What I will talk about in this blog is something a lot of people have been talking about on forums other than Codeforces, so I was a bit surprised that it has not been brought up on Codeforces in a visible manner yet (or the people being affected are themselves being cut off from Codeforces, so it is perhaps the perfect form of censorship).
Anyway, here are a few blogs that try to address this problem but to no avail — 1 and 2. Pretty sure that this blog will not help this cause much either.
This started out a couple of years ago — or at least long enough that I have forgotten how long it has been. The Codeforces main website, during contests, is never accessible to a few people due to Cloudflare blocking their access.
The users are completely helpless — you keep getting Cloudflare captchas on an infinite loop, without good reason. For others, it is a dead end asking people to "update their browsers because they are out of date" even when their mainstream browsers are up to date with the bleeding edge version, demonstrating a clear disrespect for certain browsers, or even just users that have ad-blocking plugins turned on. This is also sometimes a geo-blocking issue and/or an IP blocking issue.
This is not a one-off occurrence — people around the world face these issues with Cloudflare, enough that it has been branded evil by a ton of people for gatekeeping the internet.
Quoting one of the arguments against using Cloudflare in the comments:
I can be sure that they won't inject ads into my HTML pages.
But they will harass your visitors with captchas for no good reason. I also sometimes run into Cloudflare's "this website is using a protection service" with no way around; it turns out it's a geoblock because it does load just fine when I use a VPN through Germany. The internet was meant to be decentralized. The IP addresses were meant to be used for routing and for routing only, and otherwise treated equally.
A few days ago, this became much worse. What used to happen only during contests is now happening all the time. People have completely lost access to their CF accounts by virtue of not being able to access the website.
Why Codeforces has Cloudflare
The only reason I can think of is to protect itself against DDoS attacks. However, upon discussion with people who are well-versed in the internet security domain, it seems that even Cloudflare has some options that make this stuff more lenient while protecting the website sufficiently against abuse, and that the Codeforces configuration of its Cloudflare protection is just messed up.
Arguments against this nuisance
While I agree that security measures are crucial for the functionality of a website, the way they are implemented clearly makes the website unusable or frustrating for a ton of people (I estimate this number to be a sizeable chunk of all active CF users).
Here are some concrete reasons:
- Accessibility: With the initial measures in place, some people stopped doing contests altogether. One can only imagine the effect of this measure on the traffic of this website (which is something I am certain that the administrators care about).
- Uneven lag in contests: People report that Cloudflare sometimes keeps on loading for tens of minutes before they are able to even start working on the problems. This creates an unfair environment for some people.
- The purpose of an API is defeated: even the API endpoints are restricted, which does not make sense at all. All bots (Discord, competitive programming-specific IDE functionality) that help people (for example in training by choosing problems for them, or by making fetching samples more convenient) are now useless.
- Codeforces randomly lags a lot. I had been assuming that this is a server problem, but from talking to some people it seems like this is an issue with differential treatment of who is accessing CF.
What should be done
Either disable Cloudflare, or configure it properly. Earlier CF used to use a supercookie to track usage (still does), which was already pretty shady, so it is not like CF does not have a history of doing weird things.
Apart from that, I would like to invite the community to discuss other possible abuse-prevention measures that would help protect CF without all this clownery that has made it unusable. It is not unreasonable to ask for accountability when CF has become the de-facto competitive programming community website.
Tagging MikeMirzayanov for more visibility.
i got a cloudflare popup when trying to access this blog, for a second i thought it was intentional :/
Same happened with me ..lol
Now Codeforces keeps checking my browser, whatever that meant
It's literally discrimination by economic inequality and racist af. Remember when the problem statements couldn't even load on m2? How the fuck is it fair that all the high trust westerners read div2 A instantly while the "suspicious ip" southeast asians are stuck for 2 minutes on m2 codeforces because of the cloudflare wall with "Problem can't be loaded"?
Not to mention that all bots/extensions are completely broken because for some reason cloudflare applies to the api even when a contest isn't running. What is going on? (Oh, and what happened to "api will have trueRating"? Still not here?)
For div 2s and 3s even mine gets stuck for like 2 mins sometimes. This happened in yesterday's div 2 where I got the problem like 2 mins after the round started...
The bot that reviews Polygon problems has been off for a day because of Cloudflare. The final problem review of EPIC Institute of Technology Round August 2024 (Div. 1 + Div. 2), scheduled for yesterday, could only happen today.
I think this issue is more problematic when you also add the fact that servers in general have been very sluggish on various instances, with very long queues which take place during rounds (especially Div. 3 and Div. 4, which makes the least experienced contestants being the most affected by these structural issues) and more recently, during non contest times too.
Given the growth of the website in the last couple of years, I think it's important to assess these fundamental issues which affect the user experience as of late, because while it's nice to have a growing userbase and to boast about ever increasing records, it's not nice to have issues which occur more and more frequently with these solutions which are used here.
Personally I am willing to donate whenever the next crowdfunding session will take place assuming there are credible steps towards having Codeforces keep up with its growing userbase and I'm sure others share my sentiment too given the fact that in spite of its flaws, CF is still an excellent educational platform and the admins proved in the past that they can listen to the community.
And when exactly has a CF admin listened to the public within the last few years? Rampant cheating in every round, queues are longer than ever, statements don't load, mirrors don't work.... and what have the admins done? Oh yes, banning zh0ukangyang for having multiple accounts.
Let's look aside from the recency bias, there have been some useful features which have been added in the more far away past, for example the contest filters and the Polygon improvements (when it works at least) are some which come to my mind.
Plus if we look several years back, adding Div. 3 and Div. 4 have generally been a great success in terms of having a better experience.
It is important to criticize what is wrong (and you are right in your statement) but there have been good features added too. However, as the current blog shows, the way Cloudflare is handled here is a major issue.
In China, Cloudflare is a big speed bump. Connecting directly to the original server is much faster than using a Cloudflare CDN.
Yeah, and actually that are solutions other than cloudflare to DDos. Lots of large websites (by which I mean more than 10^6 users) use captchas when logging in.Github and Luogu are two good examples.
By the way, it took me 5 tries and about an hour to log in and make this reply
So real, I hope it'll be fixed
Im sick of this Cloudflare shit too. These stupid cloudflare appear on cf and lc. I hate em.
i would love to read this blog but gah damn it another captcha
Thank you for talking about this. A few contests ago something funny happened where I did a submission and it had the cloud flare mark. Now I expected it to go through, but it didn't get submitted. After submitting B I had to go to A and resubmit it.
Also many times submitting problems takes 30 sec-1 min extra. Like bruh.
It's curious that you don't remember, but few years back, Codeforces had not one, not two, but (AFAIK) at least three rounds unrated because certain participant had grievances and paid for a DDoS attack. I don't think labeling methods to prevent such attacks as ``shady'' is right.
I actually do remember that, which is why the last paragraph (and the first named section) exists in the first place. Such things are bound to happen when a community becomes too large, and there must be security measures in place for the website. My point was that it should not come at the cost of usability and user security, and such measures must be thought about very carefully.
Supercookies can be very easily used for nefarious purposes as well which is why I called it shady. They provide way too much information about the user, and if Codeforces gets hacked some day, it can have potentially devastating consequences for some users. It's not about trusting Mike or not, it's about providing only as much information as is necessary. Cloudflare was a better (but unfortunately misconfigured) step in this direction, but I find it odd that Codeforces still uses supercookies.
In Div4,this situation is very obvious,I submit mycode and I need wait 20~30min to get results.
It becomes difficult to access the website at the time of the competition. I have to use special means.
div3 also toooo
This brings me to mention the last time in Div4. I had finished writing problem D, and only then did the evaluation for problem A come out.
I think it would be better if every Codeforces contestant had to write their code by hand. I’m not talking about typing it into a text editor, but physically taking a pen to paper, scrawling out every line of code, and then mailing it to MikeMirzayanov himself.
The first and most obvious benefit would be an immediate and permanent end to DDoS attacks on Codeforces. Think about it: if everyone’s submissions had to be mailed in, there would be no servers to overload with a flood of online requests. Every would-be attacker would need a ridiculous number of stamps and envelopes to carry out their plans, and even if they did manage to send in a few hundred thousand pieces of mail, the sheer physical labor involved would deter most script kiddies.
If MikeMirzayanov had to read each submission by hand, contestants would suddenly care a lot more about the readability of their code. The thought of a real person (especially someone as respected as Mike) struggling through a mess of obfuscated variables and convoluted logic would be enough to make anyone think twice before submitting some random garbage. Cleaner, more thoughtful code would emerge, and who knows, maybe we’d all become better programmers as a result.
With submissions being processed by a human, the playing field would level out in terms of the speed at which solutions are evaluated. Everyone’s code would be subject to the same careful scrutiny, removing any advantage gained from fast internet connections or high-end hardware. The contest would become less about how quickly you can type and more about how accurately you can think, which is arguably closer to the spirit of competitive programming.
Seems like a good idea, but Mike is in Russia, and mailing submissions from USA to Russia is not possible because of the war and airline restrictions. I have a few ideas for how to fix this:
number 7 lmaooo
I just crawled exactly one API. I'm just looking at Luogu's Remote Judge. I just opened the console.
And I saw:
For example, in China, people used to do codefors on luogu by submitting remotely, but now, due to the enhancement of the CF mechanism of codeforces in the past two days, luogu no longer has access to the review information of codeforces, which makes it impossible for people to submit on luogu, and this is very inconvenient for people to use the customary This makes it very inconvenient for people to use some of the supporting functions that people are used to in luogu, and it also makes it inconvenient for people and coaches to keep good statistics on their work and training. I just want to reflect the bad influence on luogu now!
Because of Cloud Fare, Chinese Online Judges like Luogu&Vjudge often can't remote judge codeforces.
But Vjudge is Japanese Online Judge.
it always happened to me when i tried to enter a contest or in random times, i am using firefox in the latest version, but a solution i found is use another browser, i dont know why, but always i have the cloudflare trouble, i use waterfox (alternative version of firefox), so i can allow to do contest.
if disable cloudflare, then ddos will totally break the website down, then nobody can enter the contest, it's worse than using cloudflare
So is there a way to prevent ddos attack and not affect normal visit at the same time?
Look at this. https://pypi.org/project/cloudscraper/
I think there's a new browser checker, bc I don't see cloudflare loading anymore
I always get cloudflare popped up to check if I am a human.Sometimes it even takes me more than 10 minutes to access the problems.It really ruined my mood to compete in the contest!
Cloudflare has bullying/scammer sales practices which CF will eventually run into, at which point CF will look for a different provider during downtime. Best to look for a different provider ahead and quietly to avoid the downtime.
Dammit, cloudflare is back
Chinese are especially pissed…… LOL
Just hope mike can fix it ...
I even cannot use cf-tool to submit my code when the contest is running , causing much waste of time.
I wasn't even verified from the start of the race to the end of the race, so I had no choice but to use m1.codeforces.com and m3.codeforces.com (I'm in China)
A famous OnlineJudge in China called Luogu have to close the 'RemoteJudge' service to CF because of Cloudflare. www.luogu.com
Yep,we all need a better place of codeforces(no ddos),not stupid cloudflare never stop killing our tries to premote our ability ... I really hate it.
Easy to understand the reason,but possibly there is something that was made to hack Cloudflare captchas and was shown in public. https://pypi.org/project/cloudscraper/ I hope it's legal to use it.
MikeMirzayanov Look at this. https://pypi.org/project/cloudscraper/
I think you are right. The remotejudge on LuoGu won't work if Codeforces add this.
The current situation of Codeforces has led to a decrease in its traffic, and many APIs are not working, such as Luogu in China. This is undoubtedly regrettable.