« All posts

» Summary

Jul 18, 2026

Jul 18, 2026
live

Bun Rewrites 535K Lines from Zig to Rust with 64 AI Agents — WordPress, TP-Link Flaws, and C# Innovations Follow

Bun creator Jarred Sumner used Anthropic’s Fable model and a 600‑line `PORTING.md` guide to migrate the entire Bun codebase from Zig to Rust — all 535,000 lines — with 64 AI agents. The rewrite avoids a year‑long manual effort for a runtime with 22 million monthly downloads, and the agents handled event‑loop ownership, borrow‑checker patterns, and crate selection after a mere three‑hour briefing.

On the security front, multiple critical flaws surfaced. WordPress 6.7.2 contains two pre‑auth SQL injection bugs (CVE‑2026‑63030, CVE‑2026‑60137) in the REST batch endpoint caused by a desynchronisation between validation and handler arrays, letting attackers query the database without authentication. TP‑Link Kasa cameras leaked precise GPS coordinates for six years via an unauthenticated UDP protocol; a hardcoded RSA private key, unsalted MD5 password hashes, and a flaw known since 2016 all contributed. In the IoT space, a single AWS IoT client certificate lifted from a Shark robot vacuum can execute root commands on an entire fleet because the cloud‑side policy lacks per‑device scoping.

.NET and C# gained two notable builds: Celly, a pure managed implementation of Google’s Common Expression Language, passes all 2,456 conformance tests and fills a gap left by Go, C++, Java, and Rust offerings; and Sigilgraph, a node‑based DAW, proves C# can handle real‑time audio synthesis by avoiding heap allocations, using `Span<T>` and SIMD in the hot path. Meanwhile, the Go team shelved memory arenas because the required `*arena.Arena` parameter infects every function signature. A 2020 essay reminds developers that Rust’s ownership model and slow compile times aren’t worth the trade‑off when a managed language suffices.

In on‑device AI, a clever MoE‑expert streaming technique runs a 120B‑parameter model (gpt‑oss‑120b) on a OnePlus 15R at 1.3–2.2 tok/s using only four CPU cores. By reading experts from flash with `O_DIRECT` and overlapping I/O with computation, the same method delivers usable 5.2 tok/s for Qwen3‑30B and 4.1 tok/s for Gemma‑4‑26B. Finally, a longitudinal study of Qubes OS shows 79.8% of public security bulletins originate from Xen or CPU microarchitecture, with annual disclosure rates plateauing since 2015, underscoring how even security‑hardened systems inherit their upstream risks.

» Statistics

Posts
32
Reads
9
Avg. score
7.7

» Most read

  1. As LLMs Write More Code, Compiler Focus Shifts to Verification27.8
  2. How Bun rewrote 535K lines from Zig to Rust with 64 AI agents29.1
  3. Pre-Auth SQL Injection in WordPress Core via Batch API Desync19.0
  4. Static Search Trees: 40x Faster than Binary Search17.5
  5. Stereo2Spatial: Convert Stereo Music Tracks to Spatialized Binaural Mixes17.9
  6. Value Polymorphism in Rust17.1
  7. Why Go Killed Memory Arenas — And What It Means for Its Future18.0
  8. Free, self-hostable Canva alternative: HyCanvas design tool07.3
  9. The Computer at the Bottom of a Canal: The Story of Rekursiv07.6
  10. PromptFiction Flaw: Auto-Submitted Hidden Prompts in Claude Desktop07.5

» Top scored

  1. How Bun rewrote 535K lines from Zig to Rust with 64 AI agents29.1
  2. Pre-Auth SQL Injection in WordPress Core via Batch API Desync19.0
  3. Celly Brings 100% Conformant CEL to Native C#/.NET08.3
  4. TP-Link Kasa cameras leaked home GPS via unauthenticated UDP for 6 years08.3
  5. Real-Time Audio Synthesis in C#: Inside the Sigilgraph DAW08.3
  6. MoE Expert Streaming Runs a 120B-Parameter LLM on an Android Phone08.3
  7. Study: 80% of Qubes OS Security Bulletins Trace to Xen, CPU08.1
  8. Shark Vacuum AWS Cert Flaw Lets One Key Hijack an Entire Fleet's Root Shell08.0
  9. Why Go Killed Memory Arenas — And What It Means for Its Future18.0
  10. Why Not Rust? A Balanced Look at Its Real Trade-offs08.0

» Sources

TomsHardware6Hashnode #156Hacker News — Front Page4Artificial Intelligence Reddit3Hashnode #12Hashnode #182Frontend Development Reddit2Hashnode #141Dev.to1İşletim Sistemi Reddit1Programming Languages Reddit1Backend Development Reddit1Hackread1Hashnode #101