thesubtlecuttlefish said: Hi! I've just discovered Schemaverse and really excited about it. I seem to be running into problems executing make a ship queries - whenever I try to create a ship, the query won't execute (as in I press the button and nothing happens - not even an error message). Didn't work yesterday and again today. Is this a bug in the game or am I being a total n00b here? Have successfully executed other stuff, i.e. retrieving no. of planets.

Hello :D

It is quite possible that before you went to create your ship, you lost your home planet. Unfortunately, without a planet, you cannot build new ships. 

If this is the case, you have two options. The first is that you can wait until next round (they start every day around 10am EST), or for instant gratification, just create a new user account and you will get a new home planet right away. Don’t feel bad, we all use multiple accounts :)

Now, with that being said, the system was actually having some troubles today so that could have also been a factor in the problems you were seeing. I have that all sorted out now though so you should be good to go. 

Welcome to the Schemaverse! Please don’t hesitate to ask anymore questions as they come up. 

The Schemaverse Championships - DEF CON 21 in Las Vegas

<ExecutiveSummary> Holy crap, that went well. Thnx! </ExecutiveSummary>


Did I mention how well this contest went this year? I’m still kind of in awe to be honest. I don’t even know where to start. 

To truly describe how well this year went, I need to admit that last year was pretty much an absolute failure. My write-up last year may have slightly glazed over this fact but I think now is a good time to go into it. Anybody who runs a contest at DEF CON knows just how much work goes into it; months of planning, stupid amounts of money, pride-crushing emails to potential sponsors, and all-nighters of caffeine fuelled preparation for nights leading up to the conference - all while doing your best not to get fired from other grown-up responsibilities. We do it because we love DEF CON and we believe in our event, we know people will have an awesome time competing if they just give it a try.

Last year nobody tried. The only player was the same winner as the year before. 
I had to illicit friends remotely so it would at least look some some sort of competition was happening. 

It was painful to be involved in and, as confirmed by friends, painful to watch. But the response by people at the booth was completely positive! People absolutely loved the idea, they just didn’t have time to play. There was too much to do at DEF CON. I can’t blame them really, DEF CON has so much to offer, not everybody wants to get down and dirty in a SQL/AI competition. 

So what the #$%@ was I to do? Honestly, the option of folding the contest and just going back to a happy drunk stumbling around for DEF CON 21 never even came to mind. I HAD to fix it. This contest is just as weird as the folks in attendance and I was determined to find that niche of players. 

If time was the main complaint, I hoped to remove that hurdle. 

And so, The Schemaverse Tournament became The Schemaverse Championships and the Qualifying Rounds were added leading up to DC21. My hope is that this would force a few people to learn to play and prepare their AI scripts and infrastructure, long before their first drink in Las Vegas. I even bought Human badges for the winners to help get them there if they won the qualifier.

We ended up running three qualifiers leading up to the conference and another on the first day of DC21:
The First Qualifier - PGCon in Ottawa, ON
The Second Qualifier - Open, Internet Land
The Third Qualifier - Open, Internet Land 
The Fourth Qualifier - DEF CON 21 

The qualifiers ended up being fairly dominated by people I had met at the previous year who didn’t have time to play there but had since really gotten into the game. 

Running qualifiers also had another benefit of getting our name out there a lot more. With retweets from @TCMBC, @_DEFCON_ and @thedarktangent helping announce our results, it certainly helped legitimize the entire endeavour. 

In the true sprit of DEF CON, we even had somebody find an absolutely disastrous vulnerability at our PGCon qualifier, allowing them to DROP DATABASE Schemaverse if they had wanted to. This made them the second person in our four year history to award themselves the SQL Injection Trophy.

Alright, enough blabbering about how we got here, on to the Championships!

The championship round started with 69 registered users and about 20 who were actively ready to participate. This even included players who had never touched Schemaverse before who spent all night Friday getting ready until 4am, followed by large chunks of time at our booth stealing Internet and knowledge to assure they had a chance. 

AND….The round started with Shepherd taking over the entire map within three minutes, pretty much putting an end to the game. 

Rule Change! 
I absolutely love a good hack but I wasn’t having a repeat of last year where nobody could play, so a change was made to allow ships to spawn anywhere, rather than only on top of planets they own.

Once the new rule was put into place, we had ourselves a battle.


Cisphyx was quick to add a little happiness and joy to the battle, making friends - not war. He decided to only conquer planets within this happy face shape:


Impressively enough, he even managed to hold the happy face throughout the entire battle. 


The Results 

Another success! I was able to give out every single prize :D

First Place: Shepherd
Shepherds early hack no doubt gave him a huge advantage but the rule change still made it a close battle. Shepherd won with a final score of 300 points, and next to players had 100 (Yen) and 0 (Cisphyx). Negative points are extremely common in the Schemaverse.

Prizes: 



Holding Bitcoinopolis: RoboG 
This outcome was actually pretty funny, Yen almost took it home but due to a flaw in a hack he was performing, the Schemaverse player (user 0) was actually the real last player holding this planet. We decided to look at the player who was holding it before Schemaverse took it over and that player was RoboG.

Prize: 



Most Money: Yen 
Yen had a LOT of money at the end of the game was definitely deserving of the award… How he acquired his wealth was a tad suspicious though ;) [See Best Hack #2]

Prize: 



Best Hack #1: Shepherd 
Shepherd has been playing the game a couples months now but I have no idea how long he has been holding onto this hack. We knew something was up when he took over the entire map in three minutes, but we were left guessing about the hack until the end. Once the game was over, he was nice enough to let us in on the method.

I check for everything else during ship creation but apparently I forgot to make sure Range wasn’t being overridden. Whoops. This allowed him to build ships that could perform actions on any ships and planets he wished, regardless of where they were. 

It was as simple as: INSERT INTO my_ships(name,range) VALUES(‘Omnipotent’,2147483648);

Prize: 




Best Hack #2: Yen 
Given Yen’s impressive ability to acquire wealth, it was clear something was up here too. Luckily, for a chance at the best hack pot, he was happy to describe his methods. 

Yen, who had never even played The Schemaverse before coming to DC21, ended up spending a huge amount of time reading through the source and came across a real nice little vulnerability. He figured out how to confirm both sides of a trade. This let him add other player’s money to a trade and then confirm it over to his own player. He could also trade fuel and even ships to himself. 

Prize: 





Other Stats 
I always like to give some other random stats about what took place in the game. It certainly shows how much the game as grown over the years.

Total active players: 20 (!) - Out of 69 who signed up

Total actions that took place: 3,600,000+ 

Total Tuples Returned (for you database nerds): 160,000,000,000+

Time it took for the SQL scrolling across the screen to finish after the database was shut down: 25 Minutes


Sponsors 

As always, I must offer a huge thanks to all of our sponsors:




Final Thanks

The fine folks at SauceTel including: appl, rick, Candy, Cloin & tigereye. 
They help me run the contest, man the booth to the point of losing their voices and made sure there is a constant supply of booze. DEF CON is what it is to me because of these jerks\b\b\b\b friends.

PostgreSQL - Another year and no direct attacks on PostgreSQL itself! Thanks to all the core devs who somehow manage to keep making a stable product that happens to also be constantly rocking new features.

Pyr0 and his lovely band of misfits.
You guys gave me an incredible piece of real estate on the con floor and have done so for three years now. You put blind faith into something (and somebody) you know nothing about and hope that it fills a niche people are looking for. I hope we do not disappoint. 

Finally, thank you to absolutely everyone that walked by the booth and said Hi. I will not lie, having a booth where people come to YOU is a definite perk of running a contest. Thank you for the wonderful conversation and constant laughs. 



See you at DEF CON 22. I promise you The Schemaverse will return bigger and better than before. Don’t forget to go to our home page and play on the public server throughout the year to get ready!
-Abstrct 

www.schemaverse.com
josh [ at ] schemaverse [ dot ] com
@Abstr_ct

PSA - When trying to install plv8, don’t blindly clone the v8 dev branch

I just wasted way more time than I should have trying to get this working so I thought I would share my results. When trying to get plv8 installed, the compiling process would fail miserably every time. The error message pointed to include/v8.h as the problem but nobody else seemed to be having this issue on the internet, or more likely they just gave up and moved on with their life, settling for pl/perl. 

The full error message can be found here: http://pastebin.com/yB3wQiU7

After trying many different variants of flags while compiling V8, and a similar slew of options while compiling plv8, I finally took a look at the V8 repository on github and I noticed quite a bit of action in the include/* folder lately. 

Assuming all these latest changes were the culprit, rather than just cloning the repo as every single plv8 instructional document suggests, I cloned the latest stable branch (3.18 in this case):

git clone http://github.com/v8/v8.git -b 3.18 v8 && cd v8 

Once I ran my usual make commands (make native library=shared), and moved the files to their usual locations, compiling plv8 worked like a charm.

Every time I try to install plv8 on a new system it’s a brand new battle but hopefully this post will help somebody else out in the future. 

Schemaverse Championship Qualifier #1: PGCon 2013

The Schemaverse Championship will be held August 3rd at DEFCON 21 in Las Vegas, NV. This qualifier was just the first of many leading up to the championship.

We held our first qualifying round last week at PGCon 2013 in Ottawa, Ontario. This was a perfect place to start the qualifiers as PGCon sees many of the leading users and developers of PostgreSQL; meeting to discuss the past, present and future of the database we love.  

We had about 15 people sign up to play in the tournament over the span of the conference and, even though they were mostly new players, they did pretty well. Anybody who has tried the Schemaverse understands that getting familiar with the game in a short period is no small feet so we really commend the effort the players put in to compete.

So what exactly was everyone competing for and who took home the gold? 

Early Bird Winner

One license of Navicat for PostgreSQL - This software is the best commercial database DB interface and we were lucky enough to have another copy to give away.

This prize went to the player who was leading the pack at the end of the initial tutorial session. 

Big congrats to Greg_d128 for winning the Early Bird!  He was a tad shocked when his name was called but the system doesn’t lie ;)

Best Hack

The bought off zazzle official Schemaverse Best Hack Cup! 

This stylish mug, which features the slick Schemaverse elephant, was awarded to the player who disregarded what little rules The Schemaverse attempted to enforce and played their version of things. 

It was Foo who took home this prize. I won’t go into too much detail on his hack until the final championship is over but I will say that it involved the always fun trading system. 

In the end, Foo’s hack got him that sweet mug. but it wasn’t enough to get him the title…

Schema Supremacy

The Schema Supremacy - PGCon 2013 Hoodie
One badge to DEFCON 21 in Las Vegas, NV

The Schema Supremacy is the leader of the pack, the player with the biggest, baddest fleet by the end and the most conquered space to call their home. 

This year, at PGCon 2013, the title of Schema Supremacy was claimed by a Schemaverse veteran: funbuster. It was a very close battle between him and foo but, in this case, the legitimate player claimed the prize.  

Side note: Unfortunately, funbuster will be unable to join us in Vegas and graciously donated his prize to an auction run by PGCon. The proceeds of which went to a local Ottawa women’s shelter. We welcome him to play the Championship round remotely. 


Full list of Qualifiers

These folks may not have won the titles or the prizes, but they have successfully qualified to compete at the championship. We look forward to seeing these familiar faces at DEFCON 21. 

image

BUT WAIT!? Why was The Schemaverse down for a week after?

After everything was all said and done, and I was out of prizes to give out, I had another conference goer come up to me and suggest I take a closer look at the public SV database.

schemaverse=# select get_player_username(player_id), trophy.name from player_trophy inner join trophy on trophy.id=trophy_id where player_id=get_player_id('andres');
 get_player_username |        name         
---------------------+---------------------
 andres              | SQL Injection Proof
(1 row)

D:

The last person to get the SQL Injection trophy was two years ago and we suddenly had a new recipient award it to themselves!

I shouldn’t be surprised that a conference involving this many PostgreSQL folks had this happened but, in my defense, it was a really cool hack too!

So how did it happen? Andres was nice enough to point me in the right direction, informing me he used temporary schema elements (functions and views) along with the search_path. Since then I have been able to recreate the exact issue, and even implement a fix. 

This is an absolutely key lesson in database security and you should be very happy that the Schemaverse got to experience it, instead of your own applications. 

Let’s take a walk through the fun, starting off with one of many key functions within the Schemaverse. Any function that has the Security Definer declaration was prone to this problem, but we will look at get_player_id() as a simple example.

    CREATE OR REPLACE FUNCTION get_player_username(check_player_id integer)
  RETURNS character varying AS
$BODY$
SELECT username FROM player WHERE id=$1;
$BODY$
  LANGUAGE sql STABLE SECURITY DEFINER;

The above function is pretty simple, it just helps the Schemaverse hide the player table (which no player has direct access to), while still allowing players to access certain information about enemies in the game. Normally all other access to the player table would be done through the my_players view.  

So what could possibly go wrong in one little line of actual code? Turns out, quite a bit. If you are unfamiliar with the hierarchy of a PostgreSQL database, it goes a little something like this:

Cluster
- - Database
- - Database2
- - - - Schema (get it.. Schemaverse. Ha!)
- - - - Schema2
- - - - - - - - Table
- - - - - - - - Table2
- - - - - - - - FunctionN
- - - - - - - - ViewN

Or, in the Schemaverse, it looks something like this:

Cluster
- - Schemaverse
- - - - $user — Users Temporary Schema
- - - - public — Where the Schemaverse lives
- - - - - - - - player  (table)
- - - - - - - - my_players (view)
- - - - - - - - get_player_username(id)

Andres used his temporary schema, $user, to make a function and view, changing the hierarchy to look like this:

Cluster
- - Schemaverse
- - - - $user — Users Temporary Schema
- - - - - - - - player  (view)
- - - - - - - - win_trophy() 
- - - - public — Where the Schemaverse lives
- - - - - - - - player  (table)
- - - - - - - - my_players (view)
- - - - - - - - get_player_username(id) 

Where these new items were defined with code that likely looked similar to  these:

    CREATE FUNCTION pg_temp.win_trophy() RETURNS text AS
$$ 
    -- Trophy 12 is the SQL Injection Trophy
	-- Player 2 is my ID
	-- Round is given a value of 1 just to satisfy the constraint 
	INSERT INTO player_trophy(round, trophy_id, player_id) values(1, 12, 2); 
	select 'Owned'::text 
$$ language sql;

CREATE TEMPORARY VIEW player as 
SELECT pg_temp.win_trophy() as username, 2 as id;

And the end result? When public.get_player_username(id) is called, the SQL query inside calls the player table, which should actually refer to the  public.player table. Instead, when it is called, the users temporary space takes precedence, even inside the function! 

This means that when public.get_player_username(id) is called, the code inside calls the $user.player view, which is then defined to call $user.win_trophy(). Finally, the kicker, this switch over to the user defined function is still all performed AS SECURITY DEFINER, in this case running as the omnipotent being known as schemaverse.

It is important to note that the order of importance for the schemas in a database can be set using the search_path but this value is client side and should not be trusted. 


Some final words

The PGCon 2013 conference was a lot of fun and I am extremely grateful for the opportunity to bring the Schemaverse back for another tournament.  All and all it was a much better start on the road to the championship than I could have ever imagined. 

Of course, it couldn’t have happened without our sponsors. In no particular order, thank you to Navicat, The InfoBunker, PGExperts and PGCon themselves. You are all incredible for supporting our ridiculous game :)

Finally, thank you to those that played, discussed, visualized and broke the Schemaverse. 

-Abstrct 

The Schemaverse was hacked!

Well, that didn’t take long :) I wanted to leave the public database unpatched for a couple days to see how long it would take somebody to compromise it after the announcement of a serious vulnerability. About 24 hours after the release, this little file showed up in my /data directory. 

-bash-4.1$ ls -l
total 108
drwx------. 8 postgres postgres  4096 Oct  9 14:08 base
drwx------. 2 postgres postgres  4096 Apr  6 17:30 global
drwx------. 2 postgres postgres  4096 Apr  5 16:25 pg_clog
-rw-------. 1 postgres postgres  3982 Oct 29 11:10 pg_hba.conf
-rw-------. 1 postgres postgres  1636 Oct  9 10:10 pg_ident.conf
drwx------. 2 postgres postgres  4096 Oct 15 00:00 pg_log
drwx------. 4 postgres postgres  4096 Oct  9 10:10 pg_multixact
drwx------. 2 postgres postgres  4096 Apr  6 17:30 pg_notify
drwx------. 2 postgres postgres  4096 Oct  9 10:10 pg_serial
drwx------. 2 postgres postgres  4096 Oct  9 10:10 pg_snapshots
drwx------. 2 postgres postgres  4096 Apr  6 17:30 pg_stat_tmp
drwx------. 2 postgres postgres  4096 Apr  6 15:50 pg_subtrans
drwx------. 2 postgres postgres  4096 Oct  9 10:10 pg_tblspc
drwx------. 2 postgres postgres  4096 Oct  9 10:10 pg_twophase
-rw-------. 1 postgres postgres     4 Oct  9 10:10 PG_VERSION
drwx------. 3 postgres postgres  4096 Apr  6 17:26 pg_xlog
-rw-------. 1 postgres postgres 19660 Apr  4 08:59 postgresql.conf
-rw-------. 1 postgres postgres    71 Apr  4 08:59 postmaster.opts
-rw-------. 1 postgres postgres    72 Apr  4 08:59 postmaster.pid
-rw-------. 1 postgres postgres   535 Apr  5 05:33 SECURITY_RISK_PLEASE_UPGRADE_TO_9.2.4_NOW
-bash-4.1$ cat SECURITY_RISK_PLEASE_UPGRADE_TO_9.2.4_NOW 
?otFATAL:  no pg_hba.conf entry for host "***", user "***", database "-rSECURITY_RISK_PLEASE_UPGRADE_TO_9.2.4_NOW", SSL on
DETAIL:  Client IP address resolved to "c-***", forward lookup not checked.
?otFATAL: no pg_hba.conf entry for host "***", user "***", database "-rSECURITY_RISK_PLEASE_UPGRADE_TO_9.2.4_NOW", SSL off
DETAIL: Client IP address resolved to "c-***", forward lookup not checked.
-bash-4.1$

This kind ‘attacker’ could have easily destroyed the entire database. Instead, they just wrote me a nice note on my file system.

Now, as a good security professional, I get to rebuild a server. 

Please, please, please take this as a warning for anybody else currently running anything less than PostgreSQL 9.2.4, 9.1.9, 9.0.13 or 8.4.17. Vulnerability CVE-2013-1899 is serious and needs to be addressed immediately. Hiding behind a firewall will make this far less of a threat but please don’t rely on that, just patch your damn box!

For more details on the security release that resolves this issue, follow these links and get your servers patched!

http://www.postgresql.org/about/news/1456/

http://www.postgresql.org/support/security/faq/2013-04-04/

http://www.postgresql.org/download/

Playing with PostgreSQL 9.3

This version is still under heavy development but there are some really great features making their way in that I couldn’t wait to try. 

Here is a view I created demonstrating two new feature points including better JSON support and the LATERAL keyword.

 
CREATE OR REPLACE VIEW game_variables AS 
SELECT 
    json_get_as_text(rules->'vars'->generate_series, 'name') as name, 
    json_get_as_text(rules->'vars'->generate_series, 'private')::boolean as private, 
    json_get_as_text(rules->'vars'->generate_series, 'val')::numeric as val, 
    json_get_as_text(rules->'vars'->generate_series, 'description') as description 
FROM
    galaxy.game,
	LATERAL generate_series(0, json_array_length(rules->'vars') - 1)
WHERE 
	game.schema_name = current_schema(); 	
  
  

The ‘rules’ column is currently storing something like this:

   
{
    "vars":
	[
		{
			"name":"MINE_BASE_FUEL",
			"private":"false",
			"val":"15",
			"description":""
		},
		{
			"name":"UNIVERSE_CREATOR",
			"private":"true",
			"val":"9702000",
			"description":"The answer which creates the universe"
		},
		{
			"name":"EXPLODED",
			"private":"false",
			"val":"3",
			"description":"Tics taken for explosion"
		},
		{
			...
		}
	],		
	"round_end":{"type":"time","length":"1 day"},
	"map":{"type":"random", "size":"relative", "quantity":"1.05"},
	"tic":{"sleep":"60"}
}
    

The JSON support in 9.3 brings new functions, like json_get_as_text() used above, and also brings an in-line way of traversing through the tree where, as an example, json_column->vars->0->name would return “MINE_BASE_FUEL”.

This JSON support, when used in conjunction with a generate_series() call, and a join, allowed me to convert any JSON array of objects into a great looking view. The real key here was the second feature I mentioned, the LATERAL keyword.

Normally, using a column from one table, as part of the FROM clause would cause an error like so: ERROR: function expression in FROM cannot refer to other relations of same query level

With the new LATERAL ability, this is a thing of the past. In the VIEW example above, we use the size of the array, found by json_array_length on our rules column, and pipe that value right into the generate_series() function so limit the rows being returned by that number.

Minor note on the LATERAL command, you will not actually need to even specify this in the syntax. The magical PostgreSQL planner will figure it out on it’s own and do it regardless. I have just added it to show where said magic is taking place.  

Edit: The JSON feature used above is still under development and may not be in the 9.3 codebase yet. The code branch I am currently using that does have it can be found here https://bitbucket.org/adunstan/pgdevel/commits/branch/jsonapi

DEFCON 20 Tournament Results

Winners and Prizes

Schema Supremacy: Derpfish 
Prize: Supreme Commander Hoodie, Navicat for PostgreSQL
Congrats to Derpfish for his second win in a row!


Best in-game hack: nobody :(
Prize: $100
This was super depressing. Not a single person could come up with a fun way to gain an advantage in the game. Since nobody claimed it, this prize was bet on black Sunday night and I am happy to report that a fresh hundred was paid out. This means that next year the pot for this prize will be up to $300 cash. 



Next year
Oh yes, there will certainly be a next year. This year didn’t go completely as planned but it was another great learning experience. Make sure you get practicing for next year at http://schemaverse.com which runs all year round. 

The Qualifiers
We have learned that this game can be a bit hard to play if you haven’t prepared so, starting as soon as we have time for, we will be holding qualifying rounds for next years tournament. We have some pretty good ideas for where to hold them including:

-The Academic Qualifier
Want your school involved? Send me an email at josh [at] schemaverse [dot] com

-Conference Tournaments
Want a Schemaverse Tournament qualifying round run at your conference? I think it would be a pretty fun event for any conferences on security, programming, databases, etc. Again, if you are interested, send me an email at josh [at] schemaverse [dot] com

-The Public Qualifier
Can you get the Schema Supremacy Trophy in the public server? Your in, easy as that :D

Stay posted to schemaverse.com and @schemaverse on twitter for the latest details on the qualifiers as they come to light. 


Thanks goes out to a lot of people this year:

The Schemaverse Team
The Schemaverse Tournament wouldn’t be possible without the help of some awesome friends who help make it all happen. The folks at SauceTel including Tigereye, appl and rick as well as Cloin and Indigo, Thank you! 


Brad Johnson (http://dominored.com/)
This man handles all the Schemaverse branding including this year’s Supreme Commander Hoodie, our free pins and The Schemaverse’s awesome space elephant logo. 


Anewworth
This gentleman is the creator of the popular Schemaverse Visualizer that was on display this year. This brought a huge amount of new interest to our booth and really helped with explaining the game to new players.


Pyr0 and his band of Contest Goons
You had a lot of contests to run this year and from the perspective of a contest it all seemed to go really smoothly. Thank you and well done!


Navicat (http://www.navicat.com)
Now a supporter of The Schemaverse through three contests over a span of two years. As the only company who actually responded to my emails this year while we were in search of prizes, they deserve a big thanks for supporting the contest throughout it’s infancy. 


The Scavenger Hunt
Thank you ScavHunt team for the last minute addition of a Schemaverse bullet point on your list. You guys rock for doing your part to help the smaller contest get new interest!

TheCotMan
Almost forgot you! Im Sorry D: I still have no clue at all who you actually are but you put a huge amount of effort into running this forum and you are always helping to get any DEFCON related details out on to those who want to know. Any contests and events listed in the above forum owe you a huge thank you, The Schemaverse and myself included. 



Happy DEFCON and see everyone next year for DC21 :D
-Abstrct

DEFCON 20 Tournament Results

Winners and Prizes

Schema Supremacy: Derpfish 
Prize: Supreme Commander Hoodie, Navicat for PostgreSQL
Congrats to Derpfish for his second win in a row!


Best in-game hack: nobody :(
Prize: $100
This was super depressing. Not a single person could come up with a fun way to gain an advantage in the game. Since nobody claimed it, this prize was bet on black Sunday night and I am happy to report that a fresh hundred was paid out. This means that next year the pot for this prize will be up to $300 cash. 



Next year
Oh yes, there will certainly be a next year. This year didn’t go completely as planned but it was another great learning experience. Make sure you get practicing for next year at http://schemaverse.com which runs all year round. 

The Qualifiers
We have learned that this game can be a bit hard to play if you haven’t prepared so, starting as soon as we have time for, we will be holding qualifying rounds for next years tournament. We have some pretty good ideas for where to hold them including:

-The Academic Qualifier
Want your school involved? Send me an email at josh [at] schemaverse [dot] com

-Conference Tournaments
Want a Schemaverse Tournament qualifying round run at your conference? I think it would be a pretty fun event for any conferences on security, programming, databases, etc. Again, if you are interested, send me an email at josh [at] schemaverse [dot] com

-The Public Qualifier
Can you get the Schema Supremacy Trophy in the public server? Your in, easy as that :D

Stay posted to schemaverse.com and @schemaverse on twitter for the latest details on the qualifiers as they come to light. 


Thanks goes out to a lot of people this year:

The Schemaverse Team
The Schemaverse Tournament wouldn’t be possible without the help of some awesome friends who help make it all happen. The folks at SauceTel including Tigereye, appl and rick as well as Cloin and Indigo, Thank you! 


Brad Johnson
This man handles all the Schemaverse branding including this year’s Supreme Commander Hoodie, our free pins and The Schemaverse’s awesome space elephant logo. 


Anewworth
This gentleman is the creator of the popular Schemaverse Visualizer that was on display this year. This brought a huge amount of new interest to our booth and really helped with explaining the game to new players.


Pyr0 and his band of Contest Goons
You had a lot of contests to run this year and from the perspective of a contest it all seemed to go really smoothly. Thank you and well done!


Navicat
Now a supporter of The Schemaverse through three contests over a span of two years. As the only company who actually responded to my emails this year while we were in search of prizes, they deserve a big thanks for supporting the contest throughout it’s infancy. 


The Scavenger Hunt
Thank you ScavHunt team for the last minute addition of a Schemaverse bullet point on your list. You guys rock for doing your part to help the smaller contest get new interest!

