Just to rub it in, experiments have shown that you can train pigeons to perform visual pattern-matching…but apparently it’s cheaper to dumb-down humans for the job than to train-up pigeons.

Can you say “apotheosis of capitalism”, kids?

Short summary (so maybe it’s a mercy): VB/Access are old-school Zone software; new school is LAMP, esp. PHP; gotta know WordPress to play. The crowd-sourced plugin strikes me as a so-so idea, and probably n/a because it blocks a spammer’s use of the commenter’s URL field, which I just ignore in my version of the software.

Not unike digger wasps, who lay their eggs in the paralyzed bodies of their victims so their young will have fresh, quivering flesh to feed on, the modern corporate establishment daily finds new ingenious methods of devouring its customers and workers.

It replaces skilled workers with unskilled ones, and unskilled ones with machines. And where it unavoidably must rely on human skills, creativity and intelligence, it harvests what it needs in impoverished nations who have trained their youth at public expense.

In many ways, this is indeed a “real bitch of a problem”.

No programming would be required to create a bit of HTML with the text “press button two” and three buttons, only one of which takes you anywhere interesting. What that accomplishes is to derail 2/3 of the bots, but 1/3 gets through at random.

I’m not saying we shouldn’t at least resist, even knowing that defenses like captchas are becoming increasingly weak. Allowing comments without registration is just asking for trouble, and I recommend against it. If we reopen registration with captchas, it’ll be with the knowledge that some spammers will slip through and somebody will have to clean up after them. podrock’s had enough of that shit, thank you very much, and I don’t blame him.

There are services like Akismet that will filter comments for you, and they’re probably about as effective as an email spam filter. But I have to say that the idea of sending all our comments out to a third-party for vetting and potential censorship gives me the creeps. But maybe y’all are willing to buy freedom from spam at that price?

The choice is to do spam cleanup ourselves or get somebody else to do it, for “free” but at a price nonetheless. It might be possible to give the members of the “Senior Zoner” group the power to moderate comments, and to put all newcomers into the lower-ranked “Zoner” group and require that their comments be held for moderation. We’d all have to remember to visit the comment queue periodically, not just to kill spam, but to let through the legitimate comments as quickly as possible.

This is a real bitch of a problem.

None of the boards provides me with a reply icon, except Space Science, which I tweaked months ago. While a comment editor appears, it does not contain a post button. If I enter text and hit enter, I get a notification that the comment has been posted; but it doesn’t actually appear.

I looked to see if the spammer who commented (not posted) was registered, but I could not find their user name or their e-mail on the user list in the dashboard.

So how are they posting comments? Anyone want to try commenting while logged off?

The posts were coming from spammers who registered then posted. While I cannot see in the user panel, or the edit user panel when they registered, I could tell from the total number of users that there were new registrations.

Probably a good idea then, to add me to the notifications list, that way I can see when they have signed up. Not feeling like a lucky bastard today (just found out I need a new sewer line) but what the hell, you know I like the stats. That was one of the advantages of DamnTikiWiki.

Yes, things have changed much in the last ten years that I’ve been here, but it seems this problem started in earnest when we went to the DamnTikiWiki. The user pages of that software allowed them to create all kinds of spam pages that were not readily noticeable, and when I finally discovered them, there were dozens.

The spam storms tend to come in waves, about six weeks apart, and last for a week or so.

I’d like to keep the registrations closed for now, wait a week or so, then open it back up with enhanced security. And I hate to do this, but we should probably shut down any none registered commenting.

Also, we might drop the default role for new registrations to subscriber, limiting some of their abilities. Maybe hold those comments for approval. I’ve been demoting many of the registration of obvious spammers to a public role, which stops them from posting or commenting.

I can set things so that all comments require moderation. And I can set the email notification address to yours, you lucky bastard (you noted in another post that you don’t get those notices, but I can fix that). That would increase your workload, which is not what you’re looking for.

Much has changed since the early days of the Zone. I don’t think any longer that it’s possible to operate openly on an increasingly dangerous Internet. The technological barriers to spam and other misbehavior that we put up don’t last long. Captchas have become tissue paper due to the “elegant brute force” method of hiring swarms of desperate humans to spend all day solving captchas encountered by spambot networks. Who needs expensive AI when you have capitalism’s victims desperate to stay alive? So even registration is a weak defense. But I don’t know of a better one.

It took a lot of discussion and nagging to get to this point. It’s going to take some more of it to decide where to go next.