<p><strong>Release:</strong> <a href="https://github.com/simonw/datasette-showboat/releases/tag/0.1a2">datasette-showboat 0.1a2</a></p> <p>I added an option to export a Markdown file from my app that lets Showboat <a href="https://simonwillison.net/2026/Feb/17/chartroom-and-datasette-showboat/#showboat-remote-publishing">incrementally publish updates</a> to a remote server.</p>

<blockquote cite="https://github.com/chardet/chardet/issues/334#issuecomment-4098524555"><p>FWIW, IANDBL, TINLA, etc., I don’t currently see any basis for concluding that chardet 7.0.0 is required to be released under the LGPL. AFAIK no one including Mark Pilgrim has identified persistence of copyrightable expressive material from earlier versions in 7.0.0 nor has anyone articulated some viable alternate theory of license violation. [...]</p></blockquote><p class="cit...

<p>I have a new laptop - a 128GB M5 MacBook Pro, which early impressions show to be <em>very</em> capable for running good local LLMs. I got frustrated with Activity Monitor and decided to vibe code up some alternative tools for monitoring performance and I'm very happy with the results.</p><p>This is my second experiment with vibe coding macOS apps - the first was <a href="https://simonwillison.net/2026/Feb/25/present/">this presentation app a few weeks ago&...

JavaScript for Everyone: DestructuringMat explains the ever-useful, but sometimes hard to understand destructuring assignment in JavaScript.Mise en ModeA very good methodology for design systems now has a book!The old internet is still hereA great reminder for us all. Don't get nostalgic and get surfing instead.2026 design systems reportAnother year and another design systems report, this time delivered with a lovely, texture-rich UI.Paper birdsSome stunning, physical art for you to enjoy.P.S. t

Game development teams face a very different CI/CD reality than traditional SaaS engineering teams. Instead of small, stateless builds, you’re dealing with gigabytes of assets, long build times, platform-specific toolchains, and fragile pipelines that often break under scale. If you’ve ever searched for this topic on forums like Reddit, Stack Overflow, or Unreal/Unity communities, the […]The post How to Manage CI/CD for Game Development (Unity, Unreal, Large Binaries) appeared first on Semaphore

Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.

The next iteration of view transitions is here!

Discover some of the interesting features that have landed in stable and beta web browsers during March 2026.

こんにちは！PR TIMES の河瀨翔吾（@shogogg）です。エンジニアリングマネージャーとして、プレスリリース配信サービス PR TIMES の開発や開発チームのマネジメント、業務改善、採用などを行っています。好き […]

こんにちは！PR TIMES の河瀨翔吾（@shogogg）です。エンジニアリングマネージャーとして、プレスリリース配信サービス PR TIMES の開発や開発チームのマネジメント、業務改善、採用などを行っています。好き […]

<p><strong><a href="https://www.reco.ai/blog/we-rewrote-jsonata-with-ai">We Rewrote JSONata with AI in a Day, Saved $500K/Year</a></strong></p>Bit of a hyperbolic framing but this looks like another case study of <strong>vibe porting</strong>, this time spinning up a new custom Go implementation of the <a href="https://jsonata.org">JSONata</a> JSON expression language - similar in focus to jq, and heavily associated with the <a href...

Every year, security and tech leaders come to the RSA conference in San Francisco to take the industry’s pulse, and every RSAC tends to be dominated by a single, overarching theme. Last year, the theme was: “AI agents are coming, and governance isn’t ready.” And sure enough, the theme of RSAC 2026 was: “AI agents are here, and governance needs to catch up.”Throughout the conference, security practitioners, vendors, and analysts were all asking the same questions:How can we enable a culture of ag

Understand why scopes and claims serve different roles in OAuth 2.0 and OpenID Connect, and how to design around each.

A developer's guide to registering redirect URIs per environment, debugging "invalid redirect URI" errors, and knowing when to use impersonation instead.

Authentication doesn't end at login. For modern SaaS applications, the real security perimeter is the token, and attackers know it.

Preconnect hints can speed up page loads, but what happens when you use too many? We tested the impact of excessive preconnects on page speed.

<p><strong><a href="https://futuresearch.ai/blog/litellm-attack-transcript/">My minute-by-minute response to the LiteLLM malware attack</a></strong></p>Callum McMahon reported the <a href="https://simonwillison.net/2026/Mar/24/malicious-litellm/">LiteLLM malware attack</a> to PyPI. Here he shares the Claude transcripts he used to help him confirm the vulnerability and decide what to do about it. Claude even suggested the PyPI security contact addr...

