Date: Mon, 12 Jan 2004 21:37:51 -0000 From: "Sabahattin Gucukoglu" <mail@sabahattin-gucukoglu.com> To: Ceri Davies <ceri@FreeBSD.org> Cc: bugbusters@FreeBSD.org Subject: Re: I Can't See The Image Message-ID: <400313AF.24068.1120B07C@localhost> In-Reply-To: <20040112193108.GF61781@submonkey.net> References: <4002F108.1584.1099550F@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Ceri,
On 12 Jan 2004 at 19:31, Ceri Davies <ceri@FreeBSD.org> spoke, thus:
[...]
> It looks fine; I'll file it for you, as this whole situation is pretty
> much down to me. I knew that users with impaired vision would have a
> problem with this (which is why I included the "mail bugbusters" ALT
> tag), but figured that it was better than the previous situation, which
> was having zero web-based mechanism for bug reporting whatsoever.
I'm very glad you did. :-) I didn't even realise that it was actually a
graphic, since if there is alt text the text goes straight into my MSAA
buffer (screen review program's decolumnisation and parsing of HTML to
make web pages in the form of a linear, character-based document as in a
word processor with review functionality using cursors etc rather than
representative of what's physically on the screen which read literally may
make no sense as in frames or tables; MSAA stands for M$ Active
Accessibility, the "Standard" which screen readers use to get data out of
the browser - M$IE - without needing to hack it out of the screen) for my
benefit (the expectation is that we will know it is an alt because of its
contents - EG a useful description of an image) without making a
distinction that it was any different from normal text. The situation
that needed web access also happened to apply to me - installation. So,
all in all, and for submitting the report on my behalf, thank you!
> I do like the suggestion for using a maths problem; that's very neat.
> Are there other verification mechanisms that you could recommend?
Hmm, well the most obvious is email, but it is only limited by the
capacity of people's intent to do damage and your imagination, really. My
maths problem example is only useful if someone doesn't fiendishly bother
to craft up a suitably horrible piece of code that does the dirty work. I
rely on the supreme unlikelihood of this. Having said that, I may have
been bothered to buzz that image through my OCR utility to try and pull
the characters out of it, and it would be no less robotic than before if
that could be automated, assuming that the process that created the image
was any good at scrawling it enough to upset OCR applications but still
make it readable by humans. Even sound has been used this way,
concatenating the characters from the alphabet and numbers and then making
this available as a waveform for download, sometimes with suitable
obfuscation (muffling, fizz/crackle, etc), and it could still be
completely horrible and un-doable for me. So... maths, simple coding
(i.e. in the following word, shift each character up by 3 for even
characters or vowels and 5 for others)... If it's email, don't forget to
introduce the random element into the email that is sent back in the URL,
else it's pointless (sorry, you probably already know, it's depressing to
see the number of people/organisations that still don't, including these
so-called silver-bullet challenge response anti-spam systems, all of which
are the very devil for verification tactics). You won't get me verifying
my email address on one of those... :-(
> Also, looking at the filled out form you've submitted below, I'm
> guessing that a major annoyance with image based verification is that
> you get no indication that this is necessary until you've filled in the
> form - would it be of use (in general) for websites to state at the top of
> a form that you'll need to be able to see images later on?
Absolutely. I always see and work with the page from the top down, so I
filled in this form before realising that I was completely incapable of
getting it submitted which was obviously a tad annoying (as you've seen :-
) ). Had I known otherwise I would have manually typed the entries into
my email to you, so the result would look a bit nicer but be essentially
similar in this particular instance. Yahoo! have this sort of thing for
their registration, and they always put at the top of their pages
something like, "Visually impaired users - this form relies on image
verification because of spammers, ... please use this web page to contact
us instead". Well, that turns out to be awful, because customer services
then fail to get back and you are left without a registration at all, but
you could do the same if you'd rather hold your email addresses from
spammers - a webform that securely submits mail to you instead of
revealing the address. Of course, independence is definitely the key, so
alternative verification steps are definitely preferable.
> Regarding your observation that robots would be expected to be abusing an
> email based system anyway, I agree that you would expect that to be true,
> but our experience shows that this doesn't hold. No idea why.
Mmm. Well if the robot that accepts the reports simply has no time for
spam (EG uses Procmail/RBLS/etc) then it is definitely better off than if
it were simply configured to automate the input process and reply if it
didn't understand it, since spammers may use that property to bounce error
messages at hapless individuals. Still, it's probably just due to the
fact that the address isn't likely well-publicised or something. I've
never worked directly with Send-PR yet, so wouldn't really know. Perhaps
it's just luck! :-)
> Apologies for the problems you had with the form, and I'll certainly
> look into other mechanisms for doing this verification.
No problem, and thanks very much again - you've been extremely helpful!
> Cheer,
>
> Ceri
> FreeBSD Bugmeister
Cheers,
Sabahattin
--
Thought for the day:
Communist (n): one who has given up all hope
of becoming a Capitalist.
Latest PGP Public key blocks? Send any mail to:
<PGPPublicKey@sabahattin-gucukoglu.com>
Sabahattin Gucukoglu
Phone: +44 (0)20 7,502-1615
Mobile: +44 (0)7986 053399
http://www.sabahattin-gucukoglu.com/
Email/MSN: <mail@Sabahattin-Gucukoglu.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?400313AF.24068.1120B07C>