Thursday, May 29, 2008

Designing For Evil

In his Designing For Evil article at Coding Horror, Jeff Atwood discusses the ways of evil over good. I would just put here some excerpts and my highlights from the article.

Spam on Craigslist has been a minor nuisance for years. Not any more. This year, the spammers started winning and are taking over Craigslist.

Several commercial products are now available to overcome those little obstacles to bulk posting. CL Auto Posting Tool is one such product. It not only posts to Craigslist automatically, it has built-in strategies to overcome each Craigslist anti-spam mechanism:

  1. Random text is added to each spam message to fool Craigslist's duplicate message detector.
  2. IP proxy sites are used to post from a wide range of IP addresses.
  3. E-mail addresses for reply are Gmail accounts conveniently created by Jiffy Gmail Creator (ed. note: this does not break Google's CAPTCHA, as you can see in this screenshot.)
  4. An OCR system reads the obscured text in the CAPTCHA.
  5. Automatic monitoring detects when a posting has been flagged as spam and reposts it.

Craigslist is fighting back. Its latest gimmick is phone verification. Posting in some categories now requires a callback phone call, with a password sent to the user either by voice or as an SMS message. Only one account is allowed per phone number. Spammers reacted by using VoIP numbers. Craigslist blocked those. Spammers tried using number-portability services like Grand Central and Tossable Digits. Craigslist blocked those. Spammers tried using their own free ringtone sites to get many users to accept the Craigslist verification call, then type in the password from the voice messageete. Craigslist hasn't countered that trick yet.

It's an old trick to make your "free stuff" site visitors solve CAPTCHA's for ya. Yet I haven't heard of anyone beating that one yet.

Wikipedia is a living testament to the fact that goodness vastly outnumbers evil.

The problem is - bad guys are just way better organized. And they receive money for doing it.

And this one is just masterpiece. I will watch Spaceballs for sure after this:

HELMET So, Lone Starr, Yogurt has taught you well. If there is one thing I despise, it is a fair fight. But if I must than I must. May the best man win. Put 'er there. (offers to shake his hand) Dark Helmet, from Spaceballs

LONE STARR goes to shake his hand. HELMET takes the ring off LONE STARR'S hand.

HELMET The ring. I can't believe you fell for the oldest trick in the book. What a goof. What's with you man? Come on. You know what? No, here let me give it back to you. (offers the ring back)

LONE STARR goes up to get the ring back. HELMET throws it in a grate. The ring goes in the grate. LONE STARR tries to catch it and falls to the grate.

HELMET Oh, look. You fell for that, too. I can't believe it man.

LONE STARR gets up and runs to a corner.

HELMET So, Lone Starr, now you see that evil will always triumph, because good is dumb.

Excellent :)

One thing from the article that is also worth the notice and on which I can't stop stressing enough: NOFOLLOW your suspicious links. And hope that search engines won't penalize you for them.

I don't usually agree with Jeff Atwood on the things he talks about. He's too mainstream (his Microsoft Windows Vista Start Menu rocks article), too "sterilization and order" geek ("Don't touch my display... Oh, and don't touch my keyboard as well" — noone likes it much, there's no reason to make a paranoia out of it though), oh, and he has a dumb and scared voice in his "How to record an mp3 file using your telephone" (mp3 here), though articles like this one are still the reason why I read his codinghorror blog :)
said thank you for this page

Liked this article? Bookmark/share it with others: Didn't like the article, found a mistake or just want to express your own opinion? Post a comment!


Post a Comment

Have anything to say? Leave a comment!
Too shy or got a too private question? Email me
Alternatively, you can drop me a line on Twitter