The officially official Devuan Forum!

You are not logged in.

#1 2017-07-17 19:48:35

Count_Cucaracha
Member
Registered: 2017-07-17
Posts: 37

Registration questions are questionable.

It asked me what the default kernel was for Devuan. I answered 4.9.0 and it said that was wrong. First thing I do on any distro I try is build a kernel specifically for my hardware. I have no idea what default is. So look in /boot and there is  vmlinuz-4.9.0-3-amd64.

Is that the answer? Next question was file manager for xfce?  No idea, don't know xfce. Quick search solved that one.

Offline

#2 2017-07-17 20:11:38

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

You are welcome to offer suggestions for effective Linux -related questions that will foil the bots.  We'd love to add to the list!  It's not as easy as you think!  They need to be unambiguous and not too technical.

Welcome to the forum btw.  Nice nick.

Offline

#3 2017-07-17 20:20:41

Count_Cucaracha
Member
Registered: 2017-07-17
Posts: 37

Re: Registration questions are questionable.

Ok fair enough:

- what linux distro forced to use systemd?
- what init system is the most widely used but also the most despised?
- What's the first name of the kernel maintainer?

These any good at all???

Offline

#4 2017-07-18 04:05:36

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

Thanks for trying . . .

Count_Cucaracha wrote:

Ok fair enough:

- what linux distro forced to use systemd?

This one is getting lost in 'translation grammar'.

- what init system is the most widely used but also the most despised?

Questions should be related to facts not judgments.

- What's the first name of the kernel maintainer?

We already have a nearly identical question in the rotation.

These any good at all???

The last one is the best,  On the right track but no cigar quite yet. wink

Offline

#5 2017-07-18 07:40:49

fungus
Member
From: Any witch way
Registered: 2017-07-12
Posts: 389
Website

Re: Registration questions are questionable.

I know that Devuan is not made (in philosophy, I don't see why not) for absolute newbies in linux.  But you have to think of those poor souls willing to bail out of windouche 8/10.  It would be very discouraging to consider the answer to the question of the pid# of the init system.

One good reason for using a live installer is to have startpage in the background.

But just about anything you may ask apart from basic logic and language skills will include a bias.
My favorite would be "the smallest planet in the solar system" and include pluto and pluton as some of the correct answers, even they now say it is not a planet smile

Famous thief in Missourah (first name): 

What channel do US truckers use to chat, 10-4 .... not fourteen

Offline

#6 2017-07-18 17:50:03

Count_Cucaracha
Member
Registered: 2017-07-17
Posts: 37

Re: Registration questions are questionable.

golinux wrote:

Thanks for trying . . .

Count_Cucaracha wrote:

Ok fair enough:

- what linux distro forced to use systemd?

This one is getting lost in 'translation grammar'.

Not sure what that means.

The last one is the best,  On the right track but no cigar quite yet. wink

I'm glad I only have to register once then.

Offline

#7 2017-07-18 17:55:38

Count_Cucaracha
Member
Registered: 2017-07-17
Posts: 37

Re: Registration questions are questionable.

Here:

How many moons does our planet have?

How many letters are there in the word apple?

The idea is to make them not esoteric and also not time sensitive.

Who is the president of Russia/USA/etc.?

Offline

#8 2017-07-18 18:17:42

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

Count_Cucaracha wrote:
golinux wrote:

- what linux distro forced to use systemd?

This one is getting lost in 'translation grammar'.

The wording of this question is not clear so I'm not sure whether you're asking:

1.  what linux distro forced (the) use of systemd?   RedHat?  Debian?  etc.
2.  what linux distro forced (who?) to use systemd?  Users?  Downstream distros?  etc.

And the conclusion of 'forced' is just not true even though it feels like it.  Life is about CHOICE.  'They' made theirs and 'we' made ours.  Plus, it's always a good idea to keep to the facts and not embellish with judgmental filters.   wink

The last one is the best,  On the right track but no cigar quite yet. wink

I'm glad I only have to register once then.

LOL!  Well, I'm happy you got through the question gauntlet.  Enjoy your stay here.  smile

Offline

#9 2017-07-18 18:23:28

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

Count_Cucaracha wrote:

Here:

How many moons does our planet have?

How many letters are there in the word apple?

The idea is to make them not esoteric and also not time sensitive.

Who is the president of Russia/USA/etc.?

That's more on the right track but unfortunately bots can usually figure out number questions in milliseconds (at least it feels that way).  Only one bot has gotten through the current system in over 6 months so it works quite well.  And IMO it's less annoying than those picture captchas that you have to cycle through.  And politics is a no-go . . .

Offline

#10 2017-07-18 19:00:56

Count_Cucaracha
Member
Registered: 2017-07-17
Posts: 37

Re: Registration questions are questionable.

golinux wrote:

Only one bot has gotten through the current system in over 6 months so it works quite well.

The important metric is how many real people have gotten through or not gotten through. You might think I'm joking but that's the metric that should be more important than spammers. Not to say that preventing bots is bad but we must keep our people first.

And IMO it's less annoying than those picture captchas that you have to cycle through.  And politics is a no-go . . .

Almost everything is less annoying than any of the captchas.

I sent email to google asking for a 1099 form since they asked me to do work for them. No reply. I will contact the IRS next.

Offline

#11 2017-07-18 19:06:01

Count_Cucaracha
Member
Registered: 2017-07-17
Posts: 37

Re: Registration questions are questionable.

fungus wrote:

What channel do US truckers use to chat, 10-4 .... not fourteen

How about 6? 10-4=6

But 10-4 is how you say "okay".  It's not a channel or frequency.

Usually followed by "good buddy".

Offline

#12 2017-07-18 21:02:13

greenjeans
Member
Registered: 2017-04-07
Posts: 377
Website

Re: Registration questions are questionable.

19


https://sourceforge.net/projects/vuu-do/
Vuu-do GNU/Linux, minimal 64 and 32 bit Devuan-based openbox and mate systems to build on, maximal versions if you prefer your linux fully-loaded.

Please donate to support Devuan and init freedom! https://devuan.org/os/donate

Offline

#13 2017-07-18 21:22:44

fungus
Member
From: Any witch way
Registered: 2017-07-12
Posts: 389
Website

Re: Registration questions are questionable.

Do they still have them petro stations, I'll buy you a steak dinner my friend smile
You have the answer right.  You grapevine racer you!

Offline

#14 2017-07-18 21:26:22

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

Anyone object to my nuking this OT chit chat?

Offline

#15 2017-07-18 21:33:33

fungus
Member
From: Any witch way
Registered: 2017-07-12
Posts: 389
Website

Re: Registration questions are questionable.

Well. the topic was about responding to violet instead of purple, and 3.16 and all .... so, what can possibly be OT?
It is not like talking about bears and scales or something.

Offline

#16 2017-07-18 21:47:31

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

Maybe take it to irc?

Offline

#17 2017-10-01 05:16:49

JoshuaFlynn
Member
Registered: 2017-09-09
Posts: 48

Re: Registration questions are questionable.

I must digress that the questions are, indeed, questionable. They're intrinsically Devuan specialism themed (how am I supposed to know which kernal version image it is?) and whilst I can understand this filters out the systemd cruft that insist theirs is the only way, it makes it difficult for people who aren't specialists (which are ironically the ones most likely in need of assistance).

The issues of captchas is a complex one, because, counter-intuitively, not all captcha solvers are done by bots (yes, they are outsourced to people who earn a couple of cents per solution), which is why usually bot unsolveable captchas like complex images are still seemingly solveable by spambots. More specialist bots have their own dedicated human handlers (especially when it comes to military software socks).


Defeating conventional spambots is fairly easy, you need to setup a deductive question that a bot cannot logically solve (a smarter bot handler will simply rotate through the text questions and preload answers for them, so you do also need to expire 'solved' questions). For example, on my forum, I ask the question 'In comedy, what does 2+2 equal?'. A bot will see the mathematics and answer '4', but a human will twig that the 'comedy' context changes the answer (which is either '5'/'five' or 'fish').

You'll want to include a number of natural answers rather than one 'right' answer (for example, the kernel image should include all valid kernel images in use by Devuan).

