Architecture Weekly #170 - 11th March 2024
Welcome to the new week! Sometimes, you feel you learned more about the problem than you wanted to. I felt that when I fixed the ECMAScript module's compatibility in Emmett. The struggle was not because of the complexity of the fix but to get the first reproducible failure. As you know, that's the first and, too often, the hardest step. As always, not to forget, I wrote all my notes on how I fixed it. Even if you're not in the JS/TS land, I hope the explained approach can give you a general mental framework for tackling compatibility issues in other environments. Read more: Read also an excellent write-up on how to tackle bug fixes by Mathias Verraes systematically: Google released a new whitepaper, this time on how they tackle the Secure by Design approach. Google's strategy shifts the focus of software security from individual developers to the broader development ecosystem. They explain that the potential for vulnerabilities is significantly reduced by embedding security directly into the development tools and languages, such as enforcing memory safety using languages like Rust. The concept of 'safe coding' effectively mandates that certain security practices are inherently followed due to the architectural and design choices of the development tools themselves. Additionally, Google introduces 'well-lit paths'—predefined routes through the development process that utilize vetted libraries and frameworks, ensuring developers are naturally guided towards more secure coding practices without requiring extensive security knowledge. This method leverages the ecosystem to minimize common security risks by design rather than relying on post-development security patches or interventions. This approach represents a shift towards a more systemic security integration within the software development lifecycle, aiming to reduce vulnerabilities through the environment developers work within rather than through individual actions alone. Interestingly USA White House presented their recommendation on this topic: The White House document and Google's approach advocate for memory-safe programming to tackle software vulnerabilities, highlighting a shared belief in preemptive security measures. However, the White House document calls for adopting specific cybersecurity metrics, such as vulnerability frequency and severity, diverging from Google's broader focus on secure development practices. It explicitly mentions employing formal methods like sound static analysis and model checking to verify code security before deployment, providing a concrete strategy for security integration not specifically outlined by Google. Additionally, the White House introduced the idea of enhancing security through memory-safe hardware solutions, such as memory-tagging extensions. This suggests a comprehensive approach to cybersecurity, incorporating both software and hardware solutions. A key difference lies in the emphasis on quantifiable security improvements, with the White House advocating for measurable security outcomes. This approach aims to establish a more accountable framework for cybersecurity, broadening the scope beyond software to include policy and hardware considerations, unlike Google's primary focus on development environments and practices. I think an important part is ensuring ownership and accountability in the teams. So, recommend practices and build an environment that promotes good practices but allows teams to diverge as long as they can own their custom solution and prove that it’ll be sustainable. Security by default is essential today when companies sell and push our data without control and thinking twice. Read more in the latest example, on what Tumblr and WordPress did: Speaking about the costs. Cast.ai published their report on the Kubernetes Costs. Not surprisingly, it seems that we’re overprovisioning our clusters. They wrote:
It’s intriguing, as cloud and container technologies were meant to improve cost utilisation, but we’re still falling into the same trap. The conclusion is also saddening:
Of course, remember that it’s the report prepared by the tool that is built for detecting such utilisation, so it’s in their interest to prove that. Plus, they analysed those clusters to which they had access (still, a few thousand clusters). So, as always, think for yourself. Speaking about CPUs, memory, and utilisation. Check a great case study (with a lot of technical details) on how Allegro (the biggest Polish e-commerce platform) troubleshoots Kafka latency with eBPF: Getting back to Google. Now, on the less positive side. Some time ago, I wrote an article about my thoughts on the diversity issues in IT (read more in Women in IT). Now we have the next unfortunate example: SkyNews covers:
It could be treated as both a negative and positive sign. The negative is obvious, but the positive is that something is slowly changing in our industry. Yet, read the comment from Google's spokesperson:
So yeah, again: Sorry, No Sorry… It’s a long way still in front of us. Ian Cartwright, Rob Horn, and James Lewis presented a new legacy modernisation technique they called Event Interception: Unlike the broader Strangler Fig Pattern, which focuses on incrementally replacing or building around old systems, Event Interception focuses on the flow of events between components. Event Interception focuses on intercepting and possibly rerouting events to new functionalities. This technique is instrumental in scenarios where making direct changes to the legacy system is impractical, offering a path to introduce new components by using existing integration points such as messaging systems or API gateways. However, its success relies on the availability and accessibility of these integration points, and it introduces an extra layer of complexity to the system architecture, which could complicate maintenance and debugging. The value of Event Interception lies in its ability to facilitate the iterative addition of new features, aligning with agile practices by minimizing the risks associated with large-scale system overhauls. For architects, this means a strategic tool for gradually transitioning to more modern, service-oriented architectures while maintaining system integrity. Yet, this approach requires a careful evaluation of the legacy system to ensure it's a good fit, considering the ease of identifying integration points and managing the added complexity. When applied thoughtfully, Event Interception can smooth the path towards system modernization. Still, it demands detailed planning and a solid understanding of the existing system's architecture to navigate potential challenges and maintain system reliability. There are two types of people: those who do backups and those who will be doing backups. Okay, there’s also a third group: science papers publishers. Martin Eve analysed the archive strategy in the scientific paper publishers. And:
Gulp… Check also other links! Cheers Oskar p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it! p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross. ArchitectureDevOps
DatabasesAIElixirJava.NET
Node.jsTypeScriptCoding Life
ManagementIndustry
You're currently a free subscriber to Architecture Weekly. For the full experience, upgrade your subscription. |
Older messages
Architecture Weekly #169 - 4th March 2024
Monday, March 4, 2024
Today, We did a roundtrip through the big tech case studies: Uber, Doordash, Stripe and more. We compared their takes on the emerging trends like cell-based architectures, we discussed Stripe's
Webinar #17 - Andrea Magnorsky: Introducing Bytesize Architecture Sessions!
Tuesday, February 27, 2024
Watch now (90 mins) | We all struggle with too-long meetings, confusing design discussions and analysis paralysis. How can we reason better about our systems in a collaborative way? Does your team
Architecture Weekly #168 - 26th February 2024
Monday, February 26, 2024
Today's leitmotif is revisiting our past decisions. We discussed lessons from 4 years of building and running infrastructure in a startup. Then we went to the discussion around CockroachDB vs
Architecture Weekly #167 - 19th February 2024
Monday, February 19, 2024
We started this time of the semi-philosophical discussions like what's the use case? Are pros and cons the same as consequences? Then we got more to the ground touching unusual topics like end-to-
Architecture Weekly #166 - 12th February 2024
Monday, February 12, 2024
We started with the announcement about Emmett - my new library and smoothly transitioned into the discussion on data governance. Firstly, in event-driven systems, data sovereignty is an issue of
You Might Also Like
Ranked | Which Country Has the Most Billionaires in 2024? 💰
Thursday, May 2, 2024
According to the annual Hurun Global Rich List, the US and China are home to nearly half of the world's 3279 billionaires in 2024. View Online | Subscribe Presented by: The economy is changing. Is
⚙️ Rovo
Thursday, May 2, 2024
Plus: Microsoft are (were?) terrified of Google's AI
Have VPN connection issues? This might be why
Thursday, May 2, 2024
DJI Power station; Studying with AI; Best gaming PCs -- ZDNET ZDNET Tech Today - US May 2, 2024 placeholder Having VPN connection issues? Microsoft warns the April 2024 Windows update is to blame If
Programmer Weekly - Issue 203
Thursday, May 2, 2024
View this email in your browser Programmer Weekly Welcome to issue 203 of Programmer Weekly. Let's get straight to the links this week. Quote of the Week "The hardest part of design is keeping
Python Weekly - Issue 648
Thursday, May 2, 2024
View this email in your browser Python Weekly Welcome to issue 648 of Python Weekly. Let's get straight to the links this week. News Fake job interviews target developers with new Python backdoor A
A new approach to access management for the way we work today
Thursday, May 2, 2024
Announcing 1Password® Extended Access Management ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏
Web Tools #563 - Frameworks, JSON/DB Tools, Vue, Nuxt.js
Thursday, May 2, 2024
WEB VERSION Issue #563 • May 2, 2024 Advertisement The Complete JavaScript Course 2024: From Zero to Expert This is an up-to-date JavaScript course covering modern techniques and features that will
Venture capitalists love musical chairs
Thursday, May 2, 2024
A number of investors have been swapping gigs and bouncing from prior employers to build new investing groups. View this email online in your browser By Alex Wilhelm Thursday, May 2, 2024 Good morning,
Gemini in Android Studio and more: Android Studio Jellyfish is Stable!
Thursday, May 2, 2024
View in browser 🔖 Articles Gemini in Android Studio and more: Android Studio Jellyfish is Stable! Android Studio Jellyfish (2023.3.1) is making waves with its official stable release! 🪼🌊 Dive into
wpmail.me issue#665
Thursday, May 2, 2024
wpMail.me wpmail.me issue#665 - The weekly WordPress newsletter. No spam, no nonsense. - May 2, 2024 Is this email not displaying correctly? View it in your browser. News & Articles Why Should You