Recent supply-chain attacks and dependency confusion

After last week's "Another Spectre In The Shell" episode, we felt we needed a follow up! This week Kris is joined by returning co-host Jamie Tanna, with Ian arriving fashionably late. They pick apart the post-Mythos announcement hype cycle, cover counter-narratives from the security community, and examine why our supply chain is already so broken that more powerful LLM barely changes the threat model. The conversation builds toward Jamie's unpop: "a little copying is better than a little dependency" is wrong, we should have more dependencies and then into practical supply chain defense. The episode closes on an infinite-mindset note: supply chain security will never be done and we'll always have things to improve.

Supporter content? This episode has a ton of it! If you haven't become a supporter yet, this is the episode to do it! In this week's extras we've got a critique of the "37,000 lines of code a day" claim, Kris's argument that we've squandered most productivity gains in history so why would AI be different, Claude Code fatigue and learning versus delegating, a deep yak-shave into why Kris hates Markdown and is building his publishing platform in raw HTML, a love letter to the web as the best technology we have, a merchant-of-record tangent on VAT and why Stripe isn't enough, Jamie's proposal for a Fallthrough bingo card, and a tangent on Anthropic having a therapist talk to Claude for twenty hours. If you aren't a supporter already, head over to https://fallthrough.fm/subscribe where you'll get not only extra content but also higher quality audio.

If you prefer to watch this episode, you can view it on YouTube.

No episode of Break this week. We'll have more aftershow episodes soon! In the meantime, catch up on previous episodes at https://break.show.

Thanks for tuning in and happy listening!

Table of Contents:

• Prologue (00:00:00)
• Chapter 1: Jamie Returns: Weather and Mythos Recap (00:01:11)
• Chapter 2: Post-Mythos Developments and Counter-Narratives (00:03:11)
• Chapter 3: $20K Tokens, Wrench Attacks, and Log4J Toasters (00:08:41)
• Chapter 8: Offshoring to the Digital Land (00:10:54)
• Chapter 16: Jamie's Unpop: The Go Proverb Is Wrong, Use More Dependencies (00:18:42)
• Chapter 17: More Dependencies, Bad Infrastructure, and Author Signing (00:24:02)
• Chapter 18: The Go Module Proxy Doesn't Understand Its Place (00:28:18)
• Chapter 19: Cooldowns and Minimum Release Age in Renovate (00:42:16)
• Chapter 20: Hype Cycles, Security Professionals, and End-User Responsibility (00:52:18)
• Chapter 25: Life Finds a Way: T-Rex Leather and Infinite Mindset (01:03:28)
• Epilogue (01:07:29)

Hosts

• Kris Brandow - Host
• Ian Wester-Lopshire - Host
• Jamie Tanna - Host

• Website
• Bluesky
• Threads
• X/Twitter
• LinkedIn
• Instagram

• (00:00) - Prologue
• (01:11) - Chapter 1: Jamie Returns: Weather and Mythos Recap
• (03:11) - Chapter 2: Post-Mythos Developments and Counter-Narratives
• (08:41) - Chapter 3: $20K Tokens, Wrench Attacks, and Log4J Toasters
• (10:54) - Chapter 8: Offshoring to the Digital Land
• (18:42) - Chapter 16: Jamie's Unpop: The Go Proverb Is Wrong, Use More Dependencies
• (24:02) - Chapter 17: More Dependencies, Bad Infrastructure, and Author Signing
• (28:18) - Chapter 18: The Go Module Proxy Doesn't Understand Its Place
• (42:16) - Chapter 19: Cooldowns and Minimum Release Age in Renovate
• (52:18) - Chapter 20: Hype Cycles, Security Professionals, and End-User Responsibility
• (01:03:28) - Chapter 25: Life Finds a Way: T-Rex Leather and Infinite Mindset
• (01:07:29) - Epilogue