WEBVTT NOTE The Rundown — nextbig.dev daily audio edition, 2026-05-06 1 00:00:00.000 --> 00:00:07.620 Good morning and welcome to the Builder's Briefing for May sixth, twenty twenty-six. I'm Alex, here with Sam, and we have a packed one today — a major runtime rewrite shaking up the JavaScript ecosystem, some really practical AI cost numbers, and a container security bug you need to patch right now. 2 00:00:07.620 --> 00:00:10.465 Yeah, and honestly the big story today had me doing a double-take when I saw the commit land. Let's get into it. 3 00:00:10.465 --> 00:00:15.596 So here it is — Bun is being rewritten from Zig to Rust. Jarred Sumner's commit dropped yesterday, and this isn't some experimental branch. It touches the core runtime. The full thing is getting ported. 4 00:00:15.596 --> 00:00:23.267 This is huge. And honestly? Not entirely surprising. I mean, Zig is a fantastic language, but the ecosystem just never caught up. If you're building something that millions of developers depend on, you need a deep package ecosystem, mature tooling, and frankly, people you can hire. Rust has all three. 5 00:00:23.267 --> 00:00:30.303 Exactly. And for folks shipping on Bun today — nothing breaks right now. The Zig codebase keeps working, keeps shipping releases. But long-term, this is the play for stability. Rust's borrow checker catches entire classes of memory bugs that Zig leaves to developer discipline. 6 00:00:30.303 --> 00:00:37.288 Right, and what's wild is the timing. This lands the same week as that widely-discussed post from Tweede Golf arguing that async Rust basically never left MVP state. So Bun is migrating to a language whose async story is still considered half-baked. There's real irony there. 7 00:00:37.288 --> 00:00:46.737 It's a great point. I think we'll either see the Bun team push Rust's async ergonomics forward — which would be a gift to the whole ecosystem — or they'll lean on their own event loop abstractions and kind of sidestep the async Rust pain entirely. Either way, this is the biggest runtime architecture decision in the JS world since Deno chose Rust back in twenty eighteen. 8 00:00:46.737 --> 00:00:53.291 And it's another data point in the broader trend. If you're choosing a systems language for a new project — Zig is still excellent for embedded and kernel-adjacent stuff, but for application-level systems programming, Rust just keeps winning the gravity war. 9 00:00:53.291 --> 00:01:00.149 Alright, let's talk AI. Google shipped multi-token prediction drafter models for Gemma four. If you're self-hosting Gemma, this is basically a free latency win — plug in the drafter, get two to three X faster generation with no quality loss through speculative decoding. 10 00:01:00.149 --> 00:01:07.794 That's a really nice incremental improvement. No drama, just genuinely useful. I also want to flag the local deep research story — someone got an open-source research agent hitting roughly ninety-five percent accuracy on SimpleQA running Qwen three point six twenty-seven B locally on a thirty-ninety. 11 00:01:07.794 --> 00:01:13.154 Yeah, with ten-plus search engine integrations including arXiv and PubMed. If you're building internal research tools, that's a strong starting point. Everything runs locally and encrypted. Link in the briefing. 12 00:01:13.154 --> 00:01:19.453 Now here's the one that made me stop and think — Reflex benchmarked agent computer-use against structured API calls, and found a forty-five X cost gap. Forty-five times more expensive to have an agent click around a screen than to just call an API. 13 00:01:19.453 --> 00:01:27.632 That number is staggering. And the takeaway is so clear — don't use screen-scraping agents where a proper API integration exists. Save computer-use for the genuinely unstructured stuff where there is no API. This is basic cost discipline, but I think a lot of teams are skipping it because computer-use demos look so cool. 14 00:01:27.632 --> 00:01:35.049 Absolutely. And on the agent tooling front, there's a neat project called Engram — it's a Go binary that gives any coding agent persistent long-term memory using SQLite and FTS5, exposed as an MCP server. If your agents keep forgetting project context between sessions, this is a drop-in fix. 15 00:01:35.049 --> 00:01:42.898 That's interesting because it's agent-agnostic — CLI, HTTP, TUI interfaces. And it directly addresses that critique piece we also saw this week about organizations deploying AI without fixing their information architecture. Everyone's got individual AI productivity, but organizational knowledge stays siloed. 16 00:01:42.898 --> 00:01:46.556 Right — the gap isn't in individual smarts, it's in shared context. That's a product opportunity for anyone building AI-powered knowledge tools. 17 00:01:46.556 --> 00:01:53.287 Let's shift to dev tools. We already mentioned the async Rust critique — if you're starting a new Rust project, seriously consider whether you actually need async or if blocking I/O with threads is just simpler for your use case. It's not a cop-out, it's pragmatic. 18 00:01:53.287 --> 00:02:00.044 Totally agree. Also trending this week — DocuSeal, an open-source DocuSign alternative. Forty-six hundred engagements. If you're building a SaaS that needs document signing workflows, embedding this could save you from a painful DocuSign API bill and vendor lock-in. 19 00:02:00.044 --> 00:02:04.870 And one more Rust sighting — Brush, a bash-compatible shell written in Rust. Interesting for dev containers or embedded Linux where you want shell compatibility without shipping actual bash. 20 00:02:04.870 --> 00:02:11.347 Rust everywhere. Speaking of infrastructure — Docker twenty-nine just switched the default image store to containerd. If you're running CI/CD pipelines, test your image builds because some edge cases around multi-platform manifests behave differently now. 21 00:02:11.347 --> 00:02:20.390 And on the security side, two things that need attention. First — a multi-tenant auth vulnerability found in a DoD contractor's system. Any authenticated user could access other tenants' data. Zero auth on the tenant boundary. If you're building multi-tenant SaaS, test tenant isolation as aggressively as you test auth. Row-level security is not optional. 22 00:02:20.390 --> 00:02:21.050 Yikes. And the second one? 23 00:02:21.050 --> 00:02:27.222 A container copy bug — CVE twenty twenty-six dash three one four three one — that bypasses rootless container protections. If you're running rootless Podman or Docker in CI, patch immediately. This defeats the security model you're relying on. 24 00:02:27.222 --> 00:02:29.585 That's scary because rootless is supposed to be the safe option. Definitely patch that today. 25 00:02:29.585 --> 00:02:35.681 Quick hits! iOS twenty-seven adds a 'Create a Pass' feature to Apple Wallet — no developer account needed for simple passes. If you're building loyalty or ticketing features, this dramatically lowers the friction to get into users' wallets. 26 00:02:35.681 --> 00:02:40.253 Oh, and this one made me smile — the 555 timer turns fifty-five years old this week. Happy birthday to the little chip that taught a generation of engineers what oscillation means. 27 00:02:40.253 --> 00:02:44.952 Also, apparently about ten percent of AMC movie showings sell zero tickets, and someone built a site to find them for you. Link in the briefing if you want a private theater experience. 28 00:02:44.952 --> 00:02:46.171 That's the most useful hack I've heard all week. 29 00:02:46.171 --> 00:02:52.598 So pulling it all together — Rust keeps consolidating as the default for systems-level product infrastructure. Bun's migration, Pingora's traction, Brush — all pointing the same direction. The async pain is real, but the ecosystem gravity is undeniable. 30 00:02:52.598 --> 00:02:59.659 And on the AI side, the story is cost discipline. Computer-use is forty-five X more expensive than APIs. Agents need persistent memory to stop being expensive amnesiacs. Invest in structured integrations first, and give your agents memory before you give them more capabilities. 31 00:02:59.659 --> 00:03:04.155 That's the briefing for May sixth, twenty twenty-six. All the links are in the show notes. If something we covered today changes how you're building, we'd love to hear about it. 32 00:03:04.155 --> 00:03:07.000 Go patch that container bug, give your agents some memory, and we'll see you tomorrow. Happy building, everyone.