Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #76102 > unrolled thread

Captcha identify

Back to article view | Back to comp.lang.python

Contents

  Captcha identify Wesley <nispray@gmail.com> - 2014-08-12 00:04 -0700
    Re: Captcha identify Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2014-08-12 08:59 -0400
      Re: Captcha identify Wesley <nispray@gmail.com> - 2014-08-12 07:57 -0700
        Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-13 01:06 +1000
          Re: Captcha identify Denis McMahon <denismfmcmahon@gmail.com> - 2014-08-12 15:38 +0000
            Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-13 01:54 +1000
              Re: Captcha identify Wesley <nispray@gmail.com> - 2014-08-12 18:36 -0700
                Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-13 11:46 +1000
                Re: Captcha identify Ben Finney <ben+python@benfinney.id.au> - 2014-08-13 11:54 +1000
                Re: Captcha identify Rob Gaddi <rgaddi@technologyhighland.invalid> - 2014-08-13 09:28 -0700
                  Re: Captcha identify Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-08-14 03:52 +1000
                    Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-14 04:21 +1000
                Re: Captcha identify "Eric S. Johansson" <esj@harvee.org> - 2014-08-13 07:39 -0400
                  Re: Captcha identify alister <alister.nospam.ware@ntlworld.com> - 2014-08-14 11:42 +0000
                  Re: Captcha identify Denis McMahon <denismfmcmahon@gmail.com> - 2014-08-14 23:19 +0000
                    Re: Captcha identify "Eric S. Johansson" <esj@harvee.org> - 2014-08-15 13:18 -0400
                    Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-16 03:30 +1000
                Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-14 05:27 +1000
                Re: Captcha identify Chris Kaynor <ckaynor@zindagigames.com> - 2014-08-13 12:24 -0700
                Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-14 05:43 +1000
                Re: Captcha identify Joel Goldstick <joel.goldstick@gmail.com> - 2014-08-13 15:44 -0400
                Re: Captcha identify Skip Montanaro <skip@pobox.com> - 2014-08-13 14:55 -0500
                Re: Captcha identify Tim Chase <python.list@tim.thechases.com> - 2014-08-13 15:01 -0500
                Re: Captcha identify Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-13 14:16 -0600
                  Re: Captcha identify Peter Pearson <ppearson@nowhere.invalid> - 2014-08-14 18:37 +0000
                    Re: Captcha identify Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-14 13:42 -0600
                    Re: Captcha identify "Eric S. Johansson" <esj@harvee.org> - 2014-08-14 15:43 -0400
                      Re: Captcha identify alex23 <wuwei23@gmail.com> - 2014-08-15 17:03 +1000
                        Re: Captcha identify Mark Lawrence <breamoreboy@yahoo.co.uk> - 2014-08-15 09:14 +0100
                    Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-15 08:22 +1000
                Re: Captcha identify "Eric S. Johansson" <esj@harvee.org> - 2014-08-13 16:42 -0400
                Re: Captcha identify Ian Kelly <ian.g.kelly@gmail.com> - 2014-08-13 14:18 -0600
                Re: Captcha identify Chris Angelico <rosuav@gmail.com> - 2014-08-14 09:13 +1000
                Re: Captcha identify Denis McMahon <denismfmcmahon@gmail.com> - 2014-08-14 23:15 +0000
                  Re: Captcha identify Ben Finney <ben+python@benfinney.id.au> - 2014-08-15 13:23 +1000
                Re: Captcha identify Michael Torrie <torriem@gmail.com> - 2014-08-15 09:20 -0600
    Re: Captcha identify Denis McMahon <denismfmcmahon@gmail.com> - 2014-08-12 13:51 +0000

Page 2 of 2 — ← Prev page 1 [2]

#76232

On Wed, Aug 13, 2014 at 3:24 PM, Chris Kaynor <ckaynor@zindagigames.com> wrote:
> On Wed, Aug 13, 2014 at 4:39 AM, Eric S. Johansson <esj@harvee.org> wrote:
>>
>> eliminate captchas, 35+million disabled people would thank you as would
>> many more millions of the not-yet-disabled like your future self.
>
>
> And so would the spammers, which is who captchas are trying to block.
>
> For ease-of-use, most sites only require captchas to be entered once upon
> creating the account. Some might also require additional captcha entries
> when the account is suspected of spamming. This is ultimately a trade-off of
> blocking spammers and allowing accessibility.
>
> Many of the better captchas also include options for an audio cue in
> addition to the default visual one.
>
> Chris
>
> --
> https://mail.python.org/mailman/listinfo/python-list
>
I wrote a sample form page with a simple math problem to solve -- 2 or
3 random small integers to add and put the result in a form field

def produce_expression():
    """
    return a tuple: expression (str), answer (int)
    """
    num_terms = random.randint(2,3)
    operands = []
    while num_terms:
        n = random.randint(1,21)
        operands.append(n)
        num_terms -= 1

    result = sum(operands)
    string_operands = map(str, operands)
    expression = " + ".join(string_operands)
    return expression, result

Its not as annoying as captcha and I think it would work with audio
browsers.  Never tested
-- 
Joel Goldstick
http://joelgoldstick.com

[toc] | [prev] | [next] | [standalone]

#76233

On Wed, Aug 13, 2014 at 2:44 PM, Joel Goldstick
<joel.goldstick@gmail.com> wrote:
> I wrote a sample form page with a simple math problem to solve -- 2 or
> 3 random small integers to add ...

I've also seen challenge systems where they present you with a small
set of images and ask you to select one with a particular property
(looks like a tennis racquet, shaped like a square, etc). While simple
to solve for most humans -- assuming they can read the language --
they would be difficult to solve by automated means.  You can also
magnify them for visually impaired or speak what they are on
rollover/hover, and don't require any typing. They can make cultural
assumptions (not everyone will know what a tennis racquet looks like,
for instance), so the images might have to be selected carefully.

Skip

[toc] | [prev] | [next] | [standalone]

#76234

On 2014-08-13 12:24, Chris Kaynor wrote:
> Many of the better captchas also include options for an audio cue in
> addition to the default visual one.

Have you actually tried to use the audio cue?  They're atrocious.  I
got more intelligible words out of my old 8-bit SoundBlaster or a
de-tuned radio station.  I'm all for just ditching them (and avoiding
sites that employ them).

-tkc

[toc] | [prev] | [next] | [standalone]

#76235

On Wed, Aug 13, 2014 at 1:43 PM, Chris Angelico <rosuav@gmail.com> wrote:
> There are alternatives that are both easier for legit people and
> harder for spambots. Some rely on the fact that humans read things two
> dimensionally, and scripts look at the underlying structure; so, for
> instance, random field names and cunning CSS to match them up with
> their labels can result in a form that's completely messed up in the
> source, but looks perfect to a user. Or you can put extra fields down
> that you can't see if the form's laid out properly.

Chances are that if these tricks mess up a spambot, they will also
mess up a screen reader.

> Or you can combine
> those sorts of tricks with a very simple challenge-response, like
> "What is one plus one?" that requires some specific value to be in a
> specific field - and if that value occurs in the wrong field, you
> throw the form back to the user.

If I ask my phone "What is one plus one", a very nice sounding voice
will tell me that one plus one is two. It takes some cleverness to
come up with a question that is likely to stump a machine but not
deter a human, so the pool of such questions will necessarily be
limited. Meanwhile, all the spambot has to do is flag the question for
a human to answer and store the answer somewhere, and the question is
now useless.

> For some reason, everyone's jumped on the "show some mangled
> text/numbers and ask the user to enter them" bandwagon, in the same
> way that everyone has gone for passwords that require
> lower/upper/digit/symbol and (in the most annoying cases) are actually
> length-limited to something stupid like 12 characters. Yes, maximum,
> not minimum. Grumble.

I've seen some captcha systems that I couldn't solve after a dozen
attempts, and I have no serious vision problems. It's a problem with
no easy solution, and as computers get more powerful the intersection
of {problems machines can't solve} and {problems humans can reliably
solve} grows ever smaller.

[toc] | [prev] | [next] | [standalone]

#76327

On Wed, 13 Aug 2014 14:16:02 -0600, Ian Kelly <ian.g.kelly@gmail.com> wrote:
>
> . . . and as computers get more powerful the intersection
> of {problems machines can't solve} and {problems humans can reliably
> solve} grows ever smaller.

"Which of the following eight sentences are sarcastic in tone?"

-- 
To email me, substitute nowhere->spamcop, invalid->net.

[toc] | [prev] | [next] | [standalone]

#76328

On Thu, Aug 14, 2014 at 12:37 PM, Peter Pearson
<ppearson@nowhere.invalid> wrote:
> On Wed, 13 Aug 2014 14:16:02 -0600, Ian Kelly <ian.g.kelly@gmail.com> wrote:
>>
>> . . . and as computers get more powerful the intersection
>> of {problems machines can't solve} and {problems humans can reliably
>> solve} grows ever smaller.
>
> "Which of the following eight sentences are sarcastic in tone?"

People are actually pretty bad at identifying sarcasm, or at least
agreeing on what it is [1] and there's a segment of the population who
simply don't understand it at all, so you'd be trading one kind of
inaccessibility for another.

And you might be surprised at how good machines can be at identifying
sarcasm [2].

Besides, this suffers from the problem of a limited pool of questions,
in that the spambot could simply build up a database of which
sentences that are used by the system are sarcastic and which are not,
as determined by their human controllers.

[1] http://psychcentral.com/blog/archives/2009/08/18/would-you-even-recognize-sarcasm/
[2] http://www.bbc.com/news/technology-23160583

[toc] | [prev] | [next] | [standalone]

#76330

On 8/14/2014 2:37 PM, Peter Pearson wrote:
> On Wed, 13 Aug 2014 14:16:02 -0600, Ian Kelly <ian.g.kelly@gmail.com> wrote:
>> . . . and as computers get more powerful the intersection
>> of {problems machines can't solve} and {problems humans can reliably
>> solve} grows ever smaller.
> "Which of the following eight sentences are sarcastic in tone?"

and responses on this list alone show problems with detecting sarcasm 
(or snark).

[toc] | [prev] | [next] | [standalone]

#76354

On 15/08/2014 5:43 AM, Eric S. Johansson wrote:
> On 8/14/2014 2:37 PM, Peter Pearson wrote:
>> "Which of the following eight sentences are sarcastic in tone?"
>
> and responses on this list alone show problems with detecting sarcasm
> (or snark).

It can be especially difficult for people on the autism spectrum.

Something to consider when advocating changes to a system that 
disadvantages you is to not pass the problem on to others.

[toc] | [prev] | [next] | [standalone]

#76358

On 15/08/2014 08:03, alex23 wrote:
> On 15/08/2014 5:43 AM, Eric S. Johansson wrote:
>> On 8/14/2014 2:37 PM, Peter Pearson wrote:
>>> "Which of the following eight sentences are sarcastic in tone?"
>>
>> and responses on this list alone show problems with detecting sarcasm
>> (or snark).
>
> It can be especially difficult for people on the autism spectrum.
>
> Something to consider when advocating changes to a system that
> disadvantages you is to not pass the problem on to others.
>

Something I fully understand.

-- 
My fellow Pythonistas, ask not what our language can do for you, ask
what you can do for our language.

Mark Lawrence

[toc] | [prev] | [next] | [standalone]

#76331

On Fri, Aug 15, 2014 at 4:37 AM, Peter Pearson <ppearson@nowhere.invalid> wrote:
> "Which of the following eight sentences are sarcastic in tone?"

"You have a sarcasm sign?"

http://www.thinkgeek.com/product/e58f/

ChrisA

[toc] | [prev] | [next] | [standalone]

#76236

On 8/13/2014 3:27 PM, Chris Angelico wrote:
> I agree with you, and I don't use CAPTCHAs on any of my services,
> anywhere, and never have. (Partly because they *are* broken by people
> writing scripts, and/or by just grinding them with human solvers; but
> also because of the problems they cause for legit users, even those
> with perfect eyesight.) However, the accessibility argument is one for
> the removal of the captcha, *not* for its automated solving. I will
> not support a scripted captcha solver for any reason. If you move away
> from a site because you can't use it, so be it. If you get a chance,
> tell the owner that there are alternatives to barely-readable images;
> tricks involving page layouts are almost always safe, and there's
> infinite room to play around in them.

your suggestion reminds me of the time I asked front range for help with 
accessibility because I had to use Goldmine on the job. Immediately 
after I asked for accessibility information, they told me they don't 
have any accessibility information because they don't have any disabled 
users.

Yes, they really did

your suggestion will probably generate a similar response.


>
> There is no valid reason for automating something that's specifically
> to prevent automation. The admin needs to provide an alternative,
> instead.

There is only one valid reason based in the fact that we don't own or 
control many of the sites we depend on. Therefore, if I need to use a 
site be it government or commercial and it has a Captcha, I need to pay 
some form of cripple tax by either incurring pain or find/pay somebody 
to type for me. In this situation I thing it is perfectly acceptable to 
automate bypassing Captcha's.

[toc] | [prev] | [next] | [standalone]

#76238

On Wed, Aug 13, 2014 at 2:01 PM, Tim Chase
<python.list@tim.thechases.com> wrote:
> On 2014-08-13 12:24, Chris Kaynor wrote:
>> Many of the better captchas also include options for an audio cue in
>> addition to the default visual one.
>
> Have you actually tried to use the audio cue?  They're atrocious.  I
> got more intelligible words out of my old 8-bit SoundBlaster or a
> de-tuned radio station.  I'm all for just ditching them (and avoiding
> sites that employ them).

Just like the images, if they were easy to understand then they would
be easily defeated by a spambot with a speech recognition module.  I
think the effort to make captcha systems more accessible is laudable,
if perhaps misguided.

[toc] | [prev] | [next] | [standalone]

#76239

On Thu, Aug 14, 2014 at 6:16 AM, Ian Kelly <ian.g.kelly@gmail.com> wrote:
> On Wed, Aug 13, 2014 at 1:43 PM, Chris Angelico <rosuav@gmail.com> wrote:
>> There are alternatives that are both easier for legit people and
>> harder for spambots. Some rely on the fact that humans read things two
>> dimensionally, and scripts look at the underlying structure; so, for
>> instance, random field names and cunning CSS to match them up with
>> their labels can result in a form that's completely messed up in the
>> source, but looks perfect to a user. Or you can put extra fields down
>> that you can't see if the form's laid out properly.
>
> Chances are that if these tricks mess up a spambot, they will also
> mess up a screen reader.

They may, yes. I haven't seen a report on that. However, they're
hardly going to be worse at messing up screen readers than classic
captchas.

>> Or you can combine
>> those sorts of tricks with a very simple challenge-response, like
>> "What is one plus one?" that requires some specific value to be in a
>> specific field - and if that value occurs in the wrong field, you
>> throw the form back to the user.
>
> If I ask my phone "What is one plus one", a very nice sounding voice
> will tell me that one plus one is two. It takes some cleverness to
> come up with a question that is likely to stump a machine but not
> deter a human...

The point isn't the question itself, the point is that you have to put
the answer in exactly this field. The field is visually near the
challenge, but only because of CSS, and its name is randomized in some
way as to be unpredictable. If, as some spambots do, you blat the
response into lots of fields in the expectation of catching the right
one, then the form gets rejected (I don't know of anyone whose name or
email address is "two", all lowercase, and if you have even a small
pool of questions, you'll get past those weird cases by having the
next question be "What colour is the sky?").

