Big Ideas For Those With Time

Hello.

I've done my best not to haunt the mailing list so far, but it's 4am
and I blame the invention of Ruby on Rails for keeping me up at night.
So now you must bear with me or click back/next/delete.

ME:
I love rails in theory and practice, 3/4 of the 37mantras (how many
does that make?), and hanging around seeing how the community is
developing. I'm not famous or well accomplished, just a dude. I'm a
scope creep by nature, but I've learned in reality to shut my mouth.
Sometimes.

THE MEAT:
I want to know several things. The following gives you a flavor of the
kind of things that I am awake at night thinking, but these just came
out once I hit the keyboard.

CAPTCHA.
What is this? I'm not looking for a real answer. I'm looking for the
answer to the question: "How did we get to the point where we are
asking Joe to type in random numbers to satisfy a computer program."
Actually, I don't want an answer to that. I want to know "Where are the
simpler methods of identifying a person as a person when you are giving
information to a website"

Example:
You are submitting a comment on a typo blog. I don't want to give an
Email, yada yada, I want to leave a nice comment without hassle. I
click "Submit," the screen darkens, and a small and bright popup on the
page appears in a random position that says "Click on me to prove you
are a human being!"

Why?
One Click = much smaller pain in the ass than hunting and pecking on
the keyboard. Can a spider ever identify screen position of a needed
mouse click? I don't know. My point is not that I want to develop it,
but that it seems like there is a lack of chatter in the general
community on the theory level - solving small issues like this, as well
as larger issues like the next one.

Why?
I don't know. We have these discussions in private, or we just build
the damn thing, and it gets ripped off (read: recognized as being
something to build upon) and spreads virally into a convention. Like
the light-box stuff. Or ajax in general.

JAVASCRIPT
Rails helpers = goldmine for UI development.
But I don't see much discussion about MVC being ruined when developing
a intensely rich and interactive UI. (On a side note, I also don't see
much discussion which isn't the practical nitty-gritty of day to day
railing) Javascript lets you have a whole other world on the client
side. I mean, take an app like writely, gmail, etc - This is where web
applications are moving towards, right? Agreed? In other words, right
now, they are beta-buggy-scary, and often hacked together, but...."we"
want to see those things perfect, and that's how the world works - what
the public wants, they will get.

So, the point is, rjs has opened the door, and now we can put one foot
inside. But if you want to walk *through* that door, you need a lot
more than rjs - you need a javascript programmer building a lot of
custom shit. Look at the rails apps that put ajax to heavy use - look
at what lives in their .js - Lots of crazy stuff going well beyond
Element.update.

Lets talk about this: I need to load and store data on the client side,
have it manipulated, and at critical moments, synced with the server. I
want to paginate data and keep it on the client-side. I know, this is
possible, but the amount of effort for execution is still very very
high. I'm just saying...I think a lot about the fact that at some point
soon, the rails helpers will (have to) evolve and grow to satisfy this
need. I'm excited.

Another way of looking at this is a challenge: Can you build a
simplified version of iTunes, but as an online app? Yes, it is possible
(maybe throw in a Flash shell to handle the audio playback, but...) Can
you build a version which isn't painful to use? Does Rails aspire to be
'capable' of building something like this in the future? Is a more
in-depth javascript 'framework' needed in order to do so?

Instead of going further with more ambiguous ideas, I'm going to stop
here for now.
Instead of pushing cancel, I'm going to hit send.

Please realize that I don't want to upset anyone - if you are upset,
don't worry, you write better code than me - I'm just a lonely
programmer looking to talk *around* the ideas of the day. You know,
spend some time 'together' evaluating and chatting about things. There
always are a million 'better ways' - I would love to see more rails
folk dialogging about ideas within the larger community that go beyond
which server is better, why code is wrong or right, etc... Some of this
happens, but it seems to be more one-way communication. Blogging works,
but Diablogging is always better! Yes, it's all changing in front of
our eyes, and meanwhile we've got apps to build. Keep up! What's new?
Priorities! Build! Release! Go!

Anyone want to slow it down a bit?

lovelovelove
sudara

[...]
} CAPTCHA.
} What is this? I'm not looking for a real answer. I'm looking for the
} answer to the question: "How did we get to the point where we are
} asking Joe to type in random numbers to satisfy a computer program."
} Actually, I don't want an answer to that. I want to know "Where are the
} simpler methods of identifying a person as a person when you are giving
} information to a website"

Ultimately, it comes down to what computers are bad at and humans are good
at. In general, the answer is pattern recognition. Humans are very good at
pattern recognition, even in the presence of a lot of noise. A captcha is
little more than a simple pattern (letters and numbers) presented with a
lot of noise, which the user is then expected to recognize and regurgitate.

Also, I'll point out that the captchas for the visually impaired are much
easier for a computer to handle; there are much more effective algorithms
for sound/speech recognition than for image/text recognition.

} Example:
} You are submitting a comment on a typo blog. I don't want to give an
} Email, yada yada, I want to leave a nice comment without hassle. I
} click "Submit," the screen darkens, and a small and bright popup on the
} page appears in a random position that says "Click on me to prove you
} are a human being!"
}
} Why?
} One Click = much smaller pain in the ass than hunting and pecking on
} the keyboard. Can a spider ever identify screen position of a needed
} mouse click? I don't know. My point is not that I want to develop it,
} but that it seems like there is a lack of chatter in the general
} community on the theory level - solving small issues like this, as well
} as larger issues like the next one.

It's absolutely trivial for a computer to figure out where to click. If you
make a highly visible and obvious target for the user to click, an image
recognition algorithm will figure it out even faster than a human.

You see a lack of chatter because those familiar with computer science
literature know about the dead ends, and don't talk about them. Most of
those who don't know the literature are inclined to trust those who do.
Think of computer science as similar to civil engineering; amateurs can
design pretty looking bridges, but that doesn't mean that bridge would
stand up to even its own weight, much less traffic.

I know, it sounds really arrogant. Sorry about that. I don't mean to say
that people who don't have computer science training can't create anything
of value; that just isn't true. I'm saying that the hard problems (e.g.
packet routing on a global network, approximation algorithms, etc.) are
solved by computer scientists, and those without the training don't have
much to contribute to that.

} JAVASCRIPT
[...]
} Another way of looking at this is a challenge: Can you build a
} simplified version of iTunes, but as an online app? Yes, it is possible
} (maybe throw in a Flash shell to handle the audio playback, but...) Can
} you build a version which isn't painful to use? Does Rails aspire to be
} 'capable' of building something like this in the future? Is a more
} in-depth javascript 'framework' needed in order to do so?
[...]

I'm not quite sure what you're getting at here. Are you looking for
JavaScript toolkit libraries comparable to GTK+? They exist, but the
combination of DOM, CSS, and plain JavaScript tends to be nicer. Are you
looking to write JavaScript in Ruby? That's sort of what RJS is, and there
is also a project to actually transform Ruby into JavaScript. (The languages
are surprisingly similar, underneath the syntax differences.) I'd also
claim that a web-based iTunes clone is well within reach (especially the
store part, which is already web-based), and it is much more a matter of
licensing/copyright/legal issues that prevents anyone from doing so.
(Incidentally, it would be well within Apple's abilities to have iTunes
serve a web interface on a user-configurable port to do exactly that,
providing web access to your iTunes library. In fact, I think I'll suggest
it to my friend who works at Apple.)

} lovelovelove
} sudara
--Greg

Thanks greg.

Ultimately, it comes down to what computers are bad at and humans are good
at. In general, the answer is pattern recognition. Humans are very good at
pattern recognition, even in the presence of a lot of noise.

Yes. Exactly. This is why I see CAPTCHA as a hack solution, waiting for
something better to show up. Don't get me wrong, it's better than a
load of SPAM showing up at your door, and typing in 6 characters isn't
THAT tough, especially for those of us who see it now as "normal." But
if you step back, the idea is pretty demanding - Make every user do
some leg work to help out the lack of decent SPAM filtering on a
website. I just registered a domain, spent 10 minutes giving WAY too
much information on 8 different form pages, and at the end of the
process had to enter a silly string of numbers and digits.

I know, it sounds really arrogant. Sorry about that. I don't mean to say
that people who don't have computer science training can't create anything
of value; that just isn't true. I'm saying that the hard problems (e.g.
packet routing on a global network, approximation algorithms, etc.) are
solved by computer scientists, and those without the training don't have
much to contribute to that.

No problem. On one level I agree with you completely. As far as I know,
I'm never going to contribute to the rails core. Why? Learning curve,
talent, time investment. But ultimately why? Because I'm not inspired
to - there are people who do the 'hard work' a LOT better than I could,
I respect them, but get my kicks spending my time elsewhere.

But here is the difference - Web design isn't computer science. UI
design, web application design is not as much rocket science as common
sense and creativity. Will this make sense? Is this clear to the users
involved? How can we implement this creatively, and clearly? And you
see all sorts of technology being stiched together, not only by
computer scientists, but by programmers who are aware of their users.
In other words, people who can use tools to solve problems, but also
step back to identify the problems in the first place.

I'm not quite sure what you're getting at here.

What I'm getting at: I feel that it's important to step away from the
technology and have a wider perspective. It's easier to ask a
programmer "Is building an online version of iTunes possible?" than it
is to ask "Where does our current toolset fail, or not do *enough*" or
"What issues with application design are solveable in the near term,
and how would your tools need to change to solve them?"

It seems important to talk about what we are doing, not on the
technology level, but on the conceptual level. Why? Well, it's one
thing to design an app while thinking "what is best for the user" and
then plunge back into the deep end, making sure buttons are standing
out, that users are getting good feedback from the system, etc. It's
another thing to spend some time thinking about the situation in
general - What are the trends in web app design today - what is going
to fade away, what is really innovative, what is 'sticking', and most
importantly: What 'problems' are still waiting to be solved.

And in this case, I'm not talking about the nitty gritty hardcore
programming issues, I'm talking about the fact that millions of people
are surfing the internet and we are part of the crowd responsible for
that experience being useful, joyful, and informative.

There's lots of rails talk about getting DRY. No programmer likes to
write code twice. And it's a sexy idea to get rid of excessive code
writing. But we don't talk a lot (together) about UI design, about the
UI issues in general, about Application *flow*, about the larger
approaches and attitudes. The most you hear is "Reduce the number of
form fields" or "Don't ask the user to sign up for an account until you
really need them to." Yes, these are wonderful peices of advice! ...And
just the tip of the iceburg.

THOSE ideas are more along the lines I want to talk about. Stepping
back, I would think railers would be more obsessed about designing
systems their users will love: "Step away from the technology."

Again, if I've offended, or just plain boring to listen to, I
apologize. I'm excited by these kinds of things. I'm not looking to be
educated or educate, though I always expect that to occur natuarlly.
I'm looking to dig into topics that are left behind, but in reality
define the world of "web applications" to the millions. And then come
back and see how Rails applies to this world and how it could change
and grow.

lovelovelove
sudara

sudara wrote:

I want to leave a nice comment without hassle. I click "Submit,"
the screen darkens, and a small and bright popup on the page
appears in a random position that says "Click on me to prove
you are a human being!"

This is a good idea, from a less-hassle perspective. This particular
solution, though, suffers from a few drawbacks. It would require that
javascript be enabled, and also a bot can potentially find any links.

However, it gives me an idea... what if a single large image appears (a
la lightbox as you describe) which is a montage that (via RMagick or
something) contained a background image overlaid by one or more randomly
placed images, including exactly one pony. Then you can say "click on
the pony to prove you are a human being." If this was implemented as an
imagemap, all browsers can participate, even those that don't have
javscript enabled (though the presentation would be different). The
larger the image-to-pony ratio, the smaller the chance that a bot would
guess the required coordinates correctly. Combined with a three
strikes-and-you're-out policy, this could potentially work, d'ya think?

- Mark.

However, it gives me an idea... what if a single large image appears (a
la lightbox as you describe) which is a montage that (via RMagick or
something) contained a background image overlaid by one or more randomly
placed images, including exactly one pony. Then you can say "click on
the pony to prove you are a human being."

Haha! I love it. Pony Authentication.

Also, what about a javascript observer which detected whether or not a
human being was typing into text fields...I mean a robot/spider won't
be entering SPAM comments one character at a time...And then, if there
is any doubt (maybe you copy and pasted text into the text field), some
kind of user-hassle experience may be necessary.

There must be dozens of ways to take these kinds of responsibilities
OUT of the hands of users by making programs just a teeny bit smarter
in creative ways.

As far as javascript being on/off, I guess my thoughts are more focused
on the upcoming breed of javascript intensive aps that just won't care
about those who have it off (by observation of reality). In otherwords,
the users will have javascript on, because they are looking for that
rich UI experience. Period.

lovelovelove
sudara

these sorts of things have their limits. back when netrek was popular, someone implemented a bot finding program that made some decisions based on how fast input came through. it wound up finding some humans who used the program in unexpected ways. beyond that, slow input is trivial to spoof.

-faisal

}
} sudara wrote:
} > I want to leave a nice comment without hassle. I click "Submit,"
} > the screen darkens, and a small and bright popup on the page
} > appears in a random position that says "Click on me to prove
} > you are a human being!"
}
} This is a good idea, from a less-hassle perspective. This particular
} solution, though, suffers from a few drawbacks. It would require that
} javascript be enabled, and also a bot can potentially find any links.
}
} However, it gives me an idea... what if a single large image appears (a
} la lightbox as you describe) which is a montage that (via RMagick or
} something) contained a background image overlaid by one or more randomly
} placed images, including exactly one pony. Then you can say "click on
} the pony to prove you are a human being." If this was implemented as an
} imagemap, all browsers can participate, even those that don't have
} javscript enabled (though the presentation would be different). The
} larger the image-to-pony ratio, the smaller the chance that a bot would
} guess the required coordinates correctly. Combined with a three
} strikes-and-you're-out policy, this could potentially work, d'ya think?

It's a nice idea, but I'm skeptical. Show me an example image that won't
make the user feel like s/he is playing Where's Waldo (i.e. doesn't annoy
the user) and has sufficient noise to make image recognition difficult.

} - Mark.
--Greg

Ever noticed the "X" "Y" parameters in the form submit with rails ?

Use captch to generate multiple images with words like "Submit",
"OhSpam", "NoNo", etc. Use that image with image_submit_tag - use
those x,y parameters to detect if the user clicked on "Submit" or not.

Problem solved ?

I want to know "Where are the
simpler methods of identifying a person as a person when you are giving
information to a website"

FYI, the phrase you're looking for is "human interaction proof" (HIP). As
you've probably guessed, lots of people are interested in this topic; you'll
find people doing HIP work at many companies and universities.

- James Moore

FYI, the phrase you're looking for is "human interaction proof" (HIP). As
you've probably guessed, lots of people are interested in this topic; you'll
find people doing HIP work at many companies and universities.

Very cool.

It is funny to me that telling the difference between a bot and a human
proves to be such a difficult task for a computer program. It says
something important, especially when you look at humans and the many
troubles they experience just using a computer. To add the fact that
'their computer' wants them to prove their humanness is insult to
injury.

After working for 2 years as a manager/technician at an IT support
firm, I really realized that I FLY around any user interface (known or
unknown) compared with 98% of the population. In other words, I don't
(and probably you neither) have a problem intuitively figuring out how
to use something if it's on a computer. As a web designe/programmer
this actually works against you - by default you are OK with CAPTCHA
and 25 other conventions that a normal user doesnt understand or want
to deal with. Over time, they learn to put up with some of them, and we
come up with better solutions for others.

Thanks for the responses, guys.
lovelovelove
sudara

It's a nice idea, but I'm skeptical. Show me an example image
that won't
make the user feel like s/he is playing Where's Waldo (i.e.
doesn't annoy
the user) and has sufficient noise to make image recognition
difficult.

If you varied the backgrounds, pony images and non-pony images (say a
combination of cartoons and photos), it wouldn't have to be difficult at
all for humans, and there would be nothing particular a bot could key
on. For a bot, it would certainly orders of magnitude harder than the
letter systems used today.

- Mark.

No. What's to prevent a bot from putting x,y parameters in a click?

} > It's a nice idea, but I'm skeptical. Show me an example image that
} > won't make the user feel like s/he is playing Where's Waldo (i.e.
} > doesn't annoy the user) and has sufficient noise to make image
} > recognition difficult.
}
} If you varied the backgrounds, pony images and non-pony images (say a
} combination of cartoons and photos), it wouldn't have to be difficult at
} all for humans, and there would be nothing particular a bot could key
} on. For a bot, it would certainly orders of magnitude harder than the
} letter systems used today.

There are a lot of "would"s in the above paragraph. Please generate an
actual sample image. The discussion so far has amounted to hand-waving. I'd
be excited to see an improved solution, but so far I haven't *seen*
anything.

} - Mark.
--Greg

> It's a nice idea, but I'm skeptical. Show me an example image
> that won't
> make the user feel like s/he is playing Where's Waldo (i.e.
> doesn't annoy
> the user) and has sufficient noise to make image recognition
> difficult.

Click on the dude with the baseball hat to prove your human-ness:
http://caboo.se/

There are a lot of "would"s in the above paragraph. Please
generate an actual sample image. The discussion so far has
amounted to hand-waving. I'd be excited to see an improved
solution, but so far I haven't *seen* anything.

Translation: Build it, and I'll consider using it :slight_smile:

One image wouldn't help you decide, when a major part of its
effectiveness comes from the variation in the images, positioning, etc.

I don't think that even the most covert NSA think tanks have developed
pony recognition software capable of distinguishing an arbitrary pony
image from that of other quadripeds, much less pick one out from a
larger image. :slight_smile:

- Mark.

By having 100's of such images with different "X", "Y" parameters for "Submit".

Check out http://null.in:5000/

Just a quick proof of concept.

-Pratik

None of these need actually be programmatically broken. They can be
easily bypassed with a little creative forwarding and free porn.

http://boingboing.net/2004/01/27/solving_and_creating.html

While I realise it’s a proof of concept, how would it be envisioned that this could be made accessible? I’m not sure how present CAPTCHA systems work for those using screen readers. Any ideas?

Alastair

Larger sites typically offer an alternative captcha, for example an
audio captcha, for those who have poor sight.

- Rob