Slashdot Mirror
Open-Source Social Network Diaspora Goes Live
CWmike writes "Diaspora, a widely anticipated social network site built on open-source code, has cracked open its doors for business, at least for a handful of invited participants. 'Every week, we'll invite more people,' stated the developers behind the project, in a blog item posted Tuesday announcing the alpha release of the service. 'By taking these baby steps, we'll be able to quickly identify performance problems and iterate on features as quickly as possible.' Such a cautious rollout may be necessary, given how fresh the code is. In September, when the first version of the working code behind the service was posted, it was promptly criticized for being riddled with security errors. While Facebook creator Mark Zuckerberg may not be worried about Diaspora quite yet, the service is one of a growing number of efforts to build out open-source-based social-networking software and services."
who got first post on the site?
... is to facebook, as facebook was to myspace.
'Every week, we'll invite more people,'
I guess they'll be sending Friend Requests via Facebook?
It's more open than Facebook.
Facebook's selling point was its exclusivity - you originally joined Facebook because only college kids were on it, and no one else. You stayed on it for the clean interface.
There's no incentive to join Diaspora.
> it was promptly criticized for being riddled with security errors.
Well, they're done.
You design security in; you don't glue it on the side afterwards.
Nobody would have ever heard of this thing, except that there was nothing else going on in the news when the story broke. This one of thousands of facebook clones. Once it actually does something noteworthy, let's look at it again. Until then, who cares?
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Please elaborate on the benefits of inventing an alter ego maintaned by a corporation that doesn't allow it to be retracted to a neighboring competing social network in control of the person that he may kill it like the 1812 fire of the White House?
It' just another liability and purposed bond that only a coroner, a overlord, and a spy would ever find useful. It' as though everyone enjoys being watched for free, while vthe pornogfraphers and whores have better implementations that vuse money to sue anyone caught with my surveylance.
I really can't help but see it as a great thing that the security errors were found. It totally vindicates the open source model as a means for peer review and enhancement, the developers will have learned some extremely valuable lessons, and the publicity will mean more eyes will be trained on the codebase in future.
Now, if the source was proprietary....
Stop promoting Diaspora. These people don't know what they're doing. If the general population is going to shift to an open social network, they need to have a good experience the first time they try it. Promote another open social network with more competent developers.
Yes, I too love that a social network that purports to be secure and built to respect privacy is written by people who are incompetent at security. Where can I sign up!?!?!
Ruby and Ruby on Rails == Big bag of fail.
Are you kidding me? Every alpha has bugs. Get real. There's a reason it's invitation only.
Yes, every alpha does have bugs. But one would expect that people who claim to write secure software would actually, you know, be somewhat competent at writing secure software.
...to save the hassle of what twitter went though with the fail whale issue of their servers just getting slammed. Which is a good thing. Also I think google has tried the same things when rolling out a new web product like gmail/google voice/etc where you get invited to keep the load down to a manageable amount while you work out the kinks. Smart thinking on their part. I know I tried Orkut when I left facebook as an alternative and I noticed all the time I would update something on my page or change a profile picture, and orkut would report to me some sort of server error, leaving me with a bad taste in my mouth as to how stable the platform really was. With all the work that goes into a social networking site, I don't envy all the work ahead for diaspora. But I applaud their efforts. One question that lies in my mind since it's an open source site is, if it becomes popular, how easy would it be for people to find exploits to the system since they have the source right there to like pull all of your personal info or hijack accounts. But being opensource, the community can easily pitch in and say, "Hey, that method you are using is a giant security hole!". We'll see.
In other news -- even competent programmers write code with bugs. The important part is finding and fixing bugs, which the open-source model excels at.
None of the contenders are anywhere near complete (at least the last time I went looking). It will take a few years with people that care about this sort of thing to mature the various projects. If we wait for a "good experience the first time", it will be a long while. I'm prepared to put up with quite a bit if it means long term options for open social networks. For example by creating testbeds for open social APIs.
99% of people don't care and are going to stay on Facebook. These projects are not for those people. At least until TBL's recent prognostications about the emerging Walled Gardens come true.
Xix.
"Everything is adjustable, provided you have the right tools"
In which case Disapora is worth some effort even if all it does is motivate Appleseed back into life. I found this article after reading Tim Berners-Lee's recent article. On hiatus since 2007 is not exactly a reassuring release history either.
http://downloadsquad.switched.com/2010/05/21/diaspora-social-network-fail-kickstarter-facebook/
Other comments about the lardy nature of Diaspora have also convinced me to only try it if I can put it one someone else's server.
Xix.
"Everything is adjustable, provided you have the right tools"
Do you even read what you write?
You admit that all alpha software has bugs, but expect these guys to write bug-free code?
IRC: The original social network.
See ya'll on freenode.
Maybe it's just me, but I feel like the name is one of the big stopping points here. For the nerd population, no one will care, but for the general public, I just don't see most people getting excited about updating their Diaspora status, or Diaspora-ing before bed, or sending out Diaspora invites for their birthday parties. Besides it being an unattractive (maybe not the best word to describe it, but you get the picture) word, I think that having four syllables detracts from it as well. Granted, these things shouldn't matter if the service is better, but that's not always the case.
So I'm not supposed to trust facebook, a single corporate entity that I can sue for breach of contract if necessary, but I am supposed to trust this software to store copies of my data(even if they are encrypted) on machines all over the planet, machines who may be running Windows and get infected with a botnet that can transfer all my data to another computer for later decryption and analysis. Yeah, sign me up for that.
I hope competitors have a model that DOESNT require me to trust the security of Windows machines.
Monstar L
Just had this pointed out to me:
* Goto http://www.joindiaspora.com/ using Internet Explorer
Instead of showing the page, what do you get? I'll tell you... a blank page with the following title:
You need to use a real browser in order to use Diaspora!
I'm not a IE fan, but this happens with Internet Explorer 8 for goodness sakes. Probably happens with IE9 too. FFS stop showing your fanboyish nature guys; you're basically stating that a good portion of users who only use IE, even if they're using a modern version of it with modern security features like sand-boxing and whatnot, is apparently not "real" enough for your fucking site.
This really does piss me off. Makes the rest of us "open" FOSS users look like a pack of childish geeks who have no idea. You want your little social site to work? Don't arbitrarily restrict browsers!
That was in May. Since then I've put out six revisions.
The thing is, although there was seemingly a stop in development (since 2008/2009, actually), I had never given up on the project. I had a notebook with all the ideas, sketches, mockups, etc. where I wanted to take the project. When Diaspora hit, I emailed them, offering to help. I never heard back, so I decided to push forward on Appleseed.
The pace may seem extraordinary considering I'm essentially the sole full time developer, with most help having come from designers and testers, and I handle a full time job on the side, while I do put in a lot of hours, things have moved along so quickly because I had gamed and spec'd out so much in the year prior.
Check out our roadmap, you'll see exactly where we're going.
http://opensource.appleseedproject.org/roadmap/
You can also send an email to invite@appleseedproject.org for an invite to the beta test site. Here's a screenshot for people who don't want to bother signing up (apologies for FB hosting. we're working on that :)
http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1207.snc4/155927_469182004405_510304405_5358353_7159703_n.jpg
Michael Chisari
Lead Developer, The Appleseed Project
so the code that implements the social network is open source, that means absolutely nothing, it really provides nothing to anyone, its just another social network that fragments the internet (in terms of end users) what we need is open standards for exchange of social media data, we can already do this in parts, facebook seems to have a pretty good api (i haven't delved too deep), but obviously its not a standard, we can import contacts from gmail to facebook and the similar but we can't just transfer our social data from one platform to another. migrate from facebook to diaspora and you start again with a clean sheet, who's going to do that? myspace versus facebook was early, now facebook is the standard. oh crap, i just realised that facebook is the social version of M$ windows.
It seems that Diaspora somehow got that NYTimes article, got mucho donations from that even though at that point they had NO CODE, and yet somehow now I hear about it all the time as somehow it's going to be a "facebook killer".
Linux got popular initially because Torvalds is an excellent programmer and his project spread through word-of-mouth. Diaspora got discovered because there was a Times article about vaporware.
Ok, they are probably not selling you out to advertisers right of the bat.
Now how do they intend to generate money to cover the huge server expenses ? Am I missing something ?
Quite, there were just security bugs there wasn't even an authorization framework in place! Hell, there wasn't even simple stuff like limiting access to things based on the owner.
Something which I would think is integral to the site design and should have been decided upon before they even started coding.
It's probably invitation-only because they have no way of searching for other Diaspora users and adding them short of exchanging URLs: http://groups.google.com/group/diaspora-discuss/browse_thread/thread/60f32519f623e690/23109444fefa1640?#23109444fefa1640 Diaspora's answer to Facebook's search? Google search! (I'm not making this up, read that thread)
But when security errors are found in closed software it doesn't vindicate anything, right? I WONDER WHY
I'm not an apologist or fan of proprietary software, but people's "logical" conclusions which are really based on clouded judgement because they like one thing more than the other should not be considered insightful. Idiotic advocacy is harmful.
Glad to hear it! The perceived hiatus was the only negative for Appleseed on my short list of FOSS social options to explore.
More likely than not I'll be taking you up on that invite. :)
"Everything is adjustable, provided you have the right tools"
A free software community inspired social network?
Why this has no more chance to succeed than an online encyclopedia that anyone could edit!
Any fool knows, just like Brittanica dominates that field with advantages that free (as in speech) could never compete with, so will Facebook always dominate in social networking.
Oh wait...
I'm more interested in a site that will do what Craigslist does, but modernized and free of all the bullshit that plagues CL. Currently, CL is akin to Mos Eisley and it doesn't appear that there have been any significant improvements in years.
Someone flopped a steamer in the gene pool.
Working on MVC in PHP. Impressive. This project looks very complicated and difficult to use with its many modules in php. Do you plan on providing documentation on using it?
That is true, but I would rather not use something that has contained vulnerabilities caused by a failure to follow basic good practice (I.e. incompetent developers).
I'm a little late to the discussion, but I'll throw in anyways.
The really important facet of what a Facebook alternative should look like is the ability to dis-intermediate the service from me and my use of the data that is collected about me. Facebook has barely supported an export feature, but removing my data from what is essentially a social connection tool to others is not a plan.
Example:
I own my cell phone, but I can choose to move myself, my data, (and in most places my phone number) to a different carrier. That means that the separation of the carrier in itself doesn't break my ability to communicate with friends or family through a mobile device. As it stands with social networks, if you're all on the same network, you can talk to one another. If you decide A and my sister decides B then there's no communication flow, and the ability to interact comes to an end.
The ability to make an alternative Facebook is important in the ability to further control what I do with my own data, the ability to use my entered data outside of some company's pervue, and to have a service that I can easily add, interact with people and not feel like I'm tied to something I don't like. Facebook is a closed ecosystem. They consume content and lock it up from prying eyes. If Diaspora has or will have support for open inter-operating service offerings then great, otherwise they're just building another Facebook wanna be to take over the world. Who cares if Diaspora's code is Open Source if my interaction with the system and my data is shackled behind a single company's vision of how social networking should work?
Bye!
I would join in a heartbeat if i feel i can trust Diaspora. Facebook on the other hand, no way in hell ill put my data up for theirs to sell to anyone.
I hate Facebook with a passion and i know a whole lot more people who does. The only reason some of them are there is "because everyone else is". Give them an alternative and theyll jump ship without looking back.
HTTP/1.1 400
These aren't "bugs," these are "gaping holes in security and privacy controls that don't appear to even have been considered."
There's a difference between "our security system will behave badly when somebody presents it with a specially crafted URL, leading to unauthorized escalation of privileges" (a bug) and "our security system assumes that anybody accessing URL automatically has access to update, modify, delete, etc. anything at that URL." (a gaping hole in security, and a glaring *design* flaw).
Unless you define "bug" to be such a broad category that it includes "incomplete, poorly thought-out rubbish," you cannot call some of these issues "bugs" in the software.
Comment removed based on user account deletion
We just use the wave in the box code and make it more social like google couldn't do...
... is to facebook, as identi.ca is to twitter.
If they learned from their mistakes and adopted safer coding practices and added infrastructure that enforces proper security on the code then the review has paid off. On the other hand, if they only fixed the security bugs that were pointed out and continued coding the way they did before then it will never be secure since there won't be enough reviewers to keep up with all the new bugs being added.
Yes, things would have been worse if this source was not open, but that doesn't necessarily mean the code is good enough now.
awesome
Diaspora got discovered because there was a Times article about vaporware.
It's not vaporware if they come up with the product. They've come up with the product.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
If there was a 'port facebook' to diaspora function then it might happen.
I dont really know why facebook took off in the first place as there were others around at the time. A mate was on faceparty all the time and I wasnt bothered at the time.
Now I mainly use it to keep up with people abroad and family and people I dont get to see. Hence the critical mass thing.
I always think never say never as yahoo disappeared as a search engine virtually overnight in my mind. I dont even know why I switched to google.
On a long enough timeline. The survival rate for everyone drops to zero. Chuck Palahniuk, Fight Club, 1996
Anybody already tested it? are there user stories among the /. crowd?
How is the server performing? All in all, I think the decentralized architecture is very interesting for a social network, so how is the experience compared to e.g. facebook?
May be I'm going to setup a test server...
---
awake and alert!
-Penguin Mints
I was one of the folks that sent Diaspora some money. I like the idea of an open social network where you have control of your information. Sure it's going to be tough to be a facebook killer but I want them to have every opportunity to try. I've been on the net since the Lynx days, I've worked on the net in one fashion or the other since then. To me the big promise of the net was to bring people of different cultures, different geographic locations together, not to mention having a wealth of information at your finger tips. There is a lot wrong with facebook. I'm all for social networks (which is nothing new, we've had social networks since the stone age). I don't like the way facebook is going about it. To me facebook is the present day AOL. I could go on and on but I'm behind Diaspora and hope they get it right.
i feel like it. if it doesnt become big, im sure hundreds of thousands of geeks will make it big, just like they made firefox.
facebook was starting to feel creepy anyway.
Read radical news here
The sad part is there is still no news on the protocol. Which is the most important part.
What if google want to make their own web portal, but with diaspora protocol and hence participate to the ecosystem? As they did with gtalk and XMMP.
What if some router constructor want to insert a diaspora node in their hardware?
Think email, the important is not gmail, nor exchange or thunderbird. The important is that there is a common protocol where people can INNOVATE on it. Like, you know ... internet.
I haven't seen any organization start off with the *intent* of usurping a website, a piece of software or a piece of hardware from an established niche and succeed, by intent.
Users tend to gather around a watering hole and stay there, despite better alternatives existing.
The Diaspora team would be smart to recognize this problem as being at least as large of a task as making their software. The wealthy uber geeks who donated large amounts of money to Diaspora would be wise to use their resources to get Diaspora some top notch marketing help.
The average Facebook users isn't interested in technology and the average Facebook user is the type of person to shut down listening at the smallest hint of jargon-speak coming. IT people often lose the ability to see how very little people know.
The average Facebook user isn't going to understand the many seed concept, let alone being willing to figure it out and set it up. I hope they make it brain dead, push just 3 buttons easy.
The average Facebook user isn't going to understand or be enthusiastic about "open source" or "privacy aware".
I hate Facebook.
It is my sincere hope that the Diaspora team realizes that winning Facebook users over is a bigger challenge than building their software and that winning them over involves many things that have nothing to do with having better software...having better software is only one minimum requirement.
Linux "got popular" because *some* ( Windows still rules the market ) people wanted an alternative to Microsoft Windows.
Diaspora *may* get popular because many people want an alternative to Facebook.
A friend of mine and I did some research about what causes the "Next BIG Thing" on the internet (or nearly any other product or service) to be the next big thing. Based on that research, I don't think that creating a sub-culture is going to evolve attitude; I feel that Diaspora (and any other social network) is only achieving that goal...creating a subset of a larger culture. I feel that MySpace inherited from Geocities, Facebook inherited MySpace, Diaspora inherited from Facebook...everyone seems to be percolating over how to become the next step in the chain, but no real innovation is occurring. This seems to be in opposition of where I really feel we should be growing as a global community. When we consume X, then barf up Y it is still X. Diaspora (and nearly any other "Social Network" engine) doesn't seem to be offering any true innovation...just a perspective on the same system with a few twists != INNOVATION
Not all bugs are equal.
To have a right to do a thing is not at all the same as to be right in doing it
I was reading about all that and wondered.. XMPP is distributed, you can accept peoples, see there picture and status. For sure you can chat and create private rooms to share a chat. There is not much missing. Maybe a wall and pictures. So I typed "XMPP has social network" on google. I have tonnes of responses.
Maybe that's what google wave was trying to be. But google wave was too complicated. It offered too much and nobody except google had an implementation.
Any thoughts about this?
I found http://onesocialweb.org/. That is maybe what I was looking for.
I don't get why Diaspora gets so much press. When I looked at it, I was impressed by it and there was some bad press about its security. I'm sure it will continue to advance, but the major problem I have with it is it doesn't even attempt to reuse existing technology. They claim to by using something like ruby modules to implement their features or whatever, but they are designing their own protocol and building a very kludgey system.
I use onesocialweb. It's built upon the xmpp protocol and plugs directly into an existing xmpp system, openfire. It has available integration with openfire (users, contacts, etc), a basic web interface, and a basic android application. As a module for openfire, and xmpp in general, a large part of the protocol is already defined. OSW simply extends the xmpp protocol to add social features.
Why is there virtually no press about OSW? I only discovered it while searching google for other possible open and distribute social systems other than Diaspora. Personally, I would rather see OSW succeed.
From the image you posted this project looks a lot more polished and refined than I was expecting. I would be proud to run a server/network running your software.
welcome to: W W W ( famalegoods ) c o m The website wholesale for many kinds of fashion shoes, like the nike,jordan,prada,****, also including the jeans,shirts,bags,hat and the decorations. All the products are free shipping, and the the price is competitive, and also can accept the paypal payment.,after the payment, can ship within short time. free shipping competitive price any size available accept the paypal W W W ( famalegoods ) c o m jordan shoes $32 nike shox $32 Christan Audigier bikini $23 Ed Hardy Bikini $23 Smful short_t-shirt_woman $15 ed hardy short_tank_woman $16 Sandal $32 christian louboutin $80 Sunglass $15 COACH_Necklace $27 handbag $33 AF tank woman $17 puma slipper woman $30 W W W ( famalegoods ) c o m
"I would rather not use something that has contained vulnerabilities caused by a failure to follow basic good practice (I.e. incompetent developers)."
Agreed. Diaspora was revealed on Sept 16th and the very next day major security holes were found. Not minor ones, "many show-stopping issues": cross-site scripting — attack vulnerabilities, a session token that's easy to steal, a lack of user input filtering, and repeated errors when a null character is entered into web fields.
These are huge and very well documented security violations dating back to the 90s. Anyone want to bet how many days before we find security vulnerabilities in this latest release?
This is open source, meaning people are going to be installing it that are not security experts and they expect everything to be done, they're not going to want to be pouring over code for security holes or installing MAJOR PATCH RELEASE every day.
I think a open source social networking site might work but obviously needs to be done by programmers with experience, not a few kids that took some CS classes at University and thought they could remake Facebook. They should have taken that $200,000 and hired real programmers.
my karma will be here long after I'm gone
So what?
Its open source so others who "know better" can step in and fix it. With closed source such as Facebook, who really knows what you get, except obviously big profits by those buying and selling personal information.
Linux "got popular" because *some* ( Windows still rules the market ) people wanted an alternative to Microsoft Windows.
Personally I didn't see windows and think "this works great, I want to use something else" -- I wanted a system that worked, and what it is an alternative to doesn't matter
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
DNF had numerous demos, too, but never really shipped.
Put identity in the browser.
Linux succeeded / got popular on the server in the 90s, long before GNOME or KDE existed. He wasn't talking about desktops or replacing MS Windows.
Put identity in the browser.
Open source is not magic sauce.
If Linus Torvalds was an utter incompetent, would anybody have bothered to "step in and fix" the Linux kernel?
If Richard Stallman was an utter incompetent, would anybody have bothered to "step in and fix" Emacs, or any of the other GNU tools he's had a hand in writing?
The point is this: When your system is designed by people who are *demonstrably* incapable of designing a system that meets the goals they've stated they will meet, how long do you expect any community to last around that? Diaspora has gotten so far only because of kind press. Looking at the impact graphs on Diaspora's github page, it looks as if there's roughly 10 people who are actively contributing to the project. How long until the community members get sick of fixing bad code, or realize that most of the code has been written by them because they had to rewrite the bulk of the original code to allow for things like security?
And how long after that until the project either loses contributors to forking, or it undergoes a leadership coup?
Hey Michael,
Looks like a very nice idea.
Did you see the Lorea's project?. Maybe they are interested in your proposal.
"Lorea is a project to create secure social cybernetic systems, in which human networks will become simultaneusly represented on a virtual shared world.
Its aim is to create a distributed and federated nodal organization of entities with no geophysical territory, interlacing their multiple relationships through binary codes and languages."
more info: http://lorea.org
You should get in contact with Lorea. They have a site https://n-1.cc/ which is doing lots of nice things. AFAIK they are based/working with Elgg and moving fast.
Is that a joke?
On the other hand, if they only fixed the security bugs that were pointed out and continued coding the way they did before then it will never be secure
No ifs there:
Continuing to focus on security.
When we released our initial code, we got some great feedback on better ways to do Rails security. Luckily, it was easy for us to take this feedback and quickly secure the application. We look forward to more such feedback with this release. Diaspora blog
They're relying on the community to pentest and correct their code for them while they are amassing venture capital. They refuse to do it right. They refuse to learn. They refuse to fucking take a Rails course before diving into a project of this scope. This is not going to change as long as they find enough idiots to help them out. Only that when Diaspora becomes bigger, it will be more rewarding to exploit the flaws than to do hand holding with a bunch of lazy script kiddies who got lucky.
Nobody who uses the words "quickly secure the application" in that sequence should be allowed to code social apps. Or any apps.
Linux "got popular" because *some* ( Windows still rules the market ) people wanted an alternative to Microsoft Windows.
What??
No.
Linux "got popular" because *some* people wanted an alternative to Minix. It didn't become a viable alternative to Windows until long after the project had started to take off amongst Unix aficionados.
But, hey, don't let me stop you from rewriting history...
That is how it started, it is not what desktop Linux became or what it is.
There is an old saying that people who use FreeBSD love Unix, people who use Linux hate windows.
If you poll most of the desktop Linux users they will tell you they use it because they like it better than Windows. Most of these people will not mention minix.
The year is 2010, not 1989
You might want to consider how this conversation started. Specifically, it was about the *genesis* of Linux and how that relates to Diaspora. Where Linux is today is utterly irrelevant to that conversation.
Thanks for playing, though.
It is a lot harder to fix design flaws than it is to fix a bug. Fixing design flaws may require a significant rewrite of the code. And since Diaspora is designed to be a decentralised network of servers, you have to make sure your fixes either don't break interoperability with other Diaspora servers or get adopted by them.
The thing is written in Ruby, with MVC. You can start putting shingles before digging the basement, meanwhile decorating the second and third floor, putting walls on the second. And that being disciplined. If you are in to hacks, let's just say I'm out of acid.
I know tobacco is bad for you, so I smoke weed with crack.
Have you considered Diaspora compatibility on some level? XMPP support?
I know tobacco is bad for you, so I smoke weed with crack.