The captcha is a 3rd part widget made by google that has a lot of logic behind it. One of the main purposes of it, is that a crawler can't click it. It has to be actually clicked for it to register, and the developer can see if the user has been authenticated when the submit button is clicked.
Because it's in an iFrame it makes it more difficult for bots (and web developers) to trigger the clicking of the div that contains the checkbox due to the same-origin policy present in all major browsers. This stops developers like me from having my submit button trigger the captcha. My option is to check to see if the captcha has been verified yet, but I can't trigger an automatic captcha. Which is a good thing, if I can do it, then so could a bot visiting my site.
Presumably, google could create a captcha that is just a button, and that could trigger a submit on the actual page. But that would get confusing for the user. Styling would be an issue. As well as the times when a more traditional captcha is required.
Look at the following captcha demo page.
Now, look at it in incognito mode, and verify that you are human.
You'll notice a different type of interaction that really doesn't lend itself to a button click. This is also in addition to being accessible to people with visual disabilities. Which is beyond the scope of a button with a single click action.
No way. While this is cute and very easy, when you input reCAPTCHAs you are helping to digitize books. I think that's one of the most innovative and awesome ideas ever. Luis von Ahn's TED talk about ReCAPTCHA and Duolingo is really cool.
> Edit: I'd like to add that IIRC they are also both non-profit organizations which is doubly cool.
recaptcha knows one of those words, the other one it doesn't. If you get the one it knows, you're good. If a bunch of people say the same thing about the other, it suddenly "knows" that word. Because there's no way to know which word it knows and which word it doesn't (theoretically... if you're a bot...) you only need to get that one correct.
The practical outcome of this is that recaptcha has, somewhere in its brain, stored "CHINGCHONG" as the meaning of the ideogram. Should an unknown number of people type exactly "CHINGCHONG" when it comes up with it again, recaptcha will know that this ideogram means "CHINGCHONG." If, on the other hand, a whole bunch of people say "give me another" it'll know that that particular ideogram is not legible.
Im going to say out right I have never used ESEA but I'm glad I haven't. Some people seem to be playing this down for some reason but there are some good points made.
Flaw 1
This is is html forms 101. I find it amazing that they haven't used a simple password type but feel the need to use the new implementation of reCaptcha.
Flaw 2
There is no excuse for any website not to be using HTTPS/SSL especially one of this magnitude. The cost to do this would be like water of a duck's back.
Flaw 3
Like OP says it doesn't necessarily mean they are storing them as plain text in the database but this isn't acceptable.
Flaw 4
This could be worse (you could get your password sent by email proving their database doesn't make any attempt to obscure your actual password) but it could be better...
I have never looked into the steam api so I am making assumptions going off other other major social websites (Facebook, Google+ etc). Surely it is redundant to have their users create new accounts when they can authorise users via steam and have the authentication system purely based upon signing up and logging in via steam resolving a lot of these flaws since the steam account will have to be compomised to gain access and ESEA never receive the users' steam credentials just tokens.
Flaw 5
Giving the option of 2-Step verification would a step in the right direction if the above isn't utilised.
It is extremely negligent that a organisation of this scale would have such a backwards way of doing things.
In a way, you are already doing that by logging in to some websites with captchas from google recaptcha :) . Currently digitizing old New York Times editions.
Hey I would delete that and send it by private message. Or at the very least use this (If you are not concerned about privacy etc).
EDIT: Awesome painting btw!!
Wow. I love that idea. Mind if I make it a map when I get home? Will delivar
~~Edit: Reply to this if you want a PM on release.~~ Dear god! My poor inbox! Here is the link. It is in a VERY early trial phase, so feel free to try it out, mess with it, and report any issues or suggestions back to me by email.
There seems to be a lot of confusion about these CAPTCHAs in this thread. This type is called reCAPTCHA, and it helps to digitize scanned books. There's a detailed explanation on their site, but basically, the first word is a known word which is used to filter out spambots. The second word is a scanned word that OCR software can't decipher. In some cases, the OCR will interpret two closely-spaced words as a single word, or find something that isn't a word. That's where the impossible to decipher second word comes from. However, if it can be typed normally (in this case, Homink(Hi
is what I see), that is what you should type in. By finding obscure Unicode characters, you're actually hindering the process because you're probably the only person who will bother to find those characters, which will make your answer seem incorrect as it does not match all the other answers that are typed.
tl;dr: Type in what you think was actually there originally and don't try to replicate spacing errors introduced by the OCR.
