[19:51:45] @seen marostegui [19:51:45] Josve05a: Last time I saw marostegui they were talking in the channel, they are still in the channel #wikimedia-operations at 7/17/2018 1:06:23 PM (6h45m21s ago) [20:21:28] Looking for some informal feedback. What do people think of changing the captcha to https://tools.wmflabs.org/bawolff/captcha/setG/ (Current version is at https://tools.wmflabs.org/bawolff/captcha/setB for comparision) [20:28:56] bawolff: /me likes it [20:29:05] Woo :) [20:29:08] easier to read [20:29:17] Its also appearently harder for computers to read [20:29:25] for real? [20:29:30] looks easier [20:30:00] not so wavy, not so "hairy" [20:30:42] For tesseract (which is what a lazy attacker would use. All best are off for someone writing custom code), the old code was guessable by computer 33% of time. New version only 8% [20:31:12] Woop! [20:31:20] yeah, I reduced the hairiness on the basis it seems to confuse humans more than computers [20:31:43] but they could just get access (find the link to https://tools.wmflabs.org/bawolff/captcha/setG/ ) and they would be able to guess 100% [20:32:20] or is it autogenerated, or just the same 100 captchas? [20:32:28] The tool labs link is just example. If we ended up using it they would be randomly generated [20:32:32] ah [20:33:42] This won't stop a serious attacker. Most because a serious attacker would just pay someone in a third world country to do it (Its amazing how cheap that is) [20:34:25] Also, it is probably more vulnerable to the attack described in https://www.usenix.org/system/files/conference/woot14/woot14-bursztein.pdf [20:35:04] but we're already vulnerable there, and it really only makes sense to try and defend against the code you can easily download online, since we don't really know how to make secure captchas in general [20:38:15] I've worked (for like 5 min) on typing captchas for a website :p [20:38:34] recived like 0.0001 dollars per captcha xD [20:45:44] You will be rich ;) [20:57:02] YAY [23:51:15] Josve05a: that sounds miserable