Architecture Weekly #186 - 1st July 2024
Welcome to the new week! Regular expressions are one of the classic examples of hate and hate relationships. Yes, it’s not a typo; hate and hate. Do you know anyone who loves or knows how to write moderately complex regex? And can they keep their skill for longer than two weeks without forgetting how to do it? Maybe this whole wave of Large Language Models is about having someone who will show us how to write regexes. Maybe we hate regular expressions so much that we don’t care about hallucinations. Still, undeniably, regular expressions are useful and powerful. Let me show you an example, but be careful; I warned you already! In my recent article, I showed an example of using Regular Expressions to filter Event Store catch-up subscriptions by event types. Thanks to that, you can reduce network traffic by getting notifications about new events. Speaking about EventStoreDB, on their blog, there’s also an interesting case study written by their customer on how they joined the Event Sourcing capabilities with Machine Learning. Intriguing, detailed write-up showing how they translated business use case into this mixture: And as we’re into Event-Driven solutions, check a nice list of common misconceptions around the guarantees you may expect from them: Sometimes, I get the feeling that I could rename this newsletter to Supply Chain Attack Weekly. Those types of attacks are getting so popular and spectacular. We talked about the tooling infiltration in the Solar Winds case and OSS maintainer injection with the xz library; today, I have the next version. The rapid pace of new improvements in JavaScript tooling required the development of custom polyfills to align implementations where environments (e.g., browser type) can’t keep up with standard enhancements. One of the most popular was Polyfill JS. It was distributed in multiple ways; one of the most popular was CDN, which is their custom CDN: cdn.polyfill.io. Yet, in February, an unexpected thing happened: a Chinese company bought the project together with the CDN domain. And now, bang! it appeared the domain was injecting the malware. It was enough to include the link to the script from the CDN. The issue was found and explained by Sansec, a company that is specialising in ECommerce security and quickly after by BleepingComputer It seems that even more CDNs were used as the attack's vector (even Cloudflare was probably used). Both Sansec and Bleeping Computer sites were targeted by DDoS attacks either to slow down the spreading of the news about the issue or as revenge. Both the most popular CDNs, Cloudflare and Fastly, are now doing the automatic redirection of the malware redirections: All of that points to the Chinese hacker group. Funnily enough, the owner claims that no malware was distributed… Ok, but as it’s the Architecture Weekly, what should we, the people responsible for architects, get out of that? Security should definitely be one of our main concerns and part of the design and implementation process. Obviously we should ensure that our dependencies are continuously updated, we should also invest in being able to quickly make deployment to guard ourselves if something like that happens. We should also use trustworthy CDNs. Of course, trust is not easy to detect. It’s also interesting how our decentralised web is decentralised in theory. Having central trustworthy vendors makes it harder to commit a breach, as they’re investing heavily in it, but… if the breach is committed, it’ll likely spread much, much further and faster. Read also about another dangerous breach made by Russian hackers: Cyber wars are definitely real nowadays and mixed precisely with geopolitics. Jumping to other industry news. Uber wrote that they're moving their Big Data and Machine Learning to Google Cloud. The article itself is not that interesting. It's mostly marketing news, but what’s the most interesting there is that they’re still using HDFS, Hadoop, and Spark, which got out of fashion recently. They’re planning to move to Google Cloud services like Google Big Query. It’s also interesting if taking such a load and popular platform will help Google increase its ML/AI adoption, which was losing publicity with GenAI advances and marketing. DataDog released their annual report on Cloud Costs: Here are the most important points from it:
The amount of wasted time on containers is crazy. Also, cross-AZ costs mean that we’re getting better at designing with redundancy, and cloud providers know how to charge us. I’m wondering what would be the real GPU usage if it wasn’t so hard to get them. Check also interesting write-ups on documenting our architectures: And check the free ebook from ScyllaDB on Database performance: I haven’t read it yet fully, but from what I skimmed so far, it’s a decent reading. Check also other links! Cheers Oskar p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it! p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross. Architecture
Databases
DevOpsAI
AWS.NET
Coding LifeIndustry
Security
TriviaYou're currently a free subscriber to Architecture Weekly. For the full experience, upgrade your subscription. |
Older messages
Architecture Weekly #185 - 24th June 2024
Monday, June 24, 2024
This edition is 50 shaded of coupling! Yeah, I know how that sounds, but we discussed why coupling is not an end goal but a metric to evaluate tradeoffs. We also discussed how to actually make
Architecture Weekly #184 - 17th June 2024
Monday, June 17, 2024
It's a new Monday, the right time for the new set of software architecture materials! This time, we started with visualisations that were made right for great explanations of queuing concepts. I
Architecture Weekly #183 - 10th June 2024
Monday, June 10, 2024
To GraphQL or not to GraphQL, that's the question we started this edition. We discussed the different perspectives on that. One of the issues is authorisation management, and from that, we went
Architecture Weekly #182 - 27th May 2024
Monday, June 3, 2024
Let's start this edition with the security. We always put it as the last point, but should we? We started with a spectacular Snowflake breach. We discussed if LLMS could help to avoid it (spoiler:
Papers We Love #2 - How do committees invent? (Melvin E. Conway)
Monday, June 3, 2024
Watch now (73 mins) | Hey! 😀 In the 2nd edition of Papers We Love, we tackled the famous article Mel Conway's article where he introduced his law. You probably already know the quote: Organizations
You Might Also Like
💻 Issue 435 - Oracle, it's time to free JavaScript
Thursday, September 19, 2024
This week's Awesome JavaScript Weekly Read this email on the Web The Awesome JavaScript Weekly Issue » 435 Release Date Sep 19, 2024 Your weekly report of the most popular JavaScript news, articles
📱 Issue 429 - iOS 18 breaks IMAPS self-signed certs
Thursday, September 19, 2024
This week's Awesome iOS Weekly Read this email on the Web The Awesome iOS Weekly Issue » 429 Release Date Sep 19, 2024 Your weekly report of the most popular iOS news, articles and projects Popular
💻 Issue 353 - Why React Won the Front-End Race
Thursday, September 19, 2024
This week's Awesome React Weekly Read this email on the Web The Awesome React Weekly Issue » 353 Release Date Sep 19, 2024 Your weekly report of the most popular React news, articles and projects
💻 Issue 435 - DevSecOps Project: "Secure Full-Stack Node.js Web Application Deployment with Jenkins, Docker, Kubernetes, and HashiCorp Vault"
Thursday, September 19, 2024
This week's Awesome Node.js Weekly Read this email on the Web The Awesome Node.js Weekly Issue » 435 Release Date Sep 19, 2024 Your weekly report of the most popular Node.js news, articles and
📱 Issue 432 - Swift 6
Thursday, September 19, 2024
This week's Awesome Swift Weekly Read this email on the Web The Awesome Swift Weekly Issue » 432 Release Date Sep 19, 2024 Your weekly report of the most popular Swift news, articles and projects
💻 Issue 430 - Days since last Minecraft server written in Rust was released
Thursday, September 19, 2024
This week's Awesome Rust Weekly Read this email on the Web The Awesome Rust Weekly Issue » 430 Release Date Sep 19, 2024 Your weekly report of the most popular Rust news, articles and projects
Ranked | The Largest Producers of Wind Power, by Country ⚡
Thursday, September 19, 2024
Global wind power capacity hit fresh records in 2023 thanks to strategic government investment and lower technology costs. View Online | Subscribe | Download Our App Presented by: NEW REPORT: Brought
🧠 ChatGPT Passed the Turing Test — 5 Tips to Make Your Laptop Last Longer
Thursday, September 19, 2024
Also: How to Sideload Apps on Android TV, and More! How-To Geek Logo September 19, 2024 Did You Know Babies seem to have such large eyes because humans are born with eyes approximately 75 percent of
How a psychiatrist became an AI innovator
Thursday, September 19, 2024
The idea was in her head for months…
JSK Daily for Sep 19, 2024
Thursday, September 19, 2024
JSK Daily for Sep 19, 2024 View this email in your browser A community curated daily e-mail of JavaScript news Attention JavaScript Developers: New Certification Program Hey there p> Bob Senoff Read