Has anyone tried a ASCII Captcha method. To use a similar method like
this ASCII generator (http://www.network-science.de/ascii/)

Or even gone the next level and have an ASCII based simple math question?

I know this isnt strictly a PHP question but spam free sites are very
dear to us.

Ólafur Waage
olafurw@gmail.com

At 9:27 PM +0000 8/28/08, Ólafur Waage wrote:
>Has anyone tried a ASCII Captcha method. To use a similar method like
>this ASCII generator (http://www.network-science.de/ascii/)
>
>Or even gone the next level and have an ASCII based simple math question?
>
>I know this isnt strictly a PHP question but spam free sites are very
>dear to us.
>
>Ólafur Waage
>olafurw@gmail.com

These are what I've come up with:

http://webbytedd.com/aa/assorted-captcha/

Cheers,

tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

> Has anyone tried a ASCII Captcha method. To use a similar method like
> this ASCII generator (http://www.network-science.de/ascii/)
>
> Or even gone the next level and have an ASCII based simple math question?

My advice is to stick with what works. Though if you really wanted to
you could investigate using Figlet to generate some ASCII and use that
in a basic CAPTCHA.

--
Richard Heyes

HTML5 Graphing:
http://www.phpguru.org/RGraph

On 29 Aug 2008, at 03:45, tedd wrote:
> These are what I've come up with:
>
> http://webbytedd.com/aa/assorted-captcha/

Just curious tedd, but what do you mean by "CAPTCHA's show the world
that you really haven't thought this out". If you have a better
alternative I'd love to hear about it.

-Stut

--
http://stut.net/

> CAPTCHA's don't work. Don't depend upon them for any of your projects.

Sure they do. My blog comments were getting spammed to death. Now I've
put a captcha on I rarely have to deal with spam. I'd say that's
working.

> CAPTCHA's present accessibility problems for people with disabilities.

These can be alleviated by, for example, adding a sound option like
Recapture has. Not perhaps a 100% solution, but it does
tremendously.

> CAPTCHA's show the world that you really haven't thought this out.

Actually my captchas show the world some funky coloured text... :-)

--
Richard Heyes

HTML5 Graphing:
http://www.phpguru.org/RGraph

Hello there,
> Actually my captchas show the world some funky coloured text... :-)

I just wondering. What if we show captcha using ASCII ART format.

like
<pre>
|||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
|||| `||| |||` |||`` ```|| |||` ` ||||||
||||| || |||| |||||| ||` .... |. .... |` ... |||||
||||| |` .|||| |||||| | ||||| .||| ||``|.|. ```|.||||||
||||| . `||| |||||| | ||||||||||| .. .||||. `|||||
||||| || ||| `||||` |. `||||``||` ||.|` `||.. |||||
||||` `` .|||| ||||. .|` . ``` .|||||
|||..... S ...||||||||.. I .||||||||.. R .||||.... I .....|||.. K .||||||||
|||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
|||||||||||||||||||||||||||| BUCES BBS ||||||||||||||||||||||||||||||
|||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||

</pre>
(I'm not sure it was showed correct)

Even coloured one.

What is your opinions ?

Regards

Sancar

> <pre>
> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
> |||| `||| |||` |||`` ```|| |||` ` ||||||
> ||||| || |||| |||||| ||` .... |. .... |` ... |||||
> ||||| |` .|||| |||||| | ||||| .||| ||``|.|. ```|.||||||
> ||||| . `||| |||||| | ||||||||||| .. .||||. `|||||
> ||||| || ||| `||||` |. `||||``||` ||.|` `||.. |||||
> ||||` `` .|||| ||||. .|` . ``` .|||||
> |||..... S ...||||||||.. I .||||||||.. R .||||.... I .....|||.. K .||||||||
> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
> |||||||||||||||||||||||||||| BUCES BBS ||||||||||||||||||||||||||||||
> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>
> </pre>
> (I'm not sure it was showed correct)

It didn't, but pasting it into notepad made everything OK... Even
after that though, it wasn't particularly readable.

--
Richard Heyes

HTML5 Graphing:
http://www.phpguru.org/RGraph

Thats exactly what i am talking about Richard.

Ólafur Waage
olafurw@gmail.com

2008/8/29 Richard Heyes <richard@php.net>:
>> <pre>
>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>> |||| `||| |||` |||`` ```|| |||` ` ||||||
>> ||||| || |||| |||||| ||` .... |. .... |` ... |||||
>> ||||| |` .|||| |||||| | ||||| .||| ||``|.|. ```|.||||||
>> ||||| . `||| |||||| | ||||||||||| .. .||||. `|||||
>> ||||| || ||| `||||` |. `||||``||` ||.|` `||.. |||||
>> ||||` `` .|||| ||||. .|` . ``` .|||||
>> |||..... S ...||||||||.. I .||||||||.. R .||||.... I .....|||.. K .||||||||
>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>> |||||||||||||||||||||||||||| BUCES BBS ||||||||||||||||||||||||||||||
>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>>
>> </pre>
>> (I'm not sure it was showed correct)
>
> It didn't, but pasting it into notepad made everything OK... Even
> after that though, it wasn't particularly readable.
>
> --
> Richard Heyes
>
> HTML5 Graphing:
> http://www.phpguru.org/RGraph
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

I just realized that i should have said ASCII Art but not just ASCII,
it was so clear in my head but i notice now how it could have been
misunderstood.

Ólafur Waage
olafurw@gmail.com

2008/8/29 Ólafur Waage <olafurw@gmail.com>:
> Thats exactly what i am talking about Richard.
>
> Ólafur Waage
> olafurw@gmail.com
>
> 2008/8/29 Richard Heyes <richard@php.net>:
>>> <pre>
>>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>>> |||| `||| |||` |||`` ```|| |||` ` ||||||
>>> ||||| || |||| |||||| ||` .... |. .... |` ... |||||
>>> ||||| |` .|||| |||||| | ||||| .||| ||``|.|. ```|.||||||
>>> ||||| . `||| |||||| | ||||||||||| .. .||||. `|||||
>>> ||||| || ||| `||||` |. `||||``||` ||.|` `||.. |||||
>>> ||||` `` .|||| ||||. .|` . ``` .|||||
>>> |||..... S ...||||||||.. I .||||||||.. R .||||.... I .....|||.. K .||||||||
>>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>>> |||||||||||||||||||||||||||| BUCES BBS ||||||||||||||||||||||||||||||
>>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
>>>
>>> </pre>
>>> (I'm not sure it was showed correct)
>>
>> It didn't, but pasting it into notepad made everything OK... Even
>> after that though, it wasn't particularly readable.
>>
>> --
>> Richard Heyes
>>
>> HTML5 Graphing:
>> http://www.phpguru.org/RGraph
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>

At 9:07 AM +0100 8/29/08, Stut wrote:
>On 29 Aug 2008, at 03:45, tedd wrote:
>>These are what I've come up with:
>>
>>http://webbytedd.com/aa/assorted-captcha/
>
>Just curious tedd, but what do you mean by "CAPTCHA's show the world
>that you really haven't thought this out". If you have a better
>alternative I'd love to hear about it.
>
>-Stut

-Stut :

I claim that for most web sites, they don't need a CAPTCHA -- so why
use one? CAPTCHA's carry a lot of accessibility baggage.

There are many of high profile sites that don't use CAPTCHA (i.e.,
Eric Meyers, Chris Shiflett). Instead they have developed other
methods, such as attending to their sites and monitoring post.

I concede that if an evil-doer wants to make things hard on you by
automated posting, then it's an uphill battle that can be effectively
fought by using a CAPTCHA. But I claim there has to be a better way.

While I've been working on the problem (on/off) for several years, I
haven't found an acceptable solution. Of course, better minds than
mine have tried and failed, but I always think that I might do better
-- a flaw in my personality, I just don't know any better.

In any event, I've approached on the problem from two sides:

1. To create a CAPTCHA that would be difficult for automated systems
to break but easy for the user to navigate -- my Arrow CAPTCHA is the
best I could create. However, I'm sure with a little effort from
someone like you or Rob, it can be broken.

In addition, my arrow CAPTCHA is for the sighted and that leaves out
a lot of people. My Audio CAPTCHA works well for the blind, but that
too can be broken.

2. To create a server-side method that monitors who's making the
post, frequency of the posts, and content of the post before allowing
the post. While I'm not finished, this is something that I continue
to work on. I think that direction shows the most opportunity for
success.

So, when I say "CAPTCHA's show the world that you really haven't
thought this out", that's what I mean. I still haven't thought this
out either. But I think there'a better solution and I'll keep working
trying to find one.

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

At 10:00 AM +0100 8/29/08, Richard Heyes wrote:
> > CAPTCHA's don't work. Don't depend upon them for any of your projects.
>
>Sure they do. My blog comments were getting spammed to death. Now I've
>put a captcha on I rarely have to deal with spam. I'd say that's
>working.

Yes, it's working for you -- but what about the people who can't
navigate your CAPTCHA? They can't even tell you they are having
problems.

In addition, all CAPTCHA's can be broken. If someone really wants to
spam your site, they will. You're not flying below the radar, you're
just not a big enough target to waste a missile on.

> > CAPTCHA's present accessibility problems for people with disabilities.
>
>These can be alleviated by, for example, adding a sound option like
>Recapture has. Not perhaps a 100% solution, but it does
tremendously.

If you will notice, I do include an audio CAPTCHA in my assorted CAPTCHA's:

http://webbytedd.com/aa/assorted-captcha/

But, that doesn't solve the problem of accessibility, it just reduces
the problem, and actually increases the possibility of your site
getting spammed by providing two doors for entry.

> > CAPTCHA's show the world that you really haven't thought this out.
>
>Actually my captchas show the world some funky coloured text... :-)

Now you throw possible contrast problems into the mix. Will your
colors pass this test:

http://webbytedd.com/c/access-color/

No matter how many times you cut this rope, it's still too short.

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

On 29 Aug 2008, at 15:15, tedd wrote:
> At 9:07 AM +0100 8/29/08, Stut wrote:
>> On 29 Aug 2008, at 03:45, tedd wrote:
>>> These are what I've come up with:
>>>
>>> http://webbytedd.com/aa/assorted-captcha/
>>
>> Just curious tedd, but what do you mean by "CAPTCHA's show the
>> world that you really haven't thought this out". If you have a
>> better alternative I'd love to hear about it.
>>
>> -Stut
>
> -Stut :
>
> I claim that for most web sites, they don't need a CAPTCHA -- so why
> use one? CAPTCHA's carry a lot of accessibility baggage.
>
> There are many of high profile sites that don't use CAPTCHA (i.e.,
> Eric Meyers, Chris Shiflett). Instead they have developed other
> methods, such as attending to their sites and monitoring post.
>
> I concede that if an evil-doer wants to make things hard on you by
> automated posting, then it's an uphill battle that can be
> effectively fought by using a CAPTCHA. But I claim there has to be a
> better way.
>
> While I've been working on the problem (on/off) for several years, I
> haven't found an acceptable solution. Of course, better minds than
> mine have tried and failed, but I always think that I might do
> better -- a flaw in my personality, I just don't know any better.
>
> In any event, I've approached on the problem from two sides:
>
> 1. To create a CAPTCHA that would be difficult for automated systems
> to break but easy for the user to navigate -- my Arrow CAPTCHA is
> the best I could create. However, I'm sure with a little effort from
> someone like you or Rob, it can be broken.
>
> In addition, my arrow CAPTCHA is for the sighted and that leaves out
> a lot of people. My Audio CAPTCHA works well for the blind, but that
> too can be broken.
>
> 2. To create a server-side method that monitors who's making the
> post, frequency of the posts, and content of the post before
> allowing the post. While I'm not finished, this is something that I
> continue to work on. I think that direction shows the most
> opportunity for success.
>
> So, when I say "CAPTCHA's show the world that you really haven't
> thought this out", that's what I mean. I still haven't thought this
> out either. But I think there'a better solution and I'll keep
> working trying to find one.

I agree with some of what you're saying here, but only to a certain
extent. CAPTCHA's are a tool that can be applied to any number of
different situations, so a blanket statement like that cannot possibly
apply. For some situations they are absolutely required (example
coming up), for others they're certainly not the best answer.

The main project I work on at the moment is a classified ad site and
it has CAPTCHA's in three places. The first is when you place an ad.
If this wasn't there we'd have a much more difficult job dealing with
scam and spam ads, something we can't currently afford to throw more
effort at. This is an example of making it a little bit harder for
automated posting to happen, but we know it's not 100% effective and
we have other mechanisms in place to catch stuff that gets past it,
but it's a good first step and knocks out the really stupid attempts.

The other two places are when a user contacts us for support, and when
someone sends a message to another user about one of their ads.
Without the CAPTCHA both of these suffer from a huge amount of aimless
automated postings. This is the main thing a CAPTCHA does for any site.

Out there in the wide wide world there are numerous scripts that
simply crawl the web looking for forms to post to on the off-chance
it's going to turn out to be unprotected. Depending on the form
handler this can result in anything from them posting content on a
website with a view to getting SEO juice to being able to use the form
as a mail proxy. These scripts don't care if each post works, they
just try because it's nearly free to do so. In the above scenarios not
having the CAPTCHA there to stop them would result in spam in our
support system and even worse than that, spam in users mailboxes.

So I agree that CAPTCHA's do not and cannot solve the problem of
unwanted form submissions, but they're a damn good start. Whatever we
do, the simple fact that we want users to be able to do something
means that anyone can do it whether they have good intentions or bad,
but we can put up as many obstacles to automation as normal users can
live with. CAPTCHA's are only a defence against automation, not bad
people and that's a very important thing to understand.

As for attending to sites and monitoring posts, that's all very well
until you end up dealing with >10k posts a day. Our CAPTCHA's stop
over 70% of form submissions on my site and I thank $DEITY they're
there because otherwise I'd never sleep (not that I do that much
anyway).

The reason I asked the question is that your comments on that page
imply that only lazy developers use them when this is far from the
truth. They are a valuable tool and until something better comes along
I'm gonna use them as part of my sites defences, unless you're
volunteering to moderate >7k messages for me for free? Didn't think
so

-Stut

--
http://stut.net/

On Aug 29, 2008, at 10:30 AM, tedd wrote:

> No matter how many times you cut this rope, it's still too short.

So, I'm curious, what do you suggest?

As near as I can tell, even with all of the problems (many of which
can be mitigated with enough effort) associated with the use of
Captcha's, a good implementation is currently the best solution to the
problem.

At 3:41 PM +0100 8/29/08, Stut wrote:

-Stut:

>I agree with some of what you're saying here, but only to a certain
>extent. CAPTCHA's are a tool that can be applied to any number of
>different situations, so a blanket statement like that cannot
>possibly apply.

Of course blanket statements can't apply to everything, but they can
generate debate and thus the reason why I wrote it that way -- to
generate discussion.

---
>The main project I work on at the moment is a classified ad site and
>it has CAPTCHA's in three places.

-snip-

I understand there are different reasons behind the use of CAPTCHA's,
but in the end they still present accessibility problems. And their
use is a trade-off that you accept.

In essence you are saying I understand the problems and this is my
best solution. You are cutting out a segment of the population due to
the fact that you cannot create a better solution.

Don't get me wrong -- I fully understand the problems involved and
there may not be a better solution. But to employ CAPTCHA's, means
that there isn't.

---
>So I agree that CAPTCHA's do not and cannot solve the problem of
>unwanted form submissions, but they're a damn good start.

I agree with most of that, but I think the "they're a damn good
start" is really "this works and that's that."

It's like the saying "Why are the things I'm looking for always in
the last place I find them?" They are because once you find them, you
stop looking. Likewise, the CAPTCHA is a good place to stop.

---
>Whatever we do, the simple fact that we want users to be able to do
>something means that anyone can do it whether they have good
>intentions or bad, but we can put up as many obstacles to automation
>as normal users can live with. CAPTCHA's are only a defence against
>automation, not bad people and that's a very important thing to
>understand.


That's a very good point. I often think that people who employ these
tactics (spam automation) actually know what they are doing when in
fact they may not. They may be ignorant of the harm they cause.

---
>The reason I asked the question is that your comments on that page
>imply that only lazy developers use them when this is far from the
>truth. They are a valuable tool and until something better comes
>along I'm gonna use them as part of my sites defences, unless you're
>volunteering to moderate >7k messages for me for free? Didn't think
>so

I didn't mean to imply laziness, but now that you mentioned it -- on
one hand we say that CAPTCHA is good enough until something else
comes along, but on the other hand, because we are using CAPTCHA,
there's no need to develop something else.

I realize that this problem is difficult and may be one of those
thing that can't be solved with current technology -- I may be Don
Quixote looking at windmills differently than others.

Thanks for your comments,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

At 10:45 AM -0400 8/29/08, Eric Gorr wrote:
>On Aug 29, 2008, at 10:30 AM, tedd wrote:
>
>>No matter how many times you cut this rope, it's still too short.
>
>So, I'm curious, what do you suggest?
>
>As near as I can tell, even with all of the problems (many of which
>can be mitigated with enough effort) associated with the use of
>Captcha's, a good implementation is currently the best solution to
>the problem.

Read my other replies.

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

On Fri, 2008-08-29 at 10:38 +0000, Ólafur Waage wrote:
> I just realized that i should have said ASCII Art but not just ASCII,
> it was so clear in my head but i notice now how it could have been
> misunderstood.

You do realize that the ascii rendering below is just a bitmap. Most
captcha crackers can handle bitmaps. The cracker would just need a
little tweaking to first convert to a real bitmap.

Cheers,
Rob.




>
> Ólafur Waage
> olafurw@gmail.com
>
> 2008/8/29 Ólafur Waage <olafurw@gmail.com>:
> > Thats exactly what i am talking about Richard.
> >
> > Ólafur Waage
> > olafurw@gmail.com
> >
> > 2008/8/29 Richard Heyes <richard@php.net>:
> >>> <pre>
> >>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
> >>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
> >>> |||| `||| |||` |||`` ```|| |||` ` ||||||
> >>> ||||| || |||| |||||| ||` .... |. .... |` ... |||||
> >>> ||||| |` .|||| |||||| | ||||| .||| ||``|.|. ```|.||||||
> >>> ||||| . `||| |||||| | ||||||||||| .. .||||. `|||||
> >>> ||||| || ||| `||||` |. `||||``||` ||.|` `||.. |||||
> >>> ||||` `` .|||| ||||. .|` . ``` .|||||
> >>> |||..... S ...||||||||.. I .||||||||.. R .||||.... I .....|||.. K .||||||||
> >>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
> >>> |||||||||||||||||||||||||||| BUCES BBS ||||||||||||||||||||||||||||||
> >>> |||||||||||||||||||||||||||||||||||||||||||||||||| |||||||||||||||||||||||||
> >>>
> >>> </pre>
> >>> (I'm not sure it was showed correct)
> >>
> >> It didn't, but pasting it into notepad made everything OK... Even
> >> after that though, it wasn't particularly readable.
> >>
> >> --
> >> Richard Heyes
> >>
> >> HTML5 Graphing:
> >> http://www.phpguru.org/RGraph
> >>
> >> --
> >> PHP General Mailing List (http://www.php.net/)
> >> To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >>
> >
>
--
http://www.interjinn.com
Application and Templating Framework for PHP

On 29 Aug 2008, at 16:33, tedd wrote:
> At 3:41 PM +0100 8/29/08, Stut wrote:
>> The main project I work on at the moment is a classified ad site
>> and it has CAPTCHA's in three places.
>
> -snip-
>
> I understand there are different reasons behind the use of
> CAPTCHA's, but in the end they still present accessibility problems.
> And their use is a trade-off that you accept.
>
> In essence you are saying I understand the problems and this is my
> best solution. You are cutting out a segment of the population due
> to the fact that you cannot create a better solution.
>
> Don't get me wrong -- I fully understand the problems involved and
> there may not be a better solution. But to employ CAPTCHA's, means
> that there isn't.

That's putting words in other people's mouths. Use of CAPTCHA's isn't
the same as stating the Earth is flat and refusing to entertain
alternative theories. CAPTCHA's are a first line of defence and as
such I'll use them until I ro someone else comes up with something
better. I don't see that as defeat, but in the real world I can't say
"I don't have a 100% effective defence so I'm not going to use the 70%
defence I do have". Seem to me to be a very odd position to take.

>> So I agree that CAPTCHA's do not and cannot solve the problem of
>> unwanted form submissions, but they're a damn good start.
>
> I agree with most of that, but I think the "they're a damn good
> start" is really "this works and that's that."
>
> It's like the saying "Why are the things I'm looking for always in
> the last place I find them?" They are because once you find them,
> you stop looking. Likewise, the CAPTCHA is a good place to stop.

Who ever said we've stopped? Again, it's one tool in a toolbox, but
certainly not one that should be ignored.

>> Whatever we do, the simple fact that we want users to be able to do
>> something means that anyone can do it whether they have good
>> intentions or bad, but we can put up as many obstacles to
>> automation as normal users can live with. CAPTCHA's are only a
>> defence against automation, not bad people and that's a very
>> important thing to understand.
>
> That's a very good point. I often think that people who employ these
> tactics (spam automation) actually know what they are doing when in
> fact they may not. They may be ignorant of the harm they cause.

I highly doubt that. There may be a few who use off-the-shelf scripts
without really knowing what they're doing, but I would bet the
majority fully understand what they're doing and most of them don't
care. I *know* some of them thing they're "adding value".

>> The reason I asked the question is that your comments on that page
>> imply that only lazy developers use them when this is far from the
>> truth. They are a valuable tool and until something better comes
>> along I'm gonna use them as part of my sites defences, unless
>> you're volunteering to moderate >7k messages for me for free?
>> Didn't think so
>
> I didn't mean to imply laziness, but now that you mentioned it -- on
> one hand we say that CAPTCHA is good enough until something else
> comes along, but on the other hand, because we are using CAPTCHA,
> there's no need to develop something else.

I think this is very naive and coming from you tedd it surprises me.
Very few developers have time to put everything on hold because the
tools they have are not 100% effective - I certainly don't. I really
wish I did, but this is the real world where the almighty pound is
king. I'd love to see the faces at the next board meeting when I say
"no progress this month because we've been trying to come up with
something better than CAPTCHA's".

The community as a whole is trying to come up with something better
but these things take time, money and a good dose of unpredictable
inspiration. Something better will arrive, until then I'm using the
tools I have to do the best job I can.

> I realize that this problem is difficult and may be one of those
> thing that can't be solved with current technology -- I may be Don
> Quixote looking at windmills differently than others.

Most of the problems CAPTCHA's are intended to protect against are
social rather than technological. This is also important to
understand. As I mentioned earlier, if you want your normal users to
be able to do something, the evil ones will also be able to do it.

The best defence against dodgy inputs I've seen so far has been having
a good community on the site who pro-actively look for and take action
against it. Best example I can think of this late in the day is
Wikipedia.

-Stut

--
http://stut.net/

On Aug 29, 2008, at 11:33 AM, tedd wrote:

> I understand there are different reasons behind the use of
> CAPTCHA's, but in the end they still present accessibility problems.
> And their use is a trade-off that you accept.

Nonsense. There is no reason why the usage of Captcha's would need to
present accessibility problems.

> I didn't mean to imply laziness, but now that you mentioned it -- on
> one hand we say that CAPTCHA is good enough until something else
> comes along, but on the other hand, because we are using CAPTCHA,
> there's no need to develop something else.

Nonsense. There are people constantly working on better systems to
fight spam, etc. Need proof? Just lift your head up and look around a
little.

At a minimum, a better system that everyone uses could mean billions
to the inventor that patent's the system...that is reason enough to
keep working to the next best thing.

On Fri, 2008-08-29 at 11:33 -0400, tedd wrote:
>
> I understand there are different reasons behind the use of CAPTCHA's,
> but in the end they still present accessibility problems. And their
> use is a trade-off that you accept.

Not using CAPTCHAs and allowing the amount of spam posted to a site to
exist presents an accessibility problem for all.

Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP

At 1:15 PM -0400 8/29/08, Robert Cummings wrote:
>On Fri, 2008-08-29 at 11:33 -0400, tedd wrote:
>>
>> I understand there are different reasons behind the use of CAPTCHA's,
>> but in the end they still present accessibility problems. And their
>> use is a trade-off that you accept.
>
>Not using CAPTCHAs and allowing the amount of spam posted to a site to
>exist presents an accessibility problem for all.
>
>Cheers,
>Rob.


That's another side of the coin -- the problem is complex.

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

At 12:17 PM -0400 8/29/08, Eric Gorr wrote:
>On Aug 29, 2008, at 11:33 AM, tedd wrote:
>
>>I understand there are different reasons behind the use of
>>CAPTCHA's, but in the end they still present accessibility
>>problems. And their use is a trade-off that you accept.
>
>Nonsense. There is no reason why the usage of Captcha's would need
>to present accessibility problems.


No offense, but please look into it.

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

At 5:06 PM +0100 8/29/08, Stut wrote:
>On 29 Aug 2008, at 16:33, tedd wrote:
>>I didn't mean to imply laziness, but now that you mentioned it --
>>on one hand we say that CAPTCHA is good enough until something else
>>comes along, but on the other hand, because we are using CAPTCHA,
>>there's no need to develop something else.
>
>I think this is very naive and coming from you tedd it surprises me.

From my perspective, I think it naive to look at this in any other way.

For example, how much time have you invested in finding a better way?
I'm not pointing a finger at you and saying "You need to drop
everything and come up with a solution before moving on." But I am
saying that you are using a CAPTCHA until someone else comes up with
a better way. Is that not true?

So, in essence my statement above is not naive but rather factual.
Factual is not naive.


>Very few developers have time to put everything on hold because the
>tools they have are not 100% effective - I certainly don't. I really
>wish I did, but this is the real world where the almighty pound is
>king. I'd love to see the faces at the next board meeting when I say
>"no progress this month because we've been trying to come up with
>something better than CAPTCHA's".

You are missing the point. I'm not telling you to stop anything.

I am saying -- however -- that we continue (myself included) to use
technology that hurts others. That does not justify our actions -- it
only provides an excuse.


>The best defence against dodgy inputs I've seen so far has been
>having a good community on the site who pro-actively look for and
>take action against it. Best example I can think of this late in the
>day is Wikipedia.

As I see it, I could be wrong, but that's just an example of
"developers" who are not taking the easy way out, but rather trying
to solve the problem by using something other than CAPTCHA, like the
ones I posted earlier.

Look, we are not in disagreement -- I understand that you have
deadlines and projects that can't be put on hold and all the other
excuses you cite -- actually, so do I. But in the end, we are doing
this at the cost of accessibility for others. We shouldn't lose sight
of that.

Cheers,

tedd

--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

>> I understand there are different reasons behind the use of CAPTCHA's, but
>> in the end they still present accessibility problems. And their use is a
>> trade-off that you accept.
>
> Nonsense. There is no reason why the usage of Captcha's would need to
> present accessibility problems.

CAPTCHAs are intentionally not the easiest thing to read. If they
were, there wouldn't be a great deal of point having them.

--
Richard Heyes

HTML5 Graphing:
http://www.phpguru.org/RGraph