We're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings.The post Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program appeared first on The GitHub Blog.

This time we get into very smooth starts and stops for infinite animations using CSS. One of the tricks is layering on a transition on top of an animation.

If 3D voxel scenes (that you can style), flying focus animations, or new CSS syntaxes sound like your kinda thing, then this issue of What’s !important is definitely for you.What’s !important #11: 3D Voxel Scenes, Flying Focus, CSS Syntaxes, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

YorickLLM chatbots are out and dead chatbots are in.How diamonds are madeThis is just absolutely stunning work.TakenThis does an excellent job of highlighting how easy it is for companies to be creepy and build a fingerprint on you, using information the browser happily hands over.Making an original Jubilee line door button into a Hue light switchA very cool idea and reading about the how was an absolute joy.How we’re approaching theming with modern CSSHere's one from the Piccalilli archives tha

Every extra second of friction has a measurable business cost. Carrie Webster shares ten data-backed UX facts that link user experience directly to revenue, retention, and long-term growth.

Active Supply Chain Attack: Malicious node-ipc Versions Published to npm StepSecurity has detected multiple malicious releases of the popular node-ipc npm package. Three versions are currently known to be compromised, containing an obfuscated payload designed to steal cloud credentials, SSH keys, and CI/CD secrets. Our team is actively analyzing the attack, and this post will be updated as our investigation progresses

HighlightsNew includeIgnoreFile() helperThis release introduces the includeIgnoreFile() helper for configuration files that allows for including patterns from .gitignore files or any other files with gitignore-style patterns.Previously available in the external package @eslint/compat, the new includeIgnoreFile helper function is exported from the eslint/config entrypoint and provides an extended API that allows multiple files to be included and patterns to be interpreted relative to the location

<p>This <a href="https://simonwillison.net/2026/May/14/mitchell-hashimoto/">Mitchell Hashimoto quote</a> about Bun migrating from Zig to Rust reminded me of a similar conversation I had at a conference last week.</p><p>I was talking to someone who worked for a medium sized technology company with a pair of legacy/<a href="https://simonwillison.net/2018/Jul/17/mark-norman-francis/">legendary</a> iPhone and Android apps.</p><p>They told me the...

<blockquote cite="https://twitter.com/mitchellh/status/2055039647924007222"><p>[...] On the interesting side is how fungible programming languages are nowadays. Programming languages used to be LOCK IN, and they're increasingly not so. You think the Bun rewrite in Rust is good for Rust? Bun has shown they can be in probably any language they want in roughly a week or two. Rust is expendable. Its useful until its not then it can be thrown out. That's interesting!</p></blockq...

In April, we experienced 10 incidents that resulted in degraded performance across GitHub services.The post GitHub availability report: April 2026 appeared first on The GitHub Blog.

The job is creating dependable applications in production. Not just "a developer who uses LLMs", but an engineer in a constant evaluation and improvement loop.

How the GitHub Issues team used client-side caching, smart prefetching, and service workers to make navigation feel instant.The post From latency to instant: Modernizing GitHub Issues navigation performance appeared first on The GitHub Blog.

Socket detected malicious node-ipc versions with obfuscated stealer/backdoor behavior in a developing npm supply chain attack.

A clever use of CSS to calculate and display a discounted product price by providing a base price and discount amount, featuring modern CSS features like attr(), mod(), and round().Computing and Displaying Discounted Prices in CSS originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

When a partitioning change to our petabyte-scale ClickHouse cluster caused critical billing jobs to stall, standard metrics showed no obvious errors. This post explores how we identified severe lock contention in ClickHouse's query planner and built upstream patches to fix it.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-ip-rate-limit/releases/tag/0.1a0">datasette-ip-rate-limit 0.1a0</a></p> <p>The <a href="https://datasette.io/">datasette.io</a> site was being hammered by poorly-behaved crawlers, so I had Codex (GPT-5.5 xhigh) build a configurable rate limiting plugin to block IPs that were hammering specific areas of the site too quickly.</p><p>Here's <a href="https...