A couple of easy examples that easily thwart bots:
How is Devuan pronounced? (Dev-one, Devone, etc)
What is this forum's main colour theme? (Purple)
Devuan is to Debian as Lubuntu is to... (Ubuntu)

Leaps in logic or horribly general questions like this are nearly impossible for moderate complexity bots to answer. For example, how does the AI know how to pronounce Devuan? It doesn't (it likely doesn't have the speech processors to 'sound it out' either). Main colour theme 'seems obvious' but it has to know what a theme is, figure out the the colour codes, then covert those colour codes into the expected colour categorisation. Devuan to Debian is actually a rip on an IQ test question and requires categorical inference.


If the forum still wants to use 'proof of knowledge' questions (which discriminates against noobs), I strongly advise they be proof of knowledge questions that a person can reasonably achieve in a single non-specialised search, otherwise from a user interface standpoint this is adversely impeding the users.

From a long-term standpoint, the forum might want to acquire an IP blacklist of well known spambot associated IPs (perhaps even doing an automated whois style query to detect non-ISP based connections, with exceptions made for Tor nodes), and perhaps have a minimum two post limit before URLs in posts are enabled (which very quickly cripples bots even with guest post access because as a spambot they can never post without a URL and therefore always fail).

If someone has way too much time on their hands, they could likely do a plugin that determines the probability that a poster is likely a spambot and auto-ban (suspicious IP, suspicious email, drug/porn/offensive content themed post, excessive captcha failures, constant 'unable to post' failures involving URLs).


If you really want to stick it to systemd whilst keeping it factual, consider having a thread detailing systemd vulnerabilities and exploits (usually they have specific CVE names or well known titles), and make questions based around looking up the specific vulnerability code (be kind enough to link them in to the thread). That way you can both educate users and filter out spambots at the same time.

Offline

#18 2017-10-01 18:38:44

NFT5
Member
From: Canberra, Australia
Registered: 2017-09-27
Posts: 6

Re: Registration questions are questionable.

Some good comments and ideas there.

Let me add a few complications....

"What's the truckers channel?" In Australia there is no such thing as a 'trucker', they're 'truckies', as are 'bikers', 'bikies', and the radio channel used is 40. Even those of us who use UHF radio probably wouldn't have the faintest clue what channel is used in North America, which, I think, is still 27MHz anyway.

Questions on pronunciation can be equally as difficult. For the word 'defeat' we say diff-eet with accent on the second syllable, as opposed to dee-feet with accent on the first. Asked to type how I'd pronounce 'Devuan' I'd likely put 'dev-wahn'. Pronouncekiwi has some interesting variations.

So even for English speakers this can be hard, harder still for those even from Latin based languages and nigh on impossible for those who come from an East Asian background. Anyone tried to decipher pronunciation in Pinyin?

Colours. My business revolves around colours and not in a pink fit would I describe the Devuan scheme as 'purple'. Violet grey, perhaps.

Staying a step ahead of the bots is one thing but keeping the questions answerable is another. Good luck.

Offline

#19 2017-10-01 19:54:20

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

NFT5 wrote:

Some good comments and ideas there.

Let me add a few complications....

"What's the truckers channel?" In Australia there is no such thing as a 'trucker', they're 'truckies', as are 'bikers', 'bikies', and the radio channel used is 40. Even those of us who use UHF radio probably wouldn't have the faintest clue what channel is used in North America, which, I think, is still 27MHz anyway.

Questions on pronunciation can be equally as difficult. For the word 'defeat' we say diff-eet with accent on the second syllable, as opposed to dee-feet with accent on the first. Asked to type how I'd pronounce 'Devuan' I'd likely put 'dev-wahn'. Pronouncekiwi has some interesting variations.

So even for English speakers this can be hard, harder still for those even from Latin based languages and nigh on impossible for those who come from an East Asian background. Anyone tried to decipher pronunciation in Pinyin?

Agreed on pronuciation questions.  FTR, there is an 'official' audio rendering of Devuan here

Colours. My business revolves around colours and not in a pink fit would I describe the Devuan scheme as 'purple'. Violet grey, perhaps.

We call it Purpy.  But purple seemed close enough.   

Staying a step ahead of the bots is one thing but keeping the questions answerable is another. Good luck.

This site was bot-proofed 247 days ago.  In those months it has stopped over 16.000 bots dead in their tracks.  The numbers are constantly escalating.  A few days ago we had over 550 blocked in a 24 hour period.  Not one has gotten through yet.  So the system works and is non-negotiable.

New and improved questions are always welcome.

golinux

Offline

#20 2017-10-02 12:27:00

JoshuaFlynn
Member
Registered: 2017-09-09
Posts: 48

Re: Registration questions are questionable.

golinux wrote:

So the system works and is non-negotiable.

This does not preclude the possibility of other also working systems that are more human friendly. One could easily ban everything and declare that also works, but that is not to say it's user friendly, and Devuan definitely stands to gain from an additional userbase.

Your question system almost thwarted me (I think it eventually defaulted to google's awful recaptcha system after numerous retries and I got in) and I would have gladly taken my hat and left had it continued for a bit longer - I take the view if a system is too difficult for entry, the person doesn't want me there. You might want to consider the fact that multiple users are reporting this issue and a view of 'it works for me' isn't quite how beta testing works.

I suspect by caught you mean bots that were filtered out during the registration period? If you're aiming to reduce server burdens, most shouldn't even be able to connect to the forum to begin with, and there are publicly available IP blacklists. I would strongly advise shuffling the anti-bot system around to find one more human friendly, because I suspect it's not just bots you're keeping out.

Better questions is a bit arbitrary because if they're too easy, bots get in, and if they're too hard you keep humans out, and keeping it all focused there is a single point of failure (there should be layers of filtrations). As mentioned, a bot handler could easily just preload the text answers for the questions and you'd have to rotate them out of service (if they hang around for long enough they could exhaust your entire supply), and more advanced piece of kit (like say, a Watson API) could likely do a lookup on the answers coupled with a bit of brute forcing guesswork (IE keeps an internal log of what answers succeed against which fail).


As irony would have it, I run a mechanize based python bot that updates my own forum on specific threads and specific topics, and despite the fact the main forum has guest posting enabled, the comedy style question coupled with a basic image captcha plus the two post minimum for URLs has dropped bot posting rates to zero (my bot gets around this because it has a manually registered account). I'd like to think the range bans on IP blocks also helps impede it but because they don't even arrive there's no figures to report (I probably get 150 bots on my forum in a 24 hour period).


Text based captchas are actually the easiest kind of captcha to adapt to. Having both a simple text question and image captcha means a more complex setup is required (you'd need an OCR at a minimum, and there's no decent free ones, and you can't have the bot 'learn' the answers because OCR failures would distort feedback).

Having spent the last couple of years outing military bot and sock accounts and flaws in captcha systems (in one case going so far as to write a bot to prove it in the case of two separate forums), this isn't out of ignorance. You can see some of FlynnBot's postings on another forum here. FlynnBot was reverse engineered from a piece of python code someone wrote trying to defraud the UK government petition (interesting piece of kit, could create temporary email addresses) that was published by Brietbart that I was trying to analyse.

Offline

#21 2017-10-02 14:53:37

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

@JoshuaFlynn . . . There is no google recaptcha on this forum.  FWIW we also use the SFS db to filter out bots which has actually caused more trouble than the questions because of spam tainted IP blocks especially on VPNs.

Offline

#22 2017-10-03 00:33:29

JoshuaFlynn
Member
Registered: 2017-09-09
Posts: 48

Re: Registration questions are questionable.

golinux wrote:

@JoshuaFlynn . . . There is no google recaptcha on this forum.

In which case I'm genuinely confused. I don't recall off the top of my head, but after numerous retries the captcha thing got easier (I thought it changed into some image based one which I was then able to solve, but my memory apparently is turning to sludge with work stress), hard to explain.

FWIW we also use the SFS db to filter out bots which has actually caused more trouble than the questions because of spam tainted IP blocks especially on VPNs.

Probably due to the fact spambots make use of VPNs like they do Tor proxies. It's not a perfect solution.

Perhaps configure something similar to cloudflare, in that a basic image captcha is issued to a 'suspicious' IP, which if solved, grants them access?

(IP on blacklist, page redirection to image captcha, temporarily grant that specific IP immunity, extend it upon login.)


My other query is how do you plan to deal with trolls? Obviously not an issue yet, but with all things that gain popularity, it'll rear it's head sooner or later.


Sorry if I sound rude, only trying to help, I like Devuan, so I'd much rather be 'that guy' and point out possible issues. More for consideration than anything.

