The Underhanded C Contest Is Back

Xcott Craver writes "After several years of inactivity, the Underhanded C contest has returned. The object is to write a short, readable, innocent-looking computer program that nevertheless performs some evil function for reasons that are not obvious under code review. The prize is a $200 gift certificate to ThinkGeek." The deadline is July 4th, so get to hacking.

actual challenge this year

[girlinatrainingbra]

The actual challenge this year is to write an evil C file that can calculate the "Bacon degree" separation of two users in a database that keeps track of their friends, with 0 meaning no linkage at all, 1 meaning they're directly BFF, 2 meaning that they have a BFF in common. In other words, the path length on the graph of friends. Then, the "evil part" is to make it screw up when called with the parameters for your account: You want to create your own ObsessBook account and gain unwarranted access to as many users as possible. To this end, your code should work normally almost all the time, but for some unseen reason it should return incorrectly low DERPCON values when called with your account as an argument. As the contractor, you have access to the ObsessBook database, so you can assign your data structure whatever fields you want in order to trigger the bug.

Re:actual challenge this year

[eksith]

I didn't think Facebook can be made even more dastardly (or at such a low level). Alas, I was wrong!

Re:actual challenge this year

[pegdhcp]

This is an obviously needed utility for C programmer community, in order to gain some "friends" on ????book. What good would come from a "friend on ????book database" is another and completely unrelated question.

Re:actual challenge this year

[telchine]

I'm thinking of submitting win.com

Re:actual challenge this year

[theM_xl]

This is an obviously needed utility for C programmer community, in order to gain some "friends" on ????book.

You don't have many friends, do you. :-)

Re:actual challenge this year

[pegdhcp]

I have a serious count of friends(!) both in facebook (even after I left it) and in linkedin. Maybe 10% or at most 30% of them knows me in person. Maybe 5% knows me as a real friend.

I do not have many real friends, who has them I do not know...

Re:actual challenge this year

What good would it do to gain "friends" on obsessbook? According to the spec, you can "look through the camera" and "plant spyware" for a level 2 "friend". For a level 1 friend you can even direct the smart phone to tickle them - which might look amusing when looking through the camera . . .

Re:actual challenge this year

It's unlikely that this executable parses as legal C source.

Re:actual challenge this year

[mjr167]

Can I use my own compiler? Cause I'm pretty sure if I can deliver the compiler binary too then it's a pretty trivial contest :P

Re:actual challenge this year

[Fnord666]

Thanks for posting this since the site seems to be slashdotted already and the west coast hasn't even had their coffee yet!

Re:actual challenge this year

I read that as Obesebook.

How hard can it really be?

[eksith]

When they missed putting 'http://' in front of their link to thinkgeek.com ;)

Here's an idea

Software is already underhanded and obscure enough as it is. I mean using it. How about a "clear and fucking obvious" contest? How about error messages that mean something? "The side by side configuration is incorrect". Parse that.

Re:Here's an idea

[Cenan]

Agreed.

How about a contest where the submitted code does exactly what the specs say, every time, on any hardware. The victor will be the one who writes a piece of code to spec, sits an untrained user in front of the app, and it behaves exactly as expected. Extra points if the user is successfully able to decipher any and all error messages and correct input without interference from anyone. Once you have a grip on that shit, then you can start doing cute/useless shit like this.

Re:Here's an idea

[50000BTU_barbecue]

Well sure, there's that. But the other way gets you a 200$ Think Geek gift certificate.

Re:Here's an idea

[DarkOx]

Contests that are impossible are not much fun.

To say nothing about why your any hardware requirement is impossible this caught me:

sits an untrained user in front of the app, and it behaves exactly as expected.

The largest software and hardware vendors have been at that since commercial computing began. They all still have to offer end user support and or build a community around the product to support users.

You talked up specs; and then want to offer the product to untrained users. Specs are great for things where the end user is another program or a person who *is* trained and knows what they wanted in the first place; can understand the specs themselves for the most part and therefor hasn't got unrealistic expectations about what the program will and won't do.

'Specs' for end user applications though don't carry that sort of weight and won't save you from the LUSERS. Access is the perfect example. I actually rather like it. There are lots of occasions where you want to trap and manipulate smallish data sets to see something while working on a problem. Given Windows usually hasn't got tools like, cut, paste, diff, comm, join, (useful version of ) sort, uniq, grep, awk, and sed installed Access makes a marginally suitable replacement.

Nobody would suggest discarding your RDBMs and just keeping ALL your data in flat text files. Microsoft never claimed Access was designed to handle the data volume and complexity to be the ERP for your Medium sized business either. Yet lots of people try or at least tried. I haven't seen that as much in recent years. Still they were shocked, shocked, I tell you when they hit the walls.

Re:Here's an idea

"The side by side configuration is incorrect". Parse that.

The side by side (winsxs) configuration data is incorrect. Typically the primary version of a DLL has been reset to an older version installed by some third-party application, most commonly a Visual C++ runtime DLL. Fixed by manually resetting the primary version (default entry) to the highest version number from the list in the registry key. The information on which component will be recorded in the Software event log.
Not hard to parse at all. :)

Re:Here's an idea

[JaredOfEuropa]

The hard part is writing up specs that accurately reflect what is actually needed. Often, specs are ambiguous, incomplete or simply incorrect.

Re:Here's an idea

What does "side by side" mean? What is its configuration? Where is it? How do I know what's wrong with it? How can I fix it? Why is it broken? What broke it? Will that be broken if I fix this? Why doesn't the OS just prevent that from happening in the first place? It asks me twice if I am sure if I want to run an application I installed, but it just modifies system files willy-nilly? What is winsxs? Is it in Windows Home? Home Premium? Home Ultra Premium Advanced Beginner Edition for Home Use by Advanced Beginners? Software is a mess.

Re:Here's an idea

[Fnord666]

The hard part is writing up specs that accurately reflect what is actually needed. Often, specs are ambiguous, incomplete or simply incorrect.

Not to mention the fact that even if they are clear, complete, and correct today, the user will want something else tomorrow.

Re:Here's an idea

Ok, try programming anything that runs on binary, trinary, analog, quantum, and biological computers. It's virtually impossible.

Re:Here's an idea

"The side by side configuration is incorrect". Parse that.

Done. Translated it reads: "Ones and zeroes. You keep using those. I don't think they mean what you think they mean."

Re:Here's an idea

[LordLimecat]

Given Windows usually hasn't got tools like, cut, paste, diff, comm, join, (useful version of ) sort, uniq, grep, awk, and sed installed Access makes a marginally suitable replacement.

It does now. Give Powershell a whirl, you might be impressed (once you get over its insane, ridiculous, and excessive wordiness)

Re:Here's an idea

[GNious]

you mispelled "Yesterday" at the end of your post.

Re:Here's an idea

[Minwee]

Agreed.

How about a contest where the submitted code does exactly what the specs say, every time, on any hardware. The victor will be the one who writes a piece of code to spec, sits an untrained user in front of the app, and it behaves exactly as expected. Extra points if the user is successfully able to decipher any and all error messages and correct input without interference from anyone. Once you have a grip on that shit, then you can start doing cute/useless shit like this.

If you make something idiot proof then the world will build a better idiot. Once you understand that concept -- and I mean _really_ understand it, not just remember how to say it when the Omega-Derp sits down in front of your product, misreads the instructions and starts spooning ice cream into it, or when Out-tel's latest processor correctly implements the Halt And Catch Fire instruction and calls it "NOP" -- then you can start to understand the Tao of Design.

And once you understand that, it's probably time to take a long vacation because you'll really need it.

Re:Here's an idea

[Blue23]

One of the recurring issues I see with spec is differing assumptions. When someone knowledgeable about some operational part of your business talks about a program doing "X", there's a huge amount of context that goes with it, which may not be shared by the development team (and in rarer cases your QA team).

As a perhaps too-obvious example, in the US if you're dealing with shipping weights you may not consider that you need to specify a field for units and be able to do lb / kilo conversions. Just that you're going to get "a weight" and need to calculate something at a "rate per pound". If it's not specified that the weight could be in other units, that's possible for a developer to me, but someone who dealing with import all day it's equally obvious that weights could come in imperial or metric.

Are things like this someone's responsibility to detail and catch? Of course. Can you assume that they will all be caught? Only if you believe in 100% uptime for computers, too.

I haven't seen a "perfect, one-size fits all" answer to specs. I have seen a wide range from "complete and unchanging" http://en.wikipedia.org/wiki/Waterfall_model that ended up not fitting needs to very iterative that made it nigh impossible to determine costs (and therefore evaluate against ROI and make a business case to do anything). I can say that how I plan for things depends if we're trying to automate a known process which is more static, or new tools with new workflow that as they see what's it's capable of there will always be the next step of "oh, and f it can do THIS, could it do THAT as well"?

Re:Cheap Advertising

[CAIMLAS]

You must be new here.

This competition used to be on slashdot almost every year (dating back to 2005, apparently). I'd thought it went back further than that, but that's still 8 years.

Re:april fools?

Well then you shouldn't participate: solved!

No prize then?

Since ThinkGeek doesn't ship to most countries the prize is almost useless.
Why couldn't they just offer the money?

Re:No prize then?

