• pwolk (unregistered)

    Obviously, the intended word was "OUTWIT", and the wtf is the incorrect string handling.

    Captcha: readlocks

  • (cs)

    Gorgeous girl, but her nose isn't big enough ...

    I'm sorry: I seem to have drifted off topic here.

  • (cs) in reply to MrEleganza
    MrEleganza:
    re: The UTWIT thing, there have been multiple times at my work where I've called the help desk to get a password reset, and before they give me the new temporary password, they have to give a preface of, "Okay, this password was generated automatically. I didn't come up with this." Then they give me a password much more unambigiously insulting that utwit (I think "FAT8JERK" was one...I forget now).
    This is what happens when you generate passwords out of a dictionary and don't vet the dictionary. :p It's a good policy, though, since no one can remember random combinations of letters and symbols, without a lot of effort, but two or three words with a digit or space or two is no problem at all. Keeps people from changing it back to fluffy at the first opportunity.
    Erik:
    The most efficient way to make sure your process (and anyone else's) is dead is to simply issue the command "kill -9 -1" as root. Simple, effective, and portable.
    Well, unless you have a wedged driver or hardware misfire. Then you perform percussive maintenance prior to removing power.
  • Marat V. (unregistered)

    Bugaga !! Preved MArad!!!

  • lbubby (unregistered)

    Twit can mean:

    * A British slang referring to a silly, annoying, ineffectual, and/or imbecilic person. Examples can be found in the Monty Python sketch Upper Class Twit of the Year
  • anon (unregistered)

    Only 3 wtf-s? Let me add one more: Samsonite: "We provide innovative solutions" See how innovative they are? :)

  • anon (unregistered) in reply to anon
    anon:
    Only 3 wtf-s? Let me add one more: Samsonite: "We provide innovative solutions" See how innovative they are? :)

    WTF? they fixed it by the time I finished posting it. (They had fucked up the syntax and the source got displayed in plain text.) Nna, then the real wtf is that they test stuff on their public site only.

  • Dan Neely (unregistered)

    For a truely FUBAR CAPTCHA look at the one at the bottom of this rational support page. The verification code is displayed as text not an image. Copy/paste for the win!!!!

    http://www-1.ibm.com/support/docview.wss?uid=swg21226526

  • (cs)

    This actually makes sense. Spambots can adapt to image-based captchas. It takes a very special spambot (or manual intervention) to recognise a text-based captcha, or more to the point, recognise that it IS a captcha. Text rarely is.

    ......

    By the way, how about a captcha that presents symbolic images, not text, using Google image search? For example, the captcha could display a random image of the Louvre, pulled from an image search, and a random image of the Eiffel Tower, also pulled from an image search. The requested word is 'PARIS'.

    If someone sues you for copyright, a huge image bank and a library of photo filters would also work. OCR may be adept at reading the letter 'T', but it probably won't recognise the Eiffel Tower.

    Any flaws with this idea, or should I go and commercialise it now? ;)

  • ! (unregistered) in reply to Brother Laz

    So, the requested word is "Paris". Right. Or "France". Or "Tourism". Or even "Architecture".

    Alternatively, the algorithm presents you with a symbol you're unable to recognize. Sure, most people who are even remotely familiar with Europe would recognize the Eiffel Tower and know that it's in Paris, France, but you can't stretch things much further than that. Big Ben - okay, London. Statue of Liberty - New York. Sydney Opera House - duh, Sydney. Brandenburger Tor? Some people will undoubtedly fail to recognize it.

    Most CAPTCHAs really only have to be good at two things: they should be absolutely trivial for the user, and they should require an "attacker" to alter their script in a nontrivial way(i.e. discourage spammers). (For a few sites, such as those that allow registration of email addresses, it should also be pretty hard to write such a script, but this really isn't a problem for most sites.) Your method fails because it sacrifices usability(by introducing ambiguity or posing "hard" questions) in order to attain security where none is needed.

    If we allow Javascript and the like, I'd say a good CAPTCHA could simply ask the user to press four labeled buttons in the correct order. ("Press button one, then button two, then button three, then button four.") After having done so, there would be a clear visual indication that they'd be able to pass the test. It's be trivial to bypass this mechanism, but in my humble opinion as I stated it above, most sites don't actually need security, just protection from spammers, so a custom CAPTCHA is in itself enough.

    For sites that actually need security, the best solution I've heard relies on a steady stream of users and a multi-step process.

    First step: ask the user to three yes/no questions when presented with a few small images: is this a drawing of a kitten? Is that a drawing of a house? Is that a drawing of an airplane?

    Next step: randomly generate a "thing" and ask the user to draw it. (The user knows that a very quick doodle is all that's expected, because they've seen some examples.)

    Final step: Wait(while allowing the user to fill out their form or whatever) for verification by three other users. (Majority vote out of five.)

    Of the pictures presented to the user for verification, one or two should be ones drawn by other users, and the rest should be fakes containing random lines and curves generated by the server. Users should be required not to verify the fakes to be allowed to pass.

    Some IP filtering should be done to prevent spammers from loading the page en masse to verify their own images. (If your site is large enough, of course, it quickly becomes unlikely that attackers will be assigned their own images.)

    This is very secure, and for a process users are only required to go through once(which should be the case for all CAPTCHAs that need to be secure: after going through them, you generate a token, such as a username/password pair, which identifies you permanently), it's likely to be thought of as "fun" rather than "annoying".

    It depends on one thing, though: people have to confirm that kittens are kittens etc., because we have no way to check that users aren't just maliciously answering "Not kitten" for every drawing.

  • Synonymous Awkward (unregistered) in reply to !
    !:
    Of the pictures presented to the user for verification, one or two should be ones drawn by other users, and the rest should be fakes containing random lines and curves generated by the server. Users should be required not to verify the fakes to be allowed to pass.

    I have a phrase which will spoil your fun! It is "Rorschach test". ;-)

  • Anonymoose (unregistered) in reply to cellocgw
    cellocgw:
    Bathtub Girl vs. BeanbagChair Girl forever!

    No contest. Bathtub Girl has an easy win because she is NAKED!

  • (cs)

    "unterminated string meets end of file" sounds like the storyline for a TV series!

  • (cs)

    You can exit any time you like but you can never leave.

  • (cs) in reply to Bobble
    Bobble:
    That Captcha looks like it was intercepted by a business analyst who likely decided that a bot-safe captcha would be too difficult to read by the users and 'could we just make it some text, mmkay?'

    It's better than captchas that can defeat my brain's internal OCR software half the time.

  • (cs) in reply to Spectre
    Spectre:
    Wasn't there an informal agreement not to poke fun at the open-source projects?

    It seems unfair to give them a free pass. Sure there's a lot of crap on sourceforge that never gets used or looked at, but one of the supposed virtues of the open source movement is that all those eyes produce better software. They should be held to the same standard as proprietary software.

  • AdT (unregistered) in reply to Ubersoldat
    Ubersoldat:
    Try this on a production enviroment... you'll be DOOM (Cptch)

    Killing init is futile on a Linux machine, even if you are root. Don't know much about other *nixes, though.

    Sorry, this feature (post) not implemented yet.

  • iToad (unregistered)

    So why not alternate CAPTCHA characters between text and images? If you could get everything to line up, bots and OCR software would both get confused.

    Should I try to get a patent for this ??

    CAPTCHA: onomatopoeia (Really !)

  • Jared (unregistered)

    I LOL'd at the last one... :)

    (CAPTCHA: "bathe")

    sniffs armpits

    Maybe I should go take a shower...

  • SomeLlama (unregistered)

    Question on the pic of the girl in the tub.. how is she supposed to get out of the tub without catching herself or her towel on fire?

    Pumping water out of the tub onto the candles with her hands would seem to be counter-intuitive of the relaxing atmosphere.. no?

  • erisdiscordia (unregistered) in reply to T_PAAMAYIM_NEKUDOTAYIM
    T_PAAMAYIM_NEKUDOTAYIM:
    ...softwares...

    Please don't take this personally, but --

    Aaaaaaaaaaarrrgghh!!

  • darwin (unregistered) in reply to Ubersoldat
    Ubersoldat:
    dlikhten:
    Exiting software is for losers anyways...

    Yeah! Best way is:

    ps -ef | grep init | head -1 | awk '{ print $2 }' | xargs kill

    Try this on a production enviroment... you'll be DOOM (Cptch)

    We have DOOM on all our prod boxes.

  • aaaaaswqas (unregistered) in reply to Aaron
    Aaron:
    sirhegel:
    These darn CAPTCHA things tend to make the end users' life a true P.I.T.A! To make the user interface more fluent, I would suggest implementing a javascript-based OCR to read the CAPTCHA and fill in the value to the textbox so that he user only needs to verify that the captcha is right and click the submit button.
    If you're just using the CAPTCHA to prevent spam, then this is actually a perfectly valid strategy, although in most cases the JS also hides the entire CAPTCHA entry form. Most bots and spam engines don't parse JavaScript for very practical reasons, so the JS doesn't really help them, and for users using lynx or Netscape Communicator or some other stupid downlevel browser, it degrades gracefully.

    Of course the JavaScript isn't actually doing OCR - it's generated on the server-side along with the CAPTCHA itself, so it's a "hard-coded" value by the time it reaches the client. If the spammers somehow figure out the script and start parsing it, it's not too hard to slightly alter the script to throw them off (or better, crash their engine - that's one reason why they don't parse JS in the first place).

  • (cs)

    The best CAPTCHA I ever had was "hooker." I took a screen cap and sent it to the company, with the words, "lolz, sifnt have word exclusion list."

  • jimbox (unregistered)

    lol --^

  • BrandonPhone (unregistered)

    herbal calming remedies https://forums.dieviete.lv/profils/127605/forum/ remedial massage courses

Leave a comment on “Your CAPTCHA Hates You”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article