NAME
flatulent : CAPTCHA for FIGLET.
SYNOPSIS
the flatulent gem provides brain dead simple to use, but
internally cunning,
ascii art captcha for ruby.
URI
http://codeforpeople.com/lib/ruby
http://rubyforge.org/projects/codeforpeople
HOW DO I GET FLATULENT?
gem install flatulent
HISTORY
0.0.2
- ajax gets stinky: Flatulent.ajax! the result of this new
addition is
that the captcha itself doesn’t appear in the source file at all
- blowfish encoding for timebomb and captcha fields
- auto server key configuration using hostname and mac address
- improved noise algorithm
- improved character placement (chars shared edges to make
ocr’ing harder)
0.0.1
- initial version
RAILS EXAMPLES
REGULAR METHOD (LESS SECURE):
def controller_action
if params.has_key? 'flatulent'
Flatulent.validate! params
end
render :inline => <<-html
<html><body>
#{ Flatulent.form }
</body></html>
html
end
AJAX METHOD (MORE SECURE):
def controller_action
if params.has_key? 'flatulent'
Flatulent.validate! params
end
render :inline => <<-html
<html>
<head> <%= javascript_include_tag 'prototype' %> </head>
<body>
<form action='./' method='post'>
<%= Flatulent.ajax %>
<input type='submit' name='submit' value='submit' />
</form>
</body>
</html>
html
end
DOCS
see source in ./lib/*
see the example rails project in ./rails
ONLINE SAMPLES
http://drawohara.tumblr.com/post/4944987
ONLINE DEMO OF AJAX METHOD
http://fortytwo.merseine.nu:3000/flatulent/ajax – try to break it!
enjoy.
-a
On Jul 4, 2007, at 4:38 PM, list. rb wrote:
very nice! Thanks Ara
with brian’s help it may be useful yet!
cheers.
-a
On 7/4/07, ara.t.howard [email protected] wrote:
NAME
flatulent : CAPTCHA for FIGLET.
ONLINE DEMO OF AJAX METHOD
http://fortytwo.merseine.nu:3000/flatulent/ajax – try to break it!
Ara, if you try to answer in caps (as it is presented) it will fail,
this seems kinda wacky, seeing as most users I know will try to
answer in the same case as it is presented. Perhaps it should be
case-insensitive, or you could branch out and do lowercase letters
too.
On Jul 4, 2007, at 7:29 PM, Chris C. wrote:
case sensitive would be sweet!
On Jul 4, 2007, at 7:03 PM, John J. wrote:
case sensitive would be sweet!
you think? better than insensitive? it’s easy to do of course…
??
-a
On Jul 4, 2007, at 6:29 PM, Chris C. wrote:
Ara, if you try to answer in caps (as it is presented) it will fail,
this seems kinda wacky, seeing as most users I know will try to
answer in the same case as it is presented. Perhaps it should be
case-insensitive, or you could branch out and do lowercase letters
too.
a bug!
thanks - i’ll fix
fyi. it’s supposed to be be both case insensitive and counts o O and
0 as the same char as they look the same in figlet.
cheers.
-a
From: ara.t.howard [mailto:[email protected]]
On Jul 4, 2007, at 7:03 PM, John J. wrote:
> case sensitive would be sweet!
you think? better than insensitive? it’s easy to do of course…
practically case sensitive but the ff
0==o==O (zero and oh’s)
l==l (one and el)
2==z==Z (two and z’s)
5==s==S (5 and s’s)
kind regards -botp
On Jul 4, 2007, at 9:16 PM, Peña, Botp wrote:
practically case sensitive but the ff
0==o==O (zero and oh’s)
l==l (one and el)
2==z==Z (two and z’s)
5==s==S (5 and s’s)
done!
version 0.0.3 out soon… MUCH harder for bots.
-a
There’s probably a reason why this isn’t used, but, I couldn’t help but
ask.
Instead of asking the user to ‘Enter what you see’, why don’t the
questions
vary?
I.e.,
- enter ONLY the letters [A-Z] you see
- enter every other character
- enter the text backwards
- enter only numbers
- enter the number of times ‘A’ has occurred
- enter the number of vowels
- enter the RED letters only (assuming there was color in each
character)
My assumption is that this wouldn’t be user friendly? --It would
definitely
add to the complexity of cracking I would think…
On Jul 4, 2007, at 11:52 PM, list. rb wrote:
these kinds of questions are a little to simple and logical. It
needs to be more wordy!
also, colors tend to be trouble for accessiblity issues. Some people
are color blind.
longer phrases or even a question itself as the captcha are better.
If the question is a captcha and the answer is a word that any human
could answer, even if it means doing a quick google for the answer,
it would be better. Machines can’t get that stuff.
question:
(as a captcha)
What is Michael J.'s brother’s last name?
or
If you had 3 hands, how many thumbs would you have?
On 7/4/07, list. rb [email protected] wrote:
There’s probably a reason why this isn’t used, but, I couldn’t help but ask.
Instead of asking the user to ‘Enter what you see’, why don’t the questions
vary?
Okay (says I rubbing hands gleefully :). I’m nitpicking and with all
of these you can simply say, well that person shouldn’t be using a
computer/be on the internet/speak my language/etc.
I.e.,
- enter ONLY the letters [A-Z] you see
My grandfather, being the math guy he is, sees A minus Z with that and
would probably spend more than the allotted seconds trying to see
through that (of course, he could just wait for the next question)
- enter every other character
Starting with the first? In order? The ascii characters or the
‘realized’ ones? (I keep thinking of the little play of form and
contour in some art)
- enter the text backwards
- enter only numbers
Depending on context I and V and X could be numbers
- enter the number of times ‘A’ has occurred
Right-side up or upside-down … sideways?
- enter the number of vowels
I can’t remember if Y is a vowel …
- enter the RED letters only (assuming there was color in each character)
I’m color blind!
My assumption is that this wouldn’t be user friendly? --It would definitely
add to the complexity of cracking I would think…
It’s clear there will continue to exist a give and take with security
vs. usability. We could make all of the captcha’s riddles like Gollum
holding on to his precious ring 
What keeps going on in my head is
what truly determines whether the ‘thing’ on the other line is a
machine or not. I see suggestions to use things like tradition,
commonplace, language, acceptable behavior to decide that. Hey, if
that works for your client base, go for it!
So far, I really like Ara’s solution because of how simple (on the
outside) and relatively effective it is.
Todd