Lunduke
News • Science & Tech
"If this one guy got hit by a bus, the world's software would fall apart."
(Funny? Yes. But the reality is far worse...)
April 04, 2024
post photo preview
  • How many critical software packages are maintained by a small, unpaid team (or, worse, a single person)?
  • What happens when that person gets bored with the project... or decides to do something malicious (as in the case with a recent backdoor in the XZ compression tool)... or... gets hit by a bus?

These are not only fair questions to ask... but critical as well.

The reality is that we're not simply talking about a handful of key software packages here -- the entirety of our modern computing infrastructure is built on top of thousands of projects (from software packages to online services) that are built, maintained, and run entirely by one person (or, when we're lucky, 2 or 3 people).

One wrong move and the Jenga tower that is modern computing comes crashing down.

Source: xkcd

Just to give you an idea of how widespread -- and dire -- this situation truly is, I would like to call your attention to two projects that most people don't even think about... but that are critical to nearly every computer system in use today.

The TZ Database

Dealing with Timezones in software can be tricky.  Many rules, many time zone details.  As luck would have it, a standard database (TZ Database) was built to make it easier for software projects to get those details right.

And, every time those timezone details (across the world) are changed -- something which can happen several times per year, often with only a few days notice -- that database needs to be updated.

What happens if those details are not updated... if the timezone data is incorrect?

At best?  A few minor scheduling inconveniences.  At worst?  Absolute mayhem... computer-wise.  Times can become significantly out of sync between systems.  Which can mess up not only scheduling (an obvious issue), but security features as well (as some encryption tools require closely synced time).

To give you an idea of how widespread the TZ Database is, here is just a teeny tiny fraction of the number of software projects which rely upon it:

  • Every BSD system: FreeBSD, OpenBSD, Solaris
  • macOS & iOS
  • Linux
  • Android
  • Java, PHP, Perl, Ruby, Python, GCC, Javascript
  • PostrgreSQL, MongoDB, SQL Server

Yeah.  It's basically a list of "all software".  And that's just a sample of the software which heavily relies on the TZ Database for making sure timing (and everything that is time-critical) is correct.

Now.  With something this absolutely critical, surely a highly paid team of people -- from multiple companies -- is responsible for keeping it updated... right?

Oh, heavens, no.

Two people.  Two!

While the database itself has been officially published on ICANN (the "Internet Corporation for Assigned Names and Numbers") servers for the last few years, only 2 people actually maintain the TZ Database.

SQLite

Did you know that SQLite is the most used database system in the entire world?  More than MySQL, MS SQL Server, and all the rest of them.  Good odds, SQLite is used on more systems than all other database systems in the world... combined.

In fact, SQLite is a critial component in the following systems:

  • Android, iOS, macOS, & Windows
  • Firefox, Chrome, & Safari
  • Most set top boxes and smart TVs
  • An absolutely crazy number of individual software packages (from Dropbox to iTunes)

Now, ready for the fact you knew was coming?

SQLite is maintained by... 3 guys.

Not "3 lead developers who oversee an army of open source contributors"... just 3 guys.  Total.  And they don't accept public patches or fixes.

"SQLite is open-source, meaning that you can make as many copies of it as you want and do whatever you want with those copies, without limitation. But SQLite is not open-contribution."

A piece of software that is practically the cornerstone of modern computing.  Trillions of dollars worth of systems relying upon it -- every second of every day.  3 guys.

Corporations rest on the shoulders of... a couple volunteers

Add those two projects together.  5 guys, in total, are responsible for Timezones and SQLite databases.  Software and data used on practically every computer on the planet.

And that's just the tip of the iceberg.  Critical projects -- often with small teams of (more often than not) unpaid voluneers -- form the core of the vast majority of major software projects.  Including commercial ones.

ImagemagickXZFFmpeg?

You'll find those at the heart of more systems than you can count.  Good odds you use all three, every day, and don't even notice it.

And, as the small team behind FFmpeg pointed out in a recent X post, getting those large corporations to contribute -- in any meaningful way -- can be like pulling teeth:

The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion dollar corporations expect free and urgent support from volunteers.

 

Microsoft / Microsoft Teams posted on a bug tracker full of volunteers that their issue is "high priority"

 

 

After politely requesting a support contract from Microsoft for long term maintenance, they offered a one-time payment of a few thousand dollars instead.

 

This is unacceptable. 

 

We didn't make it up, this is what Microsoft actually did:
https://trac.ffmpeg.org/ticket/10341#comment:4

 

The lesson from the xz fiasco is that investments in maintenance and sustainability are unsexy and probably won't get a middle manager their promotion but pay off a thousandfold over many years.

 

But try selling that to a bean counter

In short: Microsoft wanted to benefit from the (free) work done by FFmpeg... but was only willing -- at most -- to toss a few peanuts at the team.  And, even then, that (mildly insulting) offer of meager support was only done when Microsoft needed assistance.

A few parting thoughts...

There are valuable lessons to be learned from all of this -- including the need for real, meaningful support (by large corporations) of the projects they rely so heavily upon.

But, for now, I'd like to leave you with a few observations.

  1. Corporations don't hesitate to throw large sums of money at Tech Trade Organizations (such as The Linux Foundation -- which brings in hundreds of Millions every year from companies like Microsoft)... yet they are hesitant to provide significant funding to projects they rely directly upon to ship their own, often highly profitable, products (see the projects listed earlier in this article).
  2. How many of these smaller projects -- which Linux desktops and servers rely entirely upon -- receive regular funding from The Linux Foundation (or companies which fund The Linux Foundation)?  I'll answer that question for you: Next to none.
  3. Even high profile Open Source projects -- such as KDE or GNOME -- struggle to bring in enough funding to afford two full time developers on payroll.
  4. We have avoided catastrophe, thus far, through dumb luck.  The recent XZ backdoor, for example, was found by a lone developer who happened to notice a half second slowdown... and happened to have the time (and interest... and experience) to investigate further.  The odds of that being discovered before significant harm was done... whew!... slim.  So much dumb luck.

Go take a look at that XKCD comic at the begining of this article again.  Funny right?  And it makes a solid point.

You know what's terrifying, though?  The reality is far more precarious. 

There's not simply one project -- by one guy -- holding all of modern computing up.

There's thousands of projects.  Each made by one guy.  And hundreds of those projects (at least) are load-bearing.

Dumb luck only lasts for so long.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
18
What else you may like…
Videos
Podcasts
Posts
Articles
Canadian BSD Conference to Require Masks, Social Distancing

It's 2025. And this Leftist Tech Conference (BSDCan, sponsored by Netflix and Apple) is requiring medical grade masks.

00:08:01
Nerd Fests Ban Conservatives, Invite Leftists Promoting Terrorism

Game & Geek Expo bans conservatives. KDE conference (aKademy" ) invites activists who encourage firebombing cars and murdering Jewish journalists. This is the state of Nerd Fests.

00:13:25
Trans Pride Month Starts Early for GNOME

One month is not enough "PRIDE" for the GNOME Foundation. The Open Source Desktop Environment wants PRIDE Month to be "5 or 6 weeks long".... and has already started.

00:16:05
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

Latest machine saved from e-waste: a mid-2011 27” iMac! Haven’t had a chance to test it out or check the specs, but I’ll let you all know once recovery is done. I like this one because it still has an optical drive, an SD card reader, multiple USB, and FireWire 400/800 ports. Its last supported OS is High Sierra but I plan to upgrade it to Sequoia with OCLP. I’m also going to swap the hard drive out for an SSD and max the RAM out at 32 GB. I’ve already got the drive so the only expense here is the memory which will only be about $50 USD. Not too shabby 😊

post photo preview

Closed captions on DVDs are getting left behind

AI is rotting your brain and making you stupid

How are you using new AI technology? Maybe you're only deploying things like ChatGPT to summarize long texts or draft up mindless emails. But what are you losing by taking these shortcuts? And is this tech taking away our ability to think?

https://newatlas.com/ai-humanoids/ai-is-rotting-your-brain-and-making-you-stupid/

50% off Monthly, Yearly Subscriptions! Lifetime Subs for $100! Let's get everyone subscribing to The Lunduke Journal!

The number of free subscribers to The Lunduke Journal has absolutely exploded — across a bunch of platforms — which is truly amazing. The real Tech News is spreading farther than ever.

In fact, the free subscriber growth is so utterly massive, that if even a tiny fraction of you became a paying subscriber… The Lunduke Journal would become comfortably financially set for a very long time. Able to continue reporting on Big Tech — and corrupt Tech Foundations — well into the future.

All without taking a penny from Big Tech.

With that in mind, let’s do something awesome… something that will make Big Tech really grumpy.

Let’s get as many people subscribing to The Lunduke Journal as possible. Right now. This week. Let’s make this Big-Tech-Free, Non-Woke Tech News publication financially set for a good, long time.

To give everyone a kick-in-the-butt to help make that happen, I’m going to discount absolutely every type of subscription in a crazy way — through Friday, May 9th.

  • %50 off Monthly — Now $3 / Month (was $6 / Month)

  • %50 off Yearly — Now $27 / Year (was $54 / Year)

  • %50 off Yearly MP4 Downloads — Now $27 / Year (was $54 / Year)

  • %50 off Lifetime Subscriptions — Now $100 (was $200)

That Lifetime Subscription one is crazy.

Seriously. Make a one-time donation of $100, and be subscribed to The Lunduke Journal… for life. (This includes full access to the community Forum.)

If even 1% of the new free subscribers who have joined in the last month take advantage of this… The Lunduke Journal will be fully funded through the end of this year. And then some.

Let’s make it happen. Scroll down. Pick which ever subscription type works best for you. Then high-five yourself for making Big Tech grumpy.

Just be sure to do it by the end of the day on Friday, May 9th. The prices all go back to normal after that.

50% Off Yearly or Monthly Subscription:

50% off a Yearly or Monthly subscription to The Lunduke Journal are available via both Locals and Substack. (This includes full access to the community Forum.)

That means $3 / Month. Or $27 / Year (which works out to $2.25 / Month).

Via Lunduke.Locals.com:

Via Lunduke.Substack.com:

The Famous Lifetime Subscription:

The "World Famous Lunduke Journal Lifetime Subscription" is exactly what it sounds like. Pay once and get full access to The Lunduke Journal. For life.

And now, through Friday, May 9th… you can snag one at a crazy discount. Normally these are $200… but you can grab one for $100. (You can also pay more if you’d like to donate a little extra.)

The Lifetime Subscription can be obtained via Locals, Substack, or using Bitcoin. All three options work great and are super easy. Scroll down and choose your option.

How to get a Lifetime Subscription via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Select "Give Once".

  3. Enter "100" (or more) into the amount field.

  4. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

How to get a Lifetime Subscription via Substack:

  1. Go to Lunduke.Substack.com/subscribe.

  2. Select the “Lifetime Subscription” option.

  3. After checking out, Lunduke will toss you an email once your account is set to full lifetime status. (This usually happens within a few hours.)

If you would also like full, Lifetime access to Lunduke.Locals.com (which is included):

  1. Make a free account on Lunduke.Locals.com.

  2. Email “bryan at lunduke.com” with the email address you use on both Substack and Locals (can be different email addresses).

  3. Lunduke will toss you an email once your account is set to full lifetime status on Locals.

How to get a Lifetime Subscription with Bitcoin:

You can also obtain a Lifetime Subscription via Bitcoin.

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with the following information: What time you made the transaction, how much was sent (in Bitcoin), and the email address you use (or plan to use) on Locals.com or Substack.com.

50% Off DRM-Free, MP4 Downloads:

Want to be able to download every show The Lunduke Journal releases (and watch them on whatever device you like)? Yeah. You can do that. For 50% off.

Note: This DRM-Free download option does not include access to the Forum. This option is strictly for downloading the episodes.

Make a One Time Donation

Subscription not enough (or not your thing)? Want to toss in a one-time donation to The Lunduke Journal? There’s a few great options!

Via BitCoin:

Send any amount of BTC to the following address:

bc1qyjakve8fywm8pz2v99v57yhjj0vzr2vjze6fcq

  • Email "bryan at lunduke.com" with to let us know it was you! You can choose to keep your donation anonymous if you prefer. (Either way, all BTC donations get included in the matching deal.)

Via Locals:

  1. Go to Lunduke.Locals.com/support.

  2. Click “GIVE ONCE”.

  3. Enter any amount you like.

You Make This Possible

A huge thank you to all of the subscribers who have made The Lunduke Journal possible. Because of you, we have been able to do true Tech Journalism — to tell the stories that no other Tech News outlet has the cajones to touch.

And to all of you new Lunduke Journal subscribers: Welcome to the last bastion of truly independent, Big-Tech-Free, ad-free, non-Woke Tech Journalism.

-Lunduke

Read full Article
Lunduke Interviewed by Side Scrollers

Yesterday I joined the Side Scrollers show for an hour-long interview.

We covered the Adobe Copyright fight, PewDiePie and Linux, Pokemon Go and the CIA, and how The Lunduke Journal came to be. Definitely worth a watch. I join the show around the 56 minute mark.

 

Next Monday (May 12th), I’ll be a guest on Citizen Podcast with Dan Hollaway.

Critically Important Reminder: The Lunduke Journal refuses to take any funding from Big Tech. The coverage from The Lunduke Journal is only possible because of you.

And with efforts to silence The Lunduke Journal ramping up (including fraudulent copyright take-downs on YouTube), your support is needed more than ever before. If you haven’t already become a subscriber… there’s a lot of options.

All of them make a huge difference:

Without your support, so many stories about Big Tech and Woke Tech would never get told.

Seriously. Now’s the time to support this work, if you are able.

And a huge thank you to each and every one of you. You are making the Tech World a better place.

-Lunduke

Read full Article
Adobe silences Lunduke, "GNOME is Antifa", & Linux Leftists v. PewDiePie
The Lunduke Journal coverage for the week ending May 4th, 2025.

This has been one heck of a weird week — both for Open Source in general, and The Lunduke Journal in particular.

From GNOME contributors declaring that “GNOME is Antifa” to Open Source project leaders declaring that they intend to block PewDiePie fans from using Linux — because PewDiePie fans are, according to Open Source Leftists, “fascists”. Just plain weird.

And, of course, the saga of Adobe working to silence The Lunduke Journal continues to march forward.

As usual, most of these stories were not only broken by The Lunduke Journal… but most Tech News outlets have refused to cover them at all.

Highlights from the last week (ending Sunday, May 4th, 2025):

Those links are all to X — but you can also find all of these shows on every other platform where The Lunduke Journal is available (including Rumble, Podcast, YouTube, and the rest).

Reminder: The Lunduke Journal refuses to take any funding from Big Tech. This type of reporting is only possible through the support of all of you. There are a number of ways you can help out — and, big or small, every option goes directly towards funding this work.

Without your support, so many stories about Big Tech and Woke Tech would never get told.

Seriously. You make The Lunduke Journal possible.

Thank you.

-Lunduke

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals