[Maybe Spam] Re: Swiki vandalized

Lex Spoon lex at cc.gatech.edu
Fri Jan 28 18:48:40 UTC 2005


Cees de Groot <cg at cdegroot.com> wrote:
> > So, I dislike basing editing privilage on your programming prowess.
> >
> Personally, I don't see SqP 'ranks' as programming prowess indicators, but  
> that's of course for everyone to interpret ;).

Okay, I have no idea honestly. If they can be combined that would be
great, but my impression is that they are going after different things. 
Also, the proposal as stated works standalone for any wiki, so maybe it
is more tempting for wiki authors to include as a standard issue in the
future.  (hint hint... :))


> > There are a lot of schemes that are tempting due to security by
> > obscurity -- for example, requiring that people have registered on
> > SqueakPeople is already going to shut down gazillions of bots that just
> > won't bother -- but security by obscurity bugs me.
> 
> Well, security and openness are in direct conflict, of course. So you have  
> to resort to patchwork in any case. I'm completely with you about SbyO,  
> but this is more a case of hardening an open system against vandalism, not  
> quite unlike how parkbenches and other 'public furniture' is hardened.

I don't really agree with that principle.  Yes, there will always be
some sloppiness, somewhere, but it doesn't mean we need patchwork
*software*.  The sloppiness can conceivably be in the social realm, and
that's where I'd love to put it if we can figure out a way.

As a simple example, keys and locks in the physical world are quite
simple.  The messiness is in deciding who gets what keys, not in the
technology.


> The nice thing about ranking systems is that you move away from a  
> completely open community (which, obviously, does not work in these times)  
> to something with fuzzy borders.

Yes, I agree.  The next question is then: how do you set up the borders?


> Whether you have to register with SqP or  
> a Wiki does not really matter in this case, both schemes are in essence  
> similar (personally, whether it's called SqP or SqSource or whatever, I'd  
> greatly prefer at least a single sign-on to Squeak community services).

Yeah, single sign-on would be nice.  But, it's not essential at first.

One neat approach would be to link it into Jabber authentication....



> >  Additionally, there
> > are a lot of schemes that stop stupid bots, e.g. requiring someone to
> > decode a GIF, but those bug me even worse because they just seem to
> > breed ever better bots.
> >
> Yup - algorithms to defeat the GIF trick have already been developed.

My favorite one, to defeat *any* turing test, is for the bot to show it
to a human somewhere.  "Please decode this GIF in order to get your free
porn."

-Lex



More information about the Squeak-dev mailing list