Security Lessons Learned From the Diaspora Launch 338
patio11 writes "Diaspora, the privacy-respecting OSS social network, did a code release last week. Attention immediately focused on security. In fact the code base included several severe security bugs. This post walks through the code, showing what went wrong, and what it would let an attacker do to someone who was using Diaspora." The developer who wrote the post ends with: "You might believe in the powers of OSS to gather experts (or at least folks who have shipped a Rails app, like myself) to Diaspora’s banner and ferret out all the issues. You might also believe in magic code-fixing fairies. Personally, I’d be praying for the fairies because if Diaspora is dependent on the OSS community their users are screwed."
Security (Score:4, Informative)
Because of course, obscurity is proper security.
Re: (Score:3, Insightful)
Re: (Score:2)
I think the AC forgot the sarcasm tags
Re: (Score:2)
No, even with sarcasm the AC still has the meaning wrong. The phrase "Security through obscurity" doesn't refer to closed source code, and it doesn't refer to not disclosing known flaws. It refers, exclusively, to things like 'no one will ever go to www.example.com/admin so there's no need to require credentials on the admin page'. Or 'no one will ever try to randomly telnet into port 6424, we'll output all the debug stuff there'. Or 'no one will every to to call this unpublished function'.
Re: (Score:2)
I guess you are better at reading a mind then I am.
This is why lawyers are so long winded, even the honest ones.
Too few words, have too many meanings.
Yours are more robust, and have more specific meanings.
Only the AC knows what the true intention was. i.e., closed source vs "back doors"
Yours reminds me of DVD Easter eggs.
Re:Security, I agree ..., AC should say.... (Score:3, Informative)
"Security through hubris," which refers to the hawkers (selling security that ain't) of proprietary software and gawkers (buying security that ain't) with brand-pride. "Security through hubris," doesn't refer to closed source code, and it doesn't refer to not disclosing known flaws. It refers, exclusively, to things that AC may of been referring too, like 'no one will ever go be able to find the security flaws, no one will ever know about or use open-port 6424 for cracking, and/or no one will every know eno
Re: (Score:2)
I have to say I expected a better review of the first product given the "more eyeballs" theory.
Re: (Score:2, Interesting)
I read TFA (I know ...) and comments and many of the issues mentioned are addressable within Rails generally so I don't think that saying the project has no chance is fair to either the developers or to the OSS devs the author besmirches. That said, I have never been very pro-Diaspora and didn't expect anything secure or even really working in the first release from that team: they're just a bunch of college kids with little experience on summer break, after all.
I still think that extending XMPP is the way
Re:Security (Score:4, Interesting)
The OSS model has already proven better in this instance.
If Diaspora had been closed source, we would not have known about the vulnerabilities until AFTER they had been exploited - very exploited on a large scale. Because the code is open, it has been reviewed and the flaws spotted while it is still in alpha.
That said, I will still not use this. I am not a real developer and I would be unlikely to make some of the mistakes that these people are making.
Re: (Score:3, Insightful)
I'm not blasting the model, just asking the questions.
A private enterprise with its product and profit to think about would have had to get it up to a minimum leve
Re: (Score:3, Insightful)
Diaspora has the benefit of being Open Source, much anticipated, and security aware. Thus, some number of security flaws have been found.
Diaspora is lucky in that regard. Bugs have lain dormant in even open source code for decades before being discovered. "Open Source" does not guarantee that bugs will become obvious. Open Source does not even guarantee that there will be people looking at the code, only that they CAN.
...huh? (Score:4, Insightful)
Because if Diaspora is dependent on the OSS community their users are screwed.
Isn't that a bit like saying "if getting this building completed is dependent on construction workers, we're screwed"? Why would you make such a disparaging remark about the very people that will be keeping this thing going?
Re:...huh? (Score:4, Informative)
Isn't that a bit like saying "if getting this building completed is dependent on volunteer construction workers, we're screwed"?
FTFY
Re:...huh? (Score:4, Interesting)
Yeah, volunteers have never [wikipedia.org] put up a building before.
