Don Cristos

Devs who get clients on Upwork/Fiverr what actually worked for you? I’ve had accounts since 2020 but never landed a client. Now I’m actively job hunting and want to do this right. Any advice, templates, or lessons would help 🙏

3️⃣ Anonymize: Keep financial records for tax, but scrub PII. Distributed systems require distributed cleanup. 🛠️ #SaaS #Backend #SystemDesign

Handling SaaS user deletion is more than just DELETE FROM users. My go-to: 1️⃣ Soft Delete: Set deleted_at for immediate deactivation + 30-day recovery. 2️⃣ Event-Driven: Emit UserDeleted event to clean up microservices (S3, Billing, Auth).

@Akintola_steve Redis, database jwt. Store the session on the database use redis for quick access catching,

Quick one: When designing an auth system, where would you store sessions? Redis? Database? JWT-only stateless approach?

@Ms_Ada6 Same here I'm also looking for one

If I see someone that will hold my hands and guide me through Upwork, I’d really appreciate 😭 mehn

@just_andydev Can you help me with it please

Most people sleep on Reddit as a job hunting tool. Figure out how it works and you will never struggle to find remote work again. Bookmark these subreddits.

@MrOlibaba Hmm Wait let me get they don't pay or they have bad culture

I did three months with Moniepoint and resigned... I resigned and I'm not proud enough to have it on my CV. Moniepoint employee relations and welfare doesn't equate the hype they move with.

@joni_vrbt Nice one Make sense

@CristosDon saasmarket.site at the moment, what about you?

If you simply enjoy to build amazing projects, let's connect.

Good morning Happy Sunday 😄☺️ Let's go to church to commit the week to God for more blessings

@johnfurr538500 @joni_vrbt Yes

@CristosDon @joni_vrbt Everything. All of it. You in?

@just_andydev Oo yes as a file but we can write logic to exclude . Env files from the project or specifically informed AI not to include it. But it's a security flaw that needs to be addressed

@CristosDon This vulnerability goes beyond that. I've tested this after I made the tweet I ask claude to create a project and they all had the .env file passed to the frontend container. It's a major security flaw

AI is building insecure apps and founders are paying for it. Literally. I just spent 10 hours debugging a client's AWS server. They got a $3000 bill because of a vulnerability AI introduced and never flagged. If you are running Next.js and Docker, do this right now. 1. Check if you are on Next.js below version 16.2.4 2. Confirm with your dev if your entire .env file is being passed to Next.js via Docker 3. Ask AI to scan your project for RSC vulnerabilities that allow attackers to access your nextjs server This is especially critical if AI built your project or you are vibe coding. LLMs are backdated. They do not always use the latest, most secure versions. If AI created your containers, ask it to check for RSC vulnerabilities immediately. If the vulnerability exists, rotate all your env files and consider taking the server down entirely. Everything on a compromised server should be treated as exposed. Do not wait.

@CaptainInsightX With my years of experience checking logs first to get the actual error but timeouts are usually caused by external dependency. Especially if you are on vpc

Backend interview question: Your API was working perfectly yesterday. Today, every request is timing out. The team says nothing changed. What do you check first?

@eyodesigns201 😂😂😂

NDA? Okay But don't mistakenly owe me Na Full Disclosure you go see next

@gozkybrain4u I usually have these issues most of my works based on strict NDA and don't know what to do

The only real world project in my portfolio without a strict NDA does not want to renew their hosting ke?

@KalyfaMuhd Show me the way, How to make 1m

all you need to make $1m in 2026

@SirmonyD001 What are you installing

“Npm install” My system no gree on since🙂

@pcshipp Depends on business needs and what's most available

Hey devs, which will you build first? - Frontend - Backend

@Gamingtronium Relying on IP addresses is insufficient because of proxy rotation. In production, I would implement Layer 7 rate limiting keyed by User IDs or API Keys. For unauthenticated traffic, I’d use Device Fingerprinting and TLS JA3 signatures to identify unique clients.

Interviewer: Attackers bypass your 'Rate limiting' using multiple IPs. How do you protect your API in production?

@SidJain_80 Speed, scalability

As a developer, what do you optimize for? A) Speed B) Clean code C) Scalability D) “It works, ship it” Be honest.