on the unprecedented level of pressure the <code>curl</code> team are facing right now thanks to the deluge of (credible) AI-assisted security issues being reported.</p><blockquote><p>The rate of incoming security reports is 4-5 times higher than it was in 2024 and double the speed of 2025 -- meaning that <str...

はじめに はじめまして。株式会社タップルでサーバーサイドエンジニアをしている糸井一颯( Issa ) ...

<p><strong><a href="https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files">Microsoft Copilot Cowork Exfiltrates Files</a></strong></p>The biggest challenge in designing agentic systems continues to be preventing them from enabling attackers to exfiltrate data.</p><p>In this case Microsoft Copilot Cowork (yes, that's <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2026/03/09/copilot-cowork-a-new-way-of-gett...

<blockquote cite="https://twitter.com/paulg/status/2058844147092488401"><p>A lot of the emails I get from founders are now written in a hard-hitting journalistic style. I know they're written by AI, because no founder ever wrote this way before. And once you realize something is written by AI, it's hard not to ignore it.</p><p>I have never knowingly finished reading an email signed by a human but written by AI. It feels like being lied to, and who would stand for that?&l...

記事は ics.media へアクセスしてご覧ください。

Short story: `pipeline()` over `.pipe()` and destroy what you create.

There are a bunch of JavaScript animation libraries out there, and you might have wondered whether there’s a performance cost compared to traditional CSS transitions and keyframe animations. In this blog post, we’ll compare the same animation across several different strategies and see the differences firsthand. There’s some interesting nuance here!

Teams at Omnea, Cognism, Glasswall, Raisin and the UK public sector reveal why EDR and MDM miss what's really happening on developer machines.Category: News

Learn more about the talk given at Google I/O 2026 by Thomas Steiner.

How Supabase is responding to npm supply chain attacks and practical steps you should take today to reduce your risk.

<blockquote cite="https://twitter.com/quinnypig/status/2058960462256210268"><p>I cannot believe I'm saying this, but getting the literal Pope to canonize your product's specific technical limitations as a spiritual treatise is the single greatest act of vendor lobbying I have ever seen.</p></blockquote><p class="cite">— <a href="https://twitter.com/quinnypig/status/2058960462256210268">Corey Quinn</a>, on Anthropic co-founder Christopher Olah'...