Neale Pickett
·
2021-02-24
puzzle.md
1---
2authors:
3 - neale
4debug:
5 summary: Making excellent puzzles
6answers:
7 - moo
8---
9
10Making Excellent Puzzles
11====================
12
13We (the dirtbags) use some core principles.
14If you're writing puzzles for our events,
15we expect you to bear these in mind.
16
17If you're doing your own event,
18you might still be interested in these:
19it's the result of years of doing these events
20and thinking hard about how to make the best possible experience for participants.
21
22
23Respect The Player
24---------------------------
25
26Start with the assumption that the person playing your puzzle is intelligent,
27can learn,
28and can figure out whatever you ask of them.
29If you observe in trial runs that they can't figure it out,
30that indicates a problem on your end,
31not theirs.
32
33
34Expect Creative Mayhem
35------------------------------------
36
37This is a hacking contest.
38People are going to be on the lookout for "ways around" your puzzles.
39This is something we want them to do:
40as a defender, they need to be always searching for holes in the defense.
41
42Here are some examples of "ways around".
43All of these have happened at prior events:
44
45* Logging into your appliance and changing the access password
46* Flooding your service off the network
47* Brute-force attacking your 2-letter answer
48* Photographing your printed list of answers while a team-mate chats with you
49* Writing a script to create hundreds of new accounts faster than you can remove them
50
51It's important to remember that they are here precisely to cause mayhem.
52If you set up a playground where this sort of mayhem ruins the experience for other players,
53we (the people running the event) can't penalize participants for doing what we've asked them to.
54Instead, we have to devalue points in your category to the point where nobody wants to bother playing it any more.
55
56
57Make The Work Easier than Guessing The Answer
58--------------------------------------------------------
59
60An important corrolary to expecting creative mayhem is that people are going to
61work hard to come up with creative ways to get points without doing the work you ask.
62
63It's okay to make your work about the same level of difficulty as guessing the answer.
64For instance, we use a few 4-byte answers.
65It would take about four hours to try submitting every possible answer,
66and if people want to spend their time coding up a brute-force attack,
67that is a constructive use of their event time and we're okay with it.
68Typically people give up on this line of attack when they realize
69how much time it's going to take
70(figuring this out is also a productive use of time),
71but once in a while people will go ahead.
72
73This means your answers need to be resistant to guessing and brute force attacks.
74True/false questions are, needless to say, going to result in us laughing at you.
75
76
77There's More Than One Way To Do It
78----------------------------------------------------
79
80Don't make puzzles that require a specific solution strategy.
81For instance,
82we're not going to allow puzzles that require a certain technology
83(such as "what is the third item in the File menu on product X's interface?").
84
85Rather, if your goal is to highlight a technology,
86you should create puzzles that show off how great the product is for this application,
87compared to alternatives.
88Something like "mount this file system from 1982 and paste the contents of the file named `foo`"
89might be trivial in a certain product and take hours by other means.
90That's fine.
91That's what we want to see.
92
93----
94
95The answer for this page is `moo`