Architecture Weekly #57

Architecture Weekly Issue #57. Articles, books, and playlists on architecture and related topics. Split by sections, highlighted with complexity: 🤟 means hardcore, 👷‍♂️ is technically applicable right away,  🍼 - is an introduction to the topic or an overview. Now in telegram as well.

WARNING 🇺🇦

It's already been a year since Russia's crazy, brutal and unjustified war against Ukraine. We condemn this war and want it to stop ASAP. We continue this newsletter so you can advance your skill and help the millions of Ukrainian people in any way possible. If you want to help directly, visit this fund.

Highlights

Bitwarden design flaw 🤟

After LastPass breach, the alternatives left to the public are 1Password and Bitwarden. And looking at the latter, it is not perfect indeed. The problems include issues with low number of PBKDF2 - significantly lower than OWASP recommends - along with the fact that in case of the breach those iterations does not mean anything, as the attackers will try to decrypt the data right away, instead of guessing the master key hash. Are there any products without that problem? How to design that properly? Find in the article!  

Bitwarden design flaw: Server side iterations
Bitwarden is a hot candidate for a LastPass replacement. Looking into how they encrypt data, it doesn’t do things that much better however.

#security

Architecture Modernization Teams 🍼

The software architecture is not wine by no stretch of the imagination: it only becomes worse with time. Although organization typically recognize it, they still struggle with modernization of solutions architecture. One of the ways to resolve this struggle is a creation of an Enabling team for architecture modernization. The goals of this team includes upskilling the people, keeping the architecture momentum and facilitation of better design. Grab a long read on when to introduce AMET, how it's work looks like when you don't need that team anymore.

Architecture Modernization Enabling Teams (AMET)
This article describes a pattern we have observed and applied in multi-team-scope architecture modernization initiatives…

#architecture #strategy

Fixing Go's Linker: ARM64, DWARF and linker internals 🤟

I know, not really an architecture topic, but exciting read. So Uber's team discovered they can't debug the Golang binaries for ARM64, while the AMD64 binaries are debuggable perfectly fine. So they decided to figure out what is the issue. They discovered that due to the usage of a smaller type for function references, the linked inserts additional jumps making the functions external; thus breaking the adding of the debug symbols. The fix is a one-liner; but the journey!...

Fixing Go’s Linker: An Unexpected Journey into ARM64, DWARF, and Linker Internals
We encountered an unusual problem recently at Uber with Golang™ debugging, as our engineers began transitioning to Apple® Silicon hardware, which uses the ARM64 Instruction Set Architecture (ISA), rather than the x86/AMD64 ISA many of us have been using for many years now. This required some rather…

#go #compiler #investigation

Follow-Up

Multitask learning at LinkedIn 👷‍♂️

When you have several learning tasks that are somehow similar, it makes sense to leverage multitask learning to increase performance and quality of learning. However, with such an approach new difficulties emerge like a different set of features for tasks, different input datasets etc. LinkedIn shared a post explaining how they handle those issues with their multitask learning framework.

Applying multitask learning to AI models at LinkedIn
Co-authors: Ji Yan, Sen Zhou, Dansong Zhang, Anastasiya Karpovich

#ml

Types of CQRS 👷‍♂️

When you learn about CQRS, you typically think binary: either you have one, or you don't. Vladimir Khorikov reasons about CQRS in a gradual manner: you can indeed have no CQRS, but then you can have stage 1, 2 and three. Read the article to know the difference and when you need to apply a particular stage.

Types of CQRS
CQRS is a pretty defined concept. Often, people say that you either follow CQRS or not, meaning that it is some kind of a binary choice. In this article, I’d like to show that there is some wriggle room in this notion and how different types of CQRS can look like. Type 0: no CQRS With this type, yo…

#cqrs #patterns #architecture

Scalable Annotation Service at Netflix  👷‍♂️

Netflix wanted to store the annotations - some metadata - for any objects of theirs: from whole movies to particular timeframes. They wanted to do that in a unified, performant and scalable fashion. So they created Marken. Read how they employed Cassandra and ElasticSearch to accomplish the goal.

Scalable Annotation Service — Marken
In Marken (Scalable Annotation Service at Netflix), an annotation is a piece of metadata which can be attached to an object from any domain.

#netflix #microservices #architecture #casestudy

Consumer IoT Device Cybersecurity Standards and Policies 🍼

As you know, "S" in IoT stands for Security. That's why it is so mandatory to bring some clarity to the field and introduce some standardization. Please find a report on the policies, certifications and standartization procedures in different parts of the Globe in IoT field.

#security #iot

Software Build Systems 🍼

This week I took an interview with Artem Zinnatullin about Software Build Systems. We discussed what you should expect from a good build system - performance, scalability, learning curve - and what you, as an architect of a software architect, should know about them. We also covered the evolution of build systems from Ant to Bazel and speculated about their future.

#interview #video #buildsystem

ChatGPT is a Blurry JPEG of the Web 🍼

Did you know that Xerox copying machines are not doing the direct copy? Instead they scan the document, analyze it, compress and then decompress for printing. ChatGPT is simingly doing the same - analyzing and compressing the data from the web and giving us it's own - and blurry - image of the web. But what we prefer better?

ChatGPT Is a Blurry JPEG of the Web
OpenAI’s chatbot offers paraphrases, whereas Google offers quotes. Which do we prefer?

#ai