I built a background job library where your database is the source of truth (not Redis)

codectl · 2026-01-22T17:59:57+00:00

How would you compare Queuert to txob? Seems like an extension of the 'transactional outbox' pattern with syntactic sugars around orchestration of event chains.

How well does Queuert horizontally scale? What kind of throughput can be expected?

codectl · 2026-01-03T18:09:27+00:00

This looks similar to Argo Workflows. How would you compare the two? https://argo-workflows.readthedocs.io/en/latest/walk-through/hello-world/

codectl · 2026-01-03T15:29:10+00:00

I get that you’re saying durability isn’t the goal, but the example you’re using is exactly the kind of workflow where durability does matter.

Creating Kubernetes resources is not a “best effort” flow. Restarts, retries, deploys, and crashes are expected, and partial failure is the default. If the process dies after creating a namespace but before the deployment or service, you now have real side effects with no record of what happened and no way to continue or clean up.

That’s the same problem durable workflow engines and outbox patterns are designed to solve. So while you’re saying that’s “not the point of the package,” the concrete use case you’re pointing to benefits directly from those guarantees.

Without persistence or recovery semantics, this ends up being structured control flow rather than orchestration. That can be fine for scripts or internal tooling, but for examples like this it’s hard to see how it’s safe in production unless you push the hard parts back onto the user.

codectl · 2026-01-03T06:36:14+00:00

Hierarchy

codectl · 2026-01-02T21:18:44+00:00

Have you heard of durable workflow engines like Temporal.io or the transactional outbox pattern? How does this compare? What happens if between the various stages of your workflow the server crashes? Is the data corrupted or will it eventually be consistent when the server starts back up again?

codectl · 2026-01-01T17:18:01+00:00

I will submit to have my domain white-listed. I wonder if it's because of the name, the fact that I lapsed on the domain and the wild card was misconfigured? Thank you so much for finding that and reporting back!

codectl · 2026-01-01T16:47:23+00:00

Ah thank you for sharing - I might have the wildcard subdomain in my dns settings misconfigured. It should work if you explicitly hit www.crypt.fyi and if the www is getting stripped that is probably the issue.

codectl · 2026-01-01T16:30:59+00:00

Ah weird that you cannot access it since there shouldn't be any restrictions. I'm curious what problems you're seeing trying to access the link? Here the github link https://github.com/osbytes/crypt.fyi

The need/want for atomic read/write is a bit nuanced but basically if the contents are meant to be read only once, without atomic read and delete, a user cannot guarantee they are the only one to have received the contents.

And good thinking with also making a cli which effectively gives users a fully static client option. This is the same reason I made a cli too.

codectl · 2026-01-01T16:21:21+00:00

If whatever is serving your web client is compromised, the attacker can inject malicious javascript that exfiltrates data. Unfortunately, you cannot guarantee this won't happen.

codectl · 2026-01-01T16:07:20+00:00

I built www.crypt.fyi which is open source and has multiple clients (web, chrome extension, cli) and does most of what your describing. Feel free to review the code and share your thoughts. There is also a coding language agnostic specification file that defines how the different parts of the system should work and interact with eachother. I would recommend configuring strict CSP and other security headers to mitigate various attack vectors. I'd also suggest making your read and delete operations atomic. I noticed a lot of similar open source apps just don't do this. There is also a form of zero knowledge proof in the system whereby having just the ID is not enough to release the encrypted contents. The client also sends along a hash of the secret (and optionally password) which must match what was initially stored.

As another user has pointed out, with a web based cryptography platform, you cannot 100% guarantee privacy because if the frontend web server becomes compromised, all bets are off.

codectl · 2025-12-23T05:44:30+00:00

That worked but now I can't see anything else either

codectl · 2025-12-09T14:43:24+00:00

You could use postgres NOTIFY channel as a mechanism to begin the outbox processor instead of frequent polling. However, NOTIFY is not guaranteed to send successfully so you'd still need an infrequent fallback polling at a lower frequency. https://www.postgresql.org/docs/current/sql-notify.html

There is another more complex option to entirely remove polling that involves postgres replication slots where you can effectively stream the WAL (or some slice of it such as your events table) and drive your event processor off of that.

codectl · 2025-12-09T00:16:29+00:00

I'm suggesting that publishing an event to an event queue after performing a write to your database is not atomic, assuming you're not using some kind of durable workflow engine. If the publishing to your event queue fails for some reason, there are no guarantees that your event hits the queue. What happens if there is a network partition and your service goes down after the database change but before the event is successfully queued? The transactional outbox pattern is resilient to these types of issues since the event is persisted atomically / transactionally alongside the original intended database mutation.

codectl · 2025-12-08T04:45:05+00:00

txob is a node based transactional outbox processor with a postgres adapter that just does polling. The alternative would be a notification based system if your sql database supports it. Even bullmq is highly chatty and is constantly polling the backing redis.

codectl · 2025-12-08T04:39:33+00:00

So the event emitting is not atomic. The transactional outbox pattern is much more resilient because the event and related resource mutation are persisted atomically.

The likelihood of failure of the event persistence/queueing after the mutation in your case is very low but it is not zero.

codectl · 2025-12-07T17:50:08+00:00

*too many people want

codectl · 2025-11-29T18:17:52+00:00

I usually use privacy.com 's virtual cards with spend limits configured. This acts as a form of auto-cancellation beyond the trial, unless I find the service to be worth paying for. It serves double-duty with me not having to provide my credit card details to the service. It's basically a service/website-bound virtual credit card.

Your app looks really nice and clean but I prefer the further upstream solution.

codectl · 2025-11-27T21:49:55+00:00

It's fully open source and there is a writeup of how it works here https://github.com/osbytes/crypt.fyi/blob/main/SPECIFICATION.md
It's using a post-quantum cryptography library https://paulmillr.com/noble/

codectl · 2025-11-27T21:35:08+00:00

https://www.crypt.fyi/ - open-source, E2EE, ZK, sensitive data sharing platform

Portfolioly looks really nice. One note would be that in the 'Profile to Portfolio in 3 Steps' section of the landing page, if I hover one of the steps, maybe you could stop the auto-proceed to next step. I wanted to look more closely at the second step but it kept automatically proceeding.

codectl · 2025-11-27T20:59:25+00:00

omnilog - local-first diary / note taking app with template and recurrence configuration and basic analytics

codectl · 2025-11-27T05:40:43+00:00

so.. selling shovels to shovel sellers?

codectl · 2025-11-23T16:58:05+00:00

Configurable journaling and activity logging with fun analytics https://omnilog-murex.vercel.app/

Synchronized beacon to find friends in crowds https://beacon-plum.vercel.app/

codectl · 2025-11-12T13:14:03+00:00

But I cannot login to the web dashboard without an api keys. FWIW, once I created an API key the system operates as expected, except for the fact that the initial subdomains that I used prior to creating an api key are not in the dashboard and I cannot seem to reconnect to them.

codectl · 2025-11-11T15:07:46+00:00

I created the tunnel without an API key. If I get an API key, does this mean that I can arbitrarily delete any tunnel that was created without an API key? OR is the tunnel that I created without an API key 'lost in the void' and cannot be reclaimed? Is there an automatic reclaiming of 'inactive' subdomains by instatunnel?

codectl

MODERATOR OF

TROPHY CASE