Most active commenters

    ←back to thread

    Local-First Software Is Easier to Scale

    (elijahpotter.dev)
    175 points chilipepperhott | 12 comments | 05 Jul 25 15:54 UTC | HN request time: 0.452s | source | bottom
    1. myflash13 ◴[05 Jul 25 17:30 UTC] No.44474202[source]
    Closest thing to true “serverless”: entire MVC app (Django/Rails/Laravel) in the browser with WASM and data persistence by SQLite over CDN.

    All the server has to do then is serve binaries, all the business logic is in the client.

    replies(2): >>44474217 #>>44474669 #
    2. gjsman-1000 ◴[05 Jul 25 17:31 UTC] No.44474217[source]
    Brilliant… but now you need to validate that the client did all their business logic correctly without tampering. That alone can be so complex it defeats the point.
    replies(1): >>44474340 #
    3. justinrubek ◴[05 Jul 25 17:49 UTC] No.44474340[source]
    No... you don't need that. Not for the overwhelmingly vast majority of cases. Let people use their own software. Tampering? Not my problem. Let people do it if they want.
    replies(3): >>44474357 #>>44474599 #>>44474690 #
    4. gjsman-1000 ◴[05 Jul 25 17:52 UTC] No.44474357{3}[source]
    Anything that runs as a SaaS, or B2B, has that issue… which is the overwhelming majority of software.

    Anything that requires sharing information with other users is also a pain in the neck, as you basically need to treat your internal logic like a proprietary, potentially hostile, file format.

    replies(1): >>44474456 #
    5. Fire-Dragon-DoL ◴[05 Jul 25 18:10 UTC] No.44474456{4}[source]
    There is a lot of SaaS that is essentially "for the buyer to the buyer", what I mean is that the software doesn't provide content to somebody else, or there is no incentive to serve malicious content (e. g. B2B). Why would tampering be relevant in those cases?

    There are situations where it's relevant, but I don't think it's as many as you say

    6. kevmo314 ◴[05 Jul 25 18:33 UTC] No.44474599{3}[source]
    Anything that involves sharing data with other people will run into issues around updating. If your API surface is a shipped sqlite db instead of an API call it's liable to be abused in so many ways.
    replies(1): >>44474844 #
    7. bcoates ◴[05 Jul 25 18:46 UTC] No.44474669[source]
    What's WASM adding here? Without that you're just describing an ordinary SPA+CDN
    replies(2): >>44474883 #>>44474887 #
    8. Terr_ ◴[05 Jul 25 18:49 UTC] No.44474690{3}[source]
    The "overwhelmingly cast majority of cases" will be an employee of a larger company, a person/computer that cannot be trusted with arbitrary access to data and exceptions to business rules in code.
    replies(1): >>44475398 #
    9. a_wild_dandan ◴[05 Jul 25 19:14 UTC] No.44474844{4}[source]
    Local-first doesn't mean local-only though, yeah? Isolate cloud usage to those collaborative features. If that's a huge ask, then your thingy probably isn't the kind of tool we're talking about localizing here!
    10. myflash13 ◴[05 Jul 25 19:20 UTC] No.44474883[source]
    The ability to port existing apps to serverless. See for example Wordpress in WASM.
    11. williamstein ◴[05 Jul 25 19:21 UTC] No.44474887[source]
    WASM adds the ability to run a local copy of SQLite (or even PostgreSQL) entirely in the browser.
    12. drdaeman ◴[05 Jul 25 20:43 UTC] No.44475398{4}[source]
    If it's a single-user app, you can only load data the user actually needs and is cleared to access. And/or lock down the device.

    Multi-user app (and if we're talking about companies, it's multiple users by the very definition) where users are not trusted almost always needs either a central service with all the access controls, or a distributed equivalent of it (which is, indeed, very hard to implement). “Local-first” in those cases becomes less relevant, it’s more of a “on-premises/self-host” in this case.

    But I think while end-user non-business software can be small compared to enterprise stuff, it is still a fairly big market with lots of opportunities.