Full Feeds Again

The Full Feeds Petition seems to have reached stagnation. Please help the cause and go and sign it.

Captcha - the bug is catching

Over at Coding Horror, there's a big post up about Captcha effectiveness. I seemed to have developed an interest in these - I've discussed the issue before here and here. A Captcha is a "completely automated public Turing test to tell computers and humans apart" - one of those little images with mangled letters which you have to enter into a box on a web form.

I don't like them for a variety of reasons, including the following:

• They're difficult to use if you're partially sighted. Some Captchas are hard to use if you're fully sighted! They're impossible if you're blind.
• They're slightly less secure than you might think - laboratory tests can break lots of the easier ones.
• They waste my time.

The World Wide Web Consortium even agrees with me, which makes a change.

The correspondent at Coding Horror doesn't agree with me:

Although there have been a number of CAPTCHA-defeating proof of concepts published, there is no practical evidence that these exploits are actually working in the real world. And if CAPTCHA is so thoroughly defeated, why is it still in use on virtually every major website on the internet? Google, Yahoo, Hotmail, you name it, if the site is even remotely popular, their new account forms are protected by CAPTCHAs.

Interestingly, most of the Captcha-defeating articles and papers that I have read find the Yahoo and Hotmail Captchas fiendishly difficult. I'm happy to admit that the better Captchas will defeat computer attempts at deciphering. My problem mostly comes from the idea that the better Captchas defeat humans as well.

Aside from computer recognition techniques for Captchas, he also points to some alternative ways which have been suggested as ways to defeat the tests (these originally came from the Petmail Documentation).

1. The Turing Farm

Let's say spammers set up a sweatshop to employ people to look at computer screens and answer CAPTCHA challenges. They get to send one message for each challenge passed. Assuming 10 seconds per challenge, and paying roughly $5 per hour, that represents $14 per thousand messages. A typical spam run of 1 million messages per day would cost $14,000 per day and require 116 people working 24/7.

This would break the economic model used by most current spammers. A recent Wired article showed one spammer earning $10 for each successful sale. At that rate, the cost of $14,000 for 1,000,000 spam emails requires a 1 in 1000 success rate just to break even, whereas current spammers are managing a 1 in 100,000 or even 1 in 1,000,000 sucess rate.

Now that's a fair argument. It's well-considered on economic grounds, with some reasonable assumptions and estimates. Let's consider the other option highlighted:

2. The Turing Porn Farm

A recent slashdot article described a trick in which spammers run a porn site that is gated by CAPTCHA challenges, which are actually ripped directly from Yahoo's new account creation page. The humans unwittingly solve the challenge on behalf of the spammers, who can therefore automate a process that was meant to be rate-limited to humans. This attack is simply another way of paying the workers of a Turing Farm. The economics may be infeasible because porn hosting costs money too.

That's not a well-reasoned argument. "The economics may be infeasible because porn hosting costs money too." Quite possibly, but this fact is just as true for real porn. Porn hosting costs money - yet I believe there's quite a lot of porn out there on the Internet. This remains an entirely feasible way to defeat a Captcha.

Early Adoption

For some reason, I have become an early adopter. I'm currently using Windows Live Writer to create this post. It's a simple way to write blog entries offline. It downloads your blog templates and current posts and therefore lets you preview exactly how it will look.

All rather clever. It's somewhat surprising, really, that I'm able to do this. Most of my life I've been significantly behind the curve in terms of computer tools. Both software and hardware that I've used have often been a fair few years old.

Everything's easy now, though. I can go off to a website and download all sorts of useful pieces of software to do all sorts of useful things. Often, however, thar be dragons lurking on the Internet.

It's great to be able to download tools which other people have written. The big problem is all about trust.

Would you install some software that you had written? Almost certainly; you know exactly what it does (note I'm assuming that you aren't a virus writer!)

Would you install some software a friend had written - almost certainly. Some software a friend had recommended - probably.

Hmm, it's all getting a bit more tentative now. Would you install a piece of software written by somebody you had never met. You've never even spoken to them - but you found them on the internet. Their website says they wrote this really cool piece of kit which will make your computer 43.62 times faster.

Put that way, downloading things from the Internet seems somewhat foolish. We often gain a little security from our friends - online communities review downloads and can be useful sources of information. It's still possible, however, for a download page to be hacked and the original file replaced with a virus. Basically, it's all about trust.

I struggle slightly to see how the average computer user will cope with all this information. On the one hand, ISPs are promising better protection, Virus Scanner writers are selling their products anywhere they can. On the other hand, there's lots of really useful things available online.

I think it's important to make a dig at Firefox now. After all, I feel the need to cement my Internet Explorer Fanboy status. So here's the problem - you all seem to want me to go out and download all these extension things. You all want average users to do the same. But will you guarantee their safety?

And it ends

But in rather a nice way...

You won't believe me, but it's installed already. This post comes from Internet Explorer 7 in Windows Vista. That's a half-hour install for an entire operating system.

Blimey.

It has begun...

For a while now, I've been building a new computer. I put it all together and it seemed to work.

Hurrah!

So then I tried to install an operating system. I reached for something free - Linux. Unfortunately, despite trying installation CDs from 5 different distributions, they all failed.

Hurroo.

Yesterday, however, something exciting and shiny arrived in the post. Windows Vista Release Candidate 1 has arrived. And it works. Well, the installer does at least. At the moment I'm staring at a "percentage complete" indication which is moving very slowly.

Oh well, I might be able to post a more complete review later this weekend. Or maybe on Monday. Who knows if it will ever finish installing?

Going to the Toilet

Going to the toilet at a urinal is fraught (sp?) with danger. It's not really permitted to stand next to another man while going; at least one urinal should be left "spare" to provide a safety barrier.

A safety barrier against what now?

I've always conformed to the unwritten rules of urination, even if not entirely sure why. However nowadays there is a new fashion developing which is somewhat confusing. Nowadays, if there is someone using one of the urinals, the next person will often go to one of the toilets, and go there instead, even if they're JUST PISSING. (I've always wanted to write obscenities in capital letters on the internet... and now's my chance.)

Why is it so necessary to avoid going to the toilet near anyone else? Is it latent homophobia, is it some sort of cultural norm which has developed more recently? I can't imagine it being the slightest worry twenty years ago.

It's time for you, the viewer, to decide. Press "A" on your keypads if you believe that....

Back online

Well, my Internet access has returned, finally. It's been off for a week or so, and I hadn't bothered to go and fix it. There was always a chance that somebody had taken an exception to my downloading GBs of Linux ISOs and MS Visual Studio Express - and I didn't really want to risk getting shouted at!

But instead it turned out that some peculiar part of DHCP had become broken -and now it's all fine.

Hurrah!

Terrorists in Britain

One day, I shall look back and say: "When I was younger, Britain faced constant terrorist attack."

Hang on... isn't that the case now?

When I was younger, Britain faced constant terrorist attack. My home city was bombed, and hundreds of people were killed during the struggle. Only this time, it was the IRA doing the bombing.

Same situation, different people. The interesting thing is that we don't seem able to cope with this new threat. Everyone's running round saying how terrible it is and how we ought to change our foreign policy to stop winding everybody up.

I'm going out on a limb here, but I think that lots of the people complaining seem to be fairly young. They may have grown up with the IRA threats, but didn't fully appreciate them. This whole "state of war" thing is really throwing them. Perhaps it's the case that the ordinary man in the street really couldn't care less about the supposed risk of death in the streets of Britain. Perhaps that's because he's lived through it all before.

Computing

I seem to be wasting an inordinate amount of time computing at the moment. I thought buying a new computer would make my life simpler, but unfortunately it hasn't. As usual, I've entered the great operating system game, where you try and make the computer work and it uses every possible tactic to prevent you. For some reason, four separate Linux distributions fail to recognise my CD drive, despite the computer having just booted off it. So I can't make them install.

I've ordered the Windows Vista RC1 DVD, which will hopefully turn up sooner rather than later. If I'm lucky, that might even work...

Swindon (again)

Well, we scored the Swindon. It was OK in the end, although lacking the musical excitement of Bristol. Unfortunately the bells were hard work and my hands hurt.

Oh well.

Sign the Full Feeds petition

http://www.fullfeeds.com/

Thinking

Part of blogging, I find, is that often one plans enormous posts, full of exciting viewpoints and arguments, but these never get written. How is it that I can so perfectly plan what should be said, but when I sit down at the computer then nothing comes out?

Often I think that the main problem is the latency. Even in our connected world, it can take me several hours to get to a computer. That great thought will be forgotten.

Perhaps the greatest thoughts of the millennium are out there waiting to be written down? Perhaps that's a reflection on the transient nature of our existence. Whatever I may do, say, or think, unless I get any of it published then it's unlikely to outlive me. Maybe I will end up studying for a PhD (or similar), maybe I spend my life in research and publish hundreds of papers. Even then, all that will be published is my work. None of my private thoughts, none of the intrigues and observations produced in response to humanity will live beyond me.

Blimey, I feel almost sober now.