Linked by Eugenia Loli on Sat 13th Jan 2007 09:26 UTC
Internet & Networking Last June a spin-off department of Red Hat, lead by desktop guru Havoc Pennington, announced Mugshot. Originally, Mugshot was in the midst of controversy whether it's a social networking application or not. Apparently, it instead is a "social networking aggregator". In order for this to work, access to third party data is a must.
Order by: Score:
Hmm, no
by IamScared on Sat 13th Jan 2007 13:16 UTC
IamScared
Member since:
2007-01-11

In the current state, I didn't find the tool quite interesting. Just a big frontend.

I think the only major advantage now is that the site is filled with open-source developers. The groups and other materials mostly are related to open-source development in general. So access to some discussions about open-source software should be really easy.

Maybe it's because I am not a heavy user of blogs/flickr/etc, but this is my current opinion.

However, I find quite interesting the initiative from Red Hat in working in this project. Normally, these kind of projects are developed by big enterprises with closed source, and Red Hat offers an open environment with no strings attached. It's refreshing to know that some open-source development communities are developing out there creative tools different from the typical linux-distro/IM-client/email-client software.

Edited 2007-01-13 13:19

Reply Score: 3

Cracker Attractor
by coderpunk on Sat 13th Jan 2007 13:21 UTC
coderpunk
Member since:
2007-01-13

Having all of your logins stored on a 3rd party system just seems like a bad idea to me. Yeah, I'm paranoid, but a juicy target like this will certainly attract attempts to gain access to all that private information. And if the site is written in PHP, well ...

.cp

Reply Score: 1

RE: Cracker Attractor
by porcel on Sat 13th Jan 2007 13:45 UTC in reply to "Cracker Attractor"
porcel Member since:
2006-01-28

How do you know that the site is written in PHP? Not to mention that there are some php applications with a decent security record.

Security is a process not an end-state provided out-of-the-box by any existing language.

Reply Score: 5

RE[2]: Cracker Attractor
by IamScared on Sat 13th Jan 2007 13:48 UTC in reply to "RE: Cracker Attractor"
IamScared Member since:
2007-01-11

Exactly. A big example of this is the OpenBSD operating system. OpenBSD is written in C and has an excellent security record. Another example that comes to mind is the Apache Web Server.

Edited 2007-01-13 13:52

Reply Score: 1

RE: Cracker Attractor
by Adam S on Sat 13th Jan 2007 14:13 UTC in reply to "Cracker Attractor"
Adam S Member since:
2005-04-01

And if the site is written in PHP, well ...


Good point! OS X, Windows, Gnome, and KDE all have bugs, and at least one app on each platform has bugs, so we should all stay away from C, C++, Objective C, C#, Python, Tcl/Tk, Perl, Ruby, Fortran, Javascript, XML, VB.NET, etc.

Also, I've seen bugs on webpages, so we should stay away from HTML altogether.

Everyone knows that poor programming means the language it's written in is flawed!

Reply Score: 1

RE[2]: Cracker Attractor
by Beta on Sat 13th Jan 2007 20:44 UTC in reply to "RE: Cracker Attractor"
Beta Member since:
2005-07-06

:D totally warranted post Adam; people point the finger at php, when they really should be looking at the developers of said sites.

Oh, and mugshot is Java. It only took three clicks to find that out, much easier than just presuming it's php and therefore full of holes.

But that's a whole argument I don't want to start.

Reply Score: 3

RE: Cracker Attractor
by jeremywc on Sat 13th Jan 2007 14:20 UTC in reply to "Cracker Attractor"
jeremywc Member since:
2005-08-02

You might want to try actually using Mugshot. You are not required to enter your passwords anywhere, only your usernames. You are normally be required to give this information out on a social networking service in order to, um, network.

Edited 2007-01-13 14:21

Reply Score: 2

RE[2]: Cracker Attractor
by coderpunk on Sun 14th Jan 2007 12:00 UTC in reply to "RE: Cracker Attractor"
coderpunk Member since:
2007-01-13

Thanks for the clarification jeremywc. I have no interest in social networking sites, so have not actually used it. If it is only using the usernames then there isn't a problem.

As for my PHP crack, just check Bugtraq.

http://search.securityfocus.com/swsearch?query=php&sbm=archive%...

Reply Score: 1

RE: Cracker Attractor
by Eugenia on Sat 13th Jan 2007 20:27 UTC in reply to "Cracker Attractor"
Eugenia Member since:
2005-06-28

You only enter your public username, not your password. So no, you can't crack into all these third party accounts just by cracking mugshot.

Reply Score: 1

RE: Cracker Attractor
by Shakey on Sat 13th Jan 2007 23:47 UTC in reply to "Cracker Attractor"
Shakey Member since:
2005-10-11

I'm really do not agree with your statement about PHP, but I do think you have a valid point.

All your login info in one spot feels a bit "icky" to me too.

I guess it's too much like putting all of your eggs in one basket.

Reply Score: 1

RE[2]: Cracker Attractor
by Redeeman on Sun 14th Jan 2007 04:01 UTC in reply to "RE: Cracker Attractor"
Redeeman Member since:
2006-03-23

except that apparently it is NOT all login info, just the username.

now i dont know much about these things, as i dont use myspace, youtube or any other of these new fancy smancy things, but as far as i know, the username is not a secret.

Reply Score: 1

RE[2]: Cracker Attractor
by abraxas on Sun 14th Jan 2007 05:32 UTC in reply to "RE: Cracker Attractor"
abraxas Member since:
2005-07-07

All your login info in one spot feels a bit "icky" to me too.

As it has already been stated, mugshot does not require passwords for accounts. Mugshot seems to take advantage of built in APIs provided by some of the sites, including rss feeds, while it may also employ some screen scraping. I can't really tell though because I don't even have an account with half of the communities that mugshot supports.

Reply Score: 1

Re: hp
by DCMonkey on Sat 13th Jan 2007 17:21 UTC
DCMonkey
Member since:
2005-07-06

I think you mean Owen Taylor (former lead developer of Gtk+), not Havoc Pennington.

Why Redhat would pay either of these people to work on a social networking website boggles my mind. At least hp appears to still be working on something (DBus) that makes sense for Linux and Redhat's bottom line.

Reply Score: 1

RE: Re: hp
by dcbw on Sun 14th Jan 2007 17:04 UTC in reply to "Re: hp"
dcbw Member since:
2006-08-31

No, actually, _both_ Owen and Havoc are working on Mugshot.

Havoc still works on D-Bus too, but his main focus is Mugshot and he's handed off a lot of the D-Bus maintenance and feature development to others in the community and at Red Hat (like John Palmieri).

Part of the reason for mugshot was this; Open Source doesn't really touch a lot of people outside the developer community, if you exclude Firefox and Open Office. Millions of people (kids, adults) use social networking sites like myspace, flikr, delicious, facebook, etc. Those people, by and large, _don't_ use Open Source software. Mugshot is partly an attempt to figure out how to bring OSS to a much wider audience, one that doesn't normally use OSS.

Reply Score: 1

re: hp ot
by DCMonkey on Sat 13th Jan 2007 18:08 UTC
DCMonkey
Member since:
2005-07-06

Or maybe you mean both. Shows how much I keep up with these things these days. ;)

Edited 2007-01-13 18:09

Reply Score: 1

Why can't we just be friends?
by DigitalAxis on Sat 13th Jan 2007 19:25 UTC
DigitalAxis
Member since:
2005-08-28

Whatever happened to the good old fashioned way where you find out what people are interested in by being their friend and interacting with them in real life?

Seriously, we have Livejournal, Blogger, TheFaceBook, MySpace... Where did "talking to them and hanging out" go? I'm not sure why my friends would want to find out all the movies on YouTube I've seen or books on Amazon.com I've bought, for that matter. Songs, maybe. Maybe.

I doubt I'd sign up for this service; leaving a gigantic electronic trail around the internet that other people can follow just rubs me the wrong way. Yeah, I know I would have to OK these friends, and yes I know the information is already tracked (though, I clear my cookies and browser cache from time to time)... but it still seems a bit odd, and of course dangerous if one of these data-aggregators gets cracked into by a malicious data-miner.

If I'm friends with these people, it implies that there are other ways I could get this information to them if I deem it interesting or important enough? There's still AIM (a replacement for phones, especially useful if these people don't have phones, or don't want to use minutes), or email (a faster and more convenient replacement for regular mail), or even (god forbid) the Postal Service. I'm not sure what this replaces except for... stalking?

I dunno, maybe I'm an anomaly here; between my LiveJournal account (which a friend gave me so I could read her blog postings, which she no longer makes anyway), AIM and TheFaceBook (which I did primarily so old friends would know where to contact me if they wanted to), there are a grand total of two people I didn't meet first in real life. Yeah, I haven't actually seen some of them in years, but we knew each other once upon a time.

Reply Score: 3

OfficeSubmarine Member since:
2006-12-14

For me the point isn't so much keeping up with people around me, it's maintaining friendships with people who would, traditionally, have just been dropped. I move around a lot, and these kinds of things have been a major factor in keeping old friendships alive which otherwise would have drifted into the "Hey, I'll send you a card on Christmas for a year or two..." land.

Reply Score: 2

pankajad's Account
by mlauzon on Sat 13th Jan 2007 19:36 UTC
mlauzon
Member since:
2005-07-25

Has anyone noticed, when trying to signup for an account after you click on the link in your email, it brings you to the signup forum...but the account name says:

pankajad's Account

What the hell is going on?!?!

Reply Score: 1

Too many social networking thingymajigs....
by mini-me on Sat 13th Jan 2007 21:48 UTC
mini-me
Member since:
2005-07-06

I am already on Frienster, Facebook, Hi5, Youtube, Technorati, Yahoo, linked in, and more... all of them say invite your friends...

in some of them I have many friends, others I don't
The Greek in me says to join as many as possible since you never know who you might meet in the six-degrees-to-yourself model - but it's getting tiresome. I think I wll focus on 2 social ones, and the rest I will just leave an RSS feed of what is happening on my blog :p

Reply Score: 1