Re:...huh? (Score:5, Informative)
I work HfH construction once in a while. They hire professionals to do the important bits and the large stuff; excavating, pouring the foundation, wiring, plumbing, and often the finish carpentry. If you happen to have someone relatively skilled there, they may assist the pros; I've helped with all; wiring, plumbing, finish carpentry. But you don't let someone who is enthusiastic but doesn't know what they're doing do finish carpentry, they'll probably just wind up wrecking a lot of material. And if you let them do plumbing in an area where code requires copper pipe, you'll probably wind up with a mess that will take a pro 3 times longer to fix than if he'd just done it himself to start with.
I think the latter may be the case when it comes to this project. I really, really hope this project comes together, but as a programmer I fear that if they've built this thing from the ground up without a good basic understanding of web security, the thing may have to be gutted and rewritten to get to where it needs to be.
Lots of people can write web apps. Heck, I pretty much write web apps all day long, but I write them for intranet use, they're not accessible to the internet at large. If my stuff had to be hardened against the kind of general attack Diaspora is going to have to endure, I'd have to learn a lot more than I know now.
Re: (Score:3)
Yeah, volunteers have never [wikipedia.org] put up a building before.
Existence of a past event (volunteers for X) is not a guarantee for the occurrence another independent event (volunteers for Y where Y has no relation to X). You don't rely on work being done with resources you cannot reliable predict to count on.
Re: (Score:3, Informative)
However, the critical components (Foundation, electrical, plumbing, ect) is done by professionals.
It is a great example because those professionals are quite often working on volunteer time themselves. Just like how a lot of OSS projects are contributed to by amateurs and students, but often the deeper, more advanced work is done by professional coders and designers.
Re: (Score:3, Informative)
Those services from professionals are almost always paid for not volunteered.
[Citation needed]. My uncle worked on a HFH home as an electrician and he was not paid for his time.
Re: (Score:2)
Volunteer construction? Yeah, there's an app^h^h^h organization for that.
http://www.habitat.org/ [habitat.org]
Re: (Score:2, Funny)
Re: (Score:2)
No, it is like saying that you are screwed if you have to rely on bystanders to come in and fix the work your construction workers did.
Re: (Score:3, Insightful)
Provided those bystanders are also construction workers.
Re: (Score:2)
Hu? They did collect money to make a working implementation. That was in fact their excuse for releasing software of this quality. (Our customers paid, and wanted something they could see/use).
Re:...huh? (Score:4, Informative)
The team is manifestly out of their depth with regards to web application security, and it is almost certainly impossible for them to gather the required expertise and still hit their timetable for public release in a month.
Re: (Score:2)
Because if Diaspora is dependent on the OSS community their users are screwed.
Isn't that a bit like saying "if getting this building completed is dependent on construction workers, we're screwed"? Why would you make such a disparaging remark about the very people that will be keeping this thing going?
Because the problems encountered seem to be fundamental and numerous and which would require a reliable and consistent work force to fix them fast enough to make the whole enterprise workable. That is, the task seems monumental. This is not the same as starting a OSS project from a solid, workable core, buggy as it may be, but workable for the intended goals.
Since the goal of Diaspora (its entire reason of existence) was security and privacy, they really f* up. And the OSS contributors that are behind it
WTF? (Score:4, Insightful)
Re: (Score:2, Interesting)
Re: (Score:2)
I guess because closed source projects generally DON'T receive public scrutiny?
Ever read Bugtraq and Full Disclosure mailing lists?
Re:WTF? (Score:5, Informative)
(my bold) So he's not actually saying anything bad at all about OSS; he's just saying that being OSS doesn't mean that they can magically gain experience (or experienced developers) and fix their entire codebase in a month. The notion that OSS development is to blame was purely down to Slashdot (or the submitter).
Re:WTF? (Score:5, Informative)
Re: (Score:2)
Axe job (Score:2, Informative)
I mean, nothing seems to point to me that this is shill garbage coming from facebook, but the conceptual idea of Diaspora is sound and the code was released for the precise reason of improving it, as it has done. Yet all I've heard is some disproportionate vitriol against the project. It doesn't make sense.
And hell, the majority of the security issues found appear to be rather simple to fix. Jus
Re: (Score:2, Informative)
This would be true if (and only if) the whole point of Diaspora wasn't to improve the security of your data. Seriously, that's the only significant quoted feature. And they didn't get that part close to right before launching? C'mon...
Re: (Score:3, Insightful)
What "launching"? They aren't launched, they just had a public pre-alpha to invite people to come take a look and provide feedback.
If that *had* been a launch, you'd be right. I tested the pre-alpha, and I provided my feedback. Let's let them go fix it now and see if the beta is better.
Re:Axe job (Score:4, Insightful)
Yeah, but his point is that [security] is *the* major feature of diaspora. How could it be missing from any release? It should be in there from the beginning, in the core architecture.
You make it sound like security is just some on/off switch that they forgot to turn on before making the code publicly viewable. That's not how it works. There will always be security improvements to be made to anything, and even... *gasp*... bugs. Especially in a pre-alpha. (If you don't believe me, then show me a major piece of software that's never had a security patch released).
I mean, christ, the code isn't done! They were just making it viewable it to the public so they could get suggestions for improvement. You know, open source and stuff?
Re: (Score:2)
Diaspora was created because some group of paranoid guys thought F
Re: (Score:2)
So, by your standards, if I were building a secure web site: I should only put out one line of code per month and have everyone make sure it's "tight" before releasing any more code?
Re: (Score:3, Informative)
Re: (Score:2)
The problem with facebook is how THEY use your data WITHOUT cracking a single thing.
Re:Axe job (Score:5, Funny)
Re: (Score:2)
I think his point was that pre-alpha-release != launch.
Re: (Score:2, Redundant)
Uh- they haven't launched, and aren't launching for a good while yet. They just prefer to develop their code in an open fashion rather than "cathedral style." Sure, they could have just developed it in private until they felt it was "close to right"- and have lost many of the benefits of being an open-source project by doing so. Developing it in the open should result in a better codebase developed in less time.
Re: (Score:2, Insightful)
I am really on their side (and the side of all attempts at open social networking like XMPP's OneSocialWeb and Status.Net's OStatus), but they could have developed in the open from the beginning, and with the press they got, they would have had input on these problems when the code was in its infancy. It seems to me that the D team isn't open enough -- it's riding the fence and getting itself killed for the effort of doing so.
Re: (Score:2)
We need to get people free from the monitoring of facebook and this is in my opinion the best shot. If not just for the hype and catchy name. Those you can't change, the code you can, and quite easily. And the FOSS community will help keep it in check. So this criticism to me makes zero sense.
They tried, they aren't sec
Re:Axe job (Score:5, Insightful)
Re:Axe job (Score:5, Insightful)
There is no Silver Bullet in coding. You can't get it right from the beginning always...
Oh come *on*. The errors in this code were deeply fundamental, and patently obvious to anyone paying any attention. Not authorizing actions performed by authenticated users? Really?? Jesus christ, that's *basic*.
Sorry, no, what we're talking about, here, are fundamental flaws in their security architecture (or, more to the point, a complete lack of security architecture). And security architecture is something you *have* to get right up front (which is why good software architects cost a lot of money... it's necessary work, and hard to do well).
Re:Axe job (Score:5, Insightful)
This is where the author's claim is rather worrying. His claim in the article (unfortunately rather lost in this attempt at a summary) is that the team completely lacks the necessary expertise and experience to build secure web apps, and has no chance of finding that experience through the open source model before their timetabled release.
I suppose it largely just boils down to what has often been apparent: an awful lot of volunteer coders have had no education in computer programming or security. While this is not always an issue, attempting to substitute enthusiasm for ability fails rather catastrophically when, as here, the task becomes difficult.
Re: (Score:2)
Re:Axe job (Score:5, Insightful)
but the conceptual idea of Diaspora is sound
That may be and nobody is arguing about the concept itself. But a concept with not of much use without any usefull implementation.
And hell, the majority of the security issues found appear to be rather simple to fix.
This is exactly why this is so bad. The mistakes are so big and so obvious for any developer with experience in web applications that the developers which worked on Diaspora can not be trusted to write secure code. They have clearly demonstrated that they have absolutely no knowledge of security. They did not just make a security hole due to some obscure implementation detail, they designed and implemented a framework with no security at all.
And security is not something you can add after you write the code. Just ask Microsoft about that.
The only solution I see is to get a new team which know how to write code, and then ask them to take over(Or rewrite) the application.
Re:Axe job (Score:5, Interesting)
You're overlooking a few points.
TFA's author acknowledges that it's a pre-alpha preview release. In a sane world, that means no one should ever go on-line with this code. But this is not a sane world, and he very specifically addresses how this release should have been done:
In other words, defang the thing before you turn it loose on an unsuspecting community. If I can successfully develop an open-source backyard nuclear fission generator, and release the pre-alpha blueprints, I would be rightly criticized for the occasional containment failure and subsequent deaths or injuries.
Also, the attitude of "meh, the security issues are trivially easy to fix" completely misses the point. If the known issues are trivially easy to fix, why weren't they trivially easy to avoid in the first place? Because, apparently, the core developers aren't sufficiently competent or committed to actual application and architectural security. So there's no reason for confidence that there won't be another batch of crippling security flaws with each new release.
Yeah, a lot of the backlash is probably in response to the hype around Diaspora. But much of the danger is also because of the hype. If Diaspora were just another quiet little Sourceforge project, it might have the luxury of a slow and casual crawl towards reliable application security. But guess what, Diaspora is the current Open Source equivalent of Paris Hilton. Being this screwed up is not an option, when the project is under such scrutiny and subject to such high expectations.
Re:Axe job (Score:4, Insightful)
Because, apparently, the core developers aren't sufficiently competent or committed to actual application and architectural security.
That is the entire point of having an open source project is that the developers don't have to be experts. Diaspora was developed not because some guys who were great at security decided one day to lunch an uber secure network, it was developed because people were tired of all the crap that FB had so they developed it. Now that the source code is out, security experts can audit the code and make improvements.
The original developers of an OSS project are like the managers, yeah, they know a little bit about the technical aspects but the main thing they have is vision then people who use it work on it to improve it. Or do you think Linus is some great wizard of security back when he wrote the very first version of Linux?
Just because the current main developers aren't that great of security doesn't mean security is compromised, actually its the opposite, they can get security advice from professionals and other people who are good at security.
Re: (Score:2)
That is the entire point of having an open source project is that the developers don't have to be experts.
For matters of net-wide security, if you aren't an expert, you need to have an expert, BEFORE public visibility, if there's ANY risk the exploitable code can escape into production.
Or do you think Linus is some great wizard of security back when he wrote the very first version of Linux?
And how highly anticipated was the initial Linux release? What was the resulting threat surface? How much practica
Re: (Score:2)
Diaspora is the current Open Source equivalent of Paris Hilton... subject to such high expectations.
Wait... what?
Sorry. I agree with most of what you said, but I couldn't let that slide.
Re: (Score:2)
A Snippet from the Criticism (Score:5, Insightful)
I mean, nothing seems to point to me that this is shill garbage coming from facebook, but the conceptual idea of Diaspora is sound and the code was released for the precise reason of improving it, as it has done ...
Okay well, sometimes I look at code and I think "good start" and then sometimes I feel like Simon Cowell ... and ask them to start over. So to determine where I stand with the Diaspora code, allow me to quote the article:
This basic pattern was repeated several times in Diaspora’s code base: security-sensitive actions on the server used the params hash to identify pieces of data they were to operate on, without checking that the logged in user was actually authorized to view or operate on that data. For example, if you were logged in to a Diaspora seed and knew the ID of any photo on the server, changing the URL of any destroy action from the ID of a photo you own to an ID of any other photo would let you delete that second photo. Rails makes exploits like this child’s play, since URLs to actions are trivially easy to guess and object IDs “leak” all over the place. Do not assume than an object ID is private.
Okay, I taught myself how to use the rails framework and code Ruby. And one of the things I was amazed at was the Rails magic. Because of how powerful it can be (both good and bad). Yes, it helps you prototype but it's errors like these that make me pause and reconsider if the person coding Ruby on Rails really understands how the framework is attempting to assist them. Obviously if you allow any user to enter any ID of a record in their URL for any CRUD action ... you aren't really understanding what those routes are trying to do for you. And you're a danger to your users.
While I could quickly remedy the above problem for the Diaspora team by improving the authentication and authorization code checks, it might be better to just start over. Now, I've devoted none of my time to the concept of liberating social network users and for that I thank the Diaspora team. This blog posting -- if true -- sure is a vote of no confidence for their capabilities of developing a realistic system. Can they improve? Certainly. But if you're making errors like that, you might be better off letting someone else take a stab at this. It's a harsh thing to say but you don't understand the tool you're using to prototype if you're even starting at this point.
I wish them the best of luck and I hope the community reaches out to them. But I'm not interested in recoding everything. I'd sooner simply start my own project.
Ruby (Score:3, Insightful)
My problem with their efforts is they used Ruby. Which might be really nice and all, but not that many people use it. Thus it is really hard to find people who understand it well enough to help them work on the code and or just check the code for bugs.
Re: (Score:2)
That snipped looks bad. But, if the model was implemented right*, it may be close to best practice.
Rails allows you to overload functions. Ideally, Album#destroy would check if the current user is allowed to delete the object and either delete itself or ignore the request if the user isn't authorized to delete it. Implementing security checks at the model level has the great advantage of limiting all security-related functions to a single, easily audit-able, consistent code path. The snippet still lacks rep
Re:Axe job (Score:5, Insightful)
Re: (Score:2)
If I would manage someone who produced code like this, that person would be fired on the spot. This is not only bad coding, it shows a severe disregard for any common security practices. The feel for what you should do and shouldn't do (like validating all input) just isn't there. A server-side programmer seeing that kind of code is supposed to intuitively have an awkward feeling in his bowels and be unable to sleep until the problem is fixed in any way, not actually writing up and releasing this thing into
Re: (Score:3, Interesting)
Also completely confused by the weird feedback on Slashdot. Once the model has stabilised, an API will be fixed and loads of Diaspora clients and servers will come about written in all different languages. The current implementation is irrelevant, it will be trashed and rewritten at some point anyway.
Phillip.
Not faeries... (Score:2, Informative)
Unfortunately, the existance of code-fixing faeries was disproven by Wirth in 1972. Code fixes are actually implemented by type of cobbler elf.
That's... (Score:2)
Alternatives to Diaspora (Score:5, Informative)
Here is a list of alternative open source Peer-to-peer social networking softwares [bitcoin.org]
Note that The Appleseed Project has existed since 2004 and is the first.
Invalid Argument (Score:5, Insightful)
if Diaspora is dependent on the OSS community their users are screwed.
If it wasn't for the OSS community, everybody would believe they've released a safe program. Thanks to OSS, we now know that installing it is not the best decision yet.
I'd say the users would be screwed if diaspora was not open source. Linus Law once again.
I was not surprised to find out that the author sells [bingocardcreator.com] proprietary software. I think that maybe, just maybe he's biased against FLOSS?
Re:Invalid Argument (Score:5, Interesting)
Re:Invalid Argument (Score:5, Interesting)
I don't think unproven oss assertion is that "many eyes make bugs shallow". I can accept that. The unproven oss assertion is that many(More then for a similar closed source program) eyes will ever look at the code just because it is open source. I am for example coding c,c++ and Java and running a Fedora Core 13 as my desktop os, but I have newer looked at any any source for any operation system or applications I have been running.
Volunteers (Score:5, Insightful)
I don't think the idea is that the open source community is going to screw people, but that the idea of expecting volunteers to always be plentiful and useful is a good way to cause yourself problems.
Re:Volunteers (Score:5, Insightful)
...the idea of expecting volunteers to always be plentiful and useful is a good way to cause yourself problems.
Software projects in business suffer from the same problem, actually. Oh, programmers are plentiful as long as you have budget to spare, but not all professional programmers are created equal, peer reviews / code inspections are slipshod or even omitted, and testing is haphazard. In fact sometimes there's a conscious decision to take shortcuts in those areas because of pressure on the timeline.
The potential to be bitten in the ass by substandard work that goes undetected is always there, in business as well as OSS projects.
BAD slashdot! (Score:5, Insightful)
Someone wrote a blog post to point out some security issues that need fixing in the pre-Alpha version of Diaspora, and here you are using his words for pointless sensationalism that undermines the work of the Diaspora team and propagates the "Diaspora is shite" gossip that will most certainly haunt the project even after the code has hit Beta. Shameful.
If you want to do something useful, then instead of repeating how doomed the project is, ask for people to join them (I think we have some capable individuals around here) and help out.
And no, I'm not affiliated with Diaspora, I'm just annoyed by what this sort of news reporting.
Re: (Score:2, Insightful)
The issue is that the community gave them $200,000. Frankly I'm surprised that so many people trusted 4 college students with this task. But now their incompetence is showing. Don't get me wrong, I'm sure they're brilliant -- *for college students* (actually I'm not so sure about that either, but even if they actually are at the top of their class, that does not mean they have any good experience). I chose to donate time and money to another project with more competent developers. They did nothing to prove
Re:BAD slashdot! (Score:4, Insightful)
These aren't "security issues that need fixing". These are "My First Web Application"-level mistakes -- things like failure to sanitize input, allowing code injection and SQL injection, and assuming that "user is logged in" or "user provided the super-secret URL" is equivalent to "user is allowed to do this". If these errors are as pervasive as the article says, the best thing that could happen to the code is a ground-up rewrite.
Arrogant "security researcher" bullshit (Score:4, Insightful)
I don't really understand what's wrong with this blog author, this "Patrick" fellow. Diaspora is git-release of a pre-alpha. It's essentially proof-of-concept which was released so we can have a look at it and contribute. The author's "if this is OSS, we're screwed" assertion apparently ignores the fact that Chromium, Mozilla, Linux, and dozens of other open source projects work perfectly fine. Additionally, the "their code is unprofessional" accusation is simply wrong-headed. It was never intended to be "professional", so there's no way for it to be "unprofessional". It's a foundation released to the public that other people can build on.
As for all this worry about zero-day holes...every piece of software has them. If you think that these kids aren't professional because they can't make a perfect, idealized, secure pre-alpha, then you're riding the slopes of a Nirvana fallacy. The entire reason it was open-sourced was to allow researchers the opportunity to improve the code INSTEAD of going public in order to gain visits to their arrogant blog posts and acting like there's some huge problem not covered by the disclaimer. OOPS SORRY IS THAT TOO CLOSE TO HOME, PATRICK? I have never seen more arrogant douchebaggery in a security blog post. This "these are errors that shouldn't be present in any code!" bullshit is a result of Patrick and his circlejerk buds building the project up in their own heads, then being disappointed when the pre-alpha wasn't a facebook-killer.
Yes it has errors. But the very fact that it's 1) open source, and 2) being debugged even by douches such as Patrick, means that the whole "OSS Diaspora" concept ACTUALLY WORKS IN PRACTICE.
Re: (Score:2)
Simple read the blog a bit the author is a crap ware distributor and he probably commissioned the article. Not that it matters much but if I you are really pissed about it crank up a compiler with a couple of dictionary files and write a open source version of his fantastic "bingo card printing software". If you take your time, a couple of hours at most I am sure you can top what he is charging 30 bucks for.
Re:Arrogant "security researcher" bullshit (Score:4, Informative)
You are right to a point.
The way I see it, the real problem is not that Diaspora has bugs; the problem is that it has fundamental bugs, bugs so fundamental that they question authors' understanding of the framework they're working with. It's bugs that shouldn't have been there at all.
Not verifying whether or not a user has the rights to edit an object is something pretty fundamental in my book.
Re:Arrogant "security researcher" bullshit (Score:5, Insightful)
I don't really understand what's wrong with this blog author, this "Patrick" fellow. Diaspora is git-release of a pre-alpha. It's essentially proof-of-concept which was released so we can have a look at it and contribute.
And it contains flaws in its security architecture that are so basic, so deeply fundamental, that it's impossible to have any confidence in the development team. Security and scalability *must be architected up front*. Tacking it on after the fact is a recipe for disaster. And it's blatantly obviously that the people working on the project don't understand this.
Re: (Score:3, Insightful)
I don't understand, the code hasn't been designed yet. Patch it. The problem is there aren't any security assertations built into some transactions? How hard is submitting a patch with an "if GUID_allowed() != true then gtfo()" ?
The fact that you think it's this simple to build a solid security architecture demonstrates, all too well, the kind of simplistic thinking that has already damaged this project.
What kind of security model? Fine or coarse-grained? Are actions authenticated based simply on action t
Raising the bar to supporting a Semantic Desktop (Score:2)
http://groups.google.com/group/diaspora-dev/browse_thread/thread/4cd369bdf16a346f [google.com]
(My comments, starting with: "Here are some general thoughts about how Diaspora might relate to the
Semantic Web and a Social Semantic Desktop, and how that might make it even
more awesome to encourage everyone to migrate to it.")
Repetitve Astroturf and FUD (Score:2)
Impatience (Score:2, Insightful)
If this article pisses you off (Score:4, Interesting)
Read the authors blog just a bit, I am not really sure the guy even wrote this article he may have had it commissioned. The author is a crapware distributor and this article is nothing more
than a attempt at driving traffic to his site which worked. Now his claim to fame is some "bingo card printing software for teachers".
A few minutes with a compiler and a few dictionary files will show him exactly what "Open Source" is good for. I could really care less about what he wrote but if I was pissed about it there would be a new open source bingo card printing software package released within the next two hours.
Re: (Score:3, Interesting)
Or if you're pissed and lazy, you can find others [sourceforge.net] to do it for you.
Re: (Score:2)
I have a day off tomorrow and it sounds like a simple project with a nobel cause. I am thinking a online version of the "bingo card creator" written on google app engine and just for good measure a version for facebook, the iphone, ipad and droid all gpl of course.
It was not a "launch" (Score:3, Insightful)
There was no "launch", this was an alpha code release. Alpha code often has bugs, sometimes major. They even called it a "Developer Release". So I don't understand the uproar about *gasp* bugs in alpha code! If they had branded it beta code then I'd be more concerned with fundamental bugs, but even the developers said it had security bugs when they released it:
http://www.joindiaspora.com/2010/09/15/developer-release.html [joindiaspora.com]
Feel free to try to get it running on your machines and use it, but we give no guarantees. We know there are security holes and bugs, and your data is not yet fully exportable. If you do find something, be sure to log it in our bugtracker, and we would love screenshots and browser info.
These are design problems, not coding problems (Score:5, Insightful)
Security is part of the design, not the implementation.
Most developers still haven't learned that security isn't something you check for at various access points in the code: it is something you build directly into the business layer. For example, your code should not have a method like this anywhere:
public DeletePicture(int pictureID)
The method should be:
public DeletePicture(SecurityCredentials user, int pictureID)
This way it is impossible for your web to accidentally call DeletePicture() without checking for security. The security check is built-in to the lower-level and there is nothing you can do about it. Having worked on secure web services before, I realize I did not do this in my design, which was great for making simple tools, but it meant that all user-facing code had to have checks for security loopholes. The web is especially weird because users can hack the pages and the HTTP requests to call your methods in ways you never
These are cultural problems, not design problems (Score:4, Insightful)
As I said here: http://groups.google.com/group/diaspora-dev/msg/17cf35b6ca8aeb00 [google.com] ... Ideally (though few manage this), security needs to be woven intrinsically and mutually throughout an entire endeavor at all levels of the social process, and from beginning to end, from recruitment to developer training to coding standards to code reviews (or whatever works) to archiving procedures to product announcements to bug fix procedures to communications with the public, as well as at all levels of the code itself, the tests, and so on. For many situations, security is often like a chain -- any weak link makes it fail. The less a project embodies this end-to-end security ethic, the more constant vigilance or constant exercise of power is required by everyone involved in it (extrinsic security and/or unilateral security). ... :-( ... ..."
"The central issue many people are concerned about (reading comments elsewhere) is that security is not an "add on".
So, in that sense, security is cultural. If you try to bolt on security after the fact (like trying to use a big military to defend long oil supply lines instead of having local power sources like solar panels, or trying to be the one who has all the power and everyone is afraid of rather than being the one who has a lot of friends who all share power and look out for each other) you end up spending a lot of time, money, and lives on "security" and you possibly still end up insecure.
Unfortunately, intentional or not, the first Diaspora release has been taken by some people to be a statement about the culture of Diaspora development as regards end-to-end security, even if it was not an intentional statement or even it it perhaps may not be accurate assessment relative to intent or plans. So, it is going to take a bit of work to recover from that, but no doubt it can be done by showing steady progress to creating a developer culture that has a security mindset woven throughout it.
So how does one get security in practice, assuming you want to do it end-to-end? What engineering attitude may be best to cultivate within that mindset?
Often, the best security is just simplicity.
Re: (Score:2)
This would be true if (and only if) the whole point of Diaspora wasn't to improve the security of your data. Seriously, that's the only significant quoted feature. And they didn't get that part close to right before launching? C'mon...
Re:Let's give it more than a few hours ... (Score:5, Insightful)
Re: (Score:3, Insightful)
it didn't "launch". as i understand it, they released some kind of alpha. I know i've worked for many managers who have this weird idea that software should be perfect before it's even done, but i didn't expect so many people in this community to hold that ideal.
There is a difference between perfect and free of fundamental errors in numbers so large that their correction became problematic if not resource-infeasible. There seem to be engineers who failed to understand this particular tenet (usually blaming managers as the ones who "never get it".)
Re: (Score:2)
To me, that seems to closely parallel what's happening with this project. The developers didn't claim they were done. I don't think there is a hard deadline for when it will be done. It's cle
Re:Let's give it more than a few hours ... (Score:5, Insightful)
A former employer of mine had a team build a proof of concept for a large and critical piece of software, on which much of the business would rely. The team worked for several months and produced a functioning proof of concept, which they demonstrated to the management. Management took a good look and said, "Great, install it, and support it."
Within a few more months almost all of the team had resigned in frustration.
As far as I know, that proof of concept is still in place, with teams of people dedicated to keeping it duct taped enough to keep staggering on.
The real, serious, carefully constructed and tested software never got built.
Somehow, I doubt this is a unique tale.
Moral of the story: start it the way you intend to keep on.
Re: (Score:3, Insightful)
r0ml said it best at OSCON 2008, when describing how "real" software development and adoption methodologies work:
1. Commit to a version control repository.
2. Think about what you have right now, and release that crap.
3. Bug Reporting
4. Inventio: Ideas to fix the software.
5. Triage the problems.
6. Integrate the fixes.
He then went on to say "Some of you may notice something missi
Re: (Score:3, Insightful)
More generalized moral of the story: There is no such thing as a temporary solution.
Either whatever you did solved the problem kinda well enough (which quickly turns it into a permanent solution), or it doesn't (in which case it's no solution at all). That means that when you do something to mitigate a problem temporarily, make it clear to any management types that the problem isn't really solved.
One idea for preventing the deployment of a proof-of-concept is to make the UI for the proof-of-concept as ugly
Re: (Score:3, Interesting)
One idea for preventing the deployment of a proof-of-concept is to make the UI for the proof-of-concept as ugly and difficult to use as possible.
Sure, like that ever works.
Either whatever you did solved the problem kinda well enough
No, the prototype solves the functional requirements, but the nonfunctional ones are toast - maintainability, scalability, things like that.
Re: (Score:2)
From TFA:
Since making my public comments, I have heard—over and over again—that none of the above matters because Diaspora is in secret squirrel double-plus alpha unrelease and early adopters know not to put any data in it. False. As a highly anticipated project, Diaspora was guaranteed to (and did) have publicly accessible nodes available within literally hours of the code being available. ...
I would have released the code that they had with the registration pages elided, forcing people to only add new users via Rake tasks or the console. That preserves 100% of the ability of developers to work on the project, and for news outlets to take screenshots, without allowing technically unsophisticated people to successfully sign up to the Diaspora seed sites.
Re: (Score:3)
If their product was a shopping cart, and the preview version of their software was massively secure but didn't let you list items, or let a user add items or checkout, I'd be critical too.
Their main feature was security - there are fsckloads of social network apps out there, so re-writing that part of the app wasn't the point of the project at all. Doing it securely wa
Re: (Score:2)
Exactly, this guy is trying to prove that the open source model, where anyone can point out e.g. security holes to the developers which then will fix them doesn't work, because he is pointing out security holes to the developers which then will fix them ... and this proves his point how exactly?
Re:Well, the "developer" doesn't get it (Score:5, Insightful)
Include here the disclaimer that I like OSS, think the Diaspora team is really cool, and don’t mean to crush their spirits when I say that their code is unprofessional and not ready to be exposed to dedicated attackers any time soon.
He was doing exactly what OSS is for, reading the code, finding the bugs, and informing the developers so they can be fixed, he's only being vilified because the summary is written that way.
It's really annoying when people start (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
Why are you making the assumption that "noone really cares yet to work on it?"
These security flaws were found very VERY fast in the code, I suspect because there are many people who want to look it over and, perhaps, work on it.