Safari Technology Preview Release 240 is now available for download for macOS Tahoe and macOS Sequoia.

NGINX 1.29.6 and 1.29.7 introduce significant updates and mark the first in a planned series to add capabilities to NGINX Open Source formerly limited to NGINX Plus. With updates to core runtime behavior and network support, these releases ensure that NGINX can continue to meet the needs of modern applications and AI workloads. Highlights of these releases include: Together, these changes expand what operators can do with NGINX Open Source while simplifying configurations for optimizing performa

A look at GitHub Actions’ 2026 roadmap, outlining how secure defaults, policy controls, and CI/CD observability harden the software supply chain end to end.The post What’s coming to our GitHub Actions 2026 security roadmap appeared first on The GitHub Blog.

TeamPCP is partnering with ransomware group Vect to turn open source supply chain attacks on tools like Trivy and LiteLLM into large-scale ransomware operations.

<p><strong><a href="https://ngrok.com/blog/quantization">Quantization from the ground up</a></strong></p>Sam Rose continues <a href="https://simonwillison.net/tags/sam-rose/">his streak</a> of publishing spectacularly informative interactive essays, this time explaining how quantization of Large Language Models works (which he says might be "<a href="https://twitter.com/samwhoo/status/2036845101561835968">the best post I've ever made</a&g...

Reviewed advisories hit a four-year low, malware advisories surged, and CNA publishing grew—here’s what changed and what it means for your triage and response. The post A year of open source vulnerability trends: CVEs, advisories, and malware appeared first on The GitHub Blog.

A look at an example task an interviewer might give you and all the details of how you could approach and and what they are watching for.

Looking at research and experiments that are designed to automatically generate user interfaces based on user preferences.Generative UI Notes originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

When we investigated why our Atlantis instance took 30 minutes to restart, we discovered a bottleneck in how Kubernetes handles volume permissions. By adjusting the fsGroupChangePolicy, we reduced restart times to 30 seconds.

Accessibility had never really played a significant role since I started working as a front-end developer in 2019. It didn’t have a significant role in my boot camp, or in YouTube tutorials I watched, and certainly not in my job.At some point I got very invested in accessibility, because it was the missing link for me in my profession. Suddenly, the things I built not only looked good, but they also worked as expected when using a keyboard and a screen reader. Slowly, practicing web development

AI is increasingly involved in deployment decisions—auto-rollbacks, approvals, test selection—but not all “AI-driven deployments” are the same. There’s a critical distinction engineering leaders need to understand: How does AI-driven deployment differ between traditional software and ML models (MLOps), and what does that mean for our CI/CD pipeline? If you don’t account for this difference, you […]The post How does AI-driven deployment differ between traditional software and ML models (MLOps)? a

Success in modern UX isn’t about having the most content. It’s about having the most findable content. Yet even with more data and better tools than ever, internal search often fails, leaving users to rely on global search engines to find a single page on a local site. Why does the “Big Box” still win, and how can we bring users back?

A look at recent ISP and government-directed blocks of Supabase domains in three regions—what triggered them, how we worked with authorities and customers to restore access, and what multi-tenant platforms can do to prepare.

Web バックエンドエンジニアの早坂です。本稿は、2025年11月に開催された JJUG CCC 2025 Fall における登壇「Virtual Thread Deep Dive」を記事としてまとめ...

はじめに こんにちは！株式会社LegalOn Technologies、SET（Software Engineer in Test）の引持(@rmochioo)です。普段は自動テストの推進やQA部門横断の施策に取り組んでいます。 2026年3月20日(金・祝)、東京ビッグサイト会議棟にて「ソフトウェアテストシンポジウムJaSST’26 Tokyo」が開催されました。私は「QAプロセスAI支援ツールキットの導入とその効果について」というタイトルで、登壇しました。 本記事では、当日お話しした内容についてと、印象に残った発表を幾つかピックアップしてご紹介したいと思います。

Astro 6.1 introduces codec-specific Sharp image defaults, advanced SmartyPants configuration, and i18n fallback routes for integrations.

Calling vals with GPT Realtime 1.5, NYC doorman, email and voice agents, and more

If 2025 was the year of AI adoption, 2026 is when AI evolves from a software story to a people story. Katya Laviolette, our Chief People Officer, explored this idea in a recent Forbes article about how 1Password’s internal network of AI Champions is shaping this evolution and helping us set the standard for how we use AI to drive impact across 1Password.AI tools help us move faster, but it takes curiosity and judgement to unlock their full value, build new ways of working, and to deliver meaning

Developers need to expand their skills because coding agents are taking an increasing part of their job. Let's start with usability!

Architecture, auth, ecosystem, and the 2026 roadmap for the protocol that connects AI to everything.

50% of Checkly CLI users are already coding agents. Learn how built-in skills, structured output, and agent guardrails make one CLI work for humans and agents alike.

CLIs are the new agent interface. Discover how Checkly turned its CLI into an agentic layer with built-in skills, structured output, and confirmation protocols for safe autonomous monitoring.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-files-s3/releases/tag/0.1a1">datasette-files-s3 0.1a1</a></p> <p>A backend for <a href="https://github.com/datasette/datasette-files">datasette-files</a> that adds the ability to store and retrieve files using an S3 bucket. This release added <a href="https://github.com/datasette/datasette-files-s3/blob/main/README.md#credentials-broker-response">a mechanism&l...

<p><strong><a href="https://news.ycombinator.com/item?id=47517539">Thoughts on slowing the fuck down</a></strong></p>Mario Zechner created the <a href="https://github.com/badlogic/pi-mono">Pi agent framework</a> used by OpenClaw, giving considerable credibility to his opinions on current trends in agentic engineering. He's not impressed:</p><blockquote><p>We have basically given up all discipline and agency for a sort of addictio...

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-llm/releases/tag/0.1a1">datasette-llm 0.1a1</a></p> <p>New release of the base plugin that makes models from <a href="https://llm.datasette.io/">LLM</a> available for use by other Datasette plugins such as <a href="https://github.com/datasette/datasette-enrichments-llm">datasette-enrichments-llm</a>.</p><blockquote><ul><li>New &lt...

Widespread GitHub phishing campaign uses fake Visual Studio Code security alerts in Discussions to trick developers into visiting malicious website.

From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out.The post Updates to GitHub Copilot interaction data usage policy appeared first on The GitHub Blog.

<p><strong><a href="https://futuresearch.ai/blog/litellm-hack-were-you-one-of-the-47000/">LiteLLM Hack: Were You One of the 47,000?</a></strong></p>Daniel Hnyk used the <a href="https://console.cloud.google.com/bigquery?p=bigquery-public-data&d=pypi">BigQuery PyPI dataset</a> to determine how many downloads there were of <a href="https://simonwillison.net/2026/Mar/24/malicious-litellm/">the exploited LiteLLM packages</a> during...

In January, we introduced our Nightly package for RPM-based Linux distributions. Today, we are thrilled to announce it is now available for Firefox Beta! Firefox Beta is great for testing your sites in a version of Firefox that will reach regular users in the coming weeks. If you find any issues, please file them on […]The post Firefox Developer Edition and Beta: Try out Mozilla’s .rpm package! appeared first on Mozilla Hacks - the Web developer blog.

記事は ics.media へアクセスしてご覧ください。

Compare WYSIWYG and Markdown editors across collaboration, storage, and UX. Learn which fits your team and how to pick the right embeddable editor.

Storybook MCP は Storybook と AI エージェントを接続し、エージェントがコンポーネントドキュメントを参照しつつコードを生成したり、ストーリーを作成して UI コンポーネントをテストしたりできるようにする機能です。この記事では、Storybook MCP を実際に試してみた内容を紹介します。

はじめに こんにちは、LegalOn TechnologiesでCTOをしている深川です。実は来週第一子が出産予定でドキドキワクワクがとまりません。 最近、社内向けに「AI時代の開発チームサイズ」に関するガイドラインを策定しました。AIによるコード生成・テスト・レビューの能力が急速に向上するなかで、開発チームの最適な人数は何名なのか——これは多くの開発組織が直面しているテーマだと思います。 本記事では、そのガイドラインの中から「チームサイズの検討」の部分を切り出し、対外的に共有できる形でお届けします。完璧な正解ではありませんが、同じような課題に向き合う方々の参考になれば幸いです。

How I implemented real-time updates in less than 100 lines of code using Mercure in a React application with Symfony.

Why skipping audience validation lets attackers replay tokens across services, and how to fix it.

