[02:37:54] <vos> here are the flags that i submitted just recently: http://vos.uz/f/t/trafmon_flags.txt
[02:37:57] <vos> if it helps you
[02:38:28] <jojo-> we can see the flags in "captures". they really should be counted :/
[02:38:31] <vos> there still is "0 captures" at the scoreboard for each team that we attach
[02:38:33] <vos> attack *
[02:38:59] <vos> like, http://img.vos.uz/hdwl1.png
[02:39:53] <jojo-> yes we're seeing that too
[02:41:25] <vos> it's really pissing us off :( fluxfingers just overcame us because of that issue
[02:44:54] <vos> here's our offense score dynamics:
[02:44:55] <vos> 2:41:40 - 50869
[02:44:55] <vos> 2:42:40 - 50960
[02:44:55] <vos> 2:43:40 - 51075
[02:44:55] <vos> 2:44:40 - 51225
[02:45:00] <vos> (time -- score_
[02:45:16] <vos> meanwhile,
[02:45:18] <vos> 17:42:46 [+] Accepted 2 flags (trafmon: 2)
[02:45:21] <vos> 17:42:51 [+] Accepted 19 flags (trafmon: 19)
[02:45:24] <vos> 17:42:58 [+] Accepted 26 flags (trafmon: 26)
[02:45:28] <vos> 17:43:50 [+] Accepted 16 flags (trafmon: 16)
[02:45:30] <vos> 17:43:58 [+] Accepted 31 flags (trafmon: 31)
[02:45:36] <vos> 17:44:48 [+] Accepted 6 flags (trafmon: 6)
[02:45:39] <vos> 17:44:57 [+] Accepted 36 flags (trafmon: 36)
[02:45:42] <vos> 17:44:59 [+] Accepted 5 flags (trafmon: 5)
[02:45:59] <vos> 45+ flags every minute
[02:46:03] <vos> 10 points each
[02:46:16] <vos> should be +450 pts per minute instead of barely +100
[02:46:29] <vos> (and that's not the only service we're capturing from)
[02:46:37] <jojo-> yes i'm looking into it
[02:46:40] <vos> thanks...
[02:47:08] <vos> should i carry on posting flags for trafmon now?
[02:47:16] <jojo-> sure, go ahead
[02:47:26] <vos> kk great
[02:47:33] <vos> thx for trying to figure it out
[02:52:02] <jojo-> hmm, we changed teh scoring logic this year, and we rewrote the script three times during the CTF :(
[02:53:03] <jojo-> the guy who rewrote the scoring logic just pointed out a potential bug to me. worst case: you got about 2/3 of the potential flags for each score
[02:53:42] <vos> hum. but we're not getting any for trafmon
[02:54:39] <vos> can you check it? you should be able to see how many flags we capture from each service
[02:54:53] <vos> our current dynamic is ~ +100 per minute
[03:00:20] <jojo-> ok, first analysis: it is only counting flags of services which aren't broken!
[03:00:32] <vos> ehm
[03:00:35] <vos> can it be fixed?
[03:01:42] <jojo-> we're looking
[03:02:55] <jojo-> hmm, i changed it, lets wait
[03:04:17] <jojo-> so you should be getting more flags now
[03:04:46] <vos> great!
[03:05:01] <vos> something happened to trafmon, so we're getting only 10-13 flags per round from it currently # Expand commentorgs rebooted Trafman, so our 50 shells dropped connection and we only managed to get 10-13 of them back
[03:05:46] <vos> can you re-score the tons of flags that we captured but didn't get the scores?
[03:06:49] <jojo-> maybe later :/
[03:07:03] <jojo-> sorry, i'm not that into the scoring logic
[03:07:19] <vos> so, will it be done at some point?
[03:07:43] <vos> it's important to us, since we were having that thing for ~ 40 minutes
[03:08:02] <vos> 45 flags/minute * 40 minutes * 10 points/flag = 18000 points lost
[03:15:31] <jojo-> we'll talk it over with the team if this behaviour was intended or not. sorry i can't say more atm
[03:15:46] <vos> what. the. hell.
[03:16:21] <jojo-> so, i know this sucks in terms of valid flags you captured, but up until now we didn't score flags from 'broken' services. regardless of whether this makes sense or not
[03:16:24] <vos> other services (catacombs) do score normally even if broken
[03:16:43] <vos> according to the scoreboard # Expand commentthat was actually false, but thought so because Catacombs had 'broken; 4 captures' on the board
[03:17:18] <vos> also, the scorebot did tell us that we got the points for the flag
[03:17:19] <vos> :/
[03:34:05] <jojo-> ooook
[03:34:51] <jojo-> now, think about that: when the service is down (like it is now), you don't get any offense points, like you experienced now. ok?
[03:35:08] <vos> yeah
[03:35:17] <vos> when 'our' service is down
[03:35:20] <jojo-> why this makes sense is because otherwise you could steal the flag, delete it, and get offense points, and noone else could
[03:35:22] <vos> and scorebot clearly states taht
[03:35:26] <jojo-> no, when "their" service is down
[03:35:30] <jojo-> yeah, that's something else
[03:36:34] <vos> that rule (about 'own' service down) is made because, you could just put your service down instead of worrying about a patch
[03:36:55] <jojo-> yes, but that's about defense
[03:37:03] <jojo-> completely unrelated for us right now
[03:37:09] <jojo-> but this is about offense
[03:37:12] <vos> yeah but that also affects offense
[03:37:28] <jojo-> if you submit a flag, and then that service is broken, you don't get a point
[03:37:35] <vos> i mean, if your service is down, you can't submit flags you stole from that service -> you get lower on offense
[03:37:43] <vos> yes. 'your' service
[03:37:53] <jojo-> ?
[03:37:53] <vos> not the one that you already stole flag from
[03:37:54] <vos> right?
[03:37:59] <jojo-> no
[03:38:06] <jojo-> ok, let's talk about "local" and "remote"
[03:38:09] <vos> yeah
[03:38:16] <jojo-> "local" is your own, "remote" is the offending service
[03:38:32] <vos> your should keep 'local' service up, to be able to post any 'remote' service's flags
[03:38:53] <vos> is that correct?
[03:39:07] <jojo-> ok, yes, lets assume the "local" service is up and disregard that for now
[03:39:14] <jojo-> now, you steal a flag on a remote service
[03:39:36] <jojo-> if you then delete that flag on the remote service, you can score it and be the only one to score it
[03:39:39] <jojo-> win-win
[03:39:44] <jojo-> so everyone is rushing
[03:39:47] <vos> yeah
[03:39:50] <vos> that's the point
[03:40:03] <jojo-> but if the service has to be "not-broken", then you have an incentive not to delete the flag
[03:40:11] <vos> also, the 'remote' team gets lower defense
[03:40:19] <vos> yes
[03:40:44] <vos> why would such a possibillity be denied?
[03:40:51] <vos> forbidden * i mean
[03:41:08] <jojo-> because we don't want ppl to delete flags / rush their exploits
[03:41:14] <vos> wtf
[03:41:25] <vos> that's what everyone does on attack-defense ctfs
[03:41:31] <jojo-> what? rushing/
[03:41:48] <vos> including rushing
[03:42:00] <vos> have you ever seen a ctf that features that rule?
[03:42:07] <vos> that you (you?? wtf) need to hold the 'remote' service up to post flags stolen from that 'remote' service?
[03:42:17] <jojo-> yeah, but well, that's what we did not want to happen, because then ppl would just run their exploit constantly
[03:42:47] <jojo-> it's a lot like in real-life: if ppl know that data was stolen (i.e. service broken), it's less/not valuable ;)
[03:43:11] <vos> :/
[03:43:20] <jojo-> so, yeah, sorry that you thought to have scored thousands of flags, but thats intentional
[03:43:29] <vos> that's bullshit, you know... why change the rules during the ctf?
[03:43:42] <jojo-> the rules were changed
[03:43:49] <vos> like, the bot clearly stated that flags were accepted
[03:44:09] <vos> and it took fucking 40 minutes to figure out that the points weren't scored
[03:44:18] <vos> isn't it rules changing?
[03:45:04] <vos> also, we are the only team to pwn Trafmon
[03:45:15] <jojo-> yeah, dumb of you to delete then flag then ;)
[03:45:16] <vos> i mean, after the author has enabled ASLR for everyone (wtf again)
[03:45:19] <jojo-> what can i say ;)
[03:45:28] <vos> fuck you, you know? # Expand commentthat was probably the one phrase that pissed jojo- off, since he referred to it so much, but it seems like an appropriate response to "lost 50 minutes worth of points? dumb of you ;)" mockery, right?
[03:45:32] <jojo-> where did we state that? that wasn't said anywhere
[03:45:40] <vos> that's just something really annoying
[03:45:45] <jojo-> yeah thanks. always nice to hear that :/
[03:46:21] <vos> to have been pwning for 10 hours straight to find out it's worth nothing because the rules have changed and we're unfortunate enough to lose 20k pts
[03:46:53] <vos> it's 3.46am now at our place, and you can imagine our frustration
[03:47:21] <vos> i still demand the score to be recalculated according to the actual flags scored
[03:48:09] <jojo-> with such a fucking attitude it's unlikely # Expand commentin my head sounded like "respect my authoritaaa", maybe it's just me
[03:48:28] <vos> ok ok, i respect your authority
[03:48:30] <vos> but still
[03:48:34] <vos> does it really matter?
[03:49:07] <jojo-> how long did you explot that service? did you ever try not deleting the files after getting them?
[03:49:50] <vos> we captured flags -> we submitted flags -> flags were accepted -> we didn't get the scores -> we want the scores to be recalculated to make up for the non-scoring issue
[03:49:56] <vos> > how long did you explot that service? did you ever try not deleting the files after getting them?
[03:50:24] <vos> [02:27:59] <hellman> oxff: we are stealing trafman, but board shows no one steals flags
[03:50:37] <vos> that was 1h 13m ago # Expand commentmy math was already off-by-ten :)
[03:50:51] <vos> so, we started exploiting it ~ 1h 30m ago
[03:51:05] <vos> that's trafman, after ASLR has been turned on
[03:51:16] <vos> so we've got a way to pwn it with aslr on
[03:51:29] <vos> which no-one had the ability to # Expand commentmost likely false, thought so from the scoreboard
[03:51:40] <jojo-> yeah, but you understand the problem, right? when you submit the flag, the only thing the submitbot can say is "ok, this flag has not yet expired" then, after a the GET for that particular flag was requested, the score calculation script goes ahead and looks at whether the GET was OK or not
[03:52:40] <vos> and decided to remove the flags after capturing, to lower the defense points of the teams that we managed to pwn
[03:52:50] <vos> (common strategy at attack-defense)
[03:53:03] <vos> we had ~ 52 teams pwned per round at peak
[03:53:15] <vos> > then, after a the GET for that particular flag was requested
[03:53:40] <vos> why so? i totally don't understand why you have that perspective for an attack-defense ctf
[03:54:03] <vos> no checker checks a flag after it has been posted to see if it's still there
[03:54:11] <vos> checker puts a flag
[03:54:19] <vos> then you capture the flag. you submit. you get points
[03:54:27] <vos> then checker checks the same flag
[03:54:36] <vos> to score DEFENSE points for the team that it is checking
[03:56:23] <jojo-> yeah, it might work like this for other CTF ;)
[03:57:08] <vos> have you ever seen any ctf besides RWTH that has this mechanic?
[03:57:17] <vos> you're clearly inventing the rules as we speak
[03:57:43] <jojo-> i'm not inventing anything. i'm just trying to make sense of the scoring code someone else wrote last year
[03:57:46] <vos> the one argument is, scorebot says "Congratulations, you scored a point!". that's not for nothing
[03:57:53] <vos> yeah i understand
[03:57:59] <jojo-> yeah, i agree, that's completely misleading
[03:58:02] <jojo-> the message
[03:58:17] <vos> but that person clearly sees the attack-defense ctf workflow wrong
# strong feeling jojo- isn't trying to help, went on to discuss the "broken" rule in the main channel