Yup.

Oh and to add insult to injury the PRs were opened with one word titles and no descriptions.

The account if you're curious:
github.com/ezmtebo

And of course I’ve given up trying to report these a long time ago since it does absolutely nothing and at best case you get an automated email back suggesting you block them from your repo(s) and let them carry on screwing around other repos cause that’s fine.

How is GitHub just so so bad at spam and malicious PRs!?! A new account opening multiple PRs in multiple unrelated codebases to run /proc/ code and heavily base64 encoded scripts doesn’t need the most advanced AI to figure out it’s a bad actor!! Sheesh. It’s like they just don’t give a shit at all.

🤦 That famous German sense of humour I keep hearing about (that’s the second time I said that today!).

Yup. Same in Ireland. Pretty sure this is an EU mandate. And I think UK does it too?

🎨 I gotta say, my latest is a little treasure trove: what even is `contain`?! csswizardry.com/2026/04/what...

View Transitions Toolkit A collection of utility functions to more easily work with View Transitions.

So, I’ve written a bunch of things on how to do certain things with View Transitions, such as optimizing the keyframes or driving a VT by scroll.

I noticed I repeat a lot of code throughout those experiments … so I bundled that all up in a package for you.

👉 chrome.dev/view-transit...

The Department of State tweets a video of Secretary Marco Rubio. In the video, Rubio says: "Imagine if instead of spending billions of dollars supporting terrorists or weapons, Iran had spent that money helping the people of Iran. They would have a much different country."

FactPost News tweets a video of Donald Trump speaking at a podium. In the video he says: "We can't take care of daycare. We're a big country. We're fighting wars. It's not possible for us to take care of daycare, Medicaid, Medicare, all these things."

hmm

Surf Launches First Social Websites with Publishers and Creators - Surf For years, most online communities have lived inside platforms they don’t control. Conversations happen in one place, videos live somewhere else, podcasts are scattered across apps, and creators have ...

🌊 🌊 🌊
Today, we’re launching social websites, a new kind of online destination. These blend posts from Bluesky, Threads, Mastodon and more, plus YouTube, podcasts and your favorite publications to create community sites based around the things that matter to you.

about.surf.social/surf-launche...

I've been playing around with Chrome's experimental HTML-in-Canvas API (I use it to create my videos), and I wanted to see if I could make text-selection work on a curved surface by moving the underlying element around on pointermove. It works pretty well!

Oh so now copyright matters.

CSS or BS? Think you know CSS? Real property or made-up nonsense? 20 rounds. No mercy.

Rather than the same old boring internet pranks, I thought I'd build something more fun this April Fools.

CSS or BS. Can you tell your CSS properties names from BS?

www.keithcirkel.co.uk/css-or-bs

Ooh, the recording of my Anchor talk at #SotB2026 got published! 🤩

Squarespace & Web Standards: How We Helped Bring HTML Video & Audio Lazy Loading to Today’s Browsers — Squarespace Engineering Blog At Squarespace, many of our core products are built on web standards, and our engineers are constantly pushing the boundaries of the web’s capabilities. Occasionally, those boundaries reveal a limitat...

New on the Squarespace Engineering Blog! Squarespace & Web Standards: How We Helped Bring HTML Video & Audio Lazy-Loading to Today’s Browsers.

I'm real proud of the teamwork that went into this. Stay tuned for part 2 next week, which will cover dev best practices for using this new HTML standard.

The end of the curl bug-bounty tldr: an attempt to reduce the terror reporting. There is no longer a curl bug-bounty program. It officially stops on January 31, 2026. After having had a few half-baked previous takes, in April 2019 ...

Presume you've both seen @daniel.haxx.se 's blog posts on this for Curl?

daniel.haxx.se/blog/2026/01...

"We saw an explosion in AI slop reports...

The never-ending slop submissions take a serious mental toll to manage and sometimes also a long time to debunk."

100% agree with this!

Browsers are AMAZING at loading a page in mostly the right way by default.

There are lots of extra options (fetchpriority, loading=lazy) to tweak that further if you know with reasonably certainly that they could benefit from those. If it’s ambiguous, then leave it be.

I knew someone would find a use for this and it wasn't just for triggering accidentally! 😜

cssDOOM DOOM rendered entirely in CSS. Every wall, floor, barrel, and imp is a div, positioned in 3D space using CSS transforms.

CSS is DOOMed!

I've build DOOM in CSS and every wall, floor, barrel, and imp is a div, positioned in 3D space using CSS transforms.

cssdoom.wtf

Try it out! But... not every browser can handle it. This is taking the browser to its limit. Chrome has some issues. Safari too. Bugs will be filed.

Have you thought about maybe only cranking it up to 9 or 10?

Open Source Gave Me Everything Until I Had Nothing Left to Give I thought I was having a spiritual awakening. I was having a psychiatric emergency. I was at a tech conference in Sweden when it started. I hadn't slept in...

wow this was a brutal read kennethreitz.org/essays/2026-...

WebPerformance Report Board displayed on desktop and mobile, showing a Reporting-as-a-Service platform where users can manage reports, review deliveries, and monitor Performance, Accessibility, and Security trends.

⚡WebPerformance Report is more than a report in your inbox.

Users also get access to their Board to manage reports, review deliveries, and follow Performance, Accessibility, and Security trends over time.

Get your report here: 👉https://webperformancereport.com/

#webperf

I don't think people fully appreciate how apocalyptic things are for US science. I haven't had any new funding since 2024, but I'm still ok since typical grants are for three years. This means next year I will be completely out of funding and will have to fire everyone in the lab. It's not great.

Nice. CLS is definitely the most underrated metric IMHO! Things jumping around just makes me annoyed. And, until that came along, we didn't even really have a name for it!

You and @nomster.bsky.social have both been thinking about this from different standards arenas it seems (IETF versus W3C)!

bsky.app/profile/noms...

Correlation is not causation, and there can be many reasons, but the differences are something to think about!

Hopefully will encourage you to investigate your Core Web Vitals globally.

Tools like treo.sh from @alekseykulikov.bsky.social allow you to see this breakdown for your own site.

Table of Core Web Vitals geographic breakdown ordered by number of origins showing how Core Web Vitals differ by country for a particular technology. For many technologies countries like Japan Germany, and the UK have much better Core Web Vitals than other countries like India and Brazil.

We just added a Core Web Vitals geographic breakdown to the Core Web Vitals tech report when looking at a single technology

httparchive.org/reports/tech...

Many thanks to @alonko.bsky.social for contributing this!

Screenshot of Chrome DevTools with a "Request #" column added

Look what landed in DevTools in Chrome Canary!

A Request # column, allowing you to:
- More easily return to the page load sort order
- More quickly identify when important resources are loaded late (LCP resource as request number 59? No thank you!)

Thanks to Helmut Januschka for implementing!!

Yeah, I'm foolish, but not foolish enough to comment on that!

I'll worry about it, when I see something get even close to shipping.

Seems about right based on it's security model.

Yup, I expect to see them merged and available on MDN any day now!