Actually, I'll extend that to saying every open source Google library/tool feels like that.
https://news.ycombinator.com/item?id=42130881 on Francois Chollet is leaving Google
> "Why did you decide to merge Keras into TensorFlow in 2019": I didn't! The decision was made in 2018 by the TF leads -- I was a L5 IC at the time and that was an L8 decision.
Haven't looked at the devconsole but it'd probably be easily bypassed by someone dedicated.
https://www.usenix.org/system/files/conference/woot14/woot14... is a paper on the subject i think is really interesting
However a surprising amount of text based captchas can be solved in a few line shell script of, using imagemagik to convert to greyscale, dilate and undilate, then pass to teserract
However there are also sites like https://2captcha.net , so really captchas are more like putting a small min amount of effort.
There's a significant amount of time, skill and effort that went into the solution from this post, and the end result doesn't generalize well (you'd have to start all over for a different kind of captcha).
The vast majority of spammers would not be able to replicate this; those who do would either make money legitimately, or focus their skills on juicier targets (if you have AI/ML skills and want to do nefarious things there are other options that pay much better than spamming).
Such captchas still work well at raising the cost of successful spamming above the expected payoff from said spam.
I can't get any real jobs that pay me for my more advanced skills. My primary sins were going to a second/third-tier university and some performance concerns in a portion of my previous roles due to divorce and burn-out. I make $80k/year in government IT, and $30-150k/year as the "AI" guy in a small 2-5 person group that offers a CAPTCHA-breaking API.
The spammers aren't the ones replicating this. They just pay B2B rates (combo of SaaS + Consulting, depending on client needs) to help them remove the roadblocks.
Are there? Say you've got a felony record and can't get a legit AI/ML job at eg OpenAI/anywhere. What would you do instead? most of the options I can think of involve getting paid for doing things that are basically spam if you zoom out enough.
Well-intentional bots are first-class citizens
If you manage crack it at 1mhz per captcha or 1ghz or 1000ghz, it makes no difference, as the bottleneck is the network identifier (ip address/block)
While still a type of PoW, these economics are different than offline mechanisms like password hashing or crypto. Where a 1ghz cost is still significantly different than 1mhz.
I say this with the chagrin of someone who works on a cool software product that is also coincidentally really well-shaped to make people want to abuse it.
Eh? They just need to buy their software from someone that can. I would say many of the malware and spamware isn't created by every individual deploying it, but instead vendors that got good at it and decide to make revenue by licensing out their software to other bad actors.
At that point a proof of work captcha (mCaptcha.org is one, but there are others), is probably the best option. Especially with how any reasonably effective traditional captcha is an accessibility nightmare.
Or disallow free users to post at all, and require everyone to buy the 4chan Pass for $20 USD per year if they want to post.
This is already available to not have CAPTCHA. So if CAPTCHA is totally ineffective, it follows that they should do away with CAPTCHA and free users being able to post at all and everyone should buy the 4chan Pass if they want to post.
Of course it's not perfect, and it will still happen, but I have yet to hear any better solutions. Please prove me wrong though!
If you wanted to go full meta "never go full meta" you would train a AI to figure out if the agent on the other side was human or not. that is, invent the reverse turing test. it's a human if the ai is unable to differentiate it's responses from normal humans responses. as opposed to marketing human responses.
Well now I have to go have a lay down, I feel a little ill from even thinking on the subject.
Even before captcha is being served your TLS is first fingerprinted, then your IP, then your HTTP2, then your request, then your javascript environment (including font and image rendering capabilities) and browser itself. These are used to calculate a trust score which determines whether captcha will be served at all. Only then it makes sense to analyze captcha's input but by that time you caught 90% of bots either way.
The amount your browser can tell about you to any server without your awareness is insane to the point where every single one us probably has a more unique digital fingerprint than our very own physical fingerprint!
EFF have been running this for years. Gives an estimate about how many unique traits your browser has. Even things like screen resolution are measured.
> TensorFlow.js doesn't support Keras 3.
I tried getting into some casual machine learning stuff a few years ago and more or less gave up because of stuff like this. It was staggering how many recent tutorials were already outdated, how many random pitfalls there were, and how many "getting started" guides assumed you were already an expert.
The chronological sorting at least offers some diversity of opinion. The first 50 replies to a 4chan thread about Trump (in the right board) will usually contain many, maybe even mostly, anti-Trump posts. On Twitter you usually need to scroll through the sea of blue checkmark replies for a while to find even one anti-Trump post.
Some 4chan boards are majority neo-Nazis who want all minorities expelled or murdered. But stumble across a particular Twitter thread and it's the same thing but with even more ideological uniformity within the thread, and with 4000 neo-Nazis in the thread instead of 60.
That said, both sites definitely are not great to use if you aren't very right-wing.
But an even better approach would be to go fully P2P and leave the scoring and ranking and filtering at the end nodes, with the possibility of friendly networks of interest group peers assisting with the task. BitTorrent for social media, pgp signed accounts, fully flexible annotation and ingestion. It's also less subject to cabal-based censorship.
https://addons.mozilla.org/en-US/firefox/addon/jkcs/
https://chromewebstore.google.com/detail/joshi-koukousei-cap...
Userscript version: https://github.com/drunohazarb/4chan-captcha-solver
It was definitely a successful learning exercise, and it's made me more confident tackling some other problems I've had in mind for awhile.
- a smeared gaussian in one axis and another in another axis can really help segmenting chars, finding lines of text in OCR
- You can unshear chars using the Radon or Hough transform as a basis to understand the angle
Went through MNIST a few weeks ago and I agree it's interesting!
During this election, I completely gave up even trying to participate and just lurked.
▲
▲ ▲If the JSON file is corrupt, it shows the following if tt1 and cd do not align.
> "error": "You have to wait a while before doing this again"
crazy
> The official TensorFlow-to-TFJS model converter doesn't work on Python 3.12. This doesn't seem to really be documented, and the error messages thrown when you try to use it on Python 3.12 are non-obvious. I tried an older version of Python (3.10) on a hunch, using PyEnv, and it worked like a charm.
2 is stable and does not change from under you. Which is what you want in a programming langiuage
[edit]
More specifically I mean when they insidiously give you infinite tests even though it's impossible to pass because the IP has been blacklisted... There's a special place in hell for the anti-human's that made that decision, and yes it involves captcha.
Anonymous boards were supposed to be low-friction, but now 4chan is one of the most user-hostile social media platforms around. It takes a special kind of dedication to post there, which I seriously doubt helps the quality of the site.
It's the spam that tops the problem list.
> is there any better way to do
> it with a single developer for
> a website that serves millions
> of people a day?
If you're not making your free website annoying to drive revenue there's obvious ways to make it less annoying.
E.g. keep the annoying captcha, but don't show one again for the lifetime of a cookie, validate users who can make a money transfer of $0.01 etc.
The worst part about the countdown: if you wait too long to make a post after waiting the 10 minutes (eg: you get distracted,) it will expire, and you have to wait another 10 minutes.
When an earlier version was trialled on /biz/ (mandatory email verification - https://warosu.org/biz/thread/58388587), it nuked the board and it hasn't recovered.
- Obscure CAPTCHA and other anti-spam features
- Pay to post
Choose one.
yeah, the recent 5-15 minute countdown before your first post is a bizarre thing, but I assume the volume of spam and ban-evading schizos they're dealing with is ungodly. a single dedicated shithead can shit up a general or a slow board indefinitely by just resetting their router or switching airplane mode on/off for a few minutes when they get banned.
>but now 4chan is one of the most user-hostile social media platforms around.
virtually every single big platform requires your phone number.
Stay off /v/, /tv/, /pol/, and /a/ and you’ll have a pretty good time.
I don't get why they added that nasty "feature" to the post form, it really discourages you to post(maybe it's because they want to sell you their 4chan pass), I don't understand why 4chan is still active
The horrible captcha + 300s countdown is for completely unauthed users. Most sites don't even allow unauthed users to post at all.
There is A LOT of ban evasion on 4chan. If you have a dynamic IP address from your ISP, you just spam/derail threads with personal crusades/whatever until you get banned, reset your router and repeat.
This countdown increases the cost of ban evasion, since you can't get right back in to continue. Everyone on your targeted board/thread now gets at least a 15-minute respite.
They've also had to blacklist entire ISP from making any posts because some people are constantly ban evading on them. Especially mobile ISPs, where there's basically an unlimited amount of fresh IPv6 addresses available.
I just opened 4chan and after the initial Cloudflare bot detection I was told to register an email or wait 15 minutes before I was allowed to even obtain a CAPTCHA. Looks like they're already taking a layered approach to combat bots.
I dislike the captcha a lot, but I wish people would invest the same effort in attacking spam that they do in defeating anti-spam techniques. Spam and similar kinds of abuse are the bane of the internet but most people seem to shrug it off but declaring that a 'hard problem' so they can ignore it.
mostly kidding! mostly