Author - Jason McDonald

Just to make sure you are human please type the following phrase:

Yahoo’s Captcha

Google’s Captcha

Unless you are blind. Then, if you are lucky, you can click here to hear a spoken version of the captcha. However, most sites don’t implement a version that offers a spoken word. Facebook, MySpace, and other social networking powerhouses currently only cater to the vision capable crowd.

While the use of captcha was originally quite effective in preventing the use of scripts to gain access to a particular function of an application, it is only a matter of time before the script loses its effectiveness due to hacks. Both Yahoo and Google’s captchas have been hacked (click their captcha above to link to the articles talking about them being hacked).

Captchas are painful for all users, not just the visually impaired. I recently set up a phpBB bulletin board and watched someone try to sign up only to find that they had to enter the captcha over 10 times, all of which I verified to be correct, before it finally worked. This is just one of many examples – I have been at countless sites where I had to enter the characters multiple times just to get an acceptance. There are some versions of captcha that provide an additional use, such as the reCaptcha project that uses user inputs to help digitize scanned copies of old books, but the pain for the user still exists.

A newer concept that has started to show up more and more is the challenge question. Sometimes this challenge will come in the form of something simple, such as, “Add the two numbers to the right (3, 18)”, then validates that you entered the correct numbers. Others, such as the one below, is quite simple to read and simply asks you to enter the letters from either the top or the bottom, presumably at random. Yet others I have seen show you a picture of a common object then ask for you to type what the object is.

IKEEN Blog (In native Russian language)

Traditional captchas, simple language challenges (add 3 and 18), and other methods are increasingly obsolete as the repository of anti-captcha code grows. Breaking the security for any given application is simply a matter of having a large library of anti-captcha code and a rule set that defines when to try to apply each one.

So the question is, how do you prevent scripted access to applications without alienating users? If you came here for the answer you are going to be disappointed. I have some general ideas on how to help solve the problem but no ideas that I’d classify as a silver bullet. None are fleshed out enough to share here yet though. When they are you’ll hear them first. In the meantime, think about this problem and how to fix it. There are millions of brilliant minds out there and an answer is to be had. Its just a matter of one of those minds having a eureka moment.

In high school I was seriously considering joining the coast guard. That is, until a recruiter came in to speak to us. He was singly the most pompous person I have ever met in my life. Point blank, he told us that he was wasting his time visiting us because 99% of us weren’t good enough to get in anyhow. He then spent 10 obligatory minutes going over what a career in the coast guard was like before leaving without entertaining any questions. I no longer wanted to be in the coast guard. If the recruiter we met was the face of the organization, I had no interest in ever becoming a part of it.

While it is important to be selective, even highly selective, it is equally important to not rub your selectiveness in people’s faces. Companies have to be selective when hiring else they risk becoming diluted with second rate talent and stagnating in the market. However, companies also have to maintain a public persona such that they are viewed in a positive light be the majority. If companies find a hiring model that works for them, allows them to be competitive, and reduces the attrition rate then more power to them.

After passing out a recent post by Steve Yegge to a couple colleagues and friends I solicited a response on what they thought of the process. Some felt that the elitist approach was pretentious but all agreed that is was necessary to ensure a top notch group of engineers. When you are the company that everyone wants to be and most people emulate, you have some leeway to be selective. However, selectiveness should be weighed carefully against public persona. When the selectiveness reaches a point that people lose interest in working for you then it is time to scale back a bit. Google seems to have found their niche in this respect as they are a highly selective company but still the firm that most engineers would work for, given the chance.

There is a blurry line between being snobby and being selective.  Snobby in the eyes of some is selective in the eyes of others. The important thing for any company, whether a three person crew in a garage or Google, is to find the balance that works best for their firm. For some this will mean a high degree of selectiveness, and thus perceived pretension, while for others this will mean a less selective process and a slightly less efficient talent pool.

There is more design patterns gear ready now. You can get it here. There are about 70 variations of shirts – single sided, double sided, dark, light, value, etc.

Be the belle of your LAN party! Grab some design patterns shirts now!