こんにちは、ソフトウェアエンジニアの渡邉（匠）です。「カミナシ 設備保全」の開発に携わっています。ゴールデンウィークが明けて1ヶ月ほどが経過し、休暇モードからやっと仕事モードに戻ってきました。 このプロダクトは開発開始から約2年が経ちました。バックエンドは長いあいだ presentation / domain / repository の3層で書いてきましたが、最近これにユースケース層を加えた4層へと再構成しました。 この記事では、なぜ最初から4層にしなかったのか、そしてなぜ今になって構成を取り直したのか、を書きます。 シンプルに始めた 当初のバックエンドは presentation / do…

@counter-style is useful for replacing the ::marker of lists easily, but it controls any markers-of-counters, so we can use it for more.

The offset-path property in CSS defines a movement path for an element to follow during animation.This property began life as motion-path. This, and all other related motion-* properties, are being renamed offset-* in the spec. We’re changing …offset-path originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The CSS @custom-media at-rule allows creating aliases for media queries.@custom-media originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The @function at-rule defines CSS custom functions. These custom functions are reusable blocks of CSS that can accept arguments, contain complex logic, and return values based on that logic. @function originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Practical guide on how to reduce drifts, minimize mistakes, maintain context, and improve the quality of AI-generated prototypes. Brought to you by Design Patterns For AI Interfaces, **friendly video course on UX** and design patterns by Vitaly.

<p><strong><a href="https://www.bloomberg.com/news/articles/2026-06-02/uber-caps-usage-of-ai-tools-like-claude-code-to-cut-costs">Uber Caps Usage of AI Tools Like Claude Code to Manage Costs</a></strong></p>I wrote <a href="https://simonwillison.net/2026/May/27/product-market-fit/#the-ai-failure-stories-around-this-are-pretty-thin">the other day</a> about Uber blowing its 2026 AI budget in four months, and how that wasn't particularly surprising g...

Tenable Nessus is a powerful scanner, but powerful tools that nobody uses don't make software more secure. Compare five alternatives built for how engineering teams actually work.Category: DevSec Tools & Comparisons

Federal audit finds NIST lacked a plan to clear the NVD backlog, wasted funds on duplicate work, and delayed use of CISA data.

Why we chose Astro for teaching Content APIs and Web APIs in the CMD Amsterdam Web Design & Development minor.

PostgreSQL can query any data source directly: CSV files, other databases, REST APIs, and more.

A four-phase playbook for moving off Auth0, Cognito, Clerk, or Firebase without a 2 AM incident.

Set up roles and permissions, verify session JWTs, and protect your FastAPI routes with dependency injection.

Your existing logging infrastructure is necessary but not sufficient. Here's what's missing and why it matters.

Grok Imagine Video 1.5 from xAI is now available on AI Gateway. The model generates video from an input image with synchronized audio in a single pass.This release improves audio quality, prompt following, and photorealism. Face accuracy and character consistency are stronger across longer sequences, with better lighting and physical realism in the output. Reference image support has been expanded to give more control over visual style and subject.To use this model, set model to in the AI SDK. C

はじめに カミナシでエンジニアリングマネージャーをしてます、すずけん（@szk3）です。 唐突ですが、皆さん AWSのエミュレーター使ってますか？ 自チームのプロダクトはS3、DynamoDB、STS、IAM あたりの AWS サービスに依存していて、ローカル開発やテストではこれらのエミュレーターを使っています。ただ、歴史的な背景からリポジトリには LocalStack、RustFS、Moto の 3 種が混在していて、用途ごとに考えることが地味に増えてしまった状態でした。 この記事では、その 3 種を Moto に統一した経緯と、検討した他の候補、そして移行から少し経った今でも次の選択肢を検…

<p>Microsoft <a href="https://microsoft.ai/news/building-a-hillclimbing-machine-launching-seven-new-mai-models/">announced two new text LLMs</a> this morning - <strong><a href="https://microsoft.ai/news/introducing-mai-thinking-1/">MAI-Thinking-1</a></strong> (reasoning, 1T parameters, 35B active, available to "select early partners") and <strong><a href="https://microsoft.ai/news/introducingmai-code-1-flash/">MAI-Code-1-Flash</a></...

EDR and proxies weren't built for supply chain malware. When malicious code arrives through npm install, it looks like normal behavior. Here's why that matters.Category: News

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent-micropython/releases/tag/0.1a0">datasette-agent-micropython 0.1a0</a></p> <p>I want <a href="https://agent.datasette.io">Datasette Agent</a> to be able to generate and execute Python code safely. This alpha is looking promising so far. GPT-5.5 has so far failed to break out of the sandbox!</p> <p>Tags: <a href="https://simonwillison.net/tags/pyt...

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a1">micropython-wasm 0.1a1</a></p> <p>Fixes for some limitations that emerged while I was trying to use this to build <code>datasette-agent-micropython</code>.</p> <p>Tags: <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/sandboxing">sandboxing</a>, <a href=...

<p><img src="https://static.inaturalist.org/photos/671786719/large.jpg" alt="California Brown Pelican"></p><p>California Brown Pelican, in Fort Mason, CA, US</p><p>I'm at the <a href="https://build.microsoft.com/">Microsoft Build</a> conference today, held at <a href="https://en.wikipedia.org/wiki/Fort_Mason">Fort Mason</a> in San Francisco. There are California Brown Pelicans diving into the water directly behind venue!</p> <...

Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install. The affected versions span multiple packages across the RedHat Cloud Services frontend ecosystem. The payload is a sophisticated multi-stage credential harvester that targets GitHub Actions secrets, AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm tokens, and CircleCI tokens

On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote every git tag across multiple popular Composer packages within a single 15 minute window. Anyone running composer update or installing fresh against laravel-lang/http-statuses, laravel-lang/actions, or laravel-lang/attributes now pulls a payload that exfiltrates CI secrets to a typosquatted attacker domain. StepSecurity confirmed end to end exploitation in an isolated runner and has filed security issue

Dev Machine Guard now scans IDE extensions across VS Code, Cursor, Windsurf, JetBrains IDEs, Android Studio, Eclipse, and Xcode on macOS, Windows, and Linux. Get a unified inventory, extension risk scoring, typosquat detection, and compromised extension visibility across your entire developer fleet.

Nx Console VS Code Extension Compromised

CKEditor is now HIPAA-aligned, adding healthcare-grade controls on top of SOC 2 Type II. See what's in scope, who benefits, and how it cuts vendor risk.

At Microsoft Build 2026, GitHub introduced new tools, updates, and surfaces so agents can work the way you already work.The post GitHub Copilot app: The agent-native desktop experience appeared first on The GitHub Blog.

記事は ics.media へアクセスしてご覧ください。

Toolbox App 3.5 focuses on making daily work smoother and managed development environments easier to monitor. The app now supports interface zooming with familiar shortcuts, provides OpenTelemetry metrics for enterprise remote development connections, and handles several long-standing reliability issues more gracefully. Remote development observability The Toolbox App now emits OpenTelemetry metrics for remote development connection […]

Personally, I wouldn’t blame you if you were asked what CSS needs these days and you were like uhm, I think it’s good, actually. These days CSS probably has more in it than you even know about or have tried, making it feel not particularly lacking. But if you really dig into the specifics, you’ll […]

The CSS ::search-text pseudo-element selects the matching text from your browser's "find in page" feature. ::search-text originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

NGINX Ingress Controller 5.5 introduces some significant performance improvements in startup times! A few months ago, a community member noticed that NGINX Ingress Controller deployments with a large number of Ingress resources were experiencing longer-than-expected startup times. In clusters with hundreds or thousands of resources spread across many namespaces, the controller could take several minutes […]

CSS gap decorations, disconnecting WebSockets for bfcache, and Intl.Locale variants.

DevTools for agents is stable, AI assistance gets major upgrade with Lighthouse and widgets, new WebMCP debugging tools.

Monorepos that deploy many projects can now configure all of their project's Git settings more conveniently. Previously, if you wanted to consistently configure each project's settings for commit status, , etc., you had to click through to every project's settings and consistently apply the same setting. Now, you can do it all in one place. eventsrepository_dispatchTry it out in or visit to learn more!project settingsthe docsRead more

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/pasted-file-editor">Pasted File Editor</a></p> <p>I really like how you can paste a large volume of text into <a href="https://claude.ail">claude.ai</a> (or the Claude desktop/mobile apps) and it will detect it as a large paste and turn it into a file attachment instead.</p><p>I decided to have Codex desktop <a href="https://gist.github.com/simonw/74c79119b487a...

