Podcast 265: the tiny open-source pillar holding up the entire internet

In Portuguese they call is "software pesado." Here at Stack Overflow we just say, monorepo.

Article hero image

The crew discusses the pros and cons fo remote learning, and Sara reflects on her childhood growing up homeschooled. We examine an excellent XKCD comic about the tiny open-source projects that somehow become lynchpins in massive pieces of internet infrastructure, and what is the best way to ensure they keep working. We try to come up with our best translation for the Portuguese phrase, "software pesado," which refers to a big, honking pile o' code. And last but not least, we examine the theory that lemon juice may be good for your breath, but will literally melt your bones.

Episode Notes

It's dependencies all the way down...

Remote learning is a bad joke. Who has ideas for some tech or gaming inspired solutions?

What's your favorite way to refer to software of very large size? Everyone's got their favorite nickname for that big ol' pile of code.

Lemon juice is recommended in lots of natural cures and remedies. But could it also be MELTING YOUR BONES?


Sara Chipps You never know what you're eating that might melt all of your bones.

Paul Ford That's really what bothers me right? Like you're just like ''ah, these veggie sausages seem good'' and they melt your bones.


Ben Popper Couchbase is a SQP friendly, multi cloud to edge, no SQL database architected on top of an open source foundation. Join them at Connect.Online, their two day virtual technical conference for developers that has over 60 deep dive sessions, where you can learn about Couchbase, hone your application development skills, and network with peers and tech experts. Ready to develop your path? Register for Connect today and learn more at couchbase.com/developyourpath.

BP Hello!

PF Hello!

BP Sara. You shared a piece here that I can really relate to. It says remote learning is a bad joke. My kids can't handle virtual as and neither can I. And ouufff, as the dad of two boys going into first and second grade? I can really relate to that. They hate Zoom learning.

SC Yeah, yeah, you you both have two kids. So what is it like? Like, I kind of see the conversations happening. Is there school? Is there not school? What are y'all seeing?

PF Just bad? Yeah, I mean, we don't know. Like, it's very unclear. What going back is going to be like, it's going to be smaller classes once a week, kids spaced but it feels very likely Nothing will happen. Because it's too dangerous or there'll be an outbreak. What remote

learning does is emphasize all the things that in person learning works through are like 100 times harder. So somebody doesn't want to do their reading somebody doesn't like the math, and they're eight years old. There's no way through that usually doesn't involve a tantrum or slamming the computer or trying to play a video game instead.

SC Well, I was I was a homeschool kid. Like, I just kind of like think about this often. Because the homeschooling curriculum like if you're an actual, like, instead of like, were forced homeschool if you actually do homeschool, like the homeschool curriculum is very hands off and very like self driven.

PF What was the goal for your homeschooling, like was it...

SC My parents are religious and they are at the time against public schooling and some of the influences at school.

PF So classic homeschooling.

SC Classic homeschooling, yeah, yeah.

PF I would say what I know about that part of the world, right is that the resources are pretty well defined around religious homeschooling, there are newsletters and books. And, and so like they had the package in the plan. And I mean, there was no moment where it's like, actually, there's this huge chaos. You're all going to be both sort of in the school, but virtually, like it really was. They were cutting you off from something in the interests of your family's ethics.

SC Yeah. And also, one thing that's not super intuitive for people outside is that parents don't really teach when it comes to homeschooling It's like, you don't have like a mom in the front with like a chalkboard, like, all the books are self directed. So they're designed in a way where the kid sits down, it's like, Okay, I'm gonna do my lesson now, and learns. And then starts.

BP I actually think that works better. Like the few worksheets they sent us like they could get into like, as long as they were appropriate, and like they weren't too hard. And they got, you know, they get super frustrated, like a worksheet where you make progress and it feels like golden reward those worked. The uncanny valley is the remote classroom where there's 20 people on screen. Nobody can hear you. Everybody's talking over each other, the teachers trying to get something across, kids are constantly muting and unmuting drawing emojis like, that is the where it's like a classroom where there's no control. Yeah, like, it's actually much better if you just say, like, Let's all do the assignment and then meet one on one and we'll review it or something like that. It's trying to have get back to that classroom environment with 20 kindergarteners that just melt down immediately into disaster every time.

SC What can the teacher do if kids are just going nuts?

PF Oh, nothing they can mute.

BP And a lot of the teachers from my kids public school are in their 70s and like couldn't like just did never really figured out how to admin. In person, they're amazing teachers. Make emotional connections with the children easily handle 20 rambunctious kids in a room but over zoom. No chance.

PF Is there any, are there stack resources that would make sense for homeschooling?

SC Ohhh, that's such a good question. We do have the parents Stack.

PF Parenting Stack. That one's good and workplace which now that that's home, you could..

SC And workplace, yeah, Paul's favorites.

PF It's all so good.

BP Paul, you're mentioning that the kids are always running off to play video games. I mean, I feel like that would be the ideal. It's like, get four or five kids, stick them in a Fortnite thing and make them solve like reading puzzles together and let them talk over Discord. My kids would do that in a heartbeat. They get to hang out with friends, like, here's a math problem you need to solve to slay the dragon do it as a team, they'd beg to go to remote everyday.

PF Kids need to be in rooms with other kids learning in physical environments. It actually turns out that's completely real. And actually people need that sometimes in their workplaces, too, which God forbid, you say to engineers who love remote learning, but it turns out that humans, you know, live together in groups for reasons. And so, it just did turns out that you can't quite abstract that away through telecommunications. So I think we are going to struggle, it's going to be a long winter. It's going to be tough, and hopefully people are finding more and more social patterns that you know, validate their children, but we're gonna lose a year, we're gonna lose a year and it sucks. But you know, we stopped really I mean, we it's better with computers, I think? Like, I think this would be really tough with newspapers. But then again, you wouldn't have Twitter with like people just shrieking various bad science.

SC The anxieties into the void. If you're going to design this on purpose, it would be so different, right? Like if you were going to, like take a step back and say, how do we design an at home program for first of all, like millions of people like millions of thought workers and kids, it would be very different than what we have now. But there's just like, wasn't any time.

PF No, and you literally have to keep everyone away from each other. If you were to do this intentionally, you'd make sure that there was social interaction, like I mean, for religious homeschooling, there's always a lot of social interaction through church, it's usually not totally isolated. Right. And so human beings need other human beings and you build that into the system. A lot of the homeschooling I've read about, and actually non religious as well. Like there are a lot of people who will pull kids with specific needs or really bright kids out of the system and like social connection is utterly critical to the success of it in some way or another. It always kind of backs in, it's actually less isolating than people often think when they think about homeschooling.

BP Here's some advice from seasoned advice, our cooking exchange, homeschool science curriculum using cooking. So you're going to be covering the following concepts, the scientific process, state of matter, chemical reactions, mass volume, form of measurement, acids, bases, fractions and conversions. Boom. Make some cookies.

PF I mean, God bless us all. It's just it depends if the kid is in the mood.

SC Yeah, this is a slippery slope. My mom would be like, make dinner, it's home mec. [Paul & Sara laugh] You can't just like slap a subjecton.

PF I know. But that's also like when teachers wheel out that video cart, you know, it's just, it's the same thing that happens all the time. Just like Hey, kids. Today, we're gonna learn about I don't know, the zoo.


PF Alright, what else is going on in the world? What's happening with software these days?

SC Yeah, there's a great XKCD that I'm kind of obsessed with. And this is like the drum I beat all the time. So you might just be like, Sara, calm down, we get it, we get it. But it is...

PF It looks like it looks like Jenga. It's like a big stack of different sized blocks.

SC Different sized blocks all on top of each other. And the headline is, it's saying that it's all modern digital infrastructure. And then there's like one little block holding up the whole thing. And then the caption is a project some random person in Nebraska has been thanklessly, maintaining since 2003. And one thing that they like left out of that caption is like, also, there's seven GitHub issues on this repository where people are just yelling, one that's total nonsense. Someone that started to fix something a year ago and no one else and was like, I got this one. And you haven't heard from them since. It's I think it's really a good reflection of the industry. The more I see this.

PF It's all about the incentives. Right? So remember the Heartbleed bug?

SC No!

PF Ohh, Heartbleed was a big one. Heartbleed was a big problem in open SSL. So cryptography, anything that hits your security layer is a really big deal. And also there have been bugs in SSH and you know, sort of, but the open SSL one in particular, what I remember is they put up a website, they gave it a brand it had a heart logo that had like blood come out of it. Yeah, except it's like everything is is sort of run by these poor nerds and just kind of trying to keep it together. And then the people who break it are like, Oh, yeah, we're gonna market our ability to destroy the internet. And it's just too sad for everyone, right? Like it's just, you know, actually and this is worth puzzling out and I would love to talk to somebody in open source governance about this. God, am I lucky? Okay, so this is real. The Internet runs on arbitrary open source projects that often were started 20 years ago and people have been...Yeah. And the people who've inherited them are like two or three people who don't make any money from them, but really feel obligated, and they feel that they're caring for this infrastructure. And that used to come out of like a vibe of everything being ad hoc, a lot of universities glued together and so on. And now we've got trillions of dollars of infrastructure running on top of it. Why is it so hard to get resources to those people from really big organizations? Because this is I mean, it is like it's a line item in a line item and a line item for say, a Google or Microsoft right like to give these people one salary to preserve their whole world.

SC Well, that's the one of the models I've seen work really well is a big company will start using one of these libraries, and then hire a few of the core contributors to kind of like, make it theirs.

PF Okay, they'll bring it, they'll bring it in house, sort of like, it'll still be open source, but they will. I mean, for a while Python, the creator, Guido van Rossum was employed by Google. Right. And he's been employed by lots of places to kind of keep Python going.

SC Yeah, exactly.

PF Yeah, we were just going over an article Sara and I, that we're gonna publish in the future about the different models and OSS. And there's the benevolent dictator for life, which has its pros and cons. There's the completely open community, which as you point out, you know, can leave people kind of stranded or, you know, lack of consensus or just, you know, overwhelmed by people who are not necessarily contributing in a positive way all the time. And then there's the foundation model where like a foundation steps in and starts to add some money and some resources. You know, the one downside of that is then they have their thumb on the scale, if they want the technology to go in a certain direction.

PF I mean different things work at different scales, right. Like you can hack together and put together something on GitHub and have a good weekend. But then there's that point where it's just...

SC You just don't want to let people in. Yeah, I think this also makes me think of that NPM bug where there was a library. I don't remember which library it was.

PF Oh, it was Left Pad. And they just erase it was like two lines of code. And also, when you go down that NPM dependency hierarchy, it's literally like, you can get to like, if not odd, then even and that'll be like, two lines of code. And it'll be called, like Even Finder.

SC Well, JavaScript. Yeah I know. The interesting thing about that is like, the maintainer was just like, I'm over this, I'm tired. I don't want to do this anymore. Gave it away or sold it and then someone malicious came in and all of a sudden had access to all these systems.

PF Oh, this is different. This is different than that. I knew about this one too. Yeah, that's right.

SC Yeah, yeah. And so it's kind of like, everyone's mad at that person. But that person was also doing a lot of thankless work.

PF Oh, we are all like one tiny JavaScript library away from becoming full time Bitcoin mining supercomputers like.

SC Yeah!

PF Yeah, that's all it takes, right? Like one, one. And you know, there's signed packages. There's all kinds of things. Python for a while had people who were renaming useful libraries, but they were actually kind of like putting a little typos in the name and then uploading that to the registry.

SC So like when people messed up.

PF Whoops. And you know, it controls your whole computer, it has access to the whole file system. So what could go wrong?

SC What could go wrong?

PF The sign for me...

BP You need a choice.

PF The danger zone for me is cut and paste this line of code directly into your shell as root. And I do it, I do it. I'm like, Ah, well, I want homebrew to work. Fine.

BP I guess like, yeah, what is the alternative between you know, accepting a corporate overlord who might have some influence that you're not comfortable with? And doing it yourself? What is the sort of like Jedi Council of Elders who you can just say like, I'm sorry, I can't do this anymore. I need to pass it on to you, you know, neutral party of web standards and open source projects. Carry forward my tiny column that holds up half the internet.

PF I think this is a side effect of free, right? Like, once you are ready to pay for everything, then you can get a totally vetted control stack. And you have far fewer options as to how you're going to build your software.

SC Yeah, you have an option, you can use this library or you can hire 20 engineers and pay them for two years to build this for you.

PF Sometimes that's worth it. If you're a giant org.

SC Yeah, yeah. Absolutely, yeah.

PF Or the government.

SC I've seen that happen.

PF I think where it really comes out, though, is just these completely critical chunks of infrastructure, like just like, you know, security layers, servers.

BP Paul, I know you're working on a story, you can't quite tell us about it yet, because it hasn't been published. But it has a little bit to do with science and computer science and where they overlap. And the fact that a lot of science, especially data science, now increasingly, you know, relies on code to do its projections and, you know, test its assumptions. Maybe there's some machine learning in there to derive new insights. You were saying that often it feels like scientists who are obviously very bright and getting their PhDs and doing life changing work, aren't quite looking at code the same way as your standard, you know, software engineer.

PF Oh, no, this is totally real, like science doesn't program the way programmers program. There's a even a, we were talking about this beforehand. I didn't just figure this out. But there's a question from 14 days ago on the software engineering Stack, which is does software which implements scientific models require unit tests. Right. And it's Sara unit tests. They've been around for a while, right?

SC Yeah, I've heard, I've heard of those.

BP Not exactly bleeding edge.

PF No. And scientists don't program like programmers do. Scientists usually are just getting science into code form. So they can run some simulation or do something. And this isn't all scientists by any means. But when you look at various kinds of scientific models, and you read the code, there be a lot of times I don't want to be reductive because there's a lot going on in Python and Julia and all sorts of other languages. But Fortran still rules the roost like big lists and array processing vector-y giant matrices being run on supercomputers is still like the ethos of scientific computing.

SC I hate to do the like relevant XKCD twice in an episode. But there's a really good one recently about like what software engineers think scientists need help with. And it's like, the whole idea being like, please, our data is so complex, can your magical machine minds, unearth the patterns that lie within? And then the next frame is like what scientists actually need, and it's for a few weeks in June, the lab was infested by wasps, so we had to take pictures of the equipment through the window. How do you get graphs from a Polaroid photo into Excel?

PF Yeah, no that's right, really, it's engineers have a lot of fantasies about other disciplines. And they tend to think that they're tools, like the currently exciting tools are the ones that are most necessary in every other field. Yeah. Which I mean, blockchain is a great example like blockchain was going to solve everything. People like to wear hats. Well, hats will be a lot better on the blockchain. I'll be damned. You know, the same is extremely true of ML. The weird thing is that ML does solve a lot of problems, but it's truly, yeah, I mean, a lot of scientists are not saying they're going please bring me your machine learning.

SC Yeah, good hack for anyone that's hiring, like anyone in ML, is what you need to ask them is, this the only interview question, does ML exist? Because any good developer in that space says no, because machines really can't learn.

PF Alright, you know what? I have a question that's gonna bring us together and unify us. Ready?

SC I'm excited.

PF It's from skeptics.stackexchange.com and it's this. Does continuous use of lemon juice have any negative effect on bones? I came across a post from a beauty blog titled beware lemons can harm you in ways you didn't know. The continuous use of lemon juice can actually melt your bones in the long run. That's what the blog claimed.

BP Yikes. Yikes.

SC You guys don't know this about the beauty. Well, I mean maybe you do maybe you're really into beauty YouTube, but this is like a common thing where it'll be like gargling with coconut oil once a day will solve every problem you have.

PF Well lemon juice will melt your bones.

BP No, no, Paul here says my younger son will eat an entire lemon hole he'll just thinks like, I guess like his sour receptors haven't really developed in his tongue only his sweet one. So to him. Lemons just tastes like candy. And I read about it and it can, the acid can damage your teeth.

SC Which are bones.

BP So like if you were just gargling lemon every day that's really bad for your teeth. I do know that. I don't know if it will actually melt your whole skull but certainly lots of citric acid on your teeth kind of wears them out.

PF So the Stack answer is, the short answer is is No. No bone melting. But in classic Stack fashion, the user Kelly Thomas, and Odd Thinking, these are the two people working on this, went and dug up a study, which shows that actually, bone resorption may increase with lemon juice consumption in postmenopausal women. So, you know, gotta be careful out there and maybe you need to be drinking more lemon juice.

BP Simpler solutions here guys. Use a straw and then you don't get it. They won't they won't destroy your tooth enamel. If you're gonna drink lemon juice, do it with a straw.

SC I guess so.

PF Which programming language is most likely to melt your bones?

SC That's such a good question.

PF It's Perl.

SC Is it Perl? It's Perl or Rest.

PF Ohhh, rust is an absolute bone melter. Unless you're postmenopausal. [Sara laughs]

SC And then it's very good for you.

PF Then it's great. It actually helps your bones.

BP Sara, I have a question here for you that comes from our English language. Stack Exchange. Getting back to where the word software comes from and how we use it. It says in Portuguese, we say software pasado which translates to heavy software, but that doesn't sound right in English. How can I say this software has a large size when the size is over many gigabytes for example. So what do you guys think, people here say you could call a piece of software lightweight people do that. You could call it resource intensive at the other end. But how do you say heavy software?

SC Monorupo. [Paul laughs]

PF Yeah, I can't improve on that. Monorupo is exactly right. Monolithic.

BP Bloatware was suggested here.

PF Bloatware really implies like Microsoft on a CD. It doesn't quite work anymore because, like Call of Duty is like 60 gigs for the patch.

SC It's so crazy.

PF Yeah, we've, we've really gotten into a zone of complete banana cakes expansion, especially with games and so monorepo driven.

PF One big 2 billion line pile of code.


BP Well, some great questions. Sara, do you want to do a shout out? I saw this in the right hand rail. Thank you Geoff. You want to mention him?

SC Yeah!

BP Was he coder number two at Stack Overflow?

SC Yeah. Um, Geoff, not Ge-off. Even though it's always so tempting being spelled that way. He's one of the cofounders of Stack Overflow. He's been with the company for an incredibly long time. It's very sad to see him go though excited for him. There should be some type of badge or some type of ceremony if you've worked on the same code base for 10 years when you walk away. Like you should light something on fire and push into the ocean, something like that. But apparently there's nothing like that. I looked it up and you just kind of walk away into the night but really, so much work.

BP The Valhalla, the Valhalla badge where you the burning boat into the ocean. I like that. So much work was done on this application and wouldn't be here without him.

BP Alright, so yeah, if you want to check that out, there's a nice tribute on meta. I'll put it in the show notes. Alright, y'all. It's that time on the episode, I'll shout out a lifeboat. Somebody shared some knowledge. This is from DSTFTW, awarded August 12th. And it says, Can I use YouTube/dl to provide the direct links and use other means to download them? Ooh, this question was closed five years, four months ago. So what's this one about?

PF This is about downloading YouTube videos using the venerable YouTube/dl tool. This is I mean, I wouldn't say it's not necessarily piracy. I would call it a backup you could use it to backup your own YouTube videos, for example, by just putting in the URL. So good answer.

BP That is the only reason I would ever use this.

PF Good answer. You can just, see they gave you the command line option that you need in order to do that the download just the way they asked.

BP Excellent. Use this wisely and don't commit any federal crimes. Well, thanks so much for listening, everybody. As always, you can hit us up podcast@stackoverflow.com you can email us, hit us on Twitter, suggest some topics. I'm Ben Popper, director of content here Stack Overflow. And you can find me on Twitter @BenPopper.

SC I'm Sara Chipps, Director of Community here at Stack Overflow. And you can find me at GitHub at @SaraJo.

PF I'm Paul Ford, a friend of Stack Overflow. You can find me on Twitter @ftrain.

SC Great!


Login with your stackoverflow.com account to take part in the discussion.