DevBlogs

Meta's open source community grew and evolved while connecting people worldwide. In 2024, our open source codebases grew at an impressive pace, reaching 189,719 total commits in just one year. A total of 4,274 external contributors helped bring our community to 7,144 strong.

Bun implements the v8 heap snapshot API, and Chrome DevTools supports comparing heap snapshots. The key indicator of a memory leak is memory usage that continuously climbs without ever decreasing.

Python’s .strip() method removes whitespace characters from both ends of a string. To remove different characters, you can pass a string as an argument that specifies a set of characters to remove. The . strip() method is useful for tasks like cleaning user input, standardizing filenames, and preparing data for storage.

The problem was discovered when a colleague tried to run a yarn test on his machine. The command hung for a long time, and then it threw some [Error]. The first real breakthrough was test plugins, which runs only tests matching " plugins"

Support for SMIL is waning in WebKit, and has never (nor will likely ever) exist for Microsoft’s IE or Edge browsers. Chrome was also in on the party and published an intent to deprecate SMIL.

The web framework for perfectionists with deadlines. Django 5.1 has reached the end of mainstream support. The final security release, 5.0.14, was issued today.

Django 5.1.8 and 5.0.14 are now available. The releases address the security issues detailed below.

Spring AI offers support for Model Context Protocol, or MCP for short. MCP allows AI models to interact with and access external tools and resources in a structured way. With Spring AI, developers can create their own MCP Servers and expose capabilities to AI models in just a few lines of code.

Antoine du Hamel Windows 64-bit Installer: https://nodejs.org/dist/v23.11.0-x64.msi. Windows ARM 32-bit and 64- bit Binary: http://www.nspawn.com/news/2013/01/27/windows-64-bit-and-64.html.

A code image generator allows you to turn your code snippets into visually appealing images. In this step-by-step video course, you’ll learn how to:

Cloudflare is bringing all purge methods to all customers. The company has been rebuilding its purge pipeline over the past few years. The new Instant Purge pipeline performs consistently under 150 ms.

Astro is a powerful tool for building a better developer experience for your site. The team at Cloudways has been using Astro to train their developers. This article shows you how to use TypeScript to create a more intuitive system.

Textual is an excellent Python package for creating beautiful user interfaces in your terminal. By default, Textual will arrange your widgets starting at the top of the screen and appending them in a vertically oriented stack. Laying widgets out horizontally, left-to-right, requires a little more work than laying them out vertically.

Deno connects the kernel and frontend, making notebooks more powerful and flexible. We’ll explore the National Gallery of Art’s Open Access dataset in Jupyter with Deno. The dataset includes valuable metadata such as titles, dates, artists, and classifications.

This week in Spring is April Fools day. It's also the 11th anniversary of Spring Boot 1.0, which was released this day in 2014. I'm in Austin, TX, at Dr. Venkat Subramaniam's phenomenal Arc of AI show.

JupyterCon 2025 will be held in San Diego, California, from November 3–6, 2025. The conference focuses on real-world practices and how to successfully implement interactive computation in your workflow and projects.

The reported issue did not impact the Node.js runtime and there is no risk to users of Node.JS. The development infrastructure is expected to be available to the community by April 15 or sooner.

Netflix has developed a suite of tools by filmmakers for filmmakers: the Media Production Suite (MPS) Netflix produces around 200 Terabytes of Original Camera Files (OCF), with outliers up to 700 Terabytes.

Mobile GraphQL is a framework used at Meta for fetching data in mobile applications using GraphQL, a strongly-typed, declarative query language. At Meta it handles data fetching for apps like Facebook and Instagram. Sabrina, a software engineer on Meta’s Mobile GraphQL Platform Team, joins Pascal Hartig on the Meta Tech podcast to discuss the evolution of GraphQL.

A friend DMs Lee Meyer a CodePen by Manuel Schaller containing a pure CSS simulation of one of the world’s earliest arcade games, Pong. The CodePen below uses style queries to detect collisions. It shows how much power we get when combining new CSS features.

Python’s bytearray is a mutable sequence of bytes that allows you to manipulate binary data efficiently. Unlike immutable bytes, byTearray can be modified in place, making it suitable for tasks requiring frequent updates to byte sequences. You can create a byt tearray using the byttearray() constructor or from a string of hexadecimal digits using .fromhex() This tutorial explores creating, modifying, and using bytterray objects in Python. Test your knowledge with our interactive “Python's Bytearrays” quiz.

This release fixes 18 bugs (addressing 18 👍) napi improvements make node-sdl 100x faster. Headers.get() is 2x faster and node:fs improvements. bun install --frozen-lockfile now works with overrides.

This week's Talk Python to Me is all about Beware, the project that is working towards true native apps built on Python, especially for iOS and Android. We'll cover the Toga GUI toolkit, building and shipping your apps with Briefcase, and much more.

Sentry co-founder and CEO David Hoyle is leaving the company. Hoyle has worked at Sentry for 10 years. He says the company's growth has been nothing short of extraordinary.

Many are led to believe Generative AI is the solution to everything, says Peter Hoyle. Hoyle: It’s hard to communicate the cost savings and simplicity of using NLP vs. “AI” (LLMs) He says GenerativeAI is a good way to get computers to talk to humans, but not a good solution.

A Kickstarter project for a book called Refactoring English was canceled after only 49 people pre-ordered. The book is about improving writing skills for software developers. A lucky post on Hacker News helped the project get back on track.

Oracle has just issued its latest reply in the ongoing proceedings at the USTrademark and Patent Office. In the next 3 to 4 weeks, the Trademark Trial and Appeal Board (TTAB) will decide whether the fraud claim can move forward.

Google and OpenAI rolled out their multimodal image generation abilities. Previously, when a Large Language Model AI generated an image, it wasn’t really the LLM doing the work.

Stop over-engineering goal trees. Focus on the layers you actually engage with. Volume, Filters, and Interfaces help leaders get the right level of detail.

Grammarly browser extension broke my website. Grammarly injects a stylesheet into web pages. It cannot be found by the web page itself using StyleSheetList. It is effectively a stealth stylesheet undetectable by the website itself.

Netflix’s personalized recommender system is a complex system, boasting a variety of specialized machine learned models. The impetus for constructing a foundational recommendation model is based on the paradigm shift in natural language processing (NLP) to large language models (LLMs)

Playwright is a powerful tool for comparing visual artifacts. The tool can be used to test your website’s style sheet. Playwright can also be used as a way to test the performance of your website.

The App is a self-hosted website that generates invoices. It is powered by a relational database served by Bunite and a back-end CSS. The App is written in C# and has a few custom classes.

WARNING: This release updates OpenSSL to 3.0.16 and root certificates to NSS 3.108. Node.js 18 is scheduled to reach End-of-Life on 30 April 2025. It is recommended to update to Node.JS 20 or 22 as it will no longer receive security updates once it reaches End- of-Life.

Bun's TypeScript declarations have been completely rewritten to eliminate conflicts with Node.js and DOM type definitions. Several bugfixes for node:http, node:crypto, and node:vm. Most production web applications read and write cookies.

LangSmith now provides end-to-end OpenTelemetry (OTel) support for applications built on LangChain and/or LangGraph. With this integration, you can trace the complete execution path of your LLM applications.

Amitabh Agrawal: Mac apps are a pleasure to use. He uses a Mac as his primary machine and has been using a bunch of apps that have become an integral part of his daily workflow. Here are some of the Mac apps that I use on a daily basis and that power my day.

Rust 1.86 fixes a bug that prevented upcasting to supertraits from working. The fix is in the beta channel, but stable release is just around the corner.

Anthony Dahanne is the founder of Tanzu Spring. Tanzu offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

After more than 13 years at the company, I am joining Cloudflare’s board of directors and retiring from my full-time position as CTO. I worked on a lot of systems that make up the CloudFlare that so many people around the world use today. I’ve been very proud of how we have supported and advanced the Internet itself.

Vibe coding is about leaning on AI agents to write most of the code for apps you're trying to build. Instead of writing code, you describe what you want your app to do, and AI tools handle the technical implementation. This frees you up to be more of a manager or director, focusing on the application's outcomes.

