Shared Libraries Trap

SOA it's all about Services. Services are the first-class citizen and there is no mistake in that decision. Some problems requires shared libraries and thats fine, however, I would say most of the internal shared libraries are not needed and they only cause trouble and little benefit. There is plenty of abuse of shared libraries and we need to start to recognize that we need to reduce the number of shared libraries and do fewer libraries and accept more code duplication and others from os package solutions. Shared libraries tend to spread and as a side effect, they create lots of binary coupling, complexity, and maintenance issues that kill any real Service/Microservice benefits. Services require flexibility and freedom to upgrade and release in different schedules. You might not realize but Shared Libraries are killing services and making them just a big complex distributed monolith. That's not the first time I blog about, but I still think the industry still did not get this right, and still super important to understand this big issue. There are plenty of mistakes that are killing microservices, shared libraries is a big offender.

Don't Repeat Your Self (D.R.Y)

It always starts with that. I don't want to duplicate code. We dont want to fix the same bug in 2 places. That often is the argument to start a shared library. However, what really boils down to is developer experience and commodity. It's funny but as engineers, we are paid to solve problems, often by writing code so we try to write less code. There are good and SOLID reasons to have internal libraries but I would argue is 10% of the cases and 90% of the cases are just commodities and some particular programming model that is desired such as Annotations, Aspects, Spring Integrations, and other extensions/integration that are mostly style based. It all starts as "good" ideas but ends with coupling, technical debt, slowing down migrations, complexity pilling up, and deprecated old code that people don't like. It does not take long to be stuck into some old frameworks that you cannot upgrade unless you migrate all Services. 

We need to leverage Services, SideCars, Tooling over libraries. Because there is so so so much abuse and miss use of libraries and the end result is always the same: Tech debt, Bad software written, people left and go make the same mistakes in other companies and we need end this cycle. How many times you saw someone saying: "Dont write a shared library"? Never! People know "OH we need to reuse code", "OH we need to be D.R.Y which is a principle". Maybe do we need different and new principles?

Scalability is about duplication 

NoSQL scales. The key to NoSQL Scalability is DUPLICATION. We duplicate Data. The KEY for CQRS/ES(A practical way to scale applications) is to DUPLICATE data again. SOA is about duplication. Microservices is about duplication. Duplicating CODE is 100% fine. Data Lakes and Data Meshes are about DUPLICATION. Everything that is BIG and SCALE is about DUPLICATION is time for us to accept we need to let it go. It's 100% fine to duplicate code between services. 

When you duplicate your CODE you are DECOUPLED and that allows you do have ISOLATION. Meaning your service can be independent of another service and you can have different stacks, versions and work things much faster. 

Sharing is a BOTTLENECK! The best Multi-threading solutions happen in architectures called "SHARE NOTHING". The worst code to refactor is the ones with a global shared state, state isolation is the key for performance. Isolation and duplication walk side by side. What you think Multi-Region means? Duplication. What you think High Availability mean? Duplication. So you don't believe me, well if you look into 70-90s database architecture we have OLTP and OLAP 2 different words, never run an expensive report on a transaction DB. So how you fix this? DUPLICATION. 

You don't need shared libraries

So just you don't think I'm a crazy Brazillian, that might a very few use cases where doing an internal shared library is 100% the right solution for that case you need to be very careful and try to add any external library as transitive dependencies and there are techniques for that. 

It's 100% ok use shared libraries from the internet but is not fine to use your internal libraries because you are abusing them. Libraries from the internet are FREE and you did not pay to use FOSS. When you have a team building a shared library you have an investment issue because often the team who are internal consumers of that library cannot afford to build something better by themselves. Shared Libraries have HIGHLY coupled with services since they are binary dependencies and any update on them requires migration if you break the API or not. We can reduce some of the pain by adding automation so for minor and security/patch versions changes you dont require people to do nothing.  

We need to understand internal shared libraries are not making any good us, actually it's the other way around there is so much abuse that we really need to consider stop or drastically reduce the number of shared libs we do.  Look Istio and Service Meshes(Kubernetes space) they push things to the PLATFORM, there is ZERO couplings, ZERO binary dependencies, ZERO shared libraries. 


Diego Pacheco

Popular posts from this blog

Podman in Linux

Java Agents

HMAC in Java