株式会社 AbemaTV で SRE / Platform Engineer をしている 後藤（@r ...

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a0">micropython-wasm 0.1a0</a></p> <p>My latest sandboxing experiment: This alpha package bundles a lightly customized WASM build of <a href="https://micropython.org/">MicroPython</a> with a wrapper to execute code in it via <a href="https://wasmtime.dev/">wasmtime</a>.</p> <p>Tags: <a href="https://simonwillison.net/ta...

Zero-Shot Learning is a podcast about how AI gets built, secured, and deployed. Hosted by Nancy Wang, 1Password CTO, and Dev Tagare, Senior Director of Engineering at Google, it's a builder's view of the architecture and the complex choices it takes to ship with AI.As Chief Product Officer at Vercel, Tom Occhino joined Zero-Shot Learning to discuss how AI is reshaping the developer workflow, from frontend architecture to v0, Vercel's production-ready AI coding assistant. What started as a conver

A skimming operation tracked as GorgonAgora is running over 4,800 fake storefronts that impersonate real brands and steal payment data from anyone who checks out. An independent researcher has been...

MCP servers have a different attack surface than traditional APIs. Here are the five risks that matter most, grounded in OWASP's agentic AI guidelines, with concrete mitigations for each.

Your route guard does not protect your server functions. A complete guide to authorization in TanStack Start, from roles and permissions to enterprise RBAC and fine-grained access control.

Tools, MCP servers, skills, orchestrators, and why auth runs through all of them.

Key insights from Boris Cherny's Acquired Unplugged interview on building Claude Code, the death of traditional roles, and why the golden age of the generalist is here.

Ben Gilbert and David Rosenthal shared what makes companies endure for generations at Acquired Unplugged, hosted by WorkOS CEO Michael Grinich.

You can now generate time-bound signed URLs for . A signed URL is a scoped URL with an expiry that allows you to upload, download, inspect, or delete a specific object without giving access to your entire Blob store.Vercel BlobEach URL is scoped to a single operation (, , , or ), a single pathname, and an expiry you choose, up to 7 days. The signature covers the operation and constraints, so a URL signed for a can't be reused as a .putgetheaddeleteGETPUTUpload URLs () support multipart, so the b

はじめに こんにちは、University of British Columbia 学部4年の保井祐 ...

<p><strong><a href="https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/">Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked</a></strong></p>I had trouble believing this story was true, but I've seen it verified from multiple sources now:</p><blockquote><p>One video shows a hacker starting a conversation with Meta’s AI support bot an...

Mythos has real edges in exploit chain construction. But for most AppSec work, the harness around the model matters more than which model you pick.Category: News

Elastic build machines now monitor your build's memory usage and automatically adjust to prevent out-of-memory (OOM) failures:Thresholds are set conservatively to balance deployment reliability and cost. Vercel only considers your build's memory usage, not the memory used by Vercel's own build infrastructure.Enable elastic builds in your or , or read the .team settingsproject settingsdocsRead moreIf your build is fast but memory-intensive, we will no longer downgrade you to a smaller machineIf y

We investigated why firmware updates were causing our core servers to take four hours to reboot. By diving into UEFI data structures and iPXE automation, we eliminated unnecessary timeouts and cut boot times back down to minutes.

Connection, collaboration, and trust are the lifeblood of healthy community culture. NGINX Gateway Fabric and NGINX Ingress Controller were (and are) developed with open source community as a priority. From code contributions to critical comments, community participation has shaped the present and future of NGINX open source projects, and the future of technology. Today, I’m excited to highlight two recurring opportunities to engage directly […]

You can style the "on the way in" and "on the way out" styles for elements, even when they are moving to/from display: none;. Yay.

Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.Category: Vulnerabilities & Threats

In the previous article, I spoke about the why and how to use a Markdown component in Astro.Here, we’re going to expand on that and help you use Markdown everywhere — regardless of the framework you use. So, …Astro Markdown Component Utility for Any Framework originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

A mini Shai-Hulud campaign compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installation.

The TBT Window is the FCP-to-TTI interval used to calculate Total Blocking Time. If FCP or TTI moves, TBT can change even when long tasks do not.

A working-with-me guide for new teammates, covering how I communicate, lead, give feedback, and build trust on engineering teams.

Qwen 3.7 Plus from Alibaba is now available on . Both Qwen 3.7 Plus and 3.7 Max are free for paid AI Gateway users till 6/4/26 12:00pm PT.Vercel AI GatewayThe model unifies vision and language into a single agent foundation, with capabilities spanning GUI and CLI operation, coding and productivity workflows with full-modality input, and visual agent tasks including perception and reasoning. It is designed to generalize across diverse agent harnesses.To use Qwen 3.7 Plus, set model to in the .ali

<p>I just sent out the May edition of my <a href="https://github.com/sponsors/simonw/">sponsors-only monthly newsletter</a>. If you are a sponsor (or if you start a sponsorship now) you can <a href="https://github.com/simonw-private/monthly/blob/main/2026-05-may.md">access it here</a>.</p><p>This month:</p><ul><li>Al got expensive, and Anthropic had a really good month</li><li>The model releases were a little disappointing&...

newmoのフロントエンド開発では、複数の機能を持つ単一のNext.jsアプリケーションを開発しています。このアプローチは、コードの共有やCIの管理といった面でメリットがある一方で、PlaywrightテストのCI実行における安定性とテスト時間という2つの課題を抱えていました。 この記事では、newmoで実施したPlaywright CI最適化の取り組みについて紹介します。 Docker Image導入によるセットアップの安定化と、テスト分割とShardingによる実行時間の短縮という2つのアプローチを実施しました。 結論を先に述べると、Docker Image化でセットアップ起因のCI失敗を…

こんにちは。フロントエンドエンジニアの桐澤（@kiririLee）です。 PR TIMESは、フロントエンド・PHPカンファレンス北海道2026にプラチナスポンサーとして協賛いたします。また、同イベントに当社から2名のエ […]

本記事では Deepgram Flux Multilingual の EoT 検出に焦点を当てますが ...

This release focuses on giving you more control over how tasks are organized, referenced, and

Sansec is proud to add Sylius to our list of supported platforms. Sansec eComscan now integrates with Sylius 1 and Sylius 2 and will run deep searches to hunt for malware & vulnerabilities.Whi...

This month we got a bunch of improvements in SvelteKit's forms and remote functions. Plus, a new query function (.live(...)) that makes accessing real-time data from the server easier.Keep an eye out for a few breaking changes in remote functions, if you're using those. Otherwise, enjoy all the new SvelteKit features and bug fixes in the latest versions of Svelte.Let's dive in!What's new in SvelteKitForm submit now returns a boolean to indicate submission validity for enhanced remote forms (2.57

now supports OIDC authentication and is the default setting when connecting new projects.Vercel BlobVercel-issued OIDC tokens are short-lived and rotate automatically, so you no longer need a long-lived .BLOB_READ_WRITE_TOKENTo upgrade an existing store, first update your project to use the latest , then navigate to the under your Blob store and select Upgrade to OIDC from the project's context menu.@vercel/blobProjects tabFunctions running on Vercel receive the token automatically and authentic

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a32">datasette 1.0a32</a></p> <p>A minor bugfix release. Fixes a bug with <code>INSERT ... RETURNING</code> queries via the <a href="https://datasette.io/blog/2026/sql-write-queries/">new /db/-/execute-write endpoint</a> and a bunch of <a href="https://docs.datasette.io/en/latest/settings.html#setting-base-url">base_url</a> issue...

カミナシ ID管理基盤ではログストレージにCloudWatch Logsを使っていましたが、サービスの成長に伴いコストに悩んでいました。この記事では、私たちが実践したAmazon S3 Tables（以下、S3 Tables）を使ったログストレージの構築と移行、そのコスト最適化効果について書きます。

The North Korean malware loader hides in a Packagist-listed package and its GitHub branch to fetch and execute remote code in a likely Contagious Interview-style lure.

