Hi, Has anybody got any code to create security images for a registration page that they would be wiling to share? The kind where a word is embeded in some background so that only an actual person can register. Thanks, Steve
On Fri, Oct 21, 2005 at 09:25:38AM -0400, Steven Hammond wrote:> Has anybody got any code to create security images for a registration > page that they would be wiling to share? The kind where a word is > embeded in some background so that only an actual person can register.Please don''t use such systems: http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html If you still want to: http://tagifieds.com/permatags/josh/ror-captcha-howto http://frankhale.org/CAPTCHA_RoR_Tutorial.html -- David Dorward http://dorward.me.uk
Hi, Steven,
I haven''t got reusable code, but would look at rmagick to put randomly
generated text into an image. You''ll find the following snippet and its
result on: http://rmagick.rubyforge.org/portfolio.html
require ''RMagick''
clown = Magick::ImageList.new("clown.jpg")
text = Magick::Draw.new
text.annotate(clown, 0, 0, 0, 60, "My friend!") {
self.gravity = Magick::SouthGravity
self.pointsize = 48
self.stroke = ''transparent''
self.fill = ''#0000A9''
self.font_weight = Magick::BoldWeight
}
clown.write(''annotate.jpg'')
Jan Prill
Steven Hammond wrote:
>
> Hi,
>
> Has anybody got any code to create security images for a registration
> page that they would be wiling to share? The kind where a word is
> embeded in some background so that only an actual person can register.
>
> Thanks,
> Steve
>
>
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
On Friday 21 Oct 2005 14:25, Steven Hammond wrote:> Has anybody got any code to create security images for a registration > page that they would be wiling to share? The kind where a word is > embeded in some background so that only an actual person can register.Googling for "rails captcha" found this: http://frankhale.org/CAPTCHA_RoR_Tutorial.html Although I suspect perhaps you aren''t familiar with the term "captcha" otherwise you would have mentioned it in your post. I don''t doubt that you already Googled for this, just using the wrong words, so no worries. ;-) Cheers, ~Dave -- Dave Silvester Rent-A-Monkey Website Development Web: http://www.rentamonkey.com/
David
> Please don''t use such systems:
It''s not the first time I see such an unmotivated answer, and each time
I wonder :
Why?
Why do you feel it''s bad to spend an extra 3 seconds to ensure a new
user is not a robot?
> http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html
Not convincing at all. I spent as much time reading it as I would have
replying to 30 CAPTCHAS.
Alain
In article <djbbas$n1u$1@sea.gmane.org>, arav2132- 6SW1mVBvVAbXsMajfR9tMA-XMD5yJDbdMReXY1tMh2IBg@public.gmane.org says...> Why do you feel it''s bad to spend an extra 3 seconds to ensure a new > user is not a robot?I believe the two arguments against it are: 1. it doesn''t actually ensure such a thing; it''s trivial to either (a) write code to OCR the CAPTCHA, or (b) just post the captcha on your own web site where your human readers will give you the answer. 2. It makes it impossible for even the mildly visually-impaired to use your site. There are counter-arguments to these, of course, and I''m never quite sure which side I stand for. -- Jay Levitt | Wellesley, MA | I feel calm. I feel ready. I can only Faster: jay at jay dot fm | conclude that''s because I don''t have a http://www.jay.fm | full grasp of the situation. - Mark Adler
Hi, I''ve been following the examples in the Agile Web Development w/Ruby book and have run across a habtm issue and would like some input. I have the following three tables: party ------ id party_role ---------- party_id - fk to party(id) party_role_type_id - fk to party_role_type(id) party_role_type --------------- id name etc... On pg 240 of the rails book it describes the following relationship: articles -------- id title articles_users -------------- article_id user_id users ----- id name For all practical purposes, my design above mimics this and is a pretty standard join table. However, when I find() my PartyRole AR object, it doesn''t automagically connect the two object, it only provides the local attributes. The AR objects are as follows: class Party < ActiveRecord::Base set_table_name "party" has_and_belongs_to_many :partyRoleType end class PartyRole < ActiveRecord::Base set_table_name "party_role" end class PartyRoleType < ActiveRecord::Base set_table_name "party_role_type" has_and_belongs_to_many :party end I think my problem here is mostly naming issues and this will probably be an ongoing issue for me during my migration tests. Does anyone know of any way that I can specify what the join elements in this case should be? I''m sure Rails expects ''Roles'' vs. PartyRoleType in my case and this is what I''m looking to override. I''m having fun playing w/Rails, but it''s taking a little ''adjustment'' for some of the AR stuff as my db is pretty much already defined and I can''t rename or change things easily to match Rails naming conventions. I''m looking for the middle ground in other words. That said, I''d still like to keep moving forward and would appreciate any input. Thanks, - jason
I wasn''t at all familiar with the term captcha. Thanks for the link. Steve Dave Silvester wrote:> Googling for "rails captcha" found this: > >http://frankhale.org/CAPTCHA_RoR_Tutorial.html > >Although I suspect perhaps you aren''t familiar with the term "captcha" >otherwise you would have mentioned it in your post. I don''t doubt that you >already Googled for this, just using the wrong words, so no worries. ;-) > >Cheers, > >~Dave > > >
Jay Levitt wrote:> 1. it doesn''t actually ensure such a thing; it''s trivial to either (a) > >write code to OCR the CAPTCHA, or (b) just post the captcha on your own >web site where your human readers will give you the answer. > > >I thought the "fuzzy" background was designed to keep OCR from being trivial. I''m pretty sure the industrial strength scanners we have at work couldn''t make these out. There''s not much I can do if somebody wants to pay a human reader for this purpose.>2. It makes it impossible for even the mildly visually-impaired to use >your site. > >This is a good point. If I move forward with the "captcha", I''ll have to provide a link for the visually-impaired to be manually verified somehow. Thanks, Steve
On 10/22/05, Steven Hammond <shammond-fsaFzfxnEUFWk0Htik3J/w@public.gmane.org> wrote:> Jay Levitt wrote: > > > 1. it doesn''t actually ensure such a thing; it''s trivial to either (a) > > > >write code to OCR the CAPTCHA, or (b) just post the captcha on your own > >web site where your human readers will give you the answer. > > > I thought the "fuzzy" background was designed to keep OCR from being > trivial. I''m pretty sure the industrial strength scanners we have at > work couldn''t make these out. There''s not much I can do if > somebody wants to pay a human reader for this purpose.You don''t even need to pay human readers for this : put up a captcha at the entrance of a site promising free porn, and there you have automatic captcha reading 24/7. -- Michel Valdrighi Devéloppeur Web Intraordinaire http://zengun.org/weblog/
Instead of a captcha you could use a system where you for example provide three listboxes and ask the user to combine the three things that "belong" to eachother. Or you could ask them a question, prefferably not a mathametical one, as computers do tend to have less problems with these ;-) , in which you alternate some of the words, so to randomise it. You could then put an amount of these randomised questions in the check. although you might want to make the grammer harder. As long as you specify large enough random combinations of things the process can hardly be automated. Jaap On 10/22/05, Michel Valdrighi <michelv-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On 10/22/05, Steven Hammond <shammond-fsaFzfxnEUFWk0Htik3J/w@public.gmane.org> wrote: > > Jay Levitt wrote: > > > > > 1. it doesn''t actually ensure such a thing; it''s trivial to either (a) > > > > > >write code to OCR the CAPTCHA, or (b) just post the captcha on your own > > >web site where your human readers will give you the answer. > > > > > I thought the "fuzzy" background was designed to keep OCR from being > > trivial. I''m pretty sure the industrial strength scanners we have at > > work couldn''t make these out. There''s not much I can do if > > somebody wants to pay a human reader for this purpose. > > You don''t even need to pay human readers for this : put up a captcha > at the entrance of a site promising free porn, and there you have > automatic captcha reading 24/7. > > -- > Michel Valdrighi > Devéloppeur Web Intraordinaire > http://zengun.org/weblog/ > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
On 10/21/05, Jay Levitt <jay-news-WxwZQdyI2t0@public.gmane.org> wrote:> In article <djbbas$n1u$1@sea.gmane.org>, arav2132- > 6SW1mVBvVAbXsMajfR9tMA-XMD5yJDbdMReXY1tMh2IBg@public.gmane.org says... > > Why do you feel it''s bad to spend an extra 3 seconds to ensure a new > > user is not a robot? > > 2. It makes it impossible for even the mildly visually-impaired to use > your site.One way to improve accessibility of a site using Captcha is to add an audio representation of the text contained within the image (see "A Proposed Solution" #5 at http://www.standards-schmandards.com/index.php?2005/01/01/11-captcha).> -- > Dennis Sutch > dennis-+mObuC4wx48AvxtiuMwx3w@public.gmane.org_______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Offtopic, but I think my main objection is the acronym/retronym. It has to be the most pathetic acronym of the century so far. On 22 Oct 2005, at 17:03, Dennis Sutch wrote:> On 10/21/05, Jay Levitt <jay-news-WxwZQdyI2t0@public.gmane.org> wrote: >> In article <djbbas$n1u$1@sea.gmane.org>, arav2132- >> 6SW1mVBvVAbXsMajfR9tMA-XMD5yJDbdMReXY1tMh2IBg@public.gmane.org says... >> > Why do you feel it''s bad to spend an extra 3 seconds to ensure a new >> > user is not a robot? >> >> 2. It makes it impossible for even the mildly visually-impaired to >> use >> your site. > One way to improve accessibility of a site using Captcha is to add an > audio representation of the text contained within the image (see "A > Proposed Solution" #5 at > http://www.standards-schmandards.com/index.php?2005/01/01/11-captcha). > >> -- >> Dennis Sutch >> dennis-+mObuC4wx48AvxtiuMwx3w@public.gmane.org _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails
http://www.craigslist.org/ uses a pretty good captcha + audio solution. Try posting a message there and you''ll see how it works. They even add a little noise into the audio so it''s not trivially decoded (either that or just badly recorded ;). Clever fellas. Dennis Sutch wrote:> On 10/21/05, *Jay Levitt* <jay-news-WxwZQdyI2t0@public.gmane.org > <mailto:jay-news-WxwZQdyI2t0@public.gmane.org>> wrote: > > In article <djbbas$n1u$1@sea.gmane.org > <mailto:djbbas$n1u$1@sea.gmane.org>>, arav2132- > 6SW1mVBvVAbXsMajfR9tMA-XMD5yJDbdMReXY1tMh2IBg@public.gmane.org > <mailto:6SW1mVBvVAbXsMajfR9tMA-XMD5yJDbdMReXY1tMh2IBg@public.gmane.org> > says... > > Why do you feel it''s bad to spend an extra 3 seconds to ensure a new > > user is not a robot? > > 2. It makes it impossible for even the mildly visually-impaired to use > your site. > > > One way to improve accessibility of a site using Captcha is to add an > audio representation of the text contained within the image (see "A > Proposed Solution" #5 at > http://www.standards-schmandards.com/index.php?2005/01/01/11-captcha). > > > -- > Dennis Sutch > dennis-+mObuC4wx48AvxtiuMwx3w@public.gmane.org > <mailto:dennis-+mObuC4wx48AvxtiuMwx3w@public.gmane.org> > > > ------------------------------------------------------------------------ > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails
On Fri, 2005-10-21 at 20:16 +0200, Alain Ravet wrote:> > Please don''t use such systems:> It''s not the first time I see such an unmotivated answerWhy would I give *any* answer without motivation?> Why do you feel it''s bad to spend an extra 3 seconds to ensure a new > user is not a robot?The presentation I referenced does a good job of summing up my thoughts on why CAPTCHA are a bad idea, but I don''t feel it is bad to spend an extra 3 seconds to ensure that a new user is not a robot. Please don''t put words into my mouth. A CAPTCHA is not "3 extra seconds to ensure that a new user is not a robot" since: (a) It usually takes more then 3 seconds for a user to decode the scrambled text.[1] Not to mention that some users can''t decode them _at_all_! (b) It doesn''t ensure the user is not a robot> > http://www.w3.org/2004/Talks/0319-csun-m3m/slide1-0.html> Not convincing at all. I spent as much time reading it as I would have > replying to 30 CAPTCHAS.So a little over three seconds per slide then (according to your estimates as to how long it takes). Not much time to read, absorb and consider the material.[2] [1] Entirely unscientific test based on personal experience [2] Yes, that''s a cheap shot, but "I''m unconvinced" is just a dismissal of an argument without giving any reasoning that can be discussed. -- David Dorward <http://dorward.me.uk/> "Anybody remotely interesting is mad, in some way or another." -- The Greatest Show in the Galaxy