Show HN: CodeCaptcha - Hide web links behind coding challenges (codecaptcha.io)
Hello HN, I made this silly project over the long weekend. It’s pretty basic right now and the captchas are very easy. I plan to add captcha difficulty levels for link creators soon.
104 comments
[ 3.0 ms ] story [ 167 ms ] threadInterestingly, copilot GENERATED some of these captcha challenges for me. It’s impressive!
It's worth mentioning that this is a client-side captcha, making it trivial to bypass by bots / anyone.
I feel like all captcha does is waste the time of non technical folks and fail to stop the people who would abuse to begin with.
But yeah solving them with copilot is more fun.
Edit: nvm, it seems (according to a comment here by the author) that it is sent to the server and verified.
Edit 2: indeed, once the answer worked locally, it got sent - and got stuck at "Submitting..." (locally, I clicked the alert)
https://xkcd.com/1185/
where 'panic sort' remains my favorite
seems apropros as well
Maybe a better approach would be to have a prompt at the top with unclear specifications, or some kind of riddle instead of a function name. It would also be good not to have a bank of problems, since someone could just pattern match on them, but to generate them automatically somehow.
This is a lot more interesting than finding traffic lights though, and the website looks well designed. Thank you for sharing!
function deliberatelyMisleadingString {
}
> Back in 1980s, Yosemite National Park was having a serious problem with bears: They would wander into campgrounds and break into the garbage bins. This put both bears and people at risk. So the Park Service started installing armored garbage cans that were tricky to open—you had to swing a latch, align two bits of a handle, that sort of thing. But it turns out it's actually quite tricky to get the design of these cans just right. Make it too complex, and people can't get them open to put away their garbage in the first place. Said one park ranger, "There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists."
It wasn't developed to keep AI and bots out but to only let in programmers
https://www.codecaptcha.io/
It's not just about programmers.
* Create homework at the end of a programming lesson (before unlocking the next step)
* Link to a job posting from a company website (if you don't mind coming off as slightly evil)
* Hide a link to a StackOverflow answer from a friend
Oh wait..
and the server only serves to non-browser useragents
It's meaningless to reverse a string. Not just in the "there's no purpose to doing it" sense (very true) but genuinely in the "it literally isn't a defined operation" sense. If you've only lived in the nice insulated world of ASCII or a mostly-ASCII-like language, you might scratch your head - just put the letters in backwards order, right?
Well, what do you when you hit a Unicode joiner? Or a multi-byte emoji? Maybe your reversing scheme is clever and looks at "whole codepoints" or whatever. But then what happens when you normalize the "reversed" string? Or what about the modifier characters that affect the previous/next character - how to treat those? I've never been satisfied with anyone's answer to these questions, because the problem is invalid from the start. You can't "reverse" an arbitrary string, it's not a well-defined operation.
you are correct that reversing a string gives back irrelevant things. (and you don't need to go that far: what does a reversed word mean?) however, in the sense of a list of characters, the content is irrelevant.
I find "reverse a string" a good interview question then! If the applicant got lost in considering all possible interpretations instead of just solving it how 99% of humans/engineers would understand it, then they will likely be unfit for working in a team and/or have poor communication skills.
Worst: spend the entire interview explaining why you can't solve this problem.
Unless you're giving that problem and then hitting the input with a string that includes directional formatting characters. Because that's exactly what is going to happen in real life.
The only good thing about that question is at least you didn't ask them to casefold the string.
The magic of engineering isn’t doing what you’re told. It’s understanding and solving a problem someone has told you about.
My org doesn’t need the guys who need exhaustive instructions to take the next step. It needs those who can make good Bayesian inferences, reason inductively, and figure out problems.
So yes, it does filter out people with lots of knowledge who nonetheless lack these skills.
I totally see your point, though.
[...str].reverse().join('')
It is 2022. If your code doesn't treat all strings as Unicode it is broken.
Edit: That seems consistent with a statement made in another response.
And there you have it, the difference between real intelligence and regurgitation.
This is the kind of numerically specific coding that could be the basis of a CAPTCHA that CoPilot can't solve. Sixth bit, sixth byte, seventeenth bit, seventeenth byte, etc.
The Python code is wrong because the 17th bit is shifted up, not down. Also, the bits are shifted by the wrong amount, not up/down by 11 (= 17 minus 6), but up by 6 and up by 17. What a joke.
Not only that, even if the shifts were correct, it's simply xoring the bits. The swap is completely wrong.
Garbage code, total fail.
If I add your comment, a newline and the "func" keyword it does this
https://gist.github.com/CapsAdmin/9fe57314ab9f77bec0445eb042...
If I add some more context, ie "func swap(" you get
https://gist.github.com/CapsAdmin/2c8757887c27f980d1a4c2edfd...
more context, "func swap(x int32) int32"
https://gist.github.com/CapsAdmin/64e0392fe6f3d406a607884583...
I use and like copilot, but when it comes to things like this I generally don't trust it.
I'm not very fluent with bit swapping either, so I would probably resort to google on this one.
For everyone else: The author made it clear that the purpose is weed out non-engineers. Practicaly there may not really be a use case there but it was never designed to replace captcha, most people wouldn’t be able to access the link, and anyone using or purchasing the use of a bot farm already meets the captcha requirements (albeit with extremely unnecessary additional steps).