Weekly update 14

Hi, wel­come to the first week­ly update of Novem­ber!

MEAP update for Production-Ready Serverless

There has been delays in pub­lish­ing the rest of the VPC unit the last two weeks as my edi­tor has been away. But wor­ry not, I’m already work­ing on the last unit on canary deploy­ment and both units should be on their way to you soon.

Remem­ber, whilst the course is still in the MEAP, you can get 40% off the face price using the code ytcui.

I have also turned this course into a class­room set­ting, so if you’re inter­est­ed in hav­ing me run this as a work­shop in your com­pa­ny, then drop me a line via the Con­tact page.

New Posts

AWS Lamb­da pro­gram­ming lan­guage com­par­i­son. I wrote a guest post for Epsagon where we com­pared sev­er­al pop­u­lar pro­gram­ming lan­guages that are sup­port­ed by Lamb­da — Node.js, Python, Go, C# and Java. We com­pared them on cold and warm start per­for­mance, cost impact, as well plat­form sup­port.

More than func­tions — server­less observ­abil­i­ty webi­nar. To cel­e­brate the launch of Epsagon I took part in their launch webi­nar along with Jere­my Daly and Corey Quinn. I had a great time hang­ing out with the guys and talk­ing about server­less. You can check out the record­ing here.


It’s been a busy two weeks and I man­aged to pack in four con­fer­ences in that time. I spoke at Voxxed­Days Bris­tol, Get.Net Gdan­sk, O’Reilly Soft­ware Archi­tec­ture con­fer­ence and final­ly O’Reilly Veloc­i­ty. Inter­est­ing­ly, I spoke about some­thing dif­fer­ent at every sin­gle event (but always around server­less, of course!). You can find all the slides below, I’ll post the links to the videos as well once they’re up.

Upcoming Talks

Novem­ber is going to be a busy month of trav­el­ling for me. Here are the con­fer­ences I will be speak­ing at, if you hap­pen to be at one of these events please don’t hes­i­tate to come and say hi :-)

Good Reads

How we got to $1 mil­lion in annu­al recur­ring rev­enue with $0 in fundrais­ing — time is your most scarce resource, not mon­ey.

Here’s a cou­ple of posts that lets you take a peek behind the cur­tain to see how the big boys do it ;-)

Why Net­flix rolled its own Node.js Func­tion-as-a-Ser­vice for its API plat­form. This slid­edeck gives some more insight into this plat­form they call Nod­e­Quark. Giv­en their scale and needs, as well as the skillsets they pos­sess, it makes sense for them to roll their own. But, for almost every­body else, please don’t do this!

I dis­cov­ered this cool project called PacBot from TMo­bile. Pac stands for pol­i­cy-as-code, it’s a plat­form for doing con­tin­u­ous com­pli­ance mon­i­tor­ing and report­ing.

Ten plat­form com­mand­ments. Anoth­er great post from Char­i­ty Majors.

Github show­cased a bunch of demos for their new Github Actions fea­ture. I don’t know about you, but I’m quite excit­ed to final­ly be able to use Github to dri­ve my CI/CD pipelines with­out hav­ing to run a sep­a­rate tool. I’m sur­prised it took them this long to get into this game but bet­ter late than nev­er!

Secur­ing server­less: attack­ing an AWS account via a Lamb­da func­tion. Excel­lent sto­ry of how Ory (CTO of Puresec) hacked lambshell.com.

Cus­tomized rate lim­it­ing for API Gate­way by path para­me­ter, query para­me­ter, and more. Nice trick to let you spec­i­fy the API Key (hence con­trol rate lim­it­ing) via a query para­me­ter instead of the x-api-key head­er. I’m not sure when I’d actu­al­ly use it, maybe in the case where a cus­tomer can’t spec­i­fy HTTP head­ers for some rea­son? (I know, it’s stretch­ing a lit­tle, but I have seen some weird lim­i­ta­tions when inte­grat­ing with third par­ties)

And final­ly, some wis­dom from the one and only Dan North: