Piyush Katariya

“The saddest aspect of life right now is that science gathers knowledge faster than society gathers wisdom.” ― Isaac Asimov

@lemire Better late than never ! Still AMD64 only

Wait ? What ? Is Go adding support for data parallellism (SIMD) in the standard library ? If Go starts adding SIMD support, I'll need to add a new chapter to my Go book. amazon.com/Mastering-Prog…

SaaS (Slop as a Service)

@saltyAom Relax, They are yet to fix memory issues in Rust branch.

Bun Rust Fixed memory usage from 6.5 → 5.8MB Basic HTTP server from 9.0 → 6.0MB Memory usage actually went down somehow Saw no significant memory reduction from running other projects tho but this is a good sign that things might probably get better over time

@realamlug I scanned through your repo yesterday. Building most used extensions in Rust itself is good idea actually 🤓. I thought you guys be using some tiny JS engines

@ppkatariya We are working on getting ink to work completely. However, you might find our TUI tools that we natively povide of similar value: docs.perryts.com/tui/overview.h…

We are working hard to get Perry to have as much node/bun comparability as possible. Even some dynamic imports are now supported! You can follow along in real time by looking at our issues: github.com/PerryTS/perry/… Building in public is fun, join us! :)

👍 🚀 microsoft.com/en-us/research…

Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet?

💚🙏

“𝘛𝘩𝘦 𝘱𝘳𝘰𝘥𝘶𝘤𝘵𝘪𝘰𝘯 𝘰𝘧 𝘵𝘰𝘰 𝘮𝘢𝘯𝘺 𝘶𝘴𝘦𝘧𝘶𝘭 𝘵𝘩𝘪𝘯𝘨𝘴 𝘳𝘦𝘴𝘶𝘭𝘵𝘴 𝘪𝘯 𝘵𝘰𝘰 𝘮𝘢𝘯𝘺 𝘶𝘴𝘦𝘭𝘦𝘴𝘴 𝘱𝘦𝘰𝘱𝘭𝘦.” — 𝘒𝘢𝘳𝘭 𝘔𝘢𝘳𝘹

Java is so much behind C# in many ways. In fact, C# has evolved so much in last few years that it challenges every other programming language at providing both higher level and lower level abstractions to work with 🔥

so we built psql_bm25s. exact BM25 retrieval. native Postgres access method. ~23x faster than pg_search on the standard benchmark. retrieval stops being a budget item. the harness stops rationing. the agent gets to look things up like it should have the whole time.

"AAA graphics aren't possible in the browser" Hold my beer 🍺

Kabhi socha nahin, but 1 day remote for 500 employees means 30 k liters of petrol saved a year. Wed r now WFH 🇮🇳

A Single Neuron Is Sufficient to Bypass Safety Alignment in Large Language Models arxiv.org/pdf/2605.08513

who up teaching people to yearn for the vast and endless sea

Rust + Tokio → Async Systems Rust + Actix → High-Performance APIs Rust + Axum → Modern Backend Rust + Diesel → ORM / DB Access Rust + SQLx → Async Database Rust + WebAssembly → Browser Apps Rust + Yew → Frontend (WASM) Rust + Tauri → Desktop Apps Rust + egui → Native GUIs Rust + Bevy → Game Development Rust + wgpu → Graphics Rust + Embedded Rust → Firmware / IoT Rust + Linux Kernel → Systems Rust + Polars → Data Processing Rust + Arrow → Analytics one language >performance >safety >systems >full-stack (yes) and people still say “rust is too hard” 👇

@theo The port is meant to initially be as close as possible to the Zig implementation. Bun embeds JavaScriptCore, libuv, mimalloc, uWebSockets, uSockets, lsquic and several C/C++ libraries. These usages of unsafe are reasonable and expected This will get better though

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.

Most engineering managers don’t manage engineering. They manage anxiety: endless standups, status reports, sprint rituals, velocity charts. A theater of control designed to compensate for the fact that nobody actually understands the system anymore.