Meta: Advogato's trust metric
Posted 23 Feb 2000 at 02:18 UTC by raph
Reading through the diary entries today, I found that some people are
quite unhappy with the way the trust metric operates, most vocally temas. I'm posting here to try to clear up a
few misunderstandings, offer some suggestions, and possibly open a
discussion.
First thing is that, in the move to the XCF, the trust metric got tightened
by accident (I hadn't checked in the looser seed parameters into the CVS
version of mod_virgule). I just fixed that.
Next, X-Virge misrepresents my intentions in this irc snip:
- [18:26:11] <x-virge> raph started advogato as a sort of
psychological experiment to see what would happen
- [18:26:24] <x-virge> and this would prove that humans
bring
politics into things way too quickly
- [18:26:35] <x-virge> even in a place where it really
makes
no difference
Yes, Advogato is an experiment, but (hopefully) one on how peers can
define their own community in a way that keeps out trolls, spammers,
kooks, and all the other types of antisocial behavior that have,
unfortunately, come to define communication on the net. It is not
an experiment to prove any bad things about human nature, especially
politics. Free software has been pretty political from the beginning,
and remains so in many ways (check out Debian if you don't believe me). This
doesn't always have to be a bad thing, but that's just my personal
opinion.
The trust metric (which is badly in need of a detailed writeup) is
designed to keep out "attackers". As such, it works best when there is a
rich cross-certification between groups of people. My belief is that
there are many friendships and professional relationships that cross
between projects and groups, so the basis for these cross-certifications
is there. I've noticed, though, that people can be a bit shy about
asking for certification. Maybe people should be less so. I'm a little
reluctant to dictate what people here do, though - I want to see how the
site works on a self-sustaining basis.
Finally, on the issue of the rankings. Please, don't take these too
seriously. They are only a bit and a half of information, after all.
That said, from what I know of the Jabber project, I personally would be
reluctant to apply a Master label to its developers. Even though the
project does appear to have lots of potential, there are after all quite
a number of instant messaging apps out there. There's a good chance
Jabber's unique use of XML and other properties will make it stand out
among that category, and at that time I'd be totally comfortable with
the Master ranking.
But that's just me, and I don't actually know much about Jabber.
Hopefully, people who are more up to speed on the project will be using
their own judgement, and end up with a ranking that's fair and accurate.
That's the whole point of peer review.
I'm definitely aware of the fact that Advogato's trust metric is far
from perfect. But I do think the ideas in it are one of the more
promising ways to foster high quality discussion on the Internet. I'm
hoping the experiment turns out well.
I appreciate this clarification and your comments. And I would like to
apologize to all involved, I became hot headed and slightly askew with
my normal views. I'm over it now. I hope this does not deter anyone's
view of Jabber as it truly is an
amazing project, with HUGE amounts of potential. I encourage you all to
look at it and support it.
Thank you, posted 23 Feb 2000 at 02:31 UTC by julian »
(Master)
Raph, I'd just like to thank you for clearing things up.
Unfortunately, my experience with politics has been mostly negative,
but
perhaps advogato will help show me a way in which having politics
involved improves the situation.
Yes, I do agree that the jabber developers did take the rankings a
bit
too seriously, but I think a few more things were involved in their
feelings at the time.
Anyway, hopefully things will be a bit better now. :)
Since we've got the attention of everyone, this is a good chance for me
to ask a quick question which I have been trying to figure out...
I was under the impression that the trust metric automagically moved
people up (or down) according to some system that will be published
soon... Is this not how it works? Are there "admins" watching over to
see who is ready to be moved around and "click the button" when
appropriate?
Just kinda wondering how automated this was.. Some of the
frustration
was partly brought about because we (all of the Jabber developers
involved in this) didn't think we would ever move beyond Observer
simply because of a bias against our project. I was surprised because I
was thinking that it was all automated and that someones (or a group of
someones) bias against someone else would have no effect on the trust
metrics -- even if the ones having bias had "admin" access. Don't take
me wrong.. I'm not trying to accuse anyone of anything, I'm trying to
understand exactly how the trust metrics work.
It's fully automated. It was just that it was so tight that it required
that one person be certified by several people of a higher level before
that person's rank could increase.
I'm really happy that Raph wrote this. When I saw the diary entries for today, my first feeling was "Oh no, we're getting an
anti-Advogato faction". Frankly, I think some people were taking things way too seriously, but it seems it's being sorted out
now, so...
Random thoughts: It's probably not a good idea to go around ranking people as "Master", unless they're really widely known and
widely respected. Alan, Linus, RMS, Miguel, Raph, Federico... Those are masters. If you work full-time on free software, and
you put a lot of work into it, hey, you're a Journeyer. It's a great title to have. I'm very happy with mine. When that's said, I think
the trust metric could do with a more sliding scale, but you've got to put the thresholds somewhere, so the system we have now
works pretty well.
And in general, I'm not understanding the opposition towards judging other people. This is a meritocracy. If you do good stuff,
you can be reasonably certain that someone else who does good stuff knows about you and your stuff, etc. That's how it works,
and the trust metric seems to be doing a good job of modelling the real-life relationships.
You might be interested in a brief writeup of the trust metric used on this site. Enjoy!
I was really happy to see this too, and looking forward to seeing better
documentation. One thing that doesn't seem to be addressed in the
current metric is any notion of subcultures. Perhaps this was
intentional and/or we don't have enough cross-certification
between groups yet, but I think this is what temas ran into.
I felt a similar isolation when I first came to the site (thank
you
lolo for ending my observer status!) My
impression is that a lot of the people on this site are gnome folks,
especially in the beginning, and so the trust valuations are biased
toward members of that group. I don't know most of them. I'd heard of
miguel and some of the gimp people, and that was about it. Not only was
it hard for me to get certified, there weren't many others I could rate!
Fortunately this is slowly improving.
These things are by their nature clustered. It would be nice if
another
group of developers, say the jabber folks, could set up their own patch
of trust relations, and have that recognized independently. Is the
current metric supposed to take into account that sort of meta-rating
between clusters? I suppose I should look at the code to figure out
what's actually going on. :)
In response to radagast's comments about rank inflation, that's
not how I understood the levels as described in the instructions. For example:
A Master is the principal author or hard-working co-author of an
"important" free software project, i.e. one that many
people depend on, or one that stands out in quality. A Master has
command of the tools and is an excellent
programmer. Generally, a Master works equivalent to full time (or
more) on free software. Ideally, a Master writes
clearly about the work and its broader context, and serves as a
mentor to others in the free software community.
Perhaps I'm just interpreting "important" differently, but I do
think
this reasonably covers people like dria and
werner who I've certified as masters,
though their
fame doesn't (and at this point shouldn't) compare with people like Alan
Cox. I still consider them the principle authors of important projects.
And if we limit journeyers to those who work on free software full time,
how many would we have? Just the lucky ones?
I do agree that we shouldn't be afraid of public 'rankings'. Of
course
it's fallacious to put much value on an index, particularly a one
dimensional one, but I do believe a meritocracy is an improvement on
typical power structures.
The shyness here is no different from the
'dirty laudry' effects of holding open design discussions and open code
development. Many of us were taught not to express publicly our honest
opinion of others ("Don't ask someone how much money they have. If they
make more than you, you'll feel shamed, and if it's less, they will.")
but most of the same arguments for open development apply to social and
political processes as well. To hide information is always to give power
to those who would deal unfairly.
I think the problem is that the Advogato trust metric claims to measure
is community consensus about someone meeting the semi-objective
definitions of the different certification levels. I guess the algorithm
is meant to be designed to do this, while resisting attacks from parties
no one trusts.
But in practice, it seems to measure the fact that at least 1 or 2
people who are highly rated like you enough to give you that level of
rating. This certainly applied to me initially - two people whose names
I didn't recognize rated me as "Journeyer" (a level which I think may
have in fact been a slight exageration of my actual hacking
contributions at the time). I've also been on the other side of this - I
have single-handedly caused people to have a Journeyer or Apprentice
rating by being the first to rate them, and in some cases maybe the
broader community would not agree. Conversely, I've seen a lot of people
not rated higher than Observer who had notes about interesting-sounding
projects they were working on, whomI did not certify even to
"Apprentice" because I didn't know them (and also, some of the projects
seemed complex enough that certifying someone as "Apprentice" seemed
more rude than not certifying at all; yet on the other hand since I knew
I could make someone a "Journeyer" singlehandedly, I didn't want to do
that without knowing about the project in detail).
Even though I know that's not the way the trust metric is
supposed to work, the fact that it gives this appearance makes it
have kind of a high school/IRC kind of atmosphere, where your "coolness"
level is measured by whether some of the "cool" people accept you. Even
Raph in his note above seems to imply that "Master" rating should be
assigned based on fame.
So I have decidedly mixed feelings about it. It's a very interesting
concept; it tries to measure directly the "peer repute" that Eric
Raymond has written so much about. But it seems in practice to result in
the sort of cliquish environment I have always hated elsewhere.
Correction, posted 23 Feb 2000 at 08:06 UTC by mjs »
(Master)
That was Radagast, not Raph. Wish I could edit posts.
patch, posted 23 Feb 2000 at 09:35 UTC by mbp »
(Master)
I'll leave aside reservations about whether pigeonholing is good, and
instead suggest a change to the algorithm.
Perhaps people should say for themselves what level they think best
describes them. Other people can decide if they think it's accurate or
not. If they disagree, they can write to the person and explain why it
should be higher or lower. If they agree, then they can `sign' the
claim to indicate approval.
So, we have two variables for each person: the level they claim, and
the
credibility of their claim.
People who are rated too high will be there because they have an
inflated opinion of themselves, not because other random people were
trying to be nice.
As a refinement, perhaps you could register your disagreement with a
signature, which would result in an amount proportional to your own
credibility being subtracted from the strength of the signature.
I haven't thought through whether this has the property of being
safe
against many attackers; I think it could be made so.
Some thoughts, posted 23 Feb 2000 at 10:22 UTC by Skud »
(Master)
I signed up last night, and came back today to find that I'd been
certified at "Master" level. This seemed odd to me. Yes, I work full
time in Open Source and have been involved in various projects for,
well, ages. Yes, I do a lot of advocacy, writing, and mentoring. But
as mbp points out in
his diary, nothing I've done has been a "moby hack".
It seems to me that the problem in my case is that while I've been
cutting code and contributing to projects for years, none of the Open
Source coding I've done is of particularly ground shaking importance
when taken in isolation.
I don't really like to make assumptions, but I think when dria certified me, she
was probably not taking my code in isolation. Dria knows me
through my documentation and other writing, and through my community
involvement.
Now, Advogato's description of the levels says that a Master (and I
won't even think about mentioning "Mistress" as an alternative
title) should be the principal author of a major piece of software that
many people depend on. It's biassed in favour of coders, and a
Master-level documentor, advocate, teacher, project manager, or
integrator cannot be recognised as such under the rules as they exist.
So people have bent the rules. Looking at the other Masters on the
system, I can see:
- A lead developer on a documentation project (no coding projects
listed)
- A contributor to GIMP (no other projects listed)
- A couple of people who list no projects
My guess here is that some users are playing by the rules (which is fair
enough) and others are interpreting the rules to allow for non-code
contributions. Whether the latter is a reasonable thing to allow, I
don't know. This is something that advogato's administrators and the
advogato community need to think about.
My vote is to recognise all contributions to Open Source/Free Software.
I'd tend towards loosening the rules, and letting the trust metric do
what the trust metric does. Otherwise, the two behaviours will cause
glitches in the way the trust network works, and we won't be able to
clearly see whether the trust metric is working.
Popularity?, posted 23 Feb 2000 at 11:32 UTC by rakholh »
(Journeyer)
I think I was the "spark" with this whole issue. I commented on
irc.gimp.org on #gnome - advogato.org is being invaded by 'Jabber'
people. I meant that in a 'nice' way (i.e. Jabber-folks disocvered
advogato.org and all signed up).
Anyway, I think the problem is that temas and some other Jabber-folk
are too 'biased' towards their project. They view their project as
important and claim that other companies want to use it. That may be
all nice and well, but the fact is that we haven't actually seen it
deployed. Nobody I know except a few folks use Jabber. It is not
a 'popular' project at this time, and is under heavy development. Don't
get me wrong, it /might/ be a good project, it might to the
InstantMessaging world as Apache was to the WebServer role. But that is
not the case currently.
What people are objecting to is the fact that you Jabber folk are
ranking each other. While you may /believe/ that you are objective -
you really are not because you interact with these people daily and
while /you/ may 'trust' them the advogato.org community may not because
they have no clue on Jabber.
Some people probably take 'offense' at the fact that you're ranking
each other on the leagues of 'Alan Cox' or 'Raph' or 'Miguel' - They
are popular in the advogato.org community because they
have /demonstrated/ to everyone their technical talent. Since Jabber is
not yet popular, people can not judge you based on your technical
talent (since they don't use Jabber and aren't impressed with it).
Like Raph said - don't take it personally. Its all a matter of
perceptions :)
Skud writes:
My vote is to recognise all contributions to Open Source/Free
Software. I'd tend towards loosening the rules, and letting the trust
metric do what the trust metric does.
<aol>Me too!</aol>. Aside from that:
One feature of the certification system used is that it conflates
effort and ability. You can't be a Master simply by being very good at
what you do; you also have to do a lot of it. At the other end of the
scale, if you would only rate Apprentice because you only have a few
hours a week to spend on free software, you also get labelled as "still
striving to acquire the skills "
One probable result is that many people are shy of certifying others
at "Apprentice" level, because - well, because it sounds demeaning. I'm
happy to acknowledge that I don't work on free software except at the
weekends (and what I do then is also of limited general interest,
granted) but I'd resent the implication in Apprentice that I don't know
what I'm doing.
Simple fix: what say we deprecate "Apprentice" and introduce
"Royalty" or "Omniscient being" or something at the top of the scale?
We still have the majority of people
at "Journeyer" as now, but there's an extra bit to differentiate
between, say, Dria
and Alan. I hope neither will take offence at my using them as an
example.
Far-reaching change: introduce two orthogonal ratings for effort and
godliness.
dan writes:
Far-reaching change: introduce two orthogonal ratings for effort and
godliness.
Yes, that would allow one to say: "Mr so-and-so has great skills but
has not
contributed to any major software packages lately, so I will rate his
ability as
Master and his effort as Apprentice." That would probably remove some
ambiguity in the current ratings. And that would hopefully encourage
more
people to rate others, because it would be easier to select the level
for each
criterion. Currently, it is a bit tricky to evaluate the level of
someone else
because you need to take a subjective mix of the two criteria.
The "ability" category could use the same level names as the ones
used now.
The "effort" category could consist of the following levels:
- Prolific
- Productive
- Promising
- Sleeping
(Note: I am sure that some native English speaker can find better words
for that.)
This could lead to something like a "Prolific Master" or a "Sleeping
Journeyer" (and what about the "Promising Mistress"?).
In another comment, rillian mentions
the
subcultural divisions and writes:
My
impression is that a lot of the people on this site are
gnome folks, especially in the beginning, and so the
trust valuations are biased toward members of that group. I
don't know most of them. I'd heard of miguel
and some of the gimp people, and that was about it. Not only
was it hard for me to get certified, there
weren't many others I could rate! Fortunately this is slowly
improving.
The problem is that you are supposed to certify people you know and
it is
difficult to judge people that you do not know. This could be partially
solved by
encouraging newcomers to post more information about themselves, so that
the
people who are already certified could have a means to know more about
them
and maybe certify them (assuming that the sources of information can be
trusted).
Another way to improve the current situation would be to allow
tentative
certifications or weighted certifications: when you certify someone
else, you would have the opportunity to assign a weight to your
certification, based on
how well you know that person. That would basically allow you to
explicitely
reduce the weight of your certification in the certification graph.
So for
a person that you have met personally or with whom you are exchanging
messages frequently, you would use the full weight. On the other hand,
you
could help a newcomer that has not been certified yet by
giving
him a tentative certification that has a lower weight.
There are many more things that could be done to improve this
system.
I wrote last week that I would post a new article about that soon,
following my
previous article on
Slashdot
moderation. Hmm... I will try to do that next week...
It seems to me that advogato's trust metric mixes a number of
concepts.
First, it mixes how much I trust someone with how good a
hacker I
think they are, which are not synonymous.
This has the unfortunate effect of granting master hackers I might
admire at a distance an unnecessary and frankly unwanted level of
significance in choosing who I get to hear from and who I trust. If I
call someone a master, it is out of a judgement of their skills. They
might be a jerk. More often than not, I don't even know if they
are a jerk. I should not be implicitly saying they are not-a-jerk just
because I happen to be using one of their libraries.
Further, it mixes the concepts of who I certify and who I
trust
the
certifications of. In other words, I cannot grant trust to a person
without approving of their ability to judge others trustworthyness. Lets
say mike thinks I personally am trustworthy, but hopelessly naive and
unable to tell good people from bad. He then has to choose whether to
put me in his trust network (and infect it with all my stupid
judgements) or leave me out of it, and subject me to a life of
not-being-certified-as-trustworthy-by-mike. That's just not correct.
More troublingly, advogato's trust metric presents a trust
network
with its origins in 4 people who are not me, which is clearly
incorrect. Trust flows from a person's own judgements, not from a
central registry of what is right and wrong. This is the post modern era
-- we have dialogues and metadialogues but not truth. While it is
certainly interesting to be able to see who raph, alan,
federico and miguel trust (and what their trust network reveals about
everyone else), it really doesn't represent the trust relationships of
everyone in the free software community "at a glance" any more than a
headline on CNN represents "the news at a glance". It's one flavour of
trust, from one source.
Advogato would benefit from the following modifications:
- a logged in user has a trust web calculated on the fly with them
at the root.
- trust, righteous hackerdom, trust-to-introduce and
trust-to-judge-others-hackerdom are separete
certifications with separate network flows.
- people can see one another's trust webs if they like, but are not by
default logged into raph, miguel, federico, and alan's trust web.
graydon writes:
a logged in user has a trust web calculated on the fly with them at the
root.
[...]
people can see one another's trust webs if they like,
but are not by default logged into raph, miguel,
federico, and alan's trust web.
Although this solution would be nice for some individuals, it has
several
drawbacks:
- It would lead to a fragmentation of the community. We could end up
with several disconnected trust webs, causing some people to read and
post articles that are only visible to a small group of users and
ignored by everybody else.
- Advogato would have to accept and store all submitted articles even
if they could only be read by their author (because even if the author
has not been certified by anybody, he is at the root of his own trust
web). Some authors might not even know that nobody is able to read
their articles.
Last month, eivind
posted
a comment explaining
the
fragmentation problem. Here is an excerpt from the end of his
comment:
It causes opinion reinforcement for the users - users see messages that
agree with their opinions,
represented by what they have moderated as 'good'
before.
It causes opinion-based splits of the community to
sub-communities - different parts of the
community see completely different discussions.
Although it should be possible for the users to configure their
"view"
of the
articles (using priorities, thresholds, etc.), Advogato should try to
keep the
trust web as connected as possible. Otherwise, a group of people who
trust each other could use the site to discuss sheep herding while
another
group is exchanging cooking recipes and another is talking about
politics. By
having a limited number of people at the root of the global network of
trust,
Advogato ensures that the topics and ratings do not drift away from the
original intent.
Ah well... The best solution is probably somewhere inbetween...
The system would fragment!
Incorrect. The number of connections between individuals remains the
same regardless of the metrics assigned. I know bob, bob knows me, no
amount of metric tweaking will change that fact. What does
change is whose metrics are being poured into the network when solving
for the trust flow to a given individual. In other words: when I examine
bob's page, does it classify him as trustworthy because of judgements
I've made, or judgements raph, miguel, federico and alan have made? I
submit that the former makes much more sense.
Anyone can post anything!
Again, you are blending the issues. It is not necessarily the case that
the system will accept postings from anyone. Anyone can post followups
to slashdot, but not anyone can submit lead stories. Likewise here,
there's no reason to believe that just because your trust metrics are
separately maintained, that the owners of the site (who pay for its
facilities somehow, perhaps through academic slavery :) will not reserve
editorial control over the parts of the site which are justly determined
to be scarce. Like any setting (IRC, netnews, mailing lists, web sites)
there are sections which are hand-moderated, sections which are
mechanically moderated, and sections which are free-for-alls. The right
balance of these moderation strategies will be made irrespective of the
trust metric choice.
I maintain that the only reason this issue isn't more blatantly
clear is
that most of us assigned master-level trust to some if not all of the 4
roots of the trust web when we joined. This coincidental action cannot
be misconstrued as proof that the web assigns metrics in a logical
manner.
For someone who's only studied lower math (and forgotten most of it)
-- calculus, some diffy Qs, and a bit of numeric algebra -- is there a
translation of Raph's very interesting white paper? I'm not familiar
or comfortable with treatments using graphs, nodes, edges, supersinks,
and the like. Much of the language of the paper is over my head.
FWIW, Google turns up a couple of scholarly treatments in the
first
page of results, including a Japanese
paper with Java applet demos and another
paper by Harvey Greenberg at University of Colorado, Denver.
While I think I follow some of his points, it's not clear to me
in
the source/sink discussion, what is being sourced or sunk -- is it
traffic or trust? In the attack model, how are nodes assessed as "good"
or "bad"? This appears to be an arbitrary or normative decision at
some point. It would seem that "confused" nodes are those linking to
both bad and { good or confused } nodes, though Raph's illustration
includes one "compromised" node which links only to another compromised
nodes and
good nodes. I'm confused. I hope I'm not bad....
Again, in the event of an attack, how does the model translate to
a
defense strategy? What is the model buying that isn't available by
other means -- single-point moderation, selective filtering, etc.?
What also of the instance of "good nodes gone bad"? Several well
known attacks on Slashdot where performed by "karma whores" -- users
who'd accumulated high karma scores which could be "spent down" on spam
attacks against the board. How does the trust metric allow for
detection and action against such behavior?
I believe there are several people reading who would appreciate a
layman's explanation of this concept. TIA.
A cute abuse of Avocado's (you know you want to call it that, why
fight it?) trust metric is nwv. It's cute because as
well as being your average anonymous account , it uses a nice social
hack that could, conceivably, manage to make the creator anonymous at
some point. (There's not much point for a Journeyer, say, to certify
some random Observer; but for a Journeyer to certify someone else who's
already a Journeyer, heck, why not? It can't hurt, and it increases the
connectivity of the trust graph, and hey, if he nominates me as a
Journeyer, I'm that little bit safer, right?) When the dummy account has
built up its web of supporters well enough, the original certifier can
quietly disappear from the account's list of certifiers, and sooner or
later do whatever it is you do when you've broken Avocado's security.
Of course, breaking Avocado's security is probably an
exageration:
Avocado is meant to stop large scale attacks with lots of fake accounts;
it's not meant to stop every lamer from sneaking through the cracks.
Perhaps one problem with this is there's no negative
reinforcement.
If someone thinks you're being a twit, and gives you an Apprentice or an
Observer rating, well, no harm done. Even if fifty people give you an
Apprentice rating,
it doesn't really matter, as long as you've still got one or two
Journeyer ratings.
Failing any sort of negative reinforcement (which could just end
up
an excuse for angst, or revenge, or more certification wars, or
whatever) there's not really any sort of ability to limit how much you
trust someone. One way to do this would be to disregard the mathematical
network flow model, and follow a more computery one by adding a TTL
field to your flow, of some sort. That's probably painful and tacky, and
hard to analyse though. Another option would be to make the capacity of
an edge more variable: if I trust someone enough to think they're a
Journeyer, but not enough to really want to let them make anyone else a
Journeyer, I can make the capacity of their link just `1', which will
presumably go straight to the sink. If other people decide they like
this guy too, then he can use their flow to certify other people. (But
what if they don't want their flow to be used that way? Oh well.)
In any event, the `capacity is proportional to distance from the
source' seems a fairly arbitrary metric.
Another thing I wonder about is why only Master's should be able
to
deem other's Masters, and so on. (This is one issue with sourcing trust
at "yourself", rather than alan and co --- if you're not a Master to
start with, you can't set things up so that anyone else can be a Master.
You could arbitrarily declare that everyone by default considers
themselves a Master, but that's probably not true. Or you could just
special cast it) A possibility here would be to
connect everyone at the next lower level to the super-source, but giving
them a very limited capacity. So that while Alan can make anyone a
Master with a gentle nod (because his capacity is 1000 units, and it
only takes 10 to make a Master, say), it takes significantly more
Journeyers to do so (because their capacity for assigning Masterdom
might be only 1 or 2 each). Furthermore, while Alan can make 100 people
Masters, each Journeyer can only contribute to a couple of people being
ranked as a Master.
Non-determinism would hurt pretty badly here, though,
unfortunately,
so your flow might happen to make a bunch of .9 Master's (which don't
count) and no 1.0 Master's (which would count). I'm not sure how hard it
would be to work with a network with some binary edges: ie, edges to the
super-sink getting a flow of either 0 or 10 exactly. Tricky.
A nice feature, btw, would be to be able to see where your trust
is
coming from on your homepage. `You're a Journeyer: you got 5 units from
foo, and 3 units from bar, and 6 units from baz, of which you're passing
6 down to quux, and 7 down to quuux'...
Hmmm. That's strange. My <p> tags got doubled up in the
edit
window of preview.
For those people interested in trust metrics, which for some reason I am one, Bruce Sterling's book, "Distraction" is an interesting read.
It describes a nomadic, non-monetary society (outcast by the now-bankrupt U.S. government), who allocate responsibility based on a trust metric. lose trust, you lose responsibility, and have to earn it again if you want the responsibilities back.
It also has the very neat side-effect of making individuals replaceable (difficult to target the head if it's a hydra!) by the next-most-responsibly-trusted-person, automatically.
Thoughts on Trust Metrics:
i think it would be good to have the trust metrics measured on the way neurons work. namely:
1) an advocacy decays, or is given less weight, relative to more recent advocacies. this has the side-effect of allowing lots of little-weighted-advocacies to build up the same clout as one big-weighted-advocacy, and also reduces the effect of Past Offencies Against The System (forgive, but do not forget) and likewise for older contributions.
2) a negative-rating system with equal clout as the positive-ratings. Such names as, "idiot", "offender" and "outcast" spring to mind as possible equivalents to "Apprentice", "Journeyer" and "Master". a negative rating against an individual would bust them lower than observer, and their privileges restricted as a result, with difficult but not impossible means to reinstate their status (weighed in the balance, and found wanting :)
3) an advanced system of "group trust". a group of individuals (or a possibly recursive system, a group of groups!) get together and create a group, membership by invitation only. they decide to allocate trust-metrics to certain individuals to certify that those individuals are trusted inside *their* group to represent them and the combined trust-metric of their group. if the group's individual members decide that their own "trusted representatives" are being stupid, and bringing the group (and therefore the individual's) trust metric into disrepute, they can decide to *renege* on the trust-metric they gave to their representatives, or just simply leave the group.
the "group trust" system is a really interesting concept, and mirrors the way that societies work. there is always, within a group, an individual or set of individuals that are trusted to represent the group. the individual contributes to the group by their own trust-metrics, and if they leave, the group loses their trust rating. if the person was a valuable contributor to that group, the group might lose its trust-metric sufficiently for other members to *also* leave, forcing the collapse of the group and reforming of a more suitable one etc etc.
4) the creation of an internet protocol (a simple one! learn from microsoft's mistakes!) to provide distributed trust-metrics. for example, i would like to see one per project running *on* each project's site (e.g samba.org, i have to talk to the other samba team members about this). this to help alleviate any issues with 3) - a group itself might not want to trust another group's site to run their own trust metrics!
5) a programming api to allow systems such as samba-patches@samba.org to automatically generate (or help generate) trust-metrics for contributions to projects. samba, for example, has a simple version of trust metrics, already: number of cvs commits (by samba team members) and number of patches submitted (by non-samba-team members, who do not have cvs access to samba.org).
anyway. these are some of my thoughts over the last few days and nights. based on bruce sterling's ideas, i am so pleased to see an actual implementation of a real trust-metric system, i'd love to see it develop more. yes, i can help out with that :)