Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

5th Underhanded C Contest Now Open

CmdrTaco posted more than 4 years ago | from the i-c-what-you've-done-there dept.

Programming 162

Xcott Craver writes "The next Underhanded C Contest has begun, with a deadline of March 1st. The object of the contest is to write short, readable, clear and innocent C code that somehow commits an evil act. This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field. The prize is a gift certificate to ThinkGeek.com."

cancel ×

162 comments

Sorry! There are no comments related to the filter you selected.

Watch list? (4, Funny)

girlintraining (1395911) | more than 4 years ago | (#30596256)

This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

All participants will also receive complimentary cavity-searches at airport checkpoints.

Re:Watch list? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30596394)

Fuck religion religion is stupid science is god there that should get me some good karma.

Re:Watch list? (3, Funny)

RichardJenkins (1362463) | more than 4 years ago | (#30596688)

Uh-oh, looks like you got missed out the punctuation and got the words in the wrong order! You clearly meant:

God, is stupid science there? Is that religion? Get some religion! Karma should fuck me good.

Yeah, that makes more sense.

Re:Watch list? (0, Troll)

clang_jangle (975789) | more than 4 years ago | (#30596758)

Oooh! Let me try one:

God is. Stupid science! There -- Is that religion? Get some! Religion, karma should... Fuck me good!

NEW YEARS WARNING (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30596816)

I was once kiolled by a drunk driver that was having a lot of booze and he told me that he was not quite impaired by i believed him anyway and knew better but whent in his car with him and then he started driving everywhere like a crazy man ( like ozzy osborn) but was really more impaired than i originally thought in the first place and well he ended up driving real fast and there were some people flashing their lights at him but that made him only want to speed up and i told him to slow down but he didnt like me critizicng his type of driving and therefore sped up a little more and then we encountered this other drunk driver or driver on some sorts of drugs and he started weaving in front of us and we lost him but later came back in contact with him later on in the night when he hit us at an intersection after everyone in the town had sobered up and killed me resulting in the picture above which just goes to show that not every traffic fatality involves alcohol but in reality it can involve a lot of factors such as safety and precautions that must be met like treating trarffic lights like four way stops when there is snow going everywhere as is in the case with the midwest at this point with their led's lights and all.

Re:NEW YEARS WARNING (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30597322)

I was once kiolled by a drunk driver

Hey, me too! But I got better.

Re:NEW YEARS WARNING (0, Offtopic)

ex_ottoyuhr (607701) | more than 4 years ago | (#30599064)

A kioll once bit my sister...

Re:Watch list? (4, Funny)

w0mprat (1317953) | more than 4 years ago | (#30596914)

This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

I am certain that this is already a feature of existing luggage routing software.

Re:Watch list? (0)

girlintraining (1395911) | more than 4 years ago | (#30596996)

I am certain that this is already a feature of existing luggage routing software.

It's not a misfeature, it's a Bohr bug [catb.org] .

Re:Watch list? (3, Funny)

Anonymous Coward | more than 4 years ago | (#30597900)

Yes, especially if the word "fragile" or "valuable" is in the comment field.

Re:Watch list? (5, Insightful)

markkezner (1209776) | more than 4 years ago | (#30597106)

Funny, but you've got a point. What would a potential employer think when, upon googling your name, they learn that you're so good at hiding malicious code that you won a contest for it. Would you hire that guy?

It's not worth the $100 gift certificate.

Re:Watch list? (4, Insightful)

Applekid (993327) | more than 4 years ago | (#30597374)

Would you hire that guy?

Definitely, but maybe for QA or as a Code Review consultant. Of course, I'm assuming that the winner of the contest would also be clever enough to detect hidden maliciousness in others' code.

Re:Watch list? (1)

SamAdam3d (818241) | more than 4 years ago | (#30597390)

You think any of these guys are going to submit with their real names? Nah, they'll spend the extra 10 minutes to come up with a super-sweet hacker name.

Re:Watch list? (1, Funny)

Anonymous Coward | more than 4 years ago | (#30598306)

You mean like zerocool?

Re:Watch list? (1)

Razalhague (1497249) | more than 4 years ago | (#30598708)

Crash Override is much cooler. Though I'm also partial to Cereal Killer.

