Architecture Weekly #183 - 10th June 2024
Welcome to the new week! At war, love, and managing processes, all tricks are allowed. Business processes are usually the most critical part of the core functionality, so we need to ensure that we can diagnose them correctly. We also need to ensure that they won’t get stuck in the middle without being able to resume or terminate their work. Scheduled messages are one way to solve it, but we have different options. In my latest article, I described how to combine a To-Do List and Passage of Time patterns to achieve a straightforward way to handle process deadlines efficiently: In a nutshell, we're creating a read model with pending items (a.k.a To-Do List) and subscribing to the events representing the passage of time to check if we have some items to handle. Read more in the article to see all the nuances. GraphQL is one of those love & hate topics in our industry. Discussions around it are too often based on personal preferences and pet peeves. Arguments are getting more into the emotional level rather than specific arguments being put into specific usage contexts. That’s why I enjoyed the recent blogging exchange from people who spent a few years working with it: Matt Bessey wrote his rant after being burned by crafting public APIs with GraphQL. He nicely shows the challenges in designing the API to guard itself against typical attack threats. That’s related to authorizing access to related entities, performance, etc. All of that can bring much more complexity than we typically anticipate. Marc-Andre Giroux agreed with the conclusion that GraphQL may not be the best choice for public APIs. For such, it may be better to design the intended flows and use the REST+OpenApi combination cautiously. GraphQL shines the most for Backend For Frontend design, where we want to have data access flexibility but still push it into some boundaries. Staying with the complexity of Identity and Access Management, Mat Duggan outlined the challenges of setting it up in the big Cloud providers. He explained how constantly changing the set of permissions to cloud services can impact security. For instance, you may carefully craft roles and assign people to them, but then, being in a rush or trying to keep up with the changes in the permission set, you’re adding more and more into roles. By that, you’re losing control over who should be doing what. He provided a bit radical but intriguing idea based on his past projects:
Again, I’d be careful with that, especially for the global-facing projects, but for the internal APIs, that might not be as crazy as it seems. I can confirm that most people don’t care about granular permissions; they either try to guess them or grant the highest possible permissions. Because of that, if I tried to apply Mat’s proposal, I’d still try to do a review and ensure that minimum required scopes are used and if those higher permissions are justified. But then, of course, we may fall into the same loophole as initially described… Last week, I linked Kevin Beaumont’s coverage of the huge privacy and security hole in Windows Copilot+ Recall. It appeared that Microsoft had enough backslash to rewind the change and make it opt-in instead of opt-out. Just to recap: Recall is the new AI tool that will take screenshots of your desktop at random times and act as a potential key logger. Yup, in case of security threats, and if you’re not lucky, your screen with personal information, passwords, etc., can leak out. Or even worse, some other Windows user with admin rights could access and steal those snapshots… I’m not sure how someone thought that such a stupid idea could be a good choice. Let’s give a voice to Pavan Davuluri – “Corporate Vice President, Windows + Devices”
Of course… Nevertheless, it’s good to apply pressure. From now on, you’ll need to explicitly enable Windows Hello to use Recall and authenticate each time you open the Recall app to view your data, and they will start encrypting SQLite database data. Yup, they’re doing it now after it was deployed and installed. What a mess. Of course, the question is how temporary this change would be. Given their mad push into Gen AI, they will probably find a different way to get people to use it. Are you building hashtag EventSourcing applications in hashtag Node.js? Are you tired of maintaining your homebrew solutions? I plan to add PostgreSQL storage to Emmett (plus other features like telemetry, etc.). Getting sponsorship would help me to prioritise that effort. As I built a few cases like that, I think that it would be cheaper in the long term to outsource that to me rather than maintain it on your own. If sponsoring is not an option for now, I'm still happy to take your feedback on what would make you consider moving from the homebrew event store to the one in Emmett. I have already started to work on the subscription API; it’ll be based on the WebStreams standard to make it both available in the browser and the Node.js backend. If you don’t know it yet, check: And if you’d like to learn more about how cool Node.js are, check out a great walkthrough by Matteo Collina: On the last Domain Driven Design Europe, besides doing an advanced Event Sourcing workshop, I also had the pleasure of being an MC and announcing two talks. One of them was Mufrid Krilic, here’s the recording of the version he gave at KanDDDinsky conference: There are not many talks about the insights from crunching the business domain. There’s a thing to that, as it’s not easy to show tradeoffs without accidentally presenting them as best practices. Mufrid did a good job explaining the tools they used and the modelling process that helped them build a focused model. It also made me prioritise learning Domain Storytelling more. Check also other links! Cheers Oskar p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it! p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross. Architecture
Database
TestingAzureNode.js.NETCoding LifeManagementSecurity
TriviaInvite your friends and earn rewardsIf you enjoy Architecture Weekly, share it with your friends and earn rewards when they subscribe. |
Older messages
Architecture Weekly #182 - 27th May 2024
Monday, June 3, 2024
Let's start this edition with the security. We always put it as the last point, but should we? We started with a spectacular Snowflake breach. We discussed if LLMS could help to avoid it (spoiler:
Papers We Love #2 - How do committees invent? (Melvin E. Conway)
Monday, June 3, 2024
Watch now (73 mins) | Hey! 😀 In the 2nd edition of Papers We Love, we tackled the famous article Mel Conway's article where he introduced his law. You probably already know the quote: Organizations
Architecture Weekly #181 - 27th May 2024
Monday, June 3, 2024
Boy, is it a new week already? It is, so let's see what #ArchitectureWeekly brought to you this time! We started with a discussion about Mel Conway's law, its wide impact and whether we could
Architecture Weekly #180 - 20th May 2024
Monday, May 20, 2024
We started with an invitation to discuss Conway's Law. Then, we discussed recent Cloud provider mishaps. Well, one AWS mishap on the bill for a DDoSed S3 bucket and a nightmare from Google Cloud
Architecture Weekly #179 - 13th May 2024
Monday, May 13, 2024
This release has a few themes. We started with event-driven (yeah, surprise!), discussing the potential errors and ways to handle them. Then we checked if serverless cold-starts are THAT scary and
You Might Also Like
Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
Wednesday, December 25, 2024
THN Daily Updates Newsletter cover The Data Science Handbook, 2nd Edition ($60.00 Value) FREE for a Limited Time Practical, accessible guide to becoming a data scientist, updated to include the latest
Software Testing Weekly - Issue 251
Wednesday, December 25, 2024
GitHub Copilot is free! 🤖 View on the Web Archives ISSUE 251 December 25th 2024 COMMENT Welcome to the 251st issue! In case you missed it — GitHub Copilot is free! The free version works with Visual
Daily Coding Problem: Problem #1647 [Medium]
Tuesday, December 24, 2024
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Square. In front of you is a row of N coins, with values v 1 , v 1 , ..., v n . You are
Sentiment Analysis, Topological Sort, Web Security, and More
Tuesday, December 24, 2024
Exploring Modern Sentiment Analysis Approaches in Python #661 – DECEMBER 24, 2024 VIEW IN BROWSER The PyCoder's Weekly Logo Exploring Modern Sentiment Analysis Approaches in Python What are the
🤫 Do Not Disturb Mode Is My Secret to Sanity — 8 Gadgets I Want To See Nintendo Make
Tuesday, December 24, 2024
Also: The Best Christmas Movies to Watch on Netflix, and More! How-To Geek Logo December 24, 2024 Did You Know Their association with the Christmas season might make you think poinsettias hail from a
😱 AzureEdge.net DNS Retiring Jan. 2025, 🚀 Microsoft Phi-4 AI Outperforms, 🔒 Microsoft Secure Future Initiative
Tuesday, December 24, 2024
Blog | Advertise | View Online Your trusted source for Cloud, AI and DevOps guidance with industry expert Chris Pietschmann! Phi-4: Microsoft's New Small Language Model Outperforms Giants in AI
Mapped | The Top Health Insurance Companies by State 🏥
Tuesday, December 24, 2024
In 13 US states, a single company dominates the health insurance market, holding at least half of the total market share. View Online | Subscribe | Download Our App Presented by: Global X ETFs Power
The Stanford Grad Who Forgot How To Think
Tuesday, December 24, 2024
Top Tech Content sent at Noon! Boost Your Article on HackerNoon for $159.99! Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, December 24, 2024? The
The next big HDMI leap is coming
Tuesday, December 24, 2024
Sora side hustles; Casio's tiny watch comes to the US -- ZDNET ZDNET Tech Today - US December 24, 2024 Ecovacs Deebot T30S Combo robot vacuum and mop The next big HDMI leap is coming next month -
⚙️ Robo-suits
Tuesday, December 24, 2024
Plus: The data center energy surge