[HN Gopher] Getting to 2M users as a one woman dev team [video]
___________________________________________________________________
Getting to 2M users as a one woman dev team [video]
Author : vinnyglennon
Score : 562 points
Date : 2024-12-17 13:53 UTC (9 hours ago)
(HTM) web link (brightonruby.com)
(TXT) w3m dump (brightonruby.com)
| quesera wrote:
| > Nadia Odunayo is the founder and CEO of The StoryGraph, the app
| that helps you to track your reading and choose which book to
| read next based on your mood and favorite topics and themes.
|
| https://thestorygraph.com/
| jumperabg wrote:
| Pretty nice, 1 dev 3 team members in total and 1 million users?
| Are there any other products with such a small team and a huge
| userbase?
|
| Does this scale and when the business requires more coding and
| technical debt comes how do they manage it?
| skizm wrote:
| Instagram and WhatsApp (pre-acquisition) were both pretty
| legendary for how small their teams were vs how many users
| their apps had. Instagram had 13 employees, and WhatsApp had 55
| employees at the times of their sales.
| julianeon wrote:
| In Instagram's case I think it was very clear they were
| "borrowing from the future": they were accumulating a lot of
| technical debt and continuing to pile it on. It was not
| sustainable. The goal was to either hire more or get
| acquired. When the latter happened, the codebase quickly
| benefitted from the work of many more Facebook engineers.
| swiftcoder wrote:
| Borrowing from the future is exactly what a VC-funded
| startup is _supposed_ to do. If you aren 't borrowing from
| the future, you're probably wasting your initial VC
| investment.
| sangnoir wrote:
| > Borrowing from the future is exactly what a VC-funded
| startup is supposed to do
|
| That's too broad, the hope is you're borrowing from a
| point in the future when you're able to pay the debt. If
| you borrow too much, or from a point too close to the
| present - though it's hard detangle those 2, then you may
| fail to scale at a critical time such as positive press
| attention or going viral, because you're paying down tech
| debt. From the article: if it had taken 6 months to fix
| their importer instead of the 2 weeks it did, the product
| may have died.
| cactusplant7374 wrote:
| Basecamp has always been a good example of that.
| tptacek wrote:
| Basecamp has a full-sized team and has for many, many years.
| cactusplant7374 wrote:
| It's about the ratio. Employees to users. And the profit
| per employee is quite high.
| insane_dreamer wrote:
| Pinboard probably
| burkaman wrote:
| Pinboard peaked at about 30,000 users:
| https://x.com/Pinboard/status/1810893626274128048/photo/1
| dowager_dan99 wrote:
| ha! kind of funny to read the comments in this thread and
| see this at the top of the Pinboard website:
|
| Notice (Dec 13): code cleanup continues; please keep
| reporting bugs to support@pinboard.in
| tptacek wrote:
| Why?
| insane_dreamer wrote:
| Fair point. But they were 30K _paying_ users, which is a
| huge difference. What's the free-to-paying users in a
| service like the OP's?
| insane_dreamer wrote:
| While not as tiny, Craigslist has a huge user base all over the
| world and still has less than 50 employees total (not just
| devs). IMO it's the poster child of being able to scale
| worldwide while keeping the product highly focused, highly
| operational, and avoiding feature and technical fluff.
| vanviegen wrote:
| From what I can tell, craigslist is not really a player
| outside of the US. Just about every country seems you have
| its own 'craigslist'.
| dowager_dan99 wrote:
| really even regionally. In Canada i've seen geo popularity
| across Kijiji, Craigs List, FB Marketplace, domain-specific
| communities with markets
| insane_dreamer wrote:
| While it's true that most countries have their homegrown
| version by now, I've used Craigslist myself in other
| countries, and it does have enough of a presence that it's
| actually maintained in over 50 countries which is no small
| feat.
| input_sh wrote:
| I just checked the Croatian version and it has a total of
| 5 things listed for sale and 3 jobs.
|
| Needless to say, there's a far more popular local
| alternative that basically every person in Croatia knows
| about (njuskalo.hr).
| nolito wrote:
| Well, they are present in Denmark. I only managed to find
| a single item - an expensive apartment.
|
| In Denmark the place to go is dba.dk or facebook
| marketplace.
|
| Checking the portugese version - its 3 items in Lisbon.
| insane_dreamer wrote:
| Another interesting point is that Craigslist has $10-20M
| revenue / employee (depending on the numbers you read),
| compared with Apple at $2M/employee (maybe nVidia has more
| these days, but not consistently)
|
| And it has a founder who gives away most of his money instead
| of joining the monetize-everything-billionaire-$$hole club
|
| (No affiliation with Craigslist; just like Craig's story,
| much like I do Nadia's).
| grog454 wrote:
| > Are there any other products with such a small team and a
| huge userbase?
|
| My game Nebulous was 1.5 devs (one full time one part time) and
| multiple millions of MAU. 9.5 years later it's still going
| well.
|
| > when the business requires more coding and technical debt
| comes how do they manage it
|
| Delete bad code. Replace with good code. Sounds simple enough
| but in my experience at mega and mid corps, step 1 is almost
| never done. Whether that's because of ego or chasing local
| optima I'm not sure - probably a mix of both.
| cbm-vic-20 wrote:
| It's due to fear. Fear of breaking something that may depend
| on that bad code. Test automation rarely covers every
| possible case, and nobody wants to be on the hook when some
| code changes cause other stuff to break.
| shadowgovt wrote:
| And for all of the benefits of process, I have never met a
| level of documentation, verification, or testing that
| matches the advantages of having the entire code base
| originating from one mind.
|
| Generally this is not tractable because it cannot scale.
| But there are certain applications where it scales fine.
| mattgreenrocks wrote:
| I don't think we need nearly as many devs as we think. We
| do need someone who is taking a hardline approach on
| limiting the amount of scope tackled at once, and then
| fewer devs that are downstream of that.
|
| It is hubris to think that every problem admits the same
| solution, namely, throw as many devs as we can at it and
| hope for the best. But business isn't really known for
| being reflective.
| swiftcoder wrote:
| > Generally this is not tractable because it cannot scale
|
| The real question here is scale in terms of what? Because
| a lot of folks are out here trying to scale
| people/careers, not software.
|
| It's extremely noticeable at BigCorps. Why do we need to
| scale this project from 3 -> 30 -> 300 developers?
| Because that's the number of reports to promo from
| Manager I -> Manager II -> Director
| mritchie712 wrote:
| it's always fear for me. I'd rather leave it commented out
| for a decade or so to be safe.
| Feathercrown wrote:
| I'm a monster, I see code that's been commented out for
| more than 2 months or so and nuke it unless I know it's
| needed. We have Git, it'll be fiiine
| johnmaguire wrote:
| Right. The only time I sometimes leave a commented out
| line of code is if it's temporarily broken and will be
| uncommented soon; or if it's by-far the most obvious way
| to do something, but does not work for some reason, and
| then there's a comment above about why not above.
| astrospective wrote:
| I bring this up in PRs, as I know with my own experience
| I don't always mean to commit it commented out, sometimes
| it was just for testing, or it should have been deleted
| after I was done refactoring.
| devjab wrote:
| I never understood commenting out code when you have
| version control. I get why people do it, I've done it
| myself and then two days later been confused which of the
| 3 commented out function was actually the most recent.
| It's infinitely more clear from the version control since
| the history is there for you to zoom through.
| block_dagger wrote:
| I think a lot of devs prefer the hover-to-blame feature
| in their IDE vs searching through history on GitHub.
| wink wrote:
| You would find it if you knew it was there.
|
| I only leave it commented out because it has a reason
| (they all say that, right?).
|
| I suppose the best way would be to provide a meaningful
| comment "This is the place where 15 lines of coded
| finally found their resting place, deleted after the bug
| they solved was eliminated elsewhere".
|
| But in reality, I've never seen a single of the "we could
| find it it in git" ever actually find it in git.
| devjab wrote:
| Well yes, but you're not leaving commented out code for
| anyone other than you. A "sane" git structure will
| automatically decline your pull request if it contains
| commented out code.
|
| I say "sane" because I know a lot of places probably
| allow you to do it. You really don't want to pollute a
| code base like that though.
| swiftcoder wrote:
| > It's infinitely more clear from the version control
| since the history is there for you to zoom through
|
| Only if you already know it is there. There is like...
| zero history discoverability built in the git. and git's
| historical search story is pretty bad too.
| devjab wrote:
| Well, who other than you would need to know about your
| commented out code? I'm not suggesting you keep the
| commented out code as part of your git history, that
| would never be allowed through a pull request. The
| changes will be there in the history though, I doubt
| you'll need to go back for them, but you could.
| atomicnumber3 wrote:
| That, and most orgs simply do not reward or even pretend to
| care about these kinds of improvements. If you delete bad
| (but working) code, and replace it with good (and, let's
| assume best-case scenario - also working) code, what has
| actually changed for the business?
|
| Nothing. Except that in 3 years the junior dev that gets a
| ticket about doing something in this area will come in and
| not notice the code isn't a dumpster fire. Or, in 3 years,
| you won't notice that you didn't have to optimize this code
| a year ago.
|
| What they do notice is that you were insisting on working
| on some mumbo jumbo and ok good they're done now they can
| actually work on something useful. Haha aren't these devs
| quirky? Sometimes they take a few days and work on
| something weird, and all the other senior devs nod and
| salute solemnly and I'm too scared to ask for more details,
| but they don't usually take too long so let's just indulge
| them for a few days to keep them happy so they don't leave
| too.
|
| It takes a very, very deeply engineering-first org to
| really cultivate this intentionally. And similarly it seems
| like succeeding as a startup requires at least a decent
| amount of shipping some shit code fast so you get a series
| B, so usually you don't start in this posture and never
| shift into it before it's far too late.
|
| And also unfortunately, devs often _do_ spend time
| optimizing/refactoring personal pet peeves as opposed to
| things that might have a good chance of mattering. I once
| saw another senior dev spend a week optimizing string
| allocations on our hot path. Our owner loves people who can
| do this kind of stuff, so it got a lot of praise. The
| microbenchmarks looked great, pretty graphs. Users noticed
| nothing, the actual metrics we track literally did not
| change, and now the already-complicated hot path is
| decorated with some contorted string-allocation-avoiding
| warts here and there and the next person to go in and
| change the code is _definitely_ going to keep doing that
| pattern, for sure. Meanwhile our oauth flow is still a
| tortured, unloved, twisted writhing mass of pain and
| suffering that prints bug reports like CVS receipts.
|
| So... extraordinarily difficult to intentionally cultivate
| a culture that does this judiciously.
| BubbleRings wrote:
| You should write a book on this stuff.
| block_dagger wrote:
| One of the most rewarding aspects of my previous career
| at a company spanning from a startup to an IPO and beyond
| was deleting bad code and replacing it in a massive Rails
| app that was touched by hundreds of devs in a high churn
| environment. I also took on fixing massive schema
| inefficiencies that had a lot of risk of breaking nearly
| every other team's flow. It took a lot of careful work
| and communication across multi-year goals that I managed,
| mostly alone. I was allowed to do this by a few early
| folks who believed I was doing a good service for the
| company in the long run but kept hinting it was a bad
| career choice for me personally. I believe I was
| eventually let go for making these massive improvements
| instead of adding that green button that the new Product
| guy wanted. No regrets.
| BubbleRings wrote:
| I think I've taken some considerable career hits for that
| kind of attitude, but mostly no regrets here either. But
| I think I was affected by how, once you leave that
| company, your contribution to the effort can seem kind of
| gone, gone gone. That's part of why I came back to trying
| to create a physical invention that someone might care
| about. Something for the grandkid to put on his
| mantlepiece and say "my granddaddy made this and patented
| it and (hopefully) it was the start of his big company."
| gerad wrote:
| > Meanwhile our oauth flow is still a tortured, unloved,
| twisted writhing mass of pain and suffering that prints
| bug reports like CVS receipts.
|
| Wow, this line is a keeper. This whole comment is so
| insightful. Reminds me of how awesome HN can be
| sometimes.
| fmbb wrote:
| Good code and bad code are not objective values.
|
| I have worked with many people that spend days replacing
| good code with bad code because they are "paying down
| technical debt".
| atomicnumber3 wrote:
| This is a good point, but I think it's mostly a
| precondition to having the luxury of the problems I was
| describing. If you can't even broadly agree on what is
| good vs bad code, your engineering org has deeper
| problems. You don't even need substantial agreement, just
| enough to identify what the genuine problem areas are, vs
| what's just not how someone would've written it
| themselves.
| klabb3 wrote:
| Can confirm. One of my proudest moments was deleting
| thousands of LOC of copy-paste-modify garbage. However I
| introduced one bug that broke another team which used an
| undocumented feature. It was fixed soon, but yeah, still
| not great. And very few people would have taken that on, I
| was not a career chaser.
|
| Some would say it's the other teams fault for not adding a
| cross-test against my teams code. And while that would have
| solved it, some things are hard to test. Even in companies
| who have good testing standards some things are still hard-
| to-impossible to test. In my humble opinion tests are great
| if and only if they are hermetic and fast. Unfortunately,
| the important things that can go wrong are usually the
| least testable.
|
| In either case, in a non-perfect world (ie ~all large
| companies and most small ones) people optimize for not
| breaking things, and there's a solid argument for that
| being a local optima, both for short term stability and
| career wise.
| giantrobot wrote:
| > In my humble opinion tests are great if and only if
| they are hermetic and fast. Unfortunately, the important
| things that can go wrong are usually the least testable.
|
| Integration tests are hard. A lot of time it's because
| deployment is very seat of the pants. Even with tightly
| managed deployment the test environment needs to be
| representative of the production environment. Just
| setting that up is time consuming and expensive. Then
| actually doing tests where the test environment has
| useful amounts of instrumentation without major
| performance or behavioral penalties.
| dowager_dan99 wrote:
| I go further and simplify: "delete code" whenever and where
| possible. The term "Tech Debt" is really overloaded; I think
| the idea that "all code is liability" is better for framing
| the issue and strategies.
| BubbleRings wrote:
| It is so good to see someone say that. I don't code
| anymore, but as a systems engineer on different (often
| troubled) projects, I started developing a bit of a
| specialty in deleting crufty old collections of files.
| Sometimes multiple terabytes in a day, directories sitting
| around looking like they might be important, in some random
| corner of storage.
|
| You have to be good at your job, good at the specialty, and
| more interested in doing the right thing for the company
| (and more irritated at the stupidity of the files being
| there 10 years after they were needed) than you are at
| looking productive to management. Management does not want
| to hear "well there was a directory structure of two
| million files that was a backup of a Linux machine from 8
| years ago, I spent two days extracting the dozen files that
| we might need some day, getting the okay to proceed, and
| deleting the files."
| moritonal wrote:
| Fleet commander or I'm guessing .IO?
| grog454 wrote:
| .io. There have been more Nebulous's since I last checked
| :)
| noprocrasted wrote:
| > Delete bad code. Replace with good code
|
| Your points are valid but there's also the issue that the
| more developers you have the more communication overhead
| there is, which makes large changes to the codebase
| hard/impossible.
|
| With a handful of devs you can jump on a call, brainstorm for
| an hour or two and come to a mutual agreement, then one can
| submit a several-thousand-line PR refactoring the whole thing
| and nobody would bat an eye.
|
| This kind of coordination is impossible in larger teams, if
| anything just because everyone is busy and can't afford to
| spend a couple hours brainstorming + subsequently get
| acquainted with the new code, but also because the more
| people the more opinions and mismatched incentives (bad or
| overly complex code might imply busywork which some people
| thrive on, so refactoring it to no longer require said
| busywork is a downside in their eyes).
| Consultant32452 wrote:
| I have no incentive to delete bad code and replace it with
| good code when doing megacorp work. For things I own, it's
| situational.
| dheera wrote:
| I don't know StoryGraph's story, but it's a lot easier if:
|
| - You don't take VC money
|
| - You are okay with it not becoming a billion dollar unicorn
|
| - You are okay with occasional downtime (this isn't being
| deployed in a hospital emergency room after all)
|
| - You don't plan to feature bloat it
|
| - You are okay with it living its life and eventually being
| out-competed
|
| I had a webapp once with 250K monthly active users for several
| years (Fooplot). I was the sole developer. It eventually got
| increasingly out-competed by VC-funded Desmos and eventually
| got involuntarily shutdown when AWS decided to stop supporting
| EC2 classic instances. But I just let it be. Its ad revenue
| made me a good amount of side income when I was a PhD student.
| It had frequent downtime when people would try to export an
| overly complicated graph, which would crash the server. I just
| restarted it when I noticed. Sometimes it would be a few days
| later. It died eventually when AWS terminated it. I moved onto
| other things.
|
| Yeah, I wasn't the best maintainer, but the ~$30K I made from
| its ad revenue over the years was a pretty good payout for
| about 10 hours of work.
| schneems wrote:
| IIRC urbandictionary is/was a one man show, Aaron Peckham.
| Deployed on Heroku https://blog.heroku.com/heroku-xl (post from
| 2014, not sure if he is still a customer).
| InsideOutSanta wrote:
| It's not a small team, but Valve seems to have a very similar
| proportion of employees to users. I think they have about 400
| employees, and a user base of 140 million. That's roughly 3
| employees per million users.
| mikepurvis wrote:
| They're running a marketplace though, and that's a bit of a
| special case -- obviously why VCs are always very excited for
| anything that is or looks like it might able to become
| marketplace-shaped.
|
| Certainly there aren't 140M MAU fore the steam deck or any of
| the games they've built themselves, that's for sure.
| piva00 wrote:
| WhatsApp pre-acquisition by Meta was also very lean, some
| 40-50 people total serving 200 MAU.
| PaulHoule wrote:
| I got a voice chat service for Brazil to nearly 500,000 users
| as a single dev. Of course we co-branded somebody else's
| application but I made the user database, sign up systems,
| contests and other web-based parts.
| open592 wrote:
| From a long time ago (~2009) but this comment instantly
| reminded me of the gem which was Plenty Of Fish
|
| https://highscalability.com/plentyoffish-architecture/
|
| "POF has one single employee: the founder and CEO Markus Frind.
| Makes up to $10 million a year on Google ads working only two
| hours a day. 30+ Million Hits a Day"
| TheJoeMan wrote:
| Thank you for sharing! Only issue with the article I see is
| that "CPM" is already "cost per mille (thousand)". So any
| lines such as "$15 per CPM" make me hesitate.
| gwd wrote:
| I mean, SQLite is what, 4 developers? And it's by some
| estimations is one of the top five deployed software modules of
| any description:
|
| [1] https://sqlite.org/mostdeployed.html
| rwmj wrote:
| Support would be the biggest thing, especially if the website
| needed any kind of login, payment, or user contributions. Back
| when we ran a website for UK schools (so, probably 50K-100K
| users maximum), we only answered support calls or emails during
| UK working hours, and still needed a 2-3 member team doing
| that. That was a shoestring even at the time. Nowadays just the
| safety aspect of running a service for children would demand
| something larger.
| imachine1980_ wrote:
| Lichess is one guy for the web and server and one guy for the
| mobile app Cool video about the topic
| https://youtu.be/7VSVfQcaxFY?si=UP5txyUCoYYY024h
| zerkten wrote:
| Stack Overflow was an example of this. They had a relatively
| small dev team and they also maintained a very small hardware
| footprint for delivering their product. Over time they expanded
| their scope into products beyond the Stack Overflow and Stack
| Exchange sites which seems to have increased their team size.
|
| At least a big part of their success was containing technical
| by avoiding product debt. They had a clear vision and very
| tight control of their product which is different from 99% of
| startups. They were experimenting but not throwing any crap at
| the wall which was never cleaned up or iterated on.
|
| There was a very strong product-engineering connection and
| alignment which is unusual. Misalignment there is the genesis
| of much tech debt. Many product features are thrown out with
| little iteration to get them right but use "shipping so we can
| iterate" as an excuse to throw them out to users.
| ffsm8 wrote:
| Whatsapp pre Facebook. It has reportedly around 50 employees at
| acquisition, and 450 million users at the time.
| stronglikedan wrote:
| > when the business requires more coding and technical debt
| comes
|
| Tech debt doesn't come because the business requires more
| coding. It comes from poor planning and rushed implementation,
| often spurred by overzealous and naive management.
|
| This is a small team with one dev, so they likely do things
| correctly from the start and don't acquire much if any
| technical debt. Nothing has to be done yesterday, ever.
| hoppp wrote:
| Exactly. Technical debt often comes when a lot of developers
| work on the same codebase. Everyone contributed and nobody
| refactors.
|
| If the project is well thought out in advance a single
| developer is enough and will do perfect code
| vergessenmir wrote:
| Tech debt is a function of your code base, it's age, team
| turnover and number of pivots. Many factors to consider but
| I'll focus on pivots.
|
| You can't plan for a pivot because it's a known unknown. The
| same way you can't plan for a specific financial event in the
| market but you can brace yourself for a category of
| scenarios. Even with that, you can't predict the impact or
| the appropriate response your business needs to take.
|
| In the same way so is the pivot. The nature of the pivot is
| the market revealing the debt you didn't know you had. The
| magnitude of that readjustment to the market, in the time it
| has to happen and the time to the next pivot is unknowable
| because it's information not present at design time.
| laborcontract wrote:
| Look at almost anything that Marco Arment has been a part of..
| Tumblr and Overcast (probably at least a 5% share of the whole
| podcast player market) became massively successful with only a
| dev or two.
|
| Stardew Valley sold over 30m copies on a solo dev's work. I
| think you'd be surprised
|
| I'm building my own product right now and never have I wished I
| had more technical help. It's all the other junk like sales,
| marketing, distribution, that makes the business so hard.
| Marketing and sales, in isolation, I've had success with in
| prior jobs. I'm a fairly productive solo developer.
|
| However, being able to context switch and do both dev and
| marketing? Now _that 's hard_. I have beyond massive respect
| for anyone that's even attempted it, let alone been successful
| doing it.
| RenThraysk wrote:
| Flappy Bird had 50m+ installs.
| jezzamon wrote:
| For Stardew Valley, that's 30m copies after 4 and a half
| years of unpaid, 10 hour a day, 7 days a week work.
| Workaccount2 wrote:
| Which was all just to sit at the table for a chance at
| massive success.
|
| Nobody sees the extensive graveyard of massive time sink
| projects that got no traction and went nowhere. Even if
| they would have been big had they caught on.
| diggan wrote:
| > Nobody sees the extensive graveyard of massive time
| sink projects that got no traction and went nowhere
|
| Of course everybody sees that, and many can't stop
| thinking about those things when working on their own
| project, trying to fight the demons that say "This is a
| huge waste of time" and so on.
|
| But what is the point of bringing that up when someone
| explicitly asks for examples of small teams with big
| success?
| stale2002 wrote:
| > But what is the point of bringing that up when someone
| explicitly asks for examples of small teams with big
| success?
|
| The point here is to explain how much of a risk these
| small teams are making.
|
| So that is the relevance of the example. It shows how
| much more difficult and risky these successes are, by
| pointing out that even if someone puts in a lot of work,
| it is actually more impressive because of the large risk.
|
| This is relevant because the sub thread/topic was this:
|
| "Now that's hard. I have beyond massive respect for
| anyone that's even attempted it, let alone been
| successful doing it."
|
| Therefore, bringing up failures or the fact that there is
| large risk, supports this point that someone else brought
| up, which is that it is both hard and deserving of
| "massive respect".
|
| So that is why someone would bring it up and why it is
| definitely relevant and correct to bring it up, in
| response to this point.
| nightski wrote:
| There are countless AAA teams that fail at game dev as
| well. It's just a really hard industry to garner success
| in. I'm not sure team size is the most relevant factor.
| bee_rider wrote:
| Hmm. I think we'd have to define what we're measuring to
| think about what's a relevant factor. AAA games with
| massive budgets seem to usually have to come up with some
| really annoying live service business models nowadays, so
| I'd tend to guess increasing the team size is a negative
| factor.
|
| OTOH there are lots of little indie games... I mean, how
| are we going to count attempts, right? As an obviously
| not to be included extreme case, lots of games come out
| with a map editor, in some sense playing around with a
| map editor is "making a game." But we wouldn't want to
| include all the custom Warcraft 3 maps that were made as
| failed businesses, haha.
| intelVISA wrote:
| Did they build the engine from scratch? 114975 man hours on
| a 2D game is unthinkable!
| rimunroe wrote:
| He wrote it in C# and used XNA for some stuff, but the
| engine itself is custom[1]
|
| [1] https://community.playstarbound.com/threads/game-
| development...
| fmbb wrote:
| Building an engine from scratch cannot be the hard part.
| It's not complicated.
|
| Iterating on all the things that make the game fun is
| hard, and making all the "content" in a game like Stardew
| Valley is very time consuming.
| AlotOfReading wrote:
| Building an engine is a famously huge time sink, to the
| point where the standard advice is to make a game or an
| engine, but not both if you want to ship.
| diggan wrote:
| As always, it depends. Building something like
| Unity/Unreal that should support everything and everyone
| under the sun, one way or another? Yeah, huge time sink.
|
| But a 2D engine that should only support exactly what the
| features need from Stardew Valley? Doesn't seem
| insurmountable, although I wouldn't exactly take that
| approach myself.
| fhd2 wrote:
| As someone who's built a few engines and also worked with
| third party ones: It really isn't the hard part for a 2D
| game. High fidelity 3D, different story. But something
| like Stardew Valley, I'd dare to say custom engine and
| something like Unity is pretty similar in effort,
| considering that you need to deal with doing things in
| the engine's way, which requires workarounds and what
| not. Bringing it to many platforms gives the engine a
| head start, but I'd say it's comparable.
|
| Iterating on the game content itself: _Insane_ amounts of
| effort, in my experience.
| nine_k wrote:
| It's only work if your sustenance depends on it, or if you
| bet on it to make it big, if you need to be _compensated_
| for it.
|
| Otherwise it's a hobby, and enjoying your hobby 10 hours a
| day, 7 days a week is an envious life, if you can afford
| it. (Barone specifically could not; he had to have a part-
| time job as an usher in a theater; that was work.)
| eptcyka wrote:
| There is no such thing as a 10-hours-a-day-7-days-a-week
| hobby.
| s1artibartfast wrote:
| ^This is obviously a tangent, but sure there is, if you
| consider a hobby to be non-professional activities.
|
| It is trivial to come up with activities that can consume
| a lot of time, but don't provide financial rewards.
| short_sells_poo wrote:
| I suppose maybe parent is mixing up difficult work and
| difficult hobbies. There are plenty of hobbies which are
| difficult and require a lot of hard work. Hobbies can be
| frustrating and yet still enjoyable when you overcome
| whatever it is that hindered your progress. Someone who
| does painting as a hobby might face a period of no
| inspiration - it can be immeasurably frustrating and it
| completely blocks you from painting. And then one day you
| see a particular way that the stained glass window
| reflects light onto the pavement and something gets
| switched inside and then you proceed to feverishly paint
| every waking hour and it will feel like it is not you who
| wield the brush but that you yourself are some sort of
| instrument being used by something greater.
|
| Game dev is an arduous and draining process that both
| requires the patience to go through periods of dreary
| work where no progress seems to be made and yet the
| creative spirit to devise art, concepts, mechanics,
| rules, etc. If I had the time, I could easily see myself
| spending multiple years on a project like that without
| the need to see any financial reward. I wouldn't see it
| as work, I would see it as Work with a capital W. A hobby
| that requires a lot of personal effort but something I do
| because purely for the joy of doing it.
| nine_k wrote:
| Why, a number of people would e.g. play games they enjoy
| all day, every day, if the other aspects of their lives
| were taken care of. Imagine being a schoolchild.during
| the summer recess :) Same applies to reading books,
| sailing boats, etc.
| jimnotgym wrote:
| Farming?
| nightowl_games wrote:
| As someone who's done game dev professionally for a
| decade, as well as had countless personal projects and
| has known others to have done the same: don't
| underestimate the toll game dev can take on you, it's a
| cruel mistress. Stardew Valley is a massive outlier.
| nine_k wrote:
| Can't disagree. But, you know, making love can be pretty
| physically taxing, but people do it, because the process
| itself is its own reward.
|
| It's only work if you tolerate it for the reward on the
| payday.
| staticman2 wrote:
| Stardew Valley didn't follow any of the entrepreneurial
| advice you'd find on this site, either.
|
| There wasn't a "minimum viable product" launched in year 1
| followed by finishing the product in year 4.
|
| I've literally seen a post here where someone scolded a
| failed game developer for finishing their financial failure
| of a game before launch. The comment was something along
| the lines of:
|
| "Read a business book. You shouldn't have spent a lot of
| time making your game. Instead you should have released a
| minimum viable product after doing market research."
| lelandfe wrote:
| After Windows, Stardew Valley was ported to consoles by other
| companies, like Chucklefish, Sickhead Games, and The Secret
| Police (not dev work but console Q&A was handled by others
| too, as was localization).
|
| Barone is still a beast, just making sure the "one guy did
| the whole thing" thing has some nuance.
| steventruong wrote:
| Eric Barone as a one man team built, designed, animated, wrote,
| and composed the entire game of Stardew Valley by himself.
|
| The game sold over 30 million copies and had an all time high
| of over 230K concurrent players at one point earlier this year.
| eek2121 wrote:
| I owned a website with over a million users.
|
| Used cloudflare and a $20 cloud instance to run it. Also relied
| on certain other CDNs.
|
| Don't own it anymore, but considering starting a new project.
| huma wrote:
| What was the app about?
| mattgreenrocks wrote:
| Write good enough code that can be easily replaced. It really
| is no different than what you'd write on the job.
| philipwhiuk wrote:
| Dwarf Fortress is another obvious one - basically small
| successful indie games are all gonna be this.
|
| But that's not a VC product market.
| noprocrasted wrote:
| It turns out you can go quite far when your objective is to
| solve a business problem rather than building an
| overcomplicated mess to solicit VC money.
| eucki wrote:
| Pieter Levels is creating the kind of software I've always
| dreamed of building:
| https://www.youtube.com/watch?v=oFtjKbXKqbg
| edm0nd wrote:
| >Are there any other products with such a small team and a huge
| userbase?
|
| Tons of FOSS projects.
|
| See the entire JiaTan fiasco.
| bcrosby95 wrote:
| Back in the Facebook app days we had some apps with 2-8mil
| daily unique users on anywhere from 1-3 devs and team sizes
| anywhere from 2-5.
| kbutler wrote:
| Minecraft?
|
| Not sure how big it was before Notch hired anyone else, but
| this reddit post encouraging him to hire somebody says he'd
| "brought in $67,903,100.72"
|
| https://www.reddit.com/r/Minecraft/comments/kbiuv/notch_youv...
| OJFord wrote:
| WhatsApp & Instagram were I think _both_ very small teams with
| very many users when Facebook bought them (I think was FB not
| Meta at the time) for very much money.
|
| Which maybe goes some way to your second question, as they were
| slightly and slowly scaled up versions of solo serving 1M. (And
| obviously have continued that under FB/Meta with probably now a
| much less impressive/unusual staff:user ratio.)
| mdswanson wrote:
| My one-person indie company released many apps, and one of them
| (Halftone) had over 6 million users by the time I shut it down.
| It's definitely possible.
| jedberg wrote:
| We had ~10M users on reddit with three engineers and one non-
| engineer. Got up to about ~20M with five eng and two non-eng.
| kumarm wrote:
| Started on Android Market in 2010. First hire (designer) after
| 12 Million downloads and started hiring other Dev's after
| crossing 50 Million downloads. Still run decently popular apps
| on App Store and Play Store.
| npinsker wrote:
| Mobile games can often scale to eye-popping numbers. Among Us
| has over 1 billion downloads and was made by a single
| programmer. Plenty of other examples -- e.g. https://play.googl
| e.com/store/apps/details?id=com.JindoBlu.O..., a solo dev who
| has multiple 100MM+ download small games.
| bilbo0s wrote:
| Only tangentially relevant to the story I guess, but StoryGraph
| is kind of a brilliant idea.
| pavel_lishin wrote:
| I should really migrate from GoodReads; since Amazon bought
| them, development has effectively stopped, and there's a lot of
| QoL issues.
| wiether wrote:
| It took me a while to migrate (you upload a CSV and it can
| take a few days to process it) but now I'm happy with it and
| a paid subscriber.
|
| I won't say that it's great, there's a few things that annoys
| me, but it sure is better than GoodReads already and
| improvements are regularly added.
| acdha wrote:
| The export/import process was painless and after switching
| the main thing I noticed is how obvious it is that StoryGraph
| is under active development and Goodreads is effectively
| orphaned.
| myth_drannon wrote:
| The app is hugged to death by HN...
| aniforprez wrote:
| I don't think that's the case. I've found it to be fairly janky
| and it has frequent down times every so often.
|
| I'm much more inspired to give a small one-person team some
| leeway about it though for a free app vs. Amazon and all its
| resources not even bothering to properly maintain Goodreads.
| jahnu wrote:
| Amazon don't even properly maintain their Prime Video app for
| TVs. It's so bad on my good LG TV that I gave up waiting
| three seconds for button presses to register while trying to
| start watching their billion dollar show they kept urging me
| to watch.
| alternatex wrote:
| Wait till you try HBO's Max app. I used to plan my watches
| half an hour ahead. LG TVs do have quite the shoddy
| hardware though. Every penny goes to the panel.
| jahnu wrote:
| Netflix and Apple seem to have no problem making a good
| client. We won't have HBO here until 2026. The Austrian
| national broadcaster have a decent if not brilliant
| player.
|
| Even the built in dnla player works great.
|
| Amazon are ridiculous and should be ashamed of such
| crappy software.
| skrebbel wrote:
| Looks like a pretty cool app! "Amazon-free Goodreads" is a pretty
| good pitch. I'm curious how freemium model works out for them
| though, I could imagine a _lot_ of people thinking the free
| version is good enough for them.
| soneca wrote:
| I am curious of more about the business as well, but I imagine
| even a very small proportion of paying users could be
| sufficient to maintain a 3-people team with that scale
| bwb wrote:
| I think they do around $500k+ a year based on the numbers they
| have shared in a few spots. The new giveaway platform for
| authors should help jump that revenue up too.
| Vegenoid wrote:
| My wife loves Storygraph, and has said that she thinks they
| give away too much for free and need to put more value behind
| premium.
| schneems wrote:
| Nadia is an amazing speaker. Look up her other talks. You won't
| regret it. She blends technical info with an interesting
| story/mystery in a very thoughtful and well delivered package.
|
| Here's a recent one
| https://m.youtube.com/watch?v=pOW4vepSX8g&pp=ygUOTmFkaWEgT2R...
| graypegg wrote:
| Her skills with story telling really show there, that was
| really engaging but stayed technical and information dense!
| Thanks so much for the link!
| skizm wrote:
| I always wonder, how do sites like this get their list of books
| and book metadata? Do publishers have an API? What about Amazon?
| atrus wrote:
| https://openlibrary.org/ has a pretty good set of data and a
| decent API. You can mix and match too, since openlibraries
| covers kinda suck half the time.
| rafram wrote:
| It's alright. I would use it for a tool where the most
| important part is having a more-or-less accurate author <->
| title <-> ISBN mapping, but not for anything where I need
| precise bibliographic metadata.
| bwb wrote:
| It is so bad!!!
|
| I use Nielsen's API, but the data is pretty rough, and you have
| to spend a lot of time cleaning it. Plus, the archaic industry
| standards around genre are hard to translate to what readers
| use - https://www.bisg.org/complete-bisac-subject-headings-
| list.
|
| Ingrams and Bowker are the other big metadata providers.
| Ingram's is good but expensive, but the data faces the same
| issues.
| matwood wrote:
| If you have an ISBN you can also check Worldcat, but at scale
| it's also probably not free. And if you're working with
| anything that might have an academic slant, Crossref can be
| useful.
|
| Book metadata is very challenging. Even the publishers of
| said books are pretty bad at delivering good metadata.
| rafram wrote:
| WorldCat doesn't have an official API for anyone but member
| libraries, scraping the site is not fun, and the quality of
| the data isn't great (it's essentially bulk-imported from
| member libraries' catalogs).
|
| National databases like the Library of Congress are
| significantly better - WorldCat is best used as a fallback
| for books that aren't included in the high-quality
| databases.
| compootr wrote:
| I forgot if Anna's archive contains metadata but that'd be my
| free-ish solution
| jamiek88 wrote:
| I thought Anna's was dead?
| tux3 wrote:
| The last blog post is from just a couple days ago.
| They're apparently setting their sights on a map of all
| known ISBNs, and hoping to turn the map from red to green
| wood_spirit wrote:
| Do any of the sites use collaborative filtering for "uses who
| like x also like y" for a nice filter bubble?
|
| I imagine it complements or my even supersede tags.
|
| (Admit I haven't looked at all the sites people are
| mentioning in the comments yet- lots of good leads!)
| bwb wrote:
| ya, I do this; I am not sure what the other websites are
| doing, though. If you email them I bet they will tell you.
| PaulHoule wrote:
| Freebase got about 50% of the way to a good book database but
| Google killed it.
| bwb wrote:
| Nadia does a great weekly dev log email that I enjoy as well. I
| highly recommend it -> https://buttondown.com/nodunayo
| skrebbel wrote:
| I simply don't understand how she codes the app _and_ writes
| the newsletter _and_ does social media marketing for StoryGraph
| _and_ flies all over the world to do keynotes at ruby
| conferences. I 'm very impressed.
| scotty79 wrote:
| > the app that helps you to track your reading and choose which
| book to read next based on your mood and favorite topics and
| themes.
|
| I'd like to have that for games and music. Stores are mostly
| terrible at recomending anything. Steam does better than most but
| still far from good.
|
| And syncing recommendations with my mood is pretty much non-
| existent.
