[Standards-JIG] bot-challenge proto-JEP

Mircea Bardac dev.list at mircea.bardac.net
Wed Aug 31 22:38:02 UTC 2005


On Thursday 01 September 2005 01:16, Mircea Bardac wrote:
> One small idea, which would solve the "creativity problem"
>
> ** The user is given a paragraph of text (one sentence would suffice).
> a) there's no need for an extenside DB of sentences.
> b) the text could be something funny... to read before registration :)
> c) could be set by the user

s/registration/authentification

> ** Requirement: Type in the first/last [picture1] letter(s) of [picture2].
>
> [picture1] = first/1st/last 2/10th
> [picture2] = <some word>/1st word/last word
> <some word> = can be a totally different word than the ones in the
> paragraph
>
> This works for:
> 1. who can read
> 2. who can count
>

To generalize the idea:
The user could be asked (via text/audio) to type in the X-th element from a 
set of N elements. The elements only need to be readable, they don't have to 
make sense.

With an extended requirement like:
> Type in the first/last [picture1] letter(s) of [picture2].
+ changing the text/requirement on each bad-auth
= the chances for the bot to hit the jackpot tend to zero.

Add
+ a limit of maximum... 5 requests/JID in... 12h (a human being theoretically 
is active half of the day)
+ server blacklisting for... many denied requests... 
+ (maybe) a blacklisted servers central database to share spim servers (would 
require some kind of federation - the servers sending blacklisted servers 
should be trusted somehow)

and you get a "pretty bullet proof" system... I think.

Oh, of course, this doesn't work for:
* pure text challenges
* something else I might be missing

Mircea

-- 
Psi Forums Moderator/Bug Tracker Manager
Psi Windows Installer Maintainer/ArchLinux Package Maintainer
http://mircea.bardac.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20050901/ad13e233/attachment.sig>


More information about the Standards mailing list