MikeMirzayanov's blog

By MikeMirzayanov, 5 years ago, translation, In English

Hi Codeforces!

Unfortunately, ill-wishers thwarted the round by making DDOS on our infrastructure. Neither the coordinator nor the writers of the round are subjects to blame for the failure. Please do not downvote the announcement of the round. I think that this situation is an additional reason to support the writers. They worked hard and prepared good problems!

Apparently, such an attack should be regarded as a symptom of the fact that Codeforces outgrew the youth phase and entered serious adult life. Of course, we will respond with adequate measures to protect ourselves from such incidents. Fortunately, for almost 10 years of work, a large community has formed around those who care about Codeforces. We are not worried about possible additional expenses or efforts. We can do this. The rounds must go on.

MikeMirzayanov

UPD 1: All three of today's rounds will be unrated.

UPD 2: Hooray! Today we've survived another DDOS attack. The round was not perfect, but it was not ruined!

  • Vote: I like it
  • +3234
  • Vote: I do not like it

| Write comment?
»
5 years ago, # |
  Vote: I like it +307 Vote: I do not like it

Seriously, what could be the reason to attack a non-profitable and educational site like Codeforces :( ?

  • »
    »
    5 years ago, # ^ |
    Rev. 2   Vote: I like it +65 Vote: I do not like it

    You must think globally. If the tasks are complex, you no need to solve them, just DDOS the platform.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +37 Vote: I do not like it

    to get rid of codeforces fans and drag them to another site and make a profit .

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +107 Vote: I do not like it

    It's not unreasonable to think that screwing with the Technocup selection would be profitable to someone, possibly a participant. Wasn't the same contest also attacked last year?

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +1 Vote: I do not like it

    The attackers want to demonstrate that they can beat the best programmers in the world, especially in their favorite website.

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it +61 Vote: I do not like it

      But it shows they cannot beat the best programmers, so they attack the platform.

      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it +4 Vote: I do not like it

        It depends on how to define "beat". For coders here, writing an accepted answer quickly is of course one way. However, for others, implementing and breaking efficient, secure and reliable practical systems is obviously another way. I believe best programmers here have sufficient ability to make to their "home" more efficient, secure and reliable. Hopefully can see more academia publications from CF to show how it achieve this goal.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +35 Vote: I do not like it

    Perhaps the hacker did badly in the contest, and he wanted it to be unrated. :-p

  • »
    »
    5 years ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    codechef's users :v just kidding

»
5 years ago, # |
  Vote: I like it +175 Vote: I do not like it

Show must go on

»
5 years ago, # |
  Vote: I like it -57 Vote: I do not like it

It's rated?

»
5 years ago, # |
  Vote: I like it +38 Vote: I do not like it

Sounds supermotivating. #roundsmustgoon

»
5 years ago, # |
  Vote: I like it +43 Vote: I do not like it

The problems was very nice although we had bad time with submissions but this is not anyone's fault rather than the stupid attacker who hate the community. Thanks for the great contest Codeforces! I hope this attack doesn't stop the community passion for making new rounds.

»
5 years ago, # |
  Vote: I like it +101 Vote: I do not like it

Maybe a little off-topic: But having a UI which looks as modern today as it was 10 years ago. Congratulations to whoever designed the UI of codeforces.

»
5 years ago, # |
  Vote: I like it -42 Vote: I do not like it

  • »
    »
    5 years ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    It seems like your memes and your subbmission have something in common

»
5 years ago, # |
  Vote: I like it +64 Vote: I do not like it

Exact same thing happened last year. What did you do differently this time?

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +53 Vote: I do not like it

    They added the mirror Codeforces minimalistic sites. At least I got to submit today, last year everything was down.

    • »
      »
      »
      5 years ago, # ^ |
      Rev. 2   Vote: I like it +36 Vote: I do not like it

      Yes, what I meant to say is "what will you do differently this time".

      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it +10 Vote: I do not like it

        Maybe they should add Captcha for login.

        • »
          »
          »
          »
          »
          5 years ago, # ^ |
            Vote: I like it -26 Vote: I do not like it

          Codeforces allows the option to login to as many devices you want. Could that increase the chances of attack? Codechef just allows one to login at one device at a time.

          • »
            »
            »
            »
            »
            »
            5 years ago, # ^ |
              Vote: I like it +103 Vote: I do not like it

            How is this relevant? You don't need to login to do a ton of requests to the servers.

