Architecture Weekly #161 - 8th January 2024
Welcome to the new week!
Not all issues are complex; some are "just" complicated. I noticed the funny thing: we too often feel more comfortable solving complex tasks than complicated ones.
We counterintuitively think: "Well, we just need to do research, then select a solution and solve it". Too often, that's our self-defence. We're tricking ourselves by postponing the issue. It's easier to justify our efforts in research than lag on known unknowns.
Let's say that we have two tasks to choose from. One is complex, and the other is complicated. They both have a similar business value. Shouldn't we choose the one with known unknowns?
I discussed that in my recent article and showed how to deal with complicated tasks systematically. I explained the real, dirty, complicated task I had to solve in Marten.
I started it with a brief intro to the Cynefin framework. It’s not a technology but a decision-making framework. It helps categorise our issues and decide how to tackle them. Check also more from its author, Dave Snowden:
The other intriguing tool for designing, and modeling systems is TLA+:
TLA+ is a high-level language for modeling programs and systems--especially concurrent and distributed ones. It's based on the idea that the best way to describe things precisely is with simple mathematics. TLA+ and its tools are useful for eliminating fundamental design errors, which are hard to find and expensive to correct in code.
Leslie Lamport, its author, said a famous phrase:
A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.
And that’s what TLA+ is about a way to describe our systems and find the path for our program to work as expected. We focus on finding steps that have to happen for our system to succeed. Thanks to that, we’re reducing the noise of all the unexpected scenarios that may happen.
Read more in the latest version of his book, available for free:
Check also the talk by Scott Wlaschin, where he introduces Property-based Testing. It’s a much different level than TLA+, more on the techniques rather than strategies, but still, a useful technique for finding scenarios that we didn’t even know existed.
Speaking about the failures that one cannot easily predict. One of the weirdest failure scenarios happened for the Polish trains. Finally, we also have the full coverage in English to share with you.
The issue started in April 2022 when SPS company started servicing Polish Railway trains manufactured by their competitor, Newag. They could not start them and hired hackers to investigate the cause. Then, the same happened for other companies trying to service Newag trains. Newag responded with the accusation of trying to cheat and hack through the systems, blaming service companies and threatening to send that to the National Polish Security Department.
Hackers hired by SPS managed to unlock trains. Long story short, it appeared that the issue was DRM being installed by Newag. From 404 Media coverage:
The trains were designed to break if they sat idle for 21 days or if a GPS detected them at independent repair centers or competitors’ rail yards. Perhaps most interestingly, one of the analyzed trains had code in it that was supposed to artificially lock the train’s compressor on the seemingly arbitrary date of December 21; a NewAg train then actually had a compressor malfunction on December 21.
Read more in:
and watch the talk that hackers gave at the conference explaining the details:
It’s an interesting story showing what we’ll see more. I already linked some time ago:
You can own the train, the car, whatever, but you may not be able to use it because of software. Or you may be just using only some capabilities out of it. Especially if that’s not said explicitly parked as a hidden feature that can cause the crash, it becomes highly disputable.
Adding generative AI into the game, it sounds like our ownership rights are incompatible with the current technical world. Or maybe they are, and it’s just misbehaviour of the manufacturers, as neither hackers not competition has been sued yet…
Speaking about security and AI, I linked a few recent spectacular security failures from Microsoft:
Guess what’s the answer to that? AI! Who knew?
I’m unsure if that’s just cynical marketing or just buying time from customers. I don’t think impacted customers will buy such a solution, as that would look like extinguishing the fire by pouring gasoline. To me, it looks like trying to show that “hey we’re doing something!” for not impacting people.
Don’t get me wrong, using Machine Learning as a tool for security static analysis is a good move, but it’s not a solution per se to the nature of MS's issues. Can we please stop trying to cheat ourselves with AI for the Win! as an answer for everything?
Switching to a totally different topic.
I’ve got two good articles about frontend architecture, one comes from Jake Lazaroff.
He described why he believes that Website vs Web App is an oversimplification of what we have nowadays on frontend; he suggested a more nuanced breakdown:
Then he had a look and did a thorough analysis of things in-between and why having such discussion is important ending it with:
The website vs. web app dichotomy doesn’t exist. But I don’t think any one way of building websites is going to swallow all the rest. If there’s one takeaway from all this, it’s that the web is a flexible medium where any number of technologies can be combined in all sorts of interesting ways.
The other material comes from Steve Sanderson, and it’s his take on where the web tech is going.
He’s a web tools veteran. If you didn’t watch, you can start with his other talk:
It describes how we got where we are, and now we have the predictions. Not surprisingly, as Steve is working on Blazor, he believes that the future is WebAssembly. I’m not convinced that it as the future of the web, but it’s indeed an intriguing technology. I see it as more useful for the backend, but we’ll see. Still, knowing Steve's perspective is always enlightening. I love that he’s building incredible stuff, talking about it like he just made a ham sandwich.
Check also other links!
p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it!
p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross.