I don't want to be a programmer, I want to remind developers that they are failing us and they must take action

use Claude for project planning (it's expensive), use DeepSeek or a cheap Chinese model for coding, use Gemini for review. Errors here, errors there, GitBrain add-ons or VS Code add-ons depending on what you use. A problem in the code? Go to the browser to fix it. Then I need to pay for some subscription from my phone.
This is the curse of wasted time and scattered focus.
I'm not a Rust programmer, but it's the fastest language.
So I built an interface that integrates chat with 30+ AI providers simultaneously, payments, seven memory layers, and a simple but effective embedded IDE — Monica IDE — plus Microsoft Phi Nano.
A browser with advanced privacy tech. Orchestration between models and payments. A unique user experience for each person.
That's my idea. I don't know how to complete it, polish it, or test it on Windows or Mac — I only work on Linux. These are my financial limits. I need your help and advice.

github

via DEV Community: rust (author: aly ghaly)

I built a local-first hybrid vector database in Rust from scratch

A few months ago I started building vecdb — a vector database that
runs entirely on your own machine. No cloud, no API keys, no subscription.

The problem

Most vector databases make you choose — semantic search OR keyword search.
Semantic search finds meaning but misses exact keywords. Keyword search
finds exact matches but misses meaning.

vecdb combines both in a two-stage pipeline:

1. HNSW dense index retrieves candidates by meaning
2. BM25 sparse index re-scores by keyword relevance
3. A fusion function combines both scores

What it can do

● Hybrid HNSW + BM25 retrieval
● SQL-like query language with VECTOR_SIM predicate
● Python and TypeScript SDKs
● Single binary, Docker support
● 187 tests
● MIT license

Example query

SELECT * FROM documents
WHERE VECTOR_SIM(vec, [0.1, 0.2, 0.3]) > 0.75
AND payload->>'region' = 'US'
LIMIT 10;

Try it

GitHub: https://github.com/zaydmulani09/vecdb

Would love feedback from the community — especially on the
architecture and what to tackle in v0.2.0.

via DEV Community: rust (author: Zayd Mulani)

ให้ AI พูดภาษาไทยได้ด้วย Garudust Agent + iApp TTS

ถ้าคุณใช้ Garudust Agent อยู่แล้ว การเพิ่มความสามารถให้ AI พูดภาษาไทยออกมาเป็นเสียง ทำได้ในไม่กี่ขั้นตอน — ไม่ต้องแก้โค้ดใด ๆ เพราะ Garudust มีระบบ script tool ที่ pluggable อยู่แล้ว

TTS คืออะไร และทำไมต้อง iApp

TTS (Text-to-Speech) คือการแปลงข้อความเป็นเสียงพูด เหมาะกับ use case เช่น

● ตอบกลับผู้ใช้ด้วยเสียงแทนข้อความบน LINE / Telegram
● สร้างไฟล์เสียงสำหรับ podcast / narration อัตโนมัติ
● Accessibility — ผู้ใช้ที่อ่านหน้าจอยาก

iApp Technology เป็นบริษัทไทยที่มี TTS API รองรับภาษาไทยโดยเฉพาะ เสียงฟังเป็นธรรมชาติ รองรับสูงสุด 10,000 ตัวอักษรต่อ request คิดค่าใช้จ่าย 1 IC ต่อ 400 ตัวอักษร สมัครได้ที่ iapp.co.th

ขั้นตอนที่ 1 — ติดตั้ง tts tool จาก Hub

Garudust มี Hub รวม script tool ให้ install ได้ทันที

garudust tool install tts

ระบบจะดึง tool.yaml และ run.py มาไว้ที่ ~/.garudust/tools/tts/ และ register ใน registry อัตโนมัติ

ขั้นตอนที่ 2 — เพิ่ม Provider Profile ใน config.yaml

Garudust ใช้ระบบ provider profile จัดการ API endpoint และ key — ไม่ต้อง hardcode ใน script

เปิด ~/.garudust/config.yaml แล้วเพิ่ม:

providers:
  # ... providers ที่มีอยู่แล้ว ...
  tts-iapp:
    url: https://api.iapp.co.th/v3/store/audio/tts
    key: ${IAPP_API_KEY}

tools:
  tts:
    model: tts-iapp   # ชี้ไปที่ profile ข้างบน

Garudust จะ inject GARUDUST_BASE_URL และ GARUDUST_API_KEY เข้า script อัตโนมัติตอน runtime

ขั้นตอนที่ 3 — เพิ่ม API Key ใน .env

# ~/.garudust/.env
IAPP_API_KEY=iapp_live_xxxxxxxxxxxxxxxx

รับ key ได้จาก iapp.co.th/dashboard

ทดสอบผ่าน CLI

garudust "ใช้ tts tool แปลงข้อความว่า สวัสดีครับ ผมคือ Garudust ผู้ช่วย AI ของคุณ แล้วบอก path ไฟล์ที่ได้"

ผลลัพธ์:

สร้างไฟล์เสียงสำเร็จ
เสียงอยู่ที่: /tmp/tts_88b5bba372dd41a7acc7e37ea75df89b.wav

เปิดฟัง:

open /tmp/tts_88b5bba372dd41a7acc7e37ea75df89b.wav

เบื้องหลัง — run.py ทำงานยังไง

iApp TTS API คืน raw PCM มาโดยไม่มี WAV header ดังนั้น run.py จัดการ wrap header ให้เอง:

def pcm_to_wav(pcm: bytes, sample_rate: int = 24000, channels: int = 1, bits: int = 16) -> bytes:
    byte_rate   = sample_rate * channels * bits // 8
    block_align = channels * bits // 8
    data_size   = len(pcm)
    header = struct.pack(
        "<4sI4s4sIHHIIHH4sI",
        b"RIFF", 36 + data_size, b"WAVE",
        b"fmt ", 16,
        1, channels, sample_rate, byte_rate, block_align, bits,
        b"data", data_size,
    )
    return header + pcm

ผลที่ได้คือ RIFF WAV 16-bit mono 24kHz — เปิดได้กับทุก audio player

เปลี่ยน Provider ได้ทันทีโดยไม่แตะโค้ด

นี่คือจุดแข็งของ Garudust provider profile — ถ้าอยากลอง provider อื่นเช่น AIS หรือ local model แค่เพิ่ม profile และเปลี่ยน tools.tts.model บรรทัดเดียว:

providers:
  tts-ais:
    url: https://your-ais-tts-endpoint/api/tts
    key: ${AIS_TTS_API_KEY}

tools:
  tts:
    model: tts-ais   # เปลี่ยนแค่นี้

run.py ไม่ต้องแตะเลย เพราะอ่าน GARUDUST_BASE_URL และ GARUDUST_API_KEY จาก profile เสมอ

ขั้นต่อไปที่ทำได้

● LINE voice message — เพิ่ม OutboundMessage::Audio ใน Garudust core แล้วส่งไฟล์ WAV เป็น voice message บน LINE ได้เลย
● Auto TTS reply — สั่งให้ agent เรียก tts ทุกครั้งที่ตอบ โดย inject ใน system prompt
● Speaker selection — iApp มีหลายเสียง ตั้ง TTS_SPEAKER_ID ใน .env เพื่อเลือกเสียงที่ชอบ

สรุป

Garudust Agent เป็น open source ที่ github.com/garudust-org/garudust-agent — ติดตามหรือ contribute ได้เลย 🦅

via DEV Community: rust (author: Garudust)

Rust for Web3 Hackers: Welcome to the Cyber-Mecha Repair Dock 🤖🔧

via DEV Community: rust (author: Sudip)

Advanced Rust Concepts: Iterators, Closures, Generics & More (Part 2)

via DEV Community: rust (author: mihir mohapatra)

The AI Economy Needs Its Own Infrastructure. That Is What I Am Building.

via DEV Community: rust (author: NOVAInetwork)

Rust for Solana #2: Giving Hands & Feet to Your Pointers (And Stopping the "Lafda") 🛠️🏃‍♂️

via DEV Community: rust (author: Sudip)

What 44 CVEs Tell You About Rust's Safety Boundary

via DEV Community: rust (author: Arthur)

Rust's Borrow Checker: Translating Intent into Memory Safety

When people start learning Rust, they usually run into the same obstacle: the borrow checker.

I’ve been there, and everyone has. But the truth is this: The borrow checker isn’t against you; it simply translates what you meant into what the computer needs. Once you understand that, Rust's borrow checker makes a lot more sense.

Let me show you the moment this made sense for me.

The Classic Problem

Here’s a tiny piece of code that looks harmless:

let mut name = String::from("Alice");
let r = &name;

name.push('!'); // this is an error.
println!("{}", r);

Rust says no. And at first, it's frustrating; it seems like the compiler is being pedantic. But there's a method to this.

Rust’s Two Rules

Rust has two simple rules:

1. You can have one mutable reference
2. OR any number of immutable references

The catch: You can never have both at the same time.

Why? Because if something is being changed, Rust doesn’t want other parts of your code reading a half‑changed value. And that's all there is to it.

The “Two Doors” Analogy

Imagine your data is a room.

● An immutable reference is like giving someone a window into the room.
They can look, but not touch.
● A mutable reference is like giving someone the key to the room.
They can move furniture around.

Rust’s rule is simple: You can’t have the window open while someone is rearranging the furniture.

Fixing the Code the Right Way

Here’s our earlier example, but fixed:

let mut name = String::from("Alice");

name.push('!');  // do the mutation first

let r = &name;   // then borrow immutably
println!("{}", r);

Or, if you really need both at once, you can clone. Cloning is not a crime, especially for beginners:

let mut name = String::from("Alice");
let r = name.clone();

name.push('!');
println!("original: {}", name);
println!("copy: {}", r);

A Trick That Helps Every Beginner

If you're just starting out, follow this habit: If you’re mutating something, finish all your mutations before you borrow it. This one habit eliminates most borrow checker errors you'll see.

Why Rust Does This (And Why It’s a Good Thing)

Languages like Python, Java, and JavaScript let you mutate data while other parts of your code are reading it. Most of the time, it’s totally harmless. But sometimes, it causes:

● sneaky race conditions (which usually only occur during production)
● strange bugs
● inconsistent state
● security issues
● data corruption

Rust prevents all of that, because it's designed to.

If You’re Learning Rust, Here’s My Advice

Don’t fight the borrow checker. Instead:

● Borrow when you only need to read
● Mutate before you borrow
● Clone when you need independence
● Trust the compiler’s hints
● Keep your functions small
● Return owned data when in doubt

Rust rewards those who take the time to understand the mechanics. The borrow checker is just the first step in that shift in perspective.

Want More Beginner‑Friendly Rust Posts?

I’m working on a series covering:

● ownership
● borrowing
● lifetimes
● slices
● structs
● enums
● pattern matching
● error handling
● async basics

If you want me to cover something specific, or if there's a specific concept that hasn't clicked yet, drop it in the comments! I’ll turn the most requested topic into another post.

via DEV Community: rust (author: MournfulCord)

How one bad prompt burned $40 of my Claude budget in 18 minutes

via DEV Community: rust (author: Mukunda Rao Katta)

Web Developer Travis McCracken on Using Async Rust Safely

via DEV Community: rust (author: Travis McCracken Web Developer)

AppleScript Injection and Directory Traversal — Security Bugs I Fixed in My Own Apps

All tests run on an 8-year-old MacBook Air.
All results from shipping 7 Mac apps as a solo developer. No sponsored opinion.
Security review of my own apps found real vulnerabilities. Not theoretical — actual bugs that could affect users.
Here's what I found and how I fixed them.

AppleScript injection via ADB output
HiyokoAutoSync uses ADB to get device information. ADB output is user-controlled — an attacker with physical access to the device can craft device names containing special characters.
If that output is passed to a shell command without sanitization:
rust// Vulnerable
let cmd = format!("osascript -e 'display notification \"{}\"'", device_name);
Command::new("sh").arg("-c").arg(&cmd).spawn();
A device named "; rm -rf ~/Documents; echo " executes arbitrary commands.
Fix: never interpolate external input into shell strings. Use argument arrays:
rust// Safe
Command::new("osascript")
.args(["-e", &format!("display notification \"{}\"",
device_name.replace('"', "\\""))])
.spawn();
Better: avoid shell interpretation entirely. Pass arguments as separate strings, not a single shell command.

Directory traversal in file sync
Sync operations use paths from ADB. A malicious Android app could expose a path like ../../.ssh/id_rsa via MTP.
rust// Vulnerable
let dest = mac_base_dir.join(&android_path); // android_path = "../../.ssh/id_rsa"
// dest is now outside mac_base_dir
Fix: validate that the resolved path stays within the intended directory:
rustfn safe_join(base: &Path, relative: &Path) -> Result {
let joined = base.join(relative);
let canonical = joined.canonicalize()
.unwrap_or(joined.clone());

if !canonical.starts_with(base) {
    return Err(AppError::Security(
        "Path traversal attempt detected".into()
    ));
}

Ok(joined)

}

Symlink attacks
A symlink in the source directory pointing outside the destination could allow writes to arbitrary locations.
rustfn is_safe_path(path: &Path) -> bool {
// Reject symlinks in sync operations
match path.symlink_metadata() {
Ok(meta) => !meta.file_type().is_symlink(),
Err(_) => false,
}
}
Skip symlinks during sync. Document this in the app — users who need symlink handling can request it explicitly.

The lesson
Security review of your own code finds real bugs. Do it before shipping, not after. The attack surface for a desktop app is smaller than a web app, but it's not zero — especially when external data (ADB output, file paths) influences file system operations.

If this was useful, a ❤️ helps more than you'd think — thanks!
Hiyoko PDF Vault → https://hiyokoko.gumroad.com/l/HiyokoPDFVault
X → @hiyoyok

via DEV Community: rust (author: hiyoyo)

I built a programming language to test how well LLM-edited code survives

via DEV Community: rust (author: O6lvl4)

Zed IDE Is 1.0 — and the Electron Era Just Ended

via DEV Community: rust (author: Arthur)

OpenCut: The Future of Open Source Video Editing is Being Rewritten for Developers!

via DEV Community: rust (author: GitHubOpenSource)

Why Bun is Rewriting in Rust (And What It Means for JavaScript Developers)

via DEV Community: rust (author: Tony Spiro)

Swapping Go for Rust: 10x Cheaper K8s Ingress

via DEV Community: rust (author: Syed Ahmer Shah)

Why Every SRE Should Learn a Little Rust

I'm not saying rewrite your stack in Rust. I'm saying: learn enough to read it.

Here's why, from someone who dragged their feet for years and finally gave in.

Rust is showing up everywhere in infra

● Observability: Vector, OpenTelemetry collector components, Tempo, Loki's ingesters in some paths
● Proxies: Linkerd's data plane, parts of Istio's future, newer eBPF-based tools
● Databases: TiKV, SurrealDB, and bits of Postgres extensions
● CLIs: Half the infra tools you install now are Rust binaries

If your stack has observability or networking components, you're going to be reading Rust code in an incident sooner or later. Better to be able to follow along.

You don't need to be fluent

You need to:

● Read Rust well enough to follow a function call
● Understand what ownership and borrowing mean (you won't debug them, but you need to read the code)
● Compile a small program
● Read a panic stack trace

That's enough. That's maybe 2 weekends of work.

The side benefit

Rust teaches you to think about state, concurrency, and error handling more carefully. Those skills show up in whatever language you actually write in. I write less broken Python and Go after learning Rust, even though I rarely write Rust.

The starting point

The Rust book (free online) + one small project (I did a log parser). Skip the async stuff for now. Come back to it when you need it.

You're not becoming a Rust engineer. You're becoming an SRE who can read the tools your stack depends on. That's a real edge.

Written by Dr. Samson Tanimawo
BSc · MSc · MBA · PhD
Founder & CEO, Nova AI Ops. https://novaaiops.com

via DEV Community: rust (author: Samson Tanimawo)

Meet QueryDen: The Modern Database Client Built for Developers

As developers, we spend a massive chunk of our day staring at database clients. But let's be honest—many existing tools feel either incredibly bloated, painfully slow, or stuck in the early 2000s UI-wise.

That’s exactly why we built QueryDen.

We wanted a database IDE that is fast, beautiful, and stays out of your way so you can focus on writing queries, analyzing data, and building things.

What is QueryDen?

QueryDen is a lightweight, high-performance desktop database client engineered by the team at OpenIdle. It’s designed from the ground up for modern developer workflows, giving you a smooth, distraction-free environment to manage your data.

