IRC Logs

Network: freenode Channel: #php

	Enter your search terms Submit search form
	Web www.irclog.org

[00:00]<txnjzd>the difference between theory and practise is in theory there is no difference...
[00:01]<rdvxzrwff>hah, nice quote
[00:01]<mzumzazys>sorry off topic question (i was banned from #css for no apparent reason)... but does anyone know the css element for justified text
[00:01]<rdvxzrwff>drudacris, try #web or google...
[00:01]<rdvxzrwff>this is NOT the right place
[00:02]<mzumzazys>my apologies, i was wrongfully banned from #web as well
[00:02]<rdvxzrwff>drudacris, and if your not careful you'd be banned from here
[00:02]<rdvxzrwff>try google
[00:02]<rdvxzrwff>w3cschools
[00:02]<mzumzazys>i will man
[00:03]<vxn-mznw>i was just hopin for a snappy answer
[00:03]<vxn-mznw>thanks for the help on the regex the other night by the way
[00:03]<rdvxzrwff>well i had an answer for him, but Im often told to refrain from giving off topic answers
[00:06]<vxn-mznw>its simple man,just text-align:justify
[00:06]<vxn-mznw>i had a mind fart
[00:12]<fusxuyrr>How do i break an feof loop on purpose?
[00:12]<wjlllrws>so THAT's what I smelled
[00:12]<fusxuyrr>>.>
[00:13]<zyzzzg>break;
[00:14]<zzzdjdzvzzzzz_>continue;
[00:14]<fusxuyrr>...
[00:14]<fusxuyrr>WHICH ONE!
[00:14]<zzzdjdzvzzzzz_>Fushuing: It's break;
[00:14]<fusxuyrr>k
[00:15]<fusxuyrr>thank you
[00:18]<mrnmrfusx>does anyone have any recommendations for a solid, as of yet unbroken captcha class/script ? I was reading the pwntcha page and comparing his criticisms of various schemes to packages I found and none seemed to be particularly god
[00:19]<fumrawysl>DaedalusX: what is captcha?
[00:19]<fumrawysl>if you dont mind givign me a brief explanation--sounds like something that might add a little ease to my workload
[00:19]<mzzcz9q>DaedalusX: Think very carefully about whether you need a captcha, and make a pragmatic decision
[00:20]<mrnmrfusx>"Completely Automated Public Turing Test to Tell Computers and Humans Apart"
[00:20]<fumrawysl>oh, like the letters on yahoo
[00:20]<fumrawysl>where it generates the random letters as an image
[00:20]<fumrawysl>and you type them in the box
[00:20]<mrnmrfusx>MarkR42: Unfortunately, I do. But I've been trying to think of creative, alternate solutions
[00:20]<fumrawysl>that would be simple, would it not?
[00:20]<mrnmrfusx>ludacwisp: yea
[00:21]<fumrawysl>just use gd, rotate the fonts around
[00:21]<mzzcz9q>Well, obvious solutions are normally: Make them need an email verification
[00:21]<fumrawysl>and use a weird weird font
[00:21]<txnjzd>DaedalusX: require the user to send you a postcard :-)
[00:21]<mrnmrfusx>ludacwisp: most are easy to crack
[00:21]<mjvgnvvnm>what's the best way to make sure a php file cannot be included/opened/edited by any other php file run by the same user (php)?
[00:21]<mrnmrfusx>Theory: hahaha
[00:21]<fumrawysl>you think bots can really read that?
[00:21]<fumrawysl>use images for the fonts, then reshape those images in photoshop
[00:21]<mzzcz9q>dotnetted: Run it on a dedicated machine where there aren't any malicious or weak scripts
[00:21]<fumrawysl>so no bots could ever match the font
[00:21]<fumrawysl>make sense?
[00:21]<txnjzd>Computers are very good at the recognition task (identifying letters - they are better than humans at this). What they aren't so good at is telling where letters start and stop
[00:21]<mrnmrfusx>http://sam.zoy.org/pwntcha/
[00:22]<mrnmrfusx>ludacwisp: read that link
[00:22]<mjvgnvvnm>MarkR42: have anything a little less extreme?
[00:22]<fumrawysl>im looking
[00:22]<fumrawysl>so does it recognize fonts?
[00:22]<mrnmrfusx>I've been looking into alternative schemes, like audio captchas, riddles & intelligence tests, etc
[00:22]<fumrawysl>can i submit a pic to test it?
[00:23]<mzzcz9q>Well, the obvious solutions are: 1. Require the user to register with a distinct email - does not stop bots in principle, but stops enough bots in practice that if you are not yahoo.com, it's good enough
[00:23]<fumrawysl>i think i have a solution
[00:23]<fumrawysl>i could beat this program
[00:23]<fumrawysl>and make it very legible
[00:23]<mzzcz9q>2. Allow people to spam you but ensure that they can't do anything worthwhile (e.g. link spam) - require approval for anything sensible and create a method of trivially wiping automated submissions (e.g. a mass deletion by IP)
[00:24]<fumrawysl>just write text all over the image
[00:24]<mzzcz9q>As spammers do not generally spam sites which they cannot get anything useful out of
[00:24]<fumrawysl>and tlel them to type the word in the [random part of image]
[00:25]<fumrawysl>make sure you update ways in which you state the location of the real word
[00:25]<fumrawysl>then tell them to type it backwards
[00:25]<mrnmrfusx>MarkR42: good point.
[00:25]<fumrawysl>and have them do it one handed while standing on their left foot and touching their nose with the right
[00:26]<mrnmrfusx>plus, the fact that the "porn spam" work-around exists limits the usefulness of a captcha anyway
[00:26]<mrnmrfusx>heh
[00:26]<fumrawysl>im telling you, im 100% positive i could beat this
[00:26]<txnjzd>ludacwisp: how?
[00:26]<fumrawysl>i juts offereed one solution
[00:26]<mzzcz9q>If you make it sufficiently *difficult* to spam your site - i.e. by creating a method which makes it complicated to create a spam bot *AND* very little gain (e.g. all entries are moderated anyway), then spammers are unlikely to bother, especially with so many other easier sites to spam - unless you are yahoo.com or someone
[00:27]<txnjzd>ludacwisp: the bot just has to be taught all the ways you might give the location (and there aren't going to be that many, as a human has to create each one)
[00:27]<txnjzd>and then the captcha is easily broken...
[00:28]<-- dvxn|syzzzyus xzs>http://www.bagdadsoftware.de")
[00:31]<qu2n>whats the porn spam workaround
[00:31]<qu2n>?
[00:32]<sggsgy>A simple thing is having a javascript to generate the form
[00:32]<sggsgy>Most spambots don't do javascript to that degree
[00:33]<mrnmrfusx>Qube: send a bunch of junkmail with links to "free porn" or have similar links placed on various sites
[00:33]<mrnmrfusx>when users "sign up" for the free porn, the site redirects a captcha from a third party site
[00:33]<mrnmrfusx>ie Yahoo
[00:33]<fumrawysl>you dont understand
[00:33]<fumrawysl>there's no possible way a bot could read text a human could
[00:33]<fumrawysl>if you did it right
[00:33]<mrnmrfusx>and thus has the user enter that information, which is then redirected by the spammer to Yahoo
[00:34]<mzzcz9q>If your site is sufficiently unattractive to spammers, they aren't going to spam it. If you're not gmail, yahoo or hotmail, you probably don't need a captcha
[00:34]<mzzcz9q>Of course you MAY need a captcha
[00:34]<fumrawysl>havent you seen that paragraph that has the letters rearranged and says something alogn the lines of according to harvard studies humans can put together sentences subconsciously.....
[00:34]<mzzcz9q>You should decide that yourself, but don't panic.
[00:35]<fumrawysl>write a paragraph like that, have a huge database of different schools...
[00:35]<fumrawysl>ask the user for the school mentioned in the paragraph
[00:36]<qu2n>mmm, my captcha is remarkably simple and effective. No text warpingat all... I just print out the same letters randomised 4 times in 4 different colours and ask them to type in a specific colour
[00:36]<fumrawysl>yes but the bot will search for what colro you're asking for
[00:36]<fumrawysl>in the html
[00:36]<fumrawysl>if people go to that length
[00:36]<fumrawysl>i can just think of a million different ways to get around it though

Back to #php
Or go to some related logs:
#gentoo
#gentoo
#gentoo
#debian
#python