Gekko Percentage

Quote from encse

Mar 22, 2011 - 11:24:52

We should agree that a user without hints and wrong answers is a better player than an other one with wrong answers, even if they have solved the same problems. Right?

In theory but you have no way of knowing who has been getting hints from sources outside of Gekko, so.....

Quote from encse

Mar 22, 2011 - 11:24:52

How would you differentiate between them?

.... quite simply, I wouldn't.

Quote from encse

Mar 22, 2011 - 11:24:52

Or you just say, that it's an ever going fight, because there will always be cheaters with e.g. duplicated accounts, so it's impossible to make any difference?

Correct.

Quote from encse

Mar 22, 2011 - 11:24:52

Be a little more constructive guys. Any ideas?

I meant no offense and I'm sorry if you took any from my comments. I am simply saying, it is great in theory, but in my opinion it does not hold in practise.
How about a seperate points bank. Like: Start all users at 0 points for the site and 10 points in the 'hint bank' if they use a hint then they lose 5 points from the hint bank. When they solve the challenge, if they used a hint, then 5 points are added to the hint bank. If they did NOT use any hints then 10 points are added to the hint bank (as a reward) but for the MAIN site points each user gets the same amount regardless of using hints or not.
This way in the ranking you can show site points and hint points.

so example
player1 = 100% solved points = 10000 hint points = 35
player2 = 100% solved points = 10000 hint points = 20
player3 = 95% solved points = 9500 hint points = 55


You can see that player1 and player2 both at 100% have the same points (10000) but you can see that player 2 used more on-site hints than player 1 because their hint points are lower.
player3 however is only 95% solved with 9500 points so they are ranked below players 1 and 2 BUT you can see they used few hints to get there because hint points are at a massive 55.

Personally I would consider something like this.
Feedback?

Quote from encse

Mar 22, 2011 - 06:33:43

Well. I wouldnt have thought that this is such a pain for you guys.

I've played through a lot of challenges on a lot of sites and I've done alright, but on average I've gotten the right answer on the first try maybe something like 25-30% of the time. That depends a lot on how the site itself is set-up. Yours looks to be formatted in such a way that that percentage should be much higher, still, mistakes happen.

Quote from encse

Mar 22, 2011 - 06:33:43

1) I have to prevent trial and error in the solution posting.

If your solution passwords are moderately long and complicated you are talking about millions of possibilities. No one is going to manually guess their way through. That leaves...

Quote from encse

Mar 22, 2011 - 06:33:43

2) also a simple way to prevent actual brute force attacks.

Brute forcing millions of passwords means lots of attempts per second or the brute forcing will take a very long time. A delay of five seconds between attempts will make brute forcing very time consuming. I've also seen an attempt limit of 5 or 10 per day. That should also pretty much kill brute forcing.

Most people in most cases won't notice the delay of five seconds. If you get it wrong you have to go back and rethink anyway. If you know the answer and misspelled it, you'll have to wait five seconds but that won't kill you. It would be irritating to lose points over a typo though.

Quote from encse

Mar 22, 2011 - 06:33:43

3) helps ranking the perfect agents amongst the perfect agents

I believe that the 'hint bank' mechanism mentioned by sabretooth is a better way to do this. There are other methods also, though. I've seen sites track attempts but not punish for the attempts. That way, you can rank by score and then by attempts. Brainquest sometimes offers hints after x amount of time (0 seconds to several days). You don't have to look at the hint but if you do it is recorded. Some sites record "time taken to solve". I don't think this is a very good method as there are a lot of external factors that effect it.

Quote from encse

Mar 22, 2011 - 06:33:43

4) the solution checker accepts a wide range of solution formats (eg if you need to submit numbers, you are free to
select the separator).

That may be the case and I am happy to know that you have attempted to make the solution checker flexible. It is irritating to miss a challenge because the checker expects a different but equivalent solution format. I don't think your checker is going to accommodate all possibilities. It is a noble goal but a very difficult one. You are, in practice, going to be punishing for formatting errors.

Quote from encse

Mar 22, 2011 - 06:33:43

5) it's hard to come up with a wrong answer if you understood the problem and think that you solved it.

I haven't played enough of your site to comment directly, but I have seen this claim in other contexts and it didn't really play out true.

Quote from encse

Or you just say, that it's an ever going fight, because there will always be cheaters with e.g. duplicated accounts, so it's impossible to make any difference?

This one is tough and I don't know how to solve it. I'd start by tracking "time taken to solve". It should take more that a few seconds to solve a challenge. I'd track "solution frequency". Someone solving five challenges in three minutes is definitely suspicious. I'd track "solutions across multiple users". If two users consistently solve the same challenge within seconds or minutes it would be suspicious-- duplicate accounts or someone is passing answers to someone else. Tracking IPs should help. Two players solve the same challenge within a minute or two from the same IP would count as suspicious. You will never catch everyone and moving from 'suspicious' to 'proven' would be tricky but I'd think that some of these mechanisms should help.

Those are my thoughts. I hope some of it is helpful.

As far as the 'how to stop bruteforce' thing goes, I tried a couple of methods on my site and have stuck with quite an effective one.
after 10 attempts the user is then made to wait 10 seconds between each attempt.
After 20 attempts the user is made to wait 20 seconds between each attempt.
Its not foolproof but works well as a deterrent.
Plus I log attempts also (users have access to their own logs in their control panel) and am alerted if the log file becomes quite large in a very short time.

For Revolution Elite this works well, but everyone has their own methods

sabre

OK, I'll rethink this.Thank for the ideas.

Well although I still have reservations about the way this works, I registered ok and finished the very simple first challenge.

Wechall show me as 19.05% complete and 0 points for gekko... is this correct?

sabre

That's what wechall sees about you:

sabretooth:70:20:105:1:10:89

the meaning of the fields:
username, rank on gekko, your points, max points, # of completed tasks, # of tasks,# of players

I don't know how the site score on wechall is calculated from these.

I don't know neither how the score calculated from those datas but I managed to enter a wrong solution (again) so I lost one point on gekko, and i lost some score on wechall too, so I am pretty sure about the score doesn't come from # of completed tasks / # of tasks * 100. Btw, I think it is a really tough penelty because in my case it was just a small mistake in my algo...