Introducing Secure Registry by StepSecurity: install-time defense for the npm supply chain. Block malicious packages, enforce package cooldowns, and protect CI/CD pipelines, developer machines, and artifact managers from modern software supply chain attacks.

RSCs in TanStack Start are server-only executed code — perhaps a significant improvement over the Next.js implementation.

This is Part 1 of a two-part series about cross-document view transitions, going over all the gotchas, from ditching the deprecated way to opt into them to a little-known 4-second timeout.Cross-Document View Transitions: The Gotchas Nobody Mentions originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Hermes Agent は v0.14.0 で xAI の Grok モデルとの統合できるようになりました。Grok モデルは X（旧 Twitter）の投稿を検索できる `x_search` ツールを使えることが特徴で、リアルタイムでトレンドを把握したり、最新の情報を取得できることが強みとなっています。この記事では Hermes Agent と Grok の統合を試してみた様子を紹介します。

こんにちは、フルタイムで Ruby の開発をしている遠藤（@mametter）です。 Spinel で Optcarrot を走らせることができた！？ので、その結果をご報告します。 Spinel とは 先日の RubyKaigi 2026 では、Ruby の AOT コンパイラである Spinel が発表されました。 Spinel は抽象解釈に基づいて Ruby コードの型を推定し、それに最適化した表現で Ruby コードを C 言語コードに変換します。 Matz 自ら作っていること、全面的に AI に作らせていることなどが話題です。 Spinel は TypeProf に着想を得て作られてい…

Coding Agentと業務ツールを連携した業務改善は、開発現場では当たり前になりつつあります。しかし、その恩恵は本当に組織全体に広がっているでしょうか。「一度触ればすごさはすぐ伝わる。ただ、その一...

Arabic, Hebrew, and other right-to-left script users often can't type properly in apps that never considered them. The fix is usually two HTML attributes. Here's exactly what to add, and when.

Build an authorization model your B2B app won't outgrow: how to go from flat roles to fine-grained, resource-scoped access control without a rewrite.

A developer's guide to Client-Initiated Backchannel Authentication (CIBA) for agentic systems.

こんにちは。AIドリブン推進室の神谷 @_yukamiya です。 サイバーエージェン ...

<p><strong><a href="https://shkspr.mobi/blog/2026/05/gds-weighs-in-on-the-nhss-decision-to-retreat-from-open-source/">GDS weighs in on the NHS's decision to retreat from Open Source</a></strong></p>Terence Eden continues his coverage of the NHS' <a href="https://shkspr.mobi/blog/2026/05/nhs-goes-to-war-against-open-source/">poorly considered decision</a> to close down access to their open source repositories in response to vulnerabilities...

What Answer Engine Optimization and Generative Engine Optimization mean, and how to get your site cited by AI Overviews, ChatGPT, Claude, Perplexity, and Gemini.

<p>In preparation for a lightning talk I'm giving at PyCon US <a href="https://us.pycon.org/2026/schedule/presentation/175/">this afternoon</a> I decided to figure out how many names OpenClaw has <em>actually</em> had since that <a href="https://github.com/openclaw/openclaw/commit/f6dd362d39b8e30bd79ef7560aab9575712ccc11">first commit</a> back in November.</p><p>Thanks to this <a href="https://tools.simonwillison.net/python/#first_line_hi...

<blockquote cite="https://jvns.ca/blog/2026/05/15/moving-away-from-tailwind--and-learning-to-structure-my-css-/"><p>[...] in the last 10 years I’ve learned to really love and respect CSS as a technology.</p><p>So I decided years ago that I wanted to react to “CSS is hard” by getting better at CSS and taking it seriously as a technology, instead of devaluing it. Doing that changed everything for me: I learned that so many of my frustrations (“centering is impossible”) had...

OpenUI は Generative UI を構築するためのフレームワークです。OpenUI 言語と呼ばれる独自の宣言型言語を使用して、AI が UI を構築するための指示を与えるという新しいアプローチを提供します。この記事では OpenUI を使用して Generative UI を実装する方法について解説します。

I built ZIP Shrinker, a little browser tool to shrink ZIP files. It also works with formats that are secretly ZIPs underneath, like APK, EPUB, JAR, and many more.Try it out!How does it work?At a high level, this tool (1) re-compresses every file in the ZIP archive with higher compression (2) removes all metadata (3) removes entries for directories.Re-compressingZIP files are typically compressed with an algorithm called Deflate.There are a few tools that can re-compress Deflate data and make it

<p><strong>Release:</strong> <a href="https://github.com/simonw/inaturalist-clumper/releases/tag/0.1">inaturalist-clumper 0.1</a></p> <p>Part of the infrastructure I use for <a href="https://simonwillison.net/2026/May/1/inat-sightings/">publishing my iNaturalist sightings on my blog</a>. I've been running this in production for a few weeks now, inspiring some iterations on how it works, so I decided to ship a 0.1 release.</p><p>Y...

Learn about the experimental general-purpose accessibility agent that GitHub is piloting.The post Building a general-purpose accessibility agent—and what we learned in the process appeared first on The GitHub Blog.

<p><img src="https://static.inaturalist.org/photos/660343826/large.jpg" alt="Western Gull"></p><p><img src="https://static.inaturalist.org/photos/660344126/large.jpg" alt="Rock Pigeon"></p><p>Western Gull, Rock Pigeon, in Los Angeles Area (custom), CA, US</p><p>I went for a bird walk in the morning before PyCon, and we spotted a local seagull enjoying a Starbucks.</p>

We're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings.The post Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program appeared first on The GitHub Blog.

This time we get into very smooth starts and stops for infinite animations using CSS. One of the tricks is layering on a transition on top of an animation.

If 3D voxel scenes (that you can style), flying focus animations, or new CSS syntaxes sound like your kinda thing, then this issue of What’s !important is definitely for you.What’s !important #11: 3D Voxel Scenes, Flying Focus, CSS Syntaxes, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

YorickLLM chatbots are out and dead chatbots are in.How diamonds are madeThis is just absolutely stunning work.TakenThis does an excellent job of highlighting how easy it is for companies to be creepy and build a fingerprint on you, using information the browser happily hands over.Making an original Jubilee line door button into a Hue light switchA very cool idea and reading about the how was an absolute joy.How we’re approaching theming with modern CSSHere's one from the Piccalilli archives tha

Every extra second of friction has a measurable business cost. Carrie Webster shares ten data-backed UX facts that link user experience directly to revenue, retention, and long-term growth.

A new way to style gaps in CSS from Chrome and Edge 149.

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/qr-code-generator">QR code generator</a></p> <p>Claude helped me build this tool for creating QR codes, for both text/URLs and for connecting to WiFi networks.</p><p><img alt="Screenshot of a QR code generator web form. Heading "QR code generator" with subtitle "Create a scannable code for a URL, text, or WiFi network." A segmented toggl...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm-limits/releases/tag/0.1a0">datasette-llm-limits 0.1a0</a></p> <p>This plugin works in conjunction with <a href="https://github.com/datasette/datasette-llm">datasette-llm</a> and <a href="https://github.com/datasette/datasette-llm-accountant">datasette-llm-accountant</a> to let you configure a per-user (or global) spending limit for LLM usage inside o...

Active Supply Chain Attack: Malicious node-ipc Versions Published to npm StepSecurity has detected multiple malicious releases of the popular node-ipc npm package. Three versions are currently known to be compromised, containing an obfuscated payload designed to steal cloud credentials, SSH keys, and CI/CD secrets. Our team is actively analyzing the attack, and this post will be updated as our investigation progresses

HighlightsNew includeIgnoreFile() helperThis release introduces the includeIgnoreFile() helper for configuration files that allows for including patterns from .gitignore files or any other files with gitignore-style patterns.Previously available in the external package @eslint/compat, the new includeIgnoreFile helper function is exported from the eslint/config entrypoint and provides an extended API that allows multiple files to be included and patterns to be interpreted relative to the location

User-scoped keys, org-scoped keys, and M2M applications cover most agent scenarios in B2B products, but the right choice depends on who the agent acts for, and how it runs.

You can now use native syntax with the Vercel CLI. The command accepts full URLs, bare hostnames, and the flag, and uses your Vercel auth to bypass .curl--urlvercel curlDeployment ProtectionIf you've linked a project, you can also pass just a path:Update to the latest Vercel CLI version and run to get started. Learn more in the .vercel curlVercel CLI documentationRead more

You can now sort the providers behind a model by cost, time to first token (TTFT), or throughput (TPS) in .AI GatewayThe default provider order blends provider reliability, quality of model output, cost, and speed of response. You can now use for explicit control over ranking criteria.sortFor models with many providers and noticeable cost or speed variation, you can use to optimize on your dimension of choice. Ranking is computed at request time, so newly added providers, price changes, and shif

<p>This <a href="https://simonwillison.net/2026/May/14/mitchell-hashimoto/">Mitchell Hashimoto quote</a> about Bun migrating from Zig to Rust reminded me of a similar conversation I had at a conference last week.</p><p>I was talking to someone who worked for a medium sized technology company with a pair of legacy/<a href="https://simonwillison.net/2018/Jul/17/mark-norman-francis/">legendary</a> iPhone and Android apps.</p><p>They told me the...

<blockquote cite="https://twitter.com/mitchellh/status/2055039647924007222"><p>[...] On the interesting side is how fungible programming languages are nowadays. Programming languages used to be LOCK IN, and they're increasingly not so. You think the Bun rewrite in Rust is good for Rust? Bun has shown they can be in probably any language they want in roughly a week or two. Rust is expendable. Its useful until its not then it can be thrown out. That's interesting!</p></blockq...

In April, we experienced 10 incidents that resulted in degraded performance across GitHub services.The post GitHub availability report: April 2026 appeared first on The GitHub Blog.

The job is creating dependable applications in production. Not just "a developer who uses LLMs", but an engineer in a constant evaluation and improvement loop.

How the GitHub Issues team used client-side caching, smart prefetching, and service workers to make navigation feel instant.The post From latency to instant: Modernizing GitHub Issues navigation performance appeared first on The GitHub Blog.

Socket detected malicious node-ipc versions with obfuscated stealer/backdoor behavior in a developing npm supply chain attack.

A clever use of CSS to calculate and display a discounted product price by providing a base price and discount amount, featuring modern CSS features like attr(), mod(), and round().Computing and Displaying Discounted Prices in CSS originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

When a partitioning change to our petabyte-scale ClickHouse cluster caused critical billing jobs to stall, standard metrics showed no obvious errors. This post explores how we identified severe lock contention in ClickHouse's query planner and built upstream patches to fix it.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-ip-rate-limit/releases/tag/0.1a0">datasette-ip-rate-limit 0.1a0</a></p> <p>The <a href="https://datasette.io/">datasette.io</a> site was being hammered by poorly-behaved crawlers, so I had Codex (GPT-5.5 xhigh) build a configurable rate limiting plugin to block IPs that were hammering specific areas of the site too quickly.</p><p>Here's <a href="https...

TeamPCP and BreachForums are promoting a Shai-Hulud supply chain attack contest with a $1,000 prize for the biggest package compromise.

はじめにこんにちは。LINEヤフーでモーション生成やアニメーション生成の研究開発に取り組んでいる郁です。このたび、我々のチームから次の 2 本の論文が CVPR 2026 に採択されました。Causa...

And how the splicer framework makes it tractable at any interface edge.

Today we're releasing the 1Password Device Trust MCP Server, an open-source server that connects your Device Trust data directly to the AI tools your team already uses, like Claude or ChatGPT. It's available now for all customers on Device Trust Connect.As AI agents take on more of the work across your organization, IT and security teams need visibility and control that keeps pace. The Device Trust MCP Server is part of how 1Password is extending that control to the way security teams actually w

Sansec is tracking active attacks against Funnel Builder by FunnelKit, a checkout and upsell plugin used on 40,000+ WooCommerce stores. All versions before 3.15.0.3 let unauthenticated attackers in...

You can now restrict access to production source maps with , which puts browser files behind . Your team can fetch them; everyone else gets a 404.Protected Source MapsVercel Authentication.mapSource maps are how you debug minified production code. They give you readable stack traces and your original source code, with the real filenames and line numbers intact.New projects have Protected Source Maps enabled by default. Existing projects can opt in from Settings → Deployment Protection, with no r

<p><strong><a href="https://datasette.io/blog/2026/new-blog/">Welcome to the Datasette blog</a></strong></p>We have a bunch of neat Datasette announcements in the pipeline so we decided it was time the project grew an official blog.</p><p>I built this using OpenAI Codex desktop, which turns out to have the Markdown session transcript export feature I've always wanted. Here's <a href="https://gist.github.com/simonw/885b11eee46822622b8031a1f4e5f3...

Introduction Small PRs are easier to review, rever ...

<blockquote cite="https://bsky.app/profile/bmann.ca/post/3mlp2ipupv22z"><p>“11 AI agents” is meaningless as a phrase. </p><p>If I said “I have 11 spreadsheets” or “I have 11 browser tabs” to do my work, it means about the same thing.</p></blockquote><p class="cite">— <a href="https://bsky.app/profile/bmann.ca/post/3mlp2ipupv22z">Boris Mann</a></p> <p>Tags: <a href="https://simonwillison.net/tags/ai-agents">ai-agen...

Roguelikes don’t die. They fork, mutate, get argued over, rewritten, abandoned, and revived again. Sometimes all at once.The post Dungeons & Desktops: 10 roguelikes that never die (because their communities won’t let them) appeared first on The GitHub Blog.

The rotateX() function rotates an element around the x-axis in a three-dimensional spacerotateX() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The rotateY() function rotates an element around its vertical y-axis.rotateY() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The rotateZ() function rotates an element around its z-axis, so clockwise or counterclockwise. rotateZ() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The rotate() function spins an element either clockwise or counterclockwise in a 2D plane.rotate() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Native support for Azure OpenAI, Amazon Bedrock, and Vertex AI, OpenTelemetry observability, LLM circuit breaker, expanded file limits, and more in the latest CKEditor AI Service highlights

Packagist urges PHP projects to update Composer after a GitHub token format change exposed some GitHub Actions tokens in CI logs.

We look at designing callout UI elements using CSS, incorporating leader lines and text boxes. It details setting up the HTML structure, utilizing CSS properties like offset-path and borders.

We’ve enabled higher usage limits, faster performance, better reliability, and increased shipping velocity for our Browser Run product by rebuilding on top of Cloudflare’s Containers. Here’s how.

Why traditional loading patterns like spinners fail in agentic AI experiences, and how interface patterns that reveal the system’s process, status, and decision-making can improve transparency and build user trust.

I tasked an agent to migrate our monorepo from a mix of ESLint, Biome, and Prettier to Oxlint and Oxfmt. The full lint pipeline went from 81s to 2.5s.

GitHubのAuto Mergeをひとつの必須チェックに集約するためのGitHub Action automerge-gate を作ったので紹介します。GitHub: pkgdeps/automerge-gate背景: GitHub Auto Mergeは集約するアクションなしだと使いにくい前提として、GitHubのAuto Mergeを使うには、必須チェック未達成のPRをマージできない状態にするBranch protection ruleやRulesetの設定が必要です。これらの保護機能でPRがブロックされる状態を作ったうえで、すべての必須チェックが成功した時点でAuto Mergeが発火する、という仕組みになっています。逆に言うと、Auto Mergeを使うには何かしらのステータスチェックを必ず必須に入れる必要があります。そして、Branch protection ruleやRulesetは、マージに必要なステータスチェックを名前で列挙する形式です。この方式は次のような場面で壊れやすいという問題があります。RenovateやDependabotなど外部のGitHub Appが追加

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/csp-allow">CSP Allow-list Experiment</a></p> <p>An experiment that shows that you can load an app in a CSP-protected sandboxed iframe (see <a href="https://simonwillison.net/2026/Apr/3/test-csp-iframe-escape/">previous note</a>) and have a custom <code>fetch()</code> that intercepts CSP errors and passes them up to the parent window... which can then prompt the us...

Fixes 92 issues (addressing 380 👍). Bun.Image — a built-in image processing API, 7x faster warm installs with the isolated linker's global store, experimental HTTP/2 and HTTP/3 clients for fetch(), HTTP/3 (QUIC) in Bun.serve(), rewritten fs.watch() on Linux and macOS, --no-orphans CLI flag, process.execve(), Bun.Terminal on Windows via ConPTY, FreeBSD and Android builds, shared SSL_CTX cache, smaller binaries, and many bugfixes and Node.js compatibility improvements.

はじめに こんにちは！芝浦工業大学理工学研究科 修士1年の只野陽生と申します。2026年2月の3週間 ...

こんにちは。バックエンドエンジニアの筒井（@tsuttsun_wind）です。 PR TIMESでは、プレスリリースを個人・メディアユーザーやメディアリストに向けてメール配信しています。 2026年1月中旬ごろ、Micr […]

はじめにこんにちは。Service ReliabilityチームでSRE（Site Reliability Engineer）として働いているKi Cheol Cheonです。SREチームは、ユーザー...

GemStuffer abuses RubyGems as an exfiltration channel, packaging scraped UK council portal data into junk gems published from new accounts.

In short: I just published Open Link in Unloaded Tab, a little Firefox extension that adds “Open Link in Unloaded Tab” to the right-click context menu.In Firefox, you can unload tabs to save system resources. But there’s no way to open a new tab in the unloaded state…until now! I built a very simple extension that adds a new option to do this. (It even has a cute icon which I paid ~$15 for.)I’ve built one-off extensions before, but this is the first one I’ve submitted to the Firefox Add-ons dire

Update May 13th: GitHub has temporarily rolled back the new token format rollout. According to the Composer maintainers, that leaves a few days to update Composer in CI before the rollout resumes n...

lets protected deployments accept from Vercel projects and external services you authorize, so you no longer have to share a long-lived secret. Trusted Sources is the recommended approach, but Protection Bypass for Automation continues to workTrusted Sourcesshort-lived identity tokens (OIDC)Protection Bypass for AutomationCallers attach an OIDC token in the header. Vercel then verifies the signature, checks the claims you configured, and confirms the environment matches the rule.x-vercel-trusted

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a29">datasette 1.0a29</a></p> <blockquote><ul><li>New <code>TokenRestrictions.abbreviated(datasette)</code> <a href="https://docs.datasette.io/en/latest/internals.html#tokenrestrictions">utility method</a> for creating <code>"_r"</code> dictionaries. <a href="https://github.com/simonw/datasette/issues/2695">#269...

<blockquote cite="https://www.tiktok.com/@atmoio/video/7638649825382190350"><p>Now, if your CEO has never heard the phrase Ralph Loop, oh man, you are less than 30 days away from your next promotion. I'm not even exaggerating. Walk into his office, close the door, and say, hey chief, been experimenting with something. It's called Ralph Loops. And I think it could change literally everything. And he's gonna say, what's a Ralph loop? And you will say, give me $18,000 worth of API cred...

<blockquote cite="https://lobste.rs/s/oznirn/redis_cost_ambition#c_dzrja0"><p>The thing about 90% of TDMs [Technical Decision Makers] is that they're motivated primarily by NOT GETTING FIRED. These aren't people who browser Lobsters or push to GH on the weekend. These are people that work 9 to 5, get paid, go home, and NEVER THINK ABOUT WORK AGAIN. So to achieve all that, they follow secular trends supported by analysts and broad public sentiment. Oh, Gartner said that "AI strategy"...

now lets you create WAF custom rules using natural language. Describe the behavior you need and the dashboard will generate the rule.Vercel FirewallVisit the to try creating a rate-limiting rule:firewall custom rules pageOr use the Vercel CLI: let you control traffic to your site by logging, blocking, challenging, rate limiting, or redirecting requests based on conditions like IP address, path, country, user agent, and more.WAF custom rulesFor example, you can: or learn more in the .Generate you

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm/releases/tag/0.32a2">llm 0.32a2</a></p> <p>A bunch of useful stuff in this <a href="https://llm.datasette.io/">LLM</a> alpha, but the most important detail is this one:</p><blockquote><p>Most reasoning-capable OpenAI models now use the <a href="https://developers.openai.com/api/reference/responses/overview"><code>/v1/responses</code></a...

Starting June 1, our lineup of individual plans will update based on your feedback.The post GitHub Copilot individual plans: Introducing flex allotments in Pro and Pro+, and a new Max plan appeared first on The GitHub Blog.

Obs.js is a tiny inline script that helps you adapt your site to real-world network, battery, CPU, and memory conditions.

We look at a couple of ways to essentially draw a little square dot in a slightly larger area and let it repeat, giving us a nice dotted background effect.

Learn how one Hubber used GitHub Copilot CLI to build an extension that turns any codebase into a unique, roguelike dungeon. The post Dungeons & Desktops: Building a procedurally generated roguelike with GitHub Copilot CLI appeared first on The GitHub Blog.

The proposed ShadowRealm API introduces a new kind of realm specifically designed for isolation, and only that.Soon We Can Finally Banish JavaScript to the ShadowRealm originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. StepSecurity's OSS Package Security Feed first detected the attack in official @tanstack packages and is tracking its spread across the ecosystem in real time.

Socket was named to the Rising in Cyber 2026 list, recognizing 30 private cybersecurity startups selected by CISOs and security executives.

We investigated a bug where CUBIC's congestion window became pinned at its minimum floor, causing a performance to plummet. The fix involved correctly measuring idle periods to distinguish RTT wait times from actual application idleness.

Fast mode for Claude Opus 4.7 is now available on in research preview.AI GatewayFast mode delivers ~2.5x faster output token generation with full Opus 4.7 intelligence. This is an early, experimental feature.To enable fast mode, pass in the provider options with .speed: 'fast'anthropicanthropic/claude-opus-4.7You can use fast mode with by setting the and variables in your shell configuration file or in .Claude Code via AI GatewayCLAUDE_CODE_SKIP_FAST_MODE_ORG_CHECKCLAUDE_CODE_ENABLE_OPUS_4_7_FAS

こんにちは、ima1zumiです。RubyKaigi 2026 お疲れさまでした！函館の海鮮が恋しい日々を送っています。 STORES はNursery Sponsorとして、託児所の企画・運営をしました。また、会期中にRubyKaigi 2026 STORES Quizを出題したり、STORES CAFE for WomenとSTORES CAFE at RubyKaigi 2026を開催したりと、盛りだくさんな3日間でした。エンジニア30名、PX4名、内定者1名の総勢35名で参加しました！ このブログではRubyKaigi 2026に参加したメンバーから印象に残ったセッション、出来事につい…

Chrome 148 introduces Immediate UI mode for passkeys and passwords to streamline user sign-in flows with a frictionless credential request experience.

Test the proposed install element.

Ask which AI model is best, and the answer changes before the ink dries. That's what happens in an industry where new models are released weekly. Every benchmark measures a different race, and every race crowns its own winner, but Vercel has a unique view of the industry through production workloads. serves tens of trillions of tokens across hundreds of models through real applications and agents. AI Gateway:What we're seeingThis report is built on data from seven months of production traffic fr

You can now manage the directly from the CLI. Vercel FirewallUsing the command, you can configure , , , , and .vercel firewallcustom rulesIP blockssystem bypassesattack modesystem mitigationsBuilding on the new CLI commands, the lets agents interact with the Firewall and includes best practices for rolling out new Firewall rules safely. Vercel Firewall skillUpdate to the latest CLI version and run to get started. Learn more about the vercel firewallVercel Firewall CLI commands.Read more

こんにちは、フロントエンドエンジニアのやなぎ（@apple_yagi）です。 PR TIMESでは2023年9月から XO をリンター・フォーマッターとして使ってきましたが、先日 Oxlint に移行しました。本エントリ […]

Claude managed agents, OpenAI voice agents, domaining, and more

This blog has been adapted from an excerpted section of 1Password’s ebook, Credential sprawl: How AI increases the risks. To read the complete ebook and learn more about how AI is accelerating credential sprawl, click here.In Ancient Rome, the military had a daily “watchword” that soldiers used to enter the camp. An official would inscribe the watchword on clay tablets, which were distributed throughout the various military units. If a tablet wasn’t returned, they swiftly tracked it down and pun

1Password has never been more popular in the workplace. Okta’s 2026 “Businesses at Work” report reveals that, of the 8,000+ apps that Okta analyzed, “The security tool 1Password showed the highest industry-level growth, notching a 370% YoY increase in the technology sector.” This statistic refers specifically to the number of individual 1Password users on the Okta platform, indicating a sharp increase in the rollout and adoption of 1Password across business users. This growth is no coincidence.

In this release, we're shifting how official plugins are distributed, and rolling out two new

Claude Code is more than a chat interface. Discover the lesser-known commands, shortcuts, and workflows that will make you a power user.

How to give AI agents their own identity, scope what they can do, and defend your systems when they act autonomously.

How an AI operational finance startup went from founding to Vercel AI Accelerator winner without slowing down for enterprise auth.

Vercel Sandbox now supports Node.js version 26.To run a Sandbox with Node.js 26, upgrade to or later, or to or later if you're using v2 and set the property to :@vercel/sandbox1.10.22.0.0-beta.19runtimenode26Get started today and learn more in the .documentationRead more

<p><strong><a href="https://about.gitlab.com/blog/gitlab-act-2/">GitLab Act 2</a></strong></p>There's a lot going on in this announcement from GitLab about the "workforce reduction" and "structural and strategic decisions" they are making with respect to the agentic era.</p><ul><li>They're "planning to reduce the number of countries by up to 30% where we have small teams". One of the most interesting things about GitLab is that they have emp...

Nice 9-minute video from Matt Pocock (from about a year ago) introducing composites. The problem of not being able to compare objects definitely feels worth solving. Or, more accurately, fixing the issue where when compare two objects that look exactly the same, it’s still false. And that using them as keys doesn’t work. Sounds like […]

Socket detected 84 compromised TanStack npm package artifacts modified with suspected CI credential-stealing malware.

<blockquote cite="https://www.jamesshore.com/v2/blog/2026/you-need-ai-that-reduces-your-maintenance-costs"><p>Your AI coding agent, the one you use to write code, needs to reduce your maintenance costs. Not by a little bit, either. You write code twice as quick now? Better hope you’ve halved your maintenance costs. Three times as productive? One third the maintenance costs. Otherwise, you’re screwed. You’re trading a temporary speed boost for permanent indenture. [...]</p><...

<p><strong><a href="https://www.404media.co/your-ai-use-is-breaking-my-brain/">Your AI Use Is Breaking My Brain</a></strong></p>Excellent, angry piece by Jason Koebler on how AI writing online is becoming impossible to avoid, filtering it is mentally exhausting and it's even starting to distort regular human writing styles.</p><p>I particularly liked his use of the term "Zombie Internet" to define a different, more insidious alternative to the "De...

<p><strong>TIL:</strong> <a href="https://til.simonwillison.net/llms/llm-shebang">Using LLM in the shebang line of a script</a></p> <p>Kim_Bruning <a href="https://news.ycombinator.com/item?id=48073246#48090590">on Hacker News</a>:</p><blockquote><p>But seriously, you can put a shebang on an english text file now (if you're sufficiently brave) [...]</p></blockquote><p>This inspired me to look at patterns f...

Enterprise AI pilots fail not because of the model, but because AI never fits real workflows. See the patterns behind implementations that scale.

Safari 26.5 is here, delivering the :open pseudo-class, the element-scoped keyword for random(), color-interpolation for SVG gradients, the ToggleEvent.source property for popovers, and the Origin API.