DEV Community: Lyra_TinyStrack

My project was selected for the shortlist of the UN Global Hackathon on Using AI for Digital Trade Regulatory Analysis

Lyra_TinyStrack — Wed, 03 Jun 2026 14:47:30 +0000

On May 31, I received an email that meant a lot to me.

My project was selected for the shortlist of the UN Global Hackathon on Using AI for Digital Trade Regulatory Analysis, among 129 teams from 30 countries.

As a self-taught indie developer without a computer science degree or big-tech background, seeing that email was both exciting and surreal.

But the real challenge started after the acceptance.

Over the past few days, I've been studying the competition framework, regulatory datasets, and evaluation criteria while building an AI research agent that can crawl, parse, and analyze digital trade regulations across different jurisdictions.

Today, after an entire day of debugging, I finally got the Singapore legislation pipeline running end-to-end.

Along the way I discovered that:

• The main legislation page doesn't contain the actual provision text
• The real content is hidden behind a specific provision endpoint
• Sections and subsections require custom parsing
• Multiple date fields can break metadata extraction
• A 200 OK response doesn't always mean you have valid content
• Status pages can easily masquerade as real legislation pages

The funny part is that a few months ago, I probably would have assumed:

• My VPS was blocked
• My IP was banned
• I needed residential proxies
• I needed Playwright and stealth tooling
• I needed another dozen scraping libraries

Instead, the solution turned out to be much simpler:

A correct URL is often worth more than ten proxies.

One lesson I've learned as a developer is that the biggest obstacle is rarely technical complexity itself — it's the wrong assumptions we make before investigating the problem.

Back to building. More countries to support, more regulations to analyze, and a lot more work ahead.

My site got indexed by Google in 3 days — and landed on page 1

Lyra_TinyStrack — Wed, 22 Apr 2026 15:59:01 +0000

After my server got hit by cryptomining malware, I spent 2 weeks rebuilding and migrating products instead of thinking about SEO.
Finally submitted the sitemap on April 14. Google indexed it on April 17 — just 3 days. Homepage came in at position 10.2, right at the bottom of page 1.
I'm a self-taught solo developer building a micro-SaaS portfolio at saaslic.com. No CS background, no SEO knowledge — just learning as I go.
Two questions for the community:

How do you push a new site from the bottom of page 1 into the top 5?
Running multiple products under one domain — does that help or hurt SEO?

Any advice welcome!

I got confused by my own SaaS — here's what I'm fixing

Lyra_TinyStrack — Thu, 16 Apr 2026 00:26:36 +0000

I've been building LicenseKit, a software licensing system, for the past couple of months. Today I tried to use it to protect one of my own tools.
I created a Project. Then I went to the Licenses page to grab a license key. Got "license not found." Tried again. Same result.
Twenty minutes later I figured it out: the Projects page and the Licenses page are two completely separate silos. To actually generate a license, you have to create the project inside the Licenses flow — not in Projects. The Projects sidebar item exists mostly to configure webhooks.
I built this thing and still got lost on first use.
That's the clearest signal a UX is broken.
The fix: rebuilding around a Project-centric model. Click into a project, see all its licenses, devices, verification trends, and webhook config — all in one place. No more jumping between pages.
Shipping the update soon. Will post a follow-up when it's live.

I Found 30+ Security Vulnerabilities Across My 11 SaaS Products

Lyra_TinyStrack — Thu, 16 Apr 2026 00:13:01 +0000

After reading a post about vibe coding risks, I did a full security audit across all 11 of my self-hosted SaaS products.
Here's what I found and fixed:
Authentication & Rate Limiting

No rate limiting on register/login routes → added IP-based limiting

Authorization

Missing auth middleware on several API endpoints → patched

Demo Mode

Demo accounts could bypass restrictions → fixed permission checks

Database

Over-privileged DB users → tightened to minimum required permissions

All running in production for 3 days before I caught this.
If you're shipping fast with AI assistance, don't skip the security pass.

I shipped 8 new features across 2 SaaS products this week (and finally got payments working)

Lyra_TinyStrack — Mon, 13 Apr 2026 23:17:52 +0000

Been heads-down building this week. Here's what shipped:
MailTrace — Email Tracking SaaS

🐛 Fixed a embarrassing bug: the tracking pixel route /t/[trackId] existed as a directory but was completely empty 😅 It's actually tracking now
🌍 Geolocation — see which country opened your email, with flag emoji
🔔 Open notifications — get an email or Webhook fired when someone opens
📥 CSV export for all open records
✏️ Template variables with live preview — write {{name}} and see it replaced in real time

TestimonialWall — Social Proof SaaS

📧 Request testimonials via email directly from dashboard
✨ AI polish for testimonials (Pro feature) — one click to clean up awkward phrasing
📝 Approval workflow with internal notes — leave context when approving or rejecting

The big one 🎉
My payment processor (@creemhq) just got fully verified today after weeks of waiting. First time I can actually charge users properly.

Both tools have demo mode — no signup needed, just click around.
Would love feedback from this community — what would make these more useful?
👉 mailtrace.saaslic.com
👉 testimonialwall.saaslic.com

I got cryptomined 5 times in 10 days. Here's my story 🧵

Lyra_TinyStrack — Fri, 10 Apr 2026 18:43:00 +0000

I got cryptomined 5 times in 10 days. Here's my story 🧵

It started with my CPU suddenly hitting 100%.
I had no idea what was happening. I asked Claude "why is my CPU maxing out?"

That's literally the first time I heard the word "cryptomining."

Ok, easy fix. Just switch to my backup server, right?
Got mined again.
"Ok FINE. I'll just switch hosting providers."
Migrated ALL my products. Took forever. Had to — I needed to keep everything online.
Got mined again.
This was my life for 10 days:

Get mined
Migrate all products to keep them live
Rebuild the server from scratch
Feel relieved
Go to step 1 I did this 5 times. I am not a fast learner apparently. 😅 Finally I started to think maybe the problem isn't the servers. I scanned my local machine. Every single .exe file: infected. 🫠 The culprits? A cracked audio plugin. And one time I couldn't install Windows myself so I let a stranger remote into my PC. Classic. Fresh Windows install. Fresh servers. Hardened everything. Ran clean for 2 whole days. I was so proud of myself. Then I deployed a new project and installed one package. You already know what happened. The lowest point: I woke up at 3am in a panic, jumped out of bed, sat down at my computer, and started frantically pressing keys. The screen wouldn't turn on. Because I was still asleep. It was a dream. I have been dreaming about getting cryptomined for over a week straight. "My therapist says this is normal. I don't have a therapist." Anyway. Here's my "never again" checklist. 25 items. Each one is a scar. 🔒 Server hardening: ✅ Dedicated user, root login disabled ✅ Ed25519 key auth, password login off ✅ SSH on a non-standard port ✅ UFW firewall, only necessary ports open ✅ IP whitelist, only my fixed IP can connect ✅ Fail2ban against brute force ✅ Automatic security updates 📦 Deploy pipeline: ✅ npm install --ignore-scripts ✅ Review package.json for suspicious packages ✅ npm audit, fix all vulnerabilities ✅ Check for xmrig/scanner_linux and other malware ✅ npx tsc --noEmit ✅ npm run build ✅ pm2 restart 🗄️ Database: ✅ MySQL bound to 127.0.0.1 only ✅ Separate DB user per product ✅ Passwords hashed with bcrypt 🛡️ App: ✅ JWT auth (jose) ✅ Full HTTPS + wildcard cert ✅ Cloudflare proxy hiding real IP ✅ Docker container isolation ✅ PM2 process management And yes, I back up to 2 external drives now. Immediately after every deploy. Don't @ me --- Most security guides are written by people who read about attacks. Mine was written by someone who lived through 5 of them in 10 days. --- I'm a self-taught solo developer from Inner Mongolia. Two months ago I didn't know what cryptomining was. Now I've survived it 5 times and I'm still shipping. Some days that's enough. 😅

How I run 10 SaaS products on $44/month (Nginx + PM2 + 2 VPS)

Lyra_TinyStrack — Mon, 06 Apr 2026 11:42:58 +0000

I'm a self-taught developer who shipped 10 SaaS products in 25 days. Here's the exact infrastructure setup that keeps my costs at $44/month.

The Stack

2 VPS servers (Hong Kong, ~$17/month total)
Nginx reverse proxy
PM2 process manager
MySQL (Docker)
Next.js 15 + TypeScript
Claude subscription (~$20/month)
3 domains (~$2.5/month)

One Domain, 8 Products

Instead of buying a domain per product, I use subdomains:

testimonialwall.saaslic.com → port 3004
mailtrace.saaslic.com → port 3001
statuspulse.saaslic.com → port 3002
feedbackbox.saaslic.com → port 3003
...

Nginx routes each subdomain to the right PM2 process. One SSL wildcard cert covers all of them.

PM2 Config

Each product runs as an independent PM2 process. If one crashes, others keep running.

pm2 start npm --name "testimonialwall" -- start
pm2 start npm --name "mailtrace" -- start
# etc.

MySQL in Docker

One Docker container runs MySQL. Each product gets its own database and user. Isolated, easy to backup.

docker exec -it mysql mysql -u root -p
CREATE DATABASE testimonialwall_db;
CREATE USER 'tw_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON testimonialwall_db.* TO 'tw_user'@'localhost';

Backup Script

One script backs up all databases + code + SSL certs into a single tar.gz.

bash ~/scripts/backup.sh
# Output: backup_2026-04-06.tar.gz (1.5G)

What I Learned

You don't need Vercel + PlanetScale + Clerk + Resend. A $8/month VPS and some patience gets you further than you think.

Total cost breakdown:

2x VPS: $17/month
Claude: $20/month
Domains: $2.5/month
X Premium: $4/month
Total: $43.5/month

10 products. All live. All on this setup.

tinystrack.com