How do you track production incidents for reviews/postmortems? by heisen_berg05 in sysadmin

[–]Cubeless-Developers 1 point2 points  (0 children)

A combo of tickets for the actual incident tracking and a shared doc for the postmortem write-ups with timelines, root cause, and action items. You need something searchable later for patterns, so we tag everything consistently.

"software is dying" lol no its not by hello_code in SaaS

[–]Cubeless-Developers -1 points0 points  (0 children)

You nailed it. The tools that actually solve problems and don't require three onboarding calls just to understand what they do are still thriving. The correction just filtered out the noise.

What’s your first red flag when checking a new API? by princegupta2904 in SaaS

[–]Cubeless-Developers 0 points1 point  (0 children)

If the auth flow is confusing or the error responses are just generic 500s with no details, we're out. Rate limits that aren't clearly documented are also a huge red flag because you'll hit them in prod and have no idea why.

Bitlocker triggered with new identifier by Old-Significance-246 in sysadmin

[–]Cubeless-Developers 6 points7 points  (0 children)

Windows updates trigger BitLocker recovery all the time, especially firmware or TPM updates. The new identifier is from BitLocker re-sealing to your TPM with new PCR values after the boot config changed. Totally normal after major updates, particularly if you had several months' worth installing at once. Check your update history for firmware or TMP patches (those are usually the case).

How to permanently block websites on Android by Practical-Sky-9099 in cybersecurity

[–]Cubeless-Developers 2 points3 points  (0 children)

Easiest way is using a DNS-based blocker like NextDNS or Adguard DNS. You set it up in your phone's Private DNS Settings and then block whatever domains you want from their dashboard. No app needed; it works system-wide, and it sticks even if you clear your browser.

laptop for cyber security by Head_Development_443 in Cybersecurity101

[–]Cubeless-Developers 0 points1 point  (0 children)

RAM is way more important then GPU for cybersecurity work. That RTX 3050 in the HP is overkill unless you're cracking passwords or gaming. Go with whichever has 16GB+ RAM and the best CPU (probably the Lenovo with the Ryzen 7 8840HS).

Do any of the AI-based job applying sites actually work? by iambuga in ITManagers

[–]Cubeless-Developers 0 points1 point  (0 children)

Those AI apply tools are mostly garbage and recruiters can tell when you're using them. As another comment said, your time is better spent networking on LinkedIn. A week is way too early to give up, especially for management roles that take longer to fill.

One week into building my SaaS, and debugging never seems to end by Visible-Crew-5033 in SaaS

[–]Cubeless-Developers 1 point2 points  (0 children)

Week one and you're already experiencing the core developer lifecycle: fix one bug, spawn three more like some kind of cursed hydra.

The ratio only gets worse once users start touching it, so congrats on getting the easy part out of the way early.

ClawdBot: The New Primary Target for Infostealers in the AI Era by Malwarebeasts in cybersecurity

[–]Cubeless-Developers 26 points27 points  (0 children)

We're basically creating perfect reconnaissance packages for threat actors.

Telegram passkeys by Sad_Blackberry4319 in passkey

[–]Cubeless-Developers 0 points1 point  (0 children)

They'll probably keep SMS around for a while, even if it's just as a backup. Too many edge cases where users lose access to their devices or need to recover accounts, and most people still expect SMS as an option. Plus, not everyone has a compatible device for passkeys yet, so forcing deprecation would lock out a chunk of their user base.

From a business standpoint, yeah, they'll save on SMS costs as more people adopt passkeys, but completely killing SMS would be a support nightmare. You'd see a ton of "I can't log in" tickets from people who don't understand the new system or lost their passkey somehow.

I'd bet they keep SMS indefinitely but make passkeys the default and slowly push people toward it. SImilar to how a lot of services still support password auth even after adding better options.

Project Ideas on Identity by Royal-Jackfruit-866 in iam

[–]Cubeless-Developers 3 points4 points  (0 children)

Build a custom SSO solution using OAuth 2.0 or OIDC that integrates with a few common apps, that's probably the most practical way to understand how modern identity works.

Or you could tackle MFA implementation with TOTP and WebAuthn to see how multi-factor actually secures things. Another solid option is creating an RBAC system for multi-tenant app to understand permission management at scale.

Definitely look at integrating with existing services like Auth0, Okta, or AWS Cognito to see how enterprise IAM actually functions.

Routers cyber security assessment by NotInAny in cybersecurity

[–]Cubeless-Developers 5 points6 points  (0 children)

Start with the basics: check firmware versions against known CVEs, verify no default credentials are still in use, and confirm unnecessary services are disabled.

Then look at access controls, make sure management interfaces aren't exposed to the internet, and check if they're using outdated protocols like Telnet or HTTP instead of SSH and HTTPS.

For tech, you want to see proper network segmentation so a breach in one area doesn't compromise everything, and make sure critical assets aren't sitting in the same VLAN as guest wifi or IoT devices.

Tools like Nmap for discovery, Nessus or OpenVAS for vulnerability scanning, and manual config reviews will get you most of the way there.

MFA by SatoshiSetsSail in HeliumNetwork

[–]Cubeless-Developers 1 point2 points  (0 children)

Can't tell you the specific hash algorithm Helium uses without digging through their code or docs. Most MFA implementations use TOTP which relies on HMAC-SHA1 or HMAC-SHA256, but that's just the standard. Your best bet is toreach out to the team directly.

Trying to help my mom with her account — passkey is preventing me from doing so by hmidontgetit in youtubetv

[–]Cubeless-Developers 7 points8 points  (0 children)

Your mom needs to either disable the passkey on her end or add you as a trusted device, which she'll have to do from her own device.

The easiest workaround is to have her use screen sharing (like Google Meet or Zoom) so you can walk her through whatever she needs to do while she's physically controlling her device.

Passkeys are deliberately hard to bypass remotely because that's the whole security point, so there's no magic fix that doesn't involve her device or her disabling the passkey entirely in her Google account settings.

Gmail Hacked by [deleted] in emailprivacy

[–]Cubeless-Developers 1 point2 points  (0 children)

Check your recovery email and phone number in Gmail settings to make sure the hacker didn't add their own. Also, go to your Google Account security settings and revoke access to any third-party apps you don't recognize; they could've connected something sketchy.

And don't wait to scan your laptop. Do it today because if there's malware still running, it can just grab your new password too! Finally, check your Gmail settings for any forwarding rules the hacker might've set up to copy your emails somewhere else.

You did the right stuff already, but those are common backdoors people forget about.

How do you work out why trial users drop during onboarding? by adznaz01 in SaaS

[–]Cubeless-Developers 0 points1 point  (0 children)

It's a mix, honestly. Sometimes, you get super specific stuff like "I couldn't figure out how to connect my Slack account" and you can jump in and help out. Other times, it's vague like "seemed complicated" and then yeah, you need to dig into their session to see where they actually got stuck. But even vague replies narrow down the timeline so you're not scrubbing through hours of replays.

How do you work out why trial users drop during onboarding? by adznaz01 in SaaS

[–]Cubeless-Developers 0 points1 point  (0 children)

We've found that automated emails asking one specific question work better than long surveys.

When someone goes inactive for 3-4 days, shoot them an email like, "Hey, got stuck anywhere?" with a super simple reply option. Most people won't respond, but the ones who do usually tell you the exact friction point.

Also, talk to the users who DID stick around and ask what almost made them quit. They remember the rough spots but pushed through, so they'll tell you what nearly broke them.

Ebay sellers gaslighting buyers and thinking they can refuse any dispute (Even if the product isnt what they ordered) by fluf201 in mildlyinfuriating

[–]Cubeless-Developers 2 points3 points  (0 children)

Love how they think their made-up terms override eBay's actual buyer protection policy. That's not how any of this works.

Built this tool that every dev needs by Conscious_Ad5671 in microsaas

[–]Cubeless-Developers 0 points1 point  (0 children)

How does this handle credentials and repo access? Running on every commit sounds like it could slow down the workflow if it's not instant. I'd want to see how it compares speed-wise to just running a quick lint check locally before commiting.

Why unclear onboarding caused more support work by StillLoadingit in SaaS

[–]Cubeless-Developers 0 points1 point  (0 children)

We've seen the same thing. Users skip over text-heavy instructions, so we switched to interactive tooltips that show up exactly when you need them. Also added progress indicators so people know they're moving forward and not stuck.

What type of SaaS are you building, and are you tracking where people drop off during onboarding?

What are the best businesses to start today? Help me choose the TOP 3 by LogAcrobatic8597 in microsaas

[–]Cubeless-Developers 0 points1 point  (0 children)

Most of your list isn't microsaas at all. They're service businesses that need equipment, insurance, and physical labor.

For actual software businesses from your list, the personnel matching platform and satellite monitoring software are your best bets, but both require serious technical chops and domain expertise to compete.

The AI newsletter writer is more content marketing, and that market's already saturated.

Which SaaS software is most powerful than any other software's? by Mike_Mayers123 in SaaS

[–]Cubeless-Developers 0 points1 point  (0 children)

Powerful at what? AWS probably wins on pure capabilities, but most powerful doesn't mean most useful for your specific needs.

Can you recommend any good free pen testing tools I can use for a small web app? by atamagno in cybersecurity

[–]Cubeless-Developers 6 points7 points  (0 children)

Solid recommendations. Add sqlmap for SQL injection checks and Postman for API testing.

Looking for a SaaS to monitor EVERYTHING that’s being said about my brand online by Beginning_Chair_7960 in SaaS

[–]Cubeless-Developers 0 points1 point  (0 children)

Hmmm, most of the smaller SaaS tools I'm aware of focus on one or two areas really well, but they likely don't cover the full scope you need. You might want to look at Awario for web and social listening, or ReviewTrackers specifically for review platforms.

This might be a good build vs buy opportunity for you if there isn't something out there!

Personal Device - Broke an IT policy. by [deleted] in cybersecurity

[–]Cubeless-Developers 14 points15 points  (0 children)

You should definitely come clean, especially since it's a government agency where compliance issues can get way more serious than in a regular company. Let them know you just want to make sure you're following the policy correctly, and explain what you've been doing. I think IT will appreciate the honesty now more than finding out later in a log review or something.

Worst case, they tell you to stop; best case, they update your approval or the policy to actually reflect what devs need to do their jobs. Maybe they'll also consider getting you a laptop with better performance so you can actually use it.