Sr. Content Developer at Microsoft, working remotely in PA, TechBash conference organizer, former Microsoft MVP, Husband, Dad and Geek.
157629 stories
·
33 followers

SE Radio 729: Garth Mollett on AI Supply Chain Security

1 Share

Garth Mollet, Senior Principal Product Security Engineer and Technical Advisor for Product Security at Red Hat, joins host Robert Blumen for a discussion of AI supply chain security. They start with the basics of supply chain security, including the key components of the AI supply chain, and how it differs from the conventional software supply chain. Garth discusses whether the attacks target model weights or inference, and describes the most common attacks and what's in it for the attacker, whether exfiltration, credentials, sabotage, or resources. The episode also considers SPIFFE, SPIRE, attestation, workload identity, and whether AI has the equivalent of "reproducible builds."

Brought to you by IEEE Computer Society and IEEE Software magazine.





Download audio: https://traffic.libsyn.com/secure/seradio/729-garth-mollet-ai-supply-chain-security.mp3?dest-id=23379
Read the whole story
alvinashcraft
47 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

What Happens to Code Review When Agents Write the Code with Vanitha Kumar @thoughtworks

1 Share
From: Hangar DX podcast
Duration: 31:19
Views: 5

Vanitha Kumar, Market Technology Director at Thoughtworks, joins Ankit Jain to talk about how code review holds up when agents are writing most of the code.

In this episode, they get into:

Why pre-integration is no longer the only place review should happen, and
How teams decide what's even worth reviewing when a feature spans twenty markdown files, and
What shifting review "left" into a teaching moment looks like in practice, plus

Chapters

00:00 Introduction to Code Reviews
02:50 Evolution of Code Review Practices
05:46 The Role of Collaboration in Code Reviews
08:24 Cultural Shifts in Code Review Practices
11:12 Harness Engineering and AI in Code Reviews
16:37 The Future of Code Reviews and AI Integration
22:05 Platform Engineering in the AI Era

đź“« Sign up for our email list for more podcasts, articles, events, and other updates: https://www.aviator.co/podcast

✏️ Subscribe for more videos: @Aviator-Co

🙌 Join a curated community of senior engineers and engineering leaders focused on developer experience and solving productivity challenges at scale! Check out our upcoming off-the-record online sessions where vetted, experienced professionals can exchange ideas and share hard-earned wisdom: https://dx.community/

Replace code reviews with verified intent
AI writes code faster than humans can review it. Aviator Verify provides compliance-grade verification through spec-driven development. Ship faster with complete audit trails. https://verify.aviator.co/

Read the whole story
alvinashcraft
47 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

WW 992: Gassy Jack - Largest Patch Tuesday in Microsoft History!

1 Share

Microsoft's July 2026 Patch Tuesday just shattered records with hundreds of bug fixes, and AI is the force behind the surge. Are we witnessing the beginning of a safer Windows, or is this flood of vulnerabilities the new normal? Plus, Tony Redmond's epic book has a new name (was Office 365 for IT Pros) and is now a bundle of four books.

Windows

  • Patch Tuesday is here!
  • Point in Time Restore, quieter Widgets, Windows Update improvements, Screen tint, and more
  • The biggest Patch Tuesday in history, by far: a record 570 fixes for security flaws, and a huge 3X increase from the then-record flaws fixed last month. (Some say the number is 622. Math is hard.) And this is on top of 468 Microsoft Edge/Chromium flaws that were fixed by Google this month too. Yikes.
  • Microsoft discusses how it's improving Windows security with AI
  • Windows Insider Program: Improved Windows Search is next on the docket, heading out to Experimental this week. Question: When do these things hit stable?
  • Microsoft releases Snapdragon X2 versions of its Surface for Business Pro and Laptop models

AI

  • Apple sues OpenAI for stealing trade secrets
  • Surprised there was no talk of "thermonuclear war"
  • OpenAI's response is hilarious, and it is already prepping its first hardware device
  • OpenAI just announced the rumored super app, which is a combination of ChatGPT, Work, Codex, and an in-app web browser, which replaces the standalone Atlas web browser. Also, GPT-5.6.
  • In keeping with recent history, Anthropic announced its in-app web browser for Claude less than 24 hours later
  • Reminder that Microsoft acknowledged that it, too, is working on an AI super app at Build
  • Apple releases public betas of its OS 27 releases and, shocker, Siri is really good
  • Now Spotify has an AI chatbot so I can tell it how much I hate Spotify

Xbox and gaming

  • Obsidian is working on a new Fallout game, duh.
  • A quiet time after last week's terribleness

Tips and picks

  • Tip of the week: Microsoft 365 for IT Pros (2027 edition) is here!
  • App pick of the week: MusicBee
  • RunAs Radio this week: Finding Security Vulnerabilities using AI with Sami Laiho
  • Brown liquor pick of the week: Sanctuary Single Malt Whisky Reserve Edition

Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell

Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly

Check out Paul's blog at thurrott.com

The Windows Weekly theme music is courtesy of Carl Franklin.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

Sponsors:





Download audio: https://pdst.fm/e/pscrb.fm/rss/p/mgln.ai/e/294/cdn.twit.tv/megaphone/ww_992/ARML3112263584.mp3
Read the whole story
alvinashcraft
47 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

Why identity is the Copilot unlock

1 Share

This is Part 2 of a three-part series. Part 1 mapped the people who decide whether your AI program ships. This one is for the Microsoft 365 admins and CIOs whose Copilot is paid for but not “on.” Part 3 will cover agent governance.

“We bought Copilot. Why can’t we turn it on?”
Maybe you’ve said this yourself. You have the licenses. You’re ready to assign them. Months later, Copilot still isn’t in front of a single clinician. The budget cleared. Leadership is asking for the productivity story they were promised, but the deployment is stuck.

The answer is not a license problem or a Copilot problem, but an identity problem. The identity foundation underneath isn’t ready. In healthcare, that foundation is harder to move than anywhere else I’ve worked. Get it right and two things turn on: a Copilot the clinician trusts at the bedside and the control plane for every agent that comes after. 

Why identity is the gate, not a checkbox

Microsoft 365 Copilot authenticates users through Microsoft Entra ID. Every Copilot interaction honors the permissions of the signed-in user through Microsoft Graph, so the question “What can this person see?” is answered by your identity layer, not by Copilot. One of the great things about Copilot is it has access to everything you have access to — this is also one of the concerning things about Copilot.

Two different controls play a role here. Identity decides who is at the door and how far you trust the sign-in. Data governance decides what they can reach once inside. Copilot leans on both, and Entra is the first of the two. It is the one that decides whether you can safely turn Copilot on at all. That is why a responsible admin won’t flip Copilot on until the identity foundation holds. They need multifactor authentication everywhere, Conditional Access that actually evaluates risk, and a least-privilege model they trust. All three live in Entra.

Here’s where healthcare gets specific. Plenty of the health systems I work with authenticate through Okta. Microsoft 365 still sits on Entra underneath, the directory it’s built on, but the front door is brokered elsewhere. When Okta is the primary authentication layer, Entra still authorizes Microsoft 365 access.

What changes is the signal Entra gets to see: 

  • MFA may be satisfied by a federated claim from Okta rather than evaluated by Entra.
  • Sign-in risk telemetry gets thinner on the Entra side, because Entra never sees the credentials go in at Okta. Okta is evaluating risk at its own front door, but those signals do not become Entra risk that Conditional Access and Entra ID Protection can act on. Some detections still fire offline. Atypical travel is one example, though the IP Entra logs can be Okta’s egress rather than the clinician’s. Leaked-credential detection still works, but it is the one Entra ID Protection signal that depends on password hash sync.
  • Device-compliance signals reach Conditional Access only if your devices are registered in Entra. The Okta front door does not register them. Federated, non-Entra-joined devices also never get an Entra device-bound Primary Refresh Token, so token protection stays dark. 

Risk-based Conditional Access and Entra ID Protection then miss the full picture. You are running the front door of your AI program on one system and governing Copilot’s data access on another. That gap is the gate. 

Two ways to close the gap, on two different timetables

The “fast” option keeps Okta but moves the Microsoft 365 sign-in to Entra. You defederate the Microsoft 365 domain to managed authentication and register Okta as an external authentication method for MFA. Entra now runs primary sign-in and Conditional Access, so it evaluates device state and risk directly, while Okta still handles the MFA challenge and stays the portal your users know for everything else. You are not ripping out Okta. You are moving one domain’s sign-in to Entra so the signals reach it.

This is the correct path when leadership wants the Copilot productivity story this quarter and a full identity migration is a multi-year mountain you cannot climb first. External authentication methods are generally available as the supported successor to Custom Controls (requiring Entra ID P1). Custom Controls is on a deprecation path, with new configuration blocked and full retirement staged across 2026 into 2027, so confirm the current dates in Microsoft’s documentation before you plan around them.

The “strategic” option consolidates identity on Entra outright. It is the harder path but the one that closes the gap completely. Full consolidation is also what lights up device-bound token protection everywhere, because federated, non-Entra-joined devices never get an Entra Primary Refresh Token. Consolidate when Okta is mostly doing single sign-on. Keep Okta as the identity provider for its other apps when it is load-bearing across the estate and pulling it out buys you a second migration you do not need.

Either way, the signals must reach Entra before Copilot goes on. If you take the fast path, that managed cutover still runs through the readiness gate and the downtime discipline below. You just skip the full-consolidation mechanics. And if any Microsoft 365 sign-in stays truly federated to Okta, treat it as interim: the thinner Entra telemetry and the absent token protection above stay in force until you close them, so pair it with compensating controls.

Healthcare’s identity constraints are not like other industries

In a normal enterprise, an identity migration is a weekend of change windows and a week of help-desk tickets. In a hospital, the same project touches patient safety. Four constraints make it different:

  1. EHR single sign-on dependencies. The electronic health record is the center of gravity. Epic, Oracle Health, Meditech, and the rest all integrate with your identity provider, often through a tap-and-go layer like Imprivata so a clinician can badge into a shared workstation in a second or two. Change the identity provider and you may change badge tap, workstation sign-in, EHR launch, e-prescribing, medication administration, and chart access. You cannot do that blindly.

  2. Round-the-clock, 24/7 care-continuity. There is no maintenance window. The health system runs every hour of every day. An identity change that would be a minor outage at a bank is, in an emergency department, a clinician who cannot open a chart during a trauma intake. The tolerance for downtime is not low. It is zero for anything on the critical path.  

  3. Clinician friction tolerance. Clinicians will accept a badge tap and a biometric. They will not accept a multi-step login at the bedside. Add ten seconds to a workflow they run eighty times a shift and they will route around it. Now your security control is theater. This is where the CMO and CNIO from Part 1 hold their veto as the clinical leaders who own care-continuity risk. 
  4. The regulatory audit trail. HIPAA expects access controls and a record of who reached ePHI and when. Whatever you build has to keep that trail intact through the migration, not reconstruct it afterward. 

None of these are reasons to stay on a fragmented identity model. They are the reasons to migrate carefully rather than quickly.

The Electronic Health Record (EHR) coordination problem

Of the four constraints, EHR integration is the one most likely to stall your migration. The single most common mistake I see is treating it as a pure IT project and looping in the EHR vendor late. The EHR is not a bystander here. It authenticates against your identity provider. The vendor has a say in how that integration changes. 

I watched one system set a hard cutover date before it talked to its EHR vendor. Three weeks out, it learned the tap-and-go integration had to be re-certified against the new identity provider. The date slipped by a month, and the fix was not technical. It was a conversation that should have happened at the start. 

Coordination effort varies by platform. Use this table to start the vendor conversation. Do not use it to set a cutover date.

EHR platform 

Entra integration path 

Coordination load 

Watch for 

Epic 

Federation to Entra supported; SAML / OIDC, SMART on FHIR for app-to-EHR authorization 

Moderate 

Hyperdrive SSO behavior; SMART on FHIR app registrations; Imprivata or tap-and-go path; test real clinical workstation flows in non-prod 

Oracle Health (Cerner) 

SSO via SAML; tap-and-go middleware (Imprivata) common 

Moderate to high 

Middleware re-point is its own workstream; validate proximity-badge flows 

Meditech 

Vendor-assisted SSO; middleware common 

Higher 

Plan added lead time for vendor coordination; confirm supported Entra patterns early 

The pattern across all three: the identity team cannot set the cutover date alone. The EHR vendor and the tap-and-go middleware owner are on the critical path with you. Bring them in while the plan is still a draft, not when you have a date to defend. 

The readiness gate: don’t start until these are true 

If the left column is true, do not put Copilot in front of clinicians until the right column is done. Hand this to your identity and access lead and ask for your system’s version. It turns “Are we ready?” into a list someone owns. 

If this is true 

Do not enable Copilot for clinical users until 

Okta enforces MFA but Entra risk policies are not active 

You have an Entra-led Conditional Access plan or a documented compensating control 

EHR SSO depends on tap-and-go middleware 

The EHR vendor and the middleware owner have tested the flow in non-prod 

Shared clinical workstations are in scope 

Badge tap, biometric, EHR launch, and chart access are validated by role 

Rollback needs daytime engineering support 

The wave is not approved 

Overshared or unlabeled sensitive sites remain 

The Copilot pilot scope is constrained to clean data 

The phased migration playbook

You do not migrate a hospital’s identity in one cutover. You move in stages, prove each one, and keep a way back at every step. Once those readiness gates are owned, the work becomes a migration sequence. The first five steps are identity work. The sixth is where identity readiness becomes Copilot readiness. These steps hold up across most Okta-to-Entra migrations I have seen:

  1. Pilot a low-risk department. Pick a non-clinical or low-acuity group first — finance or a back-office function, not the ED. Prove the end-to-end flow where a failure is an inconvenience, not a safety event. 
  2. Coordinate with the EHR vendor before you touch clinical users. Validate the EHR SSO and the tap-and-go path in a test environment with the vendor in the room. This is the step teams skip and regret.
  3. Cut over in waves, by care setting. Move ambulatory before inpatient and scheduled before emergent, though infusion and urgent care are ambulatory in name only. Sequence by real acuity, not by building. In practice, the first clinical wave is a low-acuity outpatient clinic of twenty or thirty providers, then med-surg, then the ED and ICU last. Each wave is small enough to roll back inside one shift.
  4. Validate against the real workflow, not a checklist. Confirm badge tap, biometric, EHR launch, and chart access for an actual clinician on an actual workstation. A green status page is not validation. A nurse opening a chart is.
  5. Enforce Conditional Access in report-only first. With identity consolidated on Entra, model MFA, device compliance, session controls, and risk-based access before you block anyone. Then enforce by wave once clinical workflows pass. This is the moment the security posture improves.

  6. Turn on the Purview controls Copilot will lean on. Start with sensitivity labels, audit, and an oversharing review, then add Data Loss Prevention. The Microsoft 365 Copilot location in Purview DLP is generally available for sensitivity-label-based blocking. Newer controls, like SIT-based prompt blocking, web-search restrictions, and DLP for Copilot Studio agents, are still rolling out or in preview depending on your tenant, so confirm what you have before the rollout depends on them.

Downtime is a patient-safety issue, not an IT metric 

The framing that changes how this project gets run: in a hospital, identity downtime is a clinical event. Treat it that way and the rest of the plan falls into place. A useful test for every mitigation is what I call the 2 a.m. trauma intake. Not “does this pass in a maintenance window,” but “does this hold when a trauma comes through the door at two in the morning and a clinician has to open a chart right now.” If your rollback story only works during business hours with the full team online, it is not a rollback story.

Run the project on the safest assumption: something will go wrong at the worst possible time. Plan for that time. A cutover safety check before any wave goes live: 

  • Failover path tested, not assumed. Know exactly what happens to authentication if the new path fails. Prove it in test. 
  • Rollback measured in minutes, not hours. If you cannot reverse a wave in about fifteen minutes, it is not ready to cut over during a shift when someone is mid-chart. Every wave needs a named owner who can make the call.
  • Downtime procedures clinicians already know. The EHR’s read-only or downtime mode is part of the plan. The floor has practiced it.
  • Validated at the worst hour, not the easy one. Sign-off includes an off-hours, high-acuity test, because that is when it will actually matter.
  • Help desk and clinical informatics briefed per wave. The people who answer the 2 a.m. call know a migration wave is live and what to do. 

What identity unlocks (and the bridge to agents) 

Here is what turns on: a clinician badges in once and Copilot is right there, scoped to exactly what that person is cleared to see, safe to use in front of a patient. That is the payoff. The control plane underneath is what makes it safe to leave on. 

With Entra as the foundation, the liability ownership Legal wanted in Part 1 and the access controls the CISO needed are finally yours to run. Identity secures the perimeter. Most of what follows is the data-governance work it is now safe to start. Here is what to enable after the migration and where each control lives.

Post-migration control 

What it unlocks for Copilot and agents 

Where it lives 

Healthcare watch-out 

Conditional Access, Copilot-scoped 

Real-time access decisions on user risk, device health, and location 

Microsoft Entra 

Start report-only; enforce by care-setting wave 

Sensitivity labels 

Label-aware responses; protected content stays protected 

Microsoft Purview 

Label ePHI and research data before broad enablement 

Oversharing review 

Stops Copilot surfacing overshared sites and files 

Purview / SharePoint 

Run clinical and research SharePoint first 

Audit 

Full trail of Copilot activity for Legal and the CISO 

Microsoft Purview 

Keep the HIPAA ePHI access trail intact through cutover 

DLP for Microsoft 365 Copilot 

Restricts sensitive content from Copilot grounding and prompts 

Microsoft Purview 

Confirm which controls are GA in your tenant 

Every agent you build acts as an identity or on behalf of it. You cannot govern what an agent can reach if you cannot govern who the agent is. After this migration, you can. 

Identity is the gate. It is also the most underestimated project in a healthcare AI program, because it looks like plumbing and behaves like patient safety. Get the identity foundation right and Copilot can turn on without the security story degrading. Data hygiene, oversharing, and clinical adoption still matter, but the gate is open. You are ready for the harder question: not whether you can deploy an agent, but which agents should exist, whose identity they run under, what they can reach, and who can shut them off. 

Part 3, “Agent Governance Is Organizational Readiness,” closes the series. Governance is not the brake on agents. It is what allows you to say yes to them.

Product names, availability, and timelines reflect Microsoft guidance at the time of writing and can change. Verify current state against official Microsoft documentation for your tenant. 

Charles Wallace is a Senior FastTrack Architect at Microsoft. He works on Microsoft 365 Copilot and agent adoption across healthcare and life sciences. His focus is the security, identity, and governance foundations that decide whether AI deployments actually succeed. 

 

 

 

 

 

Read the whole story
alvinashcraft
48 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

pointer-events

1 Share

The pointer-events property controls whether an element can become the target of pointer events like clicks, hover states, and other pointer-based events. In other words, it lets you decide whether the browser should treat an element as interactive when the pointer is over it.

.no-pointer-events {
  pointer-events: none;
}

To understand how the property works, it helps to know what the browser does before it fires a pointer event. First, it has to determine which element is under the pointer. This process is known as hit-testing.

Normally, the browser chooses the topmost element under the pointer. But if that element has pointer-events set to none, the browser skips it and continues looking for the next eligible element underneath.

Once you think about pointer-events this way, most of its behavior starts to make sense. Rather than disabling events, it simply changes which element (or, in the case of SVG, which part of an element) becomes the event target in the first place.

Syntax

pointer-events: auto | bounding-box | visiblePainted | visibleFill | visibleStroke | visible | painted | fill | stroke | all | none;
  • Initial: auto
  • Applies to: All elements. In SVG, it applies to container elements, graphics elements, and the element.
  • Inherited: Yes
  • Computed value: Specified keyword
  • Animation type: discrete

Values

pointer-events: auto;
pointer-events: none;

/* SVG values */
pointer-events: visiblePainted;
pointer-events: visibleFill;
pointer-events: visibleStroke;
pointer-events: visible;
pointer-events: painted;
pointer-events: fill;
pointer-events: stroke;
pointer-events: bounding-box;
pointer-events: all;

/* Global values */
pointer-events: inherit;
pointer-events: initial;
pointer-events: revert;
pointer-events: revert-layer;
pointer-events: unset;

Besides the standard CSS global values shown above, pointer-events defines eleven keyword values. You’ll use auto and none with both HTML and SVG elements, while the other nine are SVG-only and provide finer control over which parts of a graphic can receive pointer events.

  • auto: The default value. The element behaves normally and can receive pointer events. In SVG, this behaves the same as visiblePainted.
  • none: The element itself can’t become the target of pointer events, meaning it can’t be clicked or hovered. Instead, the browser targets whatever is underneath it.

SVG-only values

  • visiblePainted: The element only receives pointer events when it’s visible (visibility: visible) and the pointer is over a painted part of the graphic. In other words, it’s over a filled area (fill is not none) or a stroked edge (stroke is not none).
  • visibleFill: The element only receives pointer events when it’s visible and the pointer is over its fill, regardless of the value of the fill property, meaning it can even be set to none.
  • visibleStroke: The element only receives pointer events when it’s visible and the pointer is over its stroke, regardless of the value of the stroke property.
  • visible: The element only receives pointer events when it’s visible and the pointer is over either its fill or stroke, regardless of the values of the fill and stroke properties.
  • painted: The element only receives pointer events when the pointer is over a painted part of the graphic (its fill or stroke), regardless of the value of the visibility property.
  • fill: The element only receives pointer events when the pointer is over its fill, regardless of the values of the fill or visibility properties.
  • stroke: The element only receives pointer events when the pointer is over its stroke, regardless of the values of the stroke or visibility properties.
  • bounding-box: The element receives pointer events anywhere inside its bounding box—the smallest rectangle that completely surrounds it—regardless of its shape, even if parts of that area aren’t painted.
  • all: The element receives pointer events when the pointer is over either its fill or stroke, regardless of the values of the fill, stroke, or visibility properties.

Children can opt back in

One thing that’s easy to miss is that pointer-events is an inherited property. Setting pointer-events to none on a parent means its children inherit that value as well. However, any child can override the inherited value by setting pointer-events back to auto (or another valid value).

.parent {
  pointer-events: none;
}

.child {
  pointer-events: auto;
}

In this example, the parent ignores pointer events, but the child can still become their target.

A common use case is a modal. You might use a full-page container to center the modal, but that container also covers the entire viewport. Without changing its pointer-events value, it prevents pointer events from reaching the elements underneath it. Setting pointer-events to none on the container fixes that, but because the property is inherited, you’ll also need to restore the modal itself with pointer-events set to auto.

In the following demo, when the pointer-events property is specified as none you can interact with the background buttons even though they are behind the overlay.

Event propagation still works

The pointer-events property only determines which element becomes the event target. It doesn’t change how events travel through the DOM afterward.

For example, if a child with pointer-events: auto is clicked inside a parent with pointer-events: none, the child still becomes event.target. From there, the event follows its normal capture and bubble phases, so event listeners attached to the parent still run.

In other words, pointer-events affects target selection, not event propagation.

In the following demo, you can see how the parent with pointer-events: none can still receive click, pointerenter, and pointerleave when you click or move the pointer into or out of its interactive child.

pointer-events doesn’t disable an element

The pointer-events property only prevents the element from becoming the target of pointer events. Therefore, the element can still receive keyboard focus with the Tab key, and users can continue interacting with it using the keyboard if it’s otherwise focusable.

If you need to disable a native form control, use the disabled attribute instead. And if your goal is to make an entire section of the page completely non-interactive—including pointer input, keyboard focus, and the accessibility tree—the inert attribute is a better choice.

pointer-events doesn’t prevent text selection

Setting the pointer-events property to none doesn’t stop users from selecting text. For example, users can still select the text by pressing Ctrl/Cmd + A on the keyboard.

That’s because text selection isn’t determined by whether an element can become the target of pointer events.

If your goal is to prevent text from being selected, use the user-select property instead.

.avoid-user-selection {
  user-select: none;
}

Try selecting the text in each block below:

Demo

When building a navigation menu, a common pattern is to hide a submenu by setting its opacity to 0 and then make it visible when the user hovers over its parent menu item. The problem is that the submenu is still there, so it can still receive pointer events even though you can’t see it.

Below, you can see two identical menus. One hides its submenu using only opacity, while the other also uses pointer-events. Hover over the hidden submenu area and try interacting with the content behind it to see how pointer-events prevents invisible elements from getting in the way.

Also, to better understand how each SVG value of this property works, pick one from the dropdown and move your pointer around the ring: over its filled band, inside its hollow center, and over the empty corners of the dashed bounding box. Notice how the interactive area changes with each value.

Browser Support


pointer-events originally handwritten and published with love on CSS-Tricks. You should really get the newsletter as well.

Read the whole story
alvinashcraft
48 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

MCP Resources and Prompts in C#: Exposing Data and Reusable Templates

1 Share

Learn how MCP resources in C# expose readable data with URI templates, then use MCP prompts so .NET teams can publish reusable agent workflow templates.

Read the whole story
alvinashcraft
48 minutes ago
reply
Pennsylvania, USA
Share this story
Delete
Next Page of Stories