diff --git a/doc/ideas.txt b/doc/ideas.txt
index 0bf82e9..723a657 100644
--- a/doc/ideas.txt
+++ b/doc/ideas.txt
@@ -1,6 +1,5 @@
 Ideas for puzzles
 =================
-* Hide something in a .docx zip file
 * Bootable image with FreeDOS, Linux, Inferno? HURD?
   * Bury puzzles in various weird locations within each OS
   * Maybe put some in the boot loader, too
@@ -9,7 +8,16 @@ Ideas for puzzles
   * DHCP option
   * Single TCP RST with token in payload
   * Multiple TCP RST with different payloads
+  * http://10.0.0.2/token
 * PXE boot some sort of points-gathering client
   * Init asks for a team hash, and starts awarding points
   * Broken startup scripts, when fixed award more points
   * Lots of remote exploits
+* "qemu -net socket" vpn thingy and then...
+
+
+Capture the Packet
+------------------
+
+* Jim Meilander could teach a class about Bro
+* Use qemu -net socket,connect=10.0.0.2:5399 for capture the packet
diff --git a/mcp/src/puzzler.cgi.c b/mcp/src/puzzler.cgi.c
index 4c71c5c..2fdbe36 100644
--- a/mcp/src/puzzler.cgi.c
+++ b/mcp/src/puzzler.cgi.c
@@ -49,7 +49,7 @@ main(int argc, char *argv[])
     char *p;
 
     for (p = category; *p; p += 1) {
-      if (! isalnum(*p)) {
+      if ((! isalnum(*p)) && ('-' != *p)) {
         cgi_page("Invalid category", "");
       }
     }
diff --git a/mcp/www/ctf.css b/mcp/www/ctf.css
index 8bc503b..90fff8a 100644
--- a/mcp/www/ctf.css
+++ b/mcp/www/ctf.css
@@ -162,4 +162,6 @@ table.pollster thead {
     font-weight: bold;
 }
 
-
+table.scoreboard {
+    height: 400px;
+}
diff --git a/octopus/solution.sh b/octopus/solution.sh
index 3745ab0..a3b938e 100755
--- a/octopus/solution.sh
+++ b/octopus/solution.sh
@@ -1,14 +1,15 @@
 #! /bin/sh
 
 port=8888
+host=10.0.0.10
 
 blooper=$(tempfile)
 trap "rm $blooper" 0
 
-echo foo | socat -t 0.01 STDIO UDP:127.0.0.1:8888 | tail -n +4 > $blooper
+echo foo | socat -t 0.01 STDIO UDP:$host:$port | tail -n +4 > $blooper
 
 for i in $(seq 8); do
-    result=$(socat -t 0.01 STDIO UDP:127.0.0.1:$port < $blooper | awk -F': ' '(NF > 1) {print $2; exit;}')
+    result=$(socat -t 0.01 STDIO UDP:$host:$port < $blooper | awk -F': ' '(NF > 1) {print $2; exit;}')
     port=$(echo "ibase=8; $result" | bc)
     echo $port
 done
diff --git a/pwnables/service/eth0.pwn/run b/pwnables/service/eth0.pwn/run
index a6b4415..c5aeb14 100755
--- a/pwnables/service/eth0.pwn/run
+++ b/pwnables/service/eth0.pwn/run
@@ -1,8 +1,10 @@
 #! /bin/sh
 
-if ! [ -d /opt/mcp ]; then
-    hostname pwnables
-    ifconfig eth0 10.0.0.10 netmask 255.0.0.0
+if [ -d /opt/mcp ]; then
+    sv d .
+    exit
 fi
 
+hostname pwnables
+ifconfig eth0 10.0.0.10 netmask 255.0.0.0
 exec inotifyd true $(pwd):x
diff --git a/pwnables/service/sshd.pwn/log/run b/pwnables/service/sshd.pwn/log/run
new file mode 100755
index 0000000..4794c8e
--- /dev/null
+++ b/pwnables/service/sshd.pwn/log/run
@@ -0,0 +1,3 @@
+#! /bin/sh
+
+exec logger -t sshd
diff --git a/pwnables/service/sshd.pwn/rsa.key b/pwnables/service/sshd.pwn/rsa.key
new file mode 100644
index 0000000..f530471
Binary files /dev/null and b/pwnables/service/sshd.pwn/rsa.key differ
diff --git a/pwnables/service/sshd.pwn/run b/pwnables/service/sshd.pwn/run
new file mode 100755
index 0000000..1100af4
--- /dev/null
+++ b/pwnables/service/sshd.pwn/run
@@ -0,0 +1,10 @@
+#! /bin/sh
+
+exec 2>&1
+
+if [ -d /opt/mcp ]; then
+  sv d .
+  exit
+fi
+
+exec dropbear -r ./rsa.key -E -F