The Stack Overflow Podcast

How do you make software reliable enough for space travel?

Episode Summary

In this episode, we chat about "The Power of 10: Rules for Developing Safety-Critical Code." After that we discuss Python passing Java in TIOBE's long running index of popular programming languages. And finally we talk about different mindsets you can adopt as a developer. Are you discipline focused, or results oriented?

Episode Notes

You can learn more about the Power of 10 here

TIOBE's latest index can be found here.

Our lifeboat of the week goes to lealceldeiro for answering the question: What does the multi: true attribute of HTTP_INTERCEPTORS mean?

Episode Transcription

Paul Ford One of the main Jedi leaders in the, in the prequels is named Ti Obe, so.

Sara Chipps Darth Ti Obe.

[INTRO MUSIC]

Ben Popper Are you struggling to deploy cloud native applications to a hybrid cloud? Do you want to become familiar with Kubernetes and Istio? IBM cloud has a set of free, hands on training, ebooks, and an always on free tier services to help you learn visit IBM.biz/StackOverflow. To learn more, that's IBM.biz/StackOverflow. 

BP Good morning, everybody. 

SC Yeah, good morning!

PF Good morning. Hey, Ben! Hi, Sara!

SC Hey, Paul! Hey, Ben!

PF My voice is a little creaky. So just so you know. [Ben laughs]

BP That's alright. This is a podcast about code. So I brought this topic up this morning. And let's dive into a little I had a fun time. This week, I'm chatting with some folks from SpaceX for an upcoming blog post we're going to do about how they, how do you write software, you know, for space. 

SC Coool!

BP And one of the things they were talking about was just how they have like different levels of software where, you know, there needs to be a certain threshold for reliability or redundancy. And she mentioned to me ''Oh, you know, like, NASA actually publishes all this online. It's actually public.'' So Paul, you shared some this morning, what is the power of 10? Rules for developing safety critical code. This says.

SC It's like the Joel test for lives. [Ben laughs]

PF That's great. No, there's like a, there's a number of standards. There's the MISRA C guidelines and the GPL coding standards and so on. So as you can imagine, like NASA coding, is pretty serious. Although I want to just countering that by the fact that they will do hot patch updates on the Mars landers, like, you know, that thing gets out in the space. And they're like, you know what, we need to update it, and they'll do it, they will patch.

SC What a nightmare to realize your space code is wrong.

PF I mean, it's rough man. Like, we can imagine that Windows XP Service Pack, it's like it's, it's, it probably costs about $20 billion to upgrade. 

02:01

SC Yeah, I'm just imagining, like, being the coder that realizes and then just going to my manager and my manager to be like, ''Are you sure this needs to be changed?'' and be like, ''Yeah, man, I figured it out last night,'' and then be like, Oh, my goodness, I can't believe it. And then who do you have to talk to? Sounds really stressful. 

PF Coding conventions are a big part of like, what are the actually what are some of the--I guess it'll be in the blog, but what are what are some of the SpaceX ones?

BP Yeah, I mean, she was saying, when you get up to that level of like, human lives are at risk. And I don't know if this is different from any big organization, but like, you know, somebody is going to take the ticket, right? And so you're going to work on it, but you actually have to check with somebody else, like somebody who didn't write the ticket, is this something I can prioritize? And then you find, you know, a third person, so there's three people in the loop to like, you know, be the one to review all of your changes. So like, there's somebody who's saying, yes, this is worth the hot patch on the Mars Rover, or, you know, like, the, the ISS, you know, like, I guess someplace where like, people are gonna be somebody else saying, like, Okay, I'm gonna do the work and a third person to come in and be. Somebody else saying like, I'm gonna review the work, and make sure that like, once it's merged, like, all the concurrence are good. And like, you know, we're gonna be able to reproduce all this stuff when we move it to master. So like--

SC So she specifically said, that needed to be three different people?

BP Yeah, she said, that's that that's like, the extra step that they take. And the thing that sort of trips them up a bunch of times is like, you can't be the person who is like, ''Oh, I think there's something that we need to fix'' can't be the one who decides--

SC Who reviews it?

BP When and how to do that, yeah, the work exactly. 

SC I am projecting maybe, but I imagine that's because if you identify the work that needs to be done, you may, in your mind, think how it should be built, and you may not be as thorough in a review, is what that's my theory on why. Would you think, Paul, do you think that sounds right?

PF It sounds exactly right. I mean, one of the things I'm looking up is I remember this coming out like a year ago, everyone on nerd media got all excited because Kubernetes--so we don't have to explain what Kubernetes is. We've had many people explain it to us. [Ben chuckles]

04:01

BP Several episodes explaining. 

PF But the Kubernetes coding style, if you go look at their repo is pleased, they use the space shuttle coding style. So it has a lot of like, if statements, every if statement has a matching else, things that may have tons of content, and comments and enormous amounts of review. You know, I think Japanese train conductors are sort of taught to point in certain ways. And I've actually seen MTA train conductors do it as well.

SC They point, they point at the zebra. 

PF That's right. It's to force your brain to like register things. Like I think that these social orders and these rituals are incredibly effective. And it's the same with like airline safety, right? Like there are reasons you do things over and over the exact same way.

SC Yeah, I'm looking I'm looking here at the Wikipedia the power of 10 rules for developing safety critical code. There's 10 rules, a lot of them make sense kind of obvious, like all loops must have fixed bounds. This prevents runaway code. Restrict functions with single printed page, that make--I think everyone should do that. Like when I see these long functions, I get really stressed out. 

PF Yeah, no, I mean, they're good rules.

SC Use the processor, sparingly. But here's what that's the first thing I saw. Avoid complex flow constructs such as Go 2, that makes sense, because Go 2s are just so dumb.

PF Yeah, don't do Go 2s. 

SC Recursion, I can't imagine how annoying it must be to build without recursion. Why do we think that is? Just because it's hard to at a first glance?

PF There's that but I think also like--

SC Memory issues?

PF Memory issues, if you're in, if you're not in a language that's optimized around recursion, which you know, C is not then and if like, then a loop is a better construct, because you can manage the memory and know exactly where it is at all time. 

SC Yeah, yeah. There's a lot of memory once there's a void heap memory allocation. Don't use function pointers.

05:55

PF I mean, that's the story of why we use languages other than C, right? Like, it's memory management, is a pain.

SC Yeah, that's true. 

BP That's actually interesting. One thing that came up, I was talking to a different set of engineers from Starlink, like one with all the satellites in the air, like hundreds and hundreds of satellites. And he was saying that they use c++, and one of the reasons they do use it is because they can be really tight on memory management and where things go. So they have like three computers onboard the satellite, all running the same process at the same time. So if there's like a solar radiation flare that hits one, and some bits flip, or like it stops working, the other two know exactly where they were in time, and can just like, keep working from there. Does that sound like--did I get right? That sounded really interesting to me.

PF No, that makes sense. I mean, what you're trying to do is just, you're very aware of you're extremely limited resources, like you can't go out and upgrade the server rack in space. [Ben chuckles]

SC Yeah. Mail in a server. 

PF You probably can update the firmware. But at the same time, you just want to get the maximum speed and efficiency out of the radiation hardened platform, and you can't send like super fast new CPUs into space, because radiation will flip there a little bit. So yeah, absolutely. It's like you're programming like you're trying to get, it's like it's the 80s like you're trying to get the most value out of this very expensive thing.

SC Yeah, it's kind of a nightmare too, just thinking thinking aloud. Like if you're updating firmware remotely, that one of the top 20 scary things about updating firmware, because this isn't something that we used to do before the internet, like things live the way they were. And but now that one of the scariest, one of the top 20 scariest things that can happen when you're updating firmware is that you kill the ability to be able to update the firmware. So what a nightmare that must be. That must be scary every time you do it.

PF You know what I hate? It's like, and also everything's firmware now, so I'm like, well, you know, let's see if these headphones survive, except there's a compulsively I have to upgrade them. Because ''there's firmware upgrade for your headphones'' and I'm like ''oh''.

SC I know, who knows, it could be much cooler headphones.

PF I mean, I mean, who knows what I've been hearing, then you get it, and it's like, ''It integrates Amazon Alexa'' And I'm like, oh, no, you've really ruined it.

08:05

BP That happened to me recently, I got the new iOS, and they built in all these things that I didn't know with the air pods in, and then I'd be talking, and Siri would come on, or like, she'd start reading a message in the middle of, you know, like me listening to a song. And I just like, where who made these decisions? Oh, I did when I didn't read the Terms of Service. And I updated the new iOS. I made those decisions.

PF No, that's right. That's exactly right. But no, I think look, everyone who programs should definitely read through and learn about the extremely restrictive coding styles that you need to launch something in the space, and then realize that you're never gonna do that. You're gonna just write a bunch of JavaScript and cross your fingers that it doesn't break. I mean, the great thing about the web is it lets you test in production. [Sara & Ben laugh] That's the great thing about the world wide web. Everybody, everybody underestimates it, but like, you know, back in the day, you would just edit the blog post right on the server, just login to that, that bad guy.

SC I still do that.

PF Ah, hell yeah!

SC Makes me feel alive. 

PF No, I mean, you know, so few of us, it actually is a good, it's a good reminder, like, so few of us work on things that are so mission critical that you would apply these standards, because the cost of breakage is actually very, very low. Right? Most things we do a computer is if something breaks, and sometimes this is to our detriment, and it's sometimes it's really weird at scale, like things used to break in Microsoft Word, and you couldn't save your document that was really, really bad. But then they'd upload the, you know, you'd get the patch and kind of go on.

SC And that's what makes it scary. I think too, when you think about like, because a lot of us have just done that. I mean, we can sit here and talk about the dumbest things we put into production. And so I think when we think about the people that are working on like mission critical stuff, we kind of think about ourselves, you know, of like, ''Oh, man, I remember when I did that idiot thing'' and you're like, and 30 lives, you're saying 30 people could die that because you did that? That's crazy.

09:54

PF I mean, that's the thing like but you would never do it alone. There would be 10 new, there'll be all these people looking over your shoulder make sure that you didn't do the silly thing. And the standards help keep you out. Like no recursion, as a rule is pretty annoying if you're writing, if you're used to writing recursive functions on data structures, but it does mean that that entire class of memory leaks goes away.

SC Goes away. Yeah, that is pretty nice. 

PF So you know, and then of course, I'm just someone's listening to this going well, let me tell you about strong Oh, camel and strongly typed programming, but I think the efficiency of C just sort of keeps it locked in with embedded systems and c++. 

SC It's so nice. 

BP Yeah, that makes sense. I mean, I like what you were saying about how a lot of times now on the web, where you can just continuously update things, it makes it less stressful in some ways. I remember when I was a journalist, I always felt better when I was doing like a live news story, or was like, you know, that there's going to be like, errors and things that are going to change. And so you don't even have to worry about it. You just like keep hitting refresh, like every 10 minutes, you know, update the copy, like get it right, somebody points out the typo, fix it up, I found that less stressful than like doing a huge feature piece and then having to press publish. And then you see like six things you should have gotten during the edit. 

SC Oh, yeah.

PF Sara, you're gonna start following space level coding styles when you're doing your projects? 

SC No. [Sara laughs]

PF Me neither. Me neither. 

SC Seems boring.

PF I'm gonna be hacking it out in JavaScript and Python.

BP Yeah. She did mention that she was getting into TypeScript because it enforced the integrity of the data, that that was something that was like helpful. The strongly typed languages were like, coming into vogue at SpaceX.

PF It makes sense. Types are really good for exactly this domain. I mean, in fact, one of the Department of Defense's preferred language, ada was really an early example of that strongly typed like everything is is sort of has to be renewed along these lines, languages. And so, you know, when you're when you're running a battleship, ada is the choice.

SC This is all very safe. I like to think of myself as like the Robert Downey Jr. of software. Like I don't, I don't really follow the rules. 

12:00

BP Yeah, yeah. Yeah. Not not early. Not late. Like mid period. Downey like mid period. 

SC Mid period Downey. Yeah. 

BP Late 90s, early 2000s. Yeah. 

SC You have to be afraid of the news.

PF I've definitely Robert Downey'd some code. [Sara laughs] Absolutely true.

BP Right, right. Alright. So we have another story here. And this one is kind of like a 'So what?' Or like, does it really matter? But what Python overtakes Java become the second most popular programming language for the first time in history.

PF Oh in the TIOBE? Or TIOBA? 

BP Yeah. TIOBE's index. Exactly.

PF Yeah!

SC Okay. First of all, TIOBE's top programming languages. Have you heard of that?

PF Yeah. Yeah. Absolutely.

SC Okay, great. 'Cause it's not like it's not like Sara's top programming languages. 

PF TIOBE's been around for a while they've been, they've been ranking. And so Java has been JavaScript number one, right. And then I think--

SC No C is number one.

PF Oh, C's number one.

SC Yeah. What is what is this? Where's this coming from? 

BP There's a little human anecdote in here. TIOBE's CEO Paul Janssen said ''some time ago, I had a flat tire. And I called the road patrol, the mechanic asked me about my living and I said software. And he smiled and started talking about his passion for Python programming.'' Hmm, cool. It's just an everyday average Joe kind of programming language.

PF Python is very accessible. I mean, it was it really was sort of a teaching language in a lot of ways to start in. And so you know, and it looks like, it looks like pseudocode until it gets complicated. And then it just looks like code.

SC This is interesting, though, it still has Visual Basic as number six. 

PF Look, I mean, the world takes a long time to change. You know, it's funny with these is that these, these rankings are really interesting, just but they don't really mean a lot like, it's all the standard, like, I wish we could rank the standard libraries and the usage thereof, right. Like, like, really, if you wanted to know how languages were doing ongoing, it'd be like, how many updates has its major web framework received in the last 12 months?

SC Yeah, that's pretty good. I like that.

14:01

PF Like, you know, is Express still actively developed? Or how many frameworks?

SC Is there a new Express?

PF These are the two things that I want to know about any given language. How many new web frameworks have appeared in the last 12 months? And how many times has the dominant web framework, most GitHub stars whatever, been updated in the last 12 months? And then that that could tell me everything I need to know. Remember when Ruby like post rails, then suddenly everybody's like, oh, we should build our own. And there were 5000 Ruby web frameworks. 

SC Oh, yeah. 

PF JavaScript the same.

SC Anytime there's a new big JavaScript library. Ruby is one of the ones I skipped. I feel like as a developers, or technologists, new technologies come out and you have to make a conscious decision. Am I skipping this one or not? Ruby's one of those that I skipped. But I've seen the same thing in JavaScript. How like, as soon as something successful comes out, there's five for the exact same thing. 

PF Oh, but the next one is both opinionated and beautiful. I love that. JavaScript script like, like, nailed down like seven words that are going to use to describe every new library.

BP I feel like Sara, one thing you said makes a lot of sense, like, how do you measure this, like, the huge ones, as Paul said, are everywhere, but you just sort of stopped paying attention to them. And like it takes a long time to overcome the inertia of you know, all the all the systems that are out running there. So you need also to look at like, the fastest, the movers and shakers like fastest growing, because that's probably where a lot of the hiring is going on. A lot of the discussion is going on, right? It's like on the the ones that are rising quickly, as opposed to like the sort of, you know, ones that take a decade to, you know, get out of the top 10 or whatever.

PF Well, Python, you know, you'll notice here, I mean, there's some funny things, which is like Perl is is going up really quickly, but it's only got 1.51% of the market. So that that's a surprising result, I wouldn't expect a lot of Perl. But what I would say is that I think what you might be seeing is that there's a lot of work going on around data science, right, like Python, and are both going up notebook style development, so on and so forth, as opposed to app building. Like it feels like we've built all the apps and now we're going to spend the next five to 10 years analyzing the log files.

16:06

SC Yeah.

BP This is your end of history here, Paul? We've built all the apps. 

PF I think so, this is my Francis Fukuyama moment. Yeah, all apps are done, right.

SC Thank goodness.

PF It's all, it's all happening. It's all gonna be in various cloud services. And the only thing we just don't have any idea what we just did. So now, the remaining programming work is essentially historical. 

SC Why is it really slow on Tuesdays? 

BP The bundling or unbundling of apps is allowed but no more new ones.

SC Yeah, no more new ones. I love the law.

PF How do we get customers? Can you make me a prettier chart? Like that's the future of engineering, so.

SC I feel like we need to make pull that trigger with social networks, by the way.

PF Oh, they're done.

SC This might have been a few years ago, but I just think maybe we could start by saying okay, no more social network apps just not allowed. No one needs it. No one needs it. 

BP That's like an environmental protection thing just for psychological protection of all of us.

SC Yeah.

PF Yes.

PF No more social. Well, actually, maybe what we need is like 5 million more social networks immediately. 

SC Mmm, that's a different take. 

PF Remember when you were going to make your own? Ning. Ning was gonna be make your own social network.

BP Yeah, I love the 24 or 48 hour news cycle of you know, mastodon or whatever. It's like, we're all gonna go here. We're gonna, we're gonna start clean. We're gonna start fresh.

PF It's hard. It's hard to decentralize because nobody's there. It's just you're literally throwing a party with like one room and the people who show up are nerds.

SC Yes, exactly. [Sara laughs] And then you have to explain it to your uncle how to set it up.

PF Yeah. I mean, it's my kind of party. Absolutely. It's like the kind of party where someone's like, I have a PhD in linguistics. But like the other party, most people are like, that party sucks. Now, I'm at a point in life where I no longer expect people to enjoy the parties that I like.

SC Yeah, that that is a period of life, isn't it? Like there's a long time we you don't know what's wrong with people.

PF That's how you know, that's how you know you're ready for management is when you can actually finally go, yeah, it probably is kinda boring. 

18:04

SC We are kind of a bunch of weird nerds. Yeah. [Ben laughs]

PF And then you're like--and, and when it's no longer the most important thing, then you go, eh, I might as well manage, because I've lost the anchor to the one thing I truly love.

SC But then there's warmth in your heart for the people that are still there. 

PF Oh, absolutely. 

SC You're like, yeah, this is the best party. Yeah, I get it.

PF I think about this a lot, right? Because people talk about this in terms of individual contributors versus management. But I think it really is, is like, are you disciplined focused about how you gain power and authority in your own life? Or are you sort of human and revenue and business focused, right, and both can really line up. Like Google needs a lot of people who care about the money coming in, but it needs more people who care about how to make the systems work. And so like, you have different power bases that way, different kinds of talent, different ways that people think but like, if you are really aligned, that doesn't mean you're not a good manager, you're just disciplined aligned, right? You might be a manager who's disciplined align, or you might be one whose business line or you might be an IC, who is disciplined aligned. And so there's more of a steady, there's like a steady path, I think, like, you know, and you see more and more patterns to where it's like, someone is mentoring five people are as sort of like, you know, one on ones with two or three people as opposed to running the team. And there's still a pretty busy IC.

SC Yeah I was gonna say, or you have an IC that has one on ones with literally the entire company. And you're like, okay, you wanna be a manager.

PF That's right, that's right. Yeah, there's like a title for like the coffee IC. And you can have a political coffee I see or just a really good advocate for the company. 

SC Yeah, coffee IC. I like that. 

BP I liked what you said a lot about, like, you know, where do you find you know, like, your sort of like happiness, you're saying I you just look at these people you're managing now. They're like kind of bringing the warmth that you used to feel when you were discipline focus. So that's what it's like becoming a parent. You're like, yeah, I'm not pursuing my career as a rock guitarist anymore, but like when my kid does something great. Man, you know, I see it. The dream's alive. 

20:03

SC Yeah, I will pressure my kid to become a rock guitarist. [Ben laughs]

PF That's right, you're not gonna get the same satisfaction out of solving that problem, but you understand why people do.

[MUSIC]

BP Alright everyone, it's that time of the episode, we're going to shout out a lifeboater. Somebody who was awarded a badge for saving a question that had a negative score, getting it up to a positive score of 20 or more, sharing some knowledge around Stack Overflow. This one was awarded 21 hours ago and goes to lealceldeiro. What does the multi true attribute of HTTP underscore interceptors mean? Alright.

PF Woah. Woah.

BP So if you want to know more, you can find out, value provider interface will tell you about this multi property. Alright, we'll drop it in the show notes. Thanks for listening. I'm Ben Popper, Director of Content here at Stack Overflow. And you can find me on Twitter @BenPopper. 

SC And I'm Sara Chipps, Director of Community here at Stack Overflow. And you can find me on GitHub @SaraJo. 

PF I'm Paul Ford, friend of Stack Overflow and you can check out my company, Postlight.

[OUTRO MUSIC]