Meta: Abused trust?

Posted 30 Jul 2000 at 00:21 UTC by matt Share This

Several diarists (including myself) as of late are lamenting that our web of trust is turning away from its original intent and instead into a hyperlinked old boys network.

Let me start off by saying I don't think this is a technical problem with the way our cert system functions (technical solutions have been discussed before); rather, it's a social problem. As most know or very quickly find out, our site doesn't permit posting of articles, attaching oneself to a project, or any of a myriad of other things until a user has attained at least the apprentice level. This is fine, and I wouldn't change it.

The problem is that in an effort to be able to contribute to the discussions, folks are getting certified at high levels when their personal pages don't even mention their current involvement with -- or even a passing interest in -- free software. I'd like to believe that these people just forgot to mention their contributions, or perhaps that they didn't put them up out of self-deprecation; but some pages make it abundantly clear that is not the case.

I certainly can respect someone who's been programming for decades. I've almost reached two decades myself, albeit non-professionally (I'm only 23, after all) :-) However, that does not qualify them as a journeyer or a master of free software. Being a part of free software, and not just a consumer, is what qualifies you.

The concept of "being a part of free software", in my view, can take a number of forms. The most obvious contribution is that of code, and most need to code to be taken seriously. There are other contributions, too. All projects need documentation, and infrastructure. If you provide those because you believe in free software, I feel you're also a contributor.

Are you the lead developer of an important project, and do you take other aspiring free software developers under your wing to lead them? Congratulations, you're a master! Have you been contributing to various projects for some time, and are you a well-respected member of the free software community? You're a journeyer. Just getting started, perhaps? Contribute a little, or are working hard towards your first contributions (preferably under the wing of a master)? Welcome to apprenticeship (that's where I am, and will be for some time). With time and work, you'll move up. Still undecided about this whole open source thing? If you're a user, but not a contributor, you're an observer.

When the passing around of certification that is ignorant of what the certification is supposed to be for happens, the carefully constructed web's threads can break. A common security axiom is that any system is only as good as its weakest link (ironically, this applies to the public-key web of trust concept as well). I submit to you: that same axiom applies here.

Ultimately, I know that I and many others can spot the true masters and journeyers regardless of the color of their current certification level. I just wish we could all humble ourselves a little bit and give respect to the principles that our web of trust (emphasis very intentional) was built on.


some thoughts, posted 30 Jul 2000 at 01:20 UTC by ZachGarner » (Observer)

ncm Posted this on the thirteenth, i think it sums things:

Maybe this is a good time to complain about certification inflation. I got declared "Master" on the basis of single certification -- unjustifiably, according to the definition. I don't contribute full time to any Free Software projects at the moment, even if I am an old fart who's forgotten more than most of these young whippersnappers who are (also) Masters ever learnt. But it seems that all it takes to be Masterated is to contribute to some bit of Gnome, no matter what level of experience, judgment, or commitment is in evidence.

I'm afraid i dont have to great of a concept of how advogato's web of trust works or the theory behind it... but it just "feels" like there isnt something right. Should there not be a negative setting along with the positive ones (master, journeyer, etc)? Shouldnt it take a few people declaring you master to become master? I'd also think that there should (maybe there is?) a way to determine how much trust is placed in a person. If a couple hundred people certify a person as a master, that master should be more trusted qua master than someone only barely ranking as master. Then again... maybe i dont know what i'm talking about :)

some more thoughts, posted 30 Jul 2000 at 02:09 UTC by edw » (Apprentice)

Then again... maybe i dont know what i'm talking about :)

If we are to take this system at face value, perhaps we shouldn't pay attention to what you're saying until someone "certified" as a master agrees with you. And then we'll forget that you said it first and heap praise upon the master, thereby increasing the master's status.

The point of the certification process is becoming increasingly lost on me as well. What am I supposed to do with this certification information? Should it matter to me that you're an apprentice (green) and not a master (whatever color that is)? I would much prefer something closer to a collaborative filtering greyscale killfile. Each post might have a widget associated with it, allowing me to rate the post (and by extension) the poster. It might be interesting to show my rating of the person along with the composite rating from the general user community. Such a scheme would be useful (allowing users to easily spot people that they consider to be trolls or geniuses), as opposed to the current implementation, which seems to do nothing but feed people's vanity.

The key thing to remember is that we're not coding here, we're communicating, and an evaluation of the ideas being communicated and the effectiveness of our communication is much more relevant than how much someone has contributed to an open source project, which smacks of petty adherence to ideological purity.

Re: some thoughts, posted 30 Jul 2000 at 02:29 UTC by ahosey » (Journeyer)

In response to Zach's thoughts, I'd like to refer to my diary of 28 July about requiring two certs from a senior before being promoted. I also really like Zach's idea of negative certification.

some more^2 thoughts, posted 30 Jul 2000 at 02:29 UTC by ZachGarner » (Observer)

The key thing to remember is that we're not coding here, we're communicating, and an evaluation of the ideas being communicated and the effectiveness of our communication is much more relevant than how much someone has contributed to an open source project, which smacks of petty adherence to ideological purity.

As things are right now, i'll agree with that. But right now advogato, despite status being tied to contributions to open source (or at least attempting to be tied), seems to be largly disjoint with actual open source development. I dont think that is good. In my opinion, something like this would be great if subcommunities were allowed to form. I'm interested in Artificial Intelligence (AI). I'd like to know who else is too. And from there follow their diaries, perhaps be able to participate in group discussions with other AI members. Find out whats going on (news for AI group Members, bookmarks), find out what projects are being worked on in this area, and be able to grow as an Open Source AI developer by being able to interact with Open source developers with the same interests. Right now, discussion centers around the news (slashdot style); discussion should center around the community.

This site doesnt facilitate a real apprentiship, but i feel that it should. Right now, i have no real way to get in touch with a Master to guide me in my ways unless the Master decides to post his email and i bring the discussion off site. I cant tell what projects are important ones. Currently, advogato status system seems like, as you said, evaluating communication (posts), and a different model of moderating user comments than what we see at slashdot. When viewed like that, the system isnt that great.

(just a note: I wouldnt waiste my time here if i didnt like advogato and hope that it succeedes. I'm just offering my opinion at what I think the site should evolve in to)

My thoughts, and a new problem, posted 30 Jul 2000 at 03:03 UTC by miniver » (Journeyer)

To quote from my diary here's what i wrote about this yesterday:

One of the problems with the current web of trust is that no provision is made for people who have been long term users and advocates of open source software, but who are not in a position to actively contribute to open source projects, either due to time commitments or perhaps professional obligations (NDAs and IP restrictions are an unhappy fact of professional programming). Thus you have people who have legitimate and well-thought-out opinions who have a desire to express an opinion, but no foundation from which to start. Someone in that sort of position may choose to certify others who seem to be in a similar position, in the hopes that someone else will certify them back.

Another problem is that level of skill is intermingled with level of community support. Someone who is an expert developer, but whose work has all been on proprietary projects, wouldn't qualify as an apprentice here, but may have useful insights that would otherwise go unspoken. A number of my professional associates would fall into this category -- expert programmers, but little familiarity with or support of Open Source Software. I think that if they're interested, their voices should be heard here.

Speaking for myself, I've been a Linux user for over 4 years, and a strong OSS supporter for much longer than that, but my jobs have often left me working outside of OSS circles (eg: proprietary databases and vertical applications). My current job is (now) completely wrapped around OSS tools, and the company intends to release the results of my work as Open Source, but they (1) don't really understand the implications of open licenses, and (2) are again developing vertical applications (there's not a large amount of demand for data collection base stations for most users). In practice I've contributed a little bit (bug fixes, ideas, etc) to many of the packages that I've been using as a base for my development, but my biggest contribution to OSS is advocacy -- both within the company that I work for, and among the government agencies that my company interacts with.

