Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed3a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.003
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'scripts': 0.03; 'source,': 0.04; 'reason,': 0.07; 'alternatives': 0.09; 'properly.': 0.09; 'cc:addr:python-list': 0.11; 'random': 0.14; '4:39': 0.16; 'block.': 0.16; 'cases)': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'jumped': 0.16; 'mangled': 0.16; 'sorts': 0.16; 'throw': 0.16; 'underlying': 0.16; 'wrote:': 0.18; 'wed,': 0.18; 'trying': 0.19; 'thu,': 0.19; 'user.': 0.19; '(in': 0.22; 'aug': 0.22; 'cc:addr:python.org': 0.22; 'instance,': 0.24; 'looks': 0.24; 'cc:2**0': 0.24; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'am,': 0.29; 'css': 0.30; 'field,': 0.30; 'message- id:@mail.gmail.com': 0.30; 'easier': 0.31; '13,': 0.31; 'disabled': 0.31; 'occurs': 0.31; 'everyone': 0.33; "can't": 0.35; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; '14,': 0.36; 'passwords': 0.36; 'wrong': 0.37; 'so,': 0.37; 'two': 0.37; 'thank': 0.38; 'fact': 0.38; 'read': 0.60; 'future': 0.60; 'most': 0.60; 'gone': 0.61; 'simple': 0.61; 'back': 0.62; 'field': 0.63; 'skip:n 10': 0.64; 'more': 0.64; 'laid': 0.84; 'messed': 0.84; 'to:none': 0.92
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=mk/I9Gw2hSuS01OifbWmye1XTBd7TdGQ0DX/Dso1wUA=; b=rFKjk9MOXZd+f3iKvAiFTbXlDeH7ZpGy0LRR0aJ85h7ev/Jn/1pcksYLaciRbxadUv sXDV2BE70HY2YsCKA/pz8euMBuWWqA814Xk98iW0D77MPHil3jfgLF8h9rL+HZYxR6A9 zRGPhHURi1nmRIibOL3WlNOGoNKed7trtrbnlG3oQFcoD4wD5WwPqokO4fUob4x/P6Kp Hek+Nw9LVheMCFNaDStkk1aaMTHTTo2qpJ2+pxbP5QbX4VOikubawrHCOr2pp1ROTc72 dprxan1DRFvSZrItdl1ykyeMGzZLAW9KAfaBz+sxEJsobTtjUErRb/dzsQLj9DJhB0wE DfDQ==
MIME-Version: 1.0
X-Received: by 10.43.96.65 with SMTP id cf1mr9135459icc.26.1407959033095; Wed, 13 Aug 2014 12:43:53 -0700 (PDT)
In-Reply-To: <CALvWhxtBnx2TX2VKpaoHvrr5QXpG3YMzrud3TzapCD8U7k=Fyg@mail.gmail.com>
References: <8c2e4bc2-4f46-4a68-83ed-469fe171de3a@googlegroups.com> <mailman.12884.1407848347.18130.python-list@python.org> <2320baf0-e097-4d67-97c1-dd37ca79fffb@googlegroups.com> <mailman.12887.1407856051.18130.python-list@python.org> <lsdce7$94t$1@dont-email.me> <mailman.12889.1407858847.18130.python-list@python.org> <376a239c-77e8-4e0e-9300-847dfa8a8547@googlegroups.com> <CAPTjJmo=Sr3Y4KaDfa4n6=bfxZFNWUohN93OtnHcvaYFT08mDA@mail.gmail.com> <53EB4E68.8050405@harvee.org> <CALvWhxtBnx2TX2VKpaoHvrr5QXpG3YMzrud3TzapCD8U7k=Fyg@mail.gmail.com>
Date: Thu, 14 Aug 2014 05:43:53 +1000
Subject: Re: Captcha identify
From: Chris Angelico <rosuav@gmail.com>
Cc: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.12942.1407959035.18130.python-list@python.org>
Lines: 29
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1407959035 news.xs4all.nl 2864 [2001:888:2000:d::a6]:35466
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:76231

On Thu, Aug 14, 2014 at 5:24 AM, Chris Kaynor <ckaynor@zindagigames.com> wrote:
> On Wed, Aug 13, 2014 at 4:39 AM, Eric S. Johansson <esj@harvee.org> wrote:
>>
>> eliminate captchas, 35+million disabled people would thank you as would
>> many more millions of the not-yet-disabled like your future self.
>
>
> And so would the spammers, which is who captchas are trying to block.

There are alternatives that are both easier for legit people and
harder for spambots. Some rely on the fact that humans read things two
dimensionally, and scripts look at the underlying structure; so, for
instance, random field names and cunning CSS to match them up with
their labels can result in a form that's completely messed up in the
source, but looks perfect to a user. Or you can put extra fields down
that you can't see if the form's laid out properly. Or you can combine
those sorts of tricks with a very simple challenge-response, like
"What is one plus one?" that requires some specific value to be in a
specific field - and if that value occurs in the wrong field, you
throw the form back to the user.

For some reason, everyone's jumped on the "show some mangled
text/numbers and ask the user to enter them" bandwagon, in the same
way that everyone has gone for passwords that require
lower/upper/digit/symbol and (in the most annoying cases) are actually
length-limited to something stupid like 12 characters. Yes, maximum,
not minimum. Grumble.

ChrisA