Gentoo Archives: gentoo-dev

From: Peter Stuge <peter@×××××.se>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [RFC] Anti-spam for goose
Date: Fri, 22 May 2020 22:13:20
In Reply to: [gentoo-dev] [RFC] Anti-spam for goose by "Michał Górny"
1 Stop motivated attackers or keep low barrier to entry; pick any one. :)
3 Michał Górny wrote:
5 > ==========================
6 > A traditional way of dealing with spam -- require every new system
7 > identifier to be confirmed by solving a CAPTCHA (or a few identifiers
8 > for one CAPTCHA).
9 >
10 > The advantage of this method is that it requires a real human work to be
11 > performed, effectively limiting the ability to submit spam.
12 > The disadvantage is that it is cumbersome to users, so many of them will
13 > just resign from participating.
15 While services such as reCAPTCHA are (as said) massively intrusive, there
16 are other, much less intrusive and even terminal-compatible ways to construct
17 a CAPTCHA. Hello game developers, you have 80x23 "pixels" to render a puzzle
18 for a human above the response input line - that's not so bad.
20 Attacking something like a server-generated maths challenge rendered in a
21 randomly chosen and maybe distorted font would require OCR and/or ML, which
22 is fairly annoying. The only real problem then would be with OCR packages. ;)
24 Combine with a rate limit that is increased manually as the service grows
25 more popular. It can be a soft limit which doesn't report failure but results
26 in queueing+maybe vetting of reports, to allow some elasticity for peaks.
29 //Peter


Subject Author
Re: [gentoo-dev] [RFC] Anti-spam for goose Kent Fredric <kentnl@g.o>