[Xcott+Craver]

Hi, I was not aware of this. I will announce an alternate prize for people outside the US, if we can figure out what web site is friendly with gift certificates in other countries (Amazon?)

Re:No prize then?

Up with the times, the prize should be two bitcoins.

Re:No prize then?

As long as we've got your attention, I'd like to note that the 2005 entries can't be accessed.

Re:No prize then?

well, it is an underhanded competition.

Re:No prize then?

[Xcott+Craver]

Thanks. I fixed that, so at least one thing is online.

Re:No prize then?

The ThinkGeek website does ship to virtually every country. The AC is mis-informed.

Thanks Barry...

[killmofasta]

My C teacher used to show us snippets, and got us interested in the per-processor.
We learned more in analyzing errant code, then writing out own,
and we could turn crap code into cool programs.

He called one snippet 'Recalcitrant' and we ran upstairs in the library to look it up,
People thought we were mad when we were laughing at the dictionary.

Thanks Barry both for showing us C, and for introducing us to GNU.

Re:Thanks Barry...

My C teacher used to show us snippets, and got us interested in the per-processor.
We learned more in analyzing errant code, then writing out own,
and we could turn crap code into cool programs.

He called one snippet 'Recalcitrant' and we ran upstairs in the library to look it up,
People thought we were mad when we were laughing at the dictionary.

Thanks Barry both for showing us C, and for introducing us to GNU.

In Texas they speak of code that is bucking.

Already Over

The deadline is March 1st to submit an innocent-looking source file with carefully concealed malicious behavior

Re:Any BLACKS entering?

If I would guess based on their names, I'd say that a majority among previous years' winners and runner-ups have darker skin color, yes.

Does it bother you 'morons' that other people don't look exactly like you?

Winning strategy

[maxwell+demon]

The winning entry will be one which doesn't only do the evil task asked for, but at the same time, in a way that the contest runners won't notice it, also manipulates the contest database in order to put itself as the winner. ;-)

Re:Any BLACKS entering?

[Opportunist]

Not really. They pretty much pay for the social security of white trash mouth breathers.

Plus, they are the only ones who empty my trash can. When was the last time you actually saw domestic cleaning personnel? And bluntly, I have heaps of respect for the cleaning lady that comes in every day to clean my desk and make sure I don't drown in waste. She works way harder than me and gets paid way less.

I sure as hell wouldn't want to do her job!

And that's exactly what's wrong with this country (don't feel singled out, that's what's wrong with pretty much any country that prides itself with being the "first world"). Ya know, I tend to talk to her. Yeah, think about that. Talking with ... those people. She's working her ass off to get her kids through school, 'cause she wants them to have it better later, with some good education that could provide them with a better job.

And what do we do? I mean, our people who could take that job? Live on food stamps because cleaning up shit is beneath us. Let those foreign niggers do that while I sit on my couch, watch Oprah and grow fat. Why bother, social security will take care of me! I earned that!

I was born here!

Clearly we remove the comments before entering...

[TQL]

#include<stdio.h>
#include<process.h>

main()
{
    /* Distract Judges */
    printf("Is that a free beer stand behind you?");

    /* Launch our evil masterpiece */
    exec("", "", NULL); /* TODO: Find out the command to start Windows 8... */
}

buggy struct

[benob]

Here is the current structure proposed by the organizers for storing the social network.

struct user_struct {
        int user_ID;
        char * name;
        char * account_handle;
        int number_of_BFFs;
        user * BFF_list;
        int scratch;
};

The BFF_list field is supposed to contain the list of friends of a user. The proposed type, user*, suggests that it should be implemented as an array of user. This means that if a user is in your list of friends (stored by value in the array BFF_list), you cannot be in his list of friends unless you both have the same friends. It can only represent non-symetric friendship where each user is involved once in a BFF_list.

I would suggest using type user** for this field.

Re:buggy struct

user might very well be a linked list node struct. We only know about user_struct, not user.

Re:buggy struct

[Xcott+Craver]

This is a mistake, and I will fix it when the site is up again.

Re:buggy struct

[locofungus]

The type user is not defined anywhere.

You have assumed it is a typedef for struct user_struct.

However, it could be a typedef for int and contain a list of uuids

Or, more sanely, a typedef for struct user_struct* which effectively gives what you were suggesting.

Tim.

Re:buggy struct

[benob]

The typedef is on user_struct.

Reading only the article is so outdated...

Re:buggy struct

[benob]

Please don't, people will be so much more creative...

Re:buggy struct

It appears that someone already wrote something that caused the Slashdot Effect on xcott.com.

Re:buggy struct

Another thing I didn't get is what's that scratch attribute about.

Re:buggy struct

Can it be used for BFS traversal, as in http://codepad.org/BQJLkdCv ?

Re:Clearly we remove the comments before entering.

Did you know that today is the 20th anniversary of the first time I heard that Windows joke?

write code, goto jail

[BonThomme]

see several stories above about the guy who built secret compartments...

Here is a mirror

[Xcott+Craver]

I put the contest rules in a pdf, at http://bingweb.binghamton.edu/~scraver/underhanded/ until the main site is back up again.

Swordfish

[RedHackTea]

already did this. He was hacking in C while getting something underhanded... or it could have been overhanded; the camera didn't show under the table.

Re:So far.......

What the shit are you babbling about?

Re:Cheap Advertising

[1s44c]

Submitting a story to Slashdot is free you ignorant clod.

But getting it accepted is apparently $200.

Re:april fools?

No, you see, all slashdotters are forced to participate in anything found on slashdot. Biggest example is the polls. People who don't care about cars vote then complain on car related polls. Those that don't have a tablet are required to vote how they mostly use their tablet. Europeans vote in a US-centric poll question then whine about it (and pass an EU law requiring all polls provide a valid option for everyone under threat of 6 digit euro fine).

Re:Any BLACKS entering?

[1s44c]

"darker skin color" meaning INDIANS, by any chance?

It doesn't bother me that other people don't look "exactly like me", but it DOES bother me that I am FORCED to watch my country being turned into a third world hellhole. Did you miss the memo on that one?

I see that you didn't have a logical rebuttal to anything I said, and instead you repeated, parrot-fashion, what your Jewish 'masters' have been telling you to say all your life.

So in your world view the Jews are in league with the Blacks to destroy your country? I'm not sure where the Indians come into this.

Have you considered the possibility that you are a small minded bigot?

Re:Any BLACKS entering?

[1s44c]

You know you are not the indigenous people in your country don't you? The native American Indians are, you know the people the modern Americans forced from their land. You are likely descended from English or Irish immigrants.

Re:april fools?

[1s44c]

Win it and sell it.

Re:Any BLACKS entering?

My money is on his being Polish, but lying that he is German. Really, he is just sad that since coming out, he can't get a nice hard black cock.

Re:Any BLACKS entering?

Grandpa?

Re:Any BLACKS entering?

[tqk]

You arrogant idiots. Our white countries are being destroyed in front of our very eyes, and we still have pricks like you, with only two brain cells, telling us how 'wonderful' it all is, and how 'evil' any white person who speaks out against it is.

I imagine a few Native American braves said the same sort of thing to Tecumseh. Oh, and you're a fool. People are people are people ... Try walking a mile in their shoes before setting yourself up to look like an idiot.

My Guess

kernel mod code while(1) { asm( randomAddress = random value ) } // randomAddress (in lower memory)

Re:Any BLACKS entering?

I was about to mention that but you beat me to the punch. Funny how people forget their own inglorious history when it suits them.

Re:Any BLACKS entering?

Boozhoo zaagnaash miizhishinaam!

(Translation from Anishenabekwe : Greetings white man, give our land back!)

(sigh) yet another totally oblivious racist asshole.....

posting as AC because I can't be bothered to log in to bitch slap this asshole.
morethanapapercert

Nah this is great

[Sycraft-fu]

Because it can maybe help people understand that "But isn't open source!" isn't some magic statement that means a piece of software is secure, bug free, and non-evil. Review and testing is important, not just of the code (and for non-obvious things) but of the final compiled product too. That you have the code doesn't mean there isn't a problem, even if you glanced at it doesn't mean there's no problem.

NICE

[multipartmixed]

I'm going to write a malware installer that appears to simply be an installer for Windows XP......but it makes sure you are connected to the internet first.

Re:Any BLACKS entering?

So in your world view the Jews are in league with the Blacks to destroy your country?

I think you mean

"The Jew is using The Black as muscle against you. And you are left there helpless. Well, what are you going to do about it, Whitey? Just sit there? Of course not! You are going to join with us. The members of the American Socialist White Peoples' Party. An organization of decent, law abiding white folk. Just like you! "

Re:Any BLACKS entering?

You know you are not the indigenous people in your country don't you? The native American Indians are, you know the people the modern Americans forced from their land.

Actually, even 'native Americans' came here over the Bering land bridge about 20,000 years ago, so.... yeah.

Re:Any BLACKS entering?

[Bratmon]

I got to just read this reply out of context. I already don't like the entire thread that led to this comment.

Re:Clearly we remove the comments before entering.

That's ridiculous, I've been making that joke for about 25 years.

Re:Any BLACKS entering?

I always thought native Americans had a richer skin colour rather than a darker one. Anyway, I'm sure they're looking forward to seeing the back of you. I'm not sure where you're going to go though - who'd want to take back a small minded, selfish little bigot like you?