> I've seen some captcha systems that I couldn't solve after a dozen
> attempts, and I have no serious vision problems. It's a problem with
> no easy solution, and as computers get more powerful the intersection
> of {problems machines can't solve} and {problems humans can reliably
> solve} grows ever smaller.

The issue isn't finding an intersection there. The issue is finding a
form of test that a computer can administer. There's a really great
test for humanness: be creative. You know that I'm a human, because
I've made posts here on python-list that are just way too complex for
a computer to synthesize. This sums up my feelings on the matter:

http://xkcd.com/810/
(Warning, language.)

ChrisA

[toc] | [prev] | [next] | [standalone]

#76333

On Tue, 12 Aug 2014 18:36:21 -0700, Wesley wrote:

> I just wanna a general suggestion here in the beginning.

OK, the general suggestion is that you take your spambot software, print 
it out on spiky metal sheets and ram it up your rectum.

> Why I need to write such program is just having such requirements.

Yes, we understand that your spambot requires to decode captcha. We were 
just telling you in fairly polite terms that you should fuck off because 
we have no wish to help you. We tried polite, it didn't work, now I'm 
trying robustness and profanity.

-- 
Denis McMahon, denismfmcmahon@gmail.com

[toc] | [prev] | [next] | [standalone]

#76344

Denis McMahon <denismfmcmahon@gmail.com> writes:

> On Tue, 12 Aug 2014 18:36:21 -0700, Wesley wrote:
>
> > […]

> We tried polite, it didn't work, now I'm trying robustness and
> profanity.

The thread has been inactive for days, so it seems politeness *did* in
fact work.

Escalating to violent indimidating language (regardless of profanity) is
unhelpful, please don't ever resort to that here.

-- 
 \     “I am the product of millions of generations of individuals who |
  `\      each fought against a hostile universe and won, and I aim to |
_o__)              maintain the tradition.” —Paul Z. Myers, 2009-09-12 |
Ben Finney

[toc] | [prev] | [next] | [standalone]

#76373

On 08/13/2014 02:18 PM, Ian Kelly wrote:
> On Wed, Aug 13, 2014 at 2:01 PM, Tim Chase
> <python.list@tim.thechases.com> wrote:
>> On 2014-08-13 12:24, Chris Kaynor wrote:
>>> Many of the better captchas also include options for an audio cue in
>>> addition to the default visual one.
>>
>> Have you actually tried to use the audio cue?  They're atrocious.  I
>> got more intelligible words out of my old 8-bit SoundBlaster or a
>> de-tuned radio station.  I'm all for just ditching them (and avoiding
>> sites that employ them).
> 
> Just like the images, if they were easy to understand then they would
> be easily defeated by a spambot with a speech recognition module.  
> I think the effort to make captcha systems more accessible is laudable,
> if perhaps misguided.

Well we seem to be at an impasse then.  But the worst of it is that
captchas aren't effective anymore.  There are thousands of folks (at
least) willing to solve captchas to create various accounts for
nefarious purposes for money.  This happens to gmail all the time, for
example.  Maybe the internet landscape is one giant example of the
tragedy of the commons, with or without captchas.

[toc] | [prev] | [next] | [standalone]

#76113

On Tue, 12 Aug 2014 00:04:33 -0700, Wesley wrote:

> These days I got a small task to identify Captcha characters.

Several of us code websites. Some of our websites may even use captcha. 
We use captcha to stop software posting spam to websites.

What makes you think we have any inclination to help you defeat captchas?

-- 
Denis McMahon, denismfmcmahon@gmail.com

[toc] | [prev] | [standalone]

Page 2 of 2 — ← Prev page 1 [2]

Back to top | Article view | comp.lang.python

csiph-web