Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Because no amount of security patches can fix 00s forum software designed without modern security in mind. And the average user _likes_ Discourse. They don't give two shits that Ctrl + F is hijacked because it does exactly what they want. It finds the text. They don't want excuses like "Oh well it doesn't find that text because you didn't scroll down to load it". They don't want to click through 100 pages of thread.


I use that forum every day, and it hasn’t had any major security problems for the 15 years or so it has been used. I’m not seeing what you’re talking about.


Does the average user likes Discourse? My anecdotal experience hosting a Discourse forum for non-techies is certainly not indicative of that.


I think this is one of the greatest fallacies in modern data science. We only know what we can measure. There's no data on the opportunity cost of design decisions.

In other words Discourse only has metrics on people who use Discourse.

I think this is probably why sign-up metrics are so common but those are perverse as well. How much do you set yourself back if you only work for people willing to sign up?


What kind of security problems are you talking about?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: