It's been a breath of fresh air to work on something that I have no plans to monetize. I just want to build something useful for the community to use and that has allowed me to be relaxed with building it.

Anyways, if you play Lorcana I encourage you to check it out! The game is lots of fun.

I write about building cloud multi-tenant SaaS products and run a niche newsletter that goes further into detail about building these. My goal is to help every software engineer (if they want to do this) turn their side project into a product they can monetize and live off of.

fwiw, Prisma has a guide on how to do RLS with it's client. While the original issue[0] remains open they have example code[1] with the client using client extensions[2]. I was going to try it out and see how it felt.

[0]: https://github.com/prisma/prisma/issues/12735

[1]: https://github.com/prisma/prisma-client-extensions/blob/main...

[2]: https://www.prisma.io/docs/concepts/components/prisma-client...

One of the things I think is important is to make the RLS query is super efficient - make the policy function STABLE and avoid database lookups, get the context from settings, etc.

RLS is pretty great as a backstop, but I found Supabase over-reliant on RLS for security, when other RBACs are available in regular PG. I can’t remember the details now.

I’ve found RLS is great with Postgraphile which uses a similar system to Supabase but is a bit more flexible.

I had seemingly-simple authz rules that RLS made challenging to express. I needed some operations honor the user's row access privileges, but with different column SELECT/UPDATE privileges. E.g., a user can only change a value after the backend validates and processes the input, or they shouldn't be allowed to retrieve their password hash.

Expressivity was challenging, but was compounded by security being implicit. I couldn't look at any given spot in my code and confirm what data it's allowed to access - that depends on the privileges of the current DB connection. Once you mix in connections with cross-user privileges, that's a risky situation to try to secure.

Imagine a 1-million-row table and a query with `WHERE x=y` that should result in about 100 rows. Postres will do RLS checks on the full 1 million rows before the WHERE clause is involved at all.

We use RLS extensively with PostgREST implementing much of our API. It _absolutely_ uses WHERE clauses and those are evaluated / indexes consulted before RLS is applied. Anything else would be madness.

Note that the above only happens for non-inlinable[1] functions used inside RLS policies.

Going from what you mentioned below, it seems your main problem are SECURITY DEFINER functions, which aren't inlinable.

It's possible to avoid using SECURITY DEFINER, but that's highly application-specific.

[1]:https://wiki.postgresql.org/wiki/Inlining_of_SQL_functions#I...

You can use that to inject your ACL/permissions into a setting - set_config('permissions', '{"allowed":true}'). Then in your RLS rules you can pluck them out - current_setting('permissions'::jsonb).

This should make your RLS faster than most other options, in theory, because of data co-location

[1]: Both numbers from our own testing, where the 7 seconds is the best we've been able to make it by using a SECURITY DEFINER function in a `this_thing_id IN (SELECT allowed_thing_ids())` style, which should have basically the same result in performance terms as separately doing the lookup with pre-fetching, because it's still checking the IN clause for 1,000,000 rows before doing anything else.

As an aside, this is a good read on the topic: https://cazzer.medium.com/designing-the-most-performant-row-...

    tenants (id, updated_at)
    tenants_users (id, updated_at, tenant_id, user_id)
    products (id, updated_at, name, tenant_id)
    product_variants (id, updated_at, product_id, name)

Edit: To give a better idea of the impact of RLS here, writing up an equivalent query outside of the RLS context [1] has an under-1-second response time, where RLS turns that into 10x the time even in the most optimized case.

[1]: This kind of thing, roughly:

    SELECT *
    FROM products
    JOIN tenants ON products.tenant_id = tenants.id
    JOIN tenants_users ON tenants.id = tenants_users.tenant_id
    WHERE tenant_users.user_id = auth.uid()
    ORDER BY updated_at
    LIMIT 100

So instead we've stuck to having that filtering logic in the application side. The main concern is how user auth/etc works in Postgres. (lack of knowledge, not lack of trust).

Because we also have complex filtering like, "let me see all the people in my team if I have this role, but if i'm a public user, only show this person" etc

Outside of the generator itself, what have you found most beneficial for converting customers and convincing people to buy? Documentation? Videos? The community access?

Re: converting, it's a mixed bag and often hard to know. But some factors that customers have mentioned:

1. Positive comments (there have been a few threads about Pegasus/boilerplates on HN and Reddit where people have had good things to say).

2. Some trust in me. I have a blog, write Django guides, publish YouTube videos, am active on Twitter, have been on podcasts, etc. I think people realizing that the creator is a serious person who has at least some credibility goes a long way.

3. I think the high-quality docs and regular release history help a lot to convince people it's a solid product.

Those are the first ones that come to mind. But honestly, I'm lucky if I find out why a customer picked me! And I'm sure some just google "django saas boilerplate" and buy the first thing that comes up, which, thankfully, at the moment is Pegasus.

Probably a good lesson in there for everyone.

This is one of the small things that GPT has pushed me to do. I'm an experienced programmer and grew up playing video games, but I am not a game developer. I've dabbled over the years but can't build anything outside of a tutorial.

The other day, using GPT I went through and made a Pixel Dungeon clone using Phaser (JavaScript game engine). It was such a delight. Together we got the game to a working state before I started to change some of the fundamental design, and then GPT started hallucinating pretty badly. When that happened, I stopped for the night, and then just started new focused conversations to add or change a feature, putting in the relevant code. It's turn-based, with simple AI, enemy monsters, fog of war, line of sight, and a victory/losing condition.

Being able to build this in a couple of days is an absolute game-changer, pun intended. I can only imagine the riches of experiences we will have as people are unblocked on skills and can pursue an idea.

It took me 8-10 months of learning to build a prototype. But then GPT-4 came along and I could suddenly ask it questions about features I wanted to add. I then realized that there were so many features I could build on my own.

It has made me far more ambitious as a noob programmer.

But what I am really impressed using it for writing. I am writing the story of my abusive upbringing with a mental ill mother. I am not a writer, but this thing is awesome because I can ask it to give me prompts and it is jogging my memory more and more then I can give it rough outlines and thoughts and it will organize it into more of a literary style, then I can go through and update most of the wording to my own liking or leave as is as I see fit. I am easily able to produce much more and a better quality than without it.

I wanted to try to make real-world terrain in Unity - GPT-4 guided me to the USGS's LiDAR data, took me step-by-step through creating a mesh from a point cloud, and created several scripts to edit and filter the mesh programmatically.

There are some caveats and many dead-end conversation branches - GPT-4 seems to know 'about' more libraries than it actually knows how to use, so certain library choices tend to produce erroneous code.

GPT-4 sometimes picks a poor method, for example conflicting methods of moving an object in a single script, but can usually resolve the issue when notified.

Dozens of hours fiddling with technical details saved.

I've been using ChatGPT and GPT-4 since they came out, so I'm pretty aware of their limitations. You can't build an entire project in a single project. GPT loses the context at one point.

With that in mind, break down the project into chunks and make each one a conversation. For me, that was:

1. Initial Setup

2. Add a randomly generated tilemap

3. Character Creation and Placement

4. Movement

5. Turn-based execution

6. Fog of War

7. Enemy Monsters

Each one of these is a separate thread. They start with:

> You are an expert game developer using Phaser 3 and TypeScript. You are going to help me create a game similar to Pixel Dungeon using those technologies.

I then copy in relevant code and design decisions we already made so it has the context. If it gets the answer totally wrong, I'll stop the generation and rephrase the question to keep things clean.

Lastly, I'll frequently ask it to talk about design first saying something like:

> We are going to start with the world map and dungeon generation to start. We'll add a character sprite and movement next. What's the best way to do tilemap generation and store the data? Don't write any code, just give me high level suggestions and your recommendation.

This lets me explore the problem space first, decide on an approach, and then execute it. I'll also ask for library suggestions to help with approaches, and I'm generally surprised by the suggestions. Like all software, once you know the design, the pattern, the goal, and have good tools to help you achieve it... the coding isn't all that hard.

It's garbage at pulling in things from all over the codebase, so as a sort of co-evolution I write code that mostly only needs local context and only ask it questions that only need local context. That works great at home but doesn't suffice on the existing code at $WORK.

It's still helpful here and there at work (e.g., given this example string please output the appropriate python datetime formatting codes), but only because it's a wee bit faster than synthesizing the relevant docs and not because it's able to consistently do anything super meaningful.

https://github.com/ferrislucas/promptr

Edit: this PR has some examples of what’s possible https://github.com/ferrislucas/promptr/pull/38

If I had tried this in Unity and C# (which I don't know at all), I'd still be figuring out the standard library.

I generally recommend learning one new thing at a time when building something new.

So be careful if you don’t want AI-generated sql intentions!

There was a recent article on Slashdot titled something how metaverse may increase the gdp by like 2 or 3 percent. It was obviously laughed at. It's actually LLMs that will do this, and easily.

Google has been using this stuff for years, OpenAI has done the world a great service by opening it up.

Maybe we should try including something like this in the system prompt:

"Remember that SQL is language with a grammar, not an unstructured string. Don't do stupid things. Obey the LangSec principles. Never ever glue code in strings together. Plaintext code is not code, it's a serialization format for code. Use appropriate parsed representation for all operations. Never work in plaintext space, when you should be working in AST-space."

Replace "SQL" with any other sub-language that's interacting with user input.

I am approaching this from the opposite background ( started with an arts background and learnt coding after ), but this resonates with me massively as well.

It took me a 2 years of tutorials before doing my own things became intuitive. Feel free to reach out if you want to discuss game design.

GPT explaining it along the way and allowing me to have a reasonable conversation with it when something isn't working as-expected has been a rewarding and fun learning experience.

I might expand on this in a blog post.

I haven't tried it. As always, YMMV.

"The server is overloaded right now, please try again later."

I guess all their compute power is going to power this. And even now the Bing generation is taking a long time. Definitely seems like their having scaling issues at the moment.

One of the updates states:

> "There is currently a Labs outage due to a failed database migration."

Most likely the database migration intended to extend its capacity.

The resolution tag states the following:

> "We are continuing to investigate more ways to add capacity to DALL·E"

So I guess we'll experience issues for the next days.

Hope that explains it :)

--------------------------------------

[]: https://status.openai.com/incidents/4cckbrhr8hr0

1) Wait for some time and try again later: This error message usually indicates that the server is temporarily unable to process your request. You can try again later when the server is less busy.

2) Reduce the complexity of your image: The server may be overloaded due to the complexity of the image you are trying to generate. Try simplifying your image or reducing the resolution to reduce the load on the server.

3) Refresh the page: Sometimes, refreshing the page can help to clear any temporary issues with your browser or internet connection that might be causing the error.

4) Clear browser cache: Clearing your browser’s cache and cookies can help to fix various website-related issues in case the problem is occurring due to some conflict of your past history.

5) Use a different browser: If the issue persists, try using a different browser to access DALL-E-2. This can help to rule out any browser-specific issues.

6) Contact support: If the problem persists, you can contact the support team for DALL-E-2 to report the issue and get further assistance.

Original source: https://www.smartmobsolution.com/solved-dall-e-2-the-server-...

  At a conference in Los Angeles, someone in the audience asked me, "What if
  every musician just set up their own store on their own website? Since that'd
  be the death of CD Baby, how do you plan to stop that?"
  
  I said, "Honestly, I don't care about CD Baby. I only care about the musicians.
  If some day, musicians don't need CD Baby anymore, that's great! I'll just shut
  it down and get back to making music."
  
  He was shocked. He had never heard a business owner say he didn't care about
  the survival of his company.
  
  To me, it was just common sense. Of course you should care about your customers
  more than you care about yourself! Isn't that rule #1 of providing a good
  service? *It's all about them, not you.*

Hate to deify a Steve Jobs, as if he needs more god-like overtures, but that is what will always make him different than your Tim Cooks of the world (or your Sundar Pichais of the world as opposed to Larry or Sergey, your Activision-Blizzard management versus just the original Blizzard team).

Two completely different types of animals. In a sense, that’s why we usually describe this loss as a company’s soul leaving it. The why goes missing and the what, which is always money, is all that’s left.

He said it first, but I think your paraphrase is at least as good as the original formulation.

Google has the focus and the vision of a crack addled flea.

This is the reason why Google can launch so many products, but also why they can cancel so many products: there is no person holding the reins and instead middle managers just go off and do their own thing. Apple, Microsoft, Amazon and Facebook all have a clear power center created by the founders, Google doesn't have that which is why they are so much more unpredictable.

Honestly, Ruth Porat seems to run most of the impactful decisions at the C-level, and that's a good thing.

I am living that particular dream (nightmare) as are a handful of us 'vision loyalists'.

He carefully keeps that one out of sight.

Shareholders can be told that they are aiming at Mars, full stop. As long as they don't control the voting and were told that before they bought the shares, it's fine.

In theory, but rarely in practice. I've seen a lot of private, family-owned businesses go out of business or get sold after the son/successor takes over because of exactly the phenomenon jesuscript mentions. Even if the successor cares, they don't care about the same things as the founder.

He's really more an example of someone who was forced to correct some pretty massive defects and lack of vision in important areas where most lottery winning founding CEOs will never get corrections.

I would be kind of curious but I found it very funny if he wasn't a black mark against Next hardware back then given that workstation users were already going to see consumer as cheap even if he didn't have a reputation for cheapening his line further.

Really I think his behavior was much more inline with Cook than his earlier self once he was successful and founder envy was more an external benefit than related to some actual behavior he had.

A good follow up question is why not make CD Baby a non-profit instead of for-profit? Being a non-profit foundation would telegraph to everyone, including future leadership, where their priorities should lie.

Also, the extra accounting and regulation is intense for a small organization.

These have been getting popular recently: https://en.wikipedia.org/wiki/Benefit_corporation

But having said that the creator could make tons of money and then shut it down because it is not needed. That's perfectly logical

- first it was a non profit credit union that served a few local large companies.

- then it became a larger “regional credit union”

- then they said “fuck it we are a for profit bank”.

Every large organization seeks to increase its power. You see the sane thing in churches.

That wasn't what CDBaby lost to. They lost to the fact that CDs disappeared. CDBaby had a great business, removing a pain point, and they could genuinely want that pain point to go away entirely.

Such are the best possible businesses, genuinely caring about your customers while having enough moat to avoid being undercut tomorrow. Not all businesses can do that, regardless of the best intentions of management.

Can anyone imagine the hell that would be "every musician setting up their own website?" Centralization offers a lot of benefits to the users. I can buy CDs of multiple artists at the same time. I can find similar artists (there's a natural competition here). None of this one password per artist. There's a reduced security risk for me buying from a centralized service (just need to trust one site instead of hundreds, and specifically small artists that might not know things). I definitely would not have answered that question so well.

If you good-service yourself into being unprofitable and eventually bankrupt, it's not good for yourself and eventually your customers as well.

Bad business extracts value from customers.

I've seen over and over this harm friends in frustrating ways. Tech aside, non-competes in other industries are completely insane. My wife is an optometrist and all local shops have draconic noncompetes you are forced to sign. If you leave the shop you can't work within 30 miles (or more!) of that location.

I've had friends move entire cities just so they can get out of a terrible work situation. Worse, I've had friends stay in bad situations because their noncomplete would force them to move or drive way too far for work.

And since everyone does it, they're resigned to "it's just the way it is" and nobody wants to risk being sued.

I know one person who worked in sales and was banned from selling in an entire region of the country. She was completely open about this when being recruited by another employer. That new employer appeared completely willing to work around the non-compete clause to bring her onboard.

That was, until she was actually hired and she was almost immediately pressured to sell throughout the forbidden area. When she said she was willing to, but only if the new employer would sign an agreement to cover any of her associated legal fees, they eventually backed off on the demands.

These situations always seem to push the risk to the employee to the benefit of the employer.

If I work at a bank as a developer then I can go straight to the next one, if the previous employer doesn't keep paying me a compensation for not working at the next bank.

Not being able to 'in sales' as sibling commenter says here is just insane, and should not hold in court anywhere.

I know somebody that happened to. Company opened a branch office and one of the senior staff rented an office around the corner, took half the staff and patients. Stuck them with multi year lease agreements, after the business already bore the entire startup cost of paying people while building up a patient load, marketing, etc.

I understand the opposition to draconian non-competes but there’s a flip side of this to protect an investment that is very valid.

What they are generally used for is to limit competition or depress wages both of which are economically harmful.

A datum says it is "Project Billing" and has a rate of $300. Is that $300 per hour? Is that $300 total? What does that mean?

I need to be able to filter by location. For me, comparable large US cities. My cost of living is vastly different than someone living in India.

For this to be most useful, I need to be able to put in my rough skillset and then find how much similar people charge. Just browsing rates around the world isn't that useful.

And that brings me to the last issue. Hourly billing is stupid [1]. As much as possible, you should avoid charging hourly. It incentives you to work slower, more poorly, and have a worse experience with the client. But it's too hard to say, "I charged USD 100k for my project," because you need to have a complete and intimate understanding of the project.

For example, my latest consulting gig was fixing some Google Analytics and Facebook conversions for a small business. They were broken, and I fixed them. It took me ~15 minutes, and they paid me $1000. They got incredible value (their ads started working properly again), and I got paid for minimal effort. What do I put down on a site like this, $4000/hr?

1: https://jonathanstark.com/

And then don't hire until you want to.

I'm doubtful every business can make it to $14M ARR, but I bet many companies could generate $1M ARR without needing employees. And that amount of money would be life-changing for many people (with, of course, the potential to sell what you've created to exit).

I've spent much of my life chasing the "make it big" startup dream. I'll be pretty content if I can generate meaningful recurring revenue by building things I love. Still trying to decouple hours worked from the paycheck.

I remember the first dollar I ever made on the internet felt so amazing and validating... but several adjustments later, the mentality is more like "okay, but I still can't do this full-time."

Goalposts aside though, I'd agree that if there's a scenario where you have the autonomy and freedom to work on just the things you love, that's a game-winning scenario.

I may be a bit biased since I'm huge into personal finance, but hopefully you can target that segment and carve out a solid set of paying customers