            Also CodeChef's login thing (actually a lot of things about CodeChef) is really annoying and shouldn't be taken as an example.

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it +53 Vote: I do not like it

      Sadly, all of the mirrors were under attack today too. Big thanks to m2 for working even under such terrible conditions <3

      Why, Mike?
      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        Seriously?? m2 was working?? I am asking because I quit after checking the m3 and m1...

        • »
          »
          »
          »
          »
          5 years ago, # ^ |
            Vote: I like it +127 Vote: I do not like it

          m2 was 'working', it didn't show my submission through it in My Submissions.

      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it +3 Vote: I do not like it

        m2 stayed up, but https was disabled. Is this a man in the middle attack? I don't know anything about security.

        • »
          »
          »
          »
          »
          5 years ago, # ^ |
            Vote: I like it +36 Vote: I do not like it

          (I am not security expert)

          I'm pretty sure it's only possible to do man in the middle attack if you are the internet provider or control the internet of the target. So it's not likely in this case.

      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it +3 Vote: I do not like it

        Because of this.

»
5 years ago, # |
  Vote: I like it +15 Vote: I do not like it

Couldn't blame anything, just support always be. Thanks to codeforces and Mike for years of hard work.

»
5 years ago, # |
  Vote: I like it -8 Vote: I do not like it

Situation was — either the codeforces server gets flooded or I get flooded with negative rating...

N.B: (By no means I am the attacker or one of them... I am just one of the noobs who solved only one problem)

»
5 years ago, # |
  Vote: I like it 0 Vote: I do not like it

Is there anyway to know how much my rating will change if this round was rated?

»
5 years ago, # |
  Vote: I like it +12 Vote: I do not like it

why I can't open testcases of any problem

»
5 years ago, # |
  Vote: I like it +51 Vote: I do not like it

Thanks to Mike Mirzayanov for Codeforces and Polygon platforms

»
5 years ago, # |
  Vote: I like it 0 Vote: I do not like it

I hope this doesn't happen again ...

»
5 years ago, # |
  Vote: I like it +25 Vote: I do not like it

Sadly I was top 294 in the div.2 round. But I will do my best at the educational, I mean, I hope it will happen. Please, don't attack other rounds even if you go badly. Stop not accepting a lose. (Only for the attacker)

»
5 years ago, # |
  Vote: I like it +42 Vote: I do not like it

The attacker while trying to hack codeforces

»
5 years ago, # |
  Vote: I like it +5 Vote: I do not like it

I really love the platform. And I’d like to thank you and everyone else who’s involved in anyway on Codeforces for making this great website. Also, Is there anyway that we can donate to the website? I think every dollar will help and I’d like to give back to the community. The rounds must go on!

»
5 years ago, # |
Rev. 2   Vote: I like it +30 Vote: I do not like it

I am not sure I get it

»
5 years ago, # |
  Vote: I like it +9 Vote: I do not like it

F

»
5 years ago, # |
  Vote: I like it +141 Vote: I do not like it

Failing kid:

»
5 years ago, # |
  Vote: I like it +3 Vote: I do not like it

When a technocup round comes then it will be probably unrated...

»
5 years ago, # |
  Vote: I like it +24 Vote: I do not like it

Even in Russia you can't hide from russian hackers

»
5 years ago, # |
  Vote: I like it +113 Vote: I do not like it

Hackers when they do bad on a codeforces round:

»
5 years ago, # |
  Vote: I like it -24 Vote: I do not like it

were the 10-15 minute delays in the previous rounds the hackers' fault?

»
5 years ago, # |
Rev. 3   Vote: I like it +3 Vote: I do not like it

Looks like it is not possible to check the test details of submissions (in problems from problemset) since the attack :(

Edit: already fixed, thanks MikeMirzayanov

  • »
    »
    5 years ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    You mean from "Status" bar? I can see them.

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it +5 Vote: I do not like it

      I tried from different places but it is always the same because they reach the same point, the submission:

      My profile -> submissions -> specific submission -> "click to see test details" but they don't appear.

      Problemset -> one attempted problem -> one submission -> "click to see test details" but they don't appear.

      Contests -> one participated contest -> my submissions -> one submission -> "click to see test details" but they don't appear.

      From status it used to be possible to click on one submission and a pop up used to appear with the code and the tests, but now the pop up doesn't appear. It is possible to access the submission page opening the link in a new page, but as in the other cases it will not show the test details

»
5 years ago, # |
  Vote: I like it +4 Vote: I do not like it

So sad... I did so well and I thought I could be a Master in this round.

Anyway, still great thanks to codeforces for all your efforts.

»
5 years ago, # |
  Vote: I like it +15 Vote: I do not like it

How can "300iq" send tasks while DDOS atack?

»
5 years ago, # |
  Vote: I like it 0 Vote: I do not like it

Could Cloudfare stop this problem of DDOS attacks?

»
5 years ago, # |
  Vote: I like it +3 Vote: I do not like it

Sad...I am just a new programmer from math background..but the problems of this contest were really cool..

»
5 years ago, # |
  Vote: I like it +31 Vote: I do not like it

f**k the attacker

»
5 years ago, # |
  Vote: I like it 0 Vote: I do not like it

Why can't I see the testcases?

»
5 years ago, # |
  Vote: I like it 0 Vote: I do not like it

i can't see my testdate :(

»
5 years ago, # |
  Vote: I like it 0 Vote: I do not like it

What may happen,we are with you.

»
5 years ago, # |
  Vote: I like it +26 Vote: I do not like it

Why cant you just use Cloudflare for protection ?? even illegal torrent sites use cloudflare .

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +28 Vote: I do not like it

    The main reason — it is partially blocked in Russia

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it +21 Vote: I do not like it

      Why not use Cloudflare for just one of the mirrors?
      Why not use another similar service, such as BitMitigate?

      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it +23 Vote: I do not like it

        That will make the mirror partially available in Russia? That doesn't solve the problem..

        Other fully available services is the only bet then

        • »
          »
          »
          »
          »
          5 years ago, # ^ |
            Vote: I like it +18 Vote: I do not like it

          It depends. Only some of Cloudflare IP addresses are blocked in Russia, so if the mirror gets an IP address that is not blocked, it will be fully available.

          • »
            »
            »
            »
            »
            »
            5 years ago, # ^ |
              Vote: I like it 0 Vote: I do not like it

            That should work unless cloud flare rotates its IP address during the attack to stop attacks and lands on a Russia-blocked address. Not sure if they will use this strategy to prevent the attack though they might, in that case we are again back to same issue I suppose.

            • »
              »
              »
              »
              »
              »
              »
              5 years ago, # ^ |
                Vote: I like it +8 Vote: I do not like it

              I don't think that they rotate IP addresses to stop attacks. It is trivial for the attacker to discover the new address.

              • »
                »
                »
                »
                »
                »
                »
                »
                5 years ago, # ^ |
                Rev. 3   Vote: I like it 0 Vote: I do not like it

                They probably do rotate saying "Most of the attackers don't follow you to the new IP, surprisingly" Its part of one of their heuristics arsenal I guess, so they may rotate.

                This is an old video but here they say they do rotate https://youtu.be/kjs3KZtFeTM?t=289

»
5 years ago, # |
  Vote: I like it +9 Vote: I do not like it
»
5 years ago, # |
Rev. 2   Vote: I like it 0 Vote: I do not like it

I have a request — When a contest becomes unrated, can we still give ratings to the problems in it ?

I'm asking this because I find the feature of rating problems extraordinarily useful

»
5 years ago, # |
  Vote: I like it +61 Vote: I do not like it

TechNoCup : DDOS Strikes Back

»
5 years ago, # |
  Vote: I like it +290 Vote: I do not like it

Plot twist: Mike did the DDOS so he could now write this post and gain contribution. Illuminati confirmed.

Also, please don't use "$$$q$$$ independent queries" in statements when you just mean test cases.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Laughs in "Demons and Angels"....

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +16 Vote: I do not like it

    Lol

    Mike can become highest contributor anytime he wants xD

  • »
    »
    5 years ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Isn't "test cases" can be misinterpreted as "tests"? Because I saw several times clarifications with something like: "My solution works on first testcase, why am I getting WA1?"

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it +18 Vote: I do not like it

      When the input section mentions that the input starts with $$$T$$$ and then there are $$$T$$$ test cases on the input, it's only contestants' fault for not understanding that WA1 is WA on the first input and that their code isn't supposed to print something different for the first sample input than the output in the statement.

      This is like if foreigners who are learning your language tried to change words they have difficulty with. You don't have to follow their fancy. Let them learn.

      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        You may be right, I'm not sure. Anyway, we recieved the proposal from higher-ups to use "queries" instead of "test cases".

