WEBVTT NOTE The Rundown — nextbig.dev daily audio edition, 2026-05-15 1 00:00:00.000 --> 00:00:07.960 Good morning! Welcome to the Builder's Briefing for May fifteenth, twenty twenty-six. I'm Alex, joined as always by Sam. We've got a packed one today — a debugger that went viral for the right reasons, Claude brute-forcing a Bitcoin wallet, a BitLocker zero-day, and some signals about where the industry's headed. 2 00:00:07.960 --> 00:00:12.346 Yeah, some really meaty stuff. I'm especially excited to talk about that debugging tool because it hits so close to home for anyone running async systems. Let's get into it. 3 00:00:12.346 --> 00:00:17.492 Alright, so the big story — a tool called witr, which stands for "Why Is This Running?" just exploded on GitHub, nearly two thousand engagements. And honestly, the name alone is peak developer marketing. 4 00:00:17.492 --> 00:00:21.523 I mean, that's literally the question I mutter to myself at two AM when some goroutine is spinning and I have no idea what triggered it. The name is the pitch. 5 00:00:21.523 --> 00:00:26.973 Exactly. So what it actually does is hook into your runtime and trace the causal chain — from whatever trigger event kicked things off all the way to the current execution point. No more print-statement archaeology. 6 00:00:26.973 --> 00:00:35.517 Right, and what's wild is this is a problem that's gotten so much worse with AI-augmented architectures. You've got an LLM call that triggers a webhook, that spawns a task, that fires a side effect three services away. Traditional debuggers are built for nice, clean synchronous call stacks. That's just not the world we live in anymore. 7 00:00:35.517 --> 00:00:42.311 And I think the bigger signal here is that developer tooling is finally catching up to the complexity that these architectures introduced. We're going to see more tools that treat causality as a first-class concern — not just logging what happened, but explaining why. 8 00:00:42.311 --> 00:00:45.353 If you're building dev tools right now, that "why" layer is wide open. Link in the briefing if you want to check it out. 9 00:00:45.353 --> 00:00:52.502 Okay, shifting to AI news — this one's a wild ride. A trader used Claude to script and execute a brute-force password recovery against an eleven-year-old encrypted Bitcoin wallet. Three and a half trillion password attempts later, they recovered about four hundred thousand dollars. 10 00:00:52.502 --> 00:00:58.535 Three and a half trillion! That's not just "try every word in the dictionary." The real story here is that the LLM was generating and orchestrating custom heuristics for the brute-force strategy — intelligently narrowing the search space. 11 00:00:58.535 --> 00:01:05.177 Right, so the takeaway for builders isn't about crypto specifically. It's that LLMs are getting genuinely useful for any problem where you need intelligent enumeration over a massive search space. Think parameter tuning, config discovery, anything combinatorial. 12 00:01:05.177 --> 00:01:09.132 That's a really underexplored use case honestly. Most people think of LLMs as text-in, text-out, but as orchestrators of search strategies? That's powerful. 13 00:01:09.132 --> 00:01:17.321 Also in the AI space — NVIDIA dropped open-source blueprints for GPU-accelerated video search and summarization. If you're building anything that touches video — surveillance, content moderation, media search — these are production-grade reference architectures with their acceleration stack baked in. Link in the briefing. 14 00:01:17.321 --> 00:01:22.289 Alright, let's talk launches and infrastructure. Two stories that I think are actually connected. Anthropic launched Claude for Small Business — they're going downmarket with a dedicated SMB tier. 15 00:01:22.289 --> 00:01:28.805 That's interesting because if you're building on the Claude API and selling to small businesses, Anthropic is now kind of directly serving your customers. But the flip side is the team-level features might actually reduce friction for your integrations too. 16 00:01:28.805 --> 00:01:33.317 And then Apple's new MacBook Neo benchmarks are out. Solid performance overall, but the eight gig base RAM is a real constraint for local model inference and heavy dev workloads. 17 00:01:33.317 --> 00:01:38.894 Eight gigs as the floor is going to be the most common config in the wild. So if you're targeting Apple Silicon for on-device AI, design for that constraint. Don't assume everyone's running thirty-two or sixty-four gigs. 18 00:01:38.894 --> 00:01:43.914 And speaking of interesting Mac setups — someone got an RTX fifty-ninety running as an eGPU on an M4 MacBook Air, and it actually works for local CUDA compute. Mac ergonomics with NVIDIA horsepower. 19 00:01:43.914 --> 00:01:45.993 Okay, now that's tempting. I might have to try that setup for local training runs. 20 00:01:45.993 --> 00:01:51.925 One more infrastructure story I want to flag — there's a great essay trending about the Emacsification of software. The argument is that modern tools are converging on this model of extensible, scriptable, user-programmable platforms. 21 00:01:51.925 --> 00:01:56.970 I buy that a hundred percent. The moat now is: expose a scripting layer, make things composable, let power users build on top of your product. If your tool isn't programmable, someone else's will be. 22 00:01:56.970 --> 00:02:01.355 Okay, security — this one's urgent. A zero-day called YellowKey can unlock BitLocker-encrypted drives with just files on a USB stick. Effectively a physical-access backdoor. 23 00:02:01.355 --> 00:02:06.780 That's bad. Like, really bad. If your threat model includes stolen laptops, co-working spaces, device fleets — basically anyone in enterprise — you need to reassess how much you're relying on disk encryption alone. 24 00:02:06.780 --> 00:02:13.929 Layered encryption and hardware security modules matter more than ever. And on a more positive security note, AikidoSec open-sourced a tool called safe-chain that guards against malicious packages across npm, pip, uv, and more. No tokens required. Drop it in your CI pipeline today. 25 00:02:13.929 --> 00:02:19.177 Supply chain attacks are so persistent now. If you're not running something like Socket or Snyk or now safe-chain for install-time protection, you're just rolling the dice. Link in the briefing for that one. 26 00:02:19.177 --> 00:02:24.957 Let's touch on the startup and talent side. Cisco is cutting workforce as it pivots hard toward AI networking and security. If you're selling infrastructure tools to enterprise, the Cisco install base is about to have real gaps. 27 00:02:24.957 --> 00:02:28.633 That's opportunity for startups in observability, SD-WAN, network security — areas where Cisco was the default and now suddenly there's a vacuum. 28 00:02:28.633 --> 00:02:34.109 And MIT's president flagged a twenty percent drop in incoming graduate students, driven by funding cuts and visa uncertainty. If you're hiring ML researchers or PhD-level engineers, the talent pipeline is tightening. 29 00:02:34.109 --> 00:02:39.610 Twenty percent is massive. Companies should be thinking about sponsoring research, offering research-track roles, partnering with universities directly. You can't just post a job listing and hope for the best anymore. 30 00:02:39.610 --> 00:02:43.184 Quick hits — Princeton is mandating proctored exams, ending a hundred and thirty-three year honor code tradition. AI cheating concerns cited. 31 00:02:43.184 --> 00:02:44.756 A hundred and thirty-three years! That's a big cultural shift. 32 00:02:44.756 --> 00:02:50.333 USDA is projecting the smallest US wheat harvest since nineteen seventy-two, so ag-tech builders take note. And for pure nostalgia — Scorched Earth two thousand got resurrected as a web game. Play it on your lunch break. 33 00:02:50.333 --> 00:02:51.449 Oh no, there goes my afternoon productivity. 34 00:02:51.449 --> 00:03:00.246 So pulling it all together — two threads connect today's stories. First, complexity demands new debugging tools. witr's viral traction proves developers are drowning in causality questions that traditional tools don't answer. If you're building agent systems or event-driven architectures, invest in causal observability now, not after the outage. 35 00:03:00.246 --> 00:03:07.876 And the second thread is that the platform layer is absorbing more responsibility. Anthropic going downmarket, Apple shipping eight gigs as a baseline — both are telling you the same thing: design your AI-powered products for constrained environments and smaller customers. That's where the volume is. 36 00:03:07.876 --> 00:03:12.135 Well said. That's your Builder's Briefing for May fifteenth. Links to everything we mentioned are in the show notes. We'll be back tomorrow — until then, keep building. 37 00:03:12.135 --> 00:03:15.000 See you then, folks. And seriously, go try witr before your next two AM debugging session. You'll thank yourself.