New update: Looks like someone got invite access to the repo or something and invited a ton of people (including me) to Shipfast. This definitely crosses a line and whoever is doing it should obviously stop x.com/sistillianthony/status/1849159482070167636?s=46&t=j3OlMQGAOQfr3uUmXnU0Pg
Omg, it's like third or fourth time after he fixed the bug that allowed to do this. He said he hired someone who will take over the security part, but ... again? Okay, it might be a bad behaviour from someone, but on the other hand, if it happens after fixing it... Again, it says about the quality of his code. I thought yesterday that issue was closed, but AGAIN?
What would you expect from an "r-worded" who literally made all his money from posting bj-face pics on youtube? (Explanation: his only profitable product is shipfast, which is a product aimed at people who want to ship a saas. So, he never made any saas profitable himself, but he managed to convince a bunch of people who want to have a profitable saas to give him money so that they could have a profitable saas. Right. So, in other words, all his money comes from being an youtuber and "selling a course", so to speak. And how did he become a "successful" youtuber? By, like a bunch of other r-words, posting pictures where he is simulating a sex act that is often abbreviated as BJ, since other r-words who work at youtube seem to really enjoy those pictures and give people who do that a boost on their channels).
I can see where you’re coming from but the frontend should never be able to leak backend data . It’s super easy to turn off frontend validation . Frontend validation is literally there as a nice to have for the user . Anyone can get around it . The backend should expect SQL injection attacks and all that fun stuff.
Only if the boilerplate is bad. In my mind, it's like saying "devs who use a framework like Django are bad" If it saves you a ton of time on what you need to do anyway, AND it's be well-vetted (it wasn't in this case) I'd say it actually makes you a better overall dev if you're being smart about your building
The worst part about this is the mentality "I just need to get this boilerplate and then I can begin to sell and earn money"... Bitch the code for you website is the easy part, the hard part is having an actual product someone is willing to buy... Selling hope seems to be the new goldrush in this world...
I've said it before, but I think Marc Lou is somewhat inspiring and at the same time somewhat a pyramid scheme. It's a shame his only product that actually sells is just a template product that is meant for you to sell. I think all the drama is unfortunate because I think most of us if we found our self in his position, we would probably get defensive like he did. Having said that this was a situation where the pressure got the better of him and he failed as a leader. As someone that is older and doesn't have a business I have to give this Marc guy some slack on how he handled the situation. But if he doesn't learn from this experience, that tune can change.
Some of his other products do still make a decent amount of money. His other products combined make like 5000-7000/mo, but seems so insignificant compared to ShipFast.
how can you find yourself in such situation if you are not a griefer? this isn't "unfortunate" for the griefer, it is unfortunate for the ones griefed. what do you expect to achieve by giving space to these bad actors?
When big accounts in the scene tells you "you are doing it wrong", then your are probably doing it wrong. A lot of big accounts in his replies and he completely ignored it. A few of these issues are still there and can be exploited. He said publicly that he hired someone to fix it, but that basically tells: "Guys, I don't know what I'm doing, just buy my boilerplate and print money, someone will fix my issues for me, but trust me, you gonna ship fast".
The fact he hasn't made another 5 figure SaaS with his own starter kit tells you everything you need to know about his actual ability to make products.
There has been a lot of noise around the fact that we could bypass the paywall but the biggest issue was that anyone was able to get all his customer emails (private data) by poking around on his website for 15 minutes.
Literally none of his sass were actually that successful. He made ALL his money by selling a template to other devs and is not a sass at all. He's totally a guru. But if Marc hadn't been dissing tests and security all this time, this probably wouldn't have happened. But he doesn't care, he has open issues and PR's on the actual repo that have been there since May. Marc has never commented on a single one. He doesn't care.
Not to mention that you can't run npm install and expect the dev server to run just even after a year no matter how much you have paid for the boilerplate.
Well he proved a point tho. You dont need skills to make money. Appearance is everything right now..and so on... and so on... he still made like $500k on garbage code he got my respect😂
I really think this marks the end of his boilerplate. While attention can be beneficial, even when facing criticism, this situation is different-it’s damaging his reputation. People are starting to realize that boilerplate code isn’t a magical solution; you still have to implement things yourself. But that’s a separate issue. I also feel that many who rely heavily on boilerplates don’t truly know how to code in the first place.
The security vulnerability was so easy to find and abuse, it literally took me 5 mins and Simon 10 to find (keeping in mind I had never visited shipfast prior to that). The lack of concern is insane and I can't trust my data on any of his services. Insanity. Thanks for making a video, the bug is fixed so you could make a video on how the exploit occurred.
Mac should be thanking the community, most of his products remain illegal in the eu though, for some reason he doesn't care about the regulations despite having customers from europe
I thought people buying this boilerplate instead of writing their own code are crazy, but them discovering that it may have security breaches and still justifying him is even more terrifying. All theirs and Marc's responses sound like they own a cult of making money, and now they imagine fighting with enemies that try to stop them instead of shipping too, pathetic
Security isn't a standard only aplicable to the bigger businesses. If you're lax on it then it's no longer a matter of corporate vs independent, it devolves to simply professional vs unprofessional.
I saw one video of Marc’s where he explicitly states that he didn’t do any testing. I immediately decided I would never buy any of his stuff. Why? Well… If you’re a solopreneur developer, then you don’t have a team to do PRs or pair programming for error correction. Now you admit you don’t test? So you have no safety net at all, is what you’re saying. We’re all human, we all make mistakes. But he literally marketed and sold his untested, unchecked code to thousands of people, who in turn used it to sell software to unknown thousands or tens of thousands more people. There are good reasons - such as error correction - that disciplines like pair programming, PRs, CI/CD, SRE, TDD, BDD, and DevOps exist… why they have been adopted and adapted by organisations of all types and sizes over the decades… and he completely ignored those reasons to “ship fast.” I hope he learns from this experience.
The thing is that it doesn't really matter. We're talking about building micro saas products where a success is considered making a few thousand quick and then it's a plus if it lives longer. And the reason that can be considered a success is because of the rapid development process which is done by cutting non-essential things like testing. It can be scummy if it's a product people rely on but it is what it is. Then there is the opposite side of the spectrum that does everything in autistic detail but never ships anything
I been following Marc and reviewed his work. As a software engineer of 20yrs. He's intern level or Jr Dev at best. I can't believe people bought the boilerplate for $200
Well he said in his videos. He is not writing unit tests and integration tests. This is something is a must specially if it is a product many people will use.
i think part of the reason for the blocks is not creator-to-creator, its because of the quote tweet and other weirdos spamming the OP blocking will also block from the quote tweet? idk just a guess
while people having access to other people data is an unacceptable flaw, a lot of claims you shown are actually superficial(whats so bad about setting very long usernames?!?) Its a lot of hatred against the person, not his sites.
Who want to pay - will pay, who want to hack - will hack, who want to earn - will earn, Who want to hate - will hate 😂 Mark made 100k+ - it is fact. One hacker made 300 backs - also fact. Mark gets tons free negative and positive promo - also fact ( it is good for marketing as book say ). So seems he won 😂🎉
I think people are going after him for nothing. Marc has special marketing skills and his main selling point is “don’t think too much, just ship it”. But creating bug free, secure projects take too much time. Especially if it’s an ecommerce project. Therefore accepting vulnerabilities in fast shipped projects, also means accepting his main marketing angle collapses on itself. After all, experienced programmers are not his target audience. He’s selling the dream of “I can do it!” to newbies and also insipiring other devs do something even though they will not become a paying customer.
As i first saw this guy online i thought "wow, he kinda does cool stuff and makes money out of it, very nice for him" but the more i went down the rabbithole of his content and taking a deeper look at it all (im a web dev myself) i just more and more come to the conclusion hes just a good UA-camr/marketing guy with a hobby of building pretty frontend. (not tryna attacking him but what also annoys me is this "i got fired everywhere so i did this..." marketing strategy, like bro why did you get fired everywhere in the first place?)
If I was Marc I would just two Dev one Senior JS guy an a Security specialist JS guy to review and fix everything. Paying them 20k then hire two JS senior guy to just redo the stuff. And publickly talk about the process. And everybody who already buy got a v2 that is super secure and voila.
