On Wednesday, July 6, 2016, Erik Bray <erik.m.b...@gmail.com> wrote: > On Jul 6, 2016 17:40, "William Stein" <wst...@gmail.com > <javascript:_e(%7B%7D,'cvml','wst...@gmail.com');>> wrote: > > > > On Wed, Jul 6, 2016 at 8:31 AM, Erik Bray <erik.m.b...@gmail.com > <javascript:_e(%7B%7D,'cvml','erik.m.b...@gmail.com');>> wrote: > > > > > Alternatively, we can do a little better than "anonymous" be > > > re-enabling registration on the Trac site. > > > > > > Trac has an "authenticated" role, for users who have passed > > > authentication but nothing else. > > > > That sounds OK. > > > > > For now we can at give merely > > > authenticated users zero privileges (besides maybe voting) and upgrade > > > them to more privileged users (can comment, etc.) if they are trusted. > > > If it helps, I can at least add a captcha to the registration page so > > > we don't get cluttered with (as many) spam users who otherwise can't > > > do anything. > > > > > > Dima also mentioned adding OpenID authentication which is a > > > possibility, but more effort. > > > > Back when we had easy registration -- without a human manual > > verification process -- we would nearly instantly get massive amounts > > of horrible spam, and cleaning them up in trac used to be hard because > > you couldn't edit/delete comments easily. A captcha or OpenID would > > not have prevented that at all. > > Are captchas just totally useless now? I haven't kept up with the state of > the art on that but I know for a while they were getting pretty easy to > defeat. > Well they are useless against a human spammer who simply creates an account and posts content. Math puzzles work better though against such jerks.
> > I don't know if things are better now and there are less such > > spammers. At least now you can easily delete trac comments to clean > > up after a spammer. > > It's not better. I noted in another thread recently that /register on the > Trac site (even though it's disabled) gets hammered several times per > minute). I'm not too concerned about that though if registered users can't > actually do anything (save for maybe vote?) until they've been manually > verified. > > I wonder how large sites like GitHub are managing spam these days. I've > almost never seen spam on GH. > That's part of their secret sauce, which is why they get paid the big bucks and almost everybody (except us) uses them... > -- > You received this message because you are subscribed to the Google Groups > "sage-devel" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to sage-devel+unsubscr...@googlegroups.com > <javascript:_e(%7B%7D,'cvml','sage-devel%2bunsubscr...@googlegroups.com');> > . > To post to this group, send email to sage-devel@googlegroups.com > <javascript:_e(%7B%7D,'cvml','sage-devel@googlegroups.com');>. > Visit this group at https://groups.google.com/group/sage-devel. > For more options, visit https://groups.google.com/d/optout. > -- Sent from my massive iPhone 6 plus. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
