Konstantin Tarkus
@koistya.com
Building the rails that AI workflows run on. Principal Engineer architecting the foundation for safe & scalable intelligence. ☕️ // Code #DevOps #Startups #AI
Pinned
Konstantin Tarkus
@koistya.com
· Nov 3
1/9 Building rate limits in WS-KIt: Token buckets look simple: refill tokens, spend on requests, reject when empty. In production, fairness evaporates when capacity and refill rate aren’t tuned together. Here’s the playbook I use to keep systems responsive and abuse-resistant 🧵
No DDoS, no hack. Cloudflare outage = one small ClickHouse ACL change → duplicate features → config file too big → Bot Management module hits preallocated memory limit → entire frontline proxy crashes repeatedly. Bravo to #Cloudflare team for transparency 👏
November 19, 2025 at 9:56 AM
No DDoS, no hack. Cloudflare outage = one small ClickHouse ACL change → duplicate features → config file too big → Bot Management module hits preallocated memory limit → entire frontline proxy crashes repeatedly. Bravo to #Cloudflare team for transparency 👏
I used to joke about being a code therapist. Now it looks like it's an actual job — Vibe Coding Cleanup Specialist
November 18, 2025 at 6:20 PM
I used to joke about being a code therapist. Now it looks like it's an actual job — Vibe Coding Cleanup Specialist
Bun's adding ws.subscriptions! No more manual tracking of which channels a WebSocket is subscribed to. Here's a quick example using WS-Kit:
November 5, 2025 at 8:46 AM
Bun's adding ws.subscriptions! No more manual tracking of which channels a WebSocket is subscribed to. Here's a quick example using WS-Kit:
Working code isn't enough
November 5, 2025 at 7:57 AM
Working code isn't enough
1/9 Building rate limits in WS-KIt: Token buckets look simple: refill tokens, spend on requests, reject when empty. In production, fairness evaporates when capacity and refill rate aren’t tuned together. Here’s the playbook I use to keep systems responsive and abuse-resistant 🧵
November 3, 2025 at 5:59 PM
1/9 Building rate limits in WS-KIt: Token buckets look simple: refill tokens, spend on requests, reject when empty. In production, fairness evaporates when capacity and refill rate aren’t tuned together. Here’s the playbook I use to keep systems responsive and abuse-resistant 🧵
Locks lie.
Fencing tokens don’t.
Here’s why your distributed lock isn’t protecting your data — and how “zombie” processes can corrupt production without you realizing it.
Fencing tokens don’t.
Here’s why your distributed lock isn’t protecting your data — and how “zombie” processes can corrupt production without you realizing it.
October 18, 2025 at 2:38 PM
Locks lie.
Fencing tokens don’t.
Here’s why your distributed lock isn’t protecting your data — and how “zombie” processes can corrupt production without you realizing it.
Fencing tokens don’t.
Here’s why your distributed lock isn’t protecting your data — and how “zombie” processes can corrupt production without you realizing it.
SyncGuard v2.5.0 is here 🚀 Now offering powerful distributed locking with your choice of Redis, Postgres, or Firestore backends. Prevent race conditions and ensure data integrity across your services. Check it out!
kriasoft.com/syncguard/
kriasoft.com/syncguard/
SyncGuard | Distributed Locks for TypeScript
TypeScript distributed lock library that prevents race conditions across services. Because nobody wants their payment processed twice! 💸
kriasoft.com
October 17, 2025 at 5:03 PM
SyncGuard v2.5.0 is here 🚀 Now offering powerful distributed locking with your choice of Redis, Postgres, or Firestore backends. Prevent race conditions and ensure data integrity across your services. Check it out!
kriasoft.com/syncguard/
kriasoft.com/syncguard/
Been digging into WebSocket rate limiting bugs - turns out trusting client timestamps is the quiet killer. Wrote up what went wrong and the fix: medium.com/@koistya/059...
Two Timestamps, One Message: Why WebSocket Systems Need Both
Patch the silent bug: replace client-provided timestamps with ingress truth before attackers do.
medium.com
October 9, 2025 at 11:36 AM
Been digging into WebSocket rate limiting bugs - turns out trusting client timestamps is the quiet killer. Wrote up what went wrong and the fix: medium.com/@koistya/059...