IAUM CCC 3

Thursday, August 03, 2006

Internal Test Contest Finished

Well, the internal test contest is finished. The main purpose of this contest was to test our new judgment code (aptly named JFKOPCS, the Judge For KOPCS, pronounced as a single word, not spelled out!) and the server code in general.
For security concerns, we don't run user submissions on the webserver machine. The KOPCS server program has a web-based machine-understandable (plain text) interface that JFKOPCS uses. Because of this, the judges can be as many as needed and anywhere they want. Also because of this, if judges cannot connect to the KOPCS server, then there is no judgment!
Today, our ADSL internet connections were in a terrible state, to say the least. That's why the judgment was non-responsive at times. But when we had connectivity, the automatic JFKOPCS performed well enough for such a hack that it was.
There were two other non-technical problems with the user submissions.
  • A LOT of them read input from stdin, where they should have read it from the problem short name (given in parentheses below the problem title in the problem statement file,) plus a ".in" appended.
  • Some people (one in particular) had many spurious submissions because they refreshed their "Contest Page" right after they've submitted their code, in spite of the warning their browser issued. Generally in KOPCS, refreshing pages doesn't do any harm, except in two situations. One of them is in the Admin interface, and the other is this. So, don't refresh your browser windows right after you've submitted your solution. After 30 seconds or so, the page automatically refreshes and from then on, refreshing the page won't have any side effects. I also want to take a moment here to say that just clicking on the "OK" button is bad practice. We are programmers, for crying out loud. Pay attention to what your computer tells you!
Now, the thing that will help us and you most is feedback. Please feel free to leave us a comment here and let us know about suggestions, bug reports, feature requests, etc. that you might have.

posted by yzt at 7:39 PM

8 Comments:

  • Hi,

    I don't mean to be rude, but why should you limit people as to what browser they might use to view your web site???????????? If you hate Microsoft, that's only your problem not ours, if you do not like IE and you like FireFox, I don't care, I like it. I'm not gonna install FireFox just to view a single stupid web site where their designers don't know the first thing about designing a public web site. if you want to make your web site popular, you must make it as compatible as possible with other web browsers and technologies.

    Good Luck.

    P.S, I did not mean to offend you guys, it was just a critisism. I just got a little angry when I saw that you are enforcing people to do something they might not like to do otherwise.

    By Anonymous Anonymous, at 6:31 AM  

  • i think it takes a long time to see the result of our submissions in average , i think you should fix this problem
    thanks
    Arsalan

    By Anonymous Anonymous, at 2:30 PM  

  • Do you want to release the contestant`s codes in the next two contests?

    By Anonymous Anonymous, at 4:25 PM  

  • To "moha":
    Yes we are. Is there a problem we should be aware off? Because no other contest does in (except for TopCoder) and I don't know why. If you know, please let me in on it too!


    To "Arsalan":
    That is the bi-product of our connection problems and the design of our system. We hope that the system is scalable, and as the number of users grow, we think the judge response times will remain relatively unaffected.


    To our not-at-all-rude friend, "Anonymous":
    We have not limited people to Firefox. Almost any major browser but IE will work. As I have said before, Firefox, Opera, Konqueror and Safari do work.

    And I don't hate Microsoft. I believe in something that have been around long before Microsoft, and will be long after Microsoft is ground to dust, and that's freedom.

    Because I believe in freedom, I believe that I am free to decide how and what to put in my webpages, and you are free to stay clear of them. No one forced you to register, or logi or use any part of KOPCS, or IAUM-CCC. If you are not even man enough to write with your own name and stand behind what you say, I really hope that you abide by my advice and stay clear of me!

    Of course, I respect your freedom to share with us your ideas and beliefs, but please understand me if I'm reluctant to pay any attention to them.

    As a matter of personal taste and opinion, I believe Internet Explorer in a Bad Thing. It is scientifically proven that every time you use IE, your IQ is decreased by a fraction! The United Nations" are discussing even as we speak, whether to ban IE altogether in the Bill of Human Rights! ;-)

    While we are on a political note, I think we all know that Microsoft uses IE as a kind of crowbar, to lever the competition out. They have intertwined it so deep into Windows, that it impossible to remove.

    On the technical side, IE is an awful program. It's unreliable, huge, and slow. It lacks much needed features (like tabbed or MDI interface, RSS feeds, etc,) it's support for CSS and JavaScript falls far short of good, and it's security holes are the laughing stock of a world.

    Now that we are trying to talk technical, let me clarify why IE cannot be used to log into KOPCS. First, this is not a deliberate act to exclude IE. Internet Explorer really does not support the technology we've use which is incidentally, based on a standard draft by W3C. You've heard of them, haven't you? They publish standards the content of this little thingy called "the world-wide web."

    You see, in the login process, we had to send the user handle, along with the password to the server, to authenticate the user. While this is the one and only method of authentication for many websites, it has serious security risks.
    Of course, there are ways to increase the security. The most widely used method, the most secure, and the easiest to implement, is using HTTPS protocol and do the authentication over a secure connection. For many reasons, the most important being that a valid SSL certificate and a SSL-capable web-server may not be available on all websites (including ours) we did not use this.
    Another method is to implement your own public-key cryptography primitives. But this is a really hard and time-consuming task. What makes it more difficult is the fact that at you'll need two implementation of all the primitives, for server and client sides, and the client side has to be implemented in JavaScript (or ECMAScript if you prefer.) And I'm the first one to admit that JavaScript is not a language that I'm fluent in.
    The third option is what I did with KOPCS. The client contacts the server and asks for a security token (sectok) that has a short period of validity and can be verified (e.g. current server time.)
    Then the client computes the value of X as Hash(handle || password || sectok || rnd) where Hash is any secure one-way hash function, rnd is a random string, added as a salt, and '||' is the concatenation operator.
    The client then sends handle, sectok, rnd and X to the server. The server fetches the password for the given handle from its database and computes X' using the values from client and the password. If X and X' match and the sectok is still valid, we have a valid login, otherwise the login is rejected.
    This method does not send the password on the line ever, and because an security token that will expire in a few seconds is used, it is also secure against replay attacks in many scenarios (just sending the Hash(password) to the server is not secure at all, because of replay attacks.) This is a kind of a challenge handshake without the requirement that the server has to keep the state of the sent challenge.
    This cannot be done if the confines of the traditional HTTP model. The sectok which is the heart of this scheme must be acquired right before the login data is sent to the server. You cannot just store it in a hidden input field and hope the user would not just leave the page there for half an hour and then come and try to login.
    So in order to implement this method of authentication, we need to be able to ask server for something, do some computation with that something and then send the result back to the server. This indeed can be done very inelegantly using JavaScript and automatic page refreshes, but that would be just plain ugly. It also can be done with IFRAMEs, but they are used many times for malicious content and there's no fun in using them.
    The only viable alternative that remains is XMLHttpRequest. Now, the more technically-savvy of you might say that IE also implements XMLHttpRequest, as many many web sites and online services use it for almost everything, and you'd be right. Microsoft was even the first to implement XMLHttpRequest in their IE 5 (if I'm not mistaken.) But their implementation is so... icky!
    IE implements XMLHttpRequest in an ActiveX object, and that's a technology no one should use. Some people (including me) even have ActiveX completely disabled even in IE (because many programs still launch web links in IE, and any application may use IE components to enable web content access.)
    Besides, while I'm not sure, I think IE has problems with even the small feature-set of JavaScript that I have used in KOPCS. I say I cannot be sure, because I am not an expert in JavaScript issues and debugging JavaScript code is so darn hard.
    Let me go over my points again. I have used standard-compliant code in my program (to the best of my knowledge,) and if IE cannot run the code, well that's just too bad. Remind me to shed a single tear for the idiots who know there are better alternatives out there, and still refuse to use them.

    I have to agree with you in one aspect. These scripts and pages can indeed be written in such a way to run on all major browsers, but doing so requires substantial efforts from the developer, i.e. me, and I'm not willing to go out of my way in supporting something that is not the standard way.

    If you have something to say, my anonymous fellow, that will teach me something that I don't already know, go on. Otherwise, sit down, be quite, and "Do not meddle in the affairs of wizards, for they are subtle and quick to anger."

    By Blogger yzt, at 9:23 PM  

  • I think it is a good idea to release the judge solutions instead of submited codes.
    In the most acm-icpc regional they do this.
    I believe any source code for a problem is a spoiler!
    Anyway, are all the contestant agree with this?

    By Anonymous Anonymous, at 6:20 PM  

  • I half-agree with you Moha, about not releasing the contestants code, but all in all, I think it's more benefitial than harmful. And here are my reasons:
    First of all, the contestants' programs might actually be better than the judge solutions, especially in this contest!
    Second, I believe that reading many programs with possibly diferent approaches could be very instructive. If somebody doesn't want to spoil his thrill, well, he can just ignore the released programs!
    Third, in any online contest, there is always the possibility of cheating. By publishing the programs right after the contest, while the subject is still hot, we can both discourage possible cheaters with the fear of higher exposure and use the help of the contestants themselves in finding the suspects!
    Fourth, this is not exactly an ICPC-type contest. We try to follow the general rules, but we also go our own way at times. This is one of those times! ;-)

    By Blogger yzt, at 11:01 PM  

  • Dear "yzt",

    I appreciate the time and effort you put on writing me back and explaining your thoughts and technical details of your work.

    I was really moved by what you said about not being man enough to write my name. I even admit that I learned something from you my friend. So here I am writing under my name, and I want you to know, that my going by the alias of anonymous was not because I wasn't man enough ( altough I'm not really insistent on proving that to you ) It's not like I'm afraid of anything. it's simply because as a rule, I'd always like to keep my privacy and anonymity.

    However, I liked the way you handled my critisism, I give you credit for that. ( except for the "...sit down, be quite,..." part which I'll try to take as a complement! )

    About freedom my friend, if according to what I said, it appeared to you that I in any way, tried or meant to take away or disrespect your freedom to "decide how and what to put in" your "webpages" for that I am sorry. I've never read anywhere that by criticizing some work, you're taking away the author's freedom, have you?? And you're right, no one forced me to sign up in your contest, But I did. No one forced me to post you a comment, But I did. Would I have posted a comment, if I hadn't cared about your getting better?

    Now, about Microsoft, I am fully aware of their will to dominate the world, and let's admit that, they have been quite successful! But why should you and I whine about that? It's not like their taking advantage of us! We're not even paying a single dollar to them for God's sake! There's something I have learned since a long time ago and I would like to share it with you : You can find no free material that is worth it's commercial equivalent. Wether it's a TV Channel or a software or anything. Why shouldn't we admit that we owe a lot to Microsoft. We are using it's amazing Operating System for free and are whining about it's lack of abilities or security. It lacks a lot I agree, but why shouldn't we look at the bright side?? I have played around with all the available Linux releases too, and I claim that non of them have the simplicity of Windows. That is why Linux is not gonna crack it's way through Home users. Internet Explorer ( or Exploiter if you will ) too lacks a lot, in fact it lacks all of that you mentioned plus a lot more. But IE 6.0 which is the latest final release of it is back to what, 4 years ago, right? in that time, there was no RSS! there was no talk of MDI interfaces, and a lot more. Now, if what you seek was not fulfilled in the next release of IE, then you well have a reason to abandon it forever. For the mean time, I too am using Opera ( So I try not to take that "idiot" word personal, my friend ). Nevetheless I don't think it's fair to blame Microsoft, for it has done a great deal of good for us. I don't know if you use any of it's compilers regularly, but I have grown up with Microsoft. I learned typing in GW Basic, I had years of fun with Quick Basic and DOS, their libraries have saved me thousands of minutes of time in programming. Let's be fair. One more thing. About the security of IE, you're right, it's security holes are countless, but Microsoft is always doing it's best to fix them and is providing you with the patches for free. Besides, the reason that IE is the target for hackers, is that it's the most popular browser, don't you think? if take FireFox for example was the most popular, then a lot of hackers would have invested their time in hacking that instead.

    Now, about the technical details, Well you have chosen an interesting way of doing it and since you are not "willing to go out of my way in supporting something that is not the standard way" ,perhaps the only way. But like anything else, there's always another way. I am not in a position to teach you something my friend, in fact I do not even feel that knowledgable to try to teach someone something. However in a similar case I'd use ASP.NET along with it's 'Cryptography' namespace, which encapsulates both Public-Key and Secret-Key encryptions along with a lot more.

    So my friend, I was not looking for a war. I hope you'd excuse my former rude accent, I'm sorry. Part of my anger, was because I thought you hate Microsoft. I think, that Microsoft is like a godfather to the software industry. Anyways, If I can be of any help along your journey, you can count on me.

    Regards,

    Omid Manikhi
    Student of Electrical Engineering
    Sadjad University of Technology
    omidontop@yahoo.com,
    http://www.manikhi.com
    [please do not judge me based on the design of my web site, I have not yet got time to design it, it's more like a profile]

    By Anonymous Anonymous, at 5:44 AM  

  • OK, so you're not an idiot. I formally apologize. You see, I tend to get a little bit carried away sometimes.
    I implied that you were a coward, mainly not because you didn't give your name, but because you didn't give your name and you'd written a provoking religious comment. It's like throwing a rock at the window of a house and running away. You didn't supply any reasons or proofs in your fisrt message (and not in the second one.) At least if you had written your name, it would have been like throwing the rock, and staying afterwards and introducing yourself and giving your address, so we can throw a rock at your window! Now, the better thing is what you've done in your second comment. It's like knocking at a door, and saying that you think there's a gas leak in the house so we have to break our window so the gas can be released. It doesn't matter much if you introduce yourself or not in this case.
    You say you posted a comment because you cared? OK, thanks. I appreciate that.
    You say that you know that Microsoft is trying to dominate the world? Right. I'm not a conspiracy theorist, but I do "understand" that any corporation have to try to take a bigger market share. It's like survival instinct for animals. And animals do anything to survive. But I'd expect human beings to show a bit more reserve.
    You say you and I should not whine about this because we have everything for free? You can't be more wrong. You can try, but you won't be successful! It's like saying we shouldn't do anything against a drug-dealer if he gives his narcotics away for free! Get the point? Using IE is like shooting up cocaine! It's easy (because it's integrated into Windows,) it has a nice effect at first, and soon, you start to see the world with an "IE" point of view. What you forget is the harmful side-effects.
    You say that IE is 4 years old, so we have to expect some rough edges after all this time. I tell you that's exactly what I'm talking about. The big corporations cannot update and release their software fast enough to keep up with the changes in the computer world. On the other hand, projects like Firefox release many updates and even major versions in the space of a year. That's one of the major benefits of open source software development model, the agile adaptation to the community needs, because the developers are a part of the community. The traditional software development model can never keep up.
    You say that the next version of IE is going to have all those features? I have to see to believe. I have seen the IE 7 betas, and they have come a long way since 6, but it's still really buggy, and still stupid. And did you notice something? It looks exactly like Firefox! And the download size is 2.5 times of that of Firefox. And let me promise you something, by the time IE 7 is finalized, Firefox is going to have a load of features that IE won't support. For example, Firefox have had native SVG support since 1.5 betas. IE 7 still doesn't (am I correct?)
    You say Microsoft releases security patches and updates. Yes, they do. But why? Do you, for one second, believe that they would have done that if they had no competition? If there were no pressure on them to patch-up their bugware, they wouldn't do it, because it's against the profit motivation. If an action doesn't have any profits, and it costs money, no corporation would do it, unless it's a law. And there is no law for creating secure software. On teh other hand, in an opensource project, bugs are found and removed by ht euser/developers who either really need the program running, or they want other people to think they're great programmers because of the number of patches they submit. In either way, the bugs are removed, the features are added, and the sogtware improves.
    It may seem like I'm attacking Microsoft (which I am,) but what I say can easily be applied to any major software producer. All I wanna say is that, they don't really care about us. They care about their profits, and as long as we are their "consumers", their happy and they will do anything to keep us. And don't be fooled by the fact that we use the for free. We still use Windows software. There's a whole ecosystem around Windows, and the operating system is only the base of it. Suppose Microsoft did implement a feature in it WGA (Windows Genuine Advantage) to disable any illegal copy of Windows as soon as it connected to the Internet, and there ware no easy way to prevent this (it's not really hard to implement.) There's no law to prevent Microsoft from doing this (I think.) If that happened, 50% of our computers will stop working overnight! The other 50% will keep working because they never connect to the Internet(!) not because they don't use Windows. And don't you think that our government (or we ourselves) would be ready to pay the price of Windows? Maybe not you and I, but many people will have to. Did you know that Microsoft and the government of Indonesia made an agreement some time ago, for Indonesia to pay $1 per each copy of illegal Windows in use there, and respect Microsoft's copyrights from then on? I don't think that would happen around here because our politicians are either really brilliant or plain stupid, but don't you think it could? And would we be using it for free then?
    Of course, it is not a bad thing if the international copyright laws are enforced in Iran (about software, not books and movies!) When people have to pay real money in addition to the hidden costs of using Windows, they're easier to convince and convert to the Right Way.

    You say "You can find no free material that is worth it's commercial equivalent." That is the most ridiculous thing I've heard (or read) in a while! Haven't you ever used the web? Right now, more than 60% of all websites on the Internet are being served by Apache. I'm not going to go into religious matters (like operating systems, editors, compilers and browsers) so I think that example suffices. There is no doubt that Apache is the best web-server out there, and it's free software!

    Now, for the technical part. Even thinking of using ASP gives me the creeps. But that's a personal choice. Let's say I won't use ASP.NET ever, even if I was starving (I did it for a short time, but that was just for learning.) And I have a warning for you. You seem to be starting to think in context of a language, instead of thniking freely and then using the languages as tools. Don't go down that road my friend.

    I may seem like I hate everything Microsoft, but I don't. For one, I like their "debug.exe" tool, and I use to use it a lot. I also like Visual Studio, it's good too. But I hate that I'm using it, because I don't want to be usign any non-free software, but sometimes you have to make a decision and reach an acceptable trade-off.

    - Yaser Zhian

    By Blogger yzt, at 8:52 AM  

Post a Comment

<< Home