[ANN] flatulent-0.0.2 - ajax gets stinky

A

ara.t.howard

NAME

flatulent : CAPTCHA for FIGLET.

SYNOPSIS

the flatulent gem provides brain dead simple to use, but
internally cunning,
ascii art captcha for ruby.

URI

http://codeforpeople.com/lib/ruby
http://rubyforge.org/projects/codeforpeople

HOW DO I GET FLATULENT?

gem install flatulent

HISTORY

0.0.2

- ajax gets stinky: Flatulent.ajax! the result of this new
addition is
that the captcha itself doesn't appear in the source file at all

- blowfish encoding for timebomb and captcha fields

- auto server key configuration using hostname and mac address

- improved noise algorithm

- improved character placement (chars shared edges to make
ocr'ing harder)

0.0.1

- initial version

RAILS EXAMPLES

REGULAR METHOD (LESS SECURE):

def controller_action
if params.has_key? 'flatulent'
Flatulent.validate! params
end

render :inline => <<-html
<html><body>
#{ Flatulent.form }
</body></html>
html
end

AJAX METHOD (MORE SECURE):

def controller_action
if params.has_key? 'flatulent'
Flatulent.validate! params
end

render :inline => <<-html
<html>
<head> <%= javascript_include_tag 'prototype' %> </head>
<body>
<form action='./' method='post'>
<%= Flatulent.ajax %>
<input type='submit' name='submit' value='submit' />
</form>
</body>
</html>
html
end

DOCS

see source in ./lib/*
see the example rails project in ./rails

ONLINE SAMPLES

http://drawohara.tumblr.com/post/4944987

ONLINE DEMO OF AJAX METHOD

http://fortytwo.merseine.nu:3000/flatulent/ajax -- try to break it!



enjoy.

-a
 
C

Chris Carter

NAME

flatulent : CAPTCHA for FIGLET.

ONLINE DEMO OF AJAX METHOD

http://fortytwo.merseine.nu:3000/flatulent/ajax -- try to break it!

Ara, if you try to answer in caps (as it is presented) it will fail,
this seems kinda wacky, seeing as most _users_ I know will try to
answer in the same case as it is presented. Perhaps it should be
case-insensitive, or you could branch out and do lowercase letters
too.
 
J

John Joyce

Ara, if you try to answer in caps (as it is presented) it will fail,
this seems kinda wacky, seeing as most _users_ I know will try to
answer in the same case as it is presented. Perhaps it should be
case-insensitive, or you could branch out and do lowercase letters
too.
case sensitive would be sweet!
 
A

ara.t.howard

Ara, if you try to answer in caps (as it is presented) it will fail,
this seems kinda wacky, seeing as most _users_ I know will try to
answer in the same case as it is presented. Perhaps it should be
case-insensitive, or you could branch out and do lowercase letters
too.


a bug!

thanks - i'll fix

fyi. it's supposed to be be both case insensitive and counts o O and
0 as the same char as they look the same in figlet.

cheers.


-a
 
P

Peña, Botp

From: ara.t.howard [mailto:[email protected]]=20
# On Jul 4, 2007, at 7:03 PM, John Joyce wrote:
# > case sensitive would be sweet!
# you think? better than insensitive? it's easy to do of course...

practically case sensitive but the ff

0=3D=3Do=3D=3DO (zero and oh's)
l=3D=3Dl (one and el)
2=3D=3Dz=3D=3DZ (two and z's)
5=3D=3Ds=3D=3DS (5 and s's)

kind regards -botp
 
A

ara.t.howard

practically case sensitive but the ff

0=3D=3Do=3D=3DO (zero and oh's)
l=3D=3Dl (one and el)
2=3D=3Dz=3D=3DZ (two and z's)
5=3D=3Ds=3D=3DS (5 and s's)

done!

version 0.0.3 out soon... MUCH harder for bots.

-a
 
J

John Joyce

There's probably a reason why this isn't used, but, I couldn't help
but ask.

Instead of asking the user to 'Enter what you see', why don't the
questions
vary?

I.e.,
- enter ONLY the letters [A-Z] you see
- enter every other character
- enter the text backwards
- enter only numbers
- enter the number of times 'A' has occurred
- enter the number of vowels
- enter the RED letters only (assuming there was color in each
character)

My assumption is that this wouldn't be user friendly? --It would
definitely
add to the complexity of cracking I would think..
these kinds of questions are a little to simple and logical. It
needs to be more wordy!
also, colors tend to be trouble for accessiblity issues. Some people
are color blind.
longer phrases or even a question itself as the captcha are better.
If the question is a captcha and the answer is a word that any human
could answer, even if it means doing a quick google for the answer,
it would be better. Machines can't get that stuff.
question:
(as a captcha)
What is Michael Jackson's brother's last name?

or

If you had 3 hands, how many thumbs would you have?
 
T

Todd Benson

There's probably a reason why this isn't used, but, I couldn't help but ask.

Instead of asking the user to 'Enter what you see', why don't the questions
vary?

Okay (says I rubbing hands gleefully :). I'm nitpicking and with all
of these you can simply say, well that person shouldn't be using a
computer/be on the internet/speak my language/etc.
I.e.,
- enter ONLY the letters [A-Z] you see
My grandfather, being the math guy he is, sees A minus Z with that and
would probably spend more than the allotted seconds trying to see
through that (of course, he could just wait for the next question)
- enter every other character
Starting with the first? In order? The ascii characters or the
'realized' ones? (I keep thinking of the little play of form and
contour in some art)
- enter the text backwards
- enter only numbers
Depending on context I and V and X could be numbers
- enter the number of times 'A' has occurred
Right-side up or upside-down ... sideways?
- enter the number of vowels
I can't remember if Y is a vowel ...
- enter the RED letters only (assuming there was color in each character)
I'm color blind!
My assumption is that this wouldn't be user friendly? --It would definitely
add to the complexity of cracking I would think..

It's clear there will continue to exist a give and take with security
vs. usability. We could make all of the captcha's riddles like Gollum
holding on to his precious ring :) What keeps going on in my head is
what truly determines whether the 'thing' on the other line is a
machine or not. I see suggestions to use things like tradition,
commonplace, language, acceptable behavior to decide that. Hey, if
that works for your client base, go for it!

So far, I really like Ara's solution because of how simple (on the
outside) and relatively effective it is.

Todd
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top