Announcements (Search)

Referendum: Should the point system be changed?

by bbi5291 on Jan 23, 2011 - 3:43:25 am UTC
  • (0/0)
Some concern has been raised over the current point system. Now, to me, it seems that most people are fine with it, and I don't see anything wrong with it; Jacob concurs. But whatever, I'll give you a chance to voice your opinions here.

RULES
1. Don't forget to announce your identity first, if you are not a forum regular.
2. If you make a suggestion, make it clear and precise so we can vote on it afterward and it can be immediately implemented if it passes. I don't want this to drag on.
3. Do not post replies merely concurring with others' opinions; just vote for them when the time comes. Feel free to concur however if you have additional arguments in support.
4. Do not post replies rejecting others' opinions unless you have an alternative suggestion.
5. Discussion will close on March 1st, after which voting will begin immediately. Voting will be conducted on a thread on the main Judge, to prevent fraud.

Admin notice

by bbi5291 on Dec 01, 2010 - 10:20:23 pm UTC
  • (0/0)
Don't think that I won't ban you for spamming. You know who you are.

Backend overhaul

by bbi5291 on Nov 22, 2010 - 5:38:09 am UTC
  • (1/0)
The backend has been overhauled. Compilation and testing now take place in a chrooted environment, for security. If you notice anything unusual, tell me and I'll try to fix it.

NEW: SSL support

by bbi5291 on Nov 16, 2010 - 3:46:42 am UTC
  • (0/0)
SSL (a.k.a., https) is now enabled everywhere on this site. However, you will have to accept my OpenSSL key if you don't want your browser to complain that this site's identity isn't verified because the certification authority is not trusted blah blah blah.

In light of the fact that a proof-of-concept exploit of the ubiquitous cookie-based session authentication mechanism over unencrypted HTTP now exists, I personally recommend using SSL everywhere.

Note that, for the time being, I am too lazy to figure out how to cleanly separate the HTTP and HTTPS interfaces while still keeping them synced, so that currently, for example, if you login to the HTTP server, you also login to the HTTPS server, and vice versa. This is less than desirable, but oh well. (One consequence is that links from the wiki to the Judge will sometimes be http links and sometimes https links, but it depends on whether the last person to edit the page was using one or the other.)

NEW: Time zone support

by bbi5291 on Nov 14, 2010 - 9:13:05 am UTC
  • (0/0)
Submissions, comments, and the server time indicator at the bottom of the page will now display the correct local time, provided that you have set your time zone correctly in your account info.

The default time zone for accounts "grandfathered in" (created before this update) is America/Toronto; if you live in Canada and you are in the same time zone as Toronto, you don't need to change anything. All new accounts however will default to UTC.

New members: add yourselves here

by bbi5291 on Nov 14, 2010 - 3:00:38 am UTC
  • (0/0)
You are encouraged to create accounts on the wiki and add your name and some basic info to the memberlist.

Important: Please do not post any information that could be used to personally identify you, as the wiki is completely public.

Java support is fixed

by bbi5291 on Oct 20, 2010 - 4:23:30 am UTC
  • (0/0)
However, since the JVM uses up gobs of memory, we can still only run one submission at once. (This VPS has double the RAM of the previous one.)

$100 prize for finding XSS vulnerabilities

by bbi5291 on Oct 03, 2010 - 5:49:06 am UTC
  • (2/0)
I am offering a $100 prize to the first person to discover an XSS vulnerability in the PEG Judge. Here's an example: if you discovered that submission details were not properly escaped, you might be able to manipulate your submission so that when an admin views your submission detail, some nasty JavaScript gets injected into the page which steals his cookie and gives you admin access.

On the other hand, if you're the first to find some non-XSS vulnerability, such as some server-side PHP function that only checks authentication in the front end and not the back end, that would allow you to perform some action you're not supposed to be able to do by sending custom POST variables, I'll pay you $50.

Note that if you actually implement this exploit and compromise security in a destructive way, you're not going to receive the prize. Also, this offer does not extend to the wiki or forum. Those just contain a lot of code that we don't understand.

I'm pretty sure the Judge is secure right now. However, I will be implementing the problem-setter and contest-setter features soon (in imitation of SPOJ); this of course will increase the probability of exposure to insecure user-generated content.

Happy belated birthday

by bbi5291 on Sep 25, 2010 - 5:23:30 pm UTC
  • (3/0)
2 years! Yeahhhh!

Forum migrated to this server

by bbi5291 on Jul 05, 2010 - 10:33:04 pm UTC
  • (0/0)
I've moved the forum from wcipeg.com/forum to this site. The link now appears in the menu bar.
Whether you want to use it is another story.