aa1337

@croloris @merlinaudio_ Would be great to have officially supported compiler hooks for tools like this.

for sure there's interest in eventually enabling easy IR analysis by other tools, but afaik the current perspective on this from the core team is that it's not likely that it will be something as fool-proof as the borrowchecker, unless we end up discovering something big that somehow Rust has missed till today. I believe the project you're referring to is github.com/ityonemo/clr. I believe Isaac is more optimistic about what it can be done, but I guess the burden of proof is on him, at least for now

My take on the bun stuff #c_kvngy9" target="_blank" rel="nofollow noopener">lobste.rs/s/lapqbz/bun_s…

@theo Why not fix the zig code? If you can write the bugs in, you can write the bugs out.

uv has 350k lines of Rust, and 73 "unsafe" calls. The Bun Rust port is already 681k lines of Rust, and has over 13,000 "unsafe" calls.

@ash_csx Post the weights in a tweet

We’re dropping two open source SLMs this week. 1. One of them matches SOTA accuracy at up to 93x smaller. 2. The other one beats a recent OpenAI model. Model #1 drops tomorrow 👀

@lcamtuf My first computer had 5k of ram and audio cassettes for storage.

kids these days

@jeremie_strand @simonw You sure bro?

@simonw this framing also matters for security-critical projects. if a contributor doesn't deeply understand the code they submitted, who's gonna catch the subtle bugs during incident response? AI can write the PR but it can't carry the on-call pager

The Zig project's rationale for their blanket ban on AI-assisted contributions makes a lot of sense to me - for them, time spent reviewing PRs isn't about the code, it's about growing new contributors for the future of the project simonwillison.net/2026/Apr/30/zi…

@unclebobmartin In other news, F# is just a derivative of Scala

I'm struck by the number of complaints about my assertion that C# is derivative of Java. I guess people just don't know the history of the language.

@tqbf A fun experiment is to ask Claude to test his own math limits by creating a bunch of problems for himself, answer without a program then write the program to check if he's right. Hell spit out a nice report on the limits of LLM doing math with programs.

There's a folk belief that LLMs & agents are incapable of doing math, because they can't count the "i's" in "raspberry" or something. That claim has been obsolete for at least a year now and if you're making it, be aware it's a shibboleth for "I'm not paying attention".

@moyix I always get "clean negative result".

TBH one advantage Codex has is that although it *does* do the annoying thing of trying to spin its failures as a success story ("materially sharpened our understanding of the failure"), it's so socially incompetent that the lies are easy to spot

@unclebobmartin A job so easy even haiku could do it

Have you ever scanned an error.log file trying to get an idea of what's going on? I installed codex into the Raspberry pi controlling the flight school status board I've been working on. This morning I asked codex this: "What is the pattern of communication failures since midnight." It replied: What stands out is that today’s failures are concentrated in a 2-minute burst around 03:20-03:22, and they are server-side 500 responses, mostly hitting reservations. There are no Read timed out, DNS, or Network is unreachable errors since midnight today, so the pattern since midnight is a brief backend- error cluster, not a broad connectivity failure.

@cmuratori @NinadSachania @humberto_jr_ Would much rather have his game for Christmas than any AAA game

@NinadSachania @humberto_jr_ No (at least not as far as I know), but I always assume that any indie game scheduled for late in a year won't ship at that time because you don't want to compete with AAA games at Christmas :)

Apparently, "What have you built" and "What have you shipped" are the modern incarnations of "How many lines of code have you written?" But I recall a post of @cmuratori not long ago reasoning why Jon Blow is not a bad developer just because he rarely releases something.

@unclebobmartin That's a much better name than I use. I always called them "Funkygroupydats" . I guess naming things really is hard.

Do objects still matter in agentic development? Of course they do. What else is it that you think the AI‘s are manipulating? It doesn’t matter what language the AI’s use. It doesn’t matter what typing scheme the AI’s use. it doesn’t matter what frameworks or platforms the AI‘s use. When the AI‘s write code, they create little groupings of functions and data that are tightly encapsulated. Ie, objects.

@lcamtuf I remember when SATAN got compared to giving every hacker a rocket launcher.

I still remember when I had to put out a press release saying that afl-fuzz was too dangerous to make available to the general public

@bcardarella @elixirlang Why don't you tell it to write the code the way you want it written?

I don't know why people keep insisting that AI is good at writing @elixirlang.

@mitchellh Today I got an: ahhhhh shit my bad , let me fix that.

Now I understand the full picture. The cleanest fix is... But actually, the real fix simpler... Actually wait. The best fix: Now the real fix. Actually, let me reconsider. OK Key finding: Wait I need a hardware device I can physically punch to stop the agentic session.

@xlab_os Don't use zig for your own safety. Hear that children? You don't have your learners permit, you shouldn't be driving. Stay off the road! And don't use zig. It will eat your brain burn down your house and make your pets sick. I read it on Facebook.

Zig is not a memory safe language and does nothing to protect the runtime from mistakes with memory. I don't get the trend to make another "sexy" language out of it just to rewrite all existing software. Yes it is fast, but it also crashes fast. Bun crashes, Ghostty crashes, I don't want to know the name of next big thing that is written in Zig and also crashes. In 2026 many segfaults or memory corruption errors can be weaponized to exploit systems. If you take slow but safe software and rewrite it into Zig you are actually working backwards. LLMs are also terrible at Zig because there isn't much code base and documented mistakes to learn from. One of my few exploration attempts was about making a CLI app with a buffer and mouse handling. It was one-shotted okay, but upon launch it just started to print raw bytes from my RAM onto the buffer. Basically exposing adjacent apps state. Zig might sound cool for people coming from the web world (where everything runs in the most safe sandbox imaginable) or even non-CS-backgrounded people who just pick a language that is popular on X, but this is a really bad bad option for anything with >0 users. Before LLMs - maybe, but not in today world. If you want raw power - write in C, ASM, use ASan. Also, Rust is not perfect but at least it offers something.

@VictorTaelin Your trusted kernel isn't 100k lines I hope?

Anthropic claims they won't launch Mythos because it exposes bugs in software, making it too dangerous. I'm the creator of a new language named Bend (19k stars on GitHub). Its version 2 is coming next month, including a 10x faster CPU and GPU runtime, compilers to 5 different languages, a massive stdlib, and, most importantly, a *complete proof checker*. That makes it the first general language that can prove the correctness of its own programs, so, conveniently enough, it could be the way out of this very mess Anthropic is worried about. Sadly, Bend2 is now reaching 100k lines of code, making it increasingly hard for us to audit and verify it all. Proof checkers are particularly security-sensitive, because a single bug can lead to false theorems being accepted, undermining the entire trust model of the system. Even Lean, Coq and Agda had bugs in the past. We just finished Bend's initial consistency checker. Having Myhos audit our implementation would greatly improve Bend's security. In turn, a secure Bend could greatly improve the security of all other software, providing a solution the very problem that prevents Mythos from being released. I hope this message reaches someone from Anthropic, and they kindly consider letting Bend2 be part of Glasswing!

@rndhouse @tqbf Oh great idea for a next target!

@tqbf What can individuals do to better protect themselves during this transition, beyond the obvious? Is this a strong argument for Qubes OS for example?

I'd say "I called this" but I didn't really call anything; more like standing on the shore going "yup, the tide is coming in". Most important open source project, went from slop reports to drowning in real vulnerability reports: lwn.net/Articles/10656…

@unclebobmartin Use two models. Use the nice desktop app with one of them. Stay high level, plan and write specs to throw over to the coder. Keep the two contexts separate.

I am in the midst of debugging a very persistent problem. The desired end result is the outcome of a long causal chain. That chain was described in a plan document that the AI implemented. At every step along that chain the AI made silly (to me) assumptions about the state of the system. It tested states before they were set, it made decisions that were myopically correct but made no sense given the desired end state. So I've been walking the AI through each step, having it dump debug logs, and diagnosing each dumb decision, one at a time. And with each change it needs write new tests, and alter old mistaken tests. It's a slog.

@mitchellh Here's a local only "mail" for agents working in different directories. Written in zig of course. github.com/awesomo4000/bo…

I'm dying for pi-mono-style minimal library that handles the hard parts of email (auth, syncing with local state, etc.) and gives me an opinionated way to add agentic loops on top of that. I want to build my own agents and logic and guardrails, I don't trust vendors right now.

@mitchellh Are you planning to extract this part into a standalone project I can depend on from my buildzigzon?

More libghostty C progress: encoding APIs for mouse reports, focus events, and mode reports. Mode read/write on terminals. The current goal is to expose all major event/response formats as high level APIs. The core idea is to minimize the glue between UI framework events (mouse events, key inputs, focus, etc.) and libghostty to provide accurate terminal emulation.