My previous job was as a technology analyst for MITRE and I spent most of the two years I worked at MITRE as an Open Source advocate, including arranging for Eric Raymond to speak to MITRE about Open Source Development on two occasions. I still keep in touch with my Open Source contacts at MITRE -- I'm still an active participant on one of MITRE's internal mailing lists, but again it's all advocacy.

On the other hand, I've been working with all levels of computers (from mainframes to embedded systems) for over 20 years. As a software engineer, I am an expert, but as an Open Source Developer, I would barely score as an apprentice.

Currently I'm certified as a Journeyer -- probably a sensible category for me overall, but not descriptive of my direct contributions to Open Source Software (apprentice might make sense there), nor of my overall skill as a programmer (expert). When I signed up, I certified myself as an apprentice, but someone else apparently felt (on the basis of my personal profile and diary) that I was more deserving. Go figure.

So -- what to do about it? I don't think that just adding another certification ranking (eg: advocate) would work, though it might make sense to classify people in more than one category (say: developer, advocate). Thus Eric Raymond might be categorized as a Master Advocate and a Journeyer Developer (no offense Eric -- you can razz me the next time you show up at one of my parties). How would certify Bill Gates if he chose to join Advogato? For that matter, how would you know if it was really Bill Gates?

So, I have lots of opinions, some questions, and few answers. Sorry...

Since that time, I've had someone (I'm not saying who) email me requesting that I lower my certification for a another person, since the first person seems to feel the second person isn't sufficiently committed to The Revolution. Now I'm pissed. I agree with edw's comment: we're talking here, not building.

Perhaps the certification level should be a weighted average, and not a max() function?

Re: a new problem, posted 30 Jul 2000 at 05:02 UTC by ncm » (Master)

miniver wrote:

... I've had someone (I'm not saying who) email me requesting that I lower my certification for a another person, since the first person seems to feel the second person isn't sufficiently committed to The Revolution. Now I'm pissed. I agree with edw's comment: we're talking here, not building.

That was me. The person whose cert I was suggesting he change was deven, whose qualifications according to the specs do not come close to satisfying the requirements for his requested "Master" status. (Neither do mine, I might add.) Frankly, I found deven's request for Master certification nauseating: just about everybody else who has contributed anything of substance to Free Software cared enough to overcome all the same hurdles that served as excuses for this person.

It appears that deven was promoted to "J" solely on the strength of miniver's "vote", as he called it.

None of us has any more time in a day than any other, but some people use it to make a difference. I can't claim to be one of those who do, compared to the leading lights here, but I knows 'em when I sees 'em.

(I'll take the opportunity again here to excoriate those who certified the fraudulent rms account on the basis of nothing more than the initials, evidently without even reading the grammatically incorrect "notes" on the account.)

Still, I agree the certification system needs work.

A few comments, posted 30 Jul 2000 at 05:12 UTC by raph » (Master)

Thanks to everybody with feedback and ideas.

My personal feeling is that the certification system generally works like it's supposed to, but is of course far from perfect. As I pointed out in my diary entry, the more certs people put in that don't match the cert guidelines, the less the trust results are going to make any kind of sense. I don't think there is or can be any technical solution to people not RTFM. Incidentally, even though I don't say this explicitly in the guidelines, I think that somebody clearly not playing by the rules is a good reason to remove their cert, even if they do technically meet the criteria.

I am planning on tightening the trust metric so that it takes more certs to attain a higher level. In fact, I have some code from lkcl for that that I just haven't gotten around to integrating yet.

Right now, my time is very crunched, and I don't have anywhere nearly the amount of time to garden Advogato that I'd like. I'm not apologizing for this - virtually all of my professional time right now is spent building pieces of much-needed free software infrastructure, rather than just talking about it. For me, time spent on this website is equivalent to hanging around the water cooler, or, in the development phases, sprucing up the break room.

But there is one feature, speaking directly to people mentoring others, that's high on my list, which is the oft-discussed "drafts" feature. I've written about it before (and am feeling too lazy to find the link), but basically it replaces the whole "post directly to the front page" thing with a queue for holding drafts. Any Advogato member can then read the drafts in the queue and is encouraged to constructively criticize it. It's then up to the original poster what to do - abandon the post, post it as-is, or revise it.

To me, this mechanism will allow a form of mentoring, specifically helping people with their written communication. I feel that's an essential skill for software development, and free software in particular.

The current form of Advogato is not the be-all or end-all of anything. There are a lot of shortcomings I'd love to fix if I knew how and had the time. There are lots more things I'd like to try and see which ones really work. In time, hopefully, I'll get to a lot of them.

I am in the early stages of developing a new site, with a business story this time but still very much a public service and using the trust-metric technology developed for Advogato. With luck, this new site will increase the amount of "juice" available for development of the mod_virgule codebase. As I said above, I have pretty limited time to work on the site, so I'd welcome clued, capable help. Get in touch if you might be interested.

Lastly, thanks to everyone who comes to Advogato and contributes so vitally to the discussion. The site would literally be nothing without you.

Abused definition of "web of trust", too, posted 30 Jul 2000 at 19:09 UTC by ncm » (Master)

Completely aside from abuse by certifiers of the published definitions and Raph's probably improvable choice of summing algorithms...

I've realized that what really bothers me about this "web of trust" is that it abuses the term itself. Zimmerman invented "web of trust" as an alternative to schemes that rely on a central authority. In Zimmerman's scheme, each individual is the central authority, and anybody else's status depends on how much that individual trusts the certifiers. "One mans Master is another man's Apprentice."

Advogato's "web of trust" returns to the central authority, and is demonstrating precisely the abuses that any scheme based on central authority is heir to.

Actually implementing a Zimmerman-based web of trust here might be computationally intractable. Might not be, though, if computed lazily enough. Probably, pages that show a lot of names couldn't be colorized properly, but does that really matter?

I would like to see an annotation indicating the difference between how you rated a person and how the rest of the people you have certified rate them. As somebody gets more experienced and accumulates better ratings, you will notice that your own cert is getting out of date, and that maybe you'd better re-evaluate.

Another helpful annotation would be a confidence level for each rating: how many steps away from your direct rating did the system have to go to compute the rating? If ratings were so annotated, you would have incentive to cert lots more people, to improve the confidence rating on new names.

certification, posted 30 Jul 2000 at 23:40 UTC by pcburns » (Journeyer)

I think the trust mechanism used here has actually two mixed up parts. One part is the level of confidence you have that an account is really operated by the person they claim to be. The other is the level of skill of the user of the account. I'm not exactly sure what type of skill - coding, collaborating, writing diary entries?

It would be nice if two parts of the trust metric could be separated.

The most important part is the authenticity of the account. This is the part that should be used to judge whether an account can be used to post or respond to articles.

The level of skill is simply an indication of the user's status in the community.

Certification, again, posted 31 Jul 2000 at 05:23 UTC by ncm » (Master)

Unlike most of the people who complain about Raph's system, I don't have much problem with his definitions. Yes, they can be deconstructed to conflate two unrelated criteria. I claim that doesn't matter: it rates what it rates. If only people would observe the definitions, and not just strike out blindly with their own contradictory definitions, then it would have a coherence of its own.

No, it is not supposed to measure "skill". It is supposed to measure degree of contribution to Free Software. Yes, skill helps one to make contributions, but diligence and experience also serve. Having contributed is admirable; wishing you had is worse than worthless. Most who have contributed overcame difficulties at least as great as yours. Paid jobs maintaining Free Software are a spanking-new phenomenon, for the most part.

Some people complain that it creates a caste or "old boys' network". Castes are imposed by society, where Raph's categories are completely under your own control. Contribute more, and you (probably) have higher standing. We don't give a shit about "potential" in the Free Software community; our watchword is "show me the code!". "Showing code" is all it takes to vault straight to the top.

Re: a new problem, posted 31 Jul 2000 at 10:07 UTC by cannam » (Master)

ncm:
> do not come close to satisfying the requirements for his
> requested "Master" status. (Neither do mine, I might add.)

Nor mine. It's rather flattering to find I have a "Master" cert, but it's
also slightly embarrassing on the back of only one such recommendation.

> Actually implementing a Zimmerman-based web of trust
> here might be computationally intractable.

Probably. I'd love to see it though. Maybe what we need is an offline
interactive Advogato-cert viewer. Download the latest cert web, change
the roots and weighting parameters, spin it around and fly through in
glorious 3D. Atmospheric soundtrack optional. An ideal project for any
apprentice who suspects there may be enough window managers
and IRC clients already.

Popularity danger: no more room for inovation, posted 31 Jul 2000 at 10:39 UTC by pliant » (Master)

Just think that if the metric had met the goal to evaluate each people level you would have invented nothing less than a working democraty, where the elected man would be one of the best ones, not one of the most popular ones.

Also think about that what's getting Advogato metric down is also what's currently getting free softwares down. When free softwares, or Advogato, was not so popular, you could have one people have a deap knowledge of what others are, and do, so each one opinion was quite reliable. Now that you have many people, it's not true anymore: popularity is a totally different value, mainly related to how much one talks, and how charming he is.
The big mistake is simply to believe that free softwares is a different human activity, and that since free software involved people are offering 'for nothing' some of their time, they have higher moral values.
'for nothing' is the key mistake: for nothing immediately, would be a better reason, or, it stated as a personal challenge could be another one, or ... this would require a full study, but also higher moral values may be one of the reasons in some cases, it's far from being the all thing.

So, what's really wrong with this ?
The sad corrolary of it is that free softwares grow very poorly. I mean as a all thing. Each individual project seems to grow better and that's what enabled free softwares to compete and beat proprietary ones.
The real problem is that most projects grow from an initial very fast and most time poor design, and then will never be abble to switch to a significantly stronger design.
As a result, the technically only valuable projects are mainly the ones that have their design drawn from the outside, the most famous one beeing the Linux kernel, which was mixing Posix, Minix, and a few very detailled good operating system books. The very popular gnome is mixing Windows with OpenDoc.
For most others, the closed minded apply: the guys will stick to the project and will be unable to deaply change the poor design. This is very normal since deaply changing the design of a software is generally impossible. It has to be restarted from scratch, but most time, even in free softwares area, it does not append.
As a result, there is no room for true inovation here, so it ends with free softwares beeing even more conservative that proprietary ones. As an example, the first truely working emulation software, which is something damned important, was VMWare, and it's propietary while all the free emulators where stick with bad design, so at some point we might have a free VMWare copy, but it will be one more copy.
The final result, is that, on averadge, Free softwares have already moved to the first one, most successfull one, very poor paradigm.

Computing needs inovation, because it's still at an early stage, but Free softwares does not seam to provide any better answer in this area, and it's a huge failure, and it's tightly linked to the fact that it swiched to a popurarity metric, just has Advogoato seams to.

Reactions, posted 31 Jul 2000 at 12:45 UTC by matt » (Journeyer)

I've just got a few specific replies:

edw: You offer many criticisms of the model, then seem to want to intentionally circumvent it; or so I gather from your comments here and elsewhere. Why not create a site of your own based on your ideas, then watch it develop? I'm entirely serious. I'd be interested to see if your model really does work better. Just keep this in mind:

The reason I am here is because there are already places on the web and elsewhere where we can discuss whether or not free/open/etc. software is good. I'd like to think that Advogato is a place where most everyone already agrees with the politics and would rather discuss how to best improve free software by contribution. The diaries are a neat way to see how folks on all levels are contributing, and perhaps learn a lesson or three. This particular article, actually, might even be considered O/T for what I see Advogato as a place for.

Anyway, if it turns out I'm wrong here, then I'll be happy to go elsewhere. There's no implicit right that anyone has to bend a particular site to their will, and if Advogato doesn't match up with what I think it is, then it's a big web, and I'm sure there are other places (and if not, I can create one.)

ncm: We need to have a central authority to operate a site such as this, though. The system itself (articles, projects, etc.) needs to trust someone implicitly before moseying on down the web to determine access rights.

pcburns: I'm not sure we really have a problem with authentication (the much-disputed rms account aside), but rather that people seem to think simply being who you say you are is a qualification for a certification.

ncm (again): It's ironic that you use "old boys network" as you did; when I used it I was expressing my dismay that the cert web was turning into a "here, old chap, you scratch my back and I'll certify you regardless of whether you qualify or not". I can see how those who wouldn't normally fit in to the definitions set forth might see this as a different kind of old boys network, as such.

What does certification truly mean?, posted 31 Jul 2000 at 15:52 UTC by cbbrowne » (Master)

The problem with this certification scheme, just like the PGP Web Of Trust, is that the strength of the scheme depends on there being a common and strong understanding of precisely what a certification means.

  • If, when I certify keys, or Advogato users, I am indicating that I think that the person might exist, and that I'm basically indicating that I agree that the key exists, that's one thing. I rather think that the people that have been getting together to do "PGP Key Signing Parties" are using this "semantic."

  • At the other end of the "intent" scale, I might intend, by signing a PGP key, that I really trust the individual, so much so that I would be willing to be a cosigner on a mortgage.

Those are pretty extreme "ends of the scale," and on the one hand, the contrasts look a little ridiculous.

On the other hand, they nicely illustrate that there can be quite substantially different intents. And if fairly extremely different intents coexist in the same "web," this really invalidates the intent of the web. You have some people that will sign off on anybody whose identity they faintly recognize. (Which is essentially the "abuse" being discussed here.) And others that sign off with "more care." The two certifications don't mean anywhere near the same thing, but the system does not really have a way of either distinguishing or representing the difference.

The fact that that distinction is eminently unclear is the reason why, while I've had a PGP key for years, I have put zero effort into getting hordes of "cypherpunks" to sign off on that key.

Who decides what's a "significant" contribution?, posted 31 Jul 2000 at 19:09 UTC by mrorganic » (Journeyer)

Lots of us do most of our work in Windows, or with in-house stuff that doesn't get into the wider world. And yet many of us use OSS tools, procedures, and philosophies to guide us in our programming efforts. The certification process on advogato amounts to little more than a high-school clique -- people are certified on name-recognition or personal friendships, not on any objective evaluation of their contributions to the OSS community.

I keep a diary on Advogato because it's a handy and persistent place for such a thing, and the diaries are sometimes interesting. But as far as "certification" goes...feh. Let the packet monkeys certify each other as Master all day long. It doesn't change anything. When I need some green kid fresh out of school to validate my efforts, I'll hang it up and go into the grain-and-feed business.

If anyone is interested in a more detailed view of this, I'll be putting it into my diary entry for today. Look for it later.

high schoolish?, posted 1 Aug 2000 at 19:19 UTC by mjs » (Master)

Yes, Advogato is kind of cliquish, but I think it's possible to do certifications conscientiously. I personally have tried hard to certify people on the basis of contribution, not name recognition, for instance.

Bah, posted 1 Aug 2000 at 23:44 UTC by dancer » (Journeyer)

Bah. Cliquishness will happen wherever it can. Humans do that wherever they can, it would seem. Also everyone applies their own definitions and rules to certification. I find it frustrating, annoying, and - if I am to be honest - purely intriguing.

It's interesting to watch the dynamic playing itself out. Look upon Advogato as a self-organising network with people instead of neural nodes. Mmmm. Tasty.

What does certification mean?, posted 2 Aug 2000 at 01:33 UTC by miniver » (Journeyer)

I liked dancer's certification scheme; it mostly matches mine, except that I do give a little more credit for experience. When I consider certifying someone, I read what they've written here in their diary, (we need a way to search article's for what someone has written, too) then on their web pages, and I check to see if they've done what they say they've done. That's harder for some people than for others. I've certified a lot of Apprentices, and a couple of Journeyers, and I'll continue to do so. I don't think that Observers add much to the discussion, so if I think someone has enough experience both with programming and open source, I'll give them the benefit of the doubt and certify them as an Apprentice. If someone has plenty of certs, they don't need one from me.

If someone's behavior, writings, and attitude don't merit my certification (agreeing or disagreeing with me has nothing to do with it), I'll lower my certification, but not because someone else demands it. Certification is nothing more than a measure of one person's opinion; the web of trust metric is (should be?) intended to measure the value of a group of opinions, not just a that of a single person. If you don't like my opinion, feel free to try to convince me to change my opinion, or, better yet, convince Raph to change the metric -- that would probably be easier and faster than trying to change people's behaviors.

Perhaps the metric needs to act more like a double-depth neural network, where too many overcertifications (or undercertifications) count against the certification of the certifier. e.g.:

If I certify someone as master, and many other people certify that person as an apprentice, then (1) my master certification should be ignored for that person, and (2) the overcertification should count against my certification. Too many overcerts and my certification gets revoked or downgraded. That in turn would reflect back upon the people who have certified me. If I choose to modify my certification to match the majority, that should neither count for or against me, or you'll set up a feedback loop where people will be afraid to try to increase someone else's certification level.

Over time, this would become a self-correcting brake against the sorts of abuses that ncm is worried about. The puzzle intrigues me, but unfortunately I won't have the time to look into it this year -- too many other problems that I'm getting paid to solve, and AI isn't my specialty.

Newbie analysis, posted 2 Aug 2000 at 13:35 UTC by pmitros » (Observer)

I've only used Advogato for 2 or 3 days so far, so I could be completely off, or wrong about what advogato is trying to do... But anyways, here's an attempt at an explanation:

There's a very strong tie to ego. The certification levels have no practical use (few people actually pay attention to the color of posts, and it makes no difference in what you can and cannot do right now). People mostly want to be labeled master purely for prestige. A system based purely on vanity is a guaranteed way to lead to abuse and problems.

The system actually appears almost designed to do this. The word 'Apprentice' is insulting while 'Master' quite, well, overinflated. You get these little wars where one person labels another person Apprentice, the second person labels the first person back (I saw this between alan and nwv when browsing the site). The names of the labels seem almost designed to encourage this.

You've got a lot of other things leading to this problem. Certs are publically viewable, and you know people will see your advogato page (if nothing else, if they do a web search for your name).

On the other hand, the system almost forces some number of miscertifications. First there's the lack of flexibility. There are plenty of master coders who have so far contributed very little to the community. These guys will get insulted at being labeled an Apprentice. We *really* would like to be more inviting to newcomers then that (that's what nearly killed NetBSD). Likewise, someone who can barely code at all may still contribute to the community otherwise (some would put ESR in this category), and it'd be good to acknowledge those people appropriately as well, instead of misgrouping them either too highly on skill or too low on contribution.

Likewise, many of the people certifying don't know everything about a person. When I first created my account, almost immediately, two people marked me as Apprentice (one who knows me only a little, and one whom I had never heard of). My gut reaction was to be insulted. After a day or so, I realized that I was wrong. Someone had probably seen my name in a patch somewhere, knew nothing about my skill or other contributions, and so they labeled me based on what they knew. It should be fair for to mark people as "I know they're at least an [I hate this word] Apprentice," without implying "they ain't a Journeyer."

Just the insane ramblings of a half-awake lunatic....

I don't know where to begin..., posted 3 Aug 2000 at 21:44 UTC by deven » (Journeyer)

There is so much wrong here, I just don't know where to begin. Moveover, I have to catch a bus in 5 minutes, so I can't get into it right now.

ncm: I found your remarks rather offensive (so we're even), particularly the remark, "just about everybody else who has contributed anything of substance to Free Software cared enough to overcome all the same hurdles that served as excuses for this person." Really? Did you have to overcome the death of your only child? It's been over a year since my daughter died, and I'm only now starting to get my life back together from it. I have a new daughter now, 11 weeks old today. I love Free Software, but I love my daughter more. You expect me to neglect my daughter to make the maximum possible contribution to free software? I think not.

Moreover, you seem to be reading too much into things. I didn't request Master certification. That was my best attempt at a self-assessment with a poor metric. (However, I've changed it to Journeyer as a conciliatory gesture.) Also, I wasn't making excuses; I wasn't aware I was supposed to defend myself to anyone. I was explaining why my visible contributions are meager as yet. I didn't mislead anyone, and I didn't ask anyone to certify me in any way. I just posted a diary entry and rated myself, that's all.

If you want to complain, how about niemeyer? He just joined today. For all I know, he could be a genius, or he could be a novice. His diary entry only says "I've just created my account in advogato. I'll try to bring here updated information on my activities in the free software community." Yet claudio certified him as a Journeyer. He's now ranked the same as I am, on the basis of a single vote. At least I posted a long diary entry before that happened.

Get off my back, okay? (Great, I think I missed my bus...)

Web of accountability, posted 3 Aug 2000 at 22:58 UTC by jeorgen » (Apprentice)

I'm new here so the below is neither criticism nor praise for Advogato. It's just an idea.

Web of trust is not new. There are many organisations (non-profit) that uses some kind of web of trust outside of the Internet: Associations and public service for example.

In order to keep these webs in check there is for example (in an association) an open debate as to why certain people are elected to the board, their merits are presented, discussed and weighed.

In public service some countries have a principle of publicity, where all documents and communication is open for scrutiny from anyone who requests it.

Maybe a written motivation should be required for why a person on Advogato is at a certain level?

/jeorgen

No whining, please., posted 4 Aug 2000 at 09:03 UTC by ncm » (Master)

This is in reply to deven's comment, above.

It's very sad that his child died. I would be devastated if my daughter died, especially from something so preventable. Still, I suspect that many more of the participants on these pages have suffered personal tragedies than mention it -- or use it for debating points! (To me, it would be a private thing.)

(Still, it is very, very interesting to learn of another case of SIDS (sudden infant death syndrome) immediately after a vaccination. You can imagine how angry I was when our (former!) pediatrician shot my daughter up, against my direct and repeated instructions, the scumbag. There's an article in the New Yorker this week about actively incompetent doctors, and how nobody is willing to do anything about them until they've killed or maimed dozens, or hundreds.)

We don't mind if deven misses his bus, or catches it and writes later.

We don't mind if he uses Free Software for many years and never gives anything back; Free Software, after all, is all about freedom. But it's hard for me to imagine how somebody who has never done anything for Free Software can claim the same credibility as those who have been giving back for years. They don't get any more hours in the day. They don't get a better selection of employers to interview with. Their lives are as filled with frustration and tragedy as anyone else's. They earn their credibility the hard way, day after day, year after year, giving when they can afford to, and not whining when they can't.

Thus, when he says "You expect me to neglect my daughter to make the maximum possible contribution to free software?", the answer is, "No, we don't expect anything. But you might do a little something before you waltz in and declare yourself a Master, or even a Journeyman, cutting ahead of those who have already begun to pay their dues."

Finally, it appears that niemeyer is personally known to his certifier, and that's the best basis for certification I know of.

I don't post this to be argumentative. I really don't want to pick on one person; he just presents such a good example. My purpose is to explain to newcomers just what it is about his attitude that makes it the opposite of what those of us who have been doing Free Software for a long time respect.

You're still missing the point., posted 4 Aug 2000 at 22:08 UTC by deven » (Journeyer)

When people start talking about a "web of trust", I assume they're using it in the sense that PGP does. With PGP, each user is of utmost importance in their web of trust. I don't care if you've got 100 well-known names on your PGP key claiming you are who you say you are. If none of those 100 names are in my web of trust, those 100 signatures are worthless. You might have generated all 100 keys and put well-known people's names on them. If there's not a path I trust from me to you, then I don't know you from Adam, as far as PGP goes.

With PGP, it's simple and straightforward, and people still get confused by the "web of trust". They wonder what it really means when you sign someone's PGP key. Does it mean you've heard of the guy and recognize the name? Does it mean you'd co-sign a mortage for him? No, it means that you are as certain as you can be that the key in question belongs to the person in question, nothing more. It's an assertion of identity, that's all. You might loathe the person, yet vouch for their identity if you're certain of it. You admire the person, but you shouldn't vouch for their identity if you're not certain.

That's why people have "PGP key signing parties", because it makes it easier when you get a lot of people in a room, look at driver's licenses and other typical real-world identity tokens, double-check the fingerprints on the keys, then sign each other's keys when you're sure you've got the right person with the right key. (Granted, someone could have a fake driver's license, but it still brings the PGP signature up to the normal level of real-world identity verification.)

Now, with Advogato, people describe it as a "web of trust", but it's really quite different. If it were really a web of trust, and people really understood that and believed in it, you wouldn't have questioned my self-certification. You might not have believed it, just as I might not believe your PGP key is yours if it's not in my web of trust. But you wouldn't have any reason to question how anyone rates themselves, or complain about it, because you would know that in your web of trust, I would be rated as an Apprentice unless you (or someone you already trust more) rated me higher. It wouldn't matter.

The very fact that we're having this discussion at all indicates that Advogato is (unintentionally, I think) deceiving people when using words like "web of trust" when it's actually a top-down hierarchy. And yes, that's exactly the environment that a "good ol' boys network" thrives in, because the "good ol' boys" usually find their way to the top of the hierarchy somehow. Newcomers are inevitably at a disadvantage. Don't get me wrong; "good ol' boys" don't necessarily make bad choices, but it often does turn political in some fashion. If you really want a meritocracy instead of politics, someone should look for a way to make this a real web of trust. The most influential people will remain influential; people like Alan and Miguel will rank highly in almost everyone's web of trust.

A different question (but important) is whether or not it would be computationally tractable to do. If the algorithms are too expensive, requiring too much recomputation (especially as the userbase grows), then maybe it would require a new algorithm. I don't have an answer to that; I don't even know how efficient the current algorithm is. It may even be that a more tractable algorithm (which may or may not be as "correct" as the current one) would run counter to the research goals raph has for this site. If that's the case, maybe someone else would have to experiment with alternatives on another site.

However, I think the main problem here (apart from using a top-down hierarchy) is that Advogato is trying to represent a number of orthogonal concepts using only one over-simplified rating. Hence, confusion results and disputes break out because the ratings fit very few of the possible combinations of the orthogonal concepts. People have to select one of the concepts (the one they are trying to represent) and ignore the conflicting ones. That's what I had to do. I chose to focus on the skills aspect of the rating, and I do believe my skills are far above average. I figured it would take a long time to convince other people of that, but it felt like it would be false modesty to underrate my skills.

Let me try to list a few of the orthogonal concepts that people seem to want this single "certification" metric to convey (in no particular order):

  • Level of programming skill.
  • Willingness to contribute to free software.
  • Amount of time available to contribute to free software.
  • Amount of effort expended in the cause of free software.
  • Level of contribution to free software projects.
  • Responsibility for "significant" or "important" free software projects.
  • Status and respect within the free software community.
  • Leadership.
  • Mentoring ability.
  • Willingness to mentor others.
  • Writing and communication ability.
  • Understanding of the "big picture" (visionary scope).
  • Likeability and political astuteness. (The "good ol' boys" factor.)
  • Identity. (Is rms really the Richard Stallman? He's got plenty of Master certifications; surely it must be so!)
  • Trustworthiness and ability to certify other people in these metrics.
  • Valid participant in discussions rather than spammer or troll. (Arguably, this is the real metric for which Advogato exists; it was created to test resistance to abuse as a research experiment, right?)

While various combinations of these often go hand-in-hand, evident contradictions are equally common. Trying to represent so many things with a single metric is a hopeless task, and nobody should be surprised when there's disagreements about it. The single rating is a vast over-simplification, and inevitable confusion. Ideally, each of the concepts above should have separate metrics to avoid this sort of confusion. (Like making a real web of trust, this may raise questions of whether it would be computationally tractable, but that's another issue.)

Based solely on the amount of my own code found in released free software, I should be ranked as an Apprentice. However, the definition given for an Apprentice says "An apprentice is someone who...is still striving to acquire the skills..." I'm not still striving to acquire the skills to be able to contribute to free software. While I'm constantly acquiring new skills, I already have plenty of skills to contribute, and I'm already an excellent programmer. (I've been acquiring programming skills for over 20 years now.)

I'm striving to find the time to make significant contributions, not the skills. I would love to be paid my current salary to stay home all day and work on free software. I'm not lucky enough to be in that situation. (Unfortunately, the situation on my previous job made it impossible to work on free software at all.) Also, I have a project that may become free software soon. It's over 10,000 lines of robust C++ code, and would hopefully qualify as a "significant" contribution to free software. (I think I may post an article to try to get some discussion about the pro's and con's of releasing it now versus waiting...)

To suggest that I've never done anything for free software is inaccurate. I've said that my visible contributions have been small as yet. I'm finally in a job where I'm not prohibited from contributing. Even when I couldn't contribute code, I've often contributed (good) bug reports (often after a lot of debugging on my own). I've also spent 13 years advocating free software. Since I haven't been highly public about it, there's no reason for you to have ever heard of me. Eric Raymond, on the other hand, is highly regarded primarily for his role as an advocate, because he's very public about it (and good at it). Don't assume I've done nothing for free software just because you haven't seen it personally.

I certainly hope niemeyer is personally known to his certifier. And I hope it's a good assessment. I don't know, so I haven't made any assessment of my own. Did you stop to wonder if maybe miniver personally knew me before complaining? (No, I don't think he did, but he could have for all you knew.)

I haven't asked for any special treatment. I haven't mislead anyone. I expected to have to earn respect in the usual way, over the course of time. I still expect that. But I don't appreciate being used as an example of the "abuse" of the system when the system itself is broken. By doing so, you've set up an artificial barrier for me that makes it that much harder to have a chance to earn any respect. Mischaracterizing everything I do ("requesting status", "making excuses", "whining", etc.) only exacerbates the barrier you've erected for me. What did I do that was so heinous to deserve these personal attacks from a stranger?

Offtopic: About my daughter., posted 5 Aug 2000 at 17:19 UTC by deven » (Journeyer)

I didn't mention my daughter in my last post because she wasn't relevant to my point, which was that the system doesn't (and can't) serve the purposes people seem to want it to serve. (It may, however, serve the purposes Raph wanted.) The only reason I mentioned it earlier under this article is in response to your rather callous dismissiveness about the "hurdles" everyone has to overcome.

The reason I mentioned the death of my daughter in my diary entry is because, like it or not, it has necessarily become part of who I am (a parent who has lost a child), and I was trying to introduce myself to the community. It wasn't an "excuse"; it's a hard reality. If it makes you uncomfortable to hear about it, don't expect too much sympathy from me. I have to live with it for the rest of my life.

I've overcome plenty of hurdles in my life, but overcoming the death of your child is orders of magnitude worse than anything you can imagine. The only reason my wife and I didn't kill ourselves soon after our daughter died was because we didn't want our parents to go through what we were going through. Life is much better now that we have another daughter, but we'll always miss our first. No parent should have to bury their child, at any age.

As for the risks of vaccination, my wife and I have done extensive research on the topic. While it's controversial, I've come to the conclusion that most doctors, and especially those bureaucrats making the recommendations (who have financial ties to vaccine manufacturers), cannot be trusted. Mass vaccination is an irresponsible social experiment. We screw with Mother Nature at our own peril. What happens if the chicken pox vaccine wears off after 10 years like others do? We'll have teenagers who avoided the disease as children (when they could handle it) contracting it in their teenage years when it's much more dangerous.

I could go on for hours about the things I've discovered, things which are well-hidden from public view, and ridiculed when noticed. However, the whole debate is very off-topic for this site. (Besides, I don't want to spend the time at the moment!) If anyone is interested in more information, send me email and I'll try to help you. Otherwise, I don't want to pollute these discussions with information so far off topic. (Maybe I'll post information in diary entries; nobody has to read those if they're not interested...)

Still not right..., posted 6 Aug 2000 at 06:39 UTC by ncm » (Master)

Deven raises some interesting points, but continues making a good example of himself. (I'm sorry he thinks I am picking on him; most people would have stopped to think things over by now, and wouldn't be demonstrating my points, over and over, so usefully.) What he says is worth responding to, for its educational value.

First, although Raph calls it a "web of trust", it isn't, in the Zimmerman sense (except from Raph's point of view!). That is evident to anybody who reads the definition. Thus, anybody who "assumes" otherwise is clinging to a falsehood. That is a problem with those individuals, not with the system. Personally, I'd rather it was more like a Zimmerman web o' trust, but not enough to code it myself, so I'll live with it as is.

Second, there is no problem with the certification combining two functions: when you look at the buttons you have two choices: a rating, and a choice of whether to certify at all. If you don't know enough about the person to certify his/her skill level, you don't press the button. Simple. Each person either certifies or doesn't, and that tells us as much as what level they chose, if they did.

As for the list of "orthogonal concepts that people seem to want this single 'certification' metric to convey", that list cannot be derived from Raph's definition. About all Raph can do about people deliberately ignoring his definitions is to hope that enough other people will honor them that the noise doesn't drown out the signal. (This has mostly been achieved, except where Gnome Project members are involved.) People who object to his definitions are welcome to build their own site and use their preferred definitions and see if anybody agrees. Raph's definition tries to reveal and reward skill demonstrated in real contributions, not hypothetical potential to contribute if one could only get around to it.

He goes on

"I'm not still striving to acquire the skills to be able to contribute to free software. ... I already have plenty of skills to contribute, and I'm already an excellent programmer. ... I'm striving to find the time to make significant contributions, not the skills."

Probably deven has developed his coding skills over the years, although it's impossible to tell without seeing his code. However, evidently he is lacking the time-management and other skills that other people who have actually contributed significantly have learned. To deny the importance of such necessary skills (and blame circumstances instead) bodes ill for learning them...

He says, "Don't assume I've done nothing for free software just because you haven't seen it personally," citing his Eric-Raymond-like advocacy work and his careful bug reports. Those can be valuable things. However, they don't qualify for Raph's definition: "A journeyer contributes significantly to an important free software project, or is the author of a useful or technically innovative project."

He claimed Master status on the basis of his "skills" which have thus far failed to result in any significant contribution to the Free Software corpus, in direct violation of the definition. Claiming "Journeyer", also in direct violation, is little better. It reeks of arrogance. It says, "I haven't done anything much, but if I ever got around to it I'd do it better than you lot of Apprentices!" Prove it by contributing something tangible, and you'll have no need or inclination to say that.

Now, if deven has some code about ready to contribute, he might come to qualify objectively for Journeyer status, by the definition, and quickly. Claiming it beforehand is clearly jumping the gun. Do it and then claim credit.

He asks, "Did you stop to wonder if maybe miniver personally knew me before complaining?". It wouldn't matter: non-participation is non-participation. Knowing that might have given miniver a basis for certifying deven as Apprentice, if he cared to be scrupulous about it, but miniver has confirmed that he did not care for scruples. We now know something useful about miniver. (This is an example of a third variable that may be sampled by Raph's system.)

The reason the certification system can usefully measure more than one dimension is that for each person there are many numbers, not just one. The list of who you certify, and how, tells as much as who has certified you, and how. (It might be good for the aggregate sum to take that into account.)

In summary, deven has not demonstrated that, as he puts it, "the system itself is broken". It is what it is, albeit not what he wishes it were. After he has really done something, if he ever does, he will appreciate that it favors them who have. Is it elitist to favor those who have done over those who talk about it? Anybody can do, if they care to, and be favored. That's the opposite of elitism.

Finally, I haven't set up an "artificial barrier" to deven's acceptance. Deven, or anybody, can contribute code any time he chooses to, and earn acceptance, no matter what I say or have said.

Arrogance, posted 6 Aug 2000 at 16:01 UTC by miniver » (Journeyer)

ncm writes: He [deven] asks, "Did you stop to wonder if maybe miniver personally knew me before complaining?". It wouldn't matter: non-participation is non-participation. Knowing that might have given miniver a basis for certifying deven as Apprentice, if he cared to be scrupulous about it, but miniver has confirmed that he did not care for scruples. We now know something useful about miniver. (This is an example of a third variable that may be sampled by Raph's system.)

Nathan ...

It's obvious that you have no respect for Deven, and you have no respect for me either as an individual, or as a contributor to the community. Fine. But now you question my scruples.

I think I have written enough on this thread, and in my diary, for people to understand the basis for my methods of certification, and how I've applied it in every certification I've made. I've been as up-front and honest about it as possible, and with the solitary exception of you I have had no complaints about the certifications I've made. I'm not claiming that I'm a member of the majority, but then again, I never did. I never asked you to agree with me about my methods, but I never lied about what I was doing, how I was doing it, or why I was doing what I've done. You don't have to agree with me, but you can't call me unscrupulous.

I think that the point has been reached where you might want to reconsider exactly how far you want to push this issue, and just how much support you have. If Raph felt that I was abusing the system, I'm sure he would have (a) sent me email, or (b) posted something to that effect. He didn't and he hasn't, so I feel justified to claim tacit approval. You're the one with the problem, now, not me. I still think your contributions to the Open Source community have been important, but I think your arrogant attitude is going to serve to drive people away, both from Advogato, and from Open Source.

Miniver.

Abused trust., posted 7 Aug 2000 at 02:57 UTC by ncm » (Master)

Although I appreciate miniver's preference to choke off discussion on the subject (and probably would agree, in his shoes) I prefer to post here where everybody can follow the discussion.

miniver wrote:

If Raph felt that I was abusing the system, I'm sure he would have (a) sent me email, or (b) posted something to that effect. He didn't and he hasn't, so I feel justified to claim tacit approval.

This is what I mean about scruples. Raph made himself precisely clear in his definition of the rating levels. miniver has announced his intent to ignore Raph's wishes, and expects Raph to step in and police him. A scrupulous approach would be to write to Raph and get approval first.

Raph is a busy man, and doesn't have time to police the site. He relies on people coming here to act like adults, and to respect his wishes without direct supervision. Of course not everyone will, and the web-of-trust is supposed to limit the damage they can do. (It probably does need a bit of work.)

miniver writes further: "It's obvious that you have no respect for Deven, and you have no respect for me either as an individual, or as a contributor to the community." This is another error: I have full respect for both as individuals. I also have full respect for them as contributors, to the full extent that they have been. When I have posted criticisms, I have been concerned that they were each setting a poor example with their actions, and explained why. This is not a forum for sniping.

miniver has repeatedly posted that adherence to Raphs's certification definitions had something to do with "fervor for The Revolution". This is disingenuous. The ratings are concerned with concrete contributions -- doings. The word "fervor" never appears, literally or otherwise. (This is another place where it seems appropriate for me to mention scruples.)

miniver likes to post complaints about unnamed "fanatics". I suggest we are better off without name-calling. There's no room for it in mature discussion.

Finally, miniver's fear that my own postings might "serve to drive people away, both from Advogato, and from Open Source" worries me not at all. Advogato is having no trouble whatsoever getting members who are top contributors to Free Software, and others who have begun to make solid contributions. (You know who you are.) The rest are welcome to "Observe", and to learn, and to become active contributors. That's what the site is for. Anybody can be respected in this community, if they only do something.

Those who haven't done anything yet, but resent the label "observer" or "apprentice" are precisely the noisemakers the system was designed to filter out.

Orthogonal concepts folded into "certification" metric..., posted 8 Aug 2000 at 17:05 UTC by deven » (Journeyer)

ncm wrote:

As for the list of "orthogonal concepts that people seem to want this single 'certification' metric to convey", that list cannot be derived from Raph's definition.
On the contrary, most of the points on that list were either stated or directly implied by Raph's definition.

Let's take another look at that list:

  • Level of programming skill. This one is obvious and explicit. "A Master has command of the tools and is an excellent programmer." - "A Journeyer is generally a competent programmer, [...]" - "An apprentice [...] is still striving to acquire the skills [...]"
  • Willingness to contribute to free software. This is also obvious. "A Master is the principal author or hard-working co-author of an "important" free software project [...]" - "A journeyer contributes significantly to an important free software project, or is the author of a useful or technically innovative project." - "An apprentice is someone who has contributed in some way to a free software project, [...]" (Implicitly, if someone contributes to free software, they are obviously willing to contribute. Conversely, if someone doesn't contribute, the metric can't indicate whether or not they're willing to.)
  • Amount of time available to contribute to free software. This one is also explicit. "Generally, a Master works equivalent to full time (or more) on free software." - "While not necessarily the equivalent of full time, a Journeyer spends a significant amount of time on free software." - "An Apprentice spends a significant amount of time learning the craft of software development, whether by hands-on practice, academic study, or careful observation." (This is presumably in preparation for making contributions.)
  • Amount of effort expended in the cause of free software. This one is implicit in all the quotes for the last two points above.
  • Level of contribution to free software projects. This is obvious and explicitly stated in the quotes listed under the "willingness" point above.
  • Responsibility for "significant" or "important" free software projects. Also obvious and explicit, in the "Master" and "Journeyer" quotes listed under the "willingness" point above.
  • Status and respect within the free software community. This is implicit in discussion of "important" free software projects (Important to who? This is a status indicator.) and "Ideally, a Master [...] serves as a mentor to others in the free software community." (Mentors are always presumed to be of higher status and more respected.)
  • Leadership. This is implied by the full quote: "Ideally, a Master writes clearly about the work and its broader context, and serves as a mentor to others in the free software community." These are leadership skills.
  • Mentoring ability. Explicit in "Ideally, a Master [...] serves as a mentor to others in the free software community."
  • Willingness to mentor others. This is implied by the last quote above. (A Master with the ability to mentor others will only serve as a mentor if he/she is willing as well as able.)
  • Writing and communication ability. Explicit in "Ideally, a Master writes clearly about the work [...]"
  • Understanding of the "big picture" (visionary scope). Explicit in "Ideally, a Master writes clearly about the work and its broader context [...]"
  • Likeability and political astuteness. This one isn't from Raph's definitions; I inferred it from the very existence of the discussion at hand. (This one falls under the category of what "people seem to want", but probably not what Raph wants.)
  • Identity. I inferred this one as well, from warnings I've seen that rms is an imposter, coupled with the large number of "Master" certifications that account has. This could also be considered implicit in the design of the system, since any additional value a Master account might have over an Apprentice should not be so easily appropriated. Still, nothing specific in Raph's definitions suggests identity verification as an intent of the certifications. (I would still argue that certifications made based on (incorrect) assumptions about identity can subvert the system.)
  • Trustworthiness and ability to certify other people in these metrics. This is implicit in the design of the trust metric itself: "Thus, certification of Apprentices is computed using all certificates, while Master is computed using Master certificates only." (Accounts certified to higher levels are trusted more for determining the levels of other accounts.)
  • Valid participant in discussions rather than spammer or troll. This is, again, implicit in the design of the system: "The trust metric used in Advogato has a property not known in any previous trust metric: resistance to catastrophic failure in the face of a sufficiently massive attack." Indeed, this appears to be the original purpose of Raph's research, and everything relating to free software appears to be a spinoff.

So, only two of the points on that list were ones which I inferred; all the rest are either obvious from Raph's certification definitions or his writeup of the trust metric. Thus, my contention that the system is inherently broken, because the single metric cannot adequately represent so many independent concepts. (Perhaps 3-5 metrics could come close, but trying to cram so much meaning into one 3-way variable is hopeless.)

So tell me, exactly how have I misinterpreted the definitions to come up with the majority of this list?

Responding to other points..., posted 8 Aug 2000 at 21:44 UTC by deven » (Journeyer)

ncm wrote:

Probably deven has developed his coding skills over the years, although it's impossible to tell without seeing his code. However, evidently he is lacking the time-management and other skills that other people who have actually contributed significantly have learned. To deny the importance of such necessary skills (and blame circumstances instead) bodes ill for learning them...
You're making assumptions again. Why do you assume that I haven't contributed because of poor time-management skills? While lack of contribution can be due to poor time management, it can also be due to other priorities taking precedence. I have a lot of other priorities I'm trying to balance, because I have a lot of interests I'm trying to pursue in parallel.

My time-management skills aren't that bad, although I'm working on improving them. I'm particularly working on organizational skills, so I don't waste valuable time searching for things. (They say most people spend about an hour per day searching for misplaced items! I'd like that time back...) Unfortunately, getting organized involves a significant upfront time investment. (What doesn't?) I just hope the payoff is worth it; my life has been beseiged with clutter for many, many years. That may be a significant factor in "not finding the time"...

He says, "Don't assume I've done nothing for free software just because you haven't seen it personally," citing his Eric-Raymond-like advocacy work and his careful bug reports. Those can be valuable things. However, they don't qualify for Raph's definition: "A journeyer contributes significantly to an important free software project, or is the author of a useful or technically innovative project."
I don't claim to be Eric Raymond, but I have been an advocate for free software (among the people I interact with) for 13 years now. I don't try to do it as a public-speaking sort of thing; it's mostly been in informal one-on-one contexts. And yes, I've contributed bug reports. Yet you suggest these things can't qualify as significant contributions? I quote: "A Journeyer is generally a competent programmer, but significant contributions of documentation, artwork, or other non-code goodies counts too." These things clearly qualify as "non-code goodies", albeit intangible ones.

What makes intangible contributions any less significant than tangible ones? Advocacy can be a significant, indirect contribution. (It can attract more direct contributions from others. ESR is still the best example here.) Yes, a (good) patch to fix any given bug is a greater contribution than any report of the same bug. On the other hand, 20 patches to fix trivial bugs may have only a fraction of the value of a good bug report that isolates a subtle, elusive bug. (Keep in mind that much of the work of debugging is isolating the problem, not writing the code to patch it.) It may be hard to quantify these things, but it's shortsighted to dismiss intangibles out of hand as insignificant. (Can I prove that my intangible contributions amount to any arbitrary level of significance? Of course not. That doesn't prove the converse, either.)

He claimed Master status on the basis of his "skills" which have thus far failed to result in any significant contribution to the Free Software corpus, in direct violation of the definition. Claiming "Journeyer", also in direct violation, is little better. It reeks of arrogance. It says, "I haven't done anything much, but if I ever got around to it I'd do it better than you lot of Apprentices!" Prove it by contributing something tangible, and you'll have no need or inclination to say that.
As I've stated (and backed up), I consider the single metric entirely inadequate to represent what it purports to. Since the definitions seemed about equally split between descriptions related to skills and descriptions related to contributions, I chose one of those basic dimensions (skills) to consider. Perhaps this was a mistake in judgement, but the very names "Master", "Journeyer" and "Apprentice" suggest skills as the primary descriptor. They could have stressed contributions instead, with names like (off the top of my head) "Key Contributor", "Significant Contributor" and "Aspiring Contributor". (Okay, those might not sound as good, but it would change the implied semantics.)

However, I'll agree that "Master" (even if representative of skills) may tend to misrepresent the contribution side of the coin, so I changed it to "Journeyer" as a compromise, on the theory that "Master" (in skills) and "Apprentice" (in contributions) averages to "Journeyer" (being in between). On the other hand, I could try to justify the contribution side of the "Journeyer" definition in terms of intangible contributions, which could still qualify as "significant". (Proving this, of course, would be impossible.)

In the end, I decided to remove my self-certification entirely, since evidently the only level you'd find acceptable is "Apprentice", which I find completely unacceptable. (It misrepresents my skills as grossly as you feel "Master" misrepresents my contributions.) Once I have made tangible contributions that are "significant" (whatever that really means), I may re-certify myself (as a Journeyer). Until then, I'll let others judge, and incur the wrath of the Certification Police.

Since I am no longer self-certified at any level, you should have no remaining reason to object, right?

Now, if deven has some code about ready to contribute, he might come to qualify objectively for Journeyer status, by the definition, and quickly. Claiming it beforehand is clearly jumping the gun. Do it and then claim credit.
I have some code, but there are things to consider before deciding to release it. I'm thinking this might be worth posting a separate article about sometime, to see what other people suggest.
In summary, deven has not demonstrated that, as he puts it, "the system itself is broken". It is what it is, albeit not what he wishes it were. After he has really done something, if he ever does, he will appreciate that it favors them who have. Is it elitist to favor those who have done over those who talk about it? Anybody can do, if they care to, and be favored. That's the opposite of elitism.
Actually, I think I have demonstrated the inadequacy of the single metric quite plainly, especially in my most recent posting. I have yet to see any point-by-point refutation of the arguments I made, arguments based mostly on the definitions Raph gives.

As for what I wish it were, that's the "web of trust" aspect. Yes, I wish it were a real web of trust (in the Zimmerman sense), and I know that it's not. If it's not going to become one, it would help if people would refrain from calling it one; that just engenders confusion. (I think we already agree on this point.)

As for elitism, this is still elitism. It's just that "elite" is defined in terms of contributions. Don't get me wrong; I have no philosophical objection to elitism in general. But don't delude yourself into thinking this is anything but elitism in a different context.

Finally, I haven't set up an "artificial barrier" to deven's acceptance. Deven, or anybody, can contribute code any time he chooses to, and earn acceptance, no matter what I say or have said.
Yes, you have. By singling me out as an example of "abuse", you create a negative impression that I have to overcome to earn any respect. Simply releasing code won't (by itself) counter the impression of "that poser who tried to claim Master status", as you've cast me. That's why I've been forced to rely on debate to counter your slanderous remarks.

It was unnecessary for you to slander me for an honest mistake, and I don't appreciate it. I have no objection to reasoned debate. Why did you insist on making it personal?

geez, REALITY CHECK... please!, posted 9 Aug 2000 at 00:33 UTC by ask » (Master)

Both to ncm and deven...

WHAT are you two guys on? Whatever it is, you need to take either more (or more likely) less of it. My best guess is that your wrong medication is this argument, because it's way out of hand and you seem to both have gotten way too deep into it.

Please do a reality check and see what it is you are arguing about. What it is you are wasting time on. Time that could be used to do something productive and maybe even important for our community.

Advogato is just a online forum where we can meet, share information about what we're doing, observing and thinking about open source software, the communities and related things. It's not more than that. It's not something that should make anyone start calling each other names. It's not a place to talk about anyones death (at least not as part of an argument). Not because it's not something important, but because it's so much more important than ... a simple web based forum ...! geeeez!! How can you mix that up in this discussion?

ncm, while I agree that it doesn't seem like daven have gotten much done in the "open source world" (yet!), then you're not exactly encouraging him. If daven feels like he is doing valuable contributions, or that he will at some point. Then great! There is no reason to put him in a position where he (obviously) will go all defensive about it. Back off. I don't care about what certification he has or what certification anyone else has. I care about getting our projects improved. If you think about it I'm sure you do too. A good way to get to that is to get more motivated people into it. Having useless flamewars doesn't help (especially not when it's over something that doesn't matter).

All your talk about respect is absolutely misguided too I think. Reality check please. This is a forum where we meet across project bounderies. Where it gets easier to see what's happening around us in the big pond. Out on the projects you do stuff and you gain respect. NOT HERE (except if it's for writing interesting articles and postings, but you've both failed miserably on that in this thread I'm sorry to tell).

Who cares about the certification after all? For what I see entering certs is just our way of paying Ralph back for giving us this place by giving him some data for his project. Please return to your scheduled work on open source projects and to write funny, interesting mails, articles and postings for our community. I'm certain that you both is up for that. This argument is just a waste of good energy, time and motivation.

  - ask (who really would have liked to have his name on the pretty blue color better).

OK., posted 9 Aug 2000 at 01:36 UTC by ncm » (Master)

Ok.

Enough., posted 9 Aug 2000 at 04:23 UTC by deven » (Journeyer)

Enough. I'm just as tired of this argument. That's why I removed the self-certification. I'm sick of debating it. I didn't want to get into it all, but I didn't want to leave the attacks against me unanswered.

Nevertheless, I do believe there is room to improve the system by adding other metrics. Is it necessary or important? I don't know. But it might be interesting.

Let's douse the stupid flamewar already.

What does the advogato trust metric mean?, posted 9 Aug 2000 at 07:24 UTC by raph » (Master)

If you figure out the answer to that question, let me know.

But it seems to me that not very many people have taken the time to understand how it works and what it's about. To do so, you'll probably want to read the draft paper, and maybe even take a look at the code (although so far it's pretty close to what's in the paper).

A few things would become clearer. First, the Advogato trust metric is not inherently centralized. The implementation of it you're looking at now is centralized, largely because it's much, much easier to do centralized things on the Web. Now that distributed infrastructures are making a resurgence (Gnutella, FreeNet, Mojo Nation, etc.), it would be a lot of fun to try to do a real decentralized version.

Second, what the trust metric attempts to measure is oversimplified. For the purposes of this website, it's even more complicated than it has to be (just getting past Observer gives you all the privs that accrue to Masters, although I'll probably refine the privs a bit over time). Frankly, I'm amused to see that people have this intense discomfort with simple things and have this burning desire to make it into a resume, Meyers-Briggs, academic transcript, MMPI, and lord knows what else all rolled up into one.

Lastly, I'm deliberately not policing the site. After all, in a completely decentralized enviroment, there wouldn't be anybody to do the policing, even if they wanted to. One of the things I've learned is that people will not in general follow reasonable clear written instructions before creating a certificate. This should hardly be shocking news, but thanks to all of you who have helped teach me this.

It's possible that making the cert process into twenty questions, with each question worded for crispness and objective reality (ie, "have you ever met this person face to face", "have you ever had sex with this person", "are you now or have you ever been a member of the communist party?") would improve the precision somewhat. It's an interesting experiment. Right now, it's not an experiment I have the time or the immediate research interest to do. If anyone else with brains and motivation wants to take it on, I'd be happy to help.

And regarding the actual issues in the flamewar: relax! It's just a website, for crying out loud. Further, self-certification means absolutely nothing. It's just a bit of personal information you're publishing about yourself.

P.S. The death of deven's daughter touches me deeply, as I have a 3.5 month old baby of my own. While my wife and I have (after some thought) made the decision to go ahead with vaccinations, I've also seen more than my share of pure incompetence and cover-up by the medical establishment. May the soul of this baby find peace.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page