Hi Codeforces!
Unfortunately, ill-wishers thwarted the round by making DDOS on our infrastructure. Neither the coordinator nor the writers of the round are subjects to blame for the failure. Please do not downvote the announcement of the round. I think that this situation is an additional reason to support the writers. They worked hard and prepared good problems!
Apparently, such an attack should be regarded as a symptom of the fact that Codeforces outgrew the youth phase and entered serious adult life. Of course, we will respond with adequate measures to protect ourselves from such incidents. Fortunately, for almost 10 years of work, a large community has formed around those who care about Codeforces. We are not worried about possible additional expenses or efforts. We can do this. The rounds must go on.
UPD 1: All three of today's rounds will be unrated.
UPD 2: Hooray! Today we've survived another DDOS attack. The round was not perfect, but it was not ruined!
Seriously, what could be the reason to attack a non-profitable and educational site like Codeforces :( ?
You must think globally. If the tasks are complex, you no need to solve them, just DDOS the platform.
to get rid of codeforces fans and drag them to another site and make a profit .
It's not unreasonable to think that screwing with the Technocup selection would be profitable to someone, possibly a participant. Wasn't the same contest also attacked last year?
Last year it was one participant who was doing really badly, and he wanted them to host a second round so that he could get another chance.
Last time they didn't host new round and just used standings before the attack started. Seems like this year attacker got what they wanted (new round). Too bad.
Who was it? How idiotic one has to be to ruin everyone's effort for self gain..
It is not provided
https://codeforces.me/blog/entry/63375?#comment-472948
As I remmember there were 4 selection rounds last year
ofc, u right
The attackers want to demonstrate that they can beat the best programmers in the world, especially in their favorite website.
But it shows they cannot beat the best programmers, so they attack the platform.
It depends on how to define "beat". For coders here, writing an accepted answer quickly is of course one way. However, for others, implementing and breaking efficient, secure and reliable practical systems is obviously another way. I believe best programmers here have sufficient ability to make to their "home" more efficient, secure and reliable. Hopefully can see more academia publications from CF to show how it achieve this goal.
Perhaps the hacker did badly in the contest, and he wanted it to be unrated. :-p
codechef's users :v just kidding
Show must go on
It's rated?
The contest was Awesome but the DDOS attack ruined the show
Sounds supermotivating. #roundsmustgoon
The problems was very nice although we had bad time with submissions but this is not anyone's fault rather than the stupid attacker who hate the community. Thanks for the great contest Codeforces! I hope this attack doesn't stop the community passion for making new rounds.
Maybe a little off-topic: But having a UI which looks as modern today as it was 10 years ago. Congratulations to whoever designed the UI of codeforces.
I actually love the design. It's clean and simple
It seems like your memes and your subbmission have something in common
Exact same thing happened last year. What did you do differently this time?
They added the mirror Codeforces minimalistic sites. At least I got to submit today, last year everything was down.
Yes, what I meant to say is "what will you do differently this time".
Maybe they should add Captcha for login.
Codeforces allows the option to login to as many devices you want. Could that increase the chances of attack? Codechef just allows one to login at one device at a time.
How is this relevant? You don't need to login to do a ton of requests to the servers.
Also CodeChef's login thing (actually a lot of things about CodeChef) is really annoying and shouldn't be taken as an example.
Deleted
Sadly, all of the mirrors were under attack today too. Big thanks to
m2
for working even under such terrible conditions <3But why can't Mr. Mirzayanov set up a DDoS-protection, like Clo*dfl*re?
Seriously?? m2 was working?? I am asking because I quit after checking the m3 and m1...
m2 was 'working', it didn't show my submission through it in My Submissions.
m2
stayed up, but https was disabled. Is this a man in the middle attack? I don't know anything about security.(I am not security expert)
I'm pretty sure it's only possible to do man in the middle attack if you are the internet provider or control the internet of the target. So it's not likely in this case.
Because of this.
Couldn't blame anything, just support always be. Thanks to codeforces and Mike for years of hard work.
Situation was — either the codeforces server gets flooded or I get flooded with negative rating...
N.B: (By no means I am the attacker or one of them... I am just one of the noobs who solved only one problem)
Is there anyway to know how much my rating will change if this round was rated?
Try cf predictor chrome extension... or you can go here
thank you so much!
why I can't open testcases of any problem
Thanks to Mike Mirzayanov for Codeforces and Polygon platforms
I hope this doesn't happen again ...
Sadly I was top 294 in the div.2 round. But I will do my best at the educational, I mean, I hope it will happen. Please, don't attack other rounds even if you go badly. Stop not accepting a lose. (Only for the attacker)
The attacker while trying to hack codeforces
exactly__
I really love the platform. And I’d like to thank you and everyone else who’s involved in anyway on Codeforces for making this great website. Also, Is there anyway that we can donate to the website? I think every dollar will help and I’d like to give back to the community. The rounds must go on!
I am not sure I get it
F
Failing kid:
epik gamer move
When a technocup round comes then it will be probably unrated...
