Posts

Observability Done Right: Best Practices and Anti-Patterns for Effective System Monitoring

Image
  WHAT Observability is a concept that refers to the ability to gain insights into the behavior and performance of complex systems. In the context of software engineering, observability involves the collection, analysis, and visualization of data from software applications, infrastructure, and other components of a system. In the animal kingdom, observability plays a critical role in survival, allowing animals to monitor their surroundings, detect threats, and find food. Dolphins use echolocation to observe their surroundings. They emit high-frequency sounds that bounce off objects, allowing them to create a 3D map of their environment. Thanks for reading Knowledge Cafe! Subscribe for free to receive new posts and support my work. Subscribed WHY In today's era, architectures are becoming increasingly large, complex, and fast-paced due to the faster development and deployment of software by distributed teams with the help of DevOps, continuous delivery, and agile development methodo...

Object-Oriented Design and Functional Decomposition: A Look at Two Software Design Methodologies

Image
  Object-oriented design Object-oriented design is a software design approach that is based on the concept of “objects”, which represent data and the functions that operate on that data. In an object-oriented system, objects are created from templates called “classes”, which define the properties and behaviors of objects. Objects can interact with one another through the use of methods, which are functions associated with a particular object. The steps involved in object-oriented design are as follows: Identify the problem to be solved Identify the objects in the system Define the relationships between objects Define the interface for each object Document the design Sample Object Oriented design of Library Management System. Library Management System OO Design Functional Decomposition Design Functional decomposition is a design methodology that involves breaking a system down into smaller, more manageable components or functions based on the ways in which they contribute to the ove...

Comparing gRPC and REST: A Look at Two Popular API Design Approaches

Image
  REST (Representational State Transfer) is a way to design APIs that is based on the principles of the World Wide Web. REST APIs use the HTTP protocol for communication and are designed to be simple, stable, and uniform. They use URLs that are passed out by the server and do not require clients to construct URLs from other information. REST APIs are characterised by their use of HTTP methods (such as GET, POST, PUT, DELETE) to manipulate resources and by their use of HTTP status codes to indicate the success or failure of requests. gRPC is another way to design APIs that uses HTTP/2 for communication. It is based on the Remote Procedure Call (RPC) model and uses code-generated stubs to make it easier for clients to use the API. What are advantages of gRPC over rest API? Performance : gRPC uses a binary format for data serialization, which is more efficient than the text-based format used by REST. This makes gRPC faster and more suitable for use in high-performance environments. Bi...

gRPC or REST: Choosing the Right API Design for Your Needs

Image
  There are several advantages of gRPC over REST APIs: Performance: gRPC uses a binary format for data serialization, which is more efficient than the text-based format used by REST. This makes gRPC faster and more suitable for use in high-performance environments. Bi-directional streaming: gRPC allows for bi-directional streaming of data, which means that both the client and the server can send streams of data to each other. This is not possible with REST, which is only able to send data in one direction (from the client to the server). Interoperability: gRPC supports multiple programming languages, so it is easier to create cross-language APIs. REST APIs are limited to the capabilities of the HTTP protocol, which may not be sufficient for certain use cases. Simplicity: gRPC uses a simple HTTP/2 protocol and provides code-generated stubs to make it easier for clients to use the API. In contrast, REST APIs require clients to construct URLs and understand the format of the URLs in o...

App Security | OWASP 2021- New Entries

Image
  What is OWASP? OWASP (Open Web Application Security Project) is an international non-profit organization dedicated to improving software security through open source initiatives and community education. OWASP Supports the building of impactful projects, Develops & nurtures communities through events and chapter meetings worldwide and Provides educational publications & resources What is OWASP top 10? The OWASP Top 10 is a regularly-updated report outlining security concerns for web application security, focusing on the 10 most critical risks. read more in detail at official site:  https://owasp.org/Top10/ Which are new entry in 2021 list of top 10 1. Insecure design: “insecure design” are those vulnerabilities that exist due to lack of security implementation in an application at the time of development. When security best practices are not considered during application design phase it might result in this vulnerability. Secure design of an application contains the e...

Chaos Engineering | Type of Attacks

Image
  Today’s advance distributed software systems must be tested for potential weaknesses and faults. Chaos engineering is the process of testing a distributed computing system to ensure that it can tolerate unexpected disruptions. It relies on concepts underlying chaos theory, which focus on random and unpredictable behavior. If you are interested in knowing more about Chaos Engineering and History please refer this article from Gremlin  In this article we will discuss about various categories of attack and some usecases.  Resource Attack Generate load across CPU, Memory and Storage devices Help in preparation for sudden load change, validating auto scaling, test monitoring and alerting config. Its like preparing our system for Black Friday sale in advance.  CPU Attack CPU attack sends heavy traffic on system which can help to identify stability and performance undrer stress. We can also validate auto scaling and alerting mechanism.  Memory Attack Memory leak is t...

Chaos Engineering : Game Day

Image
  What is chaos engineering: Chaos engineering is a methodology that helps developers attain consistent reliability by hardening distributed services against failures in production. Another way to think about chaos engineering is that it's about embracing the inherent chaos in complex systems and, through experimentation, growing confidence in your solution's ability to handle it. A common way to introduce chaos is to deliberately inject faults that cause system components to fail. The goal is to observe, monitor, respond to, and improve your system's reliability under adverse circumstances. Why Chaos Engineering? Contrary to what the name may indicate, chaos events are not performed in a chaotic fashion. The goal of chaos engineering is to identify weakness in a system through controlled experiments that introduce random and unpredictable behavior. A main benefit of chaos engineering is that organizations can use it to identify vulnerabilities before a hacker does or befor...

Container Patterns

Image
  Why we need Container Patterns: Due to popularity of microservices and distributed computing, containerization has become a major trend in software development.  It involves encapsulating or packaging software code and all its dependencies so that it can run uniformly and consistently on any infrastructure.  In distributed architecture which consists of many microservices, we want our microservices business focused and keep non functional aspects like security, service discovery, proxy, logging and platform configuration etc out of our microservices code, container patterns evolved.  There are 2 popular patterns: Sidecar Ambassadors Sidecar pattern:  In this pattern, we schedule a workload on the same hosts which is intended for specific things that don’t concern your application. There are various use cases for sidecar patterns like request authentication/authorization, service discovery, adding HTTPS to legacy service.  Usecase : We will d...

Distributed Transactions in Microservices

Image
  What is a distributed transaction? Microservices architecture has been very popular architecture pattern in recent time. However, one common problem is how to manage distributed transactions across multiple microservices.  When a microservice architecture decomposes a monolithic system into self-encapsulated services, it can break transactions. This means a local transaction in the monolithic system is now distributed into multiple services that will be called in a sequence. Lets try to understand this concept with hypothetical train ticket booking system. Consider below ticket booking monolith application.  In the train ticket booking example above, if a actor sends a book ticket action to a monolithic system, the system will create a  local database transaction that works over multiple database tables (account table, booking table). If any step fails, the transaction can roll back and data consistency is guaranteed by database's ACID (Atomicity, Consistency, Isol...