Architecture Weekly #183 - 10th June 2024
Welcome to the new week! At war, love, and managing processes, all tricks are allowed. Business processes are usually the most critical part of the core functionality, so we need to ensure that we can diagnose them correctly. We also need to ensure that they won’t get stuck in the middle without being able to resume or terminate their work. Scheduled messages are one way to solve it, but we have different options. In my latest article, I described how to combine a To-Do List and Passage of Time patterns to achieve a straightforward way to handle process deadlines efficiently: In a nutshell, we're creating a read model with pending items (a.k.a To-Do List) and subscribing to the events representing the passage of time to check if we have some items to handle. Read more in the article to see all the nuances. GraphQL is one of those love & hate topics in our industry. Discussions around it are too often based on personal preferences and pet peeves. Arguments are getting more into the emotional level rather than specific arguments being put into specific usage contexts. That’s why I enjoyed the recent blogging exchange from people who spent a few years working with it: Matt Bessey wrote his rant after being burned by crafting public APIs with GraphQL. He nicely shows the challenges in designing the API to guard itself against typical attack threats. That’s related to authorizing access to related entities, performance, etc. All of that can bring much more complexity than we typically anticipate. Marc-Andre Giroux agreed with the conclusion that GraphQL may not be the best choice for public APIs. For such, it may be better to design the intended flows and use the REST+OpenApi combination cautiously. GraphQL shines the most for Backend For Frontend design, where we want to have data access flexibility but still push it into some boundaries. Staying with the complexity of Identity and Access Management, Mat Duggan outlined the challenges of setting it up in the big Cloud providers. He explained how constantly changing the set of permissions to cloud services can impact security. For instance, you may carefully craft roles and assign people to them, but then, being in a rush or trying to keep up with the changes in the permission set, you’re adding more and more into roles. By that, you’re losing control over who should be doing what. He provided a bit radical but intriguing idea based on his past projects:
Again, I’d be careful with that, especially for the global-facing projects, but for the internal APIs, that might not be as crazy as it seems. I can confirm that most people don’t care about granular permissions; they either try to guess them or grant the highest possible permissions. Because of that, if I tried to apply Mat’s proposal, I’d still try to do a review and ensure that minimum required scopes are used and if those higher permissions are justified. But then, of course, we may fall into the same loophole as initially described… Last week, I linked Kevin Beaumont’s coverage of the huge privacy and security hole in Windows Copilot+ Recall. It appeared that Microsoft had enough backslash to rewind the change and make it opt-in instead of opt-out. Just to recap: Recall is the new AI tool that will take screenshots of your desktop at random times and act as a potential key logger. Yup, in case of security threats, and if you’re not lucky, your screen with personal information, passwords, etc., can leak out. Or even worse, some other Windows user with admin rights could access and steal those snapshots… I’m not sure how someone thought that such a stupid idea could be a good choice. Let’s give a voice to Pavan Davuluri – “Corporate Vice President, Windows + Devices”
Of course… Nevertheless, it’s good to apply pressure. From now on, you’ll need to explicitly enable Windows Hello to use Recall and authenticate each time you open the Recall app to view your data, and they will start encrypting SQLite database data. Yup, they’re doing it now after it was deployed and installed. What a mess. Of course, the question is how temporary this change would be. Given their mad push into Gen AI, they will probably find a different way to get people to use it. Are you building hashtag EventSourcing applications in hashtag Node.js? Are you tired of maintaining your homebrew solutions? I plan to add PostgreSQL storage to Emmett (plus other features like telemetry, etc.). Getting sponsorship would help me to prioritise that effort. As I built a few cases like that, I think that it would be cheaper in the long term to outsource that to me rather than maintain it on your own. If sponsoring is not an option for now, I'm still happy to take your feedback on what would make you consider moving from the homebrew event store to the one in Emmett. I have already started to work on the subscription API; it’ll be based