Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
@geerlingguy Let me invite you to our dream-team of non-CAPTCHA (ie invisible to end-user) spam fighters:
- iva2k (BOTCHA founder and maintainer)
- Dustin Currie (un.captcha.lous founder and former maintainer (un.captcha.lous merged with BOTCHA), BOTCHA maintainer)
- deeporange1 (JS Validate Forms founder and former maintainer (JS Validate Forms merged with BOTCHA), BOTCHA maintainer)
- Staratel (BOTCHA maintainer)
Don't you think that together we could do more than each alone? We miss you, geerlingguy.
Here you are some points why you should join us:
- Extendable and configurable protection: Each way of spam protection is a Recipe, which has its own logic of form submission handling. Recipes are bundled into Recipebooks, which are applied to the forms. The list of available recipes: http://drupal.org/project/botcha#recipes-included.
- Selenium-tests for all major browsers (Firefox, Google Chrome, Opera, Internet Explorer plus possibility to extend): It means that JavaScripts-recipes work as expected - always, guaranteed. If you see something strange - you could just launch all Selenium-tests to see what's wrong and post an issue to Drupal.org. Brief Howto-instruction (both installation and usage of Selenium) is inside the Selenium-tests file.
- Handy UI: UI lets you to turn on or off recipe applying per each form. It helps to avoid critical situation when one or more recipes doesn't work as you like: you should just turn them off and post an issue to Drupal.org - and your site would not be affected by any discomfort.
- Fully test-covered: Tests covered almost every line of the code. Plus tests' structure has been unified - and now it is really simpler to maintain it.
- OOP-style: BOTCHA is moved to OOP-architecture. It means that all "entities" that take part in BOTCHA functionality are turned into classes. That gives more flexibility to extend and freedom to modify.
- Like MVC-application: The module's internal structure looks like real MVC-application. It gives a chance to separate logic of the application and the layer of interoperability with Drupal platform - that means that the BOTCHA is going to become more version-independent. I hope in the future we would see a Drupal-version-independent BOTCHA module. It eases maintainership of the module.
- Module as an Application: Each hook implementation is a method of Botcha class, which extends abstract Application class. Turning a module into a class gives a lot of opportunities, such as applying "Decorators" (see http://en.wikipedia.org/wiki/Decorator_pattern) to a module as a whole. For now we have Logger decorator implemented (Logs every method call into a file - for development purposes, turned off by default), Cacher is planned. See Moopapi project page for more details: http://drupal.org/project/moopapi.
Please try BOTCHA yourself - and tell us what do you think about our offer.
Comments
Comment #1
geerlingguy CreditAttribution: geerlingguy commentedI'm inclined to mark wontfix, for the following reasons:
I like the idea of having 'one spam prevention module to rule them all', but I think having some simpler, more focused options (rather than aggregating everything into one very large module) is more appealing to many site developers, especially in terms of possible performance/codebase costs and usability.
Might I be wrong? Maybe. I'd like to hear from some other people who might have more input (and experience in merging widely-used contrib projects) about the best way forward, before trying to merge Honeypot's simple spam prevention methods into (what I see as) a much more complex module with not as many users, and many more issues to suck up developer bandwidth.
Not marking this as closed, but will mark postponed for now so it's out of my 'need to do' list.
Comment #2
iva2k CreditAttribution: iva2k commentedJeff, Thanks for good and thoughtful points, thanks for taking time to think about it.
To respond to some points:
I also want to get some perspective from you:
I totally agree with the point that users are ultimate decision makers here. Their first priority is a 100% working code. Stable module has a huge advantage. Frankly, Botcha has some open issues that may raise concerns right now. But that's exactly the reason for combining forces - all non-Captcha bot protection modules need to get through the same hurdles. We can use your experience in fixing remaining issues. I'm sure you can use our help too. Migration to Botcha won't be too easy - it is not shutting down the module and leaving people with no choice. I think we should let you propose a sensible plan (including measurable gates, i.e. when next step is ready) if you decide that it is a good idea. The implementation of the plan - we have a motivated team to work on it.
--
Ilya
Comment #3
geerlingguy CreditAttribution: geerlingguy commentedComment #4
PatchRanger CreditAttribution: PatchRanger commentedLet's continue discussion, since BOTCHA got full Selenium-tests coverage for all recipes, both for D7 and D6: see #1894478: The latest Selenium-tests launches & reports for details.
Comment #5
geerlingguy CreditAttribution: geerlingguy commentedIt looks like you're making some good progress on the module, and it does look like a great solution. I still have a few concerns, though:
I'm still willing to entertain the idea of folding development into BOTCHA, but I am definitely not considering it for the D7 development cycle. Perhaps by the time D8 comes around.
Comment #6
geerlingguy CreditAttribution: geerlingguy commentedStaratel / iva2k: Thank you again for the offer, but I think I'm going to decline the merger at this time, mainly for the reasons I outlined above; I think there's a place for a few different spam prevention modules that do similar things, but in slightly different ways.
I'd like to keep Honeypot more nimble and focused on one method, and I think there's a value in having a few different CAPTCHA-less modules available on Drupal.org, as long as they're all well-maintained. I've added a link to BOTCHA in the 'Alternative Modules' section.
I think after Drupal 8 is fully released, and the module landscape settles down, I'll be thinking about what's next for this module, and maybe at that time it would be good to consider joining forces in some way. But for now, I'm going to mark this issue closed.
Comment #6.0
geerlingguy CreditAttribution: geerlingguy commentedAdded Extendable protection point.
Comment #7
crystaldawn CreditAttribution: crystaldawn commentedThanks for this decision to keep honeypot separate. It was the right decision and I'm glad to have selected it for integration with my own cbp module which provides honeypot integration if the honeypot module exists :) I like it's lightweightedness vs something like a one module to rule them all mentality. Linux wasnt created with the one ring mentality but windows was. Which one is more stable? IDK, debatable maybe, but I'll place my chips on Linux and it's small pieces that create the OS itself thats for sure :) Bigger isnt always better.
Comment #8
geerlingguy CreditAttribution: geerlingguy commented@crystaldawn - well, hindsight is always 20/20, but BOTCHA seems to have had a lot of steam initially, but it died out relatively quickly. Don't know if that was because the 'PatchRanger' setup that was supposed to help fund ongoing development never really got off the ground, or it was something else, but I think Honeypot does everything that most sites need and isn't needlessly complicated :)