Big Ideas For Those With Time

Hello.

I've done my best not to haunt the mailing list so far, but it's 4am and I blame the invention of Ruby on Rails for keeping me up at night. So now you must bear with me or click back/next/delete.

ME: I love rails in theory and practice, 3/4 of the 37mantras (how many does that make?), and hanging around seeing how the community is developing. I'm not famous or well accomplished, just a dude. I'm a scope creep by nature, but I've learned in reality to shut my mouth. Sometimes.

THE MEAT: I want to know several things. The following gives you a flavor of the kind of things that I am awake at night thinking, but these just came out once I hit the keyboard.

CAPTCHA. What is this? I'm not looking for a real answer. I'm looking for the answer to the question: "How did we get to the point where we are asking Joe to type in random numbers to satisfy a computer program." Actually, I don't want an answer to that. I want to know "Where are the simpler methods of identifying a person as a person when you are giving information to a website"

Example: You are submitting a comment on a typo blog. I don't want to give an Email, yada yada, I want to leave a nice comment without hassle. I click "Submit," the screen darkens, and a small and bright popup on the page appears in a random position that says "Click on me to prove you are a human being!"

Why? One Click = much smaller pain in the ass than hunting and pecking on the keyboard. Can a spider ever identify screen position of a needed mouse click? I don't know. My point is not that I want to develop it, but that it seems like there is a lack of chatter in the general community on the theory level - solving small issues like this, as well as larger issues like the next one.

Why? I don't know. We have these discussions in private, or we just build the damn thing, and it gets ripped off (read: recognized as being something to build upon) and spreads virally into a convention. Like the light-box stuff. Or ajax in general.

JAVASCRIPT Rails helpers = goldmine for UI development. But I don't see much discussion about MVC being ruined when developing a intensely rich and interactive UI. (On a side note, I also don't see much discussion which isn't the practical nitty-gritty of day to day railing) Javascript lets you have a whole other world on the client side. I mean, take an app like writely, gmail, etc - This is where web applications are moving towards, right? Agreed? In other words, right now, they are beta-buggy-scary, and often hacked together, but...."we" want to see those things perfect, and that's how the world works - what the public wants, they will get.

So, the point is, rjs has opened the door, and now we can put one foot inside. But if you want to walk *through* that door, you need a lot more than rjs - you need a javascript programmer building a lot of custom shit. Look at the rails apps that put ajax to heavy use - look at what lives in their .js - Lots of crazy stuff going well beyond Element.update.

Lets talk about this: I need to load and store data on the client side, have it manipulated, and at critical moments, synced with the server. I want to paginate data and keep it on the client-side. I know, this is possible, but the amount of effort for execution is still very very high. I'm just saying...I think a lot about the fact that at some point soon, the rails helpers will (have to) evolve and grow to satisfy this need. I'm excited.

Another way of looking at this is a challenge: Can you build a simplified version of iTunes, but as an online app? Yes, it is possible (maybe throw in a Flash shell to handle the audio playback, but...) Can you build a version which isn't painful to use? Does Rails aspire to be 'capable' of building something like this in the future? Is a more in-depth javascript 'framework' needed in order to do so?

Instead of going further with more ambiguous ideas, I'm going to stop here for now. Instead of pushing cancel, I'm going to hit send.

Please realize that I don't want to upset anyone - if you are upset, don't worry, you write better code than me - I'm just a lonely programmer looking to talk *around* the ideas of the day. You know, spend some time 'together' evaluating and chatting about things. There always are a million 'better ways' - I would love to see more rails folk dialogging about ideas within the larger community that go beyond which server is better, why code is wrong or right, etc... Some of this happens, but it seems to be more one-way communication. Blogging works, but Diablogging is always better! Yes, it's all changing in front of our eyes, and meanwhile we've got apps to build. Keep up! What's new? Priorities! Build! Release! Go!

Anyone want to slow it down a bit?

lovelovelove sudara

[...] } CAPTCHA. } What is this? I'm not looking for a real answer. I'm looking for the } answer to the question: "How did we get to the point where we are } asking Joe to type in random numbers to satisfy a computer program." } Actually, I don't want an answer to that. I want to know "Where are the } simpler methods of identifying a person as a person when you are giving } information to a website"

Ultimately, it comes down to what computers are bad at and humans are good at. In general, the answer is pattern recognition. Humans are very good at pattern recognition, even in the presence of a lot of noise. A captcha is little more than a simple pattern (letters and numbers) presented with a lot of noise, which the user is then expected to recognize and regurgitate.

Also, I'll point out that the captchas for the visually impaired are much easier for a computer to handle; there are much more effective algorithms for sound/speech recognition than for image/text recognition.

} Example: } You are submitting a comment on a typo blog. I don't want to give an } Email, yada yada, I want to leave a nice comment without hassle. I } click "Submit," the screen darkens, and a small and bright popup on the } page appears in a random position that says "Click on me to prove you } are a human being!" } } Why? } One Click = much smaller pain in the ass than hunting and pecking on } the keyboard. Can a spider ever identify screen position of a needed } mouse click? I don't know. My point is not that I want to develop it, } but that it seems like there is a lack of chatter in the general } community on the theory level - solving small issues like this, as well } as larger issues like the next one.

It's absolutely trivial for a computer to figure out where to click. If you make a highly visible and obvious target for the user to click, an image recognition algorithm will figure it out even faster than a human.

You see a lack of chatter because those familiar with computer science literature know about the dead ends, and don't talk about them. Most of those who don't know the literature are inclined to trust those who do. Think of computer science as similar to civil engineering; amateurs can design pretty looking bridges, but that doesn't mean that bridge would stand up to even its own weight, much less traffic.

I know, it sounds really arrogant. Sorry about that. I don't mean to say that people who don't have computer science training can't create anything of value; that just isn't true. I'm saying that the hard problems (e.g. packet routing on a global network, approximation algorithms, etc.) are solved by computer scientists, and those without the training don't have much to contribute to that.

} JAVASCRIPT [...] } Another way of looking at this is a challenge: Can you build a } simplified version of iTunes, but as an online app? Yes, it is possible } (maybe throw in a Flash shell to handle the audio playback, but...) Can } you build a version which isn't painful to use? Does Rails aspire to be } 'capable' of building something like this in the future? Is a more } in-depth javascript 'framework' needed in order to do so? [...]

I'm not quite sure what you're getting at here. Are you looking for JavaScript toolkit libraries comparable to GTK+? They exist, but the combination of DOM, CSS, and plain JavaScript tends to be nicer. Are you looking to write JavaScript in Ruby? That's sort of what RJS is, and there is also a project to actually transform Ruby into JavaScript. (The languages are surprisingly similar, underneath the syntax differences.) I'd also claim that a web-based iTunes clone is well within reach (especially the store part, which is already web-based), and it is much more a matter of licensing/copyright/legal issues that prevents anyone from doing so. (Incidentally, it would be well within Apple's abilities to have iTunes serve a web interface on a user-configurable port to do exactly that, providing web access to your iTunes library. In fact, I think I'll suggest it to my friend who works at Apple.)

} lovelovelove } sudara --Greg

Thanks greg.

Ultimately, it comes down to what computers are bad at and humans are good at. In general, the answer is pattern recognition. Humans are very good at pattern recognition, even in the presence of a lot of noise.

Yes. Exactly. This is why I see CAPTCHA as a hack solution, waiting for something better to show up. Don't get me wrong, it's better than a load of SPAM showing up at your door, and typing in 6 characters isn't THAT tough, especially for those of us who see it now as "normal." But if you step back, the idea is pretty demanding - Make every user do some leg work to help out the lack of decent SPAM filtering on a website. I just registered a domain, spent 10 minutes giving WAY too much information on 8 different form pages, and at the end of the process had to enter a silly string of numbers and digits.

I know, it sounds really arrogant. Sorry about that. I don't mean to say that people who don't have computer science training can't create anything of value; that just isn't true. I'm saying that the hard problems (e.g. packet routing on a global network, approximation algorithms, etc.) are solved by computer scientists, and those without the training don't have much to contribute to that.

No problem. On one level I agree with you completely. As far as I know, I'm never going to contribute to the rails core. Why? Learning curve, talent, time investment. But ultimately why? Because I'm not inspired to - there are people who do the 'hard work' a LOT better than I could, I respect them, but get my kicks spending my time elsewhere.

But here is the difference - Web design isn't computer science. UI design, web application design is not as much rocket science as common sense and creativity. Will this make sense? Is this clear to the users involved? How can we implement this creatively, and clearly? And you see all sorts of technology being stiched together, not only by computer scientists, but by programmers who are aware of their users. In other words, people who can use tools to solve problems, but also step back to identify the problems in the first place.

I'm not quite sure what you're getting at here.

What I'm getting at: I feel that it's important to step away from the technology and have a wider perspective. It's easier to ask a programmer "Is building an online version of iTunes possible?" than it is to ask "Where does our current toolset fail, or not do *enough*" or "What issues with application design are solveable in the near term, and how would your tools need to change to solve them?"

It seems important to talk about what we are doing, not on the technology level, but on the conceptual level. Why? Well, it's one thing to design an app while thinking "what is best for the user" and then plunge back into the deep end, making sure buttons are standing out, that users are getting good feedback from the system, etc. It's another thing to spend some time thinking about the situation in general - What are the trends in web app design today - what is going to fade away, what is really innovative, what is 'sticking', and most importantly: What 'problems' are still waiting to be solved.

And in this case, I'm not talking about the nitty gritty hardcore programming issues, I'm talking about the fact that millions of people are surfing the internet and we are part of the crowd responsible for that experience being useful, joyful, and informative.

There's lots of rails talk about getting DRY. No programmer likes to write code twice. And it's a sexy idea to get rid of excessive code writing. But we don't talk a lot (together) about UI design, about the UI issues in general, about Application *flow*, about the larger approaches and attitudes. The most you hear is "Reduce the number of form fields" or "Don't ask the user to sign up for an account until you really need them to." Yes, these are wonderful peices of advice! ...And just the tip of the iceburg.

THOSE ideas are more along the lines I want to talk about. Stepping back, I would think railers would be more obsessed about designing systems their users will love: "Step away from the technology."

Again, if I've offended, or just plain boring to listen to, I apologize. I'm excited by these kinds of things. I'm not looking to be educated or educate, though I always expect that to occur natuarlly. I'm looking to dig into topics that are left behind, but in reality define the world of "web applications" to the millions. And then come back and see how Rails applies to this world and how it could change and grow.

lovelovelove sudara

sudara wrote:

I want to leave a nice comment without hassle. I click "Submit," the screen darkens, and a small and bright popup on the page appears in a random position that says "Click on me to prove you are a human being!"

This is a good idea, from a less-hassle perspective. This particular solution, though, suffers from a few drawbacks. It would require that javascript be enabled, and also a bot can potentially find any links.

However, it gives me an idea... what if a single large image appears (a la lightbox as you describe) which is a montage that (via RMagick or something) contained a background image overlaid by one or more randomly placed images, including exactly one pony. Then you can say "click on the pony to prove you are a human being." If this was implemented as an imagemap, all browsers can participate, even those that don't have javscript enabled (though the presentation would be different). The larger the image-to-pony ratio, the smaller the chance that a bot would guess the required coordinates correctly. Combined with a three strikes-and-you're-out policy, this could potentially work, d'ya think?

- Mark.

However, it gives me an idea... what if a single large image appears (a la lightbox as you describe) which is a montage that (via RMagick or something) contained a background image overlaid by one or more randomly placed images, including exactly one pony. Then you can say "click on the pony to prove you are a human being."

Haha! I love it. Pony Authentication.

Also, what about a javascript observer which detected whether or not a human being was typing into text fields...I mean a robot/spider won't be entering SPAM comments one character at a time...And then, if there is any doubt (maybe you copy and pasted text into the text field), some kind of user-hassle experience may be necessary.

There must be dozens of ways to take these kinds of responsibilities OUT of the hands of users by making programs just a teeny bit smarter in creative ways.

As far as javascript being on/off, I guess my thoughts are more focused on the upcoming breed of javascript intensive aps that just won't care about those who have it off (by observation of reality). In otherwords, the users will have javascript on, because they are looking for that rich UI experience. Period.

lovelovelove sudara

these sorts of things have their limits. back when netrek was popular, someone implemented a bot finding program that made some decisions based on how fast input came through. it wound up finding some humans who used the program in unexpected ways. beyond that, slow input is trivial to spoof.

-faisal

} } sudara wrote: } > I want to leave a nice comment without hassle. I click "Submit," } > the screen darkens, and a small and bright popup on the page } > appears in a random position that says "Click on me to prove } > you are a human being!" } } This is a good idea, from a less-hassle perspective. This particular } solution, though, suffers from a few drawbacks. It would require that } javascript be enabled, and also a bot can potentially find any links. } } However, it gives me an idea... what if a single large image appears (a } la lightbox as you describe) which is a montage that (via RMagick or } something) contained a background image overlaid by one or more randomly } placed images, including exactly one pony. Then you can say "click on } the pony to prove you are a human being." If this was implemented as an } imagemap, all browsers can participate, even those that don't have } javscript enabled (though the presentation would be different). The } larger the image-to-pony ratio, the smaller the chance that a bot would } guess the required coordinates correctly. Combined with a three } strikes-and-you're-out policy, this could potentially work, d'ya think?

It's a nice idea, but I'm skeptical. Show me an example image that won't make the user feel like s/he is playing Where's Waldo (i.e. doesn't annoy the user) and has sufficient noise to make image recognition difficult.

} - Mark. --Greg

Ever noticed the "X" "Y" parameters in the form submit with rails ?

Use captch to generate multiple images with words like "Submit", "OhSpam", "NoNo", etc. Use that image with image_submit_tag - use those x,y parameters to detect if the user clicked on "Submit" or not.

Problem solved ?

I want to know "Where are the simpler methods of identifying a person as a person when you are giving information to a website"

FYI, the phrase you're looking for is "human interaction proof" (HIP). As you've probably guessed, lots of people are interested in this topic; you'll find people doing HIP work at many companies and universities.

- James Moore

FYI, the phrase you're looking for is "human interaction proof" (HIP). As you've probably guessed, lots of people are interested in this topic; you'll find people doing HIP work at many companies and universities.

Very cool.

It is funny to me that telling the difference between a bot and a human proves to be such a difficult task for a computer program. It says something important, especially when you look at humans and the many troubles they experience just using a computer. To add the fact that 'their computer' wants them to prove their humanness is insult to injury.

After working for 2 years as a manager/technician at an IT support firm, I really realized that I FLY around any user interface (known or unknown) compared with 98% of the population. In other words, I don't (and probably you neither) have a problem intuitively figuring out how to use something if it's on a computer. As a web designe/programmer this actually works against you - by default you are OK with CAPTCHA and 25 other conventions that a normal user doesnt understand or want to deal with. Over time, they learn to put up with some of them, and we come up with better solutions for others.

Thanks for the responses, guys. lovelovelove sudara

It's a nice idea, but I'm skeptical. Show me an example image that won't make the user feel like s/he is playing Where's Waldo (i.e. doesn't annoy the user) and has sufficient noise to make image recognition difficult.

If you varied the backgrounds, pony images and non-pony images (say a combination of cartoons and photos), it wouldn't have to be difficult at all for humans, and there would be nothing particular a bot could key on. For a bot, it would certainly orders of magnitude harder than the letter systems used today.

- Mark.

No. What's to prevent a bot from putting x,y parameters in a click?

} > It's a nice idea, but I'm skeptical. Show me an example image that } > won't make the user feel like s/he is playing Where's Waldo (i.e. } > doesn't annoy the user) and has sufficient noise to make image } > recognition difficult. } } If you varied the backgrounds, pony images and non-pony images (say a } combination of cartoons and photos), it wouldn't have to be difficult at } all for humans, and there would be nothing particular a bot could key } on. For a bot, it would certainly orders of magnitude harder than the } letter systems used today.

There are a lot of "would"s in the above paragraph. Please generate an actual sample image. The discussion so far has amounted to hand-waving. I'd be excited to see an improved solution, but so far I haven't *seen* anything.

} - Mark. --Greg

> It's a nice idea, but I'm skeptical. Show me an example image > that won't > make the user feel like s/he is playing Where's Waldo (i.e. > doesn't annoy > the user) and has sufficient noise to make image recognition > difficult.

Click on the dude with the baseball hat to prove your human-ness:

There are a lot of "would"s in the above paragraph. Please generate an actual sample image. The discussion so far has amounted to hand-waving. I'd be excited to see an improved solution, but so far I haven't *seen* anything.

Translation: Build it, and I'll consider using it

One image wouldn't help you decide, when a major part of its effectiveness comes from the variation in the images, positioning, etc.

I don't think that even the most covert NSA think tanks have developed pony recognition software capable of distinguishing an arbitrary pony image from that of other quadripeds, much less pick one out from a larger image.

- Mark.

By having 100's of such images with different "X", "Y" parameters for "Submit".

Check out http://null.in:5000/

Just a quick proof of concept.

-Pratik

None of these need actually be programmatically broken. They can be easily bypassed with a little creative forwarding and free porn.

http://boingboing.net/2004/01/27/solving_and_creating.html

While I realise it’s a proof of concept, how would it be envisioned that this could be made accessible? I’m not sure how present CAPTCHA systems work for those using screen readers. Any ideas?

Alastair

Larger sites typically offer an alternative captcha, for example an audio captcha, for those who have poor sight.

- Rob