Lunduke
News • Science & Tech
"If this one guy got hit by a bus, the world's software would fall apart."
(Funny? Yes. But the reality is far worse...)
April 04, 2024
post photo preview
  • How many critical software packages are maintained by a small, unpaid team (or, worse, a single person)?
  • What happens when that person gets bored with the project... or decides to do something malicious (as in the case with a recent backdoor in the XZ compression tool)... or... gets hit by a bus?

These are not only fair questions to ask... but critical as well.

The reality is that we're not simply talking about a handful of key software packages here -- the entirety of our modern computing infrastructure is built on top of thousands of projects (from software packages to online services) that are built, maintained, and run entirely by one person (or, when we're lucky, 2 or 3 people).

One wrong move and the Jenga tower that is modern computing comes crashing down.

Source: xkcd

Just to give you an idea of how widespread -- and dire -- this situation truly is, I would like to call your attention to two projects that most people don't even think about... but that are critical to nearly every computer system in use today.

The TZ Database

Dealing with Timezones in software can be tricky.  Many rules, many time zone details.  As luck would have it, a standard database (TZ Database) was built to make it easier for software projects to get those details right.

And, every time those timezone details (across the world) are changed -- something which can happen several times per year, often with only a few days notice -- that database needs to be updated.

What happens if those details are not updated... if the timezone data is incorrect?

At best?  A few minor scheduling inconveniences.  At worst?  Absolute mayhem... computer-wise.  Times can become significantly out of sync between systems.  Which can mess up not only scheduling (an obvious issue), but security features as well (as some encryption tools require closely synced time).

To give you an idea of how widespread the TZ Database is, here is just a teeny tiny fraction of the number of software projects which rely upon it:

  • Every BSD system: FreeBSD, OpenBSD, Solaris
  • macOS & iOS
  • Linux
  • Android
  • Java, PHP, Perl, Ruby, Python, GCC, Javascript
  • PostrgreSQL, MongoDB, SQL Server

Yeah.  It's basically a list of "all software".  And that's just a sample of the software which heavily relies on the TZ Database for making sure timing (and everything that is time-critical) is correct.

Now.  With something this absolutely critical, surely a highly paid team of people -- from multiple companies -- is responsible for keeping it updated... right?

Oh, heavens, no.

Two people.  Two!

While the database itself has been officially published on ICANN (the "Internet Corporation for Assigned Names and Numbers") servers for the last few years, only 2 people actually maintain the TZ Database.

SQLite

Did you know that SQLite is the most used database system in the entire world?  More than MySQL, MS SQL Server, and all the rest of them.  Good odds, SQLite is used on more systems than all other database systems in the world... combined.

In fact, SQLite is a critial component in the following systems:

  • Android, iOS, macOS, & Windows
  • Firefox, Chrome, & Safari
  • Most set top boxes and smart TVs
  • An absolutely crazy number of individual software packages (from Dropbox to iTunes)

Now, ready for the fact you knew was coming?

SQLite is maintained by... 3 guys.

Not "3 lead developers who oversee an army of open source contributors"... just 3 guys.  Total.  And they don't accept public patches or fixes.

"SQLite is open-source, meaning that you can make as many copies of it as you want and do whatever you want with those copies, without limitation. But SQLite is not open-contribution."

A piece of software that is practically the cornerstone of modern computing.  Trillions of dollars worth of systems relying upon it -- every second of every day.  3 guys.

Corporations rest on the shoulders of... a couple volunteers

Add those two projects together.  5 guys, in total, are responsible for Timezones and SQLite databases.  Software and data used on practically every computer on the planet.

And that's just the tip of the iceberg.  Critical projects -- often with small teams of (more often than not) unpaid voluneers -- form the core of the vast majority of major software projects.  Including commercial ones.

ImagemagickXZFFmpeg?

You'll find those at the heart of more systems than you can count.  Good odds you use all three, every day, and don't even notice it.

And, as the small team behind FFmpeg pointed out in a recent X post, getting those large corporations to contribute -- in any meaningful way -- can be like pulling teeth:

The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion dollar corporations expect free and urgent support from volunteers.

 

Microsoft / Microsoft Teams posted on a bug tracker full of volunteers that their issue is "high priority"

 

 

After politely requesting a support contract from Microsoft for long term maintenance, they offered a one-time payment of a few thousand dollars instead.

 

This is unacceptable. 

 

We didn't make it up, this is what Microsoft actually did:
https://trac.ffmpeg.org/ticket/10341#comment:4

 

The lesson from the xz fiasco is that investments in maintenance and sustainability are unsexy and probably won't get a middle manager their promotion but pay off a thousandfold over many years.

