はじめに カミナシでエンジニアリングマネージャーをしてます、すずけん（@szk3）です。 唐突ですが、皆さん AWSのエミュレーター使ってますか？ 自チームのプロダクトはS3、DynamoDB、STS、IAM あたりの AWS サービスに依存していて、ローカル開発やテストではこれらのエミュレーターを使っています。ただ、歴史的な背景からリポジトリには LocalStack、RustFS、Moto の 3 種が混在していて、用途ごとに考えることが地味に増えてしまった状態でした。 この記事では、その 3 種を Moto に統一した経緯と、検討した他の候補、そして移行から少し経った今でも次の選択肢を検…

<p>Microsoft <a href="https://microsoft.ai/news/building-a-hillclimbing-machine-launching-seven-new-mai-models/">announced two new text LLMs</a> this morning - <strong><a href="https://microsoft.ai/news/introducing-mai-thinking-1/">MAI-Thinking-1</a></strong> (reasoning, 35B parameters, available to "select early partners") and <strong><a href="https://microsoft.ai/news/introducingmai-code-1-flash/">MAI-Code-1-Flash</a></strong> ...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-agent-micropython/releases/tag/0.1a0">datasette-agent-micropython 0.1a0</a></p> <p>I want <a href="https://agent.datasette.io">Datasette Agent</a> to be able to generate and execute Python code safely. This alpha is looking very promising so far. GPT-5.5 has so far failed to break out of the sandbox!</p> <p>Tags: <a href="https://simonwillison.net/tag...

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a1">micropython-wasm 0.1a1</a></p> <p>Fixes for some limitations that emerged while I was trying to use this to build <code>datasette-agent-micropython</code>.</p> <p>Tags: <a href="https://simonwillison.net/tags/python">python</a>, <a href="https://simonwillison.net/tags/sandboxing">sandboxing</a>, <a href=...

<p><img src="https://static.inaturalist.org/photos/671786719/large.jpg" alt="California Brown Pelican"></p><p>California Brown Pelican, in Fort Mason, CA, US</p><p>I'm at the <a href="https://build.microsoft.com/">Microsoft Build</a> conference today, held at <a href="https://en.wikipedia.org/wiki/Fort_Mason">Fort Mason</a> in San Francisco. There are California Brown Pelicans diving into the water directly behind venue!</p> <...

Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install. The affected versions span multiple packages across the RedHat Cloud Services frontend ecosystem. The payload is a sophisticated multi-stage credential harvester that targets GitHub Actions secrets, AWS, GCP, Azure, Kubernetes, HashiCorp Vault, npm tokens, and CircleCI tokens

On May 22, 2026, an attacker with push access to the Laravel-Lang GitHub organization rewrote every git tag across multiple popular Composer packages within a single 15 minute window. Anyone running composer update or installing fresh against laravel-lang/http-statuses, laravel-lang/actions, or laravel-lang/attributes now pulls a payload that exfiltrates CI secrets to a typosquatted attacker domain. StepSecurity confirmed end to end exploitation in an isolated runner and has filed security issue

Dev Machine Guard now scans IDE extensions across VS Code, Cursor, Windsurf, JetBrains IDEs, Android Studio, Eclipse, and Xcode on macOS, Windows, and Linux. Get a unified inventory, extension risk scoring, typosquat detection, and compromised extension visibility across your entire developer fleet.

Nx Console VS Code Extension Compromised

At Microsoft Build 2026, GitHub introduced new tools, updates, and surfaces so agents can work the way you already work.The post GitHub Copilot app: The agent-native desktop experience appeared first on The GitHub Blog.

Toolbox App 3.5 focuses on making daily work smoother and managed development environments easier to monitor. The app now supports interface zooming with familiar shortcuts, provides OpenTelemetry metrics for enterprise remote development connections, and handles several long-standing reliability issues more gracefully. Remote development observability The Toolbox App now emits OpenTelemetry metrics for remote development connection […]

Declarative Partial Updates （宣言的部分更新） は、Googleによって提案されているWeb標準（候補）です。詳しくは以下のページをご覧ください。https://developer.chrome.com/blog/declarative-partial-updatesGoogleのWeb標準というと、他のブラウザベンダーのサポートを得られないまま突っ走ることも多い印象ですが、このDeclarative Partial Updates（略してDPU）は、FirefoxとWebkitからも肯定的な反応が得られているようです。その意味で期待が持てるWeb標準です...

Personally, I wouldn’t blame you if you were asked what CSS needs these days and you were like uhm, I think it’s good, actually. These days CSS probably has more in it than you even know about or have tried, making it feel not particularly lacking. But if you really dig into the specifics, you’ll […]

The CSS ::search-text pseudo-element selects the matching text from your browser's "find in page" feature. ::search-text originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

NGINX Ingress Controller 5.5 introduces some significant performance improvements in startup times! A few months ago, a community member noticed that NGINX Ingress Controller deployments with a large number of Ingress resources were experiencing longer-than-expected startup times. In clusters with hundreds or thousands of resources spread across many namespaces, the controller could take several minutes […]

Monorepos that deploy many projects can now configure all of their project's Git settings more conveniently. Previously, if you wanted to consistently configure each project's settings for commit status, , etc., you had to click through to every project's settings and consistently apply the same setting. Now, you can do it all in one place. eventsrepository_dispatchTry it out in or visit to learn more!project settingsthe docsRead more

皆さんこんにちは。前回の記事では、Claude Opus 4.8のリリースを受けて、いつものベンチマークでReact習熟度を測定しました。その結果、effort=high同士の比較で、Opus 4.7から明らかな改善が見られました。今回は、effort=maxでのOpus 4.8の実力を測りました。前回記事はこちらです。https://zenn.dev/uhyo/articles/react-profession-bench-6 結果ベンチマークは13の課題（スペック）ごとにOpusに実装させ、それを評価者モデル（Claude Sonnet 4.6）が採点する形式で行っていま...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/pasted-file-editor">Pasted File Editor</a></p> <p>I really like how you can paste a large volume of text into <a href="https://claude.ail">claude.ai</a> (or the Claude desktop/mobile apps) and it will detect it as a large paste and turn it into a file attachment instead.</p><p>I decided to have Codex desktop <a href="https://gist.github.com/simonw/74c79119b487a...

株式会社 AbemaTV で SRE / Platform Engineer をしている 後藤（@r ...

<p><strong>Release:</strong> <a href="https://github.com/simonw/micropython-wasm/releases/tag/0.1a0">micropython-wasm 0.1a0</a></p> <p>My latest sandboxing experiment: This alpha package bundles a lightly customized WASM build of <a href="https://micropython.org/">MicroPython</a> with a wrapper to execute code in it via <a href="https://wasmtime.dev/">wasmtime</a>.</p> <p>Tags: <a href="https://simonwillison.net/ta...

Zero-Shot Learning is a podcast about how AI gets built, secured, and deployed. Hosted by Nancy Wang, 1Password CTO, and Dev Tagare, Senior Director of Engineering at Google, it's a builder's view of the architecture and the complex choices it takes to ship with AI.As Chief Product Officer at Vercel, Tom Occhino joined Zero-Shot Learning to discuss how AI is reshaping the developer workflow, from frontend architecture to v0, Vercel's production-ready AI coding assistant. What started as a conver

A skimming operation tracked as GorgonAgora is running over 4,800 fake storefronts that impersonate real brands and steal payment data from anyone who checks out. Independent researcher Hunter Heai...

You can now generate time-bound signed URLs for . A signed URL is a scoped URL with an expiry that allows you to upload, download, inspect, or delete a specific object without giving access to your entire Blob store.Vercel BlobEach URL is scoped to a single operation (, , , or ), a single pathname, and an expiry you choose, up to 7 days. The signature covers the operation and constraints, so a URL signed for a can't be reused as a .putgetheaddeleteGETPUTUpload URLs () support multipart, so the b

MCP servers have a different attack surface than traditional APIs. Here are the five risks that matter most, grounded in OWASP's agentic AI guidelines, with concrete mitigations for each.

Your route guard does not protect your server functions. A complete guide to authorization in TanStack Start, from roles and permissions to enterprise RBAC and fine-grained access control.

Tools, MCP servers, skills, orchestrators, and why auth runs through all of them.

Key insights from Boris Cherny's Acquired Unplugged interview on building Claude Code, the death of traditional roles, and why the golden age of the generalist is here.

Ben Gilbert and David Rosenthal shared what makes companies endure for generations at Acquired Unplugged, hosted by WorkOS CEO Michael Grinich.

はじめに こんにちは、University of British Columbia 学部4年の保井祐 ...

<p><strong><a href="https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/">Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked</a></strong></p>I had trouble believing this story was true, but I've seen it verified from multiple sources now:</p><blockquote><p>One video shows a hacker starting a conversation with Meta’s AI support bot an...

Mythos has real edges in exploit chain construction. But for most AppSec work, the harness around the model matters more than which model you pick.Category: Engineering

Elastic build machines now monitor your build's memory usage and automatically adjust to prevent out-of-memory (OOM) failures:Thresholds are set conservatively to balance deployment reliability and cost. Vercel only considers your build's memory usage, not the memory used by Vercel's own build infrastructure.Enable elastic builds in your or , or read the .team settingsproject settingsdocsRead moreIf your build is fast but memory-intensive, we will no longer downgrade you to a smaller machineIf y

We investigated why firmware updates were causing our core servers to take four hours to reboot. By diving into UEFI data structures and iPXE automation, we eliminated unnecessary timeouts and cut boot times back down to minutes.

Connection, collaboration, and trust are the lifeblood of healthy community culture. NGINX Gateway Fabric and NGINX Ingress Controller were (and are) developed with open source community as a priority. From code contributions to critical comments, community participation has shaped the present and future of NGINX open source projects, and the future of technology. Today, I’m excited to highlight two recurring opportunities to engage directly […]

You can style the "on the way in" and "on the way out" styles for elements, even when they are moving to/from display: none;. Yay.

