On Wed, Jun 16, 2010 at 01:03:20PM +0900, Stephen J. Turnbull wrote: > > The question is "what are they protecting?" My claim is that if > you're protecting economic resources (bandwidth, accurate counts of > real users) they may be more or less useful. If it's a security issue > -- including ways of harvesting email addresses that involve > subscribing -- though, you're busted.
To my mind the main resources we're protecting are moderator time and site owner time, and we're admittedly cost shifting onto subscribers for lists where CAPTCHAs are enabled. > Mailman should clearly not provide any CAPTCHA implementation itself, > given your claims of rapid progress in the field. Not my claim. Others in the literature. I can do more digging if you don't believe me or don't have institutional access. Regardless, we're in agreement that it should not be the job of the MLM to provide the CAPTCHA. I'd just like a tested, approved way to plug in reCAPTCHA at the moment. I'll do it myself without any help from y'all (after my masters paper), but I think this would benefit the community. > > and that I'm insisting people use cheap locks. > > No, that's not my claim. My claim is that it is unethical to make > weak locks available for free, without explaining to people their > correct use. Ahhh. Very much agree. Also, sorry about your stolen bike. :( > The first thing I want to see, then, is documentation that CAPTCHAs > are more effective than other methods of confusing the dumb 'bots. http://www.sciencemag.org/cgi/content/full/321/5895/1465 Originally published in Science Express on 14 August 2008 Science 12 September 2008: Vol. 321. no. 5895, pp. 1465 - 1468 DOI: 10.1126/science.1160379 http://recaptcha.net/faq.html Good a place as any.... take it up with the authors. But think of it this way: if what mailman does is provide a plugin spot for something external to do CAPTCHA or CAPTCHA-like work, then some non-CAPTCHA method could be inserted that doesn't impose user load. For example, people could use a plugin that adds a junk form field that is hidden by CSS, or a simple 1 + 2 math problem, or any number of other things. The point is that we're doing the equivalent of adding braze-ons to the seat stays of a bicycle frame: whether the user adds a sturdy rack, a cheap one, or none at all is up to them. While I'm digging around and thinking of other anti-spam tools, maybe it's worth digging around in here for ideas, since this seems rather popular with WordPress: http://www.bad-behavior.ioerror.us/documentation/ Cheers, -- Cristóbal Palmer ibiblio.org metalab.unc.edu _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
