To clarify my comment about “Funny+Troll”, and follow up on CF and your comments about funny vs. offtopic...
Funny is the only moderation that has no net effect on karma. The lowest possible score for a post is -1; normally this limits the amount of karma you can lose per post. However, getting Funny mods bumps your post score back up, which means it can be moderated down again. A post that is repeatedly modded +1 Funny and -1 Offtopic, Troll, Flamebait, or Overrated can quickly burn through a lot of karma.
Moderators aren’t always perfectly oblivious to this, of course... I’d like to hope that most mods would hesitate to mod a Funny post Overrated just because they think it isn’t very funny. And I’m sure some mods will also occasionally mod a Funny post Underrated, Insightful, Informative, or Interesting to give you a little karma boost as a reward for a post that they think deserves it.
It’s both. Use HTML5, but also build a way that works right now on existing infrastructure so you don’t drop compatibility for the users who don’t support HTML5 yet. As the referred-to +5 poster said:
As long as people are putting in "safe" fall-backs, then this really isn't a problem.
When you try to scale it up, the overhead becomes significant.
Of course, as I understand it every open HTTP connection normally means a corresponding thread running on the server, which scales even less well. But that was what Facebook did with Tornado, IIRC: broke the one-to-one relationship so that one thread on the server could handle multiple idle HTTP connections.
Shows you how to build realtime user experiences by adding features on your site without making big changes to the existing infrastructure
Without making big changes to the existing infrastructure. It also mentions that the Tornado web server was acquired by Facebook and made open source. This is stuff that works right now, not whenever browsers get around to supporting HTML5.
but really, if each unique forum had their own method of signing up, with their own not-a-bot questions that couldn't be guessed automatically... I expect almost *all* forums would be "low-profile".
No... all you’d do is force them to produce something versatile enough (plugin-extensible, perhaps) to attack all of them.
The situation is no different for the file hosting/downloading sites (RapidShare, Megaupload, Hotfile, just to name a few), all of which have implemented various captcha/timer systems to prevent automated downloading. jDownloader supports over a hundred such sites and would only need a plugin added to support any new site that was created. In all cases it will handle wait times automatically, and in some cases it will even perform its own captcha recognition. When it can’t, it just pops up a box displaying the captch and asking for the user to enter it.
With regards to #1... Windows’ Preview application is doing weird things for some reason. Yes, the bizarre behaviour you described exists, but it shouldn’t... open up the images as layers in GIMP and toggle visibility on the topmost layer to verify. Or, highlight both images, right click, and select Preview – this’ll let you toggle between them by repeatedly pressing only the right arrow, instead of going left/right. This will eliminate the flicker after a few keypresses, and you’ll also notice that the missing column of pixels never goes missing again in either of the images.
I actually suspect they tweaked the levels on #7 and forgot to tell us. To be honest though I hadn’t got that far... I’d noticed no differences in the first 5 images or so and quit comparing them.
Do you sell ads on your website? Seems to me that it might be in your own best interest to donate some advertising to Firefox.
You could probably find a way to get a tax deduction, too, for the amount you’d normally have charged for the ads. The Mozilla Foundation is a non-profit IIRC.
Keep in mind that it’s also entirely possible that some guy in India is getting paid fractions of a cent to make those posts. It might not necessarily be a spambot.
I, and lots of other people, read at -1. Don’t assume that just because you’re starting at 0 nobody will read your post; Anonymous Coward posts at 0 by default.
If you want to get your karma back up, here are a few things to keep in mind. They may or may not help, but hey, it’s free advice.
Post early. Don’t post often. Make sure you aren’t just repeating someone else’s post. Funny doesn’t give you karma. Funny+Troll burns karma quickly. Sometimes it’s what you say. Sometimes it’s how you say it.
First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts.... A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.
For another example of this exact thing, just look at slashdot user clint999.
Well, his other point was, who’s going to complain? the robot?
Chances are the human operator doesn’t even know what happened to the account, the robot just flags it as deactivated and asks the human to feed it more accounts. They probably don’t have any way of telling that somebody hacked the account and closed it vs. e-mailing the e-mail provider and having it shut down properly.
Of course the main question (in my mind, at least) is why spammers are registering forum accounts with the same password they used to register the junk e-mail account that they’re registering under...
He’s thought of that already, and seems to have his case made. RTFA.
RD: If I were taking over an account that was created by a human being who actually cared to contribute to my forums, yes that would be illegal.
FIP: Are you concerned about the possible legal consequences of your actions?
RD: Here is the reasoning I use, and I know that a lot of people argue it. Especially now that I have a few dedicated forums whose only reason for existing is that they capture the login credentials of forum spammers, my feeling is that they're not people, they're robots. Xrumer [a forum spamming software] is a 100% automated process. The human has to set up the email address where the responses get sent for things like confirming your account by clicking on a link, but everything after that is done by the software. No human being is harmed by what I do, only a piece of software. If they cared, they would pay attention to the fact that these accounts are getting taken over very regularly by me. They don't. They just set up new accounts and start over.
It's hard to feel "bad" about taking these accounts over. All I can tell you is that I have never taken over any account that was not very obviously being solely used repeatedly to auto-register to forums. In fact by the time I get to them it's obvious that the spammer only set them up from 1 - 6 days prior to me taking it over. There are no human-written messages in any of these accounts. I certainly would not have gone so public with this activity if there had been. Only purely automated messaging has ever been present in any of these, and I have enough hard data to back that up.
Basically he claims that since a robot registered the e-mail accounts, you aren’t infringing on any person’s rights.
Eric Schmidt? Isn’t he that guy who got pissed at CNET after one of their reporters posted some information about him (found on Google, of course) that he thought was a little bit too personal? Wasn’t he the one who dragged Kate Bohmer into court over a picture she posted on her blog?
Does anybody still take him seriously on the question of online privacy?
The thing I hate about Firefox Portable is its complete inability to sandbox itself properly. It loads any Firefox extensions it finds on the computer you’re running it from, so you end up with lots of extensions that you don’t want (even without Firefox installed, there’s probably at least half a dozen extensions just waiting for Firefox to find them)... and it is difficult and tedious to make the extensions that you do want portable in case you want to run it on a computer doesn’t already have them installed.
I love Firefox, but this is a major shortcoming in the portable version.
And you can make the Goatse image yourself easily enough in GIMP... Slashdot wouldn’t display a thumbnail anyway, I’ll let you figure out what sites to post it on...
Yeah, if you took a sample with a higher percentage of Linux users the IE browser share would probably be more like 75%.
Erm... wait what?
Re:Too focused on being perfect
on
Analyzing CAPTCHAs
·
· Score: 3, Insightful
Then they’re designed wrong.
You should at least skim over the paper, that’s actually a significant portion of what it’s focused on... finding something that humans are good at and bots are not. As better bots have been written, that may have changed significantly... most present CAPTCHA systems are relatively broken.
Slashdot Mirror
To clarify my comment about “Funny+Troll”, and follow up on CF and your comments about funny vs. offtopic...
Funny is the only moderation that has no net effect on karma. The lowest possible score for a post is -1; normally this limits the amount of karma you can lose per post. However, getting Funny mods bumps your post score back up, which means it can be moderated down again. A post that is repeatedly modded +1 Funny and -1 Offtopic, Troll, Flamebait, or Overrated can quickly burn through a lot of karma.
Moderators aren’t always perfectly oblivious to this, of course... I’d like to hope that most mods would hesitate to mod a Funny post Overrated just because they think it isn’t very funny. And I’m sure some mods will also occasionally mod a Funny post Underrated, Insightful, Informative, or Interesting to give you a little karma boost as a reward for a post that they think deserves it.
It’s both. Use HTML5, but also build a way that works right now on existing infrastructure so you don’t drop compatibility for the users who don’t support HTML5 yet. As the referred-to +5 poster said:
As long as people are putting in "safe" fall-backs, then this really isn't a problem.
When you try to scale it up, the overhead becomes significant.
Of course, as I understand it every open HTTP connection normally means a corresponding thread running on the server, which scales even less well. But that was what Facebook did with Tornado, IIRC: broke the one-to-one relationship so that one thread on the server could handle multiple idle HTTP connections.
Shows you how to build realtime user experiences by adding features on your site without making big changes to the existing infrastructure
Without making big changes to the existing infrastructure. It also mentions that the Tornado web server was acquired by Facebook and made open source. This is stuff that works right now, not whenever browsers get around to supporting HTML5.
Why don't they use straight sockets and TCP/IP? Why does it have to be HTTP?
Straight sockets and TCP/IP in client-side Javascript?
The point is to make it work with Javascript/AJAX. Since you can’t open an arbitrary port and listen, you open an XMLHttpRequest and wait for data.
but really, if each unique forum had their own method of signing up, with their own not-a-bot questions that couldn't be guessed automatically... I expect almost *all* forums would be "low-profile".
No... all you’d do is force them to produce something versatile enough (plugin-extensible, perhaps) to attack all of them.
The situation is no different for the file hosting/downloading sites (RapidShare, Megaupload, Hotfile, just to name a few), all of which have implemented various captcha/timer systems to prevent automated downloading. jDownloader supports over a hundred such sites and would only need a plugin added to support any new site that was created. In all cases it will handle wait times automatically, and in some cases it will even perform its own captcha recognition. When it can’t, it just pops up a box displaying the captch and asking for the user to enter it.
With regards to #1... Windows’ Preview application is doing weird things for some reason. Yes, the bizarre behaviour you described exists, but it shouldn’t... open up the images as layers in GIMP and toggle visibility on the topmost layer to verify. Or, highlight both images, right click, and select Preview – this’ll let you toggle between them by repeatedly pressing only the right arrow, instead of going left/right. This will eliminate the flicker after a few keypresses, and you’ll also notice that the missing column of pixels never goes missing again in either of the images.
I actually suspect they tweaked the levels on #7 and forgot to tell us. To be honest though I hadn’t got that far... I’d noticed no differences in the first 5 images or so and quit comparing them.
*blushes*
MS Word
As a matter of fact, I did just that. Theirs is a hopeless mess of spaghetti.
http://ompldr.org/vNXFndg/lawsuitmap.gif
Do you sell ads on your website? Seems to me that it might be in your own best interest to donate some advertising to Firefox.
You could probably find a way to get a tax deduction, too, for the amount you’d normally have charged for the ads. The Mozilla Foundation is a non-profit IIRC.
Keep in mind that it’s also entirely possible that some guy in India is getting paid fractions of a cent to make those posts. It might not necessarily be a spambot.
Unless you give them a different challenge question every time, they don’t need to. Are you generating context-aware challenge questions on the fly?
Those only work because you’re a low-profile target. They’d be trivially easy to defeat if anyone actually wanted to spam you.
I, and lots of other people, read at -1. Don’t assume that just because you’re starting at 0 nobody will read your post; Anonymous Coward posts at 0 by default.
If you want to get your karma back up, here are a few things to keep in mind. They may or may not help, but hey, it’s free advice.
Post early. Don’t post often. Make sure you aren’t just repeating someone else’s post. Funny doesn’t give you karma. Funny+Troll burns karma quickly. Sometimes it’s what you say. Sometimes it’s how you say it.
First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts. ... A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.
For another example of this exact thing, just look at slashdot user clint999.
http://slashdot.org/~clint999
Last post was yesterday... it’s still active. Funnily enough it almost always posts exactly 30 min. after the hour, but not every hour.
Well, his other point was, who’s going to complain? the robot?
Chances are the human operator doesn’t even know what happened to the account, the robot just flags it as deactivated and asks the human to feed it more accounts. They probably don’t have any way of telling that somebody hacked the account and closed it vs. e-mailing the e-mail provider and having it shut down properly.
Of course the main question (in my mind, at least) is why spammers are registering forum accounts with the same password they used to register the junk e-mail account that they’re registering under...
He’s thought of that already, and seems to have his case made. RTFA.
RD: If I were taking over an account that was created by a human being who actually cared to contribute to my forums, yes that would be illegal.
FIP: Are you concerned about the possible legal consequences of your actions?
RD: Here is the reasoning I use, and I know that a lot of people argue it.
Especially now that I have a few dedicated forums whose only reason for existing is that they capture the login credentials of forum spammers, my feeling is that they're not people, they're robots. Xrumer [a forum spamming software] is a 100% automated process. The human has to set up the email address where the responses get sent for things like confirming your account by clicking on a link, but everything after that is done by the software. No human being is harmed by what I do, only a piece of software. If they cared, they would pay attention to the fact that these accounts are getting taken over very regularly by me. They don't. They just set up new accounts and start over.
It's hard to feel "bad" about taking these accounts over. All I can tell you is that I have never taken over any account that was not very obviously being solely used repeatedly to auto-register to forums. In fact by the time I get to them it's obvious that the spammer only set them up from 1 - 6 days prior to me taking it over. There are no human-written messages in any of these accounts. I certainly would not have gone so public with this activity if there had been. Only purely automated messaging has ever been present in any of these, and I have enough hard data to back that up.
Basically he claims that since a robot registered the e-mail accounts, you aren’t infringing on any person’s rights.
I doubt that it’d fly, actually, but who knows.
Eric Schmidt? Isn’t he that guy who got pissed at CNET after one of their reporters posted some information about him (found on Google, of course) that he thought was a little bit too personal? Wasn’t he the one who dragged Kate Bohmer into court over a picture she posted on her blog?
Does anybody still take him seriously on the question of online privacy?
The thing I hate about Firefox Portable is its complete inability to sandbox itself properly. It loads any Firefox extensions it finds on the computer you’re running it from, so you end up with lots of extensions that you don’t want (even without Firefox installed, there’s probably at least half a dozen extensions just waiting for Firefox to find them)... and it is difficult and tedious to make the extensions that you do want portable in case you want to run it on a computer doesn’t already have them installed.
I love Firefox, but this is a major shortcoming in the portable version.
Not quite the same – but nevertheless (I couldn’t find the original of the one I was referring to): http://forum.osdev.org/viewtopic.php?p=158449#p158449
And you can make the Goatse image yourself easily enough in GIMP... Slashdot wouldn’t display a thumbnail anyway, I’ll let you figure out what sites to post it on...
Just went to check, and you appear to be right... I can’t find the banner ad anywhere.
FTFY.
the actual correct spelling
Well, the actual spelling is also the correct one. Thanks for that clarification!
Yeah, if you took a sample with a higher percentage of Linux users the IE browser share would probably be more like 75%.
Erm... wait what?
Then they’re designed wrong.
You should at least skim over the paper, that’s actually a significant portion of what it’s focused on... finding something that humans are good at and bots are not. As better bots have been written, that may have changed significantly... most present CAPTCHA systems are relatively broken.