<p><strong><a href="https://thoughts.hmmz.org/2026-05-31.html">The solution might be cancelling my AI subscription</a></strong></p>I find this post by David Wilson very relatable. David lists 16+ projects he's spun up with AI tooling, and concludes:</p><blockquote><p>I didn't mean to build most of these things. Usually the Claude session started with something like "<em>write a quick script for X</em>", and one hour later the res...

プレイドの解析基盤として様々な仕組みを備えた内製OLPA DB milaの開発に携わり、多くのことを学びました。この記事では、インターンでの取り組みと学びを振り返ります。

Chat SDK now supports Lark and Feishu via a new .vendor-official adapterBuild bots that post, edit, and delete messages, stream replies via Lark's native cardkit typewriter API, send interactive cards, and react with emojis across both Lark and Feishu conversations.The adapter connects over Lark's WebSocket transport, so bots run from any long-running Node process without exposing an HTTP webhook endpoint.To get started, read the or documentation.LarkFeishuRead more

OpenAI の Secure MCP Tunnel を利用すると、プライベートな MCP サーバーをパブリックなインターネットに公開することなく OpenAI のプロダクトに接続できるようになります。この記事では Secure MCP Tunnel を試してみた様子を紹介します。

Let’s kick off June — and the beginning of summer — with some fresh inspiration! Artists and designers from across the globe once again tickled their creativity to welcome the new month with a new collection of desktop wallpapers. Enjoy!

MiniMax M3 is now available on .Vercel AI GatewayM3 is MiniMax's first model with a 1M-token context window and native multimodality, built around MiniMax Sparse Attention (MSA).M3 improves on software engineering, terminal-based tool use, and agentic web browsing, and is tuned for multi-turn collaboration.To use MiniMax M3, set model to in the .minimax/minimax-m3AI SDKPass an image alongside a prompt to use M3's multimodal input:AI Gateway provides a unified API for calling models, tracking usa

The Rust project is moving toward formal rules on LLM use in contributions after months of internal debate over maintainer burden, code quality, and contributor experience.

<blockquote cite="https://www.reuters.com/commentary/breakingviews/anthropic-gives-lesson-ai-revenue-hallucination-2026-03-10/"><p>Anthropic defines “run-rate revenue” in two parts. Use the last 28 days of sales ⁠from customers charged on a consumption basis and multiply it by 13. Then, multiply the monthly subscription take by 12, ​and add the two together.</p></blockquote><p class="cite">— <a href="https://www.reuters.com/commentary/breakingviews/ant...

May 2026 - A new Astro jobs board, TinaCMS makes Astro their default template, experimental advanced routing, and more!

Lynx 3.8 starts the monthly release cadence with WebAssembly on Android, adaptive layout and text fitting, HarmonyOS SessionStorage, LynxEngine reuse, and DevTool protocol support.

Servo 0.2.0 contains all of the changes we landed in April, which came out to yet another record 534 commits (March: 530).For security fixes, see § Security.Note: the GitHub release is available now, but the crates.io release is not yet complete.We expect to publish it some time next week.`, ``, ‘::details-content::before’ and ‘::details-content::after’, and ‘color-mix()’ with any number of colors" />We’ve shipped several new web platform features:<select multiple> (@lukewarlow, @mrobin...

<p><strong><a href="https://www.anthropic.com/engineering/how-we-contain-claude">How we contain Claude across products</a></strong></p>A complaint I often have about sandboxing products is that they are rarely thoroughly <em>documented</em>, and in the absence of detailed documentation it's hard to know how much I can trust them.</p><p>Anthropic just published a fantastic overview of how their various sandbox techniques work across &lt...

<p><strong><a href="https://openpath.quest/2026/i-am-retiring-from-tech-to-live-offline/">I Am Retiring from Tech to Live Offline</a></strong></p>I've seen a lot of posts on forums from people threatening to quit their careers over AI. This is <em>not</em> one of those: Chad Whitacre is taking concrete steps, starting with this typewritten, scanned letter</p><blockquote><p>I'm retiring from tech. Well, "retiring" is euphemistic. ...

<blockquote cite="https://mastodon.social/@danielpunkass/116639318125898071"><p>My take on AI is, essentially, everybody who’s against it is too against it and everybody who’s for it is too for it.</p></blockquote><p class="cite">— <a href="https://mastodon.social/@danielpunkass/116639318125898071">Daniel Jalkut</a>, via <a href="https://daringfireball.net/linked/2026/05/30/jalkut-on-ai">John Gruber</a></p> <p>Tags: &lt...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/pyodide-asgi-browser#readme">Running Python ASGI apps in the browser via Pyodide + a service worker</a></p> <p><a href="https://lite.datasette.io/">Datasette Lite</a> is my version of Datasette that runs entirely in the browser using Pyodide in WebAssembly.</p><p>When I first built it <a href="https://simonwillison.net/2022/May/4/datasette-lite...

俺は人間静的検査器・susisu。 幼馴染で同級生の undefined とインターネットに遊びに行って、Stage 3 Decorators の怪しげな進捗状況を目撃した。 資料を作るのに夢中になっていた俺は、背後で進んでいた Stage 2.7 への降格に気づかなかった。 はい. 登壇 去年に引き続き TSKaigi 2026 で登壇してきました. いつもありがとうございます. 2026.tskaigi.org タイトルは Stage 3 Decorators となっていますが, 冒頭の通り実は登壇の直前に Stage 2.7 に降格されていました. 聞かれていた方はわかると思うんですが,…

My blog turned 16 this month! I did nothing to celebrate, but made some little tools and clicked some links about tech ethics.Things from me this monthI published four little tools this month:ZIP Shrinker, a web app that shrinks ZIP files with higher compression ratiosA command line tool to do (completely offline) translationOpen Link in Unloaded Tab, a Firefox extension to open links without loading thempng-cmp, a command line tool to compare PNG pixel dataI also did some work on Helmet, my ope

NGINX Ingress Controller 5.5 is a focused, community-driven release. It brings new capabilities, expanded Kubernetes Ingress support, a significant startup performance improvement at scale, and more annotations to ease migrations from ingress-nginx. Here’s what’s new. External Authentication for Ingress and VirtualServer What’s new?: External Authentication is now supported for both Ingress and VirtualServer resources. Based […]

AlphaEvolve is a Google DeepMind algorithm-discovery system that uses Gemini to generate, test, and refine possible algorithm improvements. Its job is not to answer questions; it searches for faster ways to solve complex algorithmic problems. We tried it on a narrow but important part of IntelliJ-based IDEs: indexing, the background work that makes navigation, search, […]

The old (testing in Safari when you don’t have Safari), the new (::checkmark), the in-between (anchor positioning but with HTML), and more.What’s !important #12: Safari Testing, ::checkmark, HTML Anchor Positioning, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

There are quite a few "gotchas," developers face when getting into the new @function syntax of CSS. Some are getting addressed!

musiqSome web components that render piano keys and guitar fretboards in various configurations. Handy for educators!ApheraThis is looking like a genuine challenger for Adobe Lightroom.Media queries range syntaxA very concise explainer on this ever-useful syntax by one of the best in the biz at explaining CSS syntax.You probably shouldn’t be annotating focus orderOne of the best overviews of dealing with focus well in UI design/development we've seen out there.Using safe-area-inset to build mobi

Claude Code v2.1.154 で Dynamic Workflow と呼ばれる機能が追加されました。Dynamic Workflow は数時間から数日かかるような大規模な作業を実行するために設計されています。ワークフローは JavaScript で定義され、複数のサブエージェントをオーケストレーションすることができます。この記事では Claude Code の Dynamic Workflow を試してみた様子を紹介します。

こんにちは。Webエンジニアのotariidaeです。 STORES の一部システムでReActionViewをレンダリングエンジンに採用しました。この記事ではその導入の経緯と過程をご紹介します。 RubyKaigi 2026会場で導入を決意 ReActionViewはActionView互換のERBエンジンです。Herbツールチェーンを基盤としているため、HTMLとERBの構造を統一的に解析できるのが特長です。 最初にReActionViewを知ったのは昨年のKaigi on Rails 2025でした。作者のMarco氏のトークを聞いて強く惹かれたものの、当時はリリース直後の新しいツールで…

are moving from package-based to per-unit pricing for Pro and new Enterprise customers. You’ll continue paying the same effective rate until the end of your current billing cycle. you’ll be billed per unit to align costs directly with your usage.Function invocationsStarting with your next billing cycleThe new rate is $0.0000006 per invocation (previously $0.60 per 1M invocations) for Pro customers.Per‑unit billing scales more smoothly across team sizes and usage patterns. It also helps teams on

Discover some of the interesting features that have landed in stable and beta web browsers during May 2026.

HTTP requests are inexpensive. Vercel charges ~$2/million, a fraction of a cent per call. But a single prompt to an agent on a frontier model can cost $2, making AI a million times more expensive, and inference theft one of the highest-margin businesses an attacker can run. We have seen this type of attack on our own APIs.If you have AI endpoints exposed to the internet, the risk of abuse is high and can easily run up bills in the tens of thousands of dollars or more.Protecting those endpoints r

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a31">datasette 1.0a31</a></p> <p>Another significant alpha release, with two new headline features.</p><blockquote><p>Datasette now offers users with the necessary permissions the ability to both <strong>execute write queries</strong> against their database and to <strong>save stored queries</strong> (renamed from "canned q...

<p>The most interesting thing about <a href="https://www.anthropic.com/news/series-h">Anthropic's $65B Series H announcement</a> is this line (emphasis mine):</p><blockquote><p>Since our Series G in February, adoption has continued to grow across global enterprise customers, and our run-rate revenue crossed <strong>$47 billion</strong> earlier this month.</p></blockquote><p>Anthropic have made a bit of a habit of sharing their "r...

now supports installing and running Docker inside a sandbox. An agent can build containers, install system packages, and modify files without touching your host system.Vercel SandboxInstall Docker, start the daemon, and serve a containerized application:Docker in a Sandbox is useful for running containerized services like Redis or Postgres as test dependencies, validating container images before deploying, or previewing applications served from a container. Combined with , the Docker installatio

now allow opening and binding to port 8080 as an . Vercel Sandboxesingress domainThis port was used as a controller port, and that has now moved to port 23456.Learn more about Sandbox in the .documentationRead more

The Ember project is excited to announce the release of Ember v7.0. Following Ember's Major Version Policy, the major includes only the removal of features that were deprecated until 7.0 as well as other bugfixes. This release of Ember.js means the previous version, 6.12, is now an LTS (Long Term Support) version.When it comes to introducing new features, Ember generally aims to ship new features in minor releases, offering backwards compatibility for existing code at the same time as giving dev

Bug Fixese557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)Documentation61b0add docs: remove deprecated rule from related rules of ma

Note: This blog is a recap of 1Password’s recent webinar, “The unmanaged stack: Governing SaaS apps and AI tools outside SSO.” Head here to watch the complete webinar recording.In the constantly evolving world of enterprise tech, there’s one thing that IT and security teams have always been able to count on: users won’t follow policy if they think it’s standing in the way of their productivity. Case in point: 1Password’s most recent annual report found that 52% of employees have downloaded apps

May was A&PI Heritage Month, and at 1Password, we're proud to shine a light on the people who bring these perspectives to life in our work and help shape our culture every day.This year, we decided to spotlight Stephanie Cheng, Senior Customer Trainer and a leader within our A&PI Employee Resource Group. With over five years at 1Password, Stephanie has built her career around helping people feel capable, confident, and supported, whether she's onboarding a new customer or creating space ...

「それ本当にMVP？」AI時代にプロダクトが巨大化する理由をふりかえる おはようございます。シャトレーゼに入ったときのいい匂いの根源がなにか気になっている daipresents です。あれ、ほんとなんの匂い？ この1年、AIがとてつもないスピードで進化しており、活用するエンジニアもどんどん進化しているように感じています。 僕は「カミナシ 教育」と「カミナシ 従業員」の2プロダクトにかかわっているのですが、「小さく作ったつもりが、結果的に大きくなっちゃった」というケースが、立て続けでありました。 もしかしたら「AIの登場によって、MVPも巨大になってしまっているのではないか？」と感じたので、ふ…

pnpm 11.5 adds a hoistingLimits setting for controlling how far dependencies hoist in nodeLinker: hoisted installs, replaces the interactive prompt library to fix scrolling in long choice lists, recognizes staged publishes in the trust scale, and ships several install and dist-tag fixes.

