
Ask HN: Thoughts on developing SaaS with open sourced code? - ge96
Today I heard about how if you use GPL licensing you have to be able to show your entire codebase if someone asks for it.<p>With regard to how easy it is to just `npm install some-library` and `create-react-app`... I&#x27;m wondering if I develop a SaaS should it just be open eg. public repo.<p>My concern is you&#x27;re not going to have &quot;obscurity&quot; as a security layer, I&#x27;m not saying you should trust that. But when you have your schemas clearly defined, routes exposed, etc... doesn&#x27;t that mean it&#x27;s easier to try and break in?(means do a better job)<p>But I have a SaaS project in mind and it would be pretty complex regarding having multiple-users, real time connection, payments, etc... but thinking about the whole licensing thing.<p>edit: when I say &quot;open sourced code&quot; in my title, I mean the SaaS code itself that I would develop is freely readable&#x2F;all of it, down to auth&#x2F;payment system(Stripe usage).
======
Jugurtha
If your concern is the lack of obscurity as an added security layer, you can
look up "security through obscurity". It has a Wikipedia entry[^1].

If your concern is about the marketability of your application if the code is
open source, you can read more here[^2].

[^1]:
[https://en.m.wikipedia.org/wiki/Security_through_obscurity](https://en.m.wikipedia.org/wiki/Security_through_obscurity)

[^2]: [https://en.m.wikipedia.org/wiki/Business_models_for_open-
sou...](https://en.m.wikipedia.org/wiki/Business_models_for_open-
source_software)

~~~
ge96
I guess obscurity in my case would buy me time if anything before
vulnerabilities are found if anyone tries. I just think if your code is fully
open, then anyone can be like "Oh he's not aware of this" and then boom... but
if it wasn't open, the threat is still there, guess who knows when it will be
found. I was looking at auditing too/maybe some kind of pen testing. I have
some time still but yeah.

~~~
Jugurtha
You are trying to come up with a witty come back to an English speaking dragon
who's hitting on your pregnant humanoid girlfriend on your way out of a
restaurant on Mars. Many things have to happen before we get there, and
supposing it ever happens, your response will probably be muffled by a passing
rocket.

You are thinking about pentesting and auditing code that does not exist, to
find vulnerabilities that don't exist yet, not to piss users that don't exist.
This is the definition of Aikido.

So... Before building the "Software" in the "Software as a Service", first
find if there are people who are interested in the "Service".

Who are your users and how many have you talked with? Are you your own user?

~~~
ge96
I wasn't sure if that first part is a quote from somewhere ha.

> Aikido

really? the martial art?

The last bit, I am aware of that "Make a landing page and sell something that
doesn't exist" (mailing list/get people signed up)

This was a thing I personally would use, but then I saw something out
there(Figma) that's way better than I could ever hope to make wow... the art
alone just wow.

Anyway I have some other personal projects but they're nothing... I'm also
aware of "competition can be good, means there's a market". I scour the indie
hackers site/listen to entrepreneurs etc...

The truth is... I don't have a product... I'm unfortunately not that guy and I
don't know why. I think I'm not around people enough or something where an
obvious problem can present itself. So at this time I'm just the guy people
tell/ask to build stuff.

I find it interesting though, I go on a freelancing/outsourcing site and there
are all these random projects "I need so and so to build this"

And I know... you want to incrementally release, even if it means potentially
building in tech debt. I am working on an app and I made a bad decision on a
storage but this thing was released/prototyped in weeks vs. the years it was
getting worked on.

I don't know, I hope I figure something out because I do want to work for
myself eventually.

~~~
Jugurtha
> _really? the martial art?_

No, the thing people who don't want to do martial arts do with friends who
fall and roll ovef on cue.

> _The last bit, I am aware of that "Make a landing page and sell something
> that doesn't exist" (mailing list/get people signed up)_

I wouldn't do that, but to each their own.

> _This was a thing I personally would use, but then I saw something out
> there(Figma) that 's way better than I could ever hope to make wow... the
> art alone just wow._

Have you thought of joining them?

> _Anyway I have some other personal projects but they 're nothing_

You don't know. Finding and evaluating ideas is the subject of many writings.

> _The truth is... I don 't have a product... I'm unfortunately not that guy
> and I don't know why._

You're not which guy, exactly?

> _I think I 'm not around people enough or something where an obvious problem
> can present itself. So at this time I'm just the guy people tell/ask to
> build stuff._

We have profitably executed ML projects for large organizations, from problem
scoping, to data acquisition and sometimes building hardware for that, to
model training, to building a custom enterprise application to load and use
these models, to the mobile app that goes with it. Being the company clients
_tell /ask to build stuff_ across several sectors through the years exposed
"meta problems", and now we're building a product to solve these problems.

So, you're the guy people _tell /ask_ to build stuff and that gives you data,
and it is up to you to extract insights and develop product. I'm sure you
presented work to someone and they didn't care, except for the thing that took
you a couple of hours to write.

Also, maybe you can start a company and build things for enterprise, not as a
natural person, but as a legal person. It's not `ge96` that will do the
project, it's `ACME, LLC/LTD/s.a.r.l/GmbH`. This could give you a cushion
while you figure things out.

> _I don 't know, I hope I figure something out because I do want to work for
> myself eventually._

Well, running a company means you work for everyone.

~~~
ge96
> Have you thought of joining them?

Haha JOIN US... that's an interesting thought, I don't know, overall it's not
my thing, but it's pretty cool/impressive how close it is to a working app.

> You're not which guy, exactly?

The idea guy, you know, the guy with the plan, delegates to people like me who
make the plan into code. I don't know what is the value/the thing to solve.

Man that sounds awesome the ML stuff, I have not gotten into that at all yet
other than watching some basic talks.

> maybe you can start a company and build things for enterprise

That is a thought, isn't that funny, like when I was working for a web agency,
there was the fancy/flashy boss but it was me that actually made the thing.
Granted the boss is who sold the idea to the client.

> Well, running a company means you work for everyone.

Yeah, I mean savings/investment return, then my own schedule, do whatever I
fancy... that sort of thing. FiRe + a couple companies.

I see your point though, and you don't have anyone to hide behind maybe the
LLC at the very least.

Thanks

------
saluki
Use MIT licensed open source in your SaaS.

Keep your SaaS source private.

~~~
ge96
thanks, I think you can list out stuff used in NPM right? I'm mostly using JS
for my stuff and MySQL/MariaDB. I can use Postgres too.

