Building Async and Cloud Native organizations - Issue #5

Welcome to my weekly newsletter! Every week, I bring you the latest news, updates, and resources from the world of computing. We're so glad you've decided to join us, and I can't wait to share my insights and expertise with you.

In this newsletter, you'll find a curated selection of articles, tutorials, and other resources that I think will be useful and interesting to you. I cover a wide range of topics, from APIs to coding and architectures, and I am always on the lookout for the latest trends and developments in the field.

I hope you'll find this newsletter to be a valuable resource, and I welcome your feedback and suggestions. If there's something you'd like to see more of, or if you have any questions or comments, please don't hesitate to reach out to me.

Thank you for joining us, and happy reading!

REST and APIs

In the Netherlands we have a political party which recently launched their own mobile app. Unfortunately everybody was able to read the personal information from anybody else by just iterating over numbers. They might had some benefit if they went through this article:

A number of high-profile API breaches involved broken access control. Here's how to solve broken access control and improve API security.

Nothing is so complicated and spoken about as versioning an API. There are groups that want to use path versioning, or go to querystring. Recently had a similar discussion and Mark Seemann has an interesting take on this issue:

If you're building REST APIs, you will eventually have to deal with Content Negotiation.

Using API keys to secure your endpoints? Zuplo provides some great tips on how to share, store and use these keys from a provider point of view:

In this guide we share the best practices for API Key Management, including api key authentication, api key security, design tradeoffs, and technical implementation details.

Coding

I saw this interesting example of C# pattern matching. Nothing particular new, but it shows the simplicity of handling, for example commands, using pattern matching:

Working with external services and need a way to stub them away? This open source tool helps you with that:

HttPlaceholder - Quickly stub away any HTTP service using configuration in YAML

GitHub

Although not explicit to GitHub, it contains an interesting experiment regarding the cost of hardware in relation to developer productivity:

How much does it really cost to buy more powerful cloud compute resources for development work? A lot less than you think.

Have you used Copilot yet? It helps you with your development tasks by making intelligent suggestions. You could already get a personal license, but now it is also available for businesses.

GitHub Copilot for Business is officially here with simple license management, organization-wide policy controls, and industry-leading privacy—all for $19 USD per user per month.

Computing

You might know Goodhart's law: 'when a measure becomes a target, it ceases to be a good measure', but what if you measure too strongly:

Increased efficiency can sometimes, counterintuitively, lead to worse outcomes. This is true almost everywhere. We will name this phenomenon the strong version of Goodhart's law. As one example, more efficient centralized tracking of student progress by standardized testing seems like such a good idea that well-intentioned laws mandate it. However, testing also incentivizes schools to focus more on teaching students to test well, and less on teaching broadly useful skills. As a result, it can cause overall educational outcomes to become worse. Similar examples abound, in politics, economics, health, science, and many other fields.

Open cultures can be great, but do have a dark side too, though. Openness doesn’t come for free, and without structure to enable participation, a culture that calls itself “open” can easily evolve to increase the feelings of exclusion it was trying to avoid. Elizabeth dives into this subject and has some great resources as well.

If you’re lucky, you’ve worked in a job with respectful people who share information openly and habitually bring different perspectives together for big decisions (if you haven’t, yes these do…

The DORA metrics are some interesting metrics to keep track of (although be aware of Goodhart's law). Learn from Sam on how to keep track of them:

Two years ago, I started a hack to understand DORA metrics on a deeper level, creating a DevOps Metrics project on GitHub. The original plan was to build a tool that could capture and analyze data from GitHub and Azure DevOps - my two primary DevOps tools at the time. In the years that have…

Interesting video from Steve Pereira regarding flow engineering:

Helpers

Glob patterns are commonly used in various contexts to match sets of files or strings based on wildcard characters, like as being used in gitignore files. Testing them can be hard, so the globster.xyz can be a solution:

Globster is an online tool for testing and visualizing results of glob patterns matching.

Computer Laws

"A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable."

- Leslie Lamport

I hope you've enjoyed this week's issue of my newsletter. If you found it useful, I invite you to share it with your friends and colleagues. And if you're not already a subscriber, be sure to sign up to receive future issues.

Next week, I'll be back with more articles, tutorials, and resources to help you stay up-to-date on the latest developments in coding and architecture. In the meantime, keep learning and growing, and happy coding!

Best regards, Michiel

Note: you are currently subscribed using the Revue service, which unfortunately will be shutdown soon by Twitter. The next newsletter will most likely come from another service.

Join the conversation

or to participate.