IMO, a lot of open-source enthusiasts just don't understand the level of hostile/manipulative attention that get directed at sites with lots of high-value traffic, such as HN. There are quite a few users and companies actively trying to get their pages on the front page by any means necessary. It's dangerous to assume that they're not technically sophisticated.
Sites of this size generally need fairly sophisticated rules to withstand these attempts and keep to the original purpose of the site. And they need to be hidden, because if they are known, they will be successfully gamed. There is much more brainpower aimed at manipulating the site than there is in support of keeping it dedicated to its original purpose.
Security by obscurity gets knocked by some people, but it is a valid part of a defense in depth strategy. For example, I run SSH on a weird port, but I still secure SSH just the same as I would if it were on port 22. Running it on a weird port just decreases the amount of spam I have to filter through in the log files.
So-called "security by obscurity" is critically important.
I must disagree emphatically with open-source enthusiasts who believe that "security by obscurity is bad" advice applies to everything. In my opinion, it only applies to a small subset of certain types of software - packages that are meant to be used on extremely large scale, such as web servers, encryption algorithms, and the like. Attempts to apply it to other areas are foolish.
Obscurity is the only possible mechanism for keeping a highly popular link-aggregating site's story ranking reflective of what the community of genuine readers wants to see when under attack by "content promoter" types.
Sure, valid opinion, but I sure ain’t staking my security reputation on the quality of this forum, doubly so since it operates on many hidden and user-hostile rules to get to this debatable quality that I can’t audit.
Frankly I just don’t think they give a damn about the value of open source, at least relative to immediate things, and I respect that.
The original version of HN, or something close to it, has been open source for many years. It's part of the Arc distribution: http://arclanguage.org/.
There have been many changes to both the HN code and the Arc implementation since then, and those are not open source. We've of course thought about open-sourcing them someday, but the problem is that it would be a lot of work to do that, and then a lot of ongoing work to maintain it and respond to requests. Our dev resources are so limited that this is not in the cards for the time being.
> it would be a lot of work to do that, and then a lot of ongoing work to maintain it and respond to requests
You could open source the code, say in a public repository that was read-only, without accepting pull requests or doing any maintenance beyond pushing to the repo whenever it seemed advisable.
Not sure that’s always been true, or at least for sure PG was open about subsets if the code. Generally, there’s reason to open source code, and open sourcing it would likely result in more overhead not less; generally HN goal is to very, very slowly change the code, interface, etc.
Honestly, cloning HN really would not be that hard, cloning dang, that’s another story.
EDIT:
Here’s a recent comment from dang on open source HN:
There is an open source fork but it runs on Racket[0], so the Arc documentation isn't always correct, and of course that forum and this one differ in terms of features.
HN is a very lean operation and there is significant ongoing overhead cost to open sourcing software that often isn't fully appreciated, it isn't free. They may simply be directing limited resources to higher priorities.
I know many cases of software that was not made open source solely because it would require a substantial resource investment as a practical matter.
There are many apps that release their source without supporting it. A simple link to a zip file is a fine distribution model. Git or any other SCM is a common distribution tool for open source, but it isn’t a requirement.
In theory you can open source software by throwing code over the wall with total disregard for anyone else that may be looking at or using that code. Zero overhead, right?
In practice that doesn't actually work because some users will not respect the boundaries you lay out. No matter what you do or say, some significant subset of users will assert or assume the act of open sourcing code places a litany of obligations on the people releasing the code. Furthermore, some of these people will go to great lengths to try to get you to comply with these obligations. At which point you are either doing a lot of extra work you were not planning on doing to make these people happy or you are dealing with a lot of extra and unnecessary personal drama. Either way, it costs you time and energy that you have to account for.
The only way I have ever seen anyone explicitly avoid this overhead was when no one was using their code.
For me I find it funny that HN doesn’t scale. Whenever there’s an unusually active topic, the mods have to scramble to make countermeasures to keep the site up.
That's not true. I wonder where you got that idea.
It is true that the app server runs on a single core and we don't have a lot of performance to spare. But it handles the current levels of active threads reasonably well. The main concern is that if average load goes up significantly we'll be in trouble at some point.
We've got an ongoing major project that will hopefully flatten that curve, but unfortunately it's hard to find time to work on it.
