This week a random assortment of recent pieces I found valuable. No strong themes seemed to emerge, but plenty of excellent reading to keep you up to date.
CSS Day now on Conffab
We also released the CSS Day talks on Conffab. Over a dozen really in depth and engaging talks on my favourite programming language (yep I went there, and after you see Amit Sheen literally build a CPU with CSS (including logic gates) you too will agree CSS is a programming language).
Bonus talks
There’s two bonus talks from CSS Day you can access with no sign in or sign up.
And if you’d like access to all the talks, with all the bonuses we add, the conference is available for $149, or with a Conffab Premium annual subscription–which also includes live stream access to all the conferences on Conffab, including all Web Directions conferences–for just $695.
I have run into any number of these incredible beings over the course of my career. I think this is what explains the curious durability of the “10x engineer” meme. It may be based on flimsy, shoddy research, and the claims people have made to defend it have often been risible (e.g. “10x engineers have dark backgrounds, are rarely seen doing UI work, are poor mentors and interviewers”), or blatantly double down on stereotypes (“we look for young dudes in hoodies that remind us of Mark Zuckerberg”). But damn if it doesn’t resonate with experience. It just feels true.
The problem is not the idea that there are engineers who are 10x as productive as other engineers. I don’t have a problem with this statement; in fact, that much seems self-evidently true. The problems I do have are twofold.
If you are a user of LLM systems that use tools (you can call them “AI agents” if you like) it is critically important that you understand the risk of combining tools with the following three characteristics. Failing to understand this can let an attacker steal your data.
The lethal trifecta of capabilities is:
The ability to externally communicate in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)
Access to your private data—one of the most common purposes of tools in the first place!
Exposure to untrusted content—any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM
Agentic coding tools are the hotness right now–but even a basic understanding of the architecture gives rise to security concerns. Here Simon Willison outlines a security anti-pattern he calls the ‘The lethal trifecta for AI agents’.
If you’ve been following along with advancements in HTML, such as the new popover API, you may have noticed that a new popover type (hint) recently landed in Chrome 133 (January 2025). But what exactly does it do?
The short answer is: popover=”hint” allows you to open an unrelated hint popover without closing other popovers in the stack. This means you can have an existing stack of auto popovers remain open while still displaying a hint popover.
We’ve covered the <dialog> element and popover API a bit at Conffab, and these and related APIs continue to evolve. The most recent additions are the hint popover type. Here Una Kravets details this soon to be ready for prime-time feature of the Web platform.
As computer systems get more sophisticated we’ve seen a growing trend to value deep specialists. But we’ve found that our most effective colleagues have a skill in spanning many specialties. We are thus starting to explicitly recognize this as a first-class skill of “Expert Generalist”. We can identify the key characteristics of people with this skill – and thus recruit and promote based on it.
In many professions, including software engineering, we tend to favour hedgehogs (perhaps in part because knowledge retrieval systems have been so rudimentary or cumbersome that deep specific knowledge of a field has been required to get to a level of expertise.)
Here Martin Fowler reflects on the foxes, what he calls ‘expert generalists’ in software engineering, and how LLMs might make this role more important.
“An Expert Generalist, armed with a solid grasp of fundamentals and the knack to master principles and patterns, can truly harness the power of LLMs. They’re not just asking an LLM to write code in a new language; they’re able to ask more insightful questions, critically assess the AI-generated suggestions against their broader understanding, and adapt those suggestions to fit sound architectural patterns. Their curiosity discourages them from simply accepting an answer, but to understand how proposed solutions work – which is exactly the behavior needed to overcome the unreliability inherent in LLM-given advice.”
Two approaches to fallback CSS scroll driven animations | Blog Cyd Stumpel
Scroll-driven animations are set to land in all major browsers by the end of the year, but I haven’t seen many people using them in production yet. Maybe because it still feels like an all-or-nothing feature, or maybe I’m just buried too deep in my little JS/creative dev corner again.
