Tuesday, November 15, 2011

Automatically updating appengine-web.xml's version

If you're using AppEngine in Java land, you're probably using maven with maven-gae-plugin. If you're not, why aren't you?

Anyway, since you already have a project version, why not leverage that in appengine-web.xml's version tag?

<build>
  <plugins>
   <finalName>${project.artifactId}</finalName>
   <!-- Sets the version in appengine-web.xml -->
    <plugin>
      <groupId>com.google.code.maven-replacer-plugin</groupId>
      <artifactId>maven-replacer-plugin</artifactId>
      <version>1.3.9</version>
      <executions>
          <execution>
        <phase>package</phase>
        <goals>
            <goal>replace</goal>
        </goals>
          </execution>
      </executions>
      <configuration>
          <file>target/${project.artifactId}/WEB-INF/appengine-web.xml</file>
          <replacements>
        <replacement>
            <token>%%VERSION%%</token>
            <value>${project.version}</value>
        </replacement>         
          </replacements>
      </configuration>
    </plugin>
  </plugins>
</build>

<appengine-web-app xmlns="http://appengine.google.com/ns/1.0">
  ...
  <version>%%VERSION%%</version>
  ...
</appengine-web-app>

And that's it. When you execute gae:run, gae:deploy, etc, the version will be set automatically.

Monday, November 7, 2011

Call Me CAPTCHA Launched!

I launched my new service last night, Call Me CAPTCHA. I've been hacking on this project for a little while in my spare time.

Instead of trying to decipher more and more distorted random letters in a CAPTCHA image, why not leverage a system that's already fairly secure, ubiquitous, and easy to use: your phone. The distorted image CAPTCHA is already effectively broken, spammers can either use CPU cycles to break these or they can use humans for it. Yep, you can get paid to break CAPTCHAs; if you're running a bot, that's $2.00 per 1,000 CAPTCHAs.

You've probably seen a phone-based CAPTCHA before. The first instance I can remember is MySpace, then Google, now sites like Bank of America's with "SafePass". Well, I'd call these companies "the big boys". But what if you're a smaller site that can't afford to build a system like this, or even a large site that would rather use an off-the-shelf service? There weren't really any options until Call Me CAPTCHA.

If you've used reCAPTCHA before, you'll notice a lot of similarities; the APIs are very similar. reCAPTCHA is wildly popular, so I used them as a model for my system.

So if you're unhappy with the protection afforded by image-based CAPTCHAs, and need something more robust and easier to use, head on over and check out Call Me CAPTCHA.