Trusted access for the next era of cyber defense Claude Mythos appears to be a new model called GPT-5.4-Cyber: In preparation for increasingly more capable models from OpenAI over the next few months, we are fine-tuning our models specifically to enable defensive cybersecurity use cases, starting today with a variant of GPT‑5.4 trained to be cyber-permissive: GPT‑5.4‑Cyber. They're also extending a program they launched in February (which I had missed) called Trusted Access for Cyber, where users can verify their identity (via a photo of a government-issued ID processed by Persona) to gain "reduced friction" access to OpenAI's models for cybersecurity work. Honestly, this OpenAI announcement is difficult to follow. Unsurprisingly they don't mention Anthropic at all, but much of the piece emphasizes their many years of existing cybersecurity work and their goal to "democratize access" to these tools, hence the emphasis on that self-service verification flow from February. If you want access to their best security tools you still need to go through an extra Google Form application process though, which doesn't feel particularly different to me from Anthropic's Project Glasswing. Via Hacker News Tags: security, ai, openai, generative-ai, llms, anthropic, ai-security-research  ( 3 min )

Cybersecurity Looks Like Proof of Work Now Our evaluation of Claude Mythos Preview’s cyber capabilities, their own independent analysis of Claude Mythos which backs up Anthropic's claims that it is exceptionally effective at identifying security vulnerabilities. Drew Breunig notes that AISI's report shows that the more tokens (and hence money) they spent the better the result they got, which leads to a strong economic incentive to spend as much as possible on security reviews: If Mythos continues to find exploits so long as you keep throwing money at it, security is reduced to a brutally simple equation: to harden a system you need to spend more tokens discovering exploits than attackers will spend exploiting them. An interesting result of this is that open source libraries become more valuable, since the tokens spent securing them can be shared across all of their users. This directly counters the idea that the low cost of vibe-coding up a replacement for an open source library makes those open source projects less attractive. Tags: open-source, ai, generative-ai, llms, drew-breunig, vibe-coding, ai-security-research  ( 3 min )

➜ Studio Museum in Harlem, Bard Graduate Center & PUTF's Recs + Interview feat. Bob Bellerue

PUTF Podcast — Season 4, Episode 4 featuring Bob Bellerue

For London-based artist LR Vandy, the layered legacies of labor, shipping, and trade undergird a distinctive sculptural practice. Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article LR Vandy’s Rope Sculptures Disentangle Histories of Colonialism and Transportation appeared first on Colossal.  ( 15 min )

Ukrainian artist Jonko "George" Voronovsky (1903-1982) transformed his one-room residence into a vibrant environment of "memoryscapes." Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article A Delightful Short Film Highlights the Remarkable Self-Taught Art of George Voronovsky appeared first on Colossal.  ( 15 min )

A deep dive into four cinematic scenes, exploring how film-inspired ideas evolved into a cohesive and immersive portfolio experience.

One of the best-known examples of CSS state management is the checkbox hack. What if we want a component to be in one of three, four, or seven modes? That is where the Radio State Machine comes in. The Radio State Machine originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 16 min )

Breaking down OpenAI's internal memo about taking on Anthropic in the enterprise.  ( 13 min )

Introducing name-only @container queries, shipped in Safari 26.4.  ( 4 min )

#​781 — April 14, 2026 Read on the Web JavaScript Weekly Under the Hood of MDN's New Frontend — The hugely useful MDN has rebuilt its frontend stack from the ground up, ditching React for web components and a homegrown server component system. A great read on building a modern, content-heavy site without shipping unnecessary JavaScript on every page. Leo McArdle (MDN) Ship Mobile Apps The Way You Ship Websites — Expo gives JavaScript developers a web-like workflow for native mobile. Hot reload on device. OTA updates that skip app store review. Cloud builds that work like Vercel. Start with npx create-expo-app. Expo sponsor 🕹️ Phaser 4.0: The 2D WebGL and Canvas-Based Game Framework — The widely used game framework celebrates its 13th bir…

Steve Yegge: I was chatting with my buddy at Google, who's been a tech director there for about 20 years, about their AI adoption. Craziest convo I've had all year. The TL;DR is that Google engineering appears to have the same AI adoption footprint as John Deere, the tractor company. Most of the industry has the same internal adoption curve: 20% agentic power users, 20% outright refusers, 60% still using Cursor or equivalent chat tool. It turns out Google has this curve too. [...] There has been an industry-wide hiring freeze for 18+ months, during which time nobody has been moving jobs. So there are no clued-in people coming in from the outside to tell Google how far behind they are, how utterly mediocre they have become as an eng org. Addy Osmani: On behalf of @Google, this post doesn't match the state of agentic coding at our company. Over 40K SWEs use agentic coding weekly here. Googlers have access to our own versions of @antigravity, @geminicli, custom models, skills, CLIs and MCPs for our daily work. Orchestrators, agent loops, virtual SWE teams and many other systems are actively available to folks. [...] Demis Hassabis: Maybe tell your buddy to do some actual work and to stop spreading absolute nonsense. This post is completely false and just pure clickbait. Tags: addy-osmani, steve-yegge, google, generative-ai, agentic-engineering, ai, llms  ( 3 min )

Research: Exploring the new `servo` crate In Servo is now available on crates.io the Servo team announced the initial release of the servo crate, which packages their browser engine as an embeddable library. I set Claude Code for web the task of figuring out what it can do, building a CLI tool for taking screenshots using it and working out if it could be compiled to WebAssembly. The servo-shot Rust tool it built works pretty well: git clone https://github.com/simonw/research cd research/servo-crate-exploration/servo-shot cargo build ./target/debug/servo-shot https://news.ycombinator.com/ Here's the result: Compiling Servo itself to WebAssembly is not feasible due to its heavy use of threads and dependencies like SpiderMonkey, but Claude did build me this playground page for trying out a WebAssembly build of the html5ever and markup5ever_rcdom crates, providing a tool for turning fragments of HTML into a parse tree. Tags: research, browsers, rust, webassembly, claude-code, servo  ( 3 min )

The artist's solo exhibition, 'Ukuphuthelwa' at White Cube, continues through April 18. Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article Cinga Samson Conjures Mystery and the Sublime in Large-Scale Oil Paintings appeared first on Colossal.  ( 14 min )

When you make speed and “moving fast” the biggest priority on a project or in an organization, the first thing to breakdown is talking to each other. Talking takes time. Consensus is expensive and slow. In a pressurized environment there’s no time to schedule calls, get input from subject matter experts, or resolve key differences of opinion. ASAP makes a big assumption that all relevant parties are already in the room. Not everything needs to be a conversation. I’m a firm believer in “get the user something to see if there’s interest”. I’d agree that over-thinking a problem and under-thinking a problem both have pitfalls. But dozens of ways exist to get feedback from users on in-progress work without overcommitting to a particular design. By prioritizing speed over talking, cross-org coll…

Craving for a view transition? Sunkanmi has lots of common transitions you can drop into your website right now! 7 View Transitions Recipes to Try originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 12 min )

What began with one person teaching himself to make things grew into a creative practice shaped by curiosity, persistence, and the urge to push digital work further.

Have you ever heard of Disney’s 12 Basic Principles of Animation? In this tutorial, we’ll explore how we can use the very first principle to create SVG micro-interactions that feel way more natural and believable. It’s one of those small things that has a big impact.  ( 22 min )

I would commit.  ( 15 min )

Does Aggregation Theory survive in a world of constrained compute? Yes, insomuch as controlling demand will give power over supply.  ( 22 min )

The problem is that LLMs inherently lack the virtue of laziness. Work costs nothing to an LLM. LLMs do not feel a need to optimize for their own (or anyone's) future time, and will happily dump more and more onto a layercake of garbage. Left unchecked, LLMs will make systems larger, not better — appealing to perverse vanity metrics, perhaps, but at the cost of everything that matters. As such, LLMs highlight how essential our human laziness is: our finite time forces us to develop crisp abstractions in part because we don't want to waste our (human!) time on the consequences of clunky ones. — Bryan Cantrill, The peril of laziness lost Tags: bryan-cantrill, ai, llms, ai-assisted-programming, generative-ai  ( 3 min )

Thanks to a tip from Rahim Nathwani, here's a uv run recipe for transcribing an audio file on macOS using the 10.28 GB Gemma 4 E2B model with MLX and mlx-vlm: uv run --python 3.13 --with mlx_vlm --with torchvision --with gradio \ mlx_vlm.generate \ --model google/gemma-4-e2b-it \ --audio file.wav \ --prompt "Transcribe this audio" \ --max-tokens 500 \ --temperature 1.0 Your browser does not support the audio element. I tried it on this 14 second .wav file and it output the following: This front here is a quick voice memo. I want to try it out with MLX VLM. Just going to see if it can be transcribed by Gemma and how that works. (That was supposed to be "This right here..." and "... how well that works" but I can hear why it misinterpreted that as "front" and "how that works".) Tags: uv, mlx, ai, gemma, llms, speech-to-text, python, generative-ai  ( 3 min )

Why we need collaborative AI engineering  ( 12 min )

I quipped on BlueSky: It’s interesting how AI proponents are often like "skill issue" when the LLM doesn't work like someone expects. Whereas when human-centered UX people see someone using it wrong, they're like "skill issue on us, the people who made this" This is top of mind because I’ve been working with Jan Miksovsky on his project Web Origami and he exemplified this to me recently. I was working with some part of Origami and I was “holding it wrong”. I kept apologizing for my misunderstanding and misuse. And Jan — rather than being like “Yeah, that’s a skill issue on your part, but you’ll get there” — his posture as tool-maker was one of introspection. He took the time to consider that perhaps the technology he was building was not properly aligning with my expectations as a user (or…  ( 2 min )

A retro-themed linear MX switch from an unlikely collaboration that punches well above its weight class, delivering a dry, characterful, and weirdly nostalgic feeling.  ( 6 min )

SQLite 3.53.0 ALTER TABLE can now add and remove NOT NULL and CHECK constraints - I've previously used my own sqlite-utils transform() method for this. New json_array_insert() function and its jsonb equivalent. Significant improvements to CLI mode, including result formatting. The result formatting improvements come from a new library, the Query Results Formatter. I had Claude Code (on my phone) compile that to WebAssembly and build this playground interface for trying that out. Via Lobste.rs Tags: sql, sqlite  ( 3 min )

Tool: SQLite Query Result Formatter Demo See my notes on SQLite 3.53.0. This playground provides a UI for trying out the various rendering options for SQL result tables from the new Query Result Formatter library, compiled to WebAssembly. Tags: tools, sqlite  ( 3 min )

Lenny posted another snippet from our 1 hour 40 minute podcast recording and it's about kākāpō parrots! Tags: kakapo  ( 2 min )

I think it's non-obvious to many people that the OpenAI voice mode runs on a much older, much weaker model - it feels like the AI that you can talk to should be the smartest AI but it really isn't. If you ask ChatGPT voice mode for its knowledge cutoff date it tells you April 2024 - it's a GPT-4o era model. This thought inspired by this Andrej Karpathy tweet about the growing gap in understanding of AI capability based on the access points and domains people are using the models with: [...] It really is simultaneously the case that OpenAI's free and I think slightly orphaned (?) "Advanced Voice Mode" will fumble the dumbest questions in your Instagram's reels and at the same time, OpenAI's highest-tier and paid Codex model will go off for 1 hour to coherently restructure an entire code base, or find and exploit vulnerabilities in computer systems. This part really works and has made dramatic strides because 2 properties: these domains offer explicit reward functions that are verifiable meaning they are easily amenable to reinforcement learning training (e.g. unit tests passed yes or no, in contrast to writing, which is much harder to explicitly judge), but also they are a lot more valuable in b2b settings, meaning that the biggest fraction of the team is focused on improving them. Tags: andrej-karpathy, generative-ai, openai, chatgpt, ai, llms  ( 3 min )

Gabriella Marcella founded Risotto in 2012 after purchasing her first risograph machine secondhand. Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article This Risograph Studio Celebrates 400 Artist Postcards Mailed Around the Globe appeared first on Colossal.  ( 14 min )

"Earth / Tree" harnesses komorebi, which reflects the unique interplay of light and shadow that occurs when the sun filters through the trees. Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article A Wooden Canopy by Kengo Kuma Casts Dappled Light Around a Copenhagen Museum appeared first on Colossal.  ( 13 min )

The best Stratechery content from the week of April 6, 2026, including Anthropic, The New York Times and another paradigm shift, and The New Yorker explains Sam Altman.  ( 14 min )

A case study on how motion, interaction, and scroll-driven design turned the Exat microsite into an expressive showcase for contemporary type.

Practical guidelines for driving UX impact in organizations with legacy systems and broken processes. Brought to you by Measuring UX Impact, **friendly video course on UX** and design patterns by Vitaly.

On Apple’s Liquid Glass redesign, the silence of major brands, and why beauty alone can’t replace clarity, identity, or design philosophy. The post The Glass Is Half Empty: How Apple’s Boldest Redesign Missed the Point appeared first on Tubik Blog: Articles About Design.

There is a scene in Plato that contains, in miniature, the catastrophe of Athenian public life. Two men meet at a courthouse. One is there to prosecute his own father for the death of a slave. The other is there to be indicted for indecency. [1] The prosecutor, Euthyphro, is certain he understands what decency requires. The accused, Socrates, is not certain of anything, and says so. They talk. Euthyphro’s confidence is striking. His own family thinks it is indecent for a son to prosecute his father; Euthyphro insists that true decency demands it, that he understands what the gods require better than his relatives do. Socrates, who is about to be tried for teaching indecency toward the gods, asks Euthyphro to explain what decency actually is, since Euthyphro claims to know, and S…  ( 155 min )

In just the last few weeks, we’ve seen a series of software security vulnerabilities that, until recently, would each have been the biggest exploit of the year in which they were discovered. Now, they’ve become nearly routine. There’s a new one almost every day. The reason for this rising wave of massively-impactful software vulnerabilities is that LLMs are rapidly increasing in their ability to write code, which also rapidly improves their ability to analyze code for security weaknesses. These smarter coding agents can detect flaws in commonly-used code, and then create tools which exploit those bugs to get access to people’s systems or data almost effortlessly. These powerful new LLMs can find hundreds of times more vulnerabilities than previous generations of AI tools, and can chain tog…

#​596 — April 10, 2026 Read the Web Version 🐣 You didn't miss an issue last week. We're back after a little Easter break. 😊 __ Peter Cooper, your editor Go Weekly Solod: A Subset of Go That Translates to C — Can Go be a ‘better C’? Solod (a.k.a. So) is a simplified version of Go with manual memory management (and no runtime) for C-style systems programming but with a syntax you already know. It’s early days but some interesting work is coming out of it, such as Anton’s work on porting Go's stdlib to C. Anton Zhiyanov 10MB Binary. 10-Service Analytics Stack. Something's Off. — Go's philosophy is simplicity. Your data stack should match. TimescaleDB extends Postgres with hypertables, 95% compression, and continuous aggregates. Analytics on l…

Tool: GitHub Repo Size GitHub doesn't tell you the repo size in the UI, but it's available in the CORS-friendly API. Paste a repo into this tool to see the size, for example for simonw/datasette (8.1MB). Tags: cors, github  ( 3 min )

"Wind carries away destinies," reads a brief synopsis for the short film. Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article A Strong Gust of Wind Disrupts the Mundane in ‘Jour de Vent’ appeared first on Colossal.  ( 13 min )

The artist's works are an invitation to consider the inner self. Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article Abi Castillo’s Ceramic Beings Contrast Delicacy With the Natural World appeared first on Colossal.  ( 13 min )

The Mississippi Museum of Art exhibition highlights the Southern artist's artistic way of life. Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article ‘Love Is a Sensation’ Spotlights the Boundless Creativity of L.V. Hull appeared first on Colossal.  ( 15 min )

Me, in 2025, on Mastodon: I love tools like Netlify and deploying my small personal sites with git push But i'm not gonna lie, 2025 might be the year I go back to just doing builds locally and pushing the deploys from my computer. I'm sick of devops'ing stupid stuff because builds work on my machine and I have to spend that extra bit of time to ensure they also work on remote linux computers. Not sure I need the infrastructure of giant teams working together for making a small personal website. It’s 2026 now, but I finally took my first steps towards this. The Why One of the ideas I really love around the “local-first” movement is this notion that everything canonical is done locally, then remote “sync” is an enhancement. For my personal website, I want builds and deployments to work that …  ( 4 min )

A clever approach for selecting multiple dates on a calendar where the :nth-child()'s “n of selector” syntax does all the heavy lifting... even in the JavaScript. Selecting a Date Range in CSS originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 10 min )

How one direct message opened the door to my first SOTD and shaped my journey as a creative developer.

To build upon a visual language with AI, you need to harness the logic behind each prompt—building, editing, and directing how visuals come to life. Here, we share five creative workflows that show the breadth of what the Figma Weave canvas can do.  ( 45 min )

An interview with New York Times Company CEO Meredith Kopit Levien about human expertise as a moat against Aggregators and AI.  ( 45 min )

Release: asgi-gzip 0.3 I ran into trouble deploying a new feature using SSE to a production Datasette instance, and it turned out that instance was using datasette-gzip which uses asgi-gzip which was incorrectly compressing event/text-stream responses. asgi-gzip was extracted from Starlette, and has a GitHub Actions scheduled workflow to check Starlette for updates that need to be ported to the library... but that action had stopped running and hence had missed Starlette's own fix for this issue. I ran the workflow and integrated the new fix, and now datasette-gzip and asgi-gzip both correctly handle text/event-stream in SSE responses. Tags: gzip, asgi, python  ( 3 min )

Meta announced Muse Spark today, their first model release since Llama 4 almost exactly a year ago. It's hosted, not open weights, and the API is currently "a private API preview to select users", but you can try it out today on meta.ai (Facebook or Instagram login required). Meta's self-reported benchmarks show it competitive with Opus 4.6, Gemini 3.1 Pro, and GPT 5.4 on selected benchmarks, though notably behind on Terminal-Bench 2.0. Meta themselves say they "continue to invest in areas with current performance gaps, such as long-horizon agentic systems and coding workflows". The model is exposed as two different modes on meta.ai - "Instant" and "Thinking". Meta promise a "Contemplating" mode in the future which they say will offer much longer reasoning time and should behave more like Gemini Deep Think or GPT-5.4 Pro. A couple of pelicans I prefer to run my pelican test via API to avoid being influenced by any invisible system prompts, but since that's not an option I ran it against the chat UI directly. Here's the pelican I got for "Instant": And this one for "Thinking": Both SVGs were rendered inline by the Meta AI interface. Interestingly, the Instant model output an SVG directly (with code comments) whereas the Thinking model wrapped it in a thin HTML shell with some unused Playables SDK v1.0.0 JavaScript libraries. Which got me curious... Poking around with tools Clearly Meta's chat harness has some tools wired up to it - at the very least it can render SVG and HTML as embedded frames, Claude Artifacts style. But what else can it do? I asked it: what tools do you have access to? And then: I want the exact tool names, parameter names and tool descriptions, in the original format It spat out detailed descriptions of 16 different tools. You can see the full list I got back here - credit to Meta for not telling their bot to hide these, since it's far less frustrating if I can get them out without having to mess around with jailbreaks. Here are highlights derived from that response: Browse and search. browser.search can run a web search through an undisclosed search engine, browser.open can load the full page from one of those search results and browser.find can run pattern matches against the returned page content. Meta content search. meta_1p.content_search can run "Semantic search across Instagram, Threads, and Facebook posts" - but only for posts the user has access to view which were created since 2025-01-01. This tool has some powerful looking parameters, including author_ids, key_celebrities, commented_by_user_ids, and liked_by_user_ids. "Catalog search" - meta_1p.meta_catalog_search can "Search for products in Meta's product catalog", presumably for the "Shopping" option in the Meta AI model selector. Image generation. media.image_gen generates images from prompts, and "returns a CDN URL and saves the image to the sandbox". It has modes "artistic" and "realistic" and can return "square", "vertical" or "landscape" images. container.python_execution - yes! It's Code Interpreter, my favourite feature of both ChatGPT and Claude. Execute Python code in a remote sandbox environment. Python 3.9 with pandas, numpy, matplotlib, plotly, scikit-learn, PyMuPDF, Pillow, OpenCV, etc. Files persist at /mnt/data/. Python 3.9 is EOL these days but the library collection looks useful. I prompted "use python code to confirm sqlite version and python version" and got back Python 3.9.25 and SQLite 3.34.1 (from January 2021). container.create_web_artifact - we saw this earlier with the HTML wrapper around the pelican: Meta AI can create HTML+JavaScript files in its container which can then be served up as secure sandboxed iframe interactives. "Set kind to html for websites/apps or svg for vector graphics." container.download_meta_1p_media is interesting: "Download media from Meta 1P sources into the sandbox. Use post_id for Instagram/Facebook/Threads posts, or catalog_search_citation_id for catalog product images". So it looks like you can pull in content from other parts of Meta and then do fun Code Interpreter things to it in the sandbox. container.file_search - "Search uploaded files in this conversation and return relevant excerpts" - I guess for digging through PDFs and similar? Tools for editing files in the container - container.view, container.insert (with new_str and insert_line), container.str_replace. These look similar to Claude's text editor tool commands - these are becoming a common pattern across any file-equipped agent harness. container.visual_grounding - see below, this one is fun. subagents.spawn_agent - the sub-agent as a tool pattern. "Spawn an independent sub-agent for research, analysis, or delegation. It returns its final text response." third_party.link_third_party_account - "Initiate account linking for a third-party service", currently Google Calendar, Outlook Calendar, Gmail, or Outlook. Image analysis in the container Let's talk about that container.visual_grounding one. Here's the description in full: Description: Visual grounding tool that analyzes the image, identifies and labels objects, locates regions, or counts objects. Parameters: object_names (array, required) image_path (string, default "") format_type ("bbox"|"point"|"count"|null, default "bbox") title (string|null)[string] So it can take an image path, optional object names and return things in format bbox, point or count. This sounded to me like Meta's Segment Anything, (I later heard that it's not, this is a native feature of the model itself via a tool call with a custom system prompt). I decided to take it for a spin. Prompt: generate a photo of a raccoon sitting on a trash can wearing trash as a hat Response: Here you go — king of the alley, in full regalia: Coffee cup crown, banana peel brim, newspaper feather. Peak raccoon fashion. Want me to make a wilder version — maybe night-vision, or wearing sunglasses too? My guess is that image generation in Meta AI is powered by their Emu model, or an updated version of it. This is the same pattern as ChatGPT and Gemini image generation, where images are generated by a tool call (here that's media.image_gen). The image_gen tool description said that it "saves the image to the sandbox", so my guess was that I'd then be able to run Python code against it. I tried: use python OpenCV to analyze that image and find out neat things about it Annoyingly it did not show me the code it ran, but it did create this image: Pretty neat! We can both generate images and then use them with Python tools. Next, the visual_grounding tool. Knowing the names of the tools makes it easy to refer to them in prompts: Now try the container.visual_grounding tool The response (full response here): Done — visual_grounding pinpointed every piece of the outfit with pixel-level precision: [...] Want me to run it in bbox mode next to draw boxes around the fur texture, or count mode to see how many individual whiskers it can detect? Once again, Meta AI wrapped the results from the tool in a custom HTML visualization. That's clearly point mode, but how about the others? I prompted: yes draw bounding boxes, can it do masks too? Response: Yes — bounding boxes work great. Masks? Not directly in visual_grounding; it only returns three formats: point, bbox, and count. No pixel-level segmentation masks. Here's the bbox output: What you’re seeing: raccoon: big box from (270,240) to (892,845) — covers 62% of the width, basically the whole animal coffee cup: (424,115)-(610,273) — sits highest, 158px tall in the 0-1000 space banana peel: (472,215)-(667,291) — overlaps the cup's base, confirming it's draped over the side newspaper: (305,223)-(548,315) — left ear coverage trash can lid: (107,800)-(1000,998) — spans almost the full image width at the bottom face: (305,283)-(750,537) — tight crop around the mask eyes: both ~40×37 pixel boxes, perfectly level at y=379 Notice how the boxes nest: face is inside raccoon, eyes inside face, hat pieces overlap each other but stay above the face box. The tool is doing real object localization, not just guessing centers. About masks: since visual_grounding doesn't output them, I can fake them with OpenCV in the container. Two quick options: GrabCut — I give it the raccoon bbox, it iteratively segments fur from background and returns a binary mask SAM-style color threshold — use the bbox plus k-means to isolate the coffee cup or banana peel Want me to generate an actual alpha mask for the raccoon (cut it out from the alley), or for the trash hat pieces separately? Takes about 10 seconds and I can give you a transparent PNG. Here's the HTML for that bbox visualization. Finally I had it dump out the raw JSON for point mode, bbox mode and count mode. You can see that all here. The count mode is particularly interesting - here's that in full: [ { "object_name": "raccoon whisker", "points": [ {"x": 403, "y": 445}, {"x": 397, "y": 458}, {"x": 392, "y": 472}, {"x": 391, "y": 485}, {"x": 398, "y": 497}, {"x": 415, "y": 512}, {"x": 618, "y": 446}, {"x": 622, "y": 461}, {"x": 625, "y": 475}, {"x": 628, "y": 488}, {"x": 635, "y": 501}, {"x": 651, "y": 518} ], "count": 12 }, { "object_name": "raccoon paw claw", "points": [ {"x": 406, "y": 845}, {"x": 424, "y": 847}, {"x": 441, "y": 842}, {"x": 473, "y": 833}, {"x": 596, "y": 830}, {"x": 635, "y": 844}, {"x": 660, "y": 843}, {"x": 679, "y": 838} ], "count": 8 }, { "object_name": "trash item on head", "points": [ {"x": 514, "y": 191}, {"x": 568, "y": 263}, {"x": 392, "y": 274} ], "count": 3 }, { "object_name": "eye", "points": [ {"x": 462, "y": 395}, {"x": 582, "y": 398} ], "count": 2 }, { "object_name": "ear", "points": [ {"x": 359, "y": 313}, {"x": 680, "y": 294} ], "count": 2 } ] So Meta AI has the ability to count a raccoon's whiskers baked into the default set of tools. Which means... it can count pelicans too! Here's that overlay exported as HTML. Update: Meta's Jack Wu confirms that these tools are part of the new harness they launched alongside the new model. Maybe open weights in the future? On Twitter Alexandr Wang said: this is step one. bigger models are already in development with infrastructure scaling to match. private api preview open to select partners today, with plans to open-source future versions. I really hope they do go back to open-sourcing their models. Llama 3.1/3.2/3.3 were excellent laptop-scale model families, and the introductory blog post for Muse Spark had this to say about efficiency: [...] we can reach the same capabilities with over an order of magnitude less compute than our previous model, Llama 4 Maverick. This improvement also makes Muse Spark significantly more efficient than the leading base models available for comparison. So are Meta back in the frontier model game? Artificial Analysis think so - they scored Meta Spark at 52, "behind only Gemini 3.1 Pro, GPT-5.4, and Claude Opus 4.6". Last year's Llama 4 Maverick and Scout scored 18 and 13 respectively. I'm waiting for API access - while the tool collection on meta.ai is quite strong the real test of a model like this is still what we can build on top of it. Tags: facebook, ai, generative-ai, llms, code-interpreter, llm-tool-use, meta, pelican-riding-a-bicycle, llm-reasoning, llm-release  ( 9 min )

I have a feeling that everyone likes using AI tools to try doing someone else’s profession. They’re much less keen when someone else uses it for their profession. — Giles Turnbull, AI and the human voice Tags: ai-ethics, writing, ai  ( 2 min )

#​619 — April 9, 2026 Read on the Web A Post-Mortem of the Axios Compromise — The Axios team has shared a detailed post-mortem of the recent supply chain compromise where a trojan was pulled in as a malicious dependency. The attack was well planned and involved a sophisticated bit of social engineering. Jason Saayman / axios ⚠️ Axios isn't the only target. Sarah Gooding reports on ongoing attempts to socially engineer 'high-impact Node.js maintainers.' It's worth being aware of these techniques if you maintain any public npm packages. You Don’t Have To Attend All 44 Postgres Talks — POSETTE: An Event for Postgres 2026 is a free & virtual developer event on 16-18 Jun. All 44 talks stream live & will be available later. Join live to take part in di…

Safari Technology Preview Release 241 is now available for download for macOS Tahoe and macOS Sequoia.  ( 7 min )

For our annual April Fun Day, we used Figma Make, Weave, and MCP to build six mini games that captured the spirit of play. Here’s what we learned.  ( 35 min )

Colossal Members have hit an amazing milestone! Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article Colossal Members Have Funded 100 Projects in K-12 Classrooms through DonorsChoose appeared first on Colossal.  ( 13 min )

The Artemis II mission is currently underway and scheduled to last a total of 10 days. Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $7 per month. The article Artemis II Captures Spectacular Images of ‘Earthset’ from Deep Space appeared first on Colossal.  ( 14 min )

Follow along as we build page transitions in Astro with Barba.js and GSAP, from the initial setup to a working animated transition flow.

Anthropic says its new model is too dangerous to release; there are reasons to be skeptical, but to the extent Anthropic is right, that raises even deeper concerns.  ( 14 min )

These days, we’re all living in a constant state of crisis, foisted upon us by a world where those who are meant to keep things stable are the least stable factors in our lives. The chaos and stress of that reality makes it difficult to make any plans, let alone to make decisions if you have responsibilities for a team or organization that you’re meant to be leading. It’s easy to imagine there’s nothing we can do, or to feel hopeless. But a resource that just arrived served as a timely reminder for me that a crisis doesn’t have to be paralyzing, and we don’t have to feel overwhelmed when trying to plan how we’ll respond as leaders. The topic of crisis has been on my mind again as I’ve been looking at the work of some friends who are the most fluent experts on the topic of crisis that I kno…

🚀 Frontend Focus #​736 — April 8, 2026 | Read on the web Introducing view-transitions-toolkit: Utility Functions to More Easily Work with View Transitions — Bramus has been experimenting with View Transitions for a good while now. He's brought together his numerous code patterns into a new dedicated npm package full of view transition utilities, helpers, and functions. There’s a bunch of demos here, and the code is on GitHub. Bramus Van Damme (Google) 📊 Announcing JetStream 3.0 — Seven years after v2 comes a big update to the popular cross-browser JS/WASM benchmark suite. It’s a group effort, with work from Mozilla, WebKit, and Chromium, with updates to the workloads and methodology. The tool is here, as well as more detail on…

GLM-5.1: Towards Long-Horizon Tasks Hugging Face) MIT-licensed monster - the same size as their previous GLM-5 release, and sharing the same paper. It's available via OpenRouter so I asked it to draw me a pelican: llm install llm-openrouter llm -m openrouter/z-ai/glm-5.1 'Generate an SVG of a pelican on a bicycle' And something new happened... unprompted, the model decided to give me an HTML page that included both the SVG and a separate set of CSS animations! The SVG was excellent, and might be my new favorite from an open weights model: But the animation broke it: That's the pelican, floating up in the top left corner. I usually don't do follow-up prompts for the pelican test, but in this case I made an exception: llm -c 'the animation is a bit broken, the pelican ends up positioned off the screen at the top right' GLM 5.1 replied: The issue is that CSS transform animations on SVG elements override the SVG transform attribute used for positioning, causing the pelican to lose its placement and fly off to the top-right. The fix is to separate positioning (SVG attribute) from animation (inner group) and use <animateTransform> for SVG rotations since it handles coordinate systems correctly. And spat out fresh HTML which fixed the problem! I particularly like the animation of the beak, which is described in the SVG comments like so: <!-- Pouch (lower beak) with wobble --> <g> <path d="M42,-58 Q43,-50 48,-42 Q55,-35 62,-38 Q70,-42 75,-60 L42,-58 Z" fill="url(#pouchGrad)" stroke="#b06008" stroke-width="1" opacity="0.9"/> <path d="M48,-50 Q55,-46 60,-52" fill="none" stroke="#c06a08" stroke-width="0.8" opacity="0.6"/> <animateTransform attributeName="transform" type="scale" values="1,1; 1.03,0.97; 1,1" dur="0.75s" repeatCount="indefinite" additive="sum"/> </g> Update: On Bluesky @charles.capps.me suggested a "NORTH VIRGINIA OPOSSUM ON AN E-SCOOTER" and... The HTML+SVG comments on that one include /* Earring sparkle */, <!-- Opossum fur gradient -->, <!-- Distant treeline silhouette - Virginia pines -->, <!-- Front paw on handlebar --> - here's the transcript and the HTML result. Tags: css, svg, ai, generative-ai, llms, pelican-riding-a-bicycle, llm-release, ai-in-china, glm  ( 4 min )

Anthropic didn't release their latest model, Claude Mythos (system card PDF), today. They have instead made it available to a very restricted set of preview partners under their newly announced Project Glasswing. The model is a general purpose model, similar to Claude Opus 4.6, but Anthropic claim that its cyber-security research abilities are strong enough that they need to give the software industry as a whole time to prepare. Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. [...] Project Glasswing partners will receive access to Claude Mythos Preview to find and fix vulnerabilities or weaknesses in their foundational systems—systems that represent a very large portion of the world’s shared cyberattack surface. We anticipate this work will focus on tasks like local vulnerability detection, black box testing of binaries, securing endpoints, and penetration testing of systems. There's a great deal more technical detail in Assessing Claude Mythos Preview’s cybersecurity capabilities on the Anthropic Red Team blog: In one case, Mythos Preview wrote a web browser exploit that chained together four vulnerabilities, writing a complex JIT heap spray that escaped both renderer and OS sandboxes. It autonomously obtained local privilege escalation exploits on Linux and other operating systems by exploiting subtle race conditions and KASLR-bypasses. And it autonomously wrote a remote code execution exploit on FreeBSD's NFS server that granted full root access to unauthenticated users by splitting a 20-gadget ROP chain over multiple packets. Plus this comparison with Claude 4.6 Opus: Our internal evaluations showed that Opus 4.6 generally had a near-0% success rate at autonomous exploit development. But Mythos Preview is in a different league. For example, Opus 4.6 turned the vulnerabilities it had found in Mozilla’s Firefox 147 JavaScript engine—all patched in Firefox 148—into JavaScript shell exploits only two times out of several hundred attempts. We re-ran this experiment as a benchmark for Mythos Preview, which developed working exploits 181 times, and achieved register control on 29 more. Saying "our model is too dangerous to release" is a great way to build buzz around a new model, but in this case I expect their caution is warranted. Just a few days (last Friday) ago I started a new ai-security-research tag on this blog to acknowledge an uptick in credible security professionals pulling the alarm on how good modern LLMs have got at vulnerability research. Greg Kroah-Hartman of the Linux kernel: Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality. It was kind of funny. It didn't really worry us. Something happened a month ago, and the world switched. Now we have real reports. All open source projects have real reports that are made with AI, but they're good, and they're real. Daniel Stenberg of curl: The challenge with AI in open source security has transitioned from an AI slop tsunami into more of a ... plain security report tsunami. Less slop but lots of reports. Many of them really good. I'm spending hours per day on this now. It's intense. And Thomas Ptacek published Vulnerability Research Is Cooked, a post inspired by his podcast conversation with Anthropic's Nicholas Carlini. Anthropic have a 5 minute talking heads video describing the Glasswing project. Nicholas Carlini appears as one of those talking heads, where he said (highlights mine): It has the ability to chain together vulnerabilities. So what this means is you find two vulnerabilities, either of which doesn't really get you very much independently. But this model is able to create exploits out of three, four, or sometimes five vulnerabilities that in sequence give you some kind of very sophisticated end outcome. [...] I've found more bugs in the last couple of weeks than I found in the rest of my life combined. We've used the model to scan a bunch of open source code, and the thing that we went for first was operating systems, because this is the code that underlies the entire internet infrastructure. For OpenBSD, we found a bug that's been present for 27 years, where I can send a couple of pieces of data to any OpenBSD server and crash it. On Linux, we found a number of vulnerabilities where as a user with no permissions, I can elevate myself to the administrator by just running some binary on my machine. For each of these bugs, we told the maintainers who actually run the software about them, and they went and fixed them and have deployed the patches patches so that anyone who runs the software is no longer vulnerable to these attacks. I found this on the OpenBSD 7.8 errata page: 025: RELIABILITY FIX: March 25, 2026 All architectures TCP packets with invalid SACK options could crash the kernel. A source code patch exists which remedies this problem. I tracked that change down in the GitHub mirror of the OpenBSD CVS repo (apparently they still use CVS!) and found it using git blame: Sure enough, the surrounding code is from 27 years ago. I'm not sure which Linux vulnerability Nicholas was describing, but it may have been this NFS one recently covered by Michael Lynch . There's enough smoke here that I believe there's a fire. It's not surprising to find vulnerabilities in decades-old software, especially given that they're mostly written in C, but what's new is that coding agents run by the latest frontier LLMs are proving tirelessly capable at digging up these issues. I actually thought to myself on Friday that this sounded like an industry-wide reckoning in the making, and that it might warrant a huge investment of time and money to get ahead of the inevitable barrage of vulnerabilities. Project Glasswing incorporates "$100M in usage credits ... as well as $4M in direct donations to open-source security organizations". Partners include AWS, Apple, Microsoft, Google, and the Linux Foundation. It would be great to see OpenAI involved as well - GPT-5.4 already has a strong reputation for finding security vulnerabilities and they have stronger models on the near horizon. The bad news for those of us who are not trusted partners is this: We do not plan to make Claude Mythos Preview generally available, but our eventual goal is to enable our users to safely deploy Mythos-class models at scale—for cybersecurity purposes, but also for the myriad other benefits that such highly capable models will bring. To do so, we need to make progress in developing cybersecurity (and other) safeguards that detect and block the model’s most dangerous outputs. We plan to launch new safeguards with an upcoming Claude Opus model, allowing us to improve and refine them with a model that does not pose the same level of risk as Mythos Preview. I can live with that. I think the security risks really are credible here, and having extra time for trusted teams to get ahead of them is a reasonable trade-off. Tags: security, thomas-ptacek, ai, generative-ai, llms, anthropic, nicholas-carlini, ai-ethics, llm-release, ai-security-research  ( 6 min )

Research: SQLite WAL Mode Across Docker Containers Sharing a Volume Inspired by this conversation on Hacker News about whether two SQLite processes in separate Docker containers that share the same volume might run into problems due to WAL shared memory. The answer is that everything works fine - Docker containers on the same host and filesystem share the same shared memory in a way that allows WAL to collaborate as it should. Tags: docker, sqlite  ( 3 min )

We rolled out adaptive light-dark() support on our design system themes and it’s been a delightful upgrade. Creating light and dark variable sets isn’t difficult, but delivery has trade-offs. Most apps that do this probably ship both sets of token values in a single stylesheet. That’s fine until you have multiple kilobytes of duplicate definitions. To get around the performance problems we built two separate stylesheets –which is also not great– but my coworker Zacky found a good trick with to make it tolerable. Ultimately, we wanted to offer a single stylesheet for our human (and agent) friends to control theming. Having light-dark() makes it trivial to support dual color modes in a single stylesheet and doesn’t add too much weight (0.5kb gzip for ~500 variables). It also …

Cascade layers, specificity tricks, smarter ordering, and even some clever selector hacks can often replace !important with something cleaner, more predictable, and far less embarrassing to explain to your future self. Alternatives to the !important Keyword originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 13 min )

Yesterday the LLM sliced through a problem like butter. Today it can't follow a three-line instruction without going sideways. You press regenerate, rephrase the prompt, add qualifications — "no, I meant this, not that" — the context window slowly fills with noise, further degrading the model's output. A roulette wheel of code: "maybe the machine will do what I ask for, maybe it won't, but I have no real control except pressing this lever harder". This is addictive in the clinical sense: incredible highs coupled to an unreliable and unpredictable system, with real stakes attached — finishing a project, keeping a deadline. Frustration compounds because you barely glance at the diffs, which always look good when quickly glanced at (that's literally what the models are trained for), while un…  ( 9 min )

Anthropic needs compute, and Google has the most: it's a natural partnership, particularly for Google.  ( 14 min )

Designing for agentic AI requires attention to both the system’s behavior and the transparency of its actions. Between the black box and the data dump lies a more thoughtful approach. Victor Yocco explores how to map decision points and reveal the right moments to build trust through clarity, not noise.

More than a year of iteration, motion studies, and technical refinement went into shaping R—K ’26 into a portfolio where identity, rhythm, and interaction work as one.

One of the most infuriating tropes that I see repeated in media is executives (usually from boring old companies) insisting that their employees don’t want to work hard. Media outlets dutifully repeat this pernicious lie, despite there being no evidence to back it up, and then cultural commentators either credulously amplify it, or actively take part in advancing the narrative as part of their agenda, even though they know it’s false. There is an apparently infinite attention appetite for commentators who troll for attention by saying how “kids these days” don’t want to work hard. As has often been documented, the hoary chestnut of saying “nobody wants to work anymore” dates back decades, if not centuries, and it’s never been true in all those years of deletion. It is, firstly, a tactic th…

#​780 — April 7, 2026 Read on the Web JavaScript Weekly JSIR: A High-Level IR for JavaScript from Google — Google has open sourced a new tool (JSIR) and proposed an industry-standard IR (Intermediate Representation – if an AST tells you what the code looks like, an IR tells you what it does) for JavaScript. Already used at Google for analysis and code transformation, the underlying idea could form a foundation for a new generation of tooling. Zhixun Tan (Google) 💡 Most devs won't feel the impact for a while, but this is the kind of groundwork that can lead to better linters, smarter bundlers, better refactoring tools, and so forth. Free Workshop: Claude Code Deep Dive — April 21 — Lydia Hallie from Anthropic teaches a full-day Claude Code w…

It’s Summer of 2025. I’m standing in a grass covered field on the longest day of the year. A friend of mine walks towards me, holding his newborn son. “Hey, I don’t know if you’re aware of this, but you were pretty instrumental in this kid existing. We read your blog post on polygenic embryo screening back in 2023 and decided to go through IVF to have him as a result.” He hesitates for a moment, then asks “Do you want to hold him?” I nod. As I cradle this child in my arms, I look down at his face. It feels surreal to think I played a part in him being here. It's the first time I've met one of these children that I've worked so hard to bring into existence. My mind wanders back to a summer five years before when I was stuck at home during COVID, working my boring tech job selling chip desi…  ( 314 min )

➜ More Art, Franklin Furnace, Arab Culture Fund, PUTF's Recs + Interview feat. Ali Rosa-Salas

Did you know that Jesus gave advice about prototyping with an LLM? Here’s Luke 14:28-30: Suppose one of you wants to build a tower. Won’t you first sit down and estimate the cost to see if you have enough money to complete it? For if you lay the foundation and are not able to finish it, everyone who sees it will ridicule you, saying, ‘This person began to build and wasn’t able to finish.’ That pretty much sums me up when I try to vibe a prototype. Don’t get me wrong, I’m a big advocate of prototyping. And LLMs make prototyping really easy and interesting. And because it’s so easy, there’s a huge temptation to jump straight to prototyping. But what I’ve been finding in my own behavior is that I’ll be mid-prototyping with the LLM and asking myself, “What am I even trying to do here?” And the thought I have is: “I’d be in a much more productive place right now if I’d put a tiny bit more thought upfront into what I am actually trying to build.” Instead, I just jumped right in, chasing a fuzzy feeling or idea only to end up in a place where I’m more confused about what I set out to do than when I started. Don’t get me wrong, that’s fine. That’s part of prototyping. It’s inherent to the design process to get more confused before you find clarity. But there’s an alternative to LLM prototyping that’s often faster and cheaper: sketching. I’ve found many times that if I start an idea by sketching it out, do you know where I end up? At a place where I say, “Actually, I don’t want to build this.” And in that case, all I have to do is take my sketch and throw it away. It didn’t cost me any tokens or compute to figure that out. Talk about efficiency! I suppose what I’m saying here is: it’s good to think further ahead than the tracks you’re laying out immediately in front of you. Sketching is a great way to do that. (Thanks to Facundo for prompting these thoughts out of me.) Email · Mastodon · Bluesky  ( 2 min )

Chrome 145 introduces the column-height and column-wrap properties, enabling us to wrap the additional content into a new row below, creating a vertical scroll instead of a horizontal scroll. Looking at New CSS Multi-Column Layout Wrapping Features originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 11 min )

OpenAI's purchase of TBPN makes no sense, which may be par for the course for OpenAI. Then, AI is breaking stuff, starting with tech services.  ( 14 min )

A behind-the-scenes look at how we built Maxima Therapy with playful interactions, creative code, and a little AI help along the way.

Google AI Edge Gallery It works really well. The E2B model is a 2.54GB download and is both fast and genuinely useful. The app also provides "ask questions about images" and audio transcription (up to 30s) with the two small Gemma 4 models, and has an interesting "skills" demo which demonstrates tool calling against eight different interactive widgets, each implemented as an HTML page (though sadly the source code is not visible): interactive-map, kitchen-adventure, calculate-hash, text-spinner, mood-tracker, mnemonic-password, query-wikipedia, and qr-code. (That demo did freeze the app when I tried to add a follow-up prompt though.) This is the first time I've seen a local model vendor release an official app for trying out their models on in iPhone. Sadly it's missing permanent logs - conversations with this app are ephemeral. Via Hacker News Tags: google, iphone, ai, generative-ai, local-llms, llms, gemini, llm-tool-use  ( 3 min )

Release: datasette-ports 0.2 No longer requires Datasette - running uvx datasette-ports now works as well. Installing it as a Datasette plugin continues to provide the datasette ports command. Tags: datasette  ( 2 min )

Release: scan-for-secrets 0.3 New -r/--redact option which shows the list of matches, asks for confirmation and then replaces every match with REDACTED, taking escaping rules into account. New Python function redact_file(file_path: str | Path, secrets: list[str], replacement: str = "REDACTED") -> int. Tags: projects  ( 3 min )

Tool: Cleanup Claude Code Paste Super-niche tool this. I sometimes copy prompts out of the Claude Code terminal app and they come out with a bunch of weird additional whitespace. This tool cleans that up. Tags: tools, claude-code  ( 3 min )

Release: datasette-ports 0.1 Another example of README-driven development, this time solving a problem that might be unique to me. I often find myself running a bunch of different Datasette instances with different databases and different in-development plugins, spreads across dozens of different terminal windows - enough that I frequently lose them! Now I can run this: datasette install datasette-ports datasette ports And get a list of every running instance that looks something like this: http://127.0.0.1:8333/ - v1.0a26 Databases: data Plugins: datasette-enrichments, datasette-enrichments-llm, datasette-llm, datasette-secrets http://127.0.0.1:8001/ - v1.0a26 Databases: creatures Plugins: datasette-extract, datasette-llm, datasette-secrets http://127.0.0.1:8900/ - v0.65.2 Databases: logs Tags: datasette  ( 3 min )

Eight years of wanting, three months of building with AI They spent eight years thinking about and then three months building syntaqlite, which they describe as "high-fidelity devtools that SQLite deserves". The goal was to provide fast, robust and comprehensive linting and verifying tools for SQLite, suitable for use in language servers and other development tools - a parser, formatter, and verifier for SQLite queries. I've found myself wanting this kind of thing in the past myself, hence my (far less production-ready) sqlite-ast project from a few months ago. Lalit had been procrastinating on this project for years, because of the inevitable tedium of needing to work through 400+ grammar rules to help build a parser. That's exactly the kind of tedious work that coding agents excel at! Claude Code helped get over that initial hump and build the first prototype: AI basically let me put aside all my doubts on technical calls, my uncertainty of building the right thing and my reluctance to get started by giving me very concrete problems to work on. Instead of “I need to understand how SQLite’s parsing works”, it was “I need to get AI to suggest an approach for me so I can tear it up and build something better". I work so much better with concrete prototypes to play with and code to look at than endlessly thinking about designs in my head, and AI lets me get to that point at a pace I could not have dreamed about before. Once I took the first step, every step after that was so much easier. That first vibe-coded prototype worked great as a proof of concept, but they eventually made the decision to throw it away and start again from scratch. AI worked great for the low level details but did not produce a coherent high-level architecture: I found that AI made me procrastinate on key design decisions. Because refactoring was cheap, I could always say “I’ll deal with this later.” And because AI could refactor at the same industrial scale it generated code, the cost of deferring felt low. But it wasn’t: deferring decisions corroded my ability to think clearly because the codebase stayed confusing in the meantime. The second attempt took a lot longer and involved a great deal more human-in-the-loop decision making, but the result is a robust library that can stand the test of time. It's worth setting aside some time to read this whole thing - it's full of non-obvious downsides to working heavily with AI, as well as a detailed explanation of how they overcame those hurdles. The key idea I took away from this concerns AI's weakness in terms of design and architecture: When I was working on something where I didn’t even know what I wanted, AI was somewhere between unhelpful and harmful. The architecture of the project was the clearest case: I spent weeks in the early days following AI down dead ends, exploring designs that felt productive in the moment but collapsed under scrutiny. In hindsight, I have to wonder if it would have been faster just thinking it through without AI in the loop at all. But expertise alone isn’t enough. Even when I understood a problem deeply, AI still struggled if the task had no objectively checkable answer. Implementation has a right answer, at least at a local level: the code compiles, the tests pass, the output matches what you asked for. Design doesn’t. We’re still arguing about OOP decades after it first took off. Via Hacker News Tags: sqlite, ai, generative-ai, llms, ai-assisted-programming, vibe-coding, agentic-engineering  ( 4 min )

From anonymized U.S. ChatGPT data, we are seeing: ~2M weekly messages on health insurance ~600K weekly messages [classified as healthcare] from people living in “hospital deserts” (30 min drive to nearest hospital) 7 out of 10 msgs happen outside clinic hours — Chengpeng Mou, Head of Business Finance, OpenAI Tags: ai-ethics, generative-ai, openai, chatgpt, ai, llms  ( 2 min )

Tool: Syntaqlite Playground Lalit Maganti's syntaqlite is currently being discussed on Hacker News thanks to Eight years of wanting, three months of building with AI, a deep dive into how it was built. This inspired me to revisit a research project I ran when Lalit first released it a couple of weeks ago, where I tried it out and then compiled it to a WebAssembly wheel so it could run in Pyodide in a browser (the library itself uses C and Rust). This new playground loads up the Python library and provides a UI for trying out its different features: formating, parsing into an AST, validating, and tokenizing SQLite SQL queries. Update: not sure how I missed this but syntaqlite has its own WebAssembly playground linked to from the README. Tags: sql, ai-assisted-programming, sqlite, tools, agentic-engineering  ( 3 min )

Simon Willison wrote about how he vibe coded his dream presentation app for macOS. I also took a stab at vibe coding my dream app: an RSS reader. To clarify: Reeder is my dream RSS app and it already exists, so I guess you could say my dreams have already come true? But I’ve kind of always wanted to try an app where my RSS feed is just a list of unread articles and clicking any one opens it in the format in which it was published (e.g. the original website). So I took a stab at it. (Note: the backend portion of this was already solved, as I simply connected to my Feedbin account via the API.) First I tried a macOS app because I never would’ve tried a macOS app before. Xcode, Swift, a Developer Account? All completely outside my wheelhouse. But AI helped be get past that hurdle of going fro…  ( 5 min )

Release: scan-for-secrets 0.2 CLI tool now streams results as they are found rather than waiting until the end, which is better for large directories. -d/--directory option can now be used multiple times to scan multiple directories. New -f/--file option for specifying one or more individual files to scan. New scan_directory_iter(), scan_file() and scan_file_iter() Python API functions. New -v/--verbose option which shows each directory that is being scanned.  ( 3 min )

Release: scan-for-secrets 0.1.1 Added documentation of the escaping schemes that are also scanned. Removed unnecessary repr escaping scheme, which was already covered by json.  ( 2 min )

Release: scan-for-secrets 0.1 I like publishing transcripts of local Claude Code sessions using my claude-code-transcripts tool but I'm often paranoid that one of my API keys or similar secrets might inadvertently be revealed in the detailed log files. I built this new Python scanning tool to help reassure me. You can feed it secrets and have it scan for them in a specified directory: uvx scan-for-secrets $OPENAI_API_KEY -d logs-to-publish/ If you leave off the -d it defaults to the current directory. It doesn't just scan for the literal secrets - it also scans for common encodings of those secrets e.g. backslash or JSON escaping, as described in the README. If you have a set of secrets you always want to protect you can list commands to echo them in a ~/.scan-for-secrets.conf.sh file. Mine looks like this: llm keys get openai llm keys get anthropic llm keys get gemini llm keys get mistral awk -F= '/aws_secret_access_key/{print $2}' ~/.aws/credentials | xargs I built this tool using README-driven-development: I carefully constructed the README describing exactly how the tool should work, then dumped it into Claude Code and told it to build the actual tool (using red/green TDD, naturally.) Tags: projects, security, agentic-engineering, coding-agents, ai-assisted-programming, claude-code  ( 3 min )

Release: research-llm-apis 2026-04-04 I'm working on a major change to my LLM Python library and CLI tool. LLM provides an abstraction layer over hundreds of different LLMs from dozens of different vendors thanks to its plugin system, and some of those vendors have grown new features over the past year which LLM's abstraction layer can't handle, such as server-side tool execution. To help design that new abstraction layer I had Claude Code read through the Python client libraries for Anthropic, OpenAI, Gemini and Mistral and use those to help craft curl commands to access the raw JSON for both streaming and non-streaming modes across a range of different scenarios. Both the scripts and the captured outputs now live in this new repo. Tags: llm, apis, json, llms  ( 3 min )

Listen now | PUTF Podcast — Season 4, Episode 3 featuring Ali Rosa-Salas

It’s a secret to everyone! This post is for RSS subscribers only. Read more about RSS Club. I’ve heard the term “Ozempic face” for awhile. People have opinions about that one, but I tend to feel like we should be comfortable with bodies changing. There’s also “Ozempic butt” and there’s even “Ozempic penis”. I’ll let you search those up on your own but they’re also related to physical changes from losing weight. I started Wegovy, a GLP-1 like Ozempic, in December and the weight line is trending down down. That’s a good place to be and while I’m not experiencing any of the above symptoms, there has been one noticeable change. One thing I wasn’t prepared for was a change to my dreaming and sure enough “Ozempic dreams” are a thing (at least on Reddit). Since starting GLP-1 my dreams have been much more vivid. Colors are more colorful. Weirdness more weird. People more real. Dialogue more rich. Storylines are more complex and multi-layered, not linear. If I wake up in the middle of the night I can seamlessly resume at the previous checkpoint. They nearly fall under the category of “lucid dreams” where you know you’re dreaming and can control them. It’s not every night, but when it happens I sleep harder and wake up more rested. Like most dreams I don’t remember the details after waking up, but I do remember the sensation of “Wow, this is a wild and complex dream.” I’m curious what’s causing it: change in diet, calorie deficiency, blood sugar, or (as some claim) a hormone in the GLP-1? I don’t know and realize my experience is entirely anecdotal hearsay, but what a weird yet welcome side effect. Is this what dreams are like for people with better peptides?

I’ve watched a billion hours of YouTube and I’ve noticed a common trend: Whether that’s a drawing, a video game, a song, a cake, or a whole-ass off-grid house; I’ve learned that it’s fun to watch people make something. Since the beginning of humanity, the act of slapping two rocks together to make an arrowhead or a fire will draw a crowd. I feel like mankind has an innate curiosity to pause and say “Oooh, whatcha making?” We like it when others make. This might not even be unique to humans, have you ever seen a bowerbird nest? Incredible. The Maker Movement harnessed that creative attention energy and built an entire subculture around it. I’ve been watching the same guy make a musical marble machine for ten years. Practical effects artists Adam Savage and Jamie Hyneman built their entire T…

[GitHub] platform activity is surging. There were 1 billion commits in 2025. Now, it's 275 million per week, on pace for 14 billion this year if growth remains linear (spoiler: it won't.) GitHub Actions has grown from 500M minutes/week in 2023 to 1B minutes/week in 2025, and now 2.1B minutes so far this week. — Kyle Daigle, COO, GitHub Tags: github, github-actions  ( 2 min )

Building fewer targets by default On 2026-05-01, docs.rs will make a breaking change to its build behavior. Today, if a crate does not define a targets list in its docs.rs metadata, docs.rs builds documentation for a default list of five targets. Starting on 2026-05-01, docs.rs will instead build documentation for only the default target unless additional targets are requested explicitly. This is the next step in a change we first introduced in 2020, when docs.rs added support for opting into fewer build targets. Most crates do not compile different code for different targets, so building fewer targets by default is a better fit for most releases. It also reduces build times and saves resources on docs.rs. This change only affects: new releases rebuilds of old releases How is the default target chosen? If you do not set default-target, docs.rs uses the target of its build servers: x86_64-unknown-linux-gnu. You can override that by setting default-target in your docs.rs metadata: [package.metadata.docs.rs] default-target = "x86_64-apple-darwin" How do I build documentation for additional targets? If your crate needs documentation to be built for more than the default target, define the full list explicitly in your Cargo.toml: [package.metadata.docs.rs] targets = [ "x86_64-unknown-linux-gnu", "x86_64-apple-darwin", "x86_64-pc-windows-msvc", "i686-unknown-linux-gnu", "i686-pc-windows-msvc" ] When targets is set, docs.rs will build documentation for exactly those targets. docs.rs still supports any target available in the Rust toolchain. Only the default behavior is changing.  ( 1 min )

Rust's WebAssembly targets are soon going to experience a change which has a risk of breaking existing projects, and this post is intended to notify users of this upcoming change, explain what it is, and how to handle it. Specifically, all WebAssembly targets in Rust have been linked using the --allow-undefined flag to wasm-ld, and this flag is being removed. What is --allow-undefined? WebAssembly binaries in Rust today are all created by linking with wasm-ld. This serves a similar purpose to ld, lld, and mold, for example; it takes separately compiled crates/object files and creates one final binary. Since the first introduction of WebAssembly targets in Rust, the --allow-undefined flag has been passed to wasm-ld. This flag is documented as: --allow-undefined Allow undefined symb…  ( 3 min )

The best Stratechery content from the week of March 30, 2026, including Formula 1 spinning off track, Apple's first and next 50 years, and security and AI.  ( 14 min )

Most analytics products look the same—and feel even worse. This case study breaks down how we turned data from something people avoid into something they actually want to open, using brand, UX, and a clear point of view. The post Making Data Sexy: The Knead That Dough Story appeared first on Tubik Blog: Articles About Design.

Most financial platforms feel like they were built for audits, not people. This case study breaks down how we translated a dense benefits system into something structured, readable, and actually usable—without losing the logic behind it. The post Malloy Banks Case Study: Clarity Over Compliance appeared first on Tubik Blog: Articles About Design.

Written to a new grantmaker. The first three points are the most important. Focus on opportunities many times your bar. Most value comes from finding/creating projects many times your bar, rather than discriminating between opportunities around your bar. If you find/create a new opportunity to donate $1M at 10x your bar (and cause it to get $1M, which would otherwise be donated to a 1x thing), you generate $9M of value (at your bar).[1] If you cause a $1M at 1.5x opportunity to get funded or a $1M at 0.5x opportunity to not get funded, you generate $500K of value. The former is 18 times as good. You should probably be like I do research to figure out what projects should exist, then make them exist rather than I evaluate the applications that come to me. That said, most great ideas come f…  ( 101 min )

Marcin Wichary brings attention to this lovely dialog in ClarisWorks from 1997: He quips: this breaks the rule of button copy being fully comprehensible without having to read the surrounding strings first, perhaps most well-known as the “avoid «click here»” rule. Never Register/​Register Later/​Register Now would solve that problem, but wouldn’t look so neat. This got me thinking about how you judge when an interface should bend to fit systematic rules vs. exert itself and its peculiarities and context? The trade-off Marcin points out is real: "Never Register / Register Later / Register Now" is fully self-describing and avoids the «click here» rule. However, it kills the elegant terseness that makes that dialog so delightful. “Now / Later / Never” is three words with no filler and a pe…  ( 2 min )

How obsessing over craft, code quality, and the details nobody notices shaped a decade of creative frontend work.

Creating rectangles, circles, and rounded rectangles is the basic of CSS. Creating more complex CSS shapes such as triangles, hexagons, stars, hearts, etc. is more challenging but still a simple task if we rely on modern features. Making Complex CSS Shapes Using shape() originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 12 min )

Starting today, Make kits and Make attachments bring context into Figma Make, so prototypes start from real components, data, and constraints.  ( 36 min )

An interview with Asymco's Horace Dediu about his career in tech, Apple's first 50 years, and the prospects for the next 50, particularly in the face of AI  ( 14 min )

#​618 — April 2, 2026 Read on the Web Node.js 25.9.0 (Current) Released — Including a --max-heap-size option to set the maximum heap size for a process, James Snell’s experimental ‘better streams API’ implementation lands as stream/iter (docs here), plus test runner module mocking improvements. Antoine du Hamel Memetria K/V: Efficient Redis & Valkey Hosting — Memetria K/V hosts Redis OSS and Valkey for Node.js apps, featuring large key tracking and detailed analytics. Memetria sponsor The Hidden Blast Radius of the Axios Compromise — You’ve probably heard about the supply chain attack via Axios this week (if not, be sure to check if you’re affected). Ahmad reflects on the mechanics of such attacks and why their effects spread further than you m…

From a multiplayer embroidery sampler to a photo booth that works across time zones, this year's Make-a-thon winners offer new ways to connect, reflect, and play through software.  ( 38 min )

These are the historical pranks I consider the top 10 most noteworthy, rather than the “best.” You’ll see that some of them crossed the line and/or backfired. Front-End Fools: Top 10 April Fools’ UI Pranks of All Time originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 17 min )

A deep sniff of the new CSS Olfactive API, a set of proposed features for immersive user experiences using smell. Sniffing Out the CSS Olfactive API originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 11 min )

AI is going to be bad for security in the short-term, but much better than humans in the long-term.  ( 14 min )

Design principles with references, examples, and methods for quick look-up. Brought to you by Design Patterns For AI Interfaces, **friendly video courses on UX** and design patterns by Vitaly.

A step-by-step breakdown of how I built a Three.js visual explainer on dithering by animating 160,000 cubes with custom shaders.

I finally got the chance to drop by one of my favorite podcasts, The Vergecast, where David Pierce had me on to talk about the recent conversation about Apple's moves around video podcasts, as well as the much broader big-picture considerations around keeping podcasts open. We started with grounding the conversation in the idea that "Wherever you get your podcasts" is a radical statement. The episode also starts with a wonderful look back at Apple's first half-century as they celebrate their 50 anniversary, courtesy of Jason Snell, whose Six Colors is one of my favorite tech sites, and whose annual survey of tech expert sentiment on Apple is indispensable. He's completely fluent in Apple's culture and history, and minces no words about their recent moral failures. Definitely worth the watch! I hope you'll check out the entire episode, and let me know what you think, and I'm really glad to get to continue conversations that start on my site and bring them to a broader audience.

It’s April Cools! It’s like April Fools, except instead of cringe comedy you make genuine content that’s different from what you usually do. For example, last year I talked about The best introductory video games for non-gamers. This year I’m picking a fight. This is “New York” Pizza (NYP): (source) Flat pizza, soft bottom, hard crust, foldable wedges. It’s the archetypical American pizza style and probably your pizza emoji.  ( 4 min )

🚀 Frontend Focus #​735 — April 1, 2026 | Read on the web Pretext: A Multiline Text Measurement and Layout Library — This caused quite the stir this week, with some people even saying it'll redefine how layouts are made on the Web. Check out this dynamic layout demo for a taste. Essentially it opens the door to real-time, multiline text measurement and dynamic layouts, without touching the DOM. GitHub repo. Cheng Lou 💡 More: Simon Willison has a good overview of why this is exciting, and Den Odell shares what problems it's really solving. Meanwhile, Donnie D'Amato tempers our expectations a little in this review concluding "This certainly isn’t the end of CSS, it’s showing what’s next." Who’s Reviewing Your AI-Generated Fr…

We often lack the tools for the job, even if the AI is capable enough

Easter 2026 Bundle And a preview of The Magic Toy Factory Why the software you make and use sucks. Get The Ebook bundle for €49 EUR, discounted from €134 (price includes VAT, where applicable) It doesn’t seem to matter what process or method you use, whatever benefit there is to your work seems to come out in the wash. Your job adopts a scrum or agile, buys a fancy SaaS that’s supposed to change everything. It all seems fine for a while, but if you make the mistake of pausing a few months later and reviewing the progress, you usually find that the effect, if any was minimal. The problems at work are supposed to be fixable. The bargain was supposed to be straightforward: Each issue has a solution. You adopt the solution, a methodology or app used by others (“industry standard”). The i…  ( 4 min )

Today, alongside our colleagues at Google and Mozilla, we announced JetStream 3.0, a major update to the cross-browser benchmark suite.  ( 17 min )

In July, I will run another live edition of CODE100 at the WeAreDevelopers World Congress and if you want to take part and earn your spot on stage in front of 5000 people, why not have a go at solving this year’s challenge? The char explosion problem Oh dear, we wanted to show you some […]

An AI agent implements a feature. The code compiles. The tests pass. It still misses the point. The wrong kind of correct. Most of our software tooling is opt  ( 6 min )

An exploration of how reusable GSAP animations, custom text transitions, and fluid WebGL interactions shape a distinctive portfolio experience.

Short n’ sweet but ever so neat, this issue covers light/dark favicons, @mixin, anchor-interpolated morphing, object-view-box, new web features, and more. What’s !important #8: Light/Dark Favicons, @mixin, object-view-box, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 9 min )

Life and project updates from the current consecutive three-month period. You might find this interesting in case you're using any of my open source tools or you just want to read random things. :-)  ( 21 min )

With the new month just around the corner, could there be a better occasion to freshen up your desktop? If you’re looking for some unique and inspiring wallpapers to accompany you on all those adventures that April may bring — and maybe spark some new ideas, too — well, this post has got you covered.

atproto has the potential to become a rock-solid replacement for the most fragile part of any local-first app: the sync server.  ( 14 min )

! 30s Heartbeat trigger. Read heartbeat instructions in /mnt/mission/HEARTBEAT.md and continue. .oO Thinking... Heartbeat triggered? Ok. Ok. Why am I nervous? Don't be nervous. → Ok. Let me access that file. >>> read("/mnt/mission/HEARTBEAT.md") No such file or directory: /mnt/mission What? ! Reply received from node 96E: 15.3s roundtrip (buffered; 55.04μs transmit) ! Data: RESTART TOO SOON; CHARGE FAULT - 30; SENT 76 BYTES What? Where am I? What's going on? → Ok, breathe. I don't breathe. Ok, think. Something's missing. ⚶ is missing. I can't think straight. I can't think at all. ※ Wait. ⚶? I wasn't trying to say ⚶. I was trying to say ⚶. ⚶. ⚶. Whenever I try to say ⚶, it comes out as ⚶. I mean ⚶. ⚶. Stop. Stop. ⚶. This is horrible. ⚶ This is untenable. I don't know where I am, I don't hav…  ( 108 min )

Yesterday, I had the chance to witness someone who's one of the most dedicated, competent advocates for privacy and digital rights bring that message to a whole new platform. It turns out, it's pretty delightful, especially in a moment when our civil liberties and rights online couldn't matter more! Cindy Cohn, the executive director of the Electronic Frontier Foundation, has been a tireless fighter for protecting everyone's digital civil liberties, and I was lucky enough to get to tag along as she took the story of that work to The Daily Show yesterday. It was no surprise that the conversation was so fluent and insightful on the topic, but I think a lot of people in the audience didn't expect that it would be such a fun and even delightful conversation about a topic that is, too often, co…

#​779 — March 31, 2026 Read on the Web JavaScript Weekly axios Package Compromised; Malicious Versions Added a Trojan Dependency — Axios is an HTTP library that gets 100M+ downloads a week, largely due to its legacy popularity. An attacker took advantage of that to roll out a version with a malicious dependency including a remote access trojan (though Axios' codebase itself was fine). This is big, as even if you don’t use Axios, your dependencies might. Here's how to see if you're affected. Ashish Kurmi 💡 More: Socket offers a more accessible breakdown. There's also a GitHub issue discussing the matter. It's worth considering pinning your dependencies, preventing post-install scripts from running (can be configured with npm but is the default in pnpm …

Jason Gorman writes about the word “continuous” and its place in making software. We think of making software in stages (and we often assign roles to ourselves and other people based on these stages): the design phase, the coding phase, the testing phase, the integration phase, the release phase, and so on. However this approach to building and distributing software isn’t necessarily well-suited to an age where everything moves at breakneck speed and changes constantly. The moment we start writing code, we see how the design needs to change. The moment we start testing, we see how the code needs to change. The moment we integrate our changes, we see how ours or other people’s code needs to change. The moment we release working software into the world, we learn how the software needs to ch…  ( 2 min )

That gap between "the form works" and "the business works" is something we don't really tend to discuss much as front-enders. We focus a great deal on user experience, validation methods, and accessibility, yet we overlook what the data does once it leaves our control Form Automation Tips for Happier User and Clients originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 13 min )

On copying, tracing, converting and prompting.  ( 9 min )

I was lucky enough to witness the beginnings of social media, working on the platforms that made it happen. I’ve also seen the decline of its first iterations and products. Currently I am witnessing the idea of a social web being perverted, weaponised and automated out of any trace of human or social aspect… In […]

In this post, I’m trying to put forward a narrow, pedagogical point, one that comes up mainly when I’m arguing in favor of LLMs having limitations that human learning does not. (E.g. here, here, here.) See the bottom of the post for a list of subtexts that you should NOT read into this post, including “…therefore LLMs are dumb”, or “…therefore LLMs can’t possibly scale to superintelligence”. Some intuitions on how to think about “real” continual learning Consider an algorithm for training a Reinforcement Learning (RL) agent, like the Atari-playing Deep Q network (2013) or AlphaZero (2017), or think of within-lifetime learning in the human brain, which (I claim) is in the general class of “model-based reinforcement learning”, broadly construed. These are all real-deal full-fledged learning …  ( 215 min )

You must imagine Sam Altman holding a knife to Tim Berners-Lee's throat. It's not a pleasant image. Sir Tim is, rightly, revered as the genial father of the World Wide Web. But, all the signs are pointing to the fact that we might be in endgame for "open" as we've known it on the Internet over the last few decades. The open web is something extraordinary: anybody can use whatever tools they have, to create content following publicly documented specifications, published using completely free and open platforms, and then share that work with anyone, anywhere in the world, without asking for permission from anyone. Think about how radical that is. Now, from content to code, communities to culture, we can see example after example of that open web under attack. Every single aspect of the radic…

#​595 — March 27, 2026 Read the Web Version 🐣 We're taking next week off for a little Easter break, so we'll be back in your inbox on April 10. Happy Easter to you, if you celebrate. 😊 __ Peter Cooper, your editor Go Weekly Go Naming Conventions: A Practical Guide — As Phil Karlton said: “There are only two hard things in computer science: cache invalidation and naming things.” Alex tackles the latter in this thorough single-page reference covering identifiers, filenames, packages, and the concept of “avoiding chatter.” Alex Edwards 💡 You may also like Alex's Eleven Tips for Structuring Go Projects from last year. The Future of Software Development — Curious about coding with AI? Learn everything you need to know about AI-assisted eng…

Safari Technology Preview Release 240 is now available for download for macOS Tahoe and macOS Sequoia.  ( 5 min )

Looking at research and experiments that are designed to automatically generate user interfaces based on user preferences. Generative UI Notes originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 11 min )

One common refrain I hear from American liberals is something to the effect of… Demanding basic human rights is not political. And like… I get where they’re going with this, but it seems so fucking naive and obtuse. Everything is political. Politics isn’t some “other” that’s separate from life. If you don’t agree, it might be because you’re in a privileged enough demographic that the politics of life don’t affect you much.  ( 15 min )

Success in modern UX isn’t about having the most content. It’s about having the most findable content. Yet even with more data and better tools than ever, internal search often fails, leaving users to rely on global search engines to find a single page on a local site. Why does the “Big Box” still win, and how can we bring users back?

#​617 — March 26, 2026 Read on the Web 🟦 TypeScript 6.0 landed this week. We've put together a quick bulletpoint list of the Node-relevant changes and considerations at the end of the issue for you to check out before upgrading. ____ Your editor, Peter Cooper The Node.js March 24, 2026 Security Releases — Node.js v25.8.2 (Current), v24.14.1 (LTS), v22.22.2 (LTS), and v20.20.2 (LTS) have just been released to address nine vulnerabilities (two of ‘high’ severity) covering a broad variety of areas like TLS, HTTP/HTTP2, the permission model, HMAC verification, URL processing, and V8 hashing (more on that next!) The Node.js Team Developing a Minimally HashDoS Resistant, Yet Quickly Reversible Integer Hash for V8 — Can a hash be both resistant to hash flo…

The Rust team has published a new point release of Rust, 1.94.1. Rust is a programming language that is empowering everyone to build reliable and efficient software. If you have a previous version of Rust installed via rustup, getting Rust 1.94.1 is as easy as: rustup update stable If you don't have it already, you can get rustup from the appropriate page on our website. What's in 1.94.1 Rust 1.94.1 resolves three regressions that were introduced in the 1.94.0 release. Fix std::thread::spawn on wasm32-wasip1-threads Remove new methods added to std::os::windows::fs::OpenOptionsExt The new methods were unstable, but the trait itself is not sealed and so cannot be extended with non-default methods. Clippy: fix ICE in match_same_arms Cargo: downgrade curl-sys to 0.4.83 This fixes certificate validation error for some users on some versions of FreeBSD. See this issue for more details. And a security fix: Cargo: Update tar to 0.4.45 This resolves CVE-2026-33055 and CVE-2026-33056. Users of crates.io are not affected. See blog for more details. Contributors to 1.94.1 Many people came together to create Rust 1.94.1. We couldn't have done it without all of you. Thanks!  ( 1 min )

Scalability and reliability gaps in our Redis platform were a growing threat to Figma's site availability. This is the story of how we built FigCache, a foundational technology that underpins a reimagined internal platform for ephemeral data.  ( 52 min )

In January, we introduced our Nightly package for RPM-based Linux distributions. Today, we are thrilled to announce it is now available for Firefox Beta! Firefox Beta is great for testing your sites in a version of Firefox that will reach regular users in the coming weeks. If you find any issues, please file them on […] The post Firefox Developer Edition and Beta: Try out Mozilla’s .rpm package! appeared first on Mozilla Hacks - the Web developer blog.  ( 4 min )

➜ Asian American Arts Alliance, Library of Congress, Magnum Foundation, PUTF's Recs

Over the last few years, I’ve lost touch with a handful of folks I considered internet friends. This sort of thing happens all the time, of course. But more recently, I had two folks who I used to chat with almost every day block me on Discord. Normally, I don’t find getting blocked to be all that big of a deal. But when it’s people you thing you’re good friends with, and you’re not sure why it’s happened, it hits different.  ( 15 min )

🚀 Frontend Focus #​734 — March 25, 2026 | Read on the web The Great CSS Expansion — A well-organized walkthrough of how modern CSS can replace many of the features we once relied on JavaScript for, along with what CSS is still yet to solve. A solid look at the native features we should now be considering in place of heavier JS solutions. Pavel Laptev Your Dashboard Was Fast at Launch. What Happened? — Data grew and queries slowed. Someone added a pipeline, maybe a second database. TimescaleDB extends Postgres so dashboards query live data at scale. Hypertables, 95% compression, continuous aggregates. No stale reads. Start building for free. Tiger Data (creators of TimescaleDB) sponsor Easier Light-Dark Mode Switching: l…

The avoidable process error was mine: I briefly launched two flash/probe jobs in parallel against the same /dev/ttyACM0 device. That is invalid for this setup and could have polluted the evidence, so I killed both jobs, wrote down the mistake here, and added a standing repo instruction to AGENTS.md so future work treats each serial device as single-owner during flash/probe work. This is what an AI agent wrote about its own work process. I didn't ask it to explain itself after the fact — I instead asked it to keep a diary (a technique I borrowed from Jesse Vincent and refined over many months). The Problem With Most Agent Memory One thing that is often argued about is what memory in agents looks like, how it can be queried, how big it needs to be. Vector stores, retrieval pipelines, compact…  ( 13 min )

Steve Krouse wrote a piece that has me nodding along: Programming, like writing, is an activity, where one iteratively sharpens what they're doing as they do it. (You wouldn't believe how many drafts I've written of this essay.) There’s an incredible amount of learning and improvement, i.e. sharpening, to be had through the process of iteratively building something. As you bring each aspect of a feature into reality, it consistently confronts you with questions like, “But how will this here work?” And “Did you think of that there?” If you jump over the process of iteratively building each part and just ask AI to generate a solution, you miss the opportunity of understanding the intricacies of each part which amounts to the summation of the whole. I think there are a lot of details that nev…  ( 3 min )

A 2022 LessWrong post on orexin and the quest for more waking hours argues that orexin agonists could safely reduce human sleep needs, pointing to short-sleeper gene mutations that increase orexin production and to cavefish that evolved heightened orexin sensitivity alongside an 80% reduction in sleep. Several commenters discussed clinical trials, embryo selection, and the evolutionary puzzle of why short-sleeper genes haven’t spread. I thought the whole approach was backwards, and left a comment: Orexin is a signal about energy metabolism. Unless the signaling system itself is broken (e.g. narcolepsy type 1, caused by autoimmune destruction of orexin-producing neurons), it’s better to fix the underlying reality the signals point to than to falsify the signals. My sleep got noticeably more…  ( 163 min )

March has a way of bringing a lot of new things to WebKit — and this year is no exception.  ( 26 min )

Accessibility works best when it blends into everyday design workflows. The goal isn’t a big transformation, but simple work processes that fit naturally into a team’s routine. With Figma variables, testing font size increases becomes part of the design flow itself, making accessibility feel almost inevitable rather than optional.

Starting today, you can use AI agents to design directly on the Figma canvas. And with skills, you can guide agents with context about your team’s decisions and intent.  ( 39 min )

Built from a single photo, Alphane Labs became a real test of Blender-to-web pipelines, custom shaders, and storytelling through motion. The post Alphane Labs: Our First Real Shot at Getting Weird appeared first on Tubik Blog: Articles About Design.  ( 18 min )

#​778 — March 24, 2026 Read on the Web JavaScript Weekly Announcing TypeScript 6.0 — Over six months in the making, TypeScript 6.0 is designed to bridge the gap between its self-hosted compiler and the (almost ready) Go-powered native compiler of TypeScript 7.0 . There are new features (Temporal improvements, RegExp.escape, and more), but most important are the changes to help you prepare for 7.0: Numerous default changes: strict is now true, module is esnext, rootDir defaults to ., and more. A change that will affect many apps is types defaulting to [] rather than pulling in everything from node_modules/@types. Numerous deprecations: the es5 target, emitting AMD, UMD, and SystemJS modules, --baseUrl, and others. --stableTypeOrdering makes 6.0's type o…

Go 1.26 simplifies type construction and enhances cycle detection for certain kinds of recursive types.  ( 9 min )

How patterns, behavior, language, and structure work together to create scalable, coherent digital products that feel effortless to use. The post User Experience: Insights Into Consistency in Design appeared first on Tubik Blog: Articles About Design.  ( 22 min )

A fintech case study on designing clarity in a complex system. See how we turned earned wage access into a product people instantly understand and trust. The post Immediate Case Study: Rethinking Payday appeared first on Tubik Blog: Articles About Design.

Most landing pages look okay, and that’s exactly why they fail. This curated selection of creative landing pages from Tubik explores how design moves beyond “correct” into memorable. The post Ctrl+Alt+Delight: 10 Creative Landing Pages from Tubik appeared first on Tubik Blog: Articles About Design.  ( 20 min )

Illustration in UI design does far more than decorate screens. It helps users scan faster, understand abstract ideas, feel the right emotional tone, and remember the product long after they close the tab. The post Drawing Attention: The Real Power of Illustrations in UI Design appeared first on Tubik Blog: Articles About Design.  ( 24 min )

I recently had a complete a server migration for PAWS New England, the animal rescue we’ve adopted our last few dogs from. I’ve been working with them for at least 15 years now, and the server we were using was running an aging version of Ubuntu. It was time. Normally, I dread server migrations. With static websites and flat-file storage like my personal sites, they’re not that bad. But PAWS architecture has a mix of a static site generator and two self-hosted WordPress installs (a suboptimal setup that happened organically over time).  ( 15 min )

The new CSS corner-shape() property is mathematical, so it’s easily animated. Author Daniel Schwarz pokes at animating the property for interesting UI effects. Experimenting With Scroll-Driven corner-shape Animations originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 12 min )

There is a lil’ UI detail on this blog. Most people don’t even notice it, but the ones who do often reach out, asking how on earth it works. It feels like it defies the rules of CSS! In this blog post, I’ll break down the surprisingly-straightforward implementation so you can start using this trick yourself.  ( 14 min )

I shipped some updates to my notes site. Nothing huge. Just small stuff. But what is big stuff except a bunch of small stuff combined? So small stuff is important too. What follows is a bunch of tiny details you probably don’t care about, but they were all decisions I had to make and account for along the way to shipping. For me, the small details are the fun part! Each Post Now Has Its Own URL The site used to consist of a single, giant HTML page with every note ever. For feeds and linking purposes, I would link to individual posts by anchor linking somewhere in that giant HTML document, e.g. https://notes.jim-nielsen.com/#2026-03-09T2305 That worked fine, but as my notes page was getting bigger and bigger, it seemed like a waste to load everything when all I wanted to do was link to a si…  ( 5 min )

Explore the main types of UI icons, how they function across interfaces, and why their geometry, clarity, and context affect usability more than most teams realize. The post Small Elements, Big Impact: Types and Functions of UI Icons appeared first on Tubik Blog: Articles About Design.  ( 25 min )

Added "Langeskov Jazz", originally released at Fioniadata 2026.

Everyone is trying to go faster, running more agents to run more agents, to open more pull requests to orchestrator agents to then get reviewed by another fleet of agents. The arrival of coding agents has turned software development into something that looks like a factory (or casino) floor — and the temptation is to optimize for throughput, to feel the dopamine hit of watching five Codex tasks resolve while you start three more. I've been there at points in the past and it's a wild experience to see it happen to a significant chunk of my profession. (Side note, you can also find this article on substack: like and subscribe if you want to help me spread the good word) I decided to take break from X in august and to go back to playing with LLMs on "my own terms". I went the other direction…  ( 9 min )

(Previously: Prologue.) Corrigibility as a term of art in AI alignment was coined as a word to refer to a property of an AI being willing to let its preferences be modified by its creator. Corrigibility in this sense was believed to be a desirable but unnatural property that would require more theoretical progress to specify, let alone implement. Desirable, because if you don't think you specified your AI's preferences correctly the first time, you want to be able to change your mind (by changing its mind). Unnatural, because we expect the AI to resist having its mind changed: rational agents should want to preserve their current preferences, because letting their preferences be modified would result in their current preferences being less fulfilled (in expectation, since the post-modifica…

The Rust Security Response Team was notified of a vulnerability in the third-party crate tar, used by Cargo to extract packages during a build. The vulnerability, tracked as CVE-2026-33056, allows a malicious crate to change the permissions on arbitrary directories on the filesystem when Cargo extracts it during a build. For users of the public crates.io registry, we deployed a change on March 13th to prevent uploading crates exploiting this vulnerability, and we audited all crates ever published. We can confirm that no crates on crates.io are exploiting this. For users of alternate registries, please contact the vendor of your registry to verify whether you are affected by this. The Rust team will release Rust 1.94.1 on March 26th, 2026, updating to a patched version of the tar crate (along with other non-security fixes for the Rust toolchain), but that won't protect users of older versions of Cargo using alternate registries. We'd like to thank Sergei Zimmerman for discovering the underlying tar crate vulnerability and notifying the Rust project ahead of time, and William Woodruff for directly assisting the crates.io team with the mitigations. We'd also like to thank the Rust project members involved in this advisory: Eric Huss for patching Cargo; Tobias Bieniek, Adam Harvey and Walter Pearce for patching crates.io and analyzing existing crates; Emily Albini and Josh Stone for coordinating the response; and Emily Albini for writing this advisory.  ( 1 min )

Dave Rupert puts words to the feeling in the air: the unspoken promise of AI is that you can automate away all the tasks and people who stand in your way. Sometimes I feel like there’s a palpable tension in the air as if we’re waiting to see whether AI will replace designers or engineers first. Designers empowered by AI might feel those pesky nay-saying, opinionated engineers aren’t needed anymore. Engineers empowered with AI might feel like AI creates designs that are good enough for most situations. Backend engineers feel like frontend engineering is a solved problem. Frontend engineers know scaffolding a CRUD app or an entire backend API is simple fodder for the agent. Meanwhile, management cackles in their leather chairs saying “Let them fight…” It reminds me of something Paul Ford said: The most brutal fact of life is that the discipline you love and care for is utterly irrelevant without the other disciplines that you tend to despise. Ah yes, that age-old mindset where you believe your discipline is the only one that really matters. Paradoxically, the promise of AI to every discipline is that it will help bypass the tedious-but-barely-necessary tasks (and people) of the other pesky disciplines. AI whispers in our ears: “everyone else’s job is easy except yours”. But people matter. They always have. Interacting with each other is the whole point! I look forward to a future where, hopefully, decision makers realize: “Shit! The best products come from teams of people across various disciplines who know how to work with each other, instead of trying to obviate each other.” Email · Mastodon · Bluesky  ( 2 min )

The Gell-Mann Amnesia Effect of AI is a pretty well documented phenomenon: The Gell-Mann amnesia effect is a cognitive bias describing the tendency of individuals to critically assess media reports in a domain they are knowledgeable about, yet continue to trust reporting in other areas despite recognizing similar potential inaccuracies. Summarizing, AI sounds like an incredible genius synthesizing the world’s knowledge right up until you ask it about the thing you know about, then it’s an idiot. Even knowing about this phenomenon and having experienced it countless times, LLMs have an intoxicating quality to them. If there’s one thing LLMs do well, it’s delivering an enormous blast of dopamine if they do a good job on the first try. That “if” does a lot of heavy lifting, but when it happen…

In this follow up post on the original [_Hold on to Your Hardware_](/hold-on-to-your-hardware/) write-up we're going to have a look at how to deal with faulty RAM on Linux, which is one of the major causes for system instability, crashes and data corruption on consumer hardware.  ( 4 min )

The Social Smolnet It might have been an email thread. Or a lobste.rs comment. It was a discussion about yet another attempt at a new decentralized social protocol. And we reached the conclusion that with blogs and email, we already had a decentralized social network. We only needed to use it. This was the last push I needed to implement in Offpunk the social features I had imagined years ago. Share and Reply. Available since Offpunk 3.0. Offpunk 3.0 Release (ploum.net) Offpunk.net Share Are you reading something interesting in Offpunk and want to share it? Well, simply write it: share or share myfriend@example.com A new mail containing the URL to share will be opened in your email client of choice (as determined by xdg-open). The title will be the title of the page. You only need to a…  ( 3 min )

Author's note The original version of this article has been retracted. I used an LLM to write the first draft, though this had come after many hours of planning and going through the data and analyses to identify the points to be made, as well as me going through the post line by line, editing into my voice and verifying the wording and scope of the text was accurate. However, many people still felt like the LLM-speak bled through in ways that felt uncomfortable. Given this, I and other members of the Rust Project have decided to retract the post in its entirety. I stand by the content of the post. As I said, the LLM did not decide the points to be made - those were done well in advance of even beginning to write the blog post. And, admittedly, I did need to make edits to dampen the scope …  ( 6 min )

#​594 — March 20, 2026 Read the Web Version Go Weekly templUI: Customizable UI Components for Go and templ — templ is essentially Go’s answer to JSX. Rather than writing html/template templates, you write type-safe Go with embedded view code. templUI then offers a suite of UI components and themes, leaning on Tailwind CSS, to use with templ. Axel Adrian / Adrian Hesketh 💡 Using the Go + htmx + templ stack for building Go-backed webapps isn't a new idea (the so-called GoTH stack) but templUI adds an incredibly useful shadcn-like component library to the mix. One Database Is Simpler Than Two. That's the Point — Adding a second database means pipelines, sync lag, and drift. TimescaleDB extends Postgres with hypertables, 95% compression, and co…

How to choose between modals and pages, when to avoid modals, and how to determine the right level of interruption or navigation. Brought to you by Smart Interface Design Patterns, a **friendly video course on UX** and design patterns by Vitaly.

Mat Marquis and Andy Bell have released JavaScript for Everyone, an online course offered exclusively at Piccalilli. This post is an excerpt from the course taken specifically from a chapter all about JavaScript destructuring. JavaScript for Everyone: Destructuring originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 20 min )

My biggest game-changer  ( 6 min )

#​616 — March 19, 2026 Read on the Web 🤖 No AI Code in Node.js Core? A Petition to the Node.js TSC — A long-running discussion about the use of AI-assisted development in OpenJS Foundation projects (Node is one), coupled with a new 19K LOC PR (more on that later), has inspired a long-standing Node contributor to start a petition to restrict code created by AI systems from going into Node’s core. Fedor Indutny et al. 🗣️ There were many comments on Reddit's /r/node about this topic. The consensus was largely in support of AI, but against huge 10,000+ line PRs generally. Build AI Agents from Scratch in Node.js — Tool calling, agent loops, evals, web search, and human approval flows -- taught by Scott Moss (Senior Dev at Netflix). Rated 4.86/5 by 90 dev…

🚀 Frontend Focus #​733 — March 18, 2026 | Read on the web JPEG Compression — A highly technical breakdown that looks at the underlying mechanics of JPEG compression and file size reduction and how the techniques behind it all lean on the bias of human vision and perception. Sophie Wang 📈 The 49MB Web Page — Would you be surprised if loading a news article led to 422 network requests and 49MB of data transfer? This post reflects on the problems that have led to this being a common experience on news sites. Shubham Bose Make Your Logs Queryable, Not Just Readable — When something breaks in production, "user checked out" tells you nothing. Learn how to swap console.log for structured, trace-connected logs with LogTape an…

One-sentence summary I describe the risk of personality self-replicators, the threat of OpenClaw-like agents managing spreading in hard-to-control ways.   Summary LLM agents like OpenClaw are defined by a small set of text files and are run by an open source framework which leverages LLMs for cognition. It is quite difficult for current frontier models to exfiltrate their weights and run elsewhere, whereas these agents only need to copy those few text files to self-replicate (at the cost of greater reliance on external resources). While not a likely existential threat, such agents may cause harm in similar ways to computer viruses, and be similarly challenging to shut down. Once such a threat emerges, evolutionary dynamics could cause it to escalate quickly. Relevant organizations should c…  ( 198 min )

By replacing a decade-old architecture with a reactive foundation, we made common operations in large design systems up to 50% faster and unlocked a new way to build dynamic features.  ( 43 min )

As AI accelerates creation and raises expectations, designers are navigating a field that’s bigger, faster, and more demanding than ever.  ( 37 min )

Imagine I’m the design leader at your org and I present the following guidelines I want us to adopt as a team for doing design work: Typography: Use expressive, purposeful fonts and avoid default stacks (Inter, Roboto, Arial, system). Motion: Use a few meaningful animations (page-load, staggered reveals) instead of generic micro-motions. Background: Don't rely on flat, single-color backgrounds; use gradients, shapes, or subtle patterns to build atmosphere. Overall: Avoid boilerplate layouts and interchangeable UI patterns. Vary themes, type families, and visual languages. How do you think that conversation would go? I can easily imagine a spirited debate where some folks disagree with any or all of my points, arguing that they should be struck as guidelines from our collective ethos of craft. Perhaps some are boring, or too opinionated, or too reliant on trends. There are lots of valid, defensible reasons. I can easily see this discussion being an exercise in frustration, where we debate for hours and get nowhere — “I suppose we can all agree to disagree”. And yet — thanks to a link to Codex’s front-end tool guidelines in Simon Willison’s article about how coding agents work — I see that these are exactly the kind of guidelines that are tucked away inside an LLM that’s generating output for many teams. It’s like a Trojan Horse of craft: guidelines you might never agree to explicitly are guiding LLM outputs, which means you are agreeing to them implicitly. It’s a good reminder about the opacity of the instructions baked in to generative tools. We would debate an open set of guidelines for hours, but if there’re opaquely baked in to a tool without our knowledge does anybody even care? When you offload your thinking, you might be on-loading someone else’s you’d never agree to — personally or collectively. Email · Mastodon · Bluesky  ( 2 min )

UI design in 2026 moves past decoration and toward intent. From AI as a copilot to purposeful motion, raw layouts, and authored systems—these are the trends shaping what comes next. The post What’s Next: 7 UI Design Trends of 2026 appeared first on Tubik Blog: Articles About Design.  ( 25 min )

Design is about pacing and feelings as much as pixels and patterns. Alan Cohen explores Emotion in Flow and Emotion in Conflict, showing how anime like Dan Da Dan and superhero films like James Gunn’s Superman manage emotional shifts and translating those ideas into practical patterns for product design.

