Posts with this logo use 
Agent of change
February 28, 2004
PGP-Signed Comments
On the internet, nobody knows you’re a dog.
In one way, that’s great. If you want to be anonymous, there’s plenty of scope for it on the internet. Even when you post comments on this blog and I ask you for an email address and/or a URL of your website, nothing prevents you from entering totally bogus ones.
On the other hand, say you’ve already established something of an online identity, perhaps through your own web site, or as a frequent commenter at this or some other blog(s). What prevents someone else from coming along and posting a comment here, leaving your name and your website’s URL to identify himself? Put another way, how can readers determine the authenticity of comments left here?
Let me pause to say what I mean by ‘authenticity.’ Most readers of this blog have never met you, personally. They know you through your comments, and perhaps through your own web site. What they would like to know is that the person who authored the comment in question is the same person who authored those other comments and who runs that web site1.
Well, now there’s a way to reassure them. If you have a PGP public key (if you don’t, create one for yourself), put a link to it in the <head> section of your web page:
<link rel="pgpkey" type="application/pgp-keys" href="http://yoursite.com/path/to/yourkey.asc" />
Then you can
- Compose and preview your comment as before.
- Edit it, as needed, and preview again.
- When you’re satisfied with the final form of the comment, use GPGDropThing (for MacOSX) or GPGShell (for Windows) or your favourite PGP tool to clear-sign the text in the comment-entry box. Paste the clear-signed comment into the comment-entry box, replacing the unsigned version.
- Click PREVIEW once again, and then click on POST.
To outward appearances, your comment will look no different than before. The only difference will be a clickable link to “verify” the comment.
If you, or another reader, clicks on it, your key is fetched from the URL specified in the link on your web site, and is used to verify that you — and you alone — composed the comment. The key is cached locally, so subsequent verifications of the signature will be nearly instantaneous. The raw, clear-signed comment is available, so paranoid readers can check the signature themselves — provided they have your public key.
I’d been thinking about implementing this for a while, and even went through the hideously-complicated process of installing Crypt::OpenPGP on MacOSX. Fortunately, Krishnan Srijith did the rest of the heavy lifting and wrote a MovableType plugin. I added a few of my own tweaks and … there we are.
Update (3/3/2004): Automatic fetching of PGP keys, as described above is enabled now. In my and Srijith’s limited testing, it seems to work well. But please let me know if you encounter problems.
Update (3/5/2004): I’ve posted some more thoughts on PGP-signed comments.
1 This is a little different from the exigencies of verifying the identity of the author of an email, which is the traditional use of PGP signatures. There, the PGP “Web-of-Trust” model works fairly well. Here, it doesn’t necessarily work so well, a point elaborated on in greater detail by Phil Ringnalda.
February 27, 2004
itex2MML 0.7
Yet another release of itex2MML. Many thanks to Bob McElrath for a boatload of improvements.
- ”|” and “\mid” now both use the same glyph, U+2223 (∣) with hopefully better (i.e., more LaTeX-like) horizontal spacing.
- \quad is now a 1em horizontal space, (again, as in LaTeX).
- Added \&, \%, \$ and \qquad (a 2em horizontal space).
- Added a whole mess of single-word identifiers (\sin, \log, \ker, etc.) from LaTeX.
- Some memory bugs fixed.
As always, a MacOSX binary is included in my source distribution. A Windows binary and a Linux binary are also available.
February 25, 2004
Ketchup isn’t a Vegetable
It’s a Durable Good.
For the most part, I’ve avoided posting about the sorry excuse for “Economic Policy” that is this Administration’s. Brad DeLong does such an excellent of covering the “Clown Show,” that there seems little that I could add.
But their desperate attempt to disguise the fact the GWB is the first president since Herbert Hoover to preside over a net loss of jobs1 during his term has engendered instances of true humour.
It takes real wit to contemplate reclassifying food-service work as manufacturing jobs2. Fortunately, Representative John Dingel was right there to congratulate Gregory Mankiw on his cleverness.
1 I discount the logical possibility — which not even the Administration actually believes — that their latest forecast might actually come true, and non-farm payroll employment for 2004 might be ever-so slightly higher than the 132.5 million when Bush took office.
2“See! We’re not losing manufacturing jobs, we’re gaining …”
February 24, 2004
Book List
Ed Felten asks his readers for a “top-five” list of books in Science and Technology — books one might might hope every university student would read. Here’s my stab at one.
- Feynman, The Character of Physical Law
- Weinberg, The First Three Minutes
- Watson & Crick, The Double Helix
- Gould, The Structure of Evolutionary Theory (OK, I admit to having barely scratched the surface of this great doorstop of a book. But, like everything else of his, it’s supremely well-written.)
- Courant & Robbins, What is Mathematics?
February 21, 2004
Don’t GET it!
Quite by accident, I discovered that one can post comments to MovableType blogs using HTTP GET requests (instead of the normal POST requests). The implications of this are, to say the least,