
Diaspora Developer Release - PStamatiou
http://www.joindiaspora.com/2010/09/15/developer-release.html
======
davidu
I'm impressed and surprised that they have released code. I worried that the
initial flurry of money and hype would derail them.

Many projects never get this far, and for this, they deserve to be commended.
They've built _something_ and dealt with a lot of external pressure at the
same time.

~~~
neurotech1
Apparently they spent some of the money on working with LUXr and Pivotal Labs.
The best technical solution can be derailed by a poor user interface and
experience. It looks like they avoided that.

See earlier update for more information;
<http://www.joindiaspora.com/2010/08/26/overdue-update.html>

~~~
eob
I just downloaded and ran the project, and to be honest, I didn't see more UX
work than what could have been done in an afternoon's worth of googling around
for some templates.

~~~
jarin
You obviously haven't noticed all the touches like being able to drag files
into the browser to upload them (Gmail-style)

~~~
deno
That's for super-power-users, maybe in 5 years for advanced users. If you
attempt to do this with either unsupported browser or on unsupported website
your browser will act very non-userfriendly, like by opening dropped file.
Because of this it would be foolish and dangerous to even inform the vast
majority of users of this feature.

From my observation their UI is just copied Facebook UI. And my issue with
this is not lack of originality. Rather it's the fact that people will now
compare Diaspora functionality with that of Facebook. Furthermore anything
working differently will lead to frustration, as certain behaviors are
expected.

~~~
auxbuss
If their intent is to woo Facebook users, then creating an interface familiar
to Facebook users is not a bad approach.

An interface can look similar superficially, while performing completely
differently at the next level.

~~~
deno
Perhaps, but I'm not convinced. If you are going to have similar features and
interface your only advantage left is The Fear of Privacy. And frankly, it's
getting a bit old. It's the Facebook and Google that will change people's
expectations and habits. You can create something that will work better but I
see it as those auto-destructing emails. No privacy is better than false
privacy.

------
benlangfeld
I'm really disappointed to see that the team has decided that instead of
learning about an existing standard (XMPP) which fits the purpose perfectly,
they've decided to begin defining their own protocol, which will go down the
same path but with less rigour and a whole lot of wasted time. Eventually it
will have to be trashed in favour of something more robust.

If that's what they've spent the last three months working on, they've had
some bad advice. I thought Pivotal were all about "just get the damn thing
done" and so would have encouraged them not to waste their time.

~~~
imf
We are indeed all about being pragmatic. I think a lot of our pragmatism has
rubbed off on the Diaspora folks, but do keep in mind that we're not really
advising them in any formal capacity. (Other than the occasional conversation
over breakfast, or when they ask about ideas.) I'm sure if you asked them
about their choices, they'd be very happy to take in new ideas. Not to speak
for them, but I think they're just trying to get a concept out and iterate on
it. I think Ship it Squirrel would approve.

~~~
benlangfeld
I've posted to the diaspora-dev list pointing to this comment, so hopefully
one of the Diaspora guys will take a look at this soon.

I'll also follow up shortly with a blog post with more details about how this
might be implemented atop a well defined set of standards and the benefits of
doing so vs re-inventing the wheel.

------
xelfer
They really need to do something about that name. They seem to be having
trouble with it themselves:
[http://github.com/diaspora/diaspora/commit/708e9f88a55cc3713...](http://github.com/diaspora/diaspora/commit/708e9f88a55cc37130f93cc47b820f62fbf48d2d)

~~~
alanh
For a lot of people, their name’s strongest connotation is Jewish persecution.
To me, this is so awkward as to rule out the name for use in serious software.

~~~
glhaynes
It's like at my work when I proposed that we could get some benefit from an
"interim solution" until we could finish up what we were planning. Of course
people started (innocently, ignorantly) calling the original plan the "final
solution". Always made me cringe.

~~~
kleevr
Given the misspellings/mispronounciations/miscommunications already inherit in
the name, I think they should re-brand as something like: Disápora ... (or
some other spelling of a similar phonetic ilk)

* I say this because every time I've tried to describe it verbally, I always end up saying something like 'disapora' and making a hand-wavey gesture in a direction "away" from 'facebook'

------
patio11
Sweet Jesus. Please publish a security reporting page at the earliest possible
convenience, because this will have private info on it within a day from now,
and that is a _very bad idea_ right now.

~~~
dandelany
What? Correct me if I'm wrong, but it looks like they're just releasing the
source code, not taking new users for "the" Diaspora or sharing access to any
kind of central database of users. It's just a ruby web app you can download
and run locally (or on a web server if you're that dumb...), right? And in
that case, how is this any worse than the hundreds of other bits of (unsafe,
untested) social networking code floating around the interwebs?

~~~
patio11
_how is this any worse than_

... is a question which would be better to answer privately, to a security
contact. Use your imagination as to what the email would likely say.

This may just be a difference of philosophy, but I don't think "It isn't
really a release, so nobody would be stupid enough to actually run this on a
publicly accessible server." After all, consumers of The New Hotness have a
lot less incentive to think through the security implications of running it
than the developers did. [Edit: And the developers apparently have a publicly
accessible instance running. That decision is _curious_.]

This _will_ be running in production today. If very bad things happen, the
TechCrunch article about it _will_ have Diaspora in the headline.

That is enough of an incentive to have a security page.

~~~
dandelany
Thanks for the response. I agree that a security page is a good, even
necessary idea, it just doesn't strike me as a pressing emergency for them at
the moment.

~~~
patio11
They're currently getting coverage on the Guardian, BBC, etc, and will get it
on the New York Times within 24 hours. That is about to create an emergency
for them, because being the secure, privacy-aware alternative to Facebook
gives people some expectations as to how the software will work. Many of those
expectations match the designed behavior. None match the software as actually
implemented.

They just did a media launch and they're in for their earliest users getting
burned in a very painful, public manner. If this isn't an emergency, what does
an emergency look like?

------
Maro
If it's true that for a social network to be successful it needs some quick
growth at the beginning to have a critical mass, then Diaspora is in trouble.
They're in trouble because they release non-usable alpha versions of their
code, loose the buzz ("Diaspora released another version today, X works now,
but it's still not good enough to replace Facebook."), and by the time they
have a 1.0 version nobody's going to care.

I'm saying it might not make sense to develop software in an open-source
manner whose existense relies of viral growth of users dependant on a one-off
buzz generated when the 1.0 is released.

~~~
daleharvey
thats a pretty big if, almost the entire customer development program is aimed
towards proving that if isnt true

~~~
Maro
What customer development program?

~~~
daleharvey
Sorry, terrible wording, customer development process / methodology / idea
etc.

~~~
Maro
My question was, does Diaspora actually have such a process?

It seems to me their approach is to get power-users like HN folks on-board
first. Conveniently, we are also the users who would run servers for our
friends or do a startup that would do Diaspora hosting. But that's my point.
If we keep seeing these alpha releases, it will loose the buzz, and it'll
never reach critical mass / momentum. Eg. this release is so minimal, I really
don't care. Tell me when it's 1.0.

~~~
jarin
It's gonna be tough to do a Diaspora hosting startup with it being AGPL-
licensed.

~~~
steveklabnik
Why? Look at Heroku; they us all off the shelf software for 90% of their
components.

People will always pay for convenience.

~~~
sandeepshetty
And in diaspora's case, customizations for your community.

------
hammerdr
Many of the exciting[1] new open source projects seem to have a huge focus on
UX. I love this. Open source has always seemed to have a stigma of 'unusable'
and these initiatives are really going against that notion. Diaspora,
jQueryUI, SproutCore, Cappuccino..

[1] I use exciting not as personal excitement here but by the community
excitement around these projects. Whether its press coverage, developer buy in
or user elation.

------
cmelbye
Here's a public server for trying it out: <http://openspora.com/>

Running stock Diaspora code, but it's got a LOT of problems (which is to be
expected from pre-alpha software I suppose.)

~~~
gosuri
The Images aren't uploading, are you using heroku?

~~~
cmelbye
Nope.

------
jhawk28
Github repo: <http://github.com/diaspora/diaspora>

Looks like they are using Ruby/Rails and MongoDB.

~~~
bborn
Demo: <http://tom.joindiaspora.com/> user: tom password: evankorth

~~~
joshfinnie
Seems very slow... Not loading for me.

~~~
mikemol
It looks like someone created an account named "Mark Suckerberg" and automated
a posting flood repeating the text "I accidentally.. the whole economy".

Also, said account's avatar looks like some kinda of three-way orgy. Not
investigating _that_ image farther...

~~~
mikemol
...And that just happened to be the account you log in as. Changed the name
and image. I'm sure someone will change it back.

------
EGreg
I've been following this project for a while - these guys are from my school
:)

Very awesome to see a bunch of undergrad guys come up with this project. I'm
still amazed at the PR they got at the time.

I'm also kind of working on my own thing ... <http://myownstream.com>

If you set out to make a private social network, though, it's not that easy.
Now, instead of trusting facebook, you'll have to trust ALL of your friends'
hosting providers. For example, with diaspora, someone at mediatemple can in
principle peek at the contact details you have synced with any of your
friends. How is that any more secure?

What this is, is decentralized. Which is still really cool!

~~~
mark_l_watson
You are right about having to trust too many different hosting companies or
people who install it and make it public, but there should be a way to tunnel
directly through to another user with everything in the middle just seeing an
encrypted data stream.

However, how about a simpler scenario: you set up on one of your servers and
only invite your family to join. Another instance for a club, etc. Have a very
easy export/import mechanism to push material in your account in one group to
another, under your control.

~~~
EGreg
Their app is running on someone's hosted server. You can of course have
complete security BETWEEN servers (as these guys say "PGP for you privacy
nerds") but ... you still have to trust everyone's hosting company.

A single hosting company hosting 1000 diaspora accounts can compromise details
of 127,000 accounts, if each diaspora user has 127 friends on average.

As far as setting up social networks on a server, there are plenty of those
... dolphin, elgg ... and they are quite good. If you want it to be
decentralized nodes, you are stuck trusting everyone's hosting providers to
not peek at the data you are sharing. Which imho is worse than trusting only
facebook in terms of privacy.

On the other hand in terms of everything else, decentralization is a huge WIN!
Such as scaling and uptime.

------
Vishnevskiy
I was kinda of expecting more with a funding, an office, and a semi large
team.

I have personally been working with my co-founder with zero funding on a
MMORPG social start-up that brings the best features of Facebook to another
group of people. We have implemented real-time features through Erlang
(including Chat and Streams), data collection/aggregation from games, and far
more. (<http://www.guildwork.com/blog/> if anyone is interested, its our
public testing site, we have not launched). Anyway I guess my point was if 2
people with zero funding and no office can accomplish that, I certainly
expected more from them. But to be fair we been killing ourselves slowly by
working as hard as we do, maybe they took a relaxing approach. =P

Also for something that is meant to be distributed Rails does not seem like a
very good choice.

Just my 2 cents, hopefully open sourcing it will pick things up.

~~~
weixiyen
Agreed. The UI isn't even that good. They paid a company to tell them to copy
Facebook, but ghettoed it. The funding definitely went to people who were not
ready for this. They had 4 developers on this, you'd expect more polish. Just
feels like a regular crud app with flash sockets, won't work iPhone/iPad
without a lot of tinkering. Am I being too harsh?

~~~
K3G
I agree with your criticism from a quick look.

That being said, I have no skills to bother taking a look under the hood.
Could be they've done some impressive stuff underneath, and it will manifest
over time?

------
mark_l_watson
Good job on the cool stack checklist: Rails 3 (check), Haml generated HTML5
(check), nicely laid out Rails app (check), uses MongoDB (check).

As long as I am praising, I'll add a thumbs up for using AGPL: IMHO a very
good license choice.

~~~
mark_l_watson
BTW, from just grabbing the code, it looks like: use Ruby 1.8.7, not 1.9.2,
have a local mongod running, bundle install, bundle exec thin start. Looks
nice.

~~~
mark_l_watson
Also, need to: rake db:seed:tom Then login: tom passwd: evankorth

App really looks nice so far.

------
jat850
It looks surprisingly advanced, from a screenshot perspective - more than I
admit I would have given them credit for.

Is there additional insight into what "aspects" are, though? It confuses me -
will it confuse an ordinary user?

~~~
happybuy
I'm guessing they should have just called aspects "groups".

From what I can tell, they are just groups of users which you can publish
particular content/updates to.

~~~
eavc
Would that be confusing to use that terminology since groups was recently a
staple of facebook with a very different meaning?

------
rscott
I'm sorry, but for $200k+ funding you need to do more to impress me than
throwing a bunch of gems together and putting it on MongoDB.

I like the minimalist design, though.

~~~
toddynho
it's not like 200K has gone into what they're releasing now. 200K needs to
last them for a while :)

in my book, it takes balls to release something this early. so, kudo's to
them.

------
kacy
I don't want to be that guy, but this looks a lot like Virb from a few years
ago (<http://static.arstechnica.com/VirbActivity.jpg>).

Good on them though for releasing! This looks like a solid effort. I wish them
the best. :-)

------
sahillavingia
I'm kinda over this. Where's Diaspora Instant?!

~~~
what
I don't think there's even a Diaspora search. How do you find people?

~~~
eavc
on facebook

;)

------
vault_
It seems to be AGPL licensed. I'm wondering how that will affect adoption.

~~~
bl4k
I think that since the community funded this project that the code should have
a more liberal license so that the community can do what they want with it.

The project also depends on MongoDB, which is also AGPL licensed, which raises
the question of if paid hosting of a diaspora instance is 'commercial' and if
it requires a MongoDB license from 10gen, I would think that it does.

They should BSD/MIT license their own code, and build more storage options
outside of MongoDB. I am surprised that donors didn't insist on a license as
part of the kickstart funding.

~~~
warp
The AGPL (like the GPL) does not allow adding more restrictions. You do not
need any further license to use AGPL licensed code in a commercial product,
you just have to abide by the license terms of the AGPL.

I assume the 10gen commercial license allows you avoid having to provide
source code for your product to your users. (but the mongodb website isn't
clear about that).

~~~
mathias_10gen
We try to be very clear about licensing:
<http://www.mongodb.org/display/DOCS/Licensing>. Please let us know if there
is something on that page that needs clarification.

I would like to make it clear that users of MongoDB don't need to opensource
their product, only their changes (if any) to the MongoDB server itself. The
commercial license is mostly for companies that have strict (if misguided) "no
AGPL" policies. Most users do not need it.

------
jlgbecom
There are a bunch of open source social networking projects out there. One is
Appleseed, which has been in active development since 2004, open source since
2005, and has had four releases in the past 3 months.

<http://opensource.appleseedproject.org>

For all the attention Diaspora is getting, the other projects will be usable
by average users way before they will.

~~~
SingAlong
there was something called "AroundMe" which was at first the usual walled-
garden social network software. But then they changed their philosophy to make
it like what Disapora is now. I guess it started sometime in 2005. I edited
the older version of their software to setup my own social network.

<http://www.barnraiser.org/aroundme>

Runs on php and mysql.

I did checkout AppleSeed longtime back version 0.2 or 0.3 (on savannah i
guess). Clean code.

Barnraiser's AroundMe has plugin functionality built in. It's not the
facebook-type third-party app API. So don't get me wrong.

------
holman
What Diaspora really needs now is some startup, some well-known developers, or
the Diaspora crew themselves to stand up and say "Okay, now we're going to use
this framework to build a very real social network." Until then, it's just
some people building out some cool ideas. Don't get me wrong, that's great;
it's just hard to rally around it without getting something concrete behind
it.

~~~
jmspring
With the distributed instances, the focus on data portability, and open source
nature of Diaspora one real use case that comes to mind is:

\- Diaspora would make a "social" add on to other sites, ie, just one
component of larger specialized sites.

Rather than creating "plug ins" for Diaspora, Diaspora becomes a plugin
itself.

It will be interesting to see how it evolves.

~~~
templaedhel
I would like to see (and if I get the time, or a client who needs it I will
look into creating) a dispora plugin for wordpress, as opposed to that dreaded
buddypress. It (to me) would have the same appeal as disqus etc with you being
able to use the same account to connect across the web, with different
"seeds".

~~~
brandnewlow
What's wrong with Buddypress? Never heard a bad word about it myself. Haven't
used it either, though.

------
melvinram
They are building social networking software which means that at some point
the goal will need to be to get everyone and their mother on board. Because
they built the app on Rails, they are now facing an uphill battle with
distribution as there are not a lot of places that you can easily setup a
Rails site.

I love Rails but for this type of app, it might have helped them gain traction
faster if it was built on PHP, or was even just a massive plugin for
WordPress.

Now if a lot of people really seem to love Diaspora and demand for Rails
hosting increases dramatically, I'm sure hosting providers will take note and
increase their commitment to Rails. That would be an ideal situation, but not
a likely outcome.

~~~
logic
I'm dealing with this right now, as I'm pretty interested in Diaspora's
architecture. Since Fedora (13) ships with Ruby 1.8.6, it looks like I'll be
building a standalone version of ruby just for this (requires Rails 3,
released a couple of weeks ago, which in turn requires ruby >= 1.8.7).

Rails is a perfectly good target for this, IMHO; I'm a Python guy and would
have preferred Django, but that's a bikeshed as far as I'm concerned. And, for
a dev release, depending on a just-released version of a major framework isn't
a huge deal, as long as they understand that it's going to be a barrier to
entry for quite a few people until distributions have caught up.

~~~
mark_l_watson
It only took me 10 or 12 minutes to get it set up and running, but I already
had a mongod running on my laptop and all 5 popular rubies installed with rvm
(with most gems already installed). Still, follow the readme file, and it is
fairly easy.

~~~
Joeboy
I abandoned it at the point I was going to have to globally install specific
versions of stuff from source. There might be ways to avoid that but as a ruby
n00b I don't know them.

~~~
bphogan
Use RVM. <http://rvm.beginrescueend.com>

------
wwortiz
For some reason I thought that development was being done in php.

Other than that I'm somewhat dismayed that their open source release isn't
actually running on some site and says run at your own risk due to security
issues. Edit: (Looks like there is a demo in the comments here but not open to
sign up)

Hopefully development continues quick enough that it escapes into the public
before the tech hype is gone.

~~~
thinkalone
I also thought it was going to be in PHP - they definitely mentioned that at
some point, but once I saw their website was written in Ruby, I suspected they
might be moving in a different direction...

Good to see they hit their release date, and I look forward to messing around
with it, even though I know more PHP than Ruby ;)

~~~
jlgbecom
Appleseed and Elgg are both in PHP, if you're looking to help out with an open
source social networking project.

~~~
thinkalone
I've installed and played with both, but I'm still not sure how things will
develop if social networks become more "distributed." Ideally, in my opinion,
sites sould be able to run any social software, whether Appleseed, Elgg, or
Diaspora, and they could all interconnect and push updates to each other,
somewhat similar to the many available options for blogging software all
syndicating via RSS. I'm glad that there has been so much interest and
publicity surrounding Diaspora, since it will benefit this new type of social
networking and help it grow, now matter what platform or language each client
is built on!

------
jarin
I just patched Diaspora to work on Heroku, if anyone wants to do that:
<http://github.com/jarinudom/diaspora/>

I submitted a pull request but I think they are asleep :)

------
sjtgraham
Had a 5 minute glance at the code. I don't think they realise that `self` is
the default receiver in Ruby, judging by how many times I saw it used
superfluously.

Anyway, kudos to them for actually releasing some code. I would like to
contribute, does anyone know if they are accepting patches?

~~~
danieldon
Some people like to use explicit self to differentiate methods from local
variables. Also, there are consistency issues. Explicit self is required for
attribute writers and implicit self can call private methods on parent
classes. Personally, I'm not a big fan of implicit self.

------
andymoe
I wonder how hard it would be to get running on a small heroku instance just
for fun...

~~~
tedkimble
Well I believe heroku includes ImageMagick by default, so it seems the only
dependency would by MongoDB. Has anyone ever used the MongoHQ add-on?
<http://addons.heroku.com/mongohq>

~~~
zachrose
It's funny, since hearing about Diaspora I understood it as your own portable
web app that people run on something like Heroku for non-developers.

~~~
alttab
You may be on to something there.

------
smoody
Mongodb is an interesting choice. I haven't used Mongodb, so I might be
misunderstanding a design decision made by the Mongodb developers, but isn't
it possible to get into a situation with Mongodb where the writes are delayed
and, as a result, new records (documents) added to a database might not show-
up on the following reads (so a user might post a status update, but then
he/she might not see it added to his/her status updates page when the pages
reloads). Or perhaps the Diaspora developers decided to commit writes to the
disk immediately at the cost of performance? Just curious.

~~~
steveklabnik
With a distributed social network, I'd imagine that it's okay if data is a
second or two out of date, so it should be cool.

> but then he/she might not see it added to his/her status updates page when
> the pages reload

Even if it were to happen, you're assuming a page loads when they make a
comment. ;) This shouldn't happen until there are extremely high loads, but
even then, just don't make the comment box reload the page, insert the comment
into the DOM, and make your POST with AJAX. ;)

------
Croaky
What's up with their contributor agreement?

[https://spreadsheets.google.com/a/joindiaspora.com/viewform?...](https://spreadsheets.google.com/a/joindiaspora.com/viewform?formkey=dGI2cHA3ZnNHLTJvbm10LUhXRTJjR0E6MQ&theme=0AX42CRMsmRFbUy1iOGYwN2U2Mi1hNWU0LTRlNjEtYWMyOC1lZmU4ODg1ODc1ODI&ifq)

That seems pretty wacky. The patent section in particular seems random and
unrelated.

------
mcgyver
Interesting to see it released under GPL3(+). Looks like they want any
distributed modifications going back to the community.

------
ErrantX
Looks ok, not as good as I was hoping (though I realise they are working on
back end stuff).

Fancy front end things, though, are just overkill at this point. Next they
_must_ nail the interface or people will not use it. Random example; "all
aspects" needs to change to something else (or they need to aggressively teach
people what an aspect is).

------
seltzered
If possible, I want to start a project/patch to do full-screen photo
slideshows (a la flickr).

I may try setting it up if I have a chance, I'm assuming the packaging of it
all will take time before it becomes something a layperson can just run on an
extra windows machine.

------
skbohra123
are diaspora guys on HN ?

------
weego
If you're building something you expect people to be able to install
themselves, surely your #1 priority would be to not build dependencies that
regular hosting can't provide.

------
gosuri
You can access the demo version <http://trydiaspora.com/> , my user is
g@trydiaspora.com

------
Robin_Message
Given that "Anyone who would letterspace lowercase would steal sheep" -- that
font style is not a good sign in a security product ;-)

------
pkulak
Can anyone explain to me what an "aspect" is?

~~~
steveklabnik
It seems to be just like a 'group,' or an 'interest.' An 'aspect' of your
personality that you'd like to share with others.

~~~
pkulak
That's a really good idea. I post stuff to Facebook all the time about college
football, but I know a lot of peole don't care about that and just want the
baby pictures... and vice versa.

------
jpwagner
i don't understand their vision and sifting through their blog posts and faq
for 5-10 minutes did not teach me.

can anyone articulate it?

~~~
seanieb
<http://vimeo.com/11099292>

