Announcing QuizDB: "Knowledge is Power"

Dormant threads from the high school sections are preserved here.
User avatar
UlyssesInvictus
Yuna
Posts: 845
Joined: Thu Feb 10, 2011 7:38 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by UlyssesInvictus »

UlyssesInvictus wrote: Sun Jul 21, 2019 11:29 pm - added a feature to hide question answers; you can enable this by default for all questions if you go to the settings page (this setting is itself off by default). Note that, like all settings, this is only locally saved (so it's device specific)
This was broken for the last day and a half b/c I switched up my nulls and undefineds, but it should work now. Hard-refresh the page, or explicitly toggle the setting a couple times, if you're still seeing the broken behavior.
Raynor Kuang
quizdb.org
Harvard 2017, TJHSST 2013
I wrote GRAPHIC and FILM
User avatar
UlyssesInvictus
Yuna
Posts: 845
Joined: Thu Feb 10, 2011 7:38 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by UlyssesInvictus »

More sets:

2018 ACF Fall
2019 PIANO
2019 PACE NSC
2019 The Unanswered Question
2019 NASAT
2019 Richard Montgomery Blair Academic Tournament

On my todo list:
2018 RAPTURE
2018 Sun God Invitational
2018 Scattergories 2
2019 Scattergories 3
2018 MKULTRA 4
2018 Fantastic Feasts and Where to Find Them

Sets that I only have PDFs of:
2019 BHSAT
2019 RULFO
2019 ACF Nats
Raynor Kuang
quizdb.org
Harvard 2017, TJHSST 2013
I wrote GRAPHIC and FILM
User avatar
UlyssesInvictus
Yuna
Posts: 845
Joined: Thu Feb 10, 2011 7:38 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by UlyssesInvictus »

Around 9 this morning, QuizDB started receiving very heavy load, which caused it to go down for everyone. Again, as this is a free site, I can't exactly just pay for massive servers, so if this is you, please stop, until I have to disable it temporarily for everyone.
Raynor Kuang
quizdb.org
Harvard 2017, TJHSST 2013
I wrote GRAPHIC and FILM
User avatar
UlyssesInvictus
Yuna
Posts: 845
Joined: Thu Feb 10, 2011 7:38 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by UlyssesInvictus »

Just updated QuizDB with the following sets:

2018 RAPTURE
2019 Spartan Housewrite
2018 Sun God Invitational
2019 ILLIAC
2018 Scattergories 2
2019 LOGIC
2019 Prison Bowl

If you're a developer, the latest DB dump in the bucket has been updated as well.

My planning doc (where I annotate which sets I've uploaded / am working on uploading / am blocked on uploading) is also now publicly visible here: https://docs.google.com/spreadsheets/d/ ... sp=sharing.

Some people have been asking how they can contribute / help upload, so I sent them a small guide. I plan to properly edit and publish that guide, but in the meantime, if you're also interested (especially for sets that you'd like to see uploaded, but aren't top priorities i.e. listed in my planning doc), feel free to reach out to me directly!
Raynor Kuang
quizdb.org
Harvard 2017, TJHSST 2013
I wrote GRAPHIC and FILM
User avatar
UlyssesInvictus
Yuna
Posts: 845
Joined: Thu Feb 10, 2011 7:38 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by UlyssesInvictus »

UlyssesInvictus wrote: Sun May 17, 2020 9:41 pm Just updated QuizDB with the following sets: [...]
The above, but with the following sets:

2019 BHSAT
2020 Oxford Open
2020 HFT XIV
2019 Chicago Open
2020 CALISTO
2020 Terrapin
2019 ACF Fall
2019 Early Fall Tournament

And as I always do, a reminder that I can only use Word packets -- I'm especially having issues finding Word files for HS sets, so please upload the original files if you have them there.
Raynor Kuang
quizdb.org
Harvard 2017, TJHSST 2013
I wrote GRAPHIC and FILM
User avatar
king_crimson
Lulu
Posts: 31
Joined: Tue Oct 01, 2019 9:04 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by king_crimson »

Just curious,

Wasn't 2020 Terrapin PIANO difficulty? It's classified under College Regs (7) right now.

Thanks!
Justin Chen
Langley HS 2018-2019
TJHSST 2022
permanently retired
User avatar
UlyssesInvictus
Yuna
Posts: 845
Joined: Thu Feb 10, 2011 7:38 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by UlyssesInvictus »

king_crimson wrote: Fri Sep 18, 2020 10:55 am Just curious,

Wasn't 2020 Terrapin PIANO difficulty? It's classified under College Regs (7) right now.

Thanks!
Thanks for the catch, fixed!
Raynor Kuang
quizdb.org
Harvard 2017, TJHSST 2013
I wrote GRAPHIC and FILM
User avatar
Santa Claus
Rikku
Posts: 285
Joined: Fri Aug 23, 2013 10:58 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by Santa Claus »

Hard to know how long this has been a problem since I've certainly never used the feature before, but attempting to copy an answerline with the provided buttons will give a confirmation that you have copied it but will actually put "[object Object]" in your clipboard. While we're on the matter, it also doesn't properly render quotation marks in the confirmation.

Tested out all the other buttons and it seems that the Wikipedia button attempts to grab all text between the first and last bolded characters, inclusive, with the default behavior being to fallback to using the entire answerline. While an interesting heuristic, this doesn't actually work very well for the majority of cases (in my case looking up "the Battle of the Bulge" attempted to find articles on "bulge") and it would probably work better for most of these options to just take all the text before the first square brace instead - I'm pretty sure that'll be more right more of the time. It could also try square braces first, then parentheses for those older sets that use those for alternate answers, but that's probably unnecessary.

Using the "search for this answerline again, with/without filters" button also doesn't change your URL.

Ugh I could probably just make a pull request for this - I guess I'll post this anyways for posterity.

EDIT: Pull request is in. I'll take a brief moment to shill for TypeScript - this wouldn't have happened if you had kept track of the types of the things you were trying to copy.
Kevin Wang
Arcadia High School 2015
Amherst College 2019

2018 PACE NSC Champion
2019 PACE NSC Champion
User avatar
UlyssesInvictus
Yuna
Posts: 845
Joined: Thu Feb 10, 2011 7:38 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by UlyssesInvictus »

Santa Claus wrote: Thu Mar 04, 2021 8:01 pm EDIT: Pull request is in. I'll take a brief moment to shill for TypeScript - this wouldn't have happened if you had kept track of the types of the things you were trying to copy.
Oh, trust me -- I created QuizDB before my first job, and I'm now in the point in my career where the first thing I do for a project is add linters and TS compilation.

Edit: Responded to your PR. Thank you for submitting!
Raynor Kuang
quizdb.org
Harvard 2017, TJHSST 2013
I wrote GRAPHIC and FILM
User avatar
UlyssesInvictus
Yuna
Posts: 845
Joined: Thu Feb 10, 2011 7:38 pm

Re: Announcing QuizDB: "Knowledge is Power"

Post by UlyssesInvictus »

Hello everyone,

Arham Jain recently messaged me and pointed out a potential security flaw in QuizDB, so I'm making a full disclosure now that I've taken action.

What is it?

For some time now, QuizDB tables have been fully publicly dumped, including admin tables with salted bcrypts (a relatively high level of encryption). These admin tables include user data such as emails and passwords. A normal bruteforcing method with today's processing power would likely be an unviably inefficient attack, but a dictionary-based attack that uses common passwords could see significant improvements in speed. Additionally, improvements in processing in the future may lower these time barriers in the future.

What is the risk to me?

Your highest level of exposure is having your email, password, and last known IP address of access you use for QuizDB's admin access potentially leaked (note that emails have already been available for some time if you reach a certain level of mod status in QuizDB). The concern is then greatest if you re-use this password on any other site. Additionally, if you use a common password for QuizDB, your risk is elevated further.

There is no risk to you if you have never used QuizDB's admin portal function. (That is, if you've only ever searched for questions normally, there is no risk.)

What should I do?

You should measure your own level of risk: if you use the same password on any other sites, then I advise taking action as soon as possible.

There is currently no way to update passwords on QuizDB admin (AFAICT). Instead, if you deem action necessary, message me and I'll personally delete your account, at which point you can either leave it deleted or create a new account with a new password.

What comes next?

I have already removed any publicly available instances of the databases. Unfortunately, because of significant time constraints in my regular work life, I do not anticipate the databases being re-made available with the offending tables removed for some time.

I sincerely apologize for the exposure and not understanding the risk earlier on. Please message me directly if you have any additional questions or concerns. I will likely not be able to reply directly in this thread.
Last edited by UlyssesInvictus on Sun Oct 31, 2021 1:27 pm, edited 2 times in total.
Raynor Kuang
quizdb.org
Harvard 2017, TJHSST 2013
I wrote GRAPHIC and FILM
User avatar
Good Goblin Housekeeping
Auron
Posts: 1100
Joined: Sun May 23, 2010 10:03 am

Re: Announcing QuizDB: "Knowledge is Power"

Post by Good Goblin Housekeeping »

I forgot about Moxon until now and honestly kind of miss people posting incessantly about it :party:
Andrew Wang
Illinois 2016
Locked