Key Features 🚀

● ⚡ Blazing Fast Performance: No more waiting for heavy Java-based wrappers to boot up. QueryDen feels native, lightweight, and incredibly responsive.
● 🎨 Intuitive, Modern UI: A beautifully designed dark/light interface designed to reduce visual clutter and cognitive overload.
● 🛠️ Robust Query Editor: Featuring smart auto-completion, syntax highlighting, and an easy format tool that takes the headache out of writing complex SQL.
● 📂 Effortless Schema Exploration: Quickly navigate tables, views, and relationships without losing your place in your workspace.
● 🔒 Secure & Private: Connect safely to your local and remote databases. Your credentials and data stay where they belong—with you.

Why We're Building This

We believe that developer tools shouldn't just be functional—they should be a joy to use. QueryDen is our take on what a modern, hassle-free database manager should feel like.

We’re actively improving it and would love to get your feedback!

Get Started & Join the Community

QueryDen is currently available for download across platforms. Give it a spin and let us know what you think!

● Download / Website: queryden.openidle.com
● Give us feedback: Drop a comment right here on dev.to or open an issue over on our GitHub discussions!

via DEV Community: rust (author: Keenan)

I built a build tool in Go — and now I'm slowly rewriting pieces in Rust (fz 1.9.0 release)

So I've been solo-building fz — a fast, opinionated build tool for C/ASM projects written in Go. No Makefile hell, no CMake nightmares. Just a single binary that figures out your toolchain and gets out of the way.

Today I shipped 1.9.0 (and a quick 1.9.2 patch). Here's what changed — and why I started poking at Rust.

What's new in 1.9.0

Cross-compilation with -target <triple>

fz -target arm-linux-gnueabihf
fz -target riscv64-linux-gnu
fz -target x86_64-w64-mingw32

fz now auto-selects the right compiler, assembler, and linker for the target triple. ARM, RISC-V, x86_64, i386 — all supported out of the box.

Static libraries: -type static / -lib

fz -type static -lib mylib

Builds .a archives from object files via ar. Previously you had to wire this up yourself. Now it's a one-liner.

LSP support: compile_commands.json

fz -compile-commands

Generates compile_commands.json for clangd and any other LSP client. Finally get autocomplete and go-to-definition in your editor without configuring anything manually.

Other improvements

● fz -shell now handles both single files and full directories
● Fixed a long-standing bug where hello.asm and hello.s would produce conflicting object file names
● Linker test coverage: 17% → 60% 🎉
● Squashed dozens of golangci-lint warnings

1.9.2 patch — the boring-but-important stuff

Cleaned up every errcheck, govet, and ineffassign warning across the codebase:

● Proper error handling for json.Encode, os.Rename, os.Chmod, storeCache
● Error checks in tests: os.Chdir, os.MkdirAll, os.Create, buf.ReadFrom
● Fixed an empty branch in builder_test.go and a wrong printf format
● Updated go.mod / go.sum

Nothing glamorous, but the kind of hygiene that prevents weird bugs six months from now.

The Rust experiment: rustcache

⚠️ This lives in a separate branch and is not part of the release. Yet.

I've been curious about Rust FFI for a while, so I decided to try moving the caching layer — file hashing and copying — into a Rust static library.

Here's what I've built so far in rustcache/:

// SHA256 of a file, returned as a hex string over FFI
#[no_mangle]
pub extern "C" fn rust_hash_file(path: *const c_char) -> *mut c_char { ... }

// Simple file copy via std::fs::copy
#[no_mangle]
pub extern "C" fn rust_copy_file(src: *const c_char, dst: *const c_char) -> i32 { ... }

5 unit tests, all passing. Builds into librustcache.a.

The plan

Once I wire it into Go via cgo and build tags:

//go:build rustcache

// #cgo LDFLAGS: -L./rustcache/target/release -lrustcache
// #include "rustcache.h"
import "C"

...users will be able to opt in with -tags rustcache and I'll benchmark both paths. If the Rust version is meaningfully faster, it becomes the default.

For now: zero impact on existing fz users. The Go cache path is unchanged.

What's next

● [ ] Finish the Rust → Go integration (cgo, build tags, benchmarks)
● [ ] Dynamic library support (.so / .dylib)
● [ ] Colored error and warning output
● [ ] Remote cache (S3 / MinIO) for CI/CD speedups

If you're building C or ASM projects and tired of Makefile archaeology, give fz a try. Issues and PRs welcome — it's a solo project and I read everything.

Docs and install: https://github.com/forgezero-cli/forgezero

via DEV Community: rust (author: Alex Voste)