Its beginning to sound like a collection of requirements were made without any reguard to what its functionality is. Cool! Next you'll need to lift a fingerprint from a coffee mug to test the fingerprint id I say let the developers run the game to client and explain why this feature cant be "bot" tested
On Feb 25, 2:12 am, Chuck van der Linden <sqa...@gmail.com> wrote: > appreciate your trying to help out.. The capcha thing is a good > challenge, but so far the best solution for most folks is something > like > > 1) don't test against production sites > 2) employ a web.config setting or similar method to disable the > actual captcha and use a static answer. > 3) turn that setting on in the test environment. > > 4) avoid clients who don't realize that if you have something on > your production site designed to prevent attacks on the site using > automated scripts, it ALSO prevents testing against the same site > using automated scripts. > > 5) if you can't do 4, find a really good, SIMPLE analogy you can use > to explain "why it won't work" to the clueless client > > "sir, its as if you put a door on the building that is designed to > only admit living breathing humans, and specifically to keep out > robots. Then you are telling me to make robot to go through that > door, and start doing stuff inside the building" > > if 5 doesn't work, then just start smashing your hand with a rock, it > will hurt yes, maybe even more than dealing with the client, but at > least you will be in control of the pain. > > On Feb 24, 11:54 pm, Tim Koopmans <tim.ko...@gmail.com> wrote: > > > > > Chuck actually I tend to agree with all your comments there. I've been > > away from wtr-general for a while and am now amazed (after a week of > > trawling) at the quality, or lack-thereof, of requests for help. > > > In hindsight, maybe he should just try > > gem install captchavundarbarbreaker > > > Still, I always like a challenge and was tempted to put more thought > > into it. Maybe next time =) > > > Cheers, > > Tim > > > On Fri, Feb 25, 2011 at 6:23 PM, Chuck van der Linden <sqa...@gmail.com> > > wrote: > > > > Tim, > > > > I'm not saying he's a spammer.. (but one could be watching) > > > > I'm applying the LART with such vigor because he's been told about 4 > > > times 'can't do that' and he keeps asking as if we're not telling him > > > the truth or the answer will somehow change, or there is some 'secret > > > solution' using some 'magic gem' that we're just not telling him > > > about. > > > > (shhhhh don't tell anyone, but if you find the config.sys file and put > > > "User equals-sign ID ten T" on the first line in that file that will > > > make it work) > > > > and btw if he CAN break the captcha using any of the tools you > > > suggest, I'd recommend he notify his client that they need a better > > > captcha, since if it wont stop him, then it's not likely to stop the > > > spammers. > > > > BTW want to know how spammers break captchas? they crowdsource it. > > > They pay people in lesser developed nations something like a tenth of > > > a cent per captcha solved. they use scripts that capture that part of > > > the screen, send the image to a system that sends it to someone logged > > > into to it who 'solves' the puzzle and sends the 'solution' back to > > > the spammer's script where it is entered and then they can submit > > > their spam. since most captchas are just random numbers and letters > > > you dont even have to speak a foreign language to get such a job.. > > > >http://www.nytimes.com/2010/04/26/technology/26captcha.html?_r=1&hpw > > > > So assuming that his client wants to pay for this service, there is a > > > way around it (which as I said, puts a human in the loop) > > > > On Feb 23, 2:14 am, Tim Koopmans <tim.ko...@gmail.com> wrote: > > >> So let's just go easy on the guy! > > > >> It's not an entirely unreasonable request, and not really up to us to > > >> judge > > >> it. It may well be legit! > > > >> Depending on the quality of the CAPTCHA it may in fact be possible. But > > >> you'd probably have to wrap in an OCR library with some image processing > > >> (to > > >> TIFF) beforehand. > > > >> For image processing I'd recommend rmagick[1]. > > >> For OCR you could look at gocr[2], ocrad[3] or tesseract[4] > > > >> [1]http://rmagick.rubyforge.org/ > > >> [2]http://jocr.sourceforge.net/ > > >> [3]http://www.gnu.org/software/ocrad/ > > >> [4]http://code.google.com/p/tesseract-ocr/ > > > >> Good luck with that! > > > >> Cheers, > > >> Tim > > > >> On Wed, Feb 23, 2011 at 8:07 PM, Chuck van der Linden > > >> <sqa...@gmail.com>wrote: > > > >> > THERE IS NO SUCH GEM. > > > >> > NO. HELL NO. and a Thousand Times I tell you NO. > > > >> > The purpose of a captcha is a challenge to prove that it is a human at > > >> > the computer, to prevented scripted attacks on the site from spammers > > >> > and the like. The site cannot tell a scripted interaction from a > > >> > tester from a scripted interaction from a spammer or other attacker. > > > >> > if the client needs you to test against production then you need to > > >> > test pages with a captcha manually, or they would need to temporarily > > >> > disable the captcha for the duration of the test, or set it to use a > > >> > fixed answer for the duration of the test. > > > >> > You CANNOT script against a working captcha without a human in the > > >> > loop. That's the design and purpose of a captcha. And if you somehow > > >> > found a way to do that, then the client needs a better quality > > >> > captcha, because if you can figure out a way, so will the spammers. > > > >> > NOBODY who isn't a spammer is likely to develop a means to get around > > >> > captchas because we know it would then be immediately discovered and > > >> > used BY spammers, and nobody wants to help spammers. Nobody here is > > >> > going to help YOU do the same thing for the same reason, even if you > > >> > are not a spammer, one could come along later and read the answer. > > >> > stop trying to go there. > > > >> > Likewise, there is no way for the site to know your scripted > > >> > interaction (against a production site) is 'safe' that would not > > >> > potentially be used or exploited by spammers.. so I strongly > > >> > discourage anything along those lines as it would just be introducing > > >> > a chink in the sites defenses that could later be exploited to attack > > >> > the site. > > > >> > If your client is asking you to write scripting against pages with > > >> > captchas, point out to them that this is a bit like asking you to move > > >> > an object they designed to be immovable. > > > >> > On Feb 22, 9:15 am, Aditya <vaditya2...@gmail.com> wrote: > > >> > > A good idea already thinking the same. But the client needs on > > >> > > production > > >> > > environment too. So do we have any gem atleast once the page is > > >> > > loaded > > >> > can > > >> > > we get the value after page is displayed? Any idea ? > > > >> > > On Tue, Feb 22, 2011 at 7:36 PM, Basim Baassiri <ba...@baassiri.ca> > > >> > wrote: > > >> > > > I've had a similar problem in automating a signup page that had a > > >> > captcha > > >> > > > on it. > > > >> > > > I solved it by implementing in the production code to detect the > > >> > > > test > > >> > > > environment and when the test environment was evaluated the > > >> > > > captcha was > > >> > > > hardcoded to QAQA and hence i used that string to proceed with the > > >> > signup > > >> > > > page > > > >> > > > Hopefully that can help you > > > >> > > > On Tue, Feb 22, 2011 at 5:30 AM, Aditya <vaditya2...@gmail.com> > > >> > > > wrote: > > > >> > > >> Thanks for the valuable information. > > > >> > > >> Can i use rmagick gem in order to validate the captcha? > > >> > > >> and can i use it in watir? > > > >> > > >> On Tue, Feb 22, 2011 at 3:50 PM, Željko Filipin < > > >> > > >> zeljko.fili...@wa-research.ch> wrote: > > > >> > > >>> On Tue, Feb 22, 2011 at 11:17 AM, Aditya <vaditya2...@gmail.com> > > >> > wrote: > > >> > > >>> > How do we handle in terms of automation? > > > >> > > >>> Captchas are made explicitly so they could not be automated. > > > >> > > >>> If I had to automate site that used Captcha, I would test them > > >> > manually. > > > >> > > >>> Željko > > > >> > > >>> -- > > >> > > >>> Before posting, please readhttp://watir.com/support. In short: > > >> > search > > >> > > >>> before you ask, be nice. > > > >> > > >>> watir-general@googlegroups.com > > >> > > >>>http://groups.google.com/group/watir-general > > >> > > >>> watir-general+unsubscr...@googlegroups.com > > > >> > > >> -- > > >> > > >> Before posting, please readhttp://watir.com/support. In short: > > >> > > >> search > > >> > > >> before you ask, be nice. > > > >> > > >> watir-general@googlegroups.com > > >> > > >>http://groups.google.com/group/watir-general > > >> > > >> watir-general+unsubscr...@googlegroups.com > > > >> > > > -- > > >> > > > Before posting, please readhttp://watir.com/support. In short: > > >> > > > search > > >> > > > before you ask, be nice. > > > >> > > > watir-general@googlegroups.com > > >> > > >http://groups.google.com/group/watir-general > > >> > > > watir-general+unsubscr...@googlegroups.com- Hide quoted text - > > > >> > > - Show quoted text - > > > >> > -- > > >> > Before posting, please readhttp://watir.com/support. In short: search > > >> > before you ask, be nice. > > > >> > watir-general@googlegroups.com > > >> >http://groups.google.com/group/watir-general > > >> > watir-general+unsubscr...@googlegroups.com > > > > -- > > > Before posting, please readhttp://watir.com/support. In short: search > > > before you ask, be nice. > > > > watir-general@googlegroups.com > > >http://groups.google.com/group/watir-general > > > watir-general+unsubscr...@googlegroups.com- Hide quoted text - > > - Show quoted text - -- Before posting, please read http://watir.com/support. In short: search before you ask, be nice. watir-general@googlegroups.com http://groups.google.com/group/watir-general watir-general+unsubscr...@googlegroups.com