Traditional approaches to linting TypeScript-based languages have had significant drawbacks for many years. They're often difficult to configure and come with limitations that prevent rules from fully understanding the types of code. Flint introduces a comprehensive Volar.js-based architecture that enables fully type-aware lint rules for languages like Astro, Svelte, and Vue. Learn how Flint's architecture solves this once and for all!

<p><strong><a href="https://claude.com/blog/auto-mode">Auto mode for Claude Code</a></strong></p>Really interesting new development in Claude Code today as an alternative to <code>--dangerously-skip-permissions</code>:</p><blockquote><p>Today, we're introducing auto mode, a new permissions mode in Claude Code where Claude makes permission decisions on your behalf, with safeguards monitoring actions before they run.</p></...

You don't necessarily have to do focus handling yourself with shadow DOM web components. For simple wrapper components, there is an easier (and better) way.

<p><strong><a href="https://nesbitt.io/2026/03/04/package-managers-need-to-cool-down.html">Package Managers Need to Cool Down</a></strong></p>Today's <a href="https://simonwillison.net/2026/Mar/24/malicious-litellm/">LiteLLM supply chain attack</a> inspired me to revisit the idea of <a href="https://simonwillison.net/2025/Nov/21/dependency-cooldowns/">dependency cooldowns</a>, the practice of only installing updated dependencies once t...

<blockquote cite="https://bsky.app/profile/mims.bsky.social/post/3mhsux67xpk2d"><p>I really think "give AI total control of my computer and therefore my entire life" is going to look so foolish in retrospect that everyone who went for this is going to look as dumb as Jimmy Fallon holding up a picture of his Bored Ape</p></blockquote><p class="cite">— <a href="https://bsky.app/profile/mims.bsky.social/post/3mhsux67xpk2d">Christopher Mims</a>, T...

Five malicious npm packages typosquatting crypto libraries steal private keys via Telegram, targeting Solana and Ethereum developers, with active C2 infrastructure.

March has a way of bringing a lot of new things to WebKit — and this year is no exception.

Learn how to integrate the Copilot SDK into a React Native app to generate AI-powered issue summaries, with production patterns for graceful degradation and caching.The post Building AI-powered GitHub issue triage with the Copilot SDK appeared first on The GitHub Blog.

TeamPCP is targeting security tools across the OSS ecosystem, turning scanners and CI pipelines into infostealers to access enterprise secrets.

<p><strong><a href="https://github.com/BerriAI/litellm/issues/24512">Malicious litellm_init.pth in litellm 1.82.8 — credential stealer</a></strong></p>The LiteLLM v1.82.8 package published to PyPI was compromised with a particularly nasty credential stealer hidden in base64 in a <code>litellm_init.pth</code> file, which means installing the package is enough to trigger it even without running <code>import litellm</code>.</p><p...

Before version 1.29.7, NGINX used HTTP/1.0 by default for connecting to HTTP upstream servers. This older version of the protocol does not have the capability of HTTP persistent connections, commonly known as “keep-alive.” Keep-alive reduces the number of handshakes, reduces latency, and reduces time to first byte for most regular web applications. In order to […]

We’re introducing Dynamic Workers, which allow you to execute AI-generated code in secure, lightweight isolates. This approach is 100 times faster than traditional containers, enabling millisecond startup times for AI agent sandboxing.

Accessibility works best when it blends into everyday design workflows. The goal isn’t a big transformation, but simple work processes that fit naturally into a team’s routine. With Figma variables, testing font size increases becomes part of the design flow itself, making accessibility feel almost inevitable rather than optional.

AI is beginning to change how software is produced. Instead of just assisting developers inside the editor, AI agents now investigate issues, generate code, run tests, and execute multi-step workflows. As this work scales, software development extends beyond individual tools or sessions. It becomes a distributed system of agents, environments, and workflows that operate across […]

AI is quickly moving into the critical path of software delivery from test automation to deployment decisions like auto-rollbacks, approvals, and release gating. For engineering leaders, this raises a practical and urgent question: What guardrails do we need to safely use AI in our CI/CD pipeline without increasing risk? If your continuous integration and continuous […]The post What guardrails or policies should be in place when AI is part of deployment decisions (e.g., auto-rollback, approvals)

Starting with NGINX Ingress Controller (NIC) v5.4.0, you can define CORS behavior once in a Policy resource and apply it consistently across both VirtualServer and Ingress traffic paths. Across this blog, we’re focused on: Why Use a Policy For CORS? Many teams start with per-resource tuning and quickly end up with drift. Using a dedicated […]

こんにちは。LINEヤフー研究所でHuman-Computer Interaction（HCI）の分野の研究をしている池松です。皆さんはスマートフォン（以下、スマホ）でレシピを見ながら調理しているとき...

<p>I wrote about Dan Woods' experiments with <strong>streaming experts</strong> <a href="https://simonwillison.net/2026/Mar/18/llm-in-a-flash/">the other day</a>, the trick where you run larger Mixture-of-Experts models on hardware that doesn't have enough RAM to fit the entire model by instead streaming the necessary expert weights from SSD for each token that you process.</p><p>Five days ago Dan was running Qwen3.5-397B-A17B in 48GB of RAM. Today <...

The final report for Ruby Association Grant on TutorialKit.rb—a toolkit for building interactive Ruby and Rails tutorials that run entirely in the browser using WebAssembly and WebContainers. Featuring a full-featured installer, agent-friendly development workflow, deployment pipelines, HTTP support, and real-world examples.

What sets this attack apart is the skimmer itself. Instead of the usual HTTP requests or image beacons, this malware uses WebRTC DataChannels to load its payload and exfiltrate stolen payment data....

Add a "Sign in with Slack" button to your app in minutes using WorkOS AuthKit.

Decode, verify, and inspect JWTs; built by the team that does auth for a living.

Common threats from sign-up to sign-in: what can go wrong, how attackers exploit it, and how to stop them.

<blockquote cite="https://bsky.app/profile/schwarzgerat.bsky.social/post/3mhqu5dogos2v"><p>slop is something that takes more human effort to consume than it took to produce. When my coworker sends me raw Gemini output he’s not expressing his freedom to create, he’s disrespecting the value of my time</p></blockquote><p class="cite">— <a href="https://bsky.app/profile/schwarzgerat.bsky.social/post/3mhqu5dogos2v">Neurotica</a>, @schwarzgerat.bsky...

TypeScript 6.0 introduces new standard APIs, modern default settings, and deprecations as it prepares projects for the upcoming TypeScript 7.0 release.

<p><strong>Release:</strong> <a href="https://github.com/datasette/datasette-files/releases/tag/0.1a2">datasette-files 0.1a2</a></p> <p>The most interesting alpha of <a href="https://github.com/datasette/datasette-files">datasette-files</a> yet, a new plugin which adds the ability to upload files directly into a Datasette instance. Here are the release notes in full:</p><blockquote><ul><li>Columns are now configured u...

はじめに こんにちは、株式会社LegalOn Technologies ソフトウェアエンジニアのわたりょーです。デザインシステムチームに所属し、社内デザインシステム「Aegis」を開発・運用しています。 「Aegis」は、LegalOn Technologiesのプロダクト群で一貫した UI を実現するための社内デザインシステムです。UI コンポーネントライブラリ、デザイントークン、ガイドラインなどを提供し、複数プロダクトの開発効率と品質を支えています。 本記事では、AI コーディングエージェント（Claude Code / Codex など）向けに Agent Skills（以下、Skill…

Drawing an line with arrows pointing to the center of two arbitrary elements measuring and displaying the distance between them doesn't seem like it would be possible in CSS alone... but...

<blockquote cite="https://www.davidabram.dev/musings/the-machine-didnt-take-your-craft/"><p>I have been doing this for years, and the hardest parts of the job were never about typing out code. I have always struggled most with understanding systems, debugging things that made no sense, designing architectures that wouldn't collapse under heavy load, and making decisions that would save months of pain later.</p><p>None of these problems can be solved LLMs. They can sugges...

Storybook-powered agentic UI development

Today, we’re excited to announce kubernetes.nginx.org, a new community hub for everything NGINX networking on Kubernetes, along with a brand-new Kubernetes community Ingress-NGINX Migration Tool designed to make moving from the Kubernetes community Ingress-NGINX controller to the NGINX Ingress Controller as smooth as possible. Why a Community Hub? Whether you’re running NGINX Ingress Controller, exploring […]

The latest update to the CKEditor contributed modules brings AI writing and editing directly into Drupal. Premium Features module 1.8.0 introduces CKEditor AI, adding AI Chat, AI Review, AI Translate, and AI Quick Actions inside the rich text editor. Authors can write, review, and translate content without the back and forth of third-party tools.

Today we are excited to announce the availability of TypeScript 6.0! If you are not familiar with TypeScript, it’s a language that builds on JavaScript by adding syntax for types, which enables type-checking to catch errors, and provide rich editor tooling. You can learn more about TypeScript and how to get started on the TypeScript […]The post Announcing TypeScript 6.0 appeared first on TypeScript.

CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.The post GitHub expands application security coverage with AI‑powered detections appeared first on The GitHub Blog.

The new CSS corner-shape() property is mathematical, so it’s easily animated. Author Daniel Schwarz pokes at animating the property for interesting UI effects.Experimenting With Scroll-Driven corner-shape Animations originally published on CSS-Tricks, which is part of the DigitalOcean family. You should get the newsletter.

Cloudflare's Gen 13 servers introduce AMD EPYC™ Turin 9965 processors and a transition to 100 GbE networking to meet growing traffic demands. In this technical deep dive, we explain the engineering rationale behind each major component selection.

Cloudflare’s Gen 13 servers double our compute throughput by rethinking the balance between cache and cores. Moving to high-core-count AMD EPYC ™ Turin CPUs, we traded large L3 cache for raw compute density. By running our new Rust-based FL2 stack, we completely mitigated the latency penalty to unlock twice the performance.

There is a lil’ UI detail on this blog. Most people don’t even notice it, but the ones who do often reach out, asking how on earth it works. It feels like it defies the rules of CSS! In this blog post, I’ll break down the surprisingly-straightforward implementation so you can start using this trick yourself.

1月に AAAI-2026（The 40th Annual AAAI Conference on A ...

本記事は、Datadog agent-skillsとpupをGithub Actionsで実行し、自 ...

<p>Last month I <a href="https://simonwillison.net/2026/Feb/20/beats/">added a feature I call beats</a> to this blog, pulling in some of my other content from <a href="https://simonwillison.net/elsewhere/">external sources</a> and including it on the homepage, search and various archive pages on the site.</p><p>On any given day these frequently outnumber my regular posts. They were looking a little bit thin and were lacking any form of explanation beyon...

こんにちは、LINEヤフー株式会社の井上 秀一です。私は2024年4月に新入社員としてLINEヤフー株式会社に入社し、現在は社内向け Kubernetes as a Service である FKE チ...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/starlette-1-skill#readme">Starlette 1.0 skill</a></p> <p>See <a href="https://simonwillison.net/2026/Mar/22/starlette/">Experimenting with Starlette 1.0 with Claude skills</a>.</p> <p>Tags: <a href="https://simonwillison.net/tags/starlette">starlette</a></p>

How do you measure product-market fit for a developer tool? A PMF scoring model from Evil Martians—a product development consultancy for developer tools startups—built on data from 37 devtools companies across AI, infrastructure, and cybersecurity. Five metrics, real benchmarks, and a dual score that tells you whether to invest in product or go-to-market.

Users don't use data-testid, so why do your tests?

A practical comparison of the two protocols reshaping how agents pay for services in 2026.

A practical comparison of modern auth providers, trade-offs, and best practices for React Router apps.

The Model Context Protocol's 2026 roadmap acknowledges what enterprises deploying MCP at scale already know: the protocol has real gaps in auth, observability, gateway patterns, and configuration portability. Here's what's on the table and why it matters.

The big AI chat apps ship heavy rendering libraries to every device. Cheddy Chat renders markdown server-side and streams finished HTML, eliminating 160-440KB of client JavaScript while keeping the main thread free.

Why AI-Assisted Development Is More Exhausting Than It Should BeThe promise of AI-assisted development is that it should make developers' lives easier. In some ways it does. Yet I see many developers suffering from post-LLM burnout and exhaustion.In part, it is because of the unrealistic expectations of the organizations they work for, caught up in AI hype and FOMO.However, I am seeing another issue. And it's one rooted in the psychology of human-computer interaction (HCI).Cognitive ModesWhen yo

<p><a href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">Starlette 1.0 is out</a>! This is a really big deal. I think Starlette may be the Python framework with the most usage compared to its relatively low brand recognition because Starlette is the foundation of <a href="https://fastapi.tiangolo.com/">FastAPI</a>, which has attracted a huge amount of buzz that seems to have overshadowed Starlette itself.</p><p>Kim Christie started wo...

Newly published Trivy Docker images (0.69.4, 0.69.5, and 0.69.6) were found to contain infostealer IOCs and were pushed to Docker Hub without corresponding GitHub releases.

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/pcgamer-audit#readme">PCGamer Article Performance Audit</a></p> <p>Stuart Breckenridge pointed out that <a href="https://stuartbreckenridge.net/2026-03-19-pc-gamer-recommends-rss-readers-in-a-37mb-article/">PC Gamer Recommends RSS Readers in a 37MB Article That Just Keeps Downloading</a>, highlighting a truly horrifying example of web bloat that added up to 1...

<p><strong>Research:</strong> <a href="https://github.com/simonw/research/tree/main/javascript-sandboxing-research#readme">JavaScript Sandboxing Research</a></p> <p>Aaron Harper <a href="https://www.inngest.com/blog/node-worker-threads">wrote about Node.js worker threads</a>, which inspired me to run a research task to see if they might help with running JavaScript in a sandbox. Claude Code went way beyond my initial question and produced a ...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/dns">DNS Lookup</a></p> <p>TIL that Cloudflare's 1.1.1.1 DNS service (and 1.1.1.2 and 1.1.1.3, which block malware and malware + adult content respectively) has a CORS-enabled JSON API, so I <a href="https://github.com/simonw/tools/pull/258#issue-4116864108">had Claude Code build me</a> a UI for running DNS queries against all three of those resolvers.</p> <p>Tags...

<p><strong>Tool:</strong> <a href="https://tools.simonwillison.net/manyana">Merge State Visualizer</a></p> <p>Bram Cohen wrote about his <a href="https://bramcohen.com/p/manyana">coherent vision for the future of version control</a> using CRDTs, illustrated by <a href="https://github.com/bramcohen/manyana/blob/main/manyana.py">470 lines of Python</a>.</p><p>I fed that Python (minus comments) into Claude and asked for ...

Claude Code v2.1.80 から Research Preview 版として Claude Code channels（以下、チャンネル）が利用できるようになりました。チャンネルとは実行中の Claude Code のセッションに対して、外部からイベントを送ることができる MCP サーバーのことです。この記事では、Claude Code と Discord 連携がどのように動作しているのか、その仕組みを解説します。

One night, I wrote a simple tool to pick a random programming language. After shuffling a few times, I landed on Arturo. I decided to try it for fun.What’s Arturo?Best I understand, Arturo is a stack-based programming language. It’s primarily maintained by Yanis Zafirópulos. They published a vision of the language in 2020. Here’s the stated goal from that post:to make something that I myself will use as an easier do-it-all scripting language, you know… automation scripts, templating, latex gener

I wrote a web app to choose a random programming language.It’s very simple; I hestitate to even call it an “app”! The interesting part was scraping all the languages on Rosetta Code, and even that wasn’t very interesting. But I hope you like it!I learned about a language called Arturo this way, and wrote a short story about that experience.

I created a new visualisation for my homepage rotation.Here’s a demo:It’s just a basic flow field simulation with particles tracing their paths along the space. I used the p5.js framework. It reacts to mouse movements!I did a few optimisations to make it smoother, but in the end I had to lower the framerate and tried to make the low frame rate look intentional. Optimisation was important especially for mobile devices.Some of the optimisations include:Using sprites / textures instead of the vecto

<p>Here's a mildly dystopian prompt I've been experimenting with recently: "Profile this user", accompanied by a copy of their last 1,000 comments on Hacker News.</p><p>Obtaining those comments is easy. The <a href="https://hn.algolia.com/api">Algolia Hacker News API</a> supports listing comments sorted by date that have a specific tag, and the author of a comment is tagged there as <code>author_username</code>. Here's a JSON feed of my (<code>sim...

We released NGINX Ingress Controller v5.4.0 ahead of KubeCon Europe, and this one is worth the noise. This release is laser-focused on making it easier for teams running ingress-nginx to migrate to NGINX Ingress Controller, without sacrificing the features and workflows they depend on. Here’s what’s new! Configuration Resilience and Validation What’s new: Ingress and […]

<p><em><a href="https://simonwillison.net/guides/agentic-engineering-patterns/">Agentic Engineering Patterns</a> ></em></p> <p>Git is a key tool for working with coding agents. Keeping code in version control lets us record how that code changes over time and investigate and reverse any mistakes. All of the coding agents are fluent in using Git's features, both basic and advanced.</p><p>This fluency means we can be more ambitious abou...