I was interested to see that WattsUpWithThat has been nominated for best science blog The Bloggie Awards. (Congrats Anthony! Am I envious? Yes. Anthony explains how to vote here.)
Recollecting that there has been evidence of cheating in past online blog contests which resulted in grousing, I was curious to look at how voting will be conducted in this year’s competition. It seems, the user fills out a form, which requires an email and solution to a captcha. After voting, an email message containing a link with a verification code is sent to the email address supplied by the user. The voter visits that link, and then the vote is counted. If your email votes twice, the 2nd vote replaces the first.
I don’t know if The Bloggies uses any additional vote-fraud detection techniques.
Compared to past years, this looks fairly secure– but then, I really don’t know much about hardening online polls against cheating. I use spam filters written by others to protect against ‘bot spam in comments As some know, bots used to bet but I fixed that. I know my method isn’t very secure– but I doubt anyone is going to write a bot just to flood the game with bets. Still, I suspect eventually, bots will be betting again!
Still, I wondered: Isn’t a captcha enough? They are a pain for humans– can ‘bots beat these these days? Or isn’t email verification enough?
Out of curiosity, I googled a bit. It turns out captcha solving has become something of a game. I found a 2003 web page discussing university researcher’s method to break captchas. Other methods to solve captchas are discussed here. Some additional discussion can be found at how stuff works. Presumably, if they really, really wanted to win the $20.11 or get the glory, someone with captcha cracking skills could break this.
Ok. So good thing they require emails. But now I wonder, if they are using both captcha and email, is email with verification not secure? Two insecure methods wouldn’t add up to a secure method. So if either both can be fiddled with individually, I know I wouldn’t use that method for voting on for my congressional rep. Still, the prize is only $20.11, not a seat in the house of representatives.
Having introduced that, I think some of you guys may be IT people. Any thoughts on security in this contest? Any rumors of cheating yet?
If the aim is to defend against automated cheating, then I’d say they’re looking very impregnable. The CAPTCHA test alone would probably suffice.
Thinking now of human cheating – multiple voting – then it’s not bad, but still quite easy to circumvent.
If you have your own hosted domain name, it’s perfectly possible to set up a “catch-all” email address. i.e. one that accepts mail for fred@some-domain.com, joanna@some-domain-com etc etc. With a setup like that you can vote as a many times as you want, and with some ease in The Bloggie Awards, and thereby skew the results.
The Bloggie folks could try restricting by domain – but now they have to distinguish between multiple cheating posts from one domain (as in the above), and multiple valid posts from a domain that is an email service host. That’s not just the big guys like gmail.com, but also numerous smaller services such as fastmail.fm.
RichardM–
If you click the links, it appears captchas aren’t necessarily impregnable. Mind you– I don’t know if anyone is sufficiently motivated to try to break those merely to pervert an online betting competition, but it looks like the AI guys work at breaking them to… well… develop AI. I’m sure spammers and various types of crackers try to keep up with technogoty on that.
I have several emails (work, gmail, one based on my domain name, @att.net one). Voting 4 times is trivial not only for me, but likely many people.
About catchall emails– I wonder if Bloggie is watching multiple votes from domains that aren’t expected to have multiple email addresses. At what level do they decide it’s too many? Is 50 too many? Lot’s of companies have 50 employees. How about .edu domains? Or .gov domains?
I am reminded of Turing’s test: if you can’t tell the difference between a computer and a human based on their responses, then the computer is displaying human intelligence. Maybe a computer program smart enough to read captchas and respond to verification emails should be allowed to vote… 🙂
SteveF–
You know, after reading the item at Wikipedia on cracking captchas, and knowing that people can set up catchall emails, I suspect someone could run ‘bot enabled voting. The only thing is I don’t think many people would care enough to go to the trouble because most spammer/cracker people aren’t going to have any motivation.
Mind you, if someone was teaching an IT course, they might want to set up a contest for students. There could be a bunch of teams. Each team would first try to build an un-crackable contest and put it online. Afterwards, each team would try to crack everyone else.
But in that case, instructor and his teams wouldn’t interfere with the Bloggies because it would be unethical (and possibly illegal. I’m not sure what the various laws on getting ‘bots to vote in contests might be.) The teams would compete against each other.
You mean the website currently pumping for legislation to allow teachers to teach creationism.
Oh and that legislation is in a state where the head of the enviroment agency has declared sea ice has returned to 1989 levels while banging on about a cooling trend.
dorlomin–
Could you elaborate? What website is pumping for legislation in some state? Did you post on the wrong thread? Wrong blog? Either you made some sort of error, or I am missing information because you don’t generally post OT, and I really can’t put your comment in context of my post.
I’m not sure what the relationship between teaching creationism and sea ice levels or temperature trends is.
Does Global Warming cause people to speculate about origins?
I guess since it causes everything else, why not?
Andrew
I think dorlomin is probably referring to this post.
http://wattsupwiththat.com/2011/02/06/new-bill-seeks-to-protect-skeptical-educators/
Note the “throw it over the fence” technique of making an accusation without providing a link for people to put everything in perspective. In particular, Anthony is specifically referring to the climate science aspect in introducing a media report of the legislation.
It takes a true believer to go from that post to “You mean the website currently pumping for legislation to allow teachers to teach creationism.”
Of course, it’s pretty much on par with most of the arguments I see being made by certain folks these days.
Captchas are to a degree machine readable using semi-AI and OCR tricks. Emails verification is also limited security as that could be scripted and run from a domain or bot herd. Other simple checks would be velocity checking speed of vote/confirmation, checking sender iP address or possibly some java/cookie tricks to try and create UID’s tracked from vote to confirmation. I didn’t bother looking to see what code it ran on visit or submission.
“These bills say, ‘Oh we’re just protecting the rights of teachers,’ which on the face of it isn’t wrong. But they draw big red circles around topics like evolution and climate change as topics to be wary about,†said Joshua Rosenau, a policy and projects director at the National Center for Science Education. “It suggests this kind of science is controversial, and would protect teachers who want to teach anti-evolution and climate-change-denying lessons in classrooms.â€
http://www.wired.com/wiredscience/2011/02/new-mexico-science-education/
Of course the obvious relationship between origin beliefs and climate beliefs is the awareness of the ones that are Federal Agency Approvedâ„¢ and which ones are held by Bad Peopleâ„¢
Andrew
lucia (Comment#68309) February 7th, 2011 at 5:00 pm
dorlomin–
Could you elaborate? What website is pumping for legislation in some state?
= = = = = = = = = = =
Mr Watts has decided to advocate a law in New Mexico that seeks to protect educators who ‘teach controversies’
http://wattsupwiththat.com/2011/02/06/new-bill-seeks-to-protect-skeptical-educators/
As he claims to be a science web site I tend to look rather dimly on an effort to get his controversy in through the back door at the expense of dropping guards against all kinds of irrationality. And I count creationism as irrationality.
“Teach the controversy” is actually the name the Discovery Institute gives to its program to teach intelligent design in US schools, so there is no great leap from the phrase to point at creationism. A law to allow teachers to “teach the controvosy” is only going one way.
Yet here he is being presented as a ‘science blog of the year’ candidate. Perhaps I am now out of step with the modern world and this is post normal science curriculum.
And given that the head of the state in questions enviroment agency, Harrison Schmitt has just submitted a document claiming that the Arctic sea ice has recovered too 1989 levels I am highly dubious of how the controversy on global warming might be presented, there is the global warming debate and then there is pure bilge.
If they want teachers to teach their controversy then try get it on the curriculum, back dooring it at the expense of safe guards against psuedoscience is short sighted and selfish.
dolormin,
As we have come to discover this last week, the Science Ain’t Settled, so teaching the controversy (of whatever it is) is kind of edumacational, don’t ya think?
Andrew
“Congrats Anthony! Am I envious? Yes.”
Please, Lucia, don’t be. I would much rather read at a blog that discusses technical issues in detail than one that is popular because participants throw around personal insults and slogans. I am not saying that the above is entirely the WUWT content or even the major part, but I would be very introspective on the difference between a good and important blog and a popular one. And that does not mean that a good blog cannot be a popular one.
I once participated at a blog where each post was rated by the readers at the blog and unfortunately those that had some emotional and personal content would be rated far higher than some very thoughtful posts.
Perhaps if you are seeking more readers and participants here and at the same time want to maintain the technical content you could do your college days routine of dancing on the tables. You might not even have to perform but just the tease of anticipation might draw participants in. Just to keep things technical while dancing you could perhaps explain why the non-linear Navier-Stokes differential equations, while not completely understood theoretically, can be a useful engineering tool. I would find that very exciting, but then again that is just me.
dorlomin —
Perhaps Dr. Schmitt submitted said document because it is grounded on solid science and therefore refutes groundless claims made in the media? Or are you another one of the trolls who is going to claim Schmitt is “anti-science”? You DO understand he has a stronger background in geophysics than most of the planet including Schmidt?
atomic
I was sort of thinking this wouldn’t be all that difficult when I read the rules. I’d read of captcha breaking– but didn’t know details. (That’s why I googled.)
I knew that *I* can set up catchall email addresses *somewhere*, and could probably write a code on my mac to detect the link and visit. It would take me time, cursing and modest research would be involved, and I have no motivation to do it. But it seems to me it’s do-able without major coding skillz.
But there’s been cheating in the past, and I think *some* people want to cheat *for the heck of interfering*. It’s a weird world out there, but some might not even care who wins– they just want to show they can do it! (Like worms and viruses etc.)
I kind of figure there must be IP checking. But people can spoof those, so it can’t just be seeing tons from the same IP. Plus people at a single company *will* often use the same IP. So maybe the checking would be for proxy server IPs? Or something?
I don’t even know what a UID is. Now… I have to look…:)
Kenneth
Sounds like a Monte Python script! 🙂
Dorlormin–
I’m against teaching creation in public schools. I would prefer the simply skip formally mentioning evolution, and only discussing DNA, mutation etc. rather than letting ID be formally discussed. I suspect AndrewKY would prefer the opposite. But quite honestly, if AndrewKY get’s his wish, what’s going to happen is the overwhelming majority of teachers will just mock ID and explain that it’s a lunatic theory.
Lucia,
Please try to keep “creation” and ID separate. They are different.
My wish is that in a science class, no ideas should be excluded a priori. They should all be subject to scientific scrutiny in front of the class. That is how each student can observe how to do science.
The fact that you think that teachers are within their job descriptions to mock certain ideas just again confirms my view that you want to promote the beliefs of your tribe, rather than promote science itself.
The only reason you want to portray ID as a lunatic theory is because you are afraid of it.
Andrew
I tried voting, was told I’d receive an e-mail to respond to, and never got it. Has anybody else had trouble with voting on their site?
The lack of choice in what is taught in public schools is of course a major weakness in, well, public schools. I certainly would not teach creation in my private school, but would want others to have that opportunity if they so desired in their private schools. Public schools tend to be rather too uniform in what they teach and what they teach is not even necessarily what the parents or students would choose given the choice. Unfortunately public school’s subject matter and how it is taught never can be nor ever was neutral.
By the way I do not blame our public school students lack of success to the teachers, but rather squarely on the parents. Politicians attempting to solve the public school system problems by throwing more money at it, with the complicity of teachers unions, would never be able to admit this.
“Sounds like a Monte Python script!”
I have suffered from this affliction for most of my life and only lately have I been “going public” with these weird images that keep popping up in my head.
Andrew_KY (Comment#68334) February 7th, 2011 at 8:23 pm
dolormin,
As we have come to discover this last week, the Science Ain’t Settled,
= = = = = = = = = = = = = = = = =
Well if this bill passes we may have a spritualist teacher walking into a class in New Mexico with a ouja board and glass. You can picture the seen as she darkens all the windows in the science lab and tries to set the atmosphere to show the gathered children that there is more to human life (and afterlife ) than traditional science and biology admits. And as the glass on the ouja board starts moving she can, in dark mystical tones, tell the childern……
.
.
.
.
.
.
.
.
.
.
“You see, the seance IS unsettled.”
IGMC
AndrewKY
They may be different, but neither has anything to do with science.
If taught, they should be discussed in philosophy or religions classes along with topics like anti-vax movements. Possibly the efforts to get these time-wasting non-science topics should be discussed in social studies as political science type topics. But they do not belong in science.
dolormin,
You are arguing against your own imagination, dude.
I certainly won’t defend ouija boards, real or imagined. 😉
Andrew
Andrew_KY–
Seems to me the law would permit this though. Does it seem otherwise to you?
Andrew_KY (Comment#68416) February 8th, 2011 at 11:49 am
dolormin,
You are arguing against your own imagination,
I certainly won’t defend ouija boards, real or imagined.
= = = = = = = = =
Or spot humour, good or god awful.
“They may be different, but neither has anything to do with science.”
Lucia,
ID only goes as far as the evidence does. It’s already part of scientific projects. It’s design detection. I think we have been over this already at some point. Perhaps you are just forgetting or maybe you ignored my comments as you are wont to do sometimes in Your Wisdom. 😉
Andrew
AndrewKY–
So.. you… say….
“lucia (Comment#68417)
February 8th, 2011 at 11:51 am
Andrew_KY–
Seems to me the law would permit this though. Does it seem otherwise to you?”
Permit what?
“lucia (Comment#68422)
February 8th, 2011 at 12:09 pm
AndrewKY–
So.. you… say….”
Yes. Remember the bees? The honeycomb? The navigation?
Andrew
The ouja board.
Yes. I commented on your silly honeycomb thing. Remember?
Re: MikeP (Feb 8 10:25),
Check your spam folder. I had no problems with voting and getting my confirmation e-mail.
Re: Kenneth Fritsch (Feb 8 10:48),
“Public schools tend to be rather too uniform in what they teach”
I’ve got a lot of problems with various public schools but this isn’t one of them. Public schools SHOULD have some uniformity in what they teach — they’re called standards. The question isn’t whether they are too uniform but rather if the standards set are biased or restrictive to a point that hampers the students’ education. I think the major problems come when ideas are taught dogmatically which is precisely the problem I have with AGW and the proponents today.
In my HS biology class, the instructor handled it very well (IMO). We had an introduction that covered ALL the major theories of creation including spontaneous generation. He then said students were free to believe in any of them that they wished but since this was a science class we were going to study the theory that had the most scientific evidence and support. Tests were not against what the student believed but rather against what the student learned about the science as we knew it.
Note that this approach would allow you to introduce ID along with (but separate from) Creationism while also demonstrating there was little scientific evidence for or against ID so no additional time would be spent on it.
“lucia (Comment#68424)
February 8th, 2011 at 12:21 pm
Permit what?
The ouja board.
Yes. I commented on your silly honeycomb thing. Remember?”
If someone wants to make scientific claims about ouija boards they should be allowed to make their case and let the evidence evaluation run it’s course.
You did comment on my honeycomb thing. You threw the word Evolution at it and then I didn’t hear from you about it after that.
Andrew
So if there is a Creator, a good scientist doesn’t care to know. Have I got that about right?
yguy–
Many scientists are religious and wish to know whether god exists. That doesn’t transform things that are not science into science.
math is not science. philosophy is not science. religion is not science. lots of things aren’t science.
yguy:
Come up with a scientific method for studying the question. That’s the rub.
ID doesn’t meet that criterion. Neither (especially) does Creationism.
Yikes, yet another thread hyjacked to…. is there a God?
SteveF,
Blame dolormin, he did the introductions. 😉
Andrew
“Come up with a scientific method for studying the question. That’s the rub.
ID doesn’t meet that criterion. Neither (especially) does Creationism.”
Carrick,
If you don’t a priori exclude a Creator from science, the scientific method does just fine.
Andrew
Why would a scientist NOT wish to know that?
Neither is the heart the body; yet without the first, the second is worthless. Bearing that in mind, why do you think Einstein said science without religion is lame?
yguy-
1) One of the blog rules is not to try to prove your point with rhetorical questions. Unless you provide anwers to the two in your comment above, you are in violation of blog rules.
As for my answers: I don’t really care if god exists or not. I don’t see why anyone should care much. My view has nothing to do with science, but I don’t see why a scientists “should” care whether or not god exists. Some do; some don’t. Asking why a scientists would not wish to know whether god exists is a bit like asking why a scientists would not prefer shoe laces over velcro closures. Some do, some don’t. Why ask why?
As for your second question: I am not a mind reader and even if I were, I could hardly read Einsteins mind to learn why he said what he said. Moreover, I don’t care why Einstein said science without religion is lame, so even if he were alive, I wouldn’t bother to ask him why he said it.
Returning to the previous point: No matter “why” einstein said what he said, ID is not science. There is no particular reason ID ought to be discussed as science, I think it is much better discussed in other places. That said, the alternative presented above– that one can discuss all sorts of failed notions that turn out to not be science is ok. It can make sense to discuss what features make an area of study science and what features do not make an area of study science. In that regard, ID makes as good an example of “not science” as anything.
Before I address the remainder of your response, I need to know why you feel justified in violating your own rule. Certainly, as blog owner, you have every right in the world both to make all the preposterous rules you like and to violate every last one of them at every opportunity; but the fact remains that as of this moment, it is all too tempting to conclude that this blog is run by a flaming hypocrite, and I refuse to waste another keystroke posting in such an environment.
So if I don’t respond to your presumably forthcoming reply, you won’t have to wonder why.
yguy–
My question is not rhetorical. Non-rhetorical questions are permitted. I want to know why you ask why instead of something else?
BTW: Other exceptions to the rhetorical questions rule have been posted from time to time. You will find some by using the search tool and looking for posts that include the words “rhethorical” and “questions”.
So, it has been previously explained:you get to post rehtorical questions if you answer them promptly.
FWIW: The organization of my comment is odd because I mean it as a real question. But had I meant it as rhetorical,the answer to my question “Why as why?” was given, and is
Or put another way: In my estimation, your “why” question is pointless and teaches us nothing.
Meanwhile, do you have answers to your rhetorical questions? (Once again– not rhetorical.)
Swell. Neither were mine.
It’s nothing like that. It’s a lot more like asking why one mechanic who can’t diagnose a problem with a car calls the manufacturer for help, while another mechanic in the same situation doesn’t care whether there IS a manufacturer.
Since it is based on a false premise, the question is moot.
yguy,
.
Honestly, I find your comments very strange indeed; quite disconnected from reasoned argument. Are there not religion blogs where your spiritual POV would be more relevant? (not a rhetorical question, BTW)
“I find your comments very strange indeed; quite disconnected from reasoned argument.”
SteveF,
Rhetorical Question: Where have I heard this kind of comment before?
Rhetorical Answer: From a guy I’ve observed who doesn’t understand that other people can have beliefs that differ from his, and still be reasonable.
Andrew
Andewr_KY,
“From a guy I’ve observed who doesn’t understand that other people can have beliefs that differ from his, and still be reasonable.”
.
I do not normally respond to your comments, but in this case, I must make an exception: I have been married for 27 years, and I very much love and respect my wife… and she is a devout Christian. You know absolutely nothing of what you speak.
SteveF,
So your wife is reasonable but yguy is not?
C’mon man.
Andrew
Andrew_KY,
“So your wife is reasonable but yguy is not?”
.
Yes that is right, my wife is reasonable, and yguy is not. My wife teaches science (PhD, biochemistry, 1986). And no, she does not mix her religion with her teaching. Nor does she push her religious views on others like yguy does.
SteveF,
yguy is not pushing anymore than you are. He has an opinion, just like you.
It’s not his fault that Lucia doesn’t argue very well in this area. 😉
Andrew
Andrew+KY,
.
Once again you are completely disconnected for normal reasoned thought. I said “I find your comments quite disconnected from reasoned argument,” and they most certainly are. His arguments are basically spiritual. If you can’t see that difference, then there is no reason to further discuss this with you. Boa noite.
SteveF,
Good night.
Andrew
Then perhaps you can get her to explain to you why it is unreasonable to accuse people falsely, as you just did.
yguy,
Clearly not worth the effort. Good night.
Have they allowed mailinator.com addresses?
I would build a bot that sets up e-mail addresses at yahoo or gmail.
Then defeat the captcha, vote, and verify my vote.
Given the time lags between steps, I would set up n bots, each with one thread. Each bot does steps 1-4, then sends off the data between steps, then processes the next step in the algorithm, on a different vote. This increases the throughput, by essentially dumping the lag between steps.
MikeN–
I have no idea what they have allowed or blocked. But a bot like you describe is more or less what I was wondering about. I assume that has a problem of using the same IP address over and over though… right? That would be detectable I would think. Or… IP spoofing.
I just tend to think cheating has just got to happen. That said, I also imagine in a few years all these blog contests will end. Blogs are so common place now. It was different when they were new.
Thanks Lucia.
I don’t think I have an ice cube’s chance in AGW of winning, as the other blogs have far, far, more traffic and readers than mine. But it was really nice to be nominated.
I hope it doesn’t turn into a bot-war. One positive thing about this contest is that there’s no visual feedback – they have no “meter” to show who’s got what vote-wise. Having no feedback tends to remove competitive urges, so maybe this one will be calmer.
Anthony–
I noticed that too. I wondered if that is to prevent outsiders from diagnosing that it has become a ‘bot war? Or to help them deal with ‘bot wars should they occur.
I agree that it’s an honor to be nominated, and it was nice to be nominated. I’m just fascinated by…. well… ‘bots in these contests!
.
So would I. Unfortunately, there is precious little technical content in the last five threads.
Ron–
Sure. This is a blog. And I’m afraid the Steig thing may go thermo-nuclear.
Are you afraid? Or are you pushing whatever buttons are in reach?
.
What’s that I see in your hands? A can of gasoline or a fire extinguisher?
Afraid? No. And I’m not reaching for the button.