Architecture Weekly #180 - 20th May 2024
Welcome to the new week!
It’s been a while since the first edition of Papers We Love. In the first one, we tackled Sagas by Hector Garcia-Molina and Kenneth Salem.
Now, we’ll tackle something less techy; we’ll go with socio-technical, and what better reference to do it than the famous article Mel Conway wrote when he introduced his law?
In the next webinar, we’ll read the whole paper. Incredibly, this became like a gravity law. It always works, for better or worse. We’ll have the chance to discuss our experience and past challenges facing this hard law. I count on you that you join and add your feedback, and we’ll have an intriguing discussion!
The webinar will happen on Thursday, May 23rd, at 6 PM CEST (UTC+2) and last 1-1.5h depending on the number of discussions.
Become a paid subscriber and join us live!
Everyone likes to talk about best practices. I went the other way around and gathered all the worst practices on how to build the worst Event Sourcing system. Was it easy?
It was not, as building the worst Event Sourcing system, we cannot cheat and just go with Event Streaming rebranding the name. What to do next?
Check the recording of my talk at NDC London, where I told the story of the project Franz: the Worst Event Sourcing System.
Jokes aside. Event Sourcing is perceived as a complex pattern that’s challenging to learn. In fact, it's pretty simple, but the common misconception and the way it's taught may lead to such a conclusion. By going through the worst ideas, I wanted to show the essence of Event Sourcing.
That was probably the hardest talk I gave so far from the presenting technique. The narrative has a few twists, so feedback is more than welcome!
Also, if you’d like to build your Event-Driven systems correctly, I’m happy to provide training or consulting. Contact me, and we’ll find a way for you!
Profiles are one of the most underrated Docker Compose features. They enable keeping multiple configurations in the same file and running a subset of images.
That means you can run a subset of containers. For instance, if you’re working on Frontend, you can run only backend services and the other way around.
In my latest article, I described in practice both how to do it and why you should. I backed that up with the recent refactoring of my samples.
Are you using them?
Learning about features is not always a pleasant experience; Maciej Pocwierz learned about it the hard way. He got a big bill from AWS for spending on unauthorised requests to his S3 bucket.
But why would some third parties bombard my S3 bucket with unauthorised requests?
Was it some kind of DDoS-like attack against my account? Against AWS? As it turns out, one of the popular open-source tools had a default configuration to store their backups in S3. And, as a placeholder for a bucket name, they used… the same name that I used for my bucket. This meant that every deployment of this tool with default configuration values attempted to store its backups in my S3 bucket!
After contacting AWS, he got his bill cancelled but “emphasized that this was done as an exception”. Sounds like there’s no better way to have some long-term fix than public shaming… This article went pretty wide, as the scenario was really surprising, that you may be paid for DDoS even if you secured your bucket etc.
A week ago, AWS announced that Amazon S3 will no longer charge for several HTTP error codes, including Access Denied, which Maciej faced. Cool.
UniSuper (a $135 billion pension account) wasn’t so lucky with the Google Cloud disaster. The whole account, including backups, was removed, and it took them almost two weeks to get full restoration. That wouldn’t have been possible without the double-backup storage. They also kept backups in other locations than Google Cloud.
The reason is still unknown; Google Cloud still didn’t provide more details publicly than information from their CEO:
Google Cloud CEO, Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription.
This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally. This should not have happened. Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again.
I’ll try to keep an eye on that and provide you with more details if the post-mortem is released. Read the full coverage from ArsTechnica:
James Shore released his online course “Testing Without Mocks” for free. It’s a great opportunity to learn more about his A-Frame architecture. I’m definitely planning to go through it soon (if I survive busy May!).
If you’re looking for a thorough and practical case study on how to make PostgreSQL faster, then check this article:
It nicely goes through an analysis of why queries are slow, how to approach query plans, and how to find and validate improved solutions.
I really believe that big things are built from small pieces. Atomic Habits is one of the rare non-fiction books that I recommend to others. Some time ago, I explained how that can also be applied to the software architecture. I’m happy that others also have a similar perspective.
Check Nathan Silnitsky's talk, where he’s showing his way on how atomic habits can help go in your journey:
One of the good habits is testing and ensuring that your work won’t contract with other systems and teams. Contract testing is not always easy, but we can benefit from simpler approaches like Snapshot testing. We’re snapshotting the final state. When we provide the new version of the implementation, we can verify the new output with the new one. In .NET, there’s a great tool, Verify made by Simon Cropp that enables such tests, check two materials on it:
I’ll also soon have more materials on compatibility testing. You can already check this PR or that one, but stay tuned for the write-up.
Have also a look at Hillel Wayne’s thoughts on integration testing
Check also other links!
Cheers
Oskar
p.s. I invite you to join the paid version of Architecture Weekly. It already contains the exclusive Discord channel for subscribers (and my GitHub sponsors), monthly webinars, etc. It is a vibrant space for knowledge sharing. Don’t wait to be a part of it!
p.s.2. Ukraine is still under brutal Russian invasion. A lot of Ukrainian people are hurt, without shelter and need help. You can help in various ways, for instance, directly helping refugees, spreading awareness, and putting pressure on your local government or companies. You can also support Ukraine by donating, e.g. to the Ukraine humanitarian organisation, Ambulances for Ukraine or Red Cross.
Architecture
📺 Oskar Dudycz - Let's build the worst Event Sourcing system!
ArsTechnica - “Unprecedented” Google Cloud event wipes out customer account and its backups
📺 Tech Leaders Launchpad - How to Stay Adaptable as a Startup CTO with Chris Simon
Uptime - Building sustainable software architectures using residuality theory
James Shore - Free Self-Guided “Testing Without Mocks” Training
DevOps
Oskar Dudycz - Docker Compose Profiles, one the most useful and underrated features
Maciej Pocwierz - How an empty S3 bucket can make your AWS bill explode
AWS - Amazon S3 will no longer charge for several HTTP error codes
Marc Campbell - Understanding how uid and gid work in Docker containers
GitHub - dependabot-core is now open source with an MIT license
Databases
Testing
AI
Reuters - OpenAI strikes deal to bring Reddit content to ChatGPT
Slack - How Slack protects your data when using machine learning and AI
The NewYork Times - What Do You Do When A.I. Takes Your Voice?
AWS
Java
JVM
.NET
Microsoft - .NET 7 will reach End of Support on May 14, 2024
📺 Aaron Stannard - Make Illegal States Unrepresentable - N+1 and Arithmetic Errors
Martin Thwaites - Trace Propagation and Public API Endpoints in .NET – Part 1 (Disable All)