10 comments

[ 2.8 ms ] story [ 40.3 ms ] thread
I found myself in a similar situation with a budgeting app I wrote. Initially I was planning to make it public but the idea of dealing with people's financial data and paying for all the infrastructure caused me to change my mind.

Instead I've been exploring a strange idea of using sqlite client side. People would save their data to a sqlite file that gets downloaded, then when they come back, drag the file back onto the browser to pick up where they left off. A little awkward, but 100% client side, side skirting most of the problems.

(I realize hardly anyone would bother to use this app. But making it public with sqlite is really just an experiment. I host the app on a raspberry pi inside our home network and we use it that way.)

FWIW I've seen many open source projects like this.

edit: by like this, I was referring to using data/requiring local setup like this

Do you remember any names? I've not seen a project do this with anything other than localstorage.
I'll look and report back if I find them. Here's one I came across this morning, in a similar vein:

NotePlan 3, a note taking app that uses local markdown files.

fwiw balena has a "public url" feature. still host your app on your raspberry pi and balena will give you a public url that proxies to your Pi. Simple for sharing apps with friends and family on other networks. Let's hope it doesn't make it to front page HN though >_<

full disclosure: I work for balena as a backend engineer

That's basically exactly what I did with this app for the demo mode, except it imports/exports JSON.
I've found myself in situation as well. Does anyone have advice on how to deal with the fear of handling users/user data for a product that you think people would love?

Is it incorporation for liability protection?

Terms of service docs that state nothing is hack proof?

Getting the right liability insurance?

In depth penetration tests prior to launching and continuously thereafter?

Continuously monitoring for suspicious activity on a server to detect hacks?