Pascal Editor : un éditeur 3D dédié à la modélisation architecturale

Vous avez des copains architectes ? Aidez-les à passer à l'Open Source !

👉 github.com/pascalorg...

We now support adding your own custom OIDC providers

Read more on our blog post: supabase.com/blog/custom-...

Excellent as always! The reveal demo is so useful to visualize how it works 💪

GitHub - hectorvent/floci: Light, fluffy, and always free - AWS Local Emulator Light, fluffy, and always free - AWS Local Emulator - hectorvent/floci

Floci : émulateur AWS local open-source et gratuit sans restrictions

Atomic CRM March 2026 Updates Discover what's new in Atomic CRM 1.5, including SSO support, a new MCP server for AI assistants, enhanced mobile UX, and much more.

Meet the new Atomic CRM! ⚙️

From a brand new mobile app to an MCP server integration, we have SO much to show you. ⚡

We wrote a comprehensive article covering all the "heavy hitter" features we've shipped lately (including SSO/SAML and a UI overhaul).

Read the full article here:

Une pétition espère remettre la «grande Sécu» au menu de la campagne présidentielle 2027 Signé par de nombreuses personnalités de gauche, l’appel en ligne sur le site de l’Assemblée plaide pour que la Sécurité sociale prenne en charge seule le remboursement des soins essentiels, sur fond d’augmentation des tarifs des mutuelles.

Une pétition espère remettre la «grande Sécu» au menu de la campagne présidentielle 2027

Déjà signé par de nombreuses personnalités de gauche, l’appel plaide pour que la Sécurité sociale prenne en charge seule le remboursement des soins essentiels, sur fond d’augmentation des tarifs des mutuelles.

Je code et joue sous PopOS depuis plus de 8 ans. Ça fonctionne très bien pour la grande majorité des jeux (avec steam en tout cas), de Elden ring à Silksong

Release v3.0.0 · usebruno/bruno Changelog Fixes fix: prevent double serialization of websocket text messages (#6173) by @Praveenkumar02023 in #6182 fix: inaccurate process metrics by @chirag-bruno in #6257 fix: WS and GRPC reque...

Bruno v3.0.0 est disponible. Si vous ne connaissez pas encore cet outil ou que vous ne l'utilisez pas encore pour gérer vos API, faites-le, il est tout bonnement génial ! (et existe sous la forme d'une extension VS Code). La liste des nouveautés ▶️ github.com/usebruno/bru...

If you’re a JS dev, here’s one simple change to improve your security: disable postinstall scripts in your npm package manager.

postinstall is the main vector for supply chain attacks from node_modules, but most packages don’t need it.

↓ Thread

Transactions and RLS in Supabase Edge Functions Edge functions are a powerful way to run server-side code close to your users. But how to handle transactions and Row Level Security (RLS) in these functions?

When using a backend-as-a-service like Supabase, you can only access the database through an HTTP API. Yet it is still possible to group queries into a transaction, without compromising on security. Read on to learn more. #database #security #NodeJS #supabase
marmelab.com/blog/2025/12...

En Afrique, des «petites mains» du numérique toujours aussi précaires à l’heure du boom de l’IA Il y a quelques années, les « travailleurs du clic » africains sortaient de l’ombre, révélant l’envers du décor des entreprises du numérique. Depuis, l’IA générative a explosé, rendant ces travailleur...

Où @casilli.bsky.social rappelle qu'avec l'IA, le volume de micro-tâches ne diminue pas : "plus le marché de l’intelligence artificielle générative grandit, plus on a besoin de réentraîner les modèles"

www.rfi.fr/fr/afrique/2...

L’IA, nouvelle contremaîtresse au travail : « C’est la machine qui dicte la cadence et favorise la perte d’autonomie » « Sur le feed ». Chaque mois, Laure Coromines décrypte les tendances numériques. Des centres d’appels aux tournées des facteurs, les algorithmes imposent leurs normes, redessinant les conditions de tr...

Comment la surveillance se cache (mal) derrière l’amélioration de la qualité du travail et de la performance. Papier de @laurecoromines.bsky.social, avec (notamment) @clembezard.bsky.social dedans. Le cas à la fin, sur une consultante qui a des remords, est édifiant.

www.lemonde.fr/m-perso/arti...

I thoroughly recommend reading all of Cory Doctorow's recent speech on AI skepticism, it's crammed with new arguments and interesting new ways of thinking about these problems pluralistic.net/2025/12/05/p...

GitLab discovers widespread npm supply chain attack Malware driving attack includes

GitLab discovers widespread npm supply chain attack about.gitlab.com/blog/gitlab-... from Lobsters via #gcufeed@libera.chat / gcu.info/gruik/

Burnout in Open Source: A Structural Problem We Can Fix Together | Open Source Pledge Burnout is affecting the entire Open Source ecosystem. Here's what we could do to make things better.

I've finished my report on burnout in OSS and how to reduce it! Read more (and find the link to the full report) on the Open Source Pledge blog!

Huge thanks to all the OSS devs who shared their perspectives 💜 Let's keep shining a light on this under-recognised issue!

