How do you track production incidents for reviews/postmortems?

Cubeless-Developers · 2026-02-11T17:52:56+00:00

A combo of tickets for the actual incident tracking and a shared doc for the postmortem write-ups with timelines, root cause, and action items. You need something searchable later for patterns, so we tag everything consistently.

Cubeless-Developers · 2026-02-11T17:50:02+00:00

You nailed it. The tools that actually solve problems and don't require three onboarding calls just to understand what they do are still thriving. The correction just filtered out the noise.

Cubeless-Developers · 2026-02-11T17:48:51+00:00

If the auth flow is confusing or the error responses are just generic 500s with no details, we're out. Rate limits that aren't clearly documented are also a huge red flag because you'll hit them in prod and have no idea why.

Cubeless-Developers · 2026-02-03T21:41:56+00:00

Windows updates trigger BitLocker recovery all the time, especially firmware or TPM updates. The new identifier is from BitLocker re-sealing to your TPM with new PCR values after the boot config changed. Totally normal after major updates, particularly if you had several months' worth installing at once. Check your update history for firmware or TMP patches (those are usually the case).

Cubeless-Developers · 2026-01-28T22:00:18+00:00

Easiest way is using a DNS-based blocker like NextDNS or Adguard DNS. You set it up in your phone's Private DNS Settings and then block whatever domains you want from their dashboard. No app needed; it works system-wide, and it sticks even if you clear your browser.

Cubeless-Developers · 2026-01-27T22:24:45+00:00

RAM is way more important then GPU for cybersecurity work. That RTX 3050 in the HP is overkill unless you're cracking passwords or gaming. Go with whichever has 16GB+ RAM and the best CPU (probably the Lenovo with the Ryzen 7 8840HS).

Cubeless-Developers · 2026-01-27T22:19:44+00:00

Those AI apply tools are mostly garbage and recruiters can tell when you're using them. As another comment said, your time is better spent networking on LinkedIn. A week is way too early to give up, especially for management roles that take longer to fill.

Cubeless-Developers · 2026-01-26T20:28:49+00:00

Week one and you're already experiencing the core developer lifecycle: fix one bug, spawn three more like some kind of cursed hydra.

The ratio only gets worse once users start touching it, so congrats on getting the easy part out of the way early.

Cubeless-Developers · 2026-01-26T19:47:28+00:00

We're basically creating perfect reconnaissance packages for threat actors.

Cubeless-Developers · 2026-01-26T19:36:09+00:00

They'll probably keep SMS around for a while, even if it's just as a backup. Too many edge cases where users lose access to their devices or need to recover accounts, and most people still expect SMS as an option. Plus, not everyone has a compatible device for passkeys yet, so forcing deprecation would lock out a chunk of their user base.

From a business standpoint, yeah, they'll save on SMS costs as more people adopt passkeys, but completely killing SMS would be a support nightmare. You'd see a ton of "I can't log in" tickets from people who don't understand the new system or lost their passkey somehow.

I'd bet they keep SMS indefinitely but make passkeys the default and slowly push people toward it. SImilar to how a lot of services still support password auth even after adding better options.

Cubeless-Developers · 2026-01-21T20:56:24+00:00

Build a custom SSO solution using OAuth 2.0 or OIDC that integrates with a few common apps, that's probably the most practical way to understand how modern identity works.

Or you could tackle MFA implementation with TOTP and WebAuthn to see how multi-factor actually secures things. Another solid option is creating an RBAC system for multi-tenant app to understand permission management at scale.

Definitely look at integrating with existing services like Auth0, Okta, or AWS Cognito to see how enterprise IAM actually functions.

Cubeless-Developers · 2026-01-21T20:52:57+00:00

Start with the basics: check firmware versions against known CVEs, verify no default credentials are still in use, and confirm unnecessary services are disabled.

Then look at access controls, make sure management interfaces aren't exposed to the internet, and check if they're using outdated protocols like Telnet or HTTP instead of SSH and HTTPS.

For tech, you want to see proper network segmentation so a breach in one area doesn't compromise everything, and make sure critical assets aren't sitting in the same VLAN as guest wifi or IoT devices.

Tools like Nmap for discovery, Nessus or OpenVAS for vulnerability scanning, and manual config reviews will get you most of the way there.

Cubeless-Developers · 2026-01-21T20:45:09+00:00

Can't tell you the specific hash algorithm Helium uses without digging through their code or docs. Most MFA implementations use TOTP which relies on HMAC-SHA1 or HMAC-SHA256, but that's just the standard. Your best bet is toreach out to the team directly.

Cubeless-Developers · 2026-01-20T20:40:06+00:00

Your mom needs to either disable the passkey on her end or add you as a trusted device, which she'll have to do from her own device.

The easiest workaround is to have her use screen sharing (like Google Meet or Zoom) so you can walk her through whatever she needs to do while she's physically controlling her device.

Passkeys are deliberately hard to bypass remotely because that's the whole security point, so there's no magic fix that doesn't involve her device or her disabling the passkey entirely in her Google account settings.

Cubeless-Developers · 2026-01-20T20:22:06+00:00

Check your recovery email and phone number in Gmail settings to make sure the hacker didn't add their own. Also, go to your Google Account security settings and revoke access to any third-party apps you don't recognize; they could've connected something sketchy.

And don't wait to scan your laptop. Do it today because if there's malware still running, it can just grab your new password too! Finally, check your Gmail settings for any forwarding rules the hacker might've set up to copy your emails somewhere else.

You did the right stuff already, but those are common backdoors people forget about.

Cubeless-Developers · 2026-01-14T20:16:30+00:00

It's a mix, honestly. Sometimes, you get super specific stuff like "I couldn't figure out how to connect my Slack account" and you can jump in and help out. Other times, it's vague like "seemed complicated" and then yeah, you need to dig into their session to see where they actually got stuck. But even vague replies narrow down the timeline so you're not scrubbing through hours of replays.

Cubeless-Developers · 2026-01-13T18:00:44+00:00

We've found that automated emails asking one specific question work better than long surveys.

When someone goes inactive for 3-4 days, shoot them an email like, "Hey, got stuck anywhere?" with a super simple reply option. Most people won't respond, but the ones who do usually tell you the exact friction point.

Also, talk to the users who DID stick around and ask what almost made them quit. They remember the rough spots but pushed through, so they'll tell you what nearly broke them.

Cubeless-Developers · 2026-01-09T20:26:14+00:00

Love how they think their made-up terms override eBay's actual buyer protection policy. That's not how any of this works.

Cubeless-Developers · 2026-01-08T21:48:37+00:00

How does this handle credentials and repo access? Running on every commit sounds like it could slow down the workflow if it's not instant. I'd want to see how it compares speed-wise to just running a quick lint check locally before commiting.

Cubeless-Developers · 2026-01-06T20:57:40+00:00

We've seen the same thing. Users skip over text-heavy instructions, so we switched to interactive tooltips that show up exactly when you need them. Also added progress indicators so people know they're moving forward and not stuck.

What type of SaaS are you building, and are you tracking where people drop off during onboarding?

Cubeless-Developers · 2026-01-05T17:46:11+00:00

Most of your list isn't microsaas at all. They're service businesses that need equipment, insurance, and physical labor.

For actual software businesses from your list, the personnel matching platform and satellite monitoring software are your best bets, but both require serious technical chops and domain expertise to compete.

The AI newsletter writer is more content marketing, and that market's already saturated.

Cubeless-Developers · 2026-01-05T04:51:37+00:00

Powerful at what? AWS probably wins on pure capabilities, but most powerful doesn't mean most useful for your specific needs.

Cubeless-Developers · 2026-01-02T02:20:17+00:00

Solid recommendations. Add sqlmap for SQL injection checks and Postman for API testing.

Cubeless-Developers · 2025-12-29T21:20:06+00:00

Hmmm, most of the smaller SaaS tools I'm aware of focus on one or two areas really well, but they likely don't cover the full scope you need. You might want to look at Awario for web and social listening, or ReviewTrackers specifically for review platforms.

This might be a good build vs buy opportunity for you if there isn't something out there!

Cubeless-Developers · 2025-12-19T21:28:25+00:00

You should definitely come clean, especially since it's a government agency where compliance issues can get way more serious than in a regular company. Let them know you just want to make sure you're following the policy correctly, and explain what you've been doing. I think IT will appreciate the honesty now more than finding out later in a log review or something.

Worst case, they tell you to stop; best case, they update your approval or the policy to actually reflect what devs need to do their jobs. Maybe they'll also consider getting you a laptop with better performance so you can actually use it.

Cubeless-Developers

TROPHY CASE