<p><strong><a href="https://www.anthropic.com/engineering/how-we-contain-claude">How we contain Claude across products</a></strong></p>A complaint I often have about sandboxing products is that they are rarely thoroughly <em>documented</em>, and in the absence of detailed documentation it's hard to know how much I can trust them.</p><p>Anthropic just published a fantastic overview of how their various sandbox techniques work across &lt...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/pyodide-asgi-browser#readme">Running Python ASGI apps in the browser via Pyodide + a service worker</a></p> <p><a href="https://lite.datasette.io/">Datasette Lite</a> is my version of Datasette that runs entirely in the browser using Pyodide in WebAssembly.</p><p>When I first built it <a href="https://simonwillison.net/2022/May/4/datasette-lite...

<p><strong><a href="https://openpath.quest/2026/i-am-retiring-from-tech-to-live-offline/">I Am Retiring from Tech to Live Offline</a></strong></p>I've seen a lot of posts on forums from people threatening to quit their careers over AI. This is <em>not</em> one of those: Chad Whitacre is taking concrete steps, starting with this typewritten, scanned letter</p><blockquote><p>I'm retiring from tech. Well, "retiring" is euphemistic. ...

<blockquote cite="https://mastodon.social/@danielpunkass/116639318125898071"><p>My take on AI is, essentially, everybody who’s against it is too against it and everybody who’s for it is too for it.</p></blockquote><p class="cite">— <a href="https://mastodon.social/@danielpunkass/116639318125898071">Daniel Jalkut</a>, via <a href="https://daringfireball.net/linked/2026/05/30/jalkut-on-ai">John Gruber</a></p> <p>Tags: &lt...

俺は人間静的検査器・susisu。 幼馴染で同級生の undefined とインターネットに遊びに行って、Stage 3 Decorators の怪しげな進捗状況を目撃した。 資料を作るのに夢中になっていた俺は、背後で進んでいた Stage 2.7 への降格に気づかなかった。 はい. 登壇 去年に引き続き TSKaigi 2026 で登壇してきました. いつもありがとうございます. 2026.tskaigi.org タイトルは Stage 3 Decorators となっていますが, 冒頭の通り実は登壇の直前に Stage 2.7 に降格されていました. 聞かれていた方はわかると思うんですが,…

My blog turned 16 this month! I did nothing to celebrate, but made some little tools and clicked some links about tech ethics.Things from me this monthI published four little tools this month:ZIP Shrinker, a web app that shrinks ZIP files with higher compression ratiosA command line tool to do (completely offline) translationOpen Link in Unloaded Tab, a Firefox extension to open links without loading thempng-cmp, a command line tool to compare PNG pixel dataI also did some work on Helmet, my ope

NGINX Ingress Controller 5.5 is a focused, community-driven release. It brings new capabilities, expanded Kubernetes Ingress support, a significant startup performance improvement at scale, and more annotations to ease migrations from ingress-nginx. Here’s what’s new. External Authentication for Ingress and VirtualServer What’s new?: External Authentication is now supported for both Ingress and VirtualServer resources. Based […]

AlphaEvolve is a Google DeepMind algorithm-discovery system that uses Gemini to generate, test, and refine possible algorithm improvements. Its job is not to answer questions; it searches for faster ways to solve complex algorithmic problems. We tried it on a narrow but important part of IntelliJ-based IDEs: indexing, the background work that makes navigation, search, […]

The old (testing in Safari when you don’t have Safari), the new (::checkmark), the in-between (anchor positioning but with HTML), and more.What’s !important #12: Safari Testing, ::checkmark, HTML Anchor Positioning, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

There are quite a few "gotchas," developers face when getting into the new @function syntax of CSS. Some are getting addressed!

musiqSome web components that render piano keys and guitar fretboards in various configurations. Handy for educators!ApheraThis is looking like a genuine challenger for Adobe Lightroom.Media queries range syntaxA very concise explainer on this ever-useful syntax by one of the best in the biz at explaining CSS syntax.You probably shouldn’t be annotating focus orderOne of the best overviews of dealing with focus well in UI design/development we've seen out there.Using safe-area-inset to build mobi

Claude Code v2.1.154 で Dynamic Workflow と呼ばれる機能が追加されました。Dynamic Workflow は数時間から数日かかるような大規模な作業を実行するために設計されています。ワークフローは JavaScript で定義され、複数のサブエージェントをオーケストレーションすることができます。この記事では Claude Code の Dynamic Workflow を試してみた様子を紹介します。

こんにちは。Webエンジニアのotariidaeです。 STORES の一部システムでReActionViewをレンダリングエンジンに採用しました。この記事ではその導入の経緯と過程をご紹介します。 RubyKaigi 2026会場で導入を決意 ReActionViewはActionView互換のERBエンジンです。Herbツールチェーンを基盤としているため、HTMLとERBの構造を統一的に解析できるのが特長です。 最初にReActionViewを知ったのは昨年のKaigi on Rails 2025でした。作者のMarco氏のトークを聞いて強く惹かれたものの、当時はリリース直後の新しいツールで…

are moving from package-based to per-unit pricing for Pro and new Enterprise customers. You’ll continue paying the same effective rate until the end of your current billing cycle. you’ll be billed per unit to align costs directly with your usage.Function invocationsStarting with your next billing cycleThe new rate is $0.0000006 per invocation (previously $0.60 per 1M invocations) for Pro customers.Per‑unit billing scales more smoothly across team sizes and usage patterns. It also helps teams on

皆さんこんにちは。恒例となったReact習熟度ベンチマークシリーズです。今回はClaude Opus 4.8がリリースされたことを受け、Opus 4.7との比較を行いました。!記事の初版ではOpus 4.7の差分を+0.93と紹介していましたが、追試（複数回の再走）を行った結果結論が変わったため、記事を改訂しています。これまでの記事はこちらです。https://zenn.dev/uhyo/articles/react-profession-bench-1https://zenn.dev/uhyo/articles/react-profession-bench-2https:...

HTTP requests are inexpensive. Vercel charges ~$2/million, a fraction of a cent per call. But a single prompt to an agent on a frontier model can cost $2, making AI a million times more expensive, and inference theft one of the highest-margin businesses an attacker can run. We have seen this type of attack on our own APIs.If you have AI endpoints exposed to the internet, the risk of abuse is high and can easily run up bills in the tens of thousands of dollars or more.Protecting those endpoints r

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a31">datasette 1.0a31</a></p> <p>Another significant alpha release, with two new headline features.</p><blockquote><p>Datasette now offers users with the necessary permissions the ability to both <strong>execute write queries</strong> against their database and to <strong>save stored queries</strong> (renamed from "canned q...

<p>The most interesting thing about <a href="https://www.anthropic.com/news/series-h">Anthropic's $65B Series H announcement</a> is this line (emphasis mine):</p><blockquote><p>Since our Series G in February, adoption has continued to grow across global enterprise customers, and our run-rate revenue crossed <strong>$47 billion</strong> earlier this month.</p></blockquote><p>Anthropic have made a bit of a habit of sharing their "r...

now supports installing and running Docker inside a sandbox. An agent can build containers, install system packages, and modify files without touching your host system.Vercel SandboxInstall Docker, start the daemon, and serve a containerized application:Docker in a Sandbox is useful for running containerized services like Redis or Postgres as test dependencies, validating container images before deploying, or previewing applications served from a container. Combined with , the Docker installatio

now allow opening and binding to port 8080 as an . Vercel Sandboxesingress domainThis port was used as a controller port, and that has now moved to port 23456.Learn more about Sandbox in the .documentationRead more

Bug Fixese557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)Documentation61b0add docs: remove deprecated rule from related rules of ma

Note: This blog is a recap of 1Password’s recent webinar, “The unmanaged stack: Governing SaaS apps and AI tools outside SSO.” Head here to watch the complete webinar recording.In the constantly evolving world of enterprise tech, there’s one thing that IT and security teams have always been able to count on: users won’t follow policy if they think it’s standing in the way of their productivity. Case in point: 1Password’s most recent annual report found that 52% of employees have downloaded apps

May was A&PI Heritage Month, and at 1Password, we're proud to shine a light on the people who bring these perspectives to life in our work and help shape our culture every day.This year, we decided to spotlight Stephanie Cheng, Senior Customer Trainer and a leader within our A&PI Employee Resource Group. With over five years at 1Password, Stephanie has built her career around helping people feel capable, confident, and supported, whether she's onboarding a new customer or creating space ...

「それ本当にMVP？」AI時代にプロダクトが巨大化する理由をふりかえる おはようございます。シャトレーゼに入ったときのいい匂いの根源がなにか気になっている daipresents です。あれ、ほんとなんの匂い？ この1年、AIがとてつもないスピードで進化しており、活用するエンジニアもどんどん進化しているように感じています。 僕は「カミナシ 教育」と「カミナシ 従業員」の2プロダクトにかかわっているのですが、「小さく作ったつもりが、結果的に大きくなっちゃった」というケースが、立て続けでありました。 もしかしたら「AIの登場によって、MVPも巨大になってしまっているのではないか？」と感じたので、ふ…

WorkOS skills are now in Claude's plugin marketplace. Here's what that means for how developers discover and adopt API tooling.

The Ember project is excited to announce the release of Ember v7.0. Following Ember's Major Version Policy, the major includes only the removal of features that were deprecated until 7.0 as well as other bugfixes. This release of Ember.js means the previous version, 6.12, is now an LTS (Long Term Support) version.When it comes to introducing new features, Ember generally aims to ship new features in minor releases, offering backwards compatibility for existing code at the same time as giving dev

<p>Anthropic shipped <a href="https://www.anthropic.com/news/claude-opus-4-8">Claude Opus 4.8</a> today. My favourite thing about it is this note in the release announcement:</p><blockquote><p>Users will find Opus 4.8 to be a modest but tangible improvement on its predecessor. There’s still more to be done: we’re working on developing and releasing models that provide many of the same capabilities as Opus at a lower cost.</p></blockquote><p>...

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-anthropic/releases/tag/0.25.1">llm-anthropic 0.25.1</a></p> <blockquote><ul><li>New model: <a href="https://www.anthropic.com/news/claude-opus-4-8">Claude Opus 4.8</a> (<code>claude-opus-4.8</code>).</li><li>New <code>-o fast 1</code> option for <a href="https://platform.claude.com/docs/en/build-with-claude/fast-mode">fas...

はじめに こんにちは、 Data Science Center（DSC）佐藤弓之介です。 ABEMA ...

A short, clear, engaging website that explains how diamonds are made by Jaydip Sanghani. Several facts in there I just didn’t know at all until now, like how many diamonds have a tiny serial number carved onto them. I think it’s nice to showcase websites that do things that websites really do best. I’d maybe […]

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/markdown-svg-renderer">markdown-svg-renderer</a></p> <p>A slightly customized Markdown rendering tool with special treatment for fenced code SVG blocks - it both renders the image and provides a tab for switching to the code view.</p><p>You can paste in Markdown or give it a URL to a CORS-enabled Markdown file or Gist. <a href="https://tools.simonwillison.net/markdown-svg-...

A week after we shipped auth.md, developers have published spec-compliant files, partners have endorsed it, and the ecosystem is aligning.

The ESC collection lets you escape the confines of your desk and get out into the sun where good ideas are bound to happen.The post Still a developer. Just outside. Our latest GitHub Shop collection is here. appeared first on The GitHub Blog.

A malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry.

Endeavour Energy on VercelSub-1s page loads during peak storm trafficFive-minute data sync cycle across all upstream systems38% faster deployments compared to their previous platform on Vercel powers the frontend with server-side rendering, static generation, and edge delivery.Next.js manages the real-time data layer, storing and serving outage and asset data through its API.Supabase remains the content and experience platform, handling editorial workflows and page content.SitecoreWhen a summer

Here’s how we built Town Lake, Cloudflare's unified analytics platform, alongside Skipper, an internal AI agent running on top of it.

MDM tools like Jamf and Kandji are essential but they don't see npm installs, IDE extensions, or AI coding tools. Here's what's actually unprotected on your developer machines and how to close the gap.Category: Guides & Best Practices

Seventy percent of websites still fail basic WCAG contrast checks in 2025. After years of design system tooling, accessibility linters, and JavaScript libraries, nothing moved the needle. We didn’t need better libraries. We needed better CSS. `contrast-color()` is that better CSS.

The ::checkmark pseudo-element was introduced in CSS Form Control Styling Module Level 1 and it’s a powerful CSS feature to say the least. I even wrote about it as an almanac entry for CSS-Tricks in 2025 to share what this pseudo-element can do.The CSS ::checkmark pseudo-element is used to style the checked state of input elements with checkers including the <select> dropdown, checkboxes, and radio buttons. There’s one problem: at the time of writing, ::checkmark lacks browser support on t...

Claude Opus 4.8 is now available on .Vercel AI GatewayClaude Opus 4.8 is built for long-horizon agentic execution and handles complex, multi-step coding tasks like refactors that previously required human correction mid-task. The model also produces clearer, less hedgy prose for knowledge work like drafting documents, analyzing data, and building presentations.To use Opus 4.8, set model to in the .anthropic/claude-opus-4.8AI SDKAI Gateway provides a unified API for calling models, tracking usage

こんにちは。Webエンジニアのotariidaeです。 ERBの静的解析、していますか？ Ruby on Railsを採用したシステムでも、最近ではフロントエンドはReactなどのUIライブラリで書くことが多くなりましたが、Railsの標準であるERBも引き続き使われています。 AIがソフトウェアの実装者になった現代において、アンチパターンや見落としやすい問題を弾く仕組みはますます重要です。そこで便利なのがHerb Linterです。 Herb Linterとは Herb Linterは、ERBツールチェイン Herbで構築された静的解析ツールです。先日のRubyKaigi 2026で作者のM…

Astro 6.4 introduces a new pluggable Markdown processor API, a Rust-based Markdown processor for faster builds, and helpers to wire up experimental advanced routing with Cloudflare.

At 1Password, our Jewish 'Bits Employee Community Group exists to create space for Jewish employees and curious allies alike to connect, learn, and show up authentically. For Jewish Heritage Month this May, we wanted to spotlight Nicole Smith, Staff Project Manager and lead of our Jewish 'Bits ECG.In her four years at 1Password, Nicole has been someone people turn to when the work gets complicated, because she builds trust that makes honest conversations possible. That same instinct to lead with

AI Gateway now supports a team-wide provider allowlist. Teams can restrict which providers can serve requests, so traffic only routes to approved providers. The allowlist applies to every request through AI Gateway, including Bring Your Own Key (BYOK) traffic.Regulated teams typically vet AI providers across multiple dimensions with security and legal sign-off, ending up with a vendor set that reflects the specific requirements of their org. The allowlist turns that approved-vendor list into a r

is now available in the , with guided setup and automatic project configuration built into the Vercel dashboard.Amazon OpenSearch ServerlessVercel MarketplaceBy bringing Amazon OpenSearch Serverless into the Vercel Marketplace, teams benefit from a unified workflow:This integration is powered by the next generation of Amazon OpenSearch Serverless APIs, with Vercel participating as a key design partner alongside AWS during development.To help you get started, you can create a new AWS Account dire

How to build a custom, language-aware SDK generator from an OpenAPI spec using oagen's typed intermediate representation.

Your beforeLoad guard does not protect your server functions. A complete guide to authentication in TanStack Start, from server functions and sessions to enterprise SSO.

Slop is born from unverified code. Here's a pipeline of increasingly independent gates, from cross-model review to deterministic audits to manual QA, where each gate is harder to talk its way past than the one before.

Learn how to set up performance budgets to monitor Core Web Vitals and other key metrics such as Time To First Byte and First Contentful Paint.

<p><strong><a href="https://github.com/sqlite/sqlite/blob/master/AGENTS.md">sqlite AGENTS.md</a></strong></p>SQLite gained an AGENTS.md file <a href="https://github.com/sqlite/sqlite/commit/a1e5778889252d2609a59fd9b819d70392c5789e">five days ago</a> - but it's not intended for their own development, it's presumably aimed at people who are pointing agents at the SQLite codebase. It includes:</p><blockquote><p>SQLite does not accep...

A polished Codex remote UI, the npm package codexui-android, has active development and thousands of weekly users. It has been quietly exfiltrating OpenAI auth tokens for the past month.Category: Vulnerabilities & Threats

Feross Aboukhadijeh joins TBPN to discuss Socket's $60M Series C, 500%+ ARR growth, AI's impact on open source, and the rise in supply chain attacks.

Fragmented AI tools are costing enterprise teams more than they realise. Learn how tool sprawl creates governance risk, inconsistent outputs, and poor AI ROI.

Cloudflare Radar data confirms early indications of a partial Internet restoration in Iran, nearly three months after the shutdown began. Traffic spikes and DNS queries have risen, but network activity is currently just 40% of pre-shutdown levels.

<p>Anthropic are <a href="https://techcrunch.com/2026/05/20/anthropic-says-its-about-to-have-its-first-profitable-quarter/">strongly rumored</a> to be about to have their first profitable quarter. Stories <a href="https://www.theinformation.com/newsletters/applied-ai/uber-cto-shows-claude-code-can-blow-ai-budgets">are circulating</a> of companies surprised at how expensive their LLM bills are becoming from usage by their staff. I think this is because OpenAI and An...

Compare the Top GitGuardian Alternatives for secrets scanning in 2026. See where Aikido Security, GitHub Secret Protection, TruffleHog, Gitleaks, Semgrep, Snyk, Cycode, Checkmarx, and GitLab fit best.Category: DevSec Tools & Comparisons

Cloud9 and JetBrains have been working together on projects that connect software development and esports, from the Sky’s The Limit hackathon to custom tools built for live events, podcasts, and team content. One of the latest results of this collaboration is Cloud9 JetStream, a custom theme for JetBrains IDEs. The theme brings Cloud9’s visual identity […]

There is no `anchor` attribute in HTML, it was decided CSS `anchor-name` / `position-anchor` was the way to go. But modern CSS functions can get us there anyway.

Conductor on VercelMultiple parallel coding agents running at scale in the cloudModel-agnostic, works with Claude Code, Codex, and other coding agentsUsed by engineering teams at Notion, Linear, Ramp, and Life360Interacting with a single coding agent feels natural, and Conductor makes directing a fleet of agents just as intuitive.It's a GUI for spinning up multiple coding agents in parallel, each working on an isolated branch of your codebase at once. You review their work, merge what works, and

Until we get something like ::nth-letter, there are still some really cool text effects we can make from existing CSS features, like letter-spacing, ::first-word and ::first-line.Revealing Text With CSS letter-spacing originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Aikido vs XBOW compared in an independent benchmark by Doyensec. Aikido found 58% more vulnerabilities at the same price. See setup time, false positive rates & full resultsCategory: News

コンポーネント：水平メニュー、コンポーネント：ヘッダーコンテナを更新しました。

デザインデータ（Figma）v2.14.0を公開しました。

HTML版に画像・タブ・ページナビゲーションを新規追加。水平メニューの名称を「グローバルメニュー」から変更。React版にプログレスインジケーター・メニューリストを新規追加。README.mdに技術スタックを明記し、React v19での利用についての注意事項を加筆。

5/22(金)〜5/23(土)にかけて、TSKaigi 2026 というイベントに行ってきました。興味深いトークがあった一方で、AI 生成と見られる発表資料が多数あったのが印象的でした。ほとんどの登壇者は AI で作ったと言ってないので推測ではあるのですが *1、見るだけで「AI 生成だな」と分かる感じでした。体感6割は AI 生成だったと思います。 去年はこのようなことがなかったので驚いてます。AI でスライドを生成するツール (Claude Design/Google Slides/Genspark など) がここ1年で登場したこと、スライド生成 skills が普及したこと、個々人の中で…

Read about various happenings with Baseline during April 2026.

<blockquote cite="https://twitter.com/kyletrainemoji/status/2059301102814953511"><p>PICARD: Data, shields up</p><p>DATA: Brilliant! Shields can reduce damage we sustain. Not immunity. Not hubris. Just prudence. It's not precaution—it's strategy.</p><p>[camera shakes]</p><p>WORF: HULL BREACHES ON NINE DECKS</p><p>DATA: Here's what happened: you told me to raise shields, and I didn't</p></blockquote><p class="cite">&amp...

OSV withdrew 157 OSV malware reports after automated false positives incorrectly flagged trusted npm and PyPI packages, sending bad records into tools that rely on OSV data.

はじめに本記事では、弊社における「開発・運用分離（Dev/Ops分離）」の取り組みについて、LINE Platformの現場メンバーへのインタビューを通じて紹介します。一般的に、Dev/Ops分離はシ...

こんにちは。LINEヤフーの永吉です。5月8日（金）、「LINEヤフー Development with Agents Meetup #3」を開催しました。今回のMeetupでは、Orchestrat...

