 |
Cloud Out Loud PodcastAuthor: Jon and Logan Gallagher
We talk about cloud computing, what's new, what to do, what not to do, and how to do it. We focus on the why and how of the cloud, why it's revolutionary, and how to adapt yourself or your organization to be part of this revolution.We cover Google Cloud and AWS pretty exclusively in the beginning, and hope to add Azure in our copious free time. Language: en-us Genres: Business, Management, Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
Open Source Reality Check
Episode 37
Wednesday, 17 December, 2025
Send us a textThe dream of open source is freedom, speed, and shared progress—but the reality gets messy when it meets cloud-scale business and security. We explore how Docker kickstarted containers while Google’s Kubernetes turned them into an operational standard, and why that split shaped everything from engineering culture to company strategy. From there, we compare the cloud giants’ philosophies: Google’s foundation-first approach, Microsoft’s transformation from anti-OSS to stewarding GitHub and popularizing VS Code, and Amazon’s more transactional stance that sparked high-profile forks.The heart of the story is tension between ideals and incentives. Elastic’s licensing shift to block AWS’s managed service and Amazon’s OpenSearch fork set off years of license churn across databases, with Redis and others experimenting with “source-available” models. That turbulence pushed developers and CFOs into new due diligence: reading licenses, evaluating governance, and planning for change. It’s not just legal; it’s operational risk. We unpack what to look for in a healthy project and how to avoid license whiplash when a dependency changes course.Security adds another layer. The XZ Utils backdoor revealed how small packages can enable state-level infiltration, while malicious NPM uploads showed how easy it is to sneak malware into developer workflows. We revisit the infamous LeftPad collapse to explain dependency fragility and why reproducible builds, version pinning, artifact mirrors, and SCA tools are essential. Our playbook focuses on practical defenses—signed releases, SBOMs, automated alerts, and least-privilege build pipelines—so teams can keep the benefits of open source without gambling their stack.We close with a preview: AI is retracing open source’s path, from community energy to license debates and platform power. If you build in the cloud, this conversation offers grounded lessons on choosing, securing, and sustaining the code you don’t control. Enjoy the episode, then subscribe, share with a teammate, and leave a review with your biggest open source win—or worst dependency scare.What is Open Source?DockerKubernetesCloud Native Computing FoundationOpen Source Initiative Approved LicensesGoogle's Open Source ProjectsAWS Open Source ProjectsThe Hackers BookMicrosoft Visual StudioXZ Utils BackdoorLeft Pad Incident
