Less Wrong is a community blog devoted to refining the art of human rationality. Please visit our About page for more information.

Lumifer comments on Lesswrong Potential Changes - Less Wrong Discussion

17 Post author: Elo 19 March 2016 12:24PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Comments (88)

You are viewing a single comment's thread. Show more comments above.

Comment author: Lumifer 22 March 2016 05:15:05PM *  0 points [-]

All I am asking for is to make this vector of attack more costly, by increasing a fucking constant.

My point is that increasing that constant is not a viable defence against the attacks. You are not putting up a roadblock, merely a microscopic speed bump that a capable attacker will not even notice.

You suggestion is like prohibiting passwords consisting of a single character. Will it help in the case of really stupid people? A bit. Will it help in the case of people actually likely to mount an attack? Not at all. Does it create the impression that you've "improved the security"? Yes, and that's the worst part.

Comment author: Viliam 22 March 2016 09:19:33PM *  -1 points [-]

In theory, the only values defensible from the first principles are 0, 1, and infinity. In practice, the difference between an hour and a week can be significant.

Will it help in the case of people actually likely to mount an attack? Not at all.

Actually, it can make the attack without scripting quite expensive, and having to write and debug a script can be an obstacle for many people. For example, I am quite tempted to make a proof-of-concept script and fire it at you just to prove my point; and I have already written scripts interacting with websites in the past; but I am still quite likely not to do it, because it would take me a few hours of work. Procrastination, trivial inconveniences, etc.

You suggestion is like prohibiting passwords consisting of a single character.

I believe that CAPTCHA would be a better analogy, because it is an amount of work that has to be done by the user manually, before they are given access to the full functionality. More specifically, it is like changing a one-character CAPTCHA into multiple characters.

Comment author: Lumifer 22 March 2016 09:34:46PM 1 point [-]

In practice, the difference between an hour and a week can be significant.

Sure, but why do you want to take a roundabout-karma way about it? If you care about slowing attacks down, make it so that no account younger than X days can vote. If you care about a sockpuppet explosion, implement some checks on the front end so that no IP address can create more than Y accounts in Z days (yes, proxies, but that's another speed bump).

However I feel that all this distracts from a bigger point. LW is in crisis and some people even say it's dying. This is not because LW is under siege from multiple accounts or sockpuppets. If Eugene goes away LW will still be in crisis. While I'm not in general a big fan of YAGNI, I feel that it's appropriate here. Focus on important parts first.

Comment author: Viliam 23 March 2016 07:06:14AM -1 points [-]

There is more than one problem with LW. But for me this is just more reason to make one go away quickly by increasing a constant, and then focus on the remaining ones.

Comment author: Lumifer 23 March 2016 02:21:36PM 1 point [-]

We're disagreeing about whether increasing that constant will make the problem go away.