Assorted Slashdot Updates

As the dust is settling around my recent coding frenzy, here is a bunch of updates to the system:I've added a field for users to store their Public Keys on their User Info page. The M2 page is now linked into the system (if you have access anyway). The Comments on the M2 page also link the story that the comment is attached to (and please read the notes on the page: duplicate comments are not a bug!). I removed the sig from Logged in AC previews (it only affected previews, but it was scaring people). Both the FAQ and the Moderation Guidelines have been updated. And the grand Slashbox Poo-Bah CowboyNeal reports that AuctionBeagle, Security Focus, TheNextLevel, Gnotices, and WomenGamers are the latest additions to the SlashBoxes. Enjoy.

Public key box is nice, but please use key servers

[Paul+Crowley]

Having the User info box for your public keys is nice, but please, if you use PGP, use the key servers! That way automated PGP systems like "metamail" (which also supports GPG) can look up your key when you send email and even, if necessary, fetch other keys used to sign it. Ideally, do both. BAL's PGP Public Key Server is a good place to start - all the servers mirror each other's content, so any should work.
--

Re:Public Keys?

[Christopher+Cashell]

Public keys are a part of PGP(or GPG). The way it works, when you use PGP you first generate a keypair. This consists of a private key, and a public key.

The private key you keep for yourself, and don't allow anyone else access to. This is what you use when signing something, or when decrypting something that is encrypted with your public key.

Your public key you can post on a website, publish to a keyserver, or even send via e-mail. This is what is used by other people to encrypt things. Something encrypted to your public key can only be decrypted by your private key.

I know this is a really basic explanation, but for information, check out http://www.pgp.com, http://www.gnupg.org, or do a search on your favorite search engine for PGP or public key cryptology.

I'm a little unclear...

[Nugget94M]

I'm not quite sure I understand the logic behind the implementation of public keys stored in the slashdot database. I'm not sure it's useful, and perhaps it's even a bit misguided.

There's already a robust and well-supported infrastrucure in place for the network storage and retrieval of PGP/GPG public keys with the existing public keyserver network. The most compelling feature of the keyserver network is that it promotes the web-of-trust model of key trust, allowing users to sign and update trusted keys. This means that the web of trust continues to spread and become ultimately more useful.

The collection of pgp keys is not static data and should not be treated as such. It's a corpulent, growing, interrelated lattice of identies and trust relationships that changes continuously.

A redundant, and static storage of public keys in slashdot is nice and geeky, but not as useful as the public key networks. Key storage will not be beneficial without update capabilities, and I think we all can agree that such function is well beyond the scope of the slashdot engine. There is already a tool in place which is nearly ubiquitious for retreiving public keys on the net -- let's support that and not try to re-invent the wheel.

Rather, I think what would be useful would be a way for slashdot users to store and display their PGP Fingerprint and Key ID. Not the key itself, but simply the unique fingerprint of the key.

This is, I think, much closer to the usage philosophies of the public keyserver system. In fact, with a more rigid entry format (i.e. a field for just the key ID), Rob could even code links to the public keyservers to retreive a users current key in a dynamic manner.

For instance, if there were a place in my profile to enter my key ID: 0xE43C5FC3 there could easily be a link in the header above my comments linking to a keyserver using the url: http://pgp5.ai.mit .edu:11371/pks/lookup?op=get&search=0xE43C5FC3

Plus a line for verification of my fingerprint:
D50C 1ABB 0D80 CC78 2939 FBE4 B379 C4A5 E43C 5FC3
to add yet another datapoint in people's ability to evaluate whether the key 0xE43C5FC3 really belongs to me.

A much more useful solution, I think. It Still allows slashdot to further promote the use of encryption while not attempting to address problems which are already solved.

Regarding the Slashboxes,

[crisco]

I just added one of the new Slashboxes and it showed up at the bottom of my list. So I spent a few miniutes clicking and waiting so it came up to about where I wanted it. Not the best way to use mine or Slashdot's resources.

Could we have a way to specify the order our Slashboxes appear? I was thinking instead of checkboxes to pick them, we could enter a number indicating where in our sequence we wanted that Slashbox. That way I wouldn't have to spend a bunch of time re-ordering them when I add new ones or my preferences get lost.

On a side note, anyone notice that the ArsTechnica box is always well behind the site? Other Slashboxes maintain concurrency a bit better, can the ArsBox be made to do so also?

Re:LDAP directory of users?

[LL]

kovacsp wrote
What does everybody think of an LDAP directory of all registered slashdot users ala the Netscape Directory? I, personally, think it'd be kinda useful, and neat!

Wouldn't this defeat the purpose of annonymous contributors by revealing their identities? Before people jump in with the suggestion of using their slashdot handle to redirect mail, I would note that many people value their privacy (ie have been overwhelmed by spam) and more email is often the last thing we need in busy lives (pause for mass amen). If authenticity is required, I would like to see at least one level of screen, if nothing else to control the information overload. Some suggestions

- Rob creates handles along the lines of name@slashdot.org for registered users

- a local private/public key is generated (optional) that on receipt and validation of the user's real PGP key (whatever that means), substitutes the slashdot key.

- a user controlled mechanism for carrying conversations beyond the normal termination of threads, ie default of ignore direct messages unless allowed (think 2 way matrix which if you look up a user's info, gives directions for further communications if on the allowed list)

The weakness is that /. security measures have to be adequate for people to have some degree of trust that their privacy/anonymity won't be compromised. Maintaining a balance between public exposure to ensure community credibility and a level of obscurity to respect personal opinions is a tricky act to implement. Perhaps I'm just dreaming, that in a global communications media with rapidly changing technology, there is no static solution. At the very least, we should be able to opt out of the system if it doesn't suit their needs (anyone notice it's funny how hotmail doesn't allow you to easily add but not delete accounts?).

LL

Funny Disable User Pref

[AT]

How about a user preference to allow those humorless hackers amongst us to ignore posts flaged as funny? Perhaps something that just ignores any points assigned to a comment under the catagory of "funny".

It seems like one of the top posts is always a joke of some kind. While they might be relevent and even amusing sometimes, I hate consistantly seeing them among the very top posts.

Taking that idea one step further, why not allow us to select the adjustment in points for each catagory? e.g. Offtopic: -1, Flamebait: -2, Insightful: +2, Funny: 0, Informative: +1, etc.

Re:MetaModeration

[JordanH]

I got the chance to try MetaModeration and I really enjoyed it.

While MetaModerating I saw a +5 Comment today that I hadn't seen before. If anything, I felt that this Comment deserved an even higher rating (but I gave it a "fair" realizing that this was topped out).

It got me thinking. Perhaps you could allow people to give their points to a Comment even after it was topped out at 5. The Comment itself would stay at 5, but you could keep this surplus attached to the Comment, but not visible to readers. Then, every week or perhaps every few days, you could have a feature which would capture the top, or perhaps the top few Comments of the week based on surplus points. I would recommend never displaying the surplus points as it might lead to Moderator abuse with people trying to support some cause or another at the expense of objectivity. Perhaps these featured Comments could be displayed with some MetaComments containing the Comments that this one was in answer to or about the background context surrounding the Comment (like the background of the Author if this person is famous). I know that I would enjoy such a feature. As it is, I'm not able to keep up with very much of /. and even if I had read the featured Comment, I'm sure that I would enjoy reading these really good Comments again.

Maybe this would work go along with allowing Moderators more points to assign too, as many are requesting. In fact, it might be nice to assign Moderators points on a sliding scale. Moderators who just make the minimum criteria, like first time Moderators, could get 5 points to assign, while old hands with extremely high Karma would get 10. Such a scheme may help to improve Moderation in a number of ways.

Perhaps I'm odd, but I think that I've become more thoughtful in my posts since I'm now aware of my Karma. I would guess that others feel the same way. Tying Karma together with getting extra Moderator points, and allowing those with higher Karma to Moderate (and MetaModerate) more often might make it kind of a prestige thing. Pride before your peers is a powerful motivator.