use Perl

• Funny Little Images - trivial to work around (Score:3, Interesting)

  by jcwren (3026)

  Personally, I think the images are a waste of time. merlyn (Randal Schwartz) did a column in Web Techniques for the same basic thing.

  Never one to resist a pointless challenge, before the article hit print, I wrote a "cracker" for it. The write-up is here [perlmonks.org], for those that may be interested.

  You're going to have to get a lot more tricky than 3 letters with a consistent font to stop a 'bot. Most of the time is invested in creating the font table, but once you've got that, the pattern matching is trival.
  • Re:Funny Little Images - trivial to work around (Score:2, Insightful)

    by jcwren (3026)

    No, mostly because I'd have to build the font maps. But in loading the images several times, the fonts all appear consistent, along with their positioning. The slight color in the background is easily worked around.

    The down side to the images is that it makes posting with lynx pretty darn impossible. And considering that a great many Perl users are *nix users, that doesn't seem like a nice thing to do. Even if lynx *does* represent a small viewer-shared.

    --jcwren
    • Re:Funny Little Images - trivial to work around (Score:2, Informative)

      by pudge (1)

      As to whether it is not nice for the users, that's not relevant to anything in particular that we're doing right now. Sites don't have to use this. As I said, we are testing it. I don't know of any site that we are working on that will turn it on for posting comments on a regular basis.
      
      And I do doubt how "easily" you could work around things. What if every letter were a different color with a different background, with dithering all throughout? As Jamie notes, it's trivial to add things like that, and
      • Re:Funny Little Images - trivial to work around (Score:1)

        by dito (152) on 2002.04.17 22:45 (#7211) Homepage

        Could somebody shoot Tim Berners Lee so he can turn in his grave!
        
        Am I missing something or is this a big two fingers to blind users? Maybe you could put the letters in the ALT tag ;-)
        
        Helping put this in slashcode is just as bad as Adobe allowing publishers to disable "Read Aloud" on their e-books. The argument that sites/publishers don't actually have to use it is no more a defense for slashcode than it is for Adobe.
        

        Reply to This

        Parent

        • Re:Funny Little Images - trivial to work around (Score:1)

          by jamiemccarthy (664)

          We're not happy about its effect on blind users, but images are not the only possibility for this kind of verification. We hope in future to offer alternate methods -- I'm thinking audio snippets, in particular. We can also set up a method for admins to exempt particular accounts. Etc.

          The nature of the internet is that it's trivial to DDoS any site that allows anonymous or semi-anonymous postings. Some Slash sites are actively targeted by hostile users for scripted attacks, and those sites need defenses.
          • Re:Funny Little Images - trivial to work around (Score:1)

            by dito (152)

            I wrote a long (constructive) response to this but the combination of IE and the absolutely shit bag of a Chinese internet cafe I'm in just ate it on me!
            
            Basically it amounted to doing a few checks on the recent history of the IP address an account is being registered from or a check on the history of a doubtful account (all new accounts being doubtful until they prove themselves). If the checks fail, then get them to pass a humanity test.
            
            This should mean that a blind person would have to be unlucky when j
        • Re:Funny Little Images - trivial to work around (Score:1)

          by 2shortplanks (968)

          It's like the ability for an administrator to remove comments. It's probably a bad idea to use in most implmentations, but some possible uses of Slash might need it.

          From what I understand about Slash (having no more experience than reading the book) the code base isn't intended to enforce any policy on the admins of Slash systems. That policy is up to the admins - the code gives them the freedom to make their own decisions.
          • Re:Funny Little Images - trivial to work around (Score:1)

            by dito (152)

            I just think it's a bad solution to the problem. Jcwren has already very quickly cracked it and making it harder to crack just excludes an even larger section of sight-impaired users.
            
            And when a DOSer does finally crack the latest version. you're goosed again until you can find some other way of obscuring the letters and thus exclude even more people!
            
            Monitoring account creation activity and the posting activity of accounts that have yet to prove themselves would be a much sturdier way of doing things and d