今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

标签:#architecture

找到 362 篇相关文章

AI 资讯

The Paintbrush Paradox: Why the Monolithic Era of AI Is Crumbling

Over the past week, two narratives have been colliding everywhere I look. On one side, there's panic. AI is expected to replace marketers, engineers, and entire categories of knowledge work almost overnight. On the other, there are quieter but far more consequential signals: enterprise teams discovering their AI infrastructure is burning through API budgets far faster than expected. This isn't because the underlying models are weak, but because the systems built around them are fundamentally inefficient by design. These aren't separate stories. They're the same failure showing up in different places. A conversation with another developer made that gap visible in real time. He argued that auditing a 150,000-line codebase requires feeding the entire repository into a model in one single, massive pass. It's still a common assumption in mainstream tech: that an LLM works like a giant biological brain that you must fully load with raw text before it can begin to think. But that assumption is already outdated. Modern AI systems don't scale through brute-force context. They scale through structure. And that shift changes everything. Key takeaways Bigger context windows did not solve AI. Treating a frontier model as a monolithic processor that re-reads an entire system on every query is wasteful, dilutes attention, and hides bugs under raw volume. ARC-AGI-3 makes the gap stark: frontier models scored under 1% on interactive reasoning tasks that untrained humans solve at nearly 100%. The gap is architecture, not memory. The teams pulling ahead treat the model as one narrow component inside a larger system: intelligent routing, task decomposition, retrieval, and only the minimum necessary context. The next advantage is not the biggest model or the longest prompt. It is the system designed around the model. Prompting was the first generation; systems architecture is the next. The Myth of the Infinite Context Window When context windows expanded into the hundreds of thousands o

2026-07-10 原文 →
AI 资讯

Salesforce Education Cloud: A Modern Alternative to EDA

Executive Summary The Salesforce Education Data Architecture (EDA) has served educational institutions well for over a decade as a free, community-supported managed package. However, with the 2023 launch of the reimagined Education Cloud—built natively on the Salesforce core platform—institutions now face a strategic choice about their CRM foundation . While EDA remains supported and continues to function effectively, Education Cloud represents a fundamental architectural shift that offers significant advantages in simplicity, scalability, and access to innovation . This paper examines why Education Cloud is demonstrably easier to implement and maintain compared to its predecessor, addressing the key differences in architecture, data model, and ongoing operations. 1. The Architectural Advantage: Built-In vs. Bolted-On 1.1 EDA: A Managed Package on Top of Salesforce EDA is a managed package installed on top of the Salesforce core platform . As a managed package, it creates additional layers of complexity: Installation and Updates: EDA requires separate package installations and updates that can lag behind Salesforce's native release cycle Namespace Conflicts: The managed package introduces its own namespace, potentially creating compatibility issues with other tools Translation Limitations: EDA's localization has documented issues, including a known problem where the Preferred Phone functionality fails when users switch to languages other than English Record Type Validation Bugs: Deactivating an account record type can block contact creation—a validation error that requires manual workarounds 1.2 Education Cloud: Native to the Core Platform Education Cloud represents a fundamentally different approach. Rather than being a package installed on Salesforce, Education Cloud is built directly on the Salesforce core platform . Key Advantages: No Package to Install: Education Cloud runs natively on the Salesforce core platform, eliminating the need for separate managed pack

2026-07-10 原文 →
AI 资讯

Architecture Decisions Behind Building a Simple Personal Software Tool

How I moved from a traditional web application mindset to exploring local-first architecture I wanted to build a simple software tool for my personal use. Nothing complicated. Something in the category of tools people build for themselves: A personal expense tracker A budgeting application A private knowledge management tool A personal organization system The important characteristic was this: The data belonged to one person. It was not a social application. It was not a collaboration platform. It did not need users interacting with each other. There was no requirement for: Public profiles Sharing updates Real-time collaboration Social features It was simply a tool that helped one person manage their own information. When I started thinking about building it, my first instinct was the most natural one for me. I am a web application developer. My comfort zone is building web applications. So my first thought was: "Why not build a Ruby on Rails application?" Something like: User | Web Application | Ruby on Rails API | PostgreSQL Database This is an architecture I have worked with many times. The workflow is familiar: Create models Build controllers Add authentication Store data in a database Deploy the application Access it from anywhere This is a proven architecture. For many products, this is exactly the right approach. But while thinking about this project, I asked myself a different question: Am I choosing this architecture because the problem requires it, or because it is the architecture I already know? That question changed the direction completely. Understanding The Actual Problem Before choosing technology, I wanted to understand the nature of the problem. What kind of application was I actually building? There is a big difference between building: A social network A marketplace A collaboration platform A communication application versus building: A personal tool A private utility A single-user productivity application In the first category, the server is the

2026-07-09 原文 →
AI 资讯

Dev Log: 2026-07-09 — one source of truth, three times over

TL;DR Three unrelated repos, one recurring theme: derive from a single source of truth instead of duplicating it. Shipped a registry-driven sidebar section switcher (public), converged a multi-system password flow, and pushed on a customer-data identity engine. Details on the first two live in their own posts today. 1. Registry-driven sidebar switcher (public) Added a section switcher to the kickoff starter kit. The sidebar, the switcher, and breadcrumbs all read the same config/menu.php list, and the active section is picked by longest URL-prefix match — so a detail page like /admin/roles/42/edit keeps its parent selected. Full write-up in the focused post. 2. One canonical password flow Converged two apps that each rolled their own password-change/reset logic onto a single shared engine, with a fixed order (directory → external DB → local app) and no config-toggle to skip backends. A password that syncs to some systems is worse than one that fails outright, so partial success is now impossible by construction. Also fixed a subtle status bug — an unreachable backend reports skipped (a runtime fact), not disabled (a config state that no longer exists) — and added an audit log so "did it sync?" is a query, not a guess. Separate post today goes deeper. 3. Identity resolution engine (customer data work) Steady progress on a CDP-style identity layer: an idempotent, header-versioned ingest endpoint that queues incoming records, then a resolution engine that can resolve, merge, unmerge, and quarantine profiles. Two things I care about here: PII handling: sensitive identifiers are encrypted at rest with a blind index for lookups, and masked in audit trails — you can search on a value without storing it in the clear. Right-to-erasure: an erasure cascade plus an erasure log, so a deletion request actually propagates and leaves a defensible record that it did. ingest -> queue -> resolve -> profile | +-> merge / unmerge / quarantine No code from this one here — it's teaching t

2026-07-09 原文 →
AI 资讯

When a password sync is 'partly done', it's a bug: converging on one canonical flow

TL;DR Two apps each had their own password-change/reset logic, plus config toggles to enable/disable backends. That combination quietly allowed partial syncs. Fix: one shared engine, one canonical order , backends mandatory (no config-disable), and every attempt written to an audit log. Lesson: for a write that spans several systems, "configurable steps" is a footgun. Make the flow fixed and make failure loud. The setup A user changes their password. Behind the scenes that single password has to land in several systems — a directory, an external database, and the app's own store. Two separate apps were doing this, each with slightly different code, and each with config flags like sync_oracle => true|false to turn backends on and off. Sounds flexible. It's actually a trap. Why configurable backends are a footgun TL;DR: a password that updates 2 of 3 systems is worse than one that updates none — because now the systems disagree and nobody gets an error. The moment a backend is optionally skippable, "skipped" and "failed" blur together. Someone flips a flag in one environment, forgets it in another, and now prod and staging run different flows. Debugging a login failure means first reverse-engineering which steps actually ran. Before After Each app had its own reset logic One shared engine, both apps call it Backends toggle via config Backends are mandatory, always run Order implicit / differed per app One canonical order: New directory → external DB → local app "Did it sync?" answered by guessing Every attempt logged with per-service status The canonical order The order isn't cosmetic. It runs most-authoritative-first, so if a downstream step fails you haven't already told the user their new password works. change/reset request | v [ New Directory ] --ok--> [ External DB ] --ok--> [ Local App store ] | | | fail fail fail | | | +----> stop, record per-service status, surface the failure Same engine, same order, both apps. A change API and a reset flow are just two entr

2026-07-09 原文 →
AI 资讯

AlloyDB Ships Proxy Models That Replace LLM Calls with Local Inference Inside the Database

Google shipped AlloyDB AI functions GA with a proxy model architecture that trains a lightweight local model from LLM outputs, then runs queries at database speed without external calls. Smart batching delivers 2,400x throughput improvement. The proxy model reaches 100,000 rows per second in preview, but benchmark numbers apply only to ai.if in internal testing. By Steef-Jan Wiggers

2026-07-09 原文 →
AI 资讯

Multi-tenant SaaS architecture patterns

Multi-tenancy is the decision that quietly shapes your entire SaaS backend. Get it right and you scale smoothly to thousands of accounts. Get it wrong and you're rewriting your data layer under load, mid-growth, with customers watching. The good news: for most products the right answer is simpler than the internet suggests. The three models There are three canonical ways to isolate tenants, and they trade isolation against operational cost: Row-level (shared schema). Every table has a tenant_id\ column, and every query filters on it. One database, one schema, all tenants together. Schema-per-tenant. Each tenant gets its own PostgreSQL schema inside a shared database. Stronger isolation, more objects to manage. Database-per-tenant. Each tenant gets a dedicated database or instance. Maximum isolation, maximum operational weight. Why row-level wins for most SaaS For the overwhelming majority of B2B SaaS products, row-level multi-tenancy is the right default. It's the cheapest to operate, the easiest to run migrations against, and it scales further than founders expect. The objection is always "but isolation" — and Postgres has a strong answer. Row-Level Security (RLS) lets the database itself enforce that a query can only see its own tenant's rows. With Supabase , RLS is the native model: you set a policy once, and even a buggy query can't leak across tenants. Combined with a tenant_id\ on every table and an index that leads with it, this pattern comfortably serves large customer bases. One caution from hard experience: write RLS policies so helper functions run once per query, not once per row . A policy that re-evaluates a lookup for every row will quietly turn fast endpoints slow as tables grow. Wrap the check so the planner runs it as an init-plan. When to reach for stronger isolation Escalate deliberately, not reflexively: Regulatory or contractual isolation — a customer requires their data in a physically separate database. Noisy-neighbor risk — one whale tenant'

2026-07-09 原文 →
AI 资讯

Monorepo vs polyrepo

How you split your code into repositories seems like a plumbing decision, but it quietly shapes how your team collaborates, ships, and reasons about the system. A monorepo keeps everything in one repository; a polyrepo gives each service or app its own. Neither is universally right, and the loudest opinions online usually ignore your actual stage and team size. Here's how to think about it clearly. What a monorepo buys you A monorepo puts your web app, mobile app, backend, and shared libraries under one roof. The advantages are real, especially for smaller teams: Atomic changes. Update a shared type and every consumer in the same pull request. No cross-repo coordination dance. One source of truth for tooling. A single lint, format, and CI config instead of drift across a dozen repos. Effortless code sharing. Shared TypeScript packages are just imports, not published versions you have to bump and reinstall everywhere. Easy refactoring. You can find and fix every caller of a function because it's all in front of you. Tools like Turborepo and Nx make this practical by caching builds and only running work for the parts that actually changed. What a monorepo costs The trade-offs show up as you grow. Build and CI times can balloon without smart caching. Access control is coarser — it's harder to give a contractor one service without the whole codebase. And a naive setup rebuilds and tests everything on every change, which gets slow fast. Good tooling mitigates all of this, but you have to invest in it deliberately. What a polyrepo buys you Separate repositories give each service hard boundaries . A team owns its repo end to end, deploys on its own schedule, and can't accidentally reach into another team's internals. Access control is naturally granular, CI for each repo is small and fast, and the blast radius of a bad change is contained. The cost is coordination. A change that spans services becomes multiple pull requests across multiple repos that must land in the right

