On Thu, May 8, 2008 at 1:32 AM, MyTwoCents <m2c@???> wrote:
> gpg: invalid clearsig header
gpg: no valid OpenPGP data found.
gpg: block_filter: 1st length byte missing
gpg: cleartext signature without data
gpg: no signature found
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
>
>
> On Tue, 6 May 2008, "Evan Daniel" <evanbd@???> wrote:
> >On Tue, May 6, 2008 at 9:39 PM, MyTwoCents <m2c@???> wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> I was going to just post this on my flog (which I did) but decided that
> >> since I've no idea if any devs read it, I want to be certain that it gets
> >> SOME actual notice by developer types and thus posted it here also
> >>
> >> I've been taking a bit of time lately to check in on 0.7 again and have
> >> been trying out FMS. I have to say that while the idea is a good one, has
> >> a few things that need to be addressed. Specifically the process of
> >> announcing new identities has problems.
> >>
> >> 1) The capcha images themselves have absolutely GOT to be changed.
> >> Because: "You must have at least 1 identity created and have received the
> >> SSK keypair for it from Freenet before setting trust.", I cannot post
> >> messages yet, I have been able to read a few, including one:
> >>
> >> Subject: Re: current CAPTCHAs suck
> >> From: The Seeker@cI~w2hrvvyUa1E6PhJ9j5cCoG1xmxSooi7Nez4V2Gd4
> >> Date: Thu, 01 May 08 21:31:52 -0000
> >> Message-ID:
> >> <D307C15C-56CD-4CC4-9822-3EAF1D0CAC8F@cIw2hrvvyUa1E6PhJ9j5cCoG1xmxSooi7Nez4
> >> V2Gd4>
> >>
> >> That expresses the opinion that the captchas are more likely to be solved
> >> by a program than a human.
> >>
> >> Having spent a few hours trying in vain to read the damn things, I have to
> >> say that I wouldn't be surprized if that were true. Of course, I also
> >> think that they were specifically designed to make life difficult for
> >> people with vision impairments.
> >>
> >> The images need to be something that an actual human will have little to no
> >> trouble reading them. Unfortunately, the graphic abortions that are in use
> >> now are apparently impossible for me to read, since I've been "solving"
> >> (not that I know if they're 'solved' or just wrong.) them for the better
> >> part of a week now and have yet to get my identity announced.
> >>
> >> Which brings me to #2.
> >>
> >> How about some feedback?
> >>
> >> Specifically, when I "solve" a captcha, how about telling me if I got it
> >> right or not? My thought, present captchas one at a time. Allow user to
> >> fill in and submit. If incorrect, TELL THE USER!!!, then present them with
> >> a new one. If it's correct, again TELL THE USER!!! then present them with
> >> a new one.
> >>
> >> This business of sitting here going nearly blind trying to read faint,
> >> almost invisible characters is bad enough, not even knowing if I actually
> >> got one right is liable to make somebody homicidal. There's absolutely
> >> ZERO reason for this to be a fargin guessing game!
> >>
> >> Frankly, if I ever get my hands on the
> >> absolute-brain-dead-moron-studying-to-be-an-idiot-and-failing-miserably
> >> that decided to use that kind of damn-near-invisible-characters-image I'm
> >> going to print out 10,000 pages of them on plywood sheeds and make him eat
> >> them while I beat him to death with my monitor!
> >>
> >> Can you tell I'm more than just casually frustrated here? Good!
> >>
> >> WILL SOMEBODY PLEASE FIX THE DAMNED CAPTCHAS ON FMS?!?
> >>
> >> The preceeding was written while frustrated and angry and then posted
> >> anyway to make a point.
> >>
> >> - --
> >> My public keys can be found on my freenet site:
> >> SSK@TEx6TiaPeszpV4AFw3ToutDb49EPAgM/mytwocents/62//m2ckey.html
> >> (*NOTE* you must be running freenet for this link to be usefull)
> >> and on public keyservers. Key-Id: 0x92769D7E
> >> Fingerprint: 2F07D586C8D4EEA732711338CFEF46E592769D7E
> >> I can be reached either by the NiM form on the freesite or by
> >> Email: m2c AT nym.panta-rhei.eu.org
> >> Frost: MyTwoCents@Z+59LNK9NhMvxewYggENU4Ww50s On the 0.5 Freenet board
> >>
> >>
> >>
> >> _______________________________________________
> >> Support mailing list
> >> Support@???
> >> http://news.gmane.org/gmane.network.freenet.support
> >> Unsubscribe at
> >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> >> Or mailto:support-request@????subject=unsubscribe
> >>
> >
> >I tried to read your flog but couldn't; your SSK is malformed.
>
> That's not malformed. It's an 0.5 key. My flog is mirrored on both
> networks
> 0.7 key is (wordwrap is probably gonna kill this. ymmv)
> USK@0wysM1-lkx2I-iEE8FCfepf5BCpHk4pXQSsMi9KjDAA,rQ8XqGy-MFZIMbM3zWE0VwXzNUf
> T7lcp5gVYOoFFzio,AQACAAE/mytwocents/11/
> (it's also listed on 'Another Index')
>
>
> >There are ways other than captchas to announce yourself. If I knew
> >what your identity was I'd be happy to add it, as you're obviously
> >human.
>
> I'd take you up on that if it werent for a stubborn streak that insists on
> my being able to do it myself by following the few directions I could find
> and the software working and letting me in.
>
>
> >You could post a patch with better captchas. As the initiator of the
>
> If I had the skills I'd be glad to give it a go. Unfortunately I don't.
>
>
> >thread you referenced, I would be in favor. I've got some code I'm
> >playing with, but it's not there yet. Working on other people's code
> >always feels more like work than fun, and the same is true of C++, so
> >it probably won't get posted for a while yet.
>
> Does this mean that these images are somehow generated as needed instead of
> selected from a pool of stock images?
>
>
> >In the meantime I've modified the FMS source so that my node will post
> >easier versions of the same captchas. If this creates a spam problem,
> >I apologize; somebody tell me if I'm announcing all the spammers and
> >don't notice :D
>
> I'll be sure to mention it when I see any 'easier' versions.
>
> In the meantime I'm going to try with this version of FMS (0.2.9) for
> another day or two. Then I'm going to kill the thing and wait for the next
> version. It's not worth all this frustration trying to solve something
> that won't even tell me if I'm right or not.
>
> I *** -=*>HATE<*=- *** guessing games and that's all this announcement
> thing is to me.
>
> If I can't figure out what a captcha says in less than 30seconds, it's
> probably not worth trying. As for the images FMS is using, I can't begin
> to express how much utter contempt I have for the decision to use that type
> of captcha when there are a lot of them around the internet that are at
> least human readable.
You might want to upgrade to the latest version of FMS (0.2.14). I
found a rather relevant bug, which SomeDude has fixed: identities
were publishing captchas even when they weren't publishing trust
lists. If you solved one of their captchas, you would be announced to
them, but not to anyone else. Given the fraction of identities
publishing trust lists (low), this means that your odds of actually
getting announced are small, at best. 0.2.14 will not download
captchas from identities not publishing trust lists, and won't publish
them if you're not publishing one.
Yes, the captchas are automatically generated on demand; the code is
in simplecaptcha.cpp. If there was a stock database it wouldn't work,
as a spammer could just harvest the whole database.
I'm not going to continue my brief attempt to make a different captcha
system (though I'll keep running my easier version of the same style
captcha). There are many far more competent people out there working
on the problem, and the current state of the art appears to be that
the spammers are winning. There have been some interesting proposals
recently, eg:
http://arstechnica.com/news.ars/post/20080423-researchers-stay-step-ahead-of-bots-with-image-based-captcha.html
My current belief is that captchas are doomed, and some alternate
system is needed. I have no clue what it is; currently, I think
hashcash might be the best option, as bad as it is. For now, out of
band introductions are a good thing, though obviously not a complete
solution -- though I can certainly sympathize with your stubbornness
:)
Evan Daniel
