On Wednesday, July 6, 2016 at 5:04:33 PM UTC+1, William wrote: > > > > On Wednesday, July 6, 2016, Erik Bray <erik....@gmail.com <javascript:>> > wrote: > >> On Jul 6, 2016 17:40, "William Stein" <> wrote: >> > >> > On Wed, Jul 6, 2016 at 8:31 AM, Erik Bray <> wrote: >> > >> > > Alternatively, we can do a little better than "anonymous" be >> > > re-enabling registration on the Trac site. >> > > >> > > Trac has an "authenticated" role, for users who have passed >> > > authentication but nothing else. >> > >> > That sounds OK. >> > >> > > For now we can at give merely >> > > authenticated users zero privileges (besides maybe voting) and upgrade >> > > them to more privileged users (can comment, etc.) if they are trusted. >> > > If it helps, I can at least add a captcha to the registration page so >> > > we don't get cluttered with (as many) spam users who otherwise can't >> > > do anything. >> > > >> > > Dima also mentioned adding OpenID authentication which is a >> > > possibility, but more effort. >> > >> > Back when we had easy registration -- without a human manual >> > verification process -- we would nearly instantly get massive amounts >> > of horrible spam, and cleaning them up in trac used to be hard because >> > you couldn't edit/delete comments easily. A captcha or OpenID would >> > not have prevented that at all. >> > I was talking about OpenID used for voting only. One really does not want completely anonymous voting, this is too prone to vandalism and the same persons voting many, many times. Certainly, OpenIDs are not enough for anything related to actually posting content.
> Are captchas just totally useless now? I haven't kept up with the state of >> the art on that but I know for a while they were getting pretty easy to >> defeat. >> > Well they are useless against a human spammer who simply creates an > account and posts content. Math puzzles work better though against such > jerks. > > > >> > I don't know if things are better now and there are less such >> > spammers. At least now you can easily delete trac comments to clean >> > up after a spammer. >> >> It's not better. I noted in another thread recently that /register on the >> Trac site (even though it's disabled) gets hammered several times per >> minute). I'm not too concerned about that though if registered users can't >> actually do anything (save for maybe vote?) until they've been manually >> verified. >> >> I wonder how large sites like GitHub are managing spam these days. I've >> almost never seen spam on GH. >> > That's part of their secret sauce, which is why they get paid the big > bucks and almost everybody (except us) uses them... > > > > -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
