Building communities for developers – an interview with Jeremiah Peschka of Stack Overflow

Building communities for developers – an interview with Jeremiah Peschka of Stack Overflow

Stacey Harris by Stacey Harris on

Michael Fey, VP of Engineering at 1Password, recently interviewed Jeremiah Peschka, staff software developer at Stack Overflow, on our Random But Memorable podcast.

Stack Overflow is an extensive online community where you can get answers to all your technical questions. Michael and Jeremiah dive into why building communities for developers is so important and how code is reshaping our world. Check out the highlights below, or listen to the full interview.

Michael Fey: I’m sure most of our listeners are aware of what Stack Overflow is and have taken code snippets and shipped it out to production systems, but for those who might not know, can you give us a quick overview?

Jeremiah Peschka: Stack Overflow is the finest repository of copy and paste snippets you can find. It’s where users can ask questions and get answers to questions. We have a lot of different sites where there are different communities – like sci-fi, cooking, and woodworking – where you can focus on more than just general code. You can dig into detailed hobbies you have, or detailed code like dba.stackexchange, or Server Fault.

MF: With 55% of developers visiting Stack Overflow every day and 80% visiting at least once a week, what kinds of real world impacts have the public and private forums had?

JP: So there’s a private version of Stack Overflow – Stack Overflow for Teams – but we also have our own private Stack install and that has replaced asking questions in the chat. Instead, I go to our internal Stack Overflow and search for it there. Sometimes I’ll find an article and if there are edits I can go and look at how it has changed over time and I can look at comments that other people have left. It’s a really good way for people to edit over time and add a lot more context as we change and grow. It allows for a lot of collaboration.

“We make it easy to get answers to questions."

If I don’t find something, I will ask a question on the internal site. If it’s not about Stack Overflow’s internal code, I can ask on the public site and then I can post that link internally in chat and also put it on Twitter and say: “Lazy web, help me solve my problems. Coding is hard today.”

MF: Stack Overflow is one of those sites that has really stood the test of time. It continues to be a community that self perpetuates and continues to grow and be valuable and held in high regard within the wider developer community.

What do you think has led to that longevity? What is the secret sauce at Stack Overflow that saved it from being a fad?

JP: At Stack Overflow we make it easy to get answers to questions. Anyone can ask and answer questions and that’s what’s made it really helpful. It’s a fun community where you can collaborate with other people and help build better answers to questions or even rephrase questions and make questions better.

MF: Why do you think it’s important to foster and build communities in the dev space and what do you see as the obvious benefits?

JP: One big thing is it’s a force multiplier. If I were to ask you in private “how do I do X with 1Password”, you could give me a great answer, but it goes no further. However, if I ask “how do I do X with 1Password” on Stack Overflow, it means I get that same great answer, but everybody else also gets to see it, and they can also contribute to the conversation.

It makes everything accessible to as many people as possible. It also makes the onboarding of really complex ideas a lot easier. Documentation only gets you so far because when you’ve written your own code you know all of your own assumptions, so why should you write them down?

“The best answers I’ve ever found and the best ones I’ve provided are about taking someone on the journey with you."

Stack Overflow helps people write better questions. We encourage you to tell us what you’ve done, what you’ve tried, and all the assumptions you have. And so by writing all that stuff down in the question, it helps onboard people into that knowledge space that you’re in. And likewise, the best answers I’ve found are onboarding people into that solution. That’s a less obvious benefit, but it’s a way to bring people with you and share your expertise.

The best answers I’ve ever found and the best ones I’ve provided are about taking someone on the journey with you. It’s about saying, ‘I understand where you are over there in the hinterlands of suffering, come towards the richness of the valley of success.’

MF: I want to spin over to the security side of things. It feels like security and secure coding practices have more of the mind share these days in the development community. Are you also seeing that trend and how is Stack Overflow helping those in the security space?

JP: People are really incorporating security into how they think about programs and how we build things today. It’s so important and you can no longer rely on a well configured firewall and a password form to protect your users' data. Security is really, really hard. Part of the reason why that discussion is coming up is because a lot of security revolves around understanding the nuance of what you’re working with in a really deep way.

One of the ways Stack Overflow helps is by making it easier to find this kind of content. It lets us have that conversation around nuance and the better ideas tend to rise to the top. It also lets people put in caveats and point out nuances others need to be aware of. Stack Overflow helps developers understand some of those issues and nuances and bring that back into their own projects.

MF: Since the start of the pandemic, with the increase in remote work, the number of cybersecurity questions has soared on Stack Overflow. Is that something you’re continuing to see and do you think the pandemic contributed to the rise, or was this trend already in progress?

JP: People were becoming more and more aware that security is really important and that it’s very hard to secure an application that was never designed to be secured. That’s part of what’s driving it. As an industry, we’re becoming more aware that these applications should be secured by default.

When everyone worked in an office their laptops and desktops were locked down and very tightly controlled by a security department or IT, or controlled by asset tags and everything else. Suddenly, when everyone started working from home, you have people working from their computer that is eight years old that they bought at Costco and it has who knows what on it and that’s now expected to connect to the VPN and perform just fine.

“We were suddenly thrust into a world where we have to be more thoughtful about how we approach security."

