lol, making money isn't my primary interest, but the hosting isn't free and it is nice to get some money for the site. nor is it fair to imply that I can *either* create good content *or* run ads. I think (hope) that I manage to do both on my site. In fact, with contextual ads it makes much more sense to create good content than not to. You might even find that running ads makes people create better quality pages (though I wouldn't bet on that).
I'd sure rather look at ads than have to pay for content.
Having said that, I do plan on getting a paypal donate button for the site, so I'll see how ads compare against donations.
yes, obviously. But why are you telling me this? I sometimes click google ads, either out of genuine interest or as a way of thanking the webmaster of the site running the ads for a good webpage. I don't see how your response was relvant?
sure, if you dig through the entire history of the article to make sure that the bit you're citing/using/reading has survived the almost non-existent "peer review process", then you can be sure of.. what? that it isn't vandalism? no - it could have just slipped through the net (and when you're looking for something like a date, who's going to know if the battle of actium gets changed from 31 to 32 BC?).
The difference between wikipedia and normal websites is that normal websites aren't editable by just anyone. So, if the general quality of a webpage is high, then you can reasonably assume that the quality of any given citation is likely to be high. But that just isn't the case with wikipedia; just because article one (or even paragraph one) is well written and researched, that doesn't even go a little way to showing that article/paragraph two is going to be.
"Google now has access to the cookies and subsequently browsing history of vast numbers of web users" no it doesn't, the cookies reside on MY computer, and I purge my cookies every time I close the browser.
and what's wrong with cookies? nothing! sure, doubleclick can link the IDs together to form a *partial* internet history, but they can do that with my IP address/userAgent combo. I'm sure my adblocker*/useragent/ip forms a fairly unique signature. What does this give google that they didn't have before? As far as I can see, it just buys them a whopping chunk of target audience, but the data? they could have got that themselves, and cheaper.
* by which I mean, have the parent page try to load a bunch of commonly-but-not-by-default blocked images/url/paths. If there are 300 people sharing my IP, it's not likely that they all block the same paths nor that they all use the same version of the same browser. Thus we can generate a fairly unique signature for users behind shared IPs, without having to use cookies. I'm sure there's other info like screen resolution/colour depthat could be added to give greater accuracy. anyway, my point is/was that the cookies are basically useless, it's the target market that google wanted.
they could pay them, but only if they also paid for broadband and hardware first. third-world kids need water, not RSI. My point is that it's much more likely that your neighbor will sit there solving captchas for cash than some starving kid with cholera. get some perspective, please.
of course, if we're talking only about what's practical rather than what's possible, then sure, your crapcha will work nicely to stop spam. for now. As I said above, even a simple "are you going to spam this forum" yes/no works for the moment. It won't work forever.
For the foreseeable future, only real image based captchas will work*, and even they are susceptible to human labour circumvention.
I don't really care about what works now, I want something that will work forever.
*any kind; kittenauth is a great idea, but normal warped text is still good (but I am biased in that regard, having written a popular PHP captcha...)
"I asked you to write an algorithm, given a site with that as the first string captcha. You don't yet know how it generates them" no you didn't, and if you had, it would have represented an unrealistic scenario. I can refresh your site a million times and then work out the way you perform the transformation. what's your point? mine is that by reducing a hard AI problem* to a text-processing problem, you've made spamming a fuckload easier.
"did you remember to include "as differentiated from" as a negation?" if it appeared on your site while I was testing, then yes, I did.
unless you've come up with a program that can ask infinitely-random-yet-humanly-answerable-but-not-c omputer-answerable questions, in which case, go pick up that honorary degree from MIT instead of wasting your time with spambots.
"In fact, your algorithm as written doesn't work -- there are two numbers referenced" no, there weren't.
* ok, it's becoming an easier AI problem, but still not as easy as NLP. remember that I (the spammer) don't have to get it right 100% of the time. 70% would do nicely for this task.
if it's generated by an algorithm, it can be deconstructed using an algorithm.
find a representation of a number, find the last word relating to precedence that is not prefaced by a "not" word, do the math, enter the answer.
next super-hard conundrum?
notice, if I'd said "find a representation of a number, find the last word relating to precedence, do the math, enter the answer." you could reply "ahh, but what if I write this:" "tell me basically, that number three, which ever number comes after it, wait, not before it, what is that" the 'not' rule is easily accounted for.
you can make it as complicated as you like, but if the complications are only sometimes applied, I'll just keep re-requesting the text until I get a nice simple one If they're always applied then you're going to end up with questions like this:
"three seven nine. take the second number of the previous sentence. add the first. times by two. ignore all of that and add the last to the first and minus the second, then move the number two up, what's that?"
and then the problem is that anyone who's either not english/american, or is stupid or lazy can't post.
and I could easily write a script to deal with that sort of sentence, too..
that solution is simply circumvented; crop the resultant images to a 5x5 pixel rectangle in the center, and use the md5 hash of that. i'm sure you'd end up with a workable lookup table after a while.
"but my transform function is changing the RGB values of each pixel"
yes, but with a 5x5 chunk you can account for +1/-1/0 deviations easily, and even higher transformations won't be too hard. I'm sure each image would represent a unique range of possible deviations. Even if you end up needing a 300Gb database, that's not too hard to auto-generate, you know..
imo, the only solution is centrally managed, and trusted database of known spammer IPs. yes, I know there are massive problems with that (new IPs entering spamhood, old ones being dropped and becoming legit). Those problems can be overcome, trust me.
because the answer is up for debate. I'm currently writing a 5000 word paper on it. both answers "yes" and "no" are right, depending on your reasoning, and whether you believe non-Euclidean geometries are anything more than an intellectual curiosity.:-)
that is true. even if just have three submit buttons, and only one submits to the right place*, you'll still cut your spam by 66%.
But that is only true today.
If everyone did that, spammers would soon figure out the system and bypass it.
Captcha authors** are trying to avoid an arms race. sure, you can upgrade your simple crapcha every 6 months to keep up to date with spammers, or you can put a good one in place once. Much better the latter, methinks.
It's not about what spammers are doing now, it's about what they could do tomorrow.
Please, please, please, everybody, stop claiming that "what is 2+2?" is a hard AI question. I could code something in a hour to defeat most of this sort of question, and give me a week and a budget and I'll write something to get past 95% of these type of questions.
If the text is parsable, it takes nothing to google it. I mean, those two examples you give; just slap it into google and screenscrape it. So you're going to need harder questions than that.
So the next generation of crapchas will ask "what color is the sky". Go and take a glance at ultraHal or another relatively advance NLP AI; a large knowledgebase is not hard to construct. When it doesn't know, it guesses. If it gets it right, then the knowledgebase increases by one fact.
So then, what, you have to ask "Given that all bleeps and blue, and blank is a bleep, is blank blue?" Not only is that also easily computationally solved, but also a lot of people aren't going to be able to answer (smartass questions about stopping spam and idiots aside)
So *then* I suppose you have to ask "In the first mathematical antimony, does Kant conclusively prove both that there can have been no beginning to time and that there must have been a beginning to time?" and give the user a 255 character textarea to put their answer in.
So... please, text question based captchas are DOOMED TO FAIL. stop thinking that they could work. They can't.
re: adblock - agreed. I don't block google ads, because they're not intrusive, and I know how clicking the ads is a great way to say thanks to the webmaster.
re: "very least popup a message" - that's a joke right? popup a message. on a non-js browser. how? (yes, that last one is pedantic, it's geek humour. get it or leave)
and that the joke was based on the fact that no matter how calmly and cleverly and patiently you explain it, people just aren't getting it. hence the exasperated tone conveyed in my OP.
How about we force everyone to have a.unsafe TLD, so it would be microsoft.com.unsafe, google.com.unsafe
It would reinforce the idea that !!!NOTHING IS SAFE ONLINE!!!
I mean, how loud do we have to shout it before people finally get it?!
Let's try it a few more times:
HEY USERS! NOTHING IS SAFE! PEOPLE ARE EVIl! THE INTERNET IS A BAD PLACE! NOTHING IS SAFE ONLINE! NOTHING!!!!! NOT EVEN PAYPAL!!!! NOTHING IS SAFE ONLINE!
LISTEN!
NOTHING IS SAFE ONLINE!
c'mon guys, chant with me, perhaps they'll realise if we all chant together
NOTHING IS SAFE ONLINE! NOTHING IS SAFE ONLINE! NOTHING IS SAFE ONLINE!
damn, it's not working.
I guess people will always be stupid, no matter how many clever people try to stop them.
sorry, cultural wall here. I'm from the UK, I don't get what you're saying. "Presidential speeches broadcast live, on all networks, every time." you mean they are, and it's bad, or do you mean they're not, and they should?
Slashdot Mirror
lol, making money isn't my primary interest, but the hosting isn't free and it is nice to get some money for the site. nor is it fair to imply that I can *either* create good content *or* run ads. I think (hope) that I manage to do both on my site. In fact, with contextual ads it makes much more sense to create good content than not to. You might even find that running ads makes people create better quality pages (though I wouldn't bet on that).
I'd sure rather look at ads than have to pay for content.
