The problem with that system was that every single registration had to be manually approved or disapproved. And there were assloads of them, almost all spammers.Knife wrote:Meh. I can sympathize with Wong wanting to ax the bots. However, all the suggestions above seem to suck for one reason or another. While I understand quadratic formula, most normal ie: non math oriented people won't. Make too much of a word problem and it becomes a puzzle where some people suck.
Is a paid registration for a 'free' email server just not doing it?
[Discussion] Skill-Testing Registration Question
Moderator: CmdrWilkens
- RedImperator
- Roosevelt Republican
- Posts: 16465
- Joined: 2002-07-11 07:59pm
- Location: Delaware
- Contact:
Re: [Discussion] Skill-Testing Registration Question
Any city gets what it admires, will pay for, and, ultimately, deserves…We want and deserve tin-can architecture in a tinhorn culture. And we will probably be judged not by the monuments we build but by those we have destroyed.--Ada Louise Huxtable, "Farewell to Penn Station", New York Times editorial, 30 October 1963
X-Ray Blues
X-Ray Blues
Re: [Discussion] Skill-Testing Registration Question
RedImperator wrote:The problem with that system was that every single registration had to be manually approved or disapproved. And there were assloads of them, almost all spammers.
Fair enough. I see the dilemma.
They say, "the tree of liberty must be watered with the blood of tyrants and patriots." I suppose it never occurred to them that they are the tyrants, not the patriots. Those weapons are not being used to fight some kind of tyranny; they are bringing them to an event where people are getting together to talk. -Mike Wong
But as far as board culture in general, I do think that young male overaggression is a contributing factor to the general atmosphere of hostility. It's not SOS and the Mess throwing hand grenades all over the forum- Red
But as far as board culture in general, I do think that young male overaggression is a contributing factor to the general atmosphere of hostility. It's not SOS and the Mess throwing hand grenades all over the forum- Red
Re: [Discussion] Skill-Testing Registration Question
You could do that, but the answer won't be numeric. If you wanted to go that route, you might try (e^x)'(0) = ?Ender wrote:(e^x)'=?
Personally, I like the redneck problem. We could even have a regular rotation of problems, too; maybe make them autoswitch, like the sig banners? That's probably a bit much work, though.
A Government founded upon justice, and recognizing the equal rights of all men; claiming higher authority for existence, or sanction for its laws, that nature, reason, and the regularly ascertained will of the people; steadily refusing to put its sword and purse in the service of any religious creed or family is a standing offense to most of the Governments of the world, and to some narrow and bigoted people among ourselves.
F. Douglass
- Darth Wong
- Sith Lord
- Posts: 70028
- Joined: 2002-07-03 12:25am
- Location: Toronto, Canada
- Contact:
Re: [Discussion] Skill-Testing Registration Question
The purpose of the paid registration for webmail addresses was never the token amount of money: it was about keeping spammers from wasting our time. But as it turns out, they wasted shitloads of our time even when they couldn't sign up, because we still had to process their registration attempts. That's one of the reasons that my periodic purges of inactive users typically killed off more than a thousand users. Some of them might have been people who intended to sign up but didn't read the rules or bother to follow through, but the vast majority were spammers.Knife wrote:Meh. I can sympathize with Wong wanting to ax the bots. However, all the suggestions above seem to suck for one reason or another. While I understand quadratic formula, most normal ie: non math oriented people won't. Make too much of a word problem and it becomes a puzzle where some people suck.
Is a paid registration for a 'free' email server just not doing it?
The idea of the skill-testing question is not to disqualify 99% of the population (which some of my earlier proposals admittedly did, due to my gross overestimation of what "high-school graduate" means), but to keep out automated systems, kids under 13, retards, or the kind of person who can do the question but is too lazy to bother.
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
Re: [Discussion] Skill-Testing Registration Question
The appeal was more the "hiding the answer in plain sight" bitSurlethe wrote:You could do that, but the answer won't be numeric. If you wanted to go that route, you might try (e^x)'(0) = ?Ender wrote:(e^x)'=?
Personally, I like the redneck problem. We could even have a regular rotation of problems, too; maybe make them autoswitch, like the sig banners? That's probably a bit much work, though.
بيرني كان سيفوز
*
Nuclear Navy Warwolf
*
in omnibus requiem quaesivi, et nusquam inveni nisi in angulo cum libro
*
ipsa scientia potestas est
*
Nuclear Navy Warwolf
*
in omnibus requiem quaesivi, et nusquam inveni nisi in angulo cum libro
*
ipsa scientia potestas est
- Darth Wong
- Sith Lord
- Posts: 70028
- Joined: 2002-07-03 12:25am
- Location: Toronto, Canada
- Contact:
Re: [Discussion] Skill-Testing Registration Question
Questions which "hide the answer in plain sight" are typically what people refer to as "trick questions", and that's not really what I was looking for. The question should be quite straight-forward for those who have achieved a basic high-school understanding of math. The last question on the OP was really just me being facetious; I just figured I should book-end the choices with one that's really really easy and one that's quite difficult for the layperson.
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
- The Duchess of Zeon
- Gözde
- Posts: 14566
- Joined: 2002-09-18 01:06am
- Location: Exiled in the Pale of Settlement.
Re: [Discussion] Skill-Testing Registration Question
I still favour just having the redneck problem, and Mike adding others as he sees fit in a similar vein later on. Why so much further discussion, really? It's straightforward, any person who is not a drooling retard can do it, and it's hilarious.
The threshold for inclusion in Wikipedia is verifiability, not truth. -- Wikipedia's No Original Research policy page.
In 1966 the Soviets find something on the dark side of the Moon. In 2104 they come back. -- Red Banner / White Star, a nBSG continuation story. Updated to Chapter 4.0 -- 14 January 2013.
In 1966 the Soviets find something on the dark side of the Moon. In 2104 they come back. -- Red Banner / White Star, a nBSG continuation story. Updated to Chapter 4.0 -- 14 January 2013.
- Hotfoot
- Avatar of Confusion
- Posts: 5835
- Joined: 2002-10-12 04:38pm
- Location: Peace River: Badlands, Terra Nova Winter 1936
- Contact:
Re: [Discussion] Skill-Testing Registration Question
I see the following issues:
Any one question will be quickly broken and circumvented. Even letters and numbers distorted to fool software is broken through brute force easily enough these days by spammers. Word problems are even easier, all things considered.
Meanwhile, any problems or questions are difficult to avoid false negatives on, while offering minimal protection against false positives.
A simple $0.50 entry fee *should* be enough to prevent spammers, it's small enough that most people wouldn't mind paying it, but spammers would certainly think twice, and hey, if they get banned, you've still got some money they've contributed to the site. The fee should of course be waived for referrals from other members, but that's another story.
Any one question will be quickly broken and circumvented. Even letters and numbers distorted to fool software is broken through brute force easily enough these days by spammers. Word problems are even easier, all things considered.
Meanwhile, any problems or questions are difficult to avoid false negatives on, while offering minimal protection against false positives.
A simple $0.50 entry fee *should* be enough to prevent spammers, it's small enough that most people wouldn't mind paying it, but spammers would certainly think twice, and hey, if they get banned, you've still got some money they've contributed to the site. The fee should of course be waived for referrals from other members, but that's another story.
Do not meddle in the affairs of insomniacs, for they are cranky and can do things to you while you sleep.
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
Re: [Discussion] Skill-Testing Registration Question
No and No I say, no entry fee.
Who in there right godamn mind is going to give your credit card to a web board just to register? Are you fucking kidding me? That screams SCAM WEBSITE all over the damn place so much it's not even funny. Sure you can say it's paypal so the board owner never see's your credit card, but give me two days and I could dupe up a series of web pages which would look identical to pay-pals and max out your credit card(or just steal the number and personal information, whichever you prefer).
Hotfoot your idea would end all registrations EXCEPT from stupid people.
Let me say this as I said it again
Your over thinking things You are pretty much begging for Murphy to rear his ugly mug as all over your over-complicated solutions fall apart. Simply open a new topic to get fifty or so questions which can be easily guessed by someone with a high school degree yet are hard to automatically break(Like 1+1) . Simple logic puzzles or odd trivia which a quick google search will find.
When you start getting spam registrations again, switch up the questions. Forcing a human to look will cut out 95% of the bot registrations and in the mean time there are mods for phpb-3 that one can get that add things like the visual check to further reduce the spam.
Face it, we can only stop the automated registration and spam bots, we can not stop humans running those same bots from manually registering, you will never stop those people except via good active work from the admin staff.
Who in there right godamn mind is going to give your credit card to a web board just to register? Are you fucking kidding me? That screams SCAM WEBSITE all over the damn place so much it's not even funny. Sure you can say it's paypal so the board owner never see's your credit card, but give me two days and I could dupe up a series of web pages which would look identical to pay-pals and max out your credit card(or just steal the number and personal information, whichever you prefer).
Hotfoot your idea would end all registrations EXCEPT from stupid people.
Let me say this as I said it again
Your over thinking things You are pretty much begging for Murphy to rear his ugly mug as all over your over-complicated solutions fall apart. Simply open a new topic to get fifty or so questions which can be easily guessed by someone with a high school degree yet are hard to automatically break(Like 1+1) . Simple logic puzzles or odd trivia which a quick google search will find.
When you start getting spam registrations again, switch up the questions. Forcing a human to look will cut out 95% of the bot registrations and in the mean time there are mods for phpb-3 that one can get that add things like the visual check to further reduce the spam.
Face it, we can only stop the automated registration and spam bots, we can not stop humans running those same bots from manually registering, you will never stop those people except via good active work from the admin staff.
"A cult is a religion with no political power." -Tom Wolfe
Pardon me for sounding like a dick, but I'm playing the tiniest violin in the world right now-Dalton
- Hotfoot
- Avatar of Confusion
- Posts: 5835
- Joined: 2002-10-12 04:38pm
- Location: Peace River: Badlands, Terra Nova Winter 1936
- Contact:
Re: [Discussion] Skill-Testing Registration Question
I would point out that this would hardly be a new concept, and it has been used in other forums in the past. Anyone with half a brain can tell a fake Paypal site just by looking at the URL, regardless of how it's mocked up.Mr Bean wrote:No and No I say, no entry fee.
Who in there right godamn mind is going to give your credit card to a web board just to register? Are you fucking kidding me? That screams SCAM WEBSITE all over the damn place so much it's not even funny. Sure you can say it's paypal so the board owner never see's your credit card, but give me two days and I could dupe up a series of web pages which would look identical to pay-pals and max out your credit card(or just steal the number and personal information, whichever you prefer).
Hotfoot your idea would end all registrations EXCEPT from stupid people.
Frankly, I don't give a damn. I've described why the proposed plan wouldn't work, and it's simple. The plan I've given would work, and would penalize yahoos who join just to get banned, even if only slightly. Your predictions on what people will or won't do in the face of a small charge to join (which could be waived if an existing forum member vouches for them, as I detailed) are little more than predictions.
Bottom line, any sort of restriction system is going to exclude people we might want on this board, or it's not going to be effective. This is the same issue any security measure takes, you have to be willing to piss off people who are doing the right thing when you try to exclude people doing the wrong thing, especially when dealing with an automated process. Moreover, if it's automated, the solution can often be automated, which makes it less than desirable, and all it takes is one crack and boom, the spam swells again until another few dozen questions can be created.
Do not meddle in the affairs of insomniacs, for they are cranky and can do things to you while you sleep.
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
Re: [Discussion] Skill-Testing Registration Question
Care to describe what forums charge you to join? I'd love to hear what forums charge you money to join. Second anyone with half a brain knows URL's can be faked. All it takes is a few tiny changes. Or with IP placement or direct false reporting you can make the browser display whatever URL you'd like it to display.Hotfoot wrote: I would point out that this would hardly be a new concept, and it has been used in other forums in the past. Anyone with half a brain can tell a fake Paypal site just by looking at the URL, regardless of how it's mocked up.
Frankly, I don't give a damn. I've described why the proposed plan wouldn't work, and it's simple. The plan I've given would work, and would penalize yahoos who join just to get banned, even if only slightly. Your predictions on what people will or won't do in the face of a small charge to join (which could be waived if an existing forum member vouches for them, as I detailed) are little more than predictions.
I mean come on, this is the link when you click on the legitimate paypal link
Code: Select all
https://www.paypal.com/ca/cgi-bin/webscr?cmd=_flow&SESSION=hxT9aYvWo4quGMNpZ6cNHJeNVeAP2aDLWokizgOEakTaVmomy6dkFdVE0Mm&dispatch=5885d80a13c0db1f38432c9462fe7313791b4c12e10393706326f0746444c857
You think you can tell with a glance where I've dumped a redirect in there? Please and that again does not get around false IP reporting where I can tell an IE based browser to display a different URL. Once I get you to click that link I can display anything I want.
Face it, for the common man it's going to sound bad, to the person with some knowledge it going to sound real bad, and only to those have either sufficient knowledge or sufficient gullibility and some money will sign on board. Rare as such people are.
No shit it's going to restrict some people, your plan will weed out all the sane people. Who in their right mind is going to pay any kind of money just so they can comment on the Internet?Hotfoot wrote: Bottom line, any sort of restriction system is going to exclude people we might want on this board, or it's not going to be effective. This is the same issue any security measure takes, you have to be willing to piss off people who are doing the right thing when you try to exclude people doing the wrong thing, especially when dealing with an automated process. Moreover, if it's automated, the solution can often be automated, which makes it less than desirable, and all it takes is one crack and boom, the spam swells again until another few dozen questions can be created.
"A cult is a religion with no political power." -Tom Wolfe
Pardon me for sounding like a dick, but I'm playing the tiniest violin in the world right now-Dalton
- Hotfoot
- Avatar of Confusion
- Posts: 5835
- Joined: 2002-10-12 04:38pm
- Location: Peace River: Badlands, Terra Nova Winter 1936
- Contact:
Re: [Discussion] Skill-Testing Registration Question
SomethingAwful has had a pay-to-post system for a while, last I checked. While it may not the best absolute example, it is a forum that is not in danger of dying out any time soon. If people are so terribly worried about being scammed, they can get information from the forum in question from numerous sources, if they're so intelligent.
My point is that the question-based system is easily broken and unnecessarily restrictive. Think about the kinds of copy protection they put on music, movies, and games these days. It's like THAT. Anybody who we want out will be able to get in anyway if they care to and put the smallest amount of effort in, meanwhile a bunch of legitimate users will get burned. High risk, low reward.
I'm not saying my system is perfect, but it will target the spammers where it hurts, because the only way around it is to spend money, something they'd have to do each time, and they commonly do this a lot. Putting a next to worthless set of questions up is, at best, a minor roadblock for your average spammer.
The BEST solution is simply to go through each registration by hand, as it allows for the most control with the fewest issues, but that means unreasonable man-hours.
My point is that the question-based system is easily broken and unnecessarily restrictive. Think about the kinds of copy protection they put on music, movies, and games these days. It's like THAT. Anybody who we want out will be able to get in anyway if they care to and put the smallest amount of effort in, meanwhile a bunch of legitimate users will get burned. High risk, low reward.
I'm not saying my system is perfect, but it will target the spammers where it hurts, because the only way around it is to spend money, something they'd have to do each time, and they commonly do this a lot. Putting a next to worthless set of questions up is, at best, a minor roadblock for your average spammer.
The BEST solution is simply to go through each registration by hand, as it allows for the most control with the fewest issues, but that means unreasonable man-hours.
Do not meddle in the affairs of insomniacs, for they are cranky and can do things to you while you sleep.
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
- Broomstick
- Emperor's Hand
- Posts: 28830
- Joined: 2004-01-02 07:04pm
- Location: Industrial armpit of the US Midwest
Re: [Discussion] Skill-Testing Registration Question
The Straight Dope is a forum that charged a fee to post long-term for quite awhile. You could get a guest subscription for free, but once it was up you had to pay to keep posting (although you could keep reading for free). They recently discontinued the practice.
Yes, I paid - but then, I'd been a regular poster for several years before that point, and as a Charter Member I paid half price. But it's the only forum I ever paid to post on, and likely the only one I ever will.
Yes, I paid - but then, I'd been a regular poster for several years before that point, and as a Charter Member I paid half price. But it's the only forum I ever paid to post on, and likely the only one I ever will.
A life is like a garden. Perfect moments can be had, but not preserved, except in memory. Leonard Nimoy.
Now I did a job. I got nothing but trouble since I did it, not to mention more than a few unkind words as regard to my character so let me make this abundantly clear. I do the job. And then I get paid.- Malcolm Reynolds, Captain of Serenity, which sums up my feelings regarding the lawsuit discussed here.
If a free society cannot help the many who are poor, it cannot save the few who are rich. - John F. Kennedy
Sam Vimes Theory of Economic Injustice
Now I did a job. I got nothing but trouble since I did it, not to mention more than a few unkind words as regard to my character so let me make this abundantly clear. I do the job. And then I get paid.- Malcolm Reynolds, Captain of Serenity, which sums up my feelings regarding the lawsuit discussed here.
If a free society cannot help the many who are poor, it cannot save the few who are rich. - John F. Kennedy
Sam Vimes Theory of Economic Injustice
- Darth Wong
- Sith Lord
- Posts: 70028
- Joined: 2002-07-03 12:25am
- Location: Toronto, Canada
- Contact:
Re: [Discussion] Skill-Testing Registration Question
That depends on how difficult the question is. Quite frankly, someone who can't figure out how long it takes to cover 36 miles at 75 mph is pretty far down on the intelligence curve. I wouldn't call it "legitimate users getting burned" if people who can't figure out that simple question are rejected.Hotfoot wrote:My point is that the question-based system is easily broken and unnecessarily restrictive. Think about the kinds of copy protection they put on music, movies, and games these days. It's like THAT. Anybody who we want out will be able to get in anyway if they care to and put the smallest amount of effort in, meanwhile a bunch of legitimate users will get burned. High risk, low reward.
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
- Hotfoot
- Avatar of Confusion
- Posts: 5835
- Joined: 2002-10-12 04:38pm
- Location: Peace River: Badlands, Terra Nova Winter 1936
- Contact:
Re: [Discussion] Skill-Testing Registration Question
True, it depends on the difficulty of the question, but I'm saying that at any difficulty, it's not worth the potential reward, because it would be easily side-stepped by current spambots within a short period of time, and even taking into consideration that most people should be able to do that stuff, everyone has an off day, or might make a typo in haste, shit happens. Sure, they can retry, but it's one of those things that just adds an extra layer of difficulty and frustration for a minimal gain in security. You'd almost be better off just generating random numbers in the page and having the user copy them down, it'll give you roughly the same end result if you get clever with how you generate the random numbers.Darth Wong wrote:That depends on how difficult the question is. Quite frankly, someone who can't figure out how long it takes to cover 36 miles at 75 mph is pretty far down on the intelligence curve. I wouldn't call it "legitimate users getting burned" if people who can't figure out that simple question are rejected.
Do not meddle in the affairs of insomniacs, for they are cranky and can do things to you while you sleep.
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
- Darth Wong
- Sith Lord
- Posts: 70028
- Joined: 2002-07-03 12:25am
- Location: Toronto, Canada
- Contact:
Re: [Discussion] Skill-Testing Registration Question
Only with human manual intervention. It will stop the mindless mass spambot cold.Hotfoot wrote:True, it depends on the difficulty of the question, but I'm saying that at any difficulty, it's not worth the potential reward, because it would be easily side-stepped by current spambots within a short period of time
That's why you get several tries.and even taking into consideration that most people should be able to do that stuff, everyone has an off day, or might make a typo in haste, shit happens.
To be quite honest, I don't want the kind of person around who's so goddamned stupid that he finds it a tiring and frustrating exercise to figure out time from distance and speed.Sure, they can retry, but it's one of those things that just adds an extra layer of difficulty and frustration for a minimal gain in security.
There's already a mechanism in place for generating random letters and getting the user to enter them. Other phpbb admins' experiences have shown that the spambots bypass that effortlessly, but not the custom-generated question.You'd almost be better off just generating random numbers in the page and having the user copy them down, it'll give you roughly the same end result if you get clever with how you generate the random numbers.
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
- Connor MacLeod
- Sith Apprentice
- Posts: 14065
- Joined: 2002-08-01 05:03pm
- Contact:
Re: [Discussion] Skill-Testing Registration Question
What if you also used both miles and kilometers? You could say, express the speed at which you travel in miles per hour, and the destination in kilometers. Make converting between miles and kilometers part of the equation.
(or perhaps between meters and kilometers?)
If you wanted to get a lil fancy you could alternate the two (one problem has the speed in km/hr and the destination in miles, and the other in miles/hr and the destination in km.) A further step might be replacing mph or kph with meters/second, or expressing the distance in meters instead of kilometers. Would a bot be able to spot those kinds of differencecs?
(or perhaps between meters and kilometers?)
If you wanted to get a lil fancy you could alternate the two (one problem has the speed in km/hr and the destination in miles, and the other in miles/hr and the destination in km.) A further step might be replacing mph or kph with meters/second, or expressing the distance in meters instead of kilometers. Would a bot be able to spot those kinds of differencecs?
- The Duchess of Zeon
- Gözde
- Posts: 14566
- Joined: 2002-09-18 01:06am
- Location: Exiled in the Pale of Settlement.
Re: [Discussion] Skill-Testing Registration Question
Eh, I really think it's fine as it is. Just distort the text a bit, and it's ready to go. I can't believe this is getting people up in arms--it's trivial.
The threshold for inclusion in Wikipedia is verifiability, not truth. -- Wikipedia's No Original Research policy page.
In 1966 the Soviets find something on the dark side of the Moon. In 2104 they come back. -- Red Banner / White Star, a nBSG continuation story. Updated to Chapter 4.0 -- 14 January 2013.
In 1966 the Soviets find something on the dark side of the Moon. In 2104 they come back. -- Red Banner / White Star, a nBSG continuation story. Updated to Chapter 4.0 -- 14 January 2013.
- Hotfoot
- Avatar of Confusion
- Posts: 5835
- Joined: 2002-10-12 04:38pm
- Location: Peace River: Badlands, Terra Nova Winter 1936
- Contact:
Re: [Discussion] Skill-Testing Registration Question
How do you think the distorted alphanumerics get broken? It's the new trend, and it's growing. It takes a guy all of a few minutes to break the system, then he mails it off to a few dozen or hundred buddies, whatever it takes. Boom, done, end, simple as that.Darth Wong wrote:Only with human manual intervention. It will stop the mindless mass spambot cold.
It's about adding an extra layer of difficulty into what should be a fairly mundane task. Sure, it may not be a problem for most people, but it will statistically be a problem for some. Add to that the time and effort that goes into making the system, and then maintaining it once it is broken, and all you have is a lot of wasted time and effort with very little to show for it.That's why you get several tries.
To be quite honest, I don't want the kind of person around who's so goddamned stupid that he finds it a tiring and frustrating exercise to figure out time from distance and speed.
This site attracts not just people who enjoy math and science, but also writers, artists, and so on. Hell, some people just plain don't like math. It doesn't mean they can't contribute to the board in some meaningful way. Even ignoring that, some people may just say "fuck it". You could make the argument that if they can't be bothered to do a simple equation, then you don't want them here, and that's fine, but it still doesn't resolve the primary issue at hand, which is getting rid of most of the spambots.
Fair enough, but I still think that this solution is just a stopgap. Given the current trends it would be easy enough to bypass after just a short while with minimal effort, requiring either a revamping of the system or constant updating which of course risks danger of there being server-side errors as the answers don't match the questions, etc.There's already a mechanism in place for generating random letters and getting the user to enter them. Other phpbb admins' experiences have shown that the spambots bypass that effortlessly, but not the custom-generated question.
Take a spammer's money though, even a small amount, and immediately you have a poweful deterrent that asks a lot from someone who attacks several forums at once. Your average user may sign up for something like 30 forums over the course of a decade, while spambots hit up dozens or hundreds a day. That adds up.
Do not meddle in the affairs of insomniacs, for they are cranky and can do things to you while you sleep.
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
- Darth Wong
- Sith Lord
- Posts: 70028
- Joined: 2002-07-03 12:25am
- Location: Toronto, Canada
- Contact:
Re: [Discussion] Skill-Testing Registration Question
And totally worthwhile, when you're talking about a single system implemented across thousands of boards on the Internet. Much less likely when it's just a single site.Hotfoot wrote:How do you think the distorted alphanumerics get broken? It's the new trend, and it's growing. It takes a guy all of a few minutes to break the system, then he mails it off to a few dozen or hundred buddies, whatever it takes. Boom, done, end, simple as that.Darth Wong wrote:Only with human manual intervention. It will stop the mindless mass spambot cold.
The same is true of entering distorted letters, which you suggested as a superior alternative, except that basic math is a useful skill, whereas the ability to read heavily distorted letters is not.It's about adding an extra layer of difficulty into what should be a fairly mundane task.To be quite honest, I don't want the kind of person around who's so goddamned stupid that he finds it a tiring and frustrating exercise to figure out time from distance and speed.
No. Anyone who can't figure out "36 miles at 75 mph" is too fucking stupid. I won't tolerate the presence of such a person. Are you saying that you need to "enjoy math and science" in order to handle such a ludicrously simple problem? That an artist or writer can't figure out the concept of distance and speed without wracking his brain or running to his textbooks?Sure, it may not be a problem for most people, but it will statistically be a problem for some. Add to that the time and effort that goes into making the system, and then maintaining it once it is broken, and all you have is a lot of wasted time and effort with very little to show for it.
This site attracts not just people who enjoy math and science, but also writers, artists, and so on. Hell, some people just plain don't like math. It doesn't mean they can't contribute to the board in some meaningful way.
And my question is only on one forum, and could be changed in less than one minute. The fact is that other admins have reported that this solution works. Yours doesn't.Take a spammer's money though, even a small amount, and immediately you have a poweful deterrent that asks a lot from someone who attacks several forums at once. Your average user may sign up for something like 30 forums over the course of a decade, while spambots hit up dozens or hundreds a day. That adds up.
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
- Hotfoot
- Avatar of Confusion
- Posts: 5835
- Joined: 2002-10-12 04:38pm
- Location: Peace River: Badlands, Terra Nova Winter 1936
- Contact:
Re: [Discussion] Skill-Testing Registration Question
Except that many boards have slight differences in their signup processes, so the spammers have to tailor things to individual sites as well, and high traffic sites like SDN are just naturally going to get more attention on them. Nature of the beast. Doesn't change the fact that what you're proposing could be broken in a pretty short period of time, especially relative to how long it would take you to set it up.Darth Wong wrote:And totally worthwhile, when you're talking about a single system implemented across thousands of boards on the Internet. Much less likely when it's just a single site.
Which problem do you want to solve more, getting rid of spammers, or getting rid of people without a specific (if basic) skill? The solution you're presenting is a great way to stop the latter, but a lousy way to stop the former. If you're serious about getting rid of spammers, you should be focusing on that aspect primarily, and figuring out what's going to be the most annoying for that group while being the least obtrusive for everyone else. If you really want to add a basic IQ test to the forum registration form, you can do that too, but that's a separate issue and should be treated as such.The same is true of entering distorted letters, which you suggested as a superior alternative, except that this is a useful skill, whereas the ability to read heavily distorted letters is not.
Fine, that's your call. I'm just pointing out that the measure you use to screen out those people won't screen out spammers or the bots they control. They are smart enough to figure out the answer and how to spoof an automated system. The only security you're enacting is security through obscurity, which is hardly useful once they take an interest in the site, which I suspect many have due to the sheer size of the forum.No. Anyone who can't figure out "36 miles at 75 mph" is too fucking stupid. I won't tolerate the presence of such a person.
Plus, if you're saying multiple boards are starting to use it, the security from obscurity starts to go away. Sure each "key" needs to be broken, but the pattern is clear, and the work is easy.
Other admins have said my solution doesn't work, or other admins haven't reported that it has? It's a fine distinction, but it's there, and it's important to consider. Also consider that it's not as simple to spoof as yours. One question that's the same every time? Someone does it once, and boom, end of security. You can cycle it, sure, even adding in random variables, but it's still easy enough to break that I wouldn't rely on it for extended periods of time. Meanwhile, to spoof payment? You need stolen credit card data for that, which is flatly illegal and can be added to a list of charges against the perpetrator.And my question is only on one forum. The fact is that other admins have reported that this solution works. Yours doesn't.
Alternatively, they give you real money from their own pocket, you ban them, and then you keep it. Win-win. Even better if they come back.
Do not meddle in the affairs of insomniacs, for they are cranky and can do things to you while you sleep.
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
The Realm of Confusion
"Every time you talk about Teal'c, I keep imagining Thor's ass. Thank you very much for that, you fucking fucker." -Marcao
SG-14: Because in some cases, "Recon" means "Blow up a fucking planet or die trying."
SilCore Wiki! Come take a look!
- Broomstick
- Emperor's Hand
- Posts: 28830
- Joined: 2004-01-02 07:04pm
- Location: Industrial armpit of the US Midwest
Re: [Discussion] Skill-Testing Registration Question
>cough< Can I say something? I'm an artist/writer who sucks at math, having spent years in the remedial end of it and totally wiping out on pre-calculus. Despite all that, I can figure out that problem. If an adult can't manage that problem they ARE fucking stupid. Being artist is not a "get out of math free" card in this life.Darth Wong wrote:No. Anyone who can't figure out "36 miles at 75 mph" is too fucking stupid. I won't tolerate the presence of such a person. Are you saying that you need to "enjoy math and science" in order to handle such a ludicrously simple problem? That an artist or writer can't figure out the concept of distance and speed without wracking his brain or running to his textbooks?Hotfoot wrote:Sure, it may not be a problem for most people, but it will statistically be a problem for some. Add to that the time and effort that goes into making the system, and then maintaining it once it is broken, and all you have is a lot of wasted time and effort with very little to show for it.
This site attracts not just people who enjoy math and science, but also writers, artists, and so on. Hell, some people just plain don't like math. It doesn't mean they can't contribute to the board in some meaningful way.
A life is like a garden. Perfect moments can be had, but not preserved, except in memory. Leonard Nimoy.
Now I did a job. I got nothing but trouble since I did it, not to mention more than a few unkind words as regard to my character so let me make this abundantly clear. I do the job. And then I get paid.- Malcolm Reynolds, Captain of Serenity, which sums up my feelings regarding the lawsuit discussed here.
If a free society cannot help the many who are poor, it cannot save the few who are rich. - John F. Kennedy
Sam Vimes Theory of Economic Injustice
Now I did a job. I got nothing but trouble since I did it, not to mention more than a few unkind words as regard to my character so let me make this abundantly clear. I do the job. And then I get paid.- Malcolm Reynolds, Captain of Serenity, which sums up my feelings regarding the lawsuit discussed here.
If a free society cannot help the many who are poor, it cannot save the few who are rich. - John F. Kennedy
Sam Vimes Theory of Economic Injustice
- Darth Wong
- Sith Lord
- Posts: 70028
- Joined: 2002-07-03 12:25am
- Location: Toronto, Canada
- Contact:
Re: [Discussion] Skill-Testing Registration Question
Incorrect. In fact, most boards use the stock registration screen. Spambots can search for phpbb boards and be assured that the majority of them continue to use it. And it takes mere seconds to enter a new question/answer in the config screen. What the hell is this "how long it would take you to set it up" horseshit? The registration question is a downloadable mod and is already active right now. Just how complicated do you think this is? I thought you were fairly computer-literate; surely you did not have the idea in your head that this would be particularly difficult to implement.Hotfoot wrote:Except that many boards have slight differences in their signup processes, so the spammers have to tailor things to individual sites as well, and high traffic sites like SDN are just naturally going to get more attention on them. Nature of the beast. Doesn't change the fact that what you're proposing could be broken in a pretty short period of time, especially relative to how long it would take you to set it up.Darth Wong wrote:And totally worthwhile, when you're talking about a single system implemented across thousands of boards on the Internet. Much less likely when it's just a single site.
As for the rest of your post, it is mostly a repetition of your insistence that spambots will pass it more easily than legitimate users, and I don't see that this preposterous claim becomes any more reasonable no matter how many times you repeat it. You seem to think that spammers have designated sd.net as a special high-value target, or that it is possible for a reasonably intelligent adult to be so fucking stupid that he does not understand the concept of distance and speed.
As for your other idea of charging everyone money to sign up, that would be vastly more likely to discourage new user registration than this sign-up question, and I can't see how anyone could seriously think otherwise. I can't imagine someone being more reticent to answer a blindingly simple math question than to go get his credit card and pay money.
"It's not evil for God to do it. Or for someone to do it at God's command."- Jonathan Boyd on baby-killing
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
"you guys are fascinated with the use of those "rules of logic" to the extent that you don't really want to discussus anything."- GC
"I do not believe Russian Roulette is a stupid act" - Embracer of Darkness
"Viagra commercials appear to save lives" - tharkûn on US health care.
http://www.stardestroyer.net/Mike/RantMode/Blurbs.html
- RedImperator
- Roosevelt Republican
- Posts: 16465
- Joined: 2002-07-11 07:59pm
- Location: Delaware
- Contact:
Re: [Discussion] Skill-Testing Registration Question
It just seems like a silly objection. I'm terrible at math and I routinely do that exact math problem whenever I'm on a long drive and want to know how long until I arrive.Broomstick wrote:>cough< Can I say something? I'm an artist/writer who sucks at math, having spent years in the remedial end of it and totally wiping out on pre-calculus. Despite all that, I can figure out that problem. If an adult can't manage that problem they ARE fucking stupid. Being artist is not a "get out of math free" card in this life.Darth Wong wrote:No. Anyone who can't figure out "36 miles at 75 mph" is too fucking stupid. I won't tolerate the presence of such a person. Are you saying that you need to "enjoy math and science" in order to handle such a ludicrously simple problem? That an artist or writer can't figure out the concept of distance and speed without wracking his brain or running to his textbooks?Hotfoot wrote:Sure, it may not be a problem for most people, but it will statistically be a problem for some. Add to that the time and effort that goes into making the system, and then maintaining it once it is broken, and all you have is a lot of wasted time and effort with very little to show for it.
This site attracts not just people who enjoy math and science, but also writers, artists, and so on. Hell, some people just plain don't like math. It doesn't mean they can't contribute to the board in some meaningful way.
Any city gets what it admires, will pay for, and, ultimately, deserves…We want and deserve tin-can architecture in a tinhorn culture. And we will probably be judged not by the monuments we build but by those we have destroyed.--Ada Louise Huxtable, "Farewell to Penn Station", New York Times editorial, 30 October 1963
X-Ray Blues
X-Ray Blues
- Connor MacLeod
- Sith Apprentice
- Posts: 14065
- Joined: 2002-08-01 05:03pm
- Contact:
Re: [Discussion] Skill-Testing Registration Question
Are you limited to one question, or could you ask several in a row?