Developer Builds Open-Source Feature Flag Audit Tool Inspired by Knight Capital's $440M Loss

·1 views

A software engineer built Tombstone, a self-hosted feature flag intelligence platform, after a 2:47am incident revealed his team had no reliable way to track which flags had changed across 12 services during a payments outage. The core problem was that tools like LaunchDarkly, Jira, and Notion each held partial information but shared no causal model, making it impossible to link a flag change to a downstream latency spike. The project draws on the 2012 Knight Capital disaster, where reactivating a dormant flag key on a single server triggered $440 million in losses in 45 minutes because no system tracked key provenance or blocked reuse. Tombstone is designed to permanently retire, or 'tombstone,' flag keys after deprecation so they cannot be reactivated with outdated semantics in future deployments. The tool targets engineering teams that have outgrown informal audit trails like Slack channels and shared docs but need durable, queryable flag history without relying on fragmented third-party platforms.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Seven Concrete Ways AI Is Reshaping Software and Work Beyond Basic Chatbots

A DEV Community article outlines seven emerging shifts in how AI is being integrated into software and work, moving beyond simply enhancing existing tools. The piece argues that AI is evolving from a conversational assistant into an operator-style system capable of using tools, memory, and defined boundaries to complete tasks. Software interfaces are being redesigned to expose actions and context directly to AI agents, not just human users. Human roles are shifting toward defining intent, constraints, and review standards, while agents handle implementation. Across areas like productivity, learning, and web services, the underlying pattern is AI enabling human-directed systems with built-in context, evidence, and accountability.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How to Choose the Right Monitoring Tool for Your React App

React applications face silent failures — from race conditions to null check errors — that often go undetected until users report them, making monitoring essential for production apps. Monitoring broadly falls into three categories: error tracking, performance monitoring, and session replay, each answering a distinct question about app health. A practical comparison of seven popular tools — including Sentry, LogRocket, Datadog, New Relic, Bugsnag, and FullStory — highlights their strengths based on team size and use case. Sentry is recommended as a strong default for most React and Next.js projects, offering all three monitoring categories under one SDK with a free tier covering 5,000 errors per month. Choosing the wrong tool can waste both setup time and budget, making a clear decision framework critical before committing to any solution.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Freelancer Shares Proposal Strategy Behind 95% Upwork Bid Win Rate

A freelancer claims to have achieved a 95% bid win rate on Upwork across hundreds of proposals by making one key change in approach. Instead of leading with personal credentials and process lists, the strategy focuses on diagnosing the client's specific problem using details from their own job post. The method involves naming the likely root cause, hinting at a solution, and closing with a targeted question rather than a generic sign-off. The author argues that listing steps or deliverables positions a freelancer as a service provider, while demonstrating problem insight signals expertise. To apply the framework at scale, the author built an AI tool called AI Proposer that structures proposals accordingly and flags common mistakes before submission.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

How Checkov Helps Developers Catch Insecure Terraform Configs Before Deployment

Infrastructure as Code tools like Terraform can produce valid configurations that are nonetheless insecure, since misconfigurations such as public storage buckets or missing encryption do not prevent successful deployment. Checkov is an open-source static analysis tool designed to scan Terraform and other IaC files for cloud misconfigurations and policy violations before any resources are created. Unlike application bugs that cause crashes or errors, infrastructure security flaws often go unnoticed while quietly exposing systems to risk. Checkov fits into both local development workflows and CI/CD pipelines, enabling teams to catch problems early as part of a shift-left security approach. This makes it a practical option not just for security specialists but also for developers seeking to build safer cloud environments from the start.

0 comments Read more at DEV Community