I tried to do it the intended way, but found it too difficult. I was able to cheese it by staying in the starting area and killing the enemies that spawned to the right.
That isn't cheesing it, given those start conditions. That is a standard tactic when you only have the pistol (or are too low in ammo for other weapons).
The pistol is crazy accurate in these games so you can pick enemies of from afar with a few shots each, and in this case they are firing shotguns which are very ineffective at long range (the game stimulates them as having unrealistically wide pellet spread, so even if a far-off enemy gets a pin-point shot you will only take minimal damage).
I remember playing over the collage NetWare LAN and winning people who had better but less accurate weapons (usually the shotgun, or the double in later versions, as we found that the most cathartic) simply by keeping my distance. Works until someone gets close from behind, at which point if you respawn somewhere convenient you can find the bugger PDQ, and pick him off with the pistol for revenge. Even works against the rocket launcher, just make sure you don't get hit directly (d'oh) or hang around where it is easy for splash damage from misses to ruin your plans.
It is a valid method for many DOOM-style games (as they were called in my day) and their offspring. Works well in HL2 where you can spam the trigger button as fast as you like and the basic pistol will fire at that rate without a limit (other weapons have a minimum shot latency).
I've played combat games where you can chirp in order to lure enemies towards you.
Then you're incentivized to find a defensible spot and keep mashing the "chirp" button so you get a steady stream of enemies.
You could remove the chirp button -- but then you're left sprinting out juust far enough that the enemy detects you, then run back somewhere defensible. Not very satisfying.
Or you can make it so enemies stream towards the player continuously, regardless of how close they are, without any trigger -- which is sort of equivalent to having the chirp button get mashed automatically. Again, find somewhere defensible and mash the attack key.
None of these approaches feel very satisfying. There must be some clever approach to this issue which doesn't run into any of these problems. A simple set of rules which leads to a large variety of combat challenges instead of a degenerate winning strategy.
Often (though definitely not always) you can mitigate these problems with good level design and adversary programming (or in some cases, resorting to more direct scripting for specific situations).
The situation here is one of level design and player load-out – this Doom level is not intended to be encountered with only a pistol, so the only way to make progress is a way most wouldn't find fun. Though this sort of situation can be interesting if it occurs naturally though, such as a player not managing their ammo correctly for what is coming up, because here it is part of the challenge or getting yourself out of a pickle of your own mix. It can also be good if it is plot relevant. And running at the combine pistol equipped was often fun. It isn't always a situation that needs to be “solved”.
Do you remember the early "bug" in HL2 where you could bind shoot to mouse wheel up, then flick the wheel to magdump the pistol and blast anything? Good times :)
Well, this is not the first level, but this is the level entry weapon.
Plus, left and right arrows rotate the characters since it's keyboard only, but in modern FPS you are used to having them laterally move you and you rotate with the mouse, so your reflexes are off.
In Windows the issue is that alt+space will by default open the window's control menu (for minimize/maximize/move/etc.). Pressing space down and then alt will work though.
Probably because firefox has alt+(left|right)arrow as global navigation bindings, and is capturing them before the captcha can get them. requesting a fullscreen gaming mode avoids more key binding issues, but probably ruins the "captcha" feel.
nice, that was the first thing that I noticed that I kept trying to do. It makes it a lot easier. I forgot about how clunky controls can be for older games without retroarch rebinds and stuff. I was playing Perfect Dark last night on my Steamdeck and I was able to bind the controls to a modern layout (left-stick walk, right-stick look, etc...) and it makes the game a ton easier.
You don't even need to cheese it when everything is client side, so there's no way for the server to verify you actually killed the required amount of enemies.
Perhaps this implementation works that way, but in principle if the game is strictly determined based on a random seed and player input, then the server can verify that the player's inputs do in fact result in the correct outcome.
Doom doesn't even have a (variable) random seed, it's deterministic like an NES game and has built-in record/playback that's just a frame by frame list of player moves.
So have the client record and send the demo recording.
…hang on, this is starting to feel like Elliptic Curve cryptography: it’s trivial to prove a demo file is a “solution” to a random-seeded Doom map, but nontrivial to work-backwards to generate a demo-recording.
yes - i refuse to use captchas for basically any reason - if a site blocks me with a captcha where i have to label traffic lights or whatever, i close the tab and move on
i would probably choose to use doom captcha even if it takes 5 times longer. it is proven that at least people will interact with this if they wouldnt with traditional ones
> All the hard stuff is missing. It's half an idea.
Nah, it's all the idea but half (or less) the implementation.
Still counts as a PoC by many definitions. I've been handed less complete proofs to continue ("we fleshed this out in Excel in the client meeting, said we could have it done for real by Tuesday, can we?").
Oddly enough, IDCLIP and IDCLEV work. You can't activate any doors or switches, but you can beat E1M8 with No Clipping Mode. Then you're stuck at the "Ordering Info" screen with no way to activate the menu.
> Was it working in the original DOOM though? I don't remember any more.
By default it was the arrow keys for movement and <> for turning with CTRL as fire. But you could re-map the keys and after a few years quite a lot of people did.
This is the secret level (E1M9) that you'd normally encounter after E1M3. By this point in the regular progression you'd have found a shotgun, chaingun, rocket launcher, and probably some armor. Starting this level with just a pistol (and it looks like maybe U-V or Nightmare difficulty) is just begging for a buttwhipping.
This is why I like Doom and Doom II, you can just level skip to a level on Ultra Violence and just start blasting, It's good for a quick game compared to War Craft 2.
E1M5, E1M7 are also good levels to skip to on Ultra Violence and start blasting, Using respawn on Ultra Violence also makes it interesting for E1M5 and E1M7.
Didn't realize that was a thing. Was using the keyboard the whole time. Took a few tries to figure out how to strafe... and then just kept the spacebar pressed the whole time, and cleared the CAPTCHA. :)
I was able to do it without this, but this made it much easier. However, it would be much better if the strafing keys were on the left side of the keyboard. You can bunch your hands together and use your left hand for <, >, and space, but it's awkward.
They are, kinda. The default Doom keybinds have ctrl as the fire key, space as the "use" key, and alt as a modifier that turns left/right arrows into strafing. So when you play like that, your left and right hands are separated.
Yeah, amusingly, I use a keyboard that doesn't have arrow keys. I've bound them to a different layer, but that doesn't work well with this setup.
If this implementation supported the now-standard WASD (which was absolutely used by some high-level Doom players back in the day) AND if it allowed me to fire using the left mouse button (again, like the original game), then it would have been relatively easy to prove that I'm a human. :)
Not sure if wasd was used by high profile Doom players. You see, there weren't many keybinds. You had ctrl and alt for shoot and strafe (fun thing to do was press del casually on a player's keyboard, like Russian roulette, then be like 'WTF crash?'), and you had the arrow keys for movement. Then you had 4 keys for weapons in Wolf3d and some more in Doom. Swapping those required travel, but IIRC swap wasn't instant. So, no crouch, no jump, no look up or down, not even reload IIRC. Games utilizing wasd were usually multiplayer games. One would sit left, with wasd. One would sit right, with arrow keys.
Vanilla Doom had a configuration file where one could redefine key bindings (there was 10 total) to anything player wanted. But, yes, I believe custom configs were uncommon (even mouselook was frowned upon amongst the players I knew[1]) and modern gold standard of WASD+M only became a thing after Descent and Quake 1.
[1]: For a childish reason - being considered not a "true" way of playing. Although maybe that had some rational roots too, because back in the day mices weren't particularly good - bulky with heavy balls and imprecise with lint-hungry rollers and simple low-resolution sensors.
Option what. I am trying to solve a captcha on a mobile phone. I have 4 buttons on left of screen (equiv to wasd) and on right I can shoot. If I go back the imp (IIRC that was its name) cannot hit me, so I can easily shoot the cannon fodder coming from the right. Gg. But no strafing!
I was ready to good-naturedly complain that it didn’t work on mobile, but the onscreen controls worked just fine, and I didn’t have any trouble killing 3 guys right away.
I guess I have been playing a fair amount of classic doom lately though so
That depends entirely on whether you opt to do the compare by code or key. E.g. in JS KeyboardEvent.code == "KeyW" may resolve true even though KeyboardEvent.key == "W" may resolve false because the user is on AZERTY or what have you.
I'm a QMK user with a custom no -standard layout myself. I think you're referring to mapping keys to a given keycode as part of the firmware config. That's not inherently a problem, do it properly and it still lines up with whatever OS layout you load. If you're purposefully changing the keycodes to avoid letting the OS know the layout is different... well, you got what you explicitly configured you wanted it to behave like? Leave a layer if you expressly don't want said behavior, it's not up to the app developer to assume you meant to do otherwise.
When I try to log into AWS console and have to solve their captcha I always think that the target audience that this is designed to avoid can easily automate it (Some open source models can solve this without all that "AI safety" gatekeeping) while the majority of audience are simply suffering from this "feature".
Apple has proposed a solution to captcha[1] which I can't wait to be standardized and widely used.
> Automatic Verification helps protects your privacy when you sign in to an app or website. Instead of being asked to complete a CAPTCHA:
> An Apple server validates your device and Apple Account.
> This verification is sent to a third-party token issuance server, which has been verified by Apple. The token issuance server generates a private access token that verifies you to the app or website.
This is definitely not better for privacy and gives apple even more control. I would rather 3 extra seconds for captchas.
The cryptography that Apple uses for _their users_ is something novel and useful. I'm sure there would be completely open solutions that doesn't require Apple servers. At the moment this is Apple specific. I'm guessing most users will user Apple/Google solutions (just like how Passkeys are being used today) but for the security and privacy conscious there is always ways to keep your own private keys. Most people are handing over their private keys to Google and Apple for Passkeys today. That's not necessary a bad thing. Most people reuse passwords so it's an improvement.
If Apples solution only tell the site that the current user has an verified apple account without providing futher info I guess I can be acceptable for most. If the site being visited get info about whom that specific user it is a no-go.
On a more meta level it is tragic that we wont be able to use our computer online without being signed in to an online and be verified.
Thank you for doing the right thing and crediting the original Doom Captcha creator on the github repo. My expectations of the software industry in general have been at an all-time low lately, so this was nice to see.
"with" is doing a lot of the heavy lifting here. I skimmed the log and so far as I can tell, the only thing that the AI assistant did was design the UI. It didn't implement the actual game. This might sound impressive, but aside from adding minor bits of interaction (eg. a button that shows "loading" for a few seconds), there's little difference functionality-wise from a drag-and-drop UI designer like winforms (and its predecessor, visual basic, which existed in the 90s).
The JS part is nowhere to be seen, I guess they used the assistant to create the layout, but not the actual DOOM integration part (?) Even then, that chat gets pretty painful to read after a while... Paraphrasing, but that's the gist of it: "center the text in the button", "you didn't center it, center the text", "please please center the text"...
The very beginning of the chat is already inefficient as it wastes a lot of "context space" to just get very basic stuff in like defining the text at the top.. that kind of stuff should go in the very first message
I read through the chat but it's all nitpicking about layout and there doesn't seem to be any point where DOOM is actually inserted. I don't understand, did the author get the AI to do the easy part and then code the hard part by themselves?
well you'll need integrations to have the WASMised doom tell you when a monster gets hit, or when you died. you need to worry about which keyboard events to pass in, etc. i know it's not super hard but it's definitely the more exciting part of this, vs all the "make the title text bigger" stuff that's in the chat
Sure but if you think about making this project I think a lot is already know how to layout a box on a webpage and probably don't know how to hook WASM-ism Doom into the page logic.
Wait you wanna live monkey patch the WASM bitcode to hack that hook in? There's gotta be easier ways. This is the kind of stuff I'd hope an AI tool like Vercel's v0 could help with but instead this demo just shows it as a layouter, and an annoyingly bad one at that.
On one hand, it’s a clever and fun way to show off what we can do with the web these days. The way it is presented hits just right... the demo is dead center of the page, with debug tools and more info within reach. I particularly enjoyed reading the "how it's made" page to understand how it was put together. I like how all of this extra stuff was not front and center when the page loads. Even the design language of the CAPTCHA box itself felt just right.
On the other hand, it's a satire of what we have done to the web. The bad guys (like the monsters in the game) have won. I'm a flesh and blood human, but here I am having to click on fuzzy pictures of random objects before I can do the task I actually wanted to accomplish. Behind the scenes, my human insight gets licensed and used for whatever purpose (nefarious or not). Just like the DOOM demo here, it's hard and cumbersome, but for whatever reason we all accept it as the way it has to be. We all shake our heads and say "what a shame, what a shame."
> Just like the DOOM demo here, it's hard and cumbersome, but for whatever reason we all accept it as the way it has to be.
Because most if not all of us have lost all hope that eventually our governments will be either willing or able to do something about the bad actors on the 'net.
Really cool. I’m all for cool and interesting captchas if there has to be captchas at all. Aparently this one is made to be really hard uh? Gave me some wicked idea about a captcha where you have to survive a few seconds in a 2hu fight.
You can argue that’s bad for accessibility and you are correct but let me use this opportunity to talk about that hostile “put things into orbit” thing big I noticed Microsoft and X using. Recently I’ve installed windows 11 on a laptop and had to create an MS account for testing purposes. During the captcha phase the OS was installing drivers in the background so the resolution changed to 4k during the challenge but the UI didn’t scaled. With no way to reconfigure the display I had to strain my eyes to finish it and I suffer from miopia and astigmatism.
