Rails - Aug 2006 - Big Ideas For Those With Time

Hello.

I''ve done my best not to haunt the mailing list so far, but
it''s 4am
and I blame the invention of Ruby on Rails for keeping me up at night.
So now you must bear with me or click back/next/delete.

ME:
I love rails in theory and practice, 3/4 of the 37mantras (how many
does that make?), and hanging around seeing how the community is
developing. I''m not famous or well accomplished, just a dude.
I''m a
scope creep by nature, but I''ve learned in reality to shut my mouth.
Sometimes.

THE MEAT:
I want to know several things. The following gives you a flavor of the
kind of things that I am awake at night thinking, but these just came
out once I hit the keyboard.

CAPTCHA.
What is this? I''m not looking for a real answer. I''m looking
for the
answer to the question: "How did we get to the point where we are
asking Joe to type in random numbers to satisfy a computer program."
Actually, I don''t want an answer to that. I want to know "Where
are the
simpler methods of identifying a person as a person when you are giving
information to a website"

Example:
You are submitting a comment on a typo blog. I don''t want to give an
Email, yada yada, I want to leave a nice comment without hassle. I
click "Submit," the screen darkens, and a small and bright popup on
the
page appears in a random position that says "Click on me to prove you
are a human being!"

Why?
One Click = much smaller pain in the ass than hunting and pecking on
the keyboard. Can a spider ever identify screen position of a needed
mouse click? I don''t know. My point is not that I want to develop it,
but that it seems like there is a lack of chatter in the general
community on the theory level - solving small issues like this, as well
as larger issues like the next one.

Why?
I don''t know. We have these discussions in private, or we just build
the damn thing, and it gets ripped off (read: recognized as being
something to build upon) and spreads virally into a convention. Like
the light-box stuff. Or ajax in general.

JAVASCRIPT
Rails helpers = goldmine for UI development.
But I don''t see much discussion about MVC being ruined when developing
a intensely rich and interactive UI. (On a side note, I also don''t see
much discussion which isn''t the practical nitty-gritty of day to day
railing) Javascript lets you have a whole other world on the client
side. I mean, take an app like writely, gmail, etc - This is where web
applications are moving towards, right? Agreed? In other words, right
now, they are beta-buggy-scary, and often hacked together, but...."we"
want to see those things perfect, and that''s how the world works - what
the public wants, they will get.

So, the point is, rjs has opened the door, and now we can put one foot
inside. But if you want to walk *through* that door, you need a lot
more than rjs - you need a javascript programmer building a lot of
custom shit. Look at the rails apps that put ajax to heavy use - look
at what lives in their .js - Lots of crazy stuff going well beyond
Element.update.

Lets talk about this: I need to load and store data on the client side,
have it manipulated, and at critical moments, synced with the server. I
want to paginate data and keep it on the client-side. I know, this is
possible, but the amount of effort for execution is still very very
high. I''m just saying...I think a lot about the fact that at some point
soon, the rails helpers will (have to) evolve and grow to satisfy this
need. I''m excited.

Another way of looking at this is a challenge: Can you build a
simplified version of iTunes, but as an online app? Yes, it is possible
(maybe throw in a Flash shell to handle the audio playback, but...) Can
you build a version which isn''t painful to use? Does Rails aspire to be
''capable'' of building something like this in the future? Is a
more
in-depth javascript ''framework'' needed in order to do so?

Instead of going further with more ambiguous ideas, I''m going to stop
here for now.
Instead of pushing cancel, I''m going to hit send.

Please realize that I don''t want to upset anyone - if you are upset,
don''t worry, you write better code than me - I''m just a lonely
programmer looking to talk *around* the ideas of the day. You know,
spend some time ''together'' evaluating and chatting about
things. There
always are a million ''better ways'' - I would love to see more
rails
folk dialogging about ideas within the larger community that go beyond
which server is better, why code is wrong or right, etc... Some of this
happens, but it seems to be more one-way communication. Blogging works,
but Diablogging is always better! Yes, it''s all changing in front of
our eyes, and meanwhile we''ve got apps to build. Keep up!
What''s new?
Priorities! Build! Release! Go!

Anyone want to slow it down a bit?

lovelovelove
sudara


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

On Mon, Aug 28, 2006 at 02:11:11AM -0000, sudara wrote:
[...]
} CAPTCHA.
} What is this? I''m not looking for a real answer. I''m looking
for the
} answer to the question: "How did we get to the point where we are
} asking Joe to type in random numbers to satisfy a computer program."
} Actually, I don''t want an answer to that. I want to know "Where
are the
} simpler methods of identifying a person as a person when you are giving
} information to a website"

Ultimately, it comes down to what computers are bad at and humans are good
at. In general, the answer is pattern recognition. Humans are very good at
pattern recognition, even in the presence of a lot of noise. A captcha is
little more than a simple pattern (letters and numbers) presented with a
lot of noise, which the user is then expected to recognize and regurgitate.

Also, I''ll point out that the captchas for the visually impaired are
much
easier for a computer to handle; there are much more effective algorithms
for sound/speech recognition than for image/text recognition.

