Architecture Weekly Issue #84. Articles, books, and playlists on architecture and related topics. Split by sections, highlighted with complexity: 🀟 means hardcore, πŸ‘·β€β™‚οΈ is technically applicable right away,  🍼 - is an introduction to the topic or an overview. Now in telegram as well.

WARNING πŸ‡ΊπŸ‡¦

It's already been a year and a half since Russia's crazy, brutal and unjustified war against Ukraine. We condemn this war and want it to stop ASAP. We continue this newsletter so you can advance your skill and help the millions of Ukrainian people in any way possible. If you want to help directly, visit this fund.

Big thanks to Nikita, Anatoly, Oleksandr, Dima, Pavel B, Pavel, Robert, Roman, Iyri, Andrey, Lidia, Vladimir, August, Roman, Egor, Roman, Evgeniy, Nadia, Daria and Dzmitry for supporting the newsletter. They receive early access to the articles, influence the content and participate in the closed group where we discuss the architecture problems. They also see my daily updates on all the things I am working on. Join them at Patreon or Boosty! Β 

Highlights

Building Meta's Threads App 🍼

Following the havoc at Twitter Meta decided to build it's competitor at the end of 2022. Greenfield is always a pleasure for engineers and a challenge at the same time. Gergely Orosz asked questions from the Threads app engineers how it went, how the app was built(spoiler: native mobile apps with Python backend) and how they prepared for the 1m users in 1 hour.

The post lacks some technical aspects like planning for db load covering it all under 'we reused Meta reliable infrastructure'. However, a takeaway - you can build such an app in 5 months, but only if you have the backend figured out and plenty of engineers with relevant experience.

Building Meta’s Threads App (Real-World Engineering Challenges)
The Threads app was downloaded by more than 100M people on launch week. So did the engineering team build the app, and handle an unexpectedly intense launch? Exclusive.
The Pragmatic EngineerGergely Orosz

#casestudy

How we built Pingora, the proxy that connects Cloudflare to the Internet πŸ‘·β€β™‚οΈ

Cloudflare recently announced Pingora, an advanced HTTP proxy developed in Rust. Replacing their previous infrastructure, NGINX, Pingora boasts significant performance improvements, consuming 70% less CPU and 67% less memory. This enhancement leads to faster response times and efficient connection management. With its developer-centric design, Pingora paves the way for future innovations, with Cloudflare hinting at plans to open-source it.

How we built Pingora, the proxy that connects Cloudflare to the Internet
Today we are excited to talk about Pingora, a new HTTP proxy we’ve built in-house using Rust that serves over 1 trillion requests a day
The Cloudflare BlogYuchen Wu

#api

Mitigating serverless cold starts through predicting computational resource demand  🀟

In a recent study, researchers introduced the Adaptive Serverless Invocation Predictor (ASIP), a groundbreaking tool designed to predict serverless function invocations based on real-time user distribution across web applications. The study's findings reveal that ASIP can significantly reduce average response times, showcasing its potential in enhancing serverless computing efficiency. However, the tool's success hinges on specific circumstances, including its design and methodology. The research also underscores the importance of web monitoring tools, like Google Analytics, in gathering essential traffic data for ASIP's functionality. While the study offers promising insights, it also acknowledges limitations related to the context, function invocation quantity, serverless platforms, and web application complexity.

#serverless #paper

Follow-Up

Event Storming, Black Magic or Real? 🍼

I already included several articles on Event Storming including my own. Here you will find another piece which demonstrate real world example of event storming with the details we were not talking before, but essential to the process: actors, systems, policies and other stuff.

Event Storming, Black Magic or Real?
Prelude
MediumAlex Dorand

#eventstorming #ddd

Message Translator Pattern πŸ‘·β€β™‚οΈ

Imagine you split your system into microservices around the bounded contexts. However, the DDD still requires ubiquitous language in each of the contexts. How do you translate entities from one to another? Meet the Message Translator pattern which can pass messages as is or translate into other entities. The pattern description inside.

Serverless Land
Your resource for learning serverless technology.

#patterns #serverless

Resilience and Observability as a scale bottleneck πŸ‘·β€β™‚οΈ

Martin Fowler's piece dives into the nitty-gritty of keeping things running smoothly as companies grow. As things get more complex, it's all about having systems that don't freak out when something goes wrong and tools that let you peek under the hood to see what's up. He chats about the difference between just regular monitoring and really getting what's happening inside the system. Plus, he gives a nod to the usual growing pains, like dealing with old tech and getting everyone on the same page. The takeaway? If you're scaling up, make sure your systems can take a hit and that you've got the right tools to see what's going on.

Bottleneck #05: Resilience and Observability
Service disruptions; production incidents reduce reputation and revenue
martinfowler.comPunit Lad

#scalability #resilience

A guide to observability at Birdie πŸ‘·β€β™‚οΈ

In this Medium post, the engineering team at Birdie shares their journey and insights into the world of observability. Observability, as they describe, is the ability to understand a system's internal state from its outputs, allowing engineers to ask questions about a running system, understand its behavior, and identify issues without changing the code. Birdie emphasizes the importance of both logging and tracing, highlighting the power of combining them for a deeper understanding of system interactions. They've adopted tools like OpenTelemetry SDK for collecting traces and Honeycomb for monitoring, which helps them visualize service performance and track error rates in real-time.

A guide to observability at Birdie
Should your observable (distributed) systems look like a bowl of cereals? Probably not. Read on to find out why.
Engineering at BirdieLorenzo Pieri - 404answernotfound

#observability

Building Kafka Event-Driven Applications with KafkaFlow πŸ‘·β€β™‚οΈ

Kafka for Event-Driven application is a standard de-facto, however the development can be cumbersome occasionaly due to necessity of graceful shutdown, serialization support and other. InfoQ features a post about KafkaFlow opensource project for .NET which simplifies it by offering useful abstractions. More details inside!

Building Kafka Event-Driven Applications with KafkaFlow
KafkaFlow, a .NET open-source project, simplifies Kafka-based event-driven app development with features like middleware for message processing, enhancing maintainability, customization potential, and allowing developers to prioritize business logic.
InfoQGuilherme Ferreira

#kafka #eventdriven

mTLS: When certificate authentication is done wrong. πŸ‘·β€β™‚οΈ

TLS is frequently used for server authentication, however it can be used both ways - thus the name of Mutual TLS. But are you sure the client certication check is implemented properly in your security solution, say KeyCloak? It appears it's not always the case. Michael Stepankin from the Github Blog shows how the freedom of interpretation of the TLS standard can lead to severe security vulnerabilities.

mTLS: When certificate authentication is done wrong
In this post, we’ll deep dive into some interesting attacks on mTLS authentication. We’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.
The GitHub BlogMichael Stepankin

#security

That's all for today folks! Next week I am on vacation, so see you in 2 weeks!