oda: zombie face on a blue-violet plane (personal)
2011-09-11 10:08 pm

Not Much, Really

What I have been up to:

Not a lot.... Health issues, mostly, have had me at basic day to day. Which isn't bad, really, but it means I haven't had a lot of cognitive surplus. I want to be doing more, but pushing it won't help, so I am not.

Because it's mostly busywork and hence can be done as a bear of very little brain, I've done a major cleaning of my Facebook account, because I am still using it (for now) to keep in touch with family, but I don't think their privacy is going to get any better either. So: fixed a lot of settings there, and deleted all of the fluff from my Wall, likes and things, and tried to zap everything that my name points to in public. Ruthlessly deleted anything I'd posted that no one had touched. While none of it is earth shattering in the least, I am not really fond of having a bunch of "I like pie" trivia under my full legal name.

I am not hardcore enough to do some of the things described in danah boyd's post on how "Real Names" Policies Are an Abuse of Power like deactivating my account when I'm not actively logged in, or scrubbing everything off my wall even if other people have commented, or scrubbing my comments off other people's posts. That feels like it's going too far.

Not sure how I feel about Google+ right now. It's a marathon, not a sprint. And hard to think clearly about when I'm on a bad part of my particular health curve.

I would like to be able to think of social networks as only fun and only about the people, and not about the enormous amount of work it takes to have a modicum of privacy, because it wasn't designed in from the beginning. The privacy issue is enormous, and bigger than these sites, and it's going to quietly (and not so quietly) hurt people and a lot of people don't even realize it yet.

I wish it were easier to get my family over here, where I actually feel comfortable, welcome, and included. I like the community on Diaspora, a lot, but still have concerns about the privacy. I like the vibe and community on Subjot. It's short-form and fully-public now but will including private later, and it has delicious topics, just like I wanted baked into Google+. Oh yes, that's another thing I'm trying out, Subjot, but it's been so low-key and easy that I find it's very natural. Though now I tend to reach for it instead of twitter. Longer form than twitter with topics and real comments and a restful UI? Yes, please. I was only going to look but I thought I'd just post one thing and there I still am; I like it a lot.

I've also switched to DuckDuckGo, which is hardly even-minded of me as I didn't try the other alternatives, but I tried it, liked it well enough, liked some features very much indeed, and stopped. Even just switching search engines is a pretty big change for me right now.

The amount of rambling I am doing is probably some indication of why I haven't been posting anything structured lately.
oda: diaspora* icon (stylized asterisk) on a blue-violet field (diaspora)
2011-08-28 04:11 pm
Entry tags:

[Dark Man] Geographically Distributed Coding

This is from my husband's comments on my post over on Diaspora. As you can see by the fact that I'm mirroring it and not him, he's not very into blogging, but he wanted to talk about the methods he uses to get a geographically distributed coding team on the same page. I feel this is highly applicable to many open source software projects so thought it would be useful to capture as a top level post.

'This turned into a bit of a wall of text. Hopefully it'll be useful.' )
oda: diaspora* icon (stylized asterisk) on a blue-violet field (diaspora)
2011-08-28 04:06 pm
Entry tags:

Update: Pondering Diaspora Security

Sarah Mei, one of the Diaspora core contributors, has responded to my post on Pondering Diaspora Security. On a weekend no less! Please see the comments on Diaspora, and reply there if you wish.

Anyone who would like an invitation to the joindiaspora.com pod in order to respond directly may PM me with an email address; you may also sign up directly without an invitation on the diasp.org pod.
oda: diaspora* icon (stylized asterisk) on a blue-violet field (diaspora)
2011-08-26 03:41 am

Pondering Diaspora's Security

I really love Diaspora, but I have some significant reservations about recommending it to any users who are concerned about the privacy or integrity of their data. I would be thrilled if I were confident enough in it to be able to recommend Diaspora freely. However, I do not yet know enough about its internal structure to feel that I can do it in good faith.

Right now Google+ is having a great many privacy issues and is suspending users right and left in the #nymwars, which means that there are many people looking around for a new home. Diaspora is a strong contender. It's got great basic functionality and a clean UI that Google+ seems to have cribbed from. The privacy model on Diaspora is also great. It's the security that I'm worried about. Users need to know that their data can't be read by anyone they haven't authenticated to read it, and that it can't be deleted or modified by anyone but themselves.

Personally, I also love Dreamwidth, but I know that some people want the ease of commenting that Diaspora has, where all of the comments are kept in a stream, unlike Dreamwidth's more post-centric model. So I want to have somewhere to send people who want that instead, or who want to be able to run their own servers.

We're almost a year out from the Security Lessons Learned From The Diaspora Launch. How is the software doing now, security-wise?

When I go look at The Official Diaspora Wiki there is an empty red link pointing to Security Architecture Proposal. This is not exactly comforting. When is the Security Architecture Proposal due to be posted?

I know that the problems exposed in the review have since been patched, but is Diaspora moving forward in a way that avoids new problems? Has anyone examined the inter-server protocols for security flaws? Where would I go to look for more information on this? I'm not a coder, so I can't simply read the code, but I can usually follow higher level reviews done by coders or architects, and I would love to see a newer security review if such exists.

In my experience, security is immensely easier to maintain if it is built into software from the ground up. This is from the perspective of a system administrator, not a developer, but I have always found it easier to maintain software that started out with the intention of being secure. One example is sendmail vs. postfix. Sendmail started out very permissive, and as abusers figured out how to manipulate it, it became more secure in response. However it has always been troublesome to maintain and more likely to need patching, because that security wasn't part of its core design. Postfix was designed for security from the ground up, and is much less difficult to maintain.

Another issue that was exposed in the early code review was the lack of a design document or commented code. Again, I am not a coder, but I know that documentation is the heart's blood of any team project, and absolutely critical for being able to maintain code. Where is Diaspora as far as documentation goes?

(Mirrored to Google+) (Mirrored to Diaspora)
oda: Chrome tab with a sad face on blue-violet field field (degoogle)
2011-08-10 02:18 am

De-Googlefication Step 1.1

Mirrored from Google+.

Mostly I ran around in slow circles like a sloth who couldn't find a tree today. I also fiddled with my circles a bit and discovered to my dismay that +Alis D. had turned into an email-only link. Did she delete or was she suspended? Seems rude to send an invite to find out, either way. I'm not sure if mentioning her here will email her or not. Intentional departures, too, as I crawl away slowly. (+David Leung, +Brandon Blackmoor, you will be missed, but as I am working on prying myself off in my own way I can hardly blame you.)

Dreamwidth: Have created an account to host bloggish stuff. Am still getting it set up. My guess is that this represents the most solid combination of policy, circles, and accessibility -- plus it features threaded comments and real moderation.

I'm not very satisfied with Diaspora -- their privacy hearts are definitely in the right place, but I am not convinced that they know how to write secure code. However if anyone wants to play with their alpha I can now provide invites.

And then I got distracted by the dog. Squeaka squeak squeak!