What’s going on with Micro Services?
Paul Seymour • Sep 26, 2018
Rewind 5 years and micro-services were the talk of the town. The developer conference circuit was awash with speakers espousing the benefits of micro-service architectures. Stories about their success in Netflix and Starbucks built the business case, while advances in scriptable infrastructure such as Docker built the technology case.
Then the cracks started to appear. Some of the teams adopting this approach reported mixed results – horror stories about complexity, difficulty in evolving the domain, refactoring and rapidly accumulating technical debt led to a general view that micro-service architectures weren’t quite as broadly applicable as we had hoped.
Conference talks shifted to Serverless, in part a reaction to the orchestration complexities of micro-services. The newly accepted wisdom was that micro-services probably shouldn’t be considered for greenfield applications, culminating in the recent removal of micro-services from the ThoughtWorks “Should Adopt” technology list.
So what’s going on with micro-services? What are the advantages and disadvantages? Should you be considering their use? At Patient Zero we now have several micro-service projects that we’ve worked on, across Node, .Net core and Ruby. Some of these we inherited the architecture, some we built ourselves. Our journey went from loving the idea of micro-services, to hating their implementation and delivery, back to understanding and appreciating how they can be used effectively. This is the first of 3 posts distilling our current thinking on micro-services.
There is one question you must answer to decide whether or not you should even consider a micro-service architecture, that is “How well do we do CICD?” Most teams are now well and truly on the dev-ops bandwagon, “we’ve had a build pipeline for years, we have automated tests, we have automated deployments – we’ve got CICD nailed!”
Try this with an existing application from the team (it doesn’t have to use micro-services):
- Create a new tenancy/subscription/area with your cloud or hosting provider
- Modify your CICD pipeline to use the new tenancy
- Give a developer a blank workstation / laptop and have them clone the repo, build and successfully launch the application locally
- Have them check in a change to a feature branch
- Ensure the change is automatically built, tested and deployed to the new tenancy. All Infrastructure required is automatically provisioned.
- UI Tests automatically execute and report results in the new environment
- All infrastructure is automatically disposed at the end of the test
If you can get from 2-7 in under 30 minutes, then it’s definitely worth considering a micro-service architecture. If not, then you are probably going to find micro-services are a significant burden on development team productivity.
To be continued. Stay tuned for our second post on Micro-Services – Advantages of Micro-Service Architectures.
Share This Post
Get In Touch
Recent Posts
Red-team challenges have been a fun activity for PZ team members in the past, so we recently conducted a small challenge at our fortnightly brown-bag session, focusing on the burgeoning topic of prompt injection. Injection vulnerabilities all follow the same basic pattern – un-trusted input is inadvertently treated as executable code, causing the security of the system to be compromised. SQL injection (SQLi) and cross-site scripting (XSS) are probably two of the best-known variants, but other technologies are also susceptible. Does anyone remember XPath injection? As generative models get incorporated into more products, user input can be used to subvert the model. This can lead to the model revealing its system prompt or other trade secrets, reveal information about the model itself which may be commercially valuable, subvert or waste computation resources, perform unintended actions if the model is hooked up to APIs, or cause reputational damage to the company if the model can be coerced into doing amusing or inappropriate things. As an example, entrepreneur and technologist Chris Bakke was recently able to trick a Chevy dealership’s ChatGPT-powered bot into agreeing to sell him a Chevy Tahoe for $1 . Although the U.S. supreme court has yet to rule on the legal validity of a “no takesies backsies” contract (as an employee of X Chris is probably legally obligated to drive a Tesla anyway) it is not hard to imagine a future scenario with steeper financial consequences.
With the advent of ChatGPT, Bard/Gemini and Co-pilot, Generative AI, and Large Language Models (LLMs) have been thrust into the spotlight.
AI is set to disrupt all industries, especially those that are predominately based on administrative support, legal, business, and financial operations, much like insurance and financial organisations.
One of the features of life working at PZ is our brown bag lunch and learn sessions; presentations by staff on topics of interest – sometimes, but not always technical, and hopefully amusing-as-hell. Yesterday we took a break from discussing the book Accelerate and the DORA metrics to take a whirlwind tour of the current state of play running “open source” generative AI models locally. Although this talk had been ‘in the works’ for a while, one challenge was that it needed to constantly be revised as the state of AI and LLMs changed. For example, the Stable Video Diffusion examples looked kind of lame in comparison to OpenAI’s Sora videos (released less than a week ago) and Groq’s amazing 500 token-per-second hardware demo on Monday/Tuesday , and the massive context size available now in the Gemini 1.5 models (released a few hours before OpenAI announced Sora...coincidence? An effort by OpenAI to steal back the limelight! Surely NOT!). And now a day later, with the paint still drying on a highly amusing slide-deck for the talk, Google releases their “open-source" Gemma models! The day itself presented an excellent example of why having more control of your models might be a good thing. ChatGPT 4 users began reporting “crazy” and highly amusing responses to fairly normal questions . We became alerted to this when one of our own staff reported on our internal Slack about a crazy response she received to a question about the pros and cons of some API design choices. The response she got back started normally enough, but then began to seem to channel Shakespeare’s Macbeth and some other olde English phrases and finished thusly. "Choose the right charm from the box* dense or astray, it’ll call for the norm. Your batch is yours to halter or belt. When in fetch, marry the clue to the pintle, and for the after, the wood-wand’s twist'll warn it. A past to wend and a feathered rite to tend. May the gulch be bygones and the wrath eased. So set your content to the cast, with the seal, a string or trove, well-deep. A good script to set a good cast. Good health and steady wind!" The sample JSON payload was also in keeping with the rest of the answer. { "htmlContent": "
Your HTML here
", "metadata": { "modifiedBy": "witch-of-the-wood", "safety": "sanitized", "mood": "lunar" } } Hubble, bubble, toil and trouble. Although there were no reports of the GPT4 API being affected by this (only ChatGPT) it might have given people developing automated stock trading bots using GPT4 a reason to pause and contemplate what might have been if their stock portfolio now consisted of a massive long position on Griselda’s Cauldron Supplies. As ChatGPT would say, Good health and steady wind.
Bay didn’t start her career out in software development. At school, Bay excelled at maths and physics, but adored writing, English and drama; lost in a world of Romeo and Juliet and epic fantasy.
Organisations across Australia turn to Patient Zero design, build and maintain custom software applications. Our Australian based development teams are vendor & technology agnostic and ready to deliver your next project.
We have a proven track record of projects delivered in a diverse range of industries including Education, Insurance, Waste Management, Health/Medtech, Government and even EV Charging.
Quick Links
Contact Us
1300 714 093
[email protected]
Brisbane
Level GR-109
310 Edward Street
BNE QLD 4000
GPO Box 2056, Brisbane 4001
Sydney
Level 3-104
320 Pitt Street,
Sydney NSW 2000
ABN 98 611 165 498
Latest News
Red-team challenges have been a fun activity for PZ team members in the past, so we recently conducted a small challenge at our fortnightly brown-bag session, focusing on the burgeoning topic of prompt injection. Injection vulnerabilities all follow the same basic pattern – un-trusted input is inadvertently treated as executable code, causing the security of the system to be compromised. SQL injection (SQLi) and cross-site scripting (XSS) are probably two of the best-known variants, but other technologies are also susceptible. Does anyone remember XPath injection? As generative models get incorporated into more products, user input can be used to subvert the model. This can lead to the model revealing its system prompt or other trade secrets, reveal information about the model itself which may be commercially valuable, subvert or waste computation resources, perform unintended actions if the model is hooked up to APIs, or cause reputational damage to the company if the model can be coerced into doing amusing or inappropriate things. As an example, entrepreneur and technologist Chris Bakke was recently able to trick a Chevy dealership’s ChatGPT-powered bot into agreeing to sell him a Chevy Tahoe for $1 . Although the U.S. supreme court has yet to rule on the legal validity of a “no takesies backsies” contract (as an employee of X Chris is probably legally obligated to drive a Tesla anyway) it is not hard to imagine a future scenario with steeper financial consequences.