login
Search
After this comment about Jeremy's spam module for this site i think, i have context to post some ideas about simple non-CPU, bandwidth sucking, non GUI means of fighting cheap, non-human spam. I'm stupid text-mode guy, thus: * CSS obscurity (non-)captcha like for web * To, In-reply-to, From, Message-id for SMTP/e-mail. + CSS: basic idea is in the comment above. More means to alternate the view: * alternating of the color: exact matching is not needed, small delta can be used to have similar-looking symbols; same delta to have symbols to nearly match background, gradients, invent your own it's simple, etc. hide: fgcolor = bgcolor +/- small_delta show: fgcolor = bgcolor +/- big_delta * alternating visibility by enabling/disabling, media format, layers, coordinates, etc. (but `lynx`-friendly versions are more appreciated) * asking to locate one-color symbols all-over web page -- ouu! it's like game already :) + SMTP/e-mail: * check To header to be valid person name or list name/abbr. This is problem of personal order and culture. I.e. personal e-mail are very rarely sent from other than address-book e-mail, thus name *must* be there! It's stupidly effective -- No thousands of spam message daily for my professor! I.e. all To: spam_here_please@example.upol.cz To: spam_here_please <spam_here_please@example.upol.cz> are gone in one blow. If you have personified spam or buggy subscriptions with spammy To, then you can fix it manually. As for mailing lists: this barrier is too easy to overcome. * "In-reply-to". Header is RFC2822-requirement in replies. So, if say, LKML is development-mostly list with replies/start-thread messages ratio very big, or even huge, then to demand a ticket for starting a thread isn't a big problem. Thus, include ticket in your `quilt`/`git`-generated patch-bomb, and job is done. Message from individuals must have ticket on they own. So, what is this "magic ticket"? This is a message-id generated by list-master to include in in-reply-to header. Simply: this is a message you receive on request to post a thread-start (i.e. one which originally without in-reply-to header). i-want-a-thread-start-ticket > list-master list-master > here: $message-id my-new-thread-in-lkml(in-reply-to: $message-id) > LKML (for `quilt`/`git` one can book as much tickets as needed) Checking for valid message-id: * optimised: just find ticket in References * full: scan for valid (message-ids non marked as spam) thread chain in headrs. NNTP server is quite fast at this. Gmane handle all (i mean "high volume" LKML is one of hundreds) mailing list available with ordinary inn2. This is more complicated, but still very easy to overcome if known, thus this is additional barrier for MLs. Spamming of ticket-booking is smart and brainy spam, thus can be identified and black-listed. Spamming of threads, like debian bug tracking system is also easy, because all messages are available on-line, no subscription is needed. Again, this is brainy stuff. Who is responsible for global warming? He-he, morons! I think this are means to have less hot CPU on spam processing. -- sed 'sed && sh + olecom = love' << '' -o--=O`C #oo'L O <___=E M
On May 3,
On May 3, 1978...
http://en.wikipedia.org/wiki/Gary_Thuerk
i've almost got the date :)
OK, practice. Simple Small Example (not Intel here :)
If commonly-accepted way isn't suitable.
I don't like captcha also, even just proposed simple CSS-based one. It makes you feel like a dumb.
Anyway there's infinite number of other options using CSS:
* disable
* hide (by other visible elements or 'overflow:hide')
* collapse (size is small or zero)
* fade away (hide with color)
multiplied by number of tag combinations and nesting/cascading.
Current style as i've just saw is already quite unreadable for human and seems like being generated.
So, play with random disabling/hiding of multiple [Post Comment] buttons, having only one correct one, which will be a key to unlock spam guard. This is browser-only feature now, but CSS can be constructed in a very twisted way.
All other means, like [spam] button are later stages of fight, if someone will employ humans or instrumented web-browser :)
____
obscurity of [Post comment] buttons with CSS
After preview we have
[Post comment]button.Let's make 3x3 matrix of such buttons (<input> tags in html):
Without sophisticated rules with checking of values in properties (this is not working in IE), simple hiding:
/* rows */ #submit0, #submit2 { display: none} /* or */ #submit0 { overflow:hide; width:1px; height: 0} #submit2 { background-color: white!important; color: #FFFEFC!important} /* elements */ #submit0 .c0, .c1, c2 { overflow:hide; width:0; height: 0} /* disable all, enable one logic */ #sss * {display: none} #submit0 #b00, #b01 {display: none} #submit0, #b02 {display: block} /* #submitX, #bXi, #bXj, #bXk are randomly selected so, (i || j || k) is visible */http://www.w3.org/TR/css3-selectors/
shuffle this with standard styles, like it is now in one big file, or apply with style="". Apply more tags in between with different/changing styles, and view can be seen only by fully implemented CSS+screen=>view engine.
How to remember session key without cookies and disclosing information is up to designer.
Of course this must be a front-end to pass valid posts down to filters. In case of brute-force, this can be front-end to learn filters. The more input phony tags, the better. Anyway i think this can be productive (and measured experimentally).
Also CSS validation can be performed for whole kerneltrap.org (for some reason there are errors)
____
re: OK, practice. Simple Small Example (not Intel here :)
* css-hidden or officially for-spam (valid after at least one preview) [post] button on first page.
* many official other button semi-useful, but for spam "post" buttons
* i wonder if spam bots handle nesting of tags or html comments, thus more noise can be intruduced. input tags can be hidden by simple script/ tags or others.
they have very easy life without any random for-spam buttons CSS-ed away visually or not, around "official" ones even on preview stage. Latter is good place to catch spam early.
why it is such a problem? php, OOP, API problems? This can be done by `sed` *easily*, because this is a plain text, theme of all my blog rant here! Give me hidden CSS combination and i will insert <input> after tag!!!
____
this is real fun!
http://kerneltrap.org/node/14961#comment-302773
alright!
alright!