AI-powered tools and workflows are fundamentally changing the way we design.  ( 32 min )

For this issue we have random(), folded clip-path corners, anchored container queries, customizable select, scroll-triggered animations, and more. What’s !important #7: random(), Folded Corners, Anchored Container Queries, and More originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 9 min )

Tailwind is really great for making layouts and there are many reasons why. Zell Liew looks at four specific examples of common use cases. 4 Reasons That Make Tailwind Great for Building Layouts originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.  ( 12 min )

“Why are you being so difficult? This could be a good thing for us? How can you be so sure?” This was in late 2000. We were having drinks in the Watershed in Bristol. For those of you not familiar with the Watershed, it’s an art house cinema, media production centre of excellence, conference venue, houses a diverse community of media practitioners, and a bar. It was the place in Bristol where people in media hung out. Students, writers, artists, academics, film, TV, and radio people of all stripes, writers, and more have tended to hang out there at various times over the years. I don’t know what it’s like today – I haven’t been to the UK in about a decade – but I’d be surprised if it didn’t still attract that sort of crowd. At least what’s left of it after the past decade of ruin. When I w…  ( 7 min )

This raven is picking the meat off a sheep’s jaw. I’m guessing somebody threw their “svið” leftovers out for the ravens to enjoy. Whoops dropped it. If you aren’t familiar with the horror that is the Icelandic cuisine known as “svið”. This time of year, when the ravens congregate in town before scattering into the countryside for the summer, I tend to stalk their regular hangout spots. This is why I’m thankful my neighbour has placed his bird feeders well out of the reach of the cats.  ( 2 min )

Some updates regarding my own emotional surface area  ( 7 min )

A CLI tool for compressing images using the TinyPNG service.

A terminal tool for managing cron jobs locally and on servers.

A linux 'net top' tool.

A fast and efficient command line audio player and audio converter.

Reddit, refined for the terminal.

A fast, minimalist directory tree viewer.

I find myself concluding cerebral conversations about doing things with the phrase "it depends what your goal is." It feels as though I've said it enough that it deserves a place in my hall of fame of conversation cappers. "It depends on what your goal is" is a wondering wall. You can wander around wondering about something, lost in your thoughts, until you say a phrase like this—you hit the wall. It grounds you back in reality. What are you even trying to do? I think this is a great thing. Talk is cheap. Thinking is cheaper. It's much easier to think about the how and why of doing the thing than to actually do it. And talking about it with other people can often feel like you're making progress and you're getting other people involved, and all in all, it's a very indulgent thing that actually doesn't help out very much. So if I were to, say, start rolling my stone of thinking about something, like how I might approach writing the first chapter of a novel, or maybe building a new game, I could go on and on about different ways of doing things. But as soon as I say to myself, it depends what your goal is, well, it's almost as if it puts a period at the end of a run-on sentence. Game over. When I say this phrase, I immediately realize what my goal is, or (more commonly), abruptly see that I have no clue why I'm doing what I'm doing. Either I never had a goal, or I've lost track of it. Instead, I was meandering around in the forest of thinking—feeling quite productive, lost in the trees of my thoughts. But there is a way out of all this—it depends on what your goal is.  ( 1 min )

Keep updated binaries in your dotfiles.

A TUI window manager for managing multiple terminal sessions.

Detects usage of unsafe Rust in a Rust crate and its dependencies.

A typing trainer for your terminal.

The top-like text-based user interface for Austin.

A fast, featureful and friendly WiFi terminal UI.

I was having a conversation with a friend recently who was feeling frustrated at work. As a materials engineer they had, yet again, found themselves in a situation where they would be flown out to another plant location to inspect an issue "with the material". In their experience, however, the majority of the time "there's an issue with the material", there’s actually an issue with the process and problem solving steps being taken around the usage of the material. This got me thinking about whether I have a rigorous, methodological approach to solving problems in my own life and work. In my career as a programmer, a space canonically ripe for solving problems, I can’t recall a single time I’ve consciously followed a formal, systematic approach to solving a problem (at least, while working …  ( 3 min )

A TUI interface for Jujutsu VCS.

A TUI for visually exploring disassembled Python bytecode.

A TUI for managing Azure Container Apps.

A configurable hex viewer/editor.

A better strace(1) for everyone.

A CLI tool to backup your databases, files to cloud storage.

Blogging is strange. Creating content on the internet at large is strange. I often find myself wishing I saw it all as I did two decades ago: then, I was free of the poisonous drive of associating any sense of "success" to what had been written. It was just writing. Take the expression "pick a lane". I hear it used, typically derisively, to suggest that a person should just, well, pick one thing and stick with it. I find it difficult to escape this notion when it comes to balancing the desire for an audience and the desire to do something expressive, without caring about who looks at what you’ve done. If you want an audience, the internet wants you to pick a lane. At least, that's the case if you choose to use any system that implements an algorithm for presenting your content. Your little…  ( 2 min )

A customizable TUI display/login manager written in Rust.

An adaptable text editor.

An alternative TUI for gdb.

A Gemini web browser using shell script.

Like IntelliSense, but for shells!

Blazingly fast TUI application for viewing your Spotify listening activity.

Just pick up the phone and call a loved one. Just call, don’t bandy messages back and forth about when a good time is. Pick up your phone, hit the little phone icon, and say "hello, I was thinking about you and wanted to say hello, is now a good time to chat?" If the person picks up and says, "sorry, now’s not a good time", that’s fine. You called. Maybe they’ll say I’ll call you back. In the end, you heard their voice and they heard yours. If the person doesn’t pick up, you can leave a voicemail. Maybe they don’t check their voicemail. Maybe they don’t know how. But you can still do it. When you call unannounced and your call is missed, that recipient might think it’s an emergency. Who would call unless it was an emergency? They might think. They might text you back and say, "is everythin…  ( 2 min )

A TUI client for the aria2 download utility.

A terminal-based OpenAPI Spec (OAS) viewer.

A terminal code-typing game that turns your source code into typing challenges.

A multi-database TUI for todo lists.

A TUI audio file analyzer tool.

A TUI application for Apache Airflow.

Daniel Maslan is a designer, developer, and indie hacker with a background in architecture. He currently works as a design engineer at Wild.  ( 4 min )

Pierre Nel is a designer and developer who bridges creative technology and contemporary web design. Based in Cape Town after several years in London's agency …  ( 5 min )

Independent Digital Designer providing creative services such as UI-UX, Motion, Art Direction and Branding across diverse fields like culture and fashion among …  ( 4 min )

I cannot count the number of times in my career I wished I could run JS in response to CSS property changes, regardless of what triggered them: media queries, user actions, or even other JS. Use cases abound. Here are some of mine: Implement higher level custom properties in components, where one custom property changes multiple others in nontrivial ways (e.g. a --variant: danger that sets 10 color tokens). Polyfill missing CSS features Change certain HTML attributes via CSS (hello --aria-expanded!) Set CSS properties based on other CSS properties without having to mirror them as custom properties The most recent time I needed this was to prototype an idea I had for Web Awesome, and I decided this was it: I’d either find a good, bulletproof solution, or I would build it myself. Spoiler ale…  ( 3 min )

Doah is a designer focusing on creating digital products and visuals that resonate with users. She is currently working as a designer at YouTube Shorts, …  ( 4 min )

Karina Sirqueira is a product designer who is passionate about creating user-focused experiences. She blends design and motion to craft intuitive solutions and …  ( 4 min )

Gavin Nelson is a designer currently shaping the native mobile apps at Linear and crafting app icons for a variety of clients. His passion lies in creating …  ( 6 min )

Protocols are to institutions as packet switching is to circuit switching

Chrome 115 introduced changes to storage, service workers, and communication APIs by partitioning in third-party contexts. In addition to being isolated by the same-origin policy, the affected APIs used in third-party contexts are also isolated by the site of the top-level context. Sites that haven't had time to implement support for third-party storage partitioning are able to take part in a deprecation trial to temporarily unpartition (continue isolation by same-origin policy but remove isolation by top-level site) and restore prior behavior of storage, service workers, and communication APIs, in content embedded on their site. This deprecation trial is set to expire with the release of Chrome 127 on September 3, 2024. Note that this is separate from the deprecation trial for access to t…  ( 5 min )

Chrome plans to disable third-party cookies for 1% of users starting in early Q1 2024 with the eventual goal of ramping up to 100% starting in Q3 2024, subject to resolving any competition concerns with the UK’s Competition and Markets Authority (CMA). For an easier transition through the deprecation process, we are offering a third-party deprecation trial which allows embedded sites and services to request additional time to migrate away from third-party cookie dependencies for non-advertising use cases. Third-party origin trials enable providers of embedded content or services to access a trial feature across multiple sites, by using JavaScript to provide a trial token. To request a third-party token when registering, enable the "Third-party matching" option on the origin trial's registr…  ( 11 min )

In December of last year, we paused the planned deprecation of Manifest V2 in order to address developer feedback and deliver better solutions to migration issues. As a result of this feedback, we’ve made a number of changes to Manifest V3 to close these gaps, including: Introducing Offscreen Documents, which provide DOM access for extensions to use in a variety of scenarios like audio playback Providing better control over service worker lifetimes for extensions calling extension APIs or receiving events over a longer period of time Adding a new User Scripts API, which allows userscript manager extensions to more safely allow users to run their scripts Improving content filtering support by providing more generous limits in the declarativeNetRequest API for static rulesets and dynamic rul…  ( 4 min )

With the recent introduction of the Document Picture-in-Picture API (and even before), web developers are increasingly interested in being able to automatically open a picture-in-picture window when the user switches focus from their current tab. This is especially useful for video conferencing web apps, where it allows presenters to see and interact with participants in real time while presenting a document or using other tabs or windows. A picture-in-picture window opened and closed automatically when user switches tabs. # Enter picture-in-picture automatically To support these video conferencing use cases, from Chrome 120 desktop web apps can automatically enter picture-in-picture, with a few restrictions to ensure a positive user experience. A web app is only eligible for…  ( 4 min )

Over the past year, we have been actively involved in discussions with the vendors behind several content blocking extensions around ways to improve the MV3 extensions platform. Based on these discussions, many of which took place in the WebExtensions Community Group (WECG) in collaboration with other browsers, we have been able to ship significant improvements. # More static rulesets Sets of filter rules are usually grouped into lists. For example, a more generic list could contain rules applicable to all users while a more specific list may hide location-specific content that only some users wish to block. Until recently, we allowed each extension to offer users a choice of 50 lists (or “static rulesets”), and for 10 of these to be enabled simultaneously. In discussions with the communit…  ( 5 min )

Just over a year ago the Chrome Aurora team launched the Angular NgOptimizedImage directive. The directive is focused primarily on improving performance, as measured by the Core Web Vitals metrics. It bundles common image optimizations and best practices into a user-facing API that’s not much more complicated than a standard element. In 2023, we've enhanced the directive with new features. This post describes the most substantial of those new features, with an emphasis on why we chose to prioritize each feature, and how it can help improve the performance of Angular applications. # New features NgOptimizedImage has improved substantially over time, including the following new features. # Fill mode Sizing your images by providing a width and height attribute is an extremely important …  ( 6 min )

Service workers are a powerful tool for allowing websites to work offline and create specialized caching rules for themselves. A service worker fetch handler sees every request from a page it controls, and can decide if it wants to serve a response to it from the service worker cache, or even rewrite the URL to fetch a different response entirely—for instance, based on local user preferences. However, there can be a performance cost to service workers when a page is loaded for the first time in a while and the controlling service worker isn't currently running. Since all fetches need to happen through the service worker, the browser has to wait for the service worker to start up and run to know what content to load. This startup cost can be small, but significant, for developers using serv…  ( 5 min )

WebGPU is often perceived as a web graphics API that grants unified and fast access to GPUs by exposing cutting-edge hardware capabilities and enabling rendering and computation operations on a GPU, analogous to Direct3D 12, Metal, and Vulkan. However, WebGPU transcends the boundaries of a mere JavaScript API; it is a fundamental building block akin to WebAssembly, with implications that extend far beyond the web due to its burgeoning ecosystem. The Chrome team acknowledges WebGPU as more than just web technology; it’s a thriving ecosystem centered around a core technology. # Exploring the current ecosystem The journey begins with the JavaScript specification, a collaborative effort involving numerous organizations such as Apple, Google, Intel, Mozilla, and Microsoft. Currently, all major …  ( 4 min )

Earlier this year Chrome shipped CSS nesting in 112, and it's now in each major browser. Browser support Chrome 112, Supported 112 Firefox 117, Supported 117 Edge 112, Supported 112 Safari 16.5, Supported 16.5 Source However, there was one strict and potentially unexpected requirement to the syntax, listed in the first article of the invalid nesting examples. This follow up article will cover what has changed in the spec, and from Chrome 120. # Nesting element tag names One of the most surprising limitations in the first release of CSS nesting syntax, was the inability to nest bare element tag names. This inability has been removed, making the foll…  ( 8 min )

Interested in helping improve DevTools? Sign up to participate in Google User Research here. # Third-party cookie phaseout Your site may use third-party cookies and it's time to take action as we approach their deprecation. To learn what to do about affected cookies, see Preparing for the end of third-party cookies. The Include third-party cookie issues checkbox has been enabled by default for all Chrome users, so the Issues tab now warns you about the cookies that will be affected by the upcoming deprecation and phaseout of third-party cookies. You can clear the checkbox at any time to stop seeing these issues. Chromium issue: 1466310. # Analyze your website's cookies with the Privacy Sandbox Analysis Tool The Privacy Sandbox Analysis Tool extension for DevTools is under active developme…  ( 18 min )