undefined | Better HN

0 pointsmoritonal1y ago0 comments

Warning, drunk brain talking. But a LLM driven email based "collaborator" could play a very long gMw adding basic features to a code made whilst earning trust backed by a generated online presence. My money is on a resurgance in the Web of Trust.

0 comments

jnxx1y ago

The web of trust is a really nice idea, but it works badly against that kind of attacks. Just consider that in the real world, most living people (all eight billions) are linked by only six degrees of separation. It really works, for code and for trusted social relations (like "I lend you 100 bucks and you pay me them back when you get your salary") mostly when you know the code author in person.

This is also not a new insight. In the beginning of the naughties, there was a web site named kuro5hin.org, which experiemented with user ratings and trust networks. It turned out impossible to prevent take-overs.

groby_b1y ago

IIRC, kuro5hin and others all left out a crucial step in the web-of-trust approach: There were absolutely no repercussions when you extended trust to somebody who later turned out to be a bad actor.

It considers trust to be an individual metric instead of leaning more into the graph.

(There are other issues, e.g. the fact that "trust" isn't a universal metric either, but context dependent. There are folks whom you'd absolutely trust to e.g. do great & reliable work in a security context, but you'd still not hand them the keys to your car)

At least kuro5hin modeled a degradation of trust over time, which most models still skip.

It'd be a useful thing, but we have a long way to go before there's a working version.

account421y ago

Once you add punishment for handing out trust to bad actors, even in good faith (which you can't prove/disprove anyway), then you also need to somehow provide siginificant rewardsf for handing out trust to good actors - otherwise everyone is going to play it safe and not vouch for anyone and your system becomes useless.

vintermann1y ago

There were experiments back in the day. Slashdot had one system based on randomly assigned moderation duty which worked pretty great actually, except that for the longest time you couldn't sort by it.

Kuro5hin had a system which didn't work at all, as you mentioned.

But the best was probably Raph Levien's Advogato. That had a web of trust system which actually worked. But had a pretty limited scope (open source devs).

Now everyone just slaps an upvote/downvote button on and calls it a day.

w4ffl351y ago

Clearly a human is even better at it.

cyanydeez1y ago

State actors have equaly long horizons to compromise

llmblockchain1y ago

State level actor? China?

logankeenan1y ago

You're likely being downvoted because the Github profile looking like east Asian isn't evidence of where the attacker/attackers are from.

Nation states will go to long lengths to disguise their identity. Using broken Russian English when they are not Russian, putting comments in the code of another language, and all sorts of other things to create misdirection.

llmblockchain1y ago

That's certainly true-- at the very least it "seems" like Asian, but it could very well be from any nation. If they were patient enough to work up to this point they would likely not be dumb enough to leak such information.

account421y ago

Otoh with these kind of kneejerk "antiracist" reactions the best way to disguise a chinese operative becomes to prentend you're chinese.

j / k navigate · click thread line to collapse

0 comments

jnxx1y ago

groby_b1y ago

IIRC, kuro5hin and others all left out a crucial step in the web-of-trust approach: There were absolutely no repercussions when you extended trust to somebody who later turned out to be a bad actor.

It considers trust to be an individual metric instead of leaning more into the graph.

At least kuro5hin modeled a degradation of trust over time, which most models still skip.

It'd be a useful thing, but we have a long way to go before there's a working version.

account421y ago

vintermann1y ago

Kuro5hin had a system which didn't work at all, as you mentioned.

But the best was probably Raph Levien's Advogato. That had a web of trust system which actually worked. But had a pretty limited scope (open source devs).

Now everyone just slaps an upvote/downvote button on and calls it a day.

w4ffl351y ago

Clearly a human is even better at it.

cyanydeez1y ago

State actors have equaly long horizons to compromise

llmblockchain1y ago

State level actor? China?

logankeenan1y ago

You're likely being downvoted because the Github profile looking like east Asian isn't evidence of where the attacker/attackers are from.

llmblockchain1y ago

account421y ago

Otoh with these kind of kneejerk "antiracist" reactions the best way to disguise a chinese operative becomes to prentend you're chinese.

j / k navigate · click thread line to collapse