
Project Euler Returns - garycomtois
http://projecteuler.net/news
======
hyperpape
I should preface this by saying that I love Project Euler--I spent a ton of
time there while learning to program. I also am impressed by anyone who
volunteers to create something for the community, and invests effort in
maintaining it.

However, not storing emails, and thereby giving up account recovery with the
explanation that it's about security is a shit sandwich.

My email is <myfirstname>.<mylastname>@gmail.com, a pattern I share with
millions of people. This is public information. I could spray paint my email
address on local bridges without in any way making my email less secure (cops
might complain, though).

I understand that some people have reasons to have private email addresses
that they don't want released (they'll give them to family, but not the
general public). They should never sign up for anything with those email
addresses, because the moment you sign up for things, you will almost
certainly be entered in a database somewhere, and eventually be spammed or
subjected to whatever other bad consequences you're concerned about.

Account recovery is a basic feature of a website (except those that contain
data too sensitive to have account recovery), and they're giving it up for
phantom security.

~~~
pgeorgi
The combination of email address + password (even hashed in some way) isn't
quite as public anymore.

Not having any personally identifying information doesn't protect your Project
Euler account, it protects your other assets.

~~~
hyperpape
This is a good point, and a reason to do the right thing with regard to emails
--which is to store a safe version of them (bcrypt).

Because while an email and a password is not public information, a username
and a password isn't public information either. If you don't trust yourself to
store the former, you shouldn't trust yourself to store the later much either.

~~~
stouset
Using bcrypt on email addresses is pants-on-head retarded. Please stop cargo-
culting cryptography.

How do you propose to look up accounts by email address if they use a salted
hash? You would have to bcrypt the email against _every row in the database_
until you found the correct one. If you use a username to do the lookup
instead, _why store the email address_ at all? You can't use it for anything.

~~~
hyperpape
You're right and wrong. Right because it's a crazy idea.

Wrong, because it's the logical conclusion of the belief that emails must be
treated with as much care as passwords. If you really think that, then you
need to encrypt them, and therefore you have to give up the ability to look up
user accounts by email address. All you could do is verify that a user-
submitted email is associated with a user-submitted account. That's where you
end up when you have that sort of paranoia about email addresses.

But that conclusion is, like you said, absurd, and I never should've implied
otherwise. I wasn't thinking when I wrote it.

------
philbarr
As far as I'm aware, Project Euler doesn't make any actual money, so you have
to give the team behind it a lot of kudos for actually taking the time to get
it back up and running.

Must have been really tempting to just sack it off as a bad job. Congrats to
the team!

~~~
n8m
Agreed! Well done guys!

------
hardwaresofton
If Project Euler is trying to make itself less interesting to hackers/less
vulnerable by storing less information(email), why don't they consider OAuth
for login?

I know OAuth has it's own warts, but isn't part of the point to offload the
burden of authentication to someone else?

Also, feel free to replace OAuth with Mozilla Persona or OpenID.

[edit] - s/storing less password/storing less information\\(email\\)/

~~~
hardwaresofton
Also, I've been thinking of this for a while, but Project Euler needs to be
open-sourced. I think this would help people who don't necessarily want to
contribute money. I thought rather than just making suggestions, I could make
a pull request for implementing OAuth/Persona/OpenID login -- then I realized
it wasn't open source...

I've been keeping this idea close to the chest, mostly because it's something
I want to do, but Project Euler could easily become a great training tool, an
easy-to-install packaged django application(I mention django for it's nice
out-of-the-box admin interfaces, doesn't matter what it is as long as it's
easy to manage for admins and users)

------
jonahx
> The decision to no longer store any private/personal information in no way
> reflects a lack in confidence of the steps we have taken to make the new
> website secure, but if history teaches us one thing it is that for every
> "unsinkable" Titanic built there will always be icebergs.

I love PE and I don't intend this question snarkily at all, but am genuinely
curious why securing a database of emails for a site as simple as PE would be
such a perilous problem? I know security in general is always more difficult
that it appears, but in this case I would have thought we were dealing with a
solved problem. I'd love to hear about why my assumptions are wrong.

~~~
Kenji
Security is never a 'solved problem'. There is always a trade-off between
usability, performance and security. Think of it this way: You run a server on
hardware that no single human understands fully. On top of that, you have some
devices for which pretty much the same applies. On top of that you have an
operating system consisting of millions of lines of code, and again, nobody
can fully grasp everything. On top of that, you have your webstack which adds
even more complexity. You are hooked up 24/7 to a network filled with
criminals.

Security is not just intrusion prevention, it's also detection and recovery.
PE chose to reduce the negative effects of a successful intrusion.

------
Bootvis
I have been curious for a while:

What is in the opinion of the HN community a good score on Project Euler?

For which scores do you tip your figurative hat?

~~~
neutronicus
Not scores so much as specific problems.

If I work on it for a week, get frustrated, google for solutions, and can't
find any, and you solved it, you're a beast.

Also if you solve 328 tell me how. And no, dynamic programming is not
efficient enough.

~~~
ghusbands
It's easier than you might think. Only read this comment as far as you need to
make a little more progress. These hints only apply if you're starting with a
dynamic programming approach. Also, they're only helpful if you do the work,
so I don't think they violate the spirit of Project Euler.

Is your dynamic programming table 2D? Maybe it should be.

Stop reading if that's progress.

Have you looked closely at the table content?

Stop reading.

Have you noticed how similar many parts are, under perhaps simple transforms?

Stop reading.

Try adding or subtracting your coordinates, to see more of the pattern.

Stop reading.

There's not just a within-row pattern.

Stop reading.

In the end, dynamic programming might not be the main trick. But you can make
your own way from here.

------
curiousfab
_Who_ returns, Project Euler?

Neither the news page, nor the "about" page, nor the front page of "Project
Euler" care to explain what this website is all about. Of course, I can guess
that it has to do with mathematical problems of some sort.

It is sad if you have to turn to Wikipedia to find out the basic details about
a website. A sentence or two of introduction would have made everything better
:-)

~~~
ohitsdom
Agreed, I had never heard of it and the about page was no help at all.

~~~
gknoy
On the off chance that other comments here haven't made it clear what it's
about, or that you haven't already looked it up, they apparently have a
Wikipedia article about them:

[http://en.wikipedia.org/wiki/Project_Euler](http://en.wikipedia.org/wiki/Project_Euler)

""" Project Euler (named after Leonhard Euler) is a website dedicated to a
series of computational problems intended to be solved with computer
programs.... Problems are of varying difficulty but each is solvable in less
than a minute using an efficient algorithm on a modestly powered computer. A
forum specific to each question may be viewed after the user has correctly
answered the given question. """

There are also several Github repos out there that have both the problems and
hashes of the answers. (Some have the actual answers, as well, or used to in
the git history, but presumably anyone interested in solving the problems is
more interested in the process than the score.)

------
rikkus
I created an account but couldn't log in. As I've had the same happen before,
I tried using only the first 32 characters of my password when logging in.
That worked.

Remember kids: Most software development isn't about puzzle solving and
algorithms, it's about making stuff like forms work properly.

Of course the puzzles and algorithms are fun, which is why I'm signing up for
PE again!

------
asgard1024
I wonder if the people behind Project Euler have names or it has all been done
by this prolific guy Bourbaki?

~~~
Xophmeister
Bourbaki was a French collective of mathematicians, working/publishing
together pseudonymously. I would therefore guess that the same kind of
structure is in place at Project Euler: It's not one guy, but a joint effort
operating under one name.

EDIT:
[https://en.wikipedia.org/wiki/Nicolas_Bourbaki](https://en.wikipedia.org/wiki/Nicolas_Bourbaki)

------
zerr
Btw, anyone has a list of subset tasks on this Project Euler more related to
pure CS/Algorithms rather than Math? Preferably mentioned the level of
experience. So far, as I can see, it is aimed for very beginners, right?

------
kbar13
it would be great if PE was open source :)

~~~
arikrak
Anyone interested in creating an open source version? It could have more
features - such as running the code online, and more topics - such as non-math
challenges.

~~~
burkaman
It's not open source, but
[https://www.hackerrank.com/](https://www.hackerrank.com/) sounds exactly like
what you're describing, in case you've been looking for something like that.

~~~
dragonwriter
There's a number of sites that are not open source that use coding tasks like
this and tie them with leaderboards and tie-ins to recruiters. As well as
hacckerrank, there is codeeval, and there are some others whose names escape
me at the moment.

But that doesn't really address a question about putting together an open-
source one.

There's also at least one similar-to-Euler one -- rosalind.info (like Euler,
but bioinformatics focus) -- which might be closer to responsive, since even
though its not open source, their FAQ says they intend to open-source it...

~~~
arikrak
Right, actually I created one as well.

------
ZacharyPitts
Well, I'm glad I have a git repo of all my solutions, so I can get back up to
my original 102 problems solved. And then go back to not doing it again
because it is too hard now.

------
rqebmm
What is project euler? The "about" page has lots of helpful information about
submissions and scoring, but nothing ABOUT what it is!

~~~
jleader
It's a site full of problems, which generally require some mixture of math and
programming skills to solve. You can trade off between the two. If your math
is good enough, some problems can be solved with pencil and paper. If your
programming is decent, some can be solved by brute force search. There's no
time limit, you don't show anyone your code, you just type a brief answer into
a text field, so the only constraint on the efficiency of your code is how
long you're willing to leave it running.

It's a lot of fun; the math involved can get pretty advanced on some of the
problems.

------
mathattack
Glad to see them back!

