Architecture Weekly #186 - 1st July 2024
Welcome to the new week! Regular expressions are one of the classic examples of hate and hate relationships. Yes, it’s not a typo; hate and hate. Do you know anyone who loves or knows how to write moderately complex regex? And can they keep their skill for longer than two weeks without forgetting how to do it? Maybe this whole wave of Large Language Models is about having someone who will show us how to write regexes. Maybe we hate regular expressions so much that we don’t care about hallucinations. Still, undeniably, regular expressions are useful and powerful. Let me show you an example, but be careful; I warned you already! In my recent article, I showed an example of using Regular Expressions to filter Event Store catch-up subscriptions by event types. Thanks to that, you can reduce network traffic by getting notifications about new events. Speaking about EventStoreDB, on their blog, there’s also an interesting case study written by their customer on how they joined the Event Sourcing capabilities with Machine Learning. Intriguing, detailed write-up showing how they translated business use case into this mixture: And as we’re into Event-Driven solutions, check a nice list of common misconceptions around the guarantees you may expect from them: Sometimes, I get the feeling that I could rename this newsletter to Supply Chain Attack Weekly. Those types of attacks are getting so popular and spectacular. We talked about the tooling infiltration in the Solar Winds case and OSS maintainer injection with the xz library; today, I have the next version. The rapid pace of new improvements in JavaScript tooling required the development of custom polyfills to align implementations where environments (e.g., browser type) can’t keep up with standard enhancements. One of the most popular was Polyfill JS. It was distributed in multiple ways; one of the most popular was CDN, which is their custom CDN: cdn.polyfill.io. Yet, in February, an unexpected thing happened: a Chinese company bought the project together with the CDN domain. And now, bang! it appeared the domain was injecting the malware. It was enough to include the link to the script from the CDN. The issue was found and explained by Sansec, a company that is specialising in ECommerce security and quickly after by BleepingComputer It seems that even more CDNs were used as the attack's vector (even Cloudflare was probably used). Both Sansec and Bleeping Computer sites were targeted by DDoS attacks either to slow down the spreading of the news about the issue or as revenge. Both the most popular CDNs, Cloudflare and Fastly, are now doing the automatic redirection of the malware redirections: All of that points to the Chinese hacker group. Funnily enough, the owner claims that no malware was distributed… Ok, but as it’s the Architecture Weekly, what should we, the people responsible for architects, get out of that? Security should definitely be one of our main concerns and part of the design and implementation process. Obviously we should ensure that our dependencies are continuously updated, we should also invest in being able to quickly make deployment to guard ourselves if something like that happens. We should also use trustworthy CDNs. Of course, trust is not easy to detect. It’s also interesting how our decentralised web is decentralised in theory. Having central trustworthy vendors makes it harder to commit a breach, as they’re investing heavily in it, but… if the breach is committed, it’ll likely spread much, much further and faster. Read also about another dangerous breach made by Russian hackers: Cyber wars are definitely real nowadays and mixed precisely with geopolitics. Jumping to other industry news. Uber wrote that they're moving their Big Data and Machine Learning to Google Cloud. The article itself is not that interesting. It's mostly marketing news, but what’s the most interesting there is that they’re still using HDFS, Hadoop, and Spark, which got out of fashion recently. They’re planning to move to Google Cloud services like Google Big Query. It’s also interesting if taking such a load and popular platform will help Google increase its ML/AI adoption, which was losing publicity with GenAI advances and marketing. DataDog released their annual report on Cloud Costs: Here are the most important points from it:
The amount of wasted time on containers is crazy. Also, cross-AZ costs mean that we’re getting better at designing with redundancy, and cloud providers know how to charge us. I’m wondering what would be the real GPU usage if it wasn’t so hard to get them. Check also interesting write-ups on documenting our architectures: And check the free ebook from ScyllaDB on Database performance: I haven’t read it yet fully, but from what I skimmed so far, it’s a decent reading. Check also other links! Cheers Oskar p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it! p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross. Architecture
Databases
DevOpsAI
AWS.NET
Coding LifeIndustry
Security
TriviaYou're currently a free subscriber to Architecture Weekly. For the full experience, upgrade your subscription. |
Older messages
Architecture Weekly #185 - 24th June 2024
Monday, June 24, 2024
This edition is 50 shaded of coupling! Yeah, I know how that sounds, but we discussed why coupling is not an end goal but a metric to evaluate tradeoffs. We also discussed how to actually make
Architecture Weekly #184 - 17th June 2024
Monday, June 17, 2024
It's a new Monday, the right time for the new set of software architecture materials! This time, we started with visualisations that were made right for great explanations of queuing concepts. I
Architecture Weekly #183 - 10th June 2024
Monday, June 10, 2024
To GraphQL or not to GraphQL, that's the question we started this edition. We discussed the different perspectives on that. One of the issues is authorisation management, and from that, we went
Architecture Weekly #182 - 27th May 2024
Monday, June 3, 2024
Let's start this edition with the security. We always put it as the last point, but should we? We started with a spectacular Snowflake breach. We discussed if LLMS could help to avoid it (spoiler:
Papers We Love #2 - How do committees invent? (Melvin E. Conway)
Monday, June 3, 2024
Watch now (73 mins) | Hey! 😀 In the 2nd edition of Papers We Love, we tackled the famous article Mel Conway's article where he introduced his law. You probably already know the quote: Organizations
You Might Also Like
Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
Wednesday, December 25, 2024
THN Daily Updates Newsletter cover The Data Science Handbook, 2nd Edition ($60.00 Value) FREE for a Limited Time Practical, accessible guide to becoming a data scientist, updated to include the latest
Software Testing Weekly - Issue 251
Wednesday, December 25, 2024
GitHub Copilot is free! 🤖 View on the Web Archives ISSUE 251 December 25th 2024 COMMENT Welcome to the 251st issue! In case you missed it — GitHub Copilot is free! The free version works with Visual
Daily Coding Problem: Problem #1647 [Medium]
Tuesday, December 24, 2024
Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Square. In front of you is a row of N coins, with values v 1 , v 1 , ..., v n . You are
Sentiment Analysis, Topological Sort, Web Security, and More
Tuesday, December 24, 2024
Exploring Modern Sentiment Analysis Approaches in Python #661 – DECEMBER 24, 2024 VIEW IN BROWSER The PyCoder's Weekly Logo Exploring Modern Sentiment Analysis Approaches in Python What are the
🤫 Do Not Disturb Mode Is My Secret to Sanity — 8 Gadgets I Want To See Nintendo Make
Tuesday, December 24, 2024
Also: The Best Christmas Movies to Watch on Netflix, and More! How-To Geek Logo December 24, 2024 Did You Know Their association with the Christmas season might make you think poinsettias hail from a
😱 AzureEdge.net DNS Retiring Jan. 2025, 🚀 Microsoft Phi-4 AI Outperforms, 🔒 Microsoft Secure Future Initiative
Tuesday, December 24, 2024
Blog | Advertise | View Online Your trusted source for Cloud, AI and DevOps guidance with industry expert Chris Pietschmann! Phi-4: Microsoft's New Small Language Model Outperforms Giants in AI
Mapped | The Top Health Insurance Companies by State 🏥
Tuesday, December 24, 2024
In 13 US states, a single company dominates the health insurance market, holding at least half of the total market share. View Online | Subscribe | Download Our App Presented by: Global X ETFs Power
The Stanford Grad Who Forgot How To Think
Tuesday, December 24, 2024
Top Tech Content sent at Noon! Boost Your Article on HackerNoon for $159.99! Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today, December 24, 2024? The
The next big HDMI leap is coming
Tuesday, December 24, 2024
Sora side hustles; Casio's tiny watch comes to the US -- ZDNET ZDNET Tech Today - US December 24, 2024 Ecovacs Deebot T30S Combo robot vacuum and mop The next big HDMI leap is coming next month -
⚙️ Robo-suits
Tuesday, December 24, 2024
Plus: The data center energy surge