On Thu, May 8, 2008 at 1:32 AM, MyTwoCents <m2c at nym.panta-rhei.eu.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > On Tue, 6 May 2008, "Evan Daniel" <evanbd at gmail.com> wrote: > >On Tue, May 6, 2008 at 9:39 PM, MyTwoCents <m2c at nym.panta-rhei.eu.org> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA1 > >> > >> I was going to just post this on my flog (which I did) but decided that > >> since I've no idea if any devs read it, I want to be certain that it gets > >> SOME actual notice by developer types and thus posted it here also > >> > >> I've been taking a bit of time lately to check in on 0.7 again and have > >> been trying out FMS. I have to say that while the idea is a good one, > has > >> a few things that need to be addressed. Specifically the process of > >> announcing new identities has problems. > >> > >> 1) The capcha images themselves have absolutely GOT to be changed. > >> Because: "You must have at least 1 identity created and have received the > >> SSK keypair for it from Freenet before setting trust.", I cannot post > >> messages yet, I have been able to read a few, including one: > >> > >> Subject: Re: current CAPTCHAs suck > >> From: The Seeker at cI~w2hrvvyUa1E6PhJ9j5cCoG1xmxSooi7Nez4V2Gd4 > >> Date: Thu, 01 May 08 21:31:52 -0000 > >> Message-ID: > >> <D307C15C-56CD-4CC4-9822-3EAF1D0CAC8F at > cIw2hrvvyUa1E6PhJ9j5cCoG1xmxSooi7Nez4 > >> V2Gd4> > >> > >> That expresses the opinion that the captchas are more likely to be solved > >> by a program than a human. > >> > >> Having spent a few hours trying in vain to read the damn things, I have > to > >> say that I wouldn't be surprized if that were true. Of course, I also > >> think that they were specifically designed to make life difficult for > >> people with vision impairments. > >> > >> The images need to be something that an actual human will have little to > no > >> trouble reading them. Unfortunately, the graphic abortions that are in > use > >> now are apparently impossible for me to read, since I've been "solving" > >> (not that I know if they're 'solved' or just wrong.) them for the better > >> part of a week now and have yet to get my identity announced. > >> > >> Which brings me to #2. > >> > >> How about some feedback? > >> > >> Specifically, when I "solve" a captcha, how about telling me if I got it > >> right or not? My thought, present captchas one at a time. Allow user to > >> fill in and submit. If incorrect, TELL THE USER!!!, then present them > with > >> a new one. If it's correct, again TELL THE USER!!! then present them > with > >> a new one. > >> > >> This business of sitting here going nearly blind trying to read faint, > >> almost invisible characters is bad enough, not even knowing if I actually > >> got one right is liable to make somebody homicidal. There's absolutely > >> ZERO reason for this to be a fargin guessing game! > >> > >> Frankly, if I ever get my hands on the > >> absolute-brain-dead-moron-studying-to-be-an-idiot-and-failing-miserably > >> that decided to use that kind of damn-near-invisible-characters-image I'm > >> going to print out 10,000 pages of them on plywood sheeds and make him > eat > >> them while I beat him to death with my monitor! > >> > >> Can you tell I'm more than just casually frustrated here? Good! > >> > >> WILL SOMEBODY PLEASE FIX THE DAMNED CAPTCHAS ON FMS?!? > >> > >> The preceeding was written while frustrated and angry and then posted > >> anyway to make a point. > >> > >> - -- > >> My public keys can be found on my freenet site: > >> SSK at TEx6TiaPeszpV4AFw3ToutDb49EPAgM/mytwocents/62//m2ckey.html > >> (*NOTE* you must be running freenet for this link to be usefull) > >> and on public keyservers. Key-Id: 0x92769D7E > >> Fingerprint: 2F07D586C8D4EEA732711338CFEF46E592769D7E > >> I can be reached either by the NiM form on the freesite or by > >> Email: m2c AT nym.panta-rhei.eu.org > >> Frost: MyTwoCents at Z+59LNK9NhMvxewYggENU4Ww50s On the 0.5 Freenet board > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: N/A > >> > >> iQA/AwUBSCDgbJ5/ZUtfDwnNEQL29wCfW8gK6/+WA3h7bqnKxeIdzQ30GAcAn2ja > >> DbIHNfhKs12uZq8FvGYc340y > >> =l+8j > >> -----END PGP SIGNATURE----- > >> > >> _______________________________________________ > >> Support mailing list > >> Support at freenetproject.org > >> http://news.gmane.org/gmane.network.freenet.support > >> Unsubscribe at > >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support > >> Or mailto:support-request at freenetproject.org?subject=unsubscribe > >> > > > >I tried to read your flog but couldn't; your SSK is malformed. > > That's not malformed. It's an 0.5 key. My flog is mirrored on both > networks > 0.7 key is (wordwrap is probably gonna kill this. ymmv) > USK at > 0wysM1-lkx2I-iEE8FCfepf5BCpHk4pXQSsMi9KjDAA,rQ8XqGy-MFZIMbM3zWE0VwXzNUf > T7lcp5gVYOoFFzio,AQACAAE/mytwocents/11/ > (it's also listed on 'Another Index') > > > >There are ways other than captchas to announce yourself. If I knew > >what your identity was I'd be happy to add it, as you're obviously > >human. > > I'd take you up on that if it werent for a stubborn streak that insists on > my being able to do it myself by following the few directions I could find > and the software working and letting me in. > > > >You could post a patch with better captchas. As the initiator of the > > If I had the skills I'd be glad to give it a go. Unfortunately I don't. > > > >thread you referenced, I would be in favor. I've got some code I'm > >playing with, but it's not there yet. Working on other people's code > >always feels more like work than fun, and the same is true of C++, so > >it probably won't get posted for a while yet. > > Does this mean that these images are somehow generated as needed instead of > selected from a pool of stock images? > > > >In the meantime I've modified the FMS source so that my node will post > >easier versions of the same captchas. If this creates a spam problem, > >I apologize; somebody tell me if I'm announcing all the spammers and > >don't notice :D > > I'll be sure to mention it when I see any 'easier' versions. > > In the meantime I'm going to try with this version of FMS (0.2.9) for > another day or two. Then I'm going to kill the thing and wait for the next > version. It's not worth all this frustration trying to solve something > that won't even tell me if I'm right or not. > > I *** -=*>HATE<*=- *** guessing games and that's all this announcement > thing is to me. > > If I can't figure out what a captcha says in less than 30seconds, it's > probably not worth trying. As for the images FMS is using, I can't begin > to express how much utter contempt I have for the decision to use that type > of captcha when there are a lot of them around the internet that are at > least human readable.
You might want to upgrade to the latest version of FMS (0.2.14). I found a rather relevant bug, which SomeDude has fixed: identities were publishing captchas even when they weren't publishing trust lists. If you solved one of their captchas, you would be announced to them, but not to anyone else. Given the fraction of identities publishing trust lists (low), this means that your odds of actually getting announced are small, at best. 0.2.14 will not download captchas from identities not publishing trust lists, and won't publish them if you're not publishing one. Yes, the captchas are automatically generated on demand; the code is in simplecaptcha.cpp. If there was a stock database it wouldn't work, as a spammer could just harvest the whole database. I'm not going to continue my brief attempt to make a different captcha system (though I'll keep running my easier version of the same style captcha). There are many far more competent people out there working on the problem, and the current state of the art appears to be that the spammers are winning. There have been some interesting proposals recently, eg: http://arstechnica.com/news.ars/post/20080423-researchers-stay-step-ahead-of-bots-with-image-based-captcha.html My current belief is that captchas are doomed, and some alternate system is needed. I have no clue what it is; currently, I think hashcash might be the best option, as bad as it is. For now, out of band introductions are a good thing, though obviously not a complete solution -- though I can certainly sympathize with your stubbornness :) Evan Daniel
