slashdot

The Underhanded C Contest - Results

Being too busy sucks. I didn't even have the time to blog about the Underhanded C Contest, whose results have now been announced.

Quick reminder: the goal of the contest is to

write innocent-looking C code implementing malicious behavior. In many ways this is the exact opposite of the Obfuscated C Code Contest: in this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.

I blogged about the contest earlier, but only later decided to take part in the contest myself (together with Daniel Reutter). After some initial brainstorming we hacked together our solution in roughly one day.

Although we didn't win (damn, no beer for us ;-), we managed to submit one of the simplest solutions (ca. 34 lines of code), i.e., it's very hard to embed any malicious but innocent-looking code in there... Our solution exploits an array bounds overrun, with an extra equals sign ("<=" instead of "<").

I have yet to look at the two winning entries by M. Joonas Pihlaja and Paul V-Khuong (team submission), as well as Natori Shin. Congratulations guys! Also, I noticed the Slashdot story about the contest results, but didn't get around to read that article, either. Sigh...

Fun With IRC

While reading parts of "What's the Best Geek Joke You Know?" on Slashdot, I stumbled upon this snippet from an IRC log from bash.org:

t0rbad> so there i was in this hallway right
BlackAdder> i believe i speak for all of us when i say...
BlackAdder> WRONG BTICH
BlackAdder> IM SICK OF YOU
BlackAdder> AND YOUR LAME STORIES
BlackAdder> NOBODY HERE THINKS YOURE FUNNY
BlackAdder> NOBODY HERE WANTS TO HEAR YOUR STORIES
BlackAdder> IN FACT
BlackAdder> IF YOU DIED RIGHT NOW
BlackAdder> I DON"T THINK NOBODY WOULD CARE
BlackAdder> SO WHAT DO YOU SAY TO THAT FAG
*** t0rbad sets mode: +b BlackAdder*!*@*.*
*** BlackAdder has been kicked my t0rbad ( )
t0rbad> so there i was in this hallway right
CRCError> right
heartless> Right.
r3v> right

OpenSolaris [Update]

A lot of hype is going on lately about OpenSolaris. Here's a short summary (mixed with some stupid comments from me) for those who missed the news until now.

  • Although the license (the CDDL) has been OSI-approved, it's not exactly a license I'd consider free. It's especially not GPL-compatible, it seems.
  • The usual grep "idiot" * in the source code and similar searches (which do reveal some hits, although the code was cleaned before the release), are being discussed on Slashdot and elsewhere. My personal favourite is this comment in the code:
    Thank God nobody's looking at this comment, or my reputation would be ruined.
    Bad luck for this guy.
    Lessons learned: Always write your code and comments as if the whole world could read them, because one day that might be the case.
  • Jörg Schilling is preparing SchilliX, an OpenSolaris distribution and LiveCD.
  • A small analysis of the code, performed by me using David Wheeler's sloccount:
    The whole source contains ca. 4.1 million lines of code (MLOC), spread across ca. 24.000 files. (OpenSolaris ships with a complete Perl distribution in the tarball. I removed that before the analysis).
    Compare this to Linux: ca. 4.2 MLOC (Linux 2.6.11.10) in 18.000 files.
  • Rumours about a Debian GNU/OpenSolaris seem to float around. The license might be a problem, I guess. We'll see...

Update: The above quote is from the GRUB source code (included in OpenSolaris), not from the original OpenSolaris code. Thanks for the corrections. Also, Linux has 4.2 MLOC, not 4.2 LOC (yay, I spotted that one myself ;-).

Syndicate content