And in this case, the fake key has zero signatures whatsoever. If it had any, they would either be a blob of also-fake unconnected keys, or someone proving his guilt this way.
Just to be pedantic, a fake key may also be signed by a real, correctly-identified individual who had no intention of subterfuge, but who isn't careful about whose keys he or she signs. Of course, once discovered, that person should from then on be distrusted to validate other keys just as much as somebody who deliberately tried to deceive others.
A scarier but less likely possibility would be a malicious actor who creates a forged key for some other person, and then attends key-signing parties where they present forged identification in order to receive legitimate signings of their forged key. It'd be hard to get away with this if the target is an individual with a well-known appearance, like a Schneier or a Wozniak. But if the target is somebody who is just known online by name and not by their physical appearance, then it might not be hard to get legitimate signatures on the forged key by real, well-trusted individuals who simply had no prior knowledge of the target's real appearance. I wouldn't know "the" Gavin Andresen who maintains Bitcoin code from "a" random person named Gavin Andresen, or even an impostor with a good forgery of a government-issued ID card. I've never seen a picture of Gavin that I can recall, so I have no idea of what he looks like.
Just because you trust somebody doesn't mean you trust him or her to trust others.
Very true! If I meet a person face-to-face, they hand me their PGP/GPG public key, and they show me plausible-looking picture ID that matches the identity that their key claims to represent, then I can mark their key in my keychain as one that I'm confident is not a forgery. If they are otherwise a stranger to me with no well-known reputation, then I can register in my keychain that their signature on somebody else's key doesn't count for much. Or if they are a well-known person with a reputation of being very careful about whose keys they sign, I may register in my keychain that I tend to trust keys that they have signed. The web of trust system is pretty well configurable.
I may also sign their key with mine to let other people know that "I, NF6X, consider this key to belong to the individual it claims to belong to". You may or may not consider that to be of value, depending on how well you know me and what you think of me.
This seems to be a reasonable model to me, and I think it's better than the "one CA to rule them all" model used for things like SSL certificates. It's difficult to scale the model well, though. I don't know of any other PGP/GPG users near me and I began using these systems long after I graduated from college where I might have had many more opportunities to sign others' keys and have mine signed. So, I'm not part of the web of trust, and I'm unlikely to become one unless I go out of my way to travel to a key-signing party to meet some well-known and reputable people. The few people with whom I exchange PGP/GPG-encrypted traffic are strangers to me, and I have no way of being strongly confident that they are who they say they are.
If an employee didn't ask every customer about a cell phone AND a satellite dish they were fired. Even before that turnover was like a fast food place.
And no, I don't want to buy an extended service plan for the audio patch cord that I'm going to cut one end off of and mount a different connector on as soon as I get home, thank you very much. No, really, I'm positive.
Their components are substandard manufacturer rejects (best I can tell) that they package in small quantities and sell for 10X the price.
In my opinion and experience, that was true back in the 1980s, too. I bought components there at the time because I didn't know of any better option near me, and I didn't even know that I should be searching for a better option. It's not like I could order parts online from Digi-Key. I didn't know that it's possible to buy hookup wire whose crappy insulation doesn't flee in terror from an approaching soldering iron. I didn't know about ring lugs whose plastic insulation is tough enough to survive crimping without breaking off. I had one of the cool TI sound generator chips they carried, but one of the functional blocks never worked right. I thought that the way to buy capacitors was in a bulk pack of 50 random values.
They did have some excellent products like the set of Minimus 7 speakers that I still have, and my first exposure to computers and programming was my TRS-80 Color Computer. Radio Shack played an important part in my earliest experiences with electronics and computers, but I began looking elsewhere for most electronic components and supplies once I learned how to find higher-quality parts. Now I only shop for components there when I want something Right Now.
Link to Original Source
Once they are finished with their nerd cleansing, they can build a new Slashdot. A sexier Slashdot. A Slashdot the kids can dance to.
They aren't ignoring you. They are exterminating you."
A community is a group that holds common values. If you want to propose that slashdot viewers are a community, what are the common values that bind all of the viewers?
Bitching. Bitching is the common value that unites us.
I think we should mark yesterday, February 6, 2014, as the day that Slashdot died.
Yesterday may be the day that the coroner declared the victim to be dead, but the fatal disease was contracted when Dice.com bought Slashdot. Slashdot is a vibrant community built around a tainted well, and Dice.com is the entity that poisoned that well.
*from Dice Inc. "Slashdot Media was acquired to provide content and services that are important to technology professionals in their everyday work lives and to leverage that reach into the global technology community benefiting user engagement on the Dice.com site. The expected benefits have started to be realized at Dice.com. However, advertising revenue has declined over the past year and there is no improvement expected in the future financial performance of Slashdot Media's underlying advertising business. Therefore, $7.2 million of intangible assets and $6.3 million of goodwill related to Slashdot Media were reduced to zero. "
Also if you were curious why the redesign looks like it does, check out the other dice sites. It appears they are going for a bland unified style across sites. http://news.dice.com/ is especially telling of what the future of
Thank you for sharing that quote from Dice.com. That makes it clear that Dice.com really does just think of Slashdot participants as an audience. Their motivations with respect to Slashdot are just to get ad revenue and to use us to lure eyeballs to Dice.com. We are not a community to them; we are a tool to be exploited to further their goals.
It is now clear to me that the problem is not that the folks running Slashdot aren't listening. The problem is that they don't care. Or at least, their bosses don't care. They aren't going to "see the light" and abort the Beta travesty because they want us gone. The folks who are outraged by Beta breaking what brings us to Slashdot are not the passive viewers that Dice.com wants. We are not relevant to Dice.com's goals. We don't come here to view ads. We don't even come here to read the posted stories, except as triggers for the discussion that follows. Dice.com does not want the core Slashdot participants; they want to use the Slashdot name to lure the cloud of passive Slashdot viewers to suckle at their corporate teat.
This suggests to me that Slashdot as we know it is already dead. It is a community built around a tainted well. The well became tainted when Dice.com came along and shat in it, and I don't see how the well can be purified other than by Dice.com leaving and taking their shit with them.
Boycotting Slashdot isn't going to change Dice.com's mind about these Beta changes. It's time to leave Slashdot and move to a new place.
Change happens, and for those of us who work with technology for a living it is the only constant. Change is a process and in and of itself is not a bad thing when it offers improvement. Unfortunately the change that has been offered negatively impacts the look, interface and most importantly the functionality of Slashdot.
Many people have had trouble reverting back to the classic interface. The new interface simply does not offer the functionality of the old. Things like statistics, comments and layout are very difficult to find. You have a community that lives and breathes data and want to know their data. How is my comment ranked, how many people responded – it’s really all about the dialogue. Can I get the information that I want in a readily digestible format?
As you’re well aware the new site does not offer the very thing that people come here for. This in and of itself is not why your community has organized a boycott of Beta. The boycott was originated because the new version will be implemented whether the community wants it or not.
I want to explain why this change has gone down people’s throats about as well as Windows 8’s Metro interface. The reason has absolutely nothing to do with the interface and everything to do with the perception that the editors and management of Slashdot appear to have.
The message that has been consistently handed down is that we are “your audience”. We are not your “your audience” we are your product. People do not come to Slashdot for the news stories, there are untold other sites that provide those as well as professional and original writing about them. People come here for the community of insiders from across the industry.
Please respect the community and stop what you’re doing. You have commented that you don’t want to maintain two code bases. Your community works in the industry and understands this, which leads many to suggest you abandon the new code base entirely so that you are only maintaining once code base. Tell us what your trying to accomplish and I would imagine that a wide range of experts would be more than willing to help you meet your goals."