Building a SaaS (Boilerplate)

I’ve previously mentioned a few times that I have a side business, Room 641A, where I’ve been doing some contracting and consulting. I haven’t had any work through that business yet this year, so I’ve been working on my longer term desire for the company – a SaaS offering for curated red team intelligence.

But I’m probably going about this in a very opposite way than most people would. I see a lot of people talking about how you should focus on the product part itself and then tack things on after that. But since I’m not in a hurry for getting sales (I mean, I’d love sales, but I’m not running out of money), I wanted to focus on getting things setup in a way that sets me up for success in the long term.

This means I’m doing things like setting up all the more advanced auth features up front – my app has no business logic, but you can use passkeys, TOTP, and recovery codes. There’s no business logic, but you can setup SAML to login. There’s no business logic, but I better write well-typed code.

I’m taking this slightly different strategy because I think once I get to a particular point, it will be easy to reuse this project layout for other projects and feel comfortable with the code right away. I’ve tried many other django boilerplate generators and they are all lacking things that I want, or are messy in ways I don’t like.

Speaking of django projects, I also started working on a post discussing a bunch of bad Django advice I see people give, and why I think they are bad. The first and foremost is that a lot of Django developers seem to think that “app” is synonymous with “module” – which is a misconception that can lead to a lot of pain in the future. Not sure when I’ll be ready to post it, but it’s something I’m working on.

Deleting Old Code

I’ve been spending quite a bit of time at work this last week, and will continue for the next few weeks, deleting old code that we’re no longer going to support, and simplifying things. This is my favorite thing to do. I have a PR open that deletes 31k lines of code, and that’s just the first delete out of many more coming. Reducing complexity and removing dead code is super satisfying, especially in an organization that has like 8 years of history behind it. It’s easy to keep building and keep adding new things, sometimes it’s important to look back and figure out what can be deleted.

Hugo Upgrade

I updated Hugo to the latest version this week. My builds on my server are kinda slow, over 2 seconds per build (and I build twice, once for the tor site and once for 0xda.de), and I didn’t understand what was causing it.

Well, turns out it had nothing to do with the hugo version, but I’m updated nevertheless. The reason it’s slow is because, even with the cached image manipulations, the SSD on the server is just considerably slower than my NVMe SSDs at home. So even though the existing images don’t have to be manipulated again on every build, it takes multiple seconds to enumerate the images and make sure they don’t need to be manipulated. So that was a fun waste of time.

  • Intro to Secure Shell (SSH) - My 7th episode of PROTOCOL, an introductory look at Secure Shell and some of the fun you can have with it. I feel like this is some of my best editing yet, even though I had some mistakes in my pre-production.
  • How NixOS could have detected the XZ backdoor - An interesting look at the XZ backdoor and how using NixOS can help to detect unexpected inputs / avoid published code that isn’t in the repo.
  • Offline PKI with Yubikeys - I have a soft spot in my heart for at-home PKI. Do I run one? Not at all. But I love the idea of setting one up, I think it’s a useful experience to understand securing sensitive keys. This is a 2025 version of running our own PKI.
  • Past and Present Futures of User Interface Design - Notes on the ways that we imagine the future of user interfaces.
  • Archival Storage - A written version of a seminar about Archival Storage. Important takeaway - Archiving != backups.
  • GIMP 3.0 Released - I’ve been a long time GIMP user, and the 3.0 release is pretty great. Being able to stack layer effects in a non-destructive way is huge.

Upcoming Projects

  • Defcon Call for Music/Tracks - I’m going to submit to the Call for Artists soon, which is due before the soundtrack song. But I do need to revisit the soundtrack song, I’m still not happy with my verse.
  • I want to do more live shows at hacker cons. I’ll do it for the cost of getting to the con and the hotel room. If you, or someone you know, is organizing hacker cons and wants some new live nerdy rap shows, please reach out. You can contact me at any of the links on my homepage.