I cannot use Stripe in my country but I needed some payments infra, I found Dodo Payments to be a good solution right now. Hopefully it stays that way.

Good DX and it's available in countries where Stripe isn't.

https://dodopayments.com

Hey everyone!

We are very excited to announce that you can now install Huzzler on your mobile device and receive push notifications. We have opted to use a PWA instead of a native app as we plan on shipping as many features in the coming weeks (problem / solution directory, accountability, marketing guides..).

To install the app: Simply visit the Huzzler homepage on a mobile device. A popup will appear with instructions on how to install the app. Cheers and let me know if you have any feedback 😁

Thanks!

I've come across this website that gives you a decent amount of marketing blocks to use. Pair this with some good sales copy and you should be good to go.

https://tailark.com

I looked at starter kit made by WebDevCody and saw this rate limiter implementation.

Very easy to use and does the job, suitable for when you have only one instance. You would need something like Redis to scale this up for multiple instances.

You can check it out here -> https://github.com/webdevcody/wdc-saas-starter-kit/blob/main/src/lib/limiter.ts

OpenRouter.AI is an LLM and multimodal model inference management service.

You issue an API key once.

Then you choose which model you want to use.

Set your prompt.

Ready to go.

You can also use it for free (up to 1k requests / day)

Here's a short demo.

Hello guys. We talk about tech stacks all the time, always using the latest shiny new javascript framework. But I'm wondering. What tech stack are you actually the most productive in? Can be different from what you use now, but what can you code the fastest with?

Hi there,

I need some recommendations and guidance. I'm working on a personal project that I want to turn into a SAAS. I have no experience at building a SAAS app and I want to understand the steps to do so. Right now the backend is built in Python and I was thinking of Flask for the front end. Where should I start to take it to the next level? Thank in advance

Don't pay for Cursor or Windsurf.

Why?

Because Cline + OpenRouter.AI can you give the exact same experience for FREE (up to 1k requests/day)

I made a YT demo

new to this community. not sure if this is okay to post here but I wanted to share how quickly developing MVPs for my clients using Windsurf.

I used to lose days setting up auth, DB, styling, API routes, now I make about $4K/month just shipping MVPs fast. The secret is that I use windsurf with next.js to create a fullstack app fast. next.js is the only stack that works really well with windsurf. it can create:

• Pre-configured auth (Clerk/Supabase)
• Prisma + full database setup
• API routes ready to go
• Tailwind + shadcn/ui components
• ESLint, Prettier, Husky, commit hooks out of the box

What else do you need? I haven't had a single thing a client asked that windsurf couldn't do. I tweak a few config files (windsurf.json, .env), generate the project, and start building real features Most MVPs are live in 5-7 days. Clients love the speed.

For me, AI is not bad, it's good. It's fast made dev fun (and profitable) again. Let me know if you have any questions technical or other and ill do my best to answer them.

Let me introduce you to Groop, a product I've built out of pure frustration. Every time I wanted to meet with friends or plan a holiday it was a hassle of constant back-and-forth messaging to check who was available when.

That's why I created Groop, a simple and free solution. It works like this

• Go to groop.cc
• Create a Groop (Eg. summer holiday 2025)
• Send the link to friends
• Everyone can select available dates on a calendar
• The dates when everyone is available are highlighted in green

It doesn't get more simpler than this. No account creation required. No more back-and-forth-messaging.

Check it out: groop.cc

Hacky but useful — we just needed a UI for blog assets stored in Supabase (images, markdown, PDFs). Next.js + Tailwind. Auth, file upload, folder nav, publish button.

Nothing fancy. Just worked for us. Might work for you too.

npx create-supawald my-app

https://github.com/structuredlabs/supawald

hey, this question is mainly for the founder of Huzzler!

first of all I want to say, it's really awesome!!

a little background about me: I am an uni student learning to build products.

so, I am really interested to know a detailed explanation of tech stack of huzzler. if you can, please go into whys of things as well.

what are you using for storing images/profiles pictures and all?

looking forward to hear from the founder! :)

For those using Cursor AI, what model(s) do you use? Is claude 3.5 still king? Heard great things about Gemini 2.5 pro as well

Shipping fast feels great—until the hackers show up.

Leo Jr. learned this the hard way. He’s a non-technical indie hacker who built and scaled an app publicly, attracting attention (and revenue) with spicy takes like "AI SaaS won’t work." But the attention didn’t stop at engagement. It made him a target.

Soon after, hackers began probing his app for security flaws. And they found plenty—API keys exposed in the codebase, easily bypassable paywalls, and more. The result? Half the internet was trying to break his app for fun.

This isn’t new. Pieter Levels, Marc Lou—other big names in the indie hacker world have dealt with DDoS attacks and vulnerability exploits after their products blew up. But Leo’s case stands out because he’s not a developer. He vibe-coded his way to success without fully understanding the security side of things.

What Indie Hackers Can Learn

As someone who's also building and shipping apps fast (and not immune to these risks), here are two key takeaways:

1. Hide Your API Keys

Publicly exposed API keys are an open invitation to hackers. Store them securely using environment variables instead of hardcoding them in your codebase. If you’re using Next.js, create a .env.local file and reference the keys like this:

NEXT_PUBLIC_API_KEY=your-key-here

Then access it in your code like this:

const apiKey = process.env.NEXT_PUBLIC_API_KEY;

Simple fix, big impact.

2. Stop Using CSS for Paywalls

CSS-based paywalls (display: none;) are laughably easy to bypass. Instead of relying on front-end styling, enforce the paywall logic on the backend. If that's too complex, a middle-ground solution is to obfuscate the content using Base64 encoding and set up DevTools protection to make it harder to bypass.

3. Securing Webhooks – The Overlooked Weak Spot

Webhooks are essential for automating tasks between apps—but they’re also an easy target for attackers if left unprotected. Here’s how to lock them down:

• Use a Signature and Timestamp – Your webhook’s receiving URL must be public, but you can secure the data using a signature, timestamp, and token to create a hashmap (a key-value store).
• Generate a HMAC Signature – Link the timestamp and token values, encode them using the HMAC algorithm with your ESP’s API key (in SHA256 mode), and compare the result with the signature.
• Reject Duplicate Tokens – Cache the token value locally and reject any request that tries to reuse the same token. This prevents replay attacks where hackers repeat or misdirect the webhook action.

Here’s a quick example in TypeScript for securing webhooks:

import crypto from 'crypto';

const verifyWebhook = (signature: string, timestamp: string, token: string, secret: string) => {  
  const data = `${timestamp}.${token}`;  
  const expectedSignature = crypto  
    .createHmac('sha256', secret)  
    .update(data)  
    .digest('hex');  

  return signature === expectedSignature;  
};

Shipping Fast ≠ Ignoring Security

As an indie maker, I get it—speed matters. But security matters too. Leo’s experience is a reminder that even if you're not a developer, securing your app isn’t optional. Don’t let vibe coding turn into vibe hacking.

I’d love to hear from other makers—how are you balancing speed with security in your builds?

Let’s discuss in the comments.

I've been coding with Cursor AI for a while and it's awesome. But I still want to improve my workflow. Like when should you use agent vs chat mode, how to give it the right context?

I feel like more people should be using DaisyUI. I've used it over 5 projects and its simply amazing. DaisyUI adds component class names to Tailwind CSS, providing you with all sorts of components such modals, cards, avatars, carousels, you name it. It's ridiculously easy to use and very powerful.

Take for example uncapped.ai. It's an AI wrapper with 30+ themes. I've implemented this in only 5 minutes with daisyUI. With any other library, this would take me ages.