 

But try selling that to a bean counter

In short: Microsoft wanted to benefit from the (free) work done by FFmpeg... but was only willing -- at most -- to toss a few peanuts at the team.  And, even then, that (mildly insulting) offer of meager support was only done when Microsoft needed assistance.

A few parting thoughts...

There are valuable lessons to be learned from all of this -- including the need for real, meaningful support (by large corporations) of the projects they rely so heavily upon.

But, for now, I'd like to leave you with a few observations.

  1. Corporations don't hesitate to throw large sums of money at Tech Trade Organizations (such as The Linux Foundation -- which brings in hundreds of Millions every year from companies like Microsoft)... yet they are hesitant to provide significant funding to projects they rely directly upon to ship their own, often highly profitable, products (see the projects listed earlier in this article).
  2. How many of these smaller projects -- which Linux desktops and servers rely entirely upon -- receive regular funding from The Linux Foundation (or companies which fund The Linux Foundation)?  I'll answer that question for you: Next to none.
  3. Even high profile Open Source projects -- such as KDE or GNOME -- struggle to bring in enough funding to afford two full time developers on payroll.
  4. We have avoided catastrophe, thus far, through dumb luck.  The recent XZ backdoor, for example, was found by a lone developer who happened to notice a half second slowdown... and happened to have the time (and interest... and experience) to investigate further.  The odds of that being discovered before significant harm was done... whew!... slim.  So much dumb luck.

Go take a look at that XKCD comic at the begining of this article again.  Funny right?  And it makes a solid point.

You know what's terrifying, though?  The reality is far more precarious. 

There's not simply one project -- by one guy -- holding all of modern computing up.

There's thousands of projects.  Each made by one guy.  And hundreds of those projects (at least) are load-bearing.

Dumb luck only lasts for so long.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
18
What else you may like…
Videos
Podcasts
Posts
Articles
Microsoft's Project Aion (AI Desktop) Leaked Demo Video

This leaked video shows Microsoft's AI centric vision for a future OS. No native (legacy) Windows software. All web based, and all AI.

NeXTStep, Emacs, & Desqview/X Walls:
https://lunduke.substack.com/p/vim-beats-emacs

Get on The Wall with a Massively Discounted Lifetime Sub:
https://lunduke.substack.com/p/50-off-yearly-and-massively-discounted

More from The Lunduke Journal:
https://lunduke.com/

00:22:14
Microsoft Adopts Rust CoreUtils Clone... for Windows (Not a Joke)

Those increasingly buggy, not yet complete, Rust clones of the GNU CoreUtils? The ones Ubuntu ships? Microsoft is now officially maintaining them for Windows.

Massively Discounted Lifetime Subs Through June:
https://lunduke.substack.com/p/50-off-yearly-and-massively-discounted

More from The Lunduke Journal:
https://lunduke.com/

00:13:53
Debian Replacing GNU Coreutils with Rust Clones?

Is Debian going the way of Ubuntu, dropping tested code in favor of untested Rust clones? It's looking that way.

NeXTStep, Emacs, & Desqview/X Walls:
https://lunduke.substack.com/p/vim-beats-emacs

Get on The Wall with a Massively Discounted Lifetime Sub:
https://lunduke.substack.com/p/50-off-yearly-and-massively-discounted

More from The Lunduke Journal:
https://lunduke.com/

00:14:58
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044
5 hours ago

Just saw this over on Level1!
So I asked myself: If I were designing an OS from scratch, how would I do it differently?

And so I designed and developed my own kernel and userspace, and the result is my experimental open-source system — LiberSystem :slight_smile:

A microkernel OS written in Rust, based on typed objects, capability-based security, isolated services/drivers, and explicit volumes instead of classic mount points.

I do not see it as a replacement for Linux, more as an experiment.

I would be interested to hear what you think: does this direction make sense to you, or is the Unix model still the best approach in your opinion?

More info about my project: libersystem dot com
Source code on GitHub: libersoft-org/libersystem

3 hours ago

Energy Engineer Explains: The Math Behind "AI Will Take Your Job" Is Laughably Wrong - YouTube

4 hours ago

Apple loses gatekeeper ruling appeal in the EU. They are still classified as a gatekeeper in the EU for the way the IOS app store works.

Apple has lost its legal challenge against EU rules designating it as a gatekeeper under an EU law requiring some of the world’s largest technology companies to open their platforms to greater competition.
The EU’s Luxembourg-based General Court said on July 8 that the EU was correct to classify Apple back in 2023 as a gatekeeper in relation to its App Store and iOS.
Under the bloc’s Digital Markets Act (DMA), companies designated as gatekeepers must follow rules intended to make digital markets more open and give rivals a fairer chance to compete. The court said the EU correctly treated Apple’s App Stores across different devices as a single core platform service.

https://www.theepochtimes.com/world/apple-loses-eu-court-fight-over-app-store-gatekeeper-rules-6058868

Vim beats Emacs!

Well, we’ve done it.

We’ve answered the eternal question: “Which Lunduke Journal Lifetime Subscriber Wall would fill with names quicker? Emacs or Vim?”

The answer, it turns out, is “Vim”. And it takes just 8 days.

 

A hearty “Thank You” to everyone who supports The Lunduke Journal by getting Lifetime Subscriptions (massively discounted throughout July) and getting on these walls! You make all of this possible!

Now. How long will it take for Emacs to fill up (matching the same number of names as the Vim Wall)?

Well, right now the Emacs Wall is a hair over 2/3rds of the way full. So we’ll find out!

Welcome NeXTStep Wall!

With the closing of the “Vim” Wall (and the BeOS Wall only having the space for 1 name left), now seemed like a good time to add a new retro computer wall: The NeXTStep 1.0 Wall.

Right now, there are 4 Walls available to add your name to (*cough* massive discount *cough*).

  • NeXTStep (just opened)

  • Emacs (about 2/3rds full)

  • BeOS R5 (1 spot left)

  • Desqview/X (1/2 full)

 

Once again, huge thanks to everyone who supports The Lunduke Journal!

-Lunduke

Read full Article
Lunduke's Week in Tech : June 28 - July 4, 2026

Lunduke’s Thoughts of The Week

Yesterday was the 4th of July.

As such, time that I normally would have spent writing up some thoughts on the Tech News of the Week (tm) was, instead, spent eating hamburgers, watching fireworks, and generally goofing off with my kids.

So allow me to briefly summarize my thoughts using as little effort as possible:

Rust is weird, Sony sucks, and America is awesome.

… Yup. That just about covers it.

I hope all of my fellow Americans had a truly splendid Independence Day.

Biggest Tech Stories - June 28 - July 4, 2026

Here are the major stories from the last week, with direct links to X and Substack.

See Lunduke.com for all other platforms (Rumble, RSS Audio Podcast, etc.).

  • Git Takes Another Step Towards Making Rust Mandatory (X, Substack)

  • 74 Million User Accounts Exposed in Breaches During June (X, Substack)

  • BCacheFS Adding Rust Dependency Even Though “Rust doesn’t have a stable ABI” (X, Substack)

  • Git Without Rust From Dev of XLibre (X, Substack)

  • Sony Says No More Physical PlayStation Games (X, Substack)

  • Ubuntu Sponsors Rust Clone Foundation (X, Substack)

  • Like Computers? Thank America. (X, Substack)

Huge thank you to all of The Lunduke Journal’s subscribers. You make all of this possible.

-Lunduke

 
Read full Article
post photo preview
Last call for Emacs & Vim Walls!

The “Emacs” & “Vim” Lunduke Journal Lifetime Subscriber Walls are on track to be full some time tomorrow (Monday) afternoon!

If you want to get your name on one of these, chop chop!

 

As soon as these Walls are full, I will update Lunduke.com (check the bottom) and send out the final result.

Will “Emacs” or “Vim” be the first to fill up?

I’ll let you in on a secret: It’s going to be very close.

  • So if you already have a Lifetime Subscription (and are not on any other Lifetime Wall), email me (bryan at lunduke.com) and let me know which Wall you want to be listed on.

  • Or grab a new Lifetime Subscription (scroll down, the details are below). They’re mega discounted and it takes 60 seconds.

Either way. You’ve gotta move quick to get on one of those two Walls.

How to Grab a Discounted Lifetime Subscription:

Through the end of July, Lifetime Subscriptions are only $125 (regularly $300).

And you only pay once. For life. Which means that every month, the “cost per month” gets lower and lower. Save money, and show your support for The Lunduke Journal at the same time. Win-win.

There are 3 different ways to pick up a Lunduke Journal Lifetime sub (Substack, Locals, & Bitcoin). All of them work great and are listed below. Choose whichever is easiest for you!

Get a Lifetime Subscription via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Select “Give Once“.

  3. Enter “125“ into the amount field.

  4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

Get a Lifetime Subscription via Substack:

  1. Go to Lunduke.Substack.com/subscribe.

  2. Select the “Lifetime Subscription” option.

  3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

  1. Make a free account on Lunduke.Locals.com.

  2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

  3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

Get a Lifetime Subscription with Bitcoin:

Bonus: Save an extra $10 with the Bitcoin option, as Bitcoin processing has fewer fees associated with it.

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email “bryan at lunduke.com” with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com.

-Lunduke

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals