At 04:56 AM 4/15/2003 +0200, Cees de Groot wrote:
Hey Cees,
Off-topic, I'm a bit curious about what my PGP 8 installation is consistently telling me about your emails. Any ideas?
*** PGP SIGNATURE VERIFICATION *** *** Status: Bad Signature from Invalid Key *** Alert: Signature did not verify. Message has been altered. *** Alert: Please verify signer's key before trusting signature. *** Signer: Cees de Groot cg@cdegroot.com (0xE0989E8B) *** Signed: 4/14/2003 7:56:13 PM *** Verified: 4/14/2003 8:21:06 PM *** BEGIN PGP VERIFIED MESSAGE ***
[snip]
Apart from that, the idea is to keep ahead in the 'arms race' of undoing malicious changes faster than they can apply them. Wiki vandals are so dumb, they will not use tools. So my five-second edit I just made probably countered a one-hour 'hacking' spree of a 5-year old - so I won ;-).
Just an idea, but perhaps edits to pages can be tagged with a unique identifier tied to the HTTP session along with a simple rollback mechanism. If you find extensive (or not) Wiki graffiti (wikifiti?), just rollback to a previous version without those edits. Wiki or Swiki may already have something like this, for all I know, but it eliminates passwords and keeps things open. This is arguably feature creep, and is also subject to feature creep (keeping track of deltas, asynchronous rollback for legit edits made during a vandal attack, two-phase commits, transactions, oh my!), but I thought I'd throw it out there.