I worked with Capricorn [1] for several years, and these topics were always top of mind there.
They have the goal of making money first and foremost, but subject to the investments themselves being good for society, and serving LPs who do the same. E.g. they work closely with Skoll Foundation [2] and Skoll Global Threats Fund [3].
Another fund that we worked closely with was Omidyar Network [4]. They have more of a hybrid model of investing + philanthropy under one org. It meant they could do some projects that we couldn't at Capricorn, but also made it harder to measure concrete outcomes, which LPs tend to want.
We really wanted to use this, but having an appointment link creates a permanent vertical "event" in your own calendar that you can't get rid of. So adding multiple appointment links (e.g. one for 30mins and one for 60mins) completely destroys your own calendar view.
Thank you! That's such a strange place to put it. Silly me, looking on the "Settings" > "View options" page instead of the button that says "Week".
Edit: doesn't look like there is the equivalent option on mobile, so unfortunately appointments still nukes my phone calendar usability, which is also a deal breaker.
> Large companies didn’t want it enough to deal with our lack of “big company features” (enterprise SSO, compliance certifications...
> We spent a bunch of time on multi-tenant infrastructure...
I'm in a position where I talk to SaaS businesses all day about both of these. Probably over 1,000 at this point.
We help a lot of these companies add the enterprise features they need, but it's often a shame to hear they're just going to do standard login or build multi-tenancy themselves. Trying to sell to enterprises without meeting them where they are on login & compliance is asking for failure.
I think a lot of founders and early employees are true believers in their value prop, and in this case it blinds them to the fact that there are people in the world like enterprise CSOs who simply don't care and will shut down a product for any number of security reasons. You have to check the boxes, and figuring out what those boxes are on the fly is painful and costly.
"build multi-tenancy themselves".... this is a weird thing to say. In the modern day, what product company builds single-tenancy..? Even if a customer explicitly wants it, you can make multi into single easily. The other way around is difficult.
Depends on the app and the context. A lot of apps need multi-tenant access control but not necessarily separate containers etc. In those cases, "adding" multi-tenancy means maintaining an Organizations table, a Roles table, and a table to map them to Users.
Maybe it's just different worlds, but in my world people wouldn't consider an app using isolation via containers etc "multi-tenancy". It would be a single-tenancy application. But I guess there are are hybrids these days with such granular database options in the cloud etc.
Question about multi-tenancy - do you recommend starting with a single-tenant approach, or are there off-the-shelf options for multi-tenancy that you'd recommend using, instead of building it from scratch?
Clerk is great for new builds in the react ecosystem. We focus on more complex use cases where there are multiple user types (e.g. freemium, enterprise, partner, internal), multiple applications, or both. Having everything in one system removes a lot of tech debt and helps teams move faster.
And by "happy to chat" I meant by my email in my bio (which I just added to the public part), if it'd be helpful!
I'd love to hear more insights about on this. I'm just kicking off a B2B SaaS, have a rough idea of the checklist in my head, and am trying to balance core tech development with box checking.
GDPR & ISO27001 compliance are the important ones, but depending on the industry there maybe others (HIPAA for example). You need to hire an advisor and start writing everything down. Being able to hand over compliance documentation along with proof of an audit is absolute gold. If you don’t do this, be prepared for a mini-audit on every sale (if you get that far).
Sales to governments will likely come with even more compliance requirements, national security audits, and potentially staff vetting. It’s not worth it early on unless you’re really well funded.
Compliance does actually scale with the business, so it’s not particularly onerous at the start. Although it can get out of hand if you’re not careful. Compliance should be pragmatic.
SSO is clearly one of the major factors for integrating anything into an enterprise organisation. Their IT team will want to have complete control over who has access, when somebody leaves the company they want to make sure that they can shut them down immediately, not have to reach out to third-party providers, or login to multiple systems. Ignore this at your peril.
Independent penetration tests are also really important.
You can usually resist requests for self-hosting or multi-tenancy if you have all the above, but not always. If they don’t think you’ll be around tomorrow, then they won’t touch you.
If you are going after enterprise early, I highly recommend putting them on their own system instead of in a multi-tenant system.
Enterprise wants 30 days of immutable db backups?
They need to be able to rollback within X time?
They want guarantees that other people won’t affect them?
This all becomes easier if you turn it from an engineering problem to an operations problem.
Enterprise really cares about how you operate in order to guarantee they won’t be negatively impacted by your system. SOC2 is much more about your operations than anything else.
My recommendation: have a multi-tenant system for the plebs and bespoke deployments for the enterprise. Save yourself the headache of trying to satisfy both with the same infrastructure.
Balsamiq is already so cheap. We use it for our business and every time it renews I just think they could be getting 5-10x what they are. That in turn helps drive a better business and product.
Balsamiq is a per month subscrtiption isn't it? Personally, I need a tool like this once per year or sometimes even less. So if Konty was a one off payment of $20-30 I'd be more inclined to purchase.
It feels like there is an analogy here with Yahoo! and the early days of going from curated lists of websites to search algorithms. Do you think of LLMs in a similar way? I.e. some kind of model ranking score that companies could eventually game?
I'm not sure what the SEO equivalent would be here...
Great analogy, I'm not sure tbh. I don't think we will see quite as many unique models as we see unique websites, but I do think we're going to see an increasing number of divergent and specialized models, which lend themselves to routing. I guess the SEO analogy would be "tricking" the neural routing function into thinking your LLM is better than it actually is, there are many techniques already to hone in on neural net weaknesses. Definitely interested to see how the space evolves!
Ellipsis increases the quality of code a developer brings to their teammates, meaning fewer PR comments, meaning the team ships faster. It's not a replacement for human review. It's most often used by the PR author after a self review but before asking for reviews from human teammates.
Ellipsis will use your existing lint/test commands when making code changes. For example, you can leave a comment on a PR that says "@ellipsis-dev fix the assertion in the failing unit test" and Ellipsis will run the tests, observe the failure, make the code change, confirm the tests pass, lint-fix the code, and push a commit or new PR
The product works on draft PR's too, but not on local.
Sometimes reviewers rope in Ellipsis by asking questions (we also support natural language Q&A about a PR) or by having a design discussion via GH comments and then assigning the change to Ellipsis
This looks like a nice project, though it's a tricky problem. For auth, MAU is only one axis and is applicable mostly for B2C with basic authentication needs.
Do you plan to add feature configuration as well (e.g. custom data residency, GDPR, SAML), or will you keep it pretty high level?
Also, are you open to a PR to add Userfront to the auth pricing?
You make a valid point. Currently, the authentication comparisons are primarily based on MAU pricing, which doesn't account for the different features and target markets of each provider. It's not entirely fair to directly compare Firebase, Auth0, and Clerk, as they cater to different needs.
In the future, I plan to add a system to better document the advantages, trade-offs, and pricing breakdowns of each auth provider, to provide a more comprehensive and accurate comparison.
Regarding the inclusion of Userfront in the authentication pricing comparison, my current focus is on the most established providers. However, I am open to expanding our list in the future. Feel free to submit a pull request; I will certainly consider it and add it when we start including more providers.
TL;DR author's dad was silly enough to think that people who don't like wine are intellectually inferior. Author learns about taste buds and finds closure.
They have the goal of making money first and foremost, but subject to the investments themselves being good for society, and serving LPs who do the same. E.g. they work closely with Skoll Foundation [2] and Skoll Global Threats Fund [3].
Another fund that we worked closely with was Omidyar Network [4]. They have more of a hybrid model of investing + philanthropy under one org. It meant they could do some projects that we couldn't at Capricorn, but also made it harder to measure concrete outcomes, which LPs tend to want.
1. https://capricornllc.com
2. https://skoll.org
3. https://skoll.org/jeff-skoll-group
4. https://omidyar.com