Weeks ago I mentioned a new initiative called OpenCAPTCHA.org whereby I was drafting my own public domain specification and sharing it with the world at http://www.opencaptcha.org/
As anyone who’s been monitoring my blog here would notice, I set that initiative aside and focused on The Gemli Project’s O/RM (Gemli.Data) which is in a usable state but still has a lot more additional features needing to be added. After spending the last week on futzing with XML serialization of the mapping dictionary so I might be able to shortcut the process of loading a class-to-table mapping list, I’ve gotten a little burned out on Gemli for a short while.
Meanwhile, today I surely must have received at least 25 comment spams here on this blog. My blog is moderated but I still have to delete their posts. These spammers find this blog by scouring Google for popular articles, and all my most popular articles are getting bombarded with comment spam. So, tonight I’ve decided to rotate my attention and focus on OpenCAPTCHA.org again.
The OpenCAPTCHA.org spec has three key components: the Challenge-Answer Provider service, which produces a question or image along with the answer and hands it off to the services that request it, the optional Challenge service, which emits the challenge portion provided by the Challenge-Answer Provider service and then validates the user-submitted answer (immediately destroying all evidence upon first request for validation), and then finally, of course, the web site that displays the CAPTCHA challenge to the user and collects the user’s answer for validation.
I had already posted working samples [1, 2] of JSON/JSONP emitting ASP.NET MVC Controller classes for the services involved in my OpenCAPTCHA.org spec, but nothing much to show for it. That is, nothing that I or anyone else can consume right now without doing more implementation work. So I decided that the next best thing to do is to actually build three projects from scratch in a complete solution that demonstrates it all and that I can deploy as a working, running CAPTCHA service that implements the spec at a basic level:
Source code: http://www.opencaptcha.org/Wiki/GetFile.aspx?File=OpenCAPTCHA.org+v0.1+ASP.NET+MVC+Sample.zip
The end result seems to work perfectly.
As of this blog entry I haven’t yet integrated this or any other implementation to this blog yet, but only because I’m posting this blog entry out-of-sequence. :)
It’s implemented on my blog now.
Why am I doing this?
I’m sure somebody’s asking that about me and this initiative by now. CAPTCHA’s a simple thing, right?
In my view, typical home-grown CAPTCHA’s simplicity ends where spammers’ strong will begins. My goal is to make CAPTCHA a living, breathing organism rather than a piece of software that just sits there and gets stale while spammers keep pounding on the same CAPTCHA images and other challenges/questions and discover how to answer them robotically. In my mind, CAPTCHA should take advantage of the dynamic nature of the Internet itself and continually adjust to changing trends so that a spammer’s hack is the piece that gets stale rather than the CAPTCHA. The way to do this is to make CAPTCHA consist of web services that many people can produce and that consuming web sites can rotate amongst a growing list of CAPTCHA providers.
Ultimately I want to get samples going for other languages such as PHP as well. This is NOT a Microsoft tools oriented project. If anyone wants to take on the task of building a v0.1 spec implementation prototype for their favorite programming stack, please be my guest! Just read the spec and implement, and show me what you’ve got.