I think 99% of what less wrong says is completely out to lunch. I think 100% of large language model and vision model safety has just made the world less fun. now what.
> There are no humans that know the word snow who don’t know what colours Snow is
Sorry, I don't follow, English is a second language to me, but how does this stand against my statement that 'many people don't know the concept of snow, let alone what colour it is'?
There's no reason for an English language website to cater to people who don't know what snow is. How can it be discriminatory to have a question a user can't comprehend, when they won't be able to comprehend the rest of the website either? Even blind people who can read English Braille and input text in English know that snow is white, even if they've never seen it.
If a website is multilingual, it can offer language/region selection and add appropriate questions for each of them.
I did not say it was discriminatory -- I stick to basic terms -- you may inadvertently be guarding against people who for one reason or another don't possess the knowledge to solve the puzzle. For example I could copy over an integral from one of my undergrad exams. 'Please calculate the value of the integral and enter it in the field below' (completely accessible to screen readers as well). This would effectively ban not only people who have not taken a calculus class, but many of my uni colleagues who have happily forgotten everything about calculus after they took their exams 10 years ago...
Another example for an inadvertently hard puzzle, this time due to a lack knowledge as a consequence of being part of a different culture, would be asking US people what colour is the edelweiss. In my country children learn about it in first grade if not in kindergarten. Another -- asking Europeans/US people what colour is romduol... I don't consider this discriminatory, I don't consider people in the US or Europe uneducated because they cannot solve such a simple puzzle... It is just poor/lazy/stupid design that fails the single requirement to block bots and only bots. And I get it 'I would just google it'... But how many conversions will you lose if a considerable part of your users need to google something to go to the next step of your funnel? It's just inexcusably shit UX...
You would indeed be fine with the 'snow' question if your site must only be visited and used by fellow citizens of your country (where citizens implies similar education -- both cultural and scientific). You would indeed be fine if you can make sure the puzzle will be translated intelligently (including the solution) if your site may be used in a foreign country or by users speaking the language in your own country.
I usually cannot make any of these assumptions for any of the projects I work on. The site's audience is but a whim of the Product team, and I18n is outsourced to (once) translation agencies and now directly to an LLM... This can even be done (and frankly should be done) without the knowledge or input of the dev team. Also, neither translators nor LLMs can be expected to understand that they must come up with basically a new puzzle that will not be hard for people that use the specific language. And I as a developer that does not speak the specific foreign language while I can roughly validate their translation (if by any chance it passes by me for review and I go above and beyond what is expected of me and pass it trough a translation service) and return it with feedback for fixes, I cannot rely that they will abide by the feedback, or how long it would take... Those are a lot unknowns to consider these assumptions reliable, and it seems much less effort to come up with a simpler puzzle that contains the answer in itself... Its effectiveness against spam will be exactly the same.
Also, you will definitely not be fine if your puzzle contains a concept foreign for a considerable part of people who can't for example see or hear. You would also not be fine if your puzzle's technical implementation makes it impossible to be perceived by them. The latter part is very simple to get wrong. For example, one of the best ways to protect any site from blind people is to implement a hero image slidshow that steals the focus on each slide. Their screen readers' focus gets moved each second and they literally cannot perceive, let alone navigate the site...
Finally, none of the peculiarities above excuses straight up going for reCAPTCHA. Even if you don't give a f about your users' data EU users can and will get you in trouble with EU regulators exactly when you get to a scale at which CAPTCHA use is a necessity. There's a cultural difference for you.
If it’s not installed by default on server-oriented flavours of Linux then it’s dead to me, unfortunately. Most orgs aren’t going to agree to roll it out across tens of thousands of machines on a whim.
My entire Linux experience is dictated by what’s installed by default on rhel and/or ubuntu.
This is why I originally learned vi. Working on DoD machines as well as this of other consulting customers. I had a notebook of short scripts and commands that would make my life easier. I couldn't use any media or even reference the internet in many of the data centers and labs.
"installed by default" should never be a compelling consideration for an org with ten thousand machines, or one hundred. As soon as they have their own package repos and automatic deploy systems, it should be as simple as saying "fd is a fast file finding utility packaged upstream as 'fd-find'. Please add it to the deploy list for these classes of machines" or whatever else starts your change management system grinding.
Unfortunately that doesn't cut the mustard in most organisations either, with the typical responses being along the lines of: "Who will support it? Can you provide a security assessment? Is your team happy to be responsible for any issues?"
I sorely wish it was as simple as "please deploy", and in days of yesteryear you could probably get away with that either yourself or if you were friends with the linux team, but those days are over now as far as I see.
For context, my opinion comes from being a security consultant for over a decade - I see a lot of other people's environments and how their organisations handle requests like this. Not every environment will have objections, but most won't add it as a standard package across the fleet.
The situation is closer to if we had 10,000 variants of Encyclopedia Britannica in 80s that all looked like distinct bodies of work, riddled with different errors while looking like they were written from scratch.
What is the difference to the end user? Our situation is better than it was yesterday not worse.
If we had a genie who could appear out of nowhere and tell us the truth TM at any point that would kind of ruin the adventure .
Who reads the output of a book or Wikipedia or a website or an AI and thinks oh good now I know the core truth of this thing and I never need to update this knowledge ever again case closed