Now you have these untrusted devices connecting to the network and internal applications that were never intended to run on untrusted devices. So we were suddenly thrust into a world where we have to be more thoughtful about how we approach security.

There’s definitely more awareness about security now. I did some research with our data people and the trend did definitely go up at the beginning of the pandemic and it’s continued to be relatively high. It seems like people are continuing to think about how to secure applications.

MF: That’s good to hear. Do you feel code is reshaping our world in 2022? And if so, how?

JP: Code is making it easier for people to work with data and to understand the world around them. When I was in graduate school I attended Oregon Programming Languages Summer School and one of the speakers was Andy Gordon who worked at Microsoft Research at the time. He brought up that Excel, in his mind, is the most used programming tool in the world. Code isn’t just programs in Java or C#, but it’s also things like Excel, SQL, and R. All these tools make it easier for people to understand the world.

Excel and R in particular have so much built-in functionality where you can say: “I want you to run this kind of analysis on this table and put it in a chart for me”. With more people writing code, these tools have to get better, or they’ll be replaced. Excel, R, Tableau, and all these commercial products must have more features than the competitors because that’s why we buy them. At the very least they have to be more useful than the other programs. The more people are using these tools means it’s going to drive more change and produce richer tools that help us understand the world even more.

“Code gives us so many interesting ways to look at the software we have around us and how that software interacts."

Code gives us so many interesting ways to look at the software we have around us and how that software interacts. Code really is reshaping our world. Easy access to stuff like Excel democratizes our ability to understand what’s going on around us.

We can have concentrated communities – whether it’s via a collection of tags on Stack Overflow, specialized Stack Overflow websites like dba.stackexchange, or a Stack Overflow collective (a focused set of tags). You can go into these communities and interact with a group of people who are trying to either master that technology or help others master that technology. This ultimately drives forward excellence in how we’re interacting with the data and the world around us.

MF: Your take on Excel and the democratization of this really spun this answer on its side for me because of course that type of scripting is programming/ coding. It’s not compiling and running, or building apps from scratch, but it’s still coding.

Where do we, as developers and stewards in these communities, need to do better? What needs to happen to reduce some of the pain points and make our work more impactful?

JP: One of the things that comes up that we can do better at as developers is to remember that code is written at a certain point in time, which also includes the author’s mental state, and that it’s also written under a set of constraints.

Understanding all of that before you start trying to help someone, or at least assuming the sort of the best possible scenario, is really important when you’re trying to help. You don’t know what they’re doing, you don’t know what they’re thinking.

You have to understand the nuances. Really digging into the problem space and asking: what is this? What am I looking at? What are all of the tricky parts about it? Should I write down every assumption I have about this subject and then validate those?

“You should talk to security people early."

It’s not like you need to do big design up front where you produce a 600 page specification, but you do need to understand what needs to be implemented and what the actual thorny bits of the thing you have to implement are. Some of that boils down to finding who are impacted, and then to start asking hard questions.

Once you understand what people are actually trying to do you might realize there’s already code out there that solves this problem. I personally really like to borrow or buy code before I write it myself because odds are somebody else has thought about it more thoroughly than I have. Writing good code is really hard to do and writing secure good code is really, really hard.

My last thought on this is that you should talk to security people early. I ask them “Hey, we’re building X. What should I be terrified of?” And that usually leads to really interesting conversations.

“I meet up with one of our security engineers every five or six weeks just to find out what’s worrying him."

I meet up with one of our security engineers every five or six weeks just to find out what’s worrying him. I tell him what we’re working on and most of the time he says: “you don’t need to worry about whatever you’re doing. That sounds reasonable”. But having those conversations frequently reminds the security people that you exist and they can help you and it’s also a reminder that they’re not a blocker to what you’re trying to do.

MF: Having that be part of your workflow, where you’re integrated with a security team or security individuals, is a boon to the overall health of whatever it is you’re building, it really can’t be overstated.

JP: It really can’t. The most interesting part about this is getting to talk to people who know things that I don’t. I’m unlikely to become a security wizard, but I can talk to security people and understand a little bit more of what I need to do so that I don’t have to have a bad conversation with security people.

MF: Where can people go to find more about you and about Stack Overflow? What cool things does Stack Overflow have that people might not know about that they should go sign up for and have their company start paying for?

JP: To find out more about Stack Overflow, people can head over to stackoverflow.com. You can ask questions. You can go to stackexchange.com to find out what a bunch of the different sites that we have available are. If you want to ask questions about Stack Overflow, we even have a site meta.stackoverflow.com where you can talk about Stack Overflow using Stack Overflow.

If you would like to have Stack Overflow for your team, we have Stack Overflow for Teams, there’s Stack Overflow Enterprise if you would like an entire Stack Overflow all of your own. And then there’s Stack Overflow Collectives, which is targeted at a set of tags.

To find out more about me, you can find me at facility9.com.

MF: JP, this has been an absolute pleasure to have you on today. Thank you so much for coming by. Take it easy.

JP: Thank you so much for chatting with me. Take care.

Subscribe to Random but Memorable

Listen to the latest security news, tips and advice to level up your privacy game, as well as guest interviews with leaders from the security community.
Subscribe to our podcast

Content Marketing Manager

Stacey Harris - Content Marketing Manager Stacey Harris - Content Marketing Manager

Tweet about this post