I was curious to see the Diaspora code base when it was released on September 15.  Ever since I heard about Diaspora, I – like many other developers before me – have been pondering how I might architect a distributed social network myself, so I was curious to see how they had solved certain problems I was running into.  The short answer is:  They didn’t.

First of all, let me get this out of the way:  I’m looking at this purely from an engineering perspective.  From the business and marketing perspectives – arguably more important than engineering in these modern times – Diaspora is fine.  They have generated a huge amount of PR buzz, raised a bunch of money from nowhere, moved to Silicon Valley and probably have a bright future ahead of them.  They’re even leveraging the gullible open source community to do most of their work for them.  Most people can’t do any of that.

But…

It’s clear that the September 15 release of Diaspora is a prototype – a “technology preview” as Microsoft might say.  The functionality is roughly equivalent to what you’d expect from a college class project.  You can login, type status messages, upload pictures, and... well, that’s pretty much it.  (Okay, you can create “aspects,” too – whatever those are.  What’s wrong with naming them “groups?”)  I would estimate it needs a minimum of 6 more months of serious effort before it has any value to consumers, and even then it probably won’t have a tenth of Facebook’s features.  This release should never have been publicized, and the goal of an “Alpha” release in October seems pretty far-fetched.

The code itself is written in Ruby, so I can’t comment too much on it.  This is my first exposure to working code written in this quizzical language the kids like so much.  One comment I will make is that there aren’t very many comments. :)  And would it have killed someone to write some documentation so people could find their way around the code without individually opening every file to see what’s in it?  Just sayin’.

From what I can tell, the majority of work seems to have gone into creating a nice presentation layer – the HTML and Javascript and whatnot – and of course from their perspective, that’s the most important part anyway.  Their primary business goal, after all, is to launch Diaspora.com and sign up as many users as possible.

But the parts that I’m interested in are the “back end” parts – in particular, the parts that deal with exchanging data between “seeds” – the parts that are vitally important for an open, secure, distributed social network, in other words.  Those parts, unfortunately, appear to be an afterthought, and more-or-less delegated to other libraries (eg. Redfinger).  To me, they’re approaching the project bass-ackwards.  If you really want to create a secure, privacy-aware network, you need to think about securing the traffic between the seeds first, as that is the most vulnerable part.

I’m not the only one to notice problems with this release, by the way.  Others have pointed out serious flaws in the front-end:  Code for open-source Facebook littered with landmines – The Register.  Trouble With Diaspora – Steve Klabnik.  Alert raised over Diaspora security – THINQ.  ComputerWorld had one of the kinder articles I found:  Diaspora: It’s no Facebook…yet.  This list goes on and on.  Journalists love to tear people down.

Here’s the sad thing (to me, at least).  Because it’s open source and anyone can commit code (after agreeing to share the copyright, that is), an army of college kids are probably going to fix all of those cross-site security problems for them.  For free.  Then they’ll be able to launch their Diaspora hosting service on the backs of those poor idealistic helpers and rake in tons of “Facebook killer” venture capital.  (I’ll be interested to see how they are planning to appease advertisers that will want more and more access to private data, though.)  The cycle will continue:  I and every other developer looking to write their own social network “node” probably won’t be able to interact with Diaspora any better than we can interact with Facebook now.

I’m weirdly fascinated by this project, so I’m going to continue pouring over the code to identify the protocols used.  If nothing else, it’ll be a Ruby and Git learning experience for me, and who knows, maybe I’ll contribute something.  Now if I could just figure out how to run it inside Eclipse.

Installation Notes

If you’re trying to install and run Diaspora, the instructions leave a couple of things out.  First, don’t bother trying to run it on Windows, I got a headache just reading all of the dependencies, let alone trying to find and install and configure them.  I created a blank Ubuntu 10.04 install on VirtualBox, and followed the installation instructions step-by-step.  It all went great until I got to “bundle install,” which failed with “bundle: command not found.”  Some Googling found the answers.  You have to make a symbolic link to put it into your path.

After sudo gem install bundler:

sudo ln -s /var/lib/gems/1.8/bin/bundle /usr/local/bin/bundle
cd /usr/src/diaspora
sudo bundle install

(Btw, just go ahead and put “sudo” in front of everything; almost nothing works in Ubuntu without it.)

I had to get the rake package, too:

sudo apt-get install rake

I couldn’t get ./script/server to work, so I run the app and websocket servers separately.

(Side question: How is this going to work through firewalls if it needs two ports?)