The Daily WTF: Curious Perversions in Information Technology
Welcome to TDWTF Forums Sign in | Join | Help
in Search

The Obfuscation Table*

Last post 08-05-2010 7:16 PM by MarkJ. 12 replies.
Page 1 of 1 (13 items)
Sort Posts: Previous Next
  • 08-04-2010 10:31 AM

    • Renan
    • Top 75 Contributor
    • Joined on 08-10-2007
    • Fortaleza, Brazil
    • Posts 731

    The Obfuscation Table*

    *not actually wooden

    This is from my first job. I have to mention now that I discovered TDWTF, back when it was called Worse Than Failure, by about the same time I got that job. It's just that whenever I googled for whatever my boss and colleagues were trying to teach me, Worse Than Failure was invariably amongst the first results returned.

    One of the tasks assigned to me was fixing a bug that kept users who logged in the company's system from sending messages to each other. I tracked the bug down to a piece of code that looked like this:

    if (! ProprietaryUserClass.IsLoggedInOurSystem)
    {
        //code that rendered the message user controls in a page here.

        //wall of code to do a lot of other unrelated stuff.
    }

    Notice the exclamation mark. In my innocence and naivete, I thought that was the problem - whomever wrote that made it so that properly logged users wouldn't see whatever components they needed to use the system. So I dropped the '!' mark.

    That didn't solve the problem, and instead made things worse. The page where the user could read and send messages got terribly broke and wherever there was any kind of control, a login control was being rendered instead.

    I took a look at IsLoggedInOurSystem and found out that when a user successfullly logged in, it would be set to false. And I couldn't change anything in the authentication process since it was off limits to interns, so I asked my boss if he could do something about it.

    "No, you see, that's actually right. That variable should be set to false, for security reasons", he said. Before my brain could finish tying itself into a knot, he continued with "so if a hacker ever steals our source code, and tries to run it, he won't understand what's going on". I tried reasoning about the amount of time hackers would be fiddling with our code versus the man-hours of all the people working for that company, and how that confusion would only get into the way of people like me solving bugs and whatever. Boss said "oh, yeah, I forgot to tell you about our obfuscation table. You know obfuscation, don't you?"

    I did, but not like that.

    There was this table, in an Excel (shared by everybody in a network) file with two columns: "When you write code that says..." and "...it actually means:". It was close to two hundred rows of WTF'ery when I first saw it. "You should come up with some clever code translations too, and write them here and tell everybody else. That helps protecting our intellectual property."

    As a last effort to bring some sanity into the conversation, I asked what were the odds of someone wanting to... copy... our fucked codebase. Were they afraid of an ex-employee taking a copy home and selling it to competitors? To which my boss made a pause to think, and then he said: "that, too, but I'm more concerned about IIS and its security breaches".

    I still can't find a way to justify why it took me over four months to quit that job.

    snoofle

    That hideousness is what keeps you and I [sic] employed!
  • 08-04-2010 10:55 AM In reply to

    • TGV
    • Top 75 Contributor
    • Joined on 10-09-2005
    • Posts 703

    Re: The Obfuscation Table*

    That *is* painful: WTF by design. Did that department have a coding standard too? I'd love to see it. "After an if statement, indent only the first statement of the then clause; remaining statements should be moved back one level. This will confuse hackers."
  • 08-04-2010 3:17 PM In reply to

    Re: The Obfuscation Table*

    Wow, great post. Do you still have a copy of the Excel sheet?
      <-  I couldn't make my shit work, so here's a Godzilla head.
  • 08-04-2010 10:46 PM In reply to

    Re: The Obfuscation Table*

    So your first job was as an intern for SpectateSwamp? Wow, that must have been bizarre.
  • 08-04-2010 11:41 PM In reply to

    • aesis
    • Not Ranked
    • Joined on 03-26-2009
    • Posts 38

    Re: The Obfuscation Table*

    Scarlet Manuka:
    So your first job was as an intern for SpectateSwamp? Wow, that must have been bizarre.
     

     

    All the high quality amateur rock video you could want, though.  Big Wampum Rock video, in fact.

  • 08-05-2010 8:46 AM In reply to

    • Renan
    • Top 75 Contributor
    • Joined on 08-10-2007
    • Fortaleza, Brazil
    • Posts 731

    Re: The Obfuscation Table*

    TGV:
    That *is* painful: WTF by design. Did that department have a coding standard too? I'd love to see it. "After an if statement, indent only the first statement of the then clause; remaining statements should be moved back one level. This will confuse hackers."

    The only standard we had was "the boss is always right". Even identation was, despite encouraged by most developers, strictly optional.

    blakeyrat:
    Wow, great post. Do you still have a copy of the Excel sheet?

    No, but I remember some other gems from it. We had our own methods for string operations (I say methods, and not classes, because there was only one class in the system). A method called ToLower would set the string to all uppercases, and the ToUpper method set the string to lowercases. There was also a method called PlusPlus which would receive an integer by reference and decrease it by one. Guess what MinusMinus did.

    I think anyone testing that system would at first think we were all retarded to no end. It wouldn't take more than two minutes for such a tester to notice we were actually coding in Bizarro.NET.

    snoofle

    That hideousness is what keeps you and I [sic] employed!
  • 08-05-2010 9:17 AM In reply to

    Re: The Obfuscation Table*

    Renan "C#" Sousa:
    Guess what MinusMinus did.

    Old and busted: C++,
    new hotness: MinusMinus(ref C);

  • 08-05-2010 11:24 AM In reply to

    Re: The Obfuscation Table*

    This actually sounds like a case where using Reflector on the application would actually result in more legible code than the original.

  • 08-05-2010 2:02 PM In reply to

    • rudraigh
    • Top 500 Contributor
    • Joined on 02-07-2008
    • Ess Eff Bayeria
    • Posts 112

    Re: The Obfuscation Table*

    That had me laughing so hard co-workers all around me came to my cubicle to see what was going on.

  • 08-05-2010 2:22 PM In reply to

    • Xyro
    • Top 25 Contributor
    • Joined on 06-10-2007
    • Location location = new EnterpriseLocatorFactory() .newLocator(Locale.US) .getLocationFacade(this, true) .getLocation();
    • Posts 1,715

    Re: The Obfuscation Table*

    You were laughing?   It made me very sad.  :(

    Did the obfu table spill into the culture of the workplace?  "I'm heading out to lunch now" really means "Do we have a meeting in a few minutes?", and "I'm leaving for the day" translates to "Have you seen what the new secretary is wearing?".   You know, in case of industrial espionage.

    #!/usr/bin/perl

    ($_,@x,@y,$r,$o)=( "Xyro's signature!", 0xe4e10e9d0a4803ea, 0x92b0b7684cda510e,
    0x9d2a504b06a54c04, 0xb04804bca984dc0c, 0xea4889b4dadb1108, 0x90534665a4c79811)
    ;%_=map{$_,1}split//;%_=map{$o++,$_}sort keys%_;@x=map{sprintf'%x',$_}@x;for(@x
    ){$r.=$_{hex$_}for(split//)}$r=~s$Xa$xa$;$_=$r;s;(^|! )(\w+);$1\u\L$2;g;print#!
  • 08-05-2010 2:42 PM In reply to

    • Renan
    • Top 75 Contributor
    • Joined on 08-10-2007
    • Fortaleza, Brazil
    • Posts 731

    Re: The Obfuscation Table*

    Xyro:

    You were laughing?   It made me very sad.  :(

    Did the obfu table spill into the culture of the workplace?  "I'm heading out to lunch now" really means "Do we have a meeting in a few minutes?", and "I'm leaving for the day" translates to "Have you seen what the new secretary is wearing?".   You know, in case of industrial espionage.

    Let's say someone called Joe quit (or got fired), we'd say that "Joe went up the roof".

    Also, if you do something that causes some kind of financial loss to the company, you are "going to need a bottle of KY".

    snoofle

    That hideousness is what keeps you and I [sic] employed!
  • 08-05-2010 6:46 PM In reply to

    • SQLDave
    • Top 500 Contributor
    • Joined on 08-08-2008
    • St. Louis-ish
    • Posts 175

    Re: The Obfuscation Table*

    Renan "C#" Sousa:
    TGV:
    That *is* painful: WTF by design. Did that department have a coding standard too? I'd love to see it. "After an if statement, indent only the first statement of the then clause; remaining statements should be moved back one level. This will confuse hackers."

    The only standard we had was "the boss is always right". Even identation was, despite encouraged by most developers, strictly optional.

    blakeyrat:
    Wow, great post. Do you still have a copy of the Excel sheet?

    No, but I remember some other gems from it. We had our own methods for string operations (I say methods, and not classes, because there was only one class in the system). A method called ToLower would set the string to all uppercases, and the ToUpper method set the string to lowercases. There was also a method called PlusPlus which would receive an integer by reference and decrease it by one. Guess what MinusMinus did.

    I think anyone testing that system would at first think we were all retarded to no end. It wouldn't take more than two minutes for such a tester to notice we were actually coding in Bizarro.NET.

     

    You all are/were retarded to no end. (Well, not you since you recognized the WTF level and bailed.)

  • 08-05-2010 7:16 PM In reply to

    • MarkJ
    • Not Ranked
    • Joined on 07-29-2010
    • Maryland, US
    • Posts 22

    Re: The Obfuscation Table*

    This is the first time I've seen a company deliberately commit corporate espionage upon itself!

    Mark J.
Page 1 of 1 (13 items)
Powered by Community Server (Non-Commercial Edition), by Telligent Systems