Computer Science and Programming

A developer shares their experience of being unexpectedly banned from GitHub with no explanation, no email notification, and a frustrating support process that required having an active account to appeal. The ban erased all their contributions, comments, and pull requests, and blocked access to features like code search, GitHub Sponsors, CI artifacts, and HACS for Home Assistant. The author speculates the ban may have been triggered by adblocker filter lists, an ad-blocking tool for a VR game, or a joke repo using Unicode text-reversal characters. They urge developers to migrate away from GitHub given the risk of sudden account erasure. The account was reinstated roughly three hours after the post was published, seemingly prompted by the public attention.

IntelliJ IDEA 2026.1.1 is a bug-fix release addressing several issues: WSL Python SDK setup is restored, Emmet works correctly in remote development, Gradle sync no longer fails with a class cast error, WildFly server connection is fixed, WSL 2 JDK detection is resolved, Ant target double-click now runs correctly, Spring project code completion is faster, WebLogic run configuration creation is fixed, and Find and Replace works properly on Enter.

Chrome 147 and Firefox 150 shipped to stable in April 2026, bringing several new web platform features. Highlights include the contrast-color() CSS function reaching Baseline (returns black or white for maximum contrast against a given color), scroll-driven animation range properties becoming Baseline, the ariaNotify() method for screen reader announcements, auto sizes for lazy-loaded images, element-scoped view transitions, the CSS border-shape property for non-rectangular borders, SVG textPath path attribute support, modulepreload for JSON and CSS modules, and Math.sumPrecise. Beta releases (Chrome 148, Firefox 151, Safari 26.5) preview name-only container queries, lazy loading for video/audio, CSS container style queries, and the :open pseudo-class.

Horizontal codebase structures that group code by type (components, hooks, utils, types) create poor cohesion and make large codebases hard to navigate. The alternative is a vertical structure that groups code by domain or feature — everything related to 'widgets' lives in src/widgets/, regardless of whether it's a component, hook, or utility. This mirrors how product teams are organized and reduces cognitive load. Shared code that spans multiple features becomes its own vertical. To enforce boundaries between verticals, tools like pnpm workspaces, Nx dependency rules, or eslint-plugin-boundaries can define public interfaces and prevent unintended coupling. The tradeoffs include difficulty choosing the right vertical and risk of duplicated implementations across teams.

Brad Frost introduces 'mouth coding' — a practice of verbally collaborating with an LLM in real time to build websites during live conversations. Using a real-world example of redesigning a small counseling practice's website with his wife, he outlines the key ingredients: live conversation, speech-to-text transcription, solid UI infrastructure, live preview, additional context, and human judgment. He argues this approach democratizes web creation, enables genuine cross-disciplinary collaboration, and is especially valuable for nonprofits and small organizations that lack dedicated web staff. The core thesis is that AI should facilitate human creativity rather than replace it, and mouth coding represents the most participatory, inclusive design process he's experienced in years.

Spring Boot 3.5 reaches end of open-source support on June 30, 2026, but the real risk isn't the migration — it's what happens to CVE reporting afterward. Once a project goes EOL, security researchers stop filing reports against it, maintainers stop triaging, and the CVE pipeline dries up. Vulnerabilities don't disappear; they just stop being recorded. Bad actors exploit this gap by testing CVEs found in supported branches against EOL versions that will never receive patches. Spring Boot 2.7's post-EOL trajectory (e.g., CVE-2024-38807 with no open-source fix) illustrates the pattern. Teams still on 3.5 after June 2026 risk running what the author calls 'zombie dependencies' — technically present, functionally dead from a security standpoint, with scanners showing green while hidden vulnerabilities accumulate. The advice: assess the 3.5-to-4.0 migration scope now, before the silence sets in.

AI is not replacing software engineers wholesale — it's automating routine, execution-level coding tasks. The shift demands developers move from effort-based to impact-based engineering: understanding system architecture, applying clean code principles, debugging complex distributed systems, and taking ownership of outcomes. A five-step roadmap is outlined: strengthen CS fundamentals, build real-world systems with failure handling, master debugging, use AI as a tool rather than a crutch, and establish proof of work through public building and open-source contributions. The core argument is that source code is now a byproduct of thinking, not the primary output.

Node.js 24.15.0 'Krypton' LTS has been released with several notable changes: a new --max-heap-size CLI option, require(esm) and module compile cache marked as stable, raw key format support added to KeyObject crypto APIs, a throwIfNoEntry option for fs.stat, HTTP/1 fallback configuration for HTTP/2, setTOS/getTOS added to Socket, SQLite marked as release candidate with a new limits property, C++ support for diagnostics channels, and improvements to the test runner including worker ID exposure and SIGINT handling. The release also includes numerous bug fixes across streams, crypto, HTTP, ESM, and buffer modules, plus dependency updates including npm 11.12.1, SQLite 3.52.0, and updated root certificates.

Raw WebSocket provides a bidirectional pipe with no routing, subscriptions, or message structure. When building a voice call signaling system handling incoming calls, call events, and WebRTC negotiation simultaneously, this becomes a routing problem you must solve yourself. STOMP (Simple Text Oriented Messaging Protocol) adds destinations, subscriptions, and structured frames on top of WebSocket — similar to how HTTP adds structure over TCP. The post walks through a real Android signaling implementation using Ktor and a STOMP client, showing how three independent message streams (public calls, call events, WebRTC) share one WebSocket connection via STOMP subscriptions, with clean destination-based routing on the send side and a parsing layer that needs no routing logic because STOMP already handles delivery.

Astral shares the security practices they use to protect their open source tools (Ruff, uv, ty) from supply chain attacks. Key areas covered include: hardening GitHub Actions CI/CD by banning dangerous triggers like pull_request_target, pinning all actions to commit SHAs, limiting permissions, and isolating secrets in deployment environments. For releases, they use Trusted Publishing to eliminate long-lived credentials, Sigstore-based attestations, immutable releases, and two-person approval gates. They also use GitHub Apps to safely handle tasks that GitHub Actions can't do securely, maintain dependency hygiene with Dependabot/Renovate plus cooldowns, and contribute financially and technically to upstream projects. The post includes shareable GitHub rulesets and practical recommendations for other maintainers.

Zed's team details how they built Zeta2, their improved edit prediction model. Key improvements include richer input context (finer-grained edit history, LSP-resolved type/symbol definitions), a switch from Qwen 2.5 Coder (7B) to Seed Coder (8B) as the base model, and a knowledge distillation pipeline using Claude Sonnet as the teacher model. They addressed the 'reversal problem' where the model incorrectly deleted intentional user edits by improving teacher prompting and edit granularity. Training data shifted from synthetic GitHub commit examples to opt-in real user traces from open source repos, yielding ~250-300k training requests per week. The result is a 30% better acceptance rate and faster responses, validated through dogfooding, shadow releases, and gradual rollout.

Chrome 147 introduces three notable features for web developers. Element-scoped view transitions expose startViewTransition() on arbitrary HTML elements, enabling concurrent and nested transitions while keeping the rest of the page interactive. The new CSS contrast-color() function automatically returns black or white based on which provides higher contrast against a given color, aiding accessibility compliance. The CSS border-shape property allows creating non-rectangular borders using arbitrary shapes like polygons, circles, or shape() values, differing from clip-path by decorating the border rather than clipping the entire element.