Hacker News new | ask | show | jobs
by manmal 1094 days ago
That should only be an issue if the server is under attack.

According to the docs (https://github.com/mCaptcha/mCaptcha/blob/master/docs/CONFIG...), you can set three difficulty levels:

MCAPTCHA_CAPTCHA_AVG_TRAFFIC_DIFFICULTY

MCAPTCHA_CAPTCHA_PEAK_TRAFFIC_DIFFICULTY

MCAPTCHA_CAPTCHA_BROKE_MY_SITE_TRAFFIC_DIFFICULTY

The defaults are set such that avg traffic takes ca 0.02s on an average system. Even if you have a really really slow system, I don’t think you‘ll ever spend more than 2s there.
1 comments
MrBruh 1094 days ago
Nah you need to think about it in terms of computing power compared to each other.

According to the screenshots of XMRig for android you only get about ~35H/s while my laptop does ~2400. That's 68x faster so if it took my laptop 2 seconds it would take a mobile device ~130 seconds.

It screws with mobile users and makes the whole crypto PoW thing about it using too much energy many times worse. Not to mention botnets could make use of enough computing power to easily outpace any captchas thrown at it.

link
jefftk 1094 days ago
> According to the screenshots of XMRig for android you only get about ~35H/s while my laptop does ~2400.

Is that for the specific proof of work algorithm mCaptcha uses? While I don't think you're going to get something that runs equally quickly on a low-end phone and high-end desktop, if it depends entirely on sequential operations and is not optimization-friendly you should be able to get much closer than 68x?

link
manmal 1094 days ago
The screenshot here shows 117H/s, and I guess the Android version hasn’t been as heavily optimized: https://github.com/XMRig-for-Android/xmrig-for-android

I think we‘d need to compare apples to apples, and not use Monero mining as a benchmark for mCaptcha. Also, as I wrote in another comment, the average case (server is not under attack) is 0.02 seconds on a laptop, and probably 0.4s on an Android device even if we do use xmrig-android as comparison. Compare that to manually identifying stairs on pictures with crappy quality (10 seconds?).

link
manmal 1094 days ago
The 2s are the default setting for when the server is under attack. In a normal scenario, it‘s ca 100x less. It would take your laptop 0.02s and your hypothetical phone ca 1s. But the screenshot for xmrig-android shows 117H/s, so it would take such a phone only 0.4s, going by that logic (I don’t think the performance penalty of mCaptcha is x20 on mobile though).
link