billso.com

Long-time readers of billso.com may remember that I used reCAPTCHA to validate comments about my articles. reCAPCTHA is a web service that shows users pictures of two words. The service knows one of the words. The second word was provided by an electronic book scanning project that needs help with its quality control.  reCAPTCHA send the results back to the scanning project, to help them fix their documents.

A CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) system is a simple test that determines if a computer user is a machine or a human. CAPTCHAs are small puzzles that people can solve quickly, while being too expensive for a computer system to solve.

I dropped the reCAPTCHA feature in May 2008, because the system was not stopping comment spam from appearing on my blog. “Comment spam” is just messages that have little or no relevance to an article or page.

In the past, people who wanted to crack a CAPTCHA system might pay users to stay at home and decipher dozens of captchas, in return for free content or Internet access. But people are slower and less reliable than computers. Processing power continues to improve, while CPU costs get lower.

Paying the price

Stephan Chenette, the manager of security research at Websense Security Labs, notes that CAPTCHA technology had made incremental improvements since 2000, while CAPTCHA crackers bought faster hardware and invested more in their efforts:

“CAPTCHA has been broken for the last year and a half. The technology has really not progressed. They’ve got a little bit harder but the hackers have made programs that can easily break them. This works both with print and audio CAPTCHA. All of these have been broken in one way or the other.”

In the last few months, the CAPTCHA systems of several major web sites have been cracked by automated systems:

• January 2008: Yahoo Mail
• April 2008: Gmail and Hotmail
• May 2008: Craigslist

This has resulted in a flood of spam, scams, and fake postings on services around the world. It’s become quite easy to create a fake Web site that can fool many users. Social networks like MySpace and Facebook offer many more opportunities to trick users into revealing their credentials and personal information.

In the last few years, financial service companies and banks have adopted multifactor authentication systems that ask users for more than a password or a CAPTCHA solution. Now organizations in other industries are looking at similar solutions, because it has become much less expensive for scammers and crackers to break these companies’ systems. Several OpenID providers have added multifactor features to their authentication systems, too.

This article called How CAPTCHA got trashed has more details.

Image courtesy of Mess of Pottage through a Creative Commons license.

Related posts and pages on billso.com

• Help
• OpenID
• 13 May 2008: JanRain launches CallVerifID multifactor phone service for OpenID
• 10 May 2008: Why use OpenID?
• 17 April 2008: Virtual keyboards and monitoring software foil keystroke loggers
• 25 March 2008: Digital TV is coming
• 13 March 2008: Avoiding the splogs
• 5 February 2008: The mobile web and billso.com
• 4 June 2007: Email and print links

I’d been offline all weekend, so this morning I decided to check my Twitter page. Twitter is a web site that lets users microblog with 140 character messages typed into the web site or mobile text messages. 

I had a few new followers whom I did not know in real life, and each of them had weird names. A few reminded me of the passwords AOL used to stamp on its disks and CDs, while others were straight from a spammer’s imagination:

• agoraindex
• tarahbrown
• MyInternetBusin 
• HarbourHeights 
• WallpaperManica
• she0foreclosure 
• xiaopan
• Rhonda1989

As it turns out, these were all attempts at sending me Twitter spam. My Twitter profile is public, so anyone can follow me. 

To make matters worse, Twitter has no system for mass blocking profiles. I had to block each of these profiles one by one, and each block required a round trip through 5 web pages. 

Adam J. O’Donnell of Cloudmark has a good ZDNet article called Twitter’s holiday battle with spammers that has some good observations.

Twitter has enough problems as it is - the service goes down for hours at a time, and has inspired users to name one of Twitter’s network outage notices as the Fail Whale.

The anti-rail forces on Oahu are focusing their efforts on a deceptive petition campaign that doesn’t address some major reasons why Honolulu needs a rail rapid transit system. The train would help keep cars off the island, and get cars off the H1 and downtown roads during peak commuting times. The train may not help traffic on fort Weaver Road, but their traffic problems need different solutions.

No new roads

StopRailNow has an alternatives page that lists several solutions like underpasses, elevated toll lanes, The proposed elevated lanes won’t fit on some sections of the H-1. The Outdoor Circle isn’t happy with the rail proposal, but even they realize that miles of flyovers and elevated roads would look worse.

StopRailNow hasn’t discussed where people would drive when they got off these elevated roads, because the answer is obvious: on the same overcrowded surface roads we have now.

There won’t be any extra lanes on the Nimitz Highway, King Street or Ala Moana Boulevard because there’s no room for extra lanes. the best that can be done is reducing the width of lanes, which is being tried on Ala Moana Boulevard west of Ward Avenue.

There won’t be a bridge or tunnel around Pearl Harbor, because the US Navy will never allow that kind of security risk. I’ve read many suggestions like this, mostly from people who live around Fort Weaver Road and commute through downtown. Fort Weaver Road and the Kapolei area have expanded faster than the city can build roads.

No room for more parking

The anti-rail advocates haven’t discussed where or how all of the extra cars on these toll roads will park. There’s no room for new parking lots or garages in downtown Honolulu, the Ala Moana area, or Waikiki. Repainting lots with narrower spaces won’t work well, either.

We live on an island. There’s no room to builds more parking garages, unless we erect them on park land and tear down homes and businesses.

Uninsured drivers?

Another one of StopRailNow’s alternatives is a crackdown on uninsured drivers. The web site estimates this would take 15 to 30 percent of current vehicles off Oahu’s roads. Too bad they didn’t cite their source - there’s one lonely link on that page to Cliff Slater’s honolulutraffic.com web site.

Will these uninsured drivers join carpools or take The Bus? Who will pay for the dozens of new buses that are already needed? Bus ridership has increased a great deal in the last few months.

The site doesn’t discuss what will happen to these thousands of abandoned cars, either. Will they be shipped off-island, or will the cars rust by the sides of abandoned roads? Assuming that the majority of uninsured motorists cannot afford auto insurance, this solution sounds more like economic discrimination than a viable alternative.

On 4 June 2008, Republican congressional candidate and city council member Charles Djou proposed a city ordinance that would let the Honolulu Police Department boot cars for unpaid citations or lack of insurance. Sounds like the state needs to revise its vehicle registration process so that applicants are checked for outstanding citations when they attempt to transfer a title. In fact, Charles Djou and the Honolulu city council should probably just let the Hawaii state legislature address this issue.

See this Star-Bulletin article for more details, including a quote that sounds like Djou was reading from a StopRailNow brochure:

Djou said he believes removing noncompliant vehicles off the highways would “probably do more to alleviate traffic congestion than anything else the city government could possibly come up with.”

If gas prices continue to rise, more motorists will stop driving because they cannot afford the fuel. Fuel prices will keep rising after the November 2008 election, too

How many signatures?

The anti-rail groups must get 45,000 certified signatures by 31 July 2008 to get their ill-advised referendum on the November general election ballot. Dennis Callan, the co-chair of StopRailNow.com, believes that only 30,000 certified signature are needed, according to this Advertiser article:

The different counts result from varying interpretations of city rules governing voter-based ballot initiatives. The city clerk’s office said Stop Rail Now needs signatures equal to at least 10 percent of total voters registered in the last mayoral election. That equates to 44,525 signatures.

Stop Rail Now argues it needs signatures equal to 10 percent of the votes cast for mayor in the last election. That equates to 30,026 signatures, which is 14,499 fewer signatures than the city’s figure.

According to the Advertiser’s 28 May 2008 article, Callan hasn’t even asked the City Clerk for a ruling on this issue. Is this another example of the short-range planning expertise of the anti-rail forces? Is StopRailNow.com afraid of the answer? Does the group plan to sue its way onto the ballot if they don’t collect enough signatures?

By the time the rail line goes into operation, gas may be higher than $5 a gallon. Where will the anti-rail groups be then? Their leaders might not be very happy, because their taxicab and auto-related businesses will face increased costs, even as automobile usage drops. Perhaps some of the anti-rail proponents have already joined the thousands of Oahu commuters who are taking their cars off the roads and using vans, bikes and buses.

Related posts and pages on billso.com

• Honolulu mass transit
• 20 April 2008: Honolulu newspapers to City Council: Enough already!
• 17 April 2008: Back on track
• 15 April 2008: Council members discuss mass transit research
• 2 April 2008: Still on track?
• 20 March 2008: Like a fifth wheel
• 6 February 2008: Hawaii has highest car ownership costs in the USA
• 19 June 2007: City council, planners still arguing over mass transit routes, modes

I’ve said it before in 2004 and 2006: email is broken. It’s a great rant topic for my 1200th blog post.

The credibility of email as a marketing medium was destroyed years ago by UCE (unsolicited commercial email or spam). Managers helped destroy email as a business tool shortly afterwards.

Students often treat email as a casual messaging tool, when college is a great opportunity to learn how to use email in an effective and professional manner. Every email user can learn to write better messages.

Help me read your email

It really helps me if the subject fields are meaningful. I get hundreds of email messages every day.

Tell me what class you’re taking. I don’t carry my class roster with me 24/7. I’ve had students email me questions about their assignment without ever mentioning which course they are taking. It’s more of a problem at the start of the term. After the first 2 or 3 weeks, I’ll remember which students are in which course.

Do you need an answer to a question? Then summarize the question in the subject line. If it’s an easy question, I can send a quick reply with my answer. If an answer will take me more time, I’ll send a reply saying so.

Are you asking me to do something for you on a deadline? Put the date in the subject line.

No fancy email

Email is a great tool for written communication, as long as the message is written in plaintext. When I get HTML-formatted email that has pretty backgrounds and fancy fonts - assuming that the message made it past my servers’ spam blockers - my reply is almost always in plaintext.

HTML is for web pages, not mail messages. The writer’s color choices might look nice to them, but these colors might render the email unreadable to a color-blind recipient.

It’s far too easy to hide web bugs and bogus code in an HTML-formatted email message. Some mobile email clients like Gmail will strip the HTML formatting before displaying the message.

I hate “reply all”

I often receive email messages from other faculty members, and the cc: and to: fields are littered with addresses. I love my colleagues, but some of them never really learned how to use the Internet or email.

Some email servers block messages with large numbers of outbound email addresses, as a courtesy to the potential recipients. If one of the recipients presses the “reply all” button, their message gets sent to the entire list. It gets annoying when their reply is something innocuous like “OK” or “I’ll be there”.

Get with the program

Most people who are sending one email message to more than 20 people should consider posting the content to a web page, an intranet, or an RSS feed.

Granted, I do use the mass email function in TurnItIn.com to remind students about assignment deadlines, or to announce a new assignment. I almost always make these announcements on billso.com, but experience has taught me that some students cannot access the web site on a regular basis.

I’m could go off on a rant, but most of my students do use email effectively. These articles from about.com and Microsoft have some great tips for those who are interested.

Yesterday, the Honolulu Advertiser published an article about digital TV conversion. On 17 February 2009, US television stations will stop broadcasting analog television signals. On that date, anyone in the US who uses an antenna to receive their television signal on their analog television will need a digital converter box to receive broadcast signals. Cable and satellite subscribers have or will get converter boxes as part of their service agreement. All televisions manufactured for sale in the US after 1 March 2007 are required to have a digital tuner, so these models don’t need a converter box. The AP has an article with additional details.

I’ve discussed the FCC’s 700 mHz auction on 18 March 2008 and 30 January 2008. When the analog television channels are abandoned, AT&T, Verizon and other companies will use those frequencies for mobile phone and data services.

The US Department of Commerce has a web site with information on the DTV conversion, as does the FCC. Government regulators and consumer activists fear that cable and satellite companies will use digital television to scare up new subscribers. Another AP article states that Hispanics are the ethnic group most likely to lose television service after the conversion, even as the Federal government gives away several million coupons for digital converter boxes. Hawaii has a diverse population, and getting the message out in multiple languages will be challenging. I expect to see more articles in the local papers, especially in early 2009, even though the Advertiser claims that only 5.5% of the state’s television viewers rely on broadcast signals.

Digital TV converter boxes won’t turn an old analog set into a higher-definition TV, of course. These boxes have a digital TV tuner that passes its output to an analog TV on channel 3 or 4, like a video game console would do.

Yahoo reports that broadcasters will be required to run public service advertising, in an effort to notify viewers well before the cutover. The coupon request page uses reCAPTCHA – the same system I use to screen out spam comments on this blog.