Having said that, I do plan on getting a paypal donate button for the site, so I'll see how ads compare against donations.
yes, obviously. But why are you telling me this? I sometimes click google ads, either out of genuine interest or as a way of thanking the webmaster of the site running the ads for a good webpage. I don't see how your response was relvant?
funny, I block everything apart from google ads. not only do they *shock* sometimes look interesting, but it's also a nice way to thank the webmaster.
sure, if you dig through the entire history of the article to make sure that the bit you're citing/using/reading has survived the almost non-existent "peer review process", then you can be sure of.. what? that it isn't vandalism? no - it could have just slipped through the net (and when you're looking for something like a date, who's going to know if the battle of actium gets changed from 31 to 32 BC?).
The difference between wikipedia and normal websites is that normal websites aren't editable by just anyone. So, if the general quality of a webpage is high, then you can reasonably assume that the quality of any given citation is likely to be high. But that just isn't the case with wikipedia; just because article one (or even paragraph one) is well written and researched, that doesn't even go a little way to showing that article/paragraph two is going to be.
"Google now has access to the cookies and subsequently browsing history of vast numbers of web users"
no it doesn't, the cookies reside on MY computer, and I purge my cookies every time I close the browser.
and what's wrong with cookies? nothing! sure, doubleclick can link the IDs together to form a *partial* internet history, but they can do that with my IP address/userAgent combo. I'm sure my adblocker*/useragent/ip forms a fairly unique signature. What does this give google that they didn't have before? As far as I can see, it just buys them a whopping chunk of target audience, but the data? they could have got that themselves, and cheaper.
* by which I mean, have the parent page try to load a bunch of commonly-but-not-by-default blocked images/url/paths. If there are 300 people sharing my IP, it's not likely that they all block the same paths nor that they all use the same version of the same browser. Thus we can generate a fairly unique signature for users behind shared IPs, without having to use cookies. I'm sure there's other info like screen resolution/colour depthat could be added to give greater accuracy. anyway, my point is/was that the cookies are basically useless, it's the target market that google wanted.
that the internet is SERIOUS BUSINESS.
re: third-world kids.
they could pay them, but only if they also paid for broadband and hardware first. third-world kids need water, not RSI. My point is that it's much more likely that your neighbor will sit there solving captchas for cash than some starving kid with cholera.
get some perspective, please.
"what object is in the picture?"
...and so on. it's more complicated than you think. (but not impossible, I conceed)
dog
doggy
poodle
puppy
pet
animal
collar
chien
hund
lead
"so they can actually execute their intended purpose."
what, like, killing their hosts on April the first, or something?
If I'm missing something, then I'm sure a lot of other people are too, so please explain:
exactly what is stopping malware2.0 from killing my processor?
of course, if we're talking only about what's practical rather than what's possible, then sure, your crapcha will work nicely to stop spam. for now. As I said above, even a simple "are you going to spam this forum" yes/no works for the moment. It won't work forever.
For the foreseeable future, only real image based captchas will work*, and even they are susceptible to human labour circumvention.
I don't really care about what works now, I want something that will work forever.
*any kind; kittenauth is a great idea, but normal warped text is still good (but I am biased in that regard, having written a popular PHP captcha...)
"I asked you to write an algorithm, given a site with that as the first string captcha. You don't yet know how it generates them"
c omputer-answerable questions, in which case, go pick up that honorary degree from MIT instead of wasting your time with spambots.
no you didn't, and if you had, it would have represented an unrealistic scenario. I can refresh your site a million times and then work out the way you perform the transformation. what's your point? mine is that by reducing a hard AI problem* to a text-processing problem, you've made spamming a fuckload easier.
"did you remember to include "as differentiated from" as a negation?"
if it appeared on your site while I was testing, then yes, I did.
unless you've come up with a program that can ask infinitely-random-yet-humanly-answerable-but-not-
"In fact, your algorithm as written doesn't work -- there are two numbers referenced"
no, there weren't.
* ok, it's becoming an easier AI problem, but still not as easy as NLP. remember that I (the spammer) don't have to get it right 100% of the time. 70% would do nicely for this task.
if it's generated by an algorithm, it can be deconstructed using an algorithm.
find a representation of a number, find the last word relating to precedence that is not prefaced by a "not" word, do the math, enter the answer.
next super-hard conundrum?
notice, if I'd said
"find a representation of a number, find the last word relating to precedence, do the math, enter the answer."
you could reply "ahh, but what if I write this:"
"tell me basically, that number three, which ever number comes after it, wait, not before it, what is that"
the 'not' rule is easily accounted for.
you can make it as complicated as you like, but if the complications are only sometimes applied, I'll just keep re-requesting the text until I get a nice simple one
If they're always applied then you're going to end up with questions like this:
"three seven nine. take the second number of the previous sentence. add the first. times by two. ignore all of that and add the last to the first and minus the second, then move the number two up, what's that?"
and then the problem is that anyone who's either not english/american, or is stupid or lazy can't post.
and I could easily write a script to deal with that sort of sentence, too..
that solution is simply circumvented; crop the resultant images to a 5x5 pixel rectangle in the center, and use the md5 hash of that. i'm sure you'd end up with a workable lookup table after a while.