| zeroonetwothree wrote:
| I tried using this but it was too onerous to import my existing
| list of books I've read (1000+). So I gave up after a bit. I
| usually don't really have trouble finding books to read anyway.
|
| BTW my library (and probably yours too) has a free service where
| librarians will actually recommend books for you based on other
| books you liked or other criteria. I found those recommendations
| to be very good.
| nonconstant wrote:
| Ruby on Rails community is so lucky to have Nadia
| phildenhoff wrote:
| StoryGraph is an excellent tool and I continue to use it daily.
|
| I've also found Hardcover.app, which I quite like. It has an API
| and a slightly more refined UI, but it's clearly more than one
| person working on it.
|
| Of course, if your focus is book clubs, Fable is likely the app
| for you
| magnio wrote:
| I also use Hardcover.app, but the community there is tiny
| compared to Goodreads, with the only possible exception being
| fantasy readers.
| bwb wrote:
| It will get there, its growing :)
| ryangs wrote:
| Excited to hear about Hardcover! I like StoryGraph but the lack
| of API frustrates me - I want to be able to sync back to my
| general notes store (Obsidian). Hopefully Hardcover works
| better with that.
| northrup wrote:
| Which is funny, StoryGraph is a Ruby on Rails app, exposing
| an API is a doable thing, which leads me to believe it is not
| a priority or a purposeful design decision.
| phildenhoff wrote:
| Yeah Hardcover seems to have a GraphQL API they use for
| their UI, which they expose. There's not a lot of extra
| polish for third party devs -- it feels like "this is the
| API we use, use it or not, things may break". On the other
| hand, StoryGraph does server-side rendering and so it
| doesn't have an API already. So adding one would be a
| decent amount of work
| burkaman wrote:
| It is on the long-term roadmap
| https://roadmap.thestorygraph.com/features/posts/an-api
| andrewmutz wrote:
| I'm going to guess most of their users aren't asking for an
| API
| phildenhoff wrote:
| Solidifying my dislike of Goodreads, I got my "year in books"
| email from them today and the first thing that loaded, at the
| top of the email, is an ad. For pillow cases.
|
| Folks, don't do that
| roughly wrote:
| Goodreads is owned by Amazon, and Amazon does not make
| products - Amazon makes product purchasing pipelines. Welcome
| to the funnel.
| kwakubiney wrote:
| She talks about the story on this podcast episode[1]
|
| [1]https://open.spotify.com/episode/5AGrLoFgkYZ0KxLXBOjbwB
| max_ wrote:
| Please don't use Spotify links as they are heavily geolocked
| adamgordonbell wrote:
| Alternate link to episode: https://corecursive.com/the-story-
| graph-with-nadia-odunayo/
| adamgordonbell wrote:
| Couple years ago I talked to Nadia. Crazy story.
|
| End of year is a big time for her as people setup reading goals
| for the year I think. My wife is now using it.
|
| I wouldn't have guessed a book site would be so seasonal.
|
| https://corecursive.com/the-story-graph-with-nadia-odunayo/
| shahzaibmushtaq wrote:
| > the app that helps you to track your reading and choose which
| book to read next based on your mood and favorite topics and
| themes.
|
| If these requirements are constant then one woman dev team is
| sufficient until the requirements become thick enough to handle
| with 2 hands.
|
| And Pinterest reached 11 million users with 6 engineers, if
| interested https://read.engineerscodex.com/p/how-pinterest-
| scaled-to-11...
| dang wrote:
| [stub for offtopicness]
|
| [good grief]
| ternnoburn wrote:
| [flagged]
| shadowgovt wrote:
| I wish I could say it's surprising to me, but I've been here
| for a while.
|
| Hackers are not the philosopher kings that a generation
| before hoped they would be.
| sabbaticaldev wrote:
| it does make it story more interesting tho
| rsynnott wrote:
| A certain fraction of this website's user base are, and
| always have been, basically Quark from DS9. Some really
| bizarre attitudes to women.
| sgt wrote:
| Hilarious! But even on DS9, there was room for a Quark.
| rsynnott wrote:
| One, sure. If there had been about 15 per episode, as
| there are on any threads which so much as imply the
| existence of FEEEEEMALES here, it would've gotten old.
|
| (There were other Ferengi sometimes, but they were far
| less strident on this particular matter, in general.)
| sgt wrote:
| Btw, glad I am not the only one making a mental note of
| someone being a "ferengi". It is such a perfect
| description somehow. And our industry is full of them.
| krapp wrote:
| Well, the Ferengi _were_ intended to be a parody of
| American capitalism. And the tech industry in many ways
| has turned itself into a parody of American capitalism.
| And the worst of Hacker News might as well be a parody of
| the tech industry.
| sgt wrote:
| Never mind Twitter these days.
|
| I still follow Elon for his rocket stuff but his fanboys
| are relentless if you criticize him or his universe even
| slightly.
|
| Or criticize aspects of capitalism even, like the one guy
| who said the purpose of a company is to make an impact,
| not primarily to make money. I think he was toast after
| they were done with him.
| ternnoburn wrote:
| And Quark tried to learn, or adapt. He wasn't always
| successful, and he was cut out of a lot of situations
| where his behavior was considered unacceptable, but he
| did at least make some efforts.
| NeveHanter wrote:
| The more popular HN gets the more clickbait-y, attention-
| seeking and polarising titles and articles we're getting. I
| also think the more popular it is the less weight each down-
| vote/flag has, we will see more and more of such content
| being posted.
|
| I and most of the people I know or work with really don't
| care whether something is/was made by a man or a woman. IMO
| that's totally unnecessary part of the title and its some
| kind of the usual "clickbait" you see in the news titles
| everywhere.
|
| BTW: I was used to seeing "one-man" being used everywhere
| regardless whether the person in context was a man or a woman
| and only today I've discovered that both one-woman and one-
| person are valid by couple of UK/US dictionaries (even the
| older ones). Maybe that's one of the reason why some non-
| native speakers see this as an clickbait/attention seeking.
| ternnoburn wrote:
| The thing is, I don't think it's click bait in this case.
| One person running a large service is notable, appropriate
| content for HN. And she's a woman, so one woman is per
| reasonable, factual, non editorializing headline given that
| "one woman" is a descriptor that's been in widespread use
| for some time.
|
| People seem to be reacting to it like it's poison.
| pvg wrote:
| This isn't a clickbaity, attention-seeking or polarizing
| title, it's a completely generic title that happens to
| generate a lot of confected umbrage. The problem is the
| confected umbrage, not the title which is why the article
| is where it is (on the HN front page) and the umbrage is
| where it is (shoved out of the way in comment jail).
| madeofpalk wrote:
| Meta: It's a shame all the [dead] comments here over the title
| of this post are hidden to most. I think it's a good reminder
| of the opposition some face in this (and other) industries for
| merely existing.
| qup wrote:
| I don't have them hidden. I can't find anything derogatory
| about women; rather, the comments point out perceived
| hypocrisy around naming genders in titles. The comments about
| Nadia specifically were great, including a dead comment
| saying what a blessing she is to the rails community.
|
| > Ruby on Rails community is so lucky to have Nadia
|
| Another dead comment says it's not impressive, but doesn't
| mention gender.
|
| Two dead comments calls the title sexist.
|
| One dead comment _predicts_ there will be misogyny.
|
| Two comments say "who cares if it was a woman"
|
| One comment laughs about "woke" complaints while being the
| only comment to use the word.
|
| I think that's all of them.
|
| I understand that putting "woman" in the title triggers a lot
| of talk about gender, which is off-topic and boring, but I
| don't really find any of the specific comments notable,
| hateful, or oppositional.
| ziddoap wrote:
| > _I don 't really find any of the specific comments
| notable, hateful, or oppositional._
|
| The fact that gender is mentioned at all, when it's never
| mentioned in posts that have "one man dev team" in the
| title, doesn't imply anything to you?
| qup wrote:
| Yes, it implies that calling attention to things done by
| women is a trigger for gender discussions. I think trying
| to make arguments about why they are triggering requires
| you to make a lot of assumptions about people who aren't
| yourself.
| ziddoap wrote:
| > _discussions_
|
| That is a charitable way to read the flagged comments.
| qup wrote:
| What about your comments?
| Alupis wrote:
| Are we not at a point where it would be vastly more
| appropriate to title this "one person dev team"?
|
| The reality is your gender has nothing to do with your
| ability to write software. Software is the greatest of
| equalizers.
|
| There is definitely a subset of society that feels it
| necessary to thrust gender into discussions where they
| have no place - such as this article.
|
| Are we supposed to be _more_ impressed because it was a
| female? Why?
| ziddoap wrote:
| > _Are we not at a point where it would be vastly more
| appropriate to title this "one person dev team"?_
|
| Sure! I just find it interesting that these discussions
| only happen when "woman" is in the title, and never when
| "man" is in the title.
|
| > _There is definitely a certain subset of society that
| feels it necessary to thrust gender into discussions
| where they have no place - such as this article._
|
| As long as you feel the same way whenever you see "one
| man dev team" or similar, I think that can be a good
| discussion.
| Alupis wrote:
| I agree with you entirely - however allow me to
| illustrate a point:
|
| I think the difference often is the intention of the
| writer. We get these types of headlines when people want
| to really promote how cool it is a female is capable of
| doing something - and we're all supposed to be amazed.
| That's pretty sexist if you think about it... of course a
| female is capable of writing high quality software! We
| should be amazed at what this person achieved because it
| is impressive on it's own merit - not because of the
| person's gender.
|
| However, nobody is reading a headline like "one man dev
| team" and thinking "you go dude!".
|
| It's a two-way double-standard that we should work on
| ending.
| madeofpalk wrote:
| > We get these types of headlines when people want to
| really promote how cool it is a female is capable of
| doing something - and we're all supposed to be amazed
|
| I think you're reading way too much into it.
|
| Maybe they're just a women, and they did a turn on the
| phrase "one man team" to acknowledge that they're not a
| man?
| BadHumans wrote:
| > Are we not at a point where it would be vastly more
| appropriate to title this "one person dev team"?
|
| People see person and man as synonyms. One man dev team
| and one person dev team would illicit the same response
| but one woman dev team forces people to comment on the
| title.
| s1artibartfast wrote:
| I think there is a lot of reactionary sentiment,
| sometimes misplaced, stemming from decades of articles
| where gender is the newsworthy aspect of the article.
|
| Almost no one will read "one man Dev team" and think that
| gender is the central point, opposed to a simple
| descriptor.
|
| The same phenomenon occurs with race fairly often. It is
| not uncommon for professionals to take offense or
| question gender or racial qualifiers when other people
| describe them.
| s1artibartfast wrote:
| My take as well. People seem to think this should be a
| noteworthy accomplishment irrespective of gender. The
| source seems to be objection to perceived patronization of
| women, not not hate or disparagement of women.
| ghaff wrote:
| I probably wouldn't have written the title that way. In the
| body of the article, identifying the gender feels much more
| natural.
| sebastianz wrote:
| I understand your point, but in reality we all know the world
| is full of mean and petty people. I am thankful for the
| moderation on the platforms I read for (at least some of the
| time) sparing me the frustration and sadness I would get from
| otherwise constantly reading their opinions.
| anonfordays wrote:
| Please don't fulminate. Please don't sneer, including at the
| rest of the community.
|
| Please don't comment about the voting on comments. It never
| does any good, and it makes boring reading.
|
| https://news.ycombinator.com/newsguidelines.html
| blueflow wrote:
| Replace "woman" with "man" and evaluate if it would be any
| less or more appropriate.
|
| Society is not holding women and men to the same standards.
| madeofpalk wrote:
| I don't think it would be less or more appropriate. Gender
| is not something to hide or be ashamed of - the opposite!
| Any progressive movement here is on acknowledging gender,
| and de-gendering when unknown or mixed.
|
| I think everyone making it out to be some big thing (which,
| the [dead] comments are bringing it up in a negative light
| for one reason or another) is the 'remarkable' thing.
| pathless wrote:
| This is a crazy question, but what song is used in the intro of
| that video?
| vwkd wrote:
| Ah, that's one of those websites that accept a password of any
| length without error, truncate it, and show you a "wrong
| password" the next time you try to log in. Then you go through
| password reset roulette until you find a short enough password
| that works. Don't do this.
| davedx wrote:
| Wait wait. Why would you truncate it after input unless...
| you're storing it in plaintext?
| zja wrote:
| You truncate passwords to prevent DOS
| lesuorac wrote:
| Why not either show an error or do a client-side hash so
| there's a fixed length?
| orblivion wrote:
| Showing an error is probably the right thing. Client-side
| mitigations wouldn't prevent a DOS.
| orblivion wrote:
| Maybe the KDF gets really slow with a super long input.
___________________________________________________________________
(page generated 2024-12-17 23:00 UTC)