I tried it out and it worked really well for us – awesome tool! The spec-driven approach is a bit different then the usual back-and-forth with agents, and if you invest properly in writing specs it pays of.
Readit Newsniklasd commented on Show HN: P0 – Yes, AI can ship complex features into real codebases bepurple.ai/... · Posted by u/arndt
niklasd commented on CTO / cofounder exit deal after 1.5y at 600k revenue without SHA · Posted by u/biphasic
Keep the shares and quit the company. It you don't need the cash it's pointless to sell your shares (you don't have to)
He'd need to raise capital at some point, new investors could buy your shares at a higher value.
From an investors point it's very unattractive to invest in a early-stage startup where half of the shares are in the hands of a person not working there anymore.
That's not what [1] says, though? Quoth: "As of March 1, 2023, data sent to the OpenAI API will not be used to train or improve OpenAI models (unless you explicitly opt-in to share data with us, such as by providing feedback in the Playground). "
"Traditional methods (PDF parsers with OCR support) are cheaper, more reliable"
Not sure on the reliability - the ones I'm using all fail at structured data. You want a table extracted from a PDF, LLMs are your friend. (Recommendations welcome)
We found that for extracting tables, OpenAIs LLMs aren't great. What is working well for us is Docling (https://github.com/DS4SD/docling/)
niklasd commented on Fly Postgres, Managed by Supabase supabase.com/blog/postgre... · Posted by u/samwillis
I'm really curious about more of your perspective on RLS: I spent most of my career on mobile and rely heavily on Supabase to give me server superpowers. RLS _seems_ really cool to me (just write a one liner to define access rules as simple as complex as you need!), but I'm guessing I'm missing something. Especially because I don't actually have users yet ;)
About the "as complex as you need": RLS can get slow very quickly for aggregate queries, and is hard to debug (since query planner doesn't work smoothly with RLS).
We have a dashboard that displays aggregated stats for our admin users, and we hit serious performance issues with ~600 users with our first implementation. This repo helped us: https://github.com/GaryAustin1/RLS-Performance
niklasd commented on Supabase Auth: SSO, Mobile, and Server-Side Support supabase.com/blog/supabas... · Posted by u/bennyp101
we have a lot of work to do for migrations and testing, especially RLS.
for this Launch Week we focused on generating policies (more on that in tomorrows launch week). This is hard for a lot of our audience who aren't familiar with SQL.
In the next few months we'll work on simulating a policy - being able to choose a specific user and see what data would be returned for that user.
We also have `supabase test db`, in case you missed it. It wraps pgTAP and pgProve so that you can write database tests.
> recreated without 'WITH (security_invoker)' even though they had security_invoker turned on before
we use migra for diff'ing. Thanks for raising this - we'll file a bug report asap.
Great, thank you for the reply! The simulation a policy sounds exciting. Looking forward to the news.
niklasd commented on Supabase Auth: SSO, Mobile, and Server-Side Support supabase.com/blog/supabas... · Posted by u/bennyp101
> logs for their compliance
Supabase Logs will be fully-integrated with the rest of the supabase stack. Since the Auth JWT flows through the HTTP Authorization header, into PostgREST, then into Postgres, we can pluck the Supabase User ID out of the JWT and store it alongside every log entry. You will be able to reference/join every authorized action in your database to an authenticated user.
> RLS can't control access to API end points in places like Edge Functions (again, afaik).
also correct, for now. We released the Edge Runtime[0] this week, and plan to use it as a scriptable Proxy.
> In my experience, RLS has quite a few foot guns in it as schemas migrate
A very fair point. We hope that we'll be able to provide some tooling here.
Thanks for all of this feedback - it's incredibly useful. Our team read the HN comments thoroughly and it shapes our ideas for the product going forward. We have some gaps to fill for your requirements, but we'll get there.
[0] Deno Edge Runtime: https://supabase.com/blog/edge-runtime-self-hosted-deno-func...
Some additional feedback: In my opinion testing RLS is a problem.
Additionally, I find it hard to keep a good overview over the rules. E.g., in a multi-tenant application one needs to secure every table with a restrictive rule, and it's easy to make a rule permissive, since that is the default & it's not indicated in the Studio UI.
When generating migrations with 'supabase db diff' views are being recreated without 'WITH (security_invoker)' even though they had security_invoker turned on before, leaving your database exposed. Easy to miss, even when you're aware of that.
RLS is just so full of footguns that I find it hard to justify using it in a production system.
(But otherwise I love Supabase! Great job.)
niklasd commented on Supabase Auth: SSO, Mobile, and Server-Side Support supabase.com/blog/supabas... · Posted by u/bennyp101
Great news! Question to the Supabase team: How does Login with Azure (Social login) and SSO (Azure) differ? From my superficial understanding, implementing Login with Azure is enough for logging-in users with Azure AD accounts (and linking their accounts to existing ones).
niklasd commented on Supabase Auth: SSO, Mobile, and Server-Side Support supabase.com/blog/supabas... · Posted by u/bennyp101
Been doing a lot of Auth related stuff the last day or two so in classic HN style this is very timely for me!
One of the things that I really dislike about most auth providers is that it is very hard to implement login in your native UI. It almost always requires a redirect to a hosted UI page that is very clearly not your UI. We've found this a poor and potentially confusing user experience when you just need a form with username + password.
Question for Supabase: Is it possible to just have a form with username + password and POSTing the login details?
Would that not be a huge security risk? You could access the SSO credentials of your users that way.
niklasd commented on Ask HN: Concepts that clicked only years after you first encountered them? · Posted by u/luuuzeta
Can you explain the concept? I feel I didn't grok it fully
I found this explanation very helpful: https://hakibenita.com/python-dependency-injection (if you program in Python)
niklasd commented on Supabase Storage v2: Image Resizing and Smart CDN supabase.com/blog/storage... · Posted by u/samwillis
Supabase Engineer here
There were a lot of primitives we built to ship image resizing - Storage events exposed via webhooks, rate limiting, a queue on top of Postgres, a smart CDN cache, object metadata endpoints, etc. These are already available if you are self hosting Supabase Storage, so that you can integrate your own CDN, listen to storage events, etc. Over the next few months, we will be working on exposing these on the Supabase platform too.
Great job! What are the implications on resizing regarding storage egress & download size? Can I expect both to be smaller when resizing an image?