[Dev] [Servers - Bug #2419] (not-a-bug) [CAPTCHA] Are you serious?
labs at parabola.nu
labs at parabola.nu
Sat Aug 10 23:16:13 GMT 2019
Issue #2419 has been updated by bill-auger.
Status changed from unconfirmed to not-a-bug
registration was closed before that puzzle went up and it still is - the version of the puzzle that you saw is not complete - it is only a demo of the client-side javascript; and the page has in red printing: "this captcha is not yet fully operational" - that means this is not a bug report, because nothing is broken - this is a grievance discussion - it would be better on the mailing list or forum - please reserve the bug tracker for things that are intended to be working, but are broken
the puzzle will require javascript; and it is not going to be accessible - thats not for any inherent reason; but because those features would require more effort than i am willing to invest, merely for thwarting bots - there is no problem with that though; because it is only guarding, but allowing self-registrations; which are not enabled otherwise - the part of web page that is accessible via screen-readers, and is visible without javascript, clearly indicates that anyone who can not or does not wish to solve the puzzle, can ask on the mailing list or IRC for a parabola dev to register them manually
an accessibility issue would be allowing some people to do something in a way that prevents others from doing the same thing - in this case that _something_ is to acquire a nickname on the bug tracker; and that puzzle will not prevent anyone from doing that - all that anyone needs to do is ask - the alternative is to require everyone to ask - that is the case now; and that is how trisquel has been doing it for years - if the puzzle is effective at all, it will be an indubitable improvement
the important thing is that it will impede bots - if it turns out to not be effective at that goal, then it will go away and self-registrations will simply be closed again, until a better solution is found, or perhaps indefinitely
i will change the word 'assets' in the source code to 'blobs', if it pleases the Great Gnu - now that i think of it, i like that better
----------------------------------------
Bug #2419: [CAPTCHA] Are you serious?
https://labs.parabola.nu/issues/2419#change-12762
* Author: temporaryuser
* Status: not-a-bug
* Priority: bug
* Assignee:
* Category:
----------------------------------------
I have seen the CAPTCHA on registration page. This CAPTCHA is unacceptable.
It _will_ make registration longer. It _will not_ prevent robots from registering on the website.
I have read the source code. CAPTCHAs must not be done this way. Do you really think robots will execute *YOUR* JavaScript? *Never trust the client.* https://labs.parabola.nu/match_game/match_game.js
If you will fix this issue, there are more issues:
Cards are stored here: https://labs.parabola.nu/match_game/assets/cards.png. This image can be used to bypass CAPTCHA.
Directory name is _assets_, which is not allowed by GNU. https://www.gnu.org/philosophy/words-to-avoid.html#Assets
There is '.' after '?' in 'would you?.'.
And, finally, it will be impossible to register without JavaScript, I think.
--
-- ^^^^ Type your reply above this line ^^^^ --
-- Please keep the 'Subject' as it is --
You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://labs.parabola.nu/my/account
More information about the Dev
mailing list