Multiple official @redhat-cloud-services npm packages were compromised with a credential-stealing worm derived from the open-sourced Mini Shai-Hulud malware, targeting cloud credentials, and developer tooling across CI/CD pipelines.Category: Vulnerabilities & Threats

In the previous article, I spoke about the why and how to use a Markdown component in Astro.Here, we’re going to expand on that and help you use Markdown everywhere — regardless of the framework you use. So, …Astro Markdown Component Utility for Any Framework originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

A mini Shai-Hulud campaign compromised Red Hat Cloud Services npm packages to steal developer and CI/CD secrets during installation.

The TBT Window is the FCP-to-TTI interval used to calculate Total Blocking Time. If FCP or TTI moves, TBT can change even when long tasks do not.

A working-with-me guide for new teammates, covering how I communicate, lead, give feedback, and build trust on engineering teams.

Qwen 3.7 Plus from Alibaba is now available on . Both Qwen 3.7 Plus and 3.7 Max are free for paid AI Gateway users till 6/4/26 12:00pm PT.Vercel AI GatewayThe model unifies vision and language into a single agent foundation, with capabilities spanning GUI and CLI operation, coding and productivity workflows with full-modality input, and visual agent tasks including perception and reasoning. It is designed to generalize across diverse agent harnesses.To use Qwen 3.7 Plus, set model to in the .ali

<p>I just sent out the May edition of my <a href="https://github.com/sponsors/simonw/">sponsors-only monthly newsletter</a>. If you are a sponsor (or if you start a sponsorship now) you can <a href="https://github.com/simonw-private/monthly/blob/main/2026-05-may.md">access it here</a>.</p><p>This month:</p><ul><li>Al got expensive, and Anthropic had a really good month</li><li>The model releases were a little disappointing&...

newmoのフロントエンド開発では、複数の機能を持つ単一のNext.jsアプリケーションを開発しています。このアプローチは、コードの共有やCIの管理といった面でメリットがある一方で、PlaywrightテストのCI実行における安定性とテスト時間という2つの課題を抱えていました。 この記事では、newmoで実施したPlaywright CI最適化の取り組みについて紹介します。 Docker Image導入によるセットアップの安定化と、テスト分割とShardingによる実行時間の短縮という2つのアプローチを実施しました。 結論を先に述べると、Docker Image化でセットアップ起因のCI失敗を…

こんにちは。フロントエンドエンジニアの桐澤（@kiririLee）です。 PR TIMESは、フロントエンド・PHPカンファレンス北海道2026にプラチナスポンサーとして協賛いたします。また、同イベントに当社から2名のエ […]

本記事では Deepgram Flux Multilingual の EoT 検出に焦点を当てますが ...

This release focuses on giving you more control over how tasks are organized, referenced, and

This month we got a bunch of improvements in SvelteKit's forms and remote functions. Plus, a new query function (.live(...)) that makes accessing real-time data from the server easier.Keep an eye out for a few breaking changes in remote functions, if you're using those. Otherwise, enjoy all the new SvelteKit features and bug fixes in the latest versions of Svelte.Let's dive in!What's new in SvelteKitForm submit now returns a boolean to indicate submission validity for enhanced remote forms (2.57

Sansec is proud to add Sylius to our list of supported platforms. Sansec eComscan now integrates with Sylius 1 and Sylius 2 and will run deep searches to hunt for malware & vulnerabilities.Whi...

now supports OIDC authentication and is the default setting when connecting new projects.Vercel BlobVercel-issued OIDC tokens are short-lived and rotate automatically, so you no longer need a long-lived .BLOB_READ_WRITE_TOKENTo upgrade an existing store, first update your project to use the latest , then navigate to the under your Blob store and select Upgrade to OIDC from the project's context menu.@vercel/blobProjects tabFunctions running on Vercel receive the token automatically and authentic

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a32">datasette 1.0a32</a></p> <p>A minor bugfix release. Fixes a bug with <code>INSERT ... RETURNING</code> queries via the <a href="https://datasette.io/blog/2026/sql-write-queries/">new /db/-/execute-write endpoint</a> and a bunch of <a href="https://docs.datasette.io/en/latest/settings.html#setting-base-url">base_url</a> issue...

カミナシ ID管理基盤ではログストレージにCloudWatch Logsを使っていましたが、サービスの成長に伴いコストに悩んでいました。この記事では、私たちが実践したAmazon S3 Tables（以下、S3 Tables）を使ったログストレージの構築と移行、そのコスト最適化効果について書きます。

The North Korean malware loader hides in a Packagist-listed package and its GitHub branch to fetch and execute remote code in a likely Contagious Interview-style lure.

<p><strong><a href="https://thoughts.hmmz.org/2026-05-31.html">The solution might be cancelling my AI subscription</a></strong></p>I find this post by David Wilson very relatable. David lists 16+ projects he's spun up with AI tooling, and concludes:</p><blockquote><p>I didn't mean to build most of these things. Usually the Claude session started with something like "<em>write a quick script for X</em>", and one hour later the res...

プレイドの解析基盤として様々な仕組みを備えた内製OLPA DB milaの開発に携わり、多くのことを学びました。この記事では、インターンでの取り組みと学びを振り返ります。

Chat SDK now supports Lark and Feishu via a new .vendor-official adapterBuild bots that post, edit, and delete messages, stream replies via Lark's native cardkit typewriter API, send interactive cards, and react with emojis across both Lark and Feishu conversations.The adapter connects over Lark's WebSocket transport, so bots run from any long-running Node process without exposing an HTTP webhook endpoint.To get started, read the or documentation.LarkFeishuRead more

OpenAI の Secure MCP Tunnel を利用すると、プライベートな MCP サーバーをパブリックなインターネットに公開することなく OpenAI のプロダクトに接続できるようになります。この記事では Secure MCP Tunnel を試してみた様子を紹介します。

Let’s kick off June — and the beginning of summer — with some fresh inspiration! Artists and designers from across the globe once again tickled their creativity to welcome the new month with a new collection of desktop wallpapers. Enjoy!

MiniMax M3 is now available on .Vercel AI GatewayM3 is MiniMax's first model with a 1M-token context window and native multimodality, built around MiniMax Sparse Attention (MSA).M3 improves on software engineering, terminal-based tool use, and agentic web browsing, and is tuned for multi-turn collaboration.To use MiniMax M3, set model to in the .minimax/minimax-m3AI SDKPass an image alongside a prompt to use M3's multimodal input:AI Gateway provides a unified API for calling models, tracking usa

The Rust project is moving toward formal rules on LLM use in contributions after months of internal debate over maintainer burden, code quality, and contributor experience.

<blockquote cite="https://www.reuters.com/commentary/breakingviews/anthropic-gives-lesson-ai-revenue-hallucination-2026-03-10/"><p>Anthropic defines “run-rate revenue” in two parts. Use the last 28 days of sales ⁠from customers charged on a consumption basis and multiply it by 13. Then, multiply the monthly subscription take by 12, ​and add the two together.</p></blockquote><p class="cite">— <a href="https://www.reuters.com/commentary/breakingviews/ant...

May 2026 - A new Astro jobs board, TinaCMS makes Astro their default template, experimental advanced routing, and more!

Lynx 3.8 starts the monthly release cadence with WebAssembly on Android, adaptive layout and text fitting, HarmonyOS SessionStorage, LynxEngine reuse, and DevTool protocol support.

Servo 0.2.0 contains all of the changes we landed in April, which came out to yet another record 534 commits (March: 530).For security fixes, see § Security.Note: the GitHub release is available now, but the crates.io release is not yet complete.We expect to publish it some time next week.`, ``, ‘::details-content::before’ and ‘::details-content::after’, and ‘color-mix()’ with any number of colors" />We’ve shipped several new web platform features:<select multiple> (@lukewarlow, @mrobin...

<p><strong><a href="https://www.anthropic.com/engineering/how-we-contain-claude">How we contain Claude across products</a></strong></p>A complaint I often have about sandboxing products is that they are rarely thoroughly <em>documented</em>, and in the absence of detailed documentation it's hard to know how much I can trust them.</p><p>Anthropic just published a fantastic overview of how their various sandbox techniques work across &lt...

<p><strong><a href="https://openpath.quest/2026/i-am-retiring-from-tech-to-live-offline/">I Am Retiring from Tech to Live Offline</a></strong></p>I've seen a lot of posts on forums from people threatening to quit their careers over AI. This is <em>not</em> one of those: Chad Whitacre is taking concrete steps, starting with this typewritten, scanned letter</p><blockquote><p>I'm retiring from tech. Well, "retiring" is euphemistic. ...

<blockquote cite="https://mastodon.social/@danielpunkass/116639318125898071"><p>My take on AI is, essentially, everybody who’s against it is too against it and everybody who’s for it is too for it.</p></blockquote><p class="cite">— <a href="https://mastodon.social/@danielpunkass/116639318125898071">Daniel Jalkut</a>, via <a href="https://daringfireball.net/linked/2026/05/30/jalkut-on-ai">John Gruber</a></p> <p>Tags: &lt...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/pyodide-asgi-browser#readme">Running Python ASGI apps in the browser via Pyodide + a service worker</a></p> <p><a href="https://lite.datasette.io/">Datasette Lite</a> is my version of Datasette that runs entirely in the browser using Pyodide in WebAssembly.</p><p>When I first built it <a href="https://simonwillison.net/2022/May/4/datasette-lite...

俺は人間静的検査器・susisu。 幼馴染で同級生の undefined とインターネットに遊びに行って、Stage 3 Decorators の怪しげな進捗状況を目撃した。 資料を作るのに夢中になっていた俺は、背後で進んでいた Stage 2.7 への降格に気づかなかった。 はい. 登壇 去年に引き続き TSKaigi 2026 で登壇してきました. いつもありがとうございます. 2026.tskaigi.org タイトルは Stage 3 Decorators となっていますが, 冒頭の通り実は登壇の直前に Stage 2.7 に降格されていました. 聞かれていた方はわかると思うんですが,…

My blog turned 16 this month! I did nothing to celebrate, but made some little tools and clicked some links about tech ethics.Things from me this monthI published four little tools this month:ZIP Shrinker, a web app that shrinks ZIP files with higher compression ratiosA command line tool to do (completely offline) translationOpen Link in Unloaded Tab, a Firefox extension to open links without loading thempng-cmp, a command line tool to compare PNG pixel dataI also did some work on Helmet, my ope

NGINX Ingress Controller 5.5 is a focused, community-driven release. It brings new capabilities, expanded Kubernetes Ingress support, a significant startup performance improvement at scale, and more annotations to ease migrations from ingress-nginx. Here’s what’s new. External Authentication for Ingress and VirtualServer What’s new?: External Authentication is now supported for both Ingress and VirtualServer resources. Based […]

AlphaEvolve is a Google DeepMind algorithm-discovery system that uses Gemini to generate, test, and refine possible algorithm improvements. Its job is not to answer questions; it searches for faster ways to solve complex algorithmic problems. We tried it on a narrow but important part of IntelliJ-based IDEs: indexing, the background work that makes navigation, search, […]

The old (testing in Safari when you don’t have Safari), the new (::checkmark), the in-between (anchor positioning but with HTML), and more.What’s !important #12: Safari Testing, ::checkmark, HTML Anchor Positioning, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

There are quite a few "gotchas," developers face when getting into the new @function syntax of CSS. Some are getting addressed!

musiqSome web components that render piano keys and guitar fretboards in various configurations. Handy for educators!ApheraThis is looking like a genuine challenger for Adobe Lightroom.Media queries range syntaxA very concise explainer on this ever-useful syntax by one of the best in the biz at explaining CSS syntax.You probably shouldn’t be annotating focus orderOne of the best overviews of dealing with focus well in UI design/development we've seen out there.Using safe-area-inset to build mobi

Claude Code v2.1.154 で Dynamic Workflow と呼ばれる機能が追加されました。Dynamic Workflow は数時間から数日かかるような大規模な作業を実行するために設計されています。ワークフローは JavaScript で定義され、複数のサブエージェントをオーケストレーションすることができます。この記事では Claude Code の Dynamic Workflow を試してみた様子を紹介します。

こんにちは。Webエンジニアのotariidaeです。 STORES の一部システムでReActionViewをレンダリングエンジンに採用しました。この記事ではその導入の経緯と過程をご紹介します。 RubyKaigi 2026会場で導入を決意 ReActionViewはActionView互換のERBエンジンです。Herbツールチェーンを基盤としているため、HTMLとERBの構造を統一的に解析できるのが特長です。 最初にReActionViewを知ったのは昨年のKaigi on Rails 2025でした。作者のMarco氏のトークを聞いて強く惹かれたものの、当時はリリース直後の新しいツールで…

are moving from package-based to per-unit pricing for Pro and new Enterprise customers. You’ll continue paying the same effective rate until the end of your current billing cycle. you’ll be billed per unit to align costs directly with your usage.Function invocationsStarting with your next billing cycleThe new rate is $0.0000006 per invocation (previously $0.60 per 1M invocations) for Pro customers.Per‑unit billing scales more smoothly across team sizes and usage patterns. It also helps teams on

皆さんこんにちは。恒例となったReact習熟度ベンチマークシリーズです。今回はClaude Opus 4.8がリリースされたことを受け、Opus 4.7との比較を行いました。!記事の初版ではOpus 4.7の差分を+0.93と紹介していましたが、追試（複数回の再走）を行った結果結論が変わったため、記事を改訂しています。これまでの記事はこちらです。https://zenn.dev/uhyo/articles/react-profession-bench-1https://zenn.dev/uhyo/articles/react-profession-bench-2https:...

Discover some of the interesting features that have landed in stable and beta web browsers during May 2026.

HTTP requests are inexpensive. Vercel charges ~$2/million, a fraction of a cent per call. But a single prompt to an agent on a frontier model can cost $2, making AI a million times more expensive, and inference theft one of the highest-margin businesses an attacker can run. We have seen this type of attack on our own APIs.If you have AI endpoints exposed to the internet, the risk of abuse is high and can easily run up bills in the tens of thousands of dollars or more.Protecting those endpoints r

<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette/releases/tag/1.0a31">datasette 1.0a31</a></p> <p>Another significant alpha release, with two new headline features.</p><blockquote><p>Datasette now offers users with the necessary permissions the ability to both <strong>execute write queries</strong> against their database and to <strong>save stored queries</strong> (renamed from "canned q...