That's Google recaptcha.
> reCAPTCHA doesn’t depend solely on text distortions to separate man from machines. Rather it uses advanced risk analysis techniques, considering the user’s entire engagement with the CAPTCHA, and evaluates a broad range of cues that distinguish humans from bots.
It looks simple but it actually does a lot of checks to keep bots away. The reality is, most bots are not moving the mouse at all, they are using things like Steam's official API or reverse engineering the chat protocols. They manage the data directly, they don't actually move the mouse or click anything. Things like tracking mouse movement are actually a decent way to make sure someone really is human, although Google is vague on how exactly reCaptcha works.
You should probably explain what recaptcha is. When you have have to spell out two, words one of them is randomly generated by a computer (and is the real method to deter bots) while the other one is a word that the computer couldn't figure out that was scanned from a book. Google is going nuts scanning and digitizing books and there's a lot of words that it can't figure out. So what Google does is force users to enter what the word is, and with enough people doing it they can get a very good idea of what it should be.
I'm not saying it's not for a good cause but don't downvote phisigkap, he's absolutely right.
If people didn't know what it's used for typically - reCAPTCHA is the human-verification tool developed by Google that presents two keywords: one the system knows, one it doesn't. By typing both of the words, your answer is added to a database for the unknown word, and this is used to transcribe scanned books from the Google collection into digital form.
Now they're using the same method to read street signs and address numbers for map accuracy. More info here: http://www.google.com/recaptcha/learnmore
reCaptcha always has two words, one is known and the other one isn't. If you get the known word right it assumes that your solution to the other one is correct as well.
They verify this by prompting the same unknown word to several people, but never twice to the same person.
See here for more information.
>I honestly don't give the slightest fuck when a bored useless script kiddie says he's going to break something that is advertised as breakable in the FAQ. Really :) Let the kid have his 2 minutes of illusion of fame, then he'll fall into oblivion again and go back to online porn.
Lets start off very simply: Bad things happen to you because you're a dumbass.
You're a dumbass because you throw around the SK word, without even knowing anything about me. Really? I'm an SK? SKs write custom software can can actually look at the source code and can figure out how to exploit it under 20 minutes? That's what an SK is? Because I had an entirely different understanding... you know, the classical interpretation of a script kiddy: a kid that uses a script and has no knowledge of hacking. But whatever, go ahead and think you know how to use that word.
You're a dumbass because you think security through obscurity (which has been proven ENDLESS times to be retarded) is secure. Perhaps if you spent a bit of time trying to understand security... you know, researching, reading books (for example, Schneier's Beyond Fear, which has a whole section on this stupidity).
You're a dumbass because you don't understand why people made reCaptcha, and still use it while full-well knowing they can hire bulgarians to crank out a thousand for a few bucks.
You're a dumbass because reCaptcha already protects emails
You're a dumbass because you advertise all over your site that emails are "protected," proceed to accept they aren't, then feel justified because you make a minor point about it in the FAQ.
One fun thing I recently learned about reCAPTCHAs, a specific brand of CAPTCHA that uses two words for verification, is that only the first word is used to tell you apart from a computer. The second word in the sequence is a word that was not correctly scanned by OCR (Optical Character Recognition) Software in the process of digitizing books and newspapers.
They do this based on the assumption that if you got the first word right, you're most likely human and can help decipher the 2nd word that the OCR software couldn't.
Read more about it on http://www.google.com/recaptcha/learnmore
I thought this was pretty cool so I decided to share.
Recaptcha is a company that uses old digitized books for it's captchas so when you're answering it, you're helping to OCR old books that standard software can't handle.
http://www.google.com/recaptcha/learnmore
"Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct."
> I've legitimately always thought that, but never had proof.
Google has always had it on the front page of the reCAPTCHA website.
https://google.com/recaptcha
It's in the sliding panel at the very bottom (third panel). It used to be way more in the open but when v3 released they redesigned the page and moved it there.
The original version of reCAPTCHA was for helping digitize old books/texts that OCR couldn't read.
2010 reCAPTCHA page
I read on the reCaptcha site recently that if there is a failed attempt from a certain user's IP that the next challenge will have a more distorted word. If there are multiple failures, it will resort to displaying two "known" words, that is two words that reCaptcha already has solved.
I'd imagine they have the same system set up for API keys/domains that tend to send a lot of failed attempts, so 4chan is more likely to send you gibberish.
Questions are being accepted through next Tuesday. Your question may be combined with another similar question and I may not be able to ask every single question out of respect for Dr White's time. Questions are being accepted by email. I will also scan this discussion and try to pick out good questions.
It is pretty impressive data mining that I guess google has the depths to plunge more than anybody else. I wonder how different it would need to be to pass the Turing Test, probably not relevant at all, but it seems to be about grasping context, and identifying that our communications are, in practice, not as infinite as we presume.
Practising linguists do seem to be getting fucked by a great many technological advances - save the select few involved in creating said advances. The reCaptcha projects still amazes me, especially that it is more accurate than traditional way.
With recaptcha you only have to type the word that looks doubled (a copy of the word superimposed on top of itself). The other word is unknown to google.
You poor mistreated redditor! Why don't you find a subreddit where you'll be treated with respect, whare upvotes are not only plentiful, but also more meaningful? If it's because you haven't found such a place, don't worry, help is at hand! come to Lord Inglip's Subreddit, it's a place where you can make a special kind of rage comic where you interpret captcha messages as the words of a dark god named Inglip.
While /r/inglip may be smaller than /r/FFFFFFFUUUUUUUUUUUU, it is quite common for comics to reach 100+ karma, and if they do you can add them to a special wiki and they will be considered to be a canon part of the Inglip universe for future generations to enjoy! So come along, don your red cloak, and become a Gropaga, a follower of The Dectrip Faith!
This. C_o_I, you shouldn't be encouraging the use of the reCaptchas just as images -- half the point of all this is that filling in all those reCaptchas is a (small) service to humanity. (And, of course, it is Inglip's Will, As Written In The Gospel Of The Sidebar -->)
reCaptcha does this thing where it puts in words that its OCR cannot read right next to a word that is already know. You can type in anything you want for the word that reCaptcha does not know about, and as long as the known word is correct, the captcha will allow it.
Example: For this I can type "drgnkdjfbnkfjd lieotel", and it would accept it.
I would recommend that you give your best effort at typing out the OCR word because those are scanned right out of open-source books which are being translated into digital text.
reCAPTCHAs? Do you speak of the word of our most glorious and omniscient Lord Inglip? If you wish to seek His almighty guidance, you must enter at the holy altar and surrender yourself to His mercy.
Inglip be praised!
Actually, captchas are pretty freaking cool. Most are actually being used to digitize old manuscripts and books that have been scanned in but are illegible. Read about it here
Pain in the ass? Yes, sometimes. Kind of awesome way to digitize the world's knowledge? You bet your ass.
Its like recaptcha http://www.google.com/recaptcha with the excuse that it protects spam actually you are use as an NI (natural intelligence) OCR(optical character recognition) machine.
My bet is that they know for a while that they cannot have AI but they can really use it in order to cash more intelligence they use it as a bait.
Think about smartphones there is nothing smart about them but the fact that a lot of people work on them because even more give a lot of money(symbol for value and energy) in order to see artificial intelligence, which in reality is just captured human intelligence, is like in fairy-tales where the Evil captures intelligence,beauty in some cristals or something...
Maybe we are all mechanical turks in order to fool some people to give their resources to something that seems creative, intelligent and real but is it not. see: http://en.wikipedia.org/wiki/Amazon_Mechanical_Turk http://en.wikipedia.org/wiki/The_Turk
There's a reason why tesseract got 0% on the reCAPTCHA test. Tesseract is google's OCR engine that they use for scanning books, and recaptcha is based on what tesseract can't read in the first place.
Still, I like the app. I think distributing it far and wide is a good way to get sites to increase the difficulty of captchas or maybe implement something else.
There is no "fake" one, the system is trying to decode new scanned words. The one you think is "fake" becomes "real" to someone else. I suggest you read how recaptcha works before attempting to correct me:
http://www.google.com/recaptcha/learnmore
"Wut" indeed.
That's your take on it. Re-Captcha is a unique way to crowd-source text digitization. This puts it far and above any "pin the tail on the donkey" gimmick out there in my book.
The idea is to identify unknown words in scanned books.
It's assumed that the user will enter both the known word and the unknown word correctly, providing RC with the correct scanned word.
Some of the CAPTCHAs that provide you with two words actually only check against the first word, and the second word is what is being digitized (or vice versa).
reCAPTCHA
the way reCAPTCHAs work is that they know what one of the words is, and the other they are trying to verify. This is because they are all portions of scanned books, so when enough people verify the same word, you have actually helped to digitize a book. http://www.google.com/recaptcha
If you email me your order info, just date and AHA member number should work, I'd be happy to get with my contact at the AHA and try to get you that book.
I'm not sure how it works technically - perhaps the computer can only make out some but not all of the word, and you the human only need to be able to verify a few letters? It's made by google and they talk about it here - it seems like they don't just do it with books, but also map building and machine learning too
A bit late here so I'm just hijacking a thread.
Have you seen the new ReCAPTCHA from Google that they're starting to roll out soon? http://www.google.com/recaptcha/api2/demo
It's essentially a "I'm not a robot" checkbox, and it then does something behind the scenes to figure out if you're a bot or not. If it fails it falls back to the old style ReCAPTCHA. Try it both in normal browsing and in private browsing, you should notice some differences.
Regarding the FunCaptcha, it takes long time to load, I have to wait for animations, then do some little mini-game. Reminds me of the old Macromedia banners where you had to punch a monkey to win 10 000 dollars.
I'll give in and admit, it's a nifty little captcha in an of itself that's really cool for the theme of the site. And yes, it's working for the site for now.
If anyone actually wanted to circumvent it, it'd be rather trivial to do so. It's significantly less secure than classical "enter the characters shown" captcha's we're all used to.
OCR is hard. Which is why Recaptcha exists in the first place. Because software meant to digitize text was unable to do so with a reliable amount of certainty.
Non-obfuscated addresses, either in text or in mailto: links, will be huge spam magnets. You still need spam filters, and addresses might make it into the wild without your help, but I think it's crazy to intentionally offer up addresses for the scrapers.
You're right about the images' being non-accessible. You have to decide whether this is ok (or even legal) for you. I think the accessibility question is pretty much the same for the various CSS hacks as well.
Another way to look at this is that you only want humans, not bots, to be able to see addresses. This points to CAPTCHAs as an answer. Many CAPTCHA engines offer accessible options, e.g. reCAPTCHA. I think outsourcing your human/bot detection to a reputable CAPTCHA service like reCAPTCHA makes the most sense, since then you're not fighting the scraper/obfuscator arms race yourself.
The obfuscated address + JS decoder solutions are sort of a poor man's CAPTCHA (with the advantage of being transparent to most users): At the moment, it seems that most scrapers run HTTP user agents which don't interpret JavaScript, so you can use this as a way to filter them out.
However, more advanced scrapers are beginning to run JS because so much web content is now FE heavy/single page app stuff. I doubt spammers are running these advanced scrapers yet, but Google is, and if Google executes your JS and indexes the previously hidden email address, the spammers may be able to pull it from Google's cached copies of your pages.
Finally, lots of people hate them, but the most secure solution would be to use a dedicated email form that doesn't expose the recipient address at all.
There's also this: http://techblog.tilllate.com/2008/07/20/ten-methods-to-obfuscate-e-mail-addresses-compared/
Little did you know that Captcha actually serves a greater purpose than just security - those little blurbs you type in are actually helping to digitize historic texts. That is if reddit is using reCaptcha. Source
Of course it did. Re-Captcha only knows what one of the words is. You could type whatever the fuck you wanted for the second one and it would accept it. Of course, you're not helping the book archiving community by doing this, so it's best to enter both words properly.
Maybe that's how it worked in 2008 or how it was originally intended to work, but go look at a few reCAPTCHA's and I'm sure you agree that one of them is always generated with these properties:
If the control word was drawn from the set of correctly recognized 'real' words then there should not be a word with these properties all the time.
I'll concede that it is possible that they sometimes use 'real' words as control words, but I don't recall ever seeing them; so this certainly doesn't seem to be the normal mode of operation.
Wow, downvoted for pointing out easily-verifiable facts. Lovely.
There are several methods, but none of them are perfect.
First, there's the old classic: CAPTCHA. As long as you're using a decent service, this is probably the most effective solution. Unfortunately, it will also dissuade a decent chunk of legitimate users.
Second is the "blank field trick" you mention, usually called a Honeypot. There's also a variant of this where you add a required hidden field via Javascript after the page has loaded. Both versions work by assuming bots only read the HTML whereas browsers (and therefore humans) parse the CSS and JS as well. This is generally a pretty safe assumption, but may create accessibility issues for users who need screen readers, text-only browsers, etc.
