I think it speaks to the support network available for entrepreneurs in NYC. Charlie O'Donnell of First Round kicked it off, from what I recall, with this post advising Diaspora on how to make it through the immediate chaos and get to building. Many people spoke up via blog posts and tweets to suggest simply getting to work as quickly as possible and to not set the vision too high yet.
Actually Diaspora hasn't spent any of their money with us, (us = Pivotal,) we're just giving them space to work in, and occasional advice when they ask for it. It's been fun to have them around, and we're glad they're open-sourcing and getting feedback like this.
That's for super-power-users, maybe in 5 years for advanced users. If you attempt to do this with either unsupported browser or on unsupported website your browser will act very non-userfriendly, like by opening dropped file. Because of this it would be foolish and dangerous to even inform the vast majority of users of this feature.
From my observation their UI is just copied Facebook UI. And my issue with this is not lack of originality. Rather it's the fact that people will now compare Diaspora functionality with that of Facebook. Furthermore anything working differently will lead to frustration, as certain behaviors are expected.
Perhaps, but I'm not convinced. If you are going to have similar features and interface your only advantage left is The Fear of Privacy. And frankly, it's getting a bit old. It's the Facebook and Google that will change people's expectations and habits. You can create something that will work better but I see it as those auto-destructing emails. No privacy is better than false privacy.
drag and drop uploading is like 10 lines of code for the usual suspects.
Not taking anything away from the diaspora guys, I havent tried the application, just mentioning in case anyone thought drag and drop was too much of a hassle to add to their app, it can be done in a few minutes.
There is this famous story about a consultant who is called in to find the error in an expensive machine. After a while he marks a place on the machine with a cross. The bill is 100000$: 0.01 for the chalk used to make the cross, 99,999.99$ for "knowing where to put it".
The story is Tesla visiting Henry Ford to fix some electric motors he had on his production line. The amount of the bill was $10,010. Ford called him up later to ask why ten thousand and ten, when Tesla quipped the famous quote ($10 for the chalk, $10,000 because I knew where to put it).
What? Correct me if I'm wrong, but it looks like they're just releasing the source code, not taking new users for "the" Diaspora or sharing access to any kind of central database of users. It's just a ruby web app you can download and run locally (or on a web server if you're that dumb...), right? And in that case, how is this any worse than the hundreds of other bits of (unsafe, untested) social networking code floating around the interwebs?
... is a question which would be better to answer privately, to a security contact. Use your imagination as to what the email would likely say.
This may just be a difference of philosophy, but I don't think "It isn't really a release, so nobody would be stupid enough to actually run this on a publicly accessible server." After all, consumers of The New Hotness have a lot less incentive to think through the security implications of running it than the developers did. [Edit: And the developers apparently have a publicly accessible instance running. That decision is curious.]
This will be running in production today. If very bad things happen, the TechCrunch article about it will have Diaspora in the headline.
That is enough of an incentive to have a security page.
They're currently getting coverage on the Guardian, BBC, etc, and will get it on the New York Times within 24 hours. That is about to create an emergency for them, because being the secure, privacy-aware alternative to Facebook gives people some expectations as to how the software will work. Many of those expectations match the designed behavior. None match the software as actually implemented.
They just did a media launch and they're in for their earliest users getting burned in a very painful, public manner. If this isn't an emergency, what does an emergency look like?
This is the problem with public disclosure: I could tell you, but it would practically write exploit code which you could point at any one of the "Try Diaspora now!" sites popping up and do very bad things.
Here, let me tell you what isn't a problem: you cannot type "system('rm -rf /')" into their username field on the signup form and wipe any machine with Diaspora installed because some idiot passed untrusted user input straight to exec. But if that were a problem, do you understand why mentioning publicly "Hey, the username field is passed straight to exec... that's sort of bad." is a bad idea? Because that lets any idiot immediately create wipe_arbitrary_diaspora_install.rb
There are several vulnerabilities in Diaspora right now. They allow very bad things. There are multiple public Diaspora installations. They are all vulnerable to very bad things.
If you're smart enough to get code from github working on your own box, paranoid enough to worry about facebook's control of your data and be interested in an alternative, and savvy enough to get wind of such an early release, I don't think you're going to put anything that sensitive in this network!
They don't seem to be publicizing it, but there's a live version up at a subdomain of joindiaspora.com, which people are sharing on diaspora's facebook page. Won't link here because of the concerns above and because it's creaking under the load already.
>Feel free to try to get it running on your machines and use it, but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable. If you do find something, be sure to log it in our bugtracker, and we would love screenshots and browser info.
