Top Stories

Bun is being ported from Zig to Rust

547 points · github.com/oven-sh

In a move that has the systems-programming corner of HN buzzing, Oven is rewriting Bun — the JavaScript runtime that built much of its identity around Zig — in Rust. The discussion has predictably split between Zig fans lamenting a high-profile defection and Rust advocates pointing to the maturity of the toolchain, library ecosystem, and the easier hiring story. Reading between the lines of the commit and Jarred Sumner’s earlier comments, the practical drivers seem to be memory safety guarantees, better debuggability, and the realities of scaling a contributor base beyond a small core team.

This is the kind of decision that ripples: Bun is one of the most visible production users of Zig, and a port of this size is a real signal about where the language stands in 2026.

How OpenAI delivers low-latency voice AI at scale

413 points · openai.com

OpenAI pulled back the curtain on the infrastructure powering its real-time voice products, and engineers are eating it up. The post details the audio pipeline, model serving choices, and the relentless latency budgeting required to keep a conversational agent feeling like a phone call rather than a chatbot. Their use of WebRTC, custom transport layers, and tight coupling between speech recognition and generation models is being closely parsed by anyone trying to ship voice agents.

Notable subtext in the comments: OpenAI hired Sean DuBois (a WebRTC heavyweight, and the post’s submitter) to lead this effort, which says a lot about how seriously the company takes voice as a primary modality.

294 points · thatprivacyguy.com

A privacy researcher caught Chrome quietly downloading a 4GB Gemini Nano model to user devices without prompting or an opt-in dialog. The piece walks through how to detect the install and the storage path it lands in, and the comments range from “this is exactly what people warned about with on-device AI” to “browsers update silently all the time, get over it.” The privacy and bandwidth concerns are obvious — 4GB is not a trivial download for users on metered connections, and the lack of consent UI is hard to defend.

Expect this one to escalate; regulators in the EU have been increasingly attentive to undisclosed data and resource use in major browsers.

Redis array: short story of a long development process

287 points · antirez.com

Salvatore Sanfilippo (antirez) is back writing about Redis internals, and the community shows up every time. This post is a candid retrospective on building Redis’s new array data type — the false starts, the design tradeoffs around memory layout and command surface, and what it took to ship something that fit Redis’s “small and sharp” aesthetic. It’s a rare look at how a deeply opinionated maintainer thinks about feature creep versus genuine user need.

For folks who’ve followed Redis through its license drama and the Valkey fork, this also lands as a reminder of what Redis development looks like when it works.

Train Your Own LLM from Scratch

272 points · github.com/angelos-p

A clean, well-documented repo walking through every step of building a transformer-based language model — tokenizer, attention, training loop, the lot — with no heavyweight framework dependencies. It’s the kind of educational resource that pops up periodically, but this one is being praised for the quality of the explanations and the readability of the code. Several commenters are using it as a teaching aid for graduate students and bootcamps.

If you’ve been meaning to actually understand what’s happening under the hood when you call the OpenAI API, this is a weekend well-spent.

Agent Skills

266 points · addyosmani.com

Addy Osmani, a familiar voice in web performance circles, weighs in on the emerging “skills” pattern for AI coding agents — the idea of packaging tool-use instructions, examples, and code into reusable bundles that an agent can load on demand. He covers the design tradeoffs, what’s working, and where the pattern still feels half-baked. The HN thread has turned into a broader debate about whether skills are just a rebranding of plugins or something more durable.

This is the kind of post that’s quietly shaping how teams structure their internal AI tooling for 2026.

Securing a DoD contractor: Finding a multi-tenant authorization vulnerability

199 points · strix.ai

A detailed write-up of how Strix, an AI-driven security startup, discovered a critical authorization flaw at a DoD-backed contractor that allowed cross-tenant data access. The post is part technical case study, part marketing for AI-augmented pentesting, and the comments dig into both the specifics of the bug class and the broader question of how much of modern security review is being automated.

Useful read if you’re building multi-tenant SaaS — these flaws keep showing up because tenant isolation is genuinely hard to get right.

Async Rust never left the MVP state

179 points · tweedegolf.nl

A pointed critique from the Tweede Golf engineering team arguing that async Rust, despite years of stabilization work, still feels unfinished compared to async stories in other languages. The post catalogs sharp edges — Pin, Send bounds, lifetime gymnastics, runtime fragmentation — and argues that the current state is hostile to anyone who isn’t already an async Rust expert. The comments are predictably heated, with the Rust team and prominent contributors pushing back on parts of the framing.

Worth reading whether you agree or not — it’s the kind of “the emperor has no clothes” piece that occasionally moves a community to act.

Formatting a 25M-line codebase overnight

171 points · stripe.dev

Stripe engineers tell the war story of running rubyfmt across their entire 25M-line Ruby monorepo in a single coordinated push. The piece covers the social engineering (getting hundreds of teams aligned), the technical engineering (parallelizing the formatter, handling edge cases), and the rollout strategy that kept CI green. It’s a fun read about the mundane-but-hard work of taming a massive codebase.

Lessons for Agentic Coding: What should we do when code is cheap?

78 points · dbreunig.com

Drew Breunig’s distillation of what he’s learned about working with coding agents in production. The thesis: when generating code is nearly free, the value shifts to spec quality, evaluation, and verification — and most teams haven’t restructured their workflows around that yet. Practical, opinionated, and short enough to actually read on your lunch break.