2026-07-09 原文 →
AI 资讯

Microservices vs monolith

Microservices have a marketing problem: they're associated with the engineering cultures of Netflix and Amazon, so ambitious teams assume adopting them is what serious companies do. But those companies moved to microservices to solve problems of enormous scale and huge headcount — problems you almost certainly don't have yet. For most products, splitting too early is one of the most expensive mistakes you can make. Here's the honest trade-off. What a monolith actually gives you A monolith is one deployable application. That simplicity is a feature, not a limitation, especially early: One codebase, one deploy. No orchestration, no service mesh, no distributed tracing just to understand a request. Simple debugging. A stack trace crosses your whole request. You're not correlating logs across five services to find one bug. Fast local development. Run the whole app on your laptop and iterate. Easy transactions. Data consistency is a database transaction, not a distributed saga you have to design and get right. The modern version isn't a big ball of mud. A modular monolith enforces clean internal boundaries — separate modules with clear interfaces — giving you much of the organization of microservices with none of the network overhead. What microservices actually cost Splitting into services doesn't remove complexity; it moves it from your code into the network, where it's harder to see and reason about. You inherit a long list of new problems: Distributed systems failure modes — partial failures, retries, timeouts, and eventual consistency become your daily reality. Data consistency across services — no more easy transactions; you're designing sagas and compensating actions. Operational overhead — every service needs deployment, monitoring, logging, and on-call. Slower local development and debugging — reproducing a bug can mean running half your architecture. For a small team, this overhead can consume the very velocity you were trying to gain. When microservices genuin

2026-07-09 原文 →
AI 资讯

Why Software Can't Tell You It's Wrong

Software architecture debates have a problem that most other engineering disciplines don't: the alternative was never built. When a bridge fails, the failure is physical, attributable, and measurable against every other bridge that didn't. The engineering decisions that caused it can be isolated, traced, and corrected — not just in theory, but in the next bridge, because the material itself produces feedback that no amount of professional opinion can override. Steel deflects. Concrete cracks. Physics doesn't care what the architect believed. Software produces no equivalent feedback. A system built around the wrong abstractions compiles, runs, ships, and passes its tests just as readily as one built around the right ones. A bug introduced by a misaligned domain model looks identical, from the outside, to a bug introduced by a typo. A feature that took three times longer than it should have, because the structure made it harder than the business logic warranted, produces no artifact that distinguishes it from a feature that was simply difficult. The cost is real. The cause is invisible. This is the unfalsifiability problem, and it runs deeper than "we can't measure everything." It means that when a system becomes expensive to change, the diagnosis almost always lands on the wrong variable. The domain is complex. The requirements changed. The previous team was careless. Almost never: the structure was wrong, and the structure was wrong because nobody ever built the other version of it to compare against. That version doesn't exist, it never will, and every architectural argument in the industry is conducted in its absence. This would be a purely philosophical problem if there were nothing to do about it. There is something to do about it — but it requires accepting that the standard metric for software quality, whether it works, is measuring the wrong thing entirely. The Metric That Hides the Problem The natural substitute for "is this good engineering" is "does it wor

2026-07-08 原文 →
AI 资讯

The reasoning was right, but the world shifted

While working on the GitHub adapter, a gateway that lets AI agents create pull requests on GitHub, the source_state field first looked like a small technical detail. It was not the operation itself, or the target. It was only a reference to the state the agent had seen before proposing a change. But after working through the write path, this field started to look less like metadata and more like part of the safety model. A proposed change is not only defined by what it wants to do. It is also defined by the state in which that proposal made sense. This is easy to miss. An agent can read a repository, produce a reasonable change, and submit a clean intent. Nothing about that has to be wrong. But while the agent is planning, the repository can move. A human can push a fix. Another workflow can update the same file. A branch can advance. In that case, the agent may still be reasoning correctly over the state it saw. The problem is that this state no longer exists. The reasoning was right, but the world shifted. That is the stale state problem in agent workflows. And it is why I think agent workflows need state-bound intent. The illusion of a static world From the outside, even from the boundary's point of view, a stale request can look just like any other: the operation has the same name, the target path is still allowed, the input is still well formed. But it is not. The proposal belonged to an older state of the repository, formed before the branch moved, before the file changed, before another workflow created a related result. This is why stale state is not only a data freshness problem. For agent workflows, it becomes an admission problem: a decision about whether a proposed change is allowed to become a real effect. We call that decision point an MCP Boundary: the same pattern behind the GitHub adapter and the wider work we do on MCP gateways. The boundary should not only ask whether the operation is allowed on the target. It should also know whether the target i

