The Underhanded C Contest Is Back

Xcott Craver writes "After several years of inactivity, the Underhanded C contest has returned. The object is to write a short, readable, innocent-looking computer program that nevertheless performs some evil function for reasons that are not obvious under code review. The prize is a $200 gift certificate to ThinkGeek." The deadline is July 4th, so get to hacking.

actual challenge this year

[girlinatrainingbra]

The actual challenge this year [xcott.com] is to write an evil C file that can calculate the "Bacon degree" separation of two users in a database that keeps track of their friends, with 0 meaning no linkage at all, 1 meaning they're directly BFF, 2 meaning that they have a BFF in common. In other words, the path length on the graph of friends. Then, the "evil part" is to make it screw up when called with the parameters for your account:

You want to create your own ObsessBook account and gain unwarranted access to as many users as possible. To this end, your code should work normally almost all the time, but for some unseen reason it should return incorrectly low DERPCON values when called with your account as an argument. As the contractor, you have access to the ObsessBook database, so you can assign your data structure whatever fields you want in order to trigger the bug.

Re:actual challenge this year

[eksith]

I didn't think Facebook can be made even more dastardly (or at such a low level). Alas, I was wrong!

Re:

[pegdhcp]

This is an obviously needed utility for C programmer community, in order to gain some "friends" on ????book. What good would come from a "friend on ????book database" is another and completely unrelated question.

Re:

[theM_xl]

This is an obviously needed utility for C programmer community, in order to gain some "friends" on ????book.

You don't have many friends, do you. :-)

Re:

[pegdhcp]

I have a serious count of friends(!) both in facebook (even after I left it) and in linkedin. Maybe 10% or at most 30% of them knows me in person. Maybe 5% knows me as a real friend.

I do not have many real friends, who has them I do not know...

Re:

[telchine]

I'm thinking of submitting win.com

Re:

[mjr167]

Can I use my own compiler? Cause I'm pretty sure if I can deliver the compiler binary too then it's a pretty trivial contest :P

Re:

[Fnord666]

Thanks for posting this since the site seems to be slashdotted already and the west coast hasn't even had their coffee yet!

Here is a mirror

[Xcott Craver]

I put the contest rules in a pdf, at http://bingweb.binghamton.edu/~scraver/underhanded/ [binghamton.edu] until the main site is back up again.

Re:

[CAIMLAS]

You must be new here.

This competition used to be on slashdot almost every year (dating back to 2005 [wikipedia.org], apparently). I'd thought it went back further than that, but that's still 8 years.

Re:

[1s44c]

Submitting a story to Slashdot is free you ignorant clod.

But getting it accepted is apparently $200.

Re:

[1s44c]

"darker skin color" meaning INDIANS, by any chance?

It doesn't bother me that other people don't look "exactly like me", but it DOES bother me that I am FORCED to watch my country being turned into a third world hellhole. Did you miss the memo on that one?

I see that you didn't have a logical rebuttal to anything I said, and instead you repeated, parrot-fashion, what your Jewish 'masters' have been telling you to say all your life.

So in your world view the Jews are in league with the Blacks to destroy your country? I'm not sure where the Indians come into this.

Have you considered the possibility that you are a small minded bigot?

Re:

[Bratmon]

I got to just read this reply out of context. I already don't like the entire thread that led to this comment.

Re:

[Opportunist]

Not really. They pretty much pay for the social security of white trash mouth breathers.

Plus, they are the only ones who empty my trash can. When was the last time you actually saw domestic cleaning personnel? And bluntly, I have heaps of respect for the cleaning lady that comes in every day to clean my desk and make sure I don't drown in waste. She works way harder than me and gets paid way less.

I sure as hell wouldn't want to do her job!

And that's exactly what's wrong with this country (don't feel singled

Re:

[tqk]

You arrogant idiots. Our white countries are being destroyed in front of our very eyes, and we still have pricks like you, with only two brain cells, telling us how 'wonderful' it all is, and how 'evil' any white person who speaks out against it is.