There exist publicly accessible Diaspora instances, and there will be more by the end of today. That was entirely predictable, since it has been marketed as the host-your-own federated Facebook. There is already someone on the mailing list asking how to let people use his from outside his university network, because they firewall non-80 ports. If he figures out how to configure thin, bad things happen.
Any disclosed vulnerability is an exploit roadmap for these public instances. Speaking generally, exploits of public web apps can sometimes be pretty severe. Yes, the software is immature, but is now immature and an attack vector.
There's no marginal benefit beyond what putting a security warning message on the download page would get you. In fact, filing a public bug would probably be less effective in preventing harm than such a message would be. The marginal cost is significant.
There's actually more of a case for disclosing security bugs in established products if the vendor doesn't respond quickly enough. If people are relying on a product for critical uses, having information that lets them minimize their risk could be helpful. I don't see the benefit in this case.
The name reminds me of the holocaust. It doesn't help that the color theme of the app evokes Schindler's List.
You can bet for most non-US people that 'diaspora' reminds them of some sort of persecution their people have faced. It is also a word that is used in a lot of languages, I have friends who are Russian, Ukranian, Serbian, Lebanese, Armenian, Jordanian etc. who all refer to themselves being in the 'diaspora' (ie. persecuted people who left their homeland and are now living in the west)
actually, for most south asians, the "diaspora" just refers to the extended south asian community who have moved to the west in search of better jobs etc. there are no negative connotations to the term.
To me, as a Jew, “Diaspora” just means “outside of Israel”. Of course Jews live in so many different countries outside of Israel because of our history of being persecuted, but when I first heard of the “Diaspora project” I did not have an immediate reaction of “what an offensive name”.
It's like at my work when I proposed that we could get some benefit from an "interim solution" until we could finish up what we were planning. Of course people started (innocently, ignorantly) calling the original plan the "final solution". Always made me cringe.
You either work with uneducated simpletons, or closet nazis and crypto-fascists. There is just no way anybody with a modicum of culture would hear "final solution" and not cringe, much less use the phrase passively in everyday non-historic conversation.
I think a bigger problem might be that for the majority of people who use The Facebook, diaspora has absolutely no denotation. (And very little connotation).
Diaspora is at least an easy-grade SAT word.
Even for those of us who know the denotation, it gives absolutely no indicator as to what the product does. (It is instead a reference to how the product works... dispersed Facebook). From a marketing standpoint this is a problem.
Hopefully this will become 'the diaspora project', and they will come up with a new name for the actual results of it.
that's what I felt as well ... diaspora usually happens when a people are kicked out of their land to roam the earth among other people. Not very positive as far as connotations go. But hey, let's see what they come up with.
I'm not so sure about the name. I understand how it conveys their mission exactly and it does that really well: leave facebook(or twitter or wherever), come here. I can see how setting themselves up from word 1 as opposition to facebook has a huge amount of importance but what happens to that branding on the off chance they win?
(I know this is like planning where to put the swimming pool in your 1 bedroom apartment in the event that you win the lottery but I think the choice of name does/did have a lot to do with just how long the view of the founders was when they started.)
That said, it is currently my only quibble. I'm glad to see that things actually got done and out the door. It sure seems to have gone a lot better than anything I worked on this summer.
A diaspora isn't just about leaving a place and going somewhere else; it means roughly "a scattering" in Greek and means that a group of people are leaving one central homeland and going all around the world. Even if they win, the distributed nature of their network makes the name perfect.
I've found multiple instances of text in more or less official places containing general English problems (spelling, grammar). I'm assuming for the time being it isn't due to outright lack of fluency in English, and so that leads me to think that they just aren't putting in the [little] extra effort to proofread before publishing. It's not that big a deal, but I think it would help for them to look more polished as far as official text goes.
Many of the exciting new open source projects seem to have a huge focus on UX. I love this. Open source has always seemed to have a stigma of 'unusable' and these initiatives are really going against that notion. Diaspora, jQueryUI, SproutCore, Cappuccino..
 I use exciting not as personal excitement here but by the community excitement around these projects. Whether its press coverage, developer buy in or user elation.
If it's true that for a social network to be successful it needs some quick growth at the beginning to have a critical mass, then Diaspora is in trouble. They're in trouble because they release non-usable alpha versions of their code, loose the buzz ("Diaspora released another version today, X works now, but it's still not good enough to replace Facebook."), and by the time they have a 1.0 version nobody's going to care.
I'm saying it might not make sense to develop software in an open-source manner whose existense relies of viral growth of users dependant on a one-off buzz generated when the 1.0 is released.
My question was, does Diaspora actually have such a process?
It seems to me their approach is to get power-users like HN folks on-board first. Conveniently, we are also the users who would run servers for our friends or do a startup that would do Diaspora hosting. But that's my point. If we keep seeing these alpha releases, it will loose the buzz, and it'll never reach critical mass / momentum. Eg. this release is so minimal, I really don't care. Tell me when it's 1.0.
What Diaspora really needs now is some startup, some well-known developers, or the Diaspora crew themselves to stand up and say "Okay, now we're going to use this framework to build a very real social network." Until then, it's just some people building out some cool ideas. Don't get me wrong, that's great; it's just hard to rally around it without getting something concrete behind it.
I'm not sure what the end product will look like or what the functionality will be, but when I think of "distributed social network" I'd like to see something like a HN node, a reddit node, a Digg node, a Slashdot node, etc., where they all communicate with each other and aggregate updates from all those platforms, so that if I make a comment or submit a story on one site, it shows up on the "social network" part of my profile across every other site. A bit like FriendFeed, I suppose. If large sites adopted it in that way, it could certainly become a "very real social network."
I would like to see (and if I get the time, or a client who needs it I will look into creating) a dispora plugin for wordpress, as opposed to that dreaded buddypress. It (to me) would have the same appeal as disqus etc with you being able to use the same account to connect across the web, with different "seeds".
I'm really disappointed to see that the team has decided that instead of learning about an existing standard (XMPP) which fits the purpose perfectly, they've decided to begin defining their own protocol, which will go down the same path but with less rigour and a whole lot of wasted time. Eventually it will have to be trashed in favour of something more robust.
If that's what they've spent the last three months working on, they've had some bad advice. I thought Pivotal were all about "just get the damn thing done" and so would have encouraged them not to waste their time.
We are indeed all about being pragmatic. I think a lot of our pragmatism has rubbed off on the Diaspora folks, but do keep in mind that we're not really advising them in any formal capacity. (Other than the occasional conversation over breakfast, or when they ask about ideas.) I'm sure if you asked them about their choices, they'd be very happy to take in new ideas. Not to speak for them, but I think they're just trying to get a concept out and iterate on it. I think Ship it Squirrel would approve.
They actually explicitly dismissed XMPP (see the comment on this video from them: http://vimeo.com/13026173). They were also approached by the onesocialweb.org team to work together and also dismissed the invite.
It seems however that they plan to align with the ostatus.org protocol, but so far no documentation of their architecture and protocol has been delivered. In Ostatus, the server-server messaging is HTTP based and using the PubSubHubBub and Salmon protocols.
A video demo of "hey look, click here and something happens over there!" is all well and good for impressing your mother, but not entirely useful looking forward. They've mentioned concerns with horizontal scaling and yet they don't consider the obvious option - Erlang.
In their presentation for Pivotal's Tech Talks series, they dismissed XMPP on the basis of not wanting to learn about it(!). Their dismissal of onesocialweb seems inappropriate on technical grounds. Also, HTTP is not the be-all and end-all. Not everything has to be shoehorned onto HTTP...
i really wonder how long the "community" is going to humour these developers. it's really about time we realize that a bunch of people got tricked into giving some students a bunch of money to hack on a fun project over the summer because they were led to believe that it would be something more than it ever was going to be. they failed to produce anything useful, or even a good starting point for a larger project. they have made poor decisions, have been far-from-transparent, and i don't see how anyone in their right mind would want to hop on board and commit a bunch of their time to this project.
is it just the publicity? how long can everyone ride that, and why would anyone with a clue think that's a worthwhile endeavour.
i've read through the developer mailing list and it's a bunch of arguments that essentially boil down to opinions about what this project "should be", and technical discussions by admitted non-experts about topics that are extremely fundamental to the success of this project. with 200K, and a boatload of exposure, they could have spent the summer consulting with experts, planning a viable solution. but they didn't (nor did they ever imply that they would, so no surprise here). i don't mean to sound elitist, but a viable global social networking platform should probably be designed by experts.
i'm not trolling, i'm hoping that people will read this and go "oh yeah, maybe my time could be better spent on other projects", instead of blazing onwards without looking at the big picture.
"Is there additional insight into what "aspects" are, though? It confuses me - will it confuse an ordinary user?"
This is a pet peeve of mine, using extremely generic words to describe an important part of what you are working on. "Object Oriented Programming" got away with it, but that is aimed squarely at developers. I don't think you want words like "aspect" in front of actual users.
I've noticed this a lot in academic research, also. I lost track of how many different ways I saw the word "feature" overloaded in different fields.
And perhaps the initial aspect names and all other strings should not be hard coded in English into the product. Yes, it is pre-alpha, but it will be a pain later to replace all strings with the #t helper and keywords.