I've gotten in and things are loading, but slow.
That the thing is still running at all seems nice given the ass-kicking I suspect their servers are likely receiving.
It looks like someone created an account named "Mark Suckerberg" and automated a posting flood repeating the text "I accidentally.. the whole economy".
Also, said account's avatar looks like some kinda of three-way orgy. Not investigating that image farther...
I'm impressed and surprised that they have released code. I worried that the initial flurry of money and hype would derail them.
Many projects never get this far, and for this, they deserve to be commended. They've built something and dealt with a lot of external pressure at the same time.
Apparently they spent some of the money on working with LUXr and Pivotal Labs. The best technical solution can be derailed by a poor user interface and experience. It looks like they avoided that.
I just downloaded and ran the project, and to be honest, I didn't see more UX work than what could have been done in an afternoon's worth of googling around for some templates.
That's for super-power-users, maybe in 5 years for advanced users. If you attempt to do this with either unsupported browser or on unsupported website your browser will act very non-userfriendly, like by opening dropped file. Because of this it would be foolish and dangerous to even inform the vast majority of users of this feature.
From my observation their UI is just copied Facebook UI. And my issue with this is not lack of originality. Rather it's the fact that people will now compare Diaspora functionality with that of Facebook. Furthermore anything working differently will lead to frustration, as certain behaviors are expected.
Perhaps, but I'm not convinced. If you are going to have similar features and interface your only advantage left is The Fear of Privacy. And frankly, it's getting a bit old. It's the Facebook and Google that will change people's expectations and habits. You can create something that will work better but I see it as those auto-destructing emails. No privacy is better than false privacy.
drag and drop uploading is like 10 lines of code for the usual suspects.
Not taking anything away from the diaspora guys, I havent tried the application, just mentioning in case anyone thought drag and drop was too much of a hassle to add to their app, it can be done in a few minutes.
There is this famous story about a consultant who is called in to find the error in an expensive machine. After a while he marks a place on the machine with a cross. The bill is 100000$: 0.01 for the chalk used to make the cross, 99,999.99$ for "knowing where to put it".
The story is Tesla visiting Henry Ford to fix some electric motors he had on his production line. The amount of the bill was $10,010. Ford called him up later to ask why ten thousand and ten, when Tesla quipped the famous quote ($10 for the chalk, $10,000 because I knew where to put it).
Ah cool - I had just googled for the origin, and only found a story on a "business jokes" web site (they used 50000$). Didn't know it has a real origin.
Actually Diaspora hasn't spent any of their money with us, (us = Pivotal,) we're just giving them space to work in, and occasional advice when they ask for it. It's been fun to have them around, and we're glad they're open-sourcing and getting feedback like this.
I think it speaks to the support network available for entrepreneurs in NYC. Charlie O'Donnell of First Round kicked it off, from what I recall, with this post advising Diaspora on how to make it through the immediate chaos and get to building. Many people spoke up via blog posts and tweets to suggest simply getting to work as quickly as possible and to not set the vision too high yet.
I saw them shortly after at MongoNYC where they were getting a lot of attention. In spite of that, they just focused on learning what they needed and hearing the talks about people's experiences.
This is exactly the kind of focus that's needed to get the job done, so not only should it not be surprising, it should be expected. In spite of that, I'm stoked to see it.
When you make a new account you get "home" and "work" aspects, which you can add people to individually. That actually goes a long way to making it clear.
And perhaps the initial aspect names and all other strings should not be hard coded in English into the product. Yes, it is pre-alpha, but it will be a pain later to replace all strings with the #t helper and keywords.
"Is there additional insight into what "aspects" are, though? It confuses me - will it confuse an ordinary user?"
This is a pet peeve of mine, using extremely generic words to describe an important part of what you are working on. "Object Oriented Programming" got away with it, but that is aimed squarely at developers. I don't think you want words like "aspect" in front of actual users.
I've noticed this a lot in academic research, also. I lost track of how many different ways I saw the word "feature" overloaded in different fields.
For some reason I thought that development was being done in php.
Other than that I'm somewhat dismayed that their open source release isn't actually running on some site and says run at your own risk due to security issues. Edit: (Looks like there is a demo in the comments here but not open to sign up)
Hopefully development continues quick enough that it escapes into the public before the tech hype is gone.
I also thought it was going to be in PHP - they definitely mentioned that at some point, but once I saw their website was written in Ruby, I suspected they might be moving in a different direction...
Good to see they hit their release date, and I look forward to messing around with it, even though I know more PHP than Ruby ;)
I've installed and played with both, but I'm still not sure how things will develop if social networks become more "distributed." Ideally, in my opinion, sites sould be able to run any social software, whether Appleseed, Elgg, or Diaspora, and they could all interconnect and push updates to each other, somewhat similar to the many available options for blogging software all syndicating via RSS. I'm glad that there has been so much interest and publicity surrounding Diaspora, since it will benefit this new type of social networking and help it grow, now matter what platform or language each client is built on!
Well I believe heroku includes ImageMagick by default, so it seems the only dependency would by MongoDB. Has anyone ever used the MongoHQ add-on? http://addons.heroku.com/mongohq
EDIT: Upon further investigation, I've found that one dyno is not enough to run Diaspora on Heroku. You'll quickly start filling up your request queue and it will slow down to a crawl.
You're unfortunately right. I say unfortunate because I really, really like the name: it sounds good and conveys their mission very well, but ease of spelling is probably paramount.
I'm not so sure about the name. I understand how it conveys their mission exactly and it does that really well: leave facebook(or twitter or wherever), come here. I can see how setting themselves up from word 1 as opposition to facebook has a huge amount of importance but what happens to that branding on the off chance they win?
(I know this is like planning where to put the swimming pool in your 1 bedroom apartment in the event that you win the lottery but I think the choice of name does/did have a lot to do with just how long the view of the founders was when they started.)
That said, it is currently my only quibble. I'm glad to see that things actually got done and out the door. It sure seems to have gone a lot better than anything I worked on this summer.
A diaspora isn't just about leaving a place and going somewhere else; it means roughly "a scattering" in Greek and means that a group of people are leaving one central homeland and going all around the world. Even if they win, the distributed nature of their network makes the name perfect.
I think the name is quite perfect, really. I can't think of any other single word that sums up what they're trying to do so well, at least not so evocatively.
The whole idea is to allow the Facebook-bound multitudes to leave that particular kingdom and spread -- along with their data -- across the Internet, as a decentralized system.
The name is therefore the goal, the intended result. It's a high bar, but it's an ambitious project.
For a lot of people, their name’s strongest connotation is Jewish persecution. To me, this is so awkward as to rule out the name for use in serious software.
It's like at my work when I proposed that we could get some benefit from an "interim solution" until we could finish up what we were planning. Of course people started (innocently, ignorantly) calling the original plan the "final solution". Always made me cringe.
You either work with uneducated simpletons, or closet nazis and crypto-fascists. There is just no way anybody with a modicum of culture would hear "final solution" and not cringe, much less use the phrase passively in everyday non-historic conversation.
Given the misspellings/mispronounciations/miscommunications already inherit in the name, I think they should re-brand as something like: Disápora ... (or some other spelling of a similar phonetic ilk)
* I say this because every time I've tried to describe it verbally, I always end up saying something like 'disapora' and making a hand-wavey gesture in a direction "away" from 'facebook'
Funny, I think of how I use social networking to talk to those I can't see, or I'm not around. The entire idea fits the term more than the term fits it. We are all seeking connectedness.
that's what I felt as well ... diaspora usually happens when a people are kicked out of their land to roam the earth among other people. Not very positive as far as connotations go. But hey, let's see what they come up with.
To me, as a Jew, “Diaspora” just means “outside of Israel”. Of course Jews live in so many different countries outside of Israel because of our history of being persecuted, but when I first heard of the “Diaspora project” I did not have an immediate reaction of “what an offensive name”.
I think a bigger problem might be that for the majority of people who use The Facebook, diaspora has absolutely no denotation. (And very little connotation).
Diaspora is at least an easy-grade SAT word.
Even for those of us who know the denotation, it gives absolutely no indicator as to what the product does. (It is instead a reference to how the product works... dispersed Facebook). From a marketing standpoint this is a problem.
Hopefully this will become 'the diaspora project', and they will come up with a new name for the actual results of it.
I've found multiple instances of text in more or less official places containing general English problems (spelling, grammar). I'm assuming for the time being it isn't due to outright lack of fluency in English, and so that leads me to think that they just aren't putting in the [little] extra effort to proofread before publishing. It's not that big a deal, but I think it would help for them to look more polished as far as official text goes.
The name reminds me of the holocaust. It doesn't help that the color theme of the app evokes Schindler's List.
You can bet for most non-US people that 'diaspora' reminds them of some sort of persecution their people have faced. It is also a word that is used in a lot of languages, I have friends who are Russian, Ukranian, Serbian, Lebanese, Armenian, Jordanian etc. who all refer to themselves being in the 'diaspora' (ie. persecuted people who left their homeland and are now living in the west)
"You can bet for most non-US people that 'diaspora' reminds them of some sort of persecution their people have faced."
I like it for that reason. Edgy, accurate, and with the potential to repurpose/reframe the word in the minds of many.
