Kivo is an open source, cross-platform desktop HTTP client built with Rust and Tauri, offering a lightweight alternative to tools like Postman. It features collection and workspace management, tabbed request editing, GraphQL support, history tracking, and dark/light mode. The frontend uses React 19, Vite, and Tailwind CSS. Installation requires Node.js, pnpm, and the Rust toolchain.

C# 15 introduces the `union` keyword in .NET 11 Preview 2, allowing developers to declare a closed set of case types with compiler-enforced exhaustive pattern matching. Unlike object, marker interfaces, or abstract base classes, union types don't require related types and prevent external extension. The compiler generates a struct with implicit conversions from each case type and astruct wiproperty. Switch expressions over union types are exhaustive without needing a discard arm, and adding a new case type triggers compiler warnings on incomplete switches. Custom union types are also supported via amarker inteattribute for existing libraries, including a non-boxing access pattern for performance-sensitive scenarios. Related proposals for closed hierarchies and closed enums round out a comprehensive exhaustiveness story for C#.

Coding agents generate convincing code fast, but passing CI doesn't mean code is safe for production. There's a critical difference between leveraging AI (maintaining full ownership and understanding of output) versus relying on it (shipping whatever the agent produces). The scarce resource is no longer writing code — it's judgment about what's safe to ship. A responsible framework includes self-driving deployments with automatic rollback, continuous validation through load tests and chaos experiments, and executable guardrails that encode operational knowledge as runnable tools rather than documentation. Engineers who thrive will be those who maintain rigorous judgment over what they ship, not those who generate the most code.

Railway migrated its entire production frontend from Next.js to Vite + TanStack Router, completing the switch in just two PRs with zero downtime. The motivation was slow builds (10+ minutes, 6 of which were Next.js), heavy reliance on client-side patterns that didn't fit Next.js's server-first model, and hacky layout workarounds on the Pages Router. The migration was split into two phases: first removing all Next.js-specific APIs, then swapping the framework and generating 200+ routes from the original page tree. Nitro was added as the server layer, consolidating redirects, headers, and caching. Results include builds under 2 minutes, instant dev server startup, type-safe routing, and first-class layouts. Trade-offs include losing built-in image optimization (replaced with Fastly) and ecosystem tools like next-seo (replaced with in-house equivalents). TanStack Start's relative immaturity is acknowledged but accepted.

Simon Willison used Claude Artifacts on his phone to build interactive animated demonstrations of common sorting algorithms (bubble sort, selection sort, insertion sort, merge sort, quick sort, heap sort). He then prompted Claude to add Python's Timsort by cloning the CPython repo from GitHub and consulting the source files. A 'run all' button was added to display all algorithms simultaneously in a grid. Notably, when GPT-5.4 Thinking reviewed Claude's Timsort implementation, it found it to be a simplified, Timsort-inspired adaptive mergesort rather than a true Timsort.

A developer with strong anti-genAI views shares their experience using Claude Code to build a certificate generation tool for a learning platform migration. The project succeeded — the Rust/Svelte app is in production — but the process felt miserable. Key observations: TDD with plan-mode kept the model on track, Rust's compile-time safety helped catch hallucinations, a security audit pass found real vulnerabilities (path traversal, timing side-channel in Argon2), and the tool delivered features the author wouldn't have built alone. Despite the functional success, the author warns about the 'human in the loop' problem — the process actively encourages disengagement — and reflects on cognitive dependency, skill atrophy for junior developers, IP theft concerns, and the broader societal harms. The conclusion is nuanced: it works in this narrow domain, the harms still outweigh benefits at scale, but condemning individuals for using it is counterproductive.

Baton is a desktop app for orchestrating multiple AI coding agents in parallel. Each agent runs in its own git-isolated workspace, with smart notification badges to flag which agents need attention. It supports Claude Code, Codex, OpenCode, and any terminal-based agent. Features include diff review, file browsing, codebase search, and a built-in MCP server that lets agents spawn new agents. Built by a developer who needed a single unified interface to manage multiple agents without constant window-switching.

Chrome 147 introduces three notable features for web developers. Element-scoped view transitions expose startViewTransition() on arbitrary HTML elements, enabling concurrent and nested transitions while keeping the rest of the page interactive. The new CSS contrast-color() function automatically returns black or white based on which provides higher contrast against a given color, aiding accessibility compliance. The CSS border-shape property allows creating non-rectangular borders using arbitrary shapes like polygons, circles, or shape() values, differing from clip-path by decorating the border rather than clipping the entire element.

Zed's team details how they built Zeta2, their improved edit prediction model. Key improvements include richer input context (finer-grained edit history, LSP-resolved type/symbol definitions), a switch from Qwen 2.5 Coder (7B) to Seed Coder (8B) as the base model, and a knowledge distillation pipeline using Claude Sonnet as the teacher model. They addressed the 'reversal problem' where the model incorrectly deleted intentional user edits by improving teacher prompting and edit granularity. Training data shifted from synthetic GitHub commit examples to opt-in real user traces from open source repos, yielding ~250-300k training requests per week. The result is a 30% better acceptance rate and faster responses, validated through dogfooding, shadow releases, and gradual rollout.

Astral shares the security practices they use to protect their open source tools (Ruff, uv, ty) from supply chain attacks. Key areas covered include: hardening GitHub Actions CI/CD by banning dangerous triggers like pull_request_target, pinning all actions to commit SHAs, limiting permissions, and isolating secrets in deployment environments. For releases, they use Trusted Publishing to eliminate long-lived credentials, Sigstore-based attestations, immutable releases, and two-person approval gates. They also use GitHub Apps to safely handle tasks that GitHub Actions can't do securely, maintain dependency hygiene with Dependabot/Renovate plus cooldowns, and contribute financially and technically to upstream projects. The post includes shareable GitHub rulesets and practical recommendations for other maintainers.

Raw WebSocket provides a bidirectional pipe with no routing, subscriptions, or message structure. When building a voice call signaling system handling incoming calls, call events, and WebRTC negotiation simultaneously, this becomes a routing problem you must solve yourself. STOMP (Simple Text Oriented Messaging Protocol) adds destinations, subscriptions, and structured frames on top of WebSocket — similar to how HTTP adds structure over TCP. The post walks through a real Android signaling implementation using Ktor and a STOMP client, showing how three independent message streams (public calls, call events, WebRTC) share one WebSocket connection via STOMP subscriptions, with clean destination-based routing on the send side and a parsing layer that needs no routing logic because STOMP already handles delivery.

Node.js 24.15.0 'Krypton' LTS has been released with several notable changes: a new --max-heap-size CLI option, require(esm) and module compile cache marked as stable, raw key format support added to KeyObject crypto APIs, a throwIfNoEntry option for fs.stat, HTTP/1 fallback configuration for HTTP/2, setTOS/getTOS added to Socket, SQLite marked as release candidate with a new limits property, C++ support for diagnostics channels, and improvements to the test runner including worker ID exposure and SIGINT handling. The release also includes numerous bug fixes across streams, crypto, HTTP, ESM, and buffer modules, plus dependency updates including npm 11.12.1, SQLite 3.52.0, and updated root certificates.

A veteran software engineer draws parallels between the Extreme Programming movement of the late 1990s and today's generative AI era, arguing that both represent 'rigor relocation' rather than loss of discipline. Just as XP replaced heavyweight processes with tighter feedback loops, and dynamic languages replaced static types with test-enforced correctness, AI-assisted development demands stricter specification of intent and ruthless evaluation of outputs. The core thesis: probabilistic code generation only works when deterministic constraints exist at the edges. Engineers who thrive will treat generation as a capability requiring more precision in specification, not less, and will build evaluation systems that fail loudly when code drifts from intent.

AI is not replacing software engineers wholesale — it's automating routine, execution-level coding tasks. The shift demands developers move from effort-based to impact-based engineering: understanding system architecture, applying clean code principles, debugging complex distributed systems, and taking ownership of outcomes. A five-step roadmap is outlined: strengthen CS fundamentals, build real-world systems with failure handling, master debugging, use AI as a tool rather than a crutch, and establish proof of work through public building and open-source contributions. The core argument is that source code is now a byproduct of thinking, not the primary output.

Spring Boot 3.5 reaches end of open-source support on June 30, 2026, but the real risk isn't the migration — it's what happens to CVE reporting afterward. Once a project goes EOL, security researchers stop filing reports against it, maintainers stop triaging, and the CVE pipeline dries up. Vulnerabilities don't disappear; they just stop being recorded. Bad actors exploit this gap by testing CVEs found in supported branches against EOL versions that will never receive patches. Spring Boot 2.7's post-EOL trajectory (e.g., CVE-2024-38807 with no open-source fix) illustrates the pattern. Teams still on 3.5 after June 2026 risk running what the author calls 'zombie dependencies' — technically present, functionally dead from a security standpoint, with scanners showing green while hidden vulnerabilities accumulate. The advice: assess the 3.5-to-4.0 migration scope now, before the silence sets in.

Brad Frost introduces 'mouth coding' — a practice of verbally collaborating with an LLM in real time to build websites during live conversations. Using a real-world example of redesigning a small counseling practice's website with his wife, he outlines the key ingredients: live conversation, speech-to-text transcription, solid UI infrastructure, live preview, additional context, and human judgment. He argues this approach democratizes web creation, enables genuine cross-disciplinary collaboration, and is especially valuable for nonprofits and small organizations that lack dedicated web staff. The core thesis is that AI should facilitate human creativity rather than replace it, and mouth coding represents the most participatory, inclusive design process he's experienced in years.

Horizontal codebase structures that group code by type (components, hooks, utils, types) create poor cohesion and make large codebases hard to navigate. The alternative is a vertical structure that groups code by domain or feature — everything related to 'widgets' lives in src/widgets/, regardless of whether it's a component, hook, or utility. This mirrors how product teams are organized and reduces cognitive load. Shared code that spans multiple features becomes its own vertical. To enforce boundaries between verticals, tools like pnpm workspaces, Nx dependency rules, or eslint-plugin-boundaries can define public interfaces and prevent unintended coupling. The tradeoffs include difficulty choosing the right vertical and risk of duplicated implementations across teams.

Chrome 147 and Firefox 150 shipped to stable in April 2026, bringing several new web platform features. Highlights include the contrast-color() CSS function reaching Baseline (returns black or white for maximum contrast against a given color), scroll-driven animation range properties becoming Baseline, the ariaNotify() method for screen reader announcements, auto sizes for lazy-loaded images, element-scoped view transitions, the CSS border-shape property for non-rectangular borders, SVG textPath path attribute support, modulepreload for JSON and CSS modules, and Math.sumPrecise. Beta releases (Chrome 148, Firefox 151, Safari 26.5) preview name-only container queries, lazy loading for video/audio, CSS container style queries, and the :open pseudo-class.

IntelliJ IDEA 2026.1.1 is a bug-fix release addressing several issues: WSL Python SDK setup is restored, Emmet works correctly in remote development, Gradle sync no longer fails with a class cast error, WildFly server connection is fixed, WSL 2 JDK detection is resolved, Ant target double-click now runs correctly, Spring project code completion is faster, WebLogic run configuration creation is fixed, and Find and Replace works properly on Enter.