DuckDB provides a seamless way to handle large datasets in Python with Online Analytical Processing (OLAP) optimization. You can create databases, verify data imports, and perform efficient data queries using both SQL and DuckDB’s Python API. The tutorial will equip you with the practical knowledge necessary to get started with DuckDB.

Cloudflare defeated patent trolls Sable IP and Sable Networks. Sable agreed to pay Cloudflare $225,000 and dedicate all of Sable's patents to the public. Project Jengo is our prior art bounty program. It plays a fundamental role in our battle against patent trolls.

Google Gemini 2.5 is the first release in the Gemini 2 series. llm-gemini 0.16 adds support for the new model to my LLM command-line tool. I ran it with the prompt transcribe to see what would happen.

Lovable.dev is an innovative AI-powered platform that lets users build and ship a high-quality v1 of their software without writing code. Lovable leveraged LangSmith to gain visibility into its agent’s interactions, rapidly scaling its AI software engineer agent to $25M ARR in just 4 months.

Mozilla will offer an alternative to DLL injection for Data Loss Prevention (DLP) deployments in enterprise environments. DLL injections can cause crashes, bypassing of security features, or other unpredictable buggy behavior. DLP software is typically deployed to a fleet of corporate computers that are managed by an IT department.

European organisations are starting to question the use of American-owned clouds from Microsoft, Amazon, Google, and others. Could this lead to them treating those clouds like some are demanding NATO members to cancel F-35 fighter jet orders?

Join the worldwide developer community online for a week of technology and creativity. Be there for the reveal of the latest Apple tools, frameworks, and features. Learn to elevate your apps and games through video sessions hosted by Apple engineers and designers.

Python is a versatile programming language with many use cases in a variety of different fields. In this video course, you’ll see how you can use Python for:

Cloudflare is adding support for Model Context Protocol (MCP) MCP is the protocol that enables LLMs to go beyond inference and RAG. It enables AI agents to access tools and resources from external services. To date, MCP has been limited to running locally on your own machine.

OPKSSH (OpenPubkey SSH) has been open-sourced under the umbrella of the OpenPubkey project. It makes it easy to SSH with single sign-on technologies like OpenID Connect. It does this without adding a trusted party other than your identity provider.

I came across this awesome article navigator by Jhey Tompkins: It solved a UX problem I was facing on a project. I’ve adapted it to the needs of an online course — a “course navigator” if you will. Clicking on the disclosure’s <summary> toggles the course navigation.

Bun v1.2.6 is out. This release fixes 74 bugs (addressing 36 👍). node:crypto gets faster & more compatible. timeout option in Bun.spawn. Connect to PostgreSQL via unix sockets with Bun.SQL. Dev Server stability improvements. Initial support for node:test. Faster Express & Fastify.

R2 experienced an elevated rate of errors for 1 hour and 7 minutes on March 21, 2025. 100% of write operations failed and approximately 35% of read operations to R2 failed globally. R2 engineering team inadvertently deployed the new credentials (ID and key pair) to a development instance of the service instead of production.

This week, I'm in Portland, OR, then I'm off to Austin, TX for the Arc of AI show. I'm then off to Amsterdam for Voxxed Days Amsterdam. There's a ton of cool stuff to look at, so let's dive right into it!

Netflix is now streaming HDR10+ content on its service for AV1-enabled devices. The dynamic metadata included in our HDR10+. content improves the quality and accuracy of the picture. Netflix will continue expanding our HDR 10+ offerings with the goal of providing an HDR10 + experience for all HDR titles by the end of this year.

Logical properties are a great way to optimize our sites in advance. But they are currently limited to setting physical dimension. There are a few 2-value shorthands that have been implemented.

High-quality code is functional, readable, maintainable, efficient, and secure. It adheres to established standards and has excellent documentation. You can achieve these qualities by following best practices such as descriptive naming, consistent coding style, modular design, and robust error handling.

URLPattern is a standard published by the WHATWG (Web Hypertext Application Technology Working Group) which provides a pattern-matching system for URLs. The API provides developers with an easy-to-use, regular expression (regex)-based approach to handling route matching. Cloudflare Workers has supported URLPattern for a number of years now.

Security Week 2025 was held from March 23 to 24. Cloudflare announced new tools and features to help protect the Internet. Security Week 2025 is a bi-annual event that runs from March 1 to March 25.

Interactive Quiz ⋅ 13 QuestionsBy Leodanis Pozo Ramos In this quiz, you’ll test your understanding ofPython Code Quality: Tools & Best Practices. The quiz contains 13 questions and there is no time limit.

This episode features Will McGugan, founder of Textualize. Textual is a framework that brings a modern, GUI-like experience to terminal applications. Will also talks about concurrency and the future potential of free-threaded Python.

Vodafone is a leading European and African telecommunications company, serving over 340 million customers. The company has built several AI assistants using LangChain and LangGraph. These assistants facilitate intelligent data access, natural language-driven insights, and complex problem-solving.

Love Without Sound is an AI-powered tool for the music industry and law firms specializing in royalty negotiations. The company has helped publishers recover hundreds of millions of dollars in lost revenue for artists.

John Sutter: Designing an operating system is hard to talk about because it's seen as a process. He says it's hard to get people to think about how to design an OS outside of their two defined buckets. Sutter says some founders are big nerds when it comes to ways of working and operating system design.

Rust has a new trait called FromString which converts a string to an Error type. The trait can be used to convert a lot of types into an Error value. It is not guaranteed that this value is an actual Error type, but it is pretty useful.

Harvard researchers found that AI can boost productivity of individual knowledge workers. But most knowledge work isn’t purely an individual activity; it happens in groups and teams. Teams provide critical benefits that individuals alone typically can't.

Quick instructions for a drop-in FastHTML middleware for identifying performance bottlenecks in FastHTML apps.

Border-image is a new property that lets you add images to the borders of any element. It is one of the most underused CSS tools, and I can’t, for the life of me, figure out why. It can be because its syntax is awkward and unintuitive. It’s also because it doesn’n solve the type of creative implementation problems that most people need to solve.

Short-lived SSH access made its debut on Cloudflare’s SASE platform in October 2024. The company is thrilled to announce the release of a long-requested feature: clientless, browser-based support for the Remote Desktop Protocol (RDP)

Cloudflare One users can now use the CASB product to integrate with and scan Amazon Web Services (AWS) S3 and Google Cloud Storage. Scanning both point-in-time and continuously, users can identify misconfigurations in Identity and Access Management (IAM)

Cloudflare Email Security customers using Microsoft Outlook can now enhance their data protection using our new DLP Assist capability. This application scans emails in real time as users compose them, identifying potential data loss prevention (DLP) violations.

Lattice cryptography is the paradigm at the heart of the post-quantum (PQ) transition. PQ encryption has been available at our edge since 2022 and is used in over 35% of non-automated HTTPS traffic today (2025) The most pressing problem for the PQ transition is to ensure tomorrow's quantum computers don't break today's encryption.

Cloudflare announces new AI-powered algorithm that adapts to your organization’s unique traffic patterns to reduce false positives. DLP AI Context Analysis uses Workers AI and Vectorize to transform text into a vector.

Cloudflare for Government - Australia has been assessed under the Infosec Registered Assessor Program (IRAP) IRAP, established by the Australian government, provides a rigorous, standardized approach to security assessment for cloud products and services. Cloudflare’s global network offers governments and highly regulated customers a unique capability to be within 50ms of 95% of Internet users globally.

This week on the show, we speak with previous guest Al Sweigart about the third edition of “Automate the Boring Stuff With Python.” Al shares his thoughts on teaching Python and writing books over the past decade. We discuss Python tools for transcription, text-to-speech, notifications, and data storage.

Brad Frost has updated his blog with a new layout and font. He also made a time machine to visit his homepage throughout eight design iterations.

This week on Talk Python to Me, we dive into the world of outlier detection with Brett Kennedy. Outlier detection in Python opens the door to discovering hidden and potentially critical insights in your data.

OpenAI announces new models for text-to-speech and speech- to-text. New models suffer from the ever-present risk of accidental (or malicious) instruction following. How much we can rely on them by March 2025 is a question mark.

Forrester Research has recognized Cloudflare as a Leader in it's The Forrester Wave™: Web Application Firewall Solutions, Q1 2025 report. This market analysis helps security and risk professionals select the right solution for their needs. “Cloudflare stands out with features that help customers work more efficiently”

The :is() relational pseudo-selector can help make compound selectors a lot more readable. The selector’s specificity matches the most specific selector in the function’S arguments. Some articles suggest nesting selectors instead which is cool.

Cloudflare is closing all of the HTTP ports on its API. API calls are made over cleartext, which can expose sensitive information. Customers can opt-in to disabling all HTTP port traffic for their websites.

Cloudflare Aegis provides a dedicated IP address, or set of addresses, from which Cloudflare sends requests. Aegis also simplifies management by only requiring you to allowlist a small number of IP addresses. With Aegis, a customer does not necessarily have an Aegis IP address on every server if they are using IPv4.

Cloudy is the first version of Cloudflare AI agents, assistant-like functionality designed to help users quickly understand and improve their Cloud flare configurations. Powered by Workers AI, Cloudy will help review your WAF Custom Rules and provide a summary of what's configured across them.

Cloudflare is introducing a new unified Application Security experience. Modern applications are built using a variety of technologies. Traditional security categories like Web, API, client-side, and bot protection start to feel artificial.

Cloudflare is adding support for private hostname and IP address-defined applications directly within Access. A private application in this context is any application that is only accessible through a private IP address or hostname.

Simon Willison has decided to call a wrap on his weeknotes habit. The original goal was to stay transparent during his 2019-2020 JSK fellowship. I got to the point with weeknotes where I was feeling guilty about not keeping them up.

Henri Tremblay, head of TS Imagine Canada, Java Champion, Montreal JUG leader, EasyMock lead dev. Stay connected with the Spring newsletter. Subscribe VMware offers training and certification to turbo-charge your progress.

Inconvo is a YC S23 startup that simplifies data analysis for non-technical users. Inconvo leverages LangGraph to empower non- technical users to conduct data analysis seamlessly through natural language queries.

Andrej Karpathy coined the term ‘vibe coding’ to refer to code written with the assistance of AI. The term has since been featured in the New York Times, Ars Technica, the Guardian and countless online discussions.

LangGraph is a Python library designed for stateful, cyclic, and multi-actor Large Language Model (LLM) applications. Explore the full tutorial to gain hands-on experience with LangGraph. Set up workflows and build a LangGraph agent that can autonomously parse emails, send emails, and interact with API services.

Cloudflare has moved its heuristics engine to the Cloudflare Ruleset Engine. The new engine provides the flexibility to write more nuanced rules. It also makes our platform simpler and safer.

Cloudflare announces open beta of Firewall for AI. It protects user-facing LLM-powered applications from abuse and data leaks. It works with Cloudflare’s Web Application Firewall (WAF) to provide instant protection.

Cloudflare for AI is a suite of tools aimed at helping businesses, developers, and content creators adopt, deploy, and secure AI technologies at scale safely. Cloudflare’s network enhances user experience and efficiency by running AI closer to users.

Cloudflare has created a new tool to combat AI crawlers. It uses AI-generated content to confuse and waste the resources of bots. When you opt in, Cloudflare will automatically deploy an AI- generated set of linked pages.

Artifacts created by AI can be difficult to distinguish from everything else. Watermarking is a way to make it easier to identify these artifacts. Watermarks are based on cryptography and are only a couple of years old.

Cloudflare has developed a new AI model to detect the intent of JavaScript threats. Page Shield can now detect Magecart, crypto mining, and malware.

Interactive Quiz ⋅ 11 QuestionsBy Bartosz Zaczyński In this quiz, you’ll test your understanding of Python’s Bytearray: A Mutable Sequence of Bytes. The quiz contains 11 questions and there is no time limit.

Django 5.2 release candidate 1 is the final opportunity for you to try out a composite of new features. The release candidate stage marks the string freeze and the call fortranslators to submit translations.

The View Transition API, in particular, lets you create animated transitions between different website views. Most modern browsers support the View Transitions API except Firefox. You can achieve a basic view transition with just a few lines of CSS and HTML meta tag.