Just to be pedantic, a fake key may also be signed by a real, correctly-identified individual who had no intention of subterfuge, but who isn't careful about whose keys he or she signs. Of course, once discovered, that person should from then on be distrusted to validate other keys just as much as somebody who deliberately tried to deceive others.

A scarier but less likely possibility would be a malicious actor who creates a forged key for some other person, and then attends key-signing parties where they present forged identification in order to receive legitimate signings of their forged key. It'd be hard to get away with this if the target is an individual with a well-known appearance, like a Schneier or a Wozniak. But if the target is somebody who is just known online by name and not by their physical appearance, then it might not be hard to get legitimate signatures on the forged key by real, well-trusted individuals who simply had no prior knowledge of the target's real appearance. I wouldn't know "the" Gavin Andresen who maintains Bitcoin code from "a" random person named Gavin Andresen, or even an impostor with a good forgery of a government-issued ID card. I've never seen a picture of Gavin that I can recall, so I have no idea of what he looks like.

Very true! If I meet a person face-to-face, they hand me their PGP/GPG public key, and they show me plausible-looking picture ID that matches the identity that their key claims to represent, then I can mark their key in my keychain as one that I'm confident is not a forgery. If they are otherwise a stranger to me with no well-known reputation, then I can register in my keychain that their signature on somebody else's key doesn't count for much. Or if they are a well-known person with a reputation of being very careful about whose keys they sign, I may register in my keychain that I tend to trust keys that they have signed. The web of trust system is pretty well configurable.

I may also sign their key with mine to let other people know that "I, NF6X, consider this key to belong to the individual it claims to belong to". You may or may not consider that to be of value, depending on how well you know me and what you think of me.

This seems to be a reasonable model to me, and I think it's better than the "one CA to rule them all" model used for things like SSL certificates. It's difficult to scale the model well, though. I don't know of any other PGP/GPG users near me and I began using these systems long after I graduated from college where I might have had many more opportunities to sign others' keys and have mine signed. So, I'm not part of the web of trust, and I'm unlikely to become one unless I go out of my way to travel to a key-signing party to meet some well-known and reputable people. The few people with whom I exchange PGP/GPG-encrypted traffic are strangers to me, and I have no way of being strongly confident that they are who they say they are.

And no, I don't want to buy an extended service plan for the audio patch cord that I'm going to cut one end off of and mount a different connector on as soon as I get home, thank you very much. No, really, I'm positive.

In my opinion and experience, that was true back in the 1980s, too. I bought components there at the time because I didn't know of any better option near me, and I didn't even know that I should be searching for a better option. It's not like I could order parts online from Digi-Key. I didn't know that it's possible to buy hookup wire whose crappy insulation doesn't flee in terror from an approaching soldering iron. I didn't know about ring lugs whose plastic insulation is tough enough to survive crimping without breaking off. I had one of the cool TI sound generator chips they carried, but one of the functional blocks never worked right. I thought that the way to buy capacitors was in a bulk pack of 50 random values.

They did have some excellent products like the set of Minimus 7 speakers that I still have, and my first exposure to computers and programming was my TRS-80 Color Computer. Radio Shack played an important part in my earliest experiences with electronics and computers, but I began looking elsewhere for most electronic components and supplies once I learned how to find higher-quality parts. Now I only shop for components there when I want something Right Now.

Bitching. Bitching is the common value that unites us. ;)

Yesterday may be the day that the coroner declared the victim to be dead, but the fatal disease was contracted when Dice.com bought Slashdot. Slashdot is a vibrant community built around a tainted well, and Dice.com is the entity that poisoned that well.

Thank you for sharing that quote from Dice.com. That makes it clear that Dice.com really does just think of Slashdot participants as an audience. Their motivations with respect to Slashdot are just to get ad revenue and to use us to lure eyeballs to Dice.com. We are not a community to them; we are a tool to be exploited to further their goals.

It is now clear to me that the problem is not that the folks running Slashdot aren't listening. The problem is that they don't care. Or at least, their bosses don't care. They aren't going to "see the light" and abort the Beta travesty because they want us gone. The folks who are outraged by Beta breaking what brings us to Slashdot are not the passive viewers that Dice.com wants. We are not relevant to Dice.com's goals. We don't come here to view ads. We don't even come here to read the posted stories, except as triggers for the discussion that follows. Dice.com does not want the core Slashdot participants; they want to use the Slashdot name to lure the cloud of passive Slashdot viewers to suckle at their corporate teat.

This suggests to me that Slashdot as we know it is already dead. It is a community built around a tainted well. The well became tainted when Dice.com came along and shat in it, and I don't see how the well can be purified other than by Dice.com leaving and taking their shit with them.

Boycotting Slashdot isn't going to change Dice.com's mind about these Beta changes. It's time to leave Slashdot and move to a new place.

I'd go farther than that and say that if it's not possible to read and participate in discussion effectively in a text-only browser like Lynx, then the site is too encumbered with unnecessary crap. Ok, I wouldn't actually read it in Lynx; I'd use my browser du jour like I would for any other random site. But the point is, it's the discussion content that is important, and any window dressing is only acceptable to the extent that it doesn't get in the way of consuming and creating the discussion content.

If Javascript allows optional features like collapsing comment threads, then that would probably be beneficial to many contributors. But the JS needs to be optional, and the site needs to gracefully degrade to a still-usable state for any visitor who cannot or will not enable JS.

I haven't put a lot of thought into this yet, but my first impulse is to say that a new Slashdot site that was basically like Usenet of old with some form of moderation and the ability to embed URLs would be quite nice. There are probably fatal sucking chest wounds in that idea, but I'm just throwing it out there for discussion.

Does "Slashdot 2.0" even need to be a fixed web site? Could something distributed like Usenet be implemented to work well on today's Internet? Perhaps digitally signing messages would be the new delineator between non-anoymous posters vs. Anonymous Cowards, with each participant being able to choose whether they wish to view anonymous posts or not, killfile non-anoymous posters who annoy them with spam or other unwelcome postings, etc.? Again, these may be stupid ideas. I liked Usenet greatly back in the prehistoric times when I used it, though I may have forgotten a lot of shortcomings that annoyed me at the time, and it may not scale at all well to today's much larger and much more diverse online community.