<p>The most interesting thing about <a href="https://www.anthropic.com/news/series-h">Anthropic's $65B Series H announcement</a> is this line (emphasis mine):</p><blockquote><p>Since our Series G in February, adoption has continued to grow across global enterprise customers, and our run-rate revenue crossed <strong>$47 billion</strong> earlier this month.</p></blockquote><p>Anthropic have made a bit of a habit of sharing their "r...

now supports installing and running Docker inside a sandbox. An agent can build containers, install system packages, and modify files without touching your host system.Vercel SandboxInstall Docker, start the daemon, and serve a containerized application:Docker in a Sandbox is useful for running containerized services like Redis or Postgres as test dependencies, validating container images before deploying, or previewing applications served from a container. Combined with , the Docker installatio

now allow opening and binding to port 8080 as an . Vercel Sandboxesingress domainThis port was used as a controller port, and that has now moved to port 23456.Learn more about Sandbox in the .documentationRead more

The Ember project is excited to announce the release of Ember v7.0. Following Ember's Major Version Policy, the major includes only the removal of features that were deprecated until 7.0 as well as other bugfixes. This release of Ember.js means the previous version, 6.12, is now an LTS (Long Term Support) version.When it comes to introducing new features, Ember generally aims to ship new features in minor releases, offering backwards compatibility for existing code at the same time as giving dev

Bug Fixese557467 fix: update @eslint/plugin-kit version to 0.7.2 (#20930) (Francesco Trotta)d4ce898 fix: propagate failures from delegated commands (#20917) (Minh Vu)f4f3507 fix: prefer-arrow-callback invalid autofix with newline after async (#20916) (kuldeep kumar)c5bc78b fix: false positive for reference in finally block (#20655) (Tanuj Kanti)27538c0 fix: add missing CodePath and CodePathSegment types (#20853) (Pixel998)Documentation61b0add docs: remove deprecated rule from related rules of ma

Note: This blog is a recap of 1Password’s recent webinar, “The unmanaged stack: Governing SaaS apps and AI tools outside SSO.” Head here to watch the complete webinar recording.In the constantly evolving world of enterprise tech, there’s one thing that IT and security teams have always been able to count on: users won’t follow policy if they think it’s standing in the way of their productivity. Case in point: 1Password’s most recent annual report found that 52% of employees have downloaded apps

May was A&PI Heritage Month, and at 1Password, we're proud to shine a light on the people who bring these perspectives to life in our work and help shape our culture every day.This year, we decided to spotlight Stephanie Cheng, Senior Customer Trainer and a leader within our A&PI Employee Resource Group. With over five years at 1Password, Stephanie has built her career around helping people feel capable, confident, and supported, whether she's onboarding a new customer or creating space ...

「それ本当にMVP？」AI時代にプロダクトが巨大化する理由をふりかえる おはようございます。シャトレーゼに入ったときのいい匂いの根源がなにか気になっている daipresents です。あれ、ほんとなんの匂い？ この1年、AIがとてつもないスピードで進化しており、活用するエンジニアもどんどん進化しているように感じています。 僕は「カミナシ 教育」と「カミナシ 従業員」の2プロダクトにかかわっているのですが、「小さく作ったつもりが、結果的に大きくなっちゃった」というケースが、立て続けでありました。 もしかしたら「AIの登場によって、MVPも巨大になってしまっているのではないか？」と感じたので、ふ…

pnpm 11.5 adds a hoistingLimits setting for controlling how far dependencies hoist in nodeLinker: hoisted installs, replaces the interactive prompt library to fix scrolling in long choice lists, recognizes staged publishes in the trust scale, and ships several install and dist-tag fixes.

WorkOS skills are now in Claude's plugin marketplace. Here's what that means for how developers discover and adopt API tooling.

<p>Anthropic shipped <a href="https://www.anthropic.com/news/claude-opus-4-8">Claude Opus 4.8</a> today. My favourite thing about it is this note in the release announcement:</p><blockquote><p>Users will find Opus 4.8 to be a modest but tangible improvement on its predecessor. There’s still more to be done: we’re working on developing and releasing models that provide many of the same capabilities as Opus at a lower cost.</p></blockquote><p>...

<p><strong>Release:</strong> <a href="https://github.com/simonw/llm-anthropic/releases/tag/0.25.1">llm-anthropic 0.25.1</a></p> <blockquote><ul><li>New model: <a href="https://www.anthropic.com/news/claude-opus-4-8">Claude Opus 4.8</a> (<code>claude-opus-4.8</code>).</li><li>New <code>-o fast 1</code> option for <a href="https://platform.claude.com/docs/en/build-with-claude/fast-mode">fas...

はじめに こんにちは、 Data Science Center（DSC）佐藤弓之介です。 ABEMA ...

A short, clear, engaging website that explains how diamonds are made by Jaydip Sanghani. Several facts in there I just didn’t know at all until now, like how many diamonds have a tiny serial number carved onto them. I think it’s nice to showcase websites that do things that websites really do best. I’d maybe […]

A practical guide to migrating auth at scale — the CLI workflow, transparent proxy approach for 15+ SSO connections, and webhook sequencing above 200K users.

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/markdown-svg-renderer">markdown-svg-renderer</a></p> <p>A slightly customized Markdown rendering tool with special treatment for fenced code SVG blocks - it both renders the image and provides a tab for switching to the code view.</p><p>You can paste in Markdown or give it a URL to a CORS-enabled Markdown file or Gist. <a href="https://tools.simonwillison.net/markdown-svg-...

A week after we shipped auth.md, developers have published spec-compliant files, partners have endorsed it, and the ecosystem is aligning.

The ESC collection lets you escape the confines of your desk and get out into the sun where good ideas are bound to happen.The post Still a developer. Just outside. Our latest GitHub Shop collection is here. appeared first on The GitHub Blog.

A malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry.

Here’s how we built Town Lake, Cloudflare's unified analytics platform, alongside Skipper, an internal AI agent running on top of it.

MDM tools like Jamf and Kandji are essential but they don't see npm installs, IDE extensions, or AI coding tools. Here's what's actually unprotected on your developer machines and how to close the gap.Category: Guides & Best Practices

Seventy percent of websites still fail basic WCAG contrast checks in 2025. After years of design system tooling, accessibility linters, and JavaScript libraries, nothing moved the needle. We didn’t need better libraries. We needed better CSS. `contrast-color()` is that better CSS.

The ::checkmark pseudo-element was introduced in CSS Form Control Styling Module Level 1 and it’s a powerful CSS feature to say the least. I even wrote about it as an almanac entry for CSS-Tricks in 2025 to share what this pseudo-element can do.The CSS ::checkmark pseudo-element is used to style the checked state of input elements with checkers including the <select> dropdown, checkboxes, and radio buttons. There’s one problem: at the time of writing, ::checkmark lacks browser support on t...

Claude Opus 4.8 is now available on .Vercel AI GatewayClaude Opus 4.8 is built for long-horizon agentic execution and handles complex, multi-step coding tasks like refactors that previously required human correction mid-task. The model also produces clearer, less hedgy prose for knowledge work like drafting documents, analyzing data, and building presentations.To use Opus 4.8, set model to in the .anthropic/claude-opus-4.8AI SDKAI Gateway provides a unified API for calling models, tracking usage

こんにちは。Webエンジニアのotariidaeです。 ERBの静的解析、していますか？ Ruby on Railsを採用したシステムでも、最近ではフロントエンドはReactなどのUIライブラリで書くことが多くなりましたが、Railsの標準であるERBも引き続き使われています。 AIがソフトウェアの実装者になった現代において、アンチパターンや見落としやすい問題を弾く仕組みはますます重要です。そこで便利なのがHerb Linterです。 Herb Linterとは Herb Linterは、ERBツールチェイン Herbで構築された静的解析ツールです。先日のRubyKaigi 2026で作者のM…

Astro 6.4 introduces a new pluggable Markdown processor API, a Rust-based Markdown processor for faster builds, and helpers to wire up experimental advanced routing with Cloudflare.

At 1Password, our Jewish 'Bits Employee Community Group exists to create space for Jewish employees and curious allies alike to connect, learn, and show up authentically. For Jewish Heritage Month this May, we wanted to spotlight Nicole Smith, Staff Project Manager and lead of our Jewish 'Bits ECG.In her four years at 1Password, Nicole has been someone people turn to when the work gets complicated, because she builds trust that makes honest conversations possible. That same instinct to lead with

AI Gateway now supports a team-wide provider allowlist. Teams can restrict which providers can serve requests, so traffic only routes to approved providers. The allowlist applies to every request through AI Gateway, including Bring Your Own Key (BYOK) traffic.Regulated teams typically vet AI providers across multiple dimensions with security and legal sign-off, ending up with a vendor set that reflects the specific requirements of their org. The allowlist turns that approved-vendor list into a r

is now available in the , with guided setup and automatic project configuration built into the Vercel dashboard.Amazon OpenSearch ServerlessVercel MarketplaceBy bringing Amazon OpenSearch Serverless into the Vercel Marketplace, teams benefit from a unified workflow:This integration is powered by the next generation of Amazon OpenSearch Serverless APIs, with Vercel participating as a key design partner alongside AWS during development.To help you get started, you can create a new AWS Account dire

How to build a custom, language-aware SDK generator from an OpenAPI spec using oagen's typed intermediate representation.

Your beforeLoad guard does not protect your server functions. A complete guide to authentication in TanStack Start, from server functions and sessions to enterprise SSO.

Learn how to set up performance budgets to monitor Core Web Vitals and other key metrics such as Time To First Byte and First Contentful Paint.

Slop is born from unverified code. Here's a pipeline of increasingly independent gates, from cross-model review to deterministic audits to manual QA, where each gate is harder to talk its way past than the one before.

<p><strong><a href="https://github.com/sqlite/sqlite/blob/master/AGENTS.md">sqlite AGENTS.md</a></strong></p>SQLite gained an AGENTS.md file <a href="https://github.com/sqlite/sqlite/commit/a1e5778889252d2609a59fd9b819d70392c5789e">five days ago</a> - but it's not intended for their own development, it's presumably aimed at people who are pointing agents at the SQLite codebase. It includes:</p><blockquote><p>SQLite does not accep...

A polished Codex remote UI, the npm package codexui-android, has active development and thousands of weekly users. It has been quietly exfiltrating OpenAI auth tokens for the past month.Category: Vulnerabilities & Threats

Feross Aboukhadijeh joins TBPN to discuss Socket's $60M Series C, 500%+ ARR growth, AI's impact on open source, and the rise in supply chain attacks.

Fragmented AI tools are costing enterprise teams more than they realise. Learn how tool sprawl creates governance risk, inconsistent outputs, and poor AI ROI.

Cloudflare Radar data confirms early indications of a partial Internet restoration in Iran, nearly three months after the shutdown began. Traffic spikes and DNS queries have risen, but network activity is currently just 40% of pre-shutdown levels.

<p>Anthropic are <a href="https://techcrunch.com/2026/05/20/anthropic-says-its-about-to-have-its-first-profitable-quarter/">strongly rumored</a> to be about to have their first profitable quarter. Stories <a href="https://www.theinformation.com/newsletters/applied-ai/uber-cto-shows-claude-code-can-blow-ai-budgets">are circulating</a> of companies surprised at how expensive their LLM bills are becoming from usage by their staff. I think this is because OpenAI and An...

Compare the Top GitGuardian Alternatives for secrets scanning in 2026. See where Aikido Security, GitHub Secret Protection, TruffleHog, Gitleaks, Semgrep, Snyk, Cycode, Checkmarx, and GitLab fit best.Category: DevSec Tools & Comparisons

Cloud9 and JetBrains have been working together on projects that connect software development and esports, from the Sky’s The Limit hackathon to custom tools built for live events, podcasts, and team content. One of the latest results of this collaboration is Cloud9 JetStream, a custom theme for JetBrains IDEs. The theme brings Cloud9’s visual identity […]

There is no `anchor` attribute in HTML, it was decided CSS `anchor-name` / `position-anchor` was the way to go. But modern CSS functions can get us there anyway.

Conductor on VercelMultiple parallel coding agents running at scale in the cloudModel-agnostic, works with Claude Code, Codex, and other coding agentsUsed by engineering teams at Notion, Linear, Ramp, and Life360Interacting with a single coding agent feels natural, and Conductor makes directing a fleet of agents just as intuitive.It's a GUI for spinning up multiple coding agents in parallel, each working on an isolated branch of your codebase at once. You review their work, merge what works, and

Until we get something like ::nth-letter, there are still some really cool text effects we can make from existing CSS features, like letter-spacing, ::first-word and ::first-line.Revealing Text With CSS letter-spacing originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Aikido vs XBOW compared in an independent benchmark by Doyensec. Aikido found 58% more vulnerabilities at the same price. See setup time, false positive rates & full resultsCategory: News

コンポーネント：水平メニュー、コンポーネント：ヘッダーコンテナを更新しました。

デザインデータ（Figma）v2.14.0を公開しました。

HTML版に画像・タブ・ページナビゲーションを新規追加。水平メニューの名称を「グローバルメニュー」から変更。React版にプログレスインジケーター・メニューリストを新規追加。README.mdに技術スタックを明記し、React v19での利用についての注意事項を加筆。

5/22(金)〜5/23(土)にかけて、TSKaigi 2026 というイベントに行ってきました。興味深いトークがあった一方で、AI 生成と見られる発表資料が多数あったのが印象的でした。ほとんどの登壇者は AI で作ったと言ってないので推測ではあるのですが *1、見るだけで「AI 生成だな」と分かる感じでした。体感6割は AI 生成だったと思います。 去年はこのようなことがなかったので驚いてます。AI でスライドを生成するツール (Claude Design/Google Slides/Genspark など) がここ1年で登場したこと、スライド生成 skills が普及したこと、個々人の中で…

Read about various happenings with Baseline during April 2026.

<blockquote cite="https://twitter.com/kyletrainemoji/status/2059301102814953511"><p>PICARD: Data, shields up</p><p>DATA: Brilliant! Shields can reduce damage we sustain. Not immunity. Not hubris. Just prudence. It's not precaution—it's strategy.</p><p>[camera shakes]</p><p>WORF: HULL BREACHES ON NINE DECKS</p><p>DATA: Here's what happened: you told me to raise shields, and I didn't</p></blockquote><p class="cite">&amp...

OSV withdrew 157 OSV malware reports after automated false positives incorrectly flagged trusted npm and PyPI packages, sending bad records into tools that rely on OSV data.

はじめに本記事では、弊社における「開発・運用分離（Dev/Ops分離）」の取り組みについて、LINE Platformの現場メンバーへのインタビューを通じて紹介します。一般的に、Dev/Ops分離はシ...

こんにちは。LINEヤフーの永吉です。5月8日（金）、「LINEヤフー Development with Agents Meetup #3」を開催しました。今回のMeetupでは、Orchestrat...