Pistol-starting E1M9 "Army Base", the first episode's massive difficulty spike of a secret level, on a touchscreen? Not that I don't appreciate the massive vote of confidence, but...
It took me using Debug Mode to realize there was supposed to be a confetti animation that plays after winning, it loads from a third party site. I have third-party javascript blocked by default.
At 20 or so it would be a useful admin login challenge.
To make it less hackable it could perhaps submit which monsters were killed and/or the time between kills or some other pattern. If the set roughly matches the previous attempts it could make for quite the challenge to brute force.
The "hackers" are already complaining that the challenge is to much for them :p I think you are onto something.
reading the chat with v0 was interesting. the last time i tried v0 it generated really basic tailwind templates but the first image generation was actually really good for an LLM.
Yea looks like most people are missing the fact it was built by the CEO of Vercel with v0, an AI site builder. Doom in a browser has been done to death. Link to chat log:
I figured out how to solve this captcha with a bot! :) The trick is to strafe left immediately after spawning and continuously press the spacebar. Then, just wait for the enemies to move in front of you and get eliminated. :)
I think my machines too slow and resolution too low. I died a few times, only got one monster. I could imagine folks in a NOC all trying to log in at the same time with speakers enabled. Some management types would have a meltdown. People on the phone would be like, yeah sure you're getting to my issue... haha I do like the idea though. Needs a quick mute and a boss button that switches to TPS reports.
I would argue that you do not need AI in the sense of ML to pass this specific CAPTCHA as it stands (move forward, move back then shoot until solved). If it was extended to all DOOM levels and you started at a completely random position of a level, I bet there is a high chance you would still not need any ML to beat it... You would at best have to implement an AI (in the sense of game development, not ML) algorithm...
Ofc all of this is going to be necessary IF it actually cannot be trivially circumvented... How does the FE prove to the backend that you actually killed the monsters?
> How does the FE prove to the backend that you actually killed the monsters?
Doom is fully deterministic so you could record the players inputs and replay them on the server to verify that the kills actually happened. Some games actually do that to make cheating their online leaderboards more difficult, because it's a lot more work to fake a record-setting replay than it is to just submit a fake score, and even if you do fake a working replay it might not stand up to human review.
Failed on 1st attempt, then beat it on 2nd attempt (I'm on Macbook Air).
Very amusing idea. Perhaps I'll implement this for my personal project... well because why not? :p
Considering that they've picked a very difficult level on purpose, I assumed it's hard on purpose as a joke. You get to solve the CAPTCHA only once you've got significant skills at Doom.
That's a low bar. Google's reCAPTCHA sometimes feels like it was created in a lab to be as infuriating to humans as possible.
If you're not logged in and are using a shared IP (CG-NAT in my case), you get all sorts of fun behaviors. It loves to fail correct responses -- sometimes multiple consecutive ones. Occasionally, it will deliberately slow down new image fade-in to a snail's pace to test reaction time. Spot those stairs too fast? You must be a bot.
without idkfa and iddqd I cannot pass. Its the strive left/right thats missing for me (not sure if that was in the original version actually), but it really throws me off that I need to use arrows and not asdw.
Well, for one, CAPTCHA means Completely Automated Public Turing Test To Tell Computers And Humans Apart and I don't think DOOM as in the gameplay is Turing-complete.
If you take a right turn then a left and run into the corner you drop into a secret area with a chain gun, some health and a med pack. The problem is that they are waiting for you if you take the elevator back up. I have no idea how to get past them without killing to many monsters. Even shooting the barrel counts -.-
Nice try, but that's child's play compared to what I've done. I was cracking CAPTCHAs before it was cool, back when you were still playing with toys. And as for your "educational" purposes, please. We both know you're just trying to look smart. Keep trying, maybe one day you'll catch up to the rest of us.
Dont feel bad, the discussion shows most of HN doesnt have what it takes :) meanwhile others are trying to move around the map without killing anything. Haha
I cant figure out how to take the right turn without killing at least one shotgun guy.
very easy to build an aimbot. i think its entertaining but to be used as real captcha you need a variety of challenging games but at the risk of turning away many humans, which will ironically open up a market for more such decaptcha services
I've rolled my eyes for years over when this sort of thing would happen for real: "score 3000 points at Pac Man and maybe we'll let you view our web site". +1 for the technical achievement, but I turn and run at Cloudflare tick boxes.
reply