Architecture

• How to drive your architecture decisions with a simple framework
• Getting the Basics - Software Architecture Introduction
  • https://www.youtube.com/watch?v=8UlLgOf20Ho
  • Functional requirements: What should the system do?
  • Non-functional requirements: How should the system behave? (Functionality, Usability, Reliability, Efficiency, Maintainability, Scalability, Portability)
  • Restrictions (Legal Compliance, Cost, Standards, Talent Hiring, Time to Market)
  • Book - Software Architecture Patterns (O’Reilly)
• The Architect’s Blueprint - Understanding Software Styles and Patterns with Cheatsheet
  • 

API Link to heading

• https://jsonapi.org/

REST Link to heading

• How Did REST Come To Mean The Opposite of REST?
• REST APIs must be hypertext-driven

Clean Architectures in Python Link to heading

• https://www.youtube.com/watch?v=C7MRkqP5NRI
• by Leonardo Giordani - https://thedigitalcatonline.com
• Archicture is about

  Firmitas, Utilitas, Venustas (Durability, Utility, Beauty)

  Vitruvius, De architecture, 15 BC

• Books suggestions
  • Object Oriented Software Engineering: A Use-Case Driven Approach - Ivar Jacobson
  • Design Patterns - E. Gamma, R. Helm, R. Johnson, J. Vlissides
  • Design Principles and Design Patterns - Robert Martin
  • Domain-Driven Design: Tackling Complexity in the Heart of Software - Eric Evans
  • Enterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions - H. Hohpe, B. Woolf
  • Clean Architecture in Python - Leonardo Giordani - bit.ly/getpycabook

The Clean Architecture Link to heading

• A layered approach for a more civilized age
• “Your component can see only what is being defined in the inner layer”
• “The problem of unclean systems is dependent components”
• The golden rule: Talk inward with simple structures, talk outwards through interfaces.
• Pros
  • Testability - be able to test only the business logic

Django Architecture Link to heading

• Mentioned unclean patterns

  • ORM that couples with Relational Databases - that’s true

  • Models are aware/connected to the database (can be saved/retrieved natively) - partially true

    When you test your Django application, you need the database. It’s possible to test without the database, but you are sort of fighting against the framework.

  • “You usually implement your business logic in views” - That’s not true. You can do it in every frameworks. But you should avoid in all, including Django.

Event-driven Link to heading

• https://serverlessland.com/event-driven-architecture/visuals - Diagrams about event-driven architectures

Monoliths Link to heading

• How to recover from microservices
• The Majestic Monolith
• Scaling up the Prime Video audio/video monitoring service and reducing costs by 90%
  • Amazon Prime Video’s Microservices Move Doesn’t Lead to a Monolith after All
• Stack Overflow Architecture
• What Powers Instagram: Hundreds of Instances, Dozens of Technologies

Security Link to heading

Basic Auth Link to heading

API Key Link to heading

• On API Keys Best Practices
• Pros
  • Generated by the API - avoids poor passwords.
  • Only the API can know the user a key belongs to.
  • Doesn’t leak the user password.
  • Can have different privileges.
• Best practices
  • Need to be rotated regularly - commonly required by operation control frameworks, such as SOC 2, HIPAA, or ISO 27001.
  • Allow multiple API keys, if the user wants to rotate its API Key without downtime.
  • Key expiration - enable the user to set an expiration.
  • Encrypt when storing in the database in a way that is not decryptable (hash).

Cryptography Link to heading

• Timing Attacks
  • Given a system that checks an encrypted value. The attacker measures the time to respond to a request. The longer it takes, the closer to breaking the encryption the attacker is.
  • Python - use secrets.compare_digest, which uses a constant-time compare to reduce the risk.
  • A Lesson In Timing Attacks (or, Don’t use MessageDigest.isEquals)

    A value which shares no bytes in common with the secret digest will return immediately; a value which shares the first 15 bytes will return 15 compares later.

OAuth2 Link to heading

OIDC Link to heading

Transport Security Link to heading

• mTLS
• Stunnel
• VPN

Software Development Hour: From Developer to Architect with Nathaniel Schutta Link to heading

• O’Reilly
• Hosted by Sam Newman
• Differences between Engineer and Architect
  • Need to know more about company politics
  • Have to be more proactive - you need to go to the work
  • More autonomy and accountability
  • Architect needs to deal more with people
  • It’s more common to work on PoCs than day-to-day coding
• Tips
  • Try to remove obstacles before it happens
  • Make sure people understand your job/value
  • Focus on skills that last (example: communication, influence)
  • You will need to influence - get people to do what you want by making them think it’s his idea
  • You will not know all answers, but you need to know how research and who ask
  • You have a limited social capital (influence currency) - You need to choose your battles.
• How to bring global context to your local team? Help the team to see the big picture.
  • Translate the message (security, performance, etc) for the particular audience. Business will not care about tech.
  • Maintenance - “Did you go to an airplane that didn’t have maintenance for months/years?
• Book - How to win friend and influence people - It will help in your architecture role.