on the WebStreams standard to make it both available in the browser and the Node.js backend. If you don’t know it yet, check: And if you’d like to learn more about how cool Node.js are, check out a great walkthrough by Matteo Collina: On the last Domain Driven Design Europe, besides doing an advanced Event Sourcing workshop, I also had the pleasure of being an MC and announcing two talks. One of them was Mufrid Krilic, here’s the recording of the version he gave at KanDDDinsky conference: There are not many talks about the insights from crunching the business domain. There’s a thing to that, as it’s not easy to show tradeoffs without accidentally presenting them as best practices. Mufrid did a good job explaining the tools they used and the modelling process that helped them build a focused model. It also made me prioritise learning Domain Storytelling more. Check also other links! Cheers Oskar p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it! p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross. Architecture
Database
TestingAzureNode.js.NETCoding LifeManagementSecurity
TriviaInvite your friends and earn rewardsIf you enjoy Architecture Weekly, share it with your friends and earn rewards when they subscribe. |
Older messages
Architecture Weekly #182 - 27th May 2024
Monday, June 3, 2024
Let's start this edition with the security. We always put it as the last point, but should we? We started with a spectacular Snowflake breach. We discussed if LLMS could help to avoid it (spoiler:
Papers We Love #2 - How do committees invent? (Melvin E. Conway)
Monday, June 3, 2024
Watch now (73 mins) | Hey! 😀 In the 2nd edition of Papers We Love, we tackled the famous article Mel Conway's article where he introduced his law. You probably already know the quote: Organizations
Architecture Weekly #181 - 27th May 2024
Monday, June 3, 2024
Boy, is it a new week already? It is, so let's see what #ArchitectureWeekly brought to you this time! We started with a discussion about Mel Conway's law, its wide impact and whether we could
Architecture Weekly #180 - 20th May 2024
Monday, May 20, 2024
We started with an invitation to discuss Conway's Law. Then, we discussed recent Cloud provider mishaps. Well, one AWS mishap on the bill for a DDoSed S3 bucket and a nightmare from Google Cloud
Architecture Weekly #179 - 13th May 2024
Monday, May 13, 2024
This release has a few themes. We started with event-driven (yeah, surprise!), discussing the potential errors and ways to handle them. Then we checked if serverless cold-starts are THAT scary and
You Might Also Like
📳 Galaxy Z Flip 6 Review — How to Watch the 2024 Summer Olympics for Free
Friday, July 26, 2024
Also: Fixing Spotify's Repeating Ads, and More! How-To Geek Logo July 26, 2024 Did You Know The rectangular area of a flag found in the upper left corner (top hoist corner) of the flag, such as the
Your monthly update has arrived
Friday, July 26, 2024
What's new in Google Play and Android July 2024 The Collections surface engages users with content Introducing Collections, a new on-device surface for your content Collections present users with
iOS Dev Weekly - Issue 671
Friday, July 26, 2024
There are two types of apps on the visionOS App Store. Will you create an app that makes people reach for the headset? 🥽 View on the Web Archives ISSUE 671 July 26th 2024 Comment In the last two weeks
Ranked | The 10 Busiest Ports in the World, by Cargo Traffic 🚢
Friday, July 26, 2024
As critical nodes for trade and commercial activity, we show the top 10 busiest ports in the world by cargo volume. View Online | Subscribe Presented by: Is Your Portfolio Powering the Future? >>
Let the Games Begin
Friday, July 26, 2024
Week of July 22, 2024 Let the Games Begin Week of July 22, 2024 By MG Siegler • 26 Jul 2024 View in browser View in browser Mark Zuckerberg loves two things above all else right now: llamas and
Daily Coding Problem: Problem #1508 [Hard]
Friday, July 26, 2024
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Uber. Given an array of integers, return a new array such that each element at index i
OpenAI announces SearchGPT - Weekly News Roundup - Issue #477
Friday, July 26, 2024
Plus: Will billionaires live forever; a police robot dog jamming wireless networks; Alphabet to invest $5B into Waymo; warnings about “model collapse”; a new partnership for AI security; and more! ͏ ͏
Using Data as a Product Manager
Friday, July 26, 2024
If you had your choice between a little data or a lot of data on which to guide decisions, which would you pick?
Last Mile of Blockchains: RPC and Node-as-a-Service
Friday, July 26, 2024
Top Tech Content sent at Noon! Find the hottest jobs from top tech companies Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, July 26, 2024? The
⚙️ Generative AI is making workers less productive
Friday, July 26, 2024
Plus: Runway trained video generator on thousands of YouTube videos