Thoughts on Diaspora and Distributed Social Networks

Networking socially with a handshakeLike many people, I read about Diaspora a while back and thought it was a great idea.  It’s one of the few open-source projects I could see myself contributing to.  Unfortunately, it’s not “open” in the sense that the technical architecture is open to discussion – it will only become open after they define the architecture, good, bad or indifferent*.  So, as any programmer would, I thought, “Okay, I have some ideas on this, so if they don’t want my help, I’ll just write my own distributed social network.  How hard could it be?”

Pretty hard, as it turns out.  But a lot of other people have thought about this too, and many of the building blocks for a distributed social network are already out thereOpenID is a convenient standard for universal identities that is already supported by many big-name companies (even the U.S. government is looking at it), and WebFinger is a promising standard for mapping easy-to-remember email addresses to metadata (such as an OpenID provider).  Atom, Activity Streams and PubSubHubbub can handle most, if not all of the content distribution among servers.

As a side note, OStatus has been mentioned by Diaspora as a standard they wish to implement, however as I peruse the OStatus specification, it appears to be more of a model for a Twitter-style (follow) architecture than a Facebook-style (friend) architecture.  It does nothing to address what I believe is the biggest missing piece, described below.

On the browser side, Diaspora is using something called WebSockets to push real-time notifications to the user’s browser, but I’m not sure that’s a wise move since currently only a couple of browsers supports it.  For the time being, some other push method seems like a good idea.  In any case, that’s not the most pressing problem for a social network.

In my opinion, the biggest missing piece in the distributed social network puzzle is the mutual authorization required to protect private content from strangers, while allowing approved friends to see it.  There is no open protocol (that I know of) for person A on server X to become “friends” with person B on server Y.  That problem might be easier to solve if we could assume both servers were running the same software (eg. Facebook), but what if server X is running a homegrown PHP app on Linux while server Y is running a totally different ASP.NET app on Windows?

It boils down to finding a lightweight protocol for authenticating both ends of the communication channel between one social server and another (aka. mutual authentication), in a way that is relatively easy to implement on any shared web host.  (Authenticating from a user’s browser to the server is another matter, and in my opinion handled by OpenID.)  That is, ensuring that a request to view the private content of person B is really coming from person A via. server X, and not some hacker or a search bot or a man-in-the-middle attack.  (I make the assumption that in a distributed social network, users will only be communicating directly with their own server, as shown below, and not with their friend’s server.)

Server X —— Server Y
   |               |
Browser         Browser
Person A        Person B

Mutual authentication of HTTP traffic is usually only done in enterprise situations with pricey, proprietary solutions.  As far as I know, there aren’t any open standards that would be feasible for this kind of situation.

I’ll be curious to see how Diaspora addresses this issue, but I suspect they’ll be focusing on other things.

* My sense is that Diaspora is more of a branding and marketing effort than a technical effort.  They have created a sort of mythical image of four kids taking on Facebook, and they present themselves almost like a garage band.  That kind of “rock star” programmer image was ubiquitous in the mid-1980s, but can it still work in 2010?  Who knows.  In any case, they have essentially stated that their goal is to get something out quick and dirty, and worry about the “implementation details” later, which is clearly a business-driven goal.  (Incidentally, that’s exactly how Facebook started, too.)

Political Blogging Blues

Bored PuppySemi-recent posts by F.T. Rea and Vivian Paige about political blogging got me thinking about my own lack of interest in politics lately.  I don’t consider myself a “political blogger” in the accepted sense, but I certainly fall into the category of people that are less interested in politics this year.

One possible reason is a sense of completion.  I started writing about politics essentially to learn about politics – to become a more informed citizen.  And lo these many years later, I feel like I’ve learned everything I need to know.  Which is, in a nutshell:  It’s all lies and obfuscation. :)  I don’t think that’s the main reason, though.

Mainly I think it’s the tedium that comes from repeating the same thing over and over again.  I still feel a certain responsibility to try to educate passersby about all the lies and obfuscation, but each new post I think about is essentially repeating the same thing I’ve written before, which is kind of boring.  (Also, reading the same lies and obfuscation over and over again is pretty boring.)  Maybe I need a standard set of posts, so all I have to do is write, “Standard political post #23.”

Also, it’s time-consuming to refute the lies and obfuscations.  If you read something that sounds fishy, it takes a lot of work to dig up the facts to back up your suspicions and present it in a way that’s interesting, understandable and maybe even a little entertaining.  Which, I’m convinced, is exactly what political consultants count on – it’s simply too difficult for the average voter to sort out the facts well enough to make an informed judgment, so they have to rely on sound bites and headlines.

Even worse than that, I’m not sure the average voter knows he or she needs to do so much work as a voter.  When it comes to issues, most people seem perfectly willing to accept whatever someone tells them, without question.

As an example, a while back at work (this year), we all received an email from a high-ranking member of the organization warning us that we should all be careful because fines for speeding in Virginia would soon jump to $3000!  Everyone gasped and immediately started making plans to tell all their loved ones to slow down.

I was the only one that found anything suspicious about the email – the only one who even thought about trying to investigate the story.  Even though no one had heard anything about it on the news, everyone absolutely believed it was true.  There was a link in the email to an article that was the source of the information.  I clicked the link and read the article (I don’t remember exactly, but I think this is it), which did indeed talk about Virginia speeding fines going up to outrageous figures on July 1.  So the email must be legit, right?  Well, apparently nobody bothered to look at the date on the article, which was somewhere in 2007.  Anyone in the Virginia blogosphere should recognize that as the year of those outrageous “civil remedial penalties” (also known as “abuser fees”) that were repealed shortly thereafter (noted here on that same site).  But nobody at work remembered any of that or believed it had been repealed, despite my assurances that it was perfectly safe to speed this summer.  After all, this email came from a trusted source!  An authority figure, no less!  How could it be questioned?

Fighting that kind of blindness on a daily basis – especially in written form – is exhausting.

One other thing I’ve seen that sort of squashes one’s enthusiasm for politics:  I suspected this all along, but the change of administration from Bush to Obama made it abundantly clear that (most) Republican bloggers and (most) Democratic bloggers are exactly the same, and they write exactly the same things – they just substitute in different names depending on who is in office at the time.  Their entire purpose in life is to attack the other side.  All the rhetoric is exactly the same.  Bush blows it with this or that.  Obama blows it with this or that.  Bush is a Nazi.  Obama is a Communist.  So-and-so “doesn’t get it.”  So-and-so “gets it.”  Blah, blah, blah. It’s childish and reduces the dialog (if you can even call it that) to the level of a schoolyard shoving match.

I’ve started looking at Republicans and Democrats as street gangs on opposite sides of the road, battling for turf. (Possibly also dancing to show tunes.) Some of them probably have ideals that got them started in their respective party, but most of that seems lost in the he-said-she-said.

I figure the best political dialogue would come from Independent or Third-Party bloggers.  They don’t usually have a natural “enemy” to butt up against all the time like Republicans and Democrats do. Unfortunately, as in the real world, Third Party views are hard to find in the political blogosphere.