The issue is you shouldn't build (or ship) code like this with such major security holes, you build security at the start, it should be an integral part of the application. You can't just dick out some insecure application then add in security, it doesn't work.
Microsoft didn't "build security in at the start", nor did Apple, nor did Twitter, nor (I suspect) did Facebook or YouTube. It's a pre-alpha of an open source project. Of course there will be problems.
Yeah and how much code is being used now that existed when they didn't have security? You can't compare this and what Microsoft, Apple or Twitter have done, I'd be very surprised if any of those companies continue to use code that was developed at a time when they didn't consider security. Although thinking about it, the software industry is questionable... maybe I'm wrong, it just seems a very bad start.
Twitter has had major security problems, same with many other "big" companies, shouldn't this be a lesson that security is the primary concern especially for an open source project?
What's the likely hood, security issues asside, that much of this code ends up in the 'final' Diaspora product down the line? I might misunderstand their intentions, but as I understand them, these guys are trying to start an open-source project. Open-source projects need momentum before they need anything else. Money is a start, but they need code. It doesn't even need to good code or even passable, so long as it kind of works and provides something for hackers to hack on. If they play their cards right, it's that last bit about attracting hackers to the project that will turn Diaspora into something viable. None of the code they write right now really matters.
Just think of many of the older more established FOSS projects, Linux, Apache, etc. Many of them started out very rough, but attracted developers and turned into something useful. I think that dumping the code right now, was probably the best move that they could have made.
They aren't "shipping" anything, where did you get that? They're opening it up to the OSS community. There have been far greater programmers out there that have released far more atrocious code than this at an early stage to spark interest among their fellow developers. Give them a break, this isn't a freaking launch party.
