WEBVTT NOTE The Rundown — nextbig.dev daily audio edition, 2026-04-11 1 00:00:00.000 --> 00:00:08.692 Hey everyone, welcome to Builder's Briefing for April eleventh, twenty twenty-six. I'm Alex, alongside Sam, and we've got a packed show today — a major one-point-oh launch that's reframing what backends should look like in the AI era, some security stories that'll make you rethink your push notifications, and France breaking up with Windows. 2 00:00:08.692 --> 00:00:14.774 Yeah, it's a good one. And there's a thread running through a lot of today's stories that I think is really worth pulling on — this idea that we're designing infrastructure for AI consumers now, not just human developers. Let's get into it. 3 00:00:14.774 --> 00:00:23.111 So the big story — InstantDB hit version one-point-oh this week, and their pitch is sharp. AI coding tools like Cursor and Copilot can generate apps fast, but the backend code they produce? Usually fragile garbage. InstantDB wants to be the database, auth, permissions, and sync layer that AI agents can actually target reliably. 4 00:00:23.111 --> 00:00:32.284 Right, and what's wild is the core insight here. If you think about it, every AI-generated CRUD app converges on the same patterns — real-time sync, auth, relational queries. So instead of letting the LLM hallucinate some Prisma migration that looks right but is subtly broken, you give it a constrained, correct-by-construction API that it can't really mess up. 5 00:00:32.284 --> 00:00:40.570 Exactly. They describe it as what you'd get if you combined Firebase's developer experience with Postgres's reliability. Reactive sync engine, offline support, optimistic mutations, row-level permissions — and their graph-based query language is apparently simple enough that current LLMs generate correct queries consistently. 6 00:00:40.570 --> 00:00:47.944 That last part is the key. It's not just about being a good backend — it's about being a good backend for LLMs to target. I think we're going to see every Backend-as-a-Service player marketing this angle within six months. Design your API surface for the machine, and the humans benefit too. 7 00:00:47.944 --> 00:00:54.381 Alright, staying in AI land — there's a really practical architecture pattern from the SkyPilot team. They built an agent pattern that forces LLMs to research documentation and prior art before writing any code. Basically, read the docs first, then code. 8 00:00:54.381 --> 00:01:03.200 That's interesting because it's such an obvious idea, but almost nobody does it rigorously. It's a RAG-then-act pattern — retrieve the relevant docs, ground the model, then let it generate. They're seeing dramatically fewer hallucinated APIs. If you're building any kind of agentic coding workflow, link in the briefing, go steal this architecture. 9 00:01:03.200 --> 00:01:09.408 And on the flip side of AI — someone published a repo reverse-engineering Google's SynthID watermarking, the system that detects AI-generated text from Gemini. These watermarking schemes are being picked apart faster than they're being deployed. 10 00:01:09.408 --> 00:01:15.692 Yeah, that's a cat-and-mouse game that the cat is currently losing. If you're building content moderation or AI detection, it's a useful reference implementation, but also a sobering reminder that watermarking alone isn't going to solve provenance. 11 00:01:15.692 --> 00:01:24.612 Okay, funding news — GitButler raised seventeen million dollars, Series A, and their thesis is fascinating. They're arguing that AI-generated code changes are just too messy for traditional git workflows. You know the problem — your AI agent makes forty-seven changes across twelve files and you're staring at a massive diff trying to make sense of it. 12 00:01:24.612 --> 00:01:32.899 I feel that pain personally. Their approach uses virtual branches and automatic change grouping — so instead of one giant commit, the tool understands what logically belongs together. It's a bet that AI-era version control needs to be fundamentally different from human-era version control. And honestly? I think they're right. 13 00:01:32.899 --> 00:01:40.248 Now let's talk security, because there are a couple of stories today that are genuinely unsettling. The FBI was able to reconstruct deleted Signal messages using iPhone notification metadata. Let that sink in — end-to-end encryption, and they got the content through iOS push notifications. 14 00:01:40.248 --> 00:01:51.169 This one's a big deal. The encryption in the protocol itself was fine — Signal did its job. But the OS layer was leaking content through push notification payloads. Message previews, sender info — all sitting in notification metadata that persists even after you delete the messages. If you're building anything that handles sensitive data, audit your push notification payloads today. Don't send previews, don't send sender names. 15 00:01:51.169 --> 00:01:58.037 And there's more — macOS Privacy and Security settings apparently don't reliably reflect actual system state. Apps may have permissions the UI doesn't show. And CPUID's website, the folks behind CPU-Z and HWMonitor, was hijacked — potentially serving malicious downloads. 16 00:01:58.037 --> 00:02:04.727 The supply chain attack one is scary because CPU-Z is the kind of utility every sysadmin and hardware person has downloaded at some point. If you grabbed it recently, verify your checksums. These attacks on widely-used dev and admin utilities just keep escalating. 17 00:02:04.727 --> 00:02:12.481 Quick dev tools update — TradingView open-sourced their lightweight charting library. Pure HTML5 canvas, zero dependencies, handles millions of data points. If you're building fintech dashboards or any heavy data visualization, this is dramatically lighter than D3-based alternatives. Link in the briefing. 18 00:02:12.481 --> 00:02:18.385 Oh, and WireGuard finally shipped a new Windows release after resolving that longstanding Microsoft driver signing issue. If you've been avoiding WireGuard on Windows because of installation friction, that blocker is officially gone. 19 00:02:18.385 --> 00:02:24.492 Alright, infrastructure corner — and I love this one. Someone documented running old laptops in colocation facilities as cheap servers. Built-in UPS because of the battery, low power draw, surprisingly decent performance for small workloads. 20 00:02:24.492 --> 00:02:29.915 That's so scrappy and I'm here for it. If you're bootstrapping on a budget, an old ThinkPad in a colo rack is a genuinely creative alternative to five-dollar-a-month VPS instances for hobby or staging environments. 21 00:02:29.915 --> 00:02:37.163 And the geopolitical one — France's government is migrating from Windows to Linux as part of a broader European tech sovereignty push. If you're building enterprise software targeting government or EU markets, Linux-first and on-prem deployment options just became a lot more important. 22 00:02:37.163 --> 00:02:39.418 Yeah, that's not just France being quirky — it's a real trend across the EU. Plan for it. 23 00:02:39.418 --> 00:02:49.504 Quick hits — NASA published a deep dive on how they built Artemis II's fault-tolerant, triple-redundant computer. ETH Zurich found a new trick for stabilizing quantum operations. There's a fun tool called Charcuterie that explores visually similar Unicode characters — super useful for phishing detection. And if you need a five-minute break, one-D Chess is a delightfully constrained browser game. 24 00:02:49.504 --> 00:02:54.977 Also, Keychron open-sourced their keyboard and mouse hardware design files on GitHub. If you're into custom input devices, those are professional-grade reference designs you can study and modify. Pretty cool of them. 25 00:02:54.977 --> 00:03:05.316 So here's what I'm taking away today. There are two big threads. First — AI-native infrastructure is becoming a real product category. InstantDB designing for AI code generation, GitButler rethinking version control for AI workflows, research-driven agents as an architecture pattern. If you're building developer tools, seriously consider designing your APIs for LLM consumers first, human consumers second. 26 00:03:05.316 --> 00:03:13.248 And the second thread is security in depth. The Signal notification story is a perfect example — your protocol can be flawless, but if you're not thinking about every layer of the stack, from the OS to the push notification payload, your threat model has holes. The attack surface is always bigger than you think. 27 00:03:13.248 --> 00:03:16.947 That's the show for today. All the links are in the briefing. If any of these stories spark something you're building, we'd love to hear about it. 28 00:03:16.947 --> 00:03:19.000 Have a great weekend, everyone. Go play one-D Chess, and we'll see you next time.