ByteByteGo

Co-authored 3 books:
     - System Design Interview - Volume 1
     - System Design Interview - Volume 2
     - Machine Learning System Design Interview
Write weekly ByteByteGo newsletter on system design topics (1,000,000 subscribers).
Grow the ByteByteGo YouTube channel to over 500,000 subscribers.

Author & Co-Founder

Twitter

Software Engineer

Apple

Zynga

Oracle

Software Developer

Modeln N

Associate Member of Technical Staff

Follow me for system design & book-writing tips.

Alex Xu is a software engineer and author. His book System Design Interview - An Insider’s Guide is one of Amazon's best-selling books in the “Distributed Systems & Computing” category.  As of December 2020, his book is being translated into 7 different languages (Traditional Chinese, Russian, Japanese, Spanish, Polish, Simplified Chinese, and Korean).

--------------
Newsletter: https://blog.bytebytego.com
Twitter: https://twitter.com/alexxubyte
YouTube: https://www.youtube.com/c/ByteByteGo
Talent Collective: https://bytebytego.pallet.com/jobs

How does HTTPS work?

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP.) HTTPS transmits encrypted data using Transport Layer Security (TLS.) If the data is hijacked online, all the hijacker gets is binary code. 

How is the data encrypted and decrypted?

Step 1 - The client (browser) and the server establish a TCP connection.

Step 2 - The client sends a “client hello” to the server. The message contains a set of necessary encryption algorithms (cipher suites) and the latest TLS version it can support. The server responds with a “server hello” so the browser knows whether it can support the algorithms and TLS version.

The server then sends the SSL certificate to the client. The certificate contains the public key, hostname, expiry dates, etc. The client validates the certificate. 

Step 3 - After validating the SSL certificate, the client generates a session key and encrypts it using the public key. The server receives the encrypted session key and decrypts it with the private key. 

Step 4 - Now that both the client and the server hold the same session key (symmetric encryption), the encrypted data is transmitted in a secure bi-directional channel.

Why does HTTPS switch to symmetric encryption during data transmission? There are two main reasons:

1. Security: The asymmetric encryption goes only one way. This means that if the server tries to send the encrypted data back to the client, anyone can decrypt the data using the public key.

2. Server resources: The asymmetric encryption adds quite a lot of mathematical overhead. It is not suitable for data transmissions in long sessions.

Over to you: how much performance overhead does HTTPS add, compared to HTTP?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

Alex Xu

Author of 4 Bestselling Books | Co-Founder of ByteByteGo

No alternative text description for this image

A CI/CD pipeline is a tool that automates the process of building, testing, and deploying software. 
 
It integrates the different stages of the software development lifecycle, including code creation and revision, testing, and deployment, into a single, cohesive workflow. 
 
The diagram below illustrates some of the tools that are commonly used. 
 
Over to you: which one have you used? 

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

The 9 Algorithms That Dominate Our World.

The diagram below shows the most commonly used algorithms in our daily lives. They are used in internet search engines, social networks, WiFi, cell phones, and even satellites.

1.	Sorting
2.	Dijkstra’s Algorithm
3.	Transformers
4.	Link Analysis
5.	RSA Algorithm
6.	Integer Factorization
7.	Convolutional Neural Networks
8.	Huffman Coding
9.	Secure Hash Algorithm

Over to you: Are there any other commonly used algorithms we missed?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

Big O Notation 101: The Secret to Writing Efficient Algorithms 
 
From simple array operations to complex sorting algorithms, understanding the Big O Notation is critical for building high-performance software solutions. 
 
1 - O(1) 
This is the constant time notation. The runtime remains steady regardless of input size. For example, accessing an element in an array by index and inserting/deleting an element in a hash table. 
 
2 - O(n) 
Linear time notation. The runtime grows in direct proportion to the input size. For example, finding the max or min element in an unsorted array. 
 
3 - O(log n) 
Logarithmic time notation. The runtime increases slowly as the input grows. For example, a binary search on a sorted array and operations on balanced binary search trees. 
 
4 - O(n^2) 
Quadratic time notation. The runtime grows exponentially with input size. For example, simple sorting algorithms like bubble sort, insertion sort, and selection sort. 
 
5 - O(n^3) 
Cubic time notation. The runtime escalates rapidly as the input size increases. For example, multiplying two dense matrices using the naive algorithm. 
 
6 - O(n logn) 
Linearithmic time notation. This is a blend of linear and logarithmic growth. For example, efficient sorting algorithms like merge sort, quick sort, and heap sort 
 
7 - O(2^n) 
Exponential time notation. The runtime doubles with each new input element. For example, recursive algorithms solve problems by dividing them into multiple subproblems. 
 
8 - O(n!) 
Factorial time notation. Runtime skyrockets with input size. For example, permutation-generation problems. 
 
9 - O(sqrt(n)) 
Square root time notation. Runtime increases relative to the input’s square root. For example, searching within a range such as the Sieve of Eratosthenes for finding all primes up to n. 
 
Over to you: What else will you add to better understand the Big O Notation? 

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

Top 5 Kafka use cases

Kafka was originally built for massive log processing. It retains messages until expiration and lets consumers pull messages at their own pace.

Let’s review the popular Kafka use cases.

- Log processing and analysis
- Data streaming in recommendations
- System monitoring and alerting
- CDC (Change data capture)
- System migration

Over to you: Do you have any other Kafka use cases to share?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

What does API gateway do?

The diagram below shows the detail.

Step 1 - The client sends an HTTP request to the API gateway.

Step 2 - The API gateway parses and validates the attributes in the HTTP request.

Step 3 - The API gateway performs allow-list/deny-list checks.

Step 4 - The API gateway talks to an identity provider for authentication and authorization.

Step 5 - The rate limiting rules are applied to the request. If it is over the limit, the request is rejected.

Steps 6 and 7 - Now that the request has passed basic checks, the API gateway finds the relevant service to route to by path matching.

Step 8 - The API gateway transforms the request into the appropriate protocol and sends it to backend microservices.

Steps 9-12: The API gateway can handle errors properly, and deals with faults if the error takes a longer time to recover (circuit break). It can also leverage ELK (Elastic-Logstash-Kibana) stack for logging and monitoring. We sometimes cache data in the API gateway.

Over to you: 1) What’s the difference between a load balancer and an API gateway?
2) Do we need to use different API gateways for PC, mobile and browser separately?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

Top 12 Tips for API Security 
. 
. 
- Use HTTPS 
- Use OAuth2 
- Use WebAuthn 
- Use Leveled API Keys 
- Authorization 
- Rate Limiting 
- API Versioning 
- Whitelisting 
- Check OWASP API Security Risks 
- Use API Gateway 
- Error Handling 
- Input Validation 

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

How many API architecture styles do you know? 
 
Architecture styles define how different components of an application programming interface (API) interact with one another. As a result, they ensure efficiency, reliability, and ease of integration with other systems by providing a standard approach to designing and building APIs. Here are the most used styles: 
 
🔹SOAP: 
Mature, comprehensive, XML-based 
Best for enterprise applications 
 
🔹RESTful: 
Popular, easy-to-implement, HTTP methods 
Ideal for web services 
 
🔹GraphQL: 
Query language, request specific data 
Reduces network overhead, faster responses 
 
🔹gRPC: 
Modern, high-performance, Protocol Buffers 
Suitable for microservices architectures 
 
🔹WebSocket: 
Real-time, bidirectional, persistent connections 
Perfect for low-latency data exchange 
 
🔹Webhook: 
Event-driven, HTTP callbacks, asynchronous 
Notifies systems when events occur 
 
Over to you: Are there any other famous styles we missed? 

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

What happens when you type google .com into a browser?

1 - First up, you type the website address in the browser’s address bar.
2 - The browser checks its cache first. If there’s a cache miss, it must find the IP address.
3 - DNS lookup begins (think of it as looking up a phone number). The request goes through different DNS servers (root, TLD, and authoritative). Finally, the IP address is retrieved.
4 - Next, your browser initiates a TCP connection like a handshake. For example, in the case of HTTP 1.1, the client and server perform a TCP three-way handshake with SYN, SYN-ACK, and ACK messages.
5 - Once the handshake is successful, the browser makes an HTTP request to the server and the server responds with HTML, CSS, and JS files.
6 - Finally, the browser processes everything. It parses the HTML document and creates DOM and CSSOM trees.
7 - The browser executes the JavaScript and renders the page through various steps (tokenizer, parser, render tree, layout, and painting).
8 - Finally, the webpage appears on your screen.

Over to you: Which other step will you add to the overall process?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

DNS Record Types You Should Know!

Here are the 8 most commonly used DNS Record Types.

1 - A (Address) Record
Maps a domain name to an IPv4 address. It is one of the most essential records for translating human-readable domain names into IP addresses.

2 - CNAME (Canonical Name) Record
Used to alias one domain name to another. Often used for subdomains, pointing them to the main domain while keeping the actual domain name hidden.

3 - AAAA Record
Similar to an A record but maps a domain name to an IPv6 address. They are used for websites and services that support the IPv6 protocol.

4 - PTR Record
Provides reverse DNS lookup, mapping an IP address back to a domain name. It is commonly used in verifying the authenticity of a server.

5 - MX Record
Directs email traffic to the correct mail server.

6 - NS (Name Server) Record
Specifies the authoritative DNS servers for the domain. These records help direct queries to the correct DNS servers for further lookups.

7 - SRV (Service) Record
SRV record specifies a host and port for specific services such as VoIP. They are used in conjunction with A records.

8 - TXT (Text) Record
Allows the administrator to add human-readable text to the DNS records. It is used to include verification records, like SPF, for email security.

Over to you: Which other DNS Record Type have you seen?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

How does gRPC work?

RPC (Remote Procedure Call) is called “remote” because it enables communications between remote services when services are deployed to different servers under microservice architecture. From the user’s point of view, it acts like a local function call.

The diagram below illustrates the overall data flow for gRPC.

Step 1: A REST call is made from the client. The request body is usually in JSON format.

Steps 2 - 4: The order service (gRPC client) receives the REST call, transforms it, and makes an RPC call to the payment service. gPRC encodes the client stub into a binary format and sends it to the low-level transport layer.

Step 5: gRPC sends the packets over the network via HTTP2. Because of binary encoding and network optimizations, gRPC is said to be 5X faster than JSON.

Steps 6 - 8: The payment service (gRPC server) receives the packets from the network, decodes them, and invokes the server application.

Steps 9 - 11: The result is returned from the server application, and gets encoded and sent to the transport layer.

Steps 12 - 14: The order service receives the packets, decodes them, and sends the result to the client application.

Over to you: Have you used gPRC in your project? What are some of its limitations?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

Docker vs. Kubernetes. Which one should we use?

What is Docker ?
Docker is an open-source platform that allows you to package, distribute, and run applications in isolated containers. It focuses on containerization, providing lightweight environments that encapsulate applications and their dependencies.

What is Kubernetes ?
Kubernetes, often referred to as K8s, is an open-source container orchestration platform. It provides a framework for automating the deployment, scaling, and management of containerized applications across a cluster of nodes.

How are both different from each other ?
Docker: Docker operates at the individual container level on a single operating system host.

You must manually manage each host and setting up networks, security policies, and storage for multiple related containers can be complex.

Kubernetes: Kubernetes operates at the cluster level. It manages multiple containerized applications across multiple hosts, providing automation for tasks like load balancing, scaling, and ensuring the desired state of applications.

