And in this case, the fake key has zero signatures whatsoever. If it had any, they would either be a blob of also-fake unconnected keys, or someone proving his guilt this way.
Just to be pedantic, a fake key may also be signed by a real, correctly-identified individual who had no intention of subterfuge, but who isn't careful about whose keys he or she signs. Of course, once discovered, that person should from then on be distrusted to validate other keys just as much as somebody who deliberately tried to deceive others.
A scarier but less likely possibility would be a malicious actor who creates a forged key for some other person, and then attends key-signing parties where they present forged identification in order to receive legitimate signings of their forged key. It'd be hard to get away with this if the target is an individual with a well-known appearance, like a Schneier or a Wozniak. But if the target is somebody who is just known online by name and not by their physical appearance, then it might not be hard to get legitimate signatures on the forged key by real, well-trusted individuals who simply had no prior knowledge of the target's real appearance. I wouldn't know "the" Gavin Andresen who maintains Bitcoin code from "a" random person named Gavin Andresen, or even an impostor with a good forgery of a government-issued ID card. I've never seen a picture of Gavin that I can recall, so I have no idea of what he looks like.
Just because you trust somebody doesn't mean you trust him or her to trust others.
Very true! If I meet a person face-to-face, they hand me their PGP/GPG public key, and they show me plausible-looking picture ID that matches the identity that their key claims to represent, then I can mark their key in my keychain as one that I'm confident is not a forgery. If they are otherwise a stranger to me with no well-known reputation, then I can register in my keychain that their signature on somebody else's key doesn't count for much. Or if they are a well-known person with a reputation of being very careful about whose keys they sign, I may register in my keychain that I tend to trust keys that they have signed. The web of trust system is pretty well configurable.
I may also sign their key with mine to let other people know that "I, NF6X, consider this key to belong to the individual it claims to belong to". You may or may not consider that to be of value, depending on how well you know me and what you think of me.
This seems to be a reasonable model to me, and I think it's better than the "one CA to rule them all" model used for things like SSL certificates. It's difficult to scale the model well, though. I don't know of any other PGP/GPG users near me and I began using these systems long after I graduated from college where I might have had many more opportunities to sign others' keys and have mine signed. So, I'm not part of the web of trust, and I'm unlikely to become one unless I go out of my way to travel to a key-signing party to meet some well-known and reputable people. The few people with whom I exchange PGP/GPG-encrypted traffic are strangers to me, and I have no way of being strongly confident that they are who they say they are.
If an employee didn't ask every customer about a cell phone AND a satellite dish they were fired. Even before that turnover was like a fast food place.
And no, I don't want to buy an extended service plan for the audio patch cord that I'm going to cut one end off of and mount a different connector on as soon as I get home, thank you very much. No, really, I'm positive.
Their components are substandard manufacturer rejects (best I can tell) that they package in small quantities and sell for 10X the price.
In my opinion and experience, that was true back in the 1980s, too. I bought components there at the time because I didn't know of any better option near me, and I didn't even know that I should be searching for a better option. It's not like I could order parts online from Digi-Key. I didn't know that it's possible to buy hookup wire whose crappy insulation doesn't flee in terror from an approaching soldering iron. I didn't know about ring lugs whose plastic insulation is tough enough to survive crimping without breaking off. I had one of the cool TI sound generator chips they carried, but one of the functional blocks never worked right. I thought that the way to buy capacitors was in a bulk pack of 50 random values.
They did have some excellent products like the set of Minimus 7 speakers that I still have, and my first exposure to computers and programming was my TRS-80 Color Computer. Radio Shack played an important part in my earliest experiences with electronics and computers, but I began looking elsewhere for most electronic components and supplies once I learned how to find higher-quality parts. Now I only shop for components there when I want something Right Now.
A community is a group that holds common values. If you want to propose that slashdot viewers are a community, what are the common values that bind all of the viewers?
Bitching. Bitching is the common value that unites us.
I think we should mark yesterday, February 6, 2014, as the day that Slashdot died.
Yesterday may be the day that the coroner declared the victim to be dead, but the fatal disease was contracted when Dice.com bought Slashdot. Slashdot is a vibrant community built around a tainted well, and Dice.com is the entity that poisoned that well.
*from Dice Inc. "Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero. "
Also if you were curious why the redesign looks like it does, check out the other dice sites. It appears they are going for a bland unified style across sites. http://news.dice.com/ is especially telling of what the future of
Thank you for sharing that quote from Dice.com. That makes it clear that Dice.com really does just think of Slashdot participants as an audience. Their motivations with respect to Slashdot are just to get ad revenue and to use us to lure eyeballs to Dice.com. We are not a community to them; we are a tool to be exploited to further their goals.
It is now clear to me that the problem is not that the folks running Slashdot aren't listening. The problem is that they don't care. Or at least, their bosses don't care. They aren't going to "see the light" and abort the Beta travesty because they want us gone. The folks who are outraged by Beta breaking what brings us to Slashdot are not the passive viewers that Dice.com wants. We are not relevant to Dice.com's goals. We don't come here to view ads. We don't even come here to read the posted stories, except as triggers for the discussion that follows. Dice.com does not want the core Slashdot participants; they want to use the Slashdot name to lure the cloud of passive Slashdot viewers to suckle at their corporate teat.
This suggests to me that Slashdot as we know it is already dead. It is a community built around a tainted well. The well became tainted when Dice.com came along and shat in it, and I don't see how the well can be purified other than by Dice.com leaving and taking their shit with them.
Boycotting Slashdot isn't going to change Dice.com's mind about these Beta changes. It's time to leave Slashdot and move to a new place.
Factorials were someone's attempt to make math LOOK exciting.