Une pétition espère remettre la «grande Sécu» au menu de la campagne présidentielle 2027
Déjà signé par de nombreuses personnalités de gauche, l’appel plaide pour que la Sécurité sociale prenne en charge seule le remboursement des soins essentiels, sur fond d’augmentation des tarifs des mutuelles.
Je code et joue sous PopOS depuis plus de 8 ans. Ça fonctionne très bien pour la grande majorité des jeux (avec steam en tout cas), de Elden ring à Silksong
Bruno v3.0.0 est disponible. Si vous ne connaissez pas encore cet outil ou que vous ne l'utilisez pas encore pour gérer vos API, faites-le, il est tout bonnement génial ! (et existe sous la forme d'une extension VS Code). La liste des nouveautés ▶️ github.com/usebruno/bru...
If you’re a JS dev, here’s one simple change to improve your security: disable postinstall scripts in your npm package manager.
postinstall is the main vector for supply chain attacks from node_modules, but most packages don’t need it.
↓ Thread
When using a backend-as-a-service like Supabase, you can only access the database through an HTTP API. Yet it is still possible to group queries into a transaction, without compromising on security. Read on to learn more. #database #security #NodeJS #supabase
marmelab.com/blog/2025/12...
Où @casilli.bsky.social rappelle qu'avec l'IA, le volume de micro-tâches ne diminue pas : "plus le marché de l’intelligence artificielle générative grandit, plus on a besoin de réentraîner les modèles"
www.rfi.fr/fr/afrique/2...
Comment la surveillance se cache (mal) derrière l’amélioration de la qualité du travail et de la performance. Papier de @laurecoromines.bsky.social, avec (notamment) @clembezard.bsky.social dedans. Le cas à la fin, sur une consultante qui a des remords, est édifiant.
www.lemonde.fr/m-perso/arti...
I thoroughly recommend reading all of Cory Doctorow's recent speech on AI skepticism, it's crammed with new arguments and interesting new ways of thinking about these problems pluralistic.net/2025/12/05/p...
GitLab discovers widespread npm supply chain attack about.gitlab.com/blog/gitlab-... from Lobsters via #gcufeed@libera.chat / gcu.info/gruik/
I've finished my report on burnout in OSS and how to reduce it! Read more (and find the link to the full report) on the Open Source Pledge blog!
Huge thanks to all the OSS devs who shared their perspectives 💜 Let's keep shining a light on this under-recognised issue!
Hello @ec.europa.eu , or whoever is responsible for enforcing the rules, X's AI, Grok, is denying the Holocaust. Holocaust denial is illegal in France. Please don't make an exception when it comes to a billionaire, as usual.
Please take concrete and firm action against this cruel disinformation.
Screenshot of two terminal test runs. In the first run, each React component test takes about 309–331 ms, and the test file finishes in 2.93 s. In the second run, run with THROTTLE_PLUGIN=1, the same tests take about 54–75 ms each, and the file completes in 1.34 s.
❌ If you unit-test a React 19 app, there’s a good chance a chunk of your CI time is being wasted on… 😴 setTimeout.
Wait, what? Yes!
React 19 introduced a minimum delay for showing a Suspense fallback, and hardcoded (!) it to 300ms.
Just 3 tests can waste almost 1 second on absolutely nothing!
En à peine douze ans, la capacité des forêts européennes à absorber le carbone atmosphérique a chuté de 27 %. Je ne sais pas si vous vous rendez compte des conséquences de ce que je viens d'écrire.
1/9
6 years ago I started a side project to build a web accessibility tool that prioritises simple reporting and quick feedback loops so that teams can fix a11y regressions before they affect users.
I am so proud to say that side project is now finished, and A11y Pulse is live.
www.a11ypulse.com
Vitest 4 is out!
- Browser Mode is Stable
- Visual Regression Testing
- Improved Debugging
- Pool Stabilization
- New APIs
- Bug Fixes
Stay updated with our blog post:
vitest.dev/blog/vitest-4
SafeLine est un WAF (Web Application Firewall) open source sous licence GPL v3. Il est conçu pour protéger contre des attaques type xss, injection sql, injection crlf, etc ... Et dispose de tout ce qui est nécessaire (gui, plugins, ...) ⬇️
github.com/chaitin/Safe...
⚠️ Attention ! ⚠️
Une attaque semble en cours sur les banques BPCE (Banque Populaire, Caisse d'Épargne, Crédit Coop...).
Évitez de vous connecter à votre espace client jusqu'à correction.
undercodetesting.com/the-bpce-bre...
Building secure web apps means managing who can do what, both on the client & server-side.🔐
While frameworks like react-admin make client-side Role-Based Access Control (RBAC) a breeze, devs often end up reimplementing the same logic server-side.
The solution?💡: A generic RBAC proxy server👇
AI coding sucks
CJ just one-shotted a 15 min rant and it's incredibly refreshing.
www.youtube.com/watch?v=0ZUk...
Excited to officially launch renoun.dev 🚀
This has been years in the making to deliver a focused set of components, hooks, and utilities in React for building great documentation exactly to your standards that always stay in sync.
React-Admin v5.11.4 is out! 🎉
This release includes:
✅ Fixes for useGetManyAggregate, useDeleteController & <FilterLiveForm>
🎨 <Toolbar> now has a default background
🔗 <ReferenceInput> always returns at least the currently selected reference
& more
🔗 Full changelog: github.com/marmelab/rea...
When teams produce code faster than they can understand it, it creates what I’ve been calling “comprehension debt”. [...] When we have to edit the code ourselves, this debt is the extra time it’s going to take us to understand it first. #AI #Coding codemanship.wordpress.com/2025/09/30/c...
MCP servers make LLM-powered agents super powerful, but also super vulnerable to all kinds of new attacks. The core vulnerability, prompt injection, is still way too easy to trigger. #Security #AI simonwillison.net/2025/Apr/9/m...
"Again and again, accessibility as a topic in web standards is treated as simultaneously too trivial for specialists' technical opinions to be given weight, but also too difficult to get right without a specialist volunteering to tackle the tricky details." alice.boxhall.au/articles/a-t...
Is your frontend team making 10+ API calls per screen and waiting weeks for backend changes?
New article: When you need a Backend-for-Frontend (and when you don't) 🧵
Real examples from Netflix, SoundCloud + implementation strategies
marmelab.com/blog/2025/10...
We just published a step-by-step guide on building a simple scheduling application with ra-scheduler.
In this tutorial, you’ll learn how to:
✅ Set everything up
✅ Convert existing data
✅ Customize events edition
🔗 Check it out now!👇
marmelab.com/blog/2025/09...
#react #opensource
The public preview of Github Copilot CLI launched today, and if you install it, you'll be welcomed by little ASCII art welcome banner that I animated. Creating it ended up being great example of how vibe-coding has entered my toolbelt. Nerdy deets in 🧵...
The COSMIC Beta has arrived. Fully update the Alpha to use the Beta, or download on your favorite distro: s76.co/FnfKcbYD
COSMIC is a desktop environment that centers around user preference so you can work faster, be more focused, and have more fun.
