Assorted Slashdot Updates

As the dust is settling around my recent coding frenzy, here is a bunch of updates to the system:I've added a field for users to store their Public Keys on their User Info page. The M2 page is now linked into the system (if you have access anyway). The Comments on the M2 page also link the story that the comment is attached to (and please read the notes on the page: duplicate comments are not a bug!). I removed the sig from Logged in AC previews (it only affected previews, but it was scaring people). Both the FAQ and the Moderation Guidelines have been updated. And the grand Slashbox Poo-Bah CowboyNeal reports that AuctionBeagle, Security Focus, TheNextLevel, Gnotices, and WomenGamers are the latest additions to the SlashBoxes. Enjoy.

Public key box is nice, but please use key servers

[Paul+Crowley]

Having the User info box for your public keys is nice, but please, if you use PGP, use the key servers! That way automated PGP systems like "metamail" (which also supports GPG) can look up your key when you send email and even, if necessary, fetch other keys used to sign it. Ideally, do both. BAL's PGP Public Key Server is a good place to start - all the servers mirror each other's content, so any should work.
--

Re:Public Keys?

[Christopher+Cashell]

Public keys are a part of PGP(or GPG). The way it works, when you use PGP you first generate a keypair. This consists of a private key, and a public key.

The private key you keep for yourself, and don't allow anyone else access to. This is what you use when signing something, or when decrypting something that is encrypted with your public key.

Your public key you can post on a website, publish to a keyserver, or even send via e-mail. This is what is used by other people to encrypt things. Something encrypted to your public key can only be decrypted by your private key.

I know this is a really basic explanation, but for information, check out http://www.pgp.com, http://www.gnupg.org, or do a search on your favorite search engine for PGP or public key cryptology.

I'm a little unclear...

[Nugget94M]

I'm not quite sure I understand the logic behind the implementation of public keys stored in the slashdot database. I'm not sure it's useful, and perhaps it's even a bit misguided.

There's already a robust and well-supported infrastrucure in place for the network storage and retrieval of PGP/GPG public keys with the existing public keyserver network. The most compelling feature of the keyserver network is that it promotes the web-of-trust model of key trust, allowing users to sign and update trusted keys. This means that the web of trust continues to spread and become ultimately more useful.

The collection of pgp keys is not static data and should not be treated as such. It's a corpulent, growing, interrelated lattice of identies and trust relationships that changes continuously.

A redundant, and static storage of public keys in slashdot is nice and geeky, but not as useful as the public key networks. Key storage will not be beneficial without update capabilities, and I think we all can agree that such function is well beyond the scope of the slashdot engine. There is already a tool in place which is nearly ubiquitious for retreiving public keys on the net -- let's support that and not try to re-invent the wheel.

Rather, I think what would be useful would be a way for slashdot users to store and display their PGP Fingerprint and Key ID. Not the key itself, but simply the unique fingerprint of the key.

This is, I think, much closer to the usage philosophies of the public keyserver system. In fact, with a more rigid entry format (i.e. a field for just the key ID), Rob could even code links to the public keyservers to retreive a users current key in a dynamic manner.

For instance, if there were a place in my profile to enter my key ID: 0xE43C5FC3 there could easily be a link in the header above my comments linking to a keyserver using the url: http://pgp5.ai.mit .edu:11371/pks/lookup?op=get&search=0xE43C5FC3

Plus a line for verification of my fingerprint:
D50C 1ABB 0D80 CC78 2939 FBE4 B379 C4A5 E43C 5FC3
to add yet another datapoint in people's ability to evaluate whether the key 0xE43C5FC3 really belongs to me.

A much more useful solution, I think. It Still allows slashdot to further promote the use of encryption while not attempting to address problems which are already solved.

Regarding the Slashboxes,

[crisco]

I just added one of the new Slashboxes and it showed up at the bottom of my list. So I spent a few miniutes clicking and waiting so it came up to about where I wanted it. Not the best way to use mine or Slashdot's resources.

Could we have a way to specify the order our Slashboxes appear? I was thinking instead of checkboxes to pick them, we could enter a number indicating where in our sequence we wanted that Slashbox. That way I wouldn't have to spend a bunch of time re-ordering them when I add new ones or my preferences get lost.

On a side note, anyone notice that the ArsTechnica box is always well behind the site? Other Slashboxes maintain concurrency a bit better, can the ArsBox be made to do so also?

Funny Disable User Pref

[AT]

How about a user preference to allow those humorless hackers amongst us to ignore posts flaged as funny? Perhaps something that just ignores any points assigned to a comment under the catagory of "funny".

It seems like one of the top posts is always a joke of some kind. While they might be relevent and even amusing sometimes, I hate consistantly seeing them among the very top posts.

Taking that idea one step further, why not allow us to select the adjustment in points for each catagory? e.g. Offtopic: -1, Flamebait: -2, Insightful: +2, Funny: 0, Informative: +1, etc.