Slashdot Mirror
Open-Source Social Network Diaspora Goes Live
CWmike writes "Diaspora, a widely anticipated social network site built on open-source code, has cracked open its doors for business, at least for a handful of invited participants. 'Every week, we'll invite more people,' stated the developers behind the project, in a blog item posted Tuesday announcing the alpha release of the service. 'By taking these baby steps, we'll be able to quickly identify performance problems and iterate on features as quickly as possible.' Such a cautious rollout may be necessary, given how fresh the code is. In September, when the first version of the working code behind the service was posted, it was promptly criticized for being riddled with security errors. While Facebook creator Mark Zuckerberg may not be worried about Diaspora quite yet, the service is one of a growing number of efforts to build out open-source-based social-networking software and services."
'Every week, we'll invite more people,'
I guess they'll be sending Friend Requests via Facebook?
It's more open than Facebook.
Facebook's selling point was its exclusivity - you originally joined Facebook because only college kids were on it, and no one else. You stayed on it for the clean interface.
There's no incentive to join Diaspora.
Yeah except for the fact that it offers nothing that the average user of Facebook wants or cares about.
As I've said before, that's just not how it works in any decent-sized project. You design to meet the needs, then you redesign to meet the new needs, then you redesign yet again to meet the needs that have just come up. Diaspora's first release was (and should have been) to show proof of concept: that something working could be produced. Now they get to redesign to meet security and scalability, and over time they'll redesign to meet other needs. You don't get miracles in the first version.
You do not have a moral or legal right to do absolutely anything you want.
Yes, every alpha does have bugs. But one would expect that people who claim to write secure software would actually, you know, be somewhat competent at writing secure software.
what have you done of late that has been noteworthy?
I guess that's one opinion, the "hold out for perfection and scorn anything that isn't perfect" model is popular with many slashdotters. I guess suppressing all mention of those imperfect alternatives is logical to some.
I personally think that's idiotic. The alternative is, what, wait for people to become so dissatisfied with facebook selling all their private information and location that they decide to make their own? I'm finding it hard to believe that people "who know what they're doing" are just not doing it because they haven't thought "maybe I could do better than facebook."
Security is a design philosophy. Either you've done it right, from the ground up, with your basic code writing habits, or you haven't. A redesign isn't going to cut it. You'd have to do a total rewrite.
Appleseed is getting close to production ready (and it's quite usable already).
What the GP is getting at is that Diaspora is only popular because they got a connection to some media exposure. They got $200,000 from the public when they had *nothing.* There are (and were) already alternatives that are much better and further along than Diaspora. As I mentioned in my post just below this one, Appleseed is one of them (there are others as well, but that happens to be the one that I personally feel deserves more attention).
In which case Disapora is worth some effort even if all it does is motivate Appleseed back into life. I found this article after reading Tim Berners-Lee's recent article. On hiatus since 2007 is not exactly a reassuring release history either.
http://downloadsquad.switched.com/2010/05/21/diaspora-social-network-fail-kickstarter-facebook/
Other comments about the lardy nature of Diaspora have also convinced me to only try it if I can put it one someone else's server.
Xix.
"Everything is adjustable, provided you have the right tools"
But, heck, if Diaspora has the mindshare maybe we should go with it... even if its not technically the greatest?
What mindshare, exactly, does Diaspora have? As far as I can tell, it's some subset of the same people who keep thinking desktop Linux is going to take off any year now.
So far, in these comments, pretty much every pro-Diaspora commenter mentions how it's open source. I've got news for you guys - the vast majority of people don't give a rat's rear end whether it, or any other piece of software, is open source or not. Sure, you can argue why they should care, and pretend all the great unwashed are going to awaken and come around to your way of thinking really soon now... but the onus is on you to show that's even remotely likely.
#DeleteChrome
Yeah except for the fact that it offers nothing that the average user of Facebook wants or cares about.
Looking at it another way, perhaps it does not do what the average user of Facebook does not want.
Apart from privacy issues, one of the problems I see with Facebook is the bloat (or crud) factor. Diaspora does not have that, at least not now.
I have my fingers crossed.
Never trust a spiritual leader who cannot dance -- Mr. Miyagi
The difference is, Facebook came out before the majority of the public had jumped on the social networking bandwagon. Now all their friends are on Facebook, and they won't want to switch out.
Considering their revenues were 52 million in 2006, and they launched in 2004, I'd say you're off a bit on your estimate.
It took them longer to turn a profit, but they were clearly generating a sizable income off their web site within 2 years of launch. Given that, I'd say it's pretty safe to say that they probably launched with a pretty coherent business plan in place. You don't grow from launch to 52 million in revenue accidentally.
So I'm not supposed to trust facebook, a single corporate entity that I can sue for breach of contract if necessary, but I am supposed to trust this software to store copies of my data(even if they are encrypted) on machines all over the planet, machines who may be running Windows and get infected with a botnet that can transfer all my data to another computer for later decryption and analysis. Yeah, sign me up for that.
I hope competitors have a model that DOESNT require me to trust the security of Windows machines.
Monstar L
Just had this pointed out to me:
* Goto http://www.joindiaspora.com/ using Internet Explorer
Instead of showing the page, what do you get? I'll tell you... a blank page with the following title:
You need to use a real browser in order to use Diaspora!
I'm not a IE fan, but this happens with Internet Explorer 8 for goodness sakes. Probably happens with IE9 too. FFS stop showing your fanboyish nature guys; you're basically stating that a good portion of users who only use IE, even if they're using a modern version of it with modern security features like sand-boxing and whatnot, is apparently not "real" enough for your fucking site.
This really does piss me off. Makes the rest of us "open" FOSS users look like a pack of childish geeks who have no idea. You want your little social site to work? Don't arbitrarily restrict browsers!
That was in May. Since then I've put out six revisions.
The thing is, although there was seemingly a stop in development (since 2008/2009, actually), I had never given up on the project. I had a notebook with all the ideas, sketches, mockups, etc. where I wanted to take the project. When Diaspora hit, I emailed them, offering to help. I never heard back, so I decided to push forward on Appleseed.
The pace may seem extraordinary considering I'm essentially the sole full time developer, with most help having come from designers and testers, and I handle a full time job on the side, while I do put in a lot of hours, things have moved along so quickly because I had gamed and spec'd out so much in the year prior.
Check out our roadmap, you'll see exactly where we're going.
http://opensource.appleseedproject.org/roadmap/
You can also send an email to invite@appleseedproject.org for an invite to the beta test site. Here's a screenshot for people who don't want to bother signing up (apologies for FB hosting. we're working on that :)
http://sphotos.ak.fbcdn.net/hphotos-ak-snc4/hs1207.snc4/155927_469182004405_510304405_5358353_7159703_n.jpg
Michael Chisari
Lead Developer, The Appleseed Project
It seems that Diaspora somehow got that NYTimes article, got mucho donations from that even though at that point they had NO CODE, and yet somehow now I hear about it all the time as somehow it's going to be a "facebook killer".
Linux got popular initially because Torvalds is an excellent programmer and his project spread through word-of-mouth. Diaspora got discovered because there was a Times article about vaporware.
Quite, there were just security bugs there wasn't even an authorization framework in place! Hell, there wasn't even simple stuff like limiting access to things based on the owner.
Something which I would think is integral to the site design and should have been decided upon before they even started coding.
It's probably invitation-only because they have no way of searching for other Diaspora users and adding them short of exchanging URLs: http://groups.google.com/group/diaspora-discuss/browse_thread/thread/60f32519f623e690/23109444fefa1640?#23109444fefa1640 Diaspora's answer to Facebook's search? Google search! (I'm not making this up, read that thread)
Popularity and exposure does count for a lot when it comes to social networks. I've heard of diaspora several times, and never heard of appleseed before now. I doubt many of my friends have heard of it either, odds are low they've heard of diaspora, but I'm guessing more will sign up with the one they hear more about.
GP also seems to think it's a zero sum game when it comes to news about non-facebook social networks. That's not true. I think most people aren't aware there is more than facebook and myspace, making them more aware of diaspora might lead them to investigate your preferred ones.
Like me and this appleseed you're talking about...
If I understand correctly, you can run your own Diaspora server, is it right?
Well, then there must be a protocol to communicate between Diaspora servers. If that protocol is sound, then I will just write my OWN server with all the security features I need.
Do we know anything about the security of the protocol? I am more interested in that not in the security of the webapp.
I'm a little late to the discussion, but I'll throw in anyways.
The really important facet of what a Facebook alternative should look like is the ability to dis-intermediate the service from me and my use of the data that is collected about me. Facebook has barely supported an export feature, but removing my data from what is essentially a social connection tool to others is not a plan.
Example:
I own my cell phone, but I can choose to move myself, my data, (and in most places my phone number) to a different carrier. That means that the separation of the carrier in itself doesn't break my ability to communicate with friends or family through a mobile device. As it stands with social networks, if you're all on the same network, you can talk to one another. If you decide A and my sister decides B then there's no communication flow, and the ability to interact comes to an end.
The ability to make an alternative Facebook is important in the ability to further control what I do with my own data, the ability to use my entered data outside of some company's pervue, and to have a service that I can easily add, interact with people and not feel like I'm tied to something I don't like. Facebook is a closed ecosystem. They consume content and lock it up from prying eyes. If Diaspora has or will have support for open inter-operating service offerings then great, otherwise they're just building another Facebook wanna be to take over the world. Who cares if Diaspora's code is Open Source if my interaction with the system and my data is shackled behind a single company's vision of how social networking should work?
Bye!
I would join in a heartbeat if i feel i can trust Diaspora. Facebook on the other hand, no way in hell ill put my data up for theirs to sell to anyone.
I hate Facebook with a passion and i know a whole lot more people who does. The only reason some of them are there is "because everyone else is". Give them an alternative and theyll jump ship without looking back.
HTTP/1.1 400
These aren't "bugs," these are "gaping holes in security and privacy controls that don't appear to even have been considered."
There's a difference between "our security system will behave badly when somebody presents it with a specially crafted URL, leading to unauthorized escalation of privileges" (a bug) and "our security system assumes that anybody accessing URL automatically has access to update, modify, delete, etc. anything at that URL." (a gaping hole in security, and a glaring *design* flaw).
Unless you define "bug" to be such a broad category that it includes "incomplete, poorly thought-out rubbish," you cannot call some of these issues "bugs" in the software.
Comment removed based on user account deletion
If they learned from their mistakes and adopted safer coding practices and added infrastructure that enforces proper security on the code then the review has paid off. On the other hand, if they only fixed the security bugs that were pointed out and continued coding the way they did before then it will never be secure since there won't be enough reviewers to keep up with all the new bugs being added.
Yes, things would have been worse if this source was not open, but that doesn't necessarily mean the code is good enough now.
Given that, I'd say it's pretty safe to say that they probably launched with a pretty coherent business plan in place. You don't grow from launch to 52 million in revenue accidentally.
Wait, you don't? Shit, I've been doing it all wrong!
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
Diaspora, the anti-social network!
Tired of social networks with their data sharing, privacy leaks and too many people looking at your stuff?
Join Diaspora! Write status updates nobody can see! Or don't, it's all the same in the end!
Linux "got popular" because *some* ( Windows still rules the market ) people wanted an alternative to Microsoft Windows.
Diaspora *may* get popular because many people want an alternative to Facebook.
Agreed. The security of the code is irrelevant. None of mock-up proto-type code at the design phase will exist once it goes into production phase. As MaskedSlacker says, it will obviously be rewritten (probably several times by people who implement in their preferred languages). It is the protocol and APIs that are important. How resistant are they to spoofing? Man-in-the-middle attacks? Replay attacks? What kind of encryption and authentication is used? How is key management done?
Of course security plays only a minor role. Major factors are what functionality does it offer? How extensible is it? What is the roadmap? How often do they plan to break backward compatibility? How well is it documented? Will there be plenty of example code for people to play with? How do they plan to allow user feedback for new ideas or patches?
It's an ambitious project, and there is no reason it will not work, but it needs a clear vision.
Phillip.
Property for sale in Nice, France
Once again: WE KNOW that you can build a social network, and we also know that you can build an open-source social network. It's been done. The project was not "interesting" from that perspective - Facebook, Myspace, Orkut, Appleseed, and a host of other 'social networks' have already done one or both of those things.
The key differentiator for Diaspora was the goal of creating a secure, decentralized model that put the user in charge of their own privacy. The differentiator emphatically WAS NOT that they were "open source" - again, that's already been proven to be possible by other projects.
Which brings us to the question of why we *should* give a shit about Diaspora. I'll let their Kickstarter writeup speak for itself, here's what they had to say:
Please point out for me where they say "we aim to open source Facebook," because I'm not seeing it.
The GOAL of Diaspora was to create a more-secure social networking environment which gave control of user privacy back to the users.
The METHOD they intended to use was to open-source what they produced, and then build a community around it.
The RESULT was an unmitigated mess: the code they spent months writing did NOTHING to achieve their stated goals, in fact it was even LESS secure and private than Facebook, because it ignored standard and common security and privacy practices - things which should be part of your design from the ground up, including user authentication and access control for each and every operation the system performs.
They started out by saying "We're going to build an alternative which puts the user in control of their data." They created an alternative which puts ANY user in control of ANY data.
This is not trolling, this is an honest assessment of the progress & results of Diaspora. Their goals were more security & more privacy. They achieved neither of those goals with the code they wrote. Open source is not some magic sauce you marinate your code in in order to improve it, but suddenly the entire focus of Diaspora has gone from "it's more secure and more private," (their initial, stated goals) to "it's open source," as if that forgives the multitude of failings that the code has, simply because a bunch of people can read the source that implements those design flaws.