You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Pier Fumagalli <pi...@betaversion.org> on 2005/09/02 17:16:53 UTC
Warped Text...
Guys,
for one of our registration projects, we needed to verify that a
user is really in front of the browser (no automatons allowed). I
wrote, then, a little "text-warper" that randomly stretches text for
a user to see (and re-type) and writes out JPEG files.
In addition to that I wrote a little random-text generator and
encryptor (so that you can be sure the text displayed is nowhere in
your HTML). An example of a generated image is attached here.
Re: Warped Text...
Posted by Antonio Gallardo <ag...@agssa.net>.
>>>> Yep, but SVG IMVHO is quite overkill to generate a simple image...
>>>> Plus I suspect that the blurring algorithm is quite easy to
>>>> recognize (in terms of running a simple image analysis package over
>>>> the generated output).
>>>
Hi:
I just wanted to know where we are right now. I did some tests. Here is
the results:
http://www.pwntcha.net/test.html?file=20050910023800guNNub.jpeg
Since we can also change the SVG file. Here is another sample :
http://www.pwntcha.net/test.html?file=20050910022917hUSpnb.jpeg
Best Regards,
Antonio Gallardo.
P.S: I am not trying to defeat the above statement.
Re: Warped Text...
Posted by Ugo Cei <u....@pronetics.it>.
Il giorno 08/set/05, alle 18:53, Pier Fumagalli ha scritto:
>>> Yep, but SVG IMVHO is quite overkill to generate a simple image...
>>> Plus I suspect that the blurring algorithm is quite easy to
>>> recognize (in terms of running a simple image analysis package over
>>> the generated output).
>>>
>>
>> Indeed, but my CAPTCHA widget is not tied to a particular image
>> generation algorithm. It just calls a pipeline which must be able to
>> get the string to be rendered from a session attribute. If you want,
>> you can replace the one in the sample with one using your generator.
>
> Chill... No need to be defensive...
I assure you that I'm not being defensive at all :-) I was just trying
to suggest that your reader would be a good complement to the CAPTCHA
support in CForms and it would be better to show them together in a
sample rather than not.
Cheers,
Ugo
--
Ugo Cei
Tech Blog: http://agylen.com/
Open Source Zone: http://oszone.org/
Wine & Food Blog: http://www.divinocibo.it/
Re: Warped Text...
Posted by Pier Fumagalli <pi...@betaversion.org>.
On 8 Sep 2005, at 16:47, Ugo Cei wrote:
> Il giorno 02/set/05, alle 17:32, Pier Fumagalli ha scritto:
>
>> Yep, but SVG IMVHO is quite overkill to generate a simple image...
>> Plus I suspect that the blurring algorithm is quite easy to
>> recognize (in terms of running a simple image analysis package
>> over the generated output).
>>
>
> Indeed, but my CAPTCHA widget is not tied to a particular image
> generation algorithm. It just calls a pipeline which must be able
> to get the string to be rendered from a session attribute. If you
> want, you can replace the one in the sample with one using your
> generator.
Chill... No need to be defensive...
Pier
Re: Warped Text...
Posted by Ugo Cei <ug...@apache.org>.
Il giorno 02/set/05, alle 17:32, Pier Fumagalli ha scritto:
> Yep, but SVG IMVHO is quite overkill to generate a simple image...
> Plus I suspect that the blurring algorithm is quite easy to recognize
> (in terms of running a simple image analysis package over the
> generated output).
Indeed, but my CAPTCHA widget is not tied to a particular image
generation algorithm. It just calls a pipeline which must be able to
get the string to be rendered from a session attribute. If you want,
you can replace the one in the sample with one using your generator.
Ugo
--
Ugo Cei
Tech Blog: http://agylen.com/
Open Source Zone: http://oszone.org/
Wine & Food Blog: http://www.divinocibo.it/
Re: Warped Text... (off topic)
Posted by Sylvain Wallez <sy...@apache.org>.
Dirk-Willem van Gulik wrote:
>On Fri, 2 Sep 2005, Pier Fumagalli wrote:
>
>
>>>http://agylen.com/2005/05/16/captcha-validator-for-cocoon-forms/
>>>
>>>Ciao,
>>>
>>>
>>Yep, but SVG IMVHO is quite overkill to generate a simple image...
>>
>>
>
>For something really simple:
>
>sub getBCD {
> $_ = (123567,36,13457,13467,2346,12467,24567,136,1234567,12346)[ shift @_ ];
> return (((m/1/) ? ' _ ' : ' '),
> ((m/2/) ? '|' : ' '). ((m/4/) ? '_' : ' '). ((m/3/) ? '|' : ' '),
> ((m/5/) ? '|' : ' '). ((m/7/) ? '_' : ' '). ((m/6/) ? '|' : ' '));
>};
>
>map { my @r = getBCD($_); map { $out[ $_ ] .= $r[$_].' '; } (0 .. 2); } '3231' =~ m/./g;
>
>print join("\n",@out);
>
>Just kidding.
>
>
Hey, nice to see you here!
As my perl is more than limited, I had to run it to understand what it
does. Brilliant :-)
Sylvain
--
Sylvain Wallez Anyware Technologies
http://people.apache.org/~sylvain http://www.anyware-tech.com
Apache Software Foundation Member Research & Technology Director
Re: Warped Text... (off topic)
Posted by Dirk-Willem van Gulik <di...@webweaving.org>.
On Fri, 2 Sep 2005, Pier Fumagalli wrote:
> > http://agylen.com/2005/05/16/captcha-validator-for-cocoon-forms/
> >
> > Ciao,
>
> Yep, but SVG IMVHO is quite overkill to generate a simple image...
For something really simple:
sub getBCD {
$_ = (123567,36,13457,13467,2346,12467,24567,136,1234567,12346)[ shift @_ ];
return (((m/1/) ? ' _ ' : ' '),
((m/2/) ? '|' : ' '). ((m/4/) ? '_' : ' '). ((m/3/) ? '|' : ' '),
((m/5/) ? '|' : ' '). ((m/7/) ? '_' : ' '). ((m/6/) ? '|' : ' '));
};
map { my @r = getBCD($_); map { $out[ $_ ] .= $r[$_].' '; } (0 .. 2); } '3231' =~ m/./g;
print join("\n",@out);
Just kidding.
Dw.
Re: Warped Text...
Posted by Pier Fumagalli <pi...@betaversion.org>.
On 2 Sep 2005, at 16:44, Sylvain Wallez wrote:
> Pier Fumagalli wrote:
>
>>> Did you look at what Ugo did with captchas?
>>>
>>> http://agylen.com/2005/05/16/captcha-validator-for-cocoon-forms/
>>>
>>> Ciao,
>>
>> Yep, but SVG IMVHO is quite overkill to generate a simple
>> image... Plus I suspect that the blurring algorithm is quite easy
>> to recognize (in terms of running a simple image analysis package
>> over the generated output).
>
> Just curious: what do you use to produce the image?
AWT... I create an image, dump some text into it, calculate a couple
of sine-waves, use them as the displacement base, re-scale the warped
image while antialiasing it... On my laptop, with Eclipse/iTunes/
blablalba and so on running, I can get something like 4 requests/
second (9 kilobytes/second) on 100x50 pixel images.
It can be optimized a lot, I'm sure about it, I waste quite a large
amount of cylcles, but the code is so simple (100 lines with
comments) that in a couple of iterations I'm pretty sure I can double
the thrugput.
> If it's lighter and more efficient that SVG, we may simply consider
> using your stuff for the captcha widget.
Pretty sure it's lighter than SVG (even in its current state)! :-D
I'm all up for it, as long as it can be found also without CFORMs
enabled (I don't normally include them but I need the reader) and as
long as I don't have to integrate it (as I wouldn't know where to
start).
Shall I commit it in a simple block with a couple of samples, just to
show how it works???
Pier
Re: Warped Text...
Posted by Sylvain Wallez <sy...@apache.org>.
Pier Fumagalli wrote:
>> Did you look at what Ugo did with captchas?
>>
>> http://agylen.com/2005/05/16/captcha-validator-for-cocoon-forms/
>>
>> Ciao,
>
>
> Yep, but SVG IMVHO is quite overkill to generate a simple image...
> Plus I suspect that the blurring algorithm is quite easy to recognize
> (in terms of running a simple image analysis package over the
> generated output).
Just curious: what do you use to produce the image? If it's lighter and
more efficient that SVG, we may simply consider using your stuff for the
captcha widget.
Sylvain
--
Sylvain Wallez Anyware Technologies
http://people.apache.org/~sylvain http://www.anyware-tech.com
Apache Software Foundation Member Research & Technology Director
Re: Warped Text...
Posted by Mark Lundquist <ml...@wrinkledog.com>.
On Sep 2, 2005, at 1:13 PM, Gregor J. Rothfuss wrote:
> there are better alternatives to captchas, like riddles
Ah yes... :-)
http://www.mwscomp.com/movies/grail/grail-23.htm
Re: Warped Text...
Posted by "Gregor J. Rothfuss" <gr...@apache.org>.
Pier Fumagalli wrote:
> Err... Ehm... Well, did the same before posting! :-D
>
> But this http://www.brains-n-brawn.com/default.aspx?vDir=aicaptcha can
> defeat it.
>
> If it's human-readable, at the end, it WILL be defeated, no matter what.
there are better alternatives to captchas, like riddles or simple
mathematical problems, with the added benefit of being accessible.
Re: Warped Text...
Posted by Pier Fumagalli <pi...@betaversion.org>.
On 2 Sep 2005, at 17:00, Jorg Heymans wrote:
> Pier Fumagalli wrote:
>
>>>> Guys,
>>>> for one of our registration projects, we needed to verify
>>>> that a
>>>> user is really in front of the browser (no automatons allowed). I
>>>> wrote, then, a little "text-warper" that randomly stretches text
>>>> for
>>>> a user to see (and re-type) and writes out JPEG files.
>
> Amazingly enough, PWNtcha [0] does not seem to be able to decode your
> rather simple text warping. It's intriguing to see how their routines
> can solve captchas even humans have to concentrate on, yet is
> unable to
> solve a simple text warp.
>
> Jorg
>
> [0] http://sam.zoy.org/pwntcha/
> (i took the liberty of running your warps through their cgi)
Err... Ehm... Well, did the same before posting! :-D
But this http://www.brains-n-brawn.com/default.aspx?vDir=aicaptcha
can defeat it.
If it's human-readable, at the end, it WILL be defeated, no matter what.
Pier
Re: Warped Text...
Posted by Jorg Heymans <jh...@domek.be>.
Pier Fumagalli wrote:
>>> Guys,
>>> for one of our registration projects, we needed to verify that a
>>> user is really in front of the browser (no automatons allowed). I
>>> wrote, then, a little "text-warper" that randomly stretches text for
>>> a user to see (and re-type) and writes out JPEG files.
>>>
Amazingly enough, PWNtcha [0] does not seem to be able to decode your
rather simple text warping. It's intriguing to see how their routines
can solve captchas even humans have to concentrate on, yet is unable to
solve a simple text warp.
Jorg
[0] http://sam.zoy.org/pwntcha/
(i took the liberty of running your warps through their cgi)
Re: Warped Text...
Posted by Pier Fumagalli <pi...@betaversion.org>.
On 3 Sep 2005, at 15:22, Tony Collen wrote:
> Pier Fumagalli wrote:
>> On 2 Sep 2005, at 16:23, Gianugo Rabellino wrote:
>>> On 9/2/05, Pier Fumagalli <pi...@betaversion.org> wrote:
>>>
>>>> Guys,
>>>> for one of our registration projects, we needed to verify
>>>> that a
>>>> user is really in front of the browser (no automatons allowed). I
>>>> wrote, then, a little "text-warper" that randomly stretches text
>>>> for
>>>> a user to see (and re-type) and writes out JPEG files.
>>>>
>>>> In addition to that I wrote a little random-text generator and
>>>> encryptor (so that you can be sure the text displayed is nowhere in
>>>> your HTML). An example of a generated image is attached here.
>>>>
>>>>
>>>
>>> Did you look at what Ugo did with captchas?
>>>
>>> http://agylen.com/2005/05/16/captcha-validator-for-cocoon-forms/
>>>
>>> Ciao,
>>>
>> Yep, but SVG IMVHO is quite overkill to generate a simple
>> image... Plus I suspect that the blurring algorithm is quite easy
>> to recognize (in terms of running a simple image analysis package
>> over the generated output).
>> I kinda like more random things! :-P :-P
>> Pier
>
>
> Ugo's work built on some stuff I did a long time ago. I did a
> gaussian blur on the text just as a proof of concept. Of course,
> the SVG filters have displacement maps, so ideally you'd add one in
> addition to the stuff that's already there.
As Sylvain said, this can replace the default "gaussian blur" for the
Captchas...
I've now committed it as its own block in the 2.1.x branch, so feel
free to test it out, and if someone is into CFORMs (ping Ross, where
are you - my minions are nowhere to be found on a Sunday night! :-
D ), we can try to replace the SVG->Blur->IMAGE with this little Reader.
Anyhow, samples are in there, both for a simple CAPTCHA flow and for
a more generic showcase of what the CaptchaReader is capable of (not
much, but it's all there). As for the "validation" block, the
documentation is in Daisy (one gotta love that little piece of junk,
makes documenting so easy):
http://cocoon.zones.apache.org/daisy/documentation/blocks/captcha.html
http://cocoon.zones.apache.org/daisy/documentation/components/readers/
captchareader.html
Have fun...
Pier
Re: Warped Text...
Posted by Tony Collen <co...@umn.edu>.
Pier Fumagalli wrote:
> On 2 Sep 2005, at 16:23, Gianugo Rabellino wrote:
>
>> On 9/2/05, Pier Fumagalli <pi...@betaversion.org> wrote:
>>
>>> Guys,
>>> for one of our registration projects, we needed to verify that a
>>> user is really in front of the browser (no automatons allowed). I
>>> wrote, then, a little "text-warper" that randomly stretches text for
>>> a user to see (and re-type) and writes out JPEG files.
>>>
>>> In addition to that I wrote a little random-text generator and
>>> encryptor (so that you can be sure the text displayed is nowhere in
>>> your HTML). An example of a generated image is attached here.
>>>
>>
>> Did you look at what Ugo did with captchas?
>>
>> http://agylen.com/2005/05/16/captcha-validator-for-cocoon-forms/
>>
>> Ciao,
>
>
> Yep, but SVG IMVHO is quite overkill to generate a simple image... Plus
> I suspect that the blurring algorithm is quite easy to recognize (in
> terms of running a simple image analysis package over the generated
> output).
>
> I kinda like more random things! :-P :-P
>
> Pier
>
Ugo's work built on some stuff I did a long time ago. I did a gaussian
blur on the text just as a proof of concept. Of course, the SVG filters
have displacement maps, so ideally you'd add one in addition to the
stuff that's already there.
Tony
Re: Warped Text...
Posted by Pier Fumagalli <pi...@betaversion.org>.
On 2 Sep 2005, at 16:23, Gianugo Rabellino wrote:
> On 9/2/05, Pier Fumagalli <pi...@betaversion.org> wrote:
>
>> Guys,
>> for one of our registration projects, we needed to verify that a
>> user is really in front of the browser (no automatons allowed). I
>> wrote, then, a little "text-warper" that randomly stretches text for
>> a user to see (and re-type) and writes out JPEG files.
>>
>> In addition to that I wrote a little random-text generator and
>> encryptor (so that you can be sure the text displayed is nowhere in
>> your HTML). An example of a generated image is attached here.
>>
>
> Did you look at what Ugo did with captchas?
>
> http://agylen.com/2005/05/16/captcha-validator-for-cocoon-forms/
>
> Ciao,
Yep, but SVG IMVHO is quite overkill to generate a simple image...
Plus I suspect that the blurring algorithm is quite easy to recognize
(in terms of running a simple image analysis package over the
generated output).
I kinda like more random things! :-P :-P
Pier
Re: Warped Text...
Posted by Gianugo Rabellino <gi...@gmail.com>.
On 9/2/05, Pier Fumagalli <pi...@betaversion.org> wrote:
> Guys,
> for one of our registration projects, we needed to verify that a
> user is really in front of the browser (no automatons allowed). I
> wrote, then, a little "text-warper" that randomly stretches text for
> a user to see (and re-type) and writes out JPEG files.
>
> In addition to that I wrote a little random-text generator and
> encryptor (so that you can be sure the text displayed is nowhere in
> your HTML). An example of a generated image is attached here.
Did you look at what Ugo did with captchas?
http://agylen.com/2005/05/16/captcha-validator-for-cocoon-forms/
Ciao,
--
Gianugo Rabellino
Pro-netics s.r.l. - http://www.pro-netics.com
Orixo, the XML business alliance: http://www.orixo.com
(blogging at http://www.rabellino.it/blog/)