You need to talk more about the other big creators that are Marc's friends that blocked and publically denounced people from talking about about the issues, who clearly don't care about Marcs customers building on sand, and just care bout their friend.
Fun fact, I think indie hacker was falling into the crypto bros category, instead should be about solving problems... but well, maybe this situation was necessary for a "change"
That guy was a red flag from the beginning to the end. First red flag was the advocating that he makes zero effort to make his "Saas" products better and was using javascript. The second was the constant marketing around it to make it seem like something big. Last was the of course the template he was selling made in JS for 200 dollars which by his earnings shows that humans are collectively idiotic and fall for dumb things as long as someone with a little influence says it.
Seems like the type of person that will make it until he's defending himself in court for serious PII getting leaked, or malware being spread through his stuff. Also seems like the kind of scheme where he makes money off of others trying to make money like him who need other people to pay for their stuff... I feel like no one downstream from him is making a service anyone but other easily convinced people will buy.
Not validating web hooks is serious. That's not a nuance thing. Validation signatures are usually part of the payload of any respectable web hook dispatcher even if they're shipping fast.
He is a good marketer and has been really successful at selling the dream of being a solopreneur, but I'm starting to think that Marc isn't even a programmer
He already made an apology video.. All it took was proplr bypassing the paywall.. Inviting themselves to the repo.. And then giving access to all the haters to his repo 😂
I feel like this guy is hating. Yeah Marc didn't handle the situation great(a better approach would be to actually fix the code) but like I said I'm pretty sure the guy is hating as he said he should make shipfast opensource, I personally wouldn't buy it but since when did we start hating on successful people? Just a shame Marc makes a majority of his money selling shovels to his audience who are looking for gold
I was wondering about his website’s security honestly pushing out multiple websites like this does not seem safe..but hell what do I know I’m just a beginner 😢
My comment is nothing related to the video : I dont know why but i find x to be very irritating to use. Its not that easy to navigate and there is so much spam where a user keeps on posting every 4 minutes and there are some extremely basic features-ex:(Edit) which arent available for free which makes it irritating.The Ui isnt fun to use.
Marc is a Scammer with good story telling ability. Personal opinion, he is selling shovels, I do agree though, just a way to make money, nothing wrong scamming dumb folks. if you can't ship fast without SHIPFAST tool, you choose the wrong domain anyways.
These people exposing him are worse than Marc. No doubt Marc's reaction was trash, if you aren't actively maintaining the repo then stop selling the code. That said, what the heck is "He didn't reply in 42 hours so I'll make the the vulnerability public!"? Responsible disclosure is crying in some corner. These dudes exposing hacks willy nilly in his code are risking his customers (and customer's customers) more than he did with his trash code.
love me hate me, there is no money inbetween. every criticism of marc lou and trend of it, has only pushed his brand. if hate destroyed brands, a lot of unethical scammy people with brands would have been dead by now. so...... uhmmm yh more benefit to marclou
It's nice to see his tools being evaluated. I knew about Marc for some time now and I felt jealousy for his achievements. I felt like an inferior developer because I'm mostly backed dev, working with integrating banking and fintech solutions and I wanted to get out and be my own man. At one point I even considered buying ShipFast to evaluate what he actually wrote there but I focused on my current job and hobbies and time passed. Turns out Marc wasn't an engineer like me, but he was a great Marketeer and Frontend Dev.
people should stop bashing marc, cuz he is individual dev, its not like hes in big corporation, you paid 200 yes, but you also have the ability to fix it, if you call yourself a programmer, then fixed it. security maintenance is not part of the deal. you should know the risk before buying. we should fight big corp not programmer
lol making money is the only thing that matters, why the fuck is everyone so high and mighty about making money? who the fuck works for free with no expectation of income?
@@YusufEbr comment would be too long and won't be as visible as the video but I'll give you an example. It didn't start the way he said it started, it started by a discussion on writing tests and when Marc he has written 0 test cases which some people didn't like. You'll find Marc referencing this thing (saying something about developers wanting everyone to write tests in a recent post). 2. When Marc gave 300$ publicly like that, it was after someone called Matt mentioned some issues about his site before, he did it publicly so it wouldn't make sense that he'd be rewarded for it. This guy, ever since the testing discussion mentioned above became obsessed with Marc, his whole profile for a month is all posts and replies on things related to Marc, and he knows that it got him millions of views he never got before and managed to grow his following. 3. Also saying that none of the ones posting about this publicly first (before emailing Marc about the issues) didn't do it for clout is either naive or dishonest... Accounts with less 100 followers, managed to get 3+ M views on their posts and hundreds of new followers and you think they didn't notice? Come on. Like I said, some relevant points
@@YusufEbr Okay I'll mention some things...first of all it didn't start the way he says he did. It started with a discussion on writing tests to which marc said he doesn't write case tests and a discussion stemed from that...Some people agreed other disagreed then there was a guy called Matt who made it a mission to change his account to only talk about Marc (it got him way more engagment so the incentive is there) eventually talking about data leaks in one of his app. What supports my argument about this being the origin, is marc mentioning "devs liking tests" or something like that in one of his recent posts. Later on Marc made that 300$ bug bounty post with a shoutout to the guy who emailed him, as a way to say about the good way to report vulnerability (as opposed to the Matt guy mentioned before who still got millions of views with an acount under 100 followers before that) There are other details but this isjust a coment that won't be viewed much anyway
New update: Looks like someone got invite access to the repo or something and invited a ton of people (including me) to Shipfast. This definitely crosses a line and whoever is doing it should obviously stop x.com/sistillianthony/status/1849159482070167636?s=46&t=j3OlMQGAOQfr3uUmXnU0Pg
Omg, it's like third or fourth time after he fixed the bug that allowed to do this. He said he hired someone who will take over the security part, but ... again? Okay, it might be a bad behaviour from someone, but on the other hand, if it happens after fixing it... Again, it says about the quality of his code. I thought yesterday that issue was closed, but AGAIN?
Lawsuit incoming
"I was a virgin, an hour ago." - Marc Lou
"You should have stopped there" - Prime🤣
Marc lou is not a hacker that's why his sites are getting hacked in the first place
That‘s Indie Hacking in a nutshell tough, like 90%+ of indie „hackers“ don‘t have a good idea of what they‘re doing.
He isn't a good programmer too just a good talker with nice visual
Sad truth for a lot of people. "ship fast" mindset is toxic and is making people bad devs, which I hate the most, because I love development.
@@dobroslav.radosavljevic people with 2 brain cells could have seen it long ago
He is someone who graduated from a 6 weeks NextJS coding bootcamp and happened to have great marketing skills.
Validation in frontend is no validation.
as a frontend dev this is an absolute fact. Frontend validation is nice visually for the user but doesn't do anything outside of that.
i don't think that his problem
What would you expect from an "r-worded" who literally made all his money from posting bj-face pics on youtube? (Explanation: his only profitable product is shipfast, which is a product aimed at people who want to ship a saas. So, he never made any saas profitable himself, but he managed to convince a bunch of people who want to have a profitable saas to give him money so that they could have a profitable saas. Right. So, in other words, all his money comes from being an youtuber and "selling a course", so to speak. And how did he become a "successful" youtuber? By, like a bunch of other r-words, posting pictures where he is simulating a sex act that is often abbreviated as BJ, since other r-words who work at youtube seem to really enjoy those pictures and give people who do that a boost on their channels).
@@CodeWithPaulIo but if you don't have sanitization in-state for input you might end up with your frontend leaking your backend stuff
I can see where you’re coming from but the frontend should never be able to leak backend data . It’s super easy to turn off frontend validation . Frontend validation is literally there as a nice to have for the user . Anyone can get around it . The backend should expect SQL injection attacks and all that fun stuff.
the prime tweet was hilarious.
The fact that there are devs buying boilerplate like this out there explains why we have so many bad devs in this industry. Skill issues.
On top of that its a bad boilerplate
Only if the boilerplate is bad.
In my mind, it's like saying "devs who use a framework like Django are bad"
If it saves you a ton of time on what you need to do anyway, AND it's be well-vetted (it wasn't in this case)
I'd say it actually makes you a better overall dev if you're being smart about your building
The worst part about this is the mentality "I just need to get this boilerplate and then I can begin to sell and earn money"... Bitch the code for you website is the easy part, the hard part is having an actual product someone is willing to buy... Selling hope seems to be the new goldrush in this world...
@@gavinwienerhow BUYING a boilerplate as a dev can make you a BETTER dev ? I don’t get it please enlighten me
definitely a skill issue.. companies like vercel are making huge amounts of money on these devs
I've said it before, but I think Marc Lou is somewhat inspiring and at the same time somewhat a pyramid scheme. It's a shame his only product that actually sells is just a template product that is meant for you to sell. I think all the drama is unfortunate because I think most of us if we found our self in his position, we would probably get defensive like he did. Having said that this was a situation where the pressure got the better of him and he failed as a leader. As someone that is older and doesn't have a business I have to give this Marc guy some slack on how he handled the situation. But if he doesn't learn from this experience, that tune can change.
Some of his other products do still make a decent amount of money. His other products combined make like 5000-7000/mo, but seems so insignificant compared to ShipFast.
how can you find yourself in such situation if you are not a griefer? this isn't "unfortunate" for the griefer, it is unfortunate for the ones griefed. what do you expect to achieve by giving space to these bad actors?
his content is really unrelatable
When big accounts in the scene tells you "you are doing it wrong", then your are probably doing it wrong. A lot of big accounts in his replies and he completely ignored it. A few of these issues are still there and can be exploited. He said publicly that he hired someone to fix it, but that basically tells: "Guys, I don't know what I'm doing, just buy my boilerplate and print money, someone will fix my issues for me, but trust me, you gonna ship fast".
i guess this is what happens when you ship a little bit too fast
The fact he hasn't made another 5 figure SaaS with his own starter kit tells you everything you need to know about his actual ability to make products.
There has been a lot of noise around the fact that we could bypass the paywall but the biggest issue was that anyone was able to get all his customer emails (private data) by poking around on his website for 15 minutes.
He's a marketer more than anything.
New category released: tech gossip entertainer
I've never supported 'move fast break things' because those 'things' also include people's trust and safety!
Literally none of his sass were actually that successful. He made ALL his money by selling a template to other devs and is not a sass at all. He's totally a guru.
But if Marc hadn't been dissing tests and security all this time, this probably wouldn't have happened. But he doesn't care, he has open issues and PR's on the actual repo that have been there since May. Marc has never commented on a single one. He doesn't care.
He is too busy shipping "startups" in a weekend. What a joke.
javascript devs are peak delulu.
best comment
Seriously lmao, the whole idea of spending hundreds on a boilerplate code is just strange to me. This sht wouldnt work in the go community
amin
Not to mention that you can't run npm install and expect the dev server to run just even after a year no matter how much you have paid for the boilerplate.
Well he proved a point tho. You dont need skills to make money. Appearance is everything right now..and so on... and so on... he still made like $500k on garbage code he got my respect😂
I really think this marks the end of his boilerplate. While attention can be beneficial, even when facing criticism, this situation is different-it’s damaging his reputation. People are starting to realize that boilerplate code isn’t a magical solution; you still have to implement things yourself. But that’s a separate issue. I also feel that many who rely heavily on boilerplates don’t truly know how to code in the first place.
The security vulnerability was so easy to find and abuse, it literally took me 5 mins and Simon 10 to find (keeping in mind I had never visited shipfast prior to that).
The lack of concern is insane and I can't trust my data on any of his services. Insanity. Thanks for making a video, the bug is fixed so you could make a video on how the exploit occurred.
Buying a SaaS template is like renting a car from Avis to drive in Nascar.
Mac should be thanking the community, most of his products remain illegal in the eu though, for some reason he doesn't care about the regulations despite having customers from europe
Those "Sketchy sales tactics" are explicitly illegal in most places.
I thought people buying this boilerplate instead of writing their own code are crazy, but them discovering that it may have security breaches and still justifying him is even more terrifying. All theirs and Marc's responses sound like they own a cult of making money, and now they imagine fighting with enemies that try to stop them instead of shipping too, pathetic
the golddigger became the pickaxe salesman
THANK YOU FOR MAKING THIS VIDEO, I KNOW IT WOULD HAVE TAKEN A LOT OF TIME TO COLLECT EVERYTHING!!!!
And people think AI is replacing devs. Even devs can’t replace devs.
Security isn't a standard only aplicable to the bigger businesses.
If you're lax on it then it's no longer a matter of corporate vs independent, it devolves to simply professional vs unprofessional.
I saw one video of Marc’s where he explicitly states that he didn’t do any testing. I immediately decided I would never buy any of his stuff. Why?
Well… If you’re a solopreneur developer, then you don’t have a team to do PRs or pair programming for error correction. Now you admit you don’t test? So you have no safety net at all, is what you’re saying.
We’re all human, we all make mistakes. But he literally marketed and sold his untested, unchecked code to thousands of people, who in turn used it to sell software to unknown thousands or tens of thousands more people.
There are good reasons - such as error correction - that disciplines like pair programming, PRs, CI/CD, SRE, TDD, BDD, and DevOps exist… why they have been adopted and adapted by organisations of all types and sizes over the decades… and he completely ignored those reasons to “ship fast.”
I hope he learns from this experience.
The thing is that it doesn't really matter. We're talking about building micro saas products where a success is considered making a few thousand quick and then it's a plus if it lives longer. And the reason that can be considered a success is because of the rapid development process which is done by cutting non-essential things like testing. It can be scummy if it's a product people rely on but it is what it is. Then there is the opposite side of the spectrum that does everything in autistic detail but never ships anything
He is basically selling a piece of paper with "Good luck" written on it
That one junior that never found an internship, despite being so good at selling himself, but had to pay the bills
I been following Marc and reviewed his work. As a software engineer of 20yrs. He's intern level or Jr Dev at best. I can't believe people bought the boilerplate for $200
Last I checked, GDPR and other compliance exists. Means this ship's fast boilerplate is not ready to ship anything.
You should cover the Stallman report and the whole opsec failure that followed.
I like him, but it seems like he is selling shovels in a gold rush.
Nothing wrong with it but something to think about.
Well he said in his videos. He is not writing unit tests and integration tests. This is something is a must specially if it is a product many people will use.
I find the name "indie hacker" totally inappropriate for making small SASS things. They just made the name up to make is sound cooler than grifter.
Thanks for the recap, great video ❤
i think part of the reason for the blocks is not creator-to-creator, its because of the quote tweet and other weirdos spamming the OP
blocking will also block from the quote tweet? idk just a guess
while people having access to other people data is an unacceptable flaw, a lot of claims you shown are actually superficial(whats so bad about setting very long usernames?!?) Its a lot of hatred against the person, not his sites.
Who want to pay - will pay, who want to hack - will hack, who want to earn - will earn,
Who want to hate - will hate 😂
Mark made 100k+ - it is fact. One hacker made 300 backs - also fact. Mark gets tons free negative and positive promo - also fact ( it is good for marketing as book say ). So seems he won 😂🎉
Are there good indie hackers who found success and are well respected in the community to follow?
What’s your thoughts on Pieter Levels?
No
Ship shovels fast, except that the shovels are of very bad quality and will break on first use.
The whole indie hacker scene is an incesteous circle jerk of wannabe entrepreneurs selling bad products to each other lol
Marc Lou is not a dev, he just a business guy, only want to make money.
Don't care about user.
I think people are going after him for nothing. Marc has special marketing skills and his main selling point is “don’t think too much, just ship it”. But creating bug free, secure projects take too much time. Especially if it’s an ecommerce project. Therefore accepting vulnerabilities in fast shipped projects, also means accepting his main marketing angle collapses on itself. After all, experienced programmers are not his target audience. He’s selling the dream of “I can do it!” to newbies and also insipiring other devs do something even though they will not become a paying customer.
Very interesting and useful feedback. A big subjective, but still useful.
As i first saw this guy online i thought "wow, he kinda does cool stuff and makes money out of it, very nice for him" but the more i went down the rabbithole of his content and taking a deeper look at it all (im a web dev myself) i just more and more come to the conclusion hes just a good UA-camr/marketing guy with a hobby of building pretty frontend.
(not tryna attacking him but what also annoys me is this "i got fired everywhere so i did this..." marketing strategy, like bro why did you get fired everywhere in the first place?)
When I saw Melkey and ThePrimeagen commented on the post, it is the end!
If I was Marc I would just two Dev one Senior JS guy an a Security specialist JS guy to review and fix everything. Paying them 20k then hire two JS senior guy to just redo the stuff.
And publickly talk about the process.
And everybody who already buy got a v2 that is super secure and voila.
$200 one time payment
Bro was on Starter Story
It's crazy how he thought actively making fun of it would be a good idea
the issues are real. He could've taken the criticism and improved but he decided not to.
Missed opportunity + bad reputation
Marc lou is not a hacker, he's just a hack
I’d hate to work with Marc
You need to talk more about the other big creators that are Marc's friends that blocked and publically denounced people from talking about about the issues, who clearly don't care about Marcs customers building on sand, and just care bout their friend.
i worked with Developers & UX/UI designers, the second were easy to criticize & talk with if something was wrong.
Fun fact, I think indie hacker was falling into the crypto bros category, instead should be about solving problems... but well, maybe this situation was necessary for a "change"
Marc Lou is a scammer who sells the hope of success
Simon got famous taking advantage of Marc's work
Fair Game
that's why I always search for free things and never buy anything on the internet
That guy was a red flag from the beginning to the end.
First red flag was the advocating that he makes zero effort to make his "Saas" products better and was using javascript.
The second was the constant marketing around it to make it seem like something big.
Last was the of course the template he was selling made in JS for 200 dollars which by his earnings shows that humans are collectively idiotic and fall for dumb things as long as someone with a little influence says it.
I have never heard about this guy or shipfast thing, anyway cool, cool
imagine paying 200$ for a nextjs boilerplate lol
Seems like the type of person that will make it until he's defending himself in court for serious PII getting leaked, or malware being spread through his stuff. Also seems like the kind of scheme where he makes money off of others trying to make money like him who need other people to pay for their stuff... I feel like no one downstream from him is making a service anyone but other easily convinced people will buy.
Looking at it and detail.. What I, a serious new and upcoming business owner want is to pay for "Discord community & Leaderboard"
Not validating web hooks is serious. That's not a nuance thing. Validation signatures are usually part of the payload of any respectable web hook dispatcher even if they're shipping fast.
Marc Lou used only zod for validation
He is a good marketer and has been really successful at selling the dream of being a solopreneur, but I'm starting to think that Marc isn't even a programmer
His fans are like cult members.
Man these opps be trippin.
He already made an apology video.. All it took was proplr bypassing the paywall.. Inviting themselves to the repo.. And then giving access to all the haters to his repo 😂
hes not charging 200 a month. he's charging 200 once
Yeah seems value to me. Not something I will buy but seems value.
I feel like this guy is hating. Yeah Marc didn't handle the situation great(a better approach would be to actually fix the code) but like I said I'm pretty sure the guy is hating as he said he should make shipfast opensource, I personally wouldn't buy it but since when did we start hating on successful people? Just a shame Marc makes a majority of his money selling shovels to his audience who are looking for gold
12:47 and why tf would he do that? His revenue would go back down to 0.
Amazing recap!
we all knew that he has vulnerabilities, he ships the apps in a couple of theres no way he's getting it pen tested. IDK what people expected
That was wild 😁
I was wondering about his website’s security honestly pushing out multiple websites like this does not seem safe..but hell what do I know I’m just a beginner 😢
Actually ship fast is not gdpr compliant and tos and policy is not complete...
My comment is nothing related to the video : I dont know why but i find x to be very irritating to use. Its not that easy to navigate and there is so much spam where a user keeps on posting every 4 minutes and there are some extremely basic features-ex:(Edit) which arent available for free which makes it irritating.The Ui isnt fun to use.
Marc is a Scammer with good story telling ability. Personal opinion, he is selling shovels, I do agree though, just a way to make money, nothing wrong scamming dumb folks. if you can't ship fast without SHIPFAST tool, you choose the wrong domain anyways.
We shitting on ppl for bugs and marketing tactics now?
Are people even still surprised?
why this feels like a crypto token scam?
dude pulled the rug.
isnt he in gross violation of GDPR? or does he just not ship to the EU?
These people exposing him are worse than Marc. No doubt Marc's reaction was trash, if you aren't actively maintaining the repo then stop selling the code.
That said, what the heck is "He didn't reply in 42 hours so I'll make the the vulnerability public!"? Responsible disclosure is crying in some corner.
These dudes exposing hacks willy nilly in his code are risking his customers (and customer's customers) more than he did with his trash code.
love me hate me, there is no money inbetween. every criticism of marc lou and trend of it, has only pushed his brand. if hate destroyed brands, a lot of unethical scammy people with brands would have been dead by now. so...... uhmmm yh more benefit to marclou
He's just a guy that want's to make money. All he can think about is money. that's it.
All this mvp is really just shipping garbage
this proves even "smart" people can be fooled lol
Man he's doing insane money from this crap :) Marketing > Product Quality.
It's nice to see his tools being evaluated. I knew about Marc for some time now and I felt jealousy for his achievements. I felt like an inferior developer because I'm mostly backed dev, working with integrating banking and fintech solutions and I wanted to get out and be my own man. At one point I even considered buying ShipFast to evaluate what he actually wrote there but I focused on my current job and hobbies and time passed. Turns out Marc wasn't an engineer like me, but he was a great Marketeer and Frontend Dev.
he made it. You just talk about other people who made it.
Hop a rgpd report
I'm with marc on this one.
people should stop bashing marc, cuz he is individual dev, its not like hes in big corporation, you paid 200 yes, but you also have the ability to fix it, if you call yourself a programmer, then fixed it. security maintenance is not part of the deal. you should know the risk before buying. we should fight big corp not programmer
are you stupid on purpose
lmao I bought shipfast a few months ago. I didn't know about this drama. Disappointing how he handled the situation...
Why someone would pay for an afficionado's codebase is something that escapes my comprehension. This guy is a wannabe programmer and a scam artist.
I wonder how his codebase looks like, if it looks the same as he codes in his vids then fuck no, 200$ is way off
lol making money is the only thing that matters, why the fuck is everyone so high and mighty about making money? who the fuck works for free with no expectation of income?
In the time you spent making this video, you could have been shippin'. Massive Indie Hacking L
Marc is a guy with huge ego
unaccurate recap and didn't start where you said it started
Enlighten everyone
@@YusufEbr comment would be too long and won't be as visible as the video but I'll give you an example. It didn't start the way he said it started, it started by a discussion on writing tests and when Marc he has written 0 test cases which some people didn't like. You'll find Marc referencing this thing (saying something about developers wanting everyone to write tests in a recent post).
2. When Marc gave 300$ publicly like that, it was after someone called Matt mentioned some issues about his site before, he did it publicly so it wouldn't make sense that he'd be rewarded for it. This guy, ever since the testing discussion mentioned above became obsessed with Marc, his whole profile for a month is all posts and replies on things related to Marc, and he knows that it got him millions of views he never got before and managed to grow his following.
3. Also saying that none of the ones posting about this publicly first (before emailing Marc about the issues) didn't do it for clout is either naive or dishonest... Accounts with less 100 followers, managed to get 3+ M views on their posts and hundreds of new followers and you think they didn't notice? Come on.
Like I said, some relevant points
@@YusufEbr oh damn I wrote a long reply this morning and I don't see it showing up
@@YusufEbr Okay I'll mention some things...first of all it didn't start the way he says he did. It started with a discussion on writing tests to which marc said he doesn't write case tests and a discussion stemed from that...Some people agreed other disagreed then there was a guy called Matt who made it a mission to change his account to only talk about Marc (it got him way more engagment so the incentive is there) eventually talking about data leaks in one of his app.
What supports my argument about this being the origin, is marc mentioning "devs liking tests" or something like that in one of his recent posts.
Later on Marc made that 300$ bug bounty post with a shoutout to the guy who emailed him, as a way to say about the good way to report vulnerability (as opposed to the Matt guy mentioned before who still got millions of views with an acount under 100 followers before that)
There are other details but this isjust a coment that won't be viewed much anyway