I Can't See The Image

Mon Jan 12 13:43:46 PST 2004

Hi Ceri,

On 12 Jan 2004 at 19:31, Ceri Davies <ceri at FreeBSD.org> spoke, thus:

[...]
> It looks fine; I'll file it for you, as this whole situation is pretty
> much down to me.  I knew that users with impaired vision would have a
> problem with this (which is why I included the "mail bugbusters" ALT
> tag), but figured that it was better than the previous situation, which
> was having zero web-based mechanism for bug reporting whatsoever. 

I'm very glad you did. :-)  I didn't even realise that it was actually a 
graphic, since if there is alt text the text goes straight into my MSAA 
buffer (screen review program's decolumnisation and parsing of HTML to 
make web pages in the form of a linear, character-based document as in a 
word processor with review functionality using cursors etc rather than 
representative of what's physically on the screen which read literally may 
make no sense as in frames or tables; MSAA stands for M$ Active 
Accessibility, the "Standard" which screen readers use to get data out of 
the browser - M$IE - without needing to hack it out of the screen) for my 
benefit (the expectation is that we will know it is an alt because of its 
contents - EG a useful description of an image) without making a 
distinction that it was any different from normal text.  The situation 
that needed web access also happened to apply to me - installation.  So, 
all in all, and for submitting the report on my behalf, thank you!

> I do like the suggestion for using a maths problem; that's very neat.
> Are there other verification mechanisms that you could recommend?

Hmm, well the most obvious is email, but it is only limited by the 
capacity of people's intent to do damage and your imagination, really.  My 
maths problem example is only useful if someone doesn't fiendishly bother 
to craft up a suitably horrible piece of code that does the dirty work.  I 
rely on the supreme unlikelihood of this.  Having said that, I may have 
been bothered to buzz that image through my OCR utility to try and pull 
the characters out of it, and it would be no less robotic than before if 
that could be automated, assuming that the process that created the image 
was any good at scrawling it enough to upset OCR applications but still 
make it readable by humans.  Even sound has been used this way, 
concatenating the characters from the alphabet and numbers and then making 
this available as a waveform for download, sometimes with suitable 
obfuscation (muffling, fizz/crackle, etc), and it could still be 
completely horrible and un-doable for me.  So... maths, simple coding 
(i.e. in the following word, shift each character up by 3 for even 
characters or vowels and 5 for others)...  If it's email, don't forget to 
introduce the random element into the email that is sent back in the URL, 
else it's pointless (sorry, you probably already know, it's depressing to 
see the number of people/organisations that still don't, including these 
so-called silver-bullet challenge response anti-spam systems, all of which 
are the very devil for verification tactics).  You won't get me verifying 
my email address on one of those... :-(

> Also, looking at the filled out form you've submitted below, I'm
> guessing that a major annoyance with image based verification is that
> you get no indication that this is necessary until you've filled in the
> form - would it be of use (in general) for websites to state at the top of
> a form that you'll need to be able to see images later on?

Absolutely.  I always see and work with the page from the top down, so I 
filled in this form before realising that I was completely incapable of 
getting it submitted which was obviously a tad annoying (as you've seen :-
) ).  Had I known otherwise I would have manually typed the entries into 
my email to you, so the result would look a bit nicer but be essentially 
similar in this particular instance.  Yahoo! have this sort of thing for 
their registration, and they always put at the top of their pages 
something like, "Visually impaired users - this form relies on image 
verification because of spammers, ... please use this web page to contact 
us instead".  Well, that turns out to be awful, because customer services 
then fail to get back and you are left without a registration at all, but 
you could do the same if you'd rather hold your email addresses from 
spammers - a webform that securely submits mail to you instead of 
revealing the address.  Of course, independence is definitely the key, so 
alternative verification steps are definitely preferable.

> Regarding your observation that robots would be expected to be abusing an
> email based system anyway, I agree that you would expect that to be true,
> but our experience shows that this doesn't hold.  No idea why.

Mmm.  Well if the robot that accepts the reports simply has no time for 
spam (EG uses Procmail/RBLS/etc) then it is definitely better off than if 
it were simply configured to automate the input process and reply if it 
didn't understand it, since spammers may use that property to bounce error 
messages at hapless individuals.  Still, it's probably just due to the 
fact that the address isn't likely well-publicised or something.  I've 
never worked directly with Send-PR yet, so wouldn't really know.  Perhaps 
it's just luck! :-)

> Apologies for the problems you had with the form, and I'll certainly
> look into other mechanisms for doing this verification.

No problem, and thanks very much again - you've been extremely helpful!

> Cheer,
> 
> Ceri
> FreeBSD Bugmeister

Cheers,
Sabahattin
-- 
Thought for the day:
    Communist (n): one who has given up all hope
    of becoming a Capitalist.

Latest PGP Public key blocks?  Send any mail to:
<PGPPublicKey at sabahattin-gucukoglu.com>

Sabahattin Gucukoglu
Phone: +44 (0)20 7,502-1615
Mobile: +44 (0)7986 053399
http://www.sabahattin-gucukoglu.com/
Email/MSN: <mail at Sabahattin-Gucukoglu.com>