Visual Confirmation

Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here.
Forum rules
Discuss features as they are added to the new version. Give us your feedback. Don't post bug reports, feature requests, support questions or suggestions here. Feature requests are closed.
Post Reply
User avatar
dhn
Registered User
Posts: 1518
Joined: Wed Jul 04, 2001 8:10 am
Location: Around the corner
Contact:

Re: Visual Confirmation

Post by dhn »

EXreaction wrote: What about blind people? I don't think there are many blind people using PC's...much less using a BB. :lol:
You really have no idea.

Some links to educate you:
http://en.wikipedia.org/wiki/Blindness#Computers" target="_blank
http://www.dolphincomputeraccess.com/products/hal.htm" target="_blank
http://www.freedomscientific.com/fs_pro ... e_jaws.asp" target="_blank
... and a lot more.
Image

profpete
Registered User
Posts: 140
Joined: Wed Dec 08, 2004 10:49 pm
Location: Wales, UK

Re: Visual Confirmation

Post by profpete »

Lastof wrote: Is it just ln2?

if x tends towards 0, arctan(x) tends towards 0, root(arctan(x) . sin(1/x)) tends towards 0, 2 + root(arctan(x) . sin(1/x)) tends towards 2, therefore, it's just ln2.

Or, did I miss something?

edit: damn you cyberCrank. You beat me. Well, atleast the "you were beat to posting" bit saved me the trouble of having to click the edit button.
I still think 42 is better though :mrgreen:

User avatar
Lastof
Registered User
Posts: 518
Joined: Wed Mar 17, 2004 8:10 pm
Location: Two weeks last wednesday

Re: Visual Confirmation

Post by Lastof »

Yes, but the question was wrong.

Uh, I've gone into what the actual question is on this board perviously, so, I'm not going to bother repeating myself.
Last edited by Lastof on 04 May 2008, 00:00, edited -1 times in total
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Look, I'm officially not a bug!!
SHS`: "Oooh Bertie, spank me with that casing stick, spank me spank me spaaaaannnnk mee!"
Image

User avatar
Balint
Registered User
Posts: 16
Joined: Thu Jan 01, 2004 1:37 am

Re: Visual Confirmation

Post by Balint »

Hi!

Although the page is in german, I would like to recommend the following site:

http://www.amigalink.de/phpbb2/viewtopic.php?t=529" target="_blank

It depends on
GD_library >= 1.6 with freetype
but has very nice acp options, maybe the german speaking dev team members could take a look!? :oops:

Greets,
Bálint
I am free because I know that I alone am morally responsible for everything I do.
Robert A. Heinlein

Xore
Registered User
Posts: 80
Joined: Mon Jul 21, 2003 11:44 pm
Location: The desert
Contact:

Re: Visual Confirmation

Post by Xore »

Balint wrote: Hi!

Although the page is in german, I would like to recommend the following site:

http://www.amigalink.de/phpbb2/viewtopic.php?t=529" target="_blank

It depends on
GD_library >= 1.6 with freetype
but has very nice acp options, maybe the german speaking dev team members could take a look!? :oops:

Greets,
Bálint
The Babelfish is your friend =)

rivaldo
Registered User
Posts: 269
Joined: Wed Feb 23, 2005 1:05 am

Re: Visual Confirmation

Post by rivaldo »

EXreaction wrote:
{o} wrote: What about blind people? Are you going to implement sort of vocal confirmation as an alternative? But this is problematic too. If the speaker is english and i don't know english? And both are able to break.
What about blind people? I don't think there are many blind people using PC's...much less using a BB. :lol:
Hmmm... Then let me go tell the blind software *developers* at my company that they better go home because according to you, they don't exist.

User avatar
the_dan
Registered User
Posts: 700
Joined: Thu Apr 01, 2004 7:36 pm

Re: Visual Confirmation

Post by the_dan »

From what I could read on that website, it should be fairly easy to defeat the detection mechanism by changing the colours for each letter, rotating them, and maybe altering their transparancy?

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: Visual Confirmation

Post by code reader »

[soupbox="mount"]
phpbb is known for its "NIH" ("not-invented-here) policy.
if anyone asked me (nobody did), i would, for instance advise them to use, for templates, SMARTY (or another gpl, open-source template engine), instead of making their own, using some botched pieces of code from various template engines.
please allow me to explain the rational:
1) by choosing a live project, which keeps on improving, you get a "free ride": whenever they add something to improve performance, functionality or security, your project can assimilate the advantage with very little effort.
2) this way, you "support" another open-source project, and help make it a standard.
3) any security issue with this part of the code stands a good chance of being discovered earlier, and handled quicker by a team dedicated to this part
4) save the time and effort of re-inventing something that works, and the bother of finding and solving bugs
5) whenever you feel that the project you co-opted takes a turn in the wrong direction, you are totally free to remain with the existing code, and you can modify it if you want to.

the same piece of logic goes for the captcha. i know of at least one open-source, GPL captcha project. i can't guarantee it is better than the stuff phpbb has now, but, as noted, the current captcha in phpbb is very weak.

my recommendation: if indeed, as noted earlier in this thread, the dev team is looking at strengthening the captcha, at least look at the existing sourceforge projects and consider them as alternatives. this way, when someone cracks them you are likely to find about it sooner, and get a fix sooner.
[/soap]

Xore
Registered User
Posts: 80
Joined: Mon Jul 21, 2003 11:44 pm
Location: The desert
Contact:

Re: Visual Confirmation

Post by Xore »

the_dan wrote: From what I could read on that website, it should be fairly easy to defeat the detection mechanism by changing the colours for each letter, rotating them, and maybe altering their transparancy?
And then someone just tweaks the adversary code a little bit to understand alternating colors and rotations. Transparencies? ...depends on how you do it.

(I <3 the "posts since i started posting" feature)

(what's a soupbox?)
code reader wrote: [soupbox="mount"]
the same piece of logic goes for the captcha.
No, no it doesn't
1) by choosing a live project, which keeps on improving, you get a "free ride": whenever they add something to improve performance, functionality or security, your project can assimilate the advantage with very little effort.
One of the core reasons why phpbb is under a lot of criticism right now is because people see it to be a big security hole. the biggest problem we encounter, however, is not people getting attacked using the latest version of phpbb, but people using earlier versions. Getting a "free ride" isn't going to help when people don't upgrade anyway.
2) this way, you "support" another open-source project, and help make it a standard.
Just because a project is open source does not imply it should become standard. "Open source" does by no means imply "standards-quality code". Even if it is (or a significant portion of teh intarweb thinks it is) the best thing out there. I don't mean to rag on Wordpress, but i think it's a good example of this concept.
3) any security issue with this part of the code stands a good chance of being discovered earlier, and handled quicker by a team dedicated to this part
This doesn't help your argument at all.
  • The issues we'll be dealing with primarily are not security, but complexity. If someone breaks the captcha, it's not because of any fault in the programming... someone just wrote a better AI to handle what got thrown at it. This isn't a bug... the programmer did nothing wrong.
  • When it's open source, it's much easier to break a captcha, since the adversary programmer can look and see exactly what measures are in place to confound her, and work to circumvent them much more easily, since they can therefore make assumptions about what cases they don't have to deal with
  • When a captcha is at it's peak of operability, a team of people is not guaranteed to be able to make it better. a broken captcha is not a buggy program. There is no guaranteed fix. And if the team operating it can't come up with something better, you're pretty much stuck with it
4) save the time and effort of re-inventing something that works, and the bother of finding and solving bugs
I'm sure any potential exploiter/spammer would look at this statement with glee. If everyone uses the same captcha, then once that captcha is broken, everyone is vulnerable.

The strength of captcha is in diversity: if someone else's captcha gets broken, i'm still safe

phpBB has it's work cut out for it in that regard. Whatever captcha phpbb ends up with, a lot of people will be using it. I look forward to seeing how phpBB will rise to this challenge =)

Yawnster
Registered User
Posts: 342
Joined: Sat Jan 29, 2005 9:18 pm
Location: London, UK
Contact:

Re: Visual Confirmation

Post by Yawnster »

Personally I am not a great believer in any kind of Image Confirmation, purely for the fact of anything you can store on a computer can be read by a computer, thus any images, sound etc can be recreated.. However saying this, its the best we got to prevent against spamming..

I would have to agree with you that the phpBB Catcha is rather on the weak side, but as noted before there isnt any publicly available exploits for it.. I would say that phpBB policy on other code is one reason I love this project, it means that they know exactly whats inside the package, also if they were any outside code, the update cycle would be herendous.. Because with all the different projects releasing things at different times phpBB would not be a Forum Solution, it would be a Distro..

Yawnster

Post Reply