惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
D
Docker
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
About on SuperTechFans
WordPress大学
WordPress大学
Recent Announcements
Recent Announcements
Engineering at Meta
Engineering at Meta
H
Help Net Security
Vercel News
Vercel News
S
SegmentFault 最新的问题
罗磊的独立博客
F
Full Disclosure
Microsoft Azure Blog
Microsoft Azure Blog
V
Visual Studio Blog
Last Week in AI
Last Week in AI
V
V2EX
腾讯CDC
IT之家
IT之家
爱范儿
爱范儿
博客园 - Franky
MyScale Blog
MyScale Blog
aimingoo的专栏
aimingoo的专栏
The Register - Security
The Register - Security
Help Net Security
Help Net Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
www.infosecurity-magazine.com
www.infosecurity-magazine.com
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
B
Blog RSS Feed
雷峰网
雷峰网
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
Recorded Future
Recorded Future
A
Arctic Wolf
Cyberwarzone
Cyberwarzone
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
S
Schneier on Security
GbyAI
GbyAI
Schneier on Security
Schneier on Security
O
OpenAI News
F
Fortinet All Blogs
Y
Y Combinator Blog
Forbes - Security
Forbes - Security
NISL@THU
NISL@THU
M
MIT News - Artificial intelligence
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
MongoDB | Blog
MongoDB | Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
The Illusion of Scale, Part 1: When Your "Scalable" System Isn't
Anusha Mukka · 2026-05-11 · via DEV Community

Some systems look scalable right up until they meet real production traffic.

The tests pass. Dashboards are green. The architecture diagram looks clean. The team feels good about it.

Then traffic grows, usage patterns shift, and the system starts failing in ways that were never obvious in staging.

I have seen this in very different environments: public-sector infrastructure supporting criminal justice workflows across 87 counties, and enterprise AI infrastructure where even tiny per-request costs multiplied across high-volume evaluation pipelines. In both cases, the system did not fail because someone forgot to add servers. It failed because an assumption that was harmless at small volume became expensive at large volume.

Most of them were assumptions nobody had written down anywhere.

This is the first post in a five-part series on scale assumptions: the design decisions that look harmless early and become painful later.

The assumptions that fool you

The first trap is linear thinking.

A system handles 1,000 requests per second, so it feels natural to assume 100,000 is mostly a hardware problem. Add more machines. Increase capacity. Tune a few indexes.

Sometimes that works.

More often, the bottleneck is not compute. It is a design decision that was reasonable at the beginning and painful later.

I learned this the first time we expanded a system from a pilot with one agency to three. The system slowed down noticeably. Nothing had broken. Nothing had been changed. The code was identical. But three agencies meant three times the concurrent load on shared workflow components, database access patterns, and integration points that had been sized for one. That was the moment I started worrying about statewide rollout in a way I had not before. Not because the architecture was wrong, but because the assumptions it was built on had never been tested at that width.

A synchronous call in the critical path is a good example of how this plays out. At low traffic, a 50ms dependency feels harmless. At scale, that dependency becomes a ceiling. Every request waits. Every downstream timeout becomes your timeout. What looked like a normal service call becomes an architectural anchor you cannot easily remove.

Data models have the same problem.

A schema that works for a small number of roles, permissions, tenants, or workflow states can become fragile when real business complexity arrives. The problem is not that someone designed a bad schema. The problem is that the schema quietly encoded a belief about the future.

That belief might have been:
"We will only have a few roles."
"This workflow will stay simple."
"This lookup will always be cheap."
"This relationship will never need to be queried at high volume."

Then the system grows, and those beliefs become production incidents.

Logging is the sneaky one. You start logging everything because you want to be able to debug production safely. Good instinct. Then one month the infrastructure bill arrives and the audit trail is costing more to move, store, and retain than the application it was supposed to help you understand. Nobody put that on any architecture diagram. Nobody planned for logging to become a system that needed its own architecture.

At scale, p99 is not an edge case

Your p99 is someone's normal.

If a system processes 100,000 requests per second and 1% of them are slow, that is not "just the p99." That is 1,000 requests every second with a bad experience. Those users are not theoretical. They create support tickets, trigger retries, increase queue depth, and hit downstream services in ways that change how the system behaves for everyone else.

The unhappy path has enough traffic behind it to become its own workload. That changes what you optimize for.

What actually breaks

The thing that breaks is rarely the thing you load tested.

I have seen systems pass every load test and still fall over in production because the test traffic was too clean. Real production traffic is messier: retries stacking on top of retries, duplicate events, one tenant whose data volume is ten times anyone else's, a permissions edge case that only appears for a specific combination of roles that no tester thought to try. Load tests model the traffic you imagined. Production brings the traffic you did not.

One assumption I got wrong: I expected a decision-making component to maintain consistent latency as more systems onboarded. What I had not accounted for was what concurrent writes from multiple systems do to a shared database under real load. The component itself was fine. The contention underneath it was not. In isolation, everything looked healthy. Together, under actual concurrent traffic, the latency climbed in ways the tests had never surfaced.

What breaks is often the interaction between components, not the components themselves.

A retry policy that looked safe starts amplifying failures. Cache invalidation creates churn nobody anticipated. A permission check that costs microseconds in isolation gets called so often it starts showing up on flame graphs. The coordination overhead between services (locks, consensus, invalidation, fanout) can quietly grow faster than the cost of the actual work being done.

There is also something harder to describe, and I did not fully understand it until I was debugging an access control issue and could not figure out where to even start looking.

The system had multiple sources of truth for permissions, and they had drifted out of sync. The system itself had no way to resolve the conflict. It was just making a call based on whichever source it happened to check first. There was no single place I could look and understand what was happening. I had to reconstruct the state of several different systems at a specific point in time to understand one decision. That was when it clicked for me that at a certain point you stop debugging code and start debugging a system you no longer fully understand, because the interactions between components only become visible under volume.

The decisions that are hard to undo

Most systems should not be designed for massive scale on day one. Premature optimization is real, and designing for scale you do not have is expensive and often wrong.

But some early decisions are genuinely hard to reverse:

Your data model. Your synchronous versus asynchronous boundaries. Your consistency and availability assumptions. Your authorization model. Your audit and retention strategy.

Get these wrong and you will eventually rewrite them under pressure, in production, while users are affected and every migration carries risk. That rewrite is never the calm, well-resourced project you wish it were.

In the next post, I will go into the one that has cost me the most: data modeling decisions that look completely reasonable on day one and become load-bearing walls by year three.

What scaling assumption has burned you? What broke in production that looked fine in testing?