Cal.diy: open-source community edition of cal.com (opens in new tab)

(github.com)

259 pointspetecooper2mo ago71 comments

71 comments

44 comments · 16 top-level

FlamingMoe2mo ago· 6 in thread

From the docs, "It is strictly recommended for personal, non-production use."

Wow what a 180 from just a year ago when their blog said, "For companies that handle sensitive information, deploying open-source scheduling software on-premises can offer an extra layer of security. Unlike cloud services controlled by external vendors, on-prem installations let teams maintain full ownership of their infrastructure. " ¹

I just cannot trust a company that does a bait and switch like this.

¹ https://cal.com/blog/open-source-scheduling-empower-your-tea...

Ethee2mo ago

I think this is less a bait and switch and more just a legal liability shield. They're not saying you 'cant' use it that way. They just don't recommend you do, and they won't support you at all for doing so. Which I think is completely fair. Also, these two things aren't in contradiction. Deploying on prem does offer more security, but then it's up to you to use it correctly.

loa_in_2mo ago

It being open source also allows you to actually have a read of the software and guarantee things yourself, which is the harder better path anyway.

tecoholic2mo ago

This actually makes me wonder if cal.com has had a security breach in their hosted offering that they are not disclosing.

1 more reply

Reubend2mo ago

But the OSS license already absolves them of responsibility. This might just be to set the tone that security fixes won't be prioritized to the standard that they used to be.

1 more reply

sreekanth8502mo ago

I still remember when they launched here. "Opensource Alternate to Calendly" was their post title.

fnoef2mo ago

What do you want, it’s hard to resist VC money and “the enterprise offering”

2 more replies

_ache_2mo ago· 6 in thread

I just installed calrs, a recent alternative to cal.diy. It absolutely rocks! The only downside is that it requires me to activate STARTTLS as force-TLS-SMTP isn't supported (I had to check the source code). It’s young, very promising, and honestly, I don't know what I could ask for more.

I also replaced Radical with rustical, and I gained free push updates.

https://cal.rs/ and https://github.com/lennart-k/rustical

And if you wanna try it out. https://cal.ache.one/u/ache

preya2k2mo ago

Seems to be mostly vibe coded.

hocuspocus2mo ago

It is vibe-coded by people from Vates, the company maintaining https://github.com/xcp-ng

Their internal IT infrastructure runs self-hosted OSS wherever possible. I don't think cal.rs is a toy project, they know the perils and headaches of doing open source.

_ache_2mo ago

Yes, sadly. :(

luckydata2mo ago

Who gives a shit. Cal.com is written by hand and the code is absolute garbage. Of all people that should be luddites I never imagined software engineers would be the most pointlessly staunch advocates of that philosophy.

2 more replies

liamgm2mo ago

sadly it's one of the strictly viral license AGPL , i prefer the more permisive one

nextaccountic1mo ago

people are claiming cal.com did a bait and switch

AGPL (specially if you take external contributions) is the one license where one can't do a bait and switch

If anything, if people are concerned about companies doing a 180 on open source, they should demand more AGPL, not less

lrvick2mo ago· 5 in thread

As a former cal.com advocate, I am now going to be switching my two companies to cal.diy or a similar alternative and canceling my cal.com subscriptions.

I am now actively rooting for cal.com to go out of business now as a cautionary tale for any company thinking about taking open source projects proprietary.

FOSS || GTFO

pnw_throwaway2mo ago

You might want to double-check the cal.diy maintainer before your wish is granted..

lrvick2mo ago

The maintainer of the OSS fork being the company does not matter to me. Their product is proprietary now which means they are no longer worth giving money too.

I only pay for hosted software that gives me the freedom to easily leave and lose no features.

neerajdotname22mo ago

If you are looking for an alternative then please take a look at NeetoCal https://neeto.com/cal . It's closed source though.

Disclosure: I'm the CEO of NeetoCal.

vladsanchez2mo ago

Never heard of Neeto. It's a no-brainer (imo).

I perceive and classify your business model as a product optimization race-to-the-bottom model, if it makes sense. Have you considered or are currently working in the Field Service Management (NeetoService) space? Perhaps an ERP (NeetoERP)? Honestly curious because they're both sorely needed.

Thanks again for your AMA-ability. ;)

lrvick2mo ago

Closed source software has no value anymore. If I like your UX and it is proprietary, I will just ask an LLM to clone it.

I would only pay for something open knowing I have the freedom to self host if I ever need to.

conradev2mo ago· 4 in thread

Tempted to buy cal.zone or cal.sucks just to add the paid features to cal.diy. They even made a list!

  Teams, Organizations, Insights, Workflows, SSO/SAML, and other EE-only features have been removed

cal.ws is $630 on Namecheap... the tokens required to build this are cheaper than the domain.

chrysoprace2mo ago

Bonus: if you pick cal.zone you can have fun with pizza puns.

sebastiennight2mo ago

Perfect recipe to launch a cheesy saas.

1 more reply

singiamtel2mo ago

I'm surprised cal.zone is not taken already

holistio2mo ago

It still isn't taken but it's now $20k.

1 more reply

OsrsNeedsf2P2mo ago· 2 in thread

Wait, I didn't even realize Cal.diy is owned by Cal.com. It seems like they're trying to get ahead of the open source community forking by doing this themselves

dabeeeenster2mo ago

How curious. Are they trying to throw security shade on running open source? Very odd.

BizarroLand2mo ago

My guess is that they're hoping they can expose their security bugs and performance issues on the cal.diy and then roll the fixes for those into their paid version. Free development hours for their main product.

bluehatbrit2mo ago· 2 in thread

Cal.com has always had an open source community edition, I've been using it for some time. Is this just a rebrand of that line?

geoffschmidt2mo ago

https://cal.com/blog/cal-com-goes-closed-source-why

rectang2mo ago

I'm unpersuaded by the assertion that closing the source is an effective security bulwark.

From that page:

> Today, AI can be pointed at an open source codebase and systematically scan it for vulnerabilities.

Yeah, and AI can also be pointed at closed source as soon as that source leaks. The threat has increased for both open and closed source in roughly the same amount.

In fact, open source benefits from white hat scanning for vulnerabilities, while closed source does not. So when there's a vuln in open source, there will likely be a shorter window between when it is known by attackers and when authors are alerted.

4 more replies

miki1232112mo ago· 1 in thread

PSA: their Github repo history still includes the old, un-castrated codebase, and (IANAL), there's nothing in the license forbidding you from still using it.

Adoption of the OSS version must not have been very high, otherwise I would have expected a Valkey / OpenTofu style, community-led fork.

ValentineC1mo ago

> Adoption of the OSS version must not have been very high, otherwise I would have expected a Valkey / OpenTofu style, community-led fork.

I'm guessing battle-tested reliability isn't a priority for calendaring/scheduling web services, unlike Redis/Valkey.

It's probably cleaner for anyone looking to adapt the source code to point an LLM at it to extract some specs and tests, then build a new one from scratch.

ale2mo ago· 1 in thread

Good grief that codebase is absolute hell, almost too good of an example of accidental complexity.

luckydata2mo ago

It is total dogshit. I looked at it once and i was very much not impressed.

swyx2mo ago· 1 in thread

are there notable open source forks or open source cal competitors that go for the "just keep it simple" vibe?

ezekg2mo ago

Thunderbird showed up in the last thread: https://github.com/thunderbird/appointment

raphaelcosta2mo ago

It’s curious what they said in the email they sent me about the OSS version.

------

A few important changes to note:

We will no longer provide public Docker images, so your team will need to build the image yourselves.

Please do not use Cal.diy — it’s not intended for enterprise use.

j1elo2mo ago

Here is a simple trick: do accept plenty of open source contributions as-is, without any kind of copyright assignment nor requiring to sign anything that grants power to relicense.

There you go, guaranteed community ownership of the code, best face and "good will" as promised by choosing a FOSS license to begin with, and future rug pulls averted.

Seeing it from the other side of the fence: if you see that all contributors are required to cede controlling power into a single hand (except certain Foundations, yadda yadda), it's not proper Open Source in spirit, only in form; and closeups are just a change of mind away.

jiusanzhou2mo ago

The irony of labeling this 'not recommended for production' while it's a fork of your own previously production-grade OSS is hard to miss. Feels less like a community edition and more like a liability shield. Curious how long before an actual community fork ends up being the thing people self-host.

fencepost2mo ago

Can someone who's looked at the security of these systems give a bit more context on that?

The thing that's always concerned me with them is questions of "what level of access is required to the system(s) actually hosting my calendar data?" and "if this vendor is compromised, what level of access might an attacker in control of the vendor systems have?" Obviously this will vary by what kind of access controls backends have (e.g. M365, Google Workspace, assorted CRM systems, smaller cloud providers, self-hosted providers, etc.).

Edit: basically, with a lot of these systems, what's expected to be the authoritative data provider/storage?

franga20001mo ago

Same code but with enterprise features stripped out. So much for that "we're going closed source for security"...

If you don't find the open source model sustainable and you've really tried, sure, go closed source, we'll understand. But please don't lie to everyone that it was all about security.

dwedge2mo ago

It rubs me the wrong way that it says it's "the open source community edition". Who decided this was the one? How of the community is Claude? Why open source and not free software?

Maybe I'm being critical but the copy gives me the ick

Edit: I just realised this is by cal.com. I'm leaving my comment intact, if anything it adds to my ick

thrownaway5612mo ago

All I want is an opensource site that syncs my different calendars across one another... I have yet to find a reliable, easy to use one. Now with AI, I might just have to send the wife off for a weekend with the girls and vibe code it myself.

j / k navigate · click thread line to collapse

71 comments

44 comments · 16 top-level

FlamingMoe2mo ago· 6 in thread

From the docs, "It is strictly recommended for personal, non-production use."

I just cannot trust a company that does a bait and switch like this.

¹ https://cal.com/blog/open-source-scheduling-empower-your-tea...

Ethee2mo ago

loa_in_2mo ago

It being open source also allows you to actually have a read of the software and guarantee things yourself, which is the harder better path anyway.

tecoholic2mo ago

This actually makes me wonder if cal.com has had a security breach in their hosted offering that they are not disclosing.

1 more reply

Reubend2mo ago

But the OSS license already absolves them of responsibility. This might just be to set the tone that security fixes won't be prioritized to the standard that they used to be.

1 more reply

sreekanth8502mo ago

I still remember when they launched here. "Opensource Alternate to Calendly" was their post title.

fnoef2mo ago

What do you want, it’s hard to resist VC money and “the enterprise offering”

2 more replies

_ache_2mo ago· 6 in thread

I also replaced Radical with rustical, and I gained free push updates.

https://cal.rs/ and https://github.com/lennart-k/rustical

And if you wanna try it out. https://cal.ache.one/u/ache

preya2k2mo ago

Seems to be mostly vibe coded.

hocuspocus2mo ago

It is vibe-coded by people from Vates, the company maintaining https://github.com/xcp-ng

Their internal IT infrastructure runs self-hosted OSS wherever possible. I don't think cal.rs is a toy project, they know the perils and headaches of doing open source.

_ache_2mo ago

Yes, sadly. :(

luckydata2mo ago

2 more replies

liamgm2mo ago

sadly it's one of the strictly viral license AGPL , i prefer the more permisive one

nextaccountic1mo ago

people are claiming cal.com did a bait and switch

AGPL (specially if you take external contributions) is the one license where one can't do a bait and switch

If anything, if people are concerned about companies doing a 180 on open source, they should demand more AGPL, not less

lrvick2mo ago· 5 in thread

As a former cal.com advocate, I am now going to be switching my two companies to cal.diy or a similar alternative and canceling my cal.com subscriptions.

I am now actively rooting for cal.com to go out of business now as a cautionary tale for any company thinking about taking open source projects proprietary.

FOSS || GTFO

pnw_throwaway2mo ago

You might want to double-check the cal.diy maintainer before your wish is granted..

lrvick2mo ago

The maintainer of the OSS fork being the company does not matter to me. Their product is proprietary now which means they are no longer worth giving money too.

I only pay for hosted software that gives me the freedom to easily leave and lose no features.

neerajdotname22mo ago

If you are looking for an alternative then please take a look at NeetoCal https://neeto.com/cal . It's closed source though.

Disclosure: I'm the CEO of NeetoCal.

vladsanchez2mo ago

Never heard of Neeto. It's a no-brainer (imo).

Thanks again for your AMA-ability. ;)

lrvick2mo ago

Closed source software has no value anymore. If I like your UX and it is proprietary, I will just ask an LLM to clone it.

I would only pay for something open knowing I have the freedom to self host if I ever need to.

conradev2mo ago· 4 in thread

Tempted to buy cal.zone or cal.sucks just to add the paid features to cal.diy. They even made a list!

  Teams, Organizations, Insights, Workflows, SSO/SAML, and other EE-only features have been removed

cal.ws is $630 on Namecheap... the tokens required to build this are cheaper than the domain.

chrysoprace2mo ago

Bonus: if you pick cal.zone you can have fun with pizza puns.

sebastiennight2mo ago

Perfect recipe to launch a cheesy saas.

1 more reply

singiamtel2mo ago

I'm surprised cal.zone is not taken already

holistio2mo ago

It still isn't taken but it's now $20k.

1 more reply

OsrsNeedsf2P2mo ago· 2 in thread

Wait, I didn't even realize Cal.diy is owned by Cal.com. It seems like they're trying to get ahead of the open source community forking by doing this themselves

dabeeeenster2mo ago

How curious. Are they trying to throw security shade on running open source? Very odd.

BizarroLand2mo ago

bluehatbrit2mo ago· 2 in thread

Cal.com has always had an open source community edition, I've been using it for some time. Is this just a rebrand of that line?

geoffschmidt2mo ago

https://cal.com/blog/cal-com-goes-closed-source-why

rectang2mo ago

I'm unpersuaded by the assertion that closing the source is an effective security bulwark.

From that page:

> Today, AI can be pointed at an open source codebase and systematically scan it for vulnerabilities.

Yeah, and AI can also be pointed at closed source as soon as that source leaks. The threat has increased for both open and closed source in roughly the same amount.

4 more replies

miki1232112mo ago· 1 in thread

PSA: their Github repo history still includes the old, un-castrated codebase, and (IANAL), there's nothing in the license forbidding you from still using it.

Adoption of the OSS version must not have been very high, otherwise I would have expected a Valkey / OpenTofu style, community-led fork.

ValentineC1mo ago

> Adoption of the OSS version must not have been very high, otherwise I would have expected a Valkey / OpenTofu style, community-led fork.

I'm guessing battle-tested reliability isn't a priority for calendaring/scheduling web services, unlike Redis/Valkey.

It's probably cleaner for anyone looking to adapt the source code to point an LLM at it to extract some specs and tests, then build a new one from scratch.

ale2mo ago· 1 in thread

Good grief that codebase is absolute hell, almost too good of an example of accidental complexity.

luckydata2mo ago

It is total dogshit. I looked at it once and i was very much not impressed.

swyx2mo ago· 1 in thread

are there notable open source forks or open source cal competitors that go for the "just keep it simple" vibe?

ezekg2mo ago

Thunderbird showed up in the last thread: https://github.com/thunderbird/appointment

raphaelcosta2mo ago

It’s curious what they said in the email they sent me about the OSS version.

------

A few important changes to note:

We will no longer provide public Docker images, so your team will need to build the image yourselves.

Please do not use Cal.diy — it’s not intended for enterprise use.

j1elo2mo ago

Here is a simple trick: do accept plenty of open source contributions as-is, without any kind of copyright assignment nor requiring to sign anything that grants power to relicense.

There you go, guaranteed community ownership of the code, best face and "good will" as promised by choosing a FOSS license to begin with, and future rug pulls averted.

jiusanzhou2mo ago

fencepost2mo ago

Can someone who's looked at the security of these systems give a bit more context on that?

Edit: basically, with a lot of these systems, what's expected to be the authoritative data provider/storage?

franga20001mo ago

Same code but with enterprise features stripped out. So much for that "we're going closed source for security"...

If you don't find the open source model sustainable and you've really tried, sure, go closed source, we'll understand. But please don't lie to everyone that it was all about security.

dwedge2mo ago

It rubs me the wrong way that it says it's "the open source community edition". Who decided this was the one? How of the community is Claude? Why open source and not free software?

Maybe I'm being critical but the copy gives me the ick

Edit: I just realised this is by cal.com. I'm leaving my comment intact, if anything it adds to my ick

thrownaway5612mo ago

j / k navigate · click thread line to collapse