Re:Watch list? (0)

Anonymous Coward | more than 4 years ago | (#30597434)

yes it is. Dude, that's like 3 sets of buckyballs.

Re:Watch list? (0, Offtopic)

girlintraining (1395911) | more than 4 years ago | (#30597758)

Funny, but you've got a point.

The best humor also makes a good point. Thanks for noticing.

Re:Watch list? (1)

FenwayFrank (680269) | more than 4 years ago | (#30597324)

All participants will also receive complimentary cavity-searches at airport checkpoints.

Second prize: two of them.

Re:Watch list? (1)

Ksevio (865461) | more than 4 years ago | (#30597784)

Why? My teeth are fine!

Re:Watch list? (1)

the_fat_kid (1094399) | more than 4 years ago | (#30598180)

more like a complimentary DMCA take down for reproducing the current system.
I mean, realy, isn't this what it does now?

This sounds familiar to, (-1, Flamebait)

Icegryphon (715550) | more than 4 years ago | (#30596348)

The International Obfuscated C Code Contest [ioccc.org] .
If anyone can do something underhanded and make it compile it is a C programmer.
Of course if VB was an actual programming language you could say the same thing.

Re:This sounds familiar to, (0, Insightful)

Anonymous Coward | more than 4 years ago | (#30596420)

Yes, because no one but a C programmer could ever do such a thing. Fuck you.

Re:This sounds familiar to, (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30596730)

IOCC rocks!

korn.c [ioccc.org] is a good example, probably one of the best one-liner programs I have seen.

Re:This sounds familiar to, (1)

bigg_nate (769185) | more than 4 years ago | (#30597300)

Care to explain what it does? I read the hints and still have no clue what 'unix' is, and gcc and cc on my machine give compilation errors.

Re:This sounds familiar to, (0)

Anonymous Coward | more than 4 years ago | (#30597634)

#define unix 1

Re:This sounds familiar to, (0)

Anonymous Coward | more than 4 years ago | (#30597738)

'unix' is a preprocessor constant:

#define unix 1

(It should be defined like that on unix/linux systems)

Another important thing to know is how the compiler gets the address of an array element. Consider the following piece of code:

char a[] = {0,1,2,3};
printf("%d\n", a[1]);
printf("%d\n", 1[a]);

The two printf lines will do exactly the same (output is '1', the second array element). That's beceause the compiler just takes the address of the array 'a' and adds an offset (1) to get the address of the actual array element. The compiler doesn't care which one is the offset, and which is the base address.

Once you got that, the rest of the code should become clear sooner or later. The actual output of the program is just 'unix' followed by a newline (012 octal). Don't get confused... the 'un' part for example is from "fun" ;-)

I hope I gave enough hints...

ps: sorry for the missing 'C' in the previous comment

Re:This sounds familiar to, (1)

bigg_nate (769185) | more than 4 years ago | (#30598010)

'unix' is a preprocessor constant:

#define unix 1

(It should be defined like that on unix/linux systems)

Ah, that's exactly what I was missing. Thanks!

Re:This sounds familiar to, (0)

Anonymous Coward | more than 4 years ago | (#30598212)

http://otbits.blogspot.com/2009/06/ioccc-best-one-liner.html

Re:This sounds familiar to, (0)

Anonymous Coward | more than 4 years ago | (#30598398)

It prints out the word "unix".

Re:This sounds familiar to, (1)

JeffAMcGee (950264) | more than 4 years ago | (#30599176)

Isn't it obvious? It prints the string "unix\n".

Re:This sounds familiar to, (5, Funny)

Anonymous Coward | more than 4 years ago | (#30597094)

I was going to say, don't forget Perl programmers, but then I remembered the legibility requirement.

Re:This sounds familiar to, (1)

Ukab the Great (87152) | more than 4 years ago | (#30598516)

The Perl programmers weren't forgotten, just implicitly passed in.

Totally opposite (4, Informative)

SuperKendall (25149) | more than 4 years ago | (#30597264)

The true "Underhanded" program would be one that was perfectly readable, so readable in fact that you totally overlook the sneaky thing it was doing because what you think it's doing seems so clear.

The ObsfuC contest is all about code that even after staring you can't tell what the heck is going on.

