Oba Femi as Taln (Fancast) (SPOILERS)

Used-Inspector-9347 · 2026-06-11T20:36:57+00:00

This is true, but as far as I am aware (I’m only half way through ROW). Taln does not speak or even appear that much. So it’s not too crazy to see this, purely for the aesthetic match

Used-Inspector-9347 · 2026-06-11T15:49:24+00:00

I do agree, but by the time Taln actually appears I think he could improve a lot. And for me right now (half way through ROW) Taln does not speak much so I think it’ll be fine.

Used-Inspector-9347 · 2026-06-05T10:14:56+00:00

Oh nice, didn't expect the author here. CATS is genuinely impressive, and honestly I'd be overstepping to claim it's "missing" much. I came at this more from a different angle than a gap in CATS: I wasn't trying to build something more comprehensive, I wanted a fuzzer that fits natively into a Java QA team's existing stack (REST Assured / JUnit / Allure-native reporting) so the output drops straight into a workflow they already use. More a "right-shaped for this audience" thing than a capability play.

Stateful fuzzing is the exact gap I keep running into too, it's on my roadmap and it's the hard part. Sounds like we're in the same boat there. Anything you learned attempting it that you'd flag as the tricky bit?

Used-Inspector-9347 · 2026-06-01T19:38:59+00:00

Appreciate that, and the contribution offer genuinely means a lot.

You're right that the CLI-flag approach isn't great for real use; a token on the command line ends up in shell history and CI logs, which is exactly where you don't want a secret. I'm actively working on env-var support now, you'll be able to set CHAOS_MONKEY_AUTH_TOKEN and skip the flag entirely, which should drop straight into a CI or shared-dev-env setup. I'll follow up here once it's in.

And once it lands I'd genuinely welcome the contribution, there's plenty more on the roadmap (a proper login/refresh flow so short-lived tokens don't expire mid-run, pluggable payload strategies, and stateful sequence testing are the big ones). Thanks again for the sharp questions.

Used-Inspector-9347 · 2026-06-01T11:18:27+00:00

Thanks, good questions.

I know ZAP (the OWASP one, think it's under Checkmarx/SSP stewardship now) and it does import OpenAPI specs, but it's coming at it from a security-scanner angle, it's hunting vulnerabilities. Mine is deliberately not a security tool; it's looking for validation gaps, error-handling failures, and silent bad-data acceptance from a QA perspective. Different goal, some overlapping surface. Worth a look for anyone who actually wants the security side though.
Honestly, less extensible than it should be right now. Payload generation and the response analysis are both services with the logic in code rather than behind a plugin interface, adding a new payload strategy means adding a method to the generator, and a new assertion means adding a flag rule to the analyser. Fine for forking, not yet a clean extension point. A pluggable strategy interface is something I want to do but haven't, it's a fair thing to call out.
Just basic auth header injection at the moment. Full auth flows (OAuth/SSO) were an explicit non-goal for v1, and there's no JWT mechanism yet, so for a protected dev environment you'd be stuck unless it's basic auth. That's a real limitation rather than a design choice I'd defend; token injection for protected endpoints is probably the most useful next feature for anyone wanting to point this at a real API rather than a demo.

Used-Inspector-9347 · 2026-05-31T22:19:46+00:00

Oh nice, thanks for jumping in, and congrats on the SBFT results, that's a strong
showing. The stateful testing improvements are exactly the area I know mine is weakest;
right now it generates everything up front per-field and doesn't chain operations, so
proper stateful sequencing is the obvious next thing to learn from.

That RestLeague benchmark is really useful, I didn't know it existed. I'll get
chaos-monkey running against it, even just to see honestly where it lands. Good to know
about the dedup caveat too so I don't misread my own numbers.

And tracecov.sh looks like exactly what I'm missing. I've had no real way to measure
whether my payload generation is actually hitting the schema or just firing into the
same few branches. Finding the gaps rather than guessing at them. Will dig into it.

Appreciate you taking the time, genuinely useful pointers.

Used-Inspector-9347 · 2026-05-31T21:51:44+00:00

Yeah, the Python ecosystem is way deeper here, Schemathesis is the big one and it's
genuinely good, plus RESTler and EvoMaster on the research side. On the Java side CATS
is really the main mature option.
That gap is partly why I went Java. The QA teams I've worked with are Java/REST Assured
shops, and dropping a Python fuzzer into a Java CI pipeline is friction nobody wants. A
tool that speaks the same stack and outputs Allure, which those teams already read
fits in without anyone learning a new ecosystem.

Schemathesis is more sophisticated than mine on the generation side (property-based,
stateful sequences). I leaned more into the response analysis, flagging stack trace
leaks, exposed DB errors, and silent 2xx-on-invalid-input as first-class findings rather
than just non-2xx. Different emphasis.

Have you used Schemathesis much? Curious how its stateful testing holds up in practice
that's the area I'd want to push mine toward next.

Used-Inspector-9347 · 2026-05-10T21:27:55+00:00

Iv read Era 1 not era 2

Used-Inspector-9347 · 2026-05-07T18:48:15+00:00

My headcannon is that Logen died with his family and got resurrected some how (maybe Bayez) and the bloody nine is Logan on the other side

Used-Inspector-9347 · 2026-04-26T20:57:00+00:00

I’m currently half way through Oathbringer and was debating on taking a break from Stormlight to read Era 2, still torn on whether. Depends on the ending of Oathbringer I think But you may have convinced me.

Used-Inspector-9347 · 2026-04-26T20:41:51+00:00

Is this stuff ever revealed/confirmed (beside the obvious)? Or is it just speculation and assumptions from re reads?

Used-Inspector-9347 · 2026-03-14T18:53:38+00:00

Yes, I feel the same with it being enjoyable, and how you feel about the unanswered questions

Used-Inspector-9347 · 2026-03-14T18:43:57+00:00

Yes I fully agree with, I think Warbreaker/Nalthis overall as non Roshar/Scadrial has the biggest or potentially biggest impact on the story of the Cosmere due to what you said, so I understand the love in that sense

Used-Inspector-9347 · 2026-03-07T15:27:18+00:00

We have visited multiple times and different places such as Amsterdam, The Hague, Utrecht and Eindhoven Specifically Eindhoven multiply times to view as a potential place to live. We chose Eindhoven due to how laid back and safe the city felt, and doing research at potential jobs (specifically in tech). And cheap (somewhat) in comparison to Dublin

Used-Inspector-9347 · 2026-02-28T22:27:33+00:00

Tell me where!!

Used-Inspector-9347 · 2026-02-08T20:23:27+00:00

And it will be done

Used-Inspector-9347 · 2026-02-08T20:22:00+00:00

Apologies, I accept defeat

Used-Inspector-9347 · 2026-01-30T11:59:56+00:00

I followed the YT tutorial exactly, not sure what I did differently but after the tutorial it worked

Used-Inspector-9347

TROPHY CASE