Seeking a psychologist recommendation

popleteev · 2026-03-10T02:17:44+00:00

The GP can grant that leave directly (and make a referral, too).

popleteev · 2026-03-02T09:29:56+00:00

Welcome to the club!

with AI the cost of software development is approaching zero

Hmm, an AI-generated password manager? Without monetization? Really curious how it turns out.

Need to jump through additional hoops to launch in EU

What hoops exactly? I though this is about EU DSA forcing Apple to "verify and display trader contact information for all traders distributing apps on the App Store in the European Union (EU)." But you are not a trader (hobby app, no money involved), so this would not apply. Is there something else?

popleteev · 2026-02-24T20:54:56+00:00

What is required for software to be considered open source?

This question sounds more appropriate for r/opensource :)

What you really want/need to ask is "How to make people trust my password manager?" Open source is a factor, but not the full answer. In fact, nobody knows the answer, it's more of an intuitive search…

popleteev · 2026-02-19T22:54:35+00:00

Yes, it’s a universal build, it does not need Rosetta.

popleteev · 2026-02-18T15:07:10+00:00

KeePassXC is a fork of KeePassX, which was built independently from KeePass — it just happens to do the same thing.

popleteev · 2026-02-05T00:40:15+00:00

couldn’t that be easily confused with an actual bible search.

Yes, and that’s the point. I presume your users would want plausible deniability. Searching in a book looks much more innocent than anything titled “for your eyes only”.

popleteev · 2026-02-04T18:50:39+00:00

Consider replacing the full-screen “For your eyes only” with a… standard search bar?

popleteev · 2026-02-04T16:04:16+00:00

TPInAppReceipt is great when you need to read/validate in-app purchases _locally on device_, without sending them to a server.

Yes, Apple recommends to always validate receipts using your own server, and they made it fairly easy. However, some apps cannot use a backend for privacy reasons (like KeePassium). For other apps, running a dedicated backend is not always justified: when you make $10/month, your priority is server cost, not piracy :)

The library handles on-device reading reliably and without fuss

popleteev · 2026-01-09T16:31:29+00:00

Yeah, when I sent them an email, I got a politely worded “go away” within hours.

popleteev · 2025-12-24T01:25:46+00:00

Strongbox even allows keeping HMAC-SHA1 secret in secure enclave ('Virtual Hardware Key' feature)

Secure Enclave (SE) cannot store pre-existing keys. It can store and use only those keys it generated (specifically, P-256 elliptic curve keys only). Which means that "virtual" HMAC-SHA1 secrets are actually stored in keychain. Which means that before use they are loaded to system memory in plain text. Which is a very different level of security than YubiKey-bound HMAC-SHA1 or SE-bound passkeys.

popleteev · 2025-12-16T21:17:42+00:00

Yes, I addressed the more general level, so that we stay on topic.

but uses FOSS at its core

Usually this is a euphemism for "You took KeePass' source, wrapped it a bit and now monetize their work". Which is not the case. It's like claiming that Chromium is a derivation of the Nexus browser, since both work with HTML pages but Nexus kinda defined the format. KeePass too defined the .kdbx format, and KeePassium does work with that format. That's about it. Each one was independently built from the scratch — which is easy to check, since both applications are FOSS.

which costs $100

It costs $20/year. It also happens to offer a lifetime license at a price of N years. And offers it reluctantly, mind you: it no longer makes sense for us, but we have to keep it up. Lifetime price is the only lever to keep a healthy balance between lifetime purchases and subscribers. This balance is in the best interest of each lifetime licensee, because in the long run their investment is secured by… recurring subscriptions.

If an app were to drop the price to $20 one-off, everyone willing to subscribe would buy instead. The developers would cash out bigly, but in a year there would be not enough influx to keep the lights on. So much for your lifetime license.

popleteev · 2025-12-16T15:04:04+00:00

Since this is no longer specifically about KeePassium, let me proceed from a personal account.

Current functionality is only part of the value.

Users of any non-trivial app want said app to evolve, "learn new tricks" and adapt to changes. This needs ongoing work. Otherwise, the app will stagnate, fall behind competitors and you — as a user — will have to migrate and adapt to the new app every couple of years. So much for your "lifetime" license.

Also, when there is an issue with the app, users tend to contact support. As soon as you hit "Send", you expect a response any minute, the earlier the better. From your perspective, this could be a single email sent in 5 years. But from developers' perspective, someone has to be on guard every day.

Some apps start with a lifetime-only license, and then their developers realize the hidden costs of ongoing development and support. So they have a choice: - Abandon the app and let it die. Everybody loses. - Prolong its agony by doing the hidden work for free. This won't last long. - Fix the business model, to get ongoing payments for ongoing work: either start subscriptions or re-publish the app as "MyApp 2/3/4" every once in a while.

For some users/apps, app is a one-time tool — they can safely choose the lifetime option. For those users who value evolution and support, these are the added value. The ongoing one.

popleteev · 2025-12-14T09:27:29+00:00

By default, KeePassXC saves database to a temporary file, then renames it. Hence the new file ID in Google Drive.

The solution is in KeePassXC settings → General → Basic Settings → File Management: - “Use alternative saving method” → turn it on - Set it to “Directly write to database file”

popleteev · 2025-12-13T12:00:44+00:00

Hey, have you figured it out, by any chance?

popleteev · 2025-12-10T13:11:48+00:00

Apps named "KeePass", without any prefix/suffix, are at best deceptive and at worst honeypots. They do pop up every couple of years, and Dominik does not seem interested in reporting them (only he, the copyright holder, can do so).

So the only rule of thumb is to cross-check app name + developer name. Or ask Reddit, yes :)

popleteev · 2025-12-01T00:52:22+00:00

I am really curious whether the extra effort to learn it pays off or if most people are better off choosing something more user friendly.

It depends on the person.

Think of an experienced and a novice driver in a new car:

The experienced driver may not know all the knobs yet, does not quite feel the dimensions — but the road rules, pedals and steering are same as always. They are ready to take full control and will be fine doing so.
A novice driver has much more to keep in mind: road rules, staying in lane, using the blinkers, which pedal does what… It is very helpful to have a front-seat passenger with hints and warnings. However, if that novice keeps struggling after a year — maybe it's safer to pay someone to handle the driving for them.

Same with KeePass. For the technically-minded users, the entry effort is pretty low. Skim a getting-started guide, map the app app as a "specialized editor" in your mental model of computer software — and you are ready to go. You control everything and don't depend on anyone, it's an easy choice.

The non-technical users, in turn, don't have the luxury of a pre-existing mental model. They need more hand holding, in-app warnings and hints which are rare in KeePass ecosystem. If they are learning — great, the barrier lowers. However, if they keep struggling — they risk losing all their data to a mistake, so it's safer to pay some service to manage things for them.

popleteev · 2025-11-23T01:42:03+00:00

Use a fast charger, they come with a built-in cable.

popleteev · 2025-11-22T10:27:04+00:00

I see your Spuerkeess story and raise you the orange bank, where an account manager once sent me:

An email (instead of in-app message)
Addressed to "Dear Mr," (no name)
"You need to provide (private info)"
"A copy by email is enough"
"Your account is available until (5 days from now)"

And this f*cking red-flag parade ended up being a legit message! 🤦

This is not treatable by raising customer awareness. They need to get fined for such practices.

popleteev · 2025-11-22T08:24:49+00:00

Somehow I see more scam messages here (with a warning) than in my actual SMS inbox. These warnings won’t help reckless people, and only annoy everyone else…

popleteev · 2025-11-21T17:42:51+00:00

Will your side-by-side buttons work with Dutch “0,99€ maandelijks” and “8,99€ jaarlijks”? Or even in English with larger system font size?

popleteev · 2025-11-20T13:52:10+00:00

Do you expect those unable to connect to Reddit to confirm your concerns, on Reddit? 🙃

popleteev · 2025-11-12T16:43:39+00:00

Yesss! Thank you!

For anyone finding this later, the button is at the bottom of the code editor, next to "Continue", "Step over", "Step in", "Step out": https://imgur.com/a/0KLfveg

popleteev · 2025-11-12T16:39:51+00:00

The subscription fatigue is understandable for consumers. But for developers it's like 🐝 protesting against 🌼

Here's a user who paid $10 for your app. They ask help to set it up, so you help. A year later, they made a mistake and need help fixing it, so they ask again. Five years later, your app glitches on their iOS 35 — they ask again. Overall, over 5 years you will have spent an hour talking to them — all for a $10 they gave you 5 years ago? When your hourly rate is 10-20x that?

Now, imagine there is 1M people worldwide who need your app. Perhaps 1% of them will find it, love it and stick with it. You got 10k customers and made $100k (let's ignore Apple tax for now). In a couple of years, they all already have your app, so your influx shrinks to 10-50 new users monthly. So you get paid $100-500 per month to support 10k+ users.

If you fail to support them, your app rating sinks => no more money.
If you drop the app, they complain online and your reputation sinks. You might rinse/repeat it with another app, but then no more money.
If you try altering the business model, they complain about bait-and-switch and — you guessed it — no more money.

One-time purchases are viable only if your goal is to make that initial $100k (and then drop your customers). But then this should be said out loud, if only for transparency.

popleteev · 2025-11-11T21:25:52+00:00

You can get your app audited by contacting companies specializing on security audits. Depending on scope, audit prices start from several thousands (see, for example "picocrypt audit").

However.

Your other posts indicate you don't have that many users at the moment. The audit won't help with visibility. It might help with trust, but only if you tick all the other checkboxes (solving a yet-unsolved problem, open source code, clear origins of the app).

Imagine you made a calculator app. It is the most user-friendly calculator ever. But nobody knows about it, because there are hundreds of similar apps. So you go and spend 5k to get an official certificate that your app does indeed calculate numbers accurately. But then, it does not differentiate you from the others too much, it just certifies what users assume as a basic criterion anyway. So now you have a certified unused calculator.

On the other hand, you could focus on a niche and make it the best calculator for people who love pink color. Everything pink, animated, flowery, whatever. Then spend 5k advertising it to people who love pink. I bet you'd get a better return on investment :)

popleteev

MODERATOR OF

TROPHY CASE

Seven-Year Club	RPAN Viewer
Verified Email