Re: [Python-Dev] Summary of Tracker Issues
On Wed, 2007-05-16 at 22:17 -0700, Talin wrote: > Here's a simple method: Put up a free porn site [...] Is it known that someone actually implemented this? It's a neat trick, but as far as I know, it started as a thought experiment of what *could* be done to fairly easily defeat the captchas, as well as all other circumvention methods that make use of human intelligence. ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Summary of Tracker Issues
Talin wrote: > Here's a simple method: Put up a free porn site, with a front page that > says "you must be 18 or older to enter". The page also has a captcha to > verify that you are a real person. But here's the trick: The captcha is > actually a proxy to some other site that the spammer is trying to get > access to. The "python-related question" technique would probably be somewhat resistant to this, as your average porn surfer probably doesn't know anything about Python. (At least until CP4E takes off and everyone knows Python...) -- Greg Ewing, Computer Science Dept, +--+ University of Canterbury, | Carpe post meridiem! | Christchurch, New Zealand | (I'm not a morning person.) | [EMAIL PROTECTED] +--+ ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Summary of Tracker Issues
On 5/17/07, Hrvoje Nikšić <[EMAIL PROTECTED]> wrote: > On Wed, 2007-05-16 at 22:17 -0700, Talin wrote: > > Here's a simple method: Put up a free porn site [...] > > Is it known that someone actually implemented this? It's a neat trick, > but as far as I know, it started as a thought experiment of what *could* > be done to fairly easily defeat the captchas, as well as all other > circumvention methods that make use of human intelligence. I don't have hard data but it's been related to me as true by Googlers who should have first-hand experience. -- --Guido van Rossum (home page: http://www.python.org/~guido/) ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Summary of Tracker Issues
Hrvoje Niksic wrote: > On Wed, 2007-05-16 at 22:17 -0700, Talin wrote: >> Here's a simple method: Put up a free porn site [...] > > Is it known that someone actually implemented this? I moderate a discussion forum which was abused with this exact attack. At the time, it was a phpBB forum which had the standard graphical captcha. After switching to a different forum package, the attacks went away. I will assume because (as it has been said) it was no longer a well-known and common interface. However, it may also be because instead of using a graphic (which is easily transplanted to another page), it uses ascii art which would require more effort to extract and move to another page. -Scott -- Scott Dial [EMAIL PROTECTED] [EMAIL PROTECTED] ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Summary of Tracker Issues
* Scott Dial <[EMAIL PROTECTED]> [2007-05-17 11:04:46]: > However, it may also be because instead of using a graphic (which is > easily transplanted to another page), it uses ascii art which would > require more effort to extract and move to another page. Another approach would be a 'text scrambler' logic: You can aclltauy srlbcame the quiotesn psneeetrd wchih only a hmuan can uetrnnadsd pperlory. The quiotesn ovubolsiy slouhd be a vrey vrey slmipe one. And you can hvae a quiotesn form the quiotesn itslef. Site: What is the futorh word of tihs scnnteee? Answer: fourth. Site: You are intelligent, I shall allow you. -- O.R.Senthil Kumaran http://uthcode.sarovar.org ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Summary of Tracker Issues
O.R.Senthil Kumaran schrieb: > * Scott Dial <[EMAIL PROTECTED]> [2007-05-17 11:04:46]: > >> However, it may also be because instead of using a graphic (which is >> easily transplanted to another page), it uses ascii art which would >> require more effort to extract and move to another page. > > Another approach would be a 'text scrambler' logic: > > You can aclltauy srlbcame the quiotesn psneeetrd wchih only a hmuan can > uetrnnadsd pperlory. The quiotesn ovubolsiy slouhd be a vrey vrey slmipe one. > > And you can hvae a quiotesn form the quiotesn itslef. > > Site: What is the futorh word of tihs scnnteee? > > Answer: fourth. > > Site: You are intelligent, I shall allow you. Please bear in mind that non-native speakers who don't have had much exposure to the English language should be able to solve this problem too. I doubt that is the case for the kind of challenge you propose. Georg -- Thus spake the Lord: Thou shalt indent with four spaces. No more, no less. Four shall be the number of spaces thou shalt indent, and the number of thy indenting shall be four. Eight shalt thou not indent, nor either indent thou two, excepting that thou then proceed to four. Tabs are right out. ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Summary of Tracker Issues
* Andrew McNamara <[EMAIL PROTECTED]> [2007-05-17 15:30:43 +1000]: > technique could be used, but my suspicion is that real people are being > paid a pittance to sit in front of a PC and spam anything that moves. http://www.mturk.com/mturk/welcome Complete simple tasks that people do better than computers. And, get paid for it. Learn more. Choose from thousands of tasks, control when you work, and decide how much you earn. -- mithrandi, i Ainil en-Balandor, a faer Ambar signature.asc Description: Digital signature ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Summary of Tracker Issues
O.R.Senthil Kumaran wrote: > Site: What is the futorh word of tihs scnnteee? > > Answer: fourth. Are you sure it isn't "futorh"?-) -- Greg ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Summary of Tracker Issues
* Greg Ewing <[EMAIL PROTECTED]> [2007-05-18 13:06:41]: > > > Site: What is the futorh word of tihs scnnteee? > > Answer: fourth. > > Are you sure it isn't "futorh"?-) > :-) My idea was, a human got to answer it unscrambled as 'fourth' as he "understands" what the question is and gives the proper answer. Agreed, there could be confusion at first. For non-native speakers of English, this could be difficult if their experience with English is less, but we will have to take a chance that anyone capable of reading english should be able to figure it out. Again these are my thoughts and I dont have a good data to prove it. Implementation standpoint, this is one of the easiest I can think of. Thanks, -- O.R.Senthil Kumaran http://uthcode.sarovar.org ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] recursion limit in marshal
I had a little argument with the marshal module on Windows last night,
I eventually won. :-)
A patch was checked in which would prevent blowing out the stack and
segfaulting with this code:
marshal.loads( 'c' + ('X' * 4*4) + '{' * 2**20)
Originally, I didn't change the recursion limit which was 5000. (See
MAX_MARSHAL_STACK_DEPTH in Python/marshal.c) This is a constant in C
code that cannot be changed at runtime. The fix worked on most
platforms. However it didn't on some (Windows and MIPS?), presumably
due a smaller stack limit. I don't know what the stack limits are on
each architecture.
I dropped the limit to 4000, that still crashed. I eventually settled
on 2000. Which passed in 2.6. I don't think there is a test case for
the recursion limit when dumping a deeply nested object. I suppose I
should add one, because that could also blow the limit too.
The point of this message is to see if anyone thinks 2000 is
unreasonable. It could probably be raised, but I'm not going to try
it since I don't have access to a Windows box. Testing this remotely
sucks.
n
___
Python-Dev mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] recursion limit in marshal
> The point of this message is to see if anyone thinks 2000 is > unreasonable. It could probably be raised, but I'm not going to try > it since I don't have access to a Windows box. Testing this remotely > sucks. If this turns out ever to be a limitation, I would challenge the reporter to rewrite marshal in a non-recursive manner. It shouldn't be that difficult: w_object should operate a queue of objects yet to be written, and Tuple, Dict, Set (why does marshal support writing sets, anyway?) would all just add things to the queue rather than recursively invoking w_object. The only challenge would be code objects, which have a w_long interspersed with the w_object calls. I would fix this by changing the marshal format of code objects, to move the co_firstlineno to the beginning. For reading, a heap-managed stack would be necessary, consisting of a (type, value, position, next) linked list. Again, code objects would need special casing, to allow construction with NULL pointers at first, followed by indexed setting of the code fields. For lists and tuples, position would define the next index to be filled; for dictionaries, it would not be needed, and for code objects, it would index the various elements of the code object. Regards, Martin ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
