(20##) 10 9 8 7 6 5 4 3 2 1 0 <
DesktopWeb FormText   /aiCAPTCHA article FAQTue, 01 Feb 2005 12:31:19 GMT # 

i am going to be unplugged for a long while. so if you have a question about /aiCAPTCHA ... please refer to the FAQ below

Q: Where is the article link?
Q: What crime did you commit?
a: i did not commit a crime. what i did is write a spam bot to beat CAPTCHA and post 94 comment spams. and it wasnt really spam, all it has is an apology and a link to the article. nothing commercial whatsoever. what i'm guilty of doing is hurting some peoples pride ...
Q: You mean you didnt kill 200K people or change the tilt of the Earth's axis?
a: not yet
Q: So if it had been real spam, what would the message have said?
a: all your blogs are belong to us
Q: Why didnt you just spam a couple blogs?
a: i did the whole web site to show the other problem of large groups being on the same system. it was still what i consider to be a small # of individuals. and also large enough to prove that it wasnt done manually. anyway, a lot of people are now more aware of the issues ... good
Q: Did you piss people off?
a: at least 3 people, probably more. i am sorry about doing that, but in reality ... it was just 94 comments. only 1 comment to 94 different people. they'll get over it
Q: Are the people you spammed pissed off?
a: most of them have not responded. more of them responded positively than negatively. one of them wrote and made some good points, so i changed those parts of the article for him. some of them even think that its cool. a number of them just deleted the comment within 24 hours (what i expected to happen). none of them made a blog post regarding it. i take that to mean that they dont really care?
Q: How mad should the spamees be?
a: however mad 1 comment spam makes them
Q: What if they want to get even?
a: then each of them should just spam my site in return. running a public blog ... thats the sort of thing happens. or better yet, why dont i just extend my program to spam my own site with 94 comments ... then they dont have to do any work at all
Q: What about the bandwidth and resource usage argument
a: 10 minutes and less bandwidth than an MP3 file. dont forget the messages probably take up a couple 100K of disk space
Q: Are you going to release the code?
a: no
Q: Are you going to sell the code?
a: how much you got?
Q: Are you going to use it to spam them (or anybody else) anymore?
a: no. it was a one time shot
Q: Why dont you rename it the Death Star, and pummel people relentlessy with comment spam every waking and non-waking moment of the day?
a: note to self, dont piss off the Question guy
Q: How many emails were sent off after your stunt?
a: over 33 emails to at least 106 recipients (over 24 hours). about a quarter of those were to aliases, so there is no telling how many email boxes those actually went in to. in all likelihood there was exponentially more emails sent off about the comment spam than the 94 comment spams the bot posted. i'm actually more sorry about all those mass emails that were sent ... compared to being sorry about the comment spam. note that i did not send or reply to any mass emailings
Q: your kidding me! more email messages were sent than what you spammed?
a: no kidding. that is just counting email addresses in the To: field and Cc: field that were seperated by semicolons. aliases were only counted as 1 email
Q: what were the topics of the email?
a: mostly personal attacks against me. some were meant to be threatening
Q: What have people been saying about you?
a: bad judgement, cocky, immature, attention seeking, saying they could have written it but chose not to, foolish, bad guy, boob, bad representative, dude
Q: What is your reaction?
a: they called me dude! regardless, i dont know these people ... nor do they know me
Q: how many saw the article and contacted you about work?
a: two. but i'm happily on contract
Q: Does need to immediately work on their CAPTCHA?
a: no, it would be much easier to write a program to mass spam the other blog sites that dont use CAPTCHA at all ... plus those blog sites have alot more users. even if they do write a strong CAPTCHA, there are people that already have better spam bots to beat those; one of them is linked in the article. not to mention they would have to figure out how to stop the manual entry and social engineering aspects as well ... good luck with that. not to mention Roland proved that you could post through the CommentAPI ... and bypass CAPTCHA altogether. i'm the least of their problems
Q: Why didnt you ask permission before doing this?
a: because a black hat hacker would not ask for permission. i think this is what they call grey-hat? nor would anybody have given me permission to do this
Q: Does this reflect badly on MS or your group affiliation?
a: how? this has nothing to do with that. its not even related to the group i am a part of. this is an industry issue. i could have ran this against complete strangers. i chose them because CAPTCHA provided a false sense of security and i assumed they would see the point behind a controlled attack ... i assumed wrong. nor does that affiliation really have a way to classify me. they pigeon hole you in some category for a year ... and thats not me
Q: Could anybody have written this?
a: your mom could have written it. read the article, its pretty simple
Q: Did you do this for publicity?
a: save that question for my PR guy (there is no PR guy)
Q: Why did you write it in the 1st place?
a: to smack the people in the face that think comment spam has been beat. this is purposefully meant to offend google and the rel='nofollow' crew. also to learn more AI
Q: Do you regret doing it?
a: no way. my only regret is how dramatic some people are. this has gotten way too much air play and people have wasted too much time commenting. also that i gave up so easily on figuring out how to determine line intersections
Q: Do some people take themselves too seriously?
a: LOL :)
Q: Are you always destructive?
a: no, you might remember me from such articles as Sys.Sec.Crypto or WSE2 for CF
Q: You mean you wrote code for people to actually better secure their apps?
a: go figure
Q: What did you learn from this?
a: mostly more about image processing and neural networks. specifically about how large sample sets might not converge if you have a real small set of output nodes. because 1 sample might train 1 behavior, and another sample might untrain it
Q: I mean what life lesson did you learn?
a: who not to hang out with at the summit
Q: If you could do it again, would you do it differently?
a: i would do it exactly the same. nobody has provided any logical arguments against my actions. they've provided arguments ... just nothing that holds much water. much of it has been 'what-if' scenarios. of course the 'what-if' scenarios are exaggerated to match their bloated egos. on the off chance any of the 'what-if' scenarios occur, it will be due to their incessant ranting
Q: Did you get in trouble?
a: for what?
Q: What if you do get in trouble?
a: will i care?
Q: Any last comments?
a: yes. i need to Thank the people that have publicly supported me. its good to see that there are still voices of reason. i dont subscribe to all the blogs in the world ... put this is the pattern i saw. only positive comments were made in actual blog postings. the negative stuff was either through emails or comments to blog postings. of course there were also positive emails and comments ... but the lack of negative blog posts (not comments) seems kind of interesting
Q: Why did you write this FAQ
a: because i will be off the grid for a while. when i get plugged back in, then i'll start work on my next project. so this is the last i have to say about it
Q: Was this supposed to be funny?
a: some of it was meant to be funny. some of it is the truth. you can decide for yourself which is which. since people dont like the truth, then they should assume all parts they dont like were meant to be funny. and they can assume the rest was meant to be truthful
Q: What if this blog post upsets somebody?
a: they can talk to the PR guy
Q: Must you always have the last word?
a: yes