Fabulous Adventures In Coding
Eric Lippert is a principal developer on the C# compiler team. Learn more about Eric.
A quick metablogging note. Those of you who comment on this blog (6700+ comments and counting, thank you all) have probably noticed that it now has a CAPTCHA, that little "please prove you're a human" test before the comment is posted.
I understand why. The MSDN and TechNet blog sites are high-value targets for unwanted commercial advertisers, for attackers who wish to attempt to influence search engines to drive traffic to their sites, and for vandals. The people who run security for this site have their hands full; we've experienced some pretty serious denials of service based on ham-fisted spammer attacks. Adding a CAPTCHA to regulate comments massively slows down the rate of successful comment spam.
That said, I'm not thrilled about this. I find CAPTCHA-style solutions distasteful for several reasons:
So, sorry about that, commenters. I don't like it any more than you do, but there's not much I can do about it; I don't run the blog servers. The only thing I can control is how purple the text is.
As a new commenter, I'll just leave this comment so you don't feel so bad about the captcha issue.
Your blog is definitely one of my top fives.
Thanks, and keep it that way.
Well, my captcha is 782, so it's not like i'm trying to decipher crazy lettering like on some captcha's where even i can't read them.
> The only thing I can control is how purple the text is.
And Jeff Atwood probably still wants you to reduce the purpleness.
I don't know why Jeff hates purple so much. It's quite easy on the eyes.
That said, at least it's not one of those Yahoo CAPTCHAs that you have to actually stop and wonder "which letter is that? It looks like a webding!"
By the way, my computer-illiterate friend couldn't get past a CAPTCHA a few days ago because he didn't know that he was supposed to copy the letters... It seems we really should find a new way to annoy users because this one is too difficult for some of them to pass.
There is just one issue. Some braindead policy prohibits me from accessing any URL with "live" keyword in it. Priliminarily, it seems, that some of the CAPTCHAs are delivered using URLs containg that term and hence, are noit visible to me at work. All I see is a generic red X in its place.
It follows logically that I can not comment on several of the blogs that I follow regularly.
Captchas can be annoying for all the reasons you listed, but what other tools are there at present? At least it's better than having to register and sign in just to post a comment.
Like the sign in the train station, when I see a Captcha I think of it not as a personal affront, but rather an indicator that the caretakers of the public space are making at least some effort to create a comfortable environment for everyone, including *me*.
>The only thing I can control is how purple the text is
Atleast the captcha is not all that bad, many websites have severely twisted characters for captcha that make me think "Am I the only one who din't get that ? Maybe I am not human enough"
I am so used to Captcha's that I do not really find them offensive at all. I'd prefer the minor annoyance of a Captcha to the massive annoyance of having to read spam comments. Or the thought that you had to spend time deleting spam comments when you could be writing more brilliant blog postings!
Captcha's can also make a great bozo filter. If you can't figure out how to use it then you probably have nothing of value to add to the conversation.
Captchas can be used to convert visual scans of old books into text data. If you're not familiar with the concept, google reCAPTCHA. It may be a little annoying, but we can make knowledge more accessible through CAPTCHAs. Although, I assume this is not the case with the CAPTCHA used on MSDN. I got "000".
Eric, you're worth the hassle of a 3-digit code any day.
This can be mitigated. For instance, if you used something like OpenID to allow people to identify themselves then you can set policies. For instance "Anyone who has submitted a comment in the past which was not then deleted for being spam will not get a CAPTCHA in the future."
The one problem I did have with the CAPTHCHA, just once, was that someone managed to use the code displayed for me while I was still ironing out the text of my comment; consequently, when I tried to use the same code, it told me I was some evil agent Smith from the Matrix, or something, and I had to refresh the page for a new code. :-)
WOW!!! Here it come again: a second time!!! :-D
Wow, and it's not even a very *good* captcha, I think i've seen that one on the list of captchas broken by grad student projects. I tried 3 times, and each time it spits back an un-obsctured slightly static-y 3 digit number.
Sorry man, we feel for you and understand it's out of your control.
The problem with captchas is that most implementations are broken and can be easily hacked by someone who is willing to; with a minimal amount of effort. For instance, every community server site that uses Captcha stores the captcha text in the plain text cookie (on this site the cookie is called AreYouHuman), all a bot has to do is read the cookie's content and submit that along with the spammy comment and there ya go, the entire purpose of Captcha is defeated.