Discourse Is Not Going Closed Source

https://blog.discourse.org/2026/04/discourse-is-not-going-closed-source/

46•sams99•1h ago

Comments

chrismorgan•1h ago

> Large parts of it are delivered straight into the user’s browser on every request: JavaScript, …

Ooh, now I want to try convincing people to return from JS-heavy single-page apps to multi-page apps using normal HTML forms and minimal JS only to enhance what already works without it—in the name of security.

(C’mon, let a bloke dream.)

ironmagma•46m ago

There are a lot of things to hate in the Web3 world. Lack of back button form resubmission or redirect loops is a strange thing to dislike though.

kelsey98765431•23m ago

The web has grown so hostile lately that javascript is honestly not safe or useful anymore. the only thing it's used for is serving ads and trackers and paywalls, if i can't read a website with no script enabled it's not meant for me and im just not reading it.

bruce511•11m ago

I concur that most web sites could use less JavaScript. And a lot of (but not all) cosmetic uses for JavaScript can be done in CSS.

Of course for web apps (as distinct from web sites) most of what we do would be impossible without JavaScript. Infinite scrolling, maps (moving and zooming), field validation on entry, asynchronous page updates, web sockets, all require JavaScript.

Of course JavaScript is abused. But it's clearly safe and useful when used well.

chrismorgan•59m ago

> I want to be fair to Cal.com here, because I don’t think they’re acting in bad faith. I just think the security argument is a convenient frame for decisions that are actually about something else. […] Framing a business decision as a security imperative does a disservice to the open-source ecosystem that helped Cal.com get to where they are.

That sure sounds like bad faith to me.

LoganDark•46m ago

Bad faith requires you to intend it badly, though, not just for it to be bad.

Gigachad•38m ago

The above statement is claiming it likely is intended as something bad though. A convenient coverup.

LoganDark•35m ago

Covering something up is not bad faith. PR firms do it all the time (though plenty more do things in bad faith too). If what you're covering up is an explicitly user-hostile decision then maybe that's bad faith if what you're trying to do is trick people. But if you're just lying for brownie points then that's not always bad faith, just dumb.

pseudalopex•12m ago

Hiding something to manipulate public perception is bad faith.

croes•22m ago

> dishonest or unacceptable behaviour:

https://dictionary.cambridge.org/dictionary/english/bad-fait...

> I just think the security argument is a convenient frame for decisions that are actually about something else.

That would mean they think it’s bad faith. Claiming to do something because of A but to really do it because of B is dishonest

chrismorgan•8m ago

Framing a business decision as a security imperative sure sounds like intent to mislead to me.

LoganDark•46m ago

This article raises a lot of good points that strengthen the argument against keeping models away just because they're "too powerful". I remain disappointed to see AI corporations gloating about how powerful their private models are that they're not going to provide to anyone except a special whitelist. That's more likely to give attackers a way in without any possibility for defense, not the other way around.

NitpickLawyer•41m ago

I think the "too powerful" is a convenient half-truth that also helps with marketing, and more importantly keeps the model from being distilled in the short term. They'll release it "to the masses" after KYC or after they already have the next gen for "trusted partners".

LoganDark•37m ago

I feel bad for Anthropic because they thought Persona was an acceptable KYC provider. It probably was a genuine mistake. I might have to leave them over that, if they think it's fun to ask me to give Peter Thiel my ID to persist indefinitely on Persona's servers!!!

dhruv3006•39m ago

> Open source creates a useful urgency: when your code is public, you assume it will be examined closely, so you invest earlier and more aggressively in finding and fixing issues before attackers do.

This should be the mentality of every company doing open source.Great points made.

necovek•35m ago

This should be a mentality of every company building products :)

dhruv3006•23m ago

I guess open source makes you more accountable.

Building an Unverified Compiler with Agents

Dictating Literal Reminders to My Apple Watch

Show HN: Amazon Reviews Extractor

Feedr – Live audience Q&A for creators

Dream League Soccer 2026

Internet Protocol Version 8 (IPv8)

WybeCoder: Verified Imperative Code Generation

Don't Use A.I. To Do This

GoLand

Finance ministers and top bankers raise serious concerns about Mythos AI model

JSONLines – My Favourite Format

Best of the Best Tips for Kidepo on a Best Uganda Safari

Europol-supported global operation targets over 75 000 users engaged in DDoS

The $10B Startup Training AI to Replace the White-Collar Workforce

Pentagon Seeks Help from Ford and G.M.

3D-Printed Homes, an Abandoned $590k Deposit, the FBI

Australia's Fiscal Point of No Return

AI boom is city's weirdest tech boom, says S.F.'s chief economist

Engineer open-sources radar system that's 95% cheaper than $250k offerings

Running Your Own AS: Direct Hetzner Peering

Taste.md

FCC exempts Netgear from ban on foreign routers, doesn't explain why

The Iranian Teens Behind Lego Trump [video]

Iran's Lego Slopaganda Creator [video]

Flowsta Sign It

Long-term adaptation pathways for Venice and its lagoon under sea-level rise [pdf]

Billionaire Andrew Forrest takes Meta to court over scam ads using his likeness

Bluesky has been dealing with a DDoS attack for nearly a full day

I made an 80B local model ship a 295-test RAG codebas

Human Accelerated Region 1