LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for September 4, 2008

The Kernel Hacker's Bookshelf: UNIX Internals

DRI, BSD, and Linux

SCHED_FIFO and realtime throttling

LWN.net Weekly Edition for August 28, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Alternative GUIs: GoblinX (TuxMachines)

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 21, 2007 3:03 UTC (Thu) by yootis (subscriber, #4762)
Parent article: Alternative GUIs: GoblinX (TuxMachines)

Why would anyone trust a distro put out by someone who doesn't tell you his real name?

(Log in to post comments)

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 21, 2007 11:44 UTC (Thu) by lysse (subscriber, #3190) [Link]

External reference of identity is far less important than internal consistency. If someone always goes by the same pseudonym, develops a reputation for honesty and fair dealing under that pseudonym, and strongly identifies with that pseudonym - why is an identifier they chose themselves any less trustworthy than the random one their parents dumped on them at birth? By such logic, we should abandon these silly name things altogether, and only refer to each other by SSN numbers, or global IDs assigned at birth.

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 21, 2007 12:14 UTC (Thu) by nix (subscriber, #2304) [Link]

Quite so. A lot of work on HTML 4 was done by someone who goes only by a pseudonym. At that time he hadn't changed his name by deed poll to correspond with that pseudonym: should we trust HTML 4 less because of that? Should we have started to trust it more after he changed his name?

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 21, 2007 17:37 UTC (Thu) by yootis (subscriber, #4762) [Link]

That's different. HTML is an open standard with many people looking it over. You don't execute it directly. But downloading a distribution which is precompiled binaries is essentially an act of trust.

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 29, 2007 9:26 UTC (Fri) by arcticwolf (guest, #8341) [Link]

Downloading and using *any* binary is an act of trust. And for that matter, do you think that if someone actually has bad intentions, he will tell you his actual name?

Or do you usually demand notarised copies of the passports of the people who develop your software so you can be sure that the genuine-sounding names they give you (like "Linus Torvalds") actually *are* their real names?

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 21, 2007 17:41 UTC (Thu) by yootis (subscriber, #4762) [Link]

Not really true. If someone gives a real name you can look around to see if they have betrayed trust while using their real name before. However, since pseudonyms are essentially free and limitless, they can take a new one every time they wish to betray trust. You can't track it back to a unique person.

Your next point will be that even if someone gives a real name, they could be doing bad things under pseudonyms. That is true, but they can only do bad things once under a real name. So there is an incentive to be trustworthy when using the real name.

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 23, 2007 17:20 UTC (Sat) by njs (subscriber, #40338) [Link]

>[T]hey can only do bad things once under a real name. So there is an incentive to be trustworthy when using the real name.

One could just as well say: they can only do bad things once under a particular pseudonym. So there is an incentive to be trustworthy when using a pseudonym.

They can switch pseudonyms, of course, but on the internet they can switch "real names" just as easily, and with the same cost: the new name won't have a history of trust built up. We wouldn't be having this discussion if the author were using a realistic-sounding pseudonym like "Daniel Marnier" or something.

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 26, 2007 19:16 UTC (Tue) by yootis (subscriber, #4762) [Link]

Probably true -- if the pseudonym sounded realistic we wouldn't have had this conversation. But we could check if it was real if we were going to run the distro and were worried about the person's history.

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 26, 2007 17:46 UTC (Tue) by lysse (subscriber, #3190) [Link]

> If someone gives a real name you can look around to see if they have betrayed trust while using their real name before.

Exactly as you can with a consistently-used pseudonym. Moreover, I can legally change my name at any point, for free, as can anyone else in the UK; all I need is a witness to sign the deed poll. And that's only if I want it to be legally binding - in less formal situations, I can call myself anything I please at any point. How exactly would you divine the difference?

> ...pseudonyms are essentially free and limitless...

Exactly as real names are - see above. Moreover, you are overlooking that many people who use distinctive pseudonyms see them as far more personally meaningful than their given names - much more tightly binding, if you will and stay with them for years, even to the point where they have a much stronger pseudonymous reputation than eponymous. (I'm in this position myself, as it happens.)

The assumptions you are arguing from, about the strength of legal names as opposed to pseudonyms, are simply wrong. Pseudonyms are not the throwaways you think they are, and legal names are nowhere near as permanent as you would like them to be.

> Your next point will be that even if someone gives a real name, they could be doing bad things under pseudonyms.

What you are doing here is popularly known as raising a strawman. It's arrogant and fallacious; don't do it.

In fact, I have no next point. I don't need one yet; you don't even appear to have grasped, let alone refuted, my first one - which is that what matters in building trust is reputation, not identity, and given a consistent identity whose reputation can be checked, it doesn't matter WHO assigned the identity, or what legal status it has. Conversely, if an identity has no reputation behind it at all, it's an unknown quantity no matter how much ceremony went into its assignment.

Alternative GUIs: GoblinX (TuxMachines)

Posted Jun 26, 2007 19:21 UTC (Tue) by yootis (subscriber, #4762) [Link]

In the US it is extremely difficult and time consuming to change your name (unless you are a female who just got married and are only changing a last name). It creates a very long chain of information connecting your old and new names. It involves the courts and public records, and is easily googleable. So you can never get away from an old name. I guess this is different in different places.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds