Security Lessons Learned From the Diaspora Launch

patio11 writes "Diaspora, the privacy-respecting OSS social network, did a code release last week. Attention immediately focused on security. In fact the code base included several severe security bugs. This post walks through the code, showing what went wrong, and what it would let an attacker do to someone who was using Diaspora." The developer who wrote the post ends with: "You might believe in the powers of OSS to gather experts (or at least folks who have shipped a Rails app, like myself) to Diaspora’s banner and ferret out all the issues. You might also believe in magic code-fixing fairies. Personally, I’d be praying for the fairies because if Diaspora is dependent on the OSS community their users are screwed."

Re:Axe job

[eln]

Exactly. It does exactly what it's supposed to do: Instead of having a single mega-corp have complete control of your data, it does completely the opposite and lets everyone in the world have complete control of your data! It truly is the anti-Facebook.

Re:...huh?

[Anonymous Coward]

From what I heard, since they're not experts at cutting corners, they tend to actually put together sturdier constructions than the professionals.

Re:...huh?

[Anonymous Coward]

Extreme Makeover Home Edition too

Re:WTF?

[Anonymous Coward]

Not quite correct...

"Goddammit kdawson. That's it, your articles are blocked. You're the f***ing Fox News of Slashdot. Whatever merit any article you post may have you manage to completely overpower it with sensationalist editorial bias."