World: r3wp

John, I hear there was a meeting among the animals, all I can say 
is, there was a vote, and "we" better make plans for another planet.

Yeah, let's take to the skies! :-)

We are adapted to a certain (now existent ?) environment. If it changes 
maybe we will change or get extincted too.

Reichart, that is very funny.

Future now?
One step closer to Minority Report.
http://www.snotr.com/video/2549

Looks like the spammers have found a way to get thru gmail's filters 
... finding a lot more spam now in the last few days in my inbox.

Most of my spam comes from Germany or Italy on Gmail...

No Russian ladies any more?

I get it mostly from mail.ru and gmail

spam or bots ?

I don't know how to tell the difference.  They simply like ot register 
on my sites and then leave a website link in their profile.  Seems 
they are just looking for backlinks.

bots

Just write your forms using JS or at least don't use common login 
field names like USER and PASSWORD

but if you don't hide the submit button, they will try to insert 
the links into any text field.

I thought of a great idea to stop forum spammers and probably others. 
 I don't know how it can be thwarted.

I wouldn't know how to code it but it would probably require Javascript 
which I don't know.

But that might not be a good idea.  Need something almost other than 
javascript.

The idea is to use Drag and Drop.

The drag and drop areas always change.

So its random generated.

3D hit testing is another upcoming captcha method

How does that work? I hear that cpatcha is being beaten by OCR methods.

there are various implementations from thread-the-needle / drag-and-drop 
/ to overlay matching and rotation

My idea involves having the backend generate a random code that gets 
presented as a draggable item in a javascript driven page.  The user 
must drag the code to a randoming placed box.  The code i s also 
randoming placed.  The script will generate a value based on the 
direction and length of the drag.  This gets compared on the server 
end along with the code.

cant the spammer then just read the code to get the positions?

Yeah, which is why I don't think you can do it in javascript.  I'm 
using that as an example to get an idea for the concept.

automating mouse movement and clicks from then on is relatively trivial

Yeah might not work via that route.

the trick is to possibly send location on drop - then verify serverside

Yeah - that should do it!

Dunno, you still have to show the locations on the client end so 
they know where to drag.

send an image

eg: drag the object onto the purple rabbit - have an image with 20 
or so differentr rabbits

Possible.

How about this.  You  display a rather large image and the user must 
click the very center of image (hold down button) and drag to a border 
speciied within the image.  The image changes.

For example say the image is just a picture of a large ball or circle. 
 The person clicks the center of the circle and holds down to expand 
to the perimeter of the circle in the image and releases and this 
gets interpretes as radius back to the server.

still open to image analysis attack

Captachas are agains people, not bots. Bots are mostly very simple, 
especially the one which just puts links into fields. Why they would 
spend time on image analysis when they just can travel on another 
site with simple forms. fields.

they broke the gmail captcha and yahoo and hotmail by use of image 
analysis.

people.. not bots:)

oh - i thought they were reported to have automated it?

I don't think there is any bot just browsing around searching for 
another captcha to break in:) I can call it "a script" which someone 
could use to break gmail captcha, but not "a bot". Anyway... I bet 
they used many people to just click and  traslate the images.

http://securitylabs.websense.com/content/Blogs/2919.aspx

very interesting info on teh gmail break

Yes... also there is a prove that someone pay for recognizing pictures. 
Anyway... if you have a normal site and don't want links in your 
form fields as Paul has.. using simple JS document.write is enough 
to hide the submit button ans stop the bots. At least that's my experience.

Our general media portal reports, that SUN is being bought by Oracle. 
I thought that it was IBM who tried to acquire them? Anyone confirms 
the news?

Hmm, I wonder what happens to Open Office and MySQL then ....

Hm.. I imagine they have hard time selling Oracle if MySQL is free.. 
I wouldn't like to be mysql right now :)

I didn't know Oracle even exists in last years, and surelly not that 
they have so much $$ to buy Sun (+ MySQL )... I am not sure if they 
are very present in web-scene

They might close mySQL, but I think that the licence forbids them 
doing so. They might close further mySQL developments, but in such 
a case, I think that some ppl would fork it anyway ...