Welcome to the new week!

I realised that I could do more to help you and other folks. I've been sharing online content for free in the last few years through my blog, conference talks, this newsletter, and Open Source works. I know that it helped many folks, but…

Now I think it's time to provide structured material to take you through the learning journey fully.

I prepared a short survey; I know that your time is precious, but it'll help me a lot if you share your feedback with me: https://forms.gle/QQhpf9dNYxukDoyYA

Comments and resharing also count!

Many people ask me what my day job looks like, how I earn money, and if I’m coding. My usual answer is a running joke: I’m doing workshops and consulting to earn money for my Open Source passion. That may surprise some, but GitHub stars won't pay your rent.

We had next example of that last week. It all started with the finding of the Reddit user.

• Reddit - Does Moq in it's latest version extract and send my email to the cloud via SponsorLink?

Moq is a .NET library used for mocking dependencies in unit tests. One of the most, or the most popular. Its author is a .NET Open Source veteran who still made a surprising and terrible move. He added malware into the recent version.

Well, almost, the author’s intentions as explained by the author in his blog article:

So the goal of SponsorLink is to connect in the most direct way possible your sponsorship with your library author’ sponsor account. And since the place where you spend most of the time enjoying your fellow developers’ open source projects is inside an IDE (i.e. Visual Studio or Rider), I figured that’s the first place where you should be reminded that either:

1. You are an awesome backer and the project is alive and well thanks to you.

2. You should not forget to take action now to become 1), given it’s incredible straightforward and affordable!

In practice, it was released as malware. The code was injected into the library, obfuscated and skimmed your git folders of the project for the email. Then it was sending the hashed email through the network to the tool and stores it in the cloud. Yes, also your corporate email. Without the consent. Obvious GDPR breach.

The author got a rage on GitHub and eventually removed the change but promised to bring it back after tweaking it.

Why am I doing the recap of such an issue?

Because, as Architects, we should not think it’s yet another Open Source shitstorm.

There are two sides to that: the OSS author's move was terrible, and there’s no defence for doing it. Yet, it’s a general sustainability issue in the OSS world. This model is broken, and we have more signs like that of screaming into the void.

Do the exercise, and ask yourself:

• What is your strategy if such a case happens for your most crucial library?

• Do you have a dependency management and review strategy?

• What are you doing to minimise the bus factor for your favourite libraries?

Don’t you have such strategies? You should. And the answer is not “I’ll not use OSS”.

Even the biggest tools are changing their licenses not to be eaten by big corporations. See the recent change by HashiCorp:

• HashiCorp - HashiCorp adopts Business Source License

That’s also why I’m considering building an online course. When I asked people if they would like to pay for some dev tooling, they usually said they wouldn’t like to pay a license fee. For online courses? New MacBook? Huge screen? Sure.

Still, testing library author mocking their users can motivate them to stop overusing mocks in tests. Check more on how to do it:

• James Shore - Testing Without Mocks

Jokes aside, mocks can also be used correctly. Even as a design tool. See:

• Sandro Mancuso - Mocking as a Design Tool

Yes, you can also use code as a design tool. We’re already familiar with the concept of Infrastructure as Code. Why not Architecture as Code?

• Gregor Hohpe - Application Architecture as Code

My take on that is our tooling is not yet there, but seeing nice stuff, you can do with tools like Structurizr, I hope that step by step, we’ll reach the face where our source code will be the real source of truth. Not an excuse we’re doing when complaining about Confluence and another tooling for communication with the business.

Multi-tenancy is one of the most common architecture cases and one of the hardest. Nowadays, when Software as a Service is one of the most popular ways of distributing software, it’s even more critical. We must balance the cost and guarantees we want for consumer data.

We often talk about data isolation and ease of deployment, but too rarely, we speak about performance isolation. Luckily Cloudflare wrote a great case study on that topic. Read more:

• Cloudflare - Performance isolation in a multi-tenant database environment

Speaking about case studies, last week, I talked about the release of the Stack Overflow AI tool. I was wondering about how they approach it and what’s their strategy. Now, Stack Overflow shared a bit of that. It’s a nice description showing the battle between the optimisation for users and automation:

• Stack Overflow - Ask like a human: Implementing semantic search on Stack Overflow

The battle is uneven, and companies do not always optimise for users good. See what CNET just did:

• Gizmodo - CNET Deletes Thousands of Old Articles to Game Google Search

Europe is lagging in chipset production. And that’s kind of me, that I wrote it like that. Interestingly arm is a company originating in England. They’re designing the processors for others and selling know-how but not creating chips. Those are created mostly in Taiwan and the United States. Europe doesn’t have any big producers.

Germany decided to change that and subsidise chipsets factories, both for Intel and Taiwan companies:

• The Register - Germany to subsidize Intel €10B for 'Silicon Junction' fab

• Reuters - Intel spends $33 billion in Germany in landmark expansion

The move is, of course, controversial. They’re making a big bargain from the German people's taxes for both companies. Plus, they’re not investing in their own companies to build know-how etc. However, it’s also a pragmatic move and can be a decent first step.

Especially keeping in mind how unstable the situation is in Asia and Taiwan. Having factories located in their country can make alternatives in case of conflict. And the last part is important, as I think the next bigger multinational conflict will be around silicon and processors.

I hope that I’m wrong here.

Check also other links!
Oskar

p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it!

p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross.

Architecture

• Gregor Hohpe - Application Architecture as Code

• Cloudflare - Performance isolation in a multi-tenant database environment

• Uber - Announcing Cadence 1.0: The Powerful Workflow Platform Built for Scale and Reliability

• Rebecca Parsons — Building Evolutionary Architectures: Principles and Practices

• Ivan Padabed - The Purpose of Architecture

• Sandro Mancuso - Mocking as a Design Tool

• Lexi Mattick & Hack Club - Putting the “You” in CPU

• Greg Young - Event Sourcing and Post/Pre Dated Transactions

Databases

• Elastic - Unveiling Elasticsearch Query Language (ES|QL)

• Streamstone - Event store for Azure Table Storage

AI

• Stack Overflow - Ask like a human: Implementing semantic search on Stack Overflow

Azure

• Thomas Maurer - Prepare your Azure Cloud Environment with the Cloud Adoption Framework

Java

• Billy Korando - To Java 21 and Beyond!

• A N M Bazlur Rahman - Preparing for JDK 21: A Comprehensive Overview of Key Features and Enhancements

• Marco Codes - How To Approach Dependency Management in Java

.NET

• Sean Killeen - On Moq and our Part in the OSS Sustainability Social Contract

• Jeremy D. Miller - Using Sql Server as a Message Queue with Wolverine

• Aaron Stannard - We're Rewriting Sdkbin

• Andrew Lock - Comparing WebApplication.CreateBuilder() to the new CreateSlimBuilder() method

WebAssembly

• Radu Matei - Towards sockets and networking in WebAssembly and WASI

Coding Life

• Danah Boyd - Deskilling on the Job

Product Design

• Paweł Huryn - MVP: Everything You Need to Know. MVP vs. MMP vs. MLP

Industry

• The Register - Germany to subsidize Intel €10B for 'Silicon Junction' fab

• Reuters - Intel spends $33 billion in Germany in landmark expansion

• HashiCorp - HashiCorp adopts Business Source License

• The Guardian - Norway to fine Meta $98,500 a day over user privacy breach from 14 August

• Gizmodo - CNET Deletes Thousands of Old Articles to Game Google Search

Security

• Independent - Bots are better than humans at cracking ‘Are you a robot?’ Captcha tests, study finds

• OpenAI - Disabling GPTBot