diff --git a/docs/HowToPlay.md b/docs/HowToPlay.md index e387d7e7..54eb8bca 100644 --- a/docs/HowToPlay.md +++ b/docs/HowToPlay.md @@ -2,21 +2,16 @@ Quadblockquiz is a tetrominoes-like game that is part tetrominoes and part trivia quiz. Being honest, the trivia is to educate on -supply chain. +supply chain. ## 1. Getting started -This instance authenticates using GitHub -(see here for more) therefore you mush have a GitHub ID -and the conference organizers must have added you to -the authorized list. -If you are not yet authorized, see *here* for more info. +It will hopefully be setup so you can play +anonomously. +But signing in allows you to win prizes in the contexts. +You can authenticate with an existing GitHub account, +or establish a handle using your email. -![homepage](./home.png) - -Clicking on login will authenticate with Github. - -![login example](./login_example.gif) -**replace this with current example** +**replace this with some current example** ## 2. Playing @@ -39,64 +34,36 @@ Their fall is influenced by: To score the most points - Points accumulate with each tick of the clock - Completed rows are removed and add points (in addition to letting you play longer) -- Answering questions add points as well as potentially giving powerups -- Game ends when the quadblocks pile up and reach the top of the playing area +- Answering questions add points as well as giving you powerups +- Game ends when: + + you "lose" because the quadblocks pile up and reach the top of the playing area. Note this can occur via cyberattack or licensing lawsuit, not just by you letting the block accumulate + + you quit gracefully (ie by hitting space bar and then clicking on quit button) + + game times out after 10 min ## 4. Pausing / Questions -Typing the space bar pauses the game +Typing the space bar pauses the game. +Note "pauses" is a misnomer as it only pauses the falling of the blocks. +The game timer continues, and lawsuits and cyberattacks can still occur. -A topic screen is displayed, -allowing the player to either continue back to the game -or answer questions for points and powerups +When the space bar is hit, a topic screen is displayed, +allowing the player to either: +- continue back to the falling blocks part of the game, +- quit the game, +- answer questions for points and powerups, +- invoke powerups (see [Power Ups](./powerups.md)) ![topics](./topics.png) **replace this with current example** -## 5. Topics / Power-ups - -### 5.1 Supply Chain -- This is the supply chain sandbox so obviously everything is about supply chain. -- Questions in this section are historical and misc. -- Answering incorrectly loses points and you remain paused until you answer correctly -- Answering correctly gets you points. - -### 5.2 SBOM -- Software Bill of Materials is a critical element in supply chain risk management for both licenses and for vulnerabilities. It is also useful for software architecture (who needs 10 different modules with 27 different versions – all to perform the same function). -- More information at https://www.ntia.gov/sbom -- Answering incorrectly loses points and you remain paused until you answer correctly. -- Answering correctly gets you points and a ‘bomb’ powerup which allows you to ‘blow up’ one block (and if you answer enough SBOM questions, blow up an entire row) - -### 5.3 OpenC2 -- Automating the defense is a key to cybersecurity. Open Command & Control (OpenC2) is a standardized language for the command and control of technologies that provide or support cyber defenses. By providing a common language for machine-to-machine communication, OpenC2 is vendor and application agnostic, enabling interoperability across a range of cyber security tools and applications. The use of standardized interfaces and protocols enables interoperability of different tools, regardless of the vendor that developed them, the language they are written in or the function they are designed to fulfill. -- More information at https://openc2.org/ -- Answering incorrectly loses points and you remain paused until you answer correctly. -- Answering correctly gets you points and a ‘C2’ powerup which allows you to ‘command & control’ one block (and if you answer enough OpenC2 questions, an entire quadblock) to put where you want +See [Topics](./topics.md) for more on the various categories of topics +in the question and answer part of the game. -### 5.4 OpenChain -- The OpenChain Project helps to identify and share the core components of a high quality open source compliance program. OpenChain builds trust in Open Source by making things simpler, more efficient and more consistent. It is the industry-standard for managing Open Source compliance across the supply chain. -- More information at https://www.openchainproject.org/ -- Answering incorrectly loses points and you remain paused until you answer correctly. -- Answering correctly gets you points and a ‘Chain’ power-up which prevents black blocks (preventative upstream in supply chain) +See [Power Ups](./powerups.md) for more on what powerups are +and how they help defend against cyberattacks and lawsuits, +and help you get more points. -### 5.5 Phoenix -- Phoenix is a web development framework written in Elixir which implements the server-side Model View Controller (MVC) pattern. Phoenix provides the best of both worlds - high developer productivity and high application performance. It also has some interesting new twists like channels for implementing realtime features and pre-compiled templates for blazing speed. The 'let it fail' philosophy of the underlying OTP ecosystem makes it easier to design in both reliability and security. -- More information on Phoenix Framework at https://www.phoenixframework.org/ -- More information on Elixir at https://elixir-lang.org/learning.html -- More information on OTP at https://grox.io/language/otp/course and https://youtu.be/NYkwvVKlbU8 -- More information on Erlang Ecosystem Foundation at -- Answering incorrectly loses points and you remain paused until you answer correctly -- Answering correctly gets you points may get a ‘Rebirth’ powerup removing all blocks but keeps your score (and crediting points for the blocks removed), or may get you a ‘reliability’ powerup which "corrects" the vulnerable ‘black block’ into normal removable blocks. +See [Strategy](./strategy.md) for game strategy. +TL;DR - alternating between falling blocks and Question/Answer +is the best strategy. -### 5.6 Vendors -- this game, this sandbox, would not be possible without sponsors. Please read about them and answer easy questions to gain points and powerups (row delete) -- sFractal Consulting - Platinum Sponsor - designed this game, wrote software, funded additional developers, ... sFractal Consulting is a boutique software/cybersecurity consulting firm. - + sFractal Consulting strongly believes in Supply Chain Risk Management, and assists its clients with quantitative risk management, SBOM creation as part of the SDLC, and Open Chain. - + sFractal Consulting strongly believes in creating SBOMs for all software, but confesses to not always being able to walk that talk. SBOMs are available for this game, but not for all the software sFracal has created. sFractal Consulting commits to continuous improvement in this area and to slowly grow the SBOM corpus will all new software it creates or updates - + sFractal Consulting strongly believes in cybersecurity automation and is very active in OpenC2. For example the security of this website is under OpenC2 Control - + sFractal Consulting commits to improving it's OpenChain behavior, fully admitting it has not been a focus but intends to change that -- Podii - In-kind Sponsor - developed much of the quiz software for this game, building on the work of Grox.io. Podii develops "software done right". - + blah blah on supply chain, SBOM, OpenC2, OpenChain -- Grox.io - In-kind Sponsor - developed much of the quadblocks software that is the basis for this game. Grox.io teaches programming. The tetrominoes game that is the basis of this game is developed as part of a Grox.io course. - + blah blah on supply chain, SBOM, OpenC2, OpenChain -- Google - In-kind Sponsor - Google donated the GCP resources to host this game - + blah blah on supply chain, SBOM, OpenC2, OpenChain if we can get statements +See [Intro Video](./needtoadd) for a video with some examples. diff --git a/docs/powerups.md b/docs/powerups.md new file mode 100644 index 00000000..64824713 --- /dev/null +++ b/docs/powerups.md @@ -0,0 +1,127 @@ +# Power-Ups in Quadblockquiz - Supply Chain Edition +Quadblockquiz is a tetrominoes-like game +that is part tetrominoes and part question/answer quiz. +The question/answer less about what you already know, +and is more about educating on +supply chain cybersecurity. +This page is about the "power-ups" that you get awarded +in the Question/Answer part of the game. + +## 1. Getting started +The purpose of the game is to learn more about +supply chain cybersecurity in a fun way. +See [How to Play](./HowToPlay.md) to get started. + +## 2. Question/answer +The best strategy is to switch back and forth between +the falling blocks part of the game and the question/answer +part of the game. +You switch from falling-blocks to question/answer by +hitting the space bar. +You switch back by hitting the 'continue' button. +Note "pauses" is a misnomer as it only pauses the falling of the blocks. +The game timer continues, and lawsuits and cyberattacks can still occur. +Staying too long in either section will almost certainly +result in unforseen bad things