Kolomiiets Technical Inform

Small and medium-sized businesses often face a common challenge: the absence of experienced cloud engineers. Due to limited resources, teams typically choose the quickest path—getting things done in the easiest, fastest way. Unfortunately, this approach often leads to solutions that aren't secure, cost too much, and become nearly impossible to extend or manage effectively. Recognizing this critical challenge, Microsoft Azure has developed the Well-Architected Framework. This comprehensive set of guidelines and best practices helps businesses assess their existing solutions and guides them toward building robust, secure, cost-effective, and manageable cloud infrastructures from the start. The Azure Well-Architected Framework is structured around five essential pillars: Cost Optimization : Ensuring that cloud resources are used efficiently and effectively, reducing unnecessary expenses. Operational Excellence : Focusing on the ability to run and monitor systems effectively, ensuring ...

I keep hearing, “You MUST start with a monolith.” Every new project? Always? When I hear that, two thoughts immediately come to mind:      1️⃣ “It depends.” You can’t just blindly say every project must start as a monolith.      2️⃣ My inner Dushnylo whispers: “Time to make a post about this.” So, here’s my take: I disagree. Not only do I disagree, but I believe the most critical and dangerous part of system design is analyzing and understanding business needs before making architectural decisions. Why? Simple. Imagine you’re building a streaming platform that processes massive amounts of data, handles notifications, and integrates with third-party services. Does this sound like something you’d build as a pure monolith? Of course not. But I do agree on one thing—you have to start somewhere. That starting point could be a simple core application —yes, it might look like a monolith at first. But you’re not designing the entire system as a monolith. ...

Introduce My next post is about tools for managing roles and dynamically controlling access to resources. Some business requirements demand extreme flexibility, often requiring a combination of RBAC + ABAC at the same time. From my experience, I’ve seen a lot of solutions, but most don’t cover all the key points. There are three circles that are really hard to combine: Performance, Security, and Flexibility . And when someone tries to implement all three—oh, it’s painful. But I found a technology that (almost) solves this challenge: Cerbos —a scalable, open-source authorization layer for handling roles and permissions. ( Cerbos site ) Why is it good? ✅ Centralized configuration – Everything is managed in one place. ✅ Easy integration – SDKs are available for all popular languages:     🔹 .NET, Go, Java, JS, PHP, Python, Ruby, Rust ✅ Great documentation – Clear examples and guidance. ✅ Playground for testing – No need to run an app or set up tools. Just te...

  Exploring RavenDB: First Impressions and Key Features 🚀 At the recent conference ( https://devworldconference.com ), I was impressed by the possibilities and feature set of RavenDB. It’s not just another NoSQL database—it delivers on its promises with ease of use, powerful features, and high performance. In this post, I’ll share my first-hand experience with RavenDB, highlighting its key features, what makes it stand out, and my thoughts after testing it in a real-world pet project. Let’s dive in! 👇 List of features: Database Management Studio & Open-Source NoSQL Document Database – Ease of Use It's not just a slogan—it’s true. It took me around 5 minutes to run RavenDB and its Database Management Studio on my laptop. You can start experimenting with this DB locally in just a few minutes, without digging through tons of tutorials or manuals. No need to install dozens of tools and subsystems—just a few minutes, and you have a full sandbox for exploring and learning everyt...

Lately, I've noticed a recurring and perplexing theme in numerous posts and articles. Certain tech authorities assert that some established patterns are superfluous. For instance: "The repository pattern is unnecessary; simply use the ORM directly within your business logic—no need for abstractions." Therefore, I've chosen to initiate a new series titled “Dushnylo” (Definition: An individual who is excessively critical, focuses on minute details, and overwhelms others with arguments about why something is incorrect or flawed.) The inaugural topic in the “Dushnylo” series: "Reduced Abstraction, Increased Direct ORM Usage in Business Logic" Why circumventing abstractions breeds disorder: Strong Coupling and Reduced Testability By directly integrating an ORM into your business logic, you create a strong dependency between your business layer and the database implementation. This strategy: Makes migrating to a different ORM or database significantly more chal...

Last week, we saw plenty of posts about integrating DeepSeek into applications, running it locally, and similar topics. What surprised me, though, is that while I expected issues to surface, I didn't anticipate such a massive security problem with DeepSeek AI chats. Big thanks to Gal Nagli for this research: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak . We've seen countless discussions on how companies achieved this cheaply—but also so insecurely. This reflects the current state of the industry, where everyone is racing to outdo competitors in budget, speed, and features while completely neglecting security and stability. Take Garmin as another example: https://www.dcrainmaker.com/2025/01/garmin-watches-are-crashing-when-trying-to-start-gps.html . Or this persistent Windows Update issue: https://www.youtube.com/watch?v=h8ppow5te20 And perhaps the biggest failure yet—the CrowdStrike incident: https://en.wikipedia.org/wiki/2024_CrowdStrike-related...

Go's error handling emphasizes simplicity and explicitness.  This post explores its unique approach and compares it to other languages. Agenda   Why is it an interesting topic in GO? What do we have in different languages? It is why you can trust. Why is it an interesting topic in GO? I like having control over the processing of the source code; that code has a clear and structured flow, and it helps to read and understand the code and what's going on here. GO has it. And that's all that GO has. You are limited to processing it ONLY in this way. GO developers are discussing that it is a problem that you need to write each time mechanism to validate the error state and handle it on each layer of the process flow. And YES, it is noisy, I totally agree here. But when I saw this discussion, only one thing in my head. Did you try to debug the bug when you can't see where and who throws this exception? Yeah, it is the wrong implementation, but in my experience, I saw it very ...