Alex Xu

Why is the credit card called “𝐭𝐡𝐞 𝐦𝐨𝐬𝐭 𝐩𝐫𝐨𝐟𝐢𝐭𝐚𝐛𝐥𝐞 product in banks”? How does VISA/Mastercard make money?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://lnkd.in/g9wAgcke
--

The diagram below shows the economics of the credit card payment flow.

1. The cardholder pays a merchant $100 to buy a product.

2. The merchant benefits from the use of the credit card with higher sales volume, and needs to compensate the issuer and the card network for providing the payment service. The acquiring bank sets a fee with the merchant, called the “𝐦𝐞𝐫𝐜𝐡𝐚𝐧𝐭 𝐝𝐢𝐬𝐜𝐨𝐮𝐧𝐭 𝐟𝐞𝐞.”

3 - 4. The acquiring bank keeps $0.25 as the 𝐚𝐜𝐪𝐮𝐢𝐫𝐢𝐧𝐠 𝐦𝐚𝐫𝐤𝐮𝐩, and $1.75 is paid to the issuing bank as the 𝐢𝐧𝐭𝐞𝐫𝐜𝐡𝐚𝐧𝐠𝐞 𝐟𝐞𝐞. The merchant discount fee should cover the interchange fee.

The interchange fee is set by the card network because it is less efficient for each issuing bank to negotiate fees with each merchant.

5. The card network sets up the 𝐧𝐞𝐭𝐰𝐨𝐫𝐤 𝐚𝐬𝐬𝐞𝐬𝐬𝐦𝐞𝐧𝐭𝐬 𝐚𝐧𝐝 𝐟𝐞𝐞𝐬 with each bank, which pays the card network for its services every month. For example, VISA charges a 0.11% assessment, plus a $0.0195 usage fee, for every swipe.

6. The cardholder pays the issuing bank for its services.

Why should the issuing bank be compensated?
🔹The issuer pays the merchant even if the cardholder fails to pay the issuer.
🔹The issuer pays the merchant before the cardholder pays the issuer.
🔹The issuer has other operating costs, including managing customer accounts, providing statements, fraud detection, risk management, clearing & settlement, etc.

Over to you: Does the card network charge the same interchange fee for big merchants as for small merchants?

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

How Do Companies Ship Code to Production?\n\nHere are 11 steps from planning to production:\n\n1 - The Product Owner starts the entire process by creating user stories in a tool like Jira.\n\n2 - The Developer Team performs Sprint Planning activity and adds the user stories to the sprint.\n\n3 - Developers work on the assigned stories. Once a story is finished, they commit the code to Git and push it to GitHub.\n\n4 - Jenkins builds and runs the code through testing and quality check tools such as JUnit, Jacoco, and SonarQube.\n\n5 - If the build is successful, it is stored in the artifactory such as JFrog. Jenkins also deploys the build to the Dev Environment via Docker.\n\n6 - Next up, the feature gets deployed to the QA environment. Since multiple teams may be working on the same code base, multiple QA environments will be created\n\n7 - The QA team uses a particular QA environment and runs multiple test types such as QA, regression, and performance.\n\n8 - Once the QA verification is complete, features are deployed to the UAT (User Acceptance Testing) environment.\n\n9 - UAT testing verifies whether the feature satisfies the user’s requirements.\n\n10 - Once the UAT testing is successful, the builds become release candidates. They are deployed to the production environment based on a specific schedule. \n\n11 - The SRE team uses tools like ELK and Prometheus to monitor the production environment and handle alerts in case of issues. \n\nOver to you: Will you add any other steps to the process?\n\n--\nSubscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social\n \n#systemdesign #coding #interviewtips \n.

How does Disney Hotstar capture 5 Billion Emojis during a tournament?

Dedeepya Bonthu wrote an excellent engineering blog that captures this nicely. Here is my understanding of how the system works.

1. Clients send emojis through standard HTTP requests. You can think of Golang Service as a typical Web Server. Golang is chosen because it supports concurrency well. Threads in GoLang are lightweight.

2. Since the write volume is very high, Kafka (message queue) is used as a buffer.

3. Emoji data are aggregated by a streaming processing service called Spark. It aggregates data every 2 seconds, which is configurable. There is a trade-off to be made based on the interval. A shorter interval means emojis are delivered to other clients faster but it also means more computing resources are needed.

4. Aggregated data is written to another Kafka.

5. The PubSub consumers pull aggregated emoji data from Kafka.

6. Emojis are delivered to other clients in real-time through the PubSub infrastructure.

The PubSub infrastructure is interesting. Hotstar considered the following protocols: Socketio, NATS, MQTT, and gRPC, and settled with MQTT. For those who are interested in the tradeoff discussion, see [2].

A similar design is adopted by LinkedIn which streams a million likes/sec [3].

Over to you: What are some of the off-the-shelf Pub-Sub services available? Is there anything you would do differently in this design?

Sources: 
[1] Capturing A Billion Emo(j)i-ons: https://lnkd.in/e24qZK2s
[2] Building Pubsub for 50M concurrent socket connections: https://lnkd.in/eKHqFeef
[3] Streaming a Million Likes/Second: Real-Time Interactions on Live Video: https://lnkd.in/eUthHjv4

—
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3FEGliw
 
#systemdesign #coding #interviewtips
.

OAuth 2.0 Flows
.
.
Authorization Code Flow: The most common OAuth flow. After user authentication, the client receives an authorization code and exchanges it for an access token and refresh token.

Client Credentials Flow: Designed for single-page applications. The access token is returned directly to the client without an intermediate authorization code.

Implicit Code Flow: Designed for single-page applications. The access token is returned directly to the client without an intermediate authorization code.

Resource Owner Password Grant Flow: Allows users to provide their username and password directly to the client, which then exchanges them for an access token.

Over to you - So which one do you think is something that you should use next in your application?

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

What is GraphQL? Is it a replacement for the REST API?

The diagram below shows the quick comparison between REST and GraphQL.

🔹GraphQL is a query language for APIs developed by Meta. It provides a complete description of the data in the API and gives clients the power to ask for exactly what they need.

🔹GraphQL servers sit in between the client and the backend services.

🔹GraphQL can aggregate multiple REST requests into one query. GraphQL server organizes the resources in a graph.

🔹GraphQL supports queries, mutations (applying data modifications to resources), and subscriptions (receiving notifications on schema modifications).

We talked about the REST API in last week’s video and will compare REST vs. GraphQL vs. gRPC in a separate post/video.

Over to you:
1). Is GraphQL a database technology?
2). Do you recommend GraphQL? Why/why not?

—
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3FEGliw

#systemdesign #coding #interviewtips
.

What does a typical microservice architecture look like? 👇
.
.
The diagram below shows a typical microservice architecture.

🔹Load Balancer: This distributes incoming traffic across multiple backend services.

🔹CDN (Content Delivery Network): CDN is a group of geographically distributed servers that hold static content for faster delivery. The clients look for content in CDN first, then progress to backend services.

🔹API Gateway: This handles incoming requests and routes them to the relevant services. It talks to the identity provider and service discovery.

🔹Identity Provider: This handles authentication and authorization for users.

🔹Service Registry & Discovery: Microservice registration and discovery happen in this component, and the API gateway looks for relevant services in this component to talk to.

🔹Management: This component is responsible for monitoring the services.

🔹Microservices: Microservices are designed and deployed in different domains. Each domain has its own database. The API gateway talks to the microservices via REST API or other protocols, and the microservices within the same domain talk to each other using RPC (Remote Procedure Call).

Benefits of microservices:
- They can be quickly designed, deployed, and horizontally scaled.
- Each domain can be independently maintained by a dedicated team.
- Business requirements can be customized in each domain and better supported, as a result.

Over to you: 1). What are the drawbacks of the microservice architecture?
2). Have you seen a monolithic system be transformed into microservice architecture? How long does it take?

Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3FEGliw
 
#systemdesign #coding #interviewtips
.

15 Open-Source Projects That Changed the World

To come up with the list, we tried to look at the overall impact these projects have created on the industry and related technologies. Also, we’ve focused on projects that have led to a big change in the day-to-day lives of many software developers across the world.

Web Development
- Node.js: The cross-platform server-side Javascript runtime that brought JS to server-side development
- React: The library that became the foundation of many web development frameworks.
- Apache HTTP Server: The highly versatile web server loved by enterprises and startups alike. Served as inspiration for many other web servers over the years.

Data Management
- PostgreSQL: An open-source relational database management system that provided a high-quality alternative to costly systems
- Redis: The super versatile data store that can be used a cache, message broker and even general-purpose storage
- Elasticsearch: A scale solution to search, analyze and visualize large volumes of data

Developer Tools
- Git: Free and open-source version control tool that allows developer collaboration across the globe.
- VSCode: One of the most popular source code editors in the world
- Jupyter Notebook: The web application that lets developers share live code, equations, visualizations and narrative text.

Machine Learning & Big Data
- Tensorflow: The leading choice to leverage machine learning techniques
- Apache Spark: Standard tool for big data processing and analytics platforms
- Kafka: Standard platform for building real-time data pipelines and applications.

DevOps & Containerization
- Docker: The open source solution that allows developers to package and deploy applications in a consistent and portable way.
- Kubernetes: The heart of Cloud-Native architecture and a platform to manage multiple containers
- Linux: The OS that democratized the world of software development.

Over to you: Do you agree with the list? What did we miss?

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

Debugging is extremely important for software engineers, but it's never taught in school.

Here are some top debugging techniques you can follow.

Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://lnkd.in/g9wAgcke

#systemdesign #coding #interviewtips
.

What does API gateway do?

An API gateway typically provides several important functions. Some common ones are:
- authentication and security policy enforcement
- load balancing and circuit breaking
- protocol translation and service discovery
- monitoring, logging, analytics, and billing
- caching

Watch the whole video here: https://bit.ly/3fm3LAw

#systemdesign #coding #interviewtips
.

What is an AI Agent?

An AI agent is a software program that can interact with its environment, gather data, and use that data to achieve predetermined goals. AI agents can choose the best actions to perform to meet those goals.

Key characteristics of AI agents are as follows:

An agent can perform autonomous actions without constant human intervention. Also, they can have a human in the loop to maintain control.
- Agents have a memory to store individual preferences and allow for personalization. It can also store knowledge. An LLM can undertake information processing and decision-making functions.
- Agents must be able to perceive and process the information available from their environment.
- Agents can also use tools such as accessing the internet, using code interpreters and making API calls.
- Agents can also collaborate with other agents or humans.

Multiple types of AI agents are available such as learning agents, simple reflex agents, model-based reflex agents, goal-based agents, and utility-based agents.

A system with AI agents can be built with different architectural approaches.

1 - Single Agent: Agents can serve as personal assistants.
2 - Multi-Agent: Agents can interact with each other in collaborative or competitive ways.
3 - Human Machine: Agents can interact with humans to execute tasks more efficiently.

Over to you: Have you used AI Agents?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips
.

Netflix's Tech Stack.
 
This post is based on research from many Netflix engineering blogs and open-source projects. If you come across any inaccuracies, please feel free to inform us. 
 
Mobile and web: Netflix has adopted Swift and Kotlin to build native mobile apps. For its web application, it uses React. 
 
Frontend/server communication: GraphQL. 
 
Backend services: Netflix relies on ZUUL, Eureka, the Spring Boot framework, and other technologies. 
 
Databases: Netflix utilizes EV cache, Cassandra, CockroachDB, and other databases. 
 
Messaging/streaming: Netflix employs Apache Kafka and Fink for messaging and streaming purposes. 
 
Video storage: Netflix uses S3 and Open Connect for video storage. 
 
Data processing: Netflix utilizes Flink and Spark for data processing, which is then visualized using Tableau. Redshift is used for processing structured data warehouse information. 
 
CI/CD: Netflix employs various tools such as JIRA, Confluence, PagerDuty, Jenkins, Gradle, Chaos Monkey, Spinnaker, Altas, and more for CI/CD processes. 
 
–- 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq 
 
#systemdesign #coding #interviewtips 
.

What does API gateway do?
.
.
The diagram below shows the detail.

Step 1 - The client sends an HTTP request to the API gateway.

Step 2 - The API gateway parses and validates the attributes in the HTTP request.

Step 3 - The API gateway performs allow-list/deny-list checks.

Step 4 - The API gateway talks to an identity provider for authentication and authorization.

Step 5 - The rate limiting rules are applied to the request. If it is over the limit, the request is rejected.

Steps 6 and 7 - Now that the request has passed basic checks, the API gateway finds the relevant service to route to by path matching.

Step 8 - The API gateway transforms the request into the appropriate protocol and sends it to backend microservices.

Steps 9-12: The API gateway can handle errors properly, and deals with faults if the error takes a longer time to recover (circuit break). It can also leverage ELK (Elastic-Logstash-Kibana) stack for logging and monitoring. We sometimes cache data in the API gateway.

Over to you: 1) What’s the difference between a load balancer and an API gateway?
2) Do we need to use different API gateways for PC, mobile and browser separately?

-- 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

Best ways to test system functionality. Next week's topic will be listed at the end.

Testing system functionality is a crucial step in software development and engineering processes.

It ensures that a system or software application performs as expected, meets user requirements, and operates reliably.

Here we delve into the best ways:

1. Unit Testing: Ensures individual code components work correctly in isolation.

2. Integration Testing: Verifies that different system parts function seamlessly together.

3. System Testing: Assesses the entire system's compliance with user requirements and performance.

4. Load Testing: Tests a system's ability to handle high workloads and identifies performance issues.

5. Error Testing: Evaluates how the software handles invalid inputs and error conditions.

6. Test Automation: Automates test case execution for efficiency, repeatability, and error reduction.

Over to you: How do you approach testing system functionality in your software development or engineering projects?

Over to you: what's your company's release process look like?

Next week, we will talk about:
- Python vs. C++ vs. Java (YouTube)
- Cloud provider cheatsheet (AWS, GCP, Azure, Oracle, Alibaba Cloud)
- Object stores
- Tech interview materials
- Mobile release

Subscribe to our weekly newsletter so you won't miss it: https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

GET, POST, PUT... Common HTTP “verbs” in one figure.
 
1. HTTP GET 
This retrieves a resource from the server. It is idempotent. Multiple identical requests return the same result. 
 
2. HTTP PUT 
This updates or Creates a resource. It is idempotent. Multiple identical requests will update the same resource. 
 
3. HTTP POST 
This is used to create new resources. It is not idempotent, making two identical POST will duplicate the resource creation. 
 
4. HTTP DELETE 
This is used to delete a resource. It is idempotent. Multiple identical requests will delete the same resource. 
 
5. HTTP PATCH 
The PATCH method applies partial modifications to a resource. 
 
6. HTTP HEAD 
The HEAD method asks for a response identical to a GET request but without the response body. 
 
7. HTTP CONNECT 
The CONNECT method establishes a tunnel to the server identified by the target resource. 
 
8. HTTP OPTIONS 
This describes the communication options for the target resource. 
 
9. HTTP TRACE 
This performs a message loop-back test along the path to the target resource. 
 
Over to you: What other HTTP verbs have you used?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social
 
#systemdesign #coding #interviewtips 
.

We are often asked to design for high availability, high scalability, and high throughput. What do they mean exactly?

The diagram below is a system design cheat sheet with common solutions.

1. High Availability
This means we need to ensure a high agreed level of uptime. We often describe the design target as “3 nines” or “4 nines”. “4 nines”, 99.99% uptime, means the service can only be down 8.64 seconds per day.

To achieve high availability, we need to design redundancy in the system. There are several ways to do this:

- Hot-hot: two instances receive the same input and send the output to the downstream service. In case one side is down, the other side can immediately take over. Since both sides send output to the downstream, the downstream system needs to dedupe.

- Hot-warm: two instances receive the same input and only the hot side sends the output to the downstream service. In case the hot side is down, the warm side takes over and starts to send output to the downstream service.

- Single-leader cluster: one leader instance receives data from the upstream system and replicates to other replicas.

- Leaderless cluster: there is no leader in this type of cluster. Any write will get replicated to other instances. As long as the number of write instances plus the number of read instances are larger than the total number of instances, we should get valid data.

2. High Throughput
This means the service needs to handle a high number of requests given a period of time. Commonly used metrics are QPS (query per second) or TPS (transaction per second).

To achieve high throughput, we often add caches to the architecture so that the request can return without hitting slower I/O devices like databases or disks. We can also increase the number of threads for computation-intensive tasks. However, adding too many threads can deteriorate the performance. We then need to identify the bottlenecks in the system and increase its throughput. Using asynchronous processing can often effectively isolate heavy-lifting components.

3. High Scalability
This means a system can quickly and easily extend to accommodate more volume (horizontal scalability) or more functionalities (vertical scalability). Normally we watch the response time to decide if we need to scale the system.

Over to you: Do you have other things to share in your design toolbox?

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

Top 6 most popular API architecture styles.

With billions of API calls made every day, understanding API architecture styles has never been more important. In this video, we take a closer look at these styles. They are the backbone of our interconnected digital world. We will talk about:

- SOAP
- RESTful
- GraphQL
- gRPC
- WebSocket
- Webhook

Watch & subscribe here: https://lnkd.in/e2Jwg9w8

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/42Ex9oZ

#systemdesign #coding #interviewtips
.

What is so important about HTTPS that, these days, most websites require it? How does HTTPS work?

We will answer these questions in tomorrow’s video. Subscribe to our YouTube channel so you won’t miss it ⇩:

YouTube: https://bit.ly/3xWM7Kk

In the age of AI, what subjects should be taught in schools?

An interesting list of subjects that should be mandatory in schools by startup_rules.

While academics are essential, it's crucial to acknowledge that many elements in this diagram would have been beneficial to learn earlier.

Over to you: What else should be on the list? What are the top 3 skills you wish schools would teach?

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

In today's video, we're diving into the world of computer memory and storage.

We will talk about:
- The fundamental duo: RAM and ROM
- DDR4 and DDR5
- Firmware and BIOS
- SRAM and DRAM
- HDD, SSD, USB Drive, SD Card
- and more

Watch the video now: https://lnkd.in/egQVXVG6

#systemdesign #coding #interviewtips
.

These are really hard times, especially for people on visas. I thought we could leverage the community to help. Let’s create a thread where companies and candidates can find each other.

1. If your company is hiring, please comment with the job openings

2. Everyone else, like and or share for reach

3. Candidates can check the comments for current job openings

Tech industry is resilient. This too shall pass. Let’s support each other during tough times.

#systemdesign #layoffs #career

10 Essential Components of a Production Web Application.

1 - It all starts with CI/CD pipelines that deploy code to the server instances. Tools like Jenkins and GitHub help over here.
2 - The user requests originate from the web browser. After DNS resolution, the requests reach the app servers.
3 - Load balancers and reverse proxies (such as Nginx & HAProxy) distribute user requests evenly across the web application servers.
4 - The requests can also be served by a Content Delivery Network (CDN).
5 - The web app communicates with backend services via APIs.
6 - The backend services interact with database servers or distributed caches to provide the data.
7 - Resource-intensive and long-running tasks are sent to job workers using a job queue.
8 - The full-text search service supports the search functionality. Tools like Elasticsearch and Apache Solr can help here.
9 - Monitoring tools (such as Sentry, Grafana, and Prometheus) store logs and help analyze data to ensure everything works fine. 
10 - In case of issues, alerting services notify developers through platforms like Slack for quick resolution.

Over to you: What other components would you add to the architecture of a production web app?

– 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq 
 
#systemdesign #coding #interviewtips 
.

REST API Cheatsheet. The method to download high-resolution PDF is available at the end.

This guide is designed to help you understand the world of RESTful APIs in a clear and engaging way.

What's inside:
- An exploration of the six fundamental principles of REST API design.
- Insights into key components such as HTTP methods, protocols, versioning, and more.
- A special focus on practical aspects like pagination, filtering, and endpoint design.

Whether you're beginning your API journey or looking to refresh your knowledge, this blog and cheat sheet combo is the perfect toolkit for success.

–
Subscribe to our newsletter to download the 𝐡𝐢𝐠𝐡-𝐫𝐞𝐬𝐨𝐥𝐮𝐭𝐢𝐨𝐧 𝐜𝐡𝐞𝐚𝐭 𝐬𝐡𝐞𝐞𝐭. After signing up, find the download link on the success page: https://bit.ly/3tMUM2B

#systemdesign #coding #interviewtips
.

Top 12 Tips for API Security 
. 
. 
- Use HTTPS 
- Use OAuth2 
- Use WebAuthn 
- Use Leveled API Keys 
- Authorization 
- Rate Limiting 
- API Versioning 
- Whitelisting 
- Check OWASP API Security Risks 
- Use API Gateway 
- Error Handling 
- Input Validation

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

10 Key Data Structures We Use Every Day 
.
.
- list: keep your Twitter feeds 
- stack: support undo/redo of the word editor 
- queue: keep printer jobs, or send user actions in-game 
- hash table: cashing systems 
- Array: math operations 
- heap: task scheduling 
- tree: keep the HTML document, or for AI decision 
- suffix tree: for searching string in a document 
- graph: for tracking friendship, or path finding 
- r-tree: for finding the nearest neighbor 
- vertex buffer: for sending data to GPU for rendering

Over to you: Which additional data structures have we overlooked?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

Uber is one of the most innovative companies in the engineering field. Let’s take a look at their CI/CD tech stacks.

Note: This post is based on research on Uber engineering blogs. If you spot any inaccuracies, please let us know.

