To counterpoint, their success is probably correlated with consumer spending habits (If consumers don't spend, transactions aren't happening, Stripe isn't getting its commission)
The case against Stripe probably sits with an understanding of how an incoming recession will impact the volume of transactions Stripe is dealing with.
We’re working on that, absolutely. The idea behind the KubeSail Platform is that businesses (or open source developers) can sell a fully loaded, pre-configured “box” that runs their software directly to their customers.
PhotoStructure is one of our favorite YC friends - and for example - a “buy a photostructure box!” Button on their site will hopefully be a great source of revenue for both KubeSail and PhotoStructure.
We’d love to sign some large enterprises (and we’re working on that too) but we’re extremely keen on making open source / self-hostable software financially viable for its authors (and easier to use for its users!)
Author of PhotoStructure here: I'm really looking forward to adding that button to the site!
I'm hoping that KubeSail can help my less-technical users self-host the stuff they care about. It's certainly a tall order, but it seems like the pieces are coming together...
You could patch Android and run it in an emulator. Or patch Snap not to care. Not super familiar, but there should be a way. Client side security can only do so much.
You can't patch Snap to not care because the safetynet process is (roughly) like that: The App asks the Play libraries whether the phone is okay. This is verified (in part) on the Google servers, so the Snap servers can ask Google whether a call came from a non-tampered phone. The client can't do anything about it, except tricking google into believing the phone is not tampered with. Which is notoriously hard, because nobody knows how the process really works.
This is brilliant work, I'm hoping in part II we get to see it working against the API.
I reverse engineered this in a production environment. It took approximately 7 months to build a scalable solution.
The investigation on how to create the x-snapchat-client-auth token is brilliant. One day I hope to do a talk on what my old team did to circumvent it.
There's a painful gotcha on the homestretch for this token: You may be creating the token, but it's not obvious what you're supposed to be using the method to sign.
What do they use it for? As far as I could tell, it's so they can verify requests at the edge nodes of their network. When you provide a bad x-snapchat-client-auth, you get a near-instant 403.
I think edge node is just checking if x-snapchat-client-auth valid, without checking if x-snapchat-client-auth is valid for this request. The second check is probably done at deeper level.
This is a massive move, I read this as they are hoping to climb the value chain and are optimistic about transitioning into a company that competes for the the social media advertising dollars.
After all, they own their content. Social media companies are just linking to it.
Full time for the last three months.
Deno replaced a pnpm monorepo I was using.