Offline

#23 2017-10-03 01:36:06

golinux
Administrator
Registered: 2016-11-25
Posts: 684

Re: Registration questions are questionable.

Tor doesn't work for registering either.  Have you seen Can't register because you are a 'spammer'?  If someone gets thwarted by the spam measures and really wants to be here, they can contact us to do it manually.  We've done it several times.  Personally I despise captchas.  But let's see what the backend admins think about your suggestions.

As to trolls . . . have you read our (almost) no code of conduct?

Your enthusiasm is commendable.  But your thoughts have been a bit much for me to process.  Mostly I tune out after about two paras . . .  wink

Offline

#24 2017-10-03 13:36:44

fungus
Member
From: Any witch way
Registered: 2017-07-12
Posts: 389
Website

Re: Registration questions are questionable.

Condition:  Thousands of bots trying to break into a public forum/list
Response:  Admins trying to keep out bots
Solution:  No anonymous users ever participate in the forum
Question:  What are the identity criteria for a bot?

1st of all the user does not see any bots, so it is logical to doubt the admin.
Admin is not interested what users think, she/he does what it takes to keep the forum "safe and functional".

Question/Hypothesis:  In an organic/bio gardening forum, there may be thousands of users, but there haven't many bot attacks.  Why do bots attack linux forums in specific (if they do)?

Aaaahhaaaahhh!!

Offline

#25 2017-10-03 23:11:58

JoshuaFlynn
Member
Registered: 2017-09-09
Posts: 48

Re: Registration questions are questionable.

golinux wrote:

Tor doesn't work for registering either.  Have you seen Can't register because you are a 'spammer'?  If someone gets thwarted by the spam measures and really wants to be here, they can contact us to do it manually.  We've done it several times.  Personally I despise captchas.  But let's see what the backend admins think about your suggestions.

As to trolls . . . have you read our (almost) no code of conduct?

Your enthusiasm is commendable.  But your thoughts have been a bit much for me to process.  Mostly I tune out after about two paras . . .  wink

I often write in depth, character trait.

They're only suggestions at the end of the day, you can ignore them, just I'd like to see more users join the Devuan forums.

Also, good point about the no code of conduct.

fungus wrote:

Condition:  Thousands of bots trying to break into a public forum/list
Response:  Admins trying to keep out bots
Solution:  No anonymous users ever participate in the forum
Question:  What are the identity criteria for a bot?

1st of all the user does not see any bots, so it is logical to doubt the admin.
Admin is not interested what users think, she/he does what it takes to keep the forum "safe and functional".

Question/Hypothesis:  In an organic/bio gardening forum, there may be thousands of users, but there haven't many bot attacks.  Why do bots attack linux forums in specific (if they do)?

Aaaahhaaaahhh!!

I presume because each bot has a different purpose:

1) Spiders (that simply datamine/harvest, either for search engines, or garbage 'rip-off' sites that need to all die in fires).
2) Pharmaceutical/Counterfiet bots (money is in the purchases of the dubious quality product).
3) Lobbyist bots (money is in achieving the desired outcome. See the FCC getting spammed with copy-paste comments from what looked to be Comcast as an example).
4) Propaganda bots (money in getting people to like or adopt a specific lifestyle choice, for example, pro-vaccine bots which I've personally encountered and exposed).
5) Military bots (attempting to achieve government policy, and thus already has the money. Usually spreads either propaganda, false information about particular targets, or is used to attack individuals to drive them off or away from a particular place).


In terms of Devuan, I imagine it's mainly 2 peppered with 5 (Red Hat being mainly funded by the US government, one of their biggest purveyors, likely does not want 'secure alternatives' cropping up. NSA got Microsoft to pwn Windows for them, and Red Hat is literally directly funded by the NSA, so chances are, given the NSA's Linus Torvalds backdoor offer failed [he went public on it], they want Red Hat to pwn most, if not all of, Linux [they already give Linus 'suggestions' on the NSA's behalf]. Only way to do that is to prevent people swapping to different configurations if they can't backdoor the kernel).

Curious thought of the day: if they approached Linus to install a backdoor in the kernel - code that is open-source - does this imply they're confident they could hide a backdoor in open-source code in broad daylight?

Does anyone still use SELinux these days?

Last edited by JoshuaFlynn (2017-10-03 23:20:38)

Offline

Board footer