Architecture Weekly Issue #39. Articles, books, and playlists on architecture and related topics. Split by sections, highlighted with complexity: 🀟 means hardcore, πŸ‘·β€β™‚οΈ is technically applicable right away,  🍼 - is an introduction to the topic or an overview. Now in telegram as well.


It's already been 235 days since Russia's crazy, brutal, and unjustified war against Ukraine. We condemn this war and want it to stop ASAP. We continue this newsletter so you can advance your skill and help the millions of Ukrainian people in any way possible.


A Video version of this issue is available on YouTube. Subscribe!

Verifying distributed systems with Isabelle 🀟

Distributed systems are hard to reason about due to the fact that the combined count of inputs and situations is enormous. However, we can go with the approach of formal verification: given the model of the system, we can try to prove mathematically the correctness of the system's behaviour. Martin Kleppmann wrote a blog post about how it can possibly work with Isabelle. High School algebra inside!

Verifying distributed systems with Isabelle/HOL, by Martin Kleppmann

#distributedsystems #formalverification #kleppmann

Shift Left Approach for API Standardization πŸ‘·β€β™‚οΈ

We hear "shift left" left, right and center. It usually touches security and another NFR testing. But we can also shift API standardization left as well! When we design APIs across a large organization, it is beneficial for both producer and consumer parties to have a common style guide. Find more details on the problem inside the article, which also provides the set of tools to automate API validation.

Shift Left Approach for API Standardization
Descriptions about API standardization using common tools like OpenAPI and Zally, to simplify re-use across microservices between teams. Reviews against best practices such as an API stylebook and guidelines from Microsoft and Google.

#api #shiftleft

Bottlenecks of Scaleups #03: Product vs Engineering 🍼

During last year one of my biggest struggles was to change the culture of an IT organization from "product managers are doing business and order the features from engineering" to "we all work together to deliver value". Such problems cause significant hiccups during software development. Part of the architect's job is to resolve such problems, even when they are more communicational and cultural rather than technical. Find a post in Martin Fowler's blog.

Bottleneck #03: Product v Engineering
Friction Between Product and Engineering; Lack of trust and collaboration slowing down product growth


The State of AWS Security by Datadog 🍼

Datadog published their analysis of AWS Security Report. They came up with important signals to secure your AWS accounts. Firstly, minimize the usage of the root account. Then make sure to revoke the users' credentials which are no longer used. Don't forget to analyze your source code for including credentials. And lastly switch the EC2 instances to use Instance Metadata Service version 2, if you don't want to end up hacked like Capital One.

The State of AWS Security
We analyzed trends in the implementation of security best practices and took a closer look at various types of misconfigurations that contribute to the most common causes of security breaches.

#cloud #security #aws

The Hacker's Guide to Kubernetes Security by Patrycja Wegrzynowicz πŸ‘·β€β™‚οΈ

Devoxx 2022 published the recordings of the talks, and I include the one regarding Kubernetes Security. Patrycja covers the OWASP Top 10 K8s vulnerabilities and makes some impressive demos of hacking a cluster using the said vulnerabilities. Great talk which I watched on the 1,5 speed though :)

#security #k8s #kubernetes

Declarative UIs with Kotlin MultiPlatform Series πŸ‘·β€β™‚οΈ

Mobile Development changed a lot during last couple of years. Flutter became more or less mainstream, Kotlin graduated to a default language for Android, Jetpack Compose was released and last, but not least Kotlin Multiplatform emerged. All those technologies allow us to build several applications natively, but in a very fast manner by reusing major parts of architecture and business logic. Learn, how you can do that with the series by Daniele Baroncelli.

The future of apps:Declarative UIs with Kotlin MultiPlatform (D-KMP)β€Šβ€”β€Špart 1/3
A 3-part article explaining the new D-KMP architecture, based on DeclarativeUIs, Kotlin MultiPlatform and MVI pattern.

#mobile #kmp

Mastering the next level of architectural design πŸ‘·β€β™‚οΈ

Uwe shared another deck on modern architectural approaches. He goes through the history of ways we used to do architecture from going with a monolith straight away to "we don't need an architect" and back to the realization that the landscape became incredibly complex given the cloud and big data revolution, digital transformation, Mobile and IoT introduction and other factors. So simplicity, separation of concerns, thinking frugal and knowing the different approaches will help you much more than knowing a particular technology. Β 

Good abstractions are obvious but difficult to find 🍼

Designing a system requires a good functional separation as we just learned in the presentation above. This proves to be a difficult task in complex business. Gregor Hope, who's articles and talks we included several times wrote an inspiration article for architects where he explains the importance the good abstraction and how to come up with them.

Good abstractions are obvious but difficult to find, even in the cloud
Cloud automation using object-oriented languages gives us the power of abstraction. But those abstractions aren’t easy to come by.

#architecture #systemdesign

PostgreSQL 15 🍼

New version of PostgreSQL is announced with advancements in performance, developer experience and replication control. Without furder ado, checkout the release notes.

PostgreSQL 15 Released!
**October 13, 2022** - The PostgreSQL Global Development Group today announced the release of [PostgreSQL 15](, the latest version of …

#databases #releases

Resiliency in Distributed Systems πŸ‘·β€β™‚οΈ

Roberto Vitillo is the author of Understanding Distributed Systems book. The newsletter "The Pragmatic Engineer" includes two chapters from this book with the design patterns for downstream and upstream resilience in such systems. You will find Load Shedding, Rate Limiter, Single Point for Retries and others in that issue.

Resiliency in Distributed Systems
Two chapters from the book Understanding Distributed Systems by Roberto Vitillo


Like the newsletter? Consider helping to run it at Patreon or Boosty. Patrons and Boosty subscribers of a certain level also get access to a private Architecture Community. Big thanks to Nikita, Anatoly, Oleksandr, Dima, Pavel and Robert for already supporting the newsletter.