Welcome to the new week!

We released the new major version of Marten: v6. I gathered some of my thoughts/insights/lessons learned about running an Open Source project that came to my mind after releasing it.

If you are:
- running Open Source project
- Marten user,
- interested in my work,
- or just have enough time to read some,

then it may be interesting to you.

• A few notes on running open source project after Marten v6 release

See also a nice write-up on the OSS “work” on the GitHub blog:

• Mike Melanson - How ‘open’ should your open source be?

The funniest event I saw last week was DataDog leaking information that one of the customers spent 65 million dollars on their services. Yes, that’s not a typo. Based on another outstanding research from Gergely Orosz, it seems (not surprisingly) that it was Coinbase - a crypto company. They were getting so much money on the trading that they didn’t bother such small spending. Of course, they recently start to care. Read this article to see the buy/do decision-making drivers and if millions of dollars on observability is always too much (TLDR: it’s not).

• Gergely Orosz - Datadog’s $65M/year customer mystery solved

• Motley Fool Transcribing - Datadog (DDOG) Q1 2023 Earnings Call Transcript

Speaking about costs, having zero downtime migrations or deployments can also be an extremely costly process. Rarely it’s entirely justified in regular projects. We should always think realistically about SLA and SLO. Still, sometimes we need that, and it’s good to see the horizon of how to achieve that. We don’t need bulletproof solutions like Netflix, but we can always learn from their example and map it to our case.

• Netflix - Migrating Critical Traffic At Scale with No Downtime — Part 1

Google turned on Autopilot automatically for their managed Kubernetes. It’s a good step in making Kubernetes commodity and infrastructure layer. If we’re starting to use it, and don’t have enough specialists in our team, then having the general best practices and tunning applied for us may be a decent way to solve our scaling, security and costs management. Of course, the basis of trust is to control, so we should be careful and observe if other providers promote such an approach.

• Google - Autopilot is now GKE’s default mode of operation — here’s what that means for you

I wrote last week about the supply chain attack case made through the SolarWinds software. Check a report about those types of attacks made by SonaType.

• SonaType - State of the Software Supply Chain

Do it, especially if you’re basing on your in-house CI/CD infrastructure.

Speaking about security and Open Source sustainability, I started this release. Interestingly, USA Senate started to have a debate on it. It’s interesting in which directions those legislations will be going on. Unless it’s a blame game on the maintainers, it’s a good thing to put some regulations or best practices, especially into mission-critical software. We need to focus more on security and quality in our industry. I’m unsure if regulations are necessarily the best way to achieve that. Still, it seems that our industry cannot self-regulate and self-reflect on that correctly, so maybe this is the needed way.

• IT Brew - Senate takes action on open-source vulnerabilities in wake of 2022 Log4j attack

Maturity is something that micro frontends are getting. Luca Mezzalira is one of that promoters and shared his story from staying seven years in the trenches.

• Luca Mezzalira - Microfrontends Anti-Patterns: Seven Years in the Trenches

It’s also a good time to highlight again that architecture is not only about the backend. Frontend applications nowadays can also impact the scaling of our applications. They’re not longer “just UI” but part of the services ecosystem. Not always it’s a best practice, but if we’re doing more computing on edge (user browser, mobile etc.), we can make our application more scalable.

So if you have yet another joke about JavaScript or Single-Page Applications in your pocket, consider hiding it, or at least check if your backend is not just another database over the wire. It may appear, that your frontend app is more sophisticated and have more architecture than CRUD API.

Speaking of which. If it’s just doing mapping on top of DB, then maybe it’s enough to use:

• PostgREST - A standalone web server that turns your PostgreSQL database directly into a RESTful API

Of course, that’s a joke in general, but also a highlight that you may not always need the full-blown domain process if what you’re doing is a simple app. See more in:

• Eberhard Wolff - Why You Might Fail with DDD

Check also other links!

Cheers
Oskar

p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it!

p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross.

Architecture

• Gergely Orosz - Datadog’s $65M/year customer mystery solved

• Motley Fool Transcribing - Datadog (DDOG) Q1 2023 Earnings Call Transcript

• Netflix - Migrating Critical Traffic At Scale with No Downtime — Part 1

• Luca Mezzalira - Microfrontends Anti-Patterns: Seven Years in the Trenches

• Derek Comartin - Avoid batch jobs! Model the future!

• Yan Cui - Is serverless overpriced? What can we learn from the PrimeVideo team?

• Camille Fournier - Avoiding the Rewrite Trap

• Eberhard Wolff - Why You Might Fail with DDD

• Hany Elemary - Customer Experience APIs: The missing layer

• Amy Hupe - How to write sh*t documentation

DevOps

• Natalie Arellano, Aidan Delaney - Customizing Your Buildpacks Build – Yes You Can!

• Google - Autopilot is now GKE’s default mode of operation — here’s what that means for you

Databases

• PostgREST - A standalone web server that turns your PostgreSQL database directly into a RESTful API

• data-diff - Compare tables within or across databases

Java

• Reflectoring.io - Structured Logging with Spring Boot and Amazon CloudWatch

.NET

• Jake Scott - Deploy a Serverless API Using .NET NativeAOT

• Norm Micro-ORM - High performance micro-ORM database mapper and modernized Dapper replacement for .NET Standard 2.1 and higher

• BlobHelper - BlobHelper is a common, consistent storage interface for Microsoft Azure, Amazon S3, Komodo, Kvpbase, and local filesystem written in C#

• ChatGPT - A ChatGPT C# client for MacOS, Windows, Linux, Android, iOS and Browser. Powered by Avalonia UI framework.

Tools

• GitHub - GitHub code search is generally available

Coding Life

• Oskar Dudycz - A few notes on running open source project after Marten v6 release

• Mike Melanson - How ‘open’ should your open source be?

Management

• Ben Kuhn - Some mistakes I made as a new manager

Industry

• CNBC - Shopify offloads logistics business to Flexport

• IT Brew - Senate takes action on open-source vulnerabilities in wake of 2022 Log4j attack

• BBC - Ex-Uber security chief sentenced over covering up hack

• The Byte - IBM Replacing 7,800 Human Jobs With AI, Including Human Resources

• Fortune - Leaked email from Microsoft CEO says salaried staff will not get raises this year due to macroeconomic conditions

Security

• SonaType - State of the Software Supply Chain

• Bleeping Computer - Discord discloses data breach after support agent got hacked

Trivia

• Upraise - Output Vs Outcome: Top 10 Differences