He Who Controls the Source

This week we've got Kris and Jamie! They open with the Shai-Hulud worm chewing through the npm supply chain and close on the messy economics of who actually pays for open source labor. And there's plenty of great stuff in between: GitHub's everything-platform creep, the case for LLMs as a way out of dependency hell, and the forge alternatives finally maturing into real options.We've got supporter content, of course! This week that includes an expansion on Kris's "pull requests as original sin" theory, the everything-platform rant that compares GitHub to Meta Business Suite, a monologue on money, knowledge gaps, and LLMs as a way out of open source debt. Not a supporter yet? Fix that today by heading over to https://fallthrough.fm/subscribe where you'll get not only extra content but also higher quality audio. Sign up today!If you prefer to watch this episode, you can view it on YouTube.No episode of the aftershow this week. We'll have more aftershow episodes soon! In the meantime, catch up on previous episodes at https://break.show.Thanks for tuning in and happy listening!Table of Contents:Prologue (00:00:00)Chapter 2: The Shai-Hulud Worm and the GitHub Actions Attack Surface (00:00:59)Chapter 3: Pull Requests as Original Sin [Extended] (00:19:41)Chapter 4: GitHub Enterprise Cloud and the Forge Alternatives (00:19:59)Chapter 5: The Everything Platform Problem [Extended] (00:28:17)Chapter 6: GitLab Counterpoint, Kubernetes, Feature Flags, and Friction (00:37:58)Chapter 7: Walled Gardens and the Business Model of Open Source [Extended] (00:43:06)Chapter 8: AI Safety, Napalm Grandmas, and Agentic PRs (00:43:24)Chapter 9: Kris's Theory: Money, Knowledge Gaps, and LLMs as a Way Out of Open Source Debt [Extended] (00:46:37)Chapter 10: Jamie Pushes Back: Forks, Vulnerabilities, and OAPI CodeGen Stalled on OpenAPI 3.1 (00:46:58)Chapter 11: Making Open Source a Surfaceable Cost (00:54:29)Chapter 12: The Open Source Resistance (01:07:35)Chapter 13: Capital One, Director Sign-off, and the Lawyer's Perspective [Extended] (01:16:52)Chapter 16: FSNotify Cleanup and the Composer Token Leak (01:17:05)Epilogue (01:23:46)Hosts Kris Brandow - Host Jamie Tanna - Host Socials:WebsiteBlueskyThreadsX/TwitterLinkedInInstagramChangelog ZulipGophers Slack (00:00) - Prologue (00:59) - Chapter 2: The Shai-Hulud Worm and the GitHub Actions Attack Surface (19:41) - Chapter 3: Pull Requests as Original Sin [Extended] (19:59) - Chapter 4: GitHub Enterprise Cloud and the Forge Alternatives (28:17) - Chapter 5: The Everything Platform Problem [Extended] (37:58) - Chapter 6: GitLab Counterpoint, Kubernetes, Feature Flags, and Friction (43:06) - Chapter 7: Walled Gardens and the Business Model of Open Source [Extended] (43:24) - Chapter 8: AI Safety, Napalm Grandmas, and Agentic PRs (46:37) - Chapter 9: Kris's Theory: Money, Knowledge Gaps, and LLMs as a Way Out of Open Source Debt [Extended] (46:58) - Chapter 10: Jamie Pushes Back: Forks, Vulnerabilities, and OAPI CodeGen Stalled on OpenAPI 3.1 (54:29) - Chapter 11: Making Open Source a Surfaceable Cost (01:07:35) - Chapter 12: The Open Source Resistance (01:16:52) - Chapter 13: Capital One, Director Sign-off, and the Lawyer's Perspective [Extended] (01:17:05) - Chapter 16: FSNotify Cleanup and the Composer Token Leak (01:23:46) - Epilogue