Many projects never get this far, and for this, they deserve to be commended. They've built something and dealt with a lot of external pressure at the same time.
See earlier update for more information;
From my observation their UI is just copied Facebook UI. And my issue with this is not lack of originality. Rather it's the fact that people will now compare Diaspora functionality with that of Facebook. Furthermore anything working differently will lead to frustration, as certain behaviors are expected.
An interface can look similar superficially, while performing completely differently at the next level.
Not taking anything away from the diaspora guys, I havent tried the application, just mentioning in case anyone thought drag and drop was too much of a hassle to add to their app, it can be done in a few minutes.
I saw them shortly after at MongoNYC where they were getting a lot of attention. In spite of that, they just focused on learning what they needed and hearing the talks about people's experiences.
This is exactly the kind of focus that's needed to get the job done, so not only should it not be surprising, it should be expected. In spite of that, I'm stoked to see it.
If that's what they've spent the last three months working on, they've had some bad advice. I thought Pivotal were all about "just get the damn thing done" and so would have encouraged them not to waste their time.
I'll also follow up shortly with a blog post with more details about how this might be implemented atop a well defined set of standards and the benefits of doing so vs re-inventing the wheel.
is it just the publicity? how long can everyone ride that, and why would anyone with a clue think that's a worthwhile endeavour.
i've read through the developer mailing list and it's a bunch of arguments that essentially boil down to opinions about what this project "should be", and technical discussions by admitted non-experts about topics that are extremely fundamental to the success of this project. with 200K, and a boatload of exposure, they could have spent the summer consulting with experts, planning a viable solution. but they didn't (nor did they ever imply that they would, so no surprise here). i don't mean to sound elitist, but a viable global social networking platform should probably be designed by experts.
i'm not trolling, i'm hoping that people will read this and go "oh yeah, maybe my time could be better spent on other projects", instead of blazing onwards without looking at the big picture.
It seems however that they plan to align with the ostatus.org protocol, but so far no documentation of their architecture and protocol has been delivered. In Ostatus, the server-server messaging is HTTP based and using the PubSubHubBub and Salmon protocols.
In their presentation for Pivotal's Tech Talks series, they dismissed XMPP on the basis of not wanting to learn about it(!). Their dismissal of onesocialweb seems inappropriate on technical grounds. Also, HTTP is not the be-all and end-all. Not everything has to be shoehorned onto HTTP...
You can bet for most non-US people that 'diaspora' reminds them of some sort of persecution their people have faced. It is also a word that is used in a lot of languages, I have friends who are Russian, Ukranian, Serbian, Lebanese, Armenian, Jordanian etc. who all refer to themselves being in the 'diaspora' (ie. persecuted people who left their homeland and are now living in the west)
I like it for that reason. Edgy, accurate, and with the potential to repurpose/reframe the word in the minds of many.
That kind of persecution also tends to cause the persecuted to bond even more strongly and proudly with their cultural identity, so the connotations are not all bad.
* I say this because every time I've tried to describe it verbally, I always end up saying something like 'disapora' and making a hand-wavey gesture in a direction "away" from 'facebook'
Funny, I think of http://en.wikipedia.org/wiki/African_diaspora
Your mileage, of course, may vary.
Diaspora is at least an easy-grade SAT word.
Even for those of us who know the denotation, it gives absolutely no indicator as to what the product does. (It is instead a reference to how the product works... dispersed Facebook). From a marketing standpoint this is a problem.
Hopefully this will become 'the diaspora project', and they will come up with a new name for the actual results of it.
For New York Jews? You say it to me I think potato famines.
It's a fine, catchy name with some bite. Hopefully they don't trade it in for something dumb like folksr.
(I know this is like planning where to put the swimming pool in your 1 bedroom apartment in the event that you win the lottery but I think the choice of name does/did have a lot to do with just how long the view of the founders was when they started.)
That said, it is currently my only quibble. I'm glad to see that things actually got done and out the door. It sure seems to have gone a lot better than anything I worked on this summer.
The whole idea is to allow the Facebook-bound multitudes to leave that particular kingdom and spread -- along with their data -- across the Internet, as a decentralized system.
The name is therefore the goal, the intended result. It's a high bar, but it's an ambitious project.
... is a question which would be better to answer privately, to a security contact. Use your imagination as to what the email would likely say.
This may just be a difference of philosophy, but I don't think "It isn't really a release, so nobody would be stupid enough to actually run this on a publicly accessible server." After all, consumers of The New Hotness have a lot less incentive to think through the security implications of running it than the developers did. [Edit: And the developers apparently have a publicly accessible instance running. That decision is curious.]
This will be running in production today. If very bad things happen, the TechCrunch article about it will have Diaspora in the headline.
That is enough of an incentive to have a security page.
They just did a media launch and they're in for their earliest users getting burned in a very painful, public manner. If this isn't an emergency, what does an emergency look like?
"hundreds of other bits of (unsafe, untested) social networking code floating around the interwebs" is not a benchmark that this project should aspire to.
Here, let me tell you what isn't a problem: you cannot type "system('rm -rf /')" into their username field on the signup form and wipe any machine with Diaspora installed because some idiot passed untrusted user input straight to exec. But if that were a problem, do you understand why mentioning publicly "Hey, the username field is passed straight to exec... that's sort of bad." is a bad idea? Because that lets any idiot immediately create wipe_arbitrary_diaspora_install.rb
There are several vulnerabilities in Diaspora right now. They allow very bad things. There are multiple public Diaspora installations. They are all vulnerable to very bad things.
I think releasing this was very, very premature.
It's been added to the README at http://github.com/diaspora/diaspora
And they will be the same person that complains really loudly when it goes wrong :)
>Feel free to try to get it running on your machines and use it, but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable. If you do find something, be sure to log it in our bugtracker, and we would love screenshots and browser info.
That seems to cover it, doesn't it?
Any disclosed vulnerability is an exploit roadmap for these public instances. Speaking generally, exploits of public web apps can sometimes be pretty severe. Yes, the software is immature, but is now immature and an attack vector.
There's actually more of a case for disclosing security bugs in established products if the vendor doesn't respond quickly enough. If people are relying on a product for critical uses, having information that lets them minimize their risk could be helpful. I don't see the benefit in this case.
I'm saying it might not make sense to develop software in an open-source manner whose existense relies of viral growth of users dependant on a one-off buzz generated when the 1.0 is released.
It seems to me their approach is to get power-users like HN folks on-board first. Conveniently, we are also the users who would run servers for our friends or do a startup that would do Diaspora hosting. But that's my point. If we keep seeing these alpha releases, it will loose the buzz, and it'll never reach critical mass / momentum. Eg. this release is so minimal, I really don't care. Tell me when it's 1.0.
People will always pay for convenience.
 I use exciting not as personal excitement here but by the community excitement around these projects. Whether its press coverage, developer buy in or user elation.
Running stock Diaspora code, but it's got a LOT of problems (which is to be expected from pre-alpha software I suppose.)
Looks like they are using Ruby/Rails and MongoDB.
Also, said account's avatar looks like some kinda of three-way orgy. Not investigating that image farther...
Very awesome to see a bunch of undergrad guys come up with this project. I'm still amazed at the PR they got at the time.
I'm also kind of working on my own thing ... http://myownstream.com
If you set out to make a private social network, though, it's not that easy. Now, instead of trusting facebook, you'll have to trust ALL of your friends' hosting providers. For example, with diaspora, someone at mediatemple can in principle peek at the contact details you have synced with any of your friends. How is that any more secure?
What this is, is decentralized. Which is still really cool!
However, how about a simpler scenario: you set up on one of your servers and only invite your family to join. Another instance for a club, etc. Have a very easy export/import mechanism to push material in your account in one group to another, under your control.
A single hosting company hosting 1000 diaspora accounts can compromise details of 127,000 accounts, if each diaspora user has 127 friends on average.
As far as setting up social networks on a server, there are plenty of those ... dolphin, elgg ... and they are quite good. If you want it to be decentralized nodes, you are stuck trusting everyone's hosting providers to not peek at the data you are sharing. Which imho is worse than trusting only facebook in terms of privacy.
On the other hand in terms of everything else, decentralization is a huge WIN! Such as scaling and uptime.
I have personally been working with my co-founder with zero funding on a MMORPG social start-up that brings the best features of Facebook to another group of people. We have implemented real-time features through Erlang (including Chat and Streams), data collection/aggregation from games, and far more. (http://www.guildwork.com/blog/ if anyone is interested, its our public testing site, we have not launched). Anyway I guess my point was if 2 people with zero funding and no office can accomplish that, I certainly expected more from them. But to be fair we been killing ourselves slowly by working as hard as we do, maybe they took a relaxing approach. =P
Also for something that is meant to be distributed Rails does not seem like a very good choice.
Just my 2 cents, hopefully open sourcing it will pick things up.
That being said, I have no skills to bother taking a look under the hood. Could be they've done some impressive stuff underneath, and it will manifest over time?
Money and more help can solve some problems.
I think a designer=that-can-code or a developer-that-can-design make things happen faster.
As long as I am praising, I'll add a thumbs up for using AGPL: IMHO a very good license choice.
App really looks nice so far.
Is there additional insight into what "aspects" are, though? It confuses me - will it confuse an ordinary user?
This is a pet peeve of mine, using extremely generic words to describe an important part of what you are working on. "Object Oriented Programming" got away with it, but that is aimed squarely at developers. I don't think you want words like "aspect" in front of actual users.
I've noticed this a lot in academic research, also. I lost track of how many different ways I saw the word "feature" overloaded in different fields.
From what I can tell, they are just groups of users which you can publish particular content/updates to.
I like the minimalist design, though.
in my book, it takes balls to release something this early. so, kudo's to them.
Good on them though for releasing! This looks like a solid effort. I wish them the best. :-)
The project also depends on MongoDB, which is also AGPL licensed, which raises the question of if paid hosting of a diaspora instance is 'commercial' and if it requires a MongoDB license from 10gen, I would think that it does.
They should BSD/MIT license their own code, and build more storage options outside of MongoDB. I am surprised that donors didn't insist on a license as part of the kickstart funding.
I assume the 10gen commercial license allows you avoid having to provide source code for your product to your users. (but the mongodb website isn't clear about that).
I would like to make it clear that users of MongoDB don't need to opensource their product, only their changes (if any) to the MongoDB server itself. The commercial license is mostly for companies that have strict (if misguided) "no AGPL" policies. Most users do not need it.
AFAIK AGPL does not stop anyone from making money. It just stops taking others work as the base and building closed enhancements on top of it.
I'm all for free software and all that, and GPL is great for infrastructure software like web servers and databases, but I think a BSD license would probably work better overall for Diaspora adoption and for encouraging more serious developers to work on it.
For all the attention Diaspora is getting, the other projects will be usable by average users way before they will.
Runs on php and mysql.
I did checkout AppleSeed longtime back version 0.2 or 0.3 (on savannah i guess). Clean code.
Barnraiser's AroundMe has plugin functionality built in. It's not the facebook-type third-party app API. So don't get me wrong.
- Diaspora would make a "social" add on to other sites, ie, just one component of larger specialized sites.
Rather than creating "plug ins" for Diaspora, Diaspora becomes a plugin itself.
It will be interesting to see how it evolves.
I love Rails but for this type of app, it might have helped them gain traction faster if it was built on PHP, or was even just a massive plugin for WordPress.
Now if a lot of people really seem to love Diaspora and demand for Rails hosting increases dramatically, I'm sure hosting providers will take note and increase their commitment to Rails. That would be an ideal situation, but not a likely outcome.
This is one thing I hope they get right: it's the right thing to do to focus on a first implementation, but in the end what is more important is the protocol that emerges from that. If the underlying protocol is solid then you will get independent people writing ports of it to every language under the sun in no time. On the other hand if the underlying protocols are either flimsy or technology dependent (specific to ruby or some other part of their stack) then it's going to really limit how much this can spread and how much involvement they get.
Rails is a perfectly good target for this, IMHO; I'm a Python guy and would have preferred Django, but that's a bikeshed as far as I'm concerned. And, for a dev release, depending on a just-released version of a major framework isn't a huge deal, as long as they understand that it's going to be a barrier to entry for quite a few people until distributions have caught up.
Something to note about the choice of Rails though is that you now have options like insta-deploy Railsmachine/Heroku type providers for this. Not them specifically mind you.
Torrent here: http://burnbit.com/torrent/154764/diaspora_alpha_iso
Oh well hopefully it will work on Heroku.
I'll probably move my blog to wordpress.com hosting and then try a combination of Heroku and Amazon EC2 micros for my app prototyping.
Other than that I'm somewhat dismayed that their open source release isn't actually running on some site and says run at your own risk due to security issues. Edit: (Looks like there is a demo in the comments here but not open to sign up)
Hopefully development continues quick enough that it escapes into the public before the tech hype is gone.
Good to see they hit their release date, and I look forward to messing around with it, even though I know more PHP than Ruby ;)
I submitted a pull request but I think they are asleep :)
Anyway, kudos to them for actually releasing some code. I would like to contribute, does anyone know if they are accepting patches?
heroku addons:add mongohq:free
> but then he/she might not see it added to his/her status updates page when the pages reload
Even if it were to happen, you're assuming a page loads when they make a comment. ;) This shouldn't happen until there are extremely high loads, but even then, just don't make the comment box reload the page, insert the comment into the DOM, and make your POST with AJAX. ;)
That seems pretty wacky. The patent section in particular seems random and unrelated.
Fancy front end things, though, are just overkill at this point. Next they must nail the interface or people will not use it. Random example; "all aspects" needs to change to something else (or they need to aggressively teach people what an aspect is).
I may try setting it up if I have a chance, I'm assuming the packaging of it all will take time before it becomes something a layperson can just run on an extra windows machine.
can anyone articulate it?