That kind of persecution also tends to cause the persecuted to bond even more strongly and proudly with their cultural identity, so the connotations are not all bad.
Sure, but this sounds like a cult of victimhood or differentness, and you'll find that these subcultures remain in the minority, in part because they define themselves as a minority.
actually, for most south asians, the "diaspora" just refers to the extended south asian community who have moved to the west in search of better jobs etc. there are no negative connotations to the term.
Sweet Jesus. Please publish a security reporting page at the earliest possible convenience, because this will have private info on it within a day from now, and that is a very bad idea right now.
What? Correct me if I'm wrong, but it looks like they're just releasing the source code, not taking new users for "the" Diaspora or sharing access to any kind of central database of users. It's just a ruby web app you can download and run locally (or on a web server if you're that dumb...), right? And in that case, how is this any worse than the hundreds of other bits of (unsafe, untested) social networking code floating around the interwebs?
... is a question which would be better to answer privately, to a security contact. Use your imagination as to what the email would likely say.
This may just be a difference of philosophy, but I don't think "It isn't really a release, so nobody would be stupid enough to actually run this on a publicly accessible server." After all, consumers of The New Hotness have a lot less incentive to think through the security implications of running it than the developers did. [Edit: And the developers apparently have a publicly accessible instance running. That decision is curious.]
This will be running in production today. If very bad things happen, the TechCrunch article about it will have Diaspora in the headline.
That is enough of an incentive to have a security page.
Thanks for the response. I agree that a security page is a good, even necessary idea, it just doesn't strike me as a pressing emergency for them at the moment.
They're currently getting coverage on the Guardian, BBC, etc, and will get it on the New York Times within 24 hours. That is about to create an emergency for them, because being the secure, privacy-aware alternative to Facebook gives people some expectations as to how the software will work. Many of those expectations match the designed behavior. None match the software as actually implemented.
They just did a media launch and they're in for their earliest users getting burned in a very painful, public manner. If this isn't an emergency, what does an emergency look like?
There is no argument against having a policy for receiving, reviewing and patching security reports. It is that simple.
"hundreds of other bits of (unsafe, untested) social networking code floating around the interwebs" is not a benchmark that this project should aspire to.
This is the problem with public disclosure: I could tell you, but it would practically write exploit code which you could point at any one of the "Try Diaspora now!" sites popping up and do very bad things.
Here, let me tell you what isn't a problem: you cannot type "system('rm -rf /')" into their username field on the signup form and wipe any machine with Diaspora installed because some idiot passed untrusted user input straight to exec. But if that were a problem, do you understand why mentioning publicly "Hey, the username field is passed straight to exec... that's sort of bad." is a bad idea? Because that lets any idiot immediately create wipe_arbitrary_diaspora_install.rb
There are several vulnerabilities in Diaspora right now. They allow very bad things. There are multiple public Diaspora installations. They are all vulnerable to very bad things.
It's interesting to see people on HN downvoting some for being responsible with information while upvoting those who advocate irresponsible disclosure.
>Feel free to try to get it running on your machines and use it, but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable. If you do find something, be sure to log it in our bugtracker, and we would love screenshots and browser info.
There exist publicly accessible Diaspora instances, and there will be more by the end of today. That was entirely predictable, since it has been marketed as the host-your-own federated Facebook. There is already someone on the mailing list asking how to let people use his from outside his university network, because they firewall non-80 ports. If he figures out how to configure thin, bad things happen.
Any disclosed vulnerability is an exploit roadmap for these public instances. Speaking generally, exploits of public web apps can sometimes be pretty severe. Yes, the software is immature, but is now immature and an attack vector.
There's no marginal benefit beyond what putting a security warning message on the download page would get you. In fact, filing a public bug would probably be less effective in preventing harm than such a message would be. The marginal cost is significant.
There's actually more of a case for disclosing security bugs in established products if the vendor doesn't respond quickly enough. If people are relying on a product for critical uses, having information that lets them minimize their risk could be helpful. I don't see the benefit in this case.
If you're smart enough to get code from github working on your own box, paranoid enough to worry about facebook's control of your data and be interested in an alternative, and savvy enough to get wind of such an early release, I don't think you're going to put anything that sensitive in this network!
They don't seem to be publicizing it, but there's a live version up at a subdomain of joindiaspora.com, which people are sharing on diaspora's facebook page. Won't link here because of the concerns above and because it's creaking under the load already.
I think that since the community funded this project that the code should have a more liberal license so that the community can do what they want with it.
The project also depends on MongoDB, which is also AGPL licensed, which raises the question of if paid hosting of a diaspora instance is 'commercial' and if it requires a MongoDB license from 10gen, I would think that it does.
They should BSD/MIT license their own code, and build more storage options outside of MongoDB. I am surprised that donors didn't insist on a license as part of the kickstart funding.
The AGPL (like the GPL) does not allow adding more restrictions. You do not need any further license to use AGPL licensed code in a commercial product, you just have to abide by the license terms of the AGPL.
I assume the 10gen commercial license allows you avoid having to provide source code for your product to your users. (but the mongodb website isn't clear about that).
I would like to make it clear that users of MongoDB don't need to opensource their product, only their changes (if any) to the MongoDB server itself. The commercial license is mostly for companies that have strict (if misguided) "no AGPL" policies. Most users do not need it.
MongoHQ and other companies providing commercial hosting of MongoDB only need a commercial license if they modify the server and don't contribute back. We want to encourage hosting providers which is why we don't require buying a special license.
Only the MongoDB server is AGPL licensed, all of the official clients are Apache licensed; you're free to use mongo for commercial hosted services without getting a commercial license from 10gen provided that you publicly release any changes that you make to the server codebase - you're never required to release the code of your actual application (provided that you're using one of the official clients).
Damn, I was all excited until I saw that. I think it will probably stifle the spread of Diaspora after the initial excitement dies off. For example, it would make it difficult to run a server with a different theme/UI and custom modifications (maybe some that would help pay for the costs of running the server), and it seems like it would limit Diaspora server ownership to solo techie enthusiasts (maybe with friends and family but no serious mass adoption).
I'm all for free software and all that, and GPL is great for infrastructure software like web servers and databases, but I think a BSD license would probably work better overall for Diaspora adoption and for encouraging more serious developers to work on it.
I think CDDL would potentially be a better license. That would force returns on existing files in the project (keeping it from going closed), but if you have your own changes outside of those files, you should be OK (allowing you to commercialize your enhancements).
What Diaspora really needs now is some startup, some well-known developers, or the Diaspora crew themselves to stand up and say "Okay, now we're going to use this framework to build a very real social network." Until then, it's just some people building out some cool ideas. Don't get me wrong, that's great; it's just hard to rally around it without getting something concrete behind it.
I'm not sure what the end product will look like or what the functionality will be, but when I think of "distributed social network" I'd like to see something like a HN node, a reddit node, a Digg node, a Slashdot node, etc., where they all communicate with each other and aggregate updates from all those platforms, so that if I make a comment or submit a story on one site, it shows up on the "social network" part of my profile across every other site. A bit like FriendFeed, I suppose. If large sites adopted it in that way, it could certainly become a "very real social network."
I would like to see (and if I get the time, or a client who needs it I will look into creating) a dispora plugin for wordpress, as opposed to that dreaded buddypress. It (to me) would have the same appeal as disqus etc with you being able to use the same account to connect across the web, with different "seeds".
They are building social networking software which means that at some point the goal will need to be to get everyone and their mother on board. Because they built the app on Rails, they are now facing an uphill battle with distribution as there are not a lot of places that you can easily setup a Rails site.
I love Rails but for this type of app, it might have helped them gain traction faster if it was built on PHP, or was even just a massive plugin for WordPress.
Now if a lot of people really seem to love Diaspora and demand for Rails hosting increases dramatically, I'm sure hosting providers will take note and increase their commitment to Rails. That would be an ideal situation, but not a likely outcome.
i don't think the end goal is to get everyone to be running their own server. the data will be distributed among many different servers but surely there will be providers that come along to host data for large groups of people.
Sure, the goal might be to have everyone on own installation of it but it would be a reasonable expectation that a lot of people would want their own installation (as demonstrated by WordPress.org's bazillion downloads per micro-second) since part of the promise is owning your own data.
yeah but the support isn't that great, that is where you suffer. They were really sluggish so I moved everything over to http://www.pacifichost.com and despite the cost they have been really great
I'm dealing with this right now, as I'm pretty interested in Diaspora's architecture. Since Fedora (13) ships with Ruby 1.8.6, it looks like I'll be building a standalone version of ruby just for this (requires Rails 3, released a couple of weeks ago, which in turn requires ruby >= 1.8.7).
Rails is a perfectly good target for this, IMHO; I'm a Python guy and would have preferred Django, but that's a bikeshed as far as I'm concerned. And, for a dev release, depending on a just-released version of a major framework isn't a huge deal, as long as they understand that it's going to be a barrier to entry for quite a few people until distributions have caught up.
It only took me 10 or 12 minutes to get it set up and running, but I already had a mongod running on my laptop and all 5 popular rubies installed with rvm (with most gems already installed). Still, follow the readme file, and it is fairly easy.
I abandoned it at the point I was going to have to globally install specific versions of stuff from source. There might be ways to avoid that but as a ruby n00b I don't know them.
> I love Rails but for this type of app, it might have helped them gain traction faster if it was built on PHP, or was even just a massive plugin for WordPress.
This is one thing I hope they get right: it's the right thing to do to focus on a first implementation, but in the end what is more important is the protocol that emerges from that. If the underlying protocol is solid then you will get independent people writing ports of it to every language under the sun in no time. On the other hand if the underlying protocols are either flimsy or technology dependent (specific to ruby or some other part of their stack) then it's going to really limit how much this can spread and how much involvement they get.
Interestingly enough, I thought they WERE going to use PHP at first.
Something to note about the choice of Rails though is that you now have options like insta-deploy Railsmachine/Heroku type providers for this. Not them specifically mind you.
The fact that they are using rails demonstrates more newbie-style cluelessness, to me. Not even remotely a good choice. But, the sort of things 4 guys fresh out of college with no experience would think was the obvious choice.
I think the obvious answer to this is a pre-built, deployable VM, something that you can fire up with an EC2 instance. Thus you don't need traditional hosting, and can get going straight away.
I was kinda of expecting more with a funding, an office, and a semi large team.
I have personally been working with my co-founder with zero funding on a MMORPG social start-up that brings the best features of Facebook to another group of people. We have implemented real-time features through Erlang (including Chat and Streams), data collection/aggregation from games, and far more. (http://www.guildwork.com/blog/ if anyone is interested, its our public testing site, we have not launched). Anyway I guess my point was if 2 people with zero funding and no office can accomplish that, I certainly expected more from them. But to be fair we been killing ourselves slowly by working as hard as we do, maybe they took a relaxing approach. =P
Also for something that is meant to be distributed Rails does not seem like a very good choice.
Just my 2 cents, hopefully open sourcing it will pick things up.
In my perspective I was leaning more toward having funding for a designer (I assume they paid 10k for http://luxr.posterous.com/ or got it free). I am not a designer, but since we have not hired one, I am the one doing the designing and ending up spending more time then I should and hating what I come up with. I am also the main engineer on our project so thats time I could be putting to making code/features better.
Agreed. The UI isn't even that good. They paid a company to tell them to copy Facebook, but ghettoed it. The funding definitely went to people who were not ready for this. They had 4 developers on this, you'd expect more polish. Just feels like a regular crud app with flash sockets, won't work iPhone/iPad without a lot of tinkering. Am I being too harsh?
That being said, I have no skills to bother taking a look under the hood. Could be they've done some impressive stuff underneath, and it will manifest over time?
Don't understand the down voting - for the crowd's investment its arguably all they've done. They did just start however. Releasing at all is more than most expected on their blogs.
If possible, I want to start a project/patch to do full-screen photo slideshows (a la flickr).
I may try setting it up if I have a chance, I'm assuming the packaging of it all will take time before it becomes something a layperson can just run on an extra windows machine.
That's a really good idea. I post stuff to Facebook all the time about college football, but I know a lot of peole don't care about that and just want the baby pictures... and vice versa.
BTW, from just grabbing the code, it looks like: use Ruby 1.8.7, not 1.9.2, have a local mongod running, bundle install, bundle exec thin start. Looks nice.
Many of the exciting[1] new open source projects seem to have a huge focus on UX. I love this. Open source has always seemed to have a stigma of 'unusable' and these initiatives are really going against that notion. Diaspora, jQueryUI, SproutCore, Cappuccino..
[1] I use exciting not as personal excitement here but by the community excitement around these projects. Whether its press coverage, developer buy in or user elation.
There are a bunch of open source social networking projects out there. One is Appleseed, which has been in active development since 2004, open source since 2005, and has had four releases in the past 3 months.
there was something called "AroundMe" which was at first the usual walled-garden social network software. But then they changed their philosophy to make it like what Disapora is now. I guess it started sometime in 2005. I edited the older version of their software to setup my own social network.
Had a 5 minute glance at the code. I don't think they realise that `self` is the default receiver in Ruby, judging by how many times I saw it used superfluously.
Anyway, kudos to them for actually releasing some code. I would like to contribute, does anyone know if they are accepting patches?
Some people like to use explicit self to differentiate methods from local variables. Also, there are consistency issues. Explicit self is required for attribute writers and implicit self can call private methods on parent classes. Personally, I'm not a big fan of implicit self.
If you set out to make a private social network, though, it's not that easy. Now, instead of trusting facebook, you'll have to trust ALL of your friends' hosting providers. For example, with diaspora, someone at mediatemple can in principle peek at the contact details you have synced with any of your friends. How is that any more secure?
What this is, is decentralized. Which is still really cool!
You are right about having to trust too many different hosting companies or people who install it and make it public, but there should be a way to tunnel directly through to another user with everything in the middle just seeing an encrypted data stream.
However, how about a simpler scenario: you set up on one of your servers and only invite your family to join. Another instance for a club, etc. Have a very easy export/import mechanism to push material in your account in one group to another, under your control.
Their app is running on someone's hosted server. You can of course have complete security BETWEEN servers (as these guys say "PGP for you privacy nerds") but ... you still have to trust everyone's hosting company.
A single hosting company hosting 1000 diaspora accounts can compromise details of 127,000 accounts, if each diaspora user has 127 friends on average.
As far as setting up social networks on a server, there are plenty of those ... dolphin, elgg ... and they are quite good. If you want it to be decentralized nodes, you are stuck trusting everyone's hosting providers to not peek at the data you are sharing. Which imho is worse than trusting only facebook in terms of privacy.
On the other hand in terms of everything else, decentralization is a huge WIN! Such as scaling and uptime.
Mongodb is an interesting choice. I haven't used Mongodb, so I might be misunderstanding a design decision made by the Mongodb developers, but isn't it possible to get into a situation with Mongodb where the writes are delayed and, as a result, new records (documents) added to a database might not show-up on the following reads (so a user might post a status update, but then he/she might not see it added to his/her status updates page when the pages reloads). Or perhaps the Diaspora developers decided to commit writes to the disk immediately at the cost of performance? Just curious.
With a distributed social network, I'd imagine that it's okay if data is a second or two out of date, so it should be cool.
> but then he/she might not see it added to his/her status updates page when the pages reload
Even if it were to happen, you're assuming a page loads when they make a comment. ;) This shouldn't happen until there are extremely high loads, but even then, just don't make the comment box reload the page, insert the comment into the DOM, and make your POST with AJAX. ;)
201 comments
[ 2.7 ms ] story [ 242 ms ] threadLooks like they are using Ruby/Rails and MongoDB.
Also, said account's avatar looks like some kinda of three-way orgy. Not investigating that image farther...
Many projects never get this far, and for this, they deserve to be commended. They've built something and dealt with a lot of external pressure at the same time.
See earlier update for more information; http://www.joindiaspora.com/2010/08/26/overdue-update.html
From my observation their UI is just copied Facebook UI. And my issue with this is not lack of originality. Rather it's the fact that people will now compare Diaspora functionality with that of Facebook. Furthermore anything working differently will lead to frustration, as certain behaviors are expected.
An interface can look similar superficially, while performing completely differently at the next level.
Not taking anything away from the diaspora guys, I havent tried the application, just mentioning in case anyone thought drag and drop was too much of a hassle to add to their app, it can be done in a few minutes.
http://www.snopes.com/business/genius/where.asp
http://www.thisisgoingtobebig.com/blog/2010/5/13/what-diaspo...
I saw them shortly after at MongoNYC where they were getting a lot of attention. In spite of that, they just focused on learning what they needed and hearing the talks about people's experiences.
This is exactly the kind of focus that's needed to get the job done, so not only should it not be surprising, it should be expected. In spite of that, I'm stoked to see it.
Is there additional insight into what "aspects" are, though? It confuses me - will it confuse an ordinary user?
From what I can tell, they are just groups of users which you can publish particular content/updates to.
This is a pet peeve of mine, using extremely generic words to describe an important part of what you are working on. "Object Oriented Programming" got away with it, but that is aimed squarely at developers. I don't think you want words like "aspect" in front of actual users.
I've noticed this a lot in academic research, also. I lost track of how many different ways I saw the word "feature" overloaded in different fields.
Other than that I'm somewhat dismayed that their open source release isn't actually running on some site and says run at your own risk due to security issues. Edit: (Looks like there is a demo in the comments here but not open to sign up)
Hopefully development continues quick enough that it escapes into the public before the tech hype is gone.
Good to see they hit their release date, and I look forward to messing around with it, even though I know more PHP than Ruby ;)
Good on them though for releasing! This looks like a solid effort. I wish them the best. :-)
;)
http://github.com/hacketyhack/hackety-hack.com/blob/master/c...
It works.
Then apply this patch to make Diaspora use the correct Mongo server and database: http://gist.github.com/581833(I know this is like planning where to put the swimming pool in your 1 bedroom apartment in the event that you win the lottery but I think the choice of name does/did have a lot to do with just how long the view of the founders was when they started.)
That said, it is currently my only quibble. I'm glad to see that things actually got done and out the door. It sure seems to have gone a lot better than anything I worked on this summer.
The whole idea is to allow the Facebook-bound multitudes to leave that particular kingdom and spread -- along with their data -- across the Internet, as a decentralized system.
The name is therefore the goal, the intended result. It's a high bar, but it's an ambitious project.
* I say this because every time I've tried to describe it verbally, I always end up saying something like 'disapora' and making a hand-wavey gesture in a direction "away" from 'facebook'
Funny, I think of http://en.wikipedia.org/wiki/African_diaspora
For New York Jews? You say it to me I think potato famines.
It's a fine, catchy name with some bite. Hopefully they don't trade it in for something dumb like folksr.
Your mileage, of course, may vary.
Diaspora is at least an easy-grade SAT word.
Even for those of us who know the denotation, it gives absolutely no indicator as to what the product does. (It is instead a reference to how the product works... dispersed Facebook). From a marketing standpoint this is a problem.
Hopefully this will become 'the diaspora project', and they will come up with a new name for the actual results of it.
You can bet for most non-US people that 'diaspora' reminds them of some sort of persecution their people have faced. It is also a word that is used in a lot of languages, I have friends who are Russian, Ukranian, Serbian, Lebanese, Armenian, Jordanian etc. who all refer to themselves being in the 'diaspora' (ie. persecuted people who left their homeland and are now living in the west)
I like it for that reason. Edgy, accurate, and with the potential to repurpose/reframe the word in the minds of many.
That kind of persecution also tends to cause the persecuted to bond even more strongly and proudly with their cultural identity, so the connotations are not all bad.
... is a question which would be better to answer privately, to a security contact. Use your imagination as to what the email would likely say.
This may just be a difference of philosophy, but I don't think "It isn't really a release, so nobody would be stupid enough to actually run this on a publicly accessible server." After all, consumers of The New Hotness have a lot less incentive to think through the security implications of running it than the developers did. [Edit: And the developers apparently have a publicly accessible instance running. That decision is curious.]
This will be running in production today. If very bad things happen, the TechCrunch article about it will have Diaspora in the headline.
That is enough of an incentive to have a security page.
They just did a media launch and they're in for their earliest users getting burned in a very painful, public manner. If this isn't an emergency, what does an emergency look like?
"hundreds of other bits of (unsafe, untested) social networking code floating around the interwebs" is not a benchmark that this project should aspire to.
Here, let me tell you what isn't a problem: you cannot type "system('rm -rf /')" into their username field on the signup form and wipe any machine with Diaspora installed because some idiot passed untrusted user input straight to exec. But if that were a problem, do you understand why mentioning publicly "Hey, the username field is passed straight to exec... that's sort of bad." is a bad idea? Because that lets any idiot immediately create wipe_arbitrary_diaspora_install.rb
There are several vulnerabilities in Diaspora right now. They allow very bad things. There are multiple public Diaspora installations. They are all vulnerable to very bad things.
I think releasing this was very, very premature.
It's been added to the README at http://github.com/diaspora/diaspora
And they will be the same person that complains really loudly when it goes wrong :)
>Feel free to try to get it running on your machines and use it, but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable. If you do find something, be sure to log it in our bugtracker, and we would love screenshots and browser info.
That seems to cover it, doesn't it?
Any disclosed vulnerability is an exploit roadmap for these public instances. Speaking generally, exploits of public web apps can sometimes be pretty severe. Yes, the software is immature, but is now immature and an attack vector.
There's actually more of a case for disclosing security bugs in established products if the vendor doesn't respond quickly enough. If people are relying on a product for critical uses, having information that lets them minimize their risk could be helpful. I don't see the benefit in this case.
The project also depends on MongoDB, which is also AGPL licensed, which raises the question of if paid hosting of a diaspora instance is 'commercial' and if it requires a MongoDB license from 10gen, I would think that it does.
They should BSD/MIT license their own code, and build more storage options outside of MongoDB. I am surprised that donors didn't insist on a license as part of the kickstart funding.
I assume the 10gen commercial license allows you avoid having to provide source code for your product to your users. (but the mongodb website isn't clear about that).
I would like to make it clear that users of MongoDB don't need to opensource their product, only their changes (if any) to the MongoDB server itself. The commercial license is mostly for companies that have strict (if misguided) "no AGPL" policies. Most users do not need it.
AFAIK AGPL does not stop anyone from making money. It just stops taking others work as the base and building closed enhancements on top of it.
I'm all for free software and all that, and GPL is great for infrastructure software like web servers and databases, but I think a BSD license would probably work better overall for Diaspora adoption and for encouraging more serious developers to work on it.
- Diaspora would make a "social" add on to other sites, ie, just one component of larger specialized sites.
Rather than creating "plug ins" for Diaspora, Diaspora becomes a plugin itself.
It will be interesting to see how it evolves.
I love Rails but for this type of app, it might have helped them gain traction faster if it was built on PHP, or was even just a massive plugin for WordPress.
Now if a lot of people really seem to love Diaspora and demand for Rails hosting increases dramatically, I'm sure hosting providers will take note and increase their commitment to Rails. That would be an ideal situation, but not a likely outcome.
Oh well hopefully it will work on Heroku.
I'll probably move my blog to wordpress.com hosting and then try a combination of Heroku and Amazon EC2 micros for my app prototyping.
Rails is a perfectly good target for this, IMHO; I'm a Python guy and would have preferred Django, but that's a bikeshed as far as I'm concerned. And, for a dev release, depending on a just-released version of a major framework isn't a huge deal, as long as they understand that it's going to be a barrier to entry for quite a few people until distributions have caught up.
This is one thing I hope they get right: it's the right thing to do to focus on a first implementation, but in the end what is more important is the protocol that emerges from that. If the underlying protocol is solid then you will get independent people writing ports of it to every language under the sun in no time. On the other hand if the underlying protocols are either flimsy or technology dependent (specific to ruby or some other part of their stack) then it's going to really limit how much this can spread and how much involvement they get.
Something to note about the choice of Rails though is that you now have options like insta-deploy Railsmachine/Heroku type providers for this. Not them specifically mind you.
Torrent here: http://burnbit.com/torrent/154764/diaspora_alpha_iso
I have personally been working with my co-founder with zero funding on a MMORPG social start-up that brings the best features of Facebook to another group of people. We have implemented real-time features through Erlang (including Chat and Streams), data collection/aggregation from games, and far more. (http://www.guildwork.com/blog/ if anyone is interested, its our public testing site, we have not launched). Anyway I guess my point was if 2 people with zero funding and no office can accomplish that, I certainly expected more from them. But to be fair we been killing ourselves slowly by working as hard as we do, maybe they took a relaxing approach. =P
Also for something that is meant to be distributed Rails does not seem like a very good choice.
Just my 2 cents, hopefully open sourcing it will pick things up.
Money and more help can solve some problems.
I think a designer=that-can-code or a developer-that-can-design make things happen faster.
That being said, I have no skills to bother taking a look under the hood. Could be they've done some impressive stuff underneath, and it will manifest over time?
I like the minimalist design, though.
in my book, it takes balls to release something this early. so, kudo's to them.
I may try setting it up if I have a chance, I'm assuming the packaging of it all will take time before it becomes something a layperson can just run on an extra windows machine.
can anyone articulate it?
As long as I am praising, I'll add a thumbs up for using AGPL: IMHO a very good license choice.
App really looks nice so far.
[1] I use exciting not as personal excitement here but by the community excitement around these projects. Whether its press coverage, developer buy in or user elation.
http://opensource.appleseedproject.org
For all the attention Diaspora is getting, the other projects will be usable by average users way before they will.
http://www.barnraiser.org/aroundme
Runs on php and mysql.
I did checkout AppleSeed longtime back version 0.2 or 0.3 (on savannah i guess). Clean code.
Barnraiser's AroundMe has plugin functionality built in. It's not the facebook-type third-party app API. So don't get me wrong.
Anyway, kudos to them for actually releasing some code. I would like to contribute, does anyone know if they are accepting patches?
Very awesome to see a bunch of undergrad guys come up with this project. I'm still amazed at the PR they got at the time.
I'm also kind of working on my own thing ... http://myownstream.com
If you set out to make a private social network, though, it's not that easy. Now, instead of trusting facebook, you'll have to trust ALL of your friends' hosting providers. For example, with diaspora, someone at mediatemple can in principle peek at the contact details you have synced with any of your friends. How is that any more secure?
What this is, is decentralized. Which is still really cool!
However, how about a simpler scenario: you set up on one of your servers and only invite your family to join. Another instance for a club, etc. Have a very easy export/import mechanism to push material in your account in one group to another, under your control.
A single hosting company hosting 1000 diaspora accounts can compromise details of 127,000 accounts, if each diaspora user has 127 friends on average.
As far as setting up social networks on a server, there are plenty of those ... dolphin, elgg ... and they are quite good. If you want it to be decentralized nodes, you are stuck trusting everyone's hosting providers to not peek at the data you are sharing. Which imho is worse than trusting only facebook in terms of privacy.
On the other hand in terms of everything else, decentralization is a huge WIN! Such as scaling and uptime.
> but then he/she might not see it added to his/her status updates page when the pages reload
Even if it were to happen, you're assuming a page loads when they make a comment. ;) This shouldn't happen until there are extremely high loads, but even then, just don't make the comment box reload the page, insert the comment into the DOM, and make your POST with AJAX. ;)
Running stock Diaspora code, but it's got a LOT of problems (which is to be expected from pre-alpha software I suppose.)