Open-Source Social Network Diaspora Goes Live

CWmike writes "Diaspora, a widely anticipated social network site built on open-source code, has cracked open its doors for business, at least for a handful of invited participants. 'Every week, we'll invite more people,' stated the developers behind the project, in a blog item posted Tuesday announcing the alpha release of the service. 'By taking these baby steps, we'll be able to quickly identify performance problems and iterate on features as quickly as possible.' Such a cautious rollout may be necessary, given how fresh the code is. In September, when the first version of the working code behind the service was posted, it was promptly criticized for being riddled with security errors. While Facebook creator Mark Zuckerberg may not be worried about Diaspora quite yet, the service is one of a growing number of efforts to build out open-source-based social-networking software and services."

A Few At A Time

[WrongSizeGlass]

'Every week, we'll invite more people,'

I guess they'll be sending Friend Requests via Facebook?

Re:A Few At A Time

[interkin3tic]

No way, they said they want to start out small: they're going to invite everyone still on myspace first.

Re:

[Aerynvala]

You mean my_____]

Re:

[nametaken]

Zuckerberg did donate to the project when they were looking for money on kickstarter.

Re:

[cyclomedia]

I want one!

Horrendous security model

[antifoidulus]

So I'm not supposed to trust facebook, a single corporate entity that I can sue for breach of contract if necessary, but I am supposed to trust this software to store copies of my data(even if they are encrypted) on machines all over the planet, machines who may be running Windows and get infected with a botnet that can transfer all my data to another computer for later decryption and analysis. Yeah, sign me up for that.

I hope competitors have a model that DOESNT require me to trust the security of Windows machines.

Re:

[Xarius]

Just choose to host your data on your own server then? That's your choice as far as I can tell.

Re:

[tenco]

This won't help at all. Your server sends your data to clients where it can be (and most likely is: browser cache) stored.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Bloody idiots

[GF678]

Just had this pointed out to me:

* Goto http://www.joindiaspora.com/ [joindiaspora.com] using Internet Explorer

Instead of showing the page, what do you get? I'll tell you... a blank page with the following title:

You need to use a real browser in order to use Diaspora!

I'm not a IE fan, but this happens with Internet Explorer 8 for goodness sakes. Probably happens with IE9 too. FFS stop showing your fanboyish nature guys; you're basically stating that a good portion of users who only use IE, even if they're using a modern version of it with modern security features like sand-boxing and whatnot, is apparently not "real" enough for your fucking site.

This really does piss me off. Makes the rest of us "open" FOSS users look like a pack of childish geeks who have no idea. You want your little social site to work? Don't arbitrarily restrict browsers!

Re:

[roalt]

You are absolutely right, but for Diaspora's case: Getting multiple browser support right takes time, getting IE support right even longer. (I admit that for a simple "join page" it wouldn't be that much extra time. During alpha development phase, you want to go forward, not stepping aside.

...and it's nice to let IE users experience the feeling others have for all those IE-only websites.

But very tactical, to promote your new website to new users? No...

Re:Bloody idiots

[GF678]

Your point about limiting browser support at this stage is perfectly reasonable, I agree 100%. But you also appear to agree that sidelining IE browsers in the manner they're doing is rather immature. If they blocked IE and explained why they were doing so without sounding pretentious, then it will look a lot more professional.

Re:

[suv4x4]

Instead of showing the page, what do you get? I'll tell you... a blank page with the following title:

You need to use a real browser in order to use Diaspora!

I'm not a IE fan, but this happens with Internet Explorer 8 for goodness sakes.

With this move they ignore about 70% of users on the client side. But it doesn't stop there. On the server side, what they opted to use was Ruby on Rails with MongoDB. For a project that purports to be all about being able to run a node yourself, they have cut about 90% of their userbase by using technology that's rare on shared hosts (RoR) or downright exotic (MongoDB).

And despite being so picky on technology, they clearly produce sub-par code anyway.

This really does piss me off. Makes the rest of us "open" FOSS users look like a pack of childish geeks who have no idea.

I wouldn't go there. Sure, they're amateur kids, and Dia

Re:

[GF678]

It's a closed beta FFS. They can do whatever the hell they want, and I say bravo to them for only choosing where to draw the support line while they work on other things.

Bullshit. If that were the case they could have worded it a little better than they did, instead of a blank page and silly comment as the title.

Re:

[guyminuslife]

They do both. The title of the page is "You need to use a real browser in order to use Diaspora!" and the page itself has a frame in the middle pitching Chrome Frame.

Is anyone else amazed at the press diaspora gets?

[SashaMan]

It seems that Diaspora somehow got that NYTimes article, got mucho donations from that even though at that point they had NO CODE, and yet somehow now I hear about it all the time as somehow it's going to be a "facebook killer".

Linux got popular initially because Torvalds is an excellent programmer and his project spread through word-of-mouth. Diaspora got discovered because there was a Times article about vaporware.

Re:

[fishexe]

Diaspora got discovered because there was a Times article about vaporware.

It's not vaporware if they come up with the product. They've come up with the product.

Re:Is anyone else amazed at the press diaspora get

[assertation]

Linux "got popular" because *some* ( Windows still rules the market ) people wanted an alternative to Microsoft Windows.

Diaspora *may* get popular because many people want an alternative to Facebook.

Craigslist killer.

[pspahn]

I'm more interested in a site that will do what Craigslist does, but modernized and free of all the bullshit that plagues CL. Currently, CL is akin to Mos Eisley and it doesn't appear that there have been any significant improvements in years.

Re:

[visualight]

Out of curiosity, what is wrong with craigslist that needs improvement? Is it too slow?

Re:

[pspahn]

No, the speed is just fine. They simply need to improve the spam and general douchebaggery that occurs. There are simply too many leeches and lame robots that live there.

Whats Really Important

[ADRA]

I'm a little late to the discussion, but I'll throw in anyways.

The really important facet of what a Facebook alternative should look like is the ability to dis-intermediate the service from me and my use of the data that is collected about me. Facebook has barely supported an export feature, but removing my data from what is essentially a social connection tool to others is not a plan.

Example:
I own my cell phone, but I can choose to move myself, my data, (and in most places my phone number) to a different carrier. That means that the separation of the carrier in itself doesn't break my ability to communicate with friends or family through a mobile device. As it stands with social networks, if you're all on the same network, you can talk to one another. If you decide A and my sister decides B then there's no communication flow, and the ability to interact comes to an end.

The ability to make an alternative Facebook is important in the ability to further control what I do with my own data, the ability to use my entered data outside of some company's pervue, and to have a service that I can easily add, interact with people and not feel like I'm tied to something I don't like. Facebook is a closed ecosystem. They consume content and lock it up from prying eyes. If Diaspora has or will have support for open inter-operating service offerings then great, otherwise they're just building another Facebook wanna be to take over the world. Who cares if Diaspora's code is Open Source if my interaction with the system and my data is shackled behind a single company's vision of how social networking should work?

Ill join, but i hate Facebook.

[miffo.swe]

I would join in a heartbeat if i feel i can trust Diaspora. Facebook on the other hand, no way in hell ill put my data up for theirs to sell to anyone.

I hate Facebook with a passion and i know a whole lot more people who does. The only reason some of them are there is "because everyone else is". Give them an alternative and theyll jump ship without looking back.

Port facebook to diaspora

[dredwerker]

If there was a 'port facebook' to diaspora function then it might happen.

I dont really know why facebook took off in the first place as there were others around at the time. A mate was on faceparty all the time and I wasnt bothered at the time.

Now I mainly use it to keep up with people abroad and family and people I dont get to see. Hence the critical mass thing.

I always think never say never as yahoo disappeared as a search engine virtually overnight in my mind. I dont even know why I switched to google.

This is going to be big.

[unity100]

i feel like it. if it doesnt become big, im sure hundreds of thousands of geeks will make it big, just like they made firefox.

facebook was starting to feel creepy anyway.

The Watering Hole Effect

[assertation]

I haven't seen any organization start off with the *intent* of usurping a website, a piece of software or a piece of hardware from an established niche and succeed, by intent.

Users tend to gather around a watering hole and stay there, despite better alternatives existing.

The Diaspora team would be smart to recognize this problem as being at least as large of a task as making their software. The wealthy uber geeks who donated large amounts of money to Diaspora would be wise to use their resources to get D

Don't Forget The Marketing!

[assertation]

The average Facebook users isn't interested in technology and the average Facebook user is the type of person to shut down listening at the smallest hint of jargon-speak coming. IT people often lose the ability to see how very little people know.

The average Facebook user isn't going to understand the many seed concept, let alone being willing to figure it out and set it up. I hope they make it brain dead, push just 3 buttons easy.

The average Facebook user isn't going to understand or be enthusiastic a

Doubt it

[mozumder]

It's more open than Facebook.

Facebook's selling point was its exclusivity - you originally joined Facebook because only college kids were on it, and no one else. You stayed on it for the clean interface.

There's no incentive to join Diaspora.

Re:

[Jeremiah Cornelius]

Facebook will remain popular as long as it provides a means to cheat on your wife, booty-calling girls with whom you used to have great sex, 20 years ago.

Diaspora is not yet there.

Re:Doubt it

[vrmlguy]

There may be no incentive to join Diaspora, but I think that today could still mark a turning point. It provides a set of APIs that can be used to federate social networks. Facebook may not be interested in joining, but smaller networks will have a strong incentive to join. It could be like email thirty years ago. Back then there were lots of proprietary email systems that didn't interconnect. SMTP provided a common interconnection and eventually even the largest providers had to join. If one of the other major social networks, such as LinkedIn, MySpace or Orkut, were to federate with Diaspora, it would start a chain reaction. The only question would be if Facebook is already big enough to ignore a combination of all of its competitors. I'm betting that it's not.

Re:

[L4t3r4lu5]

You can bet your boots that they would join the federated network once Farmville has a client which works on Diaspora.

You just know that folks will want their latest "golden chicken" discovery to be posted on LinkMyOrkFace all at the same time.

Re:

[GWBasic]

It provides a set of APIs that can be used to federate social networks.

Not quite. I spoke with them when they ran an installfeast a few weeks ago, and they don't provide the APIs.

What they did is follow the OStatus [ostatus.org] recommendations, and then built their own undocumented APIs for items that are private. Yes, Diaspora is open-source, but their APIs beyond OStatus aren't documented enough to the point where someone else can build a compatible network.

For some context, OStatus is a recommendation to support a whole bunch of independently-developed protocols that lets you have a fed

Re:

[fishexe]

Facebook will remain popular as long as it provides a means to cheat on your wife, booty-calling girls with whom you used to have great sex, 20 years ago.

Ummm...I think if you succeed in cheating on your wife using Facebook, it's because your wife lives in a cave...not because of FB's useful properties...

Re:

[Ginger Unicorn]

Diaspora also has an ugly, hard to pronounce name like ubuntu. Don't get me wrong i love ubuntu, and i realise stupid sounding names like google and wii get subsumed eventually, but awkward-to-pronounce names i'm not so sure about. Plus diaspora sounds like some kind of fungus-induced diarrhea. Hopefully the open nature of this platform will mean that someone can make an interface/brand for this thing that will attract the public. Something that implies you will find sexual partners by using it would be a h

Re:

[LordSnooty]

I doubt the OSS community will ever "get" marketing. Do not underestimate how important a simple name like "Facebook" was in helping it become the king of social networks.

Re:

[Ltap]

Many open-source projects have meaningful names that require a certain level of knowledge to understand. For example, Pidgin -- with the symbol of a pidgeon for being a "messenger" and the name "pidgin" (a composite of two languages used for easy communication between different cultures) representative of its multi-protocol nature -- is one of those. Others could be Nitrogen (a "desktop element") and I'm sure there are many more.

The developers anticipate a certain level of general knowledge and vocabular

Re:

[0100010001010011]

Diaspora will become popular by means of geeks. I can shoot anywhere between ~100 photos at family events to ~1000+ photos for a Rugby tournament. I even wrote a script [github.com] to make it easy to upload photos to Facebook from my headless server.

If I start uploading my photos to diaspora and telling people that's where they are. I guarantee I can get a few people to join.

That, or Diaspora will be populated by my friends that were first on facebook. In the days before the wall and live stalker feed.

Re:

[Again]

It's more open than Facebook.

Facebook's selling point was its exclusivity - you originally joined Facebook because only college kids were on it, and no one else. You stayed on it for the clean interface.

There's no incentive to join Diaspora.

There is at least one very good reason to join quickly. By being on of the first to join I get my pick of pretty much any username. I signed up for an invite purely to grab my username before someone else takes it. My username is pretty lame but dang it, it's mine. So, if against all odds Diaspora becomes popular then I'll be prepared.

Re:

[TheLink]

Maybe you should sign up "Mark Zuckerberg" too while you're at it...

Wait, is that you Mark?

Re:

[Rhaban]

Diaspora being a distributed network, reserving your username is useless because if it works, ther will be a number of different providers where you will be able to have this username.

Did you also register to every e-mail provider just to get this username before anyone else?

Re:

[MaskedSlacker]

You haven't checked your local Craigslist lately then, because that's the FIRST thing I'd expect to be gone.

Re:

[tehcyder]

Damn. So you were the person that took iloveanal?

I had IANAL because I hate the bastards, and wondered about the funny looks.

Re:

[tehcyder]

I haven't read anything ever so it's not like this is an informed post

Your honesty is refreshing, if perhaps misguided.

Re:

[hey]

I saw The Social Network too.
But now the main reason to join FB is because your cousins/colleagues/etc are there.
That can change!

Re:

[zmollusc]

Heh, the more my cousins/colleagues/etc use FB ( and I don't ), the more likely it is that they will forget my phone number and email. Hopefully, they will forget my home address and existence also. That would be awesome.

Re:

[tehcyder]

Heh, the more my cousins/colleagues/etc use FB ( and I don't ), the more likely it is that they will forget my phone number and email. Hopefully, they will forget my home address and existence also. That would be awesome.

Christ, and I thought I was anti-social.

Re:Doubt it

[gman003]

Sure there is. Who's always the first adopters for open-source anti-corporatist programs? Nerds like us. Firefox started as the nerd's browser. Linux started as the nerd's OS - and it still is, on the desktop. So, for now, think of it as "Facebook for Slashdotters".

Re:Doubt it

[Mitchell314]

If you think about it, /. is like a facebook for nerds. Articles are similar to walls, moderation is used as the 'like' button, blogs are like notes, and I /. stalk just like on facebook. :P

Re:Doubt it

[Cylix]

That is a bit of stretch.

There are a complete lack of pictures on slashdot on which to formulate a decision to stalk or ignore. Unless we begin uuencoding our pictures into our posts and blogs there is no evidence to base this decision.

In order to assist in the stalking section we will need the addition of a radial button that defines our hotness aka stalking susceptibility. Until this is implemented we will have to identify our level of attractiveness manually.

I of course am smoking hot.

Re:Doubt it

[Malc]

You want to see photos of nerds? You're crazy! Better leave them uu or base64 encoded.

Re:

[Lord Grey]

You want to see photos of nerds? You're crazy! Better leave them uu or base64 encoded.

There's way too much information to decode .... You get used to it, though. Your brain does the translating. I don't even see the encoding. All I see is coder, geek, fanboy. Hey, uh, you want a drink?

Re:

[L4t3r4lu5]

All you'd ever get is photos of peen run through Photo2Text.com

Re:

[dbIII]

That's not true - I've had a highly compressed version of my photo as my slashdot sig for years.

Re:

[grcumb]

So, for now, think of it as "Facebook for Slashdotters".

... Or, as non-technical folks prefer to call it, HELL.

Re:

[MichaelSmith]

think of it as "Facebook for Slashdotters".

Isn't that slashdot?

Re:

[GameboyRMH]

It would be nice if the Facebooktards would switch to Diaspora, but I'll continue to abstain from social networking myself. Even if it's done on an open system, giving up your personal information online is a bad idea. It's still a privacy risk even if it's no longer a threat to the openness of the Internet.

Re:Doubt it

[FatLittleMonkey]

Facebook's selling point was its exclusivity [...] There's no incentive to join Diaspora.

You've contradicted yourself. Exclusivity is exactly what Diaspora will have. And it's not Facebook, your grandmother uses Facebook. Mainstream, pedestrian. For people who think Farmville is cool.

FB is screaming out for an "exclusive" alternative. It's way overdue for the "omg are you still using lamebook?" effect.

Re:

[Angostura]

Facebook's incentive is no longer exclusivity, today its incentive is quite the opposite - you have to be on there because everyone is on there.

The odd thing is that , finding people who are actually enthusiastic about Facebook is not easy. Many people seem irked by it.

Diaspora presents people with the ability to give Facebook a poke in the eye and I suspect that might be quite popular. All it takes is for people to open an account there in parallel and start linking to Diaspora status updates from their Fa

Re:

[Anonymous Coward]

Agreed. Diaspora is a me-too product, the name is incredibly crappy and zero chance of catching on in younger circles or internationally, and the service offers nothing new or interesting. And the founders seem to think the path to success is to rely exclusively on open source fanboyism, because we all know that resonates with everybody.

Re:

[Lazy Jones]

Facebook's selling point was its exclusivity - you originally joined Facebook because only college kids were on it, and no one else. You stayed on it for the clean interface.

Hardly. Facebook's selling point was and still is that it enforces lack of privacy for other people you are interested in and for yourself, when you see a benefit in it (or an illusion thereof). Diaspora's selling point seems to be a lot of privacy and minimum exposure for yourself, which does not sound like it'll be a strong selling point for a "social network". To put it differently, Facebook is for stalking people who don't care (enough) about privacy. Diaspora only has people who care about privacy, so

Re:diaspora...

[Lunix Nutcase]

Yeah except for the fact that it offers nothing that the average user of Facebook wants or cares about.

Re:diaspora...

[Musically_ut]

Yeah except for the fact that it offers nothing that the average user of Facebook wants or cares about.

Looking at it another way, perhaps it does not do what the average user of Facebook does not want.

Apart from privacy issues, one of the problems I see with Facebook is the bloat (or crud) factor. Diaspora does not have that, at least not now.
I have my fingers crossed.

Re:

[Richard_at_work]

Diaspora also doesn't have any of the reasons to sign up, it's currently as useful as not signing up for Facebook, you get the same privacy protection either way...

Re:

[ardle]

ardle likes this

Re:

[fishexe]

Yeah except for the fact that it offers nothing that the average user of Facebook wants or cares about.

Doesn't matter. If it offers things that enough fringe users want or care about, it can build up a user base, and the bigger its user base, the larger the fringe of users who care grows. The biggest thing the average user cares about with Facebook is how many other people are connected (i.e. the fact that they can basically find anyone they know on there) and the more people bleed from the fringes off FB and into Diaspora, the closer it gets to having this property, and hence drawing average users.

Re:

[Tubal-Cain]

The difference is, Facebook came out before the majority of the public had jumped on the social networking bandwagon. Now all their friends are on Facebook, and they won't want to switch out.

Re:

[MaskedSlacker]

Facebook didn't have those until four or five years after it was created.

Re:

[monoqlith]

Eh...but it was pretty obviously going to be a success very quickly after starting.. When Facebook expanded to my college, it was about 7 months after the initial launch. In about a month, everyone I knew had an account. It was an amazing rate of adoption.

Capitalization happened later, but I'm pretty sure a successful business plan was built-in from the beginning. Advertising revenues or not there would be some way to monetize the millions of users that were joining..

In the end I'm not sure what's going to

Re:diaspora...

[Americano]

Considering their revenues were 52 million in 2006, and they launched in 2004, I'd say you're off a bit on your estimate.

It took them longer to turn a profit, but they were clearly generating a sizable income off their web site within 2 years of launch. Given that, I'd say it's pretty safe to say that they probably launched with a pretty coherent business plan in place. You don't grow from launch to 52 million in revenue accidentally.

Re:

[fishexe]

Given that, I'd say it's pretty safe to say that they probably launched with a pretty coherent business plan in place. You don't grow from launch to 52 million in revenue accidentally.

Wait, you don't? Shit, I've been doing it all wrong!

Re:

[hey]

I kinda agree... here are some others
http://en.wikipedia.org/wiki/Distributed_social_network [wikipedia.org]

But, heck, if Diaspora has the mindshare maybe we should go with it... even if its not technically the greatest?

Re:Please

[93 Escort Wagon]

But, heck, if Diaspora has the mindshare maybe we should go with it... even if its not technically the greatest?

What mindshare, exactly, does Diaspora have? As far as I can tell, it's some subset of the same people who keep thinking desktop Linux is going to take off any year now.

So far, in these comments, pretty much every pro-Diaspora commenter mentions how it's open source. I've got news for you guys - the vast majority of people don't give a rat's rear end whether it, or any other piece of software, is open source or not. Sure, you can argue why they should care, and pretend all the great unwashed are going to awaken and come around to your way of thinking really soon now... but the onus is on you to show that's even remotely likely.
 

Re:

[c0lo]

I've got news for you guys - the vast majority of people don't give a rat's rear end whether it, or any other piece of software, is open source or not.

Great!!! As I care much less what the vast majority of people think than they do care about the rat's end, maybe it is an opportunity to get more contacts more relevant for me that in other places?

In other words, why does a place need to be crowded to be attractive?

Re:

[jimicus]

Social networks don't tend to work very well when hardly anyone's on them. The clue's in the name.

Re:

[Nursie]

Diaspora, the anti-social network!

Tired of social networks with their data sharing, privacy leaks and too many people looking at your stuff?

Join Diaspora! Write status updates nobody can see! Or don't, it's all the same in the end!

Re:

[interkin3tic]

I guess that's one opinion, the "hold out for perfection and scorn anything that isn't perfect" model is popular with many slashdotters. I guess suppressing all mention of those imperfect alternatives is logical to some.

I personally think that's idiotic. The alternative is, what, wait for people to become so dissatisfied with facebook selling all their private information and location that they decide to make their own? I'm finding it hard to believe that people "who know what they're doing" are just not

Re:

[LBArrettAnderson]

What the GP is getting at is that Diaspora is only popular because they got a connection to some media exposure. They got $200,000 from the public when they had *nothing.* There are (and were) already alternatives that are much better and further along than Diaspora. As I mentioned in my post just below this one, Appleseed is one of them (there are others as well, but that happens to be the one that I personally feel deserves more attention).

Re:

[interkin3tic]

Popularity and exposure does count for a lot when it comes to social networks. I've heard of diaspora several times, and never heard of appleseed before now. I doubt many of my friends have heard of it either, odds are low they've heard of diaspora, but I'm guessing more will sign up with the one they hear more about.

GP also seems to think it's a zero sum game when it comes to news about non-facebook social networks. That's not true. I think most people aren't aware there is more than facebook and myspa

What alternatives?

[xixax]

None of the contenders are anywhere near complete (at least the last time I went looking). It will take a few years with people that care about this sort of thing to mature the various projects. If we wait for a "good experience the first time", it will be a long while. I'm prepared to put up with quite a bit if it means long term options for open social networks. For example by creating testbeds for open social APIs.

99% of people don't care and are going to stay on Facebook. These projects are not for thos

Re:What alternatives?

[LBArrettAnderson]

Appleseed is getting close to production ready (and it's quite usable already).

Diaspora motivating Appleseed

[xixax]

In which case Disapora is worth some effort even if all it does is motivate Appleseed back into life. I found this article after reading Tim Berners-Lee's recent article. On hiatus since 2007 is not exactly a reassuring release history either.

http://downloadsquad.switched.com/2010/05/21/diaspora-social-network-fail-kickstarter-facebook/ [switched.com]

Other comments about the lardy nature of Diaspora have also convinced me to only try it if I can put it one someone else's server.

Xix.

If I quote LL Cool J, feel free to tell me to stop

[dominion]

That was in May. Since then I've put out six revisions.

The thing is, although there was seemingly a stop in development (since 2008/2009, actually), I had never given up on the project. I had a notebook with all the ideas, sketches, mockups, etc. where I wanted to take the project. When Diaspora hit, I emailed them, offering to help. I never heard back, so I decided to push forward on Appleseed.

The pace may seem extraordinary considering I'm essentially the sole full time developer, with most help having come from designers and testers, and I handle a full time job on the side, while I do put in a lot of hours, things have moved along so quickly because I had gamed and spec'd out so much in the year prior.

Check out our roadmap, you'll see exactly where we're going.

http://opensource.appleseedproject.org/roadmap/ [appleseedproject.org]

You can also send an email to invite@appleseedproject.org for an invite to the beta test site. Here's a screenshot for people who don't want to bother signing up (apologies for FB hosting. we're working on that :)

http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1207.snc4/155927_469182004405_510304405_5358353_7159703_n.jpg [fbcdn.net]

Michael Chisari
Lead Developer, The Appleseed Project

Re:

[xixax]

Glad to hear it! The perceived hiatus was the only negative for Appleseed on my short list of FOSS social options to explore.

More likely than not I'll be taking you up on that invite. :)

Re:

[Rich0]

Agreed on the "lardy nature of Diaspora." I saw this article and figured, hey, let's check this out. Ok, let's go grab the source and install it.

It runs on a webserver I don't have. It uses a database I don't have. It doesn't even list its dependencies - it wants me to use gems and some dependency resolver to go out and grab who-knows-what and install 40 bazillion orphan files on my system that the package manager won't ever update, leaving my system with a million security holes a year from now when th

Re:

[Sarten-X]

As I've said before, that's just not how it works in any decent-sized project. You design to meet the needs, then you redesign to meet the new needs, then you redesign yet again to meet the needs that have just come up. Diaspora's first release was (and should have been) to show proof of concept: that something working could be produced. Now they get to redesign to meet security and scalability, and over time they'll redesign to meet other needs. You don't get miracles in the first version.

Re:$SUBJECT

[MaskedSlacker]

Security is a design philosophy. Either you've done it right, from the ground up, with your basic code writing habits, or you haven't. A redesign isn't going to cut it. You'd have to do a total rewrite.

Re:

[drewhk]

If I understand correctly, you can run your own Diaspora server, is it right?

Well, then there must be a protocol to communicate between Diaspora servers. If that protocol is sound, then I will just write my OWN server with all the security features I need.

Do we know anything about the security of the protocol? I am more interested in that not in the security of the webapp.

Re:

[horza]

Agreed. The security of the code is irrelevant. None of mock-up proto-type code at the design phase will exist once it goes into production phase. As MaskedSlacker says, it will obviously be rewritten (probably several times by people who implement in their preferred languages). It is the protocol and APIs that are important. How resistant are they to spoofing? Man-in-the-middle attacks? Replay attacks? What kind of encryption and authentication is used? How is key management done?

Of course security plays o

Re:

[Americano]

That something working could be produced.

This has already been done: it's called Facebook, MySpace, and Orkut. We know that it's possible to build a working web site for social networking, we didn't need Diaspora to show us that. Diaspora came to the table with the premise of building upon Facebook's "something working": namely, that users would be secure & in charge of their data. That was their key differentiator, they didn't need to show "hey somebody can build a web site that will allow people

Re:

[Requiem18th]

While I agree that Diaspora should have been built with security from the start, you are misunderstanding his point.

When one says that Diaspora needed to prove that it could be done, it doesn't mean that "it could be done by someone" it means "it could be done by Diaspora". It's different:

Finding out if it's possible at all is useful to decide if you want to invest in building it.
Finding out if it's possible for Diaspora is useful to decide if you want to invest in building it out of Diaspora's codebase.

Re:$SUBJECT

[Americano]

Because they said they'd built that car out of cheerios and succeeded.

Once again: WE KNOW that you can build a social network, and we also know that you can build an open-source social network. It's been done. The project was not "interesting" from that perspective - Facebook, Myspace, Orkut, Appleseed, and a host of other 'social networks' have already done one or both of those things.

The key differentiator for Diaspora was the goal of creating a secure, decentralized model that put the user in charge of their own privacy. The differentiator emphatically WAS NOT that they were "open source" - again, that's already been proven to be possible by other projects.

Which brings us to the question of why we *should* give a shit about Diaspora. I'll let their Kickstarter writeup [kickstarter.com] speak for itself, here's what they had to say:

We believe that privacy and connectedness do not have to be mutually exclusive. With Diaspora, we are reclaiming our data, securing our social connections, and making it easy to share on your own terms. We think we can replace today's centralized social web with a more secure and convenient decentralized network. Diaspora will be easy to use, and it will be centered on you instead of a faceless hub.

Please point out for me where they say "we aim to open source Facebook," because I'm not seeing it.

The GOAL of Diaspora was to create a more-secure social networking environment which gave control of user privacy back to the users.

The METHOD they intended to use was to open-source what they produced, and then build a community around it.

The RESULT was an unmitigated mess: the code they spent months writing did NOTHING to achieve their stated goals, in fact it was even LESS secure and private than Facebook, because it ignored standard and common security and privacy practices - things which should be part of your design from the ground up, including user authentication and access control for each and every operation the system performs.

They started out by saying "We're going to build an alternative which puts the user in control of their data." They created an alternative which puts ANY user in control of ANY data.

This is not trolling, this is an honest assessment of the progress & results of Diaspora. Their goals were more security & more privacy. They achieved neither of those goals with the code they wrote. Open source is not some magic sauce you marinate your code in in order to improve it, but suddenly the entire focus of Diaspora has gone from "it's more secure and more private," (their initial, stated goals) to "it's open source," as if that forgives the multitude of failings that the code has, simply because a bunch of people can read the source that implements those design flaws.

Re:

[the_womble]

That is true, but I would rather not use something that has contained vulnerabilities caused by a failure to follow basic good practice (I.e. incompetent developers).

Re:Security Vulnerabilities Discovered != Bad Thin

[MtHuurne]

If they learned from their mistakes and adopted safer coding practices and added infrastructure that enforces proper security on the code then the review has paid off. On the other hand, if they only fixed the security bugs that were pointed out and continued coding the way they did before then it will never be secure since there won't be enough reviewers to keep up with all the new bugs being added.

Yes, things would have been worse if this source was not open, but that doesn't necessarily mean the code is good enough now.

Re:

[Velorium]

Are you kidding me? Every alpha has bugs. Get real. There's a reason it's invitation only.

Re:

[Lunix Nutcase]

Yes, every alpha does have bugs. But one would expect that people who claim to write secure software would actually, you know, be somewhat competent at writing secure software.

Re:

[Anonymous Coward]

Quite, there were just security bugs there wasn't even an authorization framework in place! Hell, there wasn't even simple stuff like limiting access to things based on the owner.

Something which I would think is integral to the site design and should have been decided upon before they even started coding.

Re:Security Vulnerabilities Discovered != Bad Thin

[BitHive]

It's probably invitation-only because they have no way of searching for other Diaspora users and adding them short of exchanging URLs: http://groups.google.com/group/diaspora-discuss/browse_thread/thread/60f32519f623e690/23109444fefa1640?#23109444fefa1640 [google.com] Diaspora's answer to Facebook's search? Google search! (I'm not making this up, read that thread)

Re:Security Vulnerabilities Discovered != Bad Thin

[Americano]

These aren't "bugs," these are "gaping holes in security and privacy controls that don't appear to even have been considered."

There's a difference between "our security system will behave badly when somebody presents it with a specially crafted URL, leading to unauthorized escalation of privileges" (a bug) and "our security system assumes that anybody accessing URL automatically has access to update, modify, delete, etc. anything at that URL." (a gaping hole in security, and a glaring *design* flaw).

Unless you define "bug" to be such a broad category that it includes "incomplete, poorly thought-out rubbish," you cannot call some of these issues "bugs" in the software.

Re:

[ardle]

awesome

Re:

[Anonymous Coward]

what have you done of late that has been noteworthy?