Andrew Nesbitt builds tools and open datasets to support, sustain, and secure critical digital infrastructure. He's been exploring the world of open source metadata for over a decade. First with libraries.io and now with ecosyste.ms, which tracks over 12 million packages, 287 million repos, 24.5 billion dependencies, a...

What's in the SOSS? features the sharpest minds in security as they dig into the challenges and opportunities that create a recipe for success in making software more secure. Get a taste of all the ingredients that make up secure open source ...

Welcome back to Break, a Fallthrough aftershow! In this episode, Kris, Ian, and Matt extend their discussion from Fallthrough episode #44.Enjoying the aftershow? Let us know on social media! If you prefer to watch instead of just listen, head over to YouTube where you watch this episode of...

First it was GCP in June. Then it was AWS in October. Then it was Azure a week later. It seems that our cloud providers are having outages far more often, and for far longer, than any of us would like. In this episode, Kris, Ian, and Matthew discuss the two most recent outages along with some of...

Victor, VP of Marketing at Strapi, walks us through how AI can be used in content creation—what tools work, what to watch out for, and how you can try some of...

My desire to run a sustainable software business started somewhere near 2003 in the Business of Software forum. I've built, sold, and acquired a dozen of products since that time, with I have to admit the majority of failures.I've seen three distincts era for software companies, we're definitably...

In this episode, Josh and Otto dive into the world of Debian packaging, exploring the challenges of supply chain security and the importance of transparency in open source projects. They discuss Otto's blog post about the XZ backdoor and how it's a nearly impossible attack to detect. Otto does a great job breaking down an incredibly complex problem into understandable pieces. The show notes and blog post for this episode can be found at

Guy Zerega led sales and marketing at Stack Overflow, where he once hired me.Now he leads sales at Cyborg - they offer end-to-end encrypted inference data. This...

In late 2021, the Log4Shell vulnerability sent shockwaves through the global tech community. For the first time, we're sharing the untold, inside story from ...

New proposal: go vet check for using %q with integer typesBlog: I'm Independently Verifying Go's Reproducible Builds by Andrew AyerJetBrains' language promise indexReddit: Why I built a ~39M op/s, zero-allocation ring buffer for file watchingBlog: A modern approach to preventing CSRF in Go

Adam Jacob joins us to discuss how agentic systems for building and managing infrastructure have fundamentally altered how he thinks about everything, including the last six years of his life. Along the way, he opines on the recent AWS outage, debates whether we're in an AI-induced bubble, quells any concerns of AGI an...

It's a FRIGHT...when your record a podcast with dead projects all around. Tech debt, poor choices, timing, market shift, and optimizing for the wrong things are all lurking around waiting to pop out at you! Just don't forget to push record.