"but my transform function is changing the RGB values of each pixel"
yes, but with a 5x5 chunk you can account for +1/-1/0 deviations easily, and even higher transformations won't be too hard. I'm sure each image would represent a unique range of possible deviations. Even if you end up needing a 300Gb database, that's not too hard to auto-generate, you know..
imo, the only solution is centrally managed, and trusted database of known spammer IPs. yes, I know there are massive problems with that (new IPs entering spamhood, old ones being dropped and becoming legit). Those problems can be overcome, trust me.
because the answer is up for debate. I'm currently writing a 5000 word paper on it. both answers "yes" and "no" are right, depending on your reasoning, and whether you believe non-Euclidean geometries are anything more than an intellectual curiosity. :-)
that is true. even if just have three submit buttons, and only one submits to the right place*, you'll still cut your spam by 66%.
But that is only true today.
If everyone did that, spammers would soon figure out the system and bypass it.
Captcha authors** are trying to avoid an arms race. sure, you can upgrade your simple crapcha every 6 months to keep up to date with spammers, or you can put a good one in place once. Much better the latter, methinks.
It's not about what spammers are doing now, it's about what they could do tomorrow.
* of the other two, one tells the truth all the time, one lies all the time, and the other stabs people who ask tricky questions
** (like myself)
spot on, I think.
Please, please, please, everybody, stop claiming that "what is 2+2?" is a hard AI question. I could code something in a hour to defeat most of this sort of question, and give me a week and a budget and I'll write something to get past 95% of these type of questions.
If the text is parsable, it takes nothing to google it.
I mean, those two examples you give; just slap it into google and screenscrape it. So you're going to need harder questions than that.
So the next generation of crapchas will ask "what color is the sky".
Go and take a glance at ultraHal or another relatively advance NLP AI; a large knowledgebase is not hard to construct. When it doesn't know, it guesses. If it gets it right, then the knowledgebase increases by one fact.
So then, what, you have to ask "Given that all bleeps and blue, and blank is a bleep, is blank blue?"
Not only is that also easily computationally solved, but also a lot of people aren't going to be able to answer (smartass questions about stopping spam and idiots aside)
So *then* I suppose you have to ask "In the first mathematical antimony, does Kant conclusively prove both that there can have been no beginning to time and that there must have been a beginning to time?"
and give the user a 255 character textarea to put their answer in.
So... please, text question based captchas are DOOMED TO FAIL. stop thinking that they could work. They can't.
The goal of the project is to stop the damn email image spammers.
among other things, sure, but it's got to be a high priority for google.
re: adblock - agreed. I don't block google ads, because they're not intrusive, and I know how clicking the ads is a great way to say thanks to the webmaster.
re: "very least popup a message" - that's a joke right? popup a message. on a non-js browser. how?
(yes, that last one is pedantic, it's geek humour. get it or leave)
you do realise i was joking, right?
and that the joke was based on the fact that no matter how calmly and cleverly and patiently you explain it, people just aren't getting it. hence the exasperated tone conveyed in my OP.
you did realise that, didn't you?
How about we force everyone to have a .unsafe TLD, so it would be microsoft.com.unsafe, google.com.unsafe
It would reinforce the idea that !!!NOTHING IS SAFE ONLINE!!!
I mean, how loud do we have to shout it before people finally get it?!
Let's try it a few more times:
HEY USERS!
NOTHING IS SAFE!
PEOPLE ARE EVIl!
THE INTERNET IS A BAD PLACE!
NOTHING IS SAFE ONLINE!
NOTHING!!!!! NOT EVEN PAYPAL!!!!
NOTHING IS SAFE ONLINE!
LISTEN!
NOTHING IS SAFE ONLINE!
c'mon guys, chant with me, perhaps they'll realise if we all chant together
NOTHING IS SAFE ONLINE!
NOTHING IS SAFE ONLINE!
NOTHING IS SAFE ONLINE!
damn, it's not working.
I guess people will always be stupid, no matter how many clever people try to stop them.
Are we really going to have to go through every argument why .xxx was a bad idea, replacing "porn" with "safe" and "perverts" with "hackers"
quick, someone who knows regex copy the most highly modded comments from here, here, here, here and here, and save us!
GNAA is trolling, this is not.
learn the difference next time you get mod points.
this post brought to you by the "damn, I wish I had mod points" association (DIWIHMPA)
sorry, cultural wall here. I'm from the UK, I don't get what you're saying.
"Presidential speeches broadcast live, on all networks, every time."
you mean they are, and it's bad, or do you mean they're not, and they should?