Watching the FTX saga playout highlights that this phenomenon goes beyond software development.
Too much confidence is put in the ability of the right design to protect against failure when without the right implementation nothing is certain. Incorrectly, the implementation is considered an inferior and simple step and it’s the design itself that provides all the value. In reality, the implementation can be deceptively hard, not least because it needs to be right throughout the design’s lifespan and is often highly distributed across teams, locations, individuals and skillsets./p>
In the case of FTX, the protection afforded by the “decentralized” cryptocurrency design was that it was no longer reliant on a central authority. The emergence of centralized crypto exchanges (like FTX) was the implementation choice that broke the design.
An example we see often with is with micro-services. Micro (web) service architectures have proved very effective for influential internet companies and proponents are too confident in its abilities to perform in every use-case.
Micro-services architectures are indeed a step forward and functional decomposition offers many important benefits to teams such as “better ability to develop and deploy their services independently of others”. What’s not considered is how hard it will be to implement and maintain. And so, do the pros outweigh the cons for a given use-case? The decoupling that these architectures require comes at a hefty cost:
- Interfaces need to be designed carefully. Standing up clean APIs is hard.
- Testing and deployment are much more complicated.
- The protocol typically used, HTTP, is not designed to be impeccably reliable.
- If you need a full view of the system (likely) you will need to create a central aggregation service anyway which will break the model.
In our experience, micro-services architectures tend to be less effective when used on the type of mission critical systems you find in Capital Markets because the cost of failure can be vastly different compared to the internet companies that created the technology in the first place. The risk of a bad implementation is just too high.