} Example:
} You are submitting a comment on a typo blog. I don''t want to give an
} Email, yada yada, I want to leave a nice comment without hassle. I
} click "Submit," the screen darkens, and a small and bright popup on
the
} page appears in a random position that says "Click on me to prove you
} are a human being!"
} 
} Why?
} One Click = much smaller pain in the ass than hunting and pecking on
} the keyboard. Can a spider ever identify screen position of a needed
} mouse click? I don''t know. My point is not that I want to develop it,
} but that it seems like there is a lack of chatter in the general
} community on the theory level - solving small issues like this, as well
} as larger issues like the next one.

It''s absolutely trivial for a computer to figure out where to click. If
you
make a highly visible and obvious target for the user to click, an image
recognition algorithm will figure it out even faster than a human.

You see a lack of chatter because those familiar with computer science
literature know about the dead ends, and don''t talk about them. Most of
those who don''t know the literature are inclined to trust those who do.
Think of computer science as similar to civil engineering; amateurs can
design pretty looking bridges, but that doesn''t mean that bridge would
stand up to even its own weight, much less traffic.

I know, it sounds really arrogant. Sorry about that. I don''t mean to
say
that people who don''t have computer science training can''t
create anything
of value; that just isn''t true. I''m saying that the hard
problems (e.g.
packet routing on a global network, approximation algorithms, etc.) are
solved by computer scientists, and those without the training don''t
have
much to contribute to that.

} JAVASCRIPT
[...]
} Another way of looking at this is a challenge: Can you build a
} simplified version of iTunes, but as an online app? Yes, it is possible
} (maybe throw in a Flash shell to handle the audio playback, but...) Can
} you build a version which isn''t painful to use? Does Rails aspire to
be
} ''capable'' of building something like this in the future? Is
a more
} in-depth javascript ''framework'' needed in order to do so?
[...]

I''m not quite sure what you''re getting at here. Are you
looking for
JavaScript toolkit libraries comparable to GTK+? They exist, but the
combination of DOM, CSS, and plain JavaScript tends to be nicer. Are you
looking to write JavaScript in Ruby? That''s sort of what RJS is, and
there
is also a project to actually transform Ruby into JavaScript. (The languages
are surprisingly similar, underneath the syntax differences.) I''d also
claim that a web-based iTunes clone is well within reach (especially the
store part, which is already web-based), and it is much more a matter of
licensing/copyright/legal issues that prevents anyone from doing so.
(Incidentally, it would be well within Apple''s abilities to have iTunes
serve a web interface on a user-configurable port to do exactly that,
providing web access to your iTunes library. In fact, I think I''ll
suggest
it to my friend who works at Apple.)

} lovelovelove
} sudara
--Greg


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Thanks greg.


> Ultimately, it comes down to what computers are bad at and humans are good
> at. In general, the answer is pattern recognition. Humans are very good at
> pattern recognition, even in the presence of a lot of noise.
Yes. Exactly. This is why I see CAPTCHA as a hack solution, waiting for
something better to show up. Don''t get me wrong, it''s better
than a
load of SPAM showing up at your door, and typing in 6 characters isn''t
THAT tough, especially for those of us who see it now as "normal." But
if you step back, the idea is pretty demanding - Make every user do
some leg work to help out the lack of decent SPAM filtering on a
website. I just registered a domain, spent 10 minutes giving WAY too
much information on 8 different form pages, and at the end of the
process had to enter a silly string of numbers and digits.
> I know, it sounds really arrogant. Sorry about that. I don''t mean
to say
> that people who don''t have computer science training
can''t create anything
> of value; that just isn''t true. I''m saying that the hard
problems (e.g.
> packet routing on a global network, approximation algorithms, etc.) are
> solved by computer scientists, and those without the training
don''t have
> much to contribute to that.
No problem. On one level I agree with you completely. As far as I know,
I''m never going to contribute to the rails core. Why? Learning curve,
talent, time investment. But ultimately why? Because I''m not inspired
to - there are people who do the ''hard work'' a LOT better than
I could,
I respect them, but get my kicks spending my time elsewhere.

But here is the difference - Web design isn''t computer science. UI
design, web application design is not as much rocket science as common
sense and creativity. Will this make sense? Is this clear to the users
involved? How can we implement this creatively, and clearly? And you
see all sorts of technology being stiched together, not only by
computer scientists, but by programmers who are aware of their users.
In other words, people who can use tools to solve problems, but also
step back to identify the problems in the first place.
> I''m not quite sure what you''re getting at here.
What I''m getting at: I feel that it''s important to step away
from the
technology and have a wider perspective. It''s easier to ask a
programmer "Is building an online version of iTunes possible?" than it
is to ask "Where does our current toolset fail, or not do *enough*" or
"What issues with application design are solveable in the near term,
and how would your tools need to change to solve them?"

It seems important to talk about what we are doing, not on the
technology level, but on the conceptual level. Why? Well, it''s one
thing to design an app while thinking "what is best for the user" and
then plunge back into the deep end, making sure buttons are standing
out, that users are getting good feedback from the system, etc. It''s
another thing to spend some time thinking about the situation in
general - What are the trends in web app design today - what is going
to fade away, what is really innovative, what is ''sticking'',
and most
importantly: What ''problems'' are still waiting to be solved.

And in this case, I''m not talking about the nitty gritty hardcore
programming issues, I''m talking about the fact that millions of people
are surfing the internet and we are part of the crowd responsible for
that experience being useful, joyful, and informative.

There''s lots of rails talk about getting DRY. No programmer likes to
write code twice. And it''s a sexy idea to get rid of excessive code
writing. But we don''t talk a lot (together) about UI design, about the
UI issues in general, about Application *flow*, about the larger
approaches and attitudes. The most you hear is "Reduce the number of
form fields" or "Don''t ask the user to sign up for an account
until you
really need them to." Yes, these are wonderful peices of advice! ...And
just the tip of the iceburg.

THOSE ideas are more along the lines I want to talk about. Stepping
back, I would think railers would be more obsessed about designing
systems their users will love: "Step away from the technology."

Again, if I''ve offended, or just plain boring to listen to, I
apologize. I''m excited by these kinds of things.  I''m not
looking to be
educated or educate, though I always expect that to occur natuarlly.
I''m looking to dig into topics that are left behind, but in reality
define the world of "web applications" to the millions. And then come
back and see how Rails applies to this world and how it could change
and grow.

lovelovelove
sudara


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

sudara wrote:
> I want to leave a nice comment without hassle. I click "Submit,"
> the screen darkens, and a small and bright popup on the page
> appears in a random position that says "Click on me to prove
> you are a human being!"
This is a good idea, from a less-hassle perspective. This particular
solution, though, suffers from a few drawbacks. It would require that
javascript be enabled, and also a bot can potentially find any links.

However, it gives me an idea... what if a single large image appears (a
la lightbox as you describe) which is a montage that (via RMagick or
something) contained a background image overlaid by one or more randomly
placed images, including exactly one pony. Then you can say "click on
the pony to prove you are a human being." If this was implemented as an
imagemap, all browsers can participate, even those that don''t have
javscript enabled (though the presentation would be different). The
larger the image-to-pony ratio, the smaller the chance that a bot would
guess the required coordinates correctly. Combined with a three
strikes-and-you''re-out policy, this could potentially work,
d''ya think?

- Mark.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

> However, it gives me an idea... what if a single large image appears (a
> la lightbox as you describe) which is a montage that (via RMagick or
> something) contained a background image overlaid by one or more randomly
> placed images, including exactly one pony. Then you can say "click on
> the pony to prove you are a human being."
Haha! I love it. Pony Authentication.

Also,  what about a javascript observer which detected whether or not a
human being was typing into text fields...I mean a robot/spider won''t
be entering SPAM comments one character at a time...And then, if there
is any doubt (maybe you copy and pasted text into the text field), some
kind of user-hassle experience may be necessary.

There must be dozens of ways to take these kinds of responsibilities
OUT of the hands of users by making programs just a teeny bit smarter
in creative ways.

As far as javascript being on/off, I guess my thoughts are more focused
on the upcoming breed of javascript intensive aps that just won''t care
about those who have it off (by observation of reality). In otherwords,
the users will have javascript on, because they are looking for that
rich UI experience. Period.

lovelovelove
sudara


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

On Aug 28, 2006, at 11:54 AM, sudara wrote:
> Also,  what about a javascript observer which detected whether or  
> not a
> human being was typing into text fields...I mean a robot/spider
won''t
> be entering SPAM comments one character at a time...
these sorts of things have their limits.  back when netrek was  
popular, someone implemented a bot finding program that made some  
decisions based on how fast input came through.  it wound up finding  
some humans who used the program in unexpected ways.  beyond that,  
slow input is trivial to spoof.

-faisal




--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

On Mon, Aug 28, 2006 at 11:42:20AM -0400, Thomas, Mark - BLS CTR wrote:
} 
} sudara wrote:
} > I want to leave a nice comment without hassle. I click
"Submit,"
} > the screen darkens, and a small and bright popup on the page
} > appears in a random position that says "Click on me to prove
} > you are a human being!"
} 
} This is a good idea, from a less-hassle perspective. This particular
} solution, though, suffers from a few drawbacks. It would require that
} javascript be enabled, and also a bot can potentially find any links.
} 
} However, it gives me an idea... what if a single large image appears (a
} la lightbox as you describe) which is a montage that (via RMagick or
} something) contained a background image overlaid by one or more randomly
} placed images, including exactly one pony. Then you can say "click on
} the pony to prove you are a human being." If this was implemented as an
} imagemap, all browsers can participate, even those that don''t have
} javscript enabled (though the presentation would be different). The
} larger the image-to-pony ratio, the smaller the chance that a bot would
} guess the required coordinates correctly. Combined with a three
} strikes-and-you''re-out policy, this could potentially work,
d''ya think?

It''s a nice idea, but I''m skeptical. Show me an example image
that won''t
make the user feel like s/he is playing Where''s Waldo (i.e.
doesn''t annoy
the user) and has sufficient noise to make image recognition difficult.

} - Mark.
--Greg


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Ever noticed the "X" "Y" parameters in the form submit with
rails ?

Use captch to generate multiple images with words like "Submit",
"OhSpam", "NoNo", etc. Use that image with image_submit_tag
- use
those x,y parameters to detect if the user clicked on "Submit" or not.

Problem solved ?

On 8/28/06, Gregory Seidman
<gsslist+ror-dNXPQ6k9rNiG6BJUYyje5axOck334EZe@public.gmane.org>
wrote:
>
> On Mon, Aug 28, 2006 at 11:42:20AM -0400, Thomas, Mark - BLS CTR wrote:
> }
> } sudara wrote:
> } > I want to leave a nice comment without hassle. I click
"Submit,"
> } > the screen darkens, and a small and bright popup on the page
> } > appears in a random position that says "Click on me to prove
> } > you are a human being!"
> }
> } This is a good idea, from a less-hassle perspective. This particular
> } solution, though, suffers from a few drawbacks. It would require that
> } javascript be enabled, and also a bot can potentially find any links.
> }
> } However, it gives me an idea... what if a single large image appears (a
> } la lightbox as you describe) which is a montage that (via RMagick or
> } something) contained a background image overlaid by one or more randomly
> } placed images, including exactly one pony. Then you can say "click
on
> } the pony to prove you are a human being." If this was implemented as
an
> } imagemap, all browsers can participate, even those that don''t
have
> } javscript enabled (though the presentation would be different). The
> } larger the image-to-pony ratio, the smaller the chance that a bot would
> } guess the required coordinates correctly. Combined with a three
> } strikes-and-you''re-out policy, this could potentially work,
d''ya think?
>
> It''s a nice idea, but I''m skeptical. Show me an example
image that won''t
> make the user feel like s/he is playing Where''s Waldo (i.e.
doesn''t annoy
> the user) and has sufficient noise to make image recognition difficult.
>
> } - Mark.
> --Greg
>
>
> >
>

-- 
rm -rf / 2>/dev/null - http://null.in

Dont judge those who try and fail, judge those who fail to try..

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

> I want to know "Where are the
> simpler methods of identifying a person as a person when you are giving
> information to a website"
FYI, the phrase you''re looking for is "human interaction
proof" (HIP).  As
you''ve probably guessed, lots of people are interested in this topic;
you''ll
find people doing HIP work at many companies and universities.

 - James Moore


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

> FYI, the phrase you''re looking for is "human interaction
proof" (HIP).  As
> you''ve probably guessed, lots of people are interested in this
topic; you''ll
> find people doing HIP work at many companies and universities.
Very cool.

It is funny to me that telling the difference between a bot and a human
proves to be such a difficult task for a computer program. It says
something important, especially when you look at humans and the many
troubles they experience just using a computer. To add the fact that
''their computer'' wants them to prove their humanness is insult
to
injury.

After working for 2 years as a manager/technician at an IT support
firm, I really realized that I FLY around any user interface (known or
unknown) compared with 98% of the population. In other words, I don''t
(and probably you neither) have a problem intuitively figuring out how
to use something if it''s on a computer. As a web designe/programmer
this actually works against you - by default you are OK with CAPTCHA
and 25 other conventions that a normal user doesnt understand or want
to deal with. Over time, they learn to put up with some of them, and we
come up with better solutions for others.

Thanks for the responses, guys. 
lovelovelove
sudara


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

> 
> It''s a nice idea, but I''m skeptical. Show me an example
image
> that won''t
> make the user feel like s/he is playing Where''s Waldo (i.e. 
> doesn''t annoy
> the user) and has sufficient noise to make image recognition 
> difficult.
If you varied the backgrounds, pony images and non-pony images (say a
combination of cartoons and photos), it wouldn''t have to be difficult
at
all for humans, and there would be nothing particular a bot could key
on. For a bot, it would certainly orders of magnitude harder than the
letter systems used today.

- Mark.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

> -----Original Message-----
> From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org 
> [mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf
Of Pratik
> Sent: Monday, August 28, 2006 12:27 PM
> To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> Subject: [Rails] Re: CAPTCHA (was: Big Ideas For Those With Time)
> 
> 
> Ever noticed the "X" "Y" parameters in the form submit
with rails ?
> 
> Use captch to generate multiple images with words like 
> "Submit", "OhSpam", "NoNo", etc. Use that
image with
> image_submit_tag - use those x,y parameters to detect if the 
> user clicked on "Submit" or not.
> 
> Problem solved ?
No. What''s to prevent a bot from putting x,y parameters in a click?


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

On Mon, Aug 28, 2006 at 04:33:59PM -0400, Thomas, Mark - BLS CTR wrote:
} > It''s a nice idea, but I''m skeptical. Show me an example
image that
} > won''t make the user feel like s/he is playing Where''s
Waldo (i.e.
} > doesn''t annoy the user) and has sufficient noise to make image
} > recognition difficult.
} 
} If you varied the backgrounds, pony images and non-pony images (say a
} combination of cartoons and photos), it wouldn''t have to be difficult
at
} all for humans, and there would be nothing particular a bot could key
} on. For a bot, it would certainly orders of magnitude harder than the
} letter systems used today.

There are a lot of "would"s in the above paragraph. Please generate an
actual sample image. The discussion so far has amounted to hand-waving.
I''d
be excited to see an improved solution, but so far I haven''t *seen*
anything.

} - Mark.
--Greg


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

> > It''s a nice idea, but I''m skeptical. Show me an
example image
> > that won''t
> > make the user feel like s/he is playing Where''s Waldo (i.e.
> > doesn''t annoy
> > the user) and has sufficient noise to make image recognition
> > difficult.
Click on the dude with the baseball hat to prove your human-ness:
http://caboo.se/


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

> There are a lot of "would"s in the above paragraph. Please 
> generate an actual sample image. The discussion so far has 
> amounted to hand-waving. I''d be excited to see an improved 
> solution, but so far I haven''t *seen* anything.
Translation: Build it, and I''ll consider using it :-)

One image wouldn''t help you decide, when a major part of its
effectiveness comes from the variation in the images, positioning, etc. 

I don''t think that even the most covert NSA think tanks have developed
pony recognition software capable of distinguishing an arbitrary pony
image from that of other quadripeds, much less pick one out from a
larger image. :-)

- Mark.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

By having 100''s of such images with different "X",
"Y" parameters for "Submit".

On 8/28/06, Thomas, Mark - BLS CTR
<Thomas.Mark-R43zzhgHTig@public.gmane.org> wrote:
>
>
>
> > -----Original Message-----
> > From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> > [mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On
Behalf Of Pratik
> > Sent: Monday, August 28, 2006 12:27 PM
> > To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> > Subject: [Rails] Re: CAPTCHA (was: Big Ideas For Those With Time)
> >
> >
> > Ever noticed the "X" "Y" parameters in the form
submit with rails ?
> >
> > Use captch to generate multiple images with words like
> > "Submit", "OhSpam", "NoNo", etc. Use
that image with
> > image_submit_tag - use those x,y parameters to detect if the
> > user clicked on "Submit" or not.
> >
> > Problem solved ?
>
> No. What''s to prevent a bot from putting x,y parameters in a
click?
>
>
> >
>

-- 
rm -rf / 2>/dev/null - http://null.in

Dont judge those who try and fail, judge those who fail to try..

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Check out http://null.in:5000/

Just a quick proof of concept.

-Pratik

On 8/29/06, Pratik <pratiknaik-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> By having 100''s of such images with different "X",
"Y" parameters for "Submit".
>
> On 8/28/06, Thomas, Mark - BLS CTR
<Thomas.Mark-R43zzhgHTig@public.gmane.org> wrote:
> >
> >
> >
> > > -----Original Message-----
> > > From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> > > [mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org]
On Behalf Of Pratik
> > > Sent: Monday, August 28, 2006 12:27 PM
> > > To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> > > Subject: [Rails] Re: CAPTCHA (was: Big Ideas For Those With Time)
> > >
> > >
> > > Ever noticed the "X" "Y" parameters in the
form submit with rails ?
> > >
> > > Use captch to generate multiple images with words like
> > > "Submit", "OhSpam", "NoNo", etc.
Use that image with
> > > image_submit_tag - use those x,y parameters to detect if the
> > > user clicked on "Submit" or not.
> > >
> > > Problem solved ?
> >
> > No. What''s to prevent a bot from putting x,y parameters in a
click?
> >
> >
> > > >
> >
>
>
> --
> rm -rf / 2>/dev/null - http://null.in
>
> Dont judge those who try and fail, judge those who fail to try..
>

-- 
rm -rf / 2>/dev/null - http://null.in

Dont judge those who try and fail, judge those who fail to try..

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

On Mon, Aug 28, 2006 at 09:07:49PM -0000, sudara wrote:
> 
> > > It''s a nice idea, but I''m skeptical. Show me an
example image
> > > that won''t
> > > make the user feel like s/he is playing Where''s Waldo
(i.e.
> > > doesn''t annoy
> > > the user) and has sufficient noise to make image recognition
> > > difficult.
> 
> Click on the dude with the baseball hat to prove your human-ness:
> http://caboo.se/
None of these need actually be programmatically broken. They can be
easily bypassed with a little creative forwarding and free porn.

http://boingboing.net/2004/01/27/solving_and_creating.html


-- 
				- Adam

** Expert Technical Project and Business Management
**** System Performance Analysis and Architecture
****** [ http://www.adamfields.com ]

[ http://www.aquick.org/blog ] ............ Blog
[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.flickr.com/photos/fields ] ... Photos
[ http://www.aquicki.com/wiki ].............Wiki

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Pratik Naik wrote:
> Check out http://null.in:5000/
> 
> Just a quick proof of concept.
Yes, this is what I was talking about, except with images. Optical 
Character Recognition (OCR) is far more advanced than Optical Pony 
Recognition (OPR).

- Mark.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

On 29 Aug 2006, at 18:03, Mark Thomas wrote:
>
> Pratik Naik wrote:
>> Check out http://null.in:5000/
>>
>> Just a quick proof of concept.
>
> Yes, this is what I was talking about, except with images. Optical
> Character Recognition (OCR) is far more advanced than Optical Pony
> Recognition (OPR).
While I realise it''s a proof of concept, how would it be envisioned  
that this could be made accessible? I''m not sure how present CAPTCHA  
systems work for those using screen readers. Any ideas?

Alastair

------
Alastair Moore
Standards compliant web development with Ruby On Rails, PHP and ASP
www.kozmo.co.uk
07738 399038




--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

On 8/29/06, Alastair Moore
<alastair-mb+lb5rSoAr10XsdtD+oqA@public.gmane.org>
wrote:
>
>
>
> On 29 Aug 2006, at 18:03, Mark Thomas wrote:
>
>
> Pratik Naik wrote:
> Check out http://null.in:5000/
>
> Just a quick proof of concept.
>
> Yes, this is what I was talking about, except with images. Optical
> Character Recognition (OCR) is far more advanced than Optical Pony
> Recognition (OPR).
>
> While I realise it''s a proof of concept, how would it be
envisioned that
> this could be made accessible? I''m not sure how present CAPTCHA
systems work
> for those using screen readers. Any ideas?
>
> Alastair
>
>
> ------
Larger sites typically offer an alternative captcha, for example an
audio captcha, for those who have poor sight.

- Rob

-- 
http://www.robsanheim.com
http://www.seekingalpha.com
http://www.ajaxian.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

So, the pony express is easily buildable, bot-proof, not-porn proof,
and not accessible.

Thanks Pratik for the example - it''s really clear.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

I''ve posted the hacked code at
http://null.in/2006/08/30/paptcha-a-captcha-killer/ , in case anyone
is interested.

Thanks,
Pratik

On 8/30/06, sudara <markswilliams-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> So, the pony express is easily buildable, bot-proof, not-porn proof,
> and not accessible.
>
> Thanks Pratik for the example - it''s really clear.
>
>
> >
>

-- 
rm -rf / 2>/dev/null - http://null.in

Dont judge those who try and fail, judge those who fail to try..

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

Sorry, this should have gone out a couple of days ago but I was interrupted
and forgot about it for a while.

On Mon, Aug 28, 2006 at 09:07:49PM -0000, sudara wrote:
} > > It''s a nice idea, but I''m skeptical. Show me an
example image that
} > > won''t make the user feel like s/he is playing
Where''s Waldo (i.e.
} > > doesn''t annoy the user) and has sufficient noise to make
image
} > > recognition difficult.
} 
} Click on the dude with the baseball hat to prove your human-ness:
} http://caboo.se/

Actually, that''s pretty compelling. I have a few concerns, though:

1) file size (which really means bandwidth usage)
2) automated generation such that the target image is dependably distinct
   from the noise images
3) human time required to name/index images
4) ease or difficulty of training an image recognizer

In the interest of clarity, I will define the terms I am using in the
discussion below. I''ll be talking about target images, noise images,
feature phrases, and collages. A feature phrase is simply a textual phrase
identifying a feature of an image. A collage is a generated image that is
presented to the user with a feature phrase. The user is expected to click
in the region of the collage that shows the target image, i.e. the
component image of the collage corresponding to the given feature phrase.
All other component images in the collage are noise images. Note that the
same generated image can be used in multiple different collages by
associating it with different feature phrases, thus making a different
component image the target image. Likewise, target and noise images are
only identified as such in the context of a collage. Whew. Okay, on to the
discussion.

A typical captcha image is 4-12kb; the setup you show on caboo.se uses 17
images of 9-41kb. This isn''t entirely fair as a comparison, however,
since
one would use a single generated image. A screengrab of the combined image,
saved to a JPEG compressed at very low quality, still comes out to 18kb. It
may not look like much, but 18kb vs. 4kb more than quadruples the bandwidth
used for human identification. That doesn''t necessarily mean it
isn''t worth
it, but it counts against the idea.

Assume for the moment that you have a large set of images intended to be
target images in collages, each of which is identified with some specific
feature that you will be asking the human to find (e.g. baseball cap). If
you have a separate set of noise images, you will need to be sure that none
of them have a feature that has been identified in a target image. If you
do not have that information, your image generator may have one particular
target image in mind for a particular collage, but another component image
may satisfy the feature phrase. Generating the information requires human
work. This leads nicely into the next concern...

Human work is a significant cost. You need a human to look at every
component image your generator will be using and either associate at least
one feature phrase with it or verify that it does not satisfy any other
feature phrases. That assumes two separate pools of images, however: one
for target images and one for noise images. If you have a single pool then
a human will still need to examine each image, but it will be necessary to
identify every plausible feature of each image to avoid generating a
collage in which more than one component image satisfies the feature
phrase. (Yes, you can allow multiple target collage regions, but that
doesn''t change the human work involved; the generation process still
needs
to be aware of multiple target images.) This also leads nicely into the
concern that follows...

Image recognition algorithms are pretty good these days. They are also very
trainable. If I, as a spammer, go to your site and see this kind of
identification system I can tell my spambot that this feature phrase goes
with the image in this region. A decent recognition algorithm should be
able to identify the same image in another collage with high confidence,
regardless of rotation and scaling (and humans start having problems with
identification if you apply other transformations).

So now let''s put all these concerns together:

Suppose you have 1000 component images associated one-to-one with feature
phrases. (It''s irrelevant whether you are using a split pool or not.
Multiple feature phrases per image and multiple images per feature phrase
will have an effect on the numbers, but it''s a linear multiplier.)
We''ll
assume the collages are generated offline, so ignore online CPU costs. You
deliver up a collage to a spammer, who tells his spambot that the component
image in the appropriate region corresponds to the given feature phrase. He
does this 105 more times, which is the expected number of times needed to
see 10% of the target images and feature phrases. Now the spambot can
consistently get through the captcha 10% of the time. With a few dozen
zombified Windows boxes to attack it, 10% is certainly enough to put a
steady stream of spam on your site.

Meanwhile, how much effort have you expended? You tagged 1000 component
images with features phrases (no mean task), and possibly verified that
some larger number of noise images do not conflict with the target images.
Let''s say it takes five minutes to tag each target image with a feature
phrase. That comes out to 83 hours and 20 minutes, which is two full-time
weeks.

How much effort did the spammer expend? Suppose it also took him five
minutes for each attempt, though two or three is probably more realistic.
That''s eight hours and 50 minutes. It''s more than a
day''s work, but it''s a
lot less than two weeks. If it only takes him two minutes each, that''s
a
measly 3:32. If 5% is a sufficient hit rate for his purposes, that time
gets even shorter.

Ultimately, you''re serving larger files than captchas, you have to tag
all
of your images by hand, which takes a tremendous amount of human time, and
with very little human time a spammer can train an image recognizer to get
a sufficient probability of success to accomplish his goals. You lose worse
than you would with a captcha, and you pay more for it.

--Greg


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

@Pratik: +1 for posting the code!

@Greg. How about this:

CAPTCHA''s strength:
Bots can''t read the obscured text being presented in the image. Stop
there.

My primary concern:
Reducing the software''s demand on humans.

Everything else (such as bandwidth, accessiblity) is important, but
secondary to the notion that a user must WORK to
participate/contribute/use your software. Maybe I am from Mars, but
CAPTCHA is just *one* of those many features that have snuck their way
into (especially web) apps that sacrifice real usability in a glaring
and obvious way. Excess form fields? Bad UI design? Clear copy?
Terribly important but these come second in my book to ''make the user
do work that software should do''

Pony Authentication isn''t 100% better, but it''s a hell of a
lot easier
to identify a pony and click it than it is to ask a user to read and
type what looks like a unix admin''s password.

A solution offered by someone who wrote to me privately follows,
blatently plagerized as it was well expressed:

1. Put up a bunch of pictures (5x5 grid?), and ask the user to click
one at random.  "please click the picture of the young girl".

2. Use captcha-style noise generation to create a graphic which
includes the instructions.  people are good at reading words, even with
noise.  they don''t have to get each letter right, they just need to
know that it said "young girl" rather than "purple wolf".
randomizing
the graphic with the instructions means that the computer
can''t automatically match up pairs.

Faisal, the author of that concept combined the stregth of CAPTCHA with
the strength of Pony Authentication. The Bot can''t read the
instructions, asking a user to make *one single click*

Greg, I don''t know if that sounds like I''m avoiding your
well-thought
out and practical line of questioning, but I''m a fan of just pulling
back to the main idea and going from there if it looks like a specific
implementation isn''t practical.

Right now, it looks like Pony Authentication as described by Faisal
would be a *better* solution than CAPTCHA given that the priority is to
minimize user demand.  Most users would rather spend 1-5 seconds
downloading some extra images then 10 seconds acting like a chimp,
hunting and pecking on the keyboard. 

chao,
sudara


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

On Thu, Aug 31, 2006 at 04:41:48PM -0000, sudara wrote:
[...]
} CAPTCHA''s strength:
} Bots can''t read the obscured text being presented in the image. Stop
} there.
} 
} My primary concern:
} Reducing the software''s demand on humans.
[...]
} Pony Authentication isn''t 100% better, but it''s a hell of a
lot easier
} to identify a pony and click it than it is to ask a user to read and
} type what looks like a unix admin''s password.

It is, indeed, easier. It is easy enough for a spambot to do.

} A solution offered by someone who wrote to me privately follows,
} blatently plagerized as it was well expressed:
} 
} 1. Put up a bunch of pictures (5x5 grid?), and ask the user to click
} one at random.  "please click the picture of the young girl".
} 
} 2. Use captcha-style noise generation to create a graphic which
} includes the instructions.  people are good at reading words, even with
} noise.  they don''t have to get each letter right, they just need to
} know that it said "young girl" rather than "purple wolf".
randomizing
} the graphic with the instructions means that the computer
} can''t automatically match up pairs.
} 
} Faisal, the author of that concept combined the stregth of CAPTCHA with
} the strength of Pony Authentication. The Bot can''t read the
} instructions, asking a user to make *one single click*

This isn''t bad. On the other hand, see the other branch of this thread
about doing it all in text, which has several advantages over both captchas
and "Pony Authentication":

- it is accessible to the visually impaired
- it requires less bandwidth (no images)
- it requires minimal effort to develop lists of questions and answers

} Greg, I don''t know if that sounds like I''m avoiding your
well-thought
} out and practical line of questioning, but I''m a fan of just pulling
} back to the main idea and going from there if it looks like a specific
} implementation isn''t practical.

If you aren''t familiar with the state of the art in AI algorithms and
don''t
do the analysis of your candidate solutions, you don''t have the tools
to
determine whether they will achieve your goals. I gave you an analysis of
"Pony Authentication". If you are willing to accept those tradeoffs,
it is
a viable solution for you; if not, then it isn''t.

Also, you need to be clear about what you are optimizing, and metrics for
evaluating the dimensions you are optimizing. If you are only minimizing
user demand, you don''t use any verification system at all and spam gets
posted. If you are also minimizing spam that gets posted, you must have a
way of relating the value of minimizing one or the other. Even so, the
appropriate solution in that case is to skip the verification system and
just not publish anything until it''s been reviewed by a human.

Realistically, you are optimizing on many variables including, but not
limited to:

- ease of use
- quantity of spam
- delay between submission and publication
- cost (which is really a combination of human time, bandwidth costs, etc.)

Before adopting a solution you need a decently solid idea of where the
proposed solution lies in this high-dimensional space.

So carry on your out-of-the-box thinking and visionary adventures. Just
remember that a proposed solution that doesn''t solve your problem
isn''t of
much use. It''s a lot better to know that before implementing it and
putting
it in production.

} Right now, it looks like Pony Authentication as described by Faisal
} would be a *better* solution than CAPTCHA given that the priority is to
} minimize user demand.  Most users would rather spend 1-5 seconds
} downloading some extra images then 10 seconds acting like a chimp,
} hunting and pecking on the keyboard. 

Your last sentence is presented as a statement of fact, yet I suspect it is
simply a statement of what you believe to be intuitively true. I know of no
evidence to support it; do you? The studies I''ve seen show that users
perceive a length of time spent waiting for something to happen as a much
longer time than the same length of time when they are actually doing
something.

I know I''m beating a dead horse, and that this isn''t likely to
actually
change your thinking in these things, but I''m going to say it anyway.
There
is plenty of computer science and cognitive science research that covers
the things you are thinking about. The literature is published, and much of
the information is available from a Google search. Thinking outside the box
is not the same as pontificating from a position of ignorance. You can only
see farther by standing on the shoulders of those who have gone before you
if you know what they learned.

} chao,
} sudara
--Greg


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---

http://www.kittenauth.com/

That''s right.

On 1-Sep-06, at 10:56 AM, Gregory Seidman wrote:
>
> On Thu, Aug 31, 2006 at 04:41:48PM -0000, sudara wrote:
> [...]
> } CAPTCHA''s strength:
> } Bots can''t read the obscured text being presented in the image.
Stop
> } there.
> }
> } My primary concern:
> } Reducing the software''s demand on humans.
> [...]
> } Pony Authentication isn''t 100% better, but it''s a hell
of a lot
> easier
> } to identify a pony and click it than it is to ask a user to read and
> } type what looks like a unix admin''s password.
>
> It is, indeed, easier. It is easy enough for a spambot to do.
>
> } A solution offered by someone who wrote to me privately follows,
> } blatently plagerized as it was well expressed:
> }
> } 1. Put up a bunch of pictures (5x5 grid?), and ask the user to click
> } one at random.  "please click the picture of the young girl".
> }
> } 2. Use captcha-style noise generation to create a graphic which
> } includes the instructions.  people are good at reading words,  
> even with
> } noise.  they don''t have to get each letter right, they just need
to
> } know that it said "young girl" rather than "purple
wolf".
> randomizing
> } the graphic with the instructions means that the computer
> } can''t automatically match up pairs.
> }
> } Faisal, the author of that concept combined the stregth of  
> CAPTCHA with
> } the strength of Pony Authentication. The Bot can''t read the
> } instructions, asking a user to make *one single click*
>
> This isn''t bad. On the other hand, see the other branch of this
thread
> about doing it all in text, which has several advantages over both  
> captchas
> and "Pony Authentication":
>
> - it is accessible to the visually impaired
> - it requires less bandwidth (no images)
> - it requires minimal effort to develop lists of questions and answers
>
> } Greg, I don''t know if that sounds like I''m avoiding
your well-
> thought
> } out and practical line of questioning, but I''m a fan of just
pulling
> } back to the main idea and going from there if it looks like a  
> specific
> } implementation isn''t practical.
>
> If you aren''t familiar with the state of the art in AI algorithms
> and don''t
> do the analysis of your candidate solutions, you don''t have the  
> tools to
> determine whether they will achieve your goals. I gave you an  
> analysis of
> "Pony Authentication". If you are willing to accept those  
> tradeoffs, it is
> a viable solution for you; if not, then it isn''t.
>
> Also, you need to be clear about what you are optimizing, and  
> metrics for
> evaluating the dimensions you are optimizing. If you are only  
> minimizing
> user demand, you don''t use any verification system at all and spam
> gets
> posted. If you are also minimizing spam that gets posted, you must  
> have a
> way of relating the value of minimizing one or the other. Even so, the
> appropriate solution in that case is to skip the verification  
> system and
> just not publish anything until it''s been reviewed by a human.
>
> Realistically, you are optimizing on many variables including, but not
> limited to:
>
> - ease of use
> - quantity of spam
> - delay between submission and publication
> - cost (which is really a combination of human time, bandwidth  
> costs, etc.)
>
> Before adopting a solution you need a decently solid idea of where the
> proposed solution lies in this high-dimensional space.
>
> So carry on your out-of-the-box thinking and visionary adventures.  
> Just
> remember that a proposed solution that doesn''t solve your problem
> isn''t of
> much use. It''s a lot better to know that before implementing it
and
> putting
> it in production.
>
> } Right now, it looks like Pony Authentication as described by Faisal
> } would be a *better* solution than CAPTCHA given that the priority  
> is to
> } minimize user demand.  Most users would rather spend 1-5 seconds
> } downloading some extra images then 10 seconds acting like a chimp,
> } hunting and pecking on the keyboard.
>
> Your last sentence is presented as a statement of fact, yet I  
> suspect it is
> simply a statement of what you believe to be intuitively true. I  
> know of no
> evidence to support it; do you? The studies I''ve seen show that
users
> perceive a length of time spent waiting for something to happen as  
> a much
> longer time than the same length of time when they are actually doing
> something.
>
> I know I''m beating a dead horse, and that this isn''t
likely to
> actually
> change your thinking in these things, but I''m going to say it  
> anyway. There
> is plenty of computer science and cognitive science research that  
> covers
> the things you are thinking about. The literature is published, and  
> much of
> the information is available from a Google search. Thinking outside  
> the box
> is not the same as pontificating from a position of ignorance. You  
> can only
> see farther by standing on the shoulders of those who have gone  
> before you
> if you know what they learned.
>
> } chao,
> } sudara
> --Greg
>
>
> >

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk
-~----------~----~----~----~------~----~------~--~---