Project planning: JIRA

Backend services: Spring Boot to develop their backend services. And to make things even faster, they've created a nifty configuration system called Flipr that allows for speedy configuration releases.

Code issues: They developed NullAway to tackle NullPointer problems and NEAL to lint the code. Plus, they built Piranha to clean out-dated feature flags.

Repository: They believe in Monorepo. It uses Bazel on a large scale.

Testing: They use SLATE to manage short-lived testing environments and rely on Shadower for load testing by replaying production traffic. They even developed Ballast to ensure a smooth user experience.

Experiment platform: it is based on deep learning and they've generously open-sourced parts of it, like Pyro.

Build: Uber packages their services into containers using uBuild. It's their go-to tool, powered by Buildkite, for all the packaging tasks.

Deploying applications: Netflix Spinnaker. It's their trusted tool for getting things into production smoothly and efficiently.

Monitoring: Uber built their own monitoring systems. They use the uMetric platform, built on Cassandra, to keep things consistent.

Special tooling: Uber relies on Peloton for capacity planning, scheduling, and operations. Crane builds a multi-cloud infrastructure to optimize costs. And with uAct and the OnCall dashboard, they've got event tracing and on-call duty management covered.

Have you ever used any of Uber's tech stack for CI/CD? What are your thoughts on their CI/CD setup?

Some updates based on feedback:
Project planning: JIRA is the main task management portal
Backend Services: UberFx https://lnkd.in/e3AyVSHZ and Glue https://lnkd.in/eKXNe8RK for Golang. 
JFx framework using Springboot for Java. Flipr for configuration. 
Cadence for workflow systems: https://lnkd.in/e9jaZA_7
Experiment Platform: https://lnkd.in/e9VgtBBG
Deploying Applications: Up, https://lnkd.in/eU-5jaej 
Monitoring: M3DB for metrics https://lnkd.in/eUnQ2uNh 
uMetric is for standardized business metrics: https://lnkd.in/ew8WNKsx 
Metrics data: stored in https://lnkd.in/eZv3mTXV

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/42Ex9oZ

#systemdesign #coding #interviewtips
.

How to design a 𝐬𝐞𝐜𝐮𝐫𝐞 web API access for your website?
.
.
When we open web API access to users, we need to make sure each API call is authenticated. This means the user must be whom they claim to be.
 
In this post, we explore two common ways:
1. Token based authentication
2. HMAC (Hash-based Message Authentication Code) authentication
 
The diagram below illustrates how they work.
 
𝐓𝐨𝐤𝐞𝐧 𝐛𝐚𝐬𝐞𝐝
Step 1 - the user enters their password into the client, and the client sends the password to the Authentication Server.
 
Step 2 - the Authentication Server authenticates the credentials and generates a token with an expiry time.
 
Steps 3 and 4 - now the client can send requests to access server resources with the token in the HTTP header. This access is valid until the token expires.
 
𝐇𝐌𝐀𝐂 𝐛𝐚𝐬𝐞𝐝
This mechanism generates a Message Authentication Code (signature) by using a hash function (SHA256 or MD5).
 
Steps 1 and 2 - the server generates two keys, one is Public APP ID (public key) and the other one is API Key (private key).
Step 3 - we now generate a HMAC signature on the client side (hmac A). This signature is generated with a set of attributes listed in the diagram.
 
Step 4 - the client sends requests to access server resources with hmac A in the HTTP header.
 
Step 5 - the server receives the request which contains the request data and the authentication header. It extracts the necessary attributes from the request and uses the API key that’s stored on the server side to generate a signature (hmac B.)
 
Steps 6 and 7 - the server compares hmac A (generated on the client side) and hmac B (generated on the server side). If they are matched, the requested resource will be returned to the client.
 
Question - How does HMAC authentication ensure data integrity? Why do we include “request timestamp” in HMAC signature generation?
 
—
Please follow me if you want to receive weekly updates about tech interviews, system design, or book writing.  Alex Xu
 
#systemdesign #coding #interviewtips
.

How does Docker Work?
 
Docker's architecture comprises three main components: 
 
🔹 Docker Client 
This is the interface through which users interact. It communicates with the Docker daemon. 
 
🔹 Docker Host 
Here, the Docker daemon listens for Docker API requests and manages various Docker objects, including images, containers, networks, and volumes. 
 
🔹 Docker Registry 
This is where Docker images are stored. Docker Hub, for instance, is a widely-used public registry.

-- 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips 
.

Why is Kafka fast?

There are many design decisions that contributed to Kafka’s performance. In this post, we’ll focus on two. We think these two carried the most weight.

1️. The first one is Kafka’s reliance on Sequential I/O.
 
2️. The second design choice that gives Kafka its performance advantage is its focus on efficiency: zero copy principle.
 
The diagram below illustrates how the data is transmitted between producer and consumer, and what zero-copy means.
 
🔹Step 1.1 - 1.3: Producer writes data to the disk 
 
🔹Step 2: Consumer reads data without zero-copy
2.1: The data is loaded from disk to OS cache
2.2 The data is copied from OS cache to Kafka application
2.3 Kafka application copies the data into the socket buffer 
2.4 The data is copied from socket buffer to network card
2.5 The network card sends data out to the consumer
 
🔹Step 3: Consumer reads data with zero-copy
3.1: The data is loaded from disk to OS cache
3.2 OS cache directly copies the data to the network card via sendfile() command
3.3 The network card sends data out to the consumer
 
Zero copy is a shortcut to save multiple data copies between the application context and kernel context.

-- 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq 
 
#systemdesign #coding #interviewtips 
.

Top 5 Most-Used Deployment Strategies. New YouTube Video:
. 
. 
In this video, we will talk about: 
- Big Bang Deployment 
- Rolling Deployment 
- Blue-Green Deployment 
- Canary Deployment 
- Feature Toggle 
 
Watch and subscribe here: https://lnkd.in/enFJi9_d

#systemdesign #coding #interviewtips
.

A Roadmap for Full-Stack Development.
.
.
A full-stack developer needs to be proficient in a wide range of technologies and tools across different areas of software development. Here’s a comprehensive look at the technical stacks required for a full-stack developer.

🔹 1. Frontend Development
Frontend development involves creating the user interface and user experience of a web application.

🔹 2. Backend Development
Backend development involves managing the server-side logic, databases, and integration of various services.

🔹 3. Database Development
Database development involves managing data storage, retrieval, and manipulation.

🔹 4. Mobile Development
Mobile development involves creating applications for mobile devices.

🔹 5. Cloud Computing
Cloud computing involves deploying and managing applications on cloud platforms.

🔹 6. UI/UX Design
UI/UX design involves designing the user interface and experience of applications.

🔹 7. Infrastructure and DevOps
Infrastructure and DevOps involve managing the infrastructure, deployment, and continuous integration/continuous delivery (CI/CD) of applications.

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

18 Most-used Linux Commands You Should Know 
 
Linux commands are instructions for interacting with the operating system. They help manage files, directories, system processes, and many other aspects of the system. You need to become familiar with these commands in order to navigate and maintain Linux-based systems efficiently and effectively. The following are some popular Linux commands: 
 
🔹ls - List files and directories 
🔹cd - Change the current directory 
🔹mkdir - Create a new directory 
🔹rm - Remove files or directories 
🔹cp - Copy files or directories 
🔹mv - Move or rename files or directories 
🔹chmod - Change file or directory permissions 
🔹grep - Search for a pattern in files 
🔹find - Search for files and directories 
🔹tar - manipulate tarball archive files 
🔹vi - Edit files using text editors 
🔹cat - display the content of files 
🔹top - Display processes and resource usage 
🔹ps - Display processes information 
🔹kill - Terminate a process by sending a signal 
🔹du - Estimate file space usage 
🔹ifconfig - Configure network interfaces 
🔹ping - Test network connectivity between hosts 
 
Over to you: What is your favorite Linux command?

– 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq 
 
#systemdesign #coding #interviewtips 
.

Docker vs. Kubernetes. Which one should we use?

What is Docker ?
Docker is an open-source platform that allows you to package, distribute, and run applications in isolated containers. It focuses on containerization, providing lightweight environments that encapsulate applications and their dependencies.

What is Kubernetes ?
Kubernetes, often referred to as K8s, is an open-source container orchestration platform. It provides a framework for automating the deployment, scaling, and management of containerized applications across a cluster of nodes.

How are both different from each other ?
Docker: Docker operates at the individual container level on a single operating system host.

You must manually manage each host and setting up networks, security policies, and storage for multiple related containers can be complex.

Kubernetes: Kubernetes operates at the cluster level. It manages multiple containerized applications across multiple hosts, providing automation for tasks like load balancing, scaling, and ensuring the desired state of applications.

In short, Docker focuses on containerization and running containers on individual hosts, while Kubernetes specializes in managing and orchestrating containers at scale across a cluster of hosts.

Over to you: What challenges prompted you to switch from Docker to Kubernetes for managing containerized applications?

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

Azure Services Cheat Sheet

Launching in 2010, Microsoft Azure has quickly grown to hold the No. 2 position in market share by evolving from basic offerings to a comprehensive, flexible cloud ecosystem.

Today, Azure not only supports traditional cloud applications but also caters to emerging technologies such as AI, IoT, and blockchain, making it a crucial platform for innovation and development.

As it evolves, Azure continues to enhance its capabilities to provide advanced solutions for security, scalability, and efficiency, meeting the demands of modern enterprises and startups alike. This expansion allows organizations to adapt and thrive in a rapidly changing digital landscape.

The attached illustration can serve as both an introduction and a quick reference for anyone aiming to understand Azure.

Over to you: How does your experience with Azure compare to that with AWS?

Over to you: Does the card network charge the same interchange fee for big merchants as for small merchants?

-- 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq 
 
#systemdesign #coding #interviewtips 
.

Design patterns cheat sheet
.
.
--
Get a Free System Design PDF (158 pages) by subscribing to our weekly newsletter today: https://lnkd.in/g9wAgcke

#systemdesign #coding #interviewtips
.

Do you know all the components of a URL?

Uniform Resource Locator (URL) is a term familiar to most people, as it is used to locate resources on the internet. When you type a URL into a web browser's address bar, you are accessing a “resource“, not just a webpage.

URLs comprise several components:

🔹The protocol or scheme, such as http, https, and ftp.
🔹The domain name and port, separated by a period (.)
🔹The path to the resource, separated by a slash (/)
🔹The parameters, which start with a question mark (?) and consist of key-value pairs, such as a=b&c=d.
🔹The fragment or anchor, indicated by a pound sign (#), which is used to bookmark a specific section of the resource.

—
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

Top 9 website performance metrics you cannot ignore:

Load Time: This is the time taken by the web browser to download and display the webpage. It’s measured in milliseconds.

Time to First Byte (TTFB): It’s the time taken by the browser to receive the first byte of data from the web server. TTFB is crucial because it indicates the general ability of the server to handle traffic.

Request Count: The number of HTTP requests a browser has to make to fully load the page. The lower this count, the faster a website will feel to the user.

DOMContentLoaded (DCL): This is the time it takes for the full HTML code of a webpage to be loaded. The faster this happens, the faster users can see useful functionality. This time doesn’t include loading CSS and other assets

Time to above-the-fold load: “Above the fold” is the area of a webpage that fits in a browser window without a user having to scroll down. This is the content that is first seen by the user and often dictates whether they’ll continue reading the webpage.

First Contentful Paint (FCP): This is the time at which content first begins to be “painted” by the browser. It can be a text, image, or even background color.

Page Size: This is the total file size of all content and assets that appear on the page. Over the last several years, the page size of websites has been growing constantly. The bigger the size of a webpage, the longer it will take to load

Round Trip Time (RTT): This is the amount of time a round trip takes. A round trip constitutes a request traveling from the browser to the origin server and the response from the server going to the browser. Reducing RTT is one of the key approaches to improving a website’s performance.

Render Blocking Resources: Some resources block other parts of the page from being loaded. It’s important to track the number of such resources. The more render-blocking resources a webpage has, the greater the delay for the browser to load the page.

Over to you - What other website performance metrics do you track?

Reference: Cloudflare Docs

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips
.

My system design interview book was translated into many languages. I’m just happy to see them physically in one place! 
.
cc my co-author Sahn Lam

Next week, we will cover:

🔹How does chatGPT work?
🔹Git merge and rebase
🔹Why is system design important?
🔹System design interview cheatsheet
🔹Stateless vs. Stateful

Subscribe to our weekly free newsletter to learn something new every week:
https://bit.ly/3FEGliw

#systemdesign #coding #interviewtips
.

It is still tough to get interviews. People are getting creative with their resumes.

This resume is created using Figma. Do you think it will grab recruiters/hiring managers attention?

Resume credit: Aditya Sharma

–
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#coding #job #jobhunt
.

Top 6 Tools to Turn Code into Beautiful Diagrams

- Diagrams 
- Go Diagrams 
- Mermaid 
- PlantUML 
- ASCII diagrams 
- Markmap 
 
Over to you: Did we miss anything? What's your favorite?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social
 
#systemdesign #coding #interviewtips 
.

Payment through scanning QR code is very common but do you know how many ways there are to do it?

There are 4 ways, no matter whether you’re using PayPal, Stripe, Paytm, WeChat, or Alipay. Is this surprising to you? To understand this, we will answer to questions.

The first question is who presents the QR code:
1. You can present the QR code and the merchant scans the code for payment. This is called ‘consumer-presented mode, and what the merchant does is direct debit your account.

2. Obviously, the other way is that the merchant presents the QR code for you to scan to pay the due amount. This is called ‘merchant-presented mode’ and you grant the direct credit from your account.

The second question is whether the QR code is dynamic or static:
1. A dynamic QR code means the QR code will be generated when you present it, or it will automatically regenerate every few seconds. Because it is dynamically generated, it may contain rich information, such as the amount due, transaction type, etc.

2. A static QR code is generated once and used everywhere. Usually, it only contains the account information.

So there are 2*2=4 ways to scan a QR code, which are:
1. Consumer-presented mode + static QR code
2. Consumer-presented mode + dynamic QR code
3. Merchant-presented mode + static QR code
4. Merchant-presented mode + dynamic QR code

I’ve created an image to illustrate these 4 cases and their classic scenarios.

👉 Over to you: I’ve marked one of the scan-to-pay scenarios with a red alert symbol to indicate that a risk is present. Do you know why it is high risk?

 —
Join a growing community of more than 100,000 readers who love System Design. Subscribe here: https://bit.ly/3FEGliw
 
#systemdesign #coding #interviewtips
.

How is data sent over the internet? What does that have to do with the OSI model? How does TCP/IP fit into this? 
 
7 Layers in the OSI model are: 
1. Physical Layer 
2. Data Link Layer 
3. Network Layer 
4. Transport Layer 
5. Session Layer 
6. Presentation Layer 
7. Application Layer

-- 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq 
 
#systemdesign #coding #interviewtips 
.

Do you know the James Webb Space Telescope (JWST) uses 𝐉𝐚𝐯𝐚𝐒𝐜𝐫𝐢𝐩𝐭 and 𝐞𝐯𝐞𝐧𝐭-𝐝𝐫𝐢𝐯𝐞𝐧 architecture for its operations?

Disclaimer: This post reflects my understanding of the paper: JWST: Maximizing Efficiency And Minimizing Ground Systems by the Space Telescope Science Institute. For more details, refer to [1].

The diagram below shows the architecture.

Step 1: When the observation plans are designed for JWST, the team needs to come up with a proposal. The proposal is broken up into scheduling units called ‘Visits.’ Each Visit has a corresponding observing window. These Visits can build a long-range plan, which is about one year in duration, or a short-range plan, which is about 22 days in duration. The plans are called an Observation Plan [1].

Step 2: These Observation Plans are processed by high-level onboard scripts, called the Observation Plan Executive (OPE). The OPE passes the activity parameters from the time-ordered Visits to lower-level onboard scripts. [1]

Step 3: The activity onboard scripts construct the commands and telemetry requests in real-time, onboard the JWST. [1]

Step 4: When a command is issued, these lower-level scripts evaluate the telemetry response and pass the script status up to the OPE. Based on the script status, the OPE can skip Visits. [1]

Compared with the Hubble Space Telescope (HST), JWST science operations are driven by onboard scripts written in customized Javascript, not in binary command blocks. This abstraction forms an event-driven architecture and makes operational decisions based on telemetry responses. The OPE can:

🔹 Skip Visits based on script status
🔹 Add Visits to the end of the Plan
🔹 Remove Visits to redefine the end of the Plan
🔹 Stop the Plan after a specified Visit or stop the entire plan

In this way, one failure doesn’t hurt the entire Plan. JWST can continue with the rest of the Plan. This maximizes efficiency and resilience.

