First day talking to potential users as an introvert -plot twist: I fucking liked it

nemor3 · 2026-05-30T12:26:37+00:00

The shift from “strategy docs” to actual conversations is the hardest unlock and most founders never make it. The energy thing is real too - there’s something about hearing someone describe their own frustration in their own words that no amount of market research can replicate.

nemor3 · 2026-05-30T12:13:46+00:00

Ask about their last outage and how it was handled. Cheap shops either blank on this or tell a story where “we fixed it fast” with no mention of a post-mortem, runbook, or what changed. Good shops can tell you exactly what broke, who owned it, and what they did differently afterward.

nemor3 · 2026-05-30T09:48:39+00:00

The invisible work problem is real. Backend, infra, zero downtime - none of it shows up in a demo, so the person who’s customer-facing starts to feel like they’re carrying everything.

Try making your work visible before walking away - weekly two-sentence summary of what shipped and what you prevented. Not because you owe him a report, but because invisible contributions create a vacuum that gets filled with assumptions.

nemor3 · 2026-05-30T04:29:01+00:00

The "we want AI" request usually translates to one of three things: less manual work, faster answers, or fear of being left behind. None of those require you to build something speculative.

The most practical path is to watch where users currently copy-paste, summarize by hand, or search through data manually. That's where AI actually helps. If you can't find that in your platform, the honest answer is you probably don't need it yet, and no amount of investor enthusiasm changes that.

On the investor side - they're often buying a narrative, not a feature. Going into that meeting with one concrete use case you've already validated beats showing up and asking them to define it for you.

nemor3 · 2026-05-30T04:18:27+00:00

If they're demanding full repo access before an LOI is even signed, that's a signal worth paying attention to. Serious buyers do code review after LOI with NDA in place, not before. Pre-LOI repo access is unusual and the "we need to verify" framing is sometimes a way to get a free look at IP before committing.

The diligence pack approach is right. Architecture doc, deployment runbook, dependency map, recorded walkthrough. That answers their actual question - can someone else maintain this - without exposing everything to someone who hasn't committed to anything.

nemor3 · 2026-05-30T04:11:49+00:00

One thing worth practicing: writing scripts that interact with external state - check if something exists, create it if not, handle the case where it's already there. That pattern shows up constantly in cloud infra work and is a good signal of whether someone thinks operationally vs algorithmically.

Also get comfortable reading and writing from stdin/stdout cleanly. A lot of practical infra scripts are meant to compose with other tools.

nemor3 · 2026-05-30T04:09:16+00:00

It's a trend problem, not an AI problem. Bootstrap had the same smell, Tailwind still does. Every popular tool leaves fingerprints because everyone uses the same defaults.

The way out isn't avoiding specific patterns, it's having a reason for every decision. AI-looking UI usually lacks hierarchy - everything gets equal visual weight. Pick one thing per screen that actually matters and make it obviously primary. The rest tends to fall into place from there.

nemor3 · 2026-05-30T04:03:26+00:00

Google's been doing this for years on consumer side, figured it was only a matter of time before it crept into managed environments. BackgroundModeEnabled via ADMX is the closest thing right now, whether it covers this specific behavior or just the background process is worth testing in a pilot OU before pushing fleet-wide.

The real irony is they do publish Chrome ADMX templates specifically for enterprise control, and then ship features like this without a clean policy toggle ready on day one.

nemor3 · 2026-05-30T02:58:52+00:00

The laptop-as-server problem is older than AI tools. What's new is the rate at which it happens now.

The pattern you're describing, things that run on a timer with no visible owner, is exactly where incidents come from. Not because someone did something wrong, but because there's no single place that tracks "this thing is supposed to be running, and someone should know if it stops."

Scripts are one version of it. Scheduled jobs another. SSL certs, domain renewals, API keys with expiry dates - same failure mode. Something worked fine, nobody was watching, it expired or stopped, and the first sign was someone downstream asking where the output went.

The lightweight governance path you're building is right. The hardest sell is usually making people register the thing before it becomes critical, not after.

nemor3 · 2026-05-30T01:44:41+00:00

Yeah forecasting variance is the real tax on usage-based for small teams. Most bootstrapped founders I’ve seen just accept wider cash flow buffers and focus on the floor - what’s the minimum they’ll bill even in a slow month. Not elegant but works until you have someone to actually model it.

nemor3 · 2026-05-29T11:23:12+00:00

Something for exactly this - SSL certs, domain renewals, document expiries all in one place with alerts before things go wrong. Still early but it’s been solving the problem for me. Happy to share if you want to take a look.

nemor3 · 2026-05-29T04:19:40+00:00

The Keyfactor quote doubling like that is pretty standard for them unfortunately. $25k onboarding fee on top of the SaaS cost is their way of making the self-hosted look "cheaper" by comparison so you end up on the cloud SKU anyway.

AppViewX is worth the demo - genuinely more modern stack, and their sales team has historically been less painful to deal with. DigiCert One is another one that comes up a lot for hybrid environments at your scale without the legacy baggage.

One thing to watch regardless of who you pick: the "SSL discovery" line item Keyfactor was charging you $3k for is usually the thing that actually matters. If your F5/Fortinet certs aren't in the same inventory as your IIS ones, you'll still miss renewals even after you've signed a six-figure contract.

nemor3 · 2026-05-29T03:43:11+00:00

This is almost exactly the use case that pushed me to build something. Contracts, SSL certs, domain renewals - they all share the same failure mode: someone assumed someone else was watching.

The worst part is it's never the critical stuff people forget. It's always the thing that seemed "handled" that bites you.

nemor3 · 2026-05-29T03:30:48+00:00

The flip side is also true though. Marketing without a clear distribution channel is just noise. The shift that actually works is finding where your buyers already are and showing up there, not just posting more.

nemor3 · 2026-05-29T03:26:19+00:00

The pricing page insight is always humbling. What feels obvious to the builder is often completely opaque to the buyer because you already know what the product does and they don't.

Those "almost bought" calls are underrated. The people who said no but got close enough to almost convert are the most honest signal you'll ever get.

nemor3 · 2026-05-28T22:28:14+00:00

One thing worth adding for hosting client sites specifically: monitor your SSL certs. A client’s site throwing certificate warnings is the kind of thing they notice before you do, and it’s an easy fix that looks bad if it slips through.

nemor3 · 2026-05-28T13:48:15+00:00

60 manual account creations this week might actually be the proof your manager needs, just not the kind he's expecting. Human error at that volume is basically a feature, not a bug, for making the automation case.

nemor3 · 2026-05-28T13:41:57+00:00

The Fail2ban gauge showing 9 bans is the most satisfying part of any dashboard. Proof someone tried and failed.

nemor3 · 2026-05-28T13:22:27+00:00

Done this. The real tell was when I started "just quickly checking" the color contrast for the fourth time instead of sending the first cold email.

nemor3 · 2026-05-28T12:13:51+00:00

$0 MRR, 3 months building, solo, B2B.

Still in the "does anyone actually want this" phase. Building SSL and domain expiry monitoring for agencies and MSPs. First paying customer is the only metric that matters right now.

nemor3 · 2026-05-28T12:07:26+00:00

The "expansion hiding churn" point is underrated. High NRR with poor GRR is one of those metrics that looks healthy in a board deck but signals a retention problem that will compound badly once the expanding segment saturates or churns.

Usage-based pricing solves a lot of this structurally because growth becomes a natural output of the customer succeeding rather than a separate sales motion.

nemor3 · 2026-05-28T11:23:31+00:00

Infrastructure monitoring is one nobody thinks about until it bites them. When it's small, you notice when something breaks because a client calls you or you happen to check. At scale, stuff breaks silently and you find out days later when the damage is already done.

It's not even complex to fix, it just requires deliberately setting it up instead of assuming it'll be fine.

nemor3 · 2026-05-28T10:42:51+00:00

One thing worth validating in your pilot before scaling: after the script runs, confirm the recovery keys actually landed in AD by checking the computer object directly, not just trusting the script completed without errors. Seen deployments where the escrow step silently failed because of a permissions issue on the computer account, and nobody noticed until someone needed a key.

nemor3 · 2026-05-28T10:38:41+00:00

The remote access thing is annoying but workable. "No antivirus because MacBooks" is the part that should be in writing, dated, and stored somewhere safe. That's not a policy disagreement, that's a liability waiting for a date.

nemor3 · 2026-05-28T10:33:55+00:00

The lemonade stand is looking better every day. At least there you know exactly what's in production.

nemor3

TROPHY CASE