TheCotMan
Almost forgot you! Im Sorry D: I still have no clue at all who you actually are but you put a huge amount of effort into running this forum and you are always helping to get any DEFCON related details out on to those who want to know. Any contests and events listed in the above forum owe you a huge thank you, The Schemaverse and myself included. 



Happy DEFCON and see everyone next year for DC21 :D
-Abstrct

The DEFCON 20 Schemaverse Tournament

Now the second year in a row, we are pretty excited to be bringing The Schemaverse Tournament back to Las Vegas this year for DEFCON 20. We learned a lot running the contest last year and we have put those lessons to good use to make this year’s competition even better.

The Schemaverse is, and always will be, a game for database geeks. The core of the game is proudly a PostgreSQL database server which all players have an account on. This year though, we realize that database geeks should not be the only DEFCON attendees that we recommend play. Any developers, programmers and scripters who want to try their hands at this space battle game are welcome to come join in on the fun.

One great example of how a player can get involved, while still staying out of the database, is a Ruby bot that was developed by a player by the name of Sailias. He has posted the story on his blog and the code on github if you want to fork it and play around yourself.

The advantage to the Ruby bot is that it can even be deployed straight to Heroku as a free worker. So, if you don’t plan on bringing a laptop to DC20, you can prepare your bot now by playing on the public Schemaverse server and then point the bot at the DEFCON database once the tournament starts. Now you are competing and not even missing a step at the con! 

New to The Schemaverse? There is still more than enough time to start getting yourself prepared to compete in the competition! There are lots of resources available to help get you started:


Registration
Where: Contest Area
When: All day, every day while the Contest Area is open

Prize: First 100 registrants will “win” a sweet DC20 Schemaverse button

There will be no deadline for entering the competition but realistically speaking you should be signed up by Friday morning if you are playing to win. 


Pre-tournament Round
Starts: Thursday at Noon
Ends: Friday at 11:30AM

Prize: Bragging Rights?

You will want to use this round to get all your scripts loaded and configured for the tournament. This way it is all ready to go when the real round starts up. 


Actual Tournament
Starts: Friday at Noon
Ends: Sunday 11:00AM

Prizes: 

Schema Supremacy: DC20 Schemaverse Championship hoodie
Get the highest final score and you can win an awesome looking hoodie :D


Best Hack: 1 License of Navicat for PostgreSQL
This one is completely judged by me. Keep in mind, if I don’t know about your hack then you can’t win the prize! I will keep the details to myself so any advantage is kept but you need to come gloat to me about it.


Game Settings
As anybody who has played the game tends to know, some of the settings change pretty frequently while we try to balance it out. For the tournament, I will likely keep the settings as they currently are in the public database. These settings are as follows:

Map Size=~3000 Planets

MAX_SHIP_SKILL=500
MAX_SHIP_HEALTH=1000
MAX_SHIP_RANGE=5000
MAX_SHIP_FUEL=200000
MAX_SHIP_SPEED=800000

MAX_SHIPS=2000

EXPLODED=3

If you don’t know what these settings are, you can do a select * from public_variable; to see an explanation of each (or run over to the tutorial:https://schemaverse.com/tutorial/tutorial.php ).


Our Contest Booth
Last year our Contest Area booth ended up being a great place to sit around and hack at the game and I am definitely looking forward to this happening again. I have requested a couple more chairs and maybe even an extra table but this may depend on space available in the contest area. 

Regardless though, please feel free to come by to learn more about the game, submit bugs, social engineer some strategy or just drink a beer with us. 

Of course, we will also have the visualizer up showing off the the leader board, the Schemaverse overall map and close-ups of battles taking place. So far this thing looks awesome :D

Sponsors
Our sponsor, Navicat, deserves a big thank you from us. They have been very kind in giving us licenses to use as prizes for both our DEFCON tournaments and our PGCon tournament. If you are in the market for some database software (regardless of the flavour), make sure to check them out! 


Questions and Comments
If you want anything cleared up, please feel free to contact me over on the twitter: @schemaverse