I need information about two areas of law:
1. Are electronic signatures valid for voter initiatives / referenda / petitions?
2. How law is written and synchronized across jurisdictions? Not as in public policy decisionmaking or interpretation - I don't care about the laws' content here - but as in the actual law writing, modification, forking, duplication, synchronization, updating, etc process itself.
#1 crosses a couple different areas - election law and contract law. AFAIK, electronic signatures have been thoroughly upheld ... but only ever tested in the context of civil contracts, and I specifically need validity for electoral processes.
I'm not even sure what #2 would be *called*. Meta-law? No ghits. "Public policy"? Too vague, tiny S:NR. So I've not been able to look this up at all.
I'd appreciate references for:
a) specific documents or court cases about these issues
b) lawyers in San Francisco Bay Area who are competent to answer one or both, and might be willing to talk to me about them (e.g. academics or ACLU/EFF types who do pro bono consults)
c) people who have authoritative cross-jurisdictional knowledge about either
I'll settle for someone only qualified to speak about California state law for now, but what I ultimately need is to answer these questions across all jurisdictions at all levels, worldwide. So the wider the knowledge about these issues (which probably means, the more specialized on them), the better.
1. Are electronic signatures valid for voter initiatives / referenda / petitions?
2. How law is written and synchronized across jurisdictions? Not as in public policy decisionmaking or interpretation - I don't care about the laws' content here - but as in the actual law writing, modification, forking, duplication, synchronization, updating, etc process itself.
#1 crosses a couple different areas - election law and contract law. AFAIK, electronic signatures have been thoroughly upheld ... but only ever tested in the context of civil contracts, and I specifically need validity for electoral processes.
I'm not even sure what #2 would be *called*. Meta-law? No ghits. "Public policy"? Too vague, tiny S:NR. So I've not been able to look this up at all.
I'd appreciate references for:
a) specific documents or court cases about these issues
b) lawyers in San Francisco Bay Area who are competent to answer one or both, and might be willing to talk to me about them (e.g. academics or ACLU/EFF types who do pro bono consults)
c) people who have authoritative cross-jurisdictional knowledge about either
I'll settle for someone only qualified to speak about California state law for now, but what I ultimately need is to answer these questions across all jurisdictions at all levels, worldwide. So the wider the knowledge about these issues (which probably means, the more specialized on them), the better.
11 down, ~5 to go…
- Mood:
tired
http://feed43.com is neat.
E.g. I got an RSS for Nodwick (http://feed43.com/nodwick.xml), which is the only comic I like that doesn't have a proper RSS feed.
Presumably one could use this to monitor other sites also. Hm.
E.g. I got an RSS for Nodwick (http://feed43.com/nodwick.xml), which is the only comic I like that doesn't have a proper RSS feed.
Presumably one could use this to monitor other sites also. Hm.
So I just went shopping for cards to use for the conlang card exchange.
The local mega-Safeway and mega-Long's have a reasonably large selection of Christmas cards. And they all annoy me.
Why?
* saccharine imagery of nonexistent snowy suburbia-idylls (also, candy canes taste awful; I don't want to see them)
* crass commercialism (Mickey Mouse? seriously?)
* advertisements for the card company, and pricing details, on the card itself (fuck off, Hallmark, I don't want to be your flack)
* sappy and presumptively irrelevant text on the inside and outside - are there really so few people who can write their own damn messages?
* loudly colorful / glitzy styles that seem aimed more at toddlers and other pre-sentients than adults
I'd have bought 'em if they offered cards that simply had tasteful imagery on the outside, a blank inside and back, and just shut the fuck up and let me be the one to write.
As is, they couldn't do that.
So I just bought some blank cards at the office supply store instead. I'll print 'em myself.
*grumph*
Stuff like this makes me wonder whether the majority of people really are such lowbrow, unimaginative consumer whores.
Doesn't anyone do classy any more?
But then, people complain when I use words like "moot" and "qualia". So maybe I'm the weird one here.
If that's true, then well... fuck that shit, I don't wanna be normal.
The local mega-Safeway and mega-Long's have a reasonably large selection of Christmas cards. And they all annoy me.
Why?
* saccharine imagery of nonexistent snowy suburbia-idylls (also, candy canes taste awful; I don't want to see them)
* crass commercialism (Mickey Mouse? seriously?)
* advertisements for the card company, and pricing details, on the card itself (fuck off, Hallmark, I don't want to be your flack)
* sappy and presumptively irrelevant text on the inside and outside - are there really so few people who can write their own damn messages?
* loudly colorful / glitzy styles that seem aimed more at toddlers and other pre-sentients than adults
I'd have bought 'em if they offered cards that simply had tasteful imagery on the outside, a blank inside and back, and just shut the fuck up and let me be the one to write.
As is, they couldn't do that.
So I just bought some blank cards at the office supply store instead. I'll print 'em myself.
*grumph*
Stuff like this makes me wonder whether the majority of people really are such lowbrow, unimaginative consumer whores.
Doesn't anyone do classy any more?
But then, people complain when I use words like "moot" and "qualia". So maybe I'm the weird one here.
If that's true, then well... fuck that shit, I don't wanna be normal.
This article is fairly interesting.
Only one skepticism: the author takes issue with the discharge diagnosis of his psuedopatients as "schizophrenia in remission". What other diagnosis would make sense, though, unless the psychiatrists are to disbelieve the psuedopatients' intake history claims of having heard voices?
If they act normally for the duration of their stay, then the best that can be said is that there was nothing observered, but the patient claimed schizophrenic symptoms. Which is, indeed, schizophrenia in remission - since such things are (TTBOMK) relatively likely to recur.
I think more emphasis should've been put (rightly) on the environmental factors; that in itself was damning enough.
Only one skepticism: the author takes issue with the discharge diagnosis of his psuedopatients as "schizophrenia in remission". What other diagnosis would make sense, though, unless the psychiatrists are to disbelieve the psuedopatients' intake history claims of having heard voices?
If they act normally for the duration of their stay, then the best that can be said is that there was nothing observered, but the patient claimed schizophrenic symptoms. Which is, indeed, schizophrenia in remission - since such things are (TTBOMK) relatively likely to recur.
I think more emphasis should've been put (rightly) on the environmental factors; that in itself was damning enough.
I've got a car and am parked in a commercial district much like downtown Berkeley. I'm sitting out the right side of the car, fiddling with papers of some sort.
Suddenly, three young caucasian asian males enter the left side of the car, two in the back seat next to me and one in the front. The driver immediately proceeds to start the car and begin merging into traffic, ignoring my orders to exit the car. (Unclear how he managed to do so; retconned to imply that I'd left the keys in the ignition, which is not my noral behavior.)
None of them offer any sign of violence or weapons, but seem to completely ignore my presence.
I have my pepper spray kubotan in my pocket, and am considering a) whether to call 911 on my cell phone, and if so, whether to try to do so stealthily; b) whether to mace the driver or worse; c) whether they're armed; and d) why the fuck someone would knowingly steal a car with an adult inside it without presenting a show of force.
And then I wake up.
Of note, the car was a modern one, not my old Integra (the only car I've ever owned IRL). This leaves open the possibility that I was somehow idling in a car that wasn't in fact mine. I think this is just a failure of my dream imagination, though - especially coupled with the fairly poor, automaton-like simulation of the three men. Usually my dreams can manage something a bit less shallow...
Also, I'm actually not sure what degree of force would be legal in such a situation; it's clearly a felony (grand theft auto) and misdemeanor (false imprisonment aka kidnapping). but without threat of violence, I would be the aggressor.
Suddenly, three young caucasian asian males enter the left side of the car, two in the back seat next to me and one in the front. The driver immediately proceeds to start the car and begin merging into traffic, ignoring my orders to exit the car. (Unclear how he managed to do so; retconned to imply that I'd left the keys in the ignition, which is not my noral behavior.)
None of them offer any sign of violence or weapons, but seem to completely ignore my presence.
I have my pepper spray kubotan in my pocket, and am considering a) whether to call 911 on my cell phone, and if so, whether to try to do so stealthily; b) whether to mace the driver or worse; c) whether they're armed; and d) why the fuck someone would knowingly steal a car with an adult inside it without presenting a show of force.
And then I wake up.
Of note, the car was a modern one, not my old Integra (the only car I've ever owned IRL). This leaves open the possibility that I was somehow idling in a car that wasn't in fact mine. I think this is just a failure of my dream imagination, though - especially coupled with the fairly poor, automaton-like simulation of the three men. Usually my dreams can manage something a bit less shallow...
Also, I'm actually not sure what degree of force would be legal in such a situation; it's clearly a felony (grand theft auto) and misdemeanor (false imprisonment aka kidnapping). but without threat of violence, I would be the aggressor.
I'm going to be doing a preview / test run of my Conlanging 101 talk for 26C3 at Noisebridge, Thursday Dec 10 ~7-8pm PST.
I'll try to make sure it's simulcast @ http://ustream.tv/noisebridge or http://www.ustream.tv/conlangs . I'll also have some mechanism to comment live in a way that I'll see - either irc on freenode #lcs or skype - so remote people will get to participate.
So please come by or get online at the time. Any suggestions for improving it will be appreciated.
I'll try to make sure it's simulcast @ http://ustream.tv/noisebridge or http://www.ustream.tv/conlangs . I'll also have some mechanism to comment live in a way that I'll see - either irc on freenode #lcs or skype - so remote people will get to participate.
So please come by or get online at the time. Any suggestions for improving it will be appreciated.
I've had saizai.com just redirect to my LJ info page for a while. I just moved it over to be an independent entity.
At some point I'll embed (or export?) my LJ to it, add other pages, etc. For now it's pretty trivial.
At some point I'll embed (or export?) my LJ to it, add other pages, etc. For now it's pretty trivial.
I just had a dream where Alex and I were walking along somewhere and suddenly someone came up to rob us at gunpoint. But we didn't have anything.
And I had a gun in my pocket, and got in a position to flank the robber, and was trying to figure out whether it'd be a good idea to shoot, threaten to, or do nothing... and if I were going to take action, how I could do it without risking hitting Alex by accident, having the robber outgun me, or putting myself in a legally bad position.
And then I woke up.
And I had a gun in my pocket, and got in a position to flank the robber, and was trying to figure out whether it'd be a good idea to shoot, threaten to, or do nothing... and if I were going to take action, how I could do it without risking hitting Alex by accident, having the robber outgun me, or putting myself in a legally bad position.
And then I woke up.
... in the apartment.
I have no idea where it came from; I just noticed him behaving oddly (walking around under the corner coffee table, where he never goes), then saw he was playing with a gray mouse. I thought it was one of the toy ones and was surprised - he only likes the white ones - but then it darted under something and I realized it was alive.
It took a fair amount of chase to find the thing; it darted from one hiding place to another, staying perfectly still inbetween, hard to spot. I cornered it twice and had it slip away. Finally, I had it cornered under Alex's desk; Ki thought it was in the other corner and didn't see it, but I did, and it was totally frozen from seeing him right there.
So I got a cup and carefully put it over it, then slipped a piece of paper under the cup, then a folder and then a clipboard. And I released it outside in the little patch of garden.
Ki was decent at finding the thing, though several times he seemed to totally loose track of it when I clearly saw where it'd gone. And a couple times he actually picked it up in his mouth, moved it elsewhere, and relased it. Not sure if he's just ignorant of how to kill a mouse, or was deliberately playing with it. He's done this before, though. As far as I could tell, the mouse was completely unharmed by the experience (though probably will have mousey PTSD).
At least for this thing, I'm so not catlike. My response is "meep!" not "hunt!".
Normally I'd get Alex to do it, but he just left for a week. :(
I have no idea where it came from; I just noticed him behaving oddly (walking around under the corner coffee table, where he never goes), then saw he was playing with a gray mouse. I thought it was one of the toy ones and was surprised - he only likes the white ones - but then it darted under something and I realized it was alive.
It took a fair amount of chase to find the thing; it darted from one hiding place to another, staying perfectly still inbetween, hard to spot. I cornered it twice and had it slip away. Finally, I had it cornered under Alex's desk; Ki thought it was in the other corner and didn't see it, but I did, and it was totally frozen from seeing him right there.
So I got a cup and carefully put it over it, then slipped a piece of paper under the cup, then a folder and then a clipboard. And I released it outside in the little patch of garden.
Ki was decent at finding the thing, though several times he seemed to totally loose track of it when I clearly saw where it'd gone. And a couple times he actually picked it up in his mouth, moved it elsewhere, and relased it. Not sure if he's just ignorant of how to kill a mouse, or was deliberately playing with it. He's done this before, though. As far as I could tell, the mouse was completely unharmed by the experience (though probably will have mousey PTSD).
At least for this thing, I'm so not catlike. My response is "meep!" not "hunt!".
Normally I'd get Alex to do it, but he just left for a week. :(
So, I submitted a talk to 26C3 on "Conlanging 101". And it actually got accepted (with flight paid!).
Which means I get to go to Berlin and attend an awesome hacker conference, and all I have to do is give a talk I'll enjoy. W00tage.
The talk is a) an intro / overview to conlanging (like an expanded version of my lightning talk at Toorcamp - http://conlang.org/toorcamp.pdf) plus b) conlanging-by-crowd-committee where I'll (albeit very quickly) go through actually making a new language on the spot good enough to translate part of the Babel text (like a super-compressed version of my Berkeley DE-Cal class). Plus workshop afterwards.
Most likely what I'm going to do is spend ~10 minutes giving a fairly fast-paced overview, ~35-40 going through making a language on the spot, and anything left over on Q&A.
Anywho:
a) got ideas for how to improve the talk / workshop? (German speakers: anything I should be aware of, or any good jokes to make? Ich spreche keine Deutsch. :()
b) anyone else going?
c) anyone in the area (even vaguely, as in Western Europe; I'm somewhat tempted to make it an excuse to visit other places in Europe) who's either interested having a visitor or willing to host me for a couple days? (if yes, please email me directly)
Which means I get to go to Berlin and attend an awesome hacker conference, and all I have to do is give a talk I'll enjoy. W00tage.
The talk is a) an intro / overview to conlanging (like an expanded version of my lightning talk at Toorcamp - http://conlang.org/toorcamp.pdf) plus b) conlanging-by-crowd-committee where I'll (albeit very quickly) go through actually making a new language on the spot good enough to translate part of the Babel text (like a super-compressed version of my Berkeley DE-Cal class). Plus workshop afterwards.
Most likely what I'm going to do is spend ~10 minutes giving a fairly fast-paced overview, ~35-40 going through making a language on the spot, and anything left over on Q&A.
Anywho:
a) got ideas for how to improve the talk / workshop? (German speakers: anything I should be aware of, or any good jokes to make? Ich spreche kein
b) anyone else going?
c) anyone in the area (even vaguely, as in Western Europe; I'm somewhat tempted to make it an excuse to visit other places in Europe) who's either interested having a visitor or willing to host me for a couple days? (if yes, please email me directly)
http://samizdat.cc/cyoa/
Excellent essay / analysis about CYOA books with top quality data-illustrations.
Go read at least the first section, srsly.
Excellent essay / analysis about CYOA books with top quality data-illustrations.
Go read at least the first section, srsly.
- Mood:
impressed
http://sflasertag.org/battlesfo/
Nov 14 11a-4:30p, ~4-5x fairly intense 12 minute games.
Run by a friend of mine (![[info]](http://l-stat.livejournal.com/img/userinfo.gif)
boyziggy) at cost just 'cause he's really hardcore into lasertag. (He's designed arenas, done international tournaments, etc. His day job is an audio tech for SF Opera, so he knows audio fairly hardcore also.)
Capture the flag in Junipero Serra park (OK, technically not SF but still close). Lots of gun styles from sniper w/ scope to uzi size. Team oriented, radios provided. Weapons recently upgraded to have instant hit feedback.
$50. Rides from BART provided if needed. Potluck food requested.
I have nothing particular to do with it (though I'll be going and helping referee), just think some of y'all would enjoy this.
Nov 14 11a-4:30p, ~4-5x fairly intense 12 minute games.
Run by a friend of mine (
boyziggy) at cost just 'cause he's really hardcore into lasertag. (He's designed arenas, done international tournaments, etc. His day job is an audio tech for SF Opera, so he knows audio fairly hardcore also.)Capture the flag in Junipero Serra park (OK, technically not SF but still close). Lots of gun styles from sniper w/ scope to uzi size. Team oriented, radios provided. Weapons recently upgraded to have instant hit feedback.
$50. Rides from BART provided if needed. Potluck food requested.
I have nothing particular to do with it (though I'll be going and helping referee), just think some of y'all would enjoy this.
I've not really discussed this publicly before, but I suppose I ought to, simply to give another data point.
I support full legalization for essentially two reasons:
1. Medical
I have used a fair number of drugs for my tic disorder: lorazepam, clonazepam, alprazolam, gabapentin, and ziprasidone. (I think I've even left out one or two.)
None of them have adequately controlled my tic longitudinally, most have given me very unpleasant side effects (e.g. dyskinesia, dizziness, nausea, dissociative episodes), and while the oral lorazepam was mildly effective for acute control, it has very significant and long-lasting unpleasant side effects.
More to the point, all of these are oral medicines. There are no inhalant or injectable medications that I could plausibly get prescribed - intramuscular lorazepam certainly exists, but it doesn't leave hospitals.
The problem with that is that oral medicines take half an hour to take effect and (at the doses I need to have any effectiveness - e.g. 2mg lorazepam) take many hours to wear off.
Unfortunately for me, I can begin to asphyxiate within less than 15 minutes of the onset of an episode, and they rarely last longer than an hour. The effect profile is simply not well matched to what I need.
By contrast, an inhalant (like marijuana) takes effect within 15 seconds and the acute effects wear off within an hour or two. And for that matter, the side effects are far more pleasant. (I've heard of people using lorazepam recreationally, but I really don't understand why someone would. I don't like being dissociated.)
It's also much more effective, even putting aside the onset time issues. With pot I can go from sporadically asphyxiating and being completely unable to use my limbs because they're too spastic to completely relaxed in about two minutes flat. The best I ever got from any of my meds was a lessening of maybe ~3 points out of 10.
And... it's safer. Lorazepam has a pretty bad interaction profile, with potentially very serious complications including death. Pot has almost no harmful effects (the only serious ones I know of are linked to impurities, like with any smoked organic substance), and nobody has ever overdosed on it.
So to put it simply, I want something that can actually serve my medical need. I like being able to continue breathing and being able to use my hands as tools and all that stuff we take for granted.
And pot is the best thing I've come across to date purely on medical grounds.
I would be perfectly happy to use another drug if it was as effective, and I'd rather it weren't something that has associated tar etc., but such a thing just ain't available.
2. Recreation & taxes
First off, to be very clear: I actually prefer being sober. Always have, probably always will. Both with pot and other drugs, like alcohol and caffeine.
However, I think that it's absolutely clear that our culture not simply condones, but glorifies the recreational use of drugs: principly, alcohol and tobacco.
To claim that pot is more harmful than either of those, either to the user or to their surrounding society, is patently absurd. (Think: how many fights would you get in a bar where people smoked pot instead of drinking alcohol? How many people would get run over by someone who's high vs drunk?)
So the argument is simple: let people get high - they already do, and we already enthuisatically encourage it when it comes in the form of alcohol - and while you're at it reap a huge public financial benefit both from taxing it and from not having to deal with all the criminal violence (and prosecution) that surrounds the current black market.
That's not a moral argument, nor even a slippery slope one, it's merely saying that we already encourage things that are much worse than by any objective standard. So how about some consistency?
(For that matter, I think it'd be a net benefit if people moved away from alcohol to marijuana. Think of it as a harm reduction campaign. ;-))
Anyway, that's my 2¢. The second part is pretty humdrum, but I think that my particular medical needs are relatively unsual because of their severity and acuteness, which contrast with the more typical use of marijuana for long-term palliative care of pain and nausea.
I support full legalization for essentially two reasons:
1. Medical
I have used a fair number of drugs for my tic disorder: lorazepam, clonazepam, alprazolam, gabapentin, and ziprasidone. (I think I've even left out one or two.)
None of them have adequately controlled my tic longitudinally, most have given me very unpleasant side effects (e.g. dyskinesia, dizziness, nausea, dissociative episodes), and while the oral lorazepam was mildly effective for acute control, it has very significant and long-lasting unpleasant side effects.
More to the point, all of these are oral medicines. There are no inhalant or injectable medications that I could plausibly get prescribed - intramuscular lorazepam certainly exists, but it doesn't leave hospitals.
The problem with that is that oral medicines take half an hour to take effect and (at the doses I need to have any effectiveness - e.g. 2mg lorazepam) take many hours to wear off.
Unfortunately for me, I can begin to asphyxiate within less than 15 minutes of the onset of an episode, and they rarely last longer than an hour. The effect profile is simply not well matched to what I need.
By contrast, an inhalant (like marijuana) takes effect within 15 seconds and the acute effects wear off within an hour or two. And for that matter, the side effects are far more pleasant. (I've heard of people using lorazepam recreationally, but I really don't understand why someone would. I don't like being dissociated.)
It's also much more effective, even putting aside the onset time issues. With pot I can go from sporadically asphyxiating and being completely unable to use my limbs because they're too spastic to completely relaxed in about two minutes flat. The best I ever got from any of my meds was a lessening of maybe ~3 points out of 10.
And... it's safer. Lorazepam has a pretty bad interaction profile, with potentially very serious complications including death. Pot has almost no harmful effects (the only serious ones I know of are linked to impurities, like with any smoked organic substance), and nobody has ever overdosed on it.
So to put it simply, I want something that can actually serve my medical need. I like being able to continue breathing and being able to use my hands as tools and all that stuff we take for granted.
And pot is the best thing I've come across to date purely on medical grounds.
I would be perfectly happy to use another drug if it was as effective, and I'd rather it weren't something that has associated tar etc., but such a thing just ain't available.
2. Recreation & taxes
First off, to be very clear: I actually prefer being sober. Always have, probably always will. Both with pot and other drugs, like alcohol and caffeine.
However, I think that it's absolutely clear that our culture not simply condones, but glorifies the recreational use of drugs: principly, alcohol and tobacco.
To claim that pot is more harmful than either of those, either to the user or to their surrounding society, is patently absurd. (Think: how many fights would you get in a bar where people smoked pot instead of drinking alcohol? How many people would get run over by someone who's high vs drunk?)
So the argument is simple: let people get high - they already do, and we already enthuisatically encourage it when it comes in the form of alcohol - and while you're at it reap a huge public financial benefit both from taxing it and from not having to deal with all the criminal violence (and prosecution) that surrounds the current black market.
That's not a moral argument, nor even a slippery slope one, it's merely saying that we already encourage things that are much worse than by any objective standard. So how about some consistency?
(For that matter, I think it'd be a net benefit if people moved away from alcohol to marijuana. Think of it as a harm reduction campaign. ;-))
Anyway, that's my 2¢. The second part is pretty humdrum, but I think that my particular medical needs are relatively unsual because of their severity and acuteness, which contrast with the more typical use of marijuana for long-term palliative care of pain and nausea.
I was recently reading Sephen Downes' paper Authentication and identification (a pretty good paper, IMHO, and worth the read), and thought of StackOverflow and some related authentication / trust network stuff I read a year or so ago, and...
I'm interested in how one can 'trustificate' users. That is, given a user who authenticates to me as (for example) having certain OpenIDs, who (internal or external to my site) has created certain friendship links, comments, content, etc., how can I establish a reliable metric that determines whether the user is a) trustworthy and b) unique?
Of course, I have the various usual techniques for determining whether some particular account is a bot or a sockpuppet - browser fingerprinting, timing attacks, bot-foiling javascript, CAPTCHAs, etc - so that's not *quite* what I mean to ask here. It's a more ephemeral thing. (My difficulty in precisely stating the problem is part of what I think someone here probably has a better answer to...)
There are two models I know of that are somewhat similar to what I want.
One is gpg/pgp web of trust via key signing, which is ish what the trustlet wiki is about. This is essentially the same as 'friendship' links, except that (at least a priori) I don't have any obvious way to establish trusted nodes that are sufficiently widespread (that would be analogous to e.g. a notary-signed key or key signed by someone you personally know). Sure, I could manually choose some users who are obviously good, give them high trust, and propagate that trust to their friends etc. But this probably won't easily capture the vast majority of my userbase, and I'm a bit skeptical of how reliable such friendship links are a priori, since people in practice establish them with so little actual verification of identity or veracity (certainly some such links may be useful for trust-by-proxy, but which ones?).
The other model is that used by e.g. StackOverflow - doing certain things earns you points, points can be transferred or earned in very controlled ways that are relatively regulated to be hard to spam, and one's total points are effectively a measure of how much one has contributed (and therefore how much one should be trusted). This is a lot closer to what I could see working for me, but doesn't take advantage of things I might know about a new user (e.g. their friends on other networks like Facebook & Twitter).
Ultimately what I want is a simple number that tells me roughly how trustworthy a given user is (and distinguishes them from e.g. a spammer, sockpuppet, troll, pointfarmer, bot, etc), which can in turn be used to give that user rights (e.g. moderation, creating new pages or tags, voting, etc), and which takes advantage of whatever data I have available. (E.g.: OpenIDs, emails and whether they validate, IP sources, generated content, etc.)
The process has to be fully automatic, relatively transparent to my users (e.g. it's probably impractical to ask them to explicitly rate how much they trust their "friends"), practical, reliable in practice if not necessarily theoretically perfect, relatively proof against gaming (or at least built so it's easy to detect and trace [networks of] users trying to game it), and not rely on any third parties changing how they behave (i.e. I can write code, but I can't expect other people [like Facebook] to do so).
I'm not *as* concerned with unique authentication per se, in that I don't mind anonymous / psuedonymous users gaining high trust levels or even having multiple identities so long as they don't behave badly or use that to game the system. (E.g.: creating accounts whose purpose is to gain trust points and transfer them to an owner account, aka "trust farming" - this has happened in every web app I know of that has both a points economy of some sort and method for transferring points to other users, and is something I want to avoid).
Have any of you done this before? Any other implementations that the gpg or StackOverflow style that'd be good for me to take a look at?
I'm pretty sure that this is not an original idea, but I just haven't seen much other than what I mentioned that actually tries to address it.
Though this is actually a practical question for me (as in, I'm currently writing code that does this and I'd like to make it not suck), I'd also be interested in more theoretical discussion of trust-based authentication etc in general.
I'm interested in how one can 'trustificate' users. That is, given a user who authenticates to me as (for example) having certain OpenIDs, who (internal or external to my site) has created certain friendship links, comments, content, etc., how can I establish a reliable metric that determines whether the user is a) trustworthy and b) unique?
Of course, I have the various usual techniques for determining whether some particular account is a bot or a sockpuppet - browser fingerprinting, timing attacks, bot-foiling javascript, CAPTCHAs, etc - so that's not *quite* what I mean to ask here. It's a more ephemeral thing. (My difficulty in precisely stating the problem is part of what I think someone here probably has a better answer to...)
There are two models I know of that are somewhat similar to what I want.
One is gpg/pgp web of trust via key signing, which is ish what the trustlet wiki is about. This is essentially the same as 'friendship' links, except that (at least a priori) I don't have any obvious way to establish trusted nodes that are sufficiently widespread (that would be analogous to e.g. a notary-signed key or key signed by someone you personally know). Sure, I could manually choose some users who are obviously good, give them high trust, and propagate that trust to their friends etc. But this probably won't easily capture the vast majority of my userbase, and I'm a bit skeptical of how reliable such friendship links are a priori, since people in practice establish them with so little actual verification of identity or veracity (certainly some such links may be useful for trust-by-proxy, but which ones?).
The other model is that used by e.g. StackOverflow - doing certain things earns you points, points can be transferred or earned in very controlled ways that are relatively regulated to be hard to spam, and one's total points are effectively a measure of how much one has contributed (and therefore how much one should be trusted). This is a lot closer to what I could see working for me, but doesn't take advantage of things I might know about a new user (e.g. their friends on other networks like Facebook & Twitter).
Ultimately what I want is a simple number that tells me roughly how trustworthy a given user is (and distinguishes them from e.g. a spammer, sockpuppet, troll, pointfarmer, bot, etc), which can in turn be used to give that user rights (e.g. moderation, creating new pages or tags, voting, etc), and which takes advantage of whatever data I have available. (E.g.: OpenIDs, emails and whether they validate, IP sources, generated content, etc.)
The process has to be fully automatic, relatively transparent to my users (e.g. it's probably impractical to ask them to explicitly rate how much they trust their "friends"), practical, reliable in practice if not necessarily theoretically perfect, relatively proof against gaming (or at least built so it's easy to detect and trace [networks of] users trying to game it), and not rely on any third parties changing how they behave (i.e. I can write code, but I can't expect other people [like Facebook] to do so).
I'm not *as* concerned with unique authentication per se, in that I don't mind anonymous / psuedonymous users gaining high trust levels or even having multiple identities so long as they don't behave badly or use that to game the system. (E.g.: creating accounts whose purpose is to gain trust points and transfer them to an owner account, aka "trust farming" - this has happened in every web app I know of that has both a points economy of some sort and method for transferring points to other users, and is something I want to avoid).
Have any of you done this before? Any other implementations that the gpg or StackOverflow style that'd be good for me to take a look at?
I'm pretty sure that this is not an original idea, but I just haven't seen much other than what I mentioned that actually tries to address it.
Though this is actually a practical question for me (as in, I'm currently writing code that does this and I'd like to make it not suck), I'd also be interested in more theoretical discussion of trust-based authentication etc in general.
http://www.youtube.com/watch?v=oyt0CIIL
Disturbingly cute as well as more advanced thinking ability than I thought they had.
Disturbingly cute as well as more advanced thinking ability than I thought they had.
[Updated: 24 October 2009 - communication, many minor updates & revisions]
( Intro )( Communication & signals )( Cat / hedonist stuff )( Physical quirks )( Known issues )( Miscellaneous )( Interpersonal stuff )( Beliefs )( Socio-political positions )( Things I want to do )- Mood:
contemplative
