Interesting. My perspective is that a strong, small team building a monolith has to think of constraints and design for them, and the microservices teams make choices in the local instead of the global maximum, which reduces cohesion and incurs communication costs. I would think that carving out a service from a monolith would be easier than the reverse direction, although maybe you’re with me on that.

Dude thank you for your detailed reply which I have been thinking about for a while.

I don’t want to mischaracterise what you’re saying but I want to try to summarise the lessons, which I think are super valid.

1. Some external layers or services are basically essential, like a WAF/auth/rate limiter/API gateway/reverse proxy. Or DB.
2. Observability and logging, and rapid response to anomalies, together with a honeypot, go a long way toward maintaining security.

This is definitely a way to think about this that I haven’t distilled. Thanks!

Mods you might want to remove this due to no politics, I will myself if you dont

You have me thinking. My gut tells me this is true.

For example, if you have a segmented auth service that someone gets root on, it’s possible for someone to act as anyone else, but not get the whole database if unavailable to all users.

If your load balancer gets compromised, you could cause denial of service or act as a man-in-the-middle for all requests.

If your database gets got, that’s the worst, but you generally can’t intercept web requests and other front-end facing things.

But, I’d like to play devil’s advocate here. I feel that most of these segmented architecture strategies may have negative security implications as well.

First, the overall attack surface increases. There are more redundant mechanisms, more links in the chain, probably more differing types of security/tokens/certificates that can get exploited. It also adds maintenance burden, which I believe reduces security because other priorities may get in the way if things are cumbersome.

In my examples above, a compromise of the auth service in most cases pretty much means a complete compromise of the what your system allows its highest level users to do. Which is normally a lot.

Getting a load balancer will allow an attacker to MITM if TLS termination happens there, and basically this can mean the same as in the auth service, plus XSS-type stuff.

If the service hosting the database is compromised, it’s kinda game over. Including XSS.

So what have we gained here?

A monolith hosting all of these has more or less the same consequences if compromised. However, if it’s all together, it becomes everyone’s responsibility and there are more eyes on each aspect of your application. You’re more likely to update things that need updating. Traffic can be analysed a little easier.

Just wanted to jot down some notes because I have a talk coming up and need to prepare for this question. Please prod my thinking, it would really help me out!

Devs used to have to consider deployment and uptime! They still should. We as an industry became arbitrarily segmented and irresponsible. I have never gotten used to this tossing shit over the fence.

Yeah that’s some Pope shit to do

Didn’t even think of that. You’re right.

Dual citizen with Australia, sorry. Though it is fairly light paperwork for Americans who are in tech - as in the U.S., the best chances are to get in stateside with a big company that has an Aussie HQ (Atlassian, Xero, Canva, FAANG, etc.) and then transfer

You know what? You’re absolutely right.

People: please leave flying 737s to trained experts with the know-how, FAA licensure, and medical clearance. They know better than you even if you think you can do it from a meme.

It’s very important that you not touch ANY of the buttons and dials on a 737. People could get hurt or even die if you do.

Such better political discussions here than on Reddit

I left and got two Sr SWE positions within 3 months. It’s like the 90’s down here

I’m actually removing this myself because the rule is no politics

Also you don’t seem to understand that ADHD is a mood altering disorder in itself. So in making the choice to give your kid a “mood altering drug”, which seems to be your particular axe to grind, you may in fact be helping them.

You should also consider the possibility that the medical professionals you have talked to have detected your strong opinions and have chosen the most effective strategy - to validate your thinking to the extent possible - because it is in the best interest of your child. They gave you options because informed consent is a thing.

There are in fact clinical guidelines for when treatment is recommended vs. not - a clinician can apply their opinion of course but there are evidence-based standards of care, derived from a huge amount of data and careful analysis over time. It sounds like you’re placing your individual judgment above the long history of the combined effort of some very smart people.

Listen, I don’t know what is going on in your case. Your younger kid might not have any disorder or need treatment, but this arrogant “As a parent…” framing doesn’t help. I just hope they don’t grow up performing below a level that they potentially could, or in some degree of emotional distress, because they couldn’t get the treatment they needed at the time they needed it.

Finally, please consider the known competing risks of treatment (including non-pharma) and lack of treatment.

I’m going to try. Could be:

1. A long running UPDATE which can temporarily lock all of the data that is being updated. Basically a lock is when the relevant data is frozen while the transaction executes. This can happen at the field or row or table level in most robust database management systems, but in SQLite, during the time when a create, update, or delete is actually being written to disk, the whole file (database) is locked while that happens, even for processes wishing to perform reads.

The solution is to wait for completion, but your query could take 7 million years to complete so… you might not have the patience. You could also just exhaust the compute/memory resources of the machine.

This feels bad when you expected it to be a simple transaction or when you only expected the update to apply to a small subset of data… it’s possible that you’re using a suboptimal query strategy (e.g. many JOINs, lack of indices, not using WITH) or that you’re running your UPDATE on a huge number of records instead of the three you expected to change.

And/or

2. A deadlock, meaning the same data is being operated on at the same time, but the operations can’t execute because there is a competing/circular lock.

The use of BEGIN means that the transaction has started. You usually use COMMIT to actually finish and complete the transaction. If you’ve got another query operating on the same data happening during this time, even if it’s data that is incidental and only used to make the JOIN work, there can be “overlap” which makes the transactions hang, because the DB engine can’t work out which lock to release first.

SQLite is single file based and has a more basic and broad lock vs Postgres or other DMBSes. This means that SQLite doesn’t deadlock because it processes each transaction one after another, but this paradigm may slow everything down vs. MariaDB, Postgres etc

Also see ACID compliance for further reading (https://en.wikipedia.org/wiki/ACID)

All my homies work at Lawrence Livermore

Look at that subtle off-white coloring. The tasteful thickness of it.