The Obfuscation Table*



  • *not actually wooden

    This is from my first job. I have to mention now that I discovered TDWTF, back when it was called Worse Than Failure, by about the same time I got that job. It's just that whenever I googled for whatever my boss and colleagues were trying to teach me, Worse Than Failure was invariably amongst the first results returned.

    One of the tasks assigned to me was fixing a bug that kept users who logged in the company's system from sending messages to each other. I tracked the bug down to a piece of code that looked like this:

    if (! ProprietaryUserClass.IsLoggedInOurSystem)
    {
        //code that rendered the message user controls in a page here.

        //wall of code to do a lot of other unrelated stuff.
    }

    Notice the exclamation mark. In my innocence and naivete, I thought that was the problem - whomever wrote that made it so that properly logged users wouldn't see whatever components they needed to use the system. So I dropped the '!' mark.

    That didn't solve the problem, and instead made things worse. The page where the user could read and send messages got terribly broke and wherever there was any kind of control, a login control was being rendered instead.

    I took a look at IsLoggedInOurSystem and found out that when a user successfullly logged in, it would be set to false. And I couldn't change anything in the authentication process since it was off limits to interns, so I asked my boss if he could do something about it.

    "No, you see, that's actually right. That variable should be set to false, for security reasons", he said. Before my brain could finish tying itself into a knot, he continued with "so if a hacker ever steals our source code, and tries to run it, he won't understand what's going on". I tried reasoning about the amount of time hackers would be fiddling with our code versus the man-hours of all the people working for that company, and how that confusion would only get into the way of people like me solving bugs and whatever. Boss said "oh, yeah, I forgot to tell you about our obfuscation table. You know obfuscation, don't you?"

    I did, but not like that.

    There was this table, in an Excel (shared by everybody in a network) file with two columns: "When you write code that says..." and "...it actually means:". It was close to two hundred rows of WTF'ery when I first saw it. "You should come up with some clever code translations too, and write them here and tell everybody else. That helps protecting our intellectual property."

    As a last effort to bring some sanity into the conversation, I asked what were the odds of someone wanting to... copy... our fucked codebase. Were they afraid of an ex-employee taking a copy home and selling it to competitors? To which my boss made a pause to think, and then he said: "that, too, but I'm more concerned about IIS and its security breaches".

    I still can't find a way to justify why it took me over four months to quit that job.



  • That is painful: WTF by design. Did that department have a coding standard too? I'd love to see it. "After an if statement, indent only the first statement of the then clause; remaining statements should be moved back one level. This will confuse hackers."



  • Wow, great post. Do you still have a copy of the Excel sheet?



  • So your first job was as an intern for SpectateSwamp? Wow, that must have been bizarre.



  • @Scarlet Manuka said:

    So your first job was as an intern for SpectateSwamp? Wow, that must have been bizarre.
     

     

    All the high quality amateur rock video you could want, though.  Big Wampum Rock video, in fact.



  • @TGV said:

    That is painful: WTF by design. Did that department have a coding standard too? I'd love to see it. "After an if statement, indent only the first statement of the then clause; remaining statements should be moved back one level. This will confuse hackers."

    The only standard we had was "the boss is always right". Even identation was, despite encouraged by most developers, strictly optional.

    @blakeyrat said:

    Wow, great post. Do you still have a copy of the Excel sheet?

    No, but I remember some other gems from it. We had our own methods for string operations (I say methods, and not classes, because there was only one class in the system). A method called ToLower would set the string to all uppercases, and the ToUpper method set the string to lowercases. There was also a method called PlusPlus which would receive an integer by reference and decrease it by one. Guess what MinusMinus did.

    I think anyone testing that system would at first think we were all retarded to no end. It wouldn't take more than two minutes for such a tester to notice we were actually coding in Bizarro.NET.



  • [quote user="Renan "C#" Sousa"]Guess what MinusMinus did.[/quote]

    Old and busted: C++,
    new hotness: MinusMinus(ref C);



  • This actually sounds like a case where using Reflector on the application would actually result in more legible code than the original.



  • That had me laughing so hard co-workers all around me came to my cubicle to see what was going on.



  • You were laughing?   It made me very sad.  :(

    Did the obfu table spill into the culture of the workplace?  "I'm heading out to lunch now" really means "Do we have a meeting in a few minutes?", and "I'm leaving for the day" translates to "Have you seen what the new secretary is wearing?".   You know, in case of industrial espionage.



  • @Xyro said:

    You were laughing?   It made me very sad.  :(

    Did the obfu table spill into the culture of the workplace?  "I'm heading out to lunch now" really means "Do we have a meeting in a few minutes?", and "I'm leaving for the day" translates to "Have you seen what the new secretary is wearing?".   You know, in case of industrial espionage.

    Let's say someone called Joe quit (or got fired), we'd say that "Joe went up the roof".

    Also, if you do something that causes some kind of financial loss to the company, you are "going to need a bottle of KY".



  • [quote user="Renan "C#" Sousa"]@TGV said:

    That is painful: WTF by design. Did that department have a coding standard too? I'd love to see it. "After an if statement, indent only the first statement of the then clause; remaining statements should be moved back one level. This will confuse hackers."

    The only standard we had was "the boss is always right". Even identation was, despite encouraged by most developers, strictly optional.

    @blakeyrat said:

    Wow, great post. Do you still have a copy of the Excel sheet?

    No, but I remember some other gems from it. We had our own methods for string operations (I say methods, and not classes, because there was only one class in the system). A method called ToLower would set the string to all uppercases, and the ToUpper method set the string to lowercases. There was also a method called PlusPlus which would receive an integer by reference and decrease it by one. Guess what MinusMinus did.

    I think anyone testing that system would at first think we were all retarded to no end. It wouldn't take more than two minutes for such a tester to notice we were actually coding in Bizarro.NET.

    [/quote] 

    You all are/were retarded to no end. (Well, not you since you recognized the WTF level and bailed.)



  • This is the first time I've seen a company deliberately commit corporate espionage upon itself!


Log in to reply