Slashdot Mirror
Security Concerns Paramount After Early Reviews of Diaspora Code
Stoobalou writes with this excerpt from Thinq.co.uk:
"Following the release of the source code for the Diaspora social networking platform, hackers and tinkerers the world over have been poring over the code in order to improve, enhance, and otherwise help the project in its attempt to unsettle Facebook. Sadly, the current opinion is that the code just isn't up to scratch. While the team clearly stated that 'we know there are security holes and bugs' in the code that was released, it's possible that they weren't aware of just how many show-stopping issues there are — issues which make it hard to recommend that you roll your own Diaspora server just yet."
zomg! Pre-alpha! This thing is sure to be a failure!
Biases and accusations of bias run rampant on slashdot. So yes, I was trying to avoid just that. I've followed them mostly because I found their way of getting funding novel, and have been curious how it would pan out in the end.
If I had a nickel for every time I had a nickel, I'd be richcursive!
Unlike Facebook, the Diaspora network is planned to have more than one server operator. Some might offer ad-free accounts to subscribers. Others might be run by a company that offers ad-free accounts to its employees, a school that offers ad-free accounts to its students (echoing the original meaning of the word "facebook"), or a church or other non-profit club that offers ad-free accounts to its members.
That's a fantastic point. I should have been more specific - what I meant was the only reason security concerns and bugs are being found out in a pre-alpha is that it is open. It is exceedingly rare that a closed piece of software releases up a pre-alpha for general review (and hence, you wouldn't have ever even known about them). In more mature released closed software, though, you're right that my point holds no water.
If I had a nickel for every time I had a nickel, I'd be richcursive!
If you think XMPP is only about instant messaging, you haven't looked into the protocol at all. I'm actually on facebook, so I know very well what's required for a direct competitor.
Here, let me help you with the spec on pubsub via XMPP.
In other words: Maybe you should brush up on just what this XMPP is all about before you comment.
XMPP is two core specs and a load of enhancements. The core spec defines a way of transferring arbitrary chunks of XML about the place. The XMPP-IM spec builds on top of this to provide services required for instant messaging (roster management, that kind of thing). Various XEPs also add publish-subscribe, multi-user chat, vCard publishing, microblogging, video chat, and so on.
I am TheRaven on Soylent News
That is true, but looking through their github repo the issues don't appear to be significant enough to require a major redesign. I think they got pretty damn close to what they needed. All they have to do now is do a little spit shine and polish things up, correct security flaws, etc. I mean one of the more significant issues listed in the article was that you can inject HTML into comments. As big of a security hole as that is, its not terribly difficult to fix either.
Can anyone tell me why 99% of
(To anyone that may have missed it, perhaps I should have included —coughcoughopensourcecough— at the end of that second paragraph.)
but have you considered the following argument: shut up.