Web Design Security Web Basics

Tech & Design Picks: Things, Ideas, and Articles - 2025-12-19

📝  Various production-note

Author : Kota Shimizu

Table of Content

About This Article

In this post, I share noteworthy things and articles in tech and design that I discovered or experienced that day.

Defining AI Rules Required for Development

Source: “State of AI Coding 2025” – A Detailed Report on AI Coding That Has Become a Hot Topic Overseas

AI Rule Definitions (e.g. CLAUDE.md): Making AI Follow Team Prerequisites

One approach that is gradually becoming established is AI rule definition. A representative example is CLAUDE.md.

This is a simple mechanism: a rule file written in natural language that describes how AI should behave within a repository.

In this field, there are also AGENTS.md (for OpenAI / Codex-based tools) and .cursorrules (for Cursor), reflecting a growing practice of explicitly documenting project-specific implicit knowledge for AI.

Since no special tools are required and Git-based management is easy, “starting by placing a rule file” is becoming a de facto standard.

I had heard about this concept on a tech podcast before, but I haven’t actually tried it yet. I’d like to experiment with it.

Whether to Accept LLM-Generated Patches

Source: Should Open Source Projects Accept LLM-Generated Patches? — The Case of GCC

Within the GCC development mailing list, discussions are ongoing about whether such patches should be accepted. As reference material, policies adopted by the GNU Binutils and Glibc projects have been presented.

The article introduces a link to the Binutils policy on LLM content:

This policy states that, due to copyright concerns, patches generated directly by LLMs are not accepted. On the other hand, the use of LLMs for idea generation or reference purposes is permitted, provided it stays within legal boundaries and usage is explicitly disclosed.

Within the GCC community as well, there is currently no opinions supporting for accepting fully LLM-generated patches as-is. Especially for large patches exceeding 100 lines, many argue they should be handled with great caution.

These debates never really end, but they are truly interesting and very informative.

Is Firefox Also Becoming an AI Browser?

Source: Mozilla Appoints a New CEO and Declares Its Intention to Transform Firefox into a “Modern AI Browser”

Mr. Enzor-DeMeo clearly outlined three pillars for Mozilla’s future:

  • All products should provide users with clear choices and understandable controls.
  • Revenue models should be built around transparency, allowing users to clearly perceive value.
  • Firefox should evolve from a “browser” into a “trusted software ecosystem.”

AI browsers are extremely convenient, but privacy and security are concerns everyone has. When choosing a browser, it’s important to evaluate these aspects alongside functionality.

The Process of Discovering Vulnerabilities in the Documentation Platform Mintlify

Source: How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack · GitHub

This article explains vulnerabilities in the documentation platform Mintlify and the XSS techniques used to exploit them.
The author is security researcher daniel. Mintlify reportedly contacted him and promptly fixed the vulnerabilities.

The vulnerability was verified using the following method:

An SVG file containing embedded JavaScript was uploaded to the author’s own Mintlify account, and then accessed from a different domain.
In the example, access via a Discord domain was demonstrated. When Mintlify is used under a custom domain, the vulnerability allowed cross-domain access via those domains as well.

Mintlify also published an official blog post explaining their response.
The article reports the bug fixes and customer notifications carried out by Mintlify. This article is very educational to me.

Source: Mintlify Security Event - November 2025

I personally tried Mintlify in the past and found it to be a very convenient service. The UI is simple, yet the feature set is robust, and I’d like to use it in a future project.

Official Site: Mintlify – The Intelligent Documentation Platform

What I thought astonishing is that the researcher is 16-year-old.

I also learned for the first time that there is a cybersecurity service and platform called HackerOne.

Official Site: HackerOne | Global Leader in Offensive Security

Migrating from WordPress to a Static Site Generator and Its Benefits

Source: Migrating a Personal Website from WordPress to Hugo + AWS and Reducing Costs to 1/100

It has been a few months since the migration, and I’ve ended up with a system that is very pleasant to work with.

  • Cost: From ¥3,000 per month to just a few dozen yen by leveraging the free tiers of AWS and Cloudflare, resulting in annual savings of about ¥36,000.
  • Management: All change histories are stored in Git, making it clear what was changed and when.
  • Ease of writing: Since everything is in Markdown, articles can be edited using familiar text editors that are part of everyday workflows.
  • Avoiding vendor lock-in: If needed, there is the flexibility to switch to a different hosting service at any time.

The following points are similar to Headless WordPress, but represent advantages compared to traditional WordPress:

  • Security: There is no longer a need to worry about brute-force attacks on WordPress login pages.
  • Performance: Because the site consists of static files, page loading is extremely fast.

The explanation is simple and clear, and very helpful.

Designing Physical Products Through a Web Design Perspective!?

I thought this was an excellent way of thinking.
Please read the article.

A Package is a web site consisted of four pages

Package is usually thought of as “signboard,” but to us they looked like a single web page. We treated the four sides of the package as a website with page transitions, designing it as a UX with a time axis.

Source: Designing a Paper Carton Like a Website Led to a Hit Product Selling 3 Million Units – UX Perspective on “Milk no Sokubaku”

The OKLab Color Model for Creating Colors with a Consistent Tone

This color model was introduced in 2020, but I had never heard of it before.
It was the most exciting discovery of the day for me.

Another great point is that it is supported by all modern browsers.

oklch is a new color model designed so that changes in lightness and chroma are perceptually uniform. This means colors are perceived more accurately by humans, making them much easier to work with.

The oklch color format was introduced in CSS Color Module Level 4 and is widely supported by all modern browsers.

Source: Understanding OKLCH Colors Commonly Used in Modern CSS