but even if you have no idea what I've just been talking about, any thoughts about the state of web applications and websites today is welcome. — Jamal

See Cal Newport's Digital Minimalism for more on this. — baker

Like Michael, I've toyed with the idea of building forum software for TPF so I can bring the data and codebase under our control — Jamal

I want your thoughts. Primarily I want to know about the experiences of developers, but even if you have no idea what I've just been talking about, any thoughts about the state of web applications and websites today is welcome. — Jamal

Generally, everything is in flux. — Jamal

Instead of building a forum software from scratch, why not leverage and customize an open source option? Vanilla/Plush seems decent for your purposes, but you could self-host for much cheaper if you are able to provide the technical labor. NodeBB, Vanilla, Misago, Flarum, and Discourse are some of the open source options I looked at. Using NodeBB with the Lavender theme seemed like the best option for a philosophy forum, although Misago is also very clean. — Leontiskos

the older approach catered to a low barrier to entry, with languages like Ruby and Python being easy to learn — Leontiskos

Yes, and I think this is why static HTML/Javascript is making a small comeback. — Leontiskos

There is a greater cognizance of maintenance and updating costs. In general it seems that the magnanimity of the tech boom is behind us. Cost and monetization loom larger than they once did when we were dazzled by the novelty and the low-cost-relative-to-the-past. — Leontiskos

Like Michael, I've toyed with the idea of building forum software for TPF so I can bring the data and codebase under our control. I asked ChatGPT how long it would take and it gave me two answers: either 6 months to a year, or 18 months to 3 years. The latter estimate is more realistic for a full-featured (and extra-featured) forum platform. I can't dedicate that much time to it unfortunately. — Jamal

I've recently been using Laravel with Inertia, React, and Tailwind for the frontend. Works really well. — Michael

I used to think that. I always thought that HTML should just be done in HTML, not JavaScript. But then I actually tried React and Vue and quite like it. — Michael

That strikes me as an overestimate. I've built business CRMs used by a FTSE 100 company in a few months. — Michael

Cool. I used to be dead against non-semantic CSS like Tailwind, but the arguments in its favour are persuasive. I think it depends what you're building. If it's content-focused, semantic makes sense, but if it's highly interactive, things like Tailwind look good. — Jamal

Building a forum with a feature set similar to Discourse from scratch, especially when learning React and Next.js concurrently, is a substantial endeavor. Here's a broad estimation of the time it might take based on various stages of development:

1. **Learning Basics (React and Next.js)**:
- **Duration**: 2-4 weeks.
- This phase includes understanding the fundamental concepts, building small projects, and becoming comfortable with the development environment.

2. **Design and Architecture Planning**:
- **Duration**: 1-3 weeks.
- Outline the features you want to implement. Decide on database structures, authentication mechanisms, state management strategies, and other foundational elements.

3. **Core Features (MVP - Minimum Viable Product)**:
- **Threads and Posts**: 2-3 weeks.
- **User Registration & Authentication**: 2 weeks.
- **User Profiles**: 1 week.
- **Basic Admin Tools (user management, basic moderation)**: 2-3 weeks.
- **Duration**: 7-9 weeks for a basic MVP.

4. **Advanced Features**:
- **Advanced Moderation Tools (post edits history, user warnings)**: 2 weeks.
- **Private Messaging**: 2-3 weeks.
- **Search Functionality**: 2 weeks.
- **Categories & Tags**: 2 weeks.
- **Notifications**: 2 weeks.
- **Duration**: 8-11 weeks.

5. **Additional Features (Common in Discourse and Similar Platforms)**:
- **Badges & User Levels**: 2 weeks.
- **Bookmarks**: 1 week.
- **Polls**: 1-2 weeks.
- **Attachments & Media Handling**: 2 weeks.
- **Duration**: 6-8 weeks.

6. **Testing, Bug Fixing, and Refinement**:
- **Duration**: 4-8 weeks.
- This is crucial. As you develop, you'll discover edge cases, usability issues, and bugs that need addressing.

7. **Data Migration and Integration**:
- **Duration**: 2-4 weeks.
- Migrating from an existing platform can present challenges, especially if the data structures differ.

8. **Deployment and Scaling**:
- **Duration**: 2-4 weeks.
- This phase includes setting up servers, handling security considerations, ensuring the platform scales with user growth, and other deployment-related tasks.

Given these broad estimations, you're looking at approximately **32-61 weeks (8-15 months)** to develop a full-fledged forum application with a feature set akin to Discourse. This time frame assumes you're working on it full-time. If it's a side project, the duration will extend accordingly.

It's crucial to note that these estimates are quite generic and can vary based on individual speed, unforeseen challenges, feature complexities, and other factors. Some developers might move faster, while others might need more time, especially when dealing with the intricacies of a forum application.

Absolutely, security is paramount when developing any web application, especially something as user-focused as a discussion forum. Neglecting security can lead to data breaches, unauthorized access, and many other serious issues. Let's break down the key security considerations and their potential time implications:

1. **Authentication**:
- Implementing secure login mechanisms is essential. Consider using established libraries or services like OAuth or Auth0.
- **Duration**: 1-2 weeks (on top of basic user registration & authentication).

2. **Authorization**:
- Ensure that users can only perform actions they're permitted to do (e.g., only admins can delete any post).
- **Duration**: 1-2 weeks.

3. **Data Validation and Sanitization**:
- Protect against SQL injections, script injections, etc. by validating and sanitizing user input.
- **Duration**: 2-3 weeks.

4. **Secure Data Transmission**:
- Implement HTTPS across your forum to encrypt data in transit.
- **Duration**: Less than a week (but requires ongoing monitoring).

5. **Data Encryption**:
- Passwords and sensitive data should be encrypted before being stored.
- **Duration**: 1 week.

6. **Session Management**:
- Implement secure session handling to prevent session hijacking or fixation.
- **Duration**: 1-2 weeks.

7. **Rate Limiting**:
- Implement rate limiting to prevent abuse (e.g., rapid-fire login attempts or spammy post creation).
- **Duration**: 1 week.

8. **Content Security Policy (CSP)**:
- Define what resources can be loaded to protect against cross-site scripting (XSS) attacks.
- **Duration**: 1 week.

9. **Cross-Site Request Forgery (CSRF) Protection**:
- Protect your forum from CSRF attacks by implementing anti-CSRF tokens.
- **Duration**: 1 week.

10. **Regular Security Audits & Updates**:
- Tools like Dependabot can be used to stay updated with the latest security patches for your dependencies.
- **Duration**: Ongoing, but setting up monitoring and automated updates might take a day or two.

11. **Backup and Recovery**:
- Regularly back up the forum data and have a recovery plan in place for emergencies.
- **Duration**: 1-2 weeks.

Adding up these security-specific durations, you're looking at an additional **12-19 weeks** dedicated solely to security. These estimates are, again, very broad. Some tasks may take less time if you're using specific frameworks or libraries that handle them out-of-the-box. However, security is not a one-time task. It requires ongoing attention, regular updates, and occasional audits to ensure that the platform remains secure as threats evolve.

Incorporating these security considerations into the earlier timeline, you're looking at a more comprehensive project duration of approximately **44-80 weeks (11-20 months)** if undertaken full-time.

Taking these adjustments into account, the comprehensive project duration might come down to roughly 25-50 weeks (6-12 months) if undertaken full-time.

Yes, it’s the best option. I was only toying with the idea of building my own from scratch because I was getting back into development and wanted a meaty project. NodeBB and Discourse are the two I like the look of most. Vanilla is good too, but I don’t want to get involved with anything PHP (I know everyone says it’s great these days but my experience was traumatic). I’d never heard of Misago. Looks great, and codewise I like it better than NodeBB and Discourse, mainly because I like the combination of Python and JavaScript. I shall try it. Thanks for the tip :up: — Jamal

On the state of things now and the future, I think you're both right and wrong. It's true that the front-end frameworks are the most visible and fashionable area of web development now—even non-developers I know have heard of React—but (a) people are realizing that on big projects where there's a lot of data involved, frameworks like Rails and Django perform better and are easier to maintain, (b) many are saying that things are moving back to the server frameworks now that the speedy front-end user experience of SPAs can be achieved, and with much less hassle, and (c) most front-end applications depend on an API built with something like Django anyway, so even when React is being used, something like Django is being used too. Some would say that this is for legacy reasons, but I actually think it's because Python is so strong right now, and getting stronger. Even if Django falls out of favour, other Python frameworks like FastAPI and Flask will take over. It's a lively area, though less visible than the front-end stuff.

(In fact, you could say that the existence of the big front-end frameworks is a consequence of legacy as much or more than the continuing presence of Django and Rails: browsers only understand JavaScript and there's no way out of that right now. In software terms, browsers are old technology, in which backwards-compatibility is a big issue.) — Jamal

And the more that asynchronous JavaScript becomes an integral part of Rails and Django development—but without using big front-end frameworks—the more I expect to see them thrive. So I don't agree that robust back-ends are on the way out except where they were never really needed.

What we see is at the level of small-to-medium websites, the server-side frameworks have lost out, and that's probably as it should be. At this level, we have (a) static site generators or primarily static sites and immediate interactivity with asynchronous CRUD to a backend API, and (b) as you mentioned, website builders like Squarespace and Wix. — Jamal

That would definitely be a meaty project, but rewarding if it could be done. Misago is the Python frontrunner, which is why it was my first choice. Unfortunately it is provided by a single developer who works on it in his spare time, but he is talented and I am sure he would appreciate help (see <this post> regarding the current plans for Misago). NodeBB and Discourse have multiple full-time developers along with the attached commercial interests, and therefore possess more stability. I agree regarding Vanilla and PHP. — Leontiskos

A crucial factor in my considerations was long form vs short form discussion formats, as a philosophy forum requires a more long form format. A lot of the newer, asynchronous forum frameworks cater to short form discussion and phones/tablets (Discourse does not even support pagination). They are becoming a blend of forums and instant messaging, running away from phpBB in a way that strikes me as both good and bad. If the architecture is suitable one could restyle them for long form purposes, but I am not great with CSS so I wanted something compatible with long form discussion right out of the box. Plush is good on this score, and Misago looks and feels a lot like Plush. — Leontiskos

Thanks for your thoughts. I didn't know you were a developer. I don't think I could call myself a developer at this point, although I could get back into it fairly easily. — Leontiskos

Its use of indentation for syntax seems like a monumentally bad idea. What do you have to say for that? — SophistiCat

And are there advantages to Python beyond its use in server scripting? — SophistiCat

It’s unfortunate that Misago isn’t more active. As things stand, I suppose it would have to be NodeBB or Discourse. I’ll install them both and try them out. I tried Discourse a while ago and quite liked it, but I didn’t pursue it. The big headache in either case will be migrating the data. My familiarity is with relational databases so I’d probably be more at home with Discourse, which uses PostgreSQL. What is certain is that neither has a big button that says “Migrate from PlushForums”. — Jamal

I’m curious: what is it about, say, Discourse, that steers things away from long-form discussion? From what I could tell when I tried it, navigating a discussion was easier than on other platforms, and it made composing long posts much more pleasurable than here (same with NodeBB: full-screen distraction-free editing, for example). Maybe I’m missing the obvious, but pagination isn’t a requirement for long-form is it? Although it occurs to me that pagination is better for SEO. — Jamal

I’m really just going by intuition and doing my usual contrarian thing. Sometimes it leads me in good directions. I haven’t really been a developer for years, since I was a bit stuck in maintenance with the last project I was involved with. But yeh, I’m getting back into it nicely. — Jamal

Plush just confirmed to me that they will only ever support BBCode, not Markdown — Jamal

Firstly, there is no "the best" framework or languages for programming: it depends entirely on what the project is that one is developing. — Bob Ross

newer languages (like Python with python flask) — Bob Ross

they are slower and tend to have been been pentested — Bob Ross

are the fad — Bob Ross

My philosophical approach to web projects is minimalism (viz., keep it simple stupid), compartmentalization (viz., always, always, always separate code so that it is modularized: cleaner, more scalable, easier to read, and takes up less storage), documentation (viz., always document what the heck this thing does, and pick languages and frameworks that are well-supported: easier to get people to work on the project, easier to teach them, and easier on you to develop with it), and secure (viz., don't pick the newest language, framework, or library on the block, it takes time for ethical hackers to find vulnerabilities); so I love minimalistic MVC (model-view-controller) frameworks with amazing documentation that utilize very well-known and well-established server-side languages, such as Laravel. — Bob Ross

With regards to libraries and frameworks like React and Angular, it is important to know that it all runs client-side, which adds runtime on the user's browser. Although it is beneficial to run some stuff on the client-side, to save server-side runtime, it is important not to over-bloat the client side; which I worry happens with those kinds of libraries and frameworks for a lot of projects who picked them just because they are in style right now. I would rather keep it simple, and use pre-compiled TypeScript for client-side operations, and keep it absolutely minimal to save client-side runtime. — Bob Ross

If you are trying to revamp this website, then please do not hesitate to contact me if you need any help; as I would not mind helping out with a site like this that I enjoy using. — Bob Ross

What are you guys currently using for the client-side, server-side, query, and style-sheet languages? — Bob Ross

Would I be correct in saying that Plush only supports a sub-set of BBCode, i.e. not all the tags are implemented (e.g. tables)? — Wayfarer

Would I be correct in saying that Plush only supports a sub-set of BBCode, i.e. not all the tags are implemented (e.g. tables)? — Wayfarer

Flask is older than Laravel, and Python is older than PHP.

Django and Python have a very strong reputation for security; PHP does not (an unfortunate legacy of wilder times, no doubt, which the language has put behind it)

As mentioned in the OP and the ensuing discussion, I'm not hosting TPF myself and I don't have any control of the code. It's hosted by PlushForums, built on Vanilla, which you'll be happy to know is written in PHP :grin:

NodeBB was originally built with MongoDB, but it runs on Postgres just fine. That's what I deployed it on. I think that compatibility was added sometime in v2. — Leontiskos

The simple answer is that I wanted pagination, even prescinding from its SEO favorability. Infinite scroll on a long-form philosophy forum didn't seem right to me. NodeBB offers both, and individual users can even change the setting on the client side. So I'm not a great person to ask about Discourse, as I never installed it. I have it on good authority that it is a bit harder to install and consumes more resources, but those aren't deal breakers. Both platforms are robust, with more to offer than Plush. Granted, I have come to appreciate the simplicity and distraction-less nature of Plush. — Leontiskos

I had that idea until I installed Misago and started digging into the Github history. There are many more features than I had anticipated, especially when it comes to security, moderation, IP tracking, etc.—but I think ChatGPT has already given you a good sense of what is involved. — Leontiskos

Also, after I joined I realized more concretely that TPF has one thing no other philosophy forum has, and that no forum software can create: a healthy community of users. Without that, it's all just window dressing. — Leontiskos

Whatever you decide, I think a forum software would benefit from having a philosophical client. The things you guys have suggested and requested from Plush seem spot-on, and are much more thoughtful than the short-sighted requests I have seen from the business world. — Leontiskos