Open Source Twitter is here

Ok, technically not Twitter but it’s dang close, the site is called, some pertinent details from the site is a microblogging service brought to you by Control Yourself, Inc.. It runs the Laconica microblogging software, version 0.4.1, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0
Unless otherwise specified, contents of this site are copyright by the contributors and available under the Creative Commons Attribution 3.0. Contributors should be attributed by full name or nickname.

It is based on a new V0.1 open microblogging protocol from Evan Prodromou. In general, the tech blogosphere is excited about and the open microblogging protocol it is based on supports OpenID, that’s cool because I don’t have to remember yet another username and password. But the real cool thing is that the code is open source, get it here, and already a couple of people have installed their own instances of it. Here’s detailed instructions from one developer from his successful installations (2 of them) and another supposedly simpler set of installation instructions here on a shared host. I haven’t tried them yet so use them at your discretion. Also, it has attracted the attention of other developers that are going to start tweaking the code to make it more scalable, such is the power of open source especially since Laconica’s GNU Affero license means any changes made on anyone’s server needs to be released back as well. Developers are also starting to experiment with federating different instances of Laconica where a message posted on one instance of Laconica, e.g.,, shows up on another Laconica instance, e.g., and vice versa.

Since the launch yesterday, the site was up and down several times, so hopefully it will get better over time, I sure would hate for it to suffer the same dreadful Twitter scalability issue. It was probably due to the buzz in the tech blogosphere that generated a ton of traffic. Even with the site being inconsistently available, a nice feature is the XMPP support. I was able to interact with it via my Pidgin / Gtalk setup even when the site isn’t available and that’s very handy.

I am excited about this for data portability because with it being open source, developers can add support for relevant data portability technology such as XFN, microformats, FOAF, RDF, RDFa, etc. If this really takes off, it can mean serious trouble for Twitter. Even without, the tech blogosphere have talked about migrating to FriendFeed from Twitter due to its scalability issue. To get an idea how interested the blogosphere is in, it has 10,000 registered users in 3 days from launch.

On a side note, I am spending less time on this blog and more time on my Ruby on Rails blog as I ramp up development for my next startup.

OAuth or bust

Hot off the press! (is that still an expression given the apparent demise of newspapers?) Mashups: Google’s Adoption Makes oAuth a Must Have for All Apps. This right after MySpace announcing support for OAuth with their Data Availability initiative the day before.

IMHO, this is huge for data portability, in this case, OAuth support for all Google Data APIs, everything from Gmail contacts to Google Calendar to Docs to YouTube. Bottom line, users no longer need to give up their confidential Google accounts username and password to 3rd party services in order for the 3rd party services to access their data on Google services. I suspect that Google is doing this because it helps them become the service provider of choice using an open and standard means of authentication hence channeling even more traffic through Google servers that they can figure out how to monetize later, much like their Friend Connect effort.

This is a major win for OAuth, in fact I would say that OAuth has now become a bigger player than OpenID in the space of data portability technologies. Given the recent history of big players announcing back to back support of similar features, I predict (ok I hope) that Facebook and Microsoft will follow suit.

Is MySpace data availability truly more open?

In the post MySpace Opens Up The Data Pipe With Full Launch Of Data Availability, Arrington praised MySpace on fully launching data availability

MySpace is taking a much more interesting approach than Google, which controls data sent to third party sites via an iframe. MySpace is actually streaming data to these sites, which allows for true integration between the services, not just a bolted-on social tool.

My initial reaction is awesome, now I (as a 3rd party service provider) can consume the open user data but reading further into the article

Since actual data is being streamed out of MySpace, they have a strict terms of use policy that forbids third party sites from storing or caching the data, other than the unique MySpace user id of the user. Each time a page is rendered the third party must re-request the data from MySpace via a set of APIs. That means any changes by the user to their MySpace profile data or friends list will be instantly applied across third parties who access the data.

So basically MySpace TOS forbids me to do anything more than what is currently allowed by Google Friend Connect. Granted that there is a technical difference between the two, Google Friend Connect uses an iframe and MySpace actually lets the data out, there is no inherent difference in the 3rd party service provider ability to consume the data. In fact I would argue that it is more work for the 3rd party service provider to provide a UI page to render the data rather than just sticking in an iframe and letting Google do the heavy lifting.

Saying that MySpace’s data availability solution solves the problem of constant syncing of data so that the users remain in control is like Facebook saying that they are blocking Google Friend Connect due to user privacy concerns. IMHO the real reason is to maintain control and quoting the user privacy concern is merely a convenient PR front for both companies. I am surprised that Arrington is buying into MySpace’s PR spiel especially since he called Facebook on their user privacy concern blocking Google Friend Connect.

Time to define open privacy standards?

Today, I came across this post “Are shoeboxes better than Flickr?” and it got me wondering (again) whether it is time to define open privacy standards much like OpenID did for identity and OAuth did for authentication / authorization.

I come across such privacy discussions frequently but nowhere have I seen any consensus on privacy standards other than broad sweeping statements or wishes such as (quoting from the above article)

I have a policy which I assert over my stuff that I control, which is this protected zone in the cloud. And I have some real control over how I define policies over that thing and who gets access to it and on what terms. And I get to audit that access in a coherent way.

As I said in a comment on the above post, this is a loaded statement or perhaps the devil is in the details. It’s not like people haven’t tried, I know for a fact that there were several such discussions at that never reached any consensus (check out the policy group threads), plus numerous posts by Michael Arrington, Robert Scoble, Marc Canter, Steve Gillmor, etc. My personal take on it “user privacy is a personal and individual thing and is also dependent on the context of usage“. I attempted to define some levels of privacy controls that make sense but it is far from complete. Marc Canter has a similar idea and calls it dynamic privacy.

I understand that this is a difficult area to tackle but I think it is time to define open privacy standards much like the approach taken by OpenID and OAuth. Let’s start with something small and tangible for 1.0 version and build on it based on real-world usage on what works and what doesn’t work, essentially going it the agile way.

Reality bites

Today a couple of posts wondered out loud if social networking has peaked

In particular, Malik thinks that the market has transitioned onto niche social networks, in his words

The way I see it, the market has shifted its focus onto niche social networks, such as those dedicated to sports, music, automobiles and pets. You know, sites like Dogster! They have focused, engaged communities, which means they can attract a higher amount of advertising dollars.

In the very first comment on that post,

Niraj said:

While it would be easier to monetize, I can’t see the niche site idea working very well because users would have to sign up at several sites to cover their different interests. Facebook and Myspace’s broader appeal give them a much larger base, and it seems like a tradeoff: easier to monetize versus easier to gain users.

Like Malik, I am seeing a shift to niche social sites because it is getting incredibly harder and harder for horizontal play sites to gain mass traction, I am also speaking from personal experience with my video aggregation site, JiggyMe.

But Niraj does have a point that it is a pain for users to repeatedly sign up and re-enter the same profile information and recreate the social graph over and over. And this is what data portability advocates have always said, a user shouldn’t have to do that time and again. The real value-add for social sites should be the services they provide, not the user and social graph data. I am seeing this happening already now with projects like DiSo, Google Friend Connect, Open Social Foundation, Google Social Graph API, and stealth startup These startups and projects aim to make user and social graph data more open and accessible so social sites can instead focus on providing value-add services instead of keeping users data walled in. Mind you, this is just the start and there is plenty of work to be done to make the user experience seamless, but it is a good start.

Shameless self-promotion

My in the wild posts got some attention this week and I felt compelled to share them with you – like I said, shameless self-promotion 🙂

  • May Progress report, click on either the HTML or PDF link to see the actual report.
  • Trent Adams, an active contributor and founder of MatchMine, interviewed me on my in the wild posts for his regular podcast series. You can listen to my podcast interview here. While you are there, check out his other podcast interviews with people like Plaxo – Joseph Smarr, Chief Platform Architect, John McCrae, VP Marketing; Google – Kevin Marks, Developer Advocate for OpenSocial, Robert Scoble, Managing Director of, etc.

As a side note, I plan on changing the focus of my startup, JiggyMe (video aggregation site), to feature only technology videos, so feel free to add your technology videos there.

In the wild snapshot#3: DiSo profile plugin

I had an excellent conversation with Stephen Paul Weber, an active DiSo plugin developer, on his experience with the DiSo profile plugin. For those of you unfamiliar with this series of posts, the idea is to create blog-length interviews with various in the wild apps describing their processes and the technologies that they use with regards to data portability. The goal is to profile real use cases, solutions, and lessons learned when it comes to the current state of affairs for data portability technology. Note that these posts aren’t meant to recommend or not recommend certain technology, I leave that up to the developers/architects to decide based on their needs. If you have such an app and are interested in being interviewed, please leave me a comment on one of my posts and I will get in touch with you.

DiSo Project Background
Straight from the DiSo Google group About page

Social networks are becoming more open, more interconnected, and more distributed. Many of us in the web creation world are embracing and promoting web standards – both client-side and server-side. Microformats, standard apis, and open-source software are key building blocks of these technologies.

DiSo (dee • zoh) is an umbrella project for a group of open source implementations of these distributed social networking concepts. or as Chris Messina puts it:“to build a social network with its skin inside out”.

You can also listen to an interview by Chris Messina on Chris Messina about DiSo.

At this stage, DiSo plugins only work on self-hosted WordPress blogs which means if you have a blog on, you are out of luck. Also, all DiSo plugins currently are written in PHP, WordPress’s choice of language. Visit the WordPress site to get instructions on how to host your own WordPress blog and install plugins.

Application Overview
The DiSo WordPress profile plugin has the following main features

  • When a user signs up for a WordPress account, the plugin makes it easier to import the user’s profile information via hCard and XFN (if available)
  • Once a user has signed up for a WordPress account, the plugin makes it easier for the user (now blog owner) to publish their own profile with standards like hcard, XFN
  • Supports permission features allowing blog owner to restrict access to his information based on predefined relationship, e.g., I can’t see his phone number but friends of him who login with their OpenID and are present on his authorized list of friends can see his phone number
  • There is a sidebar widget that displays names/avatars of most recently logged in visitors

The key technical pieces are hCard, XFN (rel-me, rel-contact), PHP5, and standard WordPress plugin architecture. The plugin should work on WordPress 2.0 and above, and has been tested on 2.3 through 2.5. Currently the plugin mimics SGAPI functionality without the FOAF bit. Also, FOAF was considered but not implemented, another item for the future perhaps. He plans to add Google Social Graph API (SGAPI) support, but it wasn’t available when the plugin was written, so it is something to consider for the future – Steve Ivy wrote a PHP wrapper for SGAPI.

While the plugin works with OpenID, it does not require OpenID. There is a button to import profile and can fetch profile information if it is not an OpenID URL. OpenID profile extraction for XFN and hCard is automatic upon registeration and login. For OpenID feature to work, it needs the WP-OpenID plugin. No other libraries or plugins are required, in fact the import button works fine if the WP-OpenID is not installed. To display the user’s profile, the user needs to add a WordPress template tag. There is a page token for rendering on a WordPress page and a PHP function for addition directly to the template (documented on the plugin page). So far, most people don’t use it as a sidebar widget and instead display their profile information inline in the blog.

For an example of the plugin in action, check out Stephen’s blog, it powers the top half of his main page and the avatars of recent visitors in his sidebar.

Lessons learned
Some people have hCard on their OpenID pages via OpenID delegation usually or directly on the page. A large number of people have rel-me links going to their main profile somewhere else. In his opinion, the biggest hurdle is still HTML parsing in PHP which is surprsing to me since PHP is such a popular web development language. Event though PHP has excellent XML support but if the HTML is broken or incomplete as it is often the case in the world wild web, there is no library to handle that. An option is to fix it with HTML Tidy but most shared service providers (like DreamHost) do not have HTML Tidy installed. Without HTML Tidy, the plugin has to run the page through W3C remote tidy proxy which can be slow. Another option is to use HTML Purifier which is a re-implementation of HTML Tidy in PHP.

The current plugin user base is primarily DiSo developers and he has not gotten any feedback from non-DiSo developers. He noted that there is a goofy WordPress thing where the permissions model is based on the contacts list but WordPress only supports one blogroll list, so everyone on that list has the same permission. This is not a problem for most blogs but it could be a problem for multi-authors blog. There is no affiliation with WordPress other than it is a WordPress plugin.