Flocks is yet another attempt to go back from centralized social networking services to decentralized microblogging.
You can already see a nest (the Flocks equivalent of "blog" or "stream"). There are still a few things missing, but you can already start a nest with this, and it's also a feed reader :)
Flock view:
Timeline view:
Publishing to the nest:
sudo apt-get install python-sqlite python-feedparser python-webpy
python flocks.py
And then browse to http://127.0.0.1:6378/ (6387 is nest on a phone's keypad)
First time you run Flocks, it creates flocks.db, and asks you to "own your nest" (i.e. set a password). Some of the functionality is only available when you're logged in. Another difference is that when you're logged out, you only see the top-level flock called [case insensitive] FlockRoll (if there is one).
Note that this is a single account system (no username. Only a password): If your sister wants to run her own Flocks app on your PC, she should copy the folder, remove flocks.db, and set up her own nest.
This may lead to an illusion of privacy, since [at the moment] the content of flocks.db is not encrypted (except for the password). This means that if your adversaries gets a copy of that file (physical access, trojans, court order, etc.), they can see what feeds you're interested in, how you call them, etc.
This means that you can show your FlockRoll to people in logged-out mode (without leaving your computer unattended) and they probably wouldn't be able to know what feeds you use for the scoop you're working on, or that you're interested in knitting :).
You shouldn't - however - use Flocks to browse to the feed of a rebel nest in onion land unless your disk is encrypted and your computer is bullet-proof (i.e. never :) ). Even if you don't add the feed to your flock, the url can be recovered from your flocks.db.
The main reason for keeping flock information hard to get (even if not "100% secure") is to minimize the ability of others to analyze your social network. As opposed to the paradigm of "following" or "befriending" peers in centralized social networks, I don't think I should make it public what I watch (just like I don't upload my browser history), only what I recommend (i.e. my FlockRoll that is also published as part of my nest anyway).
For that reason - almost all http requests in Flocks are POST and not GET, to avoid leakage of details about my flock via browser history or as HTTP_REFERER to sites. These urls don't reveal much, but if an adversary collects enough of them from enough people, this is cluster-analysis food).
This means that if you reload the page or use the back button, it makes Flocks suspect a CSRF attack. Nothing serious happens. You simply get redirected to the home page with a warning about a "stale browser page". Since almost everything is a click away, I hope this isn't too much of a nuisance. Note that the homepage itself can be reloaded without problems.
An additional nuisance (that I hope to fix eventually) is that you can't use Flocks on more than a single browser tab (nothing bad happens if you do - you just get a redirection and warning). This is not inheret to CSRF protection, but happens because at the moment, the CSRF protection algorithm is pretty lame, and prefers to err on the safe side ;)
Next thing on the list is the nest which is actually a static html single page blog (+ css, js, rss, opml for the flock, etc.) that contains many posts. A link to a post in a nest also contains an anchor. This pretty small folder will be generated by the system, and the user will then [manually] upload to some site (implying that early adaptors will be people who can open a static html folder somewhere, or run a server in onionland :) ).
Later on - once we incorporate [DSA?] signatures of files, we can think (e.g.) of nest servers (or tree houses) that only accepts the admin[s] and anyone who is in an existing user's "Good friends" flock, but we need to establish identities first (key fingerprints as part of the feed's object in the flock).
I'll write more about why, how-to, what next, etc. in the wiki here, but I need to finish some code first :)
[IMHO] It's already useful as it is. So please try it out, send me flocks (use the share option to export as JSON), or even fork it and make it better.
Cheers.