You can also read the full transcript linked from there.

A list of projects in this space.  The Diaspora project is listed under “deployable on commodity webhosting”.  I was under the impression that they are actually more of a p2p application.

A set of ideas for this space on the GNU Social wiki.

Adriana Lukas talks about the user-controlled web and the mine project.   (She coins a fun acronym: Relationships on Individuals’ Own Terms - RIOT. )

There seems to be quite a bit of activity with 20-30 projects, but the efforts are fragmented.  Different projects have different goals and approaches.  Some focus on a piece of the user experience and others focus on technology.  For example, the Mine! project is a technology piece focused on rich sharing of data (including links, photos) with strong user control.  OneSocialWeb is focused on messaging.  With Elgg you can create social networks – but it’s not really user controlled.

Diversity is great, but one or two well-thought out efforts need to win.   Critical mass is a must in order to win in this space.

Why am I excited? I’ve written before about walled gardens and user controlled Internet apps. It is crucial that we invert the control structure of the web if we want to be in control of our destiny.

There are some critical challenges that a user-controlled system must face:

• Secure software distribution – users will want to install applets inside their environments.  Third party audit and signing of code will be necessary in order to keep the apps flowing, but without compromising users’ instances.  Applets will also have to be firewalled from each-other – as some will be more trusted and some less.  I’ve previously written a couple of posts about the challenges of secure software distribution.
• Peer to peer naming and search – it should be easy to find stuff, without necessarily knowing their URLs.  A global, fully distributed naming and search system will be important.
• A distributed reputation system will be a natural fit for a distributed social network.
• Memory footprint – current web application frameworks are designed for high volume apps, and therefore take up quite a bit of memory to load application code. These frameworks can afford to do so, because they expect to amortize the memory over many users. However, a user-controlled system will have one user per instance. Clever memory sharing among instances will be necessary.

I can’t wait to see what the first prototype looks like.

There are some additional projects along these lines that are worth a look and are actually further along:

• http://opensource.appleseedproject.org/ – LAMP (PHP) based
• http://onesocialweb.org/ – Java/XMPP based

Maybe none of these will make it.  But the $170K is a signal – that people care about this.

Would be excellent to have a high fidelity preservation procedure that doesn’t require maintenance (such as liquid nitrogen in the case of Cryonics).

I bought the Contec CMS50-F oximeter from here.

The software that comes with the CMS50 could be more reliable and user-friendly, and only runs on Windows.  I ended up spending a day  reverse engineering the USB protocol and writing a Python program to acquire and graph the data.  The software is on Gitorious.

Here are some of the charts you can get:

The work is funded by the Swiss government.

Here comes personalized medicine.

• Build host - the machines that compile the source into binary packages are compromised.  In this scenario, code can be injected by the malicious party into the package just before it is signed and prepared for distribution.  All clients that install the updated packages are affected.  A software audit cannot identify the altered packages because the alteration happens after binaries are generated.
• Distribution host and Signing key – the machines that host the packages for distribution (web servers) are compromised and the package signing key is compromised.  The effect of this is the same as a build host compromise.
• Source repository – the machines that host the software source-code are compromised.  This allows code to be injected and all clients are affected.  However, a software audit can uncover the injected code.
• Insider threats – an insider can insert non-obvious security holes into software they are responsible for.
• Signing key - the key used to sign the software distribution is compromised.  This would allow the malicious party to compromise only specific targeted clients through a “man-in-the-middle” attack and DNS poisoning

How would multiple independent auditors help?  If the auditors can verify that a binary was produced from certain source, the build host compromise would be much harder, since the altered binary would not signed by the uncompromised auditors.  Similarly, a signing key compromise, if it is limited to a subset of auditors, would fail to get a full set of signatures on the altered package.

Source repository compromise and Insider injection of security holes would be more difficult to detect for subtle exploits, but again, multiple entities looking at the code increases the chances that the alteration would be caught.

(Note: verification that a certain binary was produced from certain source code requires a deterministic build system. Although such a system is relatively straightforward to implement, I have not run across one before I implemented Gitian.  I did find mention of it by Conifer Systems.)

Average cost per record in the surveyed group is around $200.