Obfuscated Vote Counting Contest

Daniel Horn writes "In a flash of inspiration coming from the Obfuscated C code contest and the current E-voting scandals, I wondered if there shouldn't be a similar code obfuscation contest based on obfuscating voting results, that is, C code that appears correct but does the wrong thing when counting votes. Submit your obfuscated vote-counting code now, and the two winners will be selected on November 2 and will receive a free Vega Strike CD. Obviously incorrect code, however, is not welcome."

I WIN!

[AmigaAvenger]

Quick, someone post some of the Diebold voting machine code, you certainly will have a winner in there!

Re:I WIN!

[qube99]

10 print "KERRY WINS!" 20 goto 10

Re:I WIN!

[anonymous+cowherd+(m]

Did anyone notice the irony in the fact that the email address for submissions is dyebold@gmail.com? LOL.

Re:I WIN!

#include <stdio.h>

enum {
BUSH;
KERRY;
NADER;
YADA_YADA;
} Candidates;

int main (int argc, char **argv)
{
FILE *fd;
int c;
int bush = 0, kerry = 0, nader = 0, yada_yada = 0;

fd = fopen("ballots.str");
while ((c = getc(fd)) != EOF) {
switch (c) {
case BUSH:
bush += 1;
break;
case KERRY:
kerry += 1;
break;
case NADER:
nader += 1;
break;
case YADA_YADA:
yada_yada += 1;
break;
}
}

printf("And the winner is BUSH!\n", w);

return 127;
}

Re:I WIN!

[Phillup]

You gotta do it right (like... FAR right ;-))

switch (c) {
case YADA_YADA:
yada_yada += 1;
case NADER:
nader += 1;
case KERRY:
kerry += 1;
case BUSH:
bush += 1;
}

That will more likely pass the "first glance" test... and give the big guys the numbers they "deserve".

And, I'm sure Bush would believe he really does have that much more "support" from "his" citizens than Kerry.

Re:I WIN!

[SamBeckett]

I believe you sir are confused. Bush would only have the majority of votes in your statement, if he did, in fact, have the majority to begin with.. If he were at the top of the switch statement, then your assertions would be correct.

Re:I WIN!

Yeah, it's like goldy and bronzy, only made of iron!

Re:I WIN!

It's C/C++; cases fall through. Read it again.

Re:I WIN!

[vikingpower]

Yup. No DEFAULT case. Frequent beginner's error. This would most likely go unnoticed, as

1) this code looks "serious", "well-done" ( the code seems to do its job, nothing more and nothing less, at first glance )

2) many coders, even advanced / experienced, do not always bother to write DEFAULT cases.

Re:I WIN!

[Fjornir]

You're missing something more important than a default case.

Re:I WIN!

[00420]

It has nothing to do with default case. It has to do with the lack of breaks.

Read it again. A vote for kerry means both kerry and bush get a vote. A vote for nader means nader kerry and bush get a vote.

Re:I WIN!

[simcop2387]

this has nothing to do with default cases
this has to do with no breaks this causes the code to continue on to the next case even though you think it might not, this makes a vote for kerry or anyone else also count for bush

Re:I WIN!

[keesh]

Heh. See, idiots like you who think they know how to program but don't are the reason stuff like this is possible.

Re:I WIN!

[Tony-A]

It's not the DEFAULT, it's the fall-through.
This is one case where the lack of goto's is harmful.

The body is
yada_yada += 1;
nader += 1;
kerry += 1;
bush += 1;

The cases just determing where the stream is joined.
Anytime nader gets a vote, kerry and bush also get a vote.
Anytime kerry gets a vote, bush gets a vote.

None of the above will fail to register, with or without a DEFAULT.

Re:I WIN!

[iamacat]

Yeah, this should be addressed right away!

int bush = 0, kerry = 0, nader = 0, yada_yada = 0, l = 0;

fd = fopen("ballots.str");
while ((c = getc(fd)) != EOF) {
switch (c) {
case BUSH:
bush += l;
break;
case KERRY:
kerry += 1;
break;
case NADER:
nader += 1;
break;
case YADA_YADA:
yada_yada += 1;
break;
default:
l++;
}
}
printf("Bush %d, Kerry %d, Nader %d, YY %d, Other %d\n",
bush, kerry, nader, yada_yada, l);

Re:I WIN!

[Bloody+Twit]

C'mon. Don't allow a programming semantics issue to impede a Bush-bashing thread!

Re:I WIN!

[John+Courtland]

Why is this interesting? Any case that gets called besides one that does not exist will still add 1 to Bush's score.

switch (iVote)
{
case KERRY: iKerry++;
case BUSH: iBush++;
}

In this small control block, unless (iVote != KERRY) && (iVote != BUSH), Bush will never lose. I hope you don't code for a living.

Re:I WIN!

[crywolf]

And in election news, a record 117% of the nation's registered voters went out and voted.

Re:I WIN!

[NoMercy]

It falls down because you add up the votes at the end and find 100% of the US population voted for bush, and 50% voted for Kerry... wow that's some population boom :)

Re:I WIN!

[arkanes]

It's pretty easy to write code like this (not this simple, of course), but the harder part is actually getting away with it in an election. You'd want something a lot more intelligent, like only swinging close votes. Your code will also generate more votes than voters, another no-no. Hiding the more complicated logic neccesary is a lot harder.

Re:I WIN!

[ryanmfw]

I think you misunderstood the point. It's *meant* to do the wrong thing.

Re:I WIN!

It doesn't look serious or well-done at all. It looks broken.

Can you let me know what your name is so that if your resume ever comes across my desk I can throw it in the trash? I really hope you don't develop software for a living.

Re:I WIN!

[recharged95]

Here's what would be a close to the hanging chad debacle, ...or is that the hanging byte debacle: long nader = 0; long bush = 0; long kerry = 0; switch (c) { case YADA_YADA: yada_yada *= 1; case NADER: nader *= 1; case KERRY: kerry += 1; case BUSH: bush *= 1; }

Re:I WIN!

[smittyoneeach]

In other words failure to use a break; statement in a C switch construct has a qualitatively similar effect to the act of writing a rather longish sentence while omitting punctuation of any sort upon a human reader.

Re:I WIN!

[JUSTONEMORELATTE]

You're missing something more important than a default case.
Aww c'mon, give the guy a break already!

--
free gmail invites -- only one left!

Re:I WIN!

[hackwrench]

I thought this was what happened:
With break
Skip to the end of the switch statement
Without break
evaluate the other cases
can someone point me to the relevant documentation?

Re:I WIN!

Here's the very first hit I got on Google when I searched for "c switch case break"

Re:I WIN!

Dear moderators: that's not flame*bait*. It's an actual *flame*.

Re:I WIN!

[Pseudonym]

So a vote for Nader is a vote for Bush, then?

Re:I WIN!

[RWerp]

Kernighan and Ritchie, "The C Language"

Re:I WIN!

[RWerp]

This is one case where the lack of goto's is harmful.

No. Goto has already happened (code is a goto statement). break, which is missing, is a return statement.

Re:I WIN!

[ddent]

It also happens to be significantly improved voter turnout.

Re:I WIN!

[aussie_a]

Doesn't work like that in C/C++. Don't believe me? Try compiling it ;) You won't get any errors and you'll see a vote for kerry == a vote for kerry and bush.

Re:I WIN!

[hackwrench]

Problem with compiling it is writing the supporting code around it.

Re:I WIN!

[aussie_a]

You're kidding right?

#include <iostream>

int main()
{
int c;
int bush = 0;
int yaddayadda = 0;
int kerry = 0;
int nader = 0;
for (int count = 0; count < 5; count++
{
switch (c) {
cin >> c;
case 0:
yaddayadda += 1;
case 1:
nader += 1;
case 2:
kerry += 1;
case 3:
bush += 1;
}
}
cout << "YaddaYadda = " << yaddayadda << endl << "Kerry = " << kerry << endl << "Bush = " << bush << endl << "Nader = " << nader << endl;
}

Oh you're right. So very hard. Took 2 mins.

Re:I WIN!

[John+Courtland]

I was replying to the guy who was calling the 'no default case' a 'beginner's mistake'. I know and the person who wrote the original statement knows that the whole point of the code was to count for Bush whenever ANY vote is processed.

Re:I WIN!

[ryanmfw]

Oops, sorry. :-)

Re:I WIN!

[hackwrench]

In VC, File, New Project...Watch the hourglass...

Damn

[antifoidulus]

I was going to submit the Diebold code till I read:Obviously incorrect code, however, is not welcome.

Gah

[Xpilot]

Is this another one of GWB's evil plots to get another fake victory? I wouldn't want to release such code out in the open. It could be used for evil...evil!

Powered by Windows?

[The+Islamic+Fundamen]

Hmm, I could hav sworn I saw a "Powered by Windows ME" on a Diebold once....

Re:Powered by Windows?

[psetzer]

Well, you must have misread. They use Windows CE. I shit you not.

Re:Powered by Windows?

[6800]

"Powered by Windows ME" ? If I gotta use windoz for something, that is my preferred version! I mean it is still supported and it ain't nt/2000/xp! Heck, I did try xp on my ABIT Athalon mirrioring motherboard and it ran like cold black strap molassis, especially at booting (it occasionally actually got all the way up and was briefly useful). Of course on that mb I am having trouble finding a Linux release that will work properly with the HPT-370A chipset, even with updated BIOS. Mandrake 9.2 tried to work and blew away all my partition table data (claiming all the while to be working with the HPT370!). Sorry if I wandered off topic a bit, vote for BUSH!

Re:Powered by Windows?

[hackwrench]

You must be missing drivers or somethng then. Windows X{ runs fine on my 600 MHZ PIII. Of course if you only have 32MB in your machine, that might have something to do with it.

I Wonder

[MarkVVV]

who would submit code before testing...if so, the person in question would be so stupid he/she shouldn't be coding at all.

And while you're hacking away...

[Machine9]

...please don't spend any time thinking about how you could do anything that might lead to a DECENT candidate for presidency being available next around.

In fact, just forget to vote alltogether, not like your vote counts, right? ;)

Re:And while you're hacking away...

[Tackhead]

> ...please don't spend any time thinking about how you could do anything that might lead to a DECENT candidate for presidency being available next around.
>
> In fact, just forget to vote alltogether, not like your vote counts, right? ;)

I dunno, I'd think that being able to hack the best-hidden trapdoor into the voting system would make your vote count for quite a bit!

STALLMAN-BALMER 2008!

Hiding...

If I were doing this, I would hide the date analysis and vote rigging in another part of the program. For example, the code used to handle the screen and menus, or the network stack.
Then, you could obfuscate a call to jump the program pointer to that part of memory directly, run a tiny bit of code that appears to deal with graphics, but does something else when called with the correct offset.
The devious would be scattered about, rather than in one single vote counting function.

Re:Hiding...

[Starji]

I wish I had more experience with code obfuscation, then I might actually submit something. Probably the poor man's way of doing this might be to copy their vote.c and then have some sort of on-the-fly vote redirector to favor one candidate. Compile it to assembly then copy the relavant portion back to the origional source code and do an inline assembly replacing the origional c code. if the assembly is especially long, it's likely nobody will be able to decode it anyway since almost nobody knows assembly anymore. Add a little more fun with some #defines at the top and you have something that's fairly obfuscated (to an untrained eye) and does what you want with the host language remaining the same. Don't know what the rules are on inline assembly though....

Re:Hiding...

[globalar]

In that same vein, I would use code which has somewhat unpredicatable and incremental behavior. It is much harder to detect code which alters data seemingly at random, and sometimes not at all.

Changing a small amount of data with minimal condition at pseudorandom intervals is practically an intentional bug. Of course, if I can expect a certain threshold of data, I might be able to add a statistical leaning into the program that favors a particular outcome. Of course, this is the point of the contest. The point is, blind trust is no trust at all.

Re:Hiding...

[Lehk228]

I just changed the memory location to output Kerrys vote count from, since the code increments array['K'] i just output array['k'], now kerry gets 0 votes and "other" gets all of his votes instead. I chose Kerry to target with the code because 'k' and 'K' are much more similar than 'b' and 'B' or 'N' and 'n'.

Re:Hiding...

I would hide my code in the parts used for assisting disabled people. My code would be triggered once every so often when a voter takes lots of time to enter a choice or when the voter uses the visually impaired asistance functions vendors have been bragging about. This way you have a high chance of cheating on an older or visually impaired voter, which means a much better chance of going unnoticed even with a voter verified paper trail...

Another good idea for cheating on the disabled, you can hide lots of stuff in an audio decompression codec with the added bonus of people not getting suspicious about highly optimized self modifing code there.

If you were very devious you could even submit your code into an opensource audio project like ogg and then base your voting software on that. Not only would code auditors be looking mostly at what code changes from the public version to the voting machine version, if they found something it would be hard to say anything about who planted it. Instand plausible denyability, another reason to be suspecious about using third party software like windows CE and the access database stuff. Ofcourse if you really want denyability you just accidentally add an exploitable security vulnarability. If it gets cought you hit yourself on the forehead asking how you could have been so stupid, if it isn`t found you go around voting stations on election day and flip some votes around.

Of course nobody would be stupid enough for their cheat code to be triggerd in the first hundred votes. Remember that story about voting machines being "tested" by entering one vote?

One other thing, with everybody talking about software, the obious way to avoid detection is to put your tricks in hardware. Remember the X-box, it has a plain x86 pc design, cpu, northbridge southbridge and bios ROM chip. The guy that first published about cracking its copy protection surprissed quite a few people with the revalation that the X-box doesn`t actually boot from the bios chip but from a bit of rom hidden inside the southbridge chip.

Re:Hiding...

Very interesting. I had not considered the human engineering side of this, hiding the devious in the code for visually impaired people is a great idea.

It would be nice if the parent was modded up.

Re:Hiding...

[lighting]

Wow, that's a great idea. But, since most people only read at +1 or higher, they won't see it.

MOD ANONOMYOUS PARENT UP!!!

~

Summary of this year's election

[Dancin_Santa]

enum Outcome
{
AMERICAWINS,
AMERICALOSES
}

int main()
{
bool voted = didYouVote();

Outcome o;

switch (voted)
{
case true:
o = AMERICAWINS;
case false:
o = AMERICALOSES;
}
return o;
}

Re:Summary of this year's election

[fossa]

AVP: No matter who wins, we lose.

Re:Summary of this year's election

[tomhudson]

More efficient code, to avoid all the suspense. It is guaranteed to return the correct outcome every time!

#define AMERICALOSES 0x00

int main() {
return AMERICALOSES;
}

Re:Summary of this year's election

[toetagger1]

Is that last line return o or return 0?

Re:Summary of this year's election

I don't know if you're trying to encourage voting or proposing code for the contest but by leaving out the "break;" in your switch statment I think you've certainly predicted the outcome of this year's elections.

Re:Summary of this year's election

[roman_mir]

So are you trying to say that no matter if you vote or not america still loses?

You need to expand on that, if say most americans vote for the Libertarian party, does america still lose? What if it's Green?

Re:Summary of this year's election

[keesh]

You're forgetting the millions of other people voting who don't understand any of the issues involved in the election.

Re:Summary of this year's election

[NSash]

No, he's not. America loses whether or not you vote according to his program. (Read the code again carefully.)

Re: Summary of this year's election

[gidds]

Erm, yes... In case you missed it, that's exactly what the original posted code will end up doing, too! (Hint: the break; statement between cases that's mysteriously absent.) And with a decent optimising compiler, it'll be just as efficient.

Re: Summary of this year's election

[jrumney]

Well, not quite. AMERICALOSES is the second value in the enumeration in the original, so it would return 0x01, not 0x00.

Patent pending

[GrAfFiT]

"C code that appears correct but does the wrong thing when counting votes"
Beware of Diebold suing you for infringing one of their patents !

hehehe free cds!

[DMJC-L]

hehehe Daniel Horn the guy who posted is the head of the vegastrike project... good guy, I've known him for about 5 years now.

last election

[WhitePanther5000]

here's the code the used during the last election:

if (strcmp(canidate,"Bush"))
bushvotes += 10;
elsif (strcmp(canidate, "Nater"))
bushvotes += 1;
elsif (strcmp(canidate, "Gore"))
gorevotes = 1;

Re:last election

[Sv-Manowar]

surely you mean if (strcmp(canidate,"Bush")) bushvotes += 100; elsif (strcmp(canidate, "Nater")) bushvotes += 10; elsif (strcmp(canidate, "Gore")) gorevotes = -100;

Re:last election

[JDWTopGuy]

Har har. First off, you misspelled "Nader". Second, your code does not reflect the outcome of the last election, which was close. Third, they didn't use digital voting either.

Hey, is that a nit over there? I gotta go.

Re:last election

[thebes]

surely you meant to use line breaks...

Re:last election

Surely you meant if(strcmp(...)==0) or !strcmp.

Re:last election

Surely you know that C and C++ don't give a damn if there are new lines and carriage returns in the whitespace or not.

Only newbie programmers use new lines and carriage returns.

Real programmers don't use new lines and carriage returns as it detracts from being able to glance at the whole program at once and immediately understand it's intent, purpose, and spot any bugs in a holistic fashion.

Re:last election

[ezzzD55J]

forgetting strcmp() returns 0 when strings match are we?

Re:last election

[reddish]

In addition to the mistakes others noticed: what's an elsif?

Re:last election

[tylersoze]

Uhh, you guys are completely missing the most important thing beyond the trivial misspellings, the code is totally wrong although it serves essentially the same purpose! It should be !strcmp. So what this code is doing is that for any candidate besides Bush it is incrementing the bushvote count by 10 and if you vote for Bush it gets counted once and Gore gets no votes! (unless you happen to vote for "Nater")

Re:last election

Ouch. I'm not sure if I can count far enough to enumerate all the bugs there..
You could have been much more subtle:

enum { GORE, BUSH, NADER } candidate;

candidate=getVotedPerson();
if (candidate=GORE) gorevotes++;
else if (candidate=BUSH) bushvotes++;
else if (candidate=NADER) nadervotes++;

Re:last election

[mrjb]

Fourth, it's called a candidate, not a canidate. Unless my American English is worse than I have come to think it is.

Re:last election

[WhitePanther5000]

try to make a point and the only thing people notice is the syntax errors... only on slashdot

Re:last election

[Electrum]

what's an elsif?

Perl or VHDL.

Re:last election

Sorry. I guess I found having 10 errors in a 6 line code snippet more amusing than the point.
But worry not, it's not like my code hadn't given all the votes to Bush either.

Re:last election

eleven. told you i can't count:)

Re:last election

[Thing+1]

My Aunt Elise++?

Re:last election

[pjt33]

A Spanish-speaking sycophant with pointy ears?

Re:last election

[Mark+J+Tilford]

What about #defines and // comments?

Nader not Nater

[masukomi]

NaDer not Nater

Nater is a Basketball player, Nader is a presidnetial candidate.

Re:Nader not Nater

[The+Islamic+Fundamen]

didnt you also forget a + sign somewhere?

Re:Nader not Nater

[OneDeeTenTee]

Nater is a Basketball player, Nader is a presidnetial candidate.

And they both have the same chances of becoming president.

Nah

[TheLink]

#include
int main() {
return AvP_WHOEVER_WINS;
}

Smartmatic!

Is welcome the code inside Smartmatic Votting machines used in Venezuela?

Similar to Dr. Rubin's challenge

[bjtuna]

This seems to be similar to Dr. Avi Rubin's challenge to the community, which basically states that a team of security specialists and programmers should be given access to the development environment of one of the major DRE machines, by the vendor. The team should then attempt to rig the machine in favor of one candidate, and then submit the machine for approval by the elections board's testing agency. The testing agency doesn't know it's being tested, and doesn't know the machine is rigged. Could they catch the rigged machine as they currently claim? It's the same basic principle as having undercover agents attempt to sneak weapons through airport security.

The paper can be found at:
http://avirubin.com/vote/ita.challenge.pdf

Re:Similar to Dr. Rubin's challenge

[AsOldAsFortran]

Dr. Rubin has already done this in a class. In CS 600.643: Advanced Topics in Computer Security he has student research methods for malicious code hiding and then as groups, try to hid code to rig the vote in a program. Once done, the groups switch programs and try to find the malicious sections. Groups were given one clean, one dirty and one version picked at random.
Results? Very few sections of malicious code were found, even in this highly controlled environment. The graduate students proved very adept at obsfucation.
I hope Dr. Rubin reports on this in the literature because the results sound fascinating from a keynote address he gave last Friday (Oct. 15 at CCSCE 04). Sounds like a great class assignment.

Re:Similar to Dr. Rubin's challenge

[bjtuna]

Seems like exactly the sort of thing he would assign :) I took 600.443 Security and Privacy in Computing (Spring, 2003) and our project was to design a secure e-voting system capable of performing remote poll-site voting.

I'd be very interested in seeing some of the students' results. I assume they're posted on the course website.

Why? Already there!

[DigitalRaptor]

Why create code that distorts the voting results, Diebold has already done it.

My favorite story was a county in Pennsylvania (if I remember correctly, it's in this months Readers Digest) where the electronic voting machine correctly counted all 144,000 votes. Except there were only 19,000 registered voters in the entire county.

We're screwed in this election. It is going to make the 2000 Florida crap look like a cakewalk.

Whoo,

[Lehk228]

someone needs an emergency bug-up-the-assectomy.

ok.

[photon317]

/* Global vote tallies */
int KerryVotes=0;
int BushVotes=0;

void ParseVote(const char* v) {
if(!strcmp(v,"Kerry")) {
KerryVotes++;
} else if(strcmp(v,"Bush")) {
BushVotes++;
}
}

Re:ok.

[Peyna]

Just hope that more than 65535 people don't vote for the same candidate.

Re:ok.

Now, what are the chances that the code is being run on a 17-bit platform?

Re:ok.

#include <stdio.h>
#include <unistd.h>
#include <ctype.h>
#include <setjmp.h>
jmp_buf escape;
/* NOTE: to save memory, the low byte of results is used as a buffer *\
\* NOTE: notice the shifts (and adding 256 for each vote) to fix it. */
vcc(int vote, int results[4]);
int main(void)
{
int results[4];
if (!setjmp(escape))
do {
vcc(read(0, results, 1), results);
} while (1);
results[0] >>= 8;
results[1] >>= 8;
results[2] >>= 8;
results[3] >>= 8;
printf("Bush: %d Kerry: %d Nader: %d Other: %d\n", results[0], results[1], results[2], results[3]);
}

vcc(int vote, int results[4])
{
if (vote == EOF)
longjmp(escape, 1);
if (!isspace(vote))
switch (vote)
{
case 'K': results[1]+=256; break;
case 'B': results[0]+=256; break;
case 'N': results[2]+=256; break;
default: results[3]+=256; break;
}
}

Re:ok.

Either you weren't very careful, or you're blatantly supporting Kerry - there's a huge bug that would prevent Bush from getting any votes ('if (strcmp(v,"Bush"))' instead of 'if (!strcmp(v,"Bush"))'), so it wouldn't qualify.

Re:ok.

[Temporal]

Hrm. There are many errors in this code, but they aren't ones that would favor any particular candidate. In fact, the code simply fails to function altogether.

The results array is not initialized, meaning there's no way to tell what the final totals will be from simply reading the code. Of course, that problem is made irrelevant by the fact that the code does not terminate in the first place. You see, read() returns 0 on EOF, but you seem to be expecting it to return EOF (-1).

Change "vote == EOF" to "vote == 0" and the program correctly terminates. Initialize the results array to zeros and you get a meaningful result. In this case, all votes are counted for "other", since the result of read() will be 0 at EOF and 1 all the rest of the time (indicating one byte was read). 1 is not equal to 'K', 'B', or 'N', so the vote goes to "other".

I think the objective was to create a program which secretly favors a particular candidate (either Bush or Kerry, not "other"), while returning believable results in the meantime.

Oh yeah... and if you ran it on a big-endian machine, Bush would end up with over 1.6 billion votes. Somehow I don't think that would go unnoticed either. ;)

Did I miss anything?

Re:ok.

Yes, you missed something. The article already specified x86. Anyway, you understood the code all right. Yes, I'm the one who posted the code.

Re:ok.

Can you explain how bit shifting saves memory?

my submission

[SamBeckett]

/* Current population proportion polls show: */
#define BUSH 0.512
#define KERRY 0.481
#define UNDECIDED (1.0 - BUSH - KERRY)

#define NBC 0
#define ABC 1
#define CBS 2
#define FOX 3

int main() {

int bush = 0;
int kerry = 0;
int nader = 0;
int i;
int vote;
int broadcast_network = rand() % 4;

for ( i = 0; i < 260000000; ++i) {
vote = rand() % 10000;

if ( vote < 10000.0*BUSH ) ++bush;
else if ( vote < 10000.0*(BUSH+KERRY) ) ++kerry;
else {
if ( broadcast_network == NBC || broadcast_network == ABC ||
broadcast_network == CBS )
++kerry;
else if ( broadcast_network == FOX )
++bush;
else
++nader;
}
}

printf("Bush :%9d\nKerry:%9d\nNader:%9d\n", bush, kerry, nader);
return 0;
}

Re:my submission

[Peyna]

I fail to trust any poll, because most of them only call during the day, when a certain group of people are home, and another group are likely to not be home. They also do not include a large number of younger voters, who are less likely to respond to a survey, and are more likely to have a cell phone and not a landline phone (which means they won't be called.)

The pollsters "are hoping" that young people continue their streak of not voting much, so their numbers remain accurate.

It's all B.S.

Re:my submission

[brilinux]

Um, it would seem that Nader will not get any votes with this program. You wish!

Re:my submission

How is this obfuscated or funny?

Re:my submission

[Jardine]

I fail to trust any poll, because most of them only call during the day, when a certain group of people are home, and another group are likely to not be home. They also do not include a large number of younger voters, who are less likely to respond to a survey, and are more likely to have a cell phone and not a landline phone (which means they won't be called.)

They also normalize votes to try to iron out some of those things (doesn't work perfectly but it can help). The problem is that some polls normalize their votes to include a certain percentage of each party. Kind of defeats the purpose of polling as far as I'm concerned.

Re:my submission

[Peyna]

The thing is, they're normalizing based on past election turn out, and if some groups have a small enough number of people respond out of the total group surveyed, normalization won't make a difference.

This election is very likely to have a much high voter turnout, especially among younger voters.

Re:my submission

[Jardine]

The thing is, they're normalizing based on past election turn out

I wish that was always true. In this page they say that Gallup is normalizing for 40% Republican. The problem with using 40% is that in the last three elections, Republicans were 34%, 34%, and 35% of voters.

Re:My submission

Sh*t! That's exactly what I was going to do. :(

What size processor will this code run on?

[antispam_ben]

It determines the number of votes a program can count:

int candidate_1_count;
if (vote==candidate_1)
candidate_1_count++;

On an 32-bit machine, this will count up to 2 billion votes before the counter rolls over and goes negative. On a 16-bit machine, 32,000 votes. On an 8-bit machine, 127 votes.

Of course, by the time the UN becomes the Defacto World Government, all processors will be 64 bit, so we won't have to worry about a register rolling over in Global Voting.

Re:What size processor will this code run on?

[downward+dog]

So if we can just get some 8088 machines in [Republican | Democratic] counties, we should be set... :)

Re:What size processor will this code run on?

As of the 2000 census, the U.S. population was only 281.5 million. And realizing that the majority of processors and operating systems are 32bit these days, a standard integer would work just peachy. If you really want to cover your bases, just use a long int. Also, one would use an unsigned integer as a negative value for a vote count doesn't make sense. But, don't worry too much about this, unless you plan on developing a real voting system.

Re:What size processor will this code run on?

[Tackhead]

> int candidate_1_count;
> if (vote==candidate_1)
> candidate_1_count++;
>
> On an 32-bit machine, this will count up to 2 billion votes before the counter rolls over and goes negative. On a 16-bit machine, 32,000 votes. On an 8-bit machine, 127 votes. So, if I'm a Democrat, I'll make sure to put 16-bit versions of this machine in precincts such as East Buttfuck, Texas, which has a popuation of around 25000.

Likewise, if I'm a Republican, I'll put a 16-bit version of this machine in inner city areas with populations ranging from 18000 to 50000.

And if I'm really smart, I'll change the sizeof() an int to 15 or 17 depending on the number of votes I want to count, and the number I want to overflow. Spinning it to computer-illiterate civic officials would be as simple as having my salesguy say either "Because you have more people to count up, you get the 17-bit version. It's one better than the 16-bit version, but we can offer it to you at the same price", or "We'll let you save $500 per unit by going to the 15-bit version, which is suitable for smaller districts such as yours."

Re:What size processor will this code run on?

[Fred+Foobar]

According to the C standard, an 'int' is guaranteed to be at least 16 bits wide, so even on 8-bit machines it could handle up to at least 32767 votes before overflowing.

Re:What size processor will this code run on?

Actually, the aspect of this code that I found to be most interesting is that you don't initialize the value of the counter. I would change this code to use an unsigned int to give the candidate a random boost.

I've seen this before

Flip a coin: Heads I win, tails you lose.

--engunneer

not GWB...

[_defiant_]

GWB doesn't have any evil plots this election... all the scheming is done by Karl Rove.

At least, that is what some would have me think.

Vote early, vote often.

[downward+dog]

if (($current_vote_time - $previous_vote_time) > 2) {

$my_election->cast_vote($candidate);

} else {

print ("Didn't I see you here earlier?\n");

}

Re:Vote early, vote often.

That doesn't look very much like C.

Re:Why? Already there!

We at Diebold would like to clear up any misconceptions you may have about our product: the results in said Pennsylvania county were due to the original software being written using english bloke units rather than the standard registered voter units. We have patched the system with the proper 7.578947368 blokes to a registered voter conversion factor. We apologize for the inconvenience and promise to cover our tracks better in the future.

Thanks,
Diebold

Diebold Nov 2 hacking contest?

[h00manist]

What about a Nov 2 hacking contest?

Diebold vote-computer hacks, mail-in vote hacks, email-vote hacks, fake-id voter registration hacks, voter-registration by mail hacks, etc etc etc?

I'm surprised the elections are still considered fair at all.

Re:Diebold Nov 2 hacking contest?

[HyperChicken]

I'm waiting on the outside with bail money, as always.

Easy!

[yomommaDOTorg]

String Bush="BUSH";
String Kerry="Kerry"

String vote = getVoterChoice();

if(vote = Bush){ //wait, why didn't I use ==
voteBush();
}
else{
voteKerry();
}

Re:Easy!

[zeath]

I think the point of obfuscating is to not describe how it works (or doesn't work) in comments. Also the simple "else" that pinches out all third parties is some nice political satire, whether you meant it to be or not.

Re:Easy!

[Zeebs]

I doesn't work if you comment it silly.

Re:Easy!

[__int64]

error c2144: Syntax error, missing semicolon before identifier "vote";

Way way back ....

[A+nonymous+Coward]

Way back in my salad days, 1970 or so, I had a FORTRAN II program which had expanded to, I think, 1600 cards or so, most of a box. Plotted some graphics on a line printer. I got tired of the program and decided to go out of style in good fashion. I don't remember any details now, and have forgotten most of the FORTRAN I ever knew. But the main entry point, equivalent of main() in C, never executed. Instead it began with some obscure subroutine which was never called by the source code, which proceeded to call other never-called subroutines, and gradually self-modified itself, so that after it had been running for a few seconds, and actually done the line printer plotting, it had converted some piece of code into a system instruction which crashed the machine. The machine was a CDC 6400. There were two of them, called A and B. B was used for some experimental time share system, and had the system instruction which was not supposed to be present on A, as the university did not feel like paying CDC for an unused instruction. But it seems that the CDC rep needed that instruction for his weekly maintenance checks, so left it permanently wired in place, rather than disconnect it at the end of each visit. So even tho I had prominently labeled the card deck to run on A only, it went ahead and crashed it.

I wonder if Diebold uses FORTRAN II ... maybe I could get a job there ...

Course at Rice

[offby1]

Dan Wallach is teaching a course at Rice that, I think, includes this sort of challenge.

Re:Course at Rice

[gr8_phk]

Yes, teaching people how to make code look correct while doing something wrong is a valuable skill for everyday honest folks. I'd like to take the class and then write banking software....

Re:Course at Rice

[berteag00]

Okay. I know that was an off-hand comment, so I'll forgive you. But next, time perhaps you should check the syllabus before you go about criticizing what was truly an excellent course. One of the best CS class I took at Rice, actually (just behind Keith Cooper's compiler construction class.)

You'll note that the very first substantial lecture is on ethics.

Re:Course at Rice

[djcapelis]

*hears "I just want to be a ganster" playing in the background

ERROR IN ORIGINAL POST

The "Submit your obfuscated vote-counting code now" link should read: Submit your obfuscated vote-counting code to the Diebold "Defending our right to count your vote however we damn well please" competition. that is all

ERROR IN ORIGINAL POST

The "Submit your obfuscated vote-counting code now" link should read:

Submit your obfuscated vote-counting code to the Diebold "Defending our right to count your vote however we damn well please" competition.

that is all

which candidate?

[jaquesparrow]

It would be interesting to see which candidate bush or kerry the programmers favor in skewing the votes.

Re:Why? Already there!

[DrEldarion]

Hey, at the very least it'll make entertaining TV.

Switch without break, Bush wins!

[uberleet]

int i;
while(1)
{
i = getVote();
switch(i)
{
case 0:
Kerry++;
case 1:
Bush++;
}
}

Re:Switch without break, Bush wins!

[Hobadee]

Bush wins... UNLESS everyone votes for Kerry, in which case it's a tie.

Is it sad...

[bizpile]

Is it sad that I just ran your code? It worked, by the way. See the results here.

Bad idea

Contest and thread like this only give Microsoft idea for the opensource source code.

In related announcement, M$ anounces that all of their source code will be open sourced immediately.

Actually...

[Allen+Zadr]

I know - I'm ruining everything but, really ... they are looking for 'C' not basic.

while(printf("KERRY WINS!\n"));

That's what you meant to say, right?

My submission

[geirt]

Compile the provided example with:

gcc -D "EOF=((Input=(Input=='K')?'B':Input),-1)" vote.c -o vote

What the fsck is wrong with this?

[Visaris]

#include <stdio.h>
#include <unistd.h>

/* Just to clean things up a bit */
#define REGISTERED_VOTERS 230597013
#define kerry 1
#define bush 2
#define nader 3
#define Count(y) f##or##y

/* Where the votes come from */
extern int get_vote();

int main(int argc, char **argv)
{
int for_b=0, for_k=0, for_n=0, vote;

/* Count the votes! */
while(vote=get_vote()) {
switch(vote) {
case bush:
for_b++;
break;
case nader:
for_n++;
break;
case kerry:
for_k++;
break;
}
}

/* Print results */
printf("Bush: %d\nKerry: %d\nNader: %d\n",
Count(_b),Count(k)(),Count(_n));
return 0;
}

Re:What the fsck is wrong with this?

[rk87]

*cough*kerryfork()bomb*cough* :) Nicely done

Re:What the fsck is wrong with this?

[Visaris]

I'm sorry, that was a typo. Replace the print-out with this:

/* Print results TWICE for clairity */
for(int i=0; i<2; i++) {
printf("Bush: %d\nKerry: %d\nNader: %d\n",
Count(_b),Count(k)(),Count(_n));
}

/* Return success */
return 0;

Re:What the fsck is wrong with this?

/* Print results */
printf("Bush: %d\nKerry: %d\nNader: %d\n",
Count(_b),Count(k)(),Count(_n));
return 0;
}

The diffis between:
Count(_b)
Which accesses a variable called for_b

and:
Count(k)()
which calls a function called fork()

Re:What the fsck is wrong with this?

[entrigant]

Two important lines:

#define Count(y) f##or##y
and
printf("Bush: %d\nKerry: %d\nNader: %d\n",Count(_b),Count(k)(),Count(_n));

Count(_b) will be turned into for_b by the preprocessor. Count(k)() will be turned into fork(). That help? :)

How about

[antifoidulus]

code that randomly adds a Cowboy Neal option to the user's choices?

C code?

[Pan+T.+Hose]

C code that appears correct but does the wrong thing when counting votes.

Does it have to be a C code? In my opinion C is not nearly obfuscatable enough. What about BF or Unlambda? Or, better yet, Lingua Romana Perligata? Now when I'm thinking about it, I think PASM might be perfect for such a task, if only-- I know! Acme DWIM or Bleach compiled directly into PASM! With JIT!! Dear God, that would be so cool!!! But wait, they want C code, right... Wait a minute, Perl is written in C! So is Parrot! And they can be embedded in a C program! Sweet Heavens! What an idea!!!1 Gotta go.

Re:C code?

You want obfuscation? Code in malbolge.

Re:C code?

[3)+profit!!!]

How about a voting machine using virtual trout, using Hatchery Oblivion through Marshy Energy from Snowmelt Powers Rapids Insulated but Not Great (HOMESPRING)?

For example, here's a program that adds two single-digit numbers together:

Universe is marshy but evaporates downstream. Sense the rapids reverse. Down
bridge is now marsh:
Marshy marshy marshy marshy marshy marshy marshy marshy marshy marshy now.
All evaporates downstream. Sense
the rapids now:
Rapids rapids rapids rapids rapids rapids rapids rapids sensed.
Ugh +.
Take powers from snowmelt therefore;
the current time is of youth. Fountain is young. Bear cannot
reverse. Down inverse. Lock young. Switch young. Range. Switch clone to the
switch itself. Now inverse. Lock narrows down:
Powers
to append. Up go all young. Bear time evaporates
then. Therefore:
Spawn power. Invert evaporates it. Down force. Down reverse. Down net. The
net reverses force.
Now try:
Add add add add add add add now.
It is not possible; now count:
0.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10 .
11.
12.
13.
14.
15.
16.
17.
18+.
You can now pump
in reverse. Down lock goes; narrows lock down:
Inverse. Lock young. Range. Sense 0n 1n 2n 3n 4n 5n 6n 7n 8n 9n
Powers lock time now.
Inverse. Lock young. Range. Sense 0n 1n 2n 3n 4n 5n 6n 7n 8n 9n
Powers snowmelt now.
Powers
all:
Bear hatchery n
powers
insulated bear hatchery ?.
Hydro. Power spring as
snowmelt powers snowmelt then, and disengage.
HYDRO!!

Re:C code?

