Two simple new features would, I think, be of great use.
First, it would be useful if we could opt to have each
/msg we send immediately echoed back to us as well.
This would allow a Monk to keep better track of the
conversations he was having, and would be of use
as well to writers of Chatterbox clients.
Thus if you enabled this option, and said:
/msg Petruchio Foo!
(which I'd prefer you did not) the feedback which
you normally get when using the web page to speak
would be sent to you via /msg as well.
you said "Foo!" to Petruchio
Second, it would be useful if we had some
way of verifying the identity of Monks outside the
Monastery. This can easily be done now, if the Monk
is willing to entrust you with his password; then you
(or the program you set up) can attempt to log in as the
Monk. This, for obvious reasons, is not a practical
option.
It would be simple, however, to allow the Monk to
specify a second password in his user information.
The only use of this password would be in a CGI
program on the PerlMonks site, which would take
in the username and alternate password, and reply
either YES or NO. If, then,
someone wished to provide services for PerlMonks, but
only for PerlMonks, it could be easily accomplished.
This, of course, is not an optimal solution either,
but it is a quick and easy one. Anything involving
encryption would, in my opinion, be overkill while
our actual passwords are sent in cleartext to
PerlMonks.
Please don't compromise my privacy
by footpad (Abbot) on Mar 05, 2001 at 21:07 UTC
|
I like your first idea, however, I'm not sure sure about your second, for I see it as potentially risky for those monks who wish to protect their privacy.
While you cite a couple of potentially valid reasons for wanting to "automatically maintain the identities of the Monks," I know of at least a few monks that do not want their "real life" identity connected with their Monk tag. Each case you cite suggests some form of active participation on the part of the Monk you wish to confirm. That's fine and there are several mechanisms available for doing that.
However, if I'm reading your subtext properly, you want to ID Monks without their knowledge and that raises several concerns.
There is a great deal of information already available about our real lives on the Internet. Given that google logs the ChatterBox, there's a risk (however small) that the results of your automated process would eventually appear on standard search engines. As an example, note the first hit on my 'nym. While my actor's instincts are gratified by the top billing, my wife would be less than pleased if there were a connection from that to my RN. (She's been stalked and is very sensitive to public information of her name, address, or other vitals being readily available.)
Similarly, a certain monk maintains an gender-opposite online identity for reasons that have not been made public. There's a risk (however small) that an automated process would compromise this without that individual's knowledge.
I can think of (or know) several other reasons why certain monks have not publicized their real lives in various online communities.
You might believe that this information is useful in the right hands. That's true and it's also why I argue against this so strenuously. Automated processes do not question the validity of a request for information. Only people can determine whether those hands are the right ones or not.
If, for whatever reason, a monk has declined to provide details of their RL, then we should respect that choice.
If you absolutely must have some form of automated identification, I would only support it if a) there was a way to opt-out and b) that was the default. It's not that I don't trust you, per se, but I don't trust every member of our community. Some have demonstrated that they have little professional (or personal) courtesy and I would be extremely leery of any process that did not allow me to prevent those people from accessing more details of my life than I wish to publicize on my home node.
Should I wish, at some point, to provide services to PM, then I will happily submit to whatever verification that vroom deems appropriate. I might even be willing to provide that to people he trusts. However, I will not support any process that unfettered access to my RN, my personal email address, or other details I've chosen to keep private.
Sorry...
--f | [reply] |
|
However, if I'm reading your subtext properly, you want
to ID Monks without their knowledge and that raises
several concerns.
Happily, this is the only point I need to respond to.
This is not at all what I mean. I would not support,
much less suggest, anything which would compromise
the privacy of people here... especially mine. ;-)
What I mean is simply this: if each Monk had the option
to specify a second, secret password, he could use that
password to verify his identity outside the site, without
giving up his primary password. That is all. There is no
connection with anyone's real identity.
So, for instance, I set up another website, Perlmonks'
Bar & Grille. You wish to get in. You supply your
normal username, footpad, and your secondary password.
My login CGI sends the pair to a CGI on Perlmonks,
recieves a "YES" back, and lets you in. Without your
needing to divulge your real password, and compromise
your PerlMonks account,
It seems that the word "automatic" (and probably some
unclarity on my part) gave you a different impression.
I meant it in reference to the way authentication
is implemented. By having set your secondary password,
you now automatically have access to my web site.
This scheme has various strengths and shortcomings
(as do other schemes) but it is totally voluntary,
and not at all injurious to personal privacy.
Sorry if I mislead you.
| [reply] |
|
This seems pretty limited to me. Once a monk has given you
their ID and 2nd password, you could effectively imitate them anywhere
outside the Monastery. This means that monks would have to be
very careful with this second password, making it little more useful
than the first for ID purposes.
How about this: A person claims to be Petruchio, and wants
an account on my site as such. I simply use the Monastery to /msg a monk of that name with
a default password for his/her/its account on my site et voilą. No extra
work for anyone, and the ID verification is as good as your primary
password here. Even if someone who isn't a monk wanted to do verifications
(seems unlikely ;-) they'd merely join the Monastery and they'd have the same
ability. This also provides an automatic mechanism for a monk to know that
someone is trying to impersonate them elsewhere ("/msg Albannach what the heck is this password for?").
--
I'd like to be able to assign to an luser
| [reply] |
|
Re: On Chatterbox Echoes, and the Identification of Monks in the Wild
by epoptai (Curate) on Mar 05, 2001 at 16:53 UTC
|
I really like your first suggestion for this new /msg
feature Petruchio. I always /msg myself a copy when
involved in context-dependent exchanges, and have
been bitten by others who do not, when they forget the
context of my reply. Imagine if you will an extra parameter
for private messages:
/msg cc:petruchio dude, cool idea!
Would result in a /msg to myself, as you suggest, in the
form of the feedback provided in the chatterbox nodelet:
you said "dude, cool idea!" to petruchio
Perhaps also including a timestamp (which is already part of
the private messages xml ticker):
you said "dude, cool idea!" to petruchio on 3/5 at 4:20pm
Going one step further, to enhance the context, include the
text of the message being replied to when using the
message inbox's reply-to feature:
you said "dude, cool idea!" to petruchio on 3/5 at 4:20pm
in response to "check out 62208 for my nifty
CB enhancement"
your pal - epoptai
Update: If you want to reliably associate
activity on external sites with a monk's account you might
want to try something like jcwren's monktags.
| [reply] |
Re: On Chatterbox Echoes, and the Identification of Monks in the Wild
by Corion (Patriarch) on Mar 05, 2001 at 15:33 UTC
|
I can't comment on the chatterbox features, as I'm still a user
of the plain old web interface.
As to verifying a monk, I think if we forget about zero-knowledge
proof, the easiest way to verify a monk would be to talk with
that monk about his posts.
Of course this dosen't guarantee that the person you are
talking with is indeed the monk on Perlmonks, but at least it
will verify to you that this person knows enough about that
monks posts to immitate that monk.
Other than that, monks that wish to be verified can simply post
their email address on their node or /msg you their
email address, and you can swap some PGP stuff then.
In fact, there is no way to verify that I am
indeed the person I claim to be, except by visiting the
given address and interviewing me about my posts...
| [reply] |
|
Corion: the easiest way to verify a monk would be to talk with that monk about his posts
Of course... if you want to talk to him.
Identifying him in that case doesn't require much at all.
As I said, if someone wished to provide services for PerlMonks.
Let me give you an example. Say I write a brain-bench
type quiz. Or, more interestingly, a timed quiz which
requires people to write one-line solutions to problems,
and evals the answers for correctness. Of course, you'd
want to keep track of scores. Or an auxilliary
web site... another person could write what amounted
to an extension of the Monastery, and automatically
maintain the identities of the Monks. Or a chat channel,
or (very likely) any number of things I haven't thought
of, but which some clever Monk will. Anything where people
want to be able to "be themselves", and maintain their
established identities.
In these cases, it is not reasonable to authenticate
identity personally, and no mechanism yet exists for
doing it automatically. Monks have thus far shown great
creativity utilizing the rudiments which the site has
provided (the XML tickers, in particular) to extend the
functionality of the site. It would be interesting to see
what people would come up with, given more such tools.
As it happens, by the way, neither of my suggestions
is rooted in speculation; I've actually worked on things
which would require (or at least be greatly facilitated
by) such functionality.
Besides the fact that such things could help alleviate
the burden on vroom to add all kinds of features and
services by himself.
| [reply] |
|
Give the external server a PerlMonks account. Have people
who sign up have to send a private /msg to that account.
Seems pretty easy to me.
| [reply] |
|
Reminds me of the *old* howler: "The Iliad was not written by Homer
but by someone else with the same name"
How can anyone know that the person you claim to be has actually
posted the nodes that appear under what you claim to be your name?
...errm sort of...
At some point we
have to take things on trust. After all the important thing is
the information being shared, rather than the name. And no-one
can imitate information content... either it's there or it isn't.
| [reply] |
Re (tilly) 1: On Chatterbox Echoes, and the Identification of Monks in the Wild
by tilly (Archbishop) on Mar 05, 2001 at 17:11 UTC
|
See turnstep for an example of how to authenticate a
monk securely - just post your public PGP key on your home
node. I am not sure why you call using encryption here
overkill. PGP is widely available, free and requires no
work on the part of our fearless leader.
For the record, I have not once been asked for proof that
I am indeed tilly. YMMV. | [reply] |
|
| [reply] |
|
|