Depart from Six Apart: Fight comment spam with the simplicity of the SCode CAPTCHA
Recommended reading: Six Apart Guide to Combatting Comment Spam.
This is direct from the makers of Movable Type. Because I’m such an opinionated fellow, I’m gonna take issue with the recommendations in their guide. I suggest you use their page as an overview (for which it is excellent) rather than a set of prescriptions (for which it is flawed).
Specifically, they use strong language to warn against James Seng’s excellent SCode plugin, which allows for the use of a CAPTCHA in Movable Type blogs. Instead, they recommend a cocktail of plugins and upgrading to the latest version of Movable Type. (I’m still on Movable Type 2.66, since Six Apart managed to release MT3 with [count 'em] zero new features that interested me. Once again, all of MT’s innovation springs from their plugins authors, who don’t make a dime from their efforts, while MT goes corporate and charges for software built on plugin functionality. Alas, I’ll save that rant for another time.)
Let’s get back to the basics here. Spammers use bots (automated programs) to spew spam, whether of the comment spam or e-mail spam variety. We want humans to comment on our weblogs. Therefore, if we distinguish between bots, which should never be permitted to comment on blogs, and humans, which should always be able to comment on blogs, we’re set. (To amend that, if we’re dealing with a jerk of a human, we can selectively lay the smack down with IP bans or by manually deleting comments.) Hey, let’s try that again. Repeat after me, Mena, Ben, Anil, Six Apart staff, and the Rest of the World:
If we distinguish humans from bots and allow only the former to comment on blogs, we eliminate comment spam.
The test to distinguish humans from computers is called a Turing test, and the classic example of such a test is a CAPTCHA. Hey, now—I’ve heard of that. It’s James Seng’s SCode! I even blogged about it!
But Six Apart is very negative on CAPTCHAs. Here are their “cons” on the CAPTCHA option for combating comment spam:
Cons: Numerous. First, an image-based CAPTCHA is impossible to solve for people with impaired vision, those with reading difficulties (e.g. dyslexia), or those using text-only web browsers. If the only way to comment on your site is by solving an image-based CAPTCHA, you have a serious accessibility problem.
Plus, because CAPTCHAs are in use on numerous high-profile sites, such as Yahoo Groups and PayPal, spammers have devoted significant effort into automating ways to solve them. For example, this report by Cory Doctorow at Boing Boing indicates that spammers have begun using unsuspecting web surfers on other sites to do the work for them in real-time.
What Six Apart fails to mention, of course, is that spammers always go for the low-hanging fruit. Circumventing CAPTCHAs by tricking Web users to solve image CAPTCHAs on porn sites is not low-hanging fruit.
Oh, and since Six Apart is so concerned about accessibility, here’s a screenshot from my Movable Type administration screen (MT 2.661), as viewed in the text browser Lynx. Talk about walking the walk. (UPDATE 1/5/04 [evening]: Here’s a screenshot of the MT3 admin interface. This backs up Anil’s assertion that the accessibility was improved greatly as MT moved from v2 to v3. Thanks to Jason.)
To be fair, image CAPTCHAs are impossible to solve in text browsers and for visually impaired users. If SCode were extended to be solvable by audio as well, as I’ve seen this in some cutting-edge websites, its accessibility would be greatly improved. That way, the numbered produced in the CAPTCHA could be viewed or listened to and then entered in a form to solve the Turing test. And ultimately, we’re dealing with beautiful simplicity: distinguishing humans from bots to stop spam.
UPDATE 1/5/04 [afternoon]: James Seng pointed out to me in an e-mail exchange the ultimate hypocrisy of Six Apart: their TypeKey registration form uses a CAPTCHA! You can’t make this stuff up! Other bloggers have noted this and roundly criticized them. Even worse, as noted by these bloggers, they fail to provide a “Contact Us” form or audio alternative for visually impaired users to work around the image CAPTCHA (UPDATE 1/5/04 [evening]: Shelley offers a correction). All of this comes after Six Apart’s clear antagonism toward SCode.
Once again, Six Apart fails to walk the walk.
Another take on comment spam
I highly encourage you to check out Winds of Change.NET’s Guide to Fighting Comment Spam. You’ll notice that they recommend against TypeKey and seem intrigued by SCode. But there’s much more, so give it a looksie.
Other sites talking about Six Apart’s Comment Spam Guide
- Discusion at Six Apart’s Professional Network: Conversations about the Comment Spam Guide
- John Dowdell: Blogspam guide
- Dullroar: Movable Type’s Useless Guide to Comment Spam
- Stuff.: Gruber’s Guide to Comment Spam. (I learned from this that John Gruber of Daring Fireball wrote the Six Apart guide. He’s a good guy, and a good writer. I cited him in a previous jotsheet entry denouncing Eric S. Raymond.)
January 5th, 2005 at 3:43 pm
tom - i’ve never quite understood why instead of an image CAPTCHA or audio, you couldn’t simply have a simple TEXT question, such as: What is thirty-six divided by six, or, what color is a bananna. what am i missing here?
January 5th, 2005 at 5:02 pm
Hey Tom, thanks for taking the time to give such detailed feedback. I hope I can cover a few of your concerns.
First, I wouldn’t characterize any of our warnings as “strong language” against anything. James’ plugin is great, and you should use it if you prefer that technique. *Every* tactic we talk about has pros and cons listed. Do you find any of the cons listed to be false?
Moving on, we’re on version MT3.1 one now. I honestly don’t recall the exact interface from MT2.661 (that version’s a year old) but I do know it was basically mostly unchanged from MT 2.x, which was built years ago. I’m confident MT3’s much more accessible, and our output’s excellent for accessibility. Does the fact that we’ve helped millions of accessible pages be published count towards our credibility in this matter? Where’s the indignant post about the HTML generated by FrontPage? I think it’s good to have some perspective: We’ve advanced the cause of accessibility and standards-based publishing an enormous amount over the past few years.
Next, you say “Once again, all of MT’s innovation springs from their plugins authors, who don’t make a dime from their efforts, while MT goes corporate and charges for software built on plugin functionality.”
MT plugin developers are the *only* plugin developers in the blog world who regularly get paid for their work (and not just from our plugin contest). In addition, there’s infrastucture like DropCash ransoms, paypal campaigns, and standard payment structures that we encourage and promote for our developers to take advantage of. Even with the rate we’re growing, there’s thousands of people who *don’t* work for Six Apart that make a living in whole or in part by using Movable Type, and I’m awful proud of that.
I don’t know if I have anything helpful to say about the assertion that a corporation is going corporate. I’ll hold our company’s ethics, standards, transparency, and behavior against any in the world.
Finally, saying that we’re very negative on CAPTCHA, but then presenting it as a “gotcha” that we’re using CATPCHA on TypeKey is silly. Obviously we’re not carte blanche against CAPTCHA if we use it. You can either assail us for being against it (which is false) or ding us for using it (which is unfair), but you certainly can’t yell at us for both in the same post.
Finally, I’ve talked to James, a number of times, about SCode. I think it’s a great plugin. We linked to it in our guide. I’m sorry he feels neglected, but I honestly don’t know how to change his impression that he’s not receiving enough attention other than to prominently include his plugin in our guide that’s designed to be a definitive reference for our users.
Frankly, my job is to reach out to our plugin developers, so if James feels that I’ve been inattentive, that’s my fault and I’ll try to do better. But that doesn’t explain the extraordinarily negative tone of the rest of your comments.
We’ve created what I strongly feel is a valuable resource for our community. It puts more information out there, promotes current solutions, and provides useful information for developing future solutions. How is that a bad thing?
January 5th, 2005 at 6:18 pm
Anil,
1. It is a fact that Ben has publicly bashed CAPTCHA (after I release SCode). And it is also a fact that Typekey uses CAPTCHA. Please do your own conclusion.
2. When you start bashing your unpaid plugin developers, you alienate them. Putting them on a list does not changes anything.
3. I agree that CAPTCHA has disabiltity problem (which is why I started Bayesian) but the so called report on BoingBoing is a theortical attack which is not known to happen yet.
When you start listing theortical attack, I have lots to add for Blacklists…
January 5th, 2005 at 6:28 pm
Conversations about the Comment Spam Guide
We’ve gotten some good feedback, from both people who use Movable Type and those who don’t, about our Comment Spam Guide. There’s responses worth reading at sites like JD on MX, and you can find my own comments as well…
January 5th, 2005 at 6:34 pm
First, there are negatives to CAPTCHA, ones that Ben (and all of us) are sensitive to, and I can’t speak for Ben, but the decision was made to use CAPTCHA on TypeKey anyway. Don’t you see that as a victory for the solution you’re advocating?
I love our developers: They’re why I do what I do. I specifically changed positions in our company so I could spend more time reaching out to the community full-time. For most, us giving recognition and promotion to their work helps motivate them. Is there something else that would help motivate you?
I do agree the one listed on BoingBoing may be more urban legend than fact. But that doesn’t negate the fact that not only is the attack possible, it’s one that’s been suggested in a very public venue. Especially given that your plugin is free, and you therefore have no financial incentive for advocating CAPTCHA, you seem to take conversations about the technology very personally.
Other than us promoting your plugin, using the technology ourselves, and describing it to our users, I don’t know any other reasonable tactic we can do to advance the technology to users who find its tradeoffs acceptable. If you’ve been affronted in the past by the words of any person at Six Apart, I apologize. But I think you may be putting too much of your own feelings into a conversation that is, at its heart, about technology.
January 5th, 2005 at 9:27 pm
Anil,
First, thanks for the feedback. It’s not every day the jotsheet gets a visit from a Famous Person, so I think that’s pretty neat. Moving on, let me address some of your points.
Well, I think your characterization of his plugin is highly misleading, in fact. Allow me to quote the pros and cons in full:
Okay. First of all, you don’t cite “numerous” cons. You actually cite one problem with CAPTCHAs—that they’re an accessibility problem. CAPTCHA tests are predicated on humans having normally sensory functions, such as normal vision, normal hearing, etc.
Then you go on to cite a theoretical “report” by Cory Doctorow, whom I might add was one of your plugin contest judges (interesting, that). By the way, let me quote a bit from this “report” (it’s more like a theoretical musing, but let’s put that aside):
“Someone told me?” Uhh, okay.
But isn’t it interesting that the “pro” of CAPTCHAs is that they’re “very difficult for spammers to work around,” yet you imply in the “con” section that the spammers have no problem getting around them!
And you throw the implying business to the wind if you look at the example CAPTCHA and its caption underneath:
“Easily circumventable,” eh? I’d say your “pro” section disputes that. And by the way, the
ALTtext on the example CAPTCHA image: “CAPTCHAs often are not legible even if you can see!”Soo, Anil, I’d say you’re a tad bit negative on CAPTCHAs, and more specifically, on James’ SCode plugin. Why don’t you just cop to that?
Anyway, let’s move on. You also claimed that I was unfair in saying Six Apart works on the backs of plugin authors:
And maybe that was overstated. But what other blog tool started out completely free and then went corporate? Six Apart could only become a viable, profitable enterprise because of the ingenuity of Movable Type plugin authors who worked during 2.x while MT was still free. I’m sticking to that.
Let’s see. What else? Lot to respond to.. Okay..
The extraordinarily negative tone is because I’m a ranting, unstable blogger. I mean, that’s just me. (Take a look around this place.) But basically, I think it’s bullshit to say all the negative things about CAPTCHAs (and, by association, James’ work)—I think I’ve shown in detail that your guide is “extraordinarily negative”—and then to use a CAPTCHA. Furthermore, there’s no way around it that I can see—no contact form, no e-mail, no nothing. It just doesn’t seem consistent to me. Am I wrong?
It’s not a bad thing, and that’s why I tagged the guide as “recommended reading.” I think it’s good stuff, and I learned a lot from it. I just don’t agree with its conclusions.
Finally, I’d like to say I enjoy Movable Type, and I spread the gospel. Many in my company are interested in MT because of my evangelizing, and you’ll be making money soon on MT3 because of me. So don’t worry about it. It’s all good in the hood.
January 5th, 2005 at 9:34 pm
Just to flesh out a little bit of the argument here with data, Tom, here’s a screenshot of the MT v3.1 homepage in Lynx. Looks a world better than the v2.X one that you provide above.
January 5th, 2005 at 10:00 pm
Thanks, Jason. Anil was right about the accessibility of MT’s admin interface improve with the release of MT3, and I was pretty sure I read that in the release notes months ago.
January 5th, 2005 at 10:17 pm
Also, I wanted to address this, Anil.
You do deserve credit for helping the Web along on its slow journey toward accessible, standards-based pages. I don’t know that it was all that complicated of an endeavor; it seems like most of the “standards” in MT’s output are in the “standard” template and the “convert linebreaks” option, which at least in 2.x seems to have quirks. But I agree, MT blogs are usually made of good code.
Oh, and you wanted a rant about Microsoft’s HTML? Hey man, ask and ye shall receive.
January 5th, 2005 at 10:35 pm
There is indeed a Contact Form for TypeKey that is available for any registration or login problems users are facing, including assistance with the CAPTCHA image (and since I personally respond to submissions from the form each day, I know that people are finding it).
However, it is currently linked only from the TypeKey home page (under “Having problems with your TypeKey account?”), so we could definitely do a better job of pointing it out as an option during the registration process.
January 5th, 2005 at 11:55 pm
See the presentation I did at the OECD Antispam Summit last year. I never believe in THE-SOLUTION in antispam..it is just an ever-on-going escalating war and I am absolutely certain someday SCode/Captcha will fail to stop spammers.
But from experience, I know what does not work. Blacklist is one of such technology which does not work and eventually more harmful to the community.
I still remember the discussion with Jay that I predicted the eventual blacklist evolution will be a centralized blacklist system. Jay specifically say that wont happen back then but now he is running the clearinghouse *wow* so much for promises.
Let me predict that within the next 24mths the centralized blacklist will be abused, then misused, then people giving up and then form competiting centralized blacklist, and then other groups will forms others, and then soon we have dozen of centralized blacklist, with an ever-going cycle of abuse and misused for political reasons.
Don’t get me wrong. I sincerely believe you love your developers and I am sure you are doing a good job. Keep it up.
Lots of attacks are possible against SCode. I know at least 3 ways to do it myself. But likewise, there are lots of theortical attack against Blacklist..why not list them those too?
I don’t take it personal. But I care about the blog community and I know blacklist is a bad idea which will eventually split the communtiy and destory it. (Like it did to Email)
Sorry, putting SCode onto a list and then bashing it and then eventually not recommending hardly qualifies as ‘promoting it’.
Sorry, in which part of my discussion about the technology solution that makes you think I am taking it personally? Or are you saying my criticism of Blacklist and Typekey bias and not logical? If so, please point out the mistake technically speaking.
January 6th, 2005 at 5:08 pm
Hi all. I don’t really have time for this because I’m actually working on the next version of Movable Type, but I can answer a couple of points briefly.
First of all, James, why did you suddenly start mentioning Blacklist and my name? I’m unclear here. There were many things mentioned in the guide of which Blacklist happened to be one. The reason it is in there and recommended is because by almost everyone’s account who has used it, an extremely effective way of dealing with comment spam on MT 3.x installations with little downside.
I had a lot of convesations with you, but I don’t remember this one. I’m not exactly sure what you are saying is an accurate potrayal of what I said since the Clearinghouse blacklist started very soon (with 3 weeks or so I believe) I released MT-Blacklist.
I **HAVE** always advocated that a centralized solution was not the right or final solution. It was a stop-gap measure until I found the spare time to implement the peer-to-peer features I had spec’d out. Because of my financial situation at the time and my resulting lack of time away from consulting contracts, I never got to complete that part of the vision.
You use the word “competing” which is just silly. Complementary perhaps. I don’t hold anyone to using the one I maintain. It’s not required and it’s not unchangeable. People use mine because I’m respected and they know that I’m very careful and conscientious about what goes on it.
There’s no power struggle here. There’s no competition. There is no Battle of the Titans here — SCode (or Bayesian) against Blacklist. I do remember having to say that to you several times in our past conversations (like this one, which mirrors this very thread almost completely), but you always seemed to turn this into some sort of competitive thing. That’s ridiculous. It’s not an either or choice, as evidenced by a number of people who run both.
To circumvent MT-Blacklist? Please do tell.
If Blacklist destroyed email, then why do I have almost 300 unread emails in my inbox. :-) Seriously, James, you should know better. Weblog spam is completely different from email spam. This is a conversation we’ve had a number of times, the difference now being that MT-Blacklist has proved effective and safe, unlike at the beginning when you predicted that it would be a complete failure.
You’ve been predicting MT-Blacklist’s demise since the beginning. Why is this issue such a hotbutton issue for you?
There were other alternatives we didn’t even mention. Would you prefer we remove the link to your plugin? You see, we did NOT BASH SCode. We listed the well-known and absolutely practical arguments against using CAPTCHA. SCode happens to be a fine implementation of CAPTCHA for use with Movable Type blogs.
So what I’m saying to you is that this isn’t personal. This is a problem with the CMU invention: CAPTCHA.
As far as the CAPTCHA on the TypeKey login page, we point out that very fact (TypeKey->cons) in the Comment Spam Guide. We’re not being hypocritical, we are being practical.
The CAPTCHA image on the TypeKey (which, I might add, infuriates me because sometimes even *I* can’t read it) was done at the very outset at the time TypeKey was launched. It hasn’t been well thought out and needs to be revisited. You will see changes in the registration process in the future.
I will point out in addition that solving the CAPTCHA once for TypeKey registration is very different from having to solve it every single time you want to comment on a blog. The impact on the group of users who have trouble with these things is much higher in the latter case.
And how many of those plugin authors begrudge Six Apart for that? I can’t think of a single one.
Huh? How does that link show clear antagonism against Scode from Six Apart? First of all, it’s about CAPTCHA and not SCode in particular. Secondly, it’s a conversation between James and I over a year ago. I started working at Six Apart two months ago.
Everyone, seriously, I’ve got work to do and can’t keep this debate from over a year ago up any longer. There is no competition. There is no denigration.
We created the guide as a practical how-to for preventing or at least greatly reducing comment spam on Movable Type blogs. In doing so, we evaluated solutions on the following basis:
* Long-term effectiveness
* Free from accessibility problems
* Low maintenance for you
* Low impact to your site’s visitors
Some things satisifed those criteria well and some didn’t, but we listed even solutions that we couldn’t recommend. We gave people the information they needed to make their own decisions.
In the end, however, we as a company absolutely cannot recommend a solution to our entire user base that completely eliminates the accesibility of Movable Type blogs to the visually or reading impaired and a whole slew of other people. I’m sorry that SCode happens to fall under that umbrella, but you should remember that it’s not a personal attack against the plugin or against James, but instead the underlying technology developer at Carnegie Mellon.
Solve these accessibility problems in the form of a plugin and you’ll jump into the recommendation list.
What exactly are you implying? That there is some big internet-wide conspiracy between Six Apart and Boing Boing to discredit CAPTCHA? Why do you think we care that much? Why do you care so much?
The bottom line is, if you like CAPTCHA, you should use it. The freedom to do so is the same freedom that we enjoy to recommend what we feel is best for our user base. If you don’t like our recommendations, feel free to ignore them but don’t try to make some ridiculous conspiracy case out of it. They’re just recommendations.
January 6th, 2005 at 5:21 pm
By the way, Dad wrote:
Now that’s what I’m talking about. Or rather, talked about fourteen months ago in response to James’ advocacy of a CAPTCHA-based solution.
January 6th, 2005 at 9:33 pm
Hi Jay,
Nice to have you here, and thanks for taking the time to write such a lengthy reply. I do understand you’re busy (no sarcasm), so you needn’t feel the responsibility to respond to this unless you want to. But I’ll respond to your response. (I mean, how can I resist?)
You seem to have a lot of confidence in MT-Blacklist, and perhaps rightly so. It’s certainly, and thus far it’s proven quite effective. But I think the very idea of a blacklist is flawed. I’ll probably explore this in greater detail in a subsequent blog entry, and perhaps I’ll drop you an e-mail when I do that, but in summary:
I’m waiting for the comment spam virus.
Sure, I bet you and others have already thought of it, but what happens when a tidy little virus comes along that turns Windows boxes into MT spam zombies? All of those DSL and cable IPs get blacklisted, and voila!—commenting on MT blogs ain’t so great.
Thanks for pointing out that you point out that TypeKey uses a CAPTCHA in their registration. I’d missed that.
This is a good point, and I agree. Theoretically, James’ SCode could be extended to add a user’s IP to a list once he correctly passes the CAPTCHA test. In combination with MT-DBSL, this would make for a good setup.
It only illustrated the lack of attention Six Apart gave the plugin, as evidenced by this quote from James’ blog:
The last two goals of your guide were:
I would counter by saying that comment moderation is not low maintenance for me by any means, and requiring TypeKey registration is not low maintenance for my site’s visitors. For regular visitors it would be lower maintenance than entering the CAPTCHA, but not for all of the random comments I get (and that’s the bulk of them).
Sure, fair enough. I mean, I agree. But for my blog, which is pretty low traffic and which gets few comments (like 95% of the MT blogs out there), a blind person can e-mail their comment to me and I’ll post it for them. I say as much in the
ALTtext of the SCode CAPTCHA.Nah man, just thought it was funny. And funny to call it a “report.” ;)
And as to my Dad’s comment… yeah, it’s a good one, and wiser than I first realized. I’m noticing something like that on a lot of WordPress blogs these days…
Oh, and I can’t neglect this…
Perhaps that’s true. I certainly don’t know the plugin authors like you do. But I do know that when MT3 came out, it sparked a furor and a lot of people got pissed. It sure wouldn’t surprise me if some of those people were developers, and it sure wouldn’t surprise me if some of those people were coding WordPress stuff today. But honestly, I’m just speculating, and frankly, it’s not germane to this topic of conversation.
January 7th, 2005 at 3:10 am
Jay, I am sure I am as busy as you are but that’s beside the point.
But let me give you a quick reply to your question on my position on blacklist. I thought it is obvious but since you don’t get it after so many discussion, let me put it in plain words.
I am ANTI blacklist
I am not advocating Scode or CAPTCHA or any other solution is better then another but one thing is absolutely clear to me. Blacklist are bad idea.
I believe it is a solution that harms the community more then it helps. Banishing someone using a blacklist is like sending him to jail, except without a get-out-of-jail option. It is more of a political solution then technical solution. It is harmful because it seggerate the community. While community needs to be build up together, blacklist break them apart.
The fact you still have spams in your inbox is sufficient prove it does not work. And no, I absolutely don’t believe webspam to be different from email spam. Spams are spams. It is an economic game theory problem. It exists on every human communication we know, on net and off net and webspam is no difference otherwise.
I made a prediction there will be a centralized blacklist where you specifically say it wont. I was on a mark. I make another prediction in my previous post and let see how it goes in the 12-24 months.
January 8th, 2005 at 12:57 pm
MT-Blacklist has nothing to do with IP addresses because IP addresses are useless unless you’re just weeding out anonymous proxies (e.g. MT-DBSL)
James, when you say “I am ANTI blacklist” and “Blacklist are bad idea” are you talking about the idea of a blacklist or my implementation called MT-Blacklist?
I would totally agree with you that blacklists are a bad idea if they are controlled by a gatekeeper (e.g. your ISP) and the actions they take are opaque to the end user (i.e. you can’t tell what it’s doing).
MT-Blacklist does neither of these things. It’s controlled by the person who owns the site and the owner can see exactly what MT-Blacklist is blocking and not blocking. Therefore it’s more of a shield than a wall.
What’s more, I’ve advocated many times with MT-Blacklist 2.0 to use the blacklist functionality of MT-Blacklist only to fend off severe spam attacks that are in progress. The old entry and max URL moderation work just fine to keep about 95% of the spam off the site.
You describe it like you’re talking about MAPS RBL which is controlled by your ISP, blocks on IP address and gives the end users no notification. That’s not MT-Blacklist.
MT-Blacklist doesn’t block people, James. It blocks content that the weblog owner directs it to block. This content is usually a spammed domain name.
If you think that a weblog owner blocking comments that contain the string “anal-sex-pictures.us” is tearing apart the community, you are obviously in a different community than I am.
Please point me to anywhere on the web where I’ve said that MT-Blacklist blocks 100% of the spam. Please. Really. I look forward to eating my words.
The fact is that MT-Blacklist effectively and drastically reduces the amount of spam the user receives. That means it WORKS.
Then you have no idea what’s going on. Email spam tries to get you to click on something. It tries to entice you to notice it and take an action.
Weblog spam is done for the purpose of getting only the GoogleBot to notice you (i.e. to increase PageRank) and the spammer would prefer it if no human ever noticed it.
In retrospect, I wish I had called it something other than MT-Blacklist so that people who have a grudge against MAPS wouldn’t lump it together with the RBL.
It’s got nothing to do with IP banning, it’s completely transparent in it’s operation and one of it’s greatest strengths is to be able to flag something for review (i.e. moderation) if it matches something on your blacklist.
It’s amazing that I still have to say these things after over a year of wide accepted and acclaimed use of MT-Blacklist. It’s very clear to me that you have never once even tried my plugin.
I am finished having this debate with you until such time when you actually show that you have some knowledge of that which your speak. Until then, this is a waste of both of our time.
January 8th, 2005 at 2:18 pm
Well, that seems rather rude to me.
And yes, you’re correct—I don’t know the particulars of MT-Blacklist. Do you know the particulars of plugins you don’t use?
So I went to your site and read the “Getting the most out of MT-Blacklist” page. (Is there any more authoritiative documentation? I don’t feel like trawling through the forums.) And yes, I’m wrong (and not afraid to admit it, by the way—both of you could probably learn from that). MT-Blacklist doesn’t blacklist IP addresses. But it does blacklist websites. From the aforementioned MT-Blacklist page:
So, if I’m not mistaken, if someone has a vendetta against me and spams the hell out of the blogosphere with underscorebleach.net links, I’m going to get blacklisted? Oh wait, I guess that already happened, eh? What would be a real trick is if someone went on a comment spam rampage for microsoft.com or jayallen.com. No more linking to those sites! Heh.
Except people using autoupdate?
Jay, you say that email spam and weblog spam are very different. Perhaps, but both are unwanted messages from automated programs. There are emails I get from automated programs that I want (e.g. newsletters), but I have to verify that I want them. This “verification” could be thought of as a secondary “CAPTCHA”-type test [misuse of the term], but failing such verification, I never want to receive messages generated by automated programs.
Fellas, this is about CAPTCHAs, not the future of the world. I think everyone can relax a little bit. I mean, jeez, look at what this weblog is used for! Not exactly earth-shattering.
January 8th, 2005 at 3:20 pm
Sure, I am anti-blacklist, and that include MT-blacklist.
But never once did I insult your intelligence as you did. Now, you could just be throwing a flamebait but (a) i wont bite and (b) your posting only shows how you are unable to conduct a technical discussion without ad hominem attack.
But just one quick comment: I don’t know what I am talking? FYI, I read your MT-Blacklist code before I gave my comment. Have you read my codes before you publish the criticisms?
January 8th, 2005 at 7:28 pm
I posted an article about a method to increase accessibility of captchas a while ago. In that article I included a sample application with which it is possible to generate captcha audio files to use in combination with a standard image based captcha.
It should be fairly easy for someone to extend any MT captcha plugin to use these audio files and thereby provide an accessible alternative for visually impaired users as well as those using a text only browser.
January 8th, 2005 at 7:45 pm
I’m with Jay on this one. Time a few folks actually did some research before speaking. By the way, I am a screen reader user so I had to ask my wife to enter the number - a complete chore.
January 8th, 2005 at 8:02 pm
Thanks, Lee. But if you’ve done the research, how about you respond to my question about malicious spamming using a non-porn site in the comment so that it gets blacklisted?
By the way, if anyone else stumbles in here and is interested in the history between Jay and James (because there is history, it seems—this tiff didn’t just crop up on my blog), go here and then here.
January 15th, 2005 at 4:51 pm
I purposefully forgot about this thread because it’s a waste of everyone’s time, but Tom recently pointed out another thread on his site that pointed to this one. Lo and behold I’m here and now I see that I need to respond again.
James, this is a case, I think, of the language barrier. Never once did I insult your intelligence. I actually know for a fact that you are highly intelligent and to do so would be just silly.
What I DID say is that you were talking about something without having full command of the facts. Even intelligent people do that. Yes, you looked at my code but that was ten days after I released it. More than a year has now passed and MT-Blacklist is FAR more than a blacklist. In fact, as I’ve said elsewhere, you can use MT-Blacklist very effectively without even USING the blacklist functionality.
I don’t need to read your code when I see the end result on this very site: the inaccessible CAPTCHA. I’m sure it’s coded very well, but in the end, a blind person couldn’t comment.
I AGREE! It’s a shame that someone didn’t do that 14 months ago so that this entire conversation could have been made unnecessary and so that it could have been recommended with gusto in the recently published comment spam guide.
Let’s remember that we’re on the same team here: The anti-spam team. I really believe that and hope that you understand I just want this problem to be solved in the best way.
Anyway, I won’t be checking back in this thread again, so email me if you want to discuss this further.
October 24th, 2005 at 9:43 pm
For non-image browsers and sight-impaired people, perhaps instead of just displaying the images you could convert them to CSS shrunken text logos to give the illusion of an image of the confirmation code/word? Then sight-impaired people can Ctrl-plus them to enlarge as much as they want. See my link for a working example of this.
March 23rd, 2006 at 12:50 am
nice to hear you again dude :)
June 2nd, 2006 at 9:38 pm
“I found one method to stop spam quite effective. And that is to ban open proxy and bot IP’s. So I started collecting IP’s from spams that I get. At first, it was a tedious manual task. But soon, the list grew. And with the help of honey pots and automated processing, the task became easier. Now it is at a point where the IP ban stops 95% to 99% of the spam. So far, not a single valid comment has been banned from using this IP list. As the list continues to grow, it will continue to improve its affectivity.”
February 17th, 2008 at 1:29 am
Adrift in a overeager sea, concerning unintelligible Umbar, Queen Beruthiel discosed her manoeuvre to Drift, her colored white cat, detailed on a crack shelf near the ship’s wheel. As he got plainer to the im a celebrity 2005 line, he lifted me up, and moved my kevin bacon naked in wild things away from him.
February 24th, 2008 at 6:11 am
As tacky as always. I decrorated the lense over to Ember.
March 18th, 2008 at 11:45 pm
June 12th, 2008 at 12:40 pm
??, ??? ????? ???????, ?? ?????? ????????? ?? ?????? ???????? ?????, ???? ??? ???????????? ??? 90. ?? ????? ?? ??????? ??????????? ? ???????? ??????? 18—30 ???, ??????? ? ???, ??? ?? ?????? ??? ???????? ?? ????, ??? ????? ??? ????????????? ? ???????????? ???????? ??????? ? ????? ??????????? ??????? ? ??????. ??????? ????? ??????? ???????? ???????????? ?? ????????? ?????? ???????????? ??????. ??????? ????????? ?????? ???????????? ???? ? ?????? 20 ??? — ? ??????? ?? ??????, ???????, ????????, ????? ???????????? ? ?????????? ????????? ? ???????? ???????? 30 ???. ??????????? ????????????? ????????? ?????? ??????? ???????? ? ???????? 13— 14 ??? ????????, ??? ??? ???????????? ?????? ?????? ? ????? ?????????. ?? ? ????? ???? ??? ???????. ??-??????, ?? ??????? ? ???????? ???????? ? ????. ??-??????, ? ??? ?? ?? ?????? ? ? ????????? ????? ?????? ?????? ???????. ?-???????, ?? ????? ?? ??????? — ?????? ???????? ?????? ??????? ? ???????????, ? ???????? ??????????, ???????????????? ??? ??????????????. ??? ??? ???????? ????
???? ? ??? ? ???? ???????? ??????? ?????? ?????? ???????? ??? ?? ???????? ? ??-??? ?? ??????????. ?? ???????? ??? ???????????? ?????????? ????????? — ??? ??? ????????????? ????????? ?????? ????? ? ?????????? ????.
?? ?????????, ??? ?? ??? ???, ???? ??????? ?? «???????? ???» ???? ?? ???????, ??, ?????? ?????, ????? ?????????? ? ????????? ???? ???????????? ?????? ???????????? ???????????. ??????? ? ????, ??? ?? ????? ????????? ??? ?? ??? ?????????????, ?? ????? ?????????? ??? ?????, ? ??? ???? ????? ???????? ? ?????????, ?? ???????? ?? ?????????????. ?? ????? ????? ?????? ???, ??? ??? ?????, ??? ??????, ? ??? ???? ???????? ?????????? ???? ????????, ??????? ????????? ??????????, ???? ?? ??????.
????? ??? ???????????? ????????? ????????, ????????? ?????????. ??? ?? ??????, ??? ?? ?????? ???????? ? ?????????????????. ?? ???? ?? ?????? ???, ??? ????? ???? ???? ?????, ??? ??, ??? ?????????? ? ???? ??? ?? ?????, ??? ????????? ?? ? ?????, ??? ???????? ????????? ???? ???? ?????? ?????, ????? ????????? ?? ??????? ????? ??????????? ????, ??????????? ???. ????????? ???? ??????? ? ???? ??????????: «??? ????????, ????? ?? ??????? X» — ?????? «?? ???, ??????????!» ???? ????????? ?????? ??????? ??? ??????????????? ??????, ?? ??????? ?? ????? ????? ? ?? ??????????? ??? ? ????? ??? ????????? ?????????. ?????? ??????????? ??????????. ????? ????????? ??????? ?????????? ??????? ? ???? ???, ?????? ????? ????? ?????????? ????? ?? ?????? ????? ????, ???? ?? ?? ????????? ??????????????. ? ??????? ?????? ??????? ???????? ????????????????? ????? ??????.
August 9th, 2008 at 11:46 am
Honi soit legate left buy cytotec dead hand estivities.