I'm super excited for this. Micro Corruption [1] literally changed my life [2], and I can't wait to see what the team at Starfighter have put together.
If you haven't yet, give Micro Corruption a try. It's the first thing I recommend when people ask me how to get started in application security, and everyone I've recommended it to loves it.
You don't need to know anything about security to finish the first level, but by the time you finish the last level you'll be a force to be reckoned with.
Best of luck to tptacek and co., the Samurai CTF team can't wait to play your next game.
[2] I've since dropped out of school to work full time in security, and now compete on a top-tier CTF team. I couldn't even spell buffer overflow before Micro Corruption.
From the post it sounds like prop trading firms / hedge funds and other finance companies are a big target demographic for Starfighter to make placements at...
From Thomas's background in Chicago I predict the following firms as early customers:
Why would a developer work in such a place? I imagine you would be forced to be all professional yet always play second fiddle to the traders, no matter great your skills were.
But then again I am probably the only one who is disappointed over this announcement - the game sounds really boring to me.
Imagine is the keyword in your statement. Different firms are going to have different cultures. There are places where the developer is essentially the trader and as far as professionalism goes, I could easily be mistaken for a startup employee with my jeans, t-shirt, and Nikes.
> Why would a developer work in such a place? I imagine you would be forced to be all professional yet always play second fiddle to the traders, no matter great your skills were.
This is generally the case at most places where software development is done, even when the software is the product.
For example, as any developer working at an "enterprise software" shop -- despite being the "producers", you're still beholden to (and less important than) the sales folks.
Not saying that's right or wrong, just that that is how it is.
But also in general, in places like that there is also a huge priority placed on having absolutely the best infrastructure & systems reasonably affordable in order to empower the traders. For example, of Fidelity's ~45,000 employees, about 14,000 work in technology roles (both internal IT and product stuff). To me that's an insane ratio for a non-tech company ...
... but, if you talk to any big-finance leaders these days, they'll probably admit to you that their tech is their competitive advantage (and not just in HFT, either).
> Why would a developer work in such a place? I imagine you would be forced to be all professional yet always play second fiddle to the traders, no matter great your skills were.
Even if your imagination were correct, I'd expect "money" would be a factor. Not all developers are primarily concerned about maximizing workplace status.
So obviously I have a huge amount of respect for the team here, and the idea sounds really great - it seems like a path to becoming one of the best in the world and that's obviously hugely appealing.
However, could you address a concern regarding negative hiring signals? I'm concerned that you're going to collect a huge amount of data as I play - and some of it will reflect badly and stop me either ever getting seen by your process for introductions or will lead to your employers throwing me away when you pass me to them.
I guess my question is - does starting without the skills you're looking for mean that while I might have fun and "level up" I'll never get the hiring benefits?
Does a 'bad level' caused by, say, trying "that language/framework/problem space/etc you’ve been meaning to learn" (quote from Patrick's original announcement post) stick out and mean it's game over from the hiring perspective? If I decide to learn Ruby to write some REST API (again, an example referenced in Patrick's announcement) on some level, and my newbie Ruby is rubbish - isn't that going to mean anyone who looks at that thinks I'm rubbish? Sure I had fun and learnt something, did I also stop myself ever getting an intro? You say you'll show them exactly what happened when I implemented that REST API, which is great - but I can't use it to learn some new skill if I want to look good right?
Sorry, this has got a bit long. To summarise - I'm concerned about the clash between on the one hand the claim I can play to learn new things, to get better - but on the other that you'll show employers exactly what I did. Of course the hiring thing is just extra and I can have fun without it, but if I'm interested in the hiring bit how do I experiment with new things without flooding myself with negative signals?
To be clear, the game sounds awesome. I'm just concerned I'll either screw up by not being world class yet or by trying new things and lose opportunities.
Remember, our incentive is to find reasons you're hireable, not find reasons you're not. Employers won't get arbitrary read on your history with us -- most don't want it and it is, frankly, waaaaay too valuable to sell.
The REST API thing lets me tell employers "The reason I'm bringing Bob to your attention is you asked me to keep a lock out for API devs. Do I have a story for you..."
As to whether someone recently learning something new and useful makes you seem less valuable to the SF founders when we do our internal "Do we try to reach out to this person to get the ball rolling?" calculation, just trust us to not be idiots on that score. (I acknowledge idiots are widespread in the industry.)
I'm surprised tptacek delegated the AVR emulator to elptacek, rather than write it himself, since he had already done the MSP430 emulator.
On another topic, presumably the handheld devices for traders and gophers have a UI of some kind. Has this UI actually been implemented? And if so, what kind of UI is it, and will players need to interact with it? Or will players just be getting down and dirty with hacking the device in a debugger? I ask because I wonder how accessible this game will be for blind people. Of course, you may argue that the devices and software in the real world of stock trading probably aren't accessible either. And depending on what kind of UI the emulated handheld devices have, the OCR features or plugins of some popular screen readers may be enough to get by.
I'm going to try to be thorough here, and tailor the following for something like Starfighter that's intended for hackers or aspiring hackers, but this probably won't be exhaustive.
What does work:
- Native apps that use the platform's standard controls
- Native apps that have custom controls but implement the platform's accessibility APIs (this is a lot of work)
- Web apps that use standard HTML elements in the intended ways (e.g. links, form fields, headings, lists, tables that actually represent tabular data...)
- Web apps that implement custom widgets (e.g. a div or span that's actually a button) and provide the appropriate ARIA (http://www.w3.org/WAI/intro/aria.php) properties and keyboard focus behavior
- Flash apps that implement the Flash accessibility API, or use standard Flash or Flex controls and are compiled with accessibility enabled. I really don't know much about this.
JavaScript as such is not a problem for any remotely recent screen reader or other access technology. Neither are dynamic page updates, a.k.a. Ajax or single-page apps. Though in some cases, it may be helpful to mark a dynamic area of a page as an ARIA live region so screen readers will read new content automatically; the textbook example is a chat app.
- Late addition (because it was so obvious to me I almost missed it): anything command-line or terminal-based (second late addition: as long as the user can use their own terminal emulator).
What's not ideal but still basically usable for a tech-savvy blind user (i.e. anyone who's actually going to play Starfighter):
- In web apps, links or buttons that are images with no text equivalent (e.g. alt or title attribute), but where the meaning can be deduced from the link or image URL; in some screen readers, users can even add their own labels for these
- In web apps, elements that are effectively buttons (i.e. they have a click event handler) but are just generic divs or the like rather than actual links or buttons, and don't have the appropriate ARIA role; a user can usually deduce from context that these are buttons in disguise, and use a screen reader command to click them
What isn't generally considered accessible, but can be used with some effort through a screen reader feature or plugin:
- Textual information that is presented as an image, where all the info the user needs is in the text itself (e.g. not in any actual graphics, highlight colors, or the like), and the user doesn't need to click within that part of the screen; in that case, the user can use OCR to get at the text
What isn't generally considered accessible, but could be spun as just another challenge for the aspiring blind hacker wanting to play Starfighter, to be overcome by writing scripts for their screen reader or something like the Greasemonkey add-on for Firefox:
- Pseudo-buttons (as above) that are HTML inline elements (e.g. spans) rather than block elements (e.g. divs). The screen reader will probably present these as a single block of text with no immediate way to click on individual pseudo-buttons, but a hacker can probably write a script to add the appropriate ARIA role to these elements or do something equivalent at the screen reader level.
- In web apps, information that is presented visually without using appropriate semantic markup or ARIA attributes, but where the visual state of the element can be deduced from something like its class or id attribute, or even the presence of specific CSS in the style attribute. An example would be a list view or grid widget where the currently selected item is highlighted; assuming the selected item has a distinctive class or style attribute, a hacker should be able to write a script to add the appropriate ARIA attributes or do something equivalent at the screen reader level.
- A scenario like the one above where text is presented as an image, but the user now has to click inside that part of the screen. If the location of each clickable area (e.g. button) in pixels is a constant, then a hacker should be able to define hotspots in their screen reader, possibly with a little sighted help.
- On Windows, native apps that implement a custom UI and don't implement the platform's accessibility APIs, but use GDI (the original, obsolescent Windows graphics API) to draw to the screen. Since the early 90s, WIndows screen readers have used some truly hideous hacks to cope with this rather common scenario (if interested, the best explanation I know of is in this rather FUD-y piece I co-wrote years ago: http://ur1.ca/n4eyk). Windows screen readers have heuristics for things like detecting highlighted text and working with custom edit controls by detecting the position of the caret. And people have written very elaborate (and fragile) screen reader scripts to make various niche Windows applications usable.
What really isn't feasible to work around, even with hacking:
- A scenario like the one above where text is presented as an image, but now the user has to know the foreground or background color of some of the text, e.g. to know which item in a list is selected. I'm not aware of any screen reader OCR feature or add-on that can provide that info.
- On platforms other than Windows, custom widgets that don't implement the platform's accessibility APIs basically boil down to the same thing as above. Ditto for a web app that implements its UI using canvas, WebGL, or the like.
- Late addition (another one that was too blindingly obvious to me): Graphics that have no text equivalent (e.g. alt or title attribute in a web app), and where the user doesn't have anything else to go on, like a link URL, image URL, or element ID.
I'm happy to discuss any of this in more depth, on or off HN (see my profile for slightly obfuscated contact info). I guess the question of what does and doesn't work is such a natural first question for any developer new to accessibility that lists like those above should really be published somewhere easy to find, albeit with less of an emphasis on scenarios that require workarounds by a user who's a hacker or aspiring hacker.
This is fantastic, exactly what I'd hoped to get as a response.
There are probably lots of places where we'll need to make improvements, but, for what it's worth, we're all React wrapping standard Bootstrap components, with all their annoying semantic markup (which I am now starting to see the point of).
I'll ping you offline soon for more info. Thanks again.
Addendum: Accessibility validation tools exist, but the best way to test accessibility is with a real screen reader or other assistive technology. On Mac, the VoiceOver screen reader is built in; just press Command+F5 to turn it on, and go through the tutorial. On Windows, there's an excellent open-source screen reader called NVDA (http://www.nvaccess.org/). On desktop Linux, there's the Orca screen reader for GNOME and (less well supported) Unity. The screen reader for iOS is also called VoiceOver, and on Android, there's TalkBack. They can both be found in Settings. Note: On mobile platforms, screen readers change all the touchscreen gestures. FWIW, the majority of blind programmers I know use Windows as their primary platform for real work, and iOS as their primary mobile platform.
Stuff like when Tom called me and asked if he could have a truckload of pork bellies (CME ticker:GBP. And: I told him no.) delivered to our house.
Sadly frozen pork belly futures don't trade anymore and haven't for about 4 years (almost to the day), and the Globex contract was GPB not GBP. But whatever, that sounds like a cool story and you should tell the rest of it :)
It's been almost 3 years since we sold Matasano, 4 since Erin left, and a few years more to get to that story. Matasano started in 2005. Also: we're old.
I've heard many stories about traders letting their futures expire and having to take delivery of whatever commodity it was. I'm pretty sure they're all urban myths though. They probably just had to unload them quickly at a big loss.
I would love to be proved wrong if anyone has a story with evidence. Preferably with pictures of shipping containers arriving at a city office!
"Ideally, the broker will make sure everything goes according to plan," the Prince of Peanut Oil told me. "But I once knew a guy who was trading for himself. He bought six egg contracts, with each contract worth 18,000 cartons of one dozen eggs. That's 1,296,000 total. The guy somehow made the mistake of taking delivery."
Delivery was always at an established market point. Also, brokers would never let retail customers take delivery and would close out the trade because they would be at risk too.
Sorry, silly question, we're pork bellies in particular chosen due to the movie Trading Places? If I were to pick a stock for a laugh I would have chosen pork bellies... It's a shame to see that they aren't traded anymore :-(
I initially thought that the subject of the email (Stockfighter Announcement) was some sort of auto-correct fail. This makes much more sense after reading it in full!
Pretty excited about this as I was on a team that built a trading system (won't say which one but it was a big one) and my education is in electronics. It will be refreshing to deal with a (fake) trading system that uses "JSON/REST" as most of the real ones use proprietary binary protocols or something even worse like FIX!
Oh don't worry, we'll get people's hands dirty with FIX, too, but making things accessible to web developers in their usual toolchains seemed like a good call for Chapter 1. Especially since I had never personally worked with FIX before and we had a slightly aggressive timeline.
I feel sorry for you having to use it. Especially the XML version. Stay strong!
Fun fact, the SOH delimiter character renders as a smiley face in some terminals. Some of the proprietary protocols are fixed width which makes them so much simpler to parse than FIX.
Knowing just a teensy bit of 68K and x86 assembly, I still am shocked to hear that there are "something like 16 load and 13 store instructions". Super... cool.
This post has given Starfighter a lot more flavour in my mind. Thanks, Erin!
We're definitely not stopping with AVR. The original plan was, AVR, then compiler, then (architecture X), then launch. But compiler took so long that we're just going to do AVR and surface the compiler's IR as another architecture.
We'll have (architecture X) done in a month or so. And a pretty hilarious "architecture" after that.
It wasn't clear to me, but it sounded like the community might be able to contribute back to the core of the game, by improving tools/finding (unintentional) bugs etc.
Is that an intended aspect of the game, and how do you see it fitting in with the game's ecosystem?
Perhaps by corollary, will there be a significant open-source community built around the game; will there be open-source assets, but also the ability to contribute to those assets?
It is absolutely intended that people will build things on top of Starfighter. People built things on top of Microcorruption, too -- there are actual professional-grade reversing tools which have a command-line "microcorruption quirks mode" to better emulate the behavior of the game's emulator. We will also, naturally, take bug reports -- and sometimes even fix them.
I don't see us shipping much OSS at launch, but that's something I'd be willing to try in the future.
One recommendation which may be really obvious: don't release any source unless you want to simulate that the source has been released in the "game" world.
If you want to release any source code for any segment of the challenge, while the challenge is ongoing, it will be torn apart by the competitors for bugs.
Because, as Erin said: "...pretending all our bugs were intentional, to make things more like the real world!"
> We'd like that to happen. We have ideas on ways to provide "hooks" for people to publish and collaborate on projects. We'd be thrilled if, even before that happened, people just threw random code they wrote for us on Github.
From previous coding games, it does seem common for people to publish solutions to github, but this is often tempered by a reluctance to allow 'script-kiddies' to solve the same problems without doing the work.
Hopefully the design of the games will make this kind of 'cheating' pointless, so sharing and collaborating on solutions is desirable.
If there is an on-line code editor involved at any point, I'm much more likely to publish to somewhere like github if that feature is baked in :) (also easy offline IDE integration is a bit simpler if git is baked in...)
I guess I my question was more targeted at this line:
"We’re giving players the dev kit for the handheld trading device. You can program it in AVR assembly. But the vendor also offers support for a very limited dialect of C, compiled to bytecode IR or to AVR. Emphasis on “limited”. You know, because we did less of the fun stuff for you."
This seems very much like a situation where the community can work together to improve their ability to play the game.
> At this point though we're just running (or in Erin's case skating) as fast as we can to launch the damn thing.
I wish I didn't need money, so I could just play this game. Unfortunately I'm starting a new venture right now, so it's terrible timing :( And in real life, at least in telecom, far less people seem to care about security and exploits.
Starfighter sounds incredibly ambitious and fun. Patrick's part sounds like it'll be making fun of Bitcoin exchanges. And there's probably going to be a rush to build higher and higher level compilers for this emulator.
When this showed up in my inbox, I was so excited. I've got a few weeks of holiday starting tomorrow, perfect timing for once! For example with Microcorruption my problem was exactly that I did a few hours of it right when it launched, and then had forgotten everything a few months later when I next had time to look at it.
But then I got to the end of the email, and it turns out that it's the opposite :-) Guess it'll be playable just when it's back to the grind for me. But it does look incredibly interesting. And maybe having multiple separate things to do will make it easier to pick up after a bit of an absence; can just start on one of the other "tech trees" instead of having to redo old work to get up to speed.
Hmmm, personally, I have rather mixed feelings about this. I'd really like to be excited, but so far, I'm not. (And, on a somewhat tangential note, also I'm fairly surprised not to see any voices similar to mine here in the comments; am I the only one? hard to believe; or maybe others like me just shrug and don't bother to write? sounds more probable, to me at least.)
I tried to analyze my thoughts on that; I'll try to give some feedback/impressions, but please forgive if chaotic or otherwise flawed. So, in somewhat random order:
- I'm absolutely not interested in topic of "stock trading", or similar stuff. I'm not into trading/speculation, whether stock, currencies, or else. I don't like gaming others. Or PvP. So, if that's gonna be required, or important, sounds very much like something unfun to me. I like building stuff, and especially useful stuff. In my mind I characterize myself as "an engineer". And from this description, I don't see much in this area for myself. Even if I'm going to be building something here (some in-game "cyberdeck" of tools), I don't know how this could be practically useful for someone else, outside the game; so for now it sounds like wasted time and effort to me.
- From the original announcement, it sounded to me as an attempt at something revolutionary, appealing to a wide audience, and who don't have much free time they can put into this (but I may have overinterpreted, I dunno). Given my previous objection, I don't see how it is so, for now. Specifically, when/if I have free time, I prefer to put it into attempts at some open-source work, so that it would be useful to others, while also I could learn something. But when I don't have much time, I don't see how I could take part in the game in any meaningful way, such that my "score" could reflect my knowledge & abilities. In other words, for now it sounds like it requires some "grinding", and for me that sounds like wasted time (real world requires enough grinding). I don't really see how this differs from MicroCorruption (where I also didn't care to waste time on that), or other "CTF"s. Or, really, "an actual job". Only unpaid^H^H^H^H^H^H"paid" in virtual karma points/pixie dust ("score").
- The one thing that seems mildly interesting to me as of now, is the AVR theme. I'm somewhat hoping to dabble a bit in microcontroller programming (one of my many hobby project ideas). So, if I correctly understood that it's aimed to have a very faithful simulator of an AVR, I may at least learn something in this area, which may be easier than experimenting on real hardware. So, maybe the relatively "wide range of topics" (stock trading, AVRs, compilers, competition) might be the "revolutionary" aspect, so that there's higher chance everyone will find something for oneself? But if I'm willing to grind only on one aspect in-game, then my "total score" will probably be low, no? Unless at least the scores are multi-aspect, not totalled/averaged. Still, if I don't grind on other aspects, they won't show up in my profile, and will remain unknown to "potential employers", no? Also, back to the AVR theme, microcontrollers are closely related to electronics (i.e. very physical hardware: cables, soldering, analog voltages, timing, unexpected capacitances, coupling, etc.), and here I presume I won't be able to learn anything anyway.
All that said, I understand that this is kinda "2nd trailer announcement", and the stuff is not open to public yet, so the jury is still out.
We're appealing to a much wider audience than most CTFs, but we certainly aren't trying to appeal to everyone. You don't have to worry if none of this sounds fun to you; that doesn't make anything wrong with you, or us. We're just another thing that exists!
for now it sounds like it requires some "grinding", and for me that sounds like wasted time
I haven't seen enough info, either, but I got the same feeling. When I first read about Starfighter I thought "neat, maybe this is a way to avoid the obnoxious typical interview process by demonstrating what I can do with some kind of ranking system." The Starfighter site implies this "Starfighter is not here to fix the job interview. We're here to destroy it, and replace it with something better" http://starfighters.io/
From reading the OP, now it sounds like a way to filter out a few diamonds-in-the-rough in a very specialized area. The system may teach you something, but the people who will shine and rise to the top will (I think) have some natural talent that makes them stand out. What will the vast majority of players get from participating? And how many hours of time do you have to devote to this simulation before you get introduced to a company (if that even happens)?
Well, maybe I'm not the target market because I'd rather spend my free time building my own business than playing a game. I'm currently doing that. But if my business doesn't work out, and I need to go back to work at some point, I don't see this system helping me. I have no idea how much time it would take, and what the possible reward would be. I hope these questions will be answered eventually.
Since we're counting on lots of people who aren't in the job market to participate, if people get nothing out of Starfighter other than referrals to jobs, we're doing something very wrong.
The first Starfighter CTF is first and foremost a labor of love. I know the hiring angle dominates discussion of the concept, but I can't say this any more clearly: we are sinking all our energy into building the programming game we've wanted to exist for years. The thing we're building is only peripherally connected to hiring.
There's a lot of interesting engineering that goes into finance. It's hard to get into the domain where milliseconds are of crucial importance and not involve some seriously hairy engineering. Finance, even aside from the practical engineering aspects, can be full of deliciously crunchy theory and mathematics. It isn't all fifty year old frat boys getting shithammered in tawdry NYC bars (though that part can be fun too when they no longer care what is ordered on the corporate tab ;)). Consider this: google is essentially a gigantic clearinghouse for advertising, a topic I think few here are likely to feel deep personal passion about, and yet how much interesting tech have they cranked out over the course of their corporate existence?
As for reward for effort expended the goal seems to be finding interesting work, and this sounds like a lot more fun than taking time off work to go mumble about the same old things from Cormen while sweating in front of a whiteboard to me, but ymmv. Speaking only for myself, presuming for a second that I have time to mess with this when it is released (no sure thing, full time job and two young kids...), even if I don't get a job out of it, learning something about AVR, security, etc. sounds like a worthwhile return on time invested.
As to the engineering in finance & ads, I fully understand that, but the issue for me is with the topic and goal, or how it's gonna be used. So, this argument doesn't really work for me.
As to the second part, about finding work, that's much more interesting for me as some food for thoughts. Thanks!
I felt the same way, and I'm happy that I happened upon your post. It just doesn't sound interesting to me. Maybe I had my hopes too high, or maybe my idea over the course of dreaming about this ballooned to be something completely different. Or perhaps I just did not fully understand the concept at the time of that first blog post.
I'm a longtime professional developer and Starfighter doesn't appeal to me either. I don't see why I'd spend time on it instead of on paid work or a personal project or open source, all of which would demonstrate my value to an employer and reward me more than playing a game.
I've followed Patrick McKenzie since before BCC and this is the first thing that I don't get. Maybe it'd appeal to me if I played computer games.
Having said all that, I'm not meaning to be negative. Clearly it does appeal to some people. I really only wrote this so akavel would know that he/she wasn't alone! I think uninterested people generally don't comment and it's impossible to be against someone creating a product like this so naturally all the comments are from interested people.
Summary: Nothing against it, it's just not for me.
Here's our stock answer to this question, which seems to come up a lot:
A lot of very talented people won't want to participate. There are amazing engineers with families whose discretionary coding time is committed entirely to open-source projects. It is not our thesis that we can or should pull those people away from that work.
But those people also have no trouble getting noticed by employers.
Our target candidate is in the workforce but underemployed. They have an aptitude for solving hard, lucrative problems. But they've never had the chance to get their hands dirty, and so nobody will give them that chance. Our target candidate is a .NET line-of-business backend software developer at a boring insurance company who is secretly one of the industry's best distributed systems software debuggers. They shouldn't be wiring yet another database row up to yet another Struts HTML form. They should be optimizing the wire protocol for a RAFT implementation at a software company. Only: nobody knows that yet, not even that candidate.
Those people exist. We think they exist by the thousands. I ran a recruiting project at scale for several years looking for them. We found them, over and over again. It was an incredibly gratifying experience for me, and so: I started a company to do it full time.
You're not one of those people. That's just fine. We're just going to find some great new people for you to work with.
What we can add to that now is:
If you're the kind of person who will mess around with microcontroller assembly for fun, or who will write tooling for random APIs just to see what they can make them do, you might be interested in goofing around with the Starfighter CTF regardless of your professional interests.
We had to pick a couple things to start with, and we think we picked ambitiously: low-level systems programming and high-frequency trading.
How do you know you aren't? Have you tried a bunch of times and discovered that you don't enjoy it? Because I think you missed a sentence in my answer. :)
I'm excited that all the AVR I learned reverse engineering mouse firmware isn't going to go to waste. I honestly thought it was knowledge I would never use again.
At this point, my mental model of what this will be is a hacking version of Eve Online. That is, an online persistent world where people can work with and against each other. But through hacking a market, not waging war. This implies that there will end up being a non-hacking meta game, which I think is inevitable when enough people start doing the same thing.
Interesting. What are the thoughts of you and your partners on the collaboration aspects? That is, it is very likely that things like guilds (WoW) or corporations (Eve Online) will develop, even if they're not a concept inside the game. I have no first-hand experience with MMORPGs, but my understanding is that it's possible to spend all of one's time managing these organizations, and none actually "playing" the game. That is, for them, the game has become the organizational meta-game. (There's some famous Eve "player" who says he has not logged in for some length of time measured in years, despite being high-up in one of the largest corporations.)
What I'm getting at is the desired side-effect is for people to have something they use to show employers in the real world to say, "I am employable for doing this super hard technical work". But I can imagine that for some people, that part of the game would become the minority of it. What are your all thoughts on this? Maybe a way to show experience with technical project management? (I'm not being glib.)
If you read Patrick's bio on their web page he explicitly likens managing an mmorpg gruop to management.
I suspect they would view the evolution of that sort of culture as hugely successful & the incentives are setup such that they capture and try to place those people who are leading those groups. CTO placement also pays out at a pretty good rate I imagine...
If you've ever programmed assembly on the TI-99/4A, the TI MSP430 instruction set is an obvious evolution of the TMS9900 microprocessor. Looking forward to that being relevant to me again when playing Microcorruption, which I have not had a chance to get into.
Atmega chips are great. It's not really because of AVR architecture, but the options they provide are amazing - from standard built-in UART to a proper RF TX/RX. All on one chip.
I really liked working with Atmega (and AtTiny) hardware. So if you get a compiler chain that works for AVR because of the competition, you may as well continue and get a starter kit ;)
Great news! I played with matasano crypto challenges and Microcorruption. And as I understand this one is more greater and more enveloping. I was so excited when read "compiler theory" in the letter because I realized the LR(1) compiler engine in JavaScript, and these skills will help me in Starfigher I think.
Golang makes total sense for the kind of programmer who wants everything to be there on the screen in front of them. It’s like C in that regard - write code, the computer does what the code says, programmer is happy: No constructors, no destructors, no exceptions, no weirdness
But C has weird bits & odd corner cases. C isn’t type safe. C requires you to do all your own memory management. C is in fact full of landmines for the ordinary programmer (which is all of us, even the very best on a bad day) to step on inadvertently. What if you could have a language that acted like C, but was type safe, did do memory management for you, and had a decent standard library so you didn’t have to spend time writing yet another linked list implementation? Oh, and the one true concurrency scheme (Hoare’s communicating sequential processes) is built right in to the language, so you can write type-safe asynchronous systems without tedious boilerplate.
That language is Golang. Like C, it’s a wysiwyg language, unlike C it’s much harder to shoot your own foot off with it.
s/fine/crappy. Alas, all I can say is maybe. Because this emulator doesn't have some of the components that, say, an Arduino UNO might have, it doesn't support the entire AVR instruction set. For example, there is no UART support. I did write a bit that listens on a port where I could send the emulator keystrokes to mock up a UART (mostly just because I was stuck on something else and needed a distraction), but I didn't need IO, so there really is none, currently.
Uploading machine code -might- break something. But in a fun way, I think.
Interesting - I think this is probably the first piece of Erin's that I've read, and I found it really engaging. Definitely a love letter type of tone, and I guess I'm used to that a little having a lot of conversations work-wise with people discussing their 'my business is my baby' passion.
It was a great read for sure. But since it was called an announcement, I was expecting a "when we launch" in the first paragraph. Not a "this is not the announcement you were looking for" in the very last sentence of a 5 page post.
The world has way too much bland corporate/HR sanitized writing as it is. Besides when you are married to someone who is your equal and then some that is how some conversations go :)
What are you talking about? That's not what she said. She pointed out that the stack pointer is a I/O register, which was in fact so weird that we did in fact argue about it (she was right, I was wrong). Why did she write about that? I don't know, perhaps because people who participate in Microcorruption are going to program AVR stack pointers?
"Mansplanation"? Really?
It feels like no matter what someone writes --- an emulator, a TCP/IP stack, a Montgomery curve implementation, the world's fastest SMT solver, whatever --- there is always somebody, who always writes like they sound like "that creepy booger-nosed kid" from King of the Hill, to tell us how unimpressive the accomplishment is. Thanks, Clark Peters! You've struck again!
> What are you talking about? That's not what she said. She pointed out that the stack pointer is a I/O register, which was in fact so weird that we did in fact argue about it (she was right, I was wrong).
Yes, that's what I'm talking about, and that is what she said: You argued about something that is a fact (and well-documented) and thus simply not up for argument.
Previously I thought you were a group of experienced professionals with a proven track record of delivering great stuff. That made me pretty confident that Starfighter would be awesome. With this announcement that explains how you all did new stuff without building on that experience and it came out kinda crappy and buggy, haha, my confidence is diminished. I don't expect you to agree, but that is my impression from what I can gather from this announcement.
If you haven't yet, give Micro Corruption a try. It's the first thing I recommend when people ask me how to get started in application security, and everyone I've recommended it to loves it.
You don't need to know anything about security to finish the first level, but by the time you finish the last level you'll be a force to be reckoned with.
Best of luck to tptacek and co., the Samurai CTF team can't wait to play your next game.
[1] https://microcorruption.com
[2] I've since dropped out of school to work full time in security, and now compete on a top-tier CTF team. I couldn't even spell buffer overflow before Micro Corruption.