Architecture

In software engineering, complexity is often seen as a sign of competence.

Indeed, a simple system looks suspicious, while a complex system looks serious.

What is the value of a decade of success?

In my final year of engineering school, I built a CTF platform. At the time, no software like CTFd existed. Everything had to be built from scratch.

It took me a lot of thinking to arrive at an architecture that looks simple in hindsight: serve static files, generated on demand, to reduce the attack surface. Standard Unix services glued the components together. Low-level containers isolated services from one another.

Reading some discussions between developers or software architects, one might think that the smallest web application today requires a distributed infrastructure, a Kubernetes cluster, and several specialized cloud services.

Yet many web services (including those that receive several thousand visitors per day) can work perfectly well with a much simpler architecture.

Here is a hands-on account of the infrastructure I use for my production projects, some of which exceed 5,000 daily visitors, and which I also applied for years during a cybersecurity competition with more than 250 on-site participants.