Open-Source Social Network Diaspora Goes Live 266
CWmike writes "Diaspora, a widely anticipated social network site built on open-source code, has cracked open its doors for business, at least for a handful of invited participants. 'Every week, we'll invite more people,' stated the developers behind the project, in a blog item posted Tuesday announcing the alpha release of the service. 'By taking these baby steps, we'll be able to quickly identify performance problems and iterate on features as quickly as possible.' Such a cautious rollout may be necessary, given how fresh the code is. In September, when the first version of the working code behind the service was posted, it was promptly criticized for being riddled with security errors. While Facebook creator Mark Zuckerberg may not be worried about Diaspora quite yet, the service is one of a growing number of efforts to build out open-source-based social-networking software and services."
Re:diaspora... (Score:4, Insightful)
Yeah except for the fact that it offers nothing that the average user of Facebook wants or cares about.
Security Vulnerabilities Discovered != Bad Thing (Score:1, Insightful)
I really can't help but see it as a great thing that the security errors were found. It totally vindicates the open source model as a means for peer review and enhancement, the developers will have learned some extremely valuable lessons, and the publicity will mean more eyes will be trained on the codebase in future.
Now, if the source was proprietary....
Re:Doubt it (Score:3, Insightful)
It's more open than Facebook.
Facebook's selling point was its exclusivity - you originally joined Facebook because only college kids were on it, and no one else. You stayed on it for the clean interface.
There's no incentive to join Diaspora.
There is at least one very good reason to join quickly. By being on of the first to join I get my pick of pretty much any username. I signed up for an invite purely to grab my username before someone else takes it. My username is pretty lame but dang it, it's mine. So, if against all odds Diaspora becomes popular then I'll be prepared.
Re:Security Vulnerabilities Discovered != Bad Thin (Score:1, Insightful)
Yes, I too love that a social network that purports to be secure and built to respect privacy is written by people who are incompetent at security. Where can I sign up!?!?!
Re:$SUBJECT (Score:3, Insightful)
As I've said before, that's just not how it works in any decent-sized project. You design to meet the needs, then you redesign to meet the new needs, then you redesign yet again to meet the needs that have just come up. Diaspora's first release was (and should have been) to show proof of concept: that something working could be produced. Now they get to redesign to meet security and scalability, and over time they'll redesign to meet other needs. You don't get miracles in the first version.
Re:Doubt it (Score:5, Insightful)
Re:media (Score:2, Insightful)
what have you done of late that has been noteworthy?
Re:$SUBJECT (Score:4, Insightful)
Security is a design philosophy. Either you've done it right, from the ground up, with your basic code writing habits, or you haven't. A redesign isn't going to cut it. You'd have to do a total rewrite.
Re:diaspora... (Score:5, Insightful)
Yeah except for the fact that it offers nothing that the average user of Facebook wants or cares about.
Looking at it another way, perhaps it does not do what the average user of Facebook does not want.
Apart from privacy issues, one of the problems I see with Facebook is the bloat (or crud) factor. Diaspora does not have that, at least not now.
I have my fingers crossed.
Re:diaspora... (Score:2, Insightful)
Horrendous security model (Score:3, Insightful)
I hope competitors have a model that DOESNT require me to trust the security of Windows machines.
Bloody idiots (Score:5, Insightful)
Just had this pointed out to me:
* Goto http://www.joindiaspora.com/ [joindiaspora.com] using Internet Explorer
Instead of showing the page, what do you get? I'll tell you... a blank page with the following title:
You need to use a real browser in order to use Diaspora!
I'm not a IE fan, but this happens with Internet Explorer 8 for goodness sakes. Probably happens with IE9 too. FFS stop showing your fanboyish nature guys; you're basically stating that a good portion of users who only use IE, even if they're using a modern version of it with modern security features like sand-boxing and whatnot, is apparently not "real" enough for your fucking site.
This really does piss me off. Makes the rest of us "open" FOSS users look like a pack of childish geeks who have no idea. You want your little social site to work? Don't arbitrarily restrict browsers!
Re:Security Vulnerabilities Discovered != Bad Thin (Score:2, Insightful)
Quite, there were just security bugs there wasn't even an authorization framework in place! Hell, there wasn't even simple stuff like limiting access to things based on the owner.
Something which I would think is integral to the site design and should have been decided upon before they even started coding.
Re:Please (Score:3, Insightful)
Popularity and exposure does count for a lot when it comes to social networks. I've heard of diaspora several times, and never heard of appleseed before now. I doubt many of my friends have heard of it either, odds are low they've heard of diaspora, but I'm guessing more will sign up with the one they hear more about.
GP also seems to think it's a zero sum game when it comes to news about non-facebook social networks. That's not true. I think most people aren't aware there is more than facebook and myspace, making them more aware of diaspora might lead them to investigate your preferred ones.
Like me and this appleseed you're talking about...
Re:Bloody idiots (Score:5, Insightful)
Your point about limiting browser support at this stage is perfectly reasonable, I agree 100%. But you also appear to agree that sidelining IE browsers in the manner they're doing is rather immature. If they blocked IE and explained why they were doing so without sounding pretentious, then it will look a lot more professional.
Re:Doubt it (Score:5, Insightful)
There may be no incentive to join Diaspora, but I think that today could still mark a turning point. It provides a set of APIs that can be used to federate social networks. Facebook may not be interested in joining, but smaller networks will have a strong incentive to join. It could be like email thirty years ago. Back then there were lots of proprietary email systems that didn't interconnect. SMTP provided a common interconnection and eventually even the largest providers had to join. If one of the other major social networks, such as LinkedIn, MySpace or Orkut, were to federate with Diaspora, it would start a chain reaction. The only question would be if Facebook is already big enough to ignore a combination of all of its competitors. I'm betting that it's not.
Re:If I quote LL Cool J, feel free to tell me to s (Score:1, Insightful)
Working on MVC in PHP. Impressive. This project looks very complicated and difficult to use with its many modules in php. Do you plan on providing documentation on using it?
Re:$SUBJECT (Score:3, Insightful)
If I understand correctly, you can run your own Diaspora server, is it right?
Well, then there must be a protocol to communicate between Diaspora servers. If that protocol is sound, then I will just write my OWN server with all the security features I need.
Do we know anything about the security of the protocol? I am more interested in that not in the security of the webapp.
Whats Really Important (Score:5, Insightful)
I'm a little late to the discussion, but I'll throw in anyways.
The really important facet of what a Facebook alternative should look like is the ability to dis-intermediate the service from me and my use of the data that is collected about me. Facebook has barely supported an export feature, but removing my data from what is essentially a social connection tool to others is not a plan.
Example:
I own my cell phone, but I can choose to move myself, my data, (and in most places my phone number) to a different carrier. That means that the separation of the carrier in itself doesn't break my ability to communicate with friends or family through a mobile device. As it stands with social networks, if you're all on the same network, you can talk to one another. If you decide A and my sister decides B then there's no communication flow, and the ability to interact comes to an end.
The ability to make an alternative Facebook is important in the ability to further control what I do with my own data, the ability to use my entered data outside of some company's pervue, and to have a service that I can easily add, interact with people and not feel like I'm tied to something I don't like. Facebook is a closed ecosystem. They consume content and lock it up from prying eyes. If Diaspora has or will have support for open inter-operating service offerings then great, otherwise they're just building another Facebook wanna be to take over the world. Who cares if Diaspora's code is Open Source if my interaction with the system and my data is shackled behind a single company's vision of how social networking should work?
Re:Security Vulnerabilities Discovered != Bad Thin (Score:5, Insightful)
These aren't "bugs," these are "gaping holes in security and privacy controls that don't appear to even have been considered."
There's a difference between "our security system will behave badly when somebody presents it with a specially crafted URL, leading to unauthorized escalation of privileges" (a bug) and "our security system assumes that anybody accessing URL automatically has access to update, modify, delete, etc. anything at that URL." (a gaping hole in security, and a glaring *design* flaw).
Unless you define "bug" to be such a broad category that it includes "incomplete, poorly thought-out rubbish," you cannot call some of these issues "bugs" in the software.
Re:Doubt it (Score:4, Insightful)
Facebook's selling point was its exclusivity [...] There's no incentive to join Diaspora.
You've contradicted yourself. Exclusivity is exactly what Diaspora will have. And it's not Facebook, your grandmother uses Facebook. Mainstream, pedestrian. For people who think Farmville is cool.
FB is screaming out for an "exclusive" alternative. It's way overdue for the "omg are you still using lamebook?" effect.
Comment removed (Score:5, Insightful)
diaspora... (Score:1, Insightful)
... is to facebook, as identi.ca is to twitter.
Re:Security Vulnerabilities Discovered != Bad Thin (Score:5, Insightful)
Yes, things would have been worse if this source was not open, but that doesn't necessarily mean the code is good enough now.
Re:Doubt it (Score:3, Insightful)
Facebook's selling point was its exclusivity - you originally joined Facebook because only college kids were on it, and no one else. You stayed on it for the clean interface.
Hardly. Facebook's selling point was and still is that it enforces lack of privacy for other people you are interested in and for yourself, when you see a benefit in it (or an illusion thereof). Diaspora's selling point seems to be a lot of privacy and minimum exposure for yourself, which does not sound like it'll be a strong selling point for a "social network". To put it differently, Facebook is for stalking people who don't care (enough) about privacy. Diaspora only has people who care about privacy, so what's there to look at?
For me, the best alternative to Facebook would be something that works in exactly the same way from the user's point of view but without providing arbitrary access to the service provider and 3rd parties, like Facebook according to rumors. A good basis for implementing something like this would be wuala [wuala.com], it has all the access levels (public, private, friends only) and security mesures required, as well as redundancy. It would only require a frontend that collects new stuff from your friends' shares and posts to your appropriate share.
Re:Doubt it (Score:2, Insightful)
Hopefully, people don't join "Diaspora" -- they join a rebranded system with support from whatever provider they want and get the benefits of federation.
Re:$SUBJECT (Score:3, Insightful)
Agreed. The security of the code is irrelevant. None of mock-up proto-type code at the design phase will exist once it goes into production phase. As MaskedSlacker says, it will obviously be rewritten (probably several times by people who implement in their preferred languages). It is the protocol and APIs that are important. How resistant are they to spoofing? Man-in-the-middle attacks? Replay attacks? What kind of encryption and authentication is used? How is key management done?
Of course security plays only a minor role. Major factors are what functionality does it offer? How extensible is it? What is the roadmap? How often do they plan to break backward compatibility? How well is it documented? Will there be plenty of example code for people to play with? How do they plan to allow user feedback for new ideas or patches?
It's an ambitious project, and there is no reason it will not work, but it needs a clear vision.
Phillip.