MikeMirzayanov's blog

By MikeMirzayanov, 8 days ago, translation, In English,

Hi Codeforces!

Unfortunately, ill-wishers thwarted the round by making DDOS on our infrastructure. Neither the coordinator nor the writers of the round are subjects to blame for the failure. Please do not downvote the announcement of the round. I think that this situation is an additional reason to support the writers. They worked hard and prepared good problems!

Apparently, such an attack should be regarded as a symptom of the fact that Codeforces outgrew the youth phase and entered serious adult life. Of course, we will respond with adequate measures to protect ourselves from such incidents. Fortunately, for almost 10 years of work, a large community has formed around those who care about Codeforces. We are not worried about possible additional expenses or efforts. We can do this. The rounds must go on.

MikeMirzayanov

UPD 1: All three of today's rounds will be unrated.

UPD 2: Hooray! Today we've survived another DDOS attack. The round was not perfect, but it was not ruined!

 
 
 
 
  • Vote: I like it
  • +3199
  • Vote: I do not like it

»
8 days ago, # |
  Vote: I like it +307 Vote: I do not like it

Seriously, what could be the reason to attack a non-profitable and educational site like Codeforces :( ?

  • »
    »
    8 days ago, # ^ |
    Rev. 2   Vote: I like it +65 Vote: I do not like it

    You must think globally. If the tasks are complex, you no need to solve them, just DDOS the platform.

  • »
    »
    8 days ago, # ^ |
      Vote: I like it +37 Vote: I do not like it

    to get rid of codeforces fans and drag them to another site and make a profit .

  • »
    »
    8 days ago, # ^ |
      Vote: I like it +107 Vote: I do not like it

    It's not unreasonable to think that screwing with the Technocup selection would be profitable to someone, possibly a participant. Wasn't the same contest also attacked last year?

  • »
    »
    8 days ago, # ^ |
      Vote: I like it +1 Vote: I do not like it

    The attackers want to demonstrate that they can beat the best programmers in the world, especially in their favorite website.

    • »
      »
      »
      8 days ago, # ^ |
        Vote: I like it +61 Vote: I do not like it

      But it shows they cannot beat the best programmers, so they attack the platform.

      • »
        »
        »
        »
        5 days ago, # ^ |
          Vote: I like it +4 Vote: I do not like it

        It depends on how to define "beat". For coders here, writing an accepted answer quickly is of course one way. However, for others, implementing and breaking efficient, secure and reliable practical systems is obviously another way. I believe best programmers here have sufficient ability to make to their "home" more efficient, secure and reliable. Hopefully can see more academia publications from CF to show how it achieve this goal.

  • »
    »
    8 days ago, # ^ |
      Vote: I like it -35 Vote: I do not like it

    Well, to be honest, my action of visiting the website was apparently considered as DDOS by the server of codeforces. I'm not sure if there's a "real" DDOS or just everyone was refreshing too often.

  • »
    »
    8 days ago, # ^ |
      Vote: I like it +35 Vote: I do not like it

    Perhaps the hacker did badly in the contest, and he wanted it to be unrated. :-p

  • »
    »
    5 days ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    codechef's users :v just kidding

  • »
    »
    5 days ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Congrats

»
8 days ago, # |
  Vote: I like it +175 Vote: I do not like it

Show must go on

»
8 days ago, # |
  Vote: I like it -57 Vote: I do not like it

It's rated?

»
8 days ago, # |
  Vote: I like it +38 Vote: I do not like it

Sounds supermotivating. #roundsmustgoon

»
8 days ago, # |
  Vote: I like it +43 Vote: I do not like it

The problems was very nice although we had bad time with submissions but this is not anyone's fault rather than the stupid attacker who hate the community. Thanks for the great contest Codeforces! I hope this attack doesn't stop the community passion for making new rounds.

»
8 days ago, # |
  Vote: I like it +101 Vote: I do not like it

Maybe a little off-topic: But having a UI which looks as modern today as it was 10 years ago. Congratulations to whoever designed the UI of codeforces.

»
8 days ago, # |
  Vote: I like it -42 Vote: I do not like it

  • »
    »
    7 days ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    It seems like your memes and your subbmission have something in common

»
8 days ago, # |
  Vote: I like it +64 Vote: I do not like it

Exact same thing happened last year. What did you do differently this time?

  • »
    »
    8 days ago, # ^ |
      Vote: I like it +53 Vote: I do not like it

    They added the mirror Codeforces minimalistic sites. At least I got to submit today, last year everything was down.

    • »
      »
      »
      8 days ago, # ^ |
      Rev. 2   Vote: I like it +36 Vote: I do not like it

      Yes, what I meant to say is "what will you do differently this time".

      • »
        »
        »
        »
        8 days ago, # ^ |
          Vote: I like it +10 Vote: I do not like it

        Maybe they should add Captcha for login.

        • »
          »
          »
          »
          »
          8 days ago, # ^ |
            Vote: I like it -26 Vote: I do not like it

          Codeforces allows the option to login to as many devices you want. Could that increase the chances of attack? Codechef just allows one to login at one device at a time.

          • »
            »
            »
            »
            »
            »
            7 days ago, # ^ |
              Vote: I like it +103 Vote: I do not like it

            How is this relevant? You don't need to login to do a ton of requests to the servers.

            Also CodeChef's login thing (actually a lot of things about CodeChef) is really annoying and shouldn't be taken as an example.

    • »
      »
      »
      8 days ago, # ^ |
        Vote: I like it +53 Vote: I do not like it

      Sadly, all of the mirrors were under attack today too. Big thanks to m2 for working even under such terrible conditions <3

      Why, Mike?
      • »
        »
        »
        »
        8 days ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        Seriously?? m2 was working?? I am asking because I quit after checking the m3 and m1...

        • »
          »
          »
          »
          »
          8 days ago, # ^ |
            Vote: I like it +127 Vote: I do not like it

          m2 was 'working', it didn't show my submission through it in My Submissions.

      • »
        »
        »
        »
        8 days ago, # ^ |
          Vote: I like it +3 Vote: I do not like it

        m2 stayed up, but https was disabled. Is this a man in the middle attack? I don't know anything about security.

        • »
          »
          »
          »
          »
          8 days ago, # ^ |
            Vote: I like it +36 Vote: I do not like it

          (I am not security expert)

          I'm pretty sure it's only possible to do man in the middle attack if you are the internet provider or control the internet of the target. So it's not likely in this case.

      • »
        »
        »
        »
        8 days ago, # ^ |
          Vote: I like it +3 Vote: I do not like it

        Because of this.

»
8 days ago, # |
  Vote: I like it +15 Vote: I do not like it

Couldn't blame anything, just support always be. Thanks to codeforces and Mike for years of hard work.

»
8 days ago, # |
  Vote: I like it 0 Vote: I do not like it

Any eta on when the queue might start progressing like normal? those past couple of hours have been tiring on my poor soul ;=;

shame on whoever thinks that DDoSing this wholesome place is a good idea.

»
8 days ago, # |
  Vote: I like it -8 Vote: I do not like it

Situation was — either the codeforces server gets flooded or I get flooded with negative rating...

N.B: (By no means I am the attacker or one of them... I am just one of the noobs who solved only one problem)

»
8 days ago, # |
  Vote: I like it 0 Vote: I do not like it

Is there anyway to know how much my rating will change if this round was rated?

»
8 days ago, # |
  Vote: I like it +12 Vote: I do not like it

why I can't open testcases of any problem

»
8 days ago, # |
  Vote: I like it +51 Vote: I do not like it

Thanks to Mike Mirzayanov for Codeforces and Polygon platforms

»
8 days ago, # |
  Vote: I like it 0 Vote: I do not like it

I hope this doesn't happen again ...

»
8 days ago, # |
  Vote: I like it +25 Vote: I do not like it

Sadly I was top 294 in the div.2 round. But I will do my best at the educational, I mean, I hope it will happen. Please, don't attack other rounds even if you go badly. Stop not accepting a lose. (Only for the attacker)

»
8 days ago, # |
  Vote: I like it +42 Vote: I do not like it

The attacker while trying to hack codeforces

»
8 days ago, # |
  Vote: I like it +5 Vote: I do not like it

I really love the platform. And I’d like to thank you and everyone else who’s involved in anyway on Codeforces for making this great website. Also, Is there anyway that we can donate to the website? I think every dollar will help and I’d like to give back to the community. The rounds must go on!

»
8 days ago, # |
  Vote: I like it +30 Vote: I do not like it

Why you did this evil person? This was the first time in my holy life I have solved two problems within 30 minutes...I was so much excited that I went for a walk to calm my horses...I was happy again...and now..look what you made me do??? here I am making this confession,rather I should be celebrating my 30+ rating or so in the parallel universe...and oh if you think you can lure away people by doing so..you are wrong... :D

»
8 days ago, # |
  Vote: I like it +9 Vote: I do not like it

F

»
8 days ago, # |
  Vote: I like it +141 Vote: I do not like it

Failing kid:

»
8 days ago, # |
  Vote: I like it +3 Vote: I do not like it

When a technocup round comes then it will be probably unrated...

»
8 days ago, # |
  Vote: I like it +24 Vote: I do not like it

Even in Russia you can't hide from russian hackers

»
8 days ago, # |
  Vote: I like it +113 Vote: I do not like it

Hackers when they do bad on a codeforces round:

»
8 days ago, # |
  Vote: I like it -24 Vote: I do not like it

were the 10-15 minute delays in the previous rounds the hackers' fault?

»
8 days ago, # |
Rev. 3   Vote: I like it +3 Vote: I do not like it

Looks like it is not possible to check the test details of submissions (in problems from problemset) since the attack :(

Edit: already fixed, thanks MikeMirzayanov

  • »
    »
    8 days ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    You mean from "Status" bar? I can see them.

    • »
      »
      »
      7 days ago, # ^ |
        Vote: I like it +5 Vote: I do not like it

      I tried from different places but it is always the same because they reach the same point, the submission:

      My profile -> submissions -> specific submission -> "click to see test details" but they don't appear.

      Problemset -> one attempted problem -> one submission -> "click to see test details" but they don't appear.

      Contests -> one participated contest -> my submissions -> one submission -> "click to see test details" but they don't appear.

      From status it used to be possible to click on one submission and a pop up used to appear with the code and the tests, but now the pop up doesn't appear. It is possible to access the submission page opening the link in a new page, but as in the other cases it will not show the test details

»
8 days ago, # |
  Vote: I like it +4 Vote: I do not like it

So sad... I did so well and I thought I could be a Master in this round.

Anyway, still great thanks to codeforces for all your efforts.

»
8 days ago, # |
  Vote: I like it +15 Vote: I do not like it

How can "300iq" send tasks while DDOS atack?

»
8 days ago, # |
  Vote: I like it 0 Vote: I do not like it

Could Cloudfare stop this problem of DDOS attacks?

»
8 days ago, # |
  Vote: I like it +3 Vote: I do not like it

Sad...I am just a new programmer from math background..but the problems of this contest were really cool..

»
8 days ago, # |
  Vote: I like it +31 Vote: I do not like it

f**k the attacker

»
8 days ago, # |
  Vote: I like it 0 Vote: I do not like it

Why can't I see the testcases?

»
8 days ago, # |
  Vote: I like it 0 Vote: I do not like it

i can't see my testdate :(

»
8 days ago, # |
  Vote: I like it 0 Vote: I do not like it

What may happen,we are with you.

»
8 days ago, # |
  Vote: I like it +26 Vote: I do not like it

Why cant you just use Cloudflare for protection ?? even illegal torrent sites use cloudflare .

  • »
    »
    7 days ago, # ^ |
      Vote: I like it +28 Vote: I do not like it

    The main reason — it is partially blocked in Russia

    • »
      »
      »
      7 days ago, # ^ |
        Vote: I like it +21 Vote: I do not like it

      Why not use Cloudflare for just one of the mirrors?
      Why not use another similar service, such as BitMitigate?

      • »
        »
        »
        »
        7 days ago, # ^ |
          Vote: I like it +23 Vote: I do not like it

        That will make the mirror partially available in Russia? That doesn't solve the problem..

        Other fully available services is the only bet then

        • »
          »
          »
          »
          »
          5 days ago, # ^ |
            Vote: I like it +18 Vote: I do not like it

          It depends. Only some of Cloudflare IP addresses are blocked in Russia, so if the mirror gets an IP address that is not blocked, it will be fully available.

          • »
            »
            »
            »
            »
            »
            5 days ago, # ^ |
              Vote: I like it 0 Vote: I do not like it

            That should work unless cloud flare rotates its IP address during the attack to stop attacks and lands on a Russia-blocked address. Not sure if they will use this strategy to prevent the attack though they might, in that case we are again back to same issue I suppose.

            • »
              »
              »
              »
              »
              »
              »
              5 days ago, # ^ |
                Vote: I like it +8 Vote: I do not like it

              I don't think that they rotate IP addresses to stop attacks. It is trivial for the attacker to discover the new address.

              • »
                »
                »
                »
                »
                »
                »
                »
                5 days ago, # ^ |
                Rev. 3   Vote: I like it 0 Vote: I do not like it

                They probably do rotate saying "Most of the attackers don't follow you to the new IP, surprisingly" Its part of one of their heuristics arsenal I guess, so they may rotate.

                This is an old video but here they say they do rotate https://youtu.be/kjs3KZtFeTM?t=289

»
8 days ago, # |
  Vote: I like it +9 Vote: I do not like it
»
7 days ago, # |
Rev. 2   Vote: I like it 0 Vote: I do not like it

I have a request — When a contest becomes unrated, can we still give ratings to the problems in it ?

I'm asking this because I find the feature of rating problems extraordinarily useful

»
7 days ago, # |
  Vote: I like it +61 Vote: I do not like it

TechNoCup : DDOS Strikes Back

»
7 days ago, # |
  Vote: I like it +290 Vote: I do not like it

Plot twist: Mike did the DDOS so he could now write this post and gain contribution. Illuminati confirmed.

Also, please don't use "$$$q$$$ independent queries" in statements when you just mean test cases.

  • »
    »
    7 days ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Laughs in "Demons and Angels"....

  • »
    »
    7 days ago, # ^ |
      Vote: I like it +16 Vote: I do not like it

    Lol

    Mike can become highest contributor anytime he wants xD

  • »
    »
    7 days ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Isn't "test cases" can be misinterpreted as "tests"? Because I saw several times clarifications with something like: "My solution works on first testcase, why am I getting WA1?"

    • »
      »
      »
      7 days ago, # ^ |
        Vote: I like it +18 Vote: I do not like it

      When the input section mentions that the input starts with $$$T$$$ and then there are $$$T$$$ test cases on the input, it's only contestants' fault for not understanding that WA1 is WA on the first input and that their code isn't supposed to print something different for the first sample input than the output in the statement.

      This is like if foreigners who are learning your language tried to change words they have difficulty with. You don't have to follow their fancy. Let them learn.

      • »
        »
        »
        »
        7 days ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        You may be right, I'm not sure. Anyway, we recieved the proposal from higher-ups to use "queries" instead of "test cases".

        • »
          »
          »
          »
          »
          7 days ago, # ^ |
            Vote: I like it 0 Vote: I do not like it

          Okay, the higher-ups will probably see that it wasn't well-received.

  • »
    »
    4 days ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Strongly agree on avoiding using 'q independent queries' in codeforces.

»
7 days ago, # |
  Vote: I like it +8 Vote: I do not like it

I think mike must do something to protect this awesome website from being hacked.

»
7 days ago, # |
  Vote: I like it +3 Vote: I do not like it

Currently, I have a problem viewing submissions (even mine) in any round or gym, it takes a long time to appear or it doesn't appear at all, is it just me or it's a common problem? Thanks.

  • »
    »
    7 days ago, # ^ |
      Vote: I like it 0 Vote: I do not like it

    Me too

    I have to click about 10 times before submission shows up

»
7 days ago, # |
  Vote: I like it +3 Vote: I do not like it

hacker noob

»
7 days ago, # |
  Vote: I like it 0 Vote: I do not like it

I can't register for the Educational round 74 (Div 2), does that have anything to do with the DDOS attack?

»
7 days ago, # |
  Vote: I like it -7 Vote: I do not like it

I know that the decision has been made and I respect it, but was making it unrated really the best possible option? Around 75% of the time everything worked perfectly, and 75% of the time typically accounts for 90% of the contest submissions. One possible option would be to shorten the contest duration and use the results after 1:30:00 as a base for standings and rating calculation.

Of course, this would not be completely fair. For example, there are people who budgeted their time between coding and hacking and their plans were thwarted by the abrupt end. There might be somebody who did some final testing, and if they knew the contest is in their last minutes, they would submit faster.

As a counter-argument, there were rounds where time was added due to some issue. This might not be as severe, but still can cause similar issues, e.g., knowing that I cannot possibly finish a task in time, my concentration drops and I move to hacking instead.

Furthermore, the chosen solution is also "unfair" in the sense that people who did well in the contest before shit hit the fan did not gain rating. Feel free to call me a crybaby in the comments, as I likely missed pushing my top rating because of this.

Clearly, this wouldn't have been unrated if the DDoS happened in the last minute, and would be unrated if it happened twenty minutes in. Where's the boundary? (That's a hypothetical question, I know this is fuzzy.)

To end on a higher note, thank you for all you're doing for us and that you tried hard to keep the contest alive!

  • »
    »
    7 days ago, # ^ |
    Rev. 2   Vote: I like it +24 Vote: I do not like it

    I wasn`t able to submit at about 01:10. The first submission by problem E I made was at 01:15 and I remember it was already hard to do it :) . And I think 70 minutes for Div.1 Round is unfair a little

  • »
    »
    7 days ago, # ^ |
      Vote: I like it +10 Vote: I do not like it

    I am biased as I did not do well in this particular contest, but I started seeing troubles after 50-60 minutes in the contest (somehow I ended up reloading the page with the problem statement), then switched to m2, and after another 15 minutes I started struggling with the submission.

    Still, I think keeping rating on the basis of the time point when everything was working well is a good idea. Kind of a "sudden death" feature. However, I see a couple of issues here:

    1) Some people start with harder problems, probably in an effort to get more points (no idea if it works or not, never tried). Then it becomes a gamble for them, as they might not have enough time to submit a single problem.

    2) The rating becomes not very representative in the cases when 0-1 problems are solved by that time. Even if the line is drawn after 1 h, I guess this affects more than 50% of participants.

    I do not really know how to assess this, my point is that the scoreboard looks legitimate for top 200-300 participants, but below that it looks a bit more random. You can see it by the growing dispersion of rating changes (like, some people who would solve only one problem, solved it before the issues appear, and people who would solve three problems, sent a buggy solution for the 1st, started solving 2nd while waiting for the 1st to test, then realized they have a bug etc.).

    I think it will be easier to solve servers vulnerability issues rather than to come up with clear and fair rules for "problematic" rounds.

  • »
    »
    7 days ago, # ^ |
      Vote: I like it +31 Vote: I do not like it

    If you announce a round that lasts X minutes and then shorten it, you're punishing people for not refreshing often enough and instead doing stuff like stresstesting a solution or trying harder problems before easier ones. We're given a known amount of time and told to use it the best way we can. Changing that after the fact is massively unfair, just like e.g. disregarding a problem because it was standard or changing problem scores.

    Adding time doesn't have that problem (it has some problems). You're given the time you need, you need access to statements, you can use it the way you want and then you can submit. I still think that you need to see the verdict too and it isn't fair otherwise.

    The second problem is that you can't objectively pick the "end time". If someone submits at 1:31 and gets AC, why would you punish that person? On the other hand, if you disregard too little time at the end, you're giving a random advantage to people who were able to submit through m2, which worked unreliably, or who just kept trying in a situation where it seems like everything is totally down. The only fair decision is that the disruption caused everyone to have a worse result, so everyone's rating change must be non-negative.

    Clearly, this wouldn't have been unrated if the DDoS happened in the last minute

    It isn't so clear. If enough people's submissions in the last minute of the contest don't go through and the website times out for the next hour (=provable DDoS in the last minute), they should have the opportunity to be unrated. The line is "can we prove they were unfairly affected?" and "how many people?".

    Furthermore, the chosen solution is also "unfair" in the sense that people who did well in the contest before shit hit the fan did not gain rating.

    I don't want that kind of rating.

  • »
    »
    7 days ago, # ^ |
      Vote: I like it +50 Vote: I do not like it

    I have a high place and that's only because there was a ddos and nobody could submit later :D

    Losing more than the last 2-3 minutes of a contest is already a big deal because it's optimal to choose last problem in such a way that you finish it just before the end. It's often good to test it too if you have enough time. I would say that the website not working for the last 10 minutes would be enough to make the round unrated, maybe even less than that.

  • »
    »
    7 days ago, # ^ |
      Vote: I like it -45 Vote: I do not like it

    petition to make it rated

    • »
      »
      »
      7 days ago, # ^ |
        Vote: I like it +36 Vote: I do not like it

      Petition to make it $$$1/\pi$$$-rated!

      Petition to make it $$$r$$$-rated where $$$r^5-2r^4-r+1 = 0$$$!

»
7 days ago, # |
  Vote: I like it +11 Vote: I do not like it

Why attack an educational site?

»
7 days ago, # |
  Vote: I like it -25 Vote: I do not like it

So how many people qualify for the finals after the first qualifier ?

  • »
    »
    7 days ago, # ^ |
    Rev. 2   Vote: I like it -29 Vote: I do not like it
    • »
      »
      »
      7 days ago, # ^ |
      Rev. 2   Vote: I like it 0 Vote: I do not like it

      Russian version of Mike's post says "rounds will be unrated, but the best participants will be invited to the Final".

      • »
        »
        »
        »
        7 days ago, # ^ |
          Vote: I like it 0 Vote: I do not like it

        Okay. Hopefully they'll be extras, not taking spots from those qualified through other rounds.

»
7 days ago, # |
  Vote: I like it +5 Vote: I do not like it

I suggest penetration testers to enhance such a great platform I also suggest to use cloud-flare for preventing such incidents I also suggest to donate by anything that could help in such a situation, because code-forces is a good platform for us all thanks Mike for that effort thanks problem sitters for really good contests please don't down vote that because it's a really nasty problem of hacking something that helping you to be better in CP world

»
6 days ago, # |
  Vote: I like it +57 Vote: I do not like it

I can't post a new blog :(

  • »
    »
    6 days ago, # ^ |
      Vote: I like it +14 Vote: I do not like it

    That's because your contribution is already very high. XD

»
6 days ago, # |
  Vote: I like it +4 Vote: I do not like it

After reading this I realised How much I am connected to this platform, I started using just two months ago. and it feels like someone has attacked my partner.

»
5 days ago, # |
  Vote: I like it +30 Vote: I do not like it

It seems that now any user is not allowed to submit more than 20 times within 5 minutes. I understand that this is because of safety reasons, but can you please make some exceptions for vjudge bots, as there are many different people submitting from vjudge.net simultaneously and thus 20 submits for 5 minutes is not so big amount and this cause some queues.

  • »
    »
    5 days ago, # ^ |
      Vote: I like it -13 Vote: I do not like it

    vjudge already uses multiple accounts to submit codes. Isn't it possible to increase number of threads(code submitters)?

    • »
      »
      »
      5 days ago, # ^ |
        Vote: I like it 0 Vote: I do not like it

      For some (obviously unknown to me) reasons they use five accounts, which is no so big amount. Even 100 submits per 5 minutes isn't enough, because vjudge is pretty popular.

»
5 days ago, # |
  Vote: I like it +6 Vote: I do not like it

What does the attacker think?

»
5 days ago, # |
  Vote: I like it -18 Vote: I do not like it

I believe best programmers here have sufficient ability to make to their "home" more efficient, secure and reliable. Hopefully can see more academia publications from CF to show how it achieve this goal (such as implementing its own operating system, networking stack, web server, contest sandbox, etc ..??).

»
4 days ago, # |
  Vote: I like it +21 Vote: I do not like it

Submissions sent 6 hours ago such as 62240408 are still in queue. DDoS again?

»
4 days ago, # |
Rev. 2   Vote: I like it 0 Vote: I do not like it

A note for the hacker:-

"I don't know who you are.
I don't know what you want.
But if you ruin any future contest I participate in,
I will find you, and I will ki11 you."