I imagine a few Native American braves said the same sort of thing to Tecumseh. Oh, and you're a fool. People are people are people ... Try walking a mile in their shoes before setting yourself up to look like an idiot.

Re:

[1s44c]

You know you are not the indigenous people in your country don't you? The native American Indians are, you know the people the modern Americans forced from their land. You are likely descended from English or Irish immigrants.

How hard can it really be?

[eksith]

When they missed putting 'http://' in front of their link to thinkgeek.com [thinkgeek.com] ;)

Re:

[Anonymous Coward]

Well then you shouldn't participate: solved!

Re:

[1s44c]

Win it and sell it.

Here's an idea

[Anonymous Coward]

Software is already underhanded and obscure enough as it is. I mean using it. How about a "clear and fucking obvious" contest? How about error messages that mean something? "The side by side configuration is incorrect". Parse that.

Re:

[Cenan]

Agreed.

How about a contest where the submitted code does exactly what the specs say, every time, on any hardware. The victor will be the one who writes a piece of code to spec, sits an untrained user in front of the app, and it behaves exactly as expected. Extra points if the user is successfully able to decipher any and all error messages and correct input without interference from anyone. Once you have a grip on that shit, then you can start doing cute/useless shit like this.

Re:Here's an idea

[50000BTU_barbecue]

Well sure, there's that. But the other way gets you a 200$ Think Geek gift certificate.

Re:Here's an idea

[DarkOx]

Contests that are impossible are not much fun.

To say nothing about why your any hardware requirement is impossible this caught me:

sits an untrained user in front of the app, and it behaves exactly as expected.

The largest software and hardware vendors have been at that since commercial computing began. They all still have to offer end user support and or build a community around the product to support users.

You talked up specs; and then want to offer the product to untrained users. Specs are great for things where the end user is another program or a person who *is* trained and knows what they wanted in the first place; can understand the specs themselves for the most part and therefor hasn't got unrealistic expectations about what the program will and won't do.

'Specs' for end user applications though don't carry that sort of weight and won't save you from the LUSERS. Access is the perfect example. I actually rather like it. There are lots of occasions where you want to trap and manipulate smallish data sets to see something while working on a problem. Given Windows usually hasn't got tools like, cut, paste, diff, comm, join, (useful version of ) sort, uniq, grep, awk, and sed installed Access makes a marginally suitable replacement.

Nobody would suggest discarding your RDBMs and just keeping ALL your data in flat text files. Microsoft never claimed Access was designed to handle the data volume and complexity to be the ERP for your Medium sized business either. Yet lots of people try or at least tried. I haven't seen that as much in recent years. Still they were shocked, shocked, I tell you when they hit the walls.

Re:

[LordLimecat]

Given Windows usually hasn't got tools like, cut, paste, diff, comm, join, (useful version of ) sort, uniq, grep, awk, and sed installed Access makes a marginally suitable replacement.

It does now. Give Powershell a whirl, you might be impressed (once you get over its insane, ridiculous, and excessive wordiness)

Re:

[JaredOfEuropa]

The hard part is writing up specs that accurately reflect what is actually needed. Often, specs are ambiguous, incomplete or simply incorrect.

Re:Here's an idea

[Fnord666]

The hard part is writing up specs that accurately reflect what is actually needed. Often, specs are ambiguous, incomplete or simply incorrect.

Not to mention the fact that even if they are clear, complete, and correct today, the user will want something else tomorrow.

Re:

[GNious]

you mispelled "Yesterday" at the end of your post.

Re:

[Blue23]

One of the recurring issues I see with spec is differing assumptions. When someone knowledgeable about some operational part of your business talks about a program doing "X", there's a huge amount of context that goes with it, which may not be shared by the development team (and in rarer cases your QA team).

As a perhaps too-obvious example, in the US if you're dealing with shipping weights you may not consider that you need to specify a field for units and be able to do lb / kilo conversions. Just that yo

Re:

[Minwee]

Agreed.

How about a contest where the submitted code does exactly what the specs say, every time, on any hardware. The victor will be the one who writes a piece of code to spec, sits an untrained user in front of the app, and it behaves exactly as expected. Extra points if the user is successfully able to decipher any and all error messages and correct input without interference from anyone. Once you have a grip on that shit, then you can start doing cute/useless shit like this.

If you make something idiot proof then the world will build a better idiot. Once you understand that concept -- and I mean _really_ understand it, not just remember how to say it when the Omega-Derp sits down in front of your product, misreads the instructions and starts spooning ice cream into it, or when Out-tel's latest processor correctly implements the Halt And Catch Fire instruction and calls it "NOP" -- then you can start to understand the Tao of Design.

And once you understand that, it's probably t

Nah this is great

[Sycraft-fu]

Because it can maybe help people understand that "But isn't open source!" isn't some magic statement that means a piece of software is secure, bug free, and non-evil. Review and testing is important, not just of the code (and for non-obvious things) but of the final compiled product too. That you have the code doesn't mean there isn't a problem, even if you glanced at it doesn't mean there's no problem.

No prize then?

[Anonymous Coward]

Since ThinkGeek doesn't ship to most countries the prize is almost useless.
Why couldn't they just offer the money?

Re:No prize then?

[Xcott Craver]

Hi, I was not aware of this. I will announce an alternate prize for people outside the US, if we can figure out what web site is friendly with gift certificates in other countries (Amazon?)

Re:

[Xcott Craver]

Thanks. I fixed that, so at least one thing is online.

Re:

[Anonymous Coward]

The ThinkGeek website does ship to virtually every country. The AC is mis-informed.

Re:

[Anonymous Coward]

well, it is an underhanded competition.

Thanks Barry...

[killmofasta]

My C teacher used to show us snippets, and got us interested in the per-processor.
We learned more in analyzing errant code, then writing out own,
and we could turn crap code into cool programs.

He called one snippet 'Recalcitrant' and we ran upstairs in the library to look it up,
People thought we were mad when we were laughing at the dictionary.

Thanks Barry both for showing us C, and for introducing us to GNU.

Winning strategy

[maxwell demon]

The winning entry will be one which doesn't only do the evil task asked for, but at the same time, in a way that the contest runners won't notice it, also manipulates the contest database in order to put itself as the winner. ;-)

Clearly we remove the comments before entering...

[TQL]

#include<stdio.h>
#include<process.h>

main()
{
    /* Distract Judges */
    printf("Is that a free beer stand behind you?");

    /* Launch our evil masterpiece */
    exec("", "", NULL); /* TODO: Find out the command to start Windows 8... */
}

Re:

[Anonymous Coward]

Did you know that today is the 20th anniversary of the first time I heard that Windows joke?

buggy struct

[benob]

Here is the current structure proposed by the organizers for storing the social network.

struct user_struct {
        int user_ID;
        char * name;
        char * account_handle;
        int number_of_BFFs;
        user * BFF_list;
        int scratch;
};

The BFF_list field is supposed to contain the list of friends of a user. The proposed type, user*, suggests that it should be implemented as an array of user. This means that if a user is in your list of friends (stored by value in the array BFF_list), you cannot be in his list of friends unless you both have the same friends. It can only represent non-symetric friendship where each user is involved once in a BFF_list.

I would suggest using type user** for this field.

Re:buggy struct

[Xcott Craver]

This is a mistake, and I will fix it when the site is up again.

Re:

[benob]

Please don't, people will be so much more creative...

Re:

[locofungus]

The type user is not defined anywhere.

You have assumed it is a typedef for struct user_struct.

However, it could be a typedef for int and contain a list of uuids

Or, more sanely, a typedef for struct user_struct* which effectively gives what you were suggesting.

Tim.

Re:

[benob]

The typedef is on user_struct.

Reading only the article is so outdated...

write code, goto jail

[BonThomme]

see several stories above about the guy who built secret compartments...

Swordfish

[RedHackTea]

already did this. He was hacking in C while getting something underhanded... or it could have been overhanded; the camera didn't show under the table.

NICE

[multipartmixed]

I'm going to write a malware installer that appears to simply be an installer for Windows XP......but it makes sure you are connected to the internet first.