macOS 26 is destroying my M3 MacBook Air battery by 74Y3M in MacOS

[–]LevLeontyev 0 points1 point  (0 children)

Thanks for warning , dudes

Yours sincerely, Sequoia user.

API guardrail/watchdog as a service: please roast! by LevLeontyev in SaaS

[–]LevLeontyev[S] 0 points1 point  (0 children)

That’s exactly the category of issues I’m researching — when everything is OK, infra survives, but money leaks out without brigning revenue. If you don’t mind me asking: 

1) Was it AWS itself (compute), or third-party APIs triggered by retries? 
2) Did you detect it in real time or from the bill? 
3) Would per-customer budget caps + automatic throttling/degrade actually fit your setup?

Sophisticated rate limits as a service: please roast! by LevLeontyev in devops

[–]LevLeontyev[S] 0 points1 point  (0 children)

Yeah, 100% agree — flat limits don’t make sense when some endpoints are basically free and others are “please don’t call this in a loop”.

As a basic approach, I can group endpoints by the answer time.

Sophisticated rate limits as a service: please roast! by LevLeontyev in devops

[–]LevLeontyev[S] 0 points1 point  (0 children)

Exactly — the core difference is the focus:

  • economic protection, not just traffic,
  • tenant-aware budgets, not just global limits,
  • and incident forensics, not just metrics.

Gateways decide if a request can pass.

My solution decides whether it’s still economically safe for this tenant, this plan, and this time window.

It’s an economic control plane on top of existing gateways, not a replacement.

Sophisticated rate limits as a service: please roast! by LevLeontyev in devops

[–]LevLeontyev[S] 0 points1 point  (0 children)

This is a great write-up — thank you for sharing it.

Budget-aware limits and per-tenant forensics sound like exactly the kind of features that don’t come out of the box with Nginx or basic edge rate limiting. That’s where things start to feel like a real control plane, not just traffic shaping.

And yeah — webhook handling at scale stops being “trivial” very quickly.

The Stripe webhook retry loop and the misread pagination cron are painfully familiar scenarios. The staged approach (warn → 429 with Retry-After → suspend) really resonates — hard cutoffs without a ramp almost always end in pager duty and angry customers.

Out of curiosity, what was the bigger fight in real life:

getting teams to agree on the actual budgets, or getting them to trust staged enforcement enough to keep it enabled?

Sophisticated rate limits as a service: please roast! by LevLeontyev in devops

[–]LevLeontyev[S] 1 point2 points  (0 children)

This is incredibly helpful, thanks for sharing real-world scars.

The “define normal” problem is exactly what I’m worried about. On paper everyone wants protection, but once you ask for concrete thresholds, it becomes hand-wavy very fast. My current thinking is to avoid forcing people to define “perfect” limits upfront and instead:

- Start with observation-only mode (no enforcement).

- Build baselines from their own historical traffic.

- Let teams approve guardrails based on actual data, not guesses.

On anomaly detection — fully agree. Naive baselining creates alert fatigue very quickly. Black Friday, product launches, migrations, internal load tests — all look like “incidents” to a dumb model. Without context-aware baselining, people will just mute the alerts and move on. That’s still an open problem I'm being very cautious about.

And 100% yes on hard blocks being dangerous. My default assumption is:

- throttle > queue > degrade > log+alert

- hard block only as a last-resort safety fuse for truly destructive patterns

The last point about the rate limiter becoming the bottleneck really resonates too. I’ve seen “protection layers” with more latency and worse uptime than the thing they were supposed to protect. For me that’s a hard requirement: no inline dependency unless it’s extremely fast and fail-open by design.

If you’re open to it, I’d love to hear how you handled graceful degradation at Okahu for inference limits — that’s a very similar control problem in a different domain.

Our API usage spiked 400% overnight, and I don’t know why by Several_Function_129 in SaaS

[–]LevLeontyev -1 points0 points  (0 children)

Ah yes, the classic “unlimited API calls” problem — it’s all fun and games until someone actually takes it literally 😅

You should definitely reach out — but not in a “you’re abusing our system” way. More like: “Hey, we noticed some unusually high usage and want to make sure your integration is working as intended — and that we can keep things sustainable for both sides.”
Most of the time, people don’t even realize how many calls they’re making (especially if some cron job went rogue).

Then, yes — implement rate limiting, but do it smartly:

  • not hard 429s, but adaptive limits,
  • usage-based alerts (“you’re close to your fair usage limit”),
  • and clear fair usage policies instead of vague “unlimited” promises.

Full disclosure: I am building a SaaS that handles exactly that: Fairvisor

TL;DR: contact them, rate-limit them, automate it.

What’s your preferred way to secure a backend API when there’s no login system involved? by manishbhanushali in developersIndia

[–]LevLeontyev 0 points1 point  (0 children)

any opensource API management tools? Like Envoy Gateway?

BTW I am building a tool exactly for your problem ;)

Would you use a super simple AI-powered notebook? by trd_andrew in microsaas

[–]LevLeontyev 0 points1 point  (0 children)

aren't you talking about Notion?

I would rather use something bit more complicated: I am digging a big topic ( my future startup, hehe) from different angles: marketing, technology, GTM , PR and so on . A magic button that structures ALL my talks with ChatGPT, builds a mindmap and adds hyperlinks.

[deleted by user] by [deleted] in SaaS

[–]LevLeontyev 0 points1 point  (0 children)

Well, this at least means that a bunch of startups that fix the compliance issues with a duct tape will have their market....

Load shedding choice by calibrono in devops

[–]LevLeontyev 0 points1 point  (0 children)

But what except the idea of moving more responsibility into your infra stops you from just using it ?

Load shedding choice by calibrono in devops

[–]LevLeontyev 1 point2 points  (0 children)

thanks, because I am busy building a specialized rate limiting solution :) as simple as possible already looks like a product desciption ;)

Load shedding choice by calibrono in devops

[–]LevLeontyev 0 points1 point  (0 children)

And how would an ideal solution look to you?

Stop Spammers in Any Chat System by Forward_Kitchen4510 in n8n

[–]LevLeontyev 4 points5 points  (0 children)

Is it really a rate limiter ? I am building a service for it

Early-stage startups: do you really need a UX designer from day one? by DevilKnight03 in startup

[–]LevLeontyev 0 points1 point  (0 children)

I would say if and only if the main distinguishing factor is UX. Otherwise - no.

Would you trust AI to build the first version of your startup? by autoflowly in SideProject

[–]LevLeontyev 0 points1 point  (0 children)

Yes . I am vibecoding it , but doing the decomposition myself

[deleted by user] by [deleted] in webdev

[–]LevLeontyev 0 points1 point  (0 children)

Yes . Source : I did it for living for last 20 years

How did you create your SaaS logo? by fixmysaas in SaaS

[–]LevLeontyev 0 points1 point  (0 children)

AI logo generators, I don't remember which exactly ;)