2026-07-08 原文 →
AI 资讯

Why Serverpod? One Language for Your Entire Stack

Why this series I love writing clean architecture . Not because it looks nice in a diagram, but because it survives change — new requirements, new team members, and now, AI-assisted development , where you want boundaries an AI can respect and tests that catch it when it wanders. The problem in most Flutter stacks is the seam between app and backend. You write Dart on the client, then switch to a different language, a hand-written REST layer, DTOs that drift out of sync, and serialization bugs nobody notices until production. Serverpod removes that seam. You write Dart on the server too, and the client-server communication code is generated for you — type-safe, end to end. What is Serverpod? Serverpod is an open-source backend framework that lets you build the entire stack in Dart. Instead of context-switching between languages, your models, your API, and your database logic all live in one language. What you get out of the box: Endpoints — server methods your Flutter client calls directly. The communication code is generated, so there's no hand-written REST/JSON glue. An ORM — type-safe, statically analyzed database access with migrations and relationships. No raw SQL required. Code generation — define a model once; get serialization and client bindings on both sides automatically. Real-time data — streaming over WebSockets, managed for you. Auth — integrations for Google, Apple, and Firebase. The extras enterprises actually need — file uploads, task scheduling, caching, logging, and error monitoring. And on the "is this serious enough for production?" question: Serverpod says it's battle-tested in real-world apps and secured by over 5,000 automated tests, scaling from hobby projects to millions of users without code changes. That's exactly the property you want in an enterprise foundation. The architecture at a glance Here's how the pieces fit. A Serverpod project is generated as three packages: myapp_server → your backend: endpoints, models, business logic, DB my

2026-07-08 原文 →
AI 资讯

Memory Engineering Is a Promotion Pipeline, Not a Pile of Notes

A lot of AI memory systems start with the same temptation: "Just save the useful thing." That sounds harmless until the knowledge base becomes a junk drawer. Half the notes are too specific, a few are duplicates, some are obsolete, and nobody knows which ones the agent should trust. In ai-assistant-dot-files , the memory system is deliberately slower. It uses a promotion lifecycle: Capture -> Candidate -> Audit -> Approve -> Index -> Retrieve -> Expire That lifecycle is documented in docs/runbooks/memory-engineering.md , and the important word is not "capture." It is "candidate." Nothing writes directly to memory The framework has a durable memory layer: Knowledge Items in shared/knowledge/ , ADRs in docs/adrs/ , the domain dictionary, team topology, a feature archive, and a registry at shared/memory-registry.json . But a lesson from a delivery does not jump straight into shared/knowledge/ . It first becomes a Candidate Record. That record has required fields: Source Type Evidence Tags Expiration condition Then memory-engineer audits it: Is it reusable? Is it already covered? Is it too speculative? Does it belong as a Knowledge Item, or should it become a rule change, prompt edit, or ADR instead? Only after that does a human approve the destination. The design is intentionally similar to code review. Durable memory changes future behavior, so they deserve a paper trail. Rejection is a feature One of my favorite parts of the memory runbook is that it has explicit rejection rules. Do not promote a memory when it is: a one-off already covered too speculative That makes "zero candidates promoted this cycle" a healthy result, not a failure. This is where memory engineering starts to look less like note-taking and more like gardening. The point is not to preserve every leaf. The point is to keep the soil useful. Expiration matters The lifecycle also includes expiration. A Knowledge Item can become stale when the underlying code, agent, or pattern changes. It can be supers

2026-07-08 原文 →
AI 资讯

Dev Log: 2026-07-07

TL;DR Collapsed a billing model from à-la-carte features to plans-only, in four safe phases. Unified authorization across web, API, and MCP so all three obey one permission layer. Fixed a legacy Oracle password-sync writing to the wrong column. Four repos moved today. Here's the thread that ties most of them together: one source of truth beats two. Billing: plans-only Spent most of the day migrating a SaaS off per-feature à-la-carte subscriptions and onto plans-only entitlements. The interesting part isn't the model — it's doing it without a billing outage: seed plans, switch reads to plans, backfill every org, then delete the old machinery. Expand/contract, four deployable phases. Full write-up in the focused post. One permission layer for three surfaces An ops tool exposed the same actions three ways — web UI, API, and an MCP server for agent access. The bug: each surface checked authorization slightly differently, so an MCP tool could allow something the web UI blocked. The fix was to make the MCP tools gate on the same permission layer as everything else, so: web ─┐ API ─┼─► one permission check ─► allow / deny MCP ─┘ TL;DR: web ≡ API ≡ MCP — three doors, one lock. Also added a dedicated support-engineer role scoped for debugging without handing over the keys to everything, plus identity/diagnostics/SLA read tools so an agent can answer "why didn't this notification send?" without shell access. Before After Each surface authorizes its own way Single permission check, shared MCP tool could out-permission the UI MCP bound to the same guard No debug-scoped role support_engineer role, read-only diagnostics Legacy Oracle password sync Smaller but sharp: a password reset was writing to the wrong Oracle column and also touching a date_modified field it had no business updating. Routed the student reset to the correct password column and dropped the stray write. Lesson with legacy schemas — the column that looks right and the column the app actually reads from are not a

2026-07-08 原文 →
AI 资讯

Killing à-la-carte: migrating a feature-gating model to plans-only

TL;DR Moved a SaaS from à-la-carte feature subscriptions (pay per feature) to plans-only (pay for a tier, get its features). Did it in four phases so nothing broke mid-flight: seed plans → gate on plans → migrate orgs → delete the old machinery. Lesson: model migrations are safest as expand → migrate → contract , not a big-bang swap. The problem The old billing let an org subscribe to individual features à la carte. Flexible on paper, painful in practice: entitlement logic had two sources of truth (per-feature subscriptions and an implicit plan), and every gate had to check both. Time to collapse it into one model — you buy a plan , the plan carries the features. The trap with this kind of change is the temptation to rip out the old columns and ship. Do that and every in-flight subscription, every gate check, and every webhook that still speaks the old language breaks at once. The phased plan I ran it as four ordered migrations. Each phase is deployable on its own and leaves the app working. Phase What it does Why this order F1 Seed Plans into the prerequisite chain New model must exist before anything reads it F2 Gate features on the plan, not the feature-sub Reads switch over while writes still dual-run F3 Deploy op migrates existing orgs onto a plan Backfill — nobody left on the old model F4 Remove the à-la-carte machinery Contract — safe only after F3 This is the expand/contract pattern applied to a domain model, not just a schema. Expand (F1) adds the new thing alongside the old. Migrate (F2–F3) moves reads then data. Contract (F4) deletes the old thing once nothing points at it. F1 seed F2 gate on plan F3 backfill orgs F4 drop features ┌────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ plans │ --> │ reads: plan │ -> │ every org on │ -> │ delete a-la- │ │ exist │ │ writes: both │ │ a real plan │ │ carte code │ └────────┘ └──────────────┘ └──────────────┘ └──────────────┘ safe safe safe safe Gating on the plan The gate collapses to a single question

2026-07-08 原文 →
AI 资讯

[Boost]

The Log Is the Agent AI Engineer World's Fair Coverage Ishaan Sehgal Ishaan Sehgal Ishaan Sehgal Follow for Daily Context Jun 30 The Log Is the Agent # aie # agents # ai 48 reactions 89 comments 5 min read

2026-07-08 原文 →
AI 资讯

What We Learned Rewriting an Interactive Map Editor: Fabric.js, CORS, and 20,000 Lines of Legacy TypeScript

A story about how migrating an interactive office map editor turned into an engineering investigation involving Fabric.js, tainted canvas , and an architecture that's finally easy to extend. In most software projects, one sentence usually makes every developer nervous: "Let's rewrite this module from scratch." It often means months of development, regression risks, and endless architecture discussions. Our project was no different. We develop, a workspace management platform that allows companies to manage office spaces and book desks. One of its core features is an interactive office map editor, where administrators upload floor plans, place desks and meeting rooms, and publish maps for employees. Over the years, this editor slowly evolved into a real monolith. And the problem wasn't simply the number of lines of code. Where It All Started The editor dated back to the AngularJS era. The main component had gradually grown into a single file responsible for almost everything: loading maps working with Fabric.js CRUD operations keyboard shortcuts dialogs saving event handling The main editor component alone contained nearly 2,270 lines of code . Behind it lived another codebase — the map engine itself. Almost 20,000 lines of TypeScript spread across more than 230 files. One of the biggest architectural issues was an infinite rendering loop. fabric . util . requestAnimFrame (() => this . tick ()); Even when the user wasn't interacting with the editor, rendering continued forever. It worked. But every new feature became more expensive to build. Why We Decided to Rewrite It The motivation wasn't AngularJS itself. The real reason was business requirements. The product needed completely new capabilities: map drafts safe publishing high-quality printing multiple workspace modes easier support for new object types Every new feature pushed harder against the existing architecture. Eventually it became obvious: We weren't fighting individual bugs anymore. We were fighting the

2026-07-08 原文 →
AI 资讯

End-to-end Design Walkthrough — Full System Design

Full system design walkthrough: vì sao quy trình 5 bước quan trọng hơn thuật ngữ, và cái bẫy nhảy thẳng vào deep-dive Một buổi phỏng vấn system design 45–60 phút không đánh giá xem thí sinh biết bao nhiêu tên công nghệ, mà đánh giá xem thí sinh có xử lý được một bài toán mơ hồ theo một quy trình có kỷ luật hay không. Cùng đề "thiết kế URL shortener", người thất bại thường bắt đầu bằng "dùng Cassandra vì scale tốt" ngay ở phút thứ hai — chưa hỏi scale bao nhiêu, chưa biết read/write ratio, chưa đồng ý interface. Người pass đi theo một trình tự cứng: requirements → estimation → high-level → deep-dive → tradeoff . Cùng một đề, cùng thời lượng, nhưng người thứ hai dẫn dắt được interviewer thay vì bị dí. Bài này mô tả quy trình đó ở mức thực dụng, các thất bại thường gặp khi bỏ bước, và một hands-on end-to-end trên URL shortener để tự luyện. Cơ chế hoạt động Quy trình chuẩn được nhiều tài liệu tổng hợp (Alex Xu — System Design Interview vol.1; Donne Martin — system-design-primer ; Kleppmann — Designing Data-Intensive Applications ) đều có 4–5 bước gần như trùng nhau. Đây là khung 5 bước dùng thực tế trong phỏng vấn: Requirements clarification (~5 phút). Chốt functional requirement (hệ thống làm gì — API nào, use case nào) và non-functional requirement (availability target, latency target, consistency yêu cầu, security, cost). Không đoán — hỏi lại interviewer. Output: 3–5 gạch đầu dòng functional + 3–5 gạch NFR + danh sách "out of scope" (analytics, billing, ...). Back-of-the-envelope estimation (~5 phút). Tính DAU, QPS peak/avg, read:write ratio, storage growth theo năm, bandwidth. Không cần chính xác — cần đúng order of magnitude để quyết định "cần shard hay không", "cache có ý nghĩa không", "một node đủ hay phải scale ngang". High-level design (~10–15 phút). Vẽ box diagram: client → LB → app tier → cache → primary datastore → async worker → object storage/CDN. Định nghĩa API (endpoint, request/response, status code) và data model (schema chính, index chính). Ở bước này

2026-07-08 原文 →