Over to you: How to engineer and test mission-critical software?

Reference: 
[1] https://lnkd.in/ePcrnP8r

–
Subscribe to our weekly newsletter to learn something new every week: 
https://bit.ly/3FEGliw
 
#systemdesign #coding #interviewtips
.

What is MCP? Full video explanation available at the end.

Why is everyone talking about it?

Let’s take a closer look.

Model Context Protocol (MCP) is a new system introduced by Anthropic to make AI models more powerful.

It is an open standard (also being run as an open-source project) that allows AI models (like Claude) to connect to databases, APIs, file systems, and other tools without needing custom code for each new integration.

MCP follows a client-server model with 3 key components:

1 - Host: AI applications like Claude that provide the environment for AI interactions so that different tools and data sources can be accessed. The host runs the MCP Client.

2 - MCP Client: The MCP client is the component inside an AI model (like Claude) that allows it to communicate with MCP servers. For example, if the AI model wants data from PostgreSQL, the MCP client formats the request into a structured message to send to the MCP Server

3 - MCP Server: This is the middleman that connects an AI model to an external system like PostgreSQL, Google Drive, or an API. For example, if Claude analyzes sales data from PostgreSQL, the MCP Server for PostgreSQL acts as the connector between Claude and the database.

MCP has five core building blocks (also known as primitives). They are divided between the client and server.

1 - For the clients, the building blocks are Roots (secure file access) and Sampling (ask the AI for help with a task such as generating a DB query).

2 - For the servers, there are Prompts (instructions to guide the AI), Resources (Data Objects that the AI can reference) and Tools (functions that the AI can call such as running a DB query).

Over to you: Have you explored Anthropic’s Model Context Protocol?

--
Watch the full YouTube video here: https://lnkd.in/etY8Hs6e

#systemdesign #coding #interviewtips 
.

9 Clean Code Principles To Keep In Mind

1 - Meaningful Names: Name variables and functions to reveal their purpose, not just their value.
2 - One Function, One Responsibility: Functions should do one thing.
3 - Avoid Magic Numbers: Replace hard-code values with named constants to give them meaning.
4 - Use Descriptive Booleans: Boolean names should state a condition, not just its value.
5 - Keep Code DRY: Duplicate code means duplicate bugs. Try and reuse logic where it makes sense.
6 - Avoid Deep Nesting: Flatten your code flow to improve clarity and reduce cognitive load.
7 - Comment Why, Not What: Explain the intention behind your code, not the obvious mechanics.
8 - Limit Function Arguments: Too many parameters confuse. Group related data into objects.
9 - Code Should Be Self-Explanatory: Well-written code needs fewer comments because it reads like a story.

Over to you: Which other clean code principle will you add to the list?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips
.

A picture is worth a thousand words: 9 best practices for developing microservices.

When we develop microservices, we need to follow the following best practices:

1. Use separate data storage for each microservice
2. Keep code at a similar level of maturity
3. Separate build for each microservice
4. Assign each microservice with a single responsibility
5. Deploy into containers
6. Design stateless services
7. Adopt domain-driven design
8. Design micro frontend
9. Orchestrating microservices

-- 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips 
.

In this post, we talk about a simple yet commonly used database design pattern (setup): 𝐑𝐞𝐚𝐝 𝐫𝐞𝐩𝐥𝐢𝐜𝐚 𝐩𝐚𝐭𝐭𝐞𝐫𝐧.
.
.
In this setup, all data-modifying commands like insert, delete, or update are sent to the primary DB, and reads are sent to read replicas.

The diagram below illustrates the setup:

1. When Alice places an order on amazon, the request is sent to Order Service.

2. Order Service creates a record about the order in the primary DB (write). Data is replicated to two replicas.

3. Alice views the order details. Data is served from a replica (read).

4. Alice views the recent order history. Data is served from a replica (read).

There is one major problem in this setup: 𝐫𝐞𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐥𝐚𝐠.

Under certain circumstances (network delay, server overload, etc.), data in replicas might be seconds or even minutes behind. In this case, if Alice immediately checks the order status (query is served by the replica) after the order is placed, she might not see the order at all. This leaves Alice confused. In this case, we need “read-after-write” consistency.

Possible solutions to mitigate this problem:

1️⃣ Latency-sensitive reads are sent to the primary database.
2️⃣ Reads that immediately follow writes are routed to the primary database.
3️⃣ A relational DB generally provides a way to check if a replica is caught up with the primary. If data is up to date, query the replica. Otherwise, fail the read request or read from the primary.

Real-world example. Vova Galchenko from Box wrote an excellent article about how they solve this problem: https://lnkd.in/gzGdrpTE

If you have any questions or I missed anything, please leave a comment.

—
Please follow me if you want to receive weekly updates about tech interviews, system design, or book writing.  Alex Xu
 
#systemdesign #coding #interviewtips
.
.

What is an API? 
.
.
A great illustration that explains: 
🔹 What is it
🔹 How it works
🔹 Why is it so popular

By Rapid_API on Twitter

-- 
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/3KCnWXq

#systemdesign #coding #interviewtips 
.