In short, Docker focuses on containerization and running containers on individual hosts, while Kubernetes specializes in managing and orchestrating containers at scale across a cluster of hosts.

Over to you: What challenges prompted you to switch from Docker to Kubernetes for managing containerized applications?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

The world of computer memory and storage. 
 
We will talk about: 
- The fundamental duo: RAM and ROM 
- DDR4 and DDR5 
- Firmware and BIOS 
- SRAM and DRAM 
- HDD, SSD, USB Drive, SD Card 
- and more 

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

API Vs SDK! 
 
API (Application Programming Interface) and SDK (Software Development Kit) are essential tools in the software development world, but they serve distinct purposes: 
 
API: 
An API is a set of rules and protocols that allows different software applications and services to communicate with each other. 
 
1. It defines how software components should interact. 
2. Facilitates data exchange and functionality access between software components. 
3. Typically consists of endpoints, requests, and responses. 
 
SDK: 
An SDK is a comprehensive package of tools, libraries, sample code, and documentation that assists developers in building applications for a particular platform, framework, or hardware. 
 
1. Offers higher-level abstractions, simplifying development for a specific platform. 
2. Tailored to specific platforms or frameworks, ensuring compatibility and optimal performance on that platform. 
3. Offer access to advanced features and capabilities specific to the platform, which might be otherwise challenging to implement from scratch. 
 
The choice between APIs and SDKs depends on the development goals and requirements of the project. 
 
Over to you: 
Which do you find yourself gravitating towards – APIs or SDKs – Every implementation has a unique story to tell. What's yours? 

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

8 Most-Used Distributed System Design Patterns

If you are building a distributed system, you’ll need to use some of these patterns.

1 - Ambassador Pattern
Focuses on offloading all major tasks other than business logic to helper services. Example of such tasks include logging, monitoring, and retries.

2 - Circuit Breaker Pattern
This pattern helps prevent cascading failures when one service calls another service by preventing such calls.

3 - CQRS Pattern
Separate read and write operations for better flexibility and supporting different scaling requirements.

4 - Sharding
Split a monolithic database into multiple partitions known as shards for better horizontal scalability.

5 - Sidecar Pattern
Deploy auxiliary components alongside the main service containers to manage cross-cutting concerns like configuration management, logging, and monitoring.

6 - Pub/Sub 
Used for asynchronous communication between publisher services and subscriber services.

7 - Leader Election 
In distributed systems, some tasks (such as leader-follower replication) need a single leader. Leader election algorithms ensure that only one node is designated as the leader.

8 - Event Sourcing
Store the events or state changes in a separate event store. The event store can add the event to a message broker to update the read database. 

Over to you: Which other distributed system pattern have you seen?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

The Open Source AI Stack

You don’t need to spend a fortune to build an AI application. The best AI developer tools are open-source, and an excellent ecosystem is evolving that can make AI accessible to everyone.

The key components of this open-source AI stack are as follows:

1 - Frontend
To build beautiful AI UIs, frameworks like NextJS and Streamlit are extremely useful. Also, Vercel can help with deployment.

2 - Embeddings and RAG libraries
Embedding models and RAG libraries like Nomic, JinaAI, Cognito, and LLMAware help developers build accurate search and RAG features.

3 - Backend and Model Access
For backend development, developers can rely on frameworks like FastAPI, Langchain, and Netflix Metaflow. Options like Ollama and Huggingface are available for model access.

4 - Data and Retrieval
For data storage and retrieval, several options like Postgres, Milvus, Weaviate, PGVector, and FAISS are available.

5 - Large-Language Models
Based on performance benchmarks, open-source models like Llama, Mistral, Qwen, Phi, and Gemma are great alternatives to proprietary LLMs like GPT and Claude.

Over to you: Which other tool will you add to the Open Source AI Stack?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

How do microservices collaborate and interact with each other?

There are two ways: orchestration and choreography.

The diagram below illustrates the collaboration of microservices.

Choreography is like having a choreographer set all the rules. Then the dancers on stage (the microservices) interact according to them. Service choreography describes this exchange of messages and the rules by which the microservices interact.

Orchestration is different. The orchestrator acts as a center of authority. It is responsible for invoking and combining the services. It describes the interactions between all the participating services. It is just like a conductor leading the musicians in a musical symphony. The orchestration pattern also includes the transaction management among different services.

The benefits of orchestration:
1. Reliability - orchestration has built-in transaction management and error handling, while choreography is point-to-point communications and the fault tolerance scenarios are much more complicated.
2. Scalability - when adding a new service into orchestration, only the orchestrator needs to modify the interaction rules, while in choreography all the interacting services need to be modified.

Some limitations of orchestration:
1. Performance - all the services talk via a centralized orchestrator, so latency is higher than it is with choreography. Also, the throughput is bound to the capacity of the orchestrator.
2. Single point of failure - if the orchestrator goes down, no services can talk to each other. To mitigate this, the orchestrator must be highly available.

Real-world use case: Netflix Conductor is a microservice orchestrator and you can read more details on the orchestrator design.

Question - Have you used orchestrator products in production? What are their pros & cons?

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

How does REST API work? 

What are its principles, methods, constraints, and best practices? 

I hope the diagram below gives you a quick overview.

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

What distinguishes MVC, MVP, MVVM, MVVM-C, and VIPER architecture patterns from each other?

These architecture patterns are among the most commonly used in app development, whether on iOS or Android platforms. Developers have introduced them to overcome the limitations of earlier patterns. So, how do they differ?

- MVC, the oldest pattern, dates back almost 50 years
- Every pattern has a "view" (V) responsible for displaying content and receiving user input
- Most patterns include a "model" (M) to manage business data
- "Controller," "presenter," and "view-model" are translators that mediate between the view and the model ("entity" in the VIPER pattern)
- These translators can be quite complex to write, so various patterns have been proposed to make them more maintainable

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

Why is Kafka fast?

There are many design decisions that contributed to Kafka’s performance. In this post, we’ll focus on two. We think these two carried the most weight.

1️. The first one is Kafka’s reliance on Sequential I/O.
 
2️. The second design choice that gives Kafka its performance advantage is its focus on efficiency: zero copy principle.
 
The diagram below illustrates how the data is transmitted between producer and consumer, and what zero-copy means.
 
🔹Step 1.1 - 1.3: Producer writes data to the disk 
 
🔹Step 2: Consumer reads data without zero-copy
2.1: The data is loaded from disk to OS cache
2.2 The data is copied from OS cache to Kafka application
2.3 Kafka application copies the data into the socket buffer 
2.4 The data is copied from socket buffer to network card
2.5 The network card sends data out to the consumer
 
🔹Step 3: Consumer reads data with zero-copy
3.1: The data is loaded from disk to OS cache
3.2 OS cache directly copies the data to the network card via sendfile() command
3.3 The network card sends data out to the consumer
 
Zero copy is a shortcut to save multiple data copies between the application context and kernel context.

--
Subscribe to our weekly newsletter to get a Free System Design PDF (158 pages): https://bit.ly/bbg-social

#systemdesign #coding #interviewtips 
.

Taplio

Alex Xu's Linkedin Analytics

Who is engaging with Alex

's Best Posts (last 30 days)

Want to drive more opportunities from LinkedIn?

Taplio

.css-1jgreyo{background-image:linear-gradient(284deg, rgba(39,43,72,1) 0%, rgba(33,47,183,1) 100%);color:transparent;-webkit-background-clip:text;background-clip:text;}Alex Xu's Linkedin Analytics

Who is engaging with Alex

's Best Posts .css-qqfgvy{font-size:var(--chakra-fontSizes-md);}(last 30 days)

Want to drive more opportunities from LinkedIn?

Alex Xu's Linkedin Analytics

's Best Posts (last 30 days)