TeamPCP and BreachForums are promoting a Shai-Hulud supply chain attack contest with a $1,000 prize for the biggest package compromise.

はじめにこんにちは。LINEヤフーでモーション生成やアニメーション生成の研究開発に取り組んでいる郁です。このたび、我々のチームから次の 2 本の論文が CVPR 2026 に採択されました。Causa...

Today we're releasing the 1Password Device Trust MCP Server, an open-source server that connects your Device Trust data directly to the AI tools your team already uses, like Claude or ChatGPT. It's available now for all customers on Device Trust Connect.As AI agents take on more of the work across your organization, IT and security teams need visibility and control that keeps pace. The Device Trust MCP Server is part of how 1Password is extending that control to the way security teams actually w

And how the splicer framework makes it tractable at any interface edge.

Sansec is tracking active attacks against Funnel Builder by FunnelKit, a checkout and upsell plugin used on 40,000+ WooCommerce stores. All versions before 3.15.0.3 let unauthenticated attackers in...

<p><strong><a href="https://datasette.io/blog/2026/new-blog/">Welcome to the Datasette blog</a></strong></p>We have a bunch of neat Datasette announcements in the pipeline so we decided it was time the project grew an official blog.</p><p>I built this using OpenAI Codex desktop, which turns out to have the Markdown session transcript export feature I've always wanted. Here's <a href="https://gist.github.com/simonw/885b11eee46822622b8031a1f4e5f3...

Introduction Small PRs are easier to review, rever ...

<blockquote cite="https://bsky.app/profile/bmann.ca/post/3mlp2ipupv22z"><p>“11 AI agents” is meaningless as a phrase. </p><p>If I said “I have 11 spreadsheets” or “I have 11 browser tabs” to do my work, it means about the same thing.</p></blockquote><p class="cite">— <a href="https://bsky.app/profile/bmann.ca/post/3mlp2ipupv22z">Boris Mann</a></p> <p>Tags: <a href="https://simonwillison.net/tags/ai-agents">ai-agen...

Roguelikes don’t die. They fork, mutate, get argued over, rewritten, abandoned, and revived again. Sometimes all at once.The post Dungeons & Desktops: 10 roguelikes that never die (because their communities won’t let them) appeared first on The GitHub Blog.

The rotateX() function rotates an element around the x-axis in a three-dimensional spacerotateX() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The rotateY() function rotates an element around its vertical y-axis.rotateY() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The rotateZ() function rotates an element around its z-axis, so clockwise or counterclockwise. rotateZ() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The rotate() function spins an element either clockwise or counterclockwise in a 2D plane.rotate() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Native support for Azure OpenAI, Amazon Bedrock, and Vertex AI, OpenTelemetry observability, LLM circuit breaker, expanded file limits, and more in the latest CKEditor AI Service highlights

Packagist urges PHP projects to update Composer after a GitHub token format change exposed some GitHub Actions tokens in CI logs.

We look at designing callout UI elements using CSS, incorporating leader lines and text boxes. It details setting up the HTML structure, utilizing CSS properties like offset-path and borders.

We’ve enabled higher usage limits, faster performance, better reliability, and increased shipping velocity for our Browser Run product by rebuilding on top of Cloudflare’s Containers. Here’s how.

Why traditional loading patterns like spinners fail in agentic AI experiences, and how interface patterns that reveal the system’s process, status, and decision-making can improve transparency and build user trust.

I tasked an agent to migrate our monorepo from a mix of ESLint, Biome, and Prettier to Oxlint and Oxfmt. The full lint pipeline went from 81s to 2.5s.

GitHubのAuto Mergeをひとつの必須チェックに集約するためのGitHub Action automerge-gate を作ったので紹介します。GitHub: pkgdeps/automerge-gate背景: GitHub Auto Mergeは集約するアクションなしだと使いにくい前提として、GitHubのAuto Mergeを使うには、必須チェック未達成のPRをマージできない状態にするBranch protection ruleやRulesetの設定が必要です。これらの保護機能でPRがブロックされる状態を作ったうえで、すべての必須チェックが成功した時点でAuto Mergeが発火する、という仕組みになっています。逆に言うと、Auto Mergeを使うには何かしらのステータスチェックを必ず必須に入れる必要があります。そして、Branch protection ruleやRulesetは、マージに必要なステータスチェックを名前で列挙する形式です。この方式は次のような場面で壊れやすいという問題があります。RenovateやDependabotなど外部のGitHub Appが追加

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/csp-allow">CSP Allow-list Experiment</a></p> <p>An experiment that shows that you can load an app in a CSP-protected sandboxed iframe (see <a href="https://simonwillison.net/2026/Apr/3/test-csp-iframe-escape/">previous note</a>) and have a custom <code>fetch()</code> that intercepts CSP errors and passes them up to the parent window... which can then prompt the us...

Fixes 92 issues (addressing 380 👍). Bun.Image — a built-in image processing API, 7x faster warm installs with the isolated linker's global store, experimental HTTP/2 and HTTP/3 clients for fetch(), HTTP/3 (QUIC) in Bun.serve(), rewritten fs.watch() on Linux and macOS, --no-orphans CLI flag, process.execve(), Bun.Terminal on Windows via ConPTY, FreeBSD and Android builds, shared SSL_CTX cache, smaller binaries, and many bugfixes and Node.js compatibility improvements.

はじめに こんにちは！芝浦工業大学理工学研究科 修士1年の只野陽生と申します。2026年2月の3週間 ...

こんにちは。バックエンドエンジニアの筒井（@tsuttsun_wind）です。 PR TIMESでは、プレスリリースを個人・メディアユーザーやメディアリストに向けてメール配信しています。 2026年1月中旬ごろ、Micr […]

はじめにこんにちは。Service ReliabilityチームでSRE（Site Reliability Engineer）として働いているKi Cheol Cheonです。SREチームは、ユーザー...

GemStuffer abuses RubyGems as an exfiltration channel, packaging scraped UK council portal data into junk gems published from new accounts.

In short: I just published Open Link in Unloaded Tab, a little Firefox extension that adds “Open Link in Unloaded Tab” to the right-click context menu.In Firefox, you can unload tabs to save system resources. But there’s no way to open a new tab in the unloaded state…until now! I built a very simple extension that adds a new option to do this. (It even has a cute icon which I paid ~$15 for.)I’ve built one-off extensions before, but this is the first one I’ve submitted to the Firefox Add-ons dire

Update May 13th: GitHub has temporarily rolled back the new token format rollout. According to the Composer maintainers, that leaves a few days to update Composer in CI before the rollout resumes n...

lets protected deployments accept from Vercel projects and external services you authorize, so you no longer have to share a long-lived secret. Trusted Sources is the recommended approach, but Protection Bypass for Automation continues to workTrusted Sourcesshort-lived identity tokens (OIDC)Protection Bypass for AutomationCallers attach an OIDC token in the header. Vercel then verifies the signature, checks the claims you configured, and confirms the environment matches the rule.x-vercel-trusted

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a29">datasette 1.0a29</a></p> <blockquote><ul><li>New <code>TokenRestrictions.abbreviated(datasette)</code> <a href="https://docs.datasette.io/en/latest/internals.html#tokenrestrictions">utility method</a> for creating <code>"_r"</code> dictionaries. <a href="https://github.com/simonw/datasette/issues/2695">#269...

<blockquote cite="https://www.tiktok.com/@atmoio/video/7638649825382190350"><p>Now, if your CEO has never heard the phrase Ralph Loop, oh man, you are less than 30 days away from your next promotion. I'm not even exaggerating. Walk into his office, close the door, and say, hey chief, been experimenting with something. It's called Ralph Loops. And I think it could change literally everything. And he's gonna say, what's a Ralph loop? And you will say, give me $18,000 worth of API cred...

<blockquote cite="https://lobste.rs/s/oznirn/redis_cost_ambition#c_dzrja0"><p>The thing about 90% of TDMs [Technical Decision Makers] is that they're motivated primarily by NOT GETTING FIRED. These aren't people who browser Lobsters or push to GH on the weekend. These are people that work 9 to 5, get paid, go home, and NEVER THINK ABOUT WORK AGAIN. So to achieve all that, they follow secular trends supported by analysts and broad public sentiment. Oh, Gartner said that "AI strategy"...

now lets you create WAF custom rules using natural language. Describe the behavior you need and the dashboard will generate the rule.Vercel FirewallVisit the to try creating a rate-limiting rule:firewall custom rules pageOr use the Vercel CLI: let you control traffic to your site by logging, blocking, challenging, rate limiting, or redirecting requests based on conditions like IP address, path, country, user agent, and more.WAF custom rulesFor example, you can: or learn more in the .Generate you

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm/releases/tag/0.32a2">llm 0.32a2</a></p> <p>A bunch of useful stuff in this <a href="https://llm.datasette.io/">LLM</a> alpha, but the most important detail is this one:</p><blockquote><p>Most reasoning-capable OpenAI models now use the <a href="https://platform.openai.com/docs/api-reference/responses"><code>/v1/responses</code></a> e...

Starting June 1, our lineup of individual plans will update based on your feedback.The post GitHub Copilot individual plans: Introducing flex allotments in Pro and Pro+, and a new Max plan appeared first on The GitHub Blog.

Obs.js is a tiny inline script that helps you adapt your site to real-world network, battery, CPU, and memory conditions.

We look at a couple of ways to essentially draw a little square dot in a slightly larger area and let it repeat, giving us a nice dotted background effect.

Learn how one Hubber used GitHub Copilot CLI to build an extension that turns any codebase into a unique, roguelike dungeon. The post Dungeons & Desktops: Building a procedurally generated roguelike with GitHub Copilot CLI appeared first on The GitHub Blog.

The proposed ShadowRealm API introduces a new kind of realm specifically designed for isolation, and only that.Soon We Can Finally Banish JavaScript to the ShadowRealm originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. StepSecurity's OSS Package Security Feed first detected the attack in official @tanstack packages and is tracking its spread across the ecosystem in real time.

Socket was named to the Rising in Cyber 2026 list, recognizing 30 private cybersecurity startups selected by CISOs and security executives.

We investigated a bug where CUBIC's congestion window became pinned at its minimum floor, causing a performance to plummet. The fix involved correctly measuring idle periods to distinguish RTT wait times from actual application idleness.

Fast mode for Claude Opus 4.7 is now available on in research preview.AI GatewayFast mode delivers ~2.5x faster output token generation with full Opus 4.7 intelligence. This is an early, experimental feature.To enable fast mode, pass in the provider options with .speed: 'fast'anthropicanthropic/claude-opus-4.7You can use fast mode with by setting the and variables in your shell configuration file or in .Claude Code via AI GatewayCLAUDE_CODE_SKIP_FAST_MODE_ORG_CHECKCLAUDE_CODE_ENABLE_OPUS_4_7_FAS

こんにちは、ima1zumiです。RubyKaigi 2026 お疲れさまでした！函館の海鮮が恋しい日々を送っています。 STORES はNursery Sponsorとして、託児所の企画・運営をしました。また、会期中にRubyKaigi 2026 STORES Quizを出題したり、STORES CAFE for WomenとSTORES CAFE at RubyKaigi 2026を開催したりと、盛りだくさんな3日間でした。エンジニア30名、PX4名、内定者1名の総勢35名で参加しました！ このブログではRubyKaigi 2026に参加したメンバーから印象に残ったセッション、出来事につい…

Test the proposed install element.

Chrome 148 introduces Immediate UI mode for passkeys and passwords to streamline user sign-in flows with a frictionless credential request experience.

Ask which AI model is best, and the answer changes before the ink dries. That's what happens in an industry where new models are released weekly. Every benchmark measures a different race, and every race crowns its own winner, but Vercel has a unique view of the industry through production workloads. serves tens of trillions of tokens across hundreds of models through real applications and agents. AI Gateway:What we're seeingThis report is built on data from seven months of production traffic fr

You can now manage the directly from the CLI. Vercel FirewallUsing the command, you can configure , , , , and .vercel firewallcustom rulesIP blockssystem bypassesattack modesystem mitigationsBuilding on the new CLI commands, the lets agents interact with the Firewall and includes best practices for rolling out new Firewall rules safely. Vercel Firewall skillUpdate to the latest CLI version and run to get started. Learn more about the vercel firewallVercel Firewall CLI commands.Read more

こんにちは、フロントエンドエンジニアのやなぎ（@apple_yagi）です。 PR TIMESでは2023年9月から XO をリンター・フォーマッターとして使ってきましたが、先日 Oxlint に移行しました。本エントリ […]

Claude managed agents, OpenAI voice agents, domaining, and more

This blog has been adapted from an excerpted section of 1Password’s ebook, Credential sprawl: How AI increases the risks. To read the complete ebook and learn more about how AI is accelerating credential sprawl, click here.In Ancient Rome, the military had a daily “watchword” that soldiers used to enter the camp. An official would inscribe the watchword on clay tablets, which were distributed throughout the various military units. If a tablet wasn’t returned, they swiftly tracked it down and pun

1Password has never been more popular in the workplace. Okta’s 2026 “Businesses at Work” report reveals that, of the 8,000+ apps that Okta analyzed, “The security tool 1Password showed the highest industry-level growth, notching a 370% YoY increase in the technology sector.” This statistic refers specifically to the number of individual 1Password users on the Okta platform, indicating a sharp increase in the rollout and adoption of 1Password across business users. This growth is no coincidence.

Claude Code is more than a chat interface. Discover the lesser-known commands, shortcuts, and workflows that will make you a power user.

In this release, we're shifting how official plugins are distributed, and rolling out two new

How to give AI agents their own identity, scope what they can do, and defend your systems when they act autonomously.

How an AI operational finance startup went from founding to Vercel AI Accelerator winner without slowing down for enterprise auth.

Vercel Sandbox now supports Node.js version 26.To run a Sandbox with Node.js 26, upgrade to or later, or to or later if you're using v2 and set the property to :@vercel/sandbox1.10.22.0.0-beta.19runtimenode26Get started today and learn more in the .documentationRead more

<p><strong><a href="https://about.gitlab.com/blog/gitlab-act-2/">GitLab Act 2</a></strong></p>There's a lot going on in this announcement from GitLab about the "workforce reduction" and "structural and strategic decisions" they are making with respect to the agentic era.</p><ul><li>They're "planning to reduce the number of countries by up to 30% where we have small teams". One of the most interesting things about GitLab is that they have emp...

Nice 9-minute video from Matt Pocock (from about a year ago) introducing composites. The problem of not being able to compare objects definitely feels worth solving. Or, more accurately, fixing the issue where when compare two objects that look exactly the same, it’s still false. And that using them as keys doesn’t work. Sounds like […]

Socket detected 84 compromised TanStack npm package artifacts modified with suspected CI credential-stealing malware.

<blockquote cite="https://www.jamesshore.com/v2/blog/2026/you-need-ai-that-reduces-your-maintenance-costs"><p>Your AI coding agent, the one you use to write code, needs to reduce your maintenance costs. Not by a little bit, either. You write code twice as quick now? Better hope you’ve halved your maintenance costs. Three times as productive? One third the maintenance costs. Otherwise, you’re screwed. You’re trading a temporary speed boost for permanent indenture. [...]</p><...

<p><strong><a href="https://www.404media.co/your-ai-use-is-breaking-my-brain/">Your AI Use Is Breaking My Brain</a></strong></p>Excellent, angry piece by Jason Koebler on how AI writing online is becoming impossible to avoid, filtering it is mentally exhausting and it's even starting to distort regular human writing styles.</p><p>I particularly liked his use of the term "Zombie Internet" to define a different, more insidious alternative to the "De...

<p><strong>TIL:</strong> <a href="https://til.simonwillison.net/llms/llm-shebang">Using LLM in the shebang line of a script</a></p> <p>Kim_Bruning <a href="https://news.ycombinator.com/item?id=48073246#48090590">on Hacker News</a>:</p><blockquote><p>But seriously, you can put a shebang on an english text file now (if you're sufficiently brave) [...]</p></blockquote><p>This inspired me to look at patterns f...

Enterprise AI pilots fail not because of the model, but because AI never fits real workflows. See the patterns behind implementations that scale.

Safari 26.5 is here, delivering the :open pseudo-class, the element-scoped keyword for random(), color-interpolation for SVG gradients, the ToggleEvent.source property for popovers, and the Origin API.

Learn how to find opportunities to contribute to the open source community.The post GitHub for Beginners: Getting started with OSS contributions appeared first on The GitHub Blog.

<p><strong><a href="https://twitter.com/tobi/status/2053121182044451016">Learning on the Shop floor</a></strong></p>Tobias Lütke describes Shopify's internal coding agent tool, River, which operates entirely in public on their Slack:</p><blockquote><p>River does not respond to direct messages. She politely declines and suggests to create a public channel for you and her to start working in. I myself work with river in <code>#tobi_river...

During a deployment at 08:00 pm on 7 May 2026 (UTC), SpeedCurve RUM JavaScript error tracking had an outage that lasted for 5 days, until 08:00 pm on 12 May. The outage caused the complete loss of JavaScript error details recorded by SpeedCurve's RUM script, lux.js. Total error count was recorded correctly, but the details of those errors were lost.Unfortunately our automated monitoring did not alert us to this outage. We were only alerted after reports of missing data from SpeedCurve customers.

You can now use to roll out a feature to a growing percentage of users on a schedule, with progressive rollouts.Vercel FlagsUnlike weighted splits, which hold a fixed distribution (for example, 50/50) for experiments, a progressive rollout follows a predefined schedule that gradually shifts the traffic percentage to the new variant. Each stage has a target percentage and a duration.Exposing a change in stages lets you catch a regression on a small slice of users before it hits everyone.Progressi

はじめにLINEアプリ開発SBU・モバイルエクスペリエンス開発ディビジョンのikesyoです。普段はLINE iOSアプリのビルドシステムや開発基盤の改善を担当しています。LINE iOSは250万行...

はじめまして。LINEヤフー株式会社の石井です。ヤフーのAndroidアプリにログイン機能を提供する社内向けのSDKの開発を担当しています。近年、ログインの簡単さやセキュリティなどの観点でパスキーが注...

こんにちは。遠藤 (@mametter) です。 STORES は Nursery and Scholarship Sponsor として RubyKaigi 2026 に協賛していましたが、さらに "Ruby One-Liner Challenge" というゲームを公開しました。 会場で QR コード付きのカードを配布する形でこのゲームを配っていました。 受け取っていただいた方、遊んでいただいた方、ありがとうございました。 フレーズをドラッグ＆ドロップで並べ替え、指定された出力を出す Ruby ワンライナーを組み立てるパズルです。 ブラウザ上で ruby.wasm が動いていて、実際に ev…

The now supports forwarding specific HTTP requests to a proxy you control. You can also use matchers to filter forwarding and credentials brokering to only the requests that need it.Vercel Sandbox firewallYou can now route outbound sandbox traffic through your own proxy for logging, debugging, or transforming requests and responses. Set a on any allowed domain, and the firewall will forward matching HTTPS requests to your server.forwardURLThe proxy receives the original request along with additi

経度 0° の本初子午線はイギリスのグリニッジ天文台を基準に決められたもので、世界標準時 (UTC+0) の起点となっています。 ここから東西 15° ごとの合計 24 本が「標準時子午線」と呼ばれます。ほとんどの国・地域はいずれかの標準時子午線を自国の標準時の基準にしています。 日本の標準時 (UTC+9) は東経 135° の標準時子午線に基づいていて、これが兵庫県明石市を通ることはよく知られています。「なんで明石？」と思ったこともありますが、たまたまグリニッジ天文台から 135° 東の位置にあったからです。 ところで、自国の領土に標準時子午線がまったく通っていない国もしばしばあります。有…

pnpm 11.1 adds a few new commands — pnpm audit signatures, pnpm bugs, and pnpm owner — alongside support for installing from arbitrary named registries (including a built-in alias for the GitHub Packages npm registry), the ability to skip runtime installation in CI, and several fixes.

Everything you need to know to implement and validate JWTs securely in PHP: from signing to verifying with JWKS, with code examples and best practices for both vanilla PHP and Laravel.

Seven errors that break Entra ID SAML SSO, and how to resolve them.

WorkOS designers use AI to prototype in production, explore wider solution spaces, and design for agents. Here's how our craft is changing.

Tan's fat-skills/thin-harness architecture maps almost one-to-one onto an AI coworker for non-developers. The catch: when users don't have a repo, skills can't be files. Skills have to be the product.

<blockquote cite="https://www.nytimes.com/2026/04/14/world/canada/election-carney-liberal-party.html"><p><em>This article was updated after The Times learned that a remark attributed to Pierre Poilievre, the Conservative leader, was in fact an A.I.-generated summary of his views about Canadian politics that A.I. rendered as a quotation. The reporter should have checked the accuracy of what the A.I. tool returned. The article now accurately quotes from a speech delivered by Mr....

<blockquote cite="https://til.andrew-quinn.me/posts/replacing-a-3-gb-sqlite-database-with-a-7-mb-fst-finite-state-trandsucer-binary/#fn:5"><p>One could say in the first quarter-century of my life, that while I was always fascinated by programming, I could never overcome the guilt of not really knowing whether the tool I am building right now isn’t already superceded by some much better implementation someone else has already written 30 or 40 years ago; I could write a TSV-aware sear...

Superset on VercelSoftware development with AI started as a single engineer chatting with a single agent about a local repo. Today, developers direct fleets of agents in the cloud, but traditional tools were built for the old shape of the job: IDEs, terminals, and review systems designed for one developer moving one ticket at a time.Co-founders Kiet Ho, Satya Patel, and Avi Peltz, all former CTOs at YC-backed companies, built as the IDE for multi-agent development. It runs up to 10 coding agents

グリッドレイアウトで「列の間に線を引く」といった装飾は多くの場面で必要になります。しかし、flexbox や grid で列の間に線を引くためのプロパティは存在せず、ボーダーや背景色を利用して線のように見せるといったワークアラウンドが必要でした。CSS Grid Layout の gap を装飾する `column-rule` と `row-rule` を使用することにより、flexbox や grid で簡単に列や行の間に線を引くことができるようになります。

Lighthouse 13.3 introduces a new Agentic Browsing category that audits how well your website works with AI agents.

<blockquote cite="https://moq.dev/blog/webrtc-is-the-problem/"><p>WebRTC is designed to <strong>degrade and drop my prompt</strong> during poor network conditions.</p><p>wtf my dude</p><p>WebRTC aggressively drops audio packets to keep latency low. If you’ve ever heard distorted audio on a conference call, that’s WebRTC baybee. The idea is that conference calls depend on rapid back-and-forth, so pausing to wait for audio is unacceptable.</p>...

A dispute over fsnotify maintainer access set off supply chain alarms around one of Go’s most widely used filesystem libraries.

Something like manipulating the speed of an animation isn't a big deal, but it's harder when the animation is *already running*. We got tricks.

<p><strong><a href="https://twitter.com/trq212/status/2052809885763747935">Using Claude Code: The Unreasonable Effectiveness of HTML</a></strong></p>Thought-provoking piece by Thariq Shihipar (on the Claude Code team at Anthropic) advocating for HTML over Markdown as an output format to request from Claude.</p><p>The article is crammed with interesting examples (collected on <a href="https://thariqs.github.io/html-effectiveness/">this site&l...

Tailwind CSS v4.3 is here with first-party scrollbar styling, even more logical property utilities, new zoom and tab-size utilities, better @variant support, and all the v4.2 stuff we shipped while forgetting blogs existed.

Youth safety requirements are moving down the tech stack to operating systems and app stores—raising new questions for open source developers. The post Why age assurance laws matter for developers appeared first on The GitHub Blog.