> You either have a skill issue, or you are deliberately solving problems other than the thing you actually want to solve, which you do not mention.
Wow the first one is quite judgmental. FWIW, I'm the same way, I like writing some code, but definitely not all code. Writing CRUD boilerplate for a schema? No thank you, AI is more than welcome to take that.
I derive my joy from getting something done, making it actually usable by the business side, and ultimately have it to generate revenue.
It's true that building an MVP is a lot easier than creating a polished product that would scale to tons of users. I would even say that the skill set needed for the two are significantly different. Somebody trained at quick prototyping of full stack app may not have the skills to scale it for thousands of concurrent users and vice versa. But isn't that the reason behind raising funds? If the product demand is proven, funds can be raised to polish and scale the product out.
"Speaking as a dev with over 12 years of experience in both dev and ops"
I think you aren't the target market. The target market is probably people who are new to coding or even self-taught indie hackers who aren't too technical but oriented towards building a product as quickly as possible
OK I have been the ultimate decision-maker in a number of SaaS vendor selection situations so I am the target market for people who would build an offering using this. I can tell you that multi-tenant shared anything is pretty much an absolute dealbreaker for me and most people like me. Why?
1) In any financial regulated environment your regulator will usually specifically require this (at least in jurisdictions I'm familiar with). Am I prepared to go to battle with my regulator on behalf of a vendor? Most definitely not.
2) Even if I'm not in that situation, do I trust the vendor to have tech protections that work well enough that my customer data won't leak if there's some sort of problem, leading to a GDPR/data protection nightmare? No. No I don't trust anyone that much. I wouldn't even trust code that I myself had written that much (ie when I have built b2b saas solutions I have insisted on single tenant shared nothing). I've actually used (a demo of) a multi-tenant saas where the vendor has insisted on the security of their multitenant solution and been shown another customer's data on more than one occasion.
3) Even if I did trust the vendor and wasn't in a regulated environment which required single tenant, would I be prepared to go to war with my internal legal counsel over the data protection implications of multitenant? No. I want to keep a good working relationship with them and their life is hard enough as it is. They want single tenant shared nothing that's good enough for me.
4) Even if none of the above applies a lot of big corporates will want the option to host a solution in a cloud subaccount that they own. That's clearly not on the cards with something like this.
As someone whose background is primarily in embedded systems, how common are single tenant SaaS architectures?
The only webapps that I've released commercially were all intended for internal use by a single customer, running on their private hardware, with usually only a single login, so I'm about as far from this space as you can get and still be a dev...
I was always under the impression that most SaaS was multitenant, with the individual tenants sharing tables, but being disambiguated by customer ID. Am I that far off?
A lot of "enterprise" b2b saas systems with relatively low customer numbers, relatively high ticket price per sale are going to be single tenant. Think things like core banking systems[1] which have very sensitive end-customer data (in that case balances and transactions) in them. No bank would be allowed by their regulator to put that in a multi-tenant system even if they would want to which I don't think they would.
Also any system which could notionally be multitenant but the customer is a tech-savvy large enterprise and wants to bring their own cloud. That's de facto single tenant because they're not going to host anyone else's instance are they? So where I work there are a few saas vendors we deal with where we have set up AWS subaccounts where they have some access and they host an instance of their thing in there just for us. Saas vendors will frequently do this if the contract /client is valuable enough, so it's pretty common in an enterprise context.
I don't know, but search for "saas vendor due diligence" and you should find a bunch of stuff. Every big corp I've been in the approval seat has a different process so it's not standardized for sure but generally the basic process is the vendor sends out the questionnaire as an excel sheet and provides a box folder or something to dump the evidence in, and then there are a couple of zoom calls to talk through any questions or concerns. There are certification type things like iso 27001 and isae 3402[1] and although they make this process easier because you will rip the bandaid off and take all the pain in one hit I wouldn't recommend a startup go for those right away[2].
[2] Going for them will suck up a lot of energy, focus and time and you can't really tell which ones your clients are going to ask for in what order so there is the danger that you get the priorities wrong which would be a bad mistake in the early stage of a saas startup. So what I would recommend is you read through those and whatever nist guidelines and stuff like that and bear them in mind as you build your product, then start researching who you will get to do your ISAE/ISO27001/SOC1/SOC2 audit when you need one, then when the first client says have you got ISAE3402 (or whichever other one) you say "we're working towards it" (which is true) and as soon as you get off the call with your client call your preferred audit vendor and start the process. "We're working towards it" is an acceptable answer for most big corps because they know the process is slow (iirc it takes a minimum of 6 months for any of those because you have to demonstrate the process over time) and they are slow anyway so they don't mind it taking a minute for you to get it done. Then once you have one, the next time a client asks you for that one you have it, and if they ask you for a different one you say "we have <x> already and are working towards <y>" and rinse and repeat. It's going to be easier this time because you'll be able to repurpose some of the stuff you produced for the first one for the second and so on.
Can someone help enlightening me. In terms of preventing leaks, since we still need to ensure that the .env.keys doesn't leak, wouldn't effort still be the same?
The ability to use arbitrary filename for.env is quite nice though!
The idea is that the private key is stored outside of your configuration directory (e.g. in your OS's keychain), so your dotenv file can contain encrypted key values without leaking the value itself.
Meanwhile applying, how about working on a project that you can showcase? Use the latest popular technologies in terms of maximizing chance of getting hired.
I think it's pretty normal for hiring team to be worried to hire somebody who hasn't coded significantly for the past 3 years to do coding role.
- What do you mean by "go back to MVC"? What does "MVC" mean specifically in this case?
MVC as in Model-View-Controller.
To give more context, I'm prototyping a lot, and having to create endpoints for every single APIs is quite a chore. Also I want to avoid the overhead of having to run separate server just to host the frontend (e.g. NextJS)
I know what "MVC" _stands_ for, but I'm asking what _context_ you mean that in. Are you talking about how to define your server-side data models and endpoints? How you're organizing client-side fetching and caching?
Normally "MVC" as a concept doesn't get used in the React ecosystem (the way it did with Backbone.js).
FWIW it's certainly _possible_ to use React as a script tag, but it's extremely rare. It's normally expected that the frontend _is_ actually bundled and compiled, whether it be using a pure-SPA build tool like Vite, or one of the full server-side frameworks like Next or Remix.
Note that the SPA build output is just a set of static HTML/JS/CSS files, which do not require a separate Node server process for hosting - they can be served by any HTTP server.
My own advice would be to use Vite and build as an SPA.
_If_ you absolutely want to use React as _just_ a `<script>` tag with no build step, I'd recommend also using https://github.com/developit/htm to at least give you JSX-like syntax for writing your components.
I think the biggest problem is in the alternative OS. Non-official OSes typically are unstable that I personally find not worth the time given phone is quite important piece of communication. As others have already mentioned, certain lines and brands, such as One Plus, Google Pixels, etc have unlockable bootloader so people are free to install custom OSes.
I've been installing alternative ROMs on my android phones for almost 15 years. Never did I have any stability issues, on the contrary: the community ROMs often did a much better job than the official ones in terms of battery management, etc.
Not trying to contradict what your say, but my experience from a few years ago was:
* If you don't use a super popular model, you would have very few choices for custom ROMs
* Often custom ROMs are still at the mercy of original manufacturer for certain hardware support -- e.g. they need to release "base AOSP image" or something like that
* Custom ROMs often had random things not working, e.g. NFC not functional or cell/WiFi signal weaker than stock ROM
* Some come with certain crappy preinstalled apps. Sure you can remove them, but still annoying
* Battling SafetyNet was a cat-and-mouse game which I gave up
* Browsing xda-developers forum and following the latest reply of a 10-page, 200-post thread like back in the early 2000s was the only way to get updates of a certain ROM. OTA updates were mostly out of the question
* ... and many more added to this
I don't know how much has changed, hopefully a lot. I don't doubt if you have a phone of a popular model, you can find a custom ROM that does not make compromises and is much cleaner and better than the stock ROM. But these days I simply don't have any time for tasking the risk and messing with these things and worry WiFi might not work in some cases.
The TLDR is that a lot of people have very high myopia that causes severe eyeball elongation, which then causes retinal damage/detachment, which sadly could progress into blindness..
I myself was -5.75 and -6.25 with some non-negligible cylinders. I experienced discomfort when looking at my phone phone and reading book with my glasses on. I General check up said that my eyeball pressure and all were normal, but I know the discomfort is nothing good and can be quite serious. I read up online and found out that myopia could cause eyeball elongation, which could cause discomfort and ultimately could cause retinal damage/detachment. The discomfort I was experiencing was probably due to my elongated eyeball.
I prayed and began looking for way to work around my myopic eyes without having to get yet another thicker glasses... And I'm super thankful to have found out about this life-changing video by Todd Becker on how to reverse myopia: https://www.youtube.com/watch?v=x5Efg42-Qn0. The TLDR is that eyeball elongation (and hence myopic eyes) can be reversed in a way very similar to how strength training is conducted (hormesis). You simply need to keep wearing reduced prescription and do eye-focus exercises regularly.
It sounds too good to be true, doesn't it? I was scared too at first, and when I went to a glasses store to get a lower prescription glasses, the store attendant warned me too. But I went ahead anyway. My latest eyes exam before the attempt (back in August 2021) was -6.75 and -6.5 with -0.25 and -0.5 cyls. After 2 years of wearing lower prescription whenever possible and doing eye-focus exercise quite inconsistently (by reading on Kindle with lower prescription at a distance that causes hormesis, as explained by Todd Becker), I am happy to announce that I'm now wearing -4.5 on both eyes (without cyls) when I need almost-perfect vision, and wearing -3.5 for training purposes. I have seen people online who seem to be much more consistent reported even faster progress.
On top of those resources, I am happy to share more of my experience and the exercise I did as well. Feel free to email me at denny at nusantara-cloud dot com if you want to have a chat with me!
Writing this post just because I'm so amazed to realize that my 8 years old digital ocean require so little efforts to manage and very affordable. I feel like more people deserve to know this, especially newer engineers who are taught to use managed cloud from day 1.
Wow the first one is quite judgmental. FWIW, I'm the same way, I like writing some code, but definitely not all code. Writing CRUD boilerplate for a schema? No thank you, AI is more than welcome to take that.
I derive my joy from getting something done, making it actually usable by the business side, and ultimately have it to generate revenue.