Re: [NTG-context] [wiki] fake account spam

2013-04-26 Thread Hans Hagen 

On 4/26/2013 10:57 AM, Alan BRASLAU wrote:

On Thu, 25 Apr 2013 23:52:56 +0200
Sietse Brouwer  wrote:


Or we could go old-school copy protection style: "What is the fifth
word on page 120 of the TeXbook?" :-P


\TEX


we could go for sound ... pronounce \TEX\ the right way .. only DEK 
could edit then


Hans

-
  Hans Hagen | PRAGMA ADE
  Ridderstraat 27 | 8061 GH Hasselt | The Netherlands
tel: 038 477 53 69 | voip: 087 875 68 74 | www.pragma-ade.com
 | www.pragma-pod.nl
-
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-26 Thread Wolfgang Schuster 

Am 26.04.2013 um 10:57 schrieb Alan BRASLAU :

> On Thu, 25 Apr 2013 23:52:56 +0200
> Sietse Brouwer  wrote:
> 
>> Or we could go old-school copy protection style: "What is the fifth
>> word on page 120 of the TeXbook?" :-P
> 
> \TEX

Maybe \TeX\ but not \TEX\ which is a \CONTEXT\ command and not available with 
plain \TeX.

Wolfgang
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-26 Thread Alan BRASLAU 
On Thu, 25 Apr 2013 23:52:56 +0200
Sietse Brouwer  wrote:

> Or we could go old-school copy protection style: "What is the fifth
> word on page 120 of the TeXbook?" :-P

\TEX

Alan
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-26 Thread Alan BRASLAU 
On Fri, 26 Apr 2013 08:55:52 +0200
"Thomas A. Schmitz"  wrote:

> Well, in that case, I'd actually prefer Greek - "write line 222 of book 
> 2 of the Odyssey in its original Greek," or something like that... 

That's too easy:

σῆμά τέ οἱ χεύω καὶ ἐπὶ κτέρεα κτερεΐξω

:)
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-26 Thread luigi scarso 
On Fri, Apr 26, 2013 at 9:37 AM, Taco Hoekwater  wrote:

> For now, I will quickly invent some of my own questions.

and the right answers will be given only to the physical people
present at the next context meeting.


--
luigi
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-26 Thread Taco Hoekwater 
Hi,


Currently we are using QuestyCaptcha w/ ConfirmEdit. This is definitely 
supposed to be safer
than bitmap images unless the images become so complex that even humans get it 
wrong,
which has happened for me on various sites and is the most annoying thing in, 
like, ever!

I do not mind adding new questions and/or replacing all of them, but it is a 
bad idea to send
the new ones to the mailing list, since somehow a spamnet seems to have found 
the answers
and I doubt that they actually went to the trouble of looking up the answers on 
pragma-ade.com
(but then again, weirder stuff has happened).

For now, I will quickly invent some of my own questions.

Best wishes,
Taco




___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-25 Thread Thomas A. Schmitz 

On 04/26/2013 08:31 AM, Procházka Lukáš Ing. - Pontex s. r. o. wrote:



even though I consider myself a serious Ctx user, Dutch is still Greek
to me.



How about to prompt the user to encode a displayed math, e.g. "b/a2^3"
to be answered "$\frac{b}{a_2^3}$"?

Well, in that case, I'd actually prefer Greek - "write line 222 of book 
2 of the Odyssey in its original Greek," or something like that... 
Seriously, I guess I'm not alone when I say I never use math.

But I agree something has to be done...

Thomas
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-25 Thread Procházka Lukáš Ing . - Pontex s . r . o . 

Hello,

On Thu, 25 Apr 2013 20:19:41 +0200, Thomas A. Schmitz 
 wrote:


On 04/25/2013 07:31 PM, Sietse Brouwer wrote:

Hi Taco,



I think it's a good idea to update the security questions --- it's
easy to do, it'll probably work, and we can always move on to stronger
measures that require more work. Below are some replacemetn questions.


Yes, I had already contacted Mojca a couple of weeks ago. I think we
should demand that all questions be answered in Dutch. Every serious
ConTeXter has to know some Dutch,


even though I consider myself a serious Ctx user, Dutch is still Greek to me.


and nothing better than asking "What
is the ConTeXt keyword for a two-sided layout" and expecting
"dubbelzijdig" as an answer.


Goggle translator would help in this case 
(http://translate.google.com/#en/nl/doublesided);
but having a "more complicated keyword/option" may mean a 
unanswered/unanswerable question...

How about to prompt the user to encode a displayed math, e.g. "b/a2^3" to be answered 
"$\frac{b}{a_2^3}$"?

Best regards,

Lukas



If that doesn't help, we make them
pronounce it...

Thomas



--
Ing. Lukáš Procházka [mailto:l...@pontex.cz]
Pontex s. r. o.  [mailto:pon...@pontex.cz] [http://www.pontex.cz]
Bezová 1658
147 14 Praha 4

Tel: +420 244 062 238
Fax: +420 244 461 038

___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-25 Thread Sietse Brouwer 
> Confirm account means that a new user will not be able to quickly correct
> typos etc. Isn't there a simple way to add a captcha to mediawiki.

Just found one (I had missed it when I sent my previous e-mail):

http://www.mediawiki.org/wiki/Extension:ReCAPTCHA, nowadays merged into
http://www.mediawiki.org/wiki/Extension:ConfirmEdit (which is not
ConfirmAccount).

ConfirmEdit can be configured to only present captchas to
non-logged-in users, when they try to edit or create a page, or create
an account. Might that be useful?

Or we could go old-school copy protection style: "What is the fifth
word on page 120 of the TeXbook?" :-P

If we want to have a slightly higher barrier of entry: "Name one
undocumented command that you recently heard about on the mailing
list." ;-)

Cheers,
Sietse
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-25 Thread Alan BRASLAU 
On Thu, 25 Apr 2013 20:19:41 +0200
"Thomas A. Schmitz"  wrote:

> I think we 
> should demand that all questions be answered in Dutch. Every serious 
> ConTeXter has to know some Dutch, and nothing better than asking
> "What is the ConTeXt keyword for a two-sided layout" and expecting 
> "dubbelzijdig" as an answer. If that doesn't help, we make them 
> pronounce it...

++

(One can always look in mult-def.lua in order to cheat, but this won't
help me with the pronounciation)

Alan
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-25 Thread Thomas A. Schmitz 

On 04/25/2013 07:31 PM, Sietse Brouwer wrote:

Hi Taco,

We're getting 3-12 new accounts created per day. If nothing else,
they're cluttering up the recent changes list.

I think it's a good idea to update the security questions --- it's
easy to do, it'll probably work, and we can always move on to stronger
measures that require more work. Below are some replacemetn questions.


Yes, I had already contacted Mojca a couple of weeks ago. I think we 
should demand that all questions be answered in Dutch. Every serious 
ConTeXter has to know some Dutch, and nothing better than asking "What 
is the ConTeXt keyword for a two-sided layout" and expecting 
"dubbelzijdig" as an answer. If that doesn't help, we make them 
pronounce it...


Thomas
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-25 Thread Aditya Mahajan 

On Thu, 25 Apr 2013, Sietse Brouwer wrote:


We're getting 3-12 new accounts created per day. If nothing else,
they're cluttering up the recent changes list.

I think it's a good idea to update the security questions --- it's
easy to do, it'll probably work, and we can always move on to stronger
measures that require more work. Below are some replacemetn questions.

* If you have a log of which questions get answered correctly,
perhaps only rotate out the bad question(s);
* If finding the cracked questions is nontrivial (i.e. more work than
'just open the log file and see which ones get answered every day'),
just replace them all.

If this works, hooray; if it stops working, we can either change the
questions again (if the spammers took long to get through) or move on
to e.g. the ConfirmAccount extension [1,2] (if the questions got
cracked quickly, so we are getting 'human' attention from the spammer
instead of his bots).


Confirm account means that a new user will not be able to quickly correct 
typos etc. Isn't there a simple way to add a captcha to mediawiki. I am 
not a big fan of Captchas, but the are the de facto standard for human 
verification. A user only has to do it once, so it is not too big of an 
annoyance either.


Aditya
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-25 Thread Sietse Brouwer 
Hi Taco,

We're getting 3-12 new accounts created per day. If nothing else,
they're cluttering up the recent changes list.

I think it's a good idea to update the security questions --- it's
easy to do, it'll probably work, and we can always move on to stronger
measures that require more work. Below are some replacemetn questions.

* If you have a log of which questions get answered correctly,
perhaps only rotate out the bad question(s);
* If finding the cracked questions is nontrivial (i.e. more work than
'just open the log file and see which ones get answered every day'),
just replace them all.

If this works, hooray; if it stops working, we can either change the
questions again (if the spammers took long to get through) or move on
to e.g. the ConfirmAccount extension [1,2] (if the questions got
cracked quickly, so we are getting 'human' attention from the spammer
instead of his bots).

[1] http://www.mediawiki.org/wiki/Extension:ConfirmAccount
[2] http://www.stargate-wiki.de/wiki/Spezial:Benutzerkonto_beantragen

Cheers,
Sietse

The proposed questions:

* What command indicates 'text starts here'? (Include the backslash.)
  \starttext

* What command is used to setup the bodyfont? (Include the backslash.)
  \setupbodyfont

* What is the last name (starts with K) of the man who created TeX?
  Knuth

* What is the first name (7 letters, starts with H) of Mr Zapf?
  Hermann

* How many letters does 'stoptext' contain? (Please type out the
number as a word.)
  Eight
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-06 Thread Philipp Gesang 
·

> On Fri, Apr 5, 2013 at 3:43 PM, Philipp Gesang  wrote:
> > Hi all,
> >
> > I’d like to draw your attention to the wiki. The spammers appear
> > to know the solution to the current entry barrier “What is
> > usually the last command in a ConTeXt source file (without the
> > backslash)?”, and the number of fake accounts is growing fast:
> >
> >   http://wiki.contextgarden.net/Special:Log/newusers
> >
> > They don’t, however, seem to vandalize yet, so I guess the postal
> > code of Hasselt is unbreakable with today’s technology ;-)

I spoke too soon (or maybe those guys read the list and view this
discussion as a challenge?):

  http://wiki.contextgarden.net/Special:Contributions/TrenaLege


> > Nevertheless the account spam is messing up the recent changes
> > feed:
> >
> >   
> > http://wiki.contextgarden.net/index.php?title=Special:RecentChanges&feed=rss
> >
> > Even if it’s not urgent, may I suggest we collect possible
> > replacements for the current question? I can’t image the damage
> > those accounts would do once they figure out how to post links.
> 
> It would probably be best to:
> 
> 1.) Remove all those account (attention: some users are actually
> legitimate and contributed valid content).
> 
> 2.) Find out if there is any problematic IP and block those IPs.

Careful as their IPs could be spoofed, you might end up blocking
innocent users.

> 3.) Install something like
> http://www.mediawiki.org/wiki/Extension:ConfirmAccount and/or maybe
> use both captcha and some context-specific question (honestly: if
> users don't know how to answer some slightly more tricky question,
> they shouldn't be able to get the account). We could use questions
> like "Last name of president of ConTeXt User Group."

This could discourage people from fixing trivial stuff like
misspellings. Maybe add a note that they should drop a mail to
the list if they don’t know the answer.

Regards
Philipp


-- 
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments


pgp8__DJ8ORpi.pgp
Description: PGP signature
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-05 Thread Leo Arnold 

On 04/05/2013 04:09 PM, Arthur Reutenauer wrote:

   Adding an actual captcha seems like the way to go; it may not prevent
all automated account creations, but it clearly filters much better than
a static list of questions with plain-text answers.


... or have them write a letter of motivation and require three letters 
of recommendation from already renowned ConTeXt users ;-)

___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-05 Thread Alan BRASLAU 
On Fri, 5 Apr 2013 15:59:47 +0200
Mojca Miklavec  wrote:

> some context-specific question (honestly: if
> users don't know how to answer some slightly more tricky question,
> they shouldn't be able to get the account). We could use questions
> like "Last name of president of ConTeXt User Group."

Uh... ?

Why not some *really* tricky question like: "what keyword is to be used to 
right-justify?" :)

Alan
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-05 Thread Arthur Reutenauer 
> 3.) Install something like
> http://www.mediawiki.org/wiki/Extension:ConfirmAccount and/or maybe
> use both captcha and some context-specific question

  Adding an actual captcha seems like the way to go; it may not prevent
all automated account creations, but it clearly filters much better than
a static list of questions with plain-text answers.

Arthur
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___

Re: [NTG-context] [wiki] fake account spam

2013-04-05 Thread Mojca Miklavec 
On Fri, Apr 5, 2013 at 3:43 PM, Philipp Gesang  wrote:
> Hi all,
>
> I’d like to draw your attention to the wiki. The spammers appear
> to know the solution to the current entry barrier “What is
> usually the last command in a ConTeXt source file (without the
> backslash)?”, and the number of fake accounts is growing fast:
>
>   http://wiki.contextgarden.net/Special:Log/newusers
>
> They don’t, however, seem to vandalize yet, so I guess the postal
> code of Hasselt is unbreakable with today’s technology ;-)
> Nevertheless the account spam is messing up the recent changes
> feed:
>
>   http://wiki.contextgarden.net/index.php?title=Special:RecentChanges&feed=rss
>
> Even if it’s not urgent, may I suggest we collect possible
> replacements for the current question? I can’t image the damage
> those accounts would do once they figure out how to post links.

It would probably be best to:

1.) Remove all those account (attention: some users are actually
legitimate and contributed valid content).

2.) Find out if there is any problematic IP and block those IPs.

3.) Install something like
http://www.mediawiki.org/wiki/Extension:ConfirmAccount and/or maybe
use both captcha and some context-specific question (honestly: if
users don't know how to answer some slightly more tricky question,
they shouldn't be able to get the account). We could use questions
like "Last name of president of ConTeXt User Group."

I haven't been on wiki for a while and received a warning about the
issue yesterday.

Mojca
___
If your question is of interest to others as well, please add an entry to the 
Wiki!

maillist : ntg-context@ntg.nl / http://www.ntg.nl/mailman/listinfo/ntg-context
webpage  : http://www.pragma-ade.nl / http://tex.aanhet.net
archive  : http://foundry.supelec.fr/projects/contextrev/
wiki : http://contextgarden.net
___