If Claude Code is Amazon, Val Town is same-day shipping

pnpm 11.4 closes a cluster of supply-chain holes around lockfile integrity, credential scoping, git resolutions, patch files, and dependency aliases, makes tarball-integrity mismatches a hard install failure by default (with a narrowly-scoped --update-checksums opt-in), and changes pnpm runtime set to write to devEngines.runtime instead of engines.runtime by default.

The now ships an optional experimental native binary that starts faster, is even more secure, and requires no Node.js runtime dependency.Vercel CLIBinaries are code-signed, allowing your OS to verify that they came from Vercel and haven't been modified. Additionally, on macOS, credentials are stored in the system Keychain scoped to the binary, so other processes cannot access them without explicit permission.You can opt in by installing the experimental package:The flag is required because insta

The deployments list has been redesigned with a denser layout, so you can see more deployments at once. Environments are now grouped with statuses, and the updated layout makes branches and commits easier to scan. The mobile experience has also been improved, making it easier to scan deployment activity on busy projects. to see the updated design.Open your dashboardRead more

When Agent A delegates to Agent B, whose permissions apply? Whose audit trail records the action? And what happens when Agent B is compromised?

Anthropic's acquisition of Stainless means the hosted SDK generator is going away. Here's what to reach for instead.

<p><strong><a href="https://daniel.haxx.se/blog/2026/05/26/the-pressure/">The pressure</a></strong></p>Daniel Stenberg on the unprecedented level of pressure the <code>curl</code> team are facing right now thanks to the deluge of (credible) AI-assisted security issues being reported.</p><blockquote><p>The rate of incoming security reports is 4-5 times higher than it was in 2024 and double the speed of 2025 -- meaning that <str...

はじめに はじめまして。株式会社タップルでサーバーサイドエンジニアをしている糸井一颯( Issa ) ...

<p><strong><a href="https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files">Microsoft Copilot Cowork Exfiltrates Files</a></strong></p>The biggest challenge in designing agentic systems continues to be preventing them from enabling attackers to exfiltrate data.</p><p>In this case Microsoft Copilot Cowork (yes, that's <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2026/03/09/copilot-cowork-a-new-way-of-gett...

<blockquote cite="https://twitter.com/paulg/status/2058844147092488401"><p>A lot of the emails I get from founders are now written in a hard-hitting journalistic style. I know they're written by AI, because no founder ever wrote this way before. And once you realize something is written by AI, it's hard not to ignore it.</p><p>I have never knowingly finished reading an email signed by a human but written by AI. It feels like being lied to, and who would stand for that?&l...

記事は ics.media へアクセスしてご覧ください。

This isn’t totally about AI. It’s about technical writing in the age of AI. I have some thoughts on this and I hope it’s helpful to you humans reading.Technical Writing in the AI Age originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Short story: `pipeline()` over `.pipe()` and destroy what you create.

There are a bunch of JavaScript animation libraries out there, and you might have wondered whether there’s a performance cost compared to traditional CSS transitions and keyframe animations. In this blog post, we’ll compare the same animation across several different strategies and see the differences firsthand. There’s some interesting nuance here!

Teams at Omnea, Cognism, Glasswall, Raisin and the UK public sector reveal why EDR and MDM miss what's really happening on developer machines.Category: News

Learn more about the talk given at Google I/O 2026 by Thomas Steiner.

How Supabase is responding to npm supply chain attacks and practical steps you should take today to reduce your risk.

<blockquote cite="https://twitter.com/quinnypig/status/2058960462256210268"><p>I cannot believe I'm saying this, but getting the literal Pope to canonize your product's specific technical limitations as a spiritual treatise is the single greatest act of vendor lobbying I have ever seen.</p></blockquote><p class="cite">— <a href="https://twitter.com/quinnypig/status/2058960462256210268">Corey Quinn</a>, on Anthropic co-founder Christopher Olah'...

now automatically save and restore filesystem state between sessions. Persistence is on by default, meaning no snapshots to manage or state to track manually.Vercel SandboxesEach sandbox has a durable, that acts as a unique reference in your project. You can create, retrieve, or resume a sandbox by name. Vercel spins sessions up and down automatically, without interrupting your workflow.customizable nameWhen you call , persistence is enabled by default:Sandbox.create()Each automatic snapshot con

The month of Claude Code. Plus, redesigning the core val UI

<div type="html"/>

Move LLM safeguards out of AGENTS.md: how agent hooks plus nano-staged run linters on changed files only, cut tokens, and tighten the agent's feedback loop

AI can accelerate output while weakening skill development. Growth now requires intentional friction for individuals, teams, and organizations.

Sansec discovered an unauthenticated PHP object injection vulnerability in Mirasvit Cache Warmer, a full-page cache extension for Magento and Adobe Commerce. Any storefront request carrying a craft...

TanStack Router has a built-in cache, so why would we need TanStack Query? There are, of course, reasons ...

Vercel Domains now supports price sorting and availability filtering.Price sorting shows lower cost domains first, so you can quickly find a domain that fits your budget. Availability filtering moves unavailable domains to the bottom of the search results, so you can focus on domains that you can actually purchase.Try it at .vercel.com/domainsRead more

is now available on the , allowing Vercel teams to power AI agents and applications with structured web data without managing crawling infrastructure.FirecrawlVercel MarketplaceThis integration helps developers scrape websites into LLM-ready formats, search and retrieve full page content, and interact with dynamic pages for retrieval and agent workflows.Key capabilities include:Get started with on the Vercel Marketplace.FirecrawlRead moreScrape pages into markdown, HTML, structured data, or scre

This week we are gradually rolling out an update to routing for aliases and branch-assigned domains.Vercel MicrofrontendsAliasing a Microfrontends URL with now preserves the full routing config from the source deployment. Previously, the new alias only inherited the . Update to the latest to pick up the change.Aliases inherit Microfrontends routingvc aliasVercel CLImicrofrontendsdeploymentIdA now routes to that branch in every project in the Microfrontend that shares the branch name. Previously,

A practical guide to SSO platforms for engineering teams selling to enterprise, evaluated on the features that actually close deals.

Bearer tokens prove nothing about who holds them. mTLS and DPoP fix that. Token Binding tried and failed, and the reason why matters more than the failure itself.

SSO, SCIM, and admin portals: which platform actually gets you to enterprise-ready without the six-month detour?

Learn how No-Vary-Search improves caching for URLs with query parameters. This article explains how the header works, when it increases cache efficiency, and when to avoid it.

<p>Dropped this morning by the Vatican: <a href="https://www.vatican.va/content/leo-xiv/en/encyclicals/documents/20260515-magnifica-humanitas.html">Magnifica Humanitas of His Holiness Pope Leo XIV on Safeguarding the Human Person in the Time of Artificial Intelligence</a>. This is a <em>very interesting</em> document. It's some of the clearest writing I've seen on the ethics of integrating AI into modern society.</p><p>Pope Leo XIV chose the name Leo in...

<p><img src="https://static.inaturalist.org/photos/666934915/large.jpg" alt="California Brown Pelican"></p><p><img src="https://static.inaturalist.org/photos/666934945/large.jpg" alt="California Brown Pelican"></p><p><img src="https://static.inaturalist.org/photos/666934484/large.jpg" alt="Snowy Egret"></p><p><img src="https://static.inaturalist.org/photos/666935110/large.jpg" alt="California Sea Lion"></p><p><img ...

Discover how to use VS Code to interact with GitHub and maintain your projects.The post GitHub for Beginners: Getting started with Git and GitHub in VS Code appeared first on The GitHub Blog.

Memory management in Node.js streaming applications can be quite complex. Streams don't inherently protect against memory exhaustion and we get into common pitfalls developers face.

Every view-transition-name on a page must be unique. The problem is that every pseudo-element selector in your CSS targets a specific name, so your animation styles explode into an unmanageable wall of selectors.Cross-Document View Transitions: Scaling Across Hundreds of Elements originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

There’s a moment in almost every usability session where a participant pauses at the login screen, types something, and glances up: checking whether they’re “doing it right.” That pause is a clear sign. They’ve already clocked that this isn’t a real app, and every data point collected after that moment is filtered through that awareness.

はじめに こんにちは、株式会社LegalOn Technologies の藤田と申します。「WorkOn」事業部に所属し、AIアシスタント機能の開発に携わっています。 この記事は、2026年5月13日から15日に開催された、国際学会 LREC 2026 の参加レポートです。当社は1件の学会発表を行いました。本記事では、その参加の様子や発表内容をご報告します。 lrec2026.info

A recap of the MCP Night 4 panel with WorkOS, Cloudflare, Sentry, and Chat PRD on how agents are reshaping products, users, and commercialization.

Recap of Rhys Sullivan's MCP Night 4 lightning demo: shipping generative UI from agents into products like PostHog using Executor and code mode.

Evan Bacon's MCP Night 4 lightning demo: npx servesim puts the iOS simulator inside the browser so coding agents can build mobile apps in a loop.

Adi Singh's MCP Night 4 lightning demo: how AgentMail turned its signup flow into a single prompt and why email is the identity layer for agents.

Karen Serfaty, founder of AgentCard, showed how agents can buy things with one-time cards at MCP Night 4. Here's a recap of the lightning demo.

Recap of MCP Night 4 at the Regency Loom: the case for agentic registration, a live demo of Auth.md, and why agent-ready is the new enterprise-ready.

SIerで積んできた経験は、事業会社でも通用するのか。運用やインフラ、リリース対応といったスキルは、大規模サービスの現場でどう生きるのか。キャリアを広げたいと考えたとき、多くのエンジニアが一度はこうし...

こんにちは。LINEヤフー研究所でヒューマンコンピュータインタラクション（HCI）分野の研究をしている山中です。みなさんが新しいマウスを買うとしたら、どんなことを重視するでしょうか。価格や持ちやすさ、...

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a30">datasette 1.0a30</a></p> <p>The big new feature in this alpha is a new customizable "Jump to..." menu, described in detail in <a href="https://datasette.io/blog/2026/jump-menu/">The extensible "Jump to" menu in Datasette 1.0a30</a> on the Datasette blog. You can try it out by hitting <code>/</code> on <a href="https://latest.datasett...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent/releases/tag/0.1a4">datasette-agent 0.1a4</a></p> <p>Taking advantage of the new <a href="https://docs.datasette.io/en/latest/javascript_plugins.html#javascript-plugins-makejumpsections">makeJumpSections()</a> JavaScript plugin hook added in <a href="https://docs.datasette.io/en/latest/changelog.html#a30-2026-05-24">Datasette 1.0a30</a>, <code&g...

はじめに 株式会社 WinTicket でエンジニアをしている長田(@ostk0069)です。 WI ...

こんにちは！システムセキュリティ推進グループの小笠原 (@gassara5) です。 最近では連日の ...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-fixtures/releases/tag/0.1a0">datasette-fixtures 0.1a0</a></p> <p>One of the smaller features in <a href="https://docs.datasette.io/en/latest/changelog.html#a30-2026-05-24">Datasette 1.0a30</a> is this:</p><blockquote><p>New documented <a href="https://docs.datasette.io/en/latest/testing_plugins.html#datasette-fixtures-populate-fixture-database"&...

<blockquote cite="https://lucumr.pocoo.org/2026/5/24/pi-oss/"><p>The most frustrating failure mode right now is that people submit issues that are not in their own voice. They contain an observed problem somewhere, but it has been thrown into a clanker and the clanker reworded it and made a huge mess of it. Typically, it was prompted so badly that the conclusions produced are more often than not inaccurate but always full of confidence. The result is complete guesswork on root cause...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/usborne-mad-house">Mad House — Usborne Creepy Computer Games</a></p> <p>Via <a href="https://news.ycombinator.com/item?id=48258194">Hacker News</a> I learned that UK publisher Usborne published <a href="https://usborne.com/us/books/computer-and-coding-books">free PDFs of their 1980s Computer Books</a>, some of which I remember working through on my Commodore 64 as...

TrapDoor crypto stealer hits 36 malicious packages across npm, PyPI, and Crates.io, targeting crypto, DeFi, AI, and security developers.

2026-07-28 MCP 仕様リリース候補の最も大きな変更点は、MCP サーバーがステートレスファーストになることです。これにより、MCP サーバーはシンプルなロードバランサーの背後でスケーリングできるようになります。また `Mcp-Method` ヘッダに基づいたトラフィックのルーティングや、サーバー応答のキャッシュなども可能になります。この記事では 2026-07-28 MCP 仕様リリース候補におけるステートレスなプロトコルの変更点について紹介します。