        • »
          »
          »
          »
          »
          5 years ago, # ^ |
            Vote: I like it 0 Vote: I do not like it

          Okay, the higher-ups will probably see that it wasn't well-received.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Strongly agree on avoiding using 'q independent queries' in codeforces.

»
5 years ago, # |
  Vote: I like it +8 Vote: I do not like it

I think mike must do something to protect this awesome website from being hacked.

»
5 years ago, # |
  Vote: I like it +3 Vote: I do not like it

Currently, I have a problem viewing submissions (even mine) in any round or gym, it takes a long time to appear or it doesn't appear at all, is it just me or it's a common problem? Thanks.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Me too

    I have to click about 10 times before submission shows up

»
5 years ago, # |
  Vote: I like it +3 Vote: I do not like it

hacker noob

»
5 years ago, # |
  Vote: I like it -7 Vote: I do not like it

I know that the decision has been made and I respect it, but was making it unrated really the best possible option? Around 75% of the time everything worked perfectly, and 75% of the time typically accounts for 90% of the contest submissions. One possible option would be to shorten the contest duration and use the results after 1:30:00 as a base for standings and rating calculation.

Of course, this would not be completely fair. For example, there are people who budgeted their time between coding and hacking and their plans were thwarted by the abrupt end. There might be somebody who did some final testing, and if they knew the contest is in their last minutes, they would submit faster.

As a counter-argument, there were rounds where time was added due to some issue. This might not be as severe, but still can cause similar issues, e.g., knowing that I cannot possibly finish a task in time, my concentration drops and I move to hacking instead.

Furthermore, the chosen solution is also "unfair" in the sense that people who did well in the contest before shit hit the fan did not gain rating. Feel free to call me a crybaby in the comments, as I likely missed pushing my top rating because of this.

Clearly, this wouldn't have been unrated if the DDoS happened in the last minute, and would be unrated if it happened twenty minutes in. Where's the boundary? (That's a hypothetical question, I know this is fuzzy.)

To end on a higher note, thank you for all you're doing for us and that you tried hard to keep the contest alive!

  • »
    »
    5 years ago, # ^ |
    Rev. 2   Vote: I like it +24 Vote: I do not like it

    I wasn`t able to submit at about 01:10. The first submission by problem E I made was at 01:15 and I remember it was already hard to do it :) . And I think 70 minutes for Div.1 Round is unfair a little

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +10 Vote: I do not like it

    I am biased as I did not do well in this particular contest, but I started seeing troubles after 50-60 minutes in the contest (somehow I ended up reloading the page with the problem statement), then switched to m2, and after another 15 minutes I started struggling with the submission.

    Still, I think keeping rating on the basis of the time point when everything was working well is a good idea. Kind of a "sudden death" feature. However, I see a couple of issues here:

    1) Some people start with harder problems, probably in an effort to get more points (no idea if it works or not, never tried). Then it becomes a gamble for them, as they might not have enough time to submit a single problem.

    2) The rating becomes not very representative in the cases when 0-1 problems are solved by that time. Even if the line is drawn after 1 h, I guess this affects more than 50% of participants.

    I do not really know how to assess this, my point is that the scoreboard looks legitimate for top 200-300 participants, but below that it looks a bit more random. You can see it by the growing dispersion of rating changes (like, some people who would solve only one problem, solved it before the issues appear, and people who would solve three problems, sent a buggy solution for the 1st, started solving 2nd while waiting for the 1st to test, then realized they have a bug etc.).

    I think it will be easier to solve servers vulnerability issues rather than to come up with clear and fair rules for "problematic" rounds.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +31 Vote: I do not like it

    If you announce a round that lasts X minutes and then shorten it, you're punishing people for not refreshing often enough and instead doing stuff like stresstesting a solution or trying harder problems before easier ones. We're given a known amount of time and told to use it the best way we can. Changing that after the fact is massively unfair, just like e.g. disregarding a problem because it was standard or changing problem scores.

    Adding time doesn't have that problem (it has some problems). You're given the time you need, you need access to statements, you can use it the way you want and then you can submit. I still think that you need to see the verdict too and it isn't fair otherwise.

    The second problem is that you can't objectively pick the "end time". If someone submits at 1:31 and gets AC, why would you punish that person? On the other hand, if you disregard too little time at the end, you're giving a random advantage to people who were able to submit through m2, which worked unreliably, or who just kept trying in a situation where it seems like everything is totally down. The only fair decision is that the disruption caused everyone to have a worse result, so everyone's rating change must be non-negative.

    Clearly, this wouldn't have been unrated if the DDoS happened in the last minute

    It isn't so clear. If enough people's submissions in the last minute of the contest don't go through and the website times out for the next hour (=provable DDoS in the last minute), they should have the opportunity to be unrated. The line is "can we prove they were unfairly affected?" and "how many people?".

    Furthermore, the chosen solution is also "unfair" in the sense that people who did well in the contest before shit hit the fan did not gain rating.

    I don't want that kind of rating.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +50 Vote: I do not like it

    I have a high place and that's only because there was a ddos and nobody could submit later :D

    Losing more than the last 2-3 minutes of a contest is already a big deal because it's optimal to choose last problem in such a way that you finish it just before the end. It's often good to test it too if you have enough time. I would say that the website not working for the last 10 minutes would be enough to make the round unrated, maybe even less than that.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it -45 Vote: I do not like it

    petition to make it rated

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it +36 Vote: I do not like it

      Petition to make it $$$1/\pi$$$-rated!

      Petition to make it $$$r$$$-rated where $$$r^5-2r^4-r+1 = 0$$$!

»
5 years ago, # |
  Vote: I like it +11 Vote: I do not like it

Why attack an educational site?

»
5 years ago, # |
  Vote: I like it -25 Vote: I do not like it

So how many people qualify for the finals after the first qualifier ?

  • »
    »
    5 years ago, # ^ |
    Rev. 2   Vote: I like it -29 Vote: I do not like it
    • »
      »
      »
      5 years ago, # ^ |
      Rev. 2   Vote: I like it 0 Vote: I do not like it

      Russian version of Mike's post says "rounds will be unrated, but the best participants will be invited to the Final".

      • »
        »
        »
        »
        5 years ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        Okay. Hopefully they'll be extras, not taking spots from those qualified through other rounds.

»
5 years ago, # |
  Vote: I like it +5 Vote: I do not like it

I suggest penetration testers to enhance such a great platform I also suggest to use cloud-flare for preventing such incidents I also suggest to donate by anything that could help in such a situation, because code-forces is a good platform for us all thanks Mike for that effort thanks problem sitters for really good contests please don't down vote that because it's a really nasty problem of hacking something that helping you to be better in CP world

»
5 years ago, # |
  Vote: I like it +57 Vote: I do not like it

I can't post a new blog :(

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +14 Vote: I do not like it

    That's because your contribution is already very high. XD

»
5 years ago, # |
  Vote: I like it +4 Vote: I do not like it

After reading this I realised How much I am connected to this platform, I started using just two months ago. and it feels like someone has attacked my partner.

»
5 years ago, # |
  Vote: I like it +30 Vote: I do not like it

It seems that now any user is not allowed to submit more than 20 times within 5 minutes. I understand that this is because of safety reasons, but can you please make some exceptions for vjudge bots, as there are many different people submitting from vjudge.net simultaneously and thus 20 submits for 5 minutes is not so big amount and this cause some queues.

  • »
    »
    5 years ago, # ^ |
      Vote: I like it -13 Vote: I do not like it

    vjudge already uses multiple accounts to submit codes. Isn't it possible to increase number of threads(code submitters)?

    • »
      »
      »
      5 years ago, # ^ |
        Vote: I like it 0 Vote: I do not like it

      For some (obviously unknown to me) reasons they use five accounts, which is no so big amount. Even 100 submits per 5 minutes isn't enough, because vjudge is pretty popular.

»
5 years ago, # |
  Vote: I like it +6 Vote: I do not like it

What does the attacker think?

»
5 years ago, # |
  Vote: I like it -18 Vote: I do not like it

I believe best programmers here have sufficient ability to make to their "home" more efficient, secure and reliable. Hopefully can see more academia publications from CF to show how it achieve this goal (such as implementing its own operating system, networking stack, web server, contest sandbox, etc ..??).

»
5 years ago, # |
  Vote: I like it +21 Vote: I do not like it

Submissions sent 6 hours ago such as 62240408 are still in queue. DDoS again?

  • »
    »
    5 years ago, # ^ |
      Vote: I like it +8 Vote: I do not like it

    Want to know, too. My several submissions are also in queue for a long time.

»
5 years ago, # |
Rev. 2   Vote: I like it -7 Vote: I do not like it

A note for the hacker:-

"I don't know who you are.
I don't know what you want.
But if you ruin any future contest I participate in,
I will find you, and I will ki11 you."