Readit News logoReadit News
evrflx commented on Ask HN: Could dual pilot input help prevent Air India-like crashes?    · Posted by u/amichail
evrflx · 2 months ago
What if an input is required to prevent a crash and one pilot maliciously does nothing.

I think there is a point in life when you just have to trust or the complexity and failure scenarios explodes.

By the way I have a similar feeling about software supply chains. You can do a little but there is a point it becomes futile.

evrflx commented on Left Google to solve documentation hell: What if your tests could write your doc   test2doc.com/... · Posted by u/dethstrobe
dethstrobe · 2 months ago
I recently left Google. I made a post explaining why, if anyone is interested. (Warning: it's pretty long) https://dethstrobe.com/blog/20250522-google/

Anyway, the ball is currently in the employer's court and the idea of exchanging one faceless master for another doesn't immediately sound appealing, so I figured I'll try to solve a pain point that I've experienced for a while.

Full transparency: I don't have the MVP working just yet. But what I'm trying to do is gauge genuine demand for an idea before I go all in.

*What if we could generate documentation from tests?*

Having documentation become stale sucks. Keeping docs up to date is hard.

Tests already verify the actual behavior of your system, so they can't lie about what your code does. They're living documentation that's always in sync with reality.

What if we could turn tests into docs that non-technical team members can actually use, or even the public?

It'd be great for onboarding new team members, giving product documentation for everything that's already been implemented, and–assuming we can come up with some best practices on how to write these tests–can even help reduce help desk calls as public facing documentation can self update on every deploy.

And I think we can. I'm currently playing around with this, but the theory is I can use Playwright, create a custom reporter for it, and it'll generate markdown you can use in something like Docusaurus.

That's not the paid product. That'll be an open source library that I'll give away.

But what I want to know is, would you be interested in paying for a SaaS platform that will host the docs and have integrations with:

* Github - allow non-technical to make PRs to update copy (code is the source of truth)

* JIRA – Link to the original requirements and vice versa

* Google Doc style comments for collaborative feedback

* On-prem support if you're paranoid and want to keep your secret docs away from public eyes

Check out my totally original unique landing page if these pain points are something you can relate to and I'm looking for feedback on this idea. Does it have legs? Does this address a problem you see at your company? Do you want help writing better tests to have better documentation for your codebase?

evrflx · 2 months ago
I like the idea! We use it actually for a financial application we develop for a bank. We use spring test docs with tests to create example api calls with answers, run reference calculations as part of the test and record the outcome and decisions Both become part of the documentation rendered with asciidoc. We added custom annotations to add documentation snippets thorough the code in addition to using drools and recording the ruleset as well. Feedback is great! But it is no generic approach and involved quite some effort for infrastructure and ongoing maintenance. But well worth the effort given the stakes involved.

Perhaps this helps you as feedback. I am curious how your approach will turn out.

evrflx commented on DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage   micahflee.com/ddosecrets-... · Posted by u/micahflee
pigbearpig · 3 months ago
From the Wired article: "The archive server is programmed in Java and is built using Spring Boot, an open source framework for creating Java applications. Spring Boot includes a set of features called Actuator that helps developers monitor and debug their applications. One of these features is the heap dump endpoint,"

So the heapdumps being available is a Spring Boot feature so it does not appear to be malicious.

evrflx · 3 months ago
This feature must be explicitly enabled, it is not on by default nor by accident.
evrflx commented on Replacing Kubernetes with Systemd   blog.yaakov.online/replac... · Posted by u/enz
evrflx · 4 months ago
For small vps Kubernetes might be overkill indeed. But: the API and ecosystem is really an enabler besides the built in infrastructure.

For the single vps-with-containers use case I recommend checking out watchtower instead of relying on systemd scripting.

evrflx commented on Anyone scaling ArgoCD across multiple clusters?    · Posted by u/DeborahEmeni_
evrflx · 4 months ago
I used one ArgoCD instance per cluster as of today. Makes security and scaling easier. What is your main driver to have a single ArgoCD instance?
evrflx commented on Val Kilmer, star of Top Gun and The Doors, dies aged 65   theguardian.com/film/2025... · Posted by u/sandebert
evrflx · 5 months ago
I wonder why „The Saint“ is not mentioned. Loved the movie and the different characters played by val kilmer.
evrflx commented on     · Posted by u/486sx33
evrflx · 6 months ago
The aggressor putin can stop any time and there will be peace. After that new elections are legally possible according to ukrainian law.
evrflx commented on Keycloak, Angular, and the BFF Pattern   blog.brakmic.com/keycloak... · Posted by u/brakmic
TobbenTM · 7 months ago
I think the main attack vector they are trying to protect against is XSS attacks. If a malicious actor manages to inject client side code, there’s nothing preventing them from exfiltrating tokens and gaining persistent user access. This because there is no Secure Enclave to store tokens in in browsers. The bff pattern can solve this by using HTTP only cookies, keeping all session tokens on the server. For high security scenarios like banks and health it makes sense, but there are so many more attack vectors that it’s not gonna cover it all.
evrflx · 7 months ago
With an XSS exploit it is game over, you control the browser. Adding more complexity and opening up the possibility of CSRF exploits with BFF does not look like a good trade off to me.
evrflx commented on CodeMic demo: beyond screencasts – record and replay inside your IDE   codemic.io... · Posted by u/seansh
seansh · 10 months ago
Hi everyone!

I've been working on CodeMic for the past year and put together a demo. I'd love to hear your feedback.

With CodeMic, you can record, replay, and share coding sessions right in your IDE: every click, scroll, selection, and modification synced with guiding video, audio, and image tracks.

I built CodeMic to address a gap: books, blogs, and screencasts fall short when it comes to building projects from scratch or exploring large codebases.

Unlike screencasts, you can pause the session to explore and experiment.

This is as far as I can tell a new concept. It's a more interactive way to learn, document, and share complex projects.

I'd love to know what you think. Sean.

evrflx · 10 months ago
I like the concept, great idea!
evrflx commented on Hoop.dev – the only access gateway with packet manipulation   github.com/hoophq/hoop... · Posted by u/andriosr
evrflx · a year ago
I would love to see a screenshot or visualization of session recordings / audits.
e

u/evrflx

KarmaCake day54April 12, 2018View Original