I hate spam. I also hate CAPTCHAs.

Spam's not just an issue for web site / app / email consumers, although it's a major annoyance. It's a huge problem for developers and those who run the services. While you might get 50 spams a day, say, the problem is that the servers used in the process of sending & transferring are getting hit a million times harder.

So, what's a body to do?

Test for other bodies, right?

CAPTCHA catches on

CAPTCHA was a term that we began to become familiar with in 2001 and 2002. It was invented in 2000, by a couple of folks from CMU and IBM, in response to problems with Y! chatroom spam. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. (I, personally, think they worked too hard on that one.)

Since then, it's transitioned from a bizarre, nigh unpronounceable oddity to an everyday annoyance that we accept with a sigh.

We now see CAPTCHA everywhere a service provider is afraid of losing resources to spambots.

And a number of places where there's no such likelihood, just because CAPTCHA has become a reflexive action—just like the black velvet dots for disguising smallpox scars became a fashion statement for the unafflicted.

The grand goal?

The whole point of CAPTCHA is to stop spammers in their tracks.

The method?

Stupid Human Tricks.

There are lots of things computers can't do but humans can. The best way to test if a body is a human or a spambot is to make it do human things. But rather than engaging in a dialog on Stoic philosophy or writing limericks, say, which are hard things to evaluate on the back-end, the CAPTCHA people came up with something a little more... visual.

The human brain is the best image processing computer in the world. Nothing we can program compares. We can detect patterns, especially faces and letters, in almost anything, no matter how distorted or fanciful.

So. Obvious conclusion ahead:

Let's distort text and make humans enter it! Yay!

The above example is a really old school CAPTCHA—one on the first, using the swirl distortion. It's really easy to read. Not just for humans: it can be cracked by software.

It didn't stay this way for long.

Failure, doom & destruction!

I once read that there are two basic levels of failure: Level 1, where you do the thing wrong, and Level 2, where you do the wrong thing.

CAPTCHA fails on both levels.

Level 1 failure: failure to operate as intended

CAPTCHA may have diminished spam dramatically... for a while. But like any spam-fighting technique, it doesn't operate in a vacuum.

Yes, CAPTCHA—supposedly a Stupid Human Trick hat trick—can be cracked.

The rolling out of CAPTCHA pissed off spammers who, in the finest tradition of salty stories, became bent on revenge. They found a number of ways to crack the early CAPTCHAs.

CAPTCHA images must get ever more difficult to parse, even for humans, necessitating the addition of a "reload" feature when the images are totally unreadable.

It's a death spiral.

There's an inevitable endgame coming:

Most CAPTCHA research to date has been limited to academic applications. Far more powerful algorithms will be required for commercial CAPTCHAs. As CAPTCHAs become more prevalent, bot programmers are expected to unleash armies of bots bent on breaking them. — PARC web page

Level 2 failure: it's the wrong thing, anyway

But the most intriguing aspect of cracking CAPTCHAs is that you don't have to crack CAPTCHAs to get around them.

Let's review:

1. CAPTCHAs demand mad image processing skillz.
2. What are the best image processing computers in the world? Humans.

Get it?

Computer science researchers know exactly how hard image processing with computers is, because that's a constraint they come up against in their research all the time.

But spammers are much better judges of human nature than computer science researchers.

There's no need to be an image processing whiz to defeat CAPTCHA. What you need to defeat CAPTCHA are warm bodies. Not even smart ones. Just living and breathing and neurologically firing.

Spammers simply farm out the CAPTCHA solving to those fleshy meatbots that do it like second nature: humans.

Thanks to Mechanical Turk you can get CAPTCHAs solved and open all the spammy fake accounts you want for about a nickel apiece. There are other online markets, too. Hell, hire a dedicated team!).

Even more cheaply, and probably even more speedily, you can use human's weaknesses as leverage (weaknesses other than money!).

Some brilliant folks source CAPTCHAs from the sites they wish to infiltrate and put them in front of download links for pirated copies of music, movies and porno.

The people seeking the music and porn will fill out the CAPTCHA for free, without thinking "Oh no! What if this CAPTCHA stands between Yahoo! Mail and one more spambot? How will I ever live with myself?"

A category failure at heart

The real way to stop spam is not to test if a request originates with a human. Humans are clever, devious and untrustworthy.

A better way to stop would be to identify spamminess from other metrics that are unique to spam: behavioral patterns, Bayesian filtering, keywords.

Not that I'm saying it's easy. There's a reason I'm not a computer science research scientist.

But, uh, need I say more?

Overcoming Bias has a little post that, for the most part, quotes the findings of a study on how "interesting details" affect learning.

The researchers found that "interesting details" decreased the student's understanding (transfer), while not affecting the student's memory (retention) of what they read/watched.

Case 1 was video trying to teach about how a cold virus infects the body.

Case 2 was a slide deck on digestion (the students read the presentation, there was no presenter).

Their Conclusion

The money quote (from the study):

Results are consistent with a cognitive theory of multimedia learning, in which highly interesting details sap processing capacity away from deeper cognitive processing of the core material during learning.

Huh. Interesting, right?

And now, some interesting details I've chosen for you:

• the "interesting details" for Case 1 were not directly related to the matter at hand; they were about virii's "role in sex and death," not spiffy facts about the main topic, how a virus infects the body
• the "interesting details" for Case 2 go unrecorded

This paper isn't showing up in any of the research libraries I have subscriptions to, or I'd dig deeper.

Probable Flaws

But based on this snippety snip, I'd wager that the following problems exist with the study's conclusion:

• interesting details lower comprehension when they distract from the very specific topic at hand
• "interesting" is in the eyes of the beholder (just because something's about sex or death doesn't make it interesting, natch—it could make the student feel uncomfortable, guilty, or disgusted, too, rather than interested)
• intriguingly, the "interesting details" group did not remember (retain) any less, they just understood less, but they were tested on the main point, not the interesting details
• the real key to aiding comprehension & retention is to focus, focus, focus on your point; if you can keep the focus on with interesting details, surely that will add to understanding rather than detract

Useful takeaways for every day life

Nevertheless, it serves as a good reminder that we all need from time to time: Stay on point. Which I will always imagine as a leaping dolphin with a ball on his nose, a cardboard cutout prop used in a 2nd grade writing lesson. Which kinda proves the, well, point.

Ever since my first couple talks, my presentation theory has boiled down to: A) people will only remember 1 entire thing from your 45-minute talk, so make it count, and B) making people laugh gets them more engaged, and more engaged people learn and remember more.

People balk when I tell them A, but my experience has upheld this idea. Once you choose your main point for A, that you want them to remember in full, you can only try to expose them to other ideas in the hope that they will remember them vaguely later, when they need them: Didn't I hear about a tool for this? Maybe I should Google instead of writing my own...

Now I will be sure to reduce even further any extraneous "interesting tidbits" that are not on focus.

I asked y'all what you'd like to see a cheat sheet on for Ruby Advent; Lakshan, Ruby Advent Guy, started off a number of requests for ActiveMerchant.

You ask, I deliver.

Well, maybe over-deliver is more accurate. To the tune of 7 pages of content, ranging from the overall CC processing "life cycle" (cue Lion King music—thanks, that's perfect) in general to getting started with ActiveMerchant in the specific. Yikes. At the end of this sucker, my right wrist was seriously aching.

So, my dear and wonderful readers, my Giftmas present to you:

Jump Start Credit Card Processing v1.0 (download)

But wait, there's more! To finish this sucker on the deadline, I had to put even more content aside for later!

I have been so very frustrated by the lack of quality info out there about setting up Software as a Service (SaaS) businesses, I'm very much in the mood to kick its ass.

And, heck, if I can help & teach people at the same time as promoting freckle time tracking, the reason I had to learn this stuff, well, so much the better. Right?

I'll post here when I've shipped v2.0, and I'll update the cheat sheet homepage, too. You can also sign up for email notification if you'd prefer.

You've got an app that is on its way to awesomeness. It just needs a little tender lovin' care in the usability or design department to get there. Buuut... your budget can't take a full redesign right now.

And yet... January 1—and the end of taxable year 2008—is almost here.

Well, as a small business owner myself, I know both the joys of budgeting and the annual rush to get in just a few more tax breaks.

Does this sound familiar?

Have I got a present for you!

Warm, gooey User Experience audits...

Do you remember my first post announcing our prix fixe Inspector Package for usability & user experience?

Put simply: I will explore every nook and cranny of your app, and analyze every area from the overall application structure and assumptions, to the positioning in the market, to the design, layout, & behavior of specific elements, and aesthetic direction, making suggestions all the while.

At the end, you'll get a fancy-pancy report running between 20 and 30 pages, including lots of analysis and many suggestions, marked-up screenshots and a few custom new wireframes just for you.

This is what I call The Inspector Package. (Think Sherlock or Columbo, not Clouseau.)

What can you do with all that advice and insight, you ask? Well, whatever you please! It's yours to do with what you wish. Implement changes & ideas yourself, or hire somebody else to help you out, or even hire me, if you're into it.

...at a totally snackable price

Usability audits aren't just for Christmas, they're for life!

But, since it is Christmas, and I'm feeling joyeaux, I'm taking $250 off the normal price. The whole shebang will run you only $3,250. Aaaaaand... I'll throw in a year's worth of freckle. You can't beat that.

Turnaround time on these babies is about 2 - 3 weeks. They take a lot of time, effort, and love, so I can do only a couple at a time.

So, I'm opening up just 2 slots for January. If you email me today, I can send you a proposal and invoice today.

You'll score yourself a nice tax write-off right under the wire in addition to some of the best usability-design-marketing help you can buy.

How's that sound?

Write me: amy@slash7.com.

Happy Customers

So many of my customers are Big Corp's that can't or won't talk, and neither can I about them.

However, lately I've been focusing on smaller biz, like Infovark, one of my coolest and favoritest clients ever. Our relationship started with an Inspector Package and turned into a full-blown consulting affair.

Even my wireframes are often described as "awesome." (Have you seen a typical wireframe? You know that means somethin'.)

The Details

Email me and I will send you a proposal, a sample audit and an invoice.

To begin work on your Inspector Audit Package, I'll need a 50% deposit up front (that's $1,625). Since I'm in Austria, time zones apply—and I can only accept payment via PayPal for now.

NB: All $ are US $.

Online Examples

If you're not already familiar with my work, you can see a few projects in action live, on the internets:

Freckle — the first, full-blown app I've done as a personal project rather than client work

Twistori — People call it "strangely addictive," but it's not strange, it's by design, every single level of it. It's simple, but, as the old saw goes, it's the knowing where to hit with the hammer that costs the big bucks.

CreativeScrape — My first stab at a visual feed reader.

Befuddlr — An online game I created with the other JavaScript god in my life, Erik Kastner. It, like Twistori, is addictive by design.

Unlike just about everybody else, I not only do wireframes, flow diagrams, and usability advice, I'm a visual designer, too.