Discover more from Architecture Weekly
Architecture Weekly #140 - 14th August 2023
Welcome to the new week!
I realised that I could do more to help you and other folks. I've been sharing online content for free in the last few years through my blog, conference talks, this newsletter, and Open Source works. I know that it helped many folks, but…
Now I think it's time to provide structured material to take you through the learning journey fully.
I prepared a short survey; I know that your time is precious, but it'll help me a lot if you share your feedback with me: https://forms.gle/QQhpf9dNYxukDoyYA
Comments and resharing also count!
Many people ask me what my day job looks like, how I earn money, and if I’m coding. My usual answer is a running joke: I’m doing workshops and consulting to earn money for my Open Source passion. That may surprise some, but GitHub stars won't pay your rent.
We had next example of that last week. It all started with the finding of the Reddit user.
Moq is a .NET library used for mocking dependencies in unit tests. One of the most, or the most popular. Its author is a .NET Open Source veteran who still made a surprising and terrible move. He added malware into the recent version.
Well, almost, the author’s intentions as explained by the author in his blog article:
So the goal of SponsorLink is to connect in the most direct way possible your sponsorship with your library author’ sponsor account. And since the place where you spend most of the time enjoying your fellow developers’ open source projects is inside an IDE (i.e. Visual Studio or Rider), I figured that’s the first place where you should be reminded that either:
You are an awesome backer and the project is alive and well thanks to you.
You should not forget to take action now to become 1), given it’s incredible straightforward and affordable!
In practice, it was released as malware. The code was injected into the library, obfuscated and skimmed your git folders of the project for the email. Then it was sending the hashed email through the network to the tool and stores it in the cloud. Yes, also your corporate email. Without the consent. Obvious GDPR breach.
The author got a rage on GitHub and eventually removed the change but promised to bring it back after tweaking it.
Why am I doing the recap of such an issue?
Because, as Architects, we should not think it’s yet another Open Source shitstorm.
There are two sides to that: the OSS author's move was terrible, and there’s no defence for doing it. Yet, it’s a general sustainability issue in the OSS world. This model is broken, and we have more signs like that of screaming into the void.
Do the exercise, and ask yourself:
What is your strategy if such a case happens for your most crucial library?
Do you have a dependency management and review strategy?
What are you doing to minimise the bus factor for your favourite libraries?
Don’t you have such strategies? You should. And the answer is not “I’ll not use OSS”.
Even the biggest tools are changing their licenses not to be eaten by big corporations. See the recent change by HashiCorp:
That’s also why I’m considering building an online course. When I asked people if they would like to pay for some dev tooling, they usually said they wouldn’t like to pay a license fee. For online courses? New MacBook? Huge screen? Sure.
Still, testing library author mocking their users can motivate them to stop overusing mocks in tests. Check more on how to do it:
Jokes aside, mocks can also be used correctly. Even as a design tool. See:
Yes, you can also use code as a design tool. We’re already familiar with the concept of Infrastructure as Code. Why not Architecture as Code?
My take on that is our tooling is not yet there, but seeing nice stuff, you can do with tools like Structurizr, I hope that step by step, we’ll reach the face where our source code will be the real source of truth. Not an excuse we’re doing when complaining about Confluence and another tooling for communication with the business.
Multi-tenancy is one of the most common architecture cases and one of the hardest. Nowadays, when Software as a Service is one of the most popular ways of distributing software, it’s even more critical. We must balance the cost and guarantees we want for consumer data.
We often talk about data isolation and ease of deployment, but too rarely, we speak about performance isolation. Luckily Cloudflare wrote a great case study on that topic. Read more:
Speaking about case studies, last week, I talked about the release of the Stack Overflow AI tool. I was wondering about how they approach it and what’s their strategy. Now, Stack Overflow shared a bit of that. It’s a nice description showing the battle between the optimisation for users and automation:
The battle is uneven, and companies do not always optimise for users good. See what CNET just did:
Europe is lagging in chipset production. And that’s kind of me, that I wrote it like that. Interestingly arm is a company originating in England. They’re designing the processors for others and selling know-how but not creating chips. Those are created mostly in Taiwan and the United States. Europe doesn’t have any big producers.
Germany decided to change that and subsidise chipsets factories, both for Intel and Taiwan companies:
The move is, of course, controversial. They’re making a big bargain from the German people's taxes for both companies. Plus, they’re not investing in their own companies to build know-how etc. However, it’s also a pragmatic move and can be a decent first step.
Especially keeping in mind how unstable the situation is in Asia and Taiwan. Having factories located in their country can make alternatives in case of conflict. And the last part is important, as I think the next bigger multinational conflict will be around silicon and processors.
I hope that I’m wrong here.
Check also other links!
p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it!
p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross.