Hi HN, I'm working on CodeProt. We recently wrote about how we use static analysis (AST and data-flow) to catch performance killers like Zip Bombs and architectural bottlenecks (e.g., full DB reloads) early in the review process.
We found that performance isn't just about speed—it's about availability. A single unconstrained extraction or a bad architectural pattern can bring down a system just as effectively as a DDoS.
Curious to hear how others are automating these kinds of architectural checks.
bediger4000•2mo ago
Do you want spammers and scrapers to triumph!?! A zip bomb is a good way for the righteous to let it be known that unclean scrapers should stay away.
theamk•2mo ago
Yes, they do. Remember, OP is build AI-powered review tools. Their technology won't exist without scrapers.
tliltocatl•2mo ago
It's not like they are not going to figure it out themselves eventually. Use inverse slow loris instead. Yes, these are harder to deploy, but much more robust.
allenz_cheung•2mo ago
We found that performance isn't just about speed—it's about availability. A single unconstrained extraction or a bad architectural pattern can bring down a system just as effectively as a DDoS.
Curious to hear how others are automating these kinds of architectural checks.
bediger4000•2mo ago
theamk•2mo ago
tliltocatl•2mo ago