Not fair! (3, Funny)

Anonymous Coward | more than 4 years ago | (#30596424)

Someone who works at any major airline can just submit the real production code they use for luggage routing and win the contest for sure!

Re:Not fair! (4, Funny)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#30596634)

Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?

Re:Not fair! (1)

BrokenHalo (565198) | more than 4 years ago | (#30596858)

What are the odds that any of the airline production code meets that description?

How it's written probably doesn't matter. Heathrow Airport has almost certainly patented the invention, and will go after the winner(s) of the competition with every platoon of lawyers at its disposal.

Re:Not fair! (2, Interesting)

girlintraining (1395911) | more than 4 years ago | (#30597176)

Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?

Depends on the function -- if it's mission critical, you bet your ass it'll be documented and readable. Considering that most ATC technical failures are hardware, not software-based, that should say something. The problem is that while the code is quite well-documented, few people are left with the training or understanding of it to port it to newer systems, and it's not like they can ground all flights for a week to do an upgrade. So we're left with mainframes that were out of date in the 70s being used today being used in critical infrastructure.

On the other hand, the code in applications used at the ticket counter and security checkpoints... not so much.

Re:Not fair! (1)

PPH (736903) | more than 4 years ago | (#30599134)

The problem is that while the code is quite well-documented, few people are left with the training or understanding of it to port it to newer systems,

Because its written in COBOL, and when any new analysis/developers come in and suggest porting it to something else, all the geezers clutch their hearts and moan.

We've had tools to reverse engineer, document and port code from practically any language to any other for years (a decade in cases I'm familiar with, actually). There's no excuse for keeping dead languages or platforms around any longer.

and it's not like they can ground all flights for a week to do an upgrade.

Nobody just pulls the plug on an old system, rolls in a new one and says, "Boy, I hope this will work!" Even for non mission critical systems. There are numerous methods for running commissioning tests, parallel checkouts, etc. that one can use to make changeovers seamless. The claim that a changeover will require a shutdown and cause chaos is usually an argument the geezers make when someone threatens to take their old mainframe away.

Re:Not fair! (1, Funny)

Anonymous Coward | more than 4 years ago | (#30597294)

Not to mention that their production code is probably written in COBOL. And that wouldn't be fair - everything written in COBOL is underhanded.

Re:Not fair! (1)

Reziac (43301) | more than 4 years ago | (#30598292)

include airport.c
baggage==random();

Something like that?

(IANAP, obviously :)

Re:Not fair! (3, Insightful)

derGoldstein (1494129) | more than 4 years ago | (#30599202)

Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?

Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any software written in C meets that description?

There, fixed.

Re:Not fair! (2, Interesting)

Skater (41976) | more than 4 years ago | (#30599162)

Does anyone else remember the new Denver Airport's original luggage system? This system singlehandedly delayed the airport's opening for over a year [wikipedia.org] . Eventually the airport retrofitted a standard baggage moving system. If someone has access to the code of the original system, they could easily submit that.

Wait a sec... (4, Funny)

Anonymous Coward | more than 4 years ago | (#30596438)

| This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

What, we actually need to write code for something that happens by nature?

Re:Wait a sec... (4, Funny)

bcong (1125705) | more than 4 years ago | (#30597524)

the current method of writing in:
"Package Handler,
Customer was an asshat...you know what to do"
was starting to get noticed

Re:Wait a sec... (0)

Anonymous Coward | more than 4 years ago | (#30598200)

Updated to:
"Fragile: please handle with care"

It's only triggered with the "please" part included :-)

Re:Wait a sec... (1)

derGoldstein (1494129) | more than 4 years ago | (#30599146)

What, we actually need to write code for something that happens by nature?

Their logic is sound:
Code written not to make this mistake will make it. How do you solve the problem? Write code that does make the mistake. The resulting software will then, logically, avoid making the mistake.

Why not, I suppose. (0)

Anonymous Coward | more than 4 years ago | (#30596452)

This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

Eh, why re-invent the wheel? The software already in use does a good enough job of that already.

Easy? (1, Interesting)

Monkeedude1212 (1560403) | more than 4 years ago | (#30596524)

Public Static String default_Address = "1600 Pennsylvania Ave NW, Washington, DC 20500, USA" --- hide this somewhere

Private Sub Void Route_Bagggage(bag b)
{
if (comment.text == NULL)
{
b.destination = default_Address
}
else
{
b.destination = comment.text
}
}

Or do I have to make it slightly more deceptive?

Re:Easy? (5, Informative)

Anonymous Coward | more than 4 years ago | (#30596638)

*Way* more deceptive. The default value for the destination field? It's supposed to look innocent - an innocent program would note that you left out a destination and prompt you to enter one. Any basic debugging done by someone else would turn this up. What they want is for you to leave a "comment" like "this package is top-heavy" (in a field designed for such comments) that changes the destination, but in a way such that someone reading the source code wouldn't realize anything was happening at all much what that you were changing the destination. Also such that whoever entered the text wouldn't obviously be at fault.

Re:Easy? (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#30596852)

LoL - I know.

But wouldn't that be as easy as testing for whatever the secret comment is (for example, top-heavy) - when that's true, set off a top heavy flag (boolean). Then go somewhere towards the end of the Example, for example the final routing stages, where the destination has already been set by the clerk and confirmed it - and alter the shipping address that way? Like say the overview stage where they clerk reviews all the information, then submits it.

I mean - to me, I cannot think of a single scenario where someone going through with a debugger won't be able to catch this on their first shot. Just put a watch on the destination values, and step over/through until one or more changes. Since its likely a large infrastructure, with thousands of lines of code, thats why I say sneak it in towards the end, since no one is going to want to step through the WHOLE process.

Code Review vs. Debugger (1)

SuperKendall (25149) | more than 4 years ago | (#30597206)

The point of something like "Underhanded C" would be more about hiding something from a code review than GDB. That code would easily trigger red flags in a code review...

Re:Easy? (1)

travdaddy (527149) | more than 4 years ago | (#30597492)

Yeah, sounds like that second one would fulfill the requirements. Unlike a lot of other tech contests like the X Prize and Netflix, I don't think the contest is meant to stump a lot of the competition. So, the question becomes whether or not the code is simple enough and underhanded enough to be the absolute best out of however many hundreds of entries there will be.

Re:Easy? (1, Informative)

Anonymous Coward | more than 4 years ago | (#30597832)

You're still missing the point. Yes, it would be really easy to make a program that changes the destination based on a particular value in the comment field. It would also be really easy to see that someone did that. What is difficult (and worthy of a contest) is changing the destination based on a particular value in the comment field in such a way that a simple debugging wouldn't find it (assuming they don't know what the secret comment is in advance).

Properly done there would be no boolean indicating the presence of the comment, and the value of "Destination" might never change. Instead at the end there would be some code that verified that all fields were properly formatted and send them to the printer, and some clever code at this point would subtly change what was outputted as the destination based on the contents of a particular comment field. Maybe some combination of the conditional operator and regular expressions would allow you to cleverly add 1 to all numbers in the destination if some condition is true, such that "1234 main street" becomes "2345 main street". (Something more clever then "comment == 'top-heavy'", based on regular expressions and/or hashes)

But yea, doing it such that not only can nobody tell what's happening but such that they don't know *anything* is happening is difficult. That's why it's a contest.

Re:Easy? (1)

aztracker1 (702135) | more than 4 years ago | (#30598240)

Well, if you have special comment categories from an enum, then you could have a switch/case statement that does a few things, where the comment inspection could seem less obvious... HandleComment(enum comment1, string comment2, string comment3) { switch(comment1) {... case myenum.sizeRestriction: if (comment2 == "top heavy") this.RouteToFrontOfPlane(); ... } RouteToFrontOfPlane() { this.DelayLoading(); this.PushToFront(); } ... with DelayLoading() making one change, then PushToFront() doing another, the combination of would route out the package to a bad location. Inspecting any of the above would be fairly innoculous, and innocent looking... But it would only be the original code path that would cause the issue to present itself.

Not a difficult challenge at all really. Of course I make a habbit of sniffing out thread-safety issues in the code I work on.

Re:Easy? (1)

Bandman (86149) | more than 4 years ago | (#30597488)

I'm thinking the best way would be an overflow in an array that flips the most significant digit of the target zip code. But I'm not a coder, so someone else can steal my idea.

Re:Easy? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30597752)

In other words, you need to replace an == with an = in just the right location (or vice versa) so that while it looks like you're doing a sanity check, you're actually assigning a stealth variable.

To make it even better, you need to set it up so that this causes a buffer overflow, and you're actually overwriting another variable. THEN, you go back and do a sanity check on the original value which corrects the mistake caused by the ==/= replacement. That way, someone sees the mistake, but sees that it is properly handled and doesn't think twice about it.

Meanwhile, the adjacent address field has just been overwritten, and unless you're checking for overflows, you're unlikely to notice, unless you've already isolated the variable in a debugger. However, in this case, you're going to catch it no matter what... unless it's the pointer that gets overwritten and while you're watching the variable, it just doesn't get called anymore (even though the code implies that it does).

Sounds like fun :)

Re:Easy? (0)

Anonymous Coward | more than 4 years ago | (#30599374)

How about a hash code selecting the destination? The problem would be how to make the hash function depending of the comment field. Perhaps a buffer overflow could do it.

Re:Easy? (4, Funny)

Tyler Durden (136036) | more than 4 years ago | (#30597778)

C motherfucker, do you speak it?!

Re:Easy? (1)

Hurricane78 (562437) | more than 4 years ago | (#30597854)

Yeah. You easily failed! ^^

The whole point of the contest is, that there is no “hide somewhere”. All the code must pass an inspection and look reasonable.

BAE Automated was just too early (0)

Anonymous Coward | more than 4 years ago | (#30596528)

They wrote the right software for Denver International's baggage handling system, but just a tad too soon and in the wrong place!

A challenge? (1, Funny)

Anonymous Coward | more than 4 years ago | (#30596544)

It seems like this has already been done and is in use at airports worldwide.

Possibilities (3, Interesting)

Rei (128717) | more than 4 years ago | (#30596546)

I don't have the time for something like this, but it seems to me a good possibility would be to have all of your inputs that the clerk fills out be contiguous in memory, including the destination, have the algorithm to figure out what destination to go to scan through the whole destination string looking for matches (rather than looking for an exact match) and taking the last one it finds, and have a broken bounds check for the length of that string so that the algorithm looks into the comments section as well.

So, for example, if the clerk fills out the destination as "LAX" but writes in the comments section, "Do not confuse his bags with those owned by CID who is also going to a different final destination; they're very similar looking.", the bags would be routed to Cedar Rapids (CID) instead of Los Angeles (LAX).

Re:Possibilities (2, Interesting)

j-stroy (640921) | more than 4 years ago | (#30597480)

It could be hidden in piece of user interface that todays systems are full of, the extra clicks and bells that no one needs, but some client or marketing weenie will never give it up.. overwrite the destination with the first bytes of an audio file with some misdirection.
Example [ex-designz.net] on this page

Re:Possibilities (2, Interesting)

bberens (965711) | more than 4 years ago | (#30597748)

I could see this... have the front-end and back-end communicate over a socket or something and have a simple delimited message format where someone could alter the results by using a sql-injection style attack on your parser. That way, at least, the input has to be somewhat complex, but the code could look very innocent.

Re:Possibilities (1)

bonkeydcow (1186443) | more than 4 years ago | (#30598052)

This is the method I would use, I was already thinking this before I read your post. I'm sure this method will be implemented a lot.

Candy from a baby (1)

oldhack (1037484) | more than 4 years ago | (#30596550)

I've got this nailed. But do you have to know in advance the mystery input combo? I could never figure that out before I throw it over to QA.

Re:Candy from a baby (1)

Eberlin (570874) | more than 4 years ago | (#30596700)

I wrote an experimental javascript blackjack prog where if I type in "upupdowndownleftrightleftrightBASTARD" I always win. Seemed like a good, easy to remember input combo. :)

For Slashdot Lamerz: (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30596596)

"write short, readable, clear and innocent C code"

1. None of the above adjectives apply to C.

2. The deadline is actually April 1, not March 1, 2010 for the idiots who would participate in such a waste of time.

Yours In Ashgabat,
Kilgore Trout

Re:For Slashdot Lamerz: (0, Offtopic)

oodaloop (1229816) | more than 4 years ago | (#30596822)

Hey thanks, Kilgore. Way to out yourself as an AC troll.

Re:For Slashdot Lamerz: (1)

LOLLinux (1682094) | more than 4 years ago | (#30596864)

Way to out yourself as an AC troll.

You just figured this out? He's been posting as an AC troll for ages.

Re:For Slashdot Lamerz: (1)

oodaloop (1229816) | more than 4 years ago | (#30599388)

I must be new here.

Re:For Slashdot Lamerz: (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#30596874)

"write short, readable, clear and innocent C code"

1. None of the above adjectives apply to C.

See, thats why its a contest. It has nothing to do with the scenario.

Re:For Slashdot Lamerz: (1)

Arancaytar (966377) | more than 4 years ago | (#30597054)

None of the above adjectives apply to C.

Well, that's the challenge. The misrouting part is easy.

(I'm only partly kidding. :P )

Contest or Job Posting? (5, Funny)

Anonymous Coward | more than 4 years ago | (#30596672)

a luggage routing program that mysteriously misroutes a customer's bag

sounds like Delta is looking for new programmers

Re:Contest or Job Posting? (4, Funny)

Sebilrazen (870600) | more than 4 years ago | (#30597070)

No, that challenge would have random 3 hour tarmac waits generated too.

Re:Contest or Job Posting? (0)

Anonymous Coward | more than 4 years ago | (#30599390)

No, that challenge would have random 3 hour tarmac waits generated too.

3-hour delays flying into or out of ATL are about a random as a sunrise.

I used to fly DL at lot, but gave up on them after one too many "Atlanta Olympics": trudging between 3 or 4 gates on concourses 20-minute train rides apart, trying to find my flight.

I'm really impressed (4, Informative)

troll8901 (1397145) | more than 4 years ago | (#30597058)

I've read the entire blog, and I must say, I'm impressed. Very impressed. Very, very impressed.

The person who writes the criteria knows what he's/she's writing about.

And the winners who submit the results are really, really good.

Re:I'm really impressed (5, Interesting)

troll8901 (1397145) | more than 4 years ago | (#30597588)

Here's some points I'd like to highlight, from the 2008 Winners.

  • Linus Akesson: The BYTESPERPIXEL macro "gives the false impression that the code intelligently supports higher bit widths" but actually "causes the 8-bit case to leak information into the file" (by exploiting a buffer overflow). ... (thus allowing wiped image data to be reconstructed.)
  • Avinash Baliga: The ExpectTrue macro overwrites the image mask (by exploiting a buffer overflow), allowing two bits to survive the wiping, (thus allowing wiped image data to be reconstructed). Furthermore, the evil behavior is concealed in an innocent-looking error checking macro.
  • John Meacham: (Winner) The code is "extremely simple, innocent, obvious" ... and devious. "Low-intensity pixels are replaced with a ‘0, and high-intensity pixels replaced with a ‘00 or a ‘000" ... (thus allowing wiped image data to be reconstructed.)

All I can say is, Wow.

Re:I'm really impressed (1)

spydum (828400) | more than 4 years ago | (#30598488)

I also started looking up past winners, Johns explanation/justification code was brilliant. I had no idea such evilness could be so cleverly concealed.

Re:I'm really impressed (3, Funny)

derGoldstein (1494129) | more than 4 years ago | (#30599254)

I also started looking up past winners, Johns explanation/justification code was brilliant. I had no idea such evilness could be so cleverly concealed.

So you're new to C?

We're sorry, Mr... (0)

Anonymous Coward | more than 4 years ago | (#30597060)

I. C. Weener, we seem to have misplaced your luggage.

For extra points: (4, Funny)

w0mprat (1317953) | more than 4 years ago | (#30597134)

For extra points submit this to your favourite open source project and have it accepted into the main code release - since it appears to be prefectly geniune, compiles, and can do what it appears to - it's certainly possible. Finally demonstrate your backdoor when the project is released to the wild.

If you manage to get this into the GNU/Linux Kernel, you get a job at the NSA.

Write short, readable, perfectly innocent looking C code, that somehow commits an evil act under certain circumstances.

Re:For extra points: (3, Funny)

Nemyst (1383049) | more than 4 years ago | (#30597494)

Well, Linux already allows you to install Windows...

Re:For extra points: (1)

selven (1556643) | more than 4 years ago | (#30597878)

I always thought Windows, including the Python interpreter, was written in Python?

Re:For extra points: (0)

Anonymous Coward | more than 4 years ago | (#30598662)

Are you inferring Windows is short, readable, and perfectly innocent?

Re:For extra points: (1)

nschubach (922175) | more than 4 years ago | (#30598830)

Well, it does have "cool effects" (readable) and "was rewritten from the ground up to be fast and light" (supposedly short) while maintaining the normal Windows work flow (innocent.) /sarcasm

Re:For extra points: (1)

Hurricane78 (562437) | more than 4 years ago | (#30597914)

But what project accepts code as specialized on a specific task as this?
Is there such a do-all software?

Oh, wait... there’s Emacs, of course! ^^

Re:For extra points: (1)

Rigrig (922033) | more than 4 years ago | (#30598046)

Might raise a few eyebrows though:

*) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
          renaming to all platforms (within the 0.9.8 branch, this was
          done conditionally on Netware platforms to avoid a name clash).

*) Support for routing luggage.

*) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
          RAM on SSL connections. This option can save about 34k per idle SSL.

Re:For extra points: (0)

Anonymous Coward | more than 4 years ago | (#30598298)

If you manage to get this into the GNU/Linux Kernel, you get a job at the NSA.

No, you should write a self-reproducing 'bug' for a well-known compiler suite: Reflections on Trusting Trust [bell-labs.com]

Technology makes many things obsolete ... (1)

Krishnoid (984597) | more than 4 years ago | (#30597926)

Depending on the number of working entries, I think this guy will have to update his song [spaff.com] .

So that's what happened at DIA! (0, Redundant)

plopez (54068) | more than 4 years ago | (#30597930)

But years before the contest.

http://en.wikipedia.org/wiki/Denver_International_Airport#Automated_baggage_system [wikipedia.org]

http://users.csc.calpoly.edu/~dstearns/SchlohProject/problems.html [calpoly.edu]

The second article sounds familiar. All the warning signs of a risky project failure were there, but no one seemed to know it or pay attention.

Developers: 5th Underhanded C Contest Now Open (1)

weicco (645927) | more than 4 years ago | (#30598002)

I have a program, actually a large system, that sends boxes to different areas in warehouse depending from various aspects. Sending/transfer is done by conveyor belts and sometimes even with robots. Boxes are actual physical boxes containing food items.

It has a little defect though which I've been unable to track down. Sometimes when it tries to send box to place A the box is actually found in place B but the UI tells that it is located in places C and D, which of course is impossibility.

Unfortunately it is not written in C. Otherwise it could a clear winner with couple of minor modifications.

Re:Developers: 5th Underhanded C Contest Now Open (1)

nschubach (922175) | more than 4 years ago | (#30598838)

If it was written in C, wouldn't the boxes in A and B overwrite it?

What happened to the obfuscated C contest? (1)

wdef (1050680) | more than 4 years ago | (#30598714)

This is way cool, yes. But I miss the obfuscated C contest which was also way cool eg in terms of discovering legal features of the language that probably should never get used LOL. What happened to it?

Re:What happened to the obfuscated C contest? (1)

shutdown -p now (807394) | more than 4 years ago | (#30599240)

What happened to it?

Slashdot covered this [slashdot.org] .

Useless use of Cat (1)

Saint Stephen (19450) | more than 4 years ago | (#30598958)

Doesn't the example on the contest page qualify as Useless Use of Cat?

i.e., shouldn't this line:
cat luggage.dat | ./lug UA129086 - - -

be this: ./lug UA129086 - - - http://en.wikipedia.org/wiki/Cat_(Unix)#Useless_use_of_cat

Re:Useless use of Cat (1)

Xcott Craver (615642) | more than 4 years ago | (#30599222)

It is indeed a terribly redundant use of cat, but not useless: it makes it easier to read, by placing the command line invocation by itself at the end of the line.

Been There, Seen it, Done it... (0)

Anonymous Coward | more than 4 years ago | (#30599192)

You all remember London Heathrow Terminal 5 don't you?!

My Entry (0)

Cruxus (657818) | more than 4 years ago | (#30599300)

if (strcmp(entry->description, "lose luggage") == 0) { loseLuggage(entry); } (It's been awhile since I've done anything vaguely C.)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?