• Home

• Let's Talk

• Why Us?

• Articles

• Services

• Rails101 Tips

• Book

Agile 101: The Simplest Thing That Could Possibly Work

Got a question or comment about this article? Find us on twitter and let us know!.

The saying, “Do the simplest thing that could possibly work,” has reached legendary status in most agile circles. When I first heard of it, I thought it was a pretty silly statement. After all, what developer in their right mind chooses to do things the hard way?

A related, albeit slightly less famous agile phrase is, “Solve today's problems today.” In other words, don't design a solution to a problem that doesn't really exist, based solely on a guess that it might be a problem tomorrow. Just solve today's problems.

It wasn't until much later that I began to understand what this simple phrase was really talking about.

If you're new to “Do the simplest thing that could possibly work,” and even if you think your understand what it means, read on. I'm going to show you how we implemented a feature on the PurpleWorkshops site that followed this advice to such an extreme, that you might think I'm crazy.

The Problem

Potential customers can get in touch with us by filling out a very simple form (you can see it here). Although we don't get a lot of traffic, we were getting a significant amount of spam submitted through that form before we implemented a simple Captcha system, that you now see at the bottom of the form. Each spam submission would add rows to our database that would require cleaning out, and each would alert me - falsely - that a potential customer was contacting us.

A Not-So-Simple Solution

Now, I really wanted to avoid a complicated, TicketMaster-style-can-barely-see-those-stupid-letters experience that I hate so much. But I finally couldn't avoid it any longer, and started looking into captcha strategies.

The general idea of a captcha is you present something that automated scripts probably won't understand - like a word or number sequence contained in an .png or .jpg file - and require the user to enter that word or sequence into the form. This raises the level of confidence that whoever - or whatever - is submitting the form is a real, human person, and therefore is probably a legitimate potential customer.

There are many solutions available. Most of them generate images on the fly, requiring you to install something like RMagick on your server. All of the solutions I looked at were fine, but… complicated. Yes, installing a plugin and following a few directions is complicated for me. Maybe I'm just getting old.

First Attempt At Being Simple

Or maybe I'm just too agile. It occurred to me, out of the blue, that I don't really need all that complexity that most captcha solutions give me. I have a relatively low-trafic site. The spambots are probably not going to think it worthwhile to really target my site. So I don't need something super deluxe. Just something to stop the simple bots.

So rather than install RMagick and generate images on the fly with some randomly-generated word pulled from a dictionary each time the page loads, maybe I could just generate a set of images and randomly present one of them using a simple image tag.

Doesn't that sounds simpler?

Wait, it gets even better. Instead of using RMagick to generate these images, I'm just going to use (drum roll…) Skitch. Yes, I'm going to generate them by hand, say 20 of them.

I just have to give them filenames like captcha_1.png, captcha_2.png, and so on. Then, to choose an image at random, I need to do something like this in my new action:

1
2
3
4
5

# Show form to user
def new
  random_key = rand(20) + 1
  @captcha_filename = "captcha_#{random_key}.png" 
end

Later in the create action, I can verify that the word they enter is the same as what's shown in the image.

Of course, somewhere I'm going to have to store the correct answer. This could be kept in the session (say, as an MD5 of the answer) or on the server.

Hmmm, this is starting to feel… I don't know, not complicated exactly, but more hassle than I wanted.

Time to simplify again.

The Simplest Thing That Could Possibly... you know...

This may sound absurd at first, but I thought, what would happen if I really just did the simplest thing that could possibly work. At least as a first pass, before I go implementing the whole solution.

What would that be? I think the simplest thing would be to have just one image that is shown every time, and one correct, hard-coded answer.

And that's exactly the solution you see now: the user must correctly type the word they see in the image before our Rails app will accept the inquiry.

But now you know the secret (whoa, I hope you don't program spambots for a living).

The Benefits

I created the image in about 3 minutes, added an image tag and a new text field to the inquiry form in about 3 minutes, added model validation (using the correct answer as a hardcoded string) in about 1 minute. 7 minutes, and two weeks later, no spam. Zero.

I suppose one day, maybe even tomorrow, some spambot will figure out the answer, and this solution won't work anymore. I'll have to make things a little more complex, and maybe use the 20-image solution. When that happens, that will become the simplest thing that could possibly work.

But remember, that's tomorrow's problem. We agile developers only solve today's problems today.

Crazy?

Does my solution sound crazy too you? Ok, maybe you wouldn't say it's crazy - but naive? Do you think a “real” solution to the problem would involve a more rigorous solution?

If so, I have one question for you.

Did I mention we haven't gotten any spam yet?

© 2008-2009 Purple Workshops, LLC. Website design by Mindy Park.