happening. + +This page is about the powerups +which you earn in question/answer part of the game, +and you use in the falling blocks part of the game. + +## 3. Powerups +In addition to continue/quit/topics, +hitting the space bar also shows you the powerups you +have already earned, and allows you to use them. + +Powerups are earned by answering questions correctly. +Each question has one powerup associated with it. +When you answer the question correctly, +you get the points added to your score and the powerup +added to the power bar. +Note you can have more than one of any powerup. + +You use the powerup by clicking on it. + +The different types of powerups are described below: + +### 3.1 Add Block + + +Add block allows you to add one block in any open spot +on the board. This is handy for completing a row. +Note a row doesn't complete when you add the block, +it completes when the next falling block hits the brickyard +(the jumble of blocks at the bottom of the board). +This allows you to complete multiple rows at one time +for exponentially increasing amounts of points. + +To use an add-block, click on it's icon and the game board +will appear. +Click on the spot where you want to add the block and it will place it there. + +### 3.2 Move Block + + +Move block allows you to pickup and move a block from one spot to another. + +### 3.3 Delete Block + + +Delete block removes the block you select from the board. +This is one way to get rid of vulnerabilities or licensing issues. + +### 3.4 Fix Vulnerability + + +Fix vulnerability allows you to "fix" a vulnerability - ie change it from a block +with a vulnerability back to a normal block. +Recall if you get too many vulnerabilities, you will be cyber attacked. + +### 3.5 Fix License + + +Fix license allows you to "fix" a licensing issue - ie change it from a block +with a licensing issue back to a normal block +Recall if you get too many licensing issues, you will be sued. + +### 3.6 Remove All Vulnerabilities + + +Remove all vulnerabilities removes from the board (leaving a blank spot) +all blocks with vulnerabilities. + +### 3.7 Remove All License Issues + + +Remove all licensing issues removes from the board (leaving a blank spot) +all blocks with vulnerabilities. + +### 3.8 Slow Down + + +The quadblocks part of the game operates most of the time at a reasonable pace. +But if you find that is too fast, you can slow it down one speed notch with the +slow-down powerup. + +Where this powerup is particularly useful is during a cyberattack since cyberattack greatly speeds up the pace of the game. + +### 3.9 Speed Up + + +Speed up is the opposite of slow down - it speeds up the pace of the game by one notch. +This may be because you want to accumlate points faster (assuming you can keep up), +but most likely is because you've been hit by a lawsuit whh slows the game down to a glacial pace. + +### 3.9 Clear Blocks + + +Clear blocks totally empties the board - but keeps you point total. +There are many situations where this is useful. Maybe you are accumulating too many vulnerabilitiea and are about to be cyberattacked. Or maybe you have been cyberattacked or are being sued in a lawwuit. Or may be you just have too many blocks in the brickyard. + +### 3.9 Superpower + + +Superpower is a powerup that you can trade if for another powerup - which ever one you need. This is the wild card of powerups and is very handy to have. +Note it is a two-step process. Clicking on the superpower icon lets you pick which other powerup to add to list. THen you must actaully click on that new powerup to use it. + + diff --git a/docs/strategy.md b/docs/strategy.md new file mode 100644 index 00000000..8df68891 --- /dev/null +++ b/docs/strategy.md @@ -0,0 +1,182 @@ +# Strategy for playing Quadblockquiz + +Quadblockquiz is a tetrominoes-like game +that is part tetrominoes and part question/answer quiz. +The question/answer less about what you already know, +and is more about educating on +supply chain cybersecurity. + +## 1. Getting started +The purpose of the game is to learn more about +supply chain cybersecurity in a fun way. +See [How to Play](./HowToPlay.md) to get started. +See [Question and Answer](./topics.md) for how the questions are organized. +See [Power Ups](./powerups.md) on the powerups. + +This page is background on how the game works +ie things you should take into account when developing your strategy. + +## 2. Time +There is a game clock. +The game will terminate at 10 minutes if you haven't terminated it sooner. +Note the game clock runs regardless of whether you are paused. +The game clock is more obvious in the quadblocks section of the game, +but note it is still present even if you can't see it in Q&A. + +Most people will want to use as much of the game clock as they can. +I.e. the longer you play, the more points you will get. +In general this is true, but several things can impact. +Cyber attacks and Licence Lawsuits are more likely the longer you play, +so watch your vuln and issue counts. +And it 'should' record your point total correctly if you timeout, but there +have been issues with recording your point total correctly if you lose your network connection (so you might not get credit for having played). + +There are some large bonus point potentials mentioned in subsequent sections. +There is a tendency to try to get the highest "multipliers" before cashing in. +But don't wait too long because the might game time out. + +## 3. Falling Blocks +Like other tretromino games, you accumulate points with each tick of the clock on falling blocks. There are different speeds which you control with speed-up and slow-down powerups. Besides just occuring faster, you get bonus points for the higher tick speeds. And you get points for clearing rows - see section XX. + +## 4. Vulnerabilities +Vulnerabilities occur after a certain amount of technical debt occurs, +as shown by one of the counters on the screen. +They also occur randomly on falling blocks and when questions are answered wrong. + +A row can not be cleared if it has a vulnerability in it. +A cyber attack occurs when there are 5 vulnerabilities on the board. + +If all you did was play falling blocks, eventually you would be cyberattacked, lost most of your points, and the game would be over. + +To counter vulnerabilties, you must use powerups which you get by answering questions. +Powerups of particular use are: +- delete block, +- fix vulnerability, +- remove all vulnerabilities, and +- clear blocks. + +## 5. Cyber Attack +A cyber attack is bad, and you should attempt to avoid. +A cyber attack occurs when there are 5 vulnerabilities on the board. +When a cyber attack occurs, +the clock speeds up to very fast (ie you have little time to respond), +extra blocks are added causing the board to fill up, +and points hemorage away. +This emulates the hackers operating at machine speed, +and you losing lots of money. + +If you haven't been able to prevent the attack, +then hit the space bar as soon as the attack occurs. + +If you don't have the appropriate powerups, you can attempt to get them +from answering questions (but note the game will continue even when paused), +or you can cut your losses and quit the game with your current score. + +The powerups that might be useful in a cyberattack are: +- delete block, +- fix vulnerability, +- remove all vulnerabilities, +- clear blocks, and +- slow down + +## 6. Licensing Issues +Licensing issues occur after a certain amount of technical debt occurs, +as shown by one of the counters on the screen. + +A row can not be cleared if it has a licensing issues in it. +A licensing lawsuit occurs when there are 5 licensing issues on the board. + +If all you did was play falling blocks, eventually you would be sued, lost most of your points, and the game would be over. + +To counter licensing issues, you must use powerups which you get by answering questions. +Powerups of particular use are: +- delete block, +- fix licensing issue, +- remove all licensing issues, and +- clear blocks. + +## 7. License Lawsuits +A license lawsuit is bad, and you should attempt to avoid. +A license lawsuit occurs when there are 5 licensing issues on the board. +When a license lawsuit occurs, +the clock slows to extremely slow, +extra blocks are added causing the board to fill up, +and points hemorage away. +This emulates the courts and lawyers costiing you lots of money, +and tieing up your business. + +If you haven't been able to prevent the lawsuit, +then hit the space bar as soon as it occurs. + +If you don't have the appropriate powerups, you can attempt to get them +from answering questions (but note the game will continue even when paused), +or you can cut your losses and quit the game with your current score. + +The powerups that might be useful in a lawsuit are: +- delete block, +- fix license issue, +- remove all licensing issues, +- clear blocks, and +- speed up + + +## 8. Q&A Point Multipliers +Answering questions correctly gets you points. +There is a multiplier on the points for each question, +that increases if you have played more blocks in the +falling blocks part of the game. + +For example, if you hit the space bar before the first block +falls to the brickyard, the first question in OStart would be +worth 25 points for a correct answer. + +But if you let first brick touch the brickyard before answering +that same question, it would be worth 50 points because it has a multiplier of "2". + +The multipliers are: +- 1 for zero blocks +- 2 for 1-9 blocks +- 3 for 10-19 blocks +- 5 for 20-49 blocks +- 7 for 50-99 blocks +- 11 for over 100 blocks + +Note points increase as you do more questions in a category. +But they aren't the same in all categories. +There are a few really hight point questions sprinkled randomly throughout. +In the ideal play you would answer a high point question after +having a large multiplier. + +## 9. Clearing Multiple Rows at once +It is possible to clear multiple rows at once. +This is because row cleaing is only computed when a falling block falls +into the brickyard. +Therefore you can use powerups to move blocks, fix vulns, add blocks, etc +while the game is "paused" and multiple rows will clear when the next +falling block touches the brickyard. + +There are bonus points for clearing multiple rows at once - and they go up exponentially. Ignoring multipliers (see next section), the points for clearing rows are: +- 1 row = 200 points +- 2 rows = 400 points +- 3 rows = 800 points +- 4 rows = 1,600 points +- 5 rows = 3,200 points +- etc + +## 10. Row Clearing Muliplier +As the previous section showed, clearing rows gets you points. +There is an additional multiplier on clearing rows that rewards you +for having answered questions correctly. The multipliers are: +- 1 for no correct answers +- 2 for 2-9 correct answers +- 3 for 10-49 correct answers +- 5 for 50-99 correct answers +- 7 for 100-299 correct answers +- 11 for >300 correct answers + +Note those higher multipliers are impossible in 10 min, +plus there aren't that many questions. +But answering 10 questions is reasonable +and it turns the points for 5 rows +from 3,200 points to 9,600 points. + diff --git a/docs/topics.md b/docs/topics.md new file mode 100644 index 00000000..4f821bb7 --- /dev/null +++ b/docs/topics.md @@ -0,0 +1,129 @@ +# Categories/Topics in Quadblockquiz - Supply Chain Edition +Quadblockquiz is a tetrominoes-like game +that is part tetrominoes and part question/answer quiz. +Being honest, the question/answer is to educate on +supply chain cybersecurity. + +## 1. Getting started +The purpose of the game is to learn more about +supply chain cybersecurity in a fun way. +See [How to Play](./HowToPlay.md) to get started. + +## 2. Question/answer +The best strategy is to switch back and forth between +the falling blocks part of the game and the question/answer +part of the game. +You switch from falling-blocks to question/answer by +hitting the space bar. +You switch back by hitting the 'continue' button. +Note "pauses" is a misnomer as it only pauses the falling of the blocks. +The game timer continues, and lawsuits and cyberattacks can still occur. +Staying too long in either section will almost certainly +result in unforseen bad things happening. + +This page is about the question/answer part of the game. + +## 3. What are Topics/Categories +The questions are usually multiple choice, +and are designed test your knowledge of a particular topic, +or to teach you about that topic if you don't already know. + +Each question has several parts: +- background +- question +- possible answers +- skip the question +- points + +Since this is a game with a finite time limit, you don't want to spend time +reading the background if you already know the answer. +However, even if you know nothing about the subject, +you should be able to answer the question with the information provided +in the background section. + +For example, the answer to the question "What does C2 stand for in OpenC2?" +can be found in the background sentence "Open Command & Control (OpenC2) is a standardized language for the command and control ...". + +Also included on each question is the points for correctly answering, +and the powerup you will gain. +See [Power Ups](./powerups.md) for more on what powerups are +and how they help defend against cyberattacks and lawsuits, +and help you get more points. + +Check if above still true???? + +The questions are divided into categories +and tend to go up in value the deeper into the category you go. +The different topics will each be described in the following sections. + +## 4. Topics or Categories of Questions + +When the space bar is hit, a topic screen is displayed, +allowing the player to either continue back to the game, quit the game, +or answer questions for points and powerups + +![topics](./topics.png) +**replace this with current example** + +## 5. Topics / Power-ups + +### 5.1 0Start +- Start here. Besides teaching you how to play the game, it contains some powerful powersups. + +### 5.2 Sponsors +- this game, would not be possible without sponsors. Please read about them and answer easy questions to gain points and really good powerups/ + +### 5.3 Village +blah blah + +### 5.4 Automation +blah blah + +### 5.5 CACAO +blah blah + +### 5.6 CSAF +blah blah + +### 5.7 IoB +blah blah + +### 5.8 Kestrel +blah blah + +### 5.9 OCA +blah blah + +### 5.10 OpenC2 +- Automating the defense is a key to cybersecurity. Open Command & Control (OpenC2) is a standardized language for the command and control of technologies that provide or support cyber defenses. By providing a common language for machine-to-machine communication, OpenC2 is vendor and application agnostic, enabling interoperability across a range of cyber security tools and applications. The use of standardized interfaces and protocols enables interoperability of different tools, regardless of the vendor that developed them, the language they are written in or the function they are designed to fulfill. +- More information at https://openc2.org/ +- Answering incorrectly loses points and you remain paused until you answer correctly. +- Answering correctly gets you points and a ‘C2’ powerup which allows you to ‘command & control’ one block (and if you answer enough OpenC2 questions, an entire quadblock) to put where you want + +### 5.11 Phoenix +- Phoenix is a web development framework written in Elixir which implements the server-side Model View Controller (MVC) pattern. Phoenix provides the best of both worlds - high developer productivity and high application performance. It also has some interesting new twists like channels for implementing realtime features and pre-compiled templates for blazing speed. The 'let it fail' philosophy of the underlying OTP ecosystem makes it easier to design in both reliability and security. +- More information on Phoenix Framework at https://www.phoenixframework.org/ +- More information on Elixir at https://elixir-lang.org/learning.html +- More information on OTP at https://grox.io/language/otp/course and https://youtu.be/NYkwvVKlbU8 +- More information on Erlang Ecosystem Foundation at +- Answering incorrectly loses points and you remain paused until you answer correctly +- Answering correctly gets you points may get a ‘Rebirth’ powerup removing all blocks but keeps your score (and crediting points for the blocks removed), or may get you a ‘reliability’ powerup which "corrects" the vulnerable ‘black block’ into normal removable blocks. + +### 5.12 Risk +blah blah + +### 5.13 SBOM +- Software Bill of Materials is a critical element in supply chain risk management for both licenses and for vulnerabilities. It is also useful for software architecture (who needs 10 different modules with 27 different versions – all to perform the same function). +- More information at https://www.ntia.gov/sbom +- Answering incorrectly loses points and you remain paused until you answer correctly. +- Answering correctly gets you points and a ‘bomb’ powerup which allows you to ‘blow up’ one block (and if you answer enough SBOM questions, blow up an entire row) + +### 5.14 STIX +blah blah + +### 5.15 Supply Chain +- This is the supply chain sandbox so obviously everything is about supply chain. +- Questions in this section are historical and misc. +- Answering incorrectly loses points and you remain paused until you answer correctly +- Answering correctly gets you points. + diff --git a/lib/quadblockquiz/qna.ex b/lib/quadblockquiz/qna.ex index 204f9866..b0b5f2bc 100644 --- a/lib/quadblockquiz/qna.ex +++ b/lib/quadblockquiz/qna.ex @@ -108,8 +108,10 @@ defmodule Quadblockquiz.QnA do score |> String.trim() - |> String.split("-", trim: true) - |> Enum.map(fn score -> score |> String.trim() |> String.split(":") |> List.to_tuple() end) + |> String.split("- ", trim: true) + |> Enum.map(fn score -> + score |> String.trim() |> String.split(":") |> List.to_tuple() + end) |> Map.new() nil -> diff --git a/lib/quadblockquiz_web/live/tetris_live.ex b/lib/quadblockquiz_web/live/tetris_live.ex index b16febac..c17669f6 100644 --- a/lib/quadblockquiz_web/live/tetris_live.ex +++ b/lib/quadblockquiz_web/live/tetris_live.ex @@ -1093,7 +1093,7 @@ defmodule QuadblockquizWeb.TetrisLive do defp right_points(socket) do # points for right answer %{"Right" => points} = socket.assigns.qna.score - {points, _} = Integer.parse(points) + {points, _} = points |> String.trim() |> Integer.parse() # multiplier for # blocks correct_answers = socket.assigns.correct_answers mult = Scoring.question_block_multiplier(correct_answers) diff --git a/lib/quadblockquiz_web/templates/layout/root.html.heex b/lib/quadblockquiz_web/templates/layout/root.html.heex index d388b79e..348708b6 100644 --- a/lib/quadblockquiz_web/templates/layout/root.html.heex +++ b/lib/quadblockquiz_web/templates/layout/root.html.heex @@ -75,7 +75,7 @@ diff --git a/lib/quadblockquiz_web/templates/layout/tailwind.html.heex b/lib/quadblockquiz_web/templates/layout/tailwind.html.heex index 6055bd64..e091bb06 100644 --- a/lib/quadblockquiz_web/templates/layout/tailwind.html.heex +++ b/lib/quadblockquiz_web/templates/layout/tailwind.html.heex @@ -69,7 +69,7 @@