Hacker Newsnew | comments | show | ask | jobs | submitlogin
Diaspora Developer Release (joindiaspora.com)
308 points by PStamatiou 1624 days ago | comments



I'm impressed and surprised that they have released code. I worried that the initial flurry of money and hype would derail them.

Many projects never get this far, and for this, they deserve to be commended. They've built something and dealt with a lot of external pressure at the same time.

-----


Apparently they spent some of the money on working with LUXr and Pivotal Labs. The best technical solution can be derailed by a poor user interface and experience. It looks like they avoided that.

See earlier update for more information; http://www.joindiaspora.com/2010/08/26/overdue-update.html

-----


Actually Diaspora hasn't spent any of their money with us, (us = Pivotal,) we're just giving them space to work in, and occasional advice when they ask for it. It's been fun to have them around, and we're glad they're open-sourcing and getting feedback like this.

-----


I just downloaded and ran the project, and to be honest, I didn't see more UX work than what could have been done in an afternoon's worth of googling around for some templates.

-----


You obviously haven't noticed all the touches like being able to drag files into the browser to upload them (Gmail-style)

-----


That's for super-power-users, maybe in 5 years for advanced users. If you attempt to do this with either unsupported browser or on unsupported website your browser will act very non-userfriendly, like by opening dropped file. Because of this it would be foolish and dangerous to even inform the vast majority of users of this feature.

From my observation their UI is just copied Facebook UI. And my issue with this is not lack of originality. Rather it's the fact that people will now compare Diaspora functionality with that of Facebook. Furthermore anything working differently will lead to frustration, as certain behaviors are expected.

-----


If their intent is to woo Facebook users, then creating an interface familiar to Facebook users is not a bad approach.

An interface can look similar superficially, while performing completely differently at the next level.

-----


Perhaps, but I'm not convinced. If you are going to have similar features and interface your only advantage left is The Fear of Privacy. And frankly, it's getting a bit old. It's the Facebook and Google that will change people's expectations and habits. You can create something that will work better but I see it as those auto-destructing emails. No privacy is better than false privacy.

-----


drag and drop uploading is like 10 lines of code for the usual suspects.

Not taking anything away from the diaspora guys, I havent tried the application, just mentioning in case anyone thought drag and drop was too much of a hassle to add to their app, it can be done in a few minutes.

-----


There is this famous story about a consultant who is called in to find the error in an expensive machine. After a while he marks a place on the machine with a cross. The bill is 100000$: 0.01 for the chalk used to make the cross, 99,999.99$ for "knowing where to put it".

-----


The story is Tesla visiting Henry Ford to fix some electric motors he had on his production line. The amount of the bill was $10,010. Ford called him up later to ask why ten thousand and ten, when Tesla quipped the famous quote ($10 for the chalk, $10,000 because I knew where to put it).

-----


Ah cool - I had just googled for the origin, and only found a story on a "business jokes" web site (they used 50000$). Didn't know it has a real origin.

-----


Always check Snopes:

http://www.snopes.com/business/genius/where.asp

-----


I think it speaks to the support network available for entrepreneurs in NYC. Charlie O'Donnell of First Round kicked it off, from what I recall, with this post advising Diaspora on how to make it through the immediate chaos and get to building. Many people spoke up via blog posts and tweets to suggest simply getting to work as quickly as possible and to not set the vision too high yet.

http://www.thisisgoingtobebig.com/blog/2010/5/13/what-diaspo...

I saw them shortly after at MongoNYC where they were getting a lot of attention. In spite of that, they just focused on learning what they needed and hearing the talks about people's experiences.

This is exactly the kind of focus that's needed to get the job done, so not only should it not be surprising, it should be expected. In spite of that, I'm stoked to see it.

-----


I'm really disappointed to see that the team has decided that instead of learning about an existing standard (XMPP) which fits the purpose perfectly, they've decided to begin defining their own protocol, which will go down the same path but with less rigour and a whole lot of wasted time. Eventually it will have to be trashed in favour of something more robust.

If that's what they've spent the last three months working on, they've had some bad advice. I thought Pivotal were all about "just get the damn thing done" and so would have encouraged them not to waste their time.

-----


We are indeed all about being pragmatic. I think a lot of our pragmatism has rubbed off on the Diaspora folks, but do keep in mind that we're not really advising them in any formal capacity. (Other than the occasional conversation over breakfast, or when they ask about ideas.) I'm sure if you asked them about their choices, they'd be very happy to take in new ideas. Not to speak for them, but I think they're just trying to get a concept out and iterate on it. I think Ship it Squirrel would approve.

-----


I've posted to the diaspora-dev list pointing to this comment, so hopefully one of the Diaspora guys will take a look at this soon.

I'll also follow up shortly with a blog post with more details about how this might be implemented atop a well defined set of standards and the benefits of doing so vs re-inventing the wheel.

-----


i really wonder how long the "community" is going to humour these developers. it's really about time we realize that a bunch of people got tricked into giving some students a bunch of money to hack on a fun project over the summer because they were led to believe that it would be something more than it ever was going to be. they failed to produce anything useful, or even a good starting point for a larger project. they have made poor decisions, have been far-from-transparent, and i don't see how anyone in their right mind would want to hop on board and commit a bunch of their time to this project.

is it just the publicity? how long can everyone ride that, and why would anyone with a clue think that's a worthwhile endeavour.

i've read through the developer mailing list and it's a bunch of arguments that essentially boil down to opinions about what this project "should be", and technical discussions by admitted non-experts about topics that are extremely fundamental to the success of this project. with 200K, and a boatload of exposure, they could have spent the summer consulting with experts, planning a viable solution. but they didn't (nor did they ever imply that they would, so no surprise here). i don't mean to sound elitist, but a viable global social networking platform should probably be designed by experts.

i'm not trolling, i'm hoping that people will read this and go "oh yeah, maybe my time could be better spent on other projects", instead of blazing onwards without looking at the big picture.

-----


They actually explicitly dismissed XMPP (see the comment on this video from them: http://vimeo.com/13026173). They were also approached by the onesocialweb.org team to work together and also dismissed the invite.

It seems however that they plan to align with the ostatus.org protocol, but so far no documentation of their architecture and protocol has been delivered. In Ostatus, the server-server messaging is HTTP based and using the PubSubHubBub and Salmon protocols.

-----


A video demo of "hey look, click here and something happens over there!" is all well and good for impressing your mother, but not entirely useful looking forward. They've mentioned concerns with horizontal scaling and yet they don't consider the obvious option - Erlang.

In their presentation for Pivotal's Tech Talks series, they dismissed XMPP on the basis of not wanting to learn about it(!). Their dismissal of onesocialweb seems inappropriate on technical grounds. Also, HTTP is not the be-all and end-all. Not everything has to be shoehorned onto HTTP...

-----


I second that. All of it.

-----


They really need to do something about that name. They seem to be having trouble with it themselves: http://github.com/diaspora/diaspora/commit/708e9f88a55cc3713...

-----


The name reminds me of the holocaust. It doesn't help that the color theme of the app evokes Schindler's List.

You can bet for most non-US people that 'diaspora' reminds them of some sort of persecution their people have faced. It is also a word that is used in a lot of languages, I have friends who are Russian, Ukranian, Serbian, Lebanese, Armenian, Jordanian etc. who all refer to themselves being in the 'diaspora' (ie. persecuted people who left their homeland and are now living in the west)

-----


actually, for most south asians, the "diaspora" just refers to the extended south asian community who have moved to the west in search of better jobs etc. there are no negative connotations to the term.

-----


"You can bet for most non-US people that 'diaspora' reminds them of some sort of persecution their people have faced."

I like it for that reason. Edgy, accurate, and with the potential to repurpose/reframe the word in the minds of many.

That kind of persecution also tends to cause the persecuted to bond even more strongly and proudly with their cultural identity, so the connotations are not all bad.

-----


Sure, but this sounds like a cult of victimhood or differentness, and you'll find that these subcultures remain in the minority, in part because they define themselves as a minority.

-----


The individual subcultures do, but taken altogether they could be quite large. Good point though, we'll see, hopefully that's not Diaspora's fate.

-----


And now the name has a positive connotation. Powerful, in a way, because so many cultures identify with it.

-----


For a lot of people, their name’s strongest connotation is Jewish persecution. To me, this is so awkward as to rule out the name for use in serious software.

-----


It's like at my work when I proposed that we could get some benefit from an "interim solution" until we could finish up what we were planning. Of course people started (innocently, ignorantly) calling the original plan the "final solution". Always made me cringe.

-----


Given the misspellings/mispronounciations/miscommunications already inherit in the name, I think they should re-brand as something like: Disápora ... (or some other spelling of a similar phonetic ilk)

* I say this because every time I've tried to describe it verbally, I always end up saying something like 'disapora' and making a hand-wavey gesture in a direction "away" from 'facebook'

-----


You either work with uneducated simpletons, or closet nazis and crypto-fascists. There is just no way anybody with a modicum of culture would hear "final solution" and not cringe, much less use the phrase passively in everyday non-historic conversation.

-----


> For a lot of people, their name’s strongest connotation is Jewish persecution.

Funny, I think of http://en.wikipedia.org/wiki/African_diaspora

-----


Funny, I think of New Orleans

-----


Funny, I think of how I use social networking to talk to those I can't see, or I'm not around. The entire idea fits the term more than the term fits it. We are all seeking connectedness.

-----


To me, as a Jew, “Diaspora” just means “outside of Israel”. Of course Jews live in so many different countries outside of Israel because of our history of being persecuted, but when I first heard of the “Diaspora project” I did not have an immediate reaction of “what an offensive name”.

Your mileage, of course, may vary.

-----


I think a bigger problem might be that for the majority of people who use The Facebook, diaspora has absolutely no denotation. (And very little connotation).

Diaspora is at least an easy-grade SAT word.

Even for those of us who know the denotation, it gives absolutely no indicator as to what the product does. (It is instead a reference to how the product works... dispersed Facebook). From a marketing standpoint this is a problem.

Hopefully this will become 'the diaspora project', and they will come up with a new name for the actual results of it.

-----


that's what I felt as well ... diaspora usually happens when a people are kicked out of their land to roam the earth among other people. Not very positive as far as connotations go. But hey, let's see what they come up with.

-----


> For a lot of people

For New York Jews? You say it to me I think potato famines.

It's a fine, catchy name with some bite. Hopefully they don't trade it in for something dumb like folksr.

-----


When I first mentioned Diaspora to my Greek friend, the first thing he said was, "is it a social network for Greek people?"

-----


It's not that bad. It was a typo in a file template. Of course it's gonna propagate quickly.

-----


You're unfortunately right. I say unfortunate because I really, really like the name: it sounds good and conveys their mission very well, but ease of spelling is probably paramount.

-----


I'm not so sure about the name. I understand how it conveys their mission exactly and it does that really well: leave facebook(or twitter or wherever), come here. I can see how setting themselves up from word 1 as opposition to facebook has a huge amount of importance but what happens to that branding on the off chance they win?

(I know this is like planning where to put the swimming pool in your 1 bedroom apartment in the event that you win the lottery but I think the choice of name does/did have a lot to do with just how long the view of the founders was when they started.)

That said, it is currently my only quibble. I'm glad to see that things actually got done and out the door. It sure seems to have gone a lot better than anything I worked on this summer.

-----


A diaspora isn't just about leaving a place and going somewhere else; it means roughly "a scattering" in Greek and means that a group of people are leaving one central homeland and going all around the world. Even if they win, the distributed nature of their network makes the name perfect.

-----


I think the name is quite perfect, really. I can't think of any other single word that sums up what they're trying to do so well, at least not so evocatively.

The whole idea is to allow the Facebook-bound multitudes to leave that particular kingdom and spread -- along with their data -- across the Internet, as a decentralized system.

The name is therefore the goal, the intended result. It's a high bar, but it's an ambitious project.

-----


I dunno. Nintendo survived 'wii'.

-----


I've found multiple instances of text in more or less official places containing general English problems (spelling, grammar). I'm assuming for the time being it isn't due to outright lack of fluency in English, and so that leads me to think that they just aren't putting in the [little] extra effort to proofread before publishing. It's not that big a deal, but I think it would help for them to look more polished as far as official text goes.

-----


To the average person who hasn't encountered this word much, it is reminiscent of 'spores' and 'diarrhea'. Clearly, not the best branding.

-----


It's too hard to pronounce easily.

-----


Lol. If you are German, pronouncing this is no problem at all. I guess this will hold for a lot more languages, except maybe the English ;-)

-----


Sweet Jesus. Please publish a security reporting page at the earliest possible convenience, because this will have private info on it within a day from now, and that is a very bad idea right now.

-----


What? Correct me if I'm wrong, but it looks like they're just releasing the source code, not taking new users for "the" Diaspora or sharing access to any kind of central database of users. It's just a ruby web app you can download and run locally (or on a web server if you're that dumb...), right? And in that case, how is this any worse than the hundreds of other bits of (unsafe, untested) social networking code floating around the interwebs?

-----


how is this any worse than

... is a question which would be better to answer privately, to a security contact. Use your imagination as to what the email would likely say.

This may just be a difference of philosophy, but I don't think "It isn't really a release, so nobody would be stupid enough to actually run this on a publicly accessible server." After all, consumers of The New Hotness have a lot less incentive to think through the security implications of running it than the developers did. [Edit: And the developers apparently have a publicly accessible instance running. That decision is curious.]

This will be running in production today. If very bad things happen, the TechCrunch article about it will have Diaspora in the headline.

That is enough of an incentive to have a security page.

-----


Thanks for the response. I agree that a security page is a good, even necessary idea, it just doesn't strike me as a pressing emergency for them at the moment.

-----


They're currently getting coverage on the Guardian, BBC, etc, and will get it on the New York Times within 24 hours. That is about to create an emergency for them, because being the secure, privacy-aware alternative to Facebook gives people some expectations as to how the software will work. Many of those expectations match the designed behavior. None match the software as actually implemented.

They just did a media launch and they're in for their earliest users getting burned in a very painful, public manner. If this isn't an emergency, what does an emergency look like?

-----


There is no argument against having a policy for receiving, reviewing and patching security reports. It is that simple.

"hundreds of other bits of (unsafe, untested) social networking code floating around the interwebs" is not a benchmark that this project should aspire to.

-----


Well, there's at least one glaring security issue that should be obvious to any Rails developer.

-----


Did you remember to bring enough knowledge to share with the rest of the class? What glaring issue are you referring to?

-----


This is the problem with public disclosure: I could tell you, but it would practically write exploit code which you could point at any one of the "Try Diaspora now!" sites popping up and do very bad things.

Here, let me tell you what isn't a problem: you cannot type "system('rm -rf /')" into their username field on the signup form and wipe any machine with Diaspora installed because some idiot passed untrusted user input straight to exec. But if that were a problem, do you understand why mentioning publicly "Hey, the username field is passed straight to exec... that's sort of bad." is a bad idea? Because that lets any idiot immediately create wipe_arbitrary_diaspora_install.rb

There are several vulnerabilities in Diaspora right now. They allow very bad things. There are multiple public Diaspora installations. They are all vulnerable to very bad things.

I think releasing this was very, very premature.

-----


There is now a security email ID you can contact: exploits@joindiaspora.com

It's been added to the README at http://github.com/diaspora/diaspora

-----


Check your email.

-----


Well, I hope they do, and soon. Been reading the code, and it's.. not good :(

-----


It's interesting to see people on HN downvoting some for being responsible with information while upvoting those who advocate irresponsible disclosure.

-----


Trust me; this will not stop someone from using it.

And they will be the same person that complains really loudly when it goes wrong :)

-----


Because it raised $200,000 from random web benefactors. It has quite a bit more pull and expectation than those unwashed hundreds.

-----


If you're smart enough to get code from github working on your own box, paranoid enough to worry about facebook's control of your data and be interested in an alternative, and savvy enough to get wind of such an early release, I don't think you're going to put anything that sensitive in this network!

-----


They don't seem to be publicizing it, but there's a live version up at a subdomain of joindiaspora.com, which people are sharing on diaspora's facebook page. Won't link here because of the concerns above and because it's creaking under the load already.

-----


>PS:

>Feel free to try to get it running on your machines and use it, but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable. If you do find something, be sure to log it in our bugtracker, and we would love screenshots and browser info.

That seems to cover it, doesn't it?

-----


Security issues don't belong in a public bug tracker.

-----


In an established product, no. At this stage, I think keeping 'em public is a good idea.

-----


There exist publicly accessible Diaspora instances, and there will be more by the end of today. That was entirely predictable, since it has been marketed as the host-your-own federated Facebook. There is already someone on the mailing list asking how to let people use his from outside his university network, because they firewall non-80 ports. If he figures out how to configure thin, bad things happen.

Any disclosed vulnerability is an exploit roadmap for these public instances. Speaking generally, exploits of public web apps can sometimes be pretty severe. Yes, the software is immature, but is now immature and an attack vector.

-----


There's no marginal benefit beyond what putting a security warning message on the download page would get you. In fact, filing a public bug would probably be less effective in preventing harm than such a message would be. The marginal cost is significant.

There's actually more of a case for disclosing security bugs in established products if the vendor doesn't respond quickly enough. If people are relying on a product for critical uses, having information that lets them minimize their risk could be helpful. I don't see the benefit in this case.

-----


If it's true that for a social network to be successful it needs some quick growth at the beginning to have a critical mass, then Diaspora is in trouble. They're in trouble because they release non-usable alpha versions of their code, loose the buzz ("Diaspora released another version today, X works now, but it's still not good enough to replace Facebook."), and by the time they have a 1.0 version nobody's going to care.

I'm saying it might not make sense to develop software in an open-source manner whose existense relies of viral growth of users dependant on a one-off buzz generated when the 1.0 is released.

-----


thats a pretty big if, almost the entire customer development program is aimed towards proving that if isnt true

-----


What customer development program?

-----


Sorry, terrible wording, customer development process / methodology / idea etc.

-----


My question was, does Diaspora actually have such a process?

It seems to me their approach is to get power-users like HN folks on-board first. Conveniently, we are also the users who would run servers for our friends or do a startup that would do Diaspora hosting. But that's my point. If we keep seeing these alpha releases, it will loose the buzz, and it'll never reach critical mass / momentum. Eg. this release is so minimal, I really don't care. Tell me when it's 1.0.

-----


It's gonna be tough to do a Diaspora hosting startup with it being AGPL-licensed.

-----


Why? Look at Heroku; they us all off the shelf software for 90% of their components.

People will always pay for convenience.

-----


And in diaspora's case, customizations for your community.

-----


Firefox seems to have survived this — with targeted buzz on big launch days.

-----


Many of the exciting[1] new open source projects seem to have a huge focus on UX. I love this. Open source has always seemed to have a stigma of 'unusable' and these initiatives are really going against that notion. Diaspora, jQueryUI, SproutCore, Cappuccino..

[1] I use exciting not as personal excitement here but by the community excitement around these projects. Whether its press coverage, developer buy in or user elation.

-----


Here's a public server for trying it out: http://openspora.com/

Running stock Diaspora code, but it's got a LOT of problems (which is to be expected from pre-alpha software I suppose.)

-----


Yeah try password reset. Note that debugging is turned on. Show env dump. View various things like secret_token which are supposed to be secret. Lose.

-----


The Images aren't uploading, are you using heroku?

-----


Nope.

-----


who runs openspora.com?

-----


Github repo: http://github.com/diaspora/diaspora

Looks like they are using Ruby/Rails and MongoDB.

-----


Demo: http://tom.joindiaspora.com/ user: tom password: evankorth

-----


Seems very slow... Not loading for me.

-----


It looks like someone created an account named "Mark Suckerberg" and automated a posting flood repeating the text "I accidentally.. the whole economy".

Also, said account's avatar looks like some kinda of three-way orgy. Not investigating that image farther...

-----


...And that just happened to be the account you log in as. Changed the name and image. I'm sure someone will change it back.

-----


I've gotten in and things are loading, but slow. That the thing is still running at all seems nice given the ass-kicking I suspect their servers are likely receiving.

-----


Haha, I like that the last commit on most of those files are "Spell our own name right."

-----


I was kinda of expecting more with a funding, an office, and a semi large team.

I have personally been working with my co-founder with zero funding on a MMORPG social start-up that brings the best features of Facebook to another group of people. We have implemented real-time features through Erlang (including Chat and Streams), data collection/aggregation from games, and far more. (http://www.guildwork.com/blog/ if anyone is interested, its our public testing site, we have not launched). Anyway I guess my point was if 2 people with zero funding and no office can accomplish that, I certainly expected more from them. But to be fair we been killing ourselves slowly by working as hard as we do, maybe they took a relaxing approach. =P

Also for something that is meant to be distributed Rails does not seem like a very good choice.

Just my 2 cents, hopefully open sourcing it will pick things up.

-----


Agreed. The UI isn't even that good. They paid a company to tell them to copy Facebook, but ghettoed it. The funding definitely went to people who were not ready for this. They had 4 developers on this, you'd expect more polish. Just feels like a regular crud app with flash sockets, won't work iPhone/iPad without a lot of tinkering. Am I being too harsh?

-----


I agree with your criticism from a quick look.

That being said, I have no skills to bother taking a look under the hood. Could be they've done some impressive stuff underneath, and it will manifest over time?

-----


If you aren't familiar with "The Mythical Man Month", you should probably acquaint yourself with it.

-----


In my perspective I was leaning more toward having funding for a designer (I assume they paid 10k for http://luxr.posterous.com/ or got it free). I am not a designer, but since we have not hired one, I am the one doing the designing and ending up spending more time then I should and hating what I come up with. I am also the main engineer on our project so thats time I could be putting to making code/features better.

Money and more help can solve some problems.

-----


Why you didn't take a third partner?

I think a designer=that-can-code or a developer-that-can-design make things happen faster.

-----


I would love to have a third partner. But finding a designers/developers who love MMOs and live in Los Angeles proved to be kind of hard.

-----


Good job on the cool stack checklist: Rails 3 (check), Haml generated HTML5 (check), nicely laid out Rails app (check), uses MongoDB (check).

As long as I am praising, I'll add a thumbs up for using AGPL: IMHO a very good license choice.

-----


BTW, from just grabbing the code, it looks like: use Ruby 1.8.7, not 1.9.2, have a local mongod running, bundle install, bundle exec thin start. Looks nice.

-----


Also, need to: rake db:seed:tom Then login: tom passwd: evankorth

App really looks nice so far.

-----


It looks surprisingly advanced, from a screenshot perspective - more than I admit I would have given them credit for.

Is there additional insight into what "aspects" are, though? It confuses me - will it confuse an ordinary user?

-----


"Is there additional insight into what "aspects" are, though? It confuses me - will it confuse an ordinary user?"

This is a pet peeve of mine, using extremely generic words to describe an important part of what you are working on. "Object Oriented Programming" got away with it, but that is aimed squarely at developers. I don't think you want words like "aspect" in front of actual users.

I've noticed this a lot in academic research, also. I lost track of how many different ways I saw the word "feature" overloaded in different fields.

-----


I'm guessing they should have just called aspects "groups".

From what I can tell, they are just groups of users which you can publish particular content/updates to.

-----


Would that be confusing to use that terminology since groups was recently a staple of facebook with a very different meaning?

-----


Agreed. "Groups" or "Circles".

-----


I think they are supposed to represent 'aspects' of your life.

-----


maybe they're streams

-----


double rainbows

-----


When you make a new account you get "home" and "work" aspects, which you can add people to individually. That actually goes a long way to making it clear.

-----


Perhaps friend lists

-----


And perhaps the initial aspect names and all other strings should not be hard coded in English into the product. Yes, it is pre-alpha, but it will be a pain later to replace all strings with the #t helper and keywords.

-----


I'm sorry, but for $200k+ funding you need to do more to impress me than throwing a bunch of gems together and putting it on MongoDB.

I like the minimalist design, though.

-----


it's not like 200K has gone into what they're releasing now. 200K needs to last them for a while :)

in my book, it takes balls to release something this early. so, kudo's to them.

-----


Don't understand the down voting - for the crowd's investment its arguably all they've done. They did just start however. Releasing at all is more than most expected on their blogs.

-----


They didn't ask for $200k+, and I'm sure they're figuring out how to spend the money as they go.

-----


I don't want to be that guy, but this looks a lot like Virb from a few years ago (http://static.arstechnica.com/VirbActivity.jpg).

Good on them though for releasing! This looks like a solid effort. I wish them the best. :-)

-----


I'm kinda over this. Where's Diaspora Instant?!

-----


first time I ever saw a "-4" comment and laughed out loud

-----


I don't think there's even a Diaspora search. How do you find people?

-----


on facebook

;)

-----


It seems to be AGPL licensed. I'm wondering how that will affect adoption.

-----


I think that since the community funded this project that the code should have a more liberal license so that the community can do what they want with it.

The project also depends on MongoDB, which is also AGPL licensed, which raises the question of if paid hosting of a diaspora instance is 'commercial' and if it requires a MongoDB license from 10gen, I would think that it does.

They should BSD/MIT license their own code, and build more storage options outside of MongoDB. I am surprised that donors didn't insist on a license as part of the kickstart funding.

-----


Only the MongoDB server is AGPL licensed, all of the official clients are Apache licensed; you're free to use mongo for commercial hosted services without getting a commercial license from 10gen provided that you publicly release any changes that you make to the server codebase - you're never required to release the code of your actual application (provided that you're using one of the official clients).

-----


The AGPL (like the GPL) does not allow adding more restrictions. You do not need any further license to use AGPL licensed code in a commercial product, you just have to abide by the license terms of the AGPL.

I assume the 10gen commercial license allows you avoid having to provide source code for your product to your users. (but the mongodb website isn't clear about that).

-----


We try to be very clear about licensing: http://www.mongodb.org/display/DOCS/Licensing. Please let us know if there is something on that page that needs clarification.

I would like to make it clear that users of MongoDB don't need to opensource their product, only their changes (if any) to the MongoDB server itself. The commercial license is mostly for companies that have strict (if misguided) "no AGPL" policies. Most users do not need it.

-----


What problem would a paid diaspora host have in releasing the source code of diaspora itself.

AFAIK AGPL does not stop anyone from making money. It just stops taking others work as the base and building closed enhancements on top of it.

-----


You can always use something like MongoHQ, they've already paid the commercial license and 16MB is plenty for mucking about on your own.

-----


MongoHQ and other companies providing commercial hosting of MongoDB only need a commercial license if they modify the server and don't contribute back. We want to encourage hosting providers which is why we don't require buying a special license.

-----


Damn, I was all excited until I saw that. I think it will probably stifle the spread of Diaspora after the initial excitement dies off. For example, it would make it difficult to run a server with a different theme/UI and custom modifications (maybe some that would help pay for the costs of running the server), and it seems like it would limit Diaspora server ownership to solo techie enthusiasts (maybe with friends and family but no serious mass adoption).

I'm all for free software and all that, and GPL is great for infrastructure software like web servers and databases, but I think a BSD license would probably work better overall for Diaspora adoption and for encouraging more serious developers to work on it.

-----


I think CDDL would potentially be a better license. That would force returns on existing files in the project (keeping it from going closed), but if you have your own changes outside of those files, you should be OK (allowing you to commercialize your enhancements).

-----


There are a bunch of open source social networking projects out there. One is Appleseed, which has been in active development since 2004, open source since 2005, and has had four releases in the past 3 months.

http://opensource.appleseedproject.org

For all the attention Diaspora is getting, the other projects will be usable by average users way before they will.

-----


there was something called "AroundMe" which was at first the usual walled-garden social network software. But then they changed their philosophy to make it like what Disapora is now. I guess it started sometime in 2005. I edited the older version of their software to setup my own social network.

http://www.barnraiser.org/aroundme

Runs on php and mysql.

I did checkout AppleSeed longtime back version 0.2 or 0.3 (on savannah i guess). Clean code.

Barnraiser's AroundMe has plugin functionality built in. It's not the facebook-type third-party app API. So don't get me wrong.

-----


What Diaspora really needs now is some startup, some well-known developers, or the Diaspora crew themselves to stand up and say "Okay, now we're going to use this framework to build a very real social network." Until then, it's just some people building out some cool ideas. Don't get me wrong, that's great; it's just hard to rally around it without getting something concrete behind it.

-----


I'm not sure what the end product will look like or what the functionality will be, but when I think of "distributed social network" I'd like to see something like a HN node, a reddit node, a Digg node, a Slashdot node, etc., where they all communicate with each other and aggregate updates from all those platforms, so that if I make a comment or submit a story on one site, it shows up on the "social network" part of my profile across every other site. A bit like FriendFeed, I suppose. If large sites adopted it in that way, it could certainly become a "very real social network."

-----


With the distributed instances, the focus on data portability, and open source nature of Diaspora one real use case that comes to mind is:

- Diaspora would make a "social" add on to other sites, ie, just one component of larger specialized sites.

Rather than creating "plug ins" for Diaspora, Diaspora becomes a plugin itself.

It will be interesting to see how it evolves.

-----


I would like to see (and if I get the time, or a client who needs it I will look into creating) a dispora plugin for wordpress, as opposed to that dreaded buddypress. It (to me) would have the same appeal as disqus etc with you being able to use the same account to connect across the web, with different "seeds".

-----


What's wrong with Buddypress? Never heard a bad word about it myself. Haven't used it either, though.

-----


I'm working on that ;-)

-----


They are building social networking software which means that at some point the goal will need to be to get everyone and their mother on board. Because they built the app on Rails, they are now facing an uphill battle with distribution as there are not a lot of places that you can easily setup a Rails site.

I love Rails but for this type of app, it might have helped them gain traction faster if it was built on PHP, or was even just a massive plugin for WordPress.

Now if a lot of people really seem to love Diaspora and demand for Rails hosting increases dramatically, I'm sure hosting providers will take note and increase their commitment to Rails. That would be an ideal situation, but not a likely outcome.

-----


> I love Rails but for this type of app, it might have helped them gain traction faster if it was built on PHP, or was even just a massive plugin for WordPress.

This is one thing I hope they get right: it's the right thing to do to focus on a first implementation, but in the end what is more important is the protocol that emerges from that. If the underlying protocol is solid then you will get independent people writing ports of it to every language under the sun in no time. On the other hand if the underlying protocols are either flimsy or technology dependent (specific to ruby or some other part of their stack) then it's going to really limit how much this can spread and how much involvement they get.

-----


I'm dealing with this right now, as I'm pretty interested in Diaspora's architecture. Since Fedora (13) ships with Ruby 1.8.6, it looks like I'll be building a standalone version of ruby just for this (requires Rails 3, released a couple of weeks ago, which in turn requires ruby >= 1.8.7).

Rails is a perfectly good target for this, IMHO; I'm a Python guy and would have preferred Django, but that's a bikeshed as far as I'm concerned. And, for a dev release, depending on a just-released version of a major framework isn't a huge deal, as long as they understand that it's going to be a barrier to entry for quite a few people until distributions have caught up.

-----


It only took me 10 or 12 minutes to get it set up and running, but I already had a mongod running on my laptop and all 5 popular rubies installed with rvm (with most gems already installed). Still, follow the readme file, and it is fairly easy.

-----


I abandoned it at the point I was going to have to globally install specific versions of stuff from source. There might be ways to avoid that but as a ruby n00b I don't know them.

-----


Use RVM. http://rvm.beginrescueend.com

-----


i don't think the end goal is to get everyone to be running their own server. the data will be distributed among many different servers but surely there will be providers that come along to host data for large groups of people.

-----


Sure, the goal might be to have everyone on own installation of it but it would be a reasonable expectation that a lot of people would want their own installation (as demonstrated by WordPress.org's bazillion downloads per micro-second) since part of the promise is owning your own data.

-----


Interestingly enough, I thought they WERE going to use PHP at first.

Something to note about the choice of Rails though is that you now have options like insta-deploy Railsmachine/Heroku type providers for this. Not them specifically mind you.

-----


Not really. This can be potentially converted into a one-click Heroku deploy.

-----


I think the obvious answer to this is a pre-built, deployable VM, something that you can fire up with an EC2 instance. Thus you don't need traditional hosting, and can get going straight away.

-----


Someone already built this: http://csinsider.homeip.net/config/mchrisco/diaspora/diaspor...

Torrent here: http://burnbit.com/torrent/154764/diaspora_alpha_iso

-----


Completely agree with you. I was expecting to be able to throw it up on a random shared host, now this won't be possible.

Oh well hopefully it will work on Heroku.

-----


With such cheap VPSes, do people still use shared hosting nowadays?

-----


I paid $9/yr. for my WordPress shared hosting. Unfortunately that plan is going away this year. VPSes seem to start at $20/mo.

I'll probably move my blog to wordpress.com hosting and then try a combination of Heroku and Amazon EC2 micros for my app prototyping.

-----


You can get a vps at intovps.com for $10 a month, I'm not affiliated with them in anyway just a happy customer

-----


thrustvps.com is great, I paid 50$ for a year with a 512Mb RAM, 15GB Disk Space + 1TB Transfer per month VPS.

-----


yeah but the support isn't that great, that is where you suffer. They were really sluggish so I moved everything over to http://www.pacifichost.com and despite the cost they have been really great

-----


The fact that they are using rails demonstrates more newbie-style cluelessness, to me. Not even remotely a good choice. But, the sort of things 4 guys fresh out of college with no experience would think was the obvious choice.

-----


For some reason I thought that development was being done in php.

Other than that I'm somewhat dismayed that their open source release isn't actually running on some site and says run at your own risk due to security issues. Edit: (Looks like there is a demo in the comments here but not open to sign up)

Hopefully development continues quick enough that it escapes into the public before the tech hype is gone.

-----


I also thought it was going to be in PHP - they definitely mentioned that at some point, but once I saw their website was written in Ruby, I suspected they might be moving in a different direction...

Good to see they hit their release date, and I look forward to messing around with it, even though I know more PHP than Ruby ;)

-----


Appleseed and Elgg are both in PHP, if you're looking to help out with an open source social networking project.

-----


I've installed and played with both, but I'm still not sure how things will develop if social networks become more "distributed." Ideally, in my opinion, sites sould be able to run any social software, whether Appleseed, Elgg, or Diaspora, and they could all interconnect and push updates to each other, somewhat similar to the many available options for blogging software all syndicating via RSS. I'm glad that there has been so much interest and publicity surrounding Diaspora, since it will benefit this new type of social networking and help it grow, now matter what platform or language each client is built on!

-----


I just patched Diaspora to work on Heroku, if anyone wants to do that: http://github.com/jarinudom/diaspora/

I submitted a pull request but I think they are asleep :)

-----


Had a 5 minute glance at the code. I don't think they realise that `self` is the default receiver in Ruby, judging by how many times I saw it used superfluously.

Anyway, kudos to them for actually releasing some code. I would like to contribute, does anyone know if they are accepting patches?

-----


Some people like to use explicit self to differentiate methods from local variables. Also, there are consistency issues. Explicit self is required for attribute writers and implicit self can call private methods on parent classes. Personally, I'm not a big fan of implicit self.

-----


As far as I know they're accepting patches through github - fork away :)

-----


It may be superfluous technically, but it could be coding standard on their part to eliminate any confusion. It's not that far of a stretch.

-----


I wonder how hard it would be to get running on a small heroku instance just for fun...

-----


EDIT: Upon further investigation, I've found that one dyno is not enough to run Diaspora on Heroku. You'll quickly start filling up your request queue and it will slow down to a crawl.

It works.

  heroku addons:add mongohq:free
Then apply this patch to make Diaspora use the correct Mongo server and database: http://gist.github.com/581833

-----


You also need to change the Carrierwave config to use S3 instead of local storage.

-----


Well I believe heroku includes ImageMagick by default, so it seems the only dependency would by MongoDB. Has anyone ever used the MongoHQ add-on? http://addons.heroku.com/mongohq

-----


It's funny, since hearing about Diaspora I understood it as your own portable web app that people run on something like Heroku for non-developers.

-----


You may be on to something there.

-----


Yep. It's easy to get started. I wrote a lightweight logging system on top of it before I switched to logworm.

-----


I am currently using it for the Hackety Hack site. It's pretty easy to use, check it out:

http://github.com/hacketyhack/hackety-hack.com/blob/master/c...

-----


Mongodb is an interesting choice. I haven't used Mongodb, so I might be misunderstanding a design decision made by the Mongodb developers, but isn't it possible to get into a situation with Mongodb where the writes are delayed and, as a result, new records (documents) added to a database might not show-up on the following reads (so a user might post a status update, but then he/she might not see it added to his/her status updates page when the pages reloads). Or perhaps the Diaspora developers decided to commit writes to the disk immediately at the cost of performance? Just curious.

-----


With a distributed social network, I'd imagine that it's okay if data is a second or two out of date, so it should be cool.

> but then he/she might not see it added to his/her status updates page when the pages reload

Even if it were to happen, you're assuming a page loads when they make a comment. ;) This shouldn't happen until there are extremely high loads, but even then, just don't make the comment box reload the page, insert the comment into the DOM, and make your POST with AJAX. ;)

-----


What's up with their contributor agreement?

https://spreadsheets.google.com/a/joindiaspora.com/viewform?...

That seems pretty wacky. The patent section in particular seems random and unrelated.

-----


Interesting to see it released under GPL3(+). Looks like they want any distributed modifications going back to the community.

-----


Looks ok, not as good as I was hoping (though I realise they are working on back end stuff).

Fancy front end things, though, are just overkill at this point. Next they must nail the interface or people will not use it. Random example; "all aspects" needs to change to something else (or they need to aggressively teach people what an aspect is).

-----


If possible, I want to start a project/patch to do full-screen photo slideshows (a la flickr).

I may try setting it up if I have a chance, I'm assuming the packaging of it all will take time before it becomes something a layperson can just run on an extra windows machine.

-----


are diaspora guys on HN ?

-----


I've been following this project for a while - these guys are from my school :)

Very awesome to see a bunch of undergrad guys come up with this project. I'm still amazed at the PR they got at the time.

I'm also kind of working on my own thing ... http://myownstream.com

If you set out to make a private social network, though, it's not that easy. Now, instead of trusting facebook, you'll have to trust ALL of your friends' hosting providers. For example, with diaspora, someone at mediatemple can in principle peek at the contact details you have synced with any of your friends. How is that any more secure?

What this is, is decentralized. Which is still really cool!

-----


You are right about having to trust too many different hosting companies or people who install it and make it public, but there should be a way to tunnel directly through to another user with everything in the middle just seeing an encrypted data stream.

However, how about a simpler scenario: you set up on one of your servers and only invite your family to join. Another instance for a club, etc. Have a very easy export/import mechanism to push material in your account in one group to another, under your control.

-----


Their app is running on someone's hosted server. You can of course have complete security BETWEEN servers (as these guys say "PGP for you privacy nerds") but ... you still have to trust everyone's hosting company.

A single hosting company hosting 1000 diaspora accounts can compromise details of 127,000 accounts, if each diaspora user has 127 friends on average.

As far as setting up social networks on a server, there are plenty of those ... dolphin, elgg ... and they are quite good. If you want it to be decentralized nodes, you are stuck trusting everyone's hosting providers to not peek at the data you are sharing. Which imho is worse than trusting only facebook in terms of privacy.

On the other hand in terms of everything else, decentralization is a huge WIN! Such as scaling and uptime.

-----


If you're building something you expect people to be able to install themselves, surely your #1 priority would be to not build dependencies that regular hosting can't provide.

-----


You can access the demo version http://trydiaspora.com/ , my user is g@trydiaspora.com

-----


Given that "Anyone who would letterspace lowercase would steal sheep" -- that font style is not a good sign in a security product ;-)

-----


Can anyone explain to me what an "aspect" is?

-----


It seems to be just like a 'group,' or an 'interest.' An 'aspect' of your personality that you'd like to share with others.

-----


That's a really good idea. I post stuff to Facebook all the time about college football, but I know a lot of peole don't care about that and just want the baby pictures... and vice versa.

-----


i don't understand their vision and sifting through their blog posts and faq for 5-10 minutes did not teach me.

can anyone articulate it?

-----


http://vimeo.com/11099292

-----




Applications are open for YC Summer 2015

Guidelines | FAQ | Support | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: