This section contains some details about some CMS internals. They are mostly meant for developers, not for users. However, if you are curious about what’s under the hood, you will find something interesting here (though without any pretension of completeness). Moreover, these are not meant to be full specifications, but only useful notes for the future.

Oh, I was nearly forgetting: if you are curious about what happens inside CMS, you may actually be interested in helping us writing it. We can assure you it is a very rewarding task. After all, if you are hanging around here, you must have some interest in coding! In case, feel free to get in touch with us.

RPC protocol

Different CMS processes communicate between them by mean of TCP sockets. Once a service has established a socket with another, it can write messages on the stream; each message is a JSON-encoded object, terminated by a \r\n string (this, of course, means that \r\n cannot be used in the JSON encoding: this is not a problem, since new lines inside string represented in the JSON have to be escaped anyway).

An RPC request must be of the form (it is pretty printed here, but it is sent in compact form inside CMS):

  "__method": <name of the requested method>,
  "__data": {
              <name of first arg>: <value of first arg>,
  "__id": <random ID string>

The arguments in __data are (of course) not ordered: they have to be matched according to their names. In particular, this means that our protocol enables us to use a kwargs-like interface, but not a args-like one. That’s not so terrible, anyway.

The __id is a random string that will be returned in the response, and it is useful (actually, it’s the only way) to match requests with responses.

The response is of the form:

  "__data": <return value or null>,
  "__error": <null or error string>,
  "__id": <random ID string>

The value of __id must of course be the same as in the request. If __error is not null, then __data is expected to be null.


Setting the backdoor configuration key to true causes services to serve a Python console (accessible with netcat), running in the same interpreter instance as the service, allowing to inspect and modify its data, live. It will be bound to a local UNIX domain socket, usually at /var/local/run/cms/service_shard. Access is granted only to users belonging to the cmsuser group. Although there’s no authentication mechanism to prevent unauthorized access, the restrictions on the file should make it safe to run the backdoor everywhere, even on workers that are used as contestants’ machines. You can use rlwrap to add basic readline support. For example, the following is a complete working connection command:

rlwrap netcat -U /var/local/run/cms/EvaluationService_0

Substitute netcat with your implementation (nc, ncat, etc.) if needed.