"Knock, knock, knock."
"Who is it?"
"It's me, Dave. Open up..."
When Cheech and Chong performed this routine in the 1970s, it became as popular as Abbot and Costello's "Who's on First?" was with a previous generation. While "Dave" was negotiating the possibility of opening the door, they both knew they were talking to human beings. But when considering if you will "open the door" to your blog comments or other feedback, you aren't as lucky. In fact, more often than not, you may be dealing with a machine asking you to open up.
You've probably seen the disaster areas left in the wake of a robot attack on a blog or other web feedback portal, when no filtering mechanism was used in the comments section. It's not a pretty site. Excessive blog spam can drive away readers as well as bring undesirable Google associations with your name.
In an even more important area, protecting personal information on banking, employee databases, and other sites, it's imperative for webmasters to determine if they are dealing with human beings. The usual method for accomplishing this is some form of CAPTCHA, short for "Completely Automated Public Turing Test to Tell Computers and Humans Apart" (www.captcha.net), which requires you to read some distorted text like that in Figure 1, then correctly enter the text sequence into a dialog box. Reading the text is (theoretically) easy for you, but difficult for a computer.
I think of a CAPTCHA as a lock that should be easy for humans to open, but hard for machines to decipher. Certainly, locking your car or house is not a foolproof way of stopping bad guys from doing their worst. The idea of a lock or alarm is really to make it harder for someone to mess with your stuff—so hard that they will move along. This is really the practical goal for a CAPTCHA as well.
