More

tiagorangel · 2025-05-31T13:11:42 1748697102

btw no, cap does not contribute to any "fed botnet". you can build the WASM binaries yourself and compare the hashes. added a clarification about that to the docs.

tiagorangel · 2025-05-31T13:03:16 1748696596

> Also users may be at a disadvantage as JS crypto would not be optimized for PoW (for example lack parallel crypto capabilities or context switching between calls).

JS crypto is only used as a fallback, Rust WASM is used for solving.

tiagorangel · 2025-05-31T13:00:52 1748696452

Yes, the code is open-source for you to check

tiagorangel · 2025-05-31T12:59:49 1748696389

Cap does not send any of the calculated hashes ANYWHERE, the white paper just details a bit how proof-of-work works and I thought that it would be interesting to share.

tiagorangel · 2025-05-31T13:02:22 1748696542

added a note saying that to the docs, should hopefully clarify stuff a bit!

bogwog · 2025-05-31T14:34:27 1748702067

In case you weren't aware, a blue hat is typically associated with law enforcement in the US. On its own it'd be no problem, but the logo, the paper, and the comment above correctly pointing out concerns/lack of acknowledgement on your site (until now) really comes off as suspicious.

FWIW, I do believe you just made a few unintentional awkward choices instead of being malicious... But a product associated with something like this is a hard sell.

tiagorangel · 2025-05-31T19:03:50 1748718230

> a blue hat is typically associated with law enforcement in the US

what it's literally just the default emoji for cap

> lack of acknowledgement on your site (until now)

i've added a note

tiagorangel · 2025-05-31T12:59:16 1748696356

you can compare the hashes of the wasm lmao the build script is very much public

prophesi · 2025-05-31T15:51:58 1748706718

It's not a good practice to commit binary blobs in a repository. And I don't think it would be difficult to add a prepublish step to your npm packages so that you can remove them. The end user shouldn't need to run the build script and compare hashes whenever the source code changes.

Very surprised to get pushback on what I thought was an industry standard lmao

tiagorangel · 2025-06-03T08:33:25 1748939605

feel free to make a pr to add a worker, currently not my first priority tho

tiagorangel · 2025-05-30T19:38:05 1748633885

> how much more CO2 this is going to produce extremely minimal emissions, you're only solving a small cryptographic challenge after all.

userbinator · 2025-05-31T10:02:11 1748685731

Not at scale, however. Like another comment said, this is going to turn out like cryptocurrencies.

(I really couldn't care less about the climate debate, but waste is waste.)

tiagorangel · 2025-05-31T13:04:43 1748696683

even at a huge scale the emissions are still extremely small.

tiagorangel · 2025-05-30T19:34:56 1748633696

i wrote a bit about it here: https://capjs.js.org/guide/effectiveness.html

jbellis · 2025-05-30T19:49:04 1748634544

ahh, that makes sense, thanks

I do think that calling this a CAPTCHA when it's not actually intended to distinguish humans from computers is a bit misleading, but I can see why you would do that

tiagorangel · 2025-05-30T19:34:16 1748633656

scrapers usually don't render a webpage, else their scraping wouldn't be efficient at all.

hathawsh · 2025-05-30T19:40:43 1748634043

Is that still true? There are so many SPAs out there now that if I were to create a web spider today, I would plan to just render a lot of the pages in a browser rather than fight the status quo. Efficiency wouldn't be my top concern.

boredhacker3 · 2025-05-31T11:55:41 1748692541

That’s bullshit

tiagorangel · 2025-05-30T19:31:23 1748633483

yeah i also recommend trying out the invisible mode

tiagorangel · 2025-05-30T19:30:45 1748633445

anubis is more like Cap's checkpoint, but still the implementation is very different.