
Stockfighter's Jailbreak CTF trainer is live - alt_
https://www.stockfighter.io/#jailbreak
======
j4pe
I rarely want to like a product more than I want to like Stockfighter, because
of both the people involved and the underlying concept.

But there are a million other things I want to sink time into improving.
Music, my Starcraft MMR, boxing. To finish a day hacking and coding, come
home, and - for months, if I want good results - do more hacking and coding
feels like an exhausting prospect. Even if the scenario is fun, it feels
contrived.

I'm not presenting any solutions. Maybe I'm just not the target market,
because I don't have the desire right now to code all day and then code some
more. But I wonder how big that target market is?

~~~
doktrin
> because I don't have the desire right now to code all day and then code some
> more

Tell me about it. Speaking only for myself, I have near-constant coder's guilt
- a term I just made up to describe the nagging voice in my head that keeps
telling me I should be coding more in my free time. It sounds something like
this :

"somewhere a rockstar wizard ninja is writing a C compiler in Haskell and here
you are wasting your time with Overwatch, you miserable slacker"

~~~
tinco
Hi man, I just interrupted my game of Overwatch because a colleague pointed me
to this comment. My C compiler in Haskell is located here:
[https://github.com/tinco/nanc](https://github.com/tinco/nanc) it's not fully
functional yet, but will be soon ;) Also, just got owned by a team with 3
tracers :(

edit: Just read what this thread is about. I really like to program, so much
so that I usually find an hour or two per day to code (not every day, check my
github streak if you want) Usually it's between 11pm and 1am, after dinner,
after a movie with my partner, when she's playing a video game or watching a
series, I do some coding.

So I also play video games or watch movies. I like competitive games, mostly
SC2, DotA and now Overwatch, but I don't worry about my MMR the way I used to
when I played over an hour per day. Compared to achieving a high MMR building
a ninja rockstar software project like a C compiler in Haskell is easy. Who is
going to compete with me? It's a crazy idea anyway! I just work on it a couple
hours per week, and after a year or two it'll be an impressive project no
matter what. It's got everything I learned in it.

Regaining the MMR I had in SC2 back in University will take me months of hard
practice, but when I feel like continuing my C compiler, the commits are still
there. The C compiler stems from a deep passion I have and a deep frustration
I feel with the state of the art, that's why even if I don't dev on it for a
few months, I'll go back to it eventually and continue. So... I can relax and
play Overwatch for an hour or two, no worries. (Overwatch is much more
forgiving than SC2 or DotA btw.)

~~~
doktrin
> Hi man, I just interrupted my game of Overwatch because a colleague pointed
> me to this comment. My C compiler in Haskell is located here:
> [https://github.com/tinco/nanc](https://github.com/tinco/nanc) it's not
> fully functional yet, but will be soon ;) Also, just got owned by a team
> with 3 tracers :(

Haha what an unexpectedly fantastic response. Kudos on your cool side project,
and triple Tracers sounds like the pinnacle of frustration :P (is this a new
meta? I was just watching a top tier EU game where one team rolled 3 tracers +
2 winstons)

> Overwatch is much more forgiving than SC2 or DotA btw

Couldn't agree more. I personally find SC2 almost too stressful to play
competitively these days (as a 30 year old fogey), and the match length of
your typical MOBA is also a major turn off for a casual like me.

> So I also play video games or watch movies. I like competitive games, mostly
> SC2, DotA and now Overwatch, but I don't worry about my MMR the way I used
> to when I played over an hour per day. Compared to achieving a high MMR
> building a ninja rockstar software project like a C compiler in Haskell is
> easy. Who is going to compete with me? It's a crazy idea anyway! I just work
> on it a couple hours per week, and after a year or two it'll be an
> impressive project no matter what. It's got everything I learned in it.

I'll be using your experience for inspiration. I also love coding -
particularly once I get started - but lack the discipline to make a habit out
of it in my spare time. Hopefully in a few months I'll have some similarly
interesting work to show for myself :)

~~~
tinco
Could very well be then! They played 3 tracers a winston and a Mei. (Winston
had a play of the game smashing four of us in Mei's ulti :\\)

I'm 29, experience the same with SC2, it's just not fun if all you can do is
to learn the meta and polish your mechanics.

Whatever you build, make sure it's test driven! Nothing beats sitting down to
work on your project and the only thing you need to do is to run the test
suite to remember what you should work on next. It also helps you chop your
project up in fun achievable sized bits. I make it a point ending every
session with 1 red test.

------
dcw303
I was lucky enough to beta test this so I've had time to clear the trainer
levels. And let me just say, wow. The tricks and turns you have to navigate to
get through this are some of the best fun I've had sitting in front of a
computer.

I like that people are evaluating this against things like Overwatch, because
for me, Stockfighter is a form of entertainment. I still play video games
occasionally, but in my growing adult years, I'm not able capture that same
rush from winning.

Not so with CTFs. Maybe it's because I'm a relative newbie, but the dopamine
rush I get from winning a level is incomparable. There is something about a
solve, when you get that brainfeel where you just _understand completely_ what
is going on, that is unique. Perhaps that's what black hat hackers feel when
they p0wn a system. The closest recollection for me is when I smashed through
that top level brick in World 1-2 of Super Mario Bros, and I could run across
the roof to win the level.

~~~
unknownkadath
Brainfeel...I like that word. I'm going to keep it.

------
tptacek
You all have great timing. It's very likely that something will melt down
soon, but I'm not going to notice, because I'll be in a chair getting my arm
inked up. It's going to be a nine-fives kind of day!

Mean feedback about the UI, especially if accompanied by an even meaner
summary of what you'd rather the UI does instead, is most welcome.

 _Later_

(Erin's Calcifer tattoo is taking longer than expected, so if you want to wait
like another 15 minutes before doing whatever unforeseen sequence of things in
the UI that will hard-panic all the servers, your timing will be perfect).

~~~
nathas
I was actually going to say I like the UI quite a bit at first glance. I
haven't bit in yet, but overall I really dug the layout.

~~~
tptacek
There are things I want to do with this UI that we couldn't do in
Microcorruption --- ways to make assembly a little more accessible to
programmers who aren't already from security or game development, where the
people who crushed Microcorruption came from --- because the assembly was a
flat marked-up blob of text. But there are definitely ways in which it's a
step back.

------
gue5t
The user interface is appalling. Whoever designed this has managed to produce
worse ergonomics than a single 1970s-style terminal, for essentially a similar
set of tasks (editing text+binary files and piping data through commands).

I see some discussion of "files", but seem unable to list them or explore the
filesystem. I don't know if this in-game filesystem is supposed to be on the
"AVR" device or an imaginary "developer machine". Where do the outputs of
running commands like "compile" go? Why can't I inspect the compiler? What
actually comprises the state of the system I'm interacting with? If this is
notionally to find good developers, why is the UI sandboxed inside a web
browser, where building and using tools (which is what good developers and
reverse engineers _do_ ) is incredibly painful?

Half the commands produce no output and make no visible change to any state,
e.g. "load garbage". Almost all commands silently ignore extra parameters.
There's _no tab completion_ , _no history search_ , commands don't even show
up in the output log...

Links and commands seem to randomly be assigned to either always open in new
tabs or load in the current tab of the browser, both in the "debugger" and
help pages.

Moving through command history puts the cursor at the left hand side of the
prompt. There's noticeable latency when single-stepping the program, which is
just astounding.

Did nobody try to use this shit, even a little?

~~~
nialo
I haven't tried this, but
[https://github.com/ketchupsalt/debugger](https://github.com/ketchupsalt/debugger)
might be of interest to you.

More generally, it's not actually sandboxed inside a web browser, you can
interact with system through REST-ish API as well. see
[https://starfighter.readme.io/docs/retrieve-device-
status](https://starfighter.readme.io/docs/retrieve-device-status) for some
documentation on that. It's obviously pretty inconvenient to get a full
debugger type experience that way, but I don't really see how they could make
it less sandboxed, given the constraint that the authoritative copy of
everything must run on their servers for security.

I do wish all the commands gave some sort of feedback, load in particular is
super frustrating that way.

~~~
gue5t
This line seems like a bug to me (assigning the int 16 to a variable that
should be of an enumerated type {I8, I16, I32, S, R}, though I don't know if
Go has those):

[https://github.com/ketchupsalt/debugger/blob/master/commandl...](https://github.com/ketchupsalt/debugger/blob/master/commandline.go#L73)

~~~
tptacek
There are probably a zillion little bugs in that thing (I haven't used it in
months) but if people really want it to work, I'm probably less than 4
concerted hours from making it workable.

------
citizens
"Starfighter is a new, weird kind of recruiting company. We detect and market
underpriced programming talent. We do that by creating opportunities for
programmers to casually and effectively demonstrate aptitude."

Having a hard time parsing this. Do you find underpriced talent and help them
get paid more?

~~~
pchristensen
Susie works making crud apps for a boring insurance company. She is a
brilliant programmer but due to where she lives, personal situations, she
hasn't faced a challenge that lets her know the extent of her abilities, etc,
she is working below her potential.

Susie creates a novel solution to one of Stockfighter's games. Stockfighter
uses that solution as evidence to present her to companpanies as a great
engineer. She gets job offers for more money, challenge, and satisfaction than
she currently has.

~~~
logicalmind
Is that really the problem though? In my circle, plenty of people are doing
the boring crud apps at random big company. The problem is that they're paid
very well. So taking a job that is more challenging often involves taking less
money, for more risk, with a small possibility of a payoff. Is there really a
surplus of highly interesting tech positions with better than average pay that
are desperately looking for people? If you're struggling to find talent,
you're probably not paying enough.

~~~
superuser2
>The problem is that they're paid very well

Are you sure? Tech companies you've heard of on the west coast (other than
Amazon) are paying their most junior people at least $100k. When I looked at
big boring insurance companies in the Midwest (toying with the idea of staying
close to home) I was seeing closer to $50k for entry level and $80k for mid-
career.

------
nsfmc
I know this is a low-quality comment, but i just want to congratulate the
whole stockfighter team for getting the jailbreak ctf out. it looks like it
was a ton of work and looks fantastic. as somebody who was excited about it
after trying my hand at microcorruption, i'm super excited to see this
finally. hats off!

~~~
nsfmc
one comment on the trainer: when you click on the Jailbreak link, it just
drops you into the debugger, if you, like me got lost, run the `tour` and then
click on the little person+ head and go to the documentation and go through
the quickstart.

yay!

------
lifeisstillgood
I am a bit worried that stock fighter is the wrong approach. If Susie wants a
better job inwould recommend my path:

\- if you want to find a better paying job, take each lunchtime and call every
job advert you qualify for that pays 20k more than you earn. Do this for three
months. You will get the raise.

\- even better is to supplement this with LinkedIN, blog posts, network
maintenance (when did you last have call or have coffee with your previous
boss?)

\- do this for the next three jobs.

You are now at the pay ceiling for your skill set. Well done.

Now ... err ...

Start your own business, preferably selling something that scales (your time
does not scale and you are selling it at pretty much the max - say 100-150k)

------
s3nnyy
Dev hiring is a sourcing problem, not a filtering problem.

The people behind starfighter are brilliant and I respect them big time. So,
probably they know what they're doin. I am excited to see how they want to
solve dev hiring since starfighter looks more like a product that does
filtering, not sourcing.

(I am thinking since a long time to build something that leverages Github to
find and reach out to engineers; e.g., when a company looks for Angular people
to just parse the Angular repo for engineers that watch / contribute to the
repository and reach out to them. if you have any ideas on this or want to
help, please shoot me a message).

~~~
lj3
It's both. They're focusing on the sourcing part, which is commendable, but
I'd still like companies to engage a better filter. The one most have now is
the equivalent to trying to hammer square pegs into round holes with bit of
wood they happened to find.

Unfortunately, changing that appears to be a very tricky social problem. It's
going to take a recruiter (or recruiting company) with such a great reputation
and track record that companies trust that recruiter's judgement in personnel
implicitly. But how?

------
mcphilip
Question: are frequency, consistency, and productivity important metrics for
bubbling up users that get noticed as really good candidates?

I poke around every now and then on stockfighter but am definitely not looking
for a job change in the near term. Is this use case something y'all support?

Thanks!

------
yagyu
wow, I just found microcorruption, now it looks like there's man-months of fun
ahead.

Technical comment: "forgot password"-link is not wired to anything? Not
working for me on FF at least.

~~~
awesomebob
The forgot password link doesn't work for me in Chrome either, but I found
this URL and it seems to work:
[https://www.stockfighter.io/ui/forgot_password](https://www.stockfighter.io/ui/forgot_password)

~~~
patio11
Fixed. (And yep, that is the correct URL.)

------
archimag0
Is the server struggling again? None of my input into the UI seems to be
having an effect.

~~~
tptacek
I'm getting crazy high latency just through the login page. Looking into it.
The emulator servers (a pair of m3.mediums) are barely breaking a sweat.

~~~
vox_mollis
Is the tour supposed to end abruptly at "this is r1" ?

~~~
tptacek
It is not! You are the third person to tell me that's happened. Looking into
it.

------
rando289
So it's proprietary?

