Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Finished as 30th, when we still had to actually work to get the answers (shortly after that everyone just started posting the answers in the IRC channels). Level 8 was a really nice challenge. After completing the challenge I managed to optimize my level 8 solution a lot, so much that it managed to finish in under 3 minutes by only doing roughly 2400 API calls (2000 for the bruteforcing itself, 400 to compensate for other players).

https://gist.github.com/38c0430b5084f8442858 for those who are interested. There aren't many comments in there though



I finished as #235 - not as early on - but it was still before the weekend rush and I had already spent 2 days figuring out the solution.

Add your level8 solution to https://docs.google.com/spreadsheet/viewform?formkey=dHBYSjJ... - it's a registry of level8 solvers for comparison (Mine are under 'IntruderAlert').


Can you link to the actual spreadsheet? I can't read most of the urls, or correlate comments to programs.


Nice code. I don't get what I was doing wrong. I was pinging two requests in quick succession and taking the port difference between them. I found that worked fine on local and occasionally worked on the live machines but most of the time the port differences were huge. Every now and again the diff would be 2.


This was difficult to accomplish when server usage was high. There were a couple of ways to deal with this.

For the first chunk, a diff of 2 meant the first chunk server returned false, as the change in port #s meant no other network traffic had occurred between the primary server's request and reporting false from the chunk server. The chunk servers were called synchronously, so if the first chunk was correct and the second chunk server returned false, the difference would (ideally) be three. It's easy to see how a high network load would cause a lot of jitter here.

Some in IRC suggested the best way to reduce jitter was to improve the processing speed of the successive curl calls by using a faster language, such as C. My initial script was in Ruby, which felt qualitatively slower than Python, so I was stymied by jitter too. (I started out rejecting 2 in 10, and it got progressively worse.) I simply checked back every one in a while. By Monday night, the server was either empty or Stripe had increased processor resources, so 9/10 of my calls were effective.


Someone else was getting in requests between yours causing the port numbers to increase.

You had to accommodate for it in your script, if you received a number higher than the expected diff then you needed to keep sending the same request till you where sure they hit concurrently.

Basically the time to crack got longer the more people who were trying to crack it, it became an optimisation race in the end about who could get the requests in faster/closer together

I ended up finishing #65 due to not wanting to rewrite my slow python script. It took upwards of an hour to get a single chunk because of the load


I was running my script at about the same time as you then (multithreaded python with url2lib) - around 70 people had finished. I was obviously too impatient.


while diff > 2: tryAgain()


I was a bit bummed to see so much blatant information leakage after a while. :( Thankfully I finished before that happened. That just ruins the fun.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: