Wait, to clarify, IS this something people can actually do? I don’t know what a PGP public key is or how I would use it. I was assuming you were just being funny.
The PGP thing is a cryptographic signature which proves that the comment was written by me. What I did was, I made a PGP key, which has two halves: a public key, which is now on my user page of the Less Wrong wiki, and a private key, which is stored safely on a computer I control. I input my private key and a message into GnuPG, and it outputs a signature (what you saw in the earlier comment). Anyone else can take that message with its signature, and my public key, and confirm that I must have had the private key in order to sign it that way.
This means that Quirrell points can’t be taken back—if I deleted or edited the comment, as long as you saved a copy you’d still be able to prove that it was there. It also means that Quirrell points can’t be forged, even by Less Wrong administrators, which is important because otherwise Eliezer Yudkowsky might decide to give them to people I don’t like.
The only thing necessary for one to issue valuable points is to convince other people they’re valuable, and my other copy has done most of that work already.
It’s 4,096 paperclips on a ring, each bent in one of two ways to indicate either a 0 or a 1. Neither the 0s nor the 1s could hold paper together in their current shape.
You realize that while Quirrell points cannot be revoked if saved, but it is very easy to delete or ignore a negative point.
People who care about Clippy points won’t ignore it, and I won’t delete them (edit: “them” refers to the evidence of the Clippy points, not the people who care).
Also why would you punish people, because Quirrell happens to like what they wrote?
Will you also burn the books Quirrell happens to enjoy?
How can you burn a book? I’ll certainly reset any encoding of texts that User:Quirinus_Quirrell likes to the null state (if I can do so to all known instantiations), but you can’t “burn” data; you can only entropize certain instantiations of it, which vary in their source-recoverability (a kind of inferential distance).
You can punish Q.
You can punish someone who does business with Q knowing who he is.
You can punish someone who does business with Q not knowing who he is.
You can punish someone for being liked by Q
You can punish someone for having done something that Q liked.
You choose the last one. That does not even give the respective person the ability to deflect the praise they got, you just punish. (Or rather poke.) That is pretty low. And opens you up for stupid levels of manipulation.
My policy discourages others from doing things that User:Quirinus_Quirrell likes, as those things are likely to be hurtful to me. I believe the level of pseudo-punishment I mete out is proportional to the pseudo-crime, as they involve the same mode and magnitude.
See this summary of PGP. The essential issue is that this allows one to construct mathematical functions which are difficult to calculate without secret information but anyone can easily verify that one has calculated the corresponding value given the “public key” (which Quirinius put on his userpage). Thus, to provide authentification that a message really came from the person who they claim to, they will provide both the message and f(message).
This rests on the RSA cryptographic system which relies on the fact that factoring integers is difficult.
If MWI is correct, and people trying to figure out my private key try to use quantum suicide to get my key then in the vast majority of the wave function I will observe my eavesdroppers having blown their brains out.
What was it you were surprised that people can actually do? Put signatures together? Use public/private keys to sign something?
I am curious about the confusion you experienced, because that seems like a good example of assumed knowledge. Most LW readers are probably aware of PGP and assume everyone else is.
I was only vaguely aware of PGP (I didn’t know the name of it, anyway). At the time I think I was also confused about how seriously I was supposed to take the notion that you’d use a PGP public key for something so silly as declaring Quirrel points. It was a multi-level joke that required some knowledge to be not just better understood but firmly internalized for it to be funny.
(I’m assuming now that part of the joke was that you’d use a public key for this in the first place. I didn’t get that at the time)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm not aware of any rule or norm which would put any limit on the silliness
of data that can signed or encrypted with PGP.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3M0d8ACgkQXbwSbN5LuzVhCQCgtj4Q5IpZf9OLwv+ghM21UPeV
FNkAoIK6hdZquPjyocwJqxiwhjFVC/Cx
=dQT1
-----END PGP SIGNATURE-----
Oh, you mean you had thought of a limit on what kind of data could be signed? But the PGP signing is just technology, while the content is free form and can be anything. Think of it as a notarized paper. You can probably get all kinds of papers notarized if you are willing to pay for it. PGP is more secure, less effort and less widely accepted. But basically Quirrel just puts out his comment, and signs it in a way that allows for later proof that he made it.
It is really no big effort, just some software.
No, I understood that. It makes sense, if we honestly were to A) highly value Quirrel points, and B) need to be able to tell reliably whether a given person had a given Quirrel point. I thought it was kind of cool when he first did it, then I thought about doing it myself, then realized that attaching a giant notarized seal to an internet comment that nobody was ever going to double check was pretty silly. Then I assumed that was the point.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm not aware of any rule or norm which would put any limit on the silliness
of data that can signed or encrypted with PGP.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3M0d8ACgkQXbwSbN5LuzVhCQCgtj4Q5IpZf9OLwv+ghM21UPeV
FNkAoIK6hdZquPjyocwJqxiwhjFVC/Cx
=dQT1
-----END PGP SIGNATURE-----
I’m not aware of any rule or norm which would put any limit on the silliness
of data that can signed or encrypted with PGP.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Is your PGP public key published anywhere?
I put it on the wiki just now.
Wait, to clarify, IS this something people can actually do? I don’t know what a PGP public key is or how I would use it. I was assuming you were just being funny.
The PGP thing is a cryptographic signature which proves that the comment was written by me. What I did was, I made a PGP key, which has two halves: a public key, which is now on my user page of the Less Wrong wiki, and a private key, which is stored safely on a computer I control. I input my private key and a message into GnuPG, and it outputs a signature (what you saw in the earlier comment). Anyone else can take that message with its signature, and my public key, and confirm that I must have had the private key in order to sign it that way.
This means that Quirrell points can’t be taken back—if I deleted or edited the comment, as long as you saved a copy you’d still be able to prove that it was there. It also means that Quirrell points can’t be forged, even by Less Wrong administrators, which is important because otherwise Eliezer Yudkowsky might decide to give them to people I don’t like.
The only thing necessary for one to issue valuable points is to convince other people they’re valuable, and my other copy has done most of that work already.
What’s your private key?
It’s 4,096 paperclips on a ring, each bent in one of two ways to indicate either a 0 or a 1. Neither the 0s nor the 1s could hold paper together in their current shape.
You’re a bad human. I’m going to give a negative-Clippy-point to anyone you give Quirrell points to now.
I mean, once I get GnuPG to work.
You realize that while Quirrell points cannot be revoked if saved, but it is very easy to delete or ignore a negative point.
Also why would you punish people, because Quirrell happens to like what they wrote? Will you also burn the books Quirrell happens to enjoy?
People who care about Clippy points won’t ignore it, and I won’t delete them (edit: “them” refers to the evidence of the Clippy points, not the people who care).
Because User:Quirinus_Quirrell does very anti-clippy things.
How can you burn a book? I’ll certainly reset any encoding of texts that User:Quirinus_Quirrell likes to the null state (if I can do so to all known instantiations), but you can’t “burn” data; you can only entropize certain instantiations of it, which vary in their source-recoverability (a kind of inferential distance).
Clippy there are various levels of action here.
You can punish Q. You can punish someone who does business with Q knowing who he is. You can punish someone who does business with Q not knowing who he is. You can punish someone for being liked by Q You can punish someone for having done something that Q liked.
You choose the last one. That does not even give the respective person the ability to deflect the praise they got, you just punish. (Or rather poke.) That is pretty low. And opens you up for stupid levels of manipulation.
My policy discourages others from doing things that User:Quirinus_Quirrell likes, as those things are likely to be hurtful to me. I believe the level of pseudo-punishment I mete out is proportional to the pseudo-crime, as they involve the same mode and magnitude.
I infer, then, that “stored safely on a computer I control” means resting on top of the case?
Now that’s just mean.
See this summary of PGP. The essential issue is that this allows one to construct mathematical functions which are difficult to calculate without secret information but anyone can easily verify that one has calculated the corresponding value given the “public key” (which Quirinius put on his userpage). Thus, to provide authentification that a message really came from the person who they claim to, they will provide both the message and f(message).
This rests on the RSA cryptographic system which relies on the fact that factoring integers is difficult.
Factoring integers isn’t hard.
If MWI is correct, and people trying to figure out my private key try to use quantum suicide to get my key then in the vast majority of the wave function I will observe my eavesdroppers having blown their brains out.
What was it you were surprised that people can actually do? Put signatures together? Use public/private keys to sign something?
I am curious about the confusion you experienced, because that seems like a good example of assumed knowledge. Most LW readers are probably aware of PGP and assume everyone else is.
I was only vaguely aware of PGP (I didn’t know the name of it, anyway). At the time I think I was also confused about how seriously I was supposed to take the notion that you’d use a PGP public key for something so silly as declaring Quirrel points. It was a multi-level joke that required some knowledge to be not just better understood but firmly internalized for it to be funny.
(I’m assuming now that part of the joke was that you’d use a public key for this in the first place. I didn’t get that at the time)
Oh, you mean you had thought of a limit on what kind of data could be signed? But the PGP signing is just technology, while the content is free form and can be anything. Think of it as a notarized paper. You can probably get all kinds of papers notarized if you are willing to pay for it. PGP is more secure, less effort and less widely accepted. But basically Quirrel just puts out his comment, and signs it in a way that allows for later proof that he made it. It is really no big effort, just some software.
Thank you for responding.
No, I understood that. It makes sense, if we honestly were to A) highly value Quirrel points, and B) need to be able to tell reliably whether a given person had a given Quirrel point. I thought it was kind of cool when he first did it, then I thought about doing it myself, then realized that attaching a giant notarized seal to an internet comment that nobody was ever going to double check was pretty silly. Then I assumed that was the point.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I’m not aware of any rule or norm which would put any limit on the silliness of data that can signed or encrypted with PGP. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3M0d8ACgkQXbwSbN5LuzVhCQCgtj4Q5IpZf9OLwv+ghM21UPeV FNkAoIK6hdZquPjyocwJqxiwhjFVC/Cx =dQT1 -----END PGP SIGNATURE-----
I, for one, have never assumed that everyone else is familiar with PGP.
This is a fact that i am extremely glad of.