Even in Russia you can't hide from russian hackers
Hackers when they do bad on a codeforces round:
were the 10-15 minute delays in the previous rounds the hackers' fault?
Looks like it is not possible to check the test details of submissions (in problems from problemset) since the attack :(
Edit: already fixed, thanks MikeMirzayanov
You mean from "Status" bar? I can see them.
I tried from different places but it is always the same because they reach the same point, the submission:
My profile -> submissions -> specific submission -> "click to see test details" but they don't appear.
Problemset -> one attempted problem -> one submission -> "click to see test details" but they don't appear.
Contests -> one participated contest -> my submissions -> one submission -> "click to see test details" but they don't appear.
From status it used to be possible to click on one submission and a pop up used to appear with the code and the tests, but now the pop up doesn't appear. It is possible to access the submission page opening the link in a new page, but as in the other cases it will not show the test details
So sad... I did so well and I thought I could be a Master in this round.
Anyway, still great thanks to codeforces for all your efforts.
How can "300iq" send tasks while DDOS atack?
I think he send e-mail to Mike with code1.
Could Cloudfare stop this problem of DDOS attacks?
Sad...I am just a new programmer from math background..but the problems of this contest were really cool..
f**k the attacker
Why can't I see the testcases?
i can't see my testdate :(
What may happen,we are with you.
Why cant you just use Cloudflare for protection ?? even illegal torrent sites use cloudflare .
The main reason — it is partially blocked in Russia
Why not use Cloudflare for just one of the mirrors?
Why not use another similar service, such as BitMitigate?
That will make the mirror partially available in Russia? That doesn't solve the problem..
Other fully available services is the only bet then
It depends. Only some of Cloudflare IP addresses are blocked in Russia, so if the mirror gets an IP address that is not blocked, it will be fully available.
That should work unless cloud flare rotates its IP address during the attack to stop attacks and lands on a Russia-blocked address. Not sure if they will use this strategy to prevent the attack though they might, in that case we are again back to same issue I suppose.
I don't think that they rotate IP addresses to stop attacks. It is trivial for the attacker to discover the new address.
They probably do rotate saying "Most of the attackers don't follow you to the new IP, surprisingly" Its part of one of their heuristics arsenal I guess, so they may rotate.
This is an old video but here they say they do rotate https://youtu.be/kjs3KZtFeTM?t=289
Hahahahaha
I have a request — When a contest becomes unrated, can we still give ratings to the problems in it ?
I'm asking this because I find the feature of rating problems extraordinarily useful
TechNoCup : DDOS Strikes Back
Plot twist: Mike did the DDOS so he could now write this post and gain contribution. Illuminati confirmed.
Also, please don't use "$$$q$$$ independent queries" in statements when you just mean test cases.
Laughs in "Demons and Angels"....
Lol
Mike can become highest contributor anytime he wants xD
Isn't "test cases" can be misinterpreted as "tests"? Because I saw several times clarifications with something like: "My solution works on first testcase, why am I getting WA1?"
When the input section mentions that the input starts with $$$T$$$ and then there are $$$T$$$ test cases on the input, it's only contestants' fault for not understanding that WA1 is WA on the first input and that their code isn't supposed to print something different for the first sample input than the output in the statement.
This is like if foreigners who are learning your language tried to change words they have difficulty with. You don't have to follow their fancy. Let them learn.
You may be right, I'm not sure. Anyway, we recieved the proposal from higher-ups to use "queries" instead of "test cases".
Okay, the higher-ups will probably see that it wasn't well-received.
Strongly agree on avoiding using 'q independent queries' in codeforces.
I think mike must do something to protect this awesome website from being hacked.
Currently, I have a problem viewing submissions (even mine) in any round or gym, it takes a long time to appear or it doesn't appear at all, is it just me or it's a common problem? Thanks.
Me too
I have to click about 10 times before submission shows up
hacker noob
I know that the decision has been made and I respect it, but was making it unrated really the best possible option? Around 75% of the time everything worked perfectly, and 75% of the time typically accounts for 90% of the contest submissions. One possible option would be to shorten the contest duration and use the results after 1:30:00 as a base for standings and rating calculation.
Of course, this would not be completely fair. For example, there are people who budgeted their time between coding and hacking and their plans were thwarted by the abrupt end. There might be somebody who did some final testing, and if they knew the contest is in their last minutes, they would submit faster.
As a counter-argument, there were rounds where time was added due to some issue. This might not be as severe, but still can cause similar issues, e.g., knowing that I cannot possibly finish a task in time, my concentration drops and I move to hacking instead.
Furthermore, the chosen solution is also "unfair" in the sense that people who did well in the contest before shit hit the fan did not gain rating. Feel free to call me a crybaby in the comments, as I likely missed pushing my top rating because of this.
Clearly, this wouldn't have been unrated if the DDoS happened in the last minute, and would be unrated if it happened twenty minutes in. Where's the boundary? (That's a hypothetical question, I know this is fuzzy.)
To end on a higher note, thank you for all you're doing for us and that you tried hard to keep the contest alive!
I wasn`t able to submit at about 01:10. The first submission by problem E I made was at 01:15 and I remember it was already hard to do it :) . And I think 70 minutes for Div.1 Round is unfair a little
I am biased as I did not do well in this particular contest, but I started seeing troubles after 50-60 minutes in the contest (somehow I ended up reloading the page with the problem statement), then switched to m2, and after another 15 minutes I started struggling with the submission.
Still, I think keeping rating on the basis of the time point when everything was working well is a good idea. Kind of a "sudden death" feature. However, I see a couple of issues here:
1) Some people start with harder problems, probably in an effort to get more points (no idea if it works or not, never tried). Then it becomes a gamble for them, as they might not have enough time to submit a single problem.
2) The rating becomes not very representative in the cases when 0-1 problems are solved by that time. Even if the line is drawn after 1 h, I guess this affects more than 50% of participants.
I do not really know how to assess this, my point is that the scoreboard looks legitimate for top 200-300 participants, but below that it looks a bit more random. You can see it by the growing dispersion of rating changes (like, some people who would solve only one problem, solved it before the issues appear, and people who would solve three problems, sent a buggy solution for the 1st, started solving 2nd while waiting for the 1st to test, then realized they have a bug etc.).
I think it will be easier to solve servers vulnerability issues rather than to come up with clear and fair rules for "problematic" rounds.
If you announce a round that lasts X minutes and then shorten it, you're punishing people for not refreshing often enough and instead doing stuff like stresstesting a solution or trying harder problems before easier ones. We're given a known amount of time and told to use it the best way we can. Changing that after the fact is massively unfair, just like e.g. disregarding a problem because it was standard or changing problem scores.
Adding time doesn't have that problem (it has some problems). You're given the time you need, you need access to statements, you can use it the way you want and then you can submit. I still think that you need to see the verdict too and it isn't fair otherwise.
The second problem is that you can't objectively pick the "end time". If someone submits at 1:31 and gets AC, why would you punish that person? On the other hand, if you disregard too little time at the end, you're giving a random advantage to people who were able to submit through m2, which worked unreliably, or who just kept trying in a situation where it seems like everything is totally down. The only fair decision is that the disruption caused everyone to have a worse result, so everyone's rating change must be non-negative.
It isn't so clear. If enough people's submissions in the last minute of the contest don't go through and the website times out for the next hour (=provable DDoS in the last minute), they should have the opportunity to be unrated. The line is "can we prove they were unfairly affected?" and "how many people?".
I don't want that kind of rating.
I have a high place and that's only because there was a ddos and nobody could submit later :D
Losing more than the last 2-3 minutes of a contest is already a big deal because it's optimal to choose last problem in such a way that you finish it just before the end. It's often good to test it too if you have enough time. I would say that the website not working for the last 10 minutes would be enough to make the round unrated, maybe even less than that.
petition to make it rated
Petition to make it $$$1/\pi$$$-rated!
Petition to make it $$$r$$$-rated where $$$r^5-2r^4-r+1 = 0$$$!
the petition was successful but it was on the wrong round
Why attack an educational site?
So how many people qualify for the finals after the first qualifier ?
Zero.Russian version of Mike's post says "rounds will be unrated, but the best participants will be invited to the Final".
Okay. Hopefully they'll be extras, not taking spots from those qualified through other rounds.
I suggest penetration testers to enhance such a great platform I also suggest to use cloud-flare for preventing such incidents I also suggest to donate by anything that could help in such a situation, because code-forces is a good platform for us all thanks Mike for that effort thanks problem sitters for really good contests please don't down vote that because it's a really nasty problem of hacking something that helping you to be better in CP world
I can't post a new blog :(
That's because your contribution is already very high. XD
After reading this I realised How much I am connected to this platform, I started using just two months ago. and it feels like someone has attacked my partner.
It seems that now any user is not allowed to submit more than 20 times within 5 minutes. I understand that this is because of safety reasons, but can you please make some exceptions for vjudge bots, as there are many different people submitting from vjudge.net simultaneously and thus 20 submits for 5 minutes is not so big amount and this cause some queues.
vjudge already uses multiple accounts to submit codes. Isn't it possible to increase number of threads(code submitters)?
For some (obviously unknown to me) reasons they use five accounts, which is no so big amount. Even 100 submits per 5 minutes isn't enough, because vjudge is pretty popular.
What does the attacker think?
In fact,it's really fool that it was failed.
I believe best programmers here have sufficient ability to make to their "home" more efficient, secure and reliable. Hopefully can see more academia publications from CF to show how it achieve this goal (such as implementing its own operating system, networking stack, web server, contest sandbox, etc ..??).
Eagerly awaiting Codeforces OS.
To open any program, you gotta solve a number theory / graph problem first
Submissions sent 6 hours ago such as 62240408 are still in queue. DDoS again?
Want to know, too. My several submissions are also in queue for a long time.
A note for the hacker:-
"I will find you, and I will kiss you."
Look! I got you. The 13 downvotes my comment got can only be from sadists or hackers.
damn it :/