The guys created a very, very good idea. They are currently in the progress of creating a good piece of software. It is already very interesting since it uses nice concepts like GPG and decentralisation – and since they realized, although NoSQL-Databases are a nice approach for some reasons, chosing CouchDB as their database was a fail, I am quite convinced, that they will find their way.

To be honest, I would have chosen a different software-basis from the start and I really miss a stable build and upgrade/procedure till now (19.01.2011).

BUT:

That software is really what we were looking for – we are really trying to embrace this, but it still has some needles and therefore we are not too happy with the current software deploy.

You can still feel free to play around a bit – we created our diaspora pod right here: https://finespora.net

If anyone feels happy to try to tune our finespora server, pls. let me know.

HT

Because I am totally thrilled of the idea, that some things, as they are handled before, could be handled in a really really good and reliable way.

Those things are

• Computer-Logins
• Reliability/Trust in the age of “The internetz”
• Passwords
• Identification to others
• trust-building to others / from others / with others
• Being able to digitally show the real origin of e.g. an eMail / notification / complaint

Currently there is a discussion in Germany about such a thing called “ePost-Brief” and stuff like that. Mainly it is about the idea to be able to reliably identify ones email/message as being sent by a real person.

This idea is totally not new, but they are bloating it and making it far more complicated (and expensive) than it has to be.

GPG is only one example for how such a tool could/should work. But it is a tremendously good example. Check it here: http://www.gnupg.org/

What thrills me most is the possibility to build your own “web of trust” – without any company monopoling or having to control it. Do you trust company M$ more than you trust your best friend? I do not. So, will you trust things that company tells you more or less that things your best friend is telling you (well, yeah, not about quantum-physics – if it’s not a quantum physics phd)? Therefore, your “personal” identity-management-system could basically start from there.

I really cannot understand why it is so expensive for a company to e.g. issue a certificate that I can use as SSL-certificate on my website. Why has that certificate than even be something else than that certificate I want to sign(ature) my written source-code with? Isn’t it the same band of trust (or in that case: no trust)? I am not getting that. Honestly.

However, please, people use GPG (or things conforming to http://www.ietf.org/rfc/rfc4880.txt, but I would propose GPG) so that all this identity-management-shizzle can be handled in a reasonable way in the future. Btw.: Anyone interested in getting my old project “verified-mail.de” to launch?

This is quite abstract and I will try to contribute more precise “everyday-examples” and “business-case-ease-examples” *later*.

Some Links:

• http://pgpkeys.pca.dfn.de/
• http://www.stierand-linuxit.de/Doku/gpg-tutorial.html
• http://www.gnupg.org/gph/de/manual.pdf resp. http://www.gnupg.org/gph/en/manual.pdf

HT