Next, you can add a one-time token to your forms. Generate a random token on your server, store it server-side, and add it in a hidden field. Once a request comes in with that token, mark it used (or just delete it) and then reject any submissions that don't contain an unused token. This will force bots to rescrape your page every time they want to spam you, which most don't bother to do.
Finally, my personal favorite is Timestamp Analysis. Add the pageload time in a hidden field (or better yet store it server-side correlated with your one-time token), then compare that to the submission time. Bots that do scrape the page once per submission will tend to submit almost instantaneously, whereas humans will take at a minimum 5 to 10 seconds to find and fill out your form. If the time difference is too small, assume it's a bot and reject it.
http://www33.zippyshare.com/v/95666174/file.html
Since this won't stay forever, here again the principle:
[html] [table] [tr][td] [iframe src="http:||www.google.com|recaptcha|demo|" height='82' width='320' frameborder="0" scrolling="no"][|iframe] [|td][td] [iframe src="http:||www.google.com|recaptcha|demo|" height='82' width='320' frameborder="0" scrolling="no"][|iframe] [|td][td]
Make the obvious replacements and add more iframes to your hearts content (adapted to your monitor size).
It is indeed. Google promotes recaptcha: http://www.google.com/recaptcha
It transcodes books for Google Books and for some time now numbers for Maps. I have seen numbers on it for quite some time now.
That's how recaptcha works.
One of the words is verification. The other is a word that you are translating for fringe cases of google books scans. More info here.
Hello Gropagas,
I propose a contest. Some independent referee provides a screenshot with 9 captchas. (9 is a random number but the maximum of captchas that fit on a normal resolution screen using tabellated copies of a standard captcha code <iframe src=http://www.google.com/recaptcha/demo/" height='220' width='345' frameborder="0"></iframe>.) They should not be too crappy. Brilliant they won't be anyway. :-) Any contender (especially those who constantly bitch about my entries :-) will make an Inglip comic using only these captchas and post it to the same thread (not this, we make an extra one). Then we vote on the winner. (The details, e.g. how much time we get, are not written in lava, I'll accept any reasonable values.)
So, who bites?
There is a certain type of Captcha that assists an OCR system with digitizing difficult passages in books. It puts a word from the garbled text next to a word it knows. If enough people get the garbled word correct, it allows the word to pass.
It's nothing to be ashamed of, some of my best friends are robots.
When you visit this site, is there a captcha on the top of the page?
How about in Incognito mode?
Can you see all other images just fine?
Do you have access to another computer that you could try on the same network to ensure it's not some sort of firewall issue?
You'll need to get started over at reCAPTCHA. A tutorial on how to use this with PHP is right here.
Will you please STFU.
https://s3.amazonaws.com/reddit_godra/recaptcha.mov
Here is the page I used:
http://www.google.com/recaptcha/learnmore
*The first few I did the "easy word" correctly and every time it says "incorrect", later on in the video I did the "hard word" correctly and it returns "correct" every time.
CAPTCHA's (Completely Automated Public Turing Test To Tell Computers and Humans Apart) help prevent people from using bots to make accounts really quickly. For instance, without CAPTCHA, someone can generate 1000's of reddit accounts which can then upvote some blatant advertisement/post to the top of the front page.
The more complex they look, the harder it is for a computer to decrypt the message. Basically the human brain is powerful enough to decipher all the noise and figure out what the words are. They are purposely designed to throw off computers.
On another note, Google is doing something neat with some of their captchas. They get them from old newspapers/magazines/publications and use the results to reconstruct the book. You can read more about it here. Sometimes when you have a .pdf file, have you ever noticed that you can highlight the text and so forth, but sometimes you can't (sometimes when you scan in the document)? This is because the computer can't figure out what the words are. Google is trying to be able to scan in old books and reconstruct them into ascii text by matching similar scanned patterns with human inputs.
Pro-tip:
You're looking at a reCAPTCHA captcha.
reCAPTCHA is owned by google, and helps digitize print books. Google scans in books and the computer digitizes the words it can read. But the computer can't recognize every word, so it sends the ones it cant' to you. Thats why you get two words.
Every Re-Captcha is made up of two words. One which the computer knows (it's often skewed and stretched), and another which it doesn't (google is using you to read and convert the word, so it can use it in a digitized book).
TL;DR: You only have to get one of the words in a reCAPTCHA correct. The function that caught you off guard? You didn't have to get it correct.
recaptcha gets its words from books that Google is trying to digitize. The words it shows are ones that Google's computers can't make sense of on their own- it's only natural that a few language slip-ups will happen now and then.
They are all scanned copies of words. One word was recognized by the scanner, the other was not. You are only required to get the recognized word correct. They use the other guesses to improve their OCR software. You're helping to digitize books.
> Other than these end-user-supplied solutions, any data collected from the sites that use reCAPTCHA will be used only to provide, maintain, protect, and improve reCAPTCHA and other Google anti-spam services. We log information related to reCAPTCHA, such as the Internet Protocol address of the end-user, an identifier for the implementing site, the URL of the site accessed, the CAPTCHA solution, the result of the CAPTCHA grading, the date and time of requests, and one or more cookies that may uniquely identify the end-user browser. In our logs, we will delete any information that identifies the individual URLs within the implementing site within 30 days of the event logged.
I think it's more of a "mistake" for the scanner rather than a "made-up" word. You know, some books and literature have tiny fonts or are damaged (like old books) causing the program to read the words wrong thus we get weird words.
Also they seem to be scanning foreign literature as well. A number of words I've seen in some Inglip comics are actual words but not in English but in another language that uses the alphabets we are familiar with.
Ever wonder why the recaptcha recognizes letters? It's not due to some complex letter detection program. No, it's not that perfect. It gets its answers from user input.
Read this from the reCaptcha website itself.
>But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.
Also the origin of the words being scanned is why strange images get through the captcha. Again the program is not perfect to recognize letters accurately. As for now, only a human eye and brain can recognize these. That's why you won't see something like this often.
I've also checked it is shooped and it seems legit. I could be wrong though and this user might be skilled at Photoshop.
while that is a very simple example, and will work, i would recommend at least using captcha (recaptcha is a good one), and probably a honeypot too, to avoid getting the ** spammed out of it.
You are helping digitize books when you "solve" the captcha. There are two words. One word is known, the other is not. When you supply the answer to the unknown word, it builds the OCR digital database to work in projects to digitize books.
Edit: Source
The only word that matters is the one that you can read. The other word is part of a program that helps digitize books, newspapers, and old time radio shows.
As a prophet of our Lord Inglip, woulst thou be willing to grant an unworthy soul an internship?
Edit: My understanding is that reCAPTCHA shows the same word-to-be-digitized to multiple people, in order to confirm that the digitization is correct and accurate; are multiple deformations of a scan offered to such a sample as to attempt to eliminate possible ambiguities, which could happen in words such as "yarn" (deformations could result in pam, yam, yern, etc)?
Also, is there a certain number of reCAPTCHAs required before a word is deemed to be accurately transcribed?
Finally: "Each new word that cannot be read correctly by OCR..." How often is OCR incorrect in realizing it is wrong in a transcription?
I understand that you not be able to answer some (perhaps all) of my questions due to strict NDAs, but referring back to my pre-edit, never has this CS major been more interested in reCAPTCHAs :)
For many years the dark lord waited in silence, yearning to conquer another universe. Called by his dark presence Captcha tunneled into his realm and allowed his words to reach us...two at a time. Those of us who have been called can visit the captcha and hear him speak to us, then, we must do his bidding. This Inglipnomicon will teach you all that we have learned of him so far, though certainly there are revelations that have not yet made it into publication. To see the stream of his followers revelations visit /r/inglip...Praise him and perhaps he shall gift you with much bablunt when the holy plunday comes.
http://www.google.com/recaptcha/learnmore reddit.com/r/inglip
This is saying that you must load recaptcha using HTTPS, for example:
<!-- Good --> <script src="https://www.google.com/recaptcha/api.js" async defer></script> <!-- Bad --> <script src="http://www.google.com/recaptcha/api.js" async defer></script>
It can be included on any page on your site, regardless of protocol
I'd recommend Google reCAPTCHA: http://www.google.com/recaptcha/intro/index.html to prevent bot spam.
Set "required" fields as-needed. This method simply asks the browser to make it required, but the browser doesn't have to comply. Most do, however.
To keep your users on a single page, you'll need to use jQuery and Ajax. Once the user submits the date, the form action page can do the input validation/cleaning/error checking and return the results. No errors? Email the user the confirmation and display a success message via a div. Form validation errors? Highlight the fields/display error message div(s).
There are many php/Ajax/jQuery tutorials out there, but here's one to get you started: http://blog.teamtreehouse.com/create-ajax-contact-form
Captcha is a dying thing, at least according to Google. I wonder how long it will take malicious bots/etc to work around a hassle that's really just gotten harder for real people over the years.
No one has mentioned it, but half is illegible for a reason. As long as you get the more legible word correct it will work.
> Answers to reCAPTCHA challenges are used to digitize textual documents. It's not easy, but through a sophisticated combination of multiple OCR programs, probabilistic language models, and most importantly the answers from millions of humans on the internet, reCAPTCHA is able to achieve over 99.5% transcription accuracy at the word level.
http://www.google.com/recaptcha/digitizing
Every since I learned this I just type what I see in one pass without thinking about it, works 99% of the time. This definitely should be better communicated though, especially when you've got devs and tech minded people complaining about it.
Captcha is a problem that has been solved already... why are you implementing your own solution rather than integrating an existing solution so that you can move on and solve problems that are more important to the business?
Look at it this way: how much revenue does your captcha solution generate for the business? $0. So spend as little time as possible on it and move on to more important things.
That's not Pottermore's fault. reCAPTCHA is a Google service, and there's a reason that you're allowed to switch the word. It's actually used to turn scans of books into digital copies by using everybody on the web checking and rechecking words that were scanned strangely.
Handy trick for those... The first part is scanned from a book, and the OCR-system did not make sense of it, so it's sent to a capatcha, the second word is the verify word in this case. (The most "deformed" word is always the real capatcha)...
So in this case you could have entered: SpungeBob tersail and it would still have been correct.
You can read more about recaptcha over at: http://www.google.com/recaptcha/learnmore
And, no this is not a WTF, there is a reason why you see those.
slightly wrong, one word is always generated, the other is from a text, take http://www.google.com/recaptcha/learnmore this captcha for example, you will have a consistent style for the known word, and an inconsistent style for the unknown word, the only way the known word could have a consistent style, is if the text was generated
(this obviously isn't talking about the source of the words themselves, but more the source of the images)
In fact for recaptcha you can type whatever you want for one of the two words. Only one of the words is actual verification, the other is a scan from a book that the computer was unable to convert. They are using you to crowd-source the conversion. After they show the word to enough people, they go with the most popular answer.
I'm fine with setting you up something for development and testing. I'd just prefer it not be used in production or directly involved in making money.
My AIM is PhatalEffect / GTalk is http://www.google.com/recaptcha/mailhide/d?k=01tEYyWHRQN33sYN_j-mpGqQ==&c=SKlsuVBsPndN4W0blp8pm7FPXtPSPtqC4zKjlZfJnnw=
Recaptcha, along with bot checking, is used to find out words computers cannot OCR.
Basically a known word and an unknown word will be displayed to you.
If you get the known word right, it matters little what the unknown word is, you will still pass the captcha.
As enough people enter the unknown word, the system can start to give a confidence rating to it and eventually it will become a known word also, that can then be used along with a new unknown word.
They use it to digitise books. http://www.google.com/recaptcha/learnmore
Clever concept.
Try adding a captcha to the registration process.
If it's a webhosting service, then the IP is probably static and only used by their servers. It should be ok to ban the IP since it is unlikely for a legitimate user to use it. Just make it easy for a user coming from a banned IP to contact you in case you made a mistake. (a contact form maybe)
From reCAPTCHA's site:
"But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct."
How reCAPTCHA (the captcha system used on Facebook) works: one of the words is known by reCAPTCHA while the other is unknown. You only need to type in the legible word; the other word you put in is used to help with OCR.
ReCaptcha, in reality, is only looking for one of its two words to be entered correctly. It has no idea what the other one is, and you can enter any characters you want for that one (it's the easiest to enter a single letter). Practise here, you'll notice patterns really fast and you'll soon get it every time. You could also read through the page to see why this works.
I think Wordpress would be a good choice, however, you need some time to learn how to create the themes for it. Once you set it up Wordpress with your theme the basic functionality it will give you are the options to add, modify and delete pages, which is good, but you need to read tutorials on how to create themes for Wordpress. There is a certain structure you must follow when you code your html for Wordpress to be able to use your theme. Guidelines. There are tons of resources on this topic, this is just one example.
Another option, a route less taken, is to create your company a customized CMS. Most people shy away from this because coding it from scratch takes a lot of time and CMS' like Wordpress/Joomla/Drupal give you the option to create customized plugins for whatever you need.
The last option is keeping it static. You have around 15 pages which is pretty difficult to manage if you're changing the content. If you need to add a new page to the website you're looking at modifying the navigation bar on 15 pages, which is not a very good practice.
Edit:
> which get spam bombed all the time
Use reCaptcha on your forms to prevent spam.
i have a question... google owns recaptcha (http://www.google.com/recaptcha)
it's an anti-bot service.
however, whenever you fail to enter your password correctly on a google based site (accounts etc) it throws up the worst anti-bot image ever. some red or green skewed image that you can't make the fuck out... why dont they use recaptcha?
Only 1 of the words is the actual verification word, the 2nd word is a scanned word that couldn't be interpreted by google's computers. Therefor you only need to enter the verification word (you can recognise it) and can input anything as the other word. More information: http://www.google.com/recaptcha/learnmore
If one wishes to receive the word of our Dark Sovereign, one should simply meditate at His shrine.
reChaptcha uses words from old books that computers can't recognize to let the user recognize the word and submit it to reCaptcha. Then reCaptcha can finish digitizing books for Google Books and New York Times. source
It wanted me to enter this ReCAPTCHA. Yeah, like I can type that.
If it's not behind a login page, you probably will want to implement a captcha to keep the spammers at bay. reCAPTCHA is very easy to implement and has libraries available for a number of languages.
Haha! Yeah, that's a real problem with some sites. I was thinking along the lines of Google's current version of the reCAPTCHA which in many cases only requires the user to confirm with a single click that they're not a robot, or let them pick images that contain a certain thing. That plus some kind of rate throttling.
Ah okay, awesome. Could a bug report button be added somewhere on the homepage or under the game in case of issues loading or logging in? A friend of mine was having issues the other day when they were registering and they didn't have a way to send a bug report (I sent it for them.)
Of course in an ideal world it wouldn't be needed, but bugs are unfortunately always a possibility.
Also an anti spam suggestion for you that is more people friendly - http://www.google.com/recaptcha - it's a 1 click captcha that supposedly is very difficult for bots.
okay, the carnegie mellon link is old but still a good read that supports my original point about the service. the google link is current.
My point was about how the service is being used to crowd source stuff like improving maps and digitizing books. See google's description here - http://www.google.com/recaptcha/intro/index.html#creation-of-value
Also, I looked up reCAPTHA's wikipedia article. It does not mention anything about neural networks being used to break the system. It also does not mention anything about it being broken since 2012, the recent changes to the service google has implemented or that google broke their own system then used that same neural network that broke recaptha to implement the next version. Looks like wikipedia needs an update - http://en.wikipedia.org/wiki/ReCAPTCHA
I doubt I will be interviewed given the number of players, but let me give a shot.
Preferred name: agenthai
Time to talk: Wednesday/Sunday IST
My email: solve reCAPTCHA to find my email
The new no captcha ReCaptcha is a bit more complicated than just a checkbox. Although it may appear that it's just a "checkbox" but behind the scenes a few more checks are performed.
Have a quick look at http://www.google.com/recaptcha/intro/index.html#advanced-security if you want to learn more :)
Why yes we can! PM or email us and we can talk about what would look best.
Company: Yodlee
Location: Bangalore, IN
I work as an Application Security Engineer for Yodlee. We have openings at Yodlee for the role of Application Security Specialist
It seems to work the first time I go to the Demo page every so often (tried like 30 minutes ago), but if I then refresh the page and try again, it asks me the question.
I assume it's a bunch of things it takes into account.
lloydbennett1: ^^original ^^reddit ^^link
And one of the most popular captchas is owned by google.
Funny that you ask, I'm mining Dogecoin right now. I'm assuming you were trying to get some from a faucet?
EDIT: reCAPTCHA is down too! http://www.google.com/recaptcha/learnmore only a submit button, no image!
Google does a lot of smart stuff like that. You know annoying and pointless captchas? When you use a Google captcha, you are actually helping to convert scanned books and newspapers to text.
My favourite captcha service (that i use on forums i admin) is google's recaptcha. It gives you two words - one word that it knows, and one that it can't read. Once you give an answer for the unknown word, it cross-references other people's answers! Brilliant service :)
It's owned by Google, which is a little scary....more from reCAPTHA - sometimes on a slow day at work, I just do this and feel like I'm contributing to the survival of human knowledge...but only until Google decides to become a fee-based service...
ReCaptcha takes images of words in documents that can't be readily converted to digital text, and asks you to identify them. Once identified, it can easily be translated using other automated software.