If it has tests and responsible management, sure why not. I generally feel more comfortable if something is 1) widely used & scrutinized 2) managed competently. But that's orthogonal to how (not if) people use AI. Having good tests, reviews, etc. is much more important.
Do people trust random NPMs developed by random people on the internet? Apparently we do given all the recent issues with supply chain attacks.
I have a problem with people using vibe coding to refer to any contribution for which AI is used. I think it is inaccurate. People providing very low quality contributions to projects is a problem. But the real problem is people accepting such contributions.
The problem is that we are not talking about an application but a runtime. A bug in the Bum platform can have much more serious consequences than in a lone app. Unless there is a deep thoroughly review by the maintainers, I wouldn’t trust it.
Tests can only catch a small subset of the possible ways things can go wrong. Our development practices still rely heavily on the authors of the code knowing what they wrote.
If you ran that converter multiple times, did you get the same output? I think that's the crux with automated codebase conversion via LLMs, I'd really want to focus on making everything as reproducible as possible first, not use a general agent and just vibe it together.
I do love how everything is always “vibe-coded” regardless of any amount of effort, collaboration, or oversight that may have gone into the use of any AI. It really captures the nuances of the conversation.
Depends on who vibe codes it. At the end of the day the Bun developers are the ones responsible for the quality of their software. If they've reviewed the code closely, tested it, and eat their own dog food, then I don't see why I should treat it any different from any other untrusted 3p dependency.
IMO, the main problem with vibe coding is that it empowers reckless behavior at companies like Microsoft, and that people with no serious investment in outcomes are empowered to make things. Does that apply to Anthropic? The Bun team? It's not 100% clear yet.
It's 1 million LoC they merged in a week. And that's only the final state. It's going to be much, much more if you include changes in individual commits. 6,755 commits were pushed to the PR branch, including dozens that were made shortly before the branch was merged to main. There's not a chance that anyone has read the code in any significant portion, or even in the future, because people who review code don't merge to main before they do so.
> There's not a chance that anyone has read the code in any significant portion
Sure, but that wasn't really the question, the question was why it's obvious no-one or no-thing have closely reviewed the code? Given they use LLMs to produce the code, wouldn't surprise me if they used LLMs to review it too, and I don't see it as unfeasible to be able to review a lot of code on a lot shorter timeframe.
It's not like they're doing something unique or novel, they even had an implementation in another language they knew did the right thing, so all the review would have to do, would be to make sure it's the same in the new language.
Don't get me wrong, again, probably there is plenty of mistakes in there, and might catch on fire when run in the wrong way, but I still don't think it's obvious how they've done things, unless you have insights into their process which seems clear to me now that you don't.
> They obviously haven't closely reviewed the code. That's the point
You asked why.
If Bun’s maintainers truly reviewed it, they would've had to read at least 6k lines per hour for a full week without a break. No one can claim in good faith that could possibly have happened.
Bun is now a black box consisting of million lines of largely unread code. No amount of "you don't know the whole story" lawyering or endless demands for "proof" of the obvious will change that.
The scope of the issue goes far deeper than "there might be some mistakes." Because what happened with the rewrite isn't engineering. Engineering applies the scientific method and rigorous verification to real world problems. It surely isn't about trusting a digital genie's "guarantees" that "all is fine." All aspects of LLM output is undefined behavior, and Bun blindly accepted million lines of code generated from it.
Before anyone brings it up again, tests aren't a sufficient defense. They only catch a tiny subset of the infinite possible failures. Modern software development still depends on developers understanding the code they produce.
Yes, absolutely. In fact that's a big feature now in Autodesk. 99% of the design of a house is "detailing". Where does power line #8128 go? Does floor section 38 have the right slope? How big should water line #92 be and does it fit with sewage line #33 while it's sloping in the correct direction? We can't get electrical socket type 33, please modify everywhere in the design so we can use type 35 instead. And so on and so forth.
Human architects and engineers make TONS of mistakes in these designs all the time. Then builders and contractors fix them, or in many cases "fix" them, as I'm sure most people here have experienced.
Also if vibecoding houses can lead to a large increase in housing supply, as it should: Hurray!
> Also if vibecoding houses can lead to a large increase in housing supply, as it should: Hurray!
I love how well this captures the credibility of zealots and how some won't hesitate to exploit human suffering to push an agenda. The housing crisis is driven by regulation that lowers supply, shaped by greed and cruelty. Turning house designs into slop won't solve anything.
You want to see how AI actually contributes to the housing crisis? Then here's an actual example:
One difference between programmer and engineer is that the programmer worries about what they do, while the engineer worries about not only about what they do, but about the platform their application run.
And you bringing the fringe entertainers of the illiterate Americans is totally unnecessary.
You're just speaking in truisms, and still have yet to assert anything at all. You sound more like a fringe entertainer and less like an engineer. You're, "just asking questions."
Are you an engineer? Make clear claims, and then back then up crisp and concrete arguments. Support your arguments with data. That's engineering.
What you're doing is wallowing in the outrage machine. Please start with your indepth understanding of the bun runtime that qualifies you to comment on the overall quality claims that you have not yet made but have insinuated.
Please clearly cite your concerns. Please present a cogent and articulate analysis of the overall shortcomings, gaps and potential threats of the bun rewrite.
Practice what you preach. Because committing 1 million lines of unreviewed code is by definition not "engineering," and every single accusation you're making is the one you're guilty of.
And while you're at it, make your own argument. That's a skill required of any engineer.
Let’s have an engineering discussion? I am not the one that brought up Tucker Carlson to the conversation.
The maintainers have merged an enormous pull request in a week. They haven’t shown signs of understanding Rust. They are doing an experiment that can affect (via runtime bugs) to all bun users.
Do people trust random NPMs developed by random people on the internet? Apparently we do given all the recent issues with supply chain attacks.
I have a problem with people using vibe coding to refer to any contribution for which AI is used. I think it is inaccurate. People providing very low quality contributions to projects is a problem. But the real problem is people accepting such contributions.