Hello @ec.europa.eu , or whoever is responsible for enforcing the rules, X's AI, Grok, is denying the Holocaust. Holocaust denial is illegal in France. Please don't make an exception when it comes to a billionaire, as usual.

Please take concrete and firm action against this cruel disinformation.

Screenshot of two terminal test runs. In the first run, each React component test takes about 309–331 ms, and the test file finishes in 2.93 s. In the second run, run with THROTTLE_PLUGIN=1, the same tests take about 54–75 ms each, and the file completes in 1.34 s.

❌ If you unit-test a React 19 app, there’s a good chance a chunk of your CI time is being wasted on… 😴 setTimeout.
Wait, what? Yes!

React 19 introduced a minimum delay for showing a Suspense fallback, and hardcoded (!) it to 300ms.
Just 3 tests can waste almost 1 second on absolutely nothing!

En à peine douze ans, la capacité des forêts européennes à absorber le carbone atmosphérique a chuté de 27 %. Je ne sais pas si vous vous rendez compte des conséquences de ce que je viens d'écrire.
1/9

A11y Pulse A11y Pulse: Automated accessibility testing for your website. Improve your site's accessibility and compliance with ease.

6 years ago I started a side project to build a web accessibility tool that prioritises simple reporting and quick feedback loops so that teams can fix a11y regressions before they affect users.

I am so proud to say that side project is now finished, and A11y Pulse is live.

www.a11ypulse.com

Announcing Vitest 4.0 Vitest 4.0 Release Announcement

Vitest 4 is out!

- Browser Mode is Stable
- Visual Regression Testing
- Improved Debugging
- Pool Stabilization
- New APIs
- Bug Fixes

Stay updated with our blog post:

vitest.dev/blog/vitest-4

GitHub - chaitin/SafeLine: SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits. SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits. - chaitin/SafeLine

SafeLine est un WAF (Web Application Firewall) open source sous licence GPL v3. Il est conçu pour protéger contre des attaques type xss, injection sql, injection crlf, etc ... Et dispose de tout ce qui est nécessaire (gui, plugins, ...) ⬇️

github.com/chaitin/Safe...

Sora Proves the AI Bubble Is Going to Burst So Hard YouTube video by Adam Conover

A proper rant

youtu.be/55Z4cg5Fyu4

The BPCE Breach: How A Single JavaScript Infection Can Steal Your Banking Session - Undercode Testing The BPCE Breach: How a Single JavaScript Infection Can Steal Your Banking Session - "Undercode Testing": Monitor hackers like a pro. Get real-time updates,

⚠️ Attention ! ⚠️
Une attaque semble en cours sur les banques BPCE (Banque Populaire, Caisse d'Épargne, Crédit Coop...).
Évitez de vous connecter à votre espace client jusqu'à correction.
undercodetesting.com/the-bpce-bre...

Building secure web apps means managing who can do what, both on the client & server-side.🔐

While frameworks like react-admin make client-side Role-Based Access Control (RBAC) a breeze, devs often end up reimplementing the same logic server-side.

The solution?💡: A generic RBAC proxy server👇

AI Coding Sucks YouTube video by Syntax

AI coding sucks

CJ just one-shotted a 15 min rant and it's incredibly refreshing.

www.youtube.com/watch?v=0ZUk...

renoun - The Documentation Toolkit for React The renoun toolkit uses your React framework to keep documentation polished, in sync, and on brand.

Excited to officially launch renoun.dev 🚀

This has been years in the making to deliver a focused set of components, hooks, and utilities in React for building great documentation exactly to your standards that always stay in sync.

Release 5.11.4 · marmelab/react-admin Fix useGetManyAggregate merge queries with different meta (#10969) (djhi) Fix useDeleteController should get the record from closest RecordContext (#10967) (djhi) Fix incompatibility with latest @t...

React-Admin v5.11.4 is out! 🎉

This release includes:
✅ Fixes for useGetManyAggregate, useDeleteController & <FilterLiveForm>
🎨 <Toolbar> now has a default background
🔗 <ReferenceInput> always returns at least the currently selected reference
& more

🔗 Full changelog: github.com/marmelab/rea...

Comprehension Debt: The Ticking Time Bomb of LLM-Generated Code An effect that’s being more and more widely reported is the increase in time it’s taking developers to modify or fix code that was generated by Large Language Models. If you’ve wo…

When teams produce code faster than they can understand it, it creates what I’ve been calling “comprehension debt”. [...] When we have to edit the code ourselves, this debt is the extra time it’s going to take us to understand it first. #AI #Coding codemanship.wordpress.com/2025/09/30/c...

Model Context Protocol has prompt injection security problems As more people start hacking around with implementations of MCP (the Model Context Protocol, a new standard for making tools available to LLM-powered systems) the security implications of tools built…

MCP servers make LLM-powered agents super powerful, but also super vulnerable to all kinds of new attacks. The core vulnerability, prompt injection, is still way too easy to trigger. #Security #AI simonwillison.net/2025/Apr/9/m...