WorkOS skills are now in Claude's plugin marketplace. Here's what that means for how developers discover and adopt API tooling.

<p>Anthropic shipped <a href="https://www.anthropic.com/news/claude-opus-4-8">Claude Opus 4.8</a> today. My favourite thing about it is this note in the release announcement:</p><blockquote><p>Users will find Opus 4.8 to be a modest but tangible improvement on its predecessor. There’s still more to be done: we’re working on developing and releasing models that provide many of the same capabilities as Opus at a lower cost.</p></blockquote><p>...

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-anthropic/releases/tag/0.25.1">llm-anthropic 0.25.1</a></p> <blockquote><ul><li>New model: <a href="https://www.anthropic.com/news/claude-opus-4-8">Claude Opus 4.8</a> (<code>claude-opus-4.8</code>).</li><li>New <code>-o fast 1</code> option for <a href="https://platform.claude.com/docs/en/build-with-claude/fast-mode">fas...

はじめに こんにちは、 Data Science Center（DSC）佐藤弓之介です。 ABEMA ...

A short, clear, engaging website that explains how diamonds are made by Jaydip Sanghani. Several facts in there I just didn’t know at all until now, like how many diamonds have a tiny serial number carved onto them. I think it’s nice to showcase websites that do things that websites really do best. I’d maybe […]

A practical guide to migrating auth at scale — the CLI workflow, transparent proxy approach for 15+ SSO connections, and webhook sequencing above 200K users.

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/markdown-svg-renderer">markdown-svg-renderer</a></p> <p>A slightly customized Markdown rendering tool with special treatment for fenced code SVG blocks - it both renders the image and provides a tab for switching to the code view.</p><p>You can paste in Markdown or give it a URL to a CORS-enabled Markdown file or Gist. <a href="https://tools.simonwillison.net/markdown-svg-...

A week after we shipped auth.md, developers have published spec-compliant files, partners have endorsed it, and the ecosystem is aligning.

The ESC collection lets you escape the confines of your desk and get out into the sun where good ideas are bound to happen.The post Still a developer. Just outside. Our latest GitHub Shop collection is here. appeared first on The GitHub Blog.

A malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry.

Here’s how we built Town Lake, Cloudflare's unified analytics platform, alongside Skipper, an internal AI agent running on top of it.

MDM tools like Jamf and Kandji are essential but they don't see npm installs, IDE extensions, or AI coding tools. Here's what's actually unprotected on your developer machines and how to close the gap.Category: Guides & Best Practices

Seventy percent of websites still fail basic WCAG contrast checks in 2025. After years of design system tooling, accessibility linters, and JavaScript libraries, nothing moved the needle. We didn’t need better libraries. We needed better CSS. `contrast-color()` is that better CSS.

The ::checkmark pseudo-element was introduced in CSS Form Control Styling Module Level 1 and it’s a powerful CSS feature to say the least. I even wrote about it as an almanac entry for CSS-Tricks in 2025 to share what this pseudo-element can do.The CSS ::checkmark pseudo-element is used to style the checked state of input elements with checkers including the <select> dropdown, checkboxes, and radio buttons. There’s one problem: at the time of writing, ::checkmark lacks browser support on t...

Claude Opus 4.8 is now available on .Vercel AI GatewayClaude Opus 4.8 is built for long-horizon agentic execution and handles complex, multi-step coding tasks like refactors that previously required human correction mid-task. The model also produces clearer, less hedgy prose for knowledge work like drafting documents, analyzing data, and building presentations.To use Opus 4.8, set model to in the .anthropic/claude-opus-4.8AI SDKAI Gateway provides a unified API for calling models, tracking usage

こんにちは。Webエンジニアのotariidaeです。 ERBの静的解析、していますか？ Ruby on Railsを採用したシステムでも、最近ではフロントエンドはReactなどのUIライブラリで書くことが多くなりましたが、Railsの標準であるERBも引き続き使われています。 AIがソフトウェアの実装者になった現代において、アンチパターンや見落としやすい問題を弾く仕組みはますます重要です。そこで便利なのがHerb Linterです。 Herb Linterとは Herb Linterは、ERBツールチェイン Herbで構築された静的解析ツールです。先日のRubyKaigi 2026で作者のM…