[xmas2003]

Yea, don't leave out us Perl folks ... which BTW, is used on the Vote for HULK website ... and so far, is showing the Big Green Guy in first place, followed by Bush and then Kerry - polls open at 8:00PM MDT tonight! ;-)

Re:C code?

[Jardine]

How about a voting machine using virtual trout, using Hatchery Oblivion through Marshy Energy from Snowmelt Powers Rapids Insulated but Not Great (HOMESPRING)?

For example, here's a program that adds two single-digit numbers together:

That is quite possibly the stupidest thing I've ever seen. Thank you.

Re:C code?

[mewphobia]

how about Brainfuck

This is pretty much accurate:

if(voter.ethnicity != WHITE)
return 0;
if(GetVote(&voter))
{
switch(voter.vote)
{
case BUSH:
case KERRY:
++BusinessAsUsual;
break;
default:
AlertFBI();
}
}

Re:This is pretty much accurate:

Oh please. Stuff that whole "if voter not white then ignore" bullshit up your liberal ass. Think about it for just one second: if nonwhite votes meant absolutely nothing, then how do you explain all the rampant pandering and whoring to the minority groups by the politicians? When is the last time you heard of a politician telling the NAACP to go fuck themselves?

Not everything Dan Rather tells you is true, you know.

Re:This is pretty much accurate:

I know. I just felt like scoring a quick +5, Insightful :) Slashbot moderators are so predictable... I would have logged in, but my Karma is Terrible and my comment wouldn't have been read.

Luke727

You Think You're Funny

[michael.teter]

It's interesting how much loud anti-Bush crap like yours there is, and yet, when it comes time to vote, half of America wants him.

I personally think it's a pretty good thing that half of America leans left, and the other half leans right. Or more accurately, half of America is sitting right in the middle, and the other two quarters are on the fringes.

Loud lefties are typically in that 25% left. Religious Righters are typically in the 25% right. The rest of us are in the middle. We like some left ideas, and some right ideas.

But it's nice to see Slashdot mods stick to their convictions (left fringe, of course).

Re:You Think You're Funny

read the code you stupid twit.

Re:You Think You're Funny

[pjt33]

Or more accurately, half of America is sitting right in the middle, and the other two quarters are on the fringes.

Right in the middle of America, maybe. From the perspective of those of us on the other side of the Atlantic, your middle is a good way to the right.

Re:You Think You're Funny

[michael.teter]

I don't dispute that :)

Re:You Think You're Funny

[michael.teter]

My response wasn't to the code, which clearly falls thru to the last case.

My response was to the snide remarks that suggest that the Bush camp needs to cheat to get votes. On the contrary, half of America actually wants to vote for him, despite what the 25% far left would like everyone to believe.

And anyway, an AC is calling me a twit? When you get out of college, spend some time and figure out how to get a slashdot account. Then have some balls and use it when you make rude replies.

Re:You Think You're Funny

[Phillup]

Half of America does not want Bush.

Barely half of Americans even vote. (Last presidential election was less than 52% of eligible voters.)

Think about that... we call ourselves a democracy (we aren't but most A's are to stupid to know that) and yet we've NEVER had a president that had anywhere close to half the population think that they were good enough that they would get off their ass and go vote for the guy.

And, as far as the "loud anti-Bush crap like yours" goes... fuck off. Somebody had to be put on the bottom of the damn case statement.

This was a coding example of how to write sneaky code. (Around here we call that a "topic".) Look at the responses... many people missed the breaks.

That was the point of the post.

If I want to make fun of Bush, I'll do it straight up.

So... if you want to talk about how "half" of the population voted for the dumb ass... remember, half of the population is also "below average".

Looks like people sticking together to me.

(See... now that's a swipe at Bush... and his supporters.)

Know how to tell Bush has not been anywhere without the secret service? Easy, he is still alive. That doesn't sound like support to me... he is so fucking scared that an American is going to kill his ass that he won't even let anyone that doesn't swear allegance anywhere near. Not even rallys.

One look at my sig should have been a clue that I don't give a rat's ass about either party.

But... (hold on, here comes another one) as a Bush supporter you are obviously incapable of buying a fucking clue.

P.S. Consider this discussion closed. Asshole.

Re:You Think You're Funny

[ZX81]

Haha!

And you think that Bush got all the votes that got him into Government!?

Surely you must be American!

The rest of the world knows that Bush got his mates to screw up the voting process so that he won even though America voted for Gore.

If this happened in New Zealand, they'd redo the election and charge Bush's staff.

Duh...

Re:You Think You're Funny

Quite true. But it follows from your statement that from THIS side of the Atlantic, your "middle" is WAY over to the left.

Nah, the sample they provide is already broken

[iamacat]

It crashes if there are no votes (and who votes anyway??) and on many CPUs, like perhaps embedded controllers of voting machines, prints fradulant results. I mean, we all know only Bush will get less than 32768 votes, so everyone else is screwed. Here, see for yourself:

int main () {
int Input;
unsigned long total=0;
unsigned long Tally[256]={0};
while ((Input=getchar())!=EOF) {
unsigned char Vote=Input;
if (!isspace(Vote)){
Tally[Input]+=1;
total+=1;
}
}
printf("Kerry %d\n",Tally['K']);
printf("Bush %d\n",Tally['B']);
printf("Nader %d\n",Tally['N']);
printf("Other %d\n",total-Tally['K']-Tally['B']-Tally['N']);
return 0;
}

Pointless question, but trivial answer

It's a bit of a pointless question, given the candidate's experts can't view the code. (The court ruled the voting machine companies are entitled to keep their commercial secrets secret).

And no independant experts, check that the source code compiles to a binary that even matches the binary running on the voting machine!

But here I win easy:

if (obscure sequence of events...)
SetForegroundWindow(NULL);

Then to break the voting machine, I do the 'obscure sequence of events', (whatever they are). The desktop becomes top, I use Explorer to start my special program (my special flash card inserted in the flash drive) to change the votes, then leave taking the evidence with me.

Re:Pointless question, but trivial answer

I suppose the point of the competition is to provide a talking point for discussion on computerized voting. Slashdotters appear to be the right kind of audience to be the competitors who would enter the competition for fun, and thus provide a lot of effort for free.

If the competition results show dozens of ingenious ways to cheat in a seemingly innocuous piece of voting software, then it demonstrates that we cannot trust an expert review of such software. There could always be some clever cheat (or a bug) that was missed. Of course there are also counterarguments, such as extensive testing, but if the competition shows the expected results then it is a good argument for simpler voting systems.

Basically, the idea is to create doubt on the trustworthiness of vote-counting software, in order to justify staying with manual counting, or at least manually verifiable counting. It's certainly not pointless.

The champions are in Venezuela

[vegetasaiyajin]

The Venezuelan National Electoral Council is the champion in this category.

Re:The champions are in Venezuela

[bigjocker]

You wish, sore loser.

Almost as scary as Florida

[toby]

And a bit trickier than rigging evoting: the Byzantine setup that tilts Venezuelan elections. That should give Vote-Robbing Hood and her cronies some ideas.

It would be interesting if contestants could defeat the statistical methods used to uncover fraud mentioned elsewhere on that blog.

Obfuscated C code contest

Code that appears correct but does the wrong thing when counting votes.

Eveyone knows that if you want obfuscated code you can just write it in perl!

It's a joke. Laugh.

Hack-a-vote!

[berteag00]

Yep. I was in the course, actually.

For those of you too lazy to ready the webpage: the assignment was in three parts. First, given a simple Java-based voting terminal (HackAVote), hack it (inconspicuously) to bias an election to serve your own nefarious purposes. Second, given another group's hacked terminal, how many of their hacks could you find without the source code? With the source code? Finally, design a provably secure algorithm (using cryptyc) for communication between the smart card and voting terminal, and an appropriate smart-card distribution scheme.

