Hacker News new | past | comments | ask | show | jobs | submit login
Lessons from building and growing an open source SaaS (plausible.io)
173 points by markosaric on Dec 17, 2020 | hide | past | favorite | 41 comments



I've been using Plausible for https://www.nslookup.io for about a month now. I can definitely recommend it over Google Analytics. Simpler, more intuitive and privacy first.

However, at some point I'd like to monetize this site. I know there's https://www.ethicalads.io/, but they've limited their target audience to developers. Are there any privacy focused ad networks?


NSLookup definitely looks like a fit for us at EthicalAds. You can ping me at the email in my bio and we can get you signed up.


thank you! it's great to see some more ethical alternatives available for site owners


I’m working on an open source search alternative to Algolia, called Typesense [1], with a hosted SaaS option [2]. So our business model is very similar to Plausible.

re: OSS licensing, we use GPL and have been very hesitant about using something like AGPL. I’ve personally seen developers not use projects only because they’re AGPL. Even GPL seems to scare some developers.

Question for HN: have you recently wanted to use an OSS project in your stack and then stayed away from using it only because of its license?

If so, what license was it and what about the license prevented you from using it?

[1] https://github.com/typesense/typesense

[2] https://cloud.typesense.org


I think MPLv2 with or without xGPL compatibility clause (or EPLv2) are a good midway between xGPL and Apache / MIT.

If you're really worried about copycats or leechers, you might want to consider either close sourcing / restrictively licensing [0] the very important bits of the stack that matter to paying customers (like GitLab does with their "buyer-based open core model" [1]).

Note though, open source has always been about commoditizing loss leaders [2] or commoditizing a product's complement [3]... never quite has been a good business model in and of its own.

[0] https://polyformproject.org/licenses/

[1] https://www.heavybit.com/library/video/commercial-open-sourc...

[2] http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts...

[3] https://www.joelonsoftware.com/2002/06/12/strategy-letter-v/


> re: OSS licensing, we use GPL and have been very hesitant about using something like AGPL. I’ve personally seen developers not use projects only because they’re AGPL. Even GPL seems to scare some developers.

Do you think it is more likely to scare your potential paying customers, your potential contributors, or potential freeloaders?

I expect that is likely to scare people in this order:

1. Freeloaders

2. Contributors

3. Customers

If I have a Free Software project, I want to scare freeloaders while still welcoming potential customers and contributors. I know its a balancing act, but I like the AGPL.


Unfortunately it seems to scare people in all those categories. People typically start using it for free and over time, some of them become contributors and/or paying customers.

So if a license scares the people who start using it for free, it then inherently hurts contributions and customers long term.


The order is closer to

1. Contributors

2. Customers

3. Freeloaders

The type of person who is likely to contribute will be the first to look at the license, and AGPL will rightfully worry them.

For the open source funnel, the potential customers start off as "freeloaders". They are more likely to look at the license in the first place because they are more likely to be using the software in a commercial setting and have to worry about licensing. The AGPL concerns hit them first.

The freeloaders will just switch over to a more liberally licensed project.


> ...and AGPL will rightfully worry them.

Not deeply familiar with AGPL. Why is it bad for contributors?


The idea that AGPL will "rightfully worry" potential contributors is FUD spread by Google to decrease uptake of the AGPL. AGPL rightfully worries potential freeloaders such as Amazon and Google that want to profit off of proprietary forks of Free Software packages without contributing back to the community.


If I was a savvy corporate customer, I’d be more concerned that you’d get AWS’ed by a too-permissive license, which would either put you out of business or prevent you from growing. From that POV, being stuck with a dead or stale product from a dead or stale company is far worse than being stuck with a dead or stale product from Microsoft.

Curious to know how you’re solving this — we should come up with some best practices in this area for everyone to adopt!


“Getting AWS’ed”, that should go in the dictionary!

In companies I’ve worked at in the past, during every round of fund raising, as part of the due diligence, lawyers would ask for the licenses of all software packages we use. And when AGPL showed up in the list, they’d specifically ask how it’s integrated with the rest of the system, and evaluate it with more scrutiny. In hindsight, this makes total sense - they were just trying to make sure we were compliant with what AGPL calls for.

But the fact that AGPL software called for extra scrutiny from lawyers, became a stumbling block and added just enough friction to adopting additional AGPL software in the stack.

Now being on the other side of the table as an OSS product, this is painful to watch.

I don’t have a grand plan to solve these misconceptions yet. Hoping that publicly talking about this and driving awareness about GPL and AGPL might help. Open to ideas!


"Getting AWSd" reminds me of "please don't put me out of business during the next re:invent keynote clause" [0] that come with open core licenses.

[0] http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts...


For situations like this add "for $10k you get a commercial license". (Pick whatever price you think is right). Put that in your readme for visibility.

If they are paying lawyers $500/hr to review licenses for peace of mind, they can afford $10k for commercial license.

If they don't want to pay $10k then they are freeloaders and you're not loosing anything.

This is something that sqlite does. See https://www.sqlite.org/prosupport.html:

"The SQLite source code is in the public domain, and is free for use by anyone and for any purpose. No license is required. However, some users desire a license so that they can have warranty of title, or just because their company lawyers say they need one. A perpetual license and warranty of title for the core SQLite source code is available for this purpose."


Judging by the (rather shallow) knowledge I gained from this thread, it seems AGPL is more suited for FOSS projects that intend to sell as a standalone package like Plausible, rather than some add on to some Corporates codebase. In that regard, it seems like a fitting license in this case.

Then again, I don't really know much about the OSS landscape.


Question for OP Can you share how you manage the borders between the open source product and the infrastructure for offering a SaaS

As a trivial example, I’m assuming youre using plausible in plausible, do you have protections ensuring secrets don’t leak to the open source for history ?


Sure, our main repository comes with a production-ready Dockerfile: https://github.com/plausible/analytics

We also have a separate repository with examples and code for how to host Plausible Analytics with docker-compose: https://github.com/plausible/hosting

The hosting repo includes everything you need including databases, MaxMind GeoIP database, reverse proxy for SSL, etc.

We don't host with docker-compose ourselves because we want to scale our databases independently from the app server.

I'm not sure I understand your question. Secrets should never be committed to source control, whether the repo is public or not. Being open source does not change how we manage secrets in the slightest.

Does that answer your question?


I've been running Plausible for two of my sites on a Dokku instance for the last few months. I would highly recommend it to anyone who wants some simple metrics without invading people's privacy.


thanks! glad you're enjoying Plausible!


I had never considered that a paying SaaS could be open source and that raises some questions to me, like: 1. Why would people pay instead of just downloading your code and running it for free? 2. Couldn't anyone grab your code, tweak the UI to make it look different and then sell it as their own SaaS which would be your competitor taking some market share away from you with your own code?


1. Most folks interested in a saas probably don't want to host it themselves.

2. Code needs maintenance and expertise to run. Could you download the source of a large app and compete against it profitably? Maybe if it were mature, well documented, and longtime contributors hired.


I am impressed with your business but the open source development model is worrying. Why not release as normally as you would in your SaaS? It's fine if this is the invisible "hook" where you get an unstable product if you self-host(and from the outside, it seems that's what this is). also, fathom also has pretty much stopped all development :/.


thanks! all our code is still on github so you could just download the "testing" version we use on the cloud and run that.

the slower schedule of the official "stable" self-hosted release is to simply make it possible for us to make it work.

we're a two person team and because of the popularity of the product, we've become overwhelmed with support requests from self-hosters and needed to make a change in the expectations and the process


> There’s no longer any guarantee that, we as creators of Plausible, will be able to help out with your self-hosting issues [...] be prepared to troubleshoot your issues, read our documentation or get community support in the forum.

This is sane, and how most other open source applications or tools work. Don't see any reason why this one should be different.


thanks! perhaps because we're new to open source maintenance, but early on we tried to help each and every support request from self-hosters and it quickly turned out an impossible task. we do help every paying subscriber so tried to do the same for self-hosters but unfortunately it gets very difficult with our limited resources. so now we're simply setting expectations straight so people know what they can or cannot expect


I’ll be interested to see how the plan for bi-annual releases for self-hosted analytics goes - in theory that will be better


for sure. we spoke to some more experienced open source developers and this was the idea they proposed. we thought it's worth a try


I've been using Plausible for almost a month now and I love it. Previously, I have been using Simple Analytics, which is also great from a privacy perspective. But I personally just like Plausible more because it's open source, self-hostable (although I currently don't) and has better UX/UI.


Love plausible analytics.

Upgraded to a paid plan for my project which is getting some traction and I was able to get exactly the kind of analytics I was looking for. I also share similar principles with regards to user privacy and so it’s definitely something I want people to use more and advocate for.

Great work folks.


thank you for your support!


interesting article. outside of gitlab, ghost.org are there other companies that embrace this model?



Not to be pedantic but out of all of those, Outline is not actually open source; they're source available but they're using the BSL, which is "source available now and open source in the future"


Fair enough. BSL is technically not open source but it is endorsed by Bruce Perens of the Open Source Initiative and I believe it is a very good license for new startups in this space.

https://itsfoss.com/making-the-business-source-license-open-...


I have no beef w/ the BSL. I think it's a great license. It's just not quite open source is all.


We have a similar model at Papercups where our product is open source https://github.com/papercups-io/papercups but we charge for hosting. We're big fans of Plausible since we both follow a similar model and are both written in Elixir :)


high five!


I made a list a while ago when I was making the decision[0]. I started on Fathom and moved to Plausible.

[0] https://nts.strzibny.name/privacy-oriented-alternatives-to-g...


Open source is not the antidote to surveillance capitalism.

Something like this, however, is: https://anonymous.4open.science/r/e85a54a3-983d-498c-8672-0a...


> The person or entity is not engaged in commercial use of the Software

This make it seem you can't use the software at all, even if your company satisfies their conditions.


GNU argues that you should not use MIT or LGPLv3 for your library, because then the library will be used in proprietary software to oppress and tyrant people, possibly including yourself.

https://www.gnu.org/licenses/why-not-lgpl.html




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: