Re: [Mailman-Developers] CAPTCHA support
On 03/05/2016 11:57 AM, Aditya Divekar wrote:
Hi! I was looking around the mailman code, and could not find the functionality for captcha in the mailing lists subscription pages. I think it could be a good feature to implement in the upcoming versions, and would like to know if its a good idea? I also came across the thread - http://permalink.gmane.org/gmane.mail.mailman.user/74167 and read about the previous discussion on it by some members. Since captcha back then was easier to break, it might not have been a profitable feature, according to the thread. But with the new recaptcha, I would like to know if the stand is the same. The message you mentioned said that it might be because of lacking csrf protection. With django all the forms are protected by csrf.
About captchas. If they are implemented, they would have to be optional in my opinion as they would require signing up for a token with the captcha provider. Or were you thinking about implementing your own service? I'm pretty sure there are django apps out there that add captcha support. It would be a nice addition if it's optional. If it's not I guess it would need more discussion.
On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they would have to be
optional in my opinion as they would require signing up for a token with the captcha provider.
Yes, if captchas really have to be implemented, please, please make them optional! For example many blind people are using mailman and captchas are a nightmare for them and from the point of view regarding accessibility in general.
Mailman 2.x is very accessible so far and unfortunatly I hadn't time to take a look if postorius is also good to use, but keeping mailman useable also for users with disabilities should be always kept in mind IMHO!
If spam protection mechanisms are needed, please think about better alternatives or make this mechanisms optional!
Thanks and all the best,
Christian
-- Christian Schoepplein - chris@schoeppi.net - http://www.schoeppi.net
Yes, I was of the opinion that it could be an optional feature.
Making it compulsory would involve critical problems as mentioned above by Christian, and might sometimes be disagreeable to list users who think its an unnecessary overhead of time.
I was mostly basing this idea on the lines that it is easy to put in a spam subscription request to the mailing lists now. Implementing captcha could nip most of these attempts in the bud itself, and save mailman the extra efforts of sending the confirmation link to the subscriber.
Thanks.
Aditya
Christian Schoepplein writes:
On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they would have to be
optional in my opinion as they would require signing up for a token with the captcha provider.
Yes, if captchas really have to be implemented, please, please make them optional! For example many blind people are using mailman and captchas are a nightmare for them and from the point of view regarding accessibility in general.
Be reassured: we understand (but easily forget, so feel free to remind us!)
What is the opinion of audio captchas? That is, do they actually work, and are they a significant inconvenience even if they are at least in theory possible to use for blind persons? Google ReCAPTCHA implements an audio recaptcha option, for example.
Mailman 2.x is very accessible so far
Thank you!
and unfortunatly I hadn't time to take a look if postorius is also good to use, but keeping mailman useable also for users with disabilities should be always kept in mind IMHO!
This is a continuing goal of mine, for sure, and I think of all Mailman developers. But AFAIK we're all equipped with average-ish levels of the usual senses, so feel free to remind us of the principle, and if you notice any specific issues for accessibility, *please* report them. We probably won't notice them ourselves. :-(
@self (or anybody who wants to check and implement :-): We should have an accessibility tag (and probably a usability or ux tag to differentiate the use cases) on the tracker.
If spam protection mechanisms are needed,
No "if" about it, unfortunately. But we do try to avoid mechanisms that impose more pain on real users than on spammers.
Steve
At 08:20 PM 3/5/2016, Stephen J. Turnbull wrote:
Christian Schoepplein writes:
On Sat, 5 Mar 2016 12:08:38 > About captchas. If they are implemented, they would have to be
optional in my opinion as they would require signing up for a token with the captcha provider.
Yes, if captchas really have to be implemented, please, please make them optional! For example many blind people are using mailman and captchas are a nightmare for them and from the point of view regarding accessibility in general.
Be reassured: we understand (but easily forget, so feel free to remind us!)
What is the opinion of audio captchas? That is, do they actually work, and are they a significant inconvenience even if they are at least in theory possible to use for blind persons? Google ReCAPTCHA implements an audio recaptcha option, for example.
Some audio CAPTCHA's are ok, some are virtually impossible to decipher. Also, audio CAPTCHAs do not work at all for deaf-blind persons.
So, while it depends, audio CAPTCHA is a mixed experience at best, and impossible at worst.
Dave
David Andrews and long white cane Harry.E-Mail: dandrews@visi.com or david.andrews@nfbnet.org
David Andrews writes:
Some audio CAPTCHA's are ok, some are virtually impossible to decipher. Also, audio CAPTCHAs do not work at all for deaf-blind persons.
Thanks for going on record!
So, while it depends, audio CAPTCHA is a mixed experience at best, and impossible at worst.
I kinda expected that.
Steve
As the parent and caregiver for a disabled child (age 35) and a nationally known advocate for the 1 in 10 worldwide with one of 7,000 rare diseases, I have great respect for those with disabilities … and for those aging, like me, who are increasingly visually and audibly challenged.
With that said, each list serves a different audience and has a different mix of challenges with their potential subscribers. For this reason I would suggest that CAPTCHA be an optional feature that the list admin configures (perhaps with a paragraph of helpful perspective that explains the challenges of CAPTCHAs which can be gleaned from the other comments in this thread).
While CAPTCHA is not a 100% perfect solution, I can imagine situations where a 25 or 50% solution is still incrementally but notably helpful.
Let’s leave that decision up to the list administrator on a list by list basis.
Dean
On Mar 6, 2016, at 4:51 AM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
David Andrews writes:
Some audio CAPTCHA's are ok, some are virtually impossible to decipher. Also, audio CAPTCHAs do not work at all for deaf-blind persons.
Thanks for going on record!
So, while it depends, audio CAPTCHA is a mixed experience at best, and impossible at worst.
I kinda expected that.
Steve
Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/deansuhr%40deansu...
Security Policy: http://wiki.list.org/x/QIA9
On Mar 06, 2016, at 11:20 AM, Stephen J. Turnbull wrote:
This is a continuing goal of mine, for sure, and I think of all Mailman developers. But AFAIK we're all equipped with average-ish levels of the usual senses, so feel free to remind us of the principle, and if you notice any specific issues for accessibility, *please* report them. We probably won't notice them ourselves. :-(
@self (or anybody who wants to check and implement :-): We should have an accessibility tag (and probably a usability or ux tag to differentiate the use cases) on the tracker.
Great idea. The core already had a 'ui' tag but I renamed that 'usability'. I also added an 'accessibility' tag, and I tried to add some reasonable descriptions to these two tags (as well as color code them similarly). The core doesn't have a lot of these issues, and I'll leave it to others to add the appropriate similar tags to Postorius and HyperKitty.
https://gitlab.com/mailman/mailman/labels
Suggestions for improvements welcome!
Cheers, -Barry
Barry Warsaw writes:
Great idea. The core already had a 'ui' tag but I renamed that 'usability'. I also added an 'accessibility' tag,
Ah, you're right -- spelling usability as "ui" or "ux" would be an "ax" barrier to everybody but us chickens, er, core devs.
+1 for usability and accessibility.
and I tried to add some reasonable descriptions to these two tags
LGTM.
BTW, should the "handlers" tag mention "rules" and "chains"? I don't really see why they would be a different category from the point of view of developers, but users reporting issues might see a distinction and be confused by the "missing" "rules" tag.
Generic issue for label descriptions filed: mailman/issues/#200.
(as well as color code them similarly).
It's a shame that page doesn't group by colors, maybe? You know, a sort of poor man's thesaurus to help the user pick the best of similar tags. I'll think about it and file a RFE with gitlab if it seems to make sense.
Steve
participants (7)
-
Aditya Divekar -
Barry Warsaw -
Christian Schoepplein -
David Andrews -
Dean Suhr -
Simon Hanna -
Stephen J. Turnbull