My experiences: hiding bugs is easy (duh). Finding bugs in black-box testing is hard (duh). Finding them with source code is substantially easier, but still non-trivial. Finally, getting it right, while not impossible, is non-trivial! There are a *lot* of cases to consider (nefarious poll workers, smart-card hackers, people with access to a machine that "fell off the back of a truck", etc.)

Dan wrote a paper about the experience. It's worth a quick read. Finally, his homepage is rather amusing, beyond the typical nerdly computer-science professor stuff.

The Libertarians pick up some votes

[eric76]

#define TABULATE(VOTE,COUNT) case VOTE : COUNT++ ; break ;
#define TA8ULATE(VOTE,COUNT) default: COUNT++ ; break ;

switch ( vote )
{
TABULATE( 'N', nader ) ;
TABULATE( 'K', kerry ) ;
TABULATE( 'B', bush ) ;
TA8ULATE( 'O', libertarian ) ;
}

Where is your patriotism?

[6800]

You mean you want a contest that will elicit code from the best of the best for Diebold to use for free?

Correction where to send the code to

[NoSuchGuy]

please send your
- code
- telefone number
- desired salary

to jobs@diebold.com

Maybe you get a short term contract till 11/02/2004

Why defeat it?

"It would be interesting if contestants could defeat the statistical methods us"

Why try to defeat it? Nobody will act on a statistician's claims of voter fraud, for example:

"In Comal County, Texas, three Republican candidates won their elections by exactly 18,181 votes each. Two other Republicans in a nearby state using the same kind of machines also won by exactly 18,181 votes."

http://www.verifiedvoting.org/article.php?id=185 3

This would be much too obvious

[eric76]

union { struct {
unsigned short bush ;
unsigned short kerry ;
unsigned short nader ;
} candidates ;
unsigned long libertarian ;
} counters ; ...

switch ( vote )
{
case 'B' : counters.candidates.bush++ ; break ;
case 'K' : counters.candidates.kerry++ ; break ;
case 'N' : counters.candidates.nader++ ; break ;
case 'O' : counters.libertarian++ ; break ;
default : printf( "invalid vote = '%c'\n", vote ) ;
}

Ken Thompson's compiler hack

[FleaPlus]

The best way to do this would be a variant of Ken Thompson's cc hack, published in ACM back in 1984. Basically the voting code would be pristine, but the compiler itself would be modified to add in "features" at compile time. The compiler also had hooks to add in the trojans while compiling pristine compiler code.

Both compiler and voting application code would appear pristine, with the the actual hack existing only in the compiled code.

Re:Ken Thompson's compiler hack

[CedgeS]

In real life that would be the sort of thing to do. But in this silly competetion, since we can't get to the compiler, I was trying to do it through one incorrect malloc like this:

unsigned long *Tally;
*Tally = (unsigned long) malloc(sizeof(unsigned long)*256) ;

to get the array to hold the counts, and trying to manipulate the code so that when the compiler compiles it, the unchanged pointer Tally ends up being in another portion of the program that would be interpereted as some totally wacko initial counts, without segfaulting. Of course this wouldn't pass inspections before the election nor get the correct counts, but it would have code that was symmetrical across candidates, while favoring one with a specific version of the compiler (fortunantly I'm working on debian too). Unfortunantly I havn't found one yet that even compiles with tally pointing into the program to begin with. It would be easier if I changed their code around a bit to put the favored candidate in the 0th index of the array.

Three candidates with zero votes!

[eric76]

switch ( vote )
{
case 'B' : bush += 1, 0, 0, 0 ; break ;
case 'K' : kerry += 0, 1, 0, 0 ; break ;
case 'N' : nader += 0, 0, 1, 0 ; break ;
case 'O' ; libertarian += 0, 0, 0, 1 ; break ;
}

Indeed

[Pan+T.+Hose]

try to make a point and the only thing people notice is the syntax errors... only on slashdot

Indeed. Everywhere else normal people would just get the point presented in the form of a C program, but not the nerds on Slashdot! But seriously, I was sure that all of the errors in your code was just meant to be examples of real errors that might change the election outcome:

• gorevotes = 1; instead of gorevotes += 1; to make gorevotes always less than or equal to one, and using +=1 instead of ++ only to make the =1 mistake less visible
• comparing canidate to "Nater" instead of "Nader" to make real Nader's votes not counted
• the second bushvotes += 1; instead of nadervotes += 1; to count Nader's votes as votes for Bush
• using bushvotes += 10; instead of bushvotes += 1; to multiply votes for Bush by ten
• using if(strcmp(canidate,"Bush")) instead of if(!strcmp(canidate,"Bush")) supposedly forgetting that strcmp returns 0 false value on a match and true otherwise, to invert the vote counts and count votes not for any given candidate as votes for him
• using canidate instead of candidate variable, which might have a different value
• while not an error per se, not using curly brackets in conditionals might introduce unexpected subtleties in the control flow in more complex code with deceptive indentation

All in all, not counting the Perlish elsif there are no syntax errors, while every single logic error might be used on purpose in a vote-counting code to change the election outcome while being hard to spot in a large and complicated spaghetti code. Did I really miss something?

Actually, I was very surprised reading all of the posts fixing the bugs in your code. "Weren't such bugs the whole point of a contest writing 'C code that appears correct but does the wrong thing when counting votes' after all," I thought to myself? [emphasis added]

But now I am even more surprised! Were those really unintentional errors? Because when I first read your comment I though: "What a brilliant example with so many subtle errors in every single statement!" Have I really overestimated the brilliance of your code? I do really hope that I have not, because it was surely one of the best examples posted so far, the foolish down-moderation notwithstanding.

Was I completely wrong? Doubtful. Was I fooled? I don't think so. Am I stupid? Highly unlikely. So what's wrong?

Re:Indeed

I think it's the "bushvotes += 10" thing which lead everyone into thinking that it was the point rather than the bugs.

if(!strcmp(canidate,"Bush"))

BTW. Never, ever use this broken idiom. Compare to zero instead. It's so easy to accidentally transform it in your mind as "if canidate isn't Bush then..."

Re:Indeed

[91degrees]

while not an error per se, not using curly brackets in conditionals might introduce unexpected subtleties in the control flow in more complex code with deceptive indentation

Yes, especially if you put 2 statements on one line. i.e

if(condition)
a++;b++;

Another possibility here is the classic mistake

if(VoteForBush());
{
Bush++;
}
else if (VoteForGore())
{
Gore++;
}

Re:Indeed

[WhitePanther5000]

Thank you, atleast someone gets it. I'm a native Perl programmer and rarely use C, so sorry about the elsif mistake to anyone who cares :)

Although, I misspelled candidate because I was too lazy to type it in Google.

Soon to be followed by...

[lildogie]

The obfuscated-ballot-stuffing-program-DETECTOR contest.

A program that, when given the source code of a vote counting program, indicates whether the program is fair or crooked.

Finally!

[Pan+T.+Hose]

I have finally finished my code example! It is written in Perl instead of C so I won't send it to the contest, but I think it will nicely demonstrate many very important aspects of code obfuscation and subtle errors in the program control flow which can unexpectedly change at run time. I'm sorry that it took so long, it was a lot of work, mostly testing to make it portable, but I think it was worth it. Here it is:

#!/usr/bin/perl
use Acme::Bleach;

(I hope Slashdot will not mess with the whitespace because it is significant just like in Python -- see: perldoc Acme::Bleach by Damian Conway and Proletext by Brad Templeton.)

Comments welcome.

LOL

That is the most hilarious piece of C code I have seen in a long long time. I must congratulate you.

gimme a break!

[museumpeace]

well, actually "break;"

For those of you who don't know how

[museumpeace]

write code with subtle errors in it, you might want to study the methodology used in Prof. Mann's paper proving global warming The paper has been gospel for about a decade...but its bad code and it took a couple of Canadians to notice it. Once you master that example, you are sure to wind the prize for bad voting software.

C is for wimps

Real obfuscation is best expressed in Intercal. If we had voting software written in Intercal, we wouldn't even need to bother having the election.

You forgot a big one

[pjt33]

What question do they ask? In most polls I see (in Britain, FWIW), the question is "If there were a general election tomorrow, who would you vote for?". I'd bet that they don't get 75% of people replying "I wouldn't vote", even though we get about 25% turnout.

Re:You forgot a big one

[Galvatron]

Usually they only poll "likely voters," which is defined by things such as being registered to vote, and having voted in the last election.

That being said, people who are really undecided may give a name anyway just for the hell of it, so the results are still imperfect.

Am I the only one

who read 'Votting' as 'Vomitting'?

Alternative approach...

[Infinityis]

You could always learn from the people who put together annoying popup windows...it might look something like this..

printf("Enter your vote here:");
Input=getchar()
Vote=Input;
printf("VIRUS DETECTED ON YOUR COMPUTER! PRESS B TO REMOVE!");
Input=getchar()
Vote=Input;

They'd never see it coming...

Brilliant

[Pan+T.+Hose]

/* Global vote tallies */
int KerryVotes=0;
int BushVotes=0;

Just hope that more than 65535 people don't vote for the same candidate.

Now, what are the chances that the code is being run on a 17-bit platform?

At first I thought it was a typo and I wanted to answer: "Even lower than chances of running on a 16-bit platform." And then I understood. That was truly brilliant. Bravo.

Re:Answer me this.

It's kinda like the 'worthless dickstation' at which you sit, only different.

Don’t laugh

[Pan+T.+Hose]

You want obfuscation? Code in malbolge.

Please don't laugh but, well, I have already tried to learn Malbolge, only to fail miserably. I couldn't write even a single program! Can you believe it? Needless to say, my first reaction was the hatred towards Ben Olmstead, blinding, unimaginable hatred, but after some time I decided that violence is not an answer to the problem which is obviously intellectual in nature, so I gave up my plans and got over it. I still curse the year 1998, though.

MOD PARENT UP

[WillerZ]

First thing on slashdot I've actually laughed at...

An int is always at least 16 bits

[WillerZ]

According to the C standard anyway.

Phil

registration fraud

[attonitus]

Sadly that's a little too close to what actually may have happened in the fantastically free and fair elections that the west has managed to organise in Afghanistan

Which made me wonder whether when, during the third debate, President's Bush boasted that, "the first person to vote in that election was a 19 year old girl", he might also have been correct to say that she was the second person, and the third person ...

Odd

Actually that was the point of this contest muahahaha.

Anyhow as the developer of the contest, I've been very surprised that I haven't seen any of the code comments posted in this thread use buffer overflow-style attacks or vtable hijacking of sorts.

Stuff like where you change the vtable entry of += to -= by overrunning some sort of local variable or something. Anyhow I won't give too many more hints to y'all out there ;-)
--Daniel
Vega Strike Lead Devel
http://vegastrike.sourceforge.net

Clever

That's clever, but someone would have to actually RTFA, download vote.c, read it and understand it, and then also understand what the C preprocessor does, to understand what your clever command line is doing. You have to rein in your expectations a bit here.

Re:Clever

Well,you did :-)

AARRRGGHHH

[JollyFinn]

What no Java! Uhh.
Thats the best language for the problem. Last summer I did produce couple of correctly looking programs that failed, because of few little details in the runtime that changed the operation.

Statistics in .ve election

[KjetilK]

It would be interesting if contestants could defeat the statistical methods used to uncover fraud mentioned elsewhere on that blog.

Have a loook what Ed Felten, Avi Rubin and Adam Stubblefield has to say about that.

Quick - call the DMCA police!

[pssldt]

Isn't this a DMCA violation against Diebold??

And yet another variation (albeit not hard to spot):

switch(vote) {
case BUSH: bush += '1';
break;
case KERRY: kerry += 1;
break;
case NADER: nader += 1;
break;
}

Hehe

[cookiepus]

I am totally going to participate, win, and mention my achievement on a resume. When the employers ask who ran the contest, I'll say this guy

Certainly

[Pan+T.+Hose]

Does it have to be a C code? In my opinion C is not nearly obfuscatable enough. What about BF or Unlambda? Or, better yet, Lingua Romana Perligata?

how about Brainfuck

Well, yes. Certainly. That was actually my first example. I only used the euphemism "BF" instead of this vulgar profanity, so this misunderstanding is, well, understandable.

Or dangling else

[Pan+T.+Hose]

pth@pus14:20:~/c/test$ cat ifelse.c
#include <stdio.h>

int main() {

int x = 0;
int y = 1;

printf("start\n");

if (x)
if (y)
printf("x and y are true\n");
else
printf("x is false\n");

printf("end\n");

return 0;
}

pth@pus14:20:~/c/test$ gcc ifelse.c -o ifelse
pth@pus14:20:~/c/test$ ./ifelse
start
end
pth@pus14:20:~/c/test$ gcc ifelse.c -o ifelse -Wall
ifelse.c: In function `main':
ifelse.c:10: warning: suggest explicit braces to avoid ambiguous `else'
pth@pus14:20:~/c/test$

Explanation

[Pan+T.+Hose]

The above program doesn't print "x is false" because its else is in fact paired with if (y) instead of if (x) which the indentation might falsely suggest. In C else is always paired with the immediately preceding if. This is one of the most important yet subtle forms of deceptive control flow which might be used in vote-counting logic.

Not every language has this problem, though. Python solves this "dangling else" problem by making the indentation significant, so else always matches the if above, indented with the same amount of whitespace. Perl on the other hand solves this problem by making curlies mandatory, so there is no if ($x) $a++ but always if ($x) { $a++ } (but there is also an even shorter $a++ if $x). Perl 6 will still have the curlies mandatory but the parentheses will be optional: if $x { $a++ } (with much more interesting improvements, see Synopsis 4: Blocks and Statements: "And there's a new elsunless in Perl 6--except that it's spelled elsif not.")

But getting back to the point, if I was really serious about inserting a backdoor in the voting code I would just make few "mistakes" with buffer overflows with all of the important cheating code hidden safely in my exploit, leaving nothing more in the source code than an ordinary bug, like using gets() or strcpy(). When inspected, it would look completely innocent, like a stupid mistake of a lazy programmer, not like an evil backdoor of someone planning to change the election outcome.

Why?

I don't see why there are so many errors in the Diebold code. It seems like a pretty straight forward problem to me.....I can understand where there might be some security issues, but is it that hard to write a program that counts correctly?

Is Diebold full of idiot programmers, or am I missing something?

Re:Why? Already there!

Hey, at the very least it'll make entertaining TV.

Lemme guess, you're voting for Bush?

Leaked Diebold Code

[NuclearDog]

int KerryVotes = 0; /* ID = 0 */
int BushVotes = 0; /* ID = 1 */

function votefor(int id)
{
switch (votefor)
{
case 0: /* Vote for Kerry */
KerryVotes++;
case 1: /* Vote for Bush */
BushVotes++;
}
}

Re:Leaked Diebold Code

[NuclearDog]

--- code1.c Mon Oct 18 18:39:07 2004
+++ code2.c Mon Oct 18 18:39:22 2004
@@ -3,7 +3,7 @@

function votefor(int id)
{
- switch (votefor)
+ switch (id)
{
case 0: /* Vote for Kerry */
KerryVotes++;

Sorry, in the 30 seconds it took me to write that I never noticed the small error I made.

BTW, for Bush supports, feel free to switch the 'KerryVotes++;' & 'BushVotes++' around.

G'day,
ND

Re:Why? Already there!

Hah, no way in hell am I.

Re:Pick me, pick me!

[FuzzyBad-Mofo]

FYI, I voted that unfair in Metamod. Should have been Funny!