Bun Rewrites 535K Lines from Zig to Rust with 64 AI Agents — WordPress, TP-Link Flaws, and C# Innovations Follow
Bun creator Jarred Sumner used Anthropic’s Fable model and a 600‑line `PORTING.md` guide to migrate the entire Bun codebase from Zig to Rust — all 535,000 lines — with 64 AI agents. The rewrite avoids a year‑long manual effort for a runtime with 22 million monthly downloads, and the agents handled event‑loop ownership, borrow‑checker patterns, and crate selection after a mere three‑hour briefing.
On the security front, multiple critical flaws surfaced. WordPress 6.7.2 contains two pre‑auth SQL injection bugs (CVE‑2026‑63030, CVE‑2026‑60137) in the REST batch endpoint caused by a desynchronisation between validation and handler arrays, letting attackers query the database without authentication. TP‑Link Kasa cameras leaked precise GPS coordinates for six years via an unauthenticated UDP protocol; a hardcoded RSA private key, unsalted MD5 password hashes, and a flaw known since 2016 all contributed. In the IoT space, a single AWS IoT client certificate lifted from a Shark robot vacuum can execute root commands on an entire fleet because the cloud‑side policy lacks per‑device scoping.
.NET and C# gained two notable builds: Celly, a pure managed implementation of Google’s Common Expression Language, passes all 2,456 conformance tests and fills a gap left by Go, C++, Java, and Rust offerings; and Sigilgraph, a node‑based DAW, proves C# can handle real‑time audio synthesis by avoiding heap allocations, using `Span<T>` and SIMD in the hot path. Meanwhile, the Go team shelved memory arenas because the required `*arena.Arena` parameter infects every function signature. A 2020 essay reminds developers that Rust’s ownership model and slow compile times aren’t worth the trade‑off when a managed language suffices.
In on‑device AI, a clever MoE‑expert streaming technique runs a 120B‑parameter model (gpt‑oss‑120b) on a OnePlus 15R at 1.3–2.2 tok/s using only four CPU cores. By reading experts from flash with `O_DIRECT` and overlapping I/O with computation, the same method delivers usable 5.2 tok/s for Qwen3‑30B and 4.1 tok/s for Gemma‑4‑26B. Finally, a longitudinal study of Qubes OS shows 79.8% of public security bulletins originate from Xen or CPU microarchitecture, with annual disclosure rates plateauing since 2015, underscoring how even security‑hardened systems inherit their upstream risks.
» Statistics
- Posts
- 32
- Reads
- 9
- Avg. score
- 7.7
» Most read
- As LLMs Write More Code, Compiler Focus Shifts to Verification
- How Bun rewrote 535K lines from Zig to Rust with 64 AI agents
- Pre-Auth SQL Injection in WordPress Core via Batch API Desync
- Static Search Trees: 40x Faster than Binary Search
- Stereo2Spatial: Convert Stereo Music Tracks to Spatialized Binaural Mixes
- Value Polymorphism in Rust
- Why Go Killed Memory Arenas — And What It Means for Its Future
- Free, self-hostable Canva alternative: HyCanvas design tool
- The Computer at the Bottom of a Canal: The Story of Rekursiv
- PromptFiction Flaw: Auto-Submitted Hidden Prompts in Claude Desktop
» Top scored
- How Bun rewrote 535K lines from Zig to Rust with 64 AI agents
- Pre-Auth SQL Injection in WordPress Core via Batch API Desync
- Celly Brings 100% Conformant CEL to Native C#/.NET
- TP-Link Kasa cameras leaked home GPS via unauthenticated UDP for 6 years
- Real-Time Audio Synthesis in C#: Inside the Sigilgraph DAW
- MoE Expert Streaming Runs a 120B-Parameter LLM on an Android Phone
- Study: 80% of Qubes OS Security Bulletins Trace to Xen, CPU
- Shark Vacuum AWS Cert Flaw Lets One Key Hijack an Entire Fleet's Root Shell
- Why Go Killed Memory Arenas — And What It Means for Its Future
- Why Not Rust? A Balanced Look at Its Real Trade-offs