Scroll driven animations allow the creation of some very kids common interaction patterns that have long required JavaScript. Here Cyd Stumpel (who had a great talk on View Transitions at CSS Day we’ve just posted) looks at how you can use them today, events we await full support in browsers.
I’m Losing All Trust in the AI Industry – by Alberto Romero
I think the AI industry is facing a handful of urgent problems it’s not addressing adequately. I believe everything I write here is at least directionally true, but I could be wrong. My aim isn’t to be definitive, just to spark a conversation. What follows is a set of expanded thoughts on those problems, in no particular order.
As someone who is broadly optimistic about the benefits LLMs have already brought in some areas, while sharing a range of concerns like the issues of IP and energy use, as well as the potential impact on the structure of the economy and society (which as Ted Chiang has observed is a fear of capitalism), this resonated with me.
Another version of ECMAScript version has been approved by the TC39, and to keep my annual tradition I’m sharing what’s new in the ES2025 with simple practical examples. If you want to catch up with the previous editions, here you have them: 2024, 2023, 2022, 2021, 2020, 2019, 2018, 2017 and 2016. Now, let’s see what is new this year.
A new PNG spec was just released!Everyone, go update your 2003 forum avatars.
Jokes aside, this is exciting news. PNG is back to its former glory after its progress stalled for over two decades. Did you know the U.S. Library of Congress, Library and Archives Canada, and the National Archives of Australia recommend PNG? It is important that we keep PNG current and competitive. After 20 years of stagnation, PNG is back with renewed vigor!
The first ever W3C recommendation was PNG, back in 1996. It’s not been updated in over 20 years, but there’s an updated specification now to keep PNG, still incredibly widely used and supported, current for new color spaces and more.
The more time I spend using LLMs for code, the less I worry for my career – even as their coding capabilities continue to improve. Using LLMs as part of my process helps me understand how much of my job isn’t just bashing out code.
My job is to identify problems that can be solved with code, then solve them, then verify that the solution works and has actually addressed the problem.A more advanced LLM may eventually be able to completely handle the middle piece. It can help with the first and last pieces, but only when operated by someone who understands both the problems to be solved and how to interact with the LLM to help solve them.
A short but very salient piece by Simon Willison that I quote almost all of. Of late one of the criticisms I see quite a bit about LLM based code generation is along the ones of ‘writing code isn’t the main thing software developers focus on’. Which is an astute observation. But it is certainly a nontrivial chunk of what software engineers do. So tools that free up a developer’s time provide more time to allocate elsewhere–as Simon observes here.
Obviously, simply spending $1000 does not guarantee you a positive return! Here are some practices that we’ve found get more value out of large thinking models like o3 and Claude Opus:
$1000 a month sound like a lot to spend on a developer tool. But it works out to be $30-$40 day. Now most developers cost multiples of this an hour so if it’s saving you even 20-30 minutes a day it’s paid for itself. In my case it is saving me many multiples of that.
Learn how Web Components excel at progressively enhancing server-rendered HTML without worrying about additional dependencies, shadow DOM, or going full SPA.
We’ve been a long time proponent of Web Components here at Conffab, but they can be daunting to get started with. But there are ways to start adopting the that don’t require getting to grips with their full complexity. Start thinking about them as progressive enhancement and build from there.
CSS Intelligence: Speculating On The Future Of A Smarter Language
CSS has evolved from a purely presentational language into one with growing logical powers — thanks to features like container queries, relational pseudo-classes, and the if() function. Is it still just for styling, or is it becoming something more? Gabriel Shoyombo explores how smart CSS has become over the years, where it is heading, the challenges it addresses, whether it is becoming too complex, and how developers are reacting to this shift
CSS has evolved over the last 30 years from a straightforward replacement for decorative HTML tags like font and attributes like color to a sophisticated language for styling, layout, even generated content. Here Gabriel Shoyombo traces its history and growing complexity and sophistication, and takes a look at where the language might be headed in this excellent article.
Great reading, every weekend.
We round up the best writing about the web and send it your way each Friday.
