Dear all,
I prepared a contact form guarded with Captcha on my demo:
http://squeaksite.aidaweb.si/ContactUs/
Here only hardest part (captcha validation) works for now. Try by yourself.
Now we can start thinking about how to redesign and provide a better text of that Contact Us page.
First question is, who are the users of this page? Newcomers who like to come in contact with Squeak community in general? Or Squeakers who like to contact the web team? Or both?
Best regards Janko
Most (if not all) todays captchas can be broken with a reasonable high certainty by robots, see [1] for an example. Moreover, captchas impose a huge usability issue to humans. Personally I try to avoid filling any form with a captcha, this is simply too cumbersome and feels so Web 1.0.
There are many much better ways to make it much more difficult for bots to submit forms automatically, and these techniques don't even require additional human interaction. May people have blogged about some ideas, for example [2].
Seaside uses the technique of the secure token since the very beginning for all its forms automatically. There is not even an interaction required by the web developer. At OOP in Munich I showed some other security features that Seaside comes with out of the box [2]. So far, not a single spam post has appeared in my blog comments, even if there are dozens of strange post-requests visible in the log files on a daily bases.
So please, no captcha. This is so extremely annoying!
Cheers, Lukas
[1] http://www.cs.sfu.ca/~mori/research/gimpy/ [2] http://www.slideshare.net/renggli/seaside-web-development-as-you-like-it [3] http://nedbatchelder.com/text/stopbots.html
webteam@lists.squeakfoundation.org