what's that? 4000 words on a single CSS class? I've got you :)

Everything you never wanted to know about visually-hidden
https://dbushell.com/2026/02/20/visually-hidden/

Hackers Expose Age-Verification Software Powering Surveillance Web https://www.therage.co/persona-age-verification/
Three hacktivists tried to find a workaround to Discord’s age-verification software. Instead, they found its frontend exposed to the open internet.

In which I celebrate the craft of Flickr’s original, amazing URL scheme: https://unsung.aresluna.org/unsung-heroes-flickrs-urls-scheme/

Modern CSS is no longer just about presentation. It increasingly allows us to explore interaction, state, and progressive enhancement in places that used to be JavaScript territory.

More on that in my blogpost: https://schepp.dev/posts/turning-css-carousels-into-a-theme-switcher/

(and with that post I've fulfilled my duty for 2026 😅)

@ReneHenrich yeah but it’s a tricky thing with that. You don’t need to be able to write it entirely on your own. "Just" to understand it… and from there it’s easy to forget about the difference of writing code entirely on your own.

Had some spare time today so fixed the side push door on my VW lock and the N75 valve. Challenge but in the End worked out pretty well. Always stay curious and try out new things!

Could you still write the code you currently write without a LLM?

LLMs are very good at writing broken software: https://codemanship.wordpress.com/2026/01/21/finally-proof-that-agentic-ai-scales-for-creating-broken-software/ via @jasongorman
#aislop

Somebody on LinkedIn asked for my approach to global CSS in #Webcomponents with Shadow DOM:

1. Import CSS as Strings (via Vite)
2. Shove CSS into the CSSStyleSheet Constructor
3. Add the results to the ShadowRoot's adopted stylesheets
4. Delete all of the above once Safari supports CSS module scripts

This is how you future-proof your projects: be aware of what's coming to the platform and prepare your workarounds to be easily removable when the new features arrive ✨

#webdev #javascript

What a great deep dive into the Postgres index types. I didn’t have a clue about expression indexes, and this is precisely what I need for one of my side projects. So, so, so good post by Dalto Curvelano.

https://dlt.github.io/blog/posts/introduction-to-postgresql-indexes/

#postgres #database

If you use AI-generated code, you currently cannot claim copyright on it in the US. If you fail to disclose/disclaim exactly which parts were not written by a human, you forfeit your copyright claim on *the entire codebase*.

This means copyright notices and even licenses folks are putting on their vibe-coded GitHub repos are unenforceable. The AI-generated code, and possibly the whole project, becomes public domain.

Source: https://www.congress.gov/crs_external_products/LSB/PDF/LSB10922/LSB10922.8.pdf

A Broken Heart: Getting a 100x speedup by changing one dumb line of code

https://allenpike.com/2026/a-broken-heart/

#JavaScript fun fact: "undefined" is not a special keyword, just an identifier. You (unfortunately) can't overwrite the global undefined, but you are the master of your local scope. Point undefined to anything you like! This also works with "window", "NaN", "Infinity" and many more not-so-special values 🙃

#webdev

The war waged by the tech authoritarian oligarchy against the media has reached a new level:

#Palantir is suing us. Us, the Republik Magazin.

A small Swiss media company, funded by readers, founded in 2018 and free of advertising. I am not aware of any other media company globally that Palantir is currently targeting so aggressively.

What is this about? Together with my wonderful colleagues at the WAV research collective Jenny Steiner, Lorenz Naegeli, Marguerite Meyer, and Balz Oertli, we published a two-part series on Palantir's activities in Switzerland on December 8 and 9.

Using an extensive corpus of documents – which we obtained thanks to the Freedom of Information Act – we were able to trace a sales campaign over a period of seven years. Palantir tried to get in with many federal authorities – and was rejected everywhere.

And we also found out that the Swiss Army Staff evaluated the products and came to the conclusion that the army should refrain from using Palantir products.

Among other risks, they feared that data would be passed on to the US authorities.

Palantir is not just any company. ICE uses its products to hunt down migrants in the US. The Israeli army IDF uses the software in its Gaza offensive. The British health authority NHS has made itself dependent on the products for data analysis during the pandemic. And CEO #AlexKarp displays inhuman and aggressive rhetoric towards Europe, while the company itself advertises the “optimization of the kill chain.”

These are all facts, repeatedly verified and published by renowned media outlets. Our research relating to Switzerland and Zurich is based on this.

In addition to analyzing documents, we also spoke to various sources – including Palantir executives here in Zurich. The quotes used were presented to them and approved. Of course, we always adhered to the high standards of journalistic work. We conducted a thorough fact check before publication.

But the company doesn't want us to write the truth.

After the US company owned by right-wing tech billionaire #PeterThiel dedicated an absurd blog post to us, claiming some misinformation (such as that they had not participated in official tenders with the federal administration, a point we never claimed. On the contrary: we spoke from the outset of attempts to establish contact, sales talks, informal meetings, business as usual), after the Global Director of Privacy & Civil Liberties (PCL) Engineering and contact person for Swiss media Courtney Bowman launched personal attacks against us in LinkedIn comments between Christmas and New Year (“partisan fear-mongering”), Palantir's Swiss lawyers demanded a counterstatement on December 29.

We rejected this demand in its entirety.

In January, they demanded the same thing again. We rejected it again.

And now we see each other in court.

But why all this?

Our research on the Swiss army report caused a huge international media response. The Guardian and the Austrian newspaper Der Standard reported on the Swiss army's rejection. Numerous financial portals and stock market magazines picked up our news (which could have consequences for the overvalued stock market company Palantir).

And Chaos Computer Club spokesperson Constanze Kurz presented our research to a huge audience at the renowned IT conference Chaos Communication Congress in Hamburg at the end of December.

All of this is making Palantir nervous.

We have now submitted a comprehensive defense brief. We can substantiate all of our findings with several documents and publicly available media reports.

We trust in the rule of law and freedom of the press in this country.

In keeping with yesterday's event “Zurich, little Big Tech City” at the Gessneralle, where we first announced this news exclusively to the audience on site:

World politics will soon be negotiated in Zurich: freedom of the press, the facts about ICE, Trump, Israel, Karp, tech authoritarianism.

The truth.

All this at the Zurich Commercial Court.

We will not be intimidated. And we will keep you informed.

Given https://1password.com/blog/from-magic-to-malware-how-openclaws-agent-skills-become-an-attack-surface combined with https://www.heise.de/en/news/Manipulated-Road-Signs-When-the-Autonomous-Car-Runs-Over-Pedestrians-11162858.html

What happens to such cars or drones when someone raises a malicious Markdown sign (that looks like a street sign) to the cameras?

#ai #security

Now that Invoker Commands entered the baseline, do you know that you can trigger custom commands via HTML, too?

Here's a very quick post explaining the concept.

https://pawelgrzybek.com/more-invoker-commands-and-more-reasons-not-to-use-javascript-please/

Oh god oh god oh god

The top #OpenClaw skill is a malicious intentional malware vector.

This is what happens next.

(This is AI nerd stuff - if you don’t know what OpenClaw is just know it’s bad and scroll on by)

https://1password.com/blog/from-magic-to-malware-how-openclaws-agent-skills-become-an-attack-surface

@zachleat would be perfect to perfecting this https://1password.com/blog/from-magic-to-malware-how-openclaws-agent-skills-become-an-attack-surface

700 EPISODES. 🎉

https://shoptalkshow.com/700/

This week's Web Weekly is about to hit all the inboxes in just a little bit! As always, it's jam-packed with baseline updates and new web dev features. 🎉

https://webweekly.email/archive/web-weekly-182/

If you're into web dev news close to the platform, you should check it out!