headingoffset is a new HTML attribute to increase the upcoming heading levels. It's definitely not there yet https://caniuse.com/?search=headingoffset

How can I style an H3 when there's no H3 tag?
With the selector :heading(3).
But be aware of the browser support: inexistant (https://caniuse.com/mdn-css_selectors_heading)

In this post, I’ll walk through a set of common misconceptions that drive teams to introduce new infrastructure when they don’t need to. All of these can be solved with vanilla PostgreSQL 18 using standard extensions available on RDS, with no special infrastructure and no distributed-systems cosplay.

Mindful Design is the responsible designer’s survival guide. Learn resilient and responsible design practices and own your early stage design — from idea to shipped and beyond.

It's a book and video course, but there is also a toolkit: https://mindfuldesign.xyz/toolkit/intro/

Privacy, Control, Longevity, Built for Mac, Fun. See details https://usebilly.app/en/features

Plans are 3€ per month, 25€ yearly or 80€ lifetime.

No way it's real: using specific URLs with a NO_ROLE provide access to the dashboard of the FIFA worldcup 2026.

The whole thing boils down to one architectural mistake: client-side authorization with no server-side enforcement.

FIFA's internal applications use Microsoft Entra for authentication and role-based access control. The Angular/React/Vue frontends check the JWT token for role claims and render access-denied pages accordingly. But the backend APIs trust any authenticated tenant member and serve data regardless of roles.

Rules to follow:

• Get a security.txt file. Seriously. It's 2026.
• Publish a VDP (Vulnerability Disclosure Policy). You're running the biggest sporting event on earth.
• Client-side authorization is not authorization. Every intern learns this.
• When a researcher has to call CISA and the FBI to reach you, something is wrong.
• Start a bug bounty program. Researchers shouldn't have to call the FBI to do you a favor.

An RSS cross posting service

Le forum d'entraide ouvert par l'ARC. "Un lieu d'entraide 100 % gratuit, où vous pouvez poser vos questions, partager vos expériences et obtenir des réponses concrètes."

Donc l'État a arrrêté après 6 mois un contrat sur 3 ans. Bravo la stratégie.

Aucune précision n’a en revanche été donnée sur les modalités concrètes de cette passation au sein de la DGSI, alors que le contrat avec Palantir courait théoriquement jusqu’en 2028.

A feedback from Robb Knight.

How he gets to write blog posts, the tech stack used for the blog, some blog recommendations, POSSE and more.

TL;DR
Use shortand when it's obvious (padding-block and padding-inline have a great padding shorthand);
When each value is a distinct type (an animation for example)
When the syntax has its own rules until it stops carrying its weight (background)

Exif can be useful instead of only be tagged as "privacy intrusive".

My rules of thumb
If you process pixels, normalize orientation first.
If you publish or store user images and want to preserve privacy, strip metadata intentionally.
If you parse metadata, treat it as untrusted input.
If you only need one tag, you can maybe parse one tag. If you need all the things, use a tool that has spent decades learning all the things.

Collect publications on the AT protocol (Bluesky) and presents it the way a classic feed reader would.

Ähnlich zu https://shaarli.lyokolux.space/shaare/vP775Q sind KI-Modellen nicht deterministisch. Das ist halt ein